OTL logfile created on: 24/02/2016 22:28:10 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jacqueline\Downloads 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.18205) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 3,44 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 57,30% Memory free 6,94 Gb Paging File | 5,10 Gb Available in Paging File | 73,47% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1845,49 Gb Total Space | 1726,88 Gb Free Space | 93,57% Space Free | Partition Type: NTFS Drive D: | 16,05 Gb Total Space | 2,01 Gb Free Space | 12,54% Space Free | Partition Type: NTFS Computer Name: PLOT | User Name: jacqueline | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (All) ==========[/color] PRC - [2016/02/24 11:58:48 | 000,309,704 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe PRC - [2016/02/24 11:52:01 | 000,237,096 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2016/02/23 08:26:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jacqueline\Downloads\OTL.exe PRC - [2015/11/11 22:14:04 | 000,815,280 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe PRC - [2015/10/06 20:45:54 | 000,597,040 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe PRC - [2015/04/28 15:39:48 | 001,102,472 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe PRC - [2014/12/19 16:03:56 | 001,852,928 | ---- | M] (CNAMTS - GIE SESAM-Vitale) -- C:\Program Files (x86)\santesocial\srvsvcnam\SRVSVCNAM.exe PRC - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2014/11/08 11:38:23 | 000,021,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe PRC - [2014/03/21 07:14:56 | 000,051,712 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWOW64\tbaseprovisioning.exe PRC - [2013/04/02 04:27:32 | 000,079,872 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\9.2\bin\pg_ctl.exe PRC - [2013/04/02 04:27:00 | 004,525,568 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\9.2\bin\postgres.exe PRC - [2012/03/16 21:39:58 | 000,476,728 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2016/02/24 11:59:03 | 000,936,776 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.12.11510.1228\swg.dll MOD - [2016/02/24 11:58:48 | 003,046,856 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_32_8A0038D085DC3886.dll MOD - [2016/02/24 11:58:48 | 001,020,360 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7DD5AD3C25C05E37.dll MOD - [2016/02/24 11:58:48 | 000,309,704 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe MOD - [2016/02/24 11:58:47 | 000,194,504 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll MOD - [2016/02/24 11:53:57 | 003,049,744 | ---- | M] (AVAST Software) -- C:\PROGRA~1\AVASTS~1\Avast\Aavm4h.dll MOD - [2016/02/24 11:53:52 | 001,582,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswWrcIEBroker32.dll MOD - [2016/02/24 11:52:57 | 000,875,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\WinSxS\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c\msvcr110.dll MOD - [2016/02/24 11:52:57 | 000,535,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\WinSxS\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c\msvcp110.dll MOD - [2016/02/24 11:52:34 | 000,179,936 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswJsFlt.dll MOD - [2016/02/24 11:52:09 | 000,113,496 | ---- | M] () -- C:\PROGRA~1\AVASTS~1\Avast\log.dll MOD - [2016/02/24 11:52:07 | 001,080,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\AVAST Software\Avast\dbghelp.dll MOD - [2016/02/24 11:52:06 | 000,088,504 | ---- | M] (AVAST Software) -- C:\PROGRA~1\AVASTS~1\Avast\avastIP.dll MOD - [2016/02/24 11:52:05 | 000,073,984 | ---- | M] (AVAST Software) -- C:\PROGRA~1\AVASTS~1\Avast\aswEngLdr.dll MOD - [2016/02/24 11:52:04 | 000,958,704 | ---- | M] (AVAST Software) -- C:\PROGRA~1\AVASTS~1\Avast\aswAux.dll MOD - [2016/02/24 11:52:04 | 000,403,848 | ---- | M] (AVAST Software) -- C:\PROGRA~1\AVASTS~1\Avast\aswCmnIS.dll MOD - [2016/02/24 11:52:04 | 000,374,240 | ---- | M] (AVAST Software) -- C:\PROGRA~1\AVASTS~1\Avast\aswCmnBS.dll MOD - [2016/02/24 11:52:04 | 000,140,480 | ---- | M] (AVAST Software) -- C:\PROGRA~1\AVASTS~1\Avast\aswCmnOS.dll MOD - [2016/02/24 11:52:03 | 000,436,640 | ---- | M] (AVAST Software) -- C:\PROGRA~1\AVASTS~1\Avast\ashTask.dll MOD - [2016/02/24 11:52:02 | 001,052,752 | ---- | M] (AVAST Software) -- C:\PROGRA~1\AVASTS~1\Avast\ashBase.dll MOD - [2016/02/24 11:52:02 | 000,133,768 | ---- | M] () -- C:\PROGRA~1\AVASTS~1\Avast\JsonRpcServer.dll MOD - [2016/02/24 11:52:01 | 000,619,448 | ---- | M] (AVAST Software) -- C:\PROGRA~1\AVASTS~1\Avast\commchannel.dll MOD - [2016/02/24 11:52:00 | 000,329,608 | ---- | M] (AVAST Software) -- C:\PROGRA~1\AVASTS~1\Avast\AavmRpch.dll MOD - [2016/02/24 11:51:57 | 000,678,656 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll MOD - [2016/02/23 08:26:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jacqueline\Downloads\OTL.exe MOD - [2016/02/06 11:01:21 | 020,366,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mshtml.dll MOD - [2016/02/06 10:43:17 | 002,280,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iertutil.dll MOD - [2016/02/06 10:16:20 | 012,857,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieframe.dll MOD - [2016/02/06 09:54:19 | 001,312,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\urlmon.dll MOD - [2016/02/02 03:37:41 | 019,963,896 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\Flash.ocx MOD - [2016/01/22 08:11:11 | 019,794,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shell32.dll MOD - [2016/01/22 06:35:15 | 004,611,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\jscript9.dll MOD - [2016/01/22 06:07:28 | 002,120,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wininet.dll MOD - [2016/01/22 06:02:12 | 000,710,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieapfltr.dll MOD - [2016/01/19 19:23:58 | 001,564,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\combase.dll MOD - [2016/01/19 19:23:33 | 001,501,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdll.dll MOD - [2016/01/19 18:30:39 | 000,862,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\KernelBase.dll MOD - [2015/12/08 20:07:49 | 000,507,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\advapi32.dll MOD - [2015/12/07 13:55:38 | 000,773,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Java\jre1.8.0_66\bin\msvcr100.dll MOD - [2015/12/07 13:55:38 | 000,460,384 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll MOD - [2015/12/07 13:55:38 | 000,172,640 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll MOD - [2015/12/07 13:55:37 | 000,446,560 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Java\jre1.8.0_66\bin\deploy.dll MOD - [2015/12/04 16:00:36 | 001,097,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gdi32.dll MOD - [2015/12/03 19:52:09 | 000,340,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\bcryptprimitives.dll MOD - [2015/12/03 19:52:09 | 000,120,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ncrypt.dll MOD - [2015/12/03 19:52:09 | 000,091,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ncryptsslp.dll MOD - [2015/12/03 17:45:16 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schannel.dll MOD - [2015/11/11 22:14:04 | 000,815,280 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe MOD - [2015/11/10 01:04:14 | 000,476,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieui.dll MOD - [2015/11/10 00:25:40 | 001,048,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\actxprxy.dll MOD - [2015/11/10 00:16:05 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\IEShims.dll MOD - [2015/11/08 21:52:10 | 001,559,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\DWrite.dll MOD - [2015/11/08 21:48:20 | 001,376,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\user32.dll MOD - [2015/11/08 21:42:50 | 001,490,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9600.18123_none_dad9a2585bcb0fd8\GdiPlus.dll MOD - [2015/10/06 20:45:54 | 000,597,040 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe MOD - [2015/10/03 20:41:47 | 001,124,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msctf.dll MOD - [2015/09/10 16:23:05 | 000,285,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieproxy.dll MOD - [2015/09/03 03:17:54 | 001,903,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msxml6.dll MOD - [2015/09/02 18:09:35 | 001,556,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msxml3.dll MOD - [2015/08/12 15:03:38 | 000,122,128 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mdnsNSP.dll MOD - [2015/08/10 17:56:30 | 000,272,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\FWPUCLNT.DLL MOD - [2015/08/06 18:20:31 | 002,105,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee\comctl32.dll MOD - [2015/08/06 17:18:28 | 004,068,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d2d1.dll MOD - [2015/07/01 22:35:39 | 000,087,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\davclnt.dll MOD - [2015/06/27 17:42:34 | 000,747,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rpcrt4.dll MOD - [2015/06/16 06:36:44 | 001,212,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ole32.dll MOD - [2015/06/15 22:09:15 | 003,607,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll MOD - [2015/04/25 03:33:20 | 000,549,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_7c5b6194aa0716f1\comctl32.dll MOD - [2015/04/10 01:17:55 | 001,018,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\UIAutomationCore.dll MOD - [2015/04/01 03:31:00 | 001,207,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dbghelp.dll MOD - [2015/03/23 22:45:04 | 000,257,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sechost.dll MOD - [2015/01/30 02:29:04 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atlthunk.dll MOD - [2015/01/29 19:34:45 | 001,488,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WindowsCodecs.dll MOD - [2015/01/23 06:02:33 | 000,560,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\SHCore.dll MOD - [2014/12/19 16:03:56 | 001,852,928 | ---- | M] (CNAMTS - GIE SESAM-Vitale) -- C:\Program Files (x86)\santesocial\srvsvcnam\SRVSVCNAM.exe MOD - [2014/12/19 09:25:28 | 000,602,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleaut32.dll MOD - [2014/11/08 11:38:23 | 000,021,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe MOD - [2014/10/31 03:24:42 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imgutil.dll MOD - [2014/10/31 00:38:56 | 001,612,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\crypt32.dll MOD - [2014/10/29 04:18:47 | 001,782,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\setupapi.dll MOD - [2014/10/29 04:18:47 | 000,241,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cfgmgr32.dll MOD - [2014/10/29 04:18:46 | 000,029,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kernel.appcore.dll MOD - [2014/10/29 04:18:44 | 000,255,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\powrprof.dll MOD - [2014/10/29 04:18:42 | 000,016,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\psapi.dll MOD - [2014/10/29 04:18:41 | 000,127,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devobj.dll MOD - [2014/10/29 04:15:39 | 000,035,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netutils.dll MOD - [2014/10/29 04:15:37 | 000,245,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll MOD - [2014/10/29 04:15:37 | 000,165,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntasn1.dll MOD - [2014/10/29 04:15:37 | 000,098,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\userenv.dll MOD - [2014/10/29 04:15:37 | 000,068,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netapi32.dll MOD - [2014/10/29 04:15:36 | 000,192,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rsaenh.dll MOD - [2014/10/29 04:15:36 | 000,154,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntmarta.dll MOD - [2014/10/29 04:15:36 | 000,110,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srvcli.dll MOD - [2014/10/29 04:15:36 | 000,021,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dsrole.dll MOD - [2014/10/29 04:15:32 | 000,059,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wkscli.dll MOD - [2014/10/29 04:15:32 | 000,051,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msasn1.dll MOD - [2014/10/29 04:15:31 | 000,115,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gpapi.dll MOD - [2014/10/29 04:15:31 | 000,096,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptsp.dll MOD - [2014/10/29 04:13:18 | 000,185,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\xmllite.dll MOD - [2014/10/29 04:12:51 | 000,087,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mpr.dll MOD - [2014/10/29 04:12:03 | 001,946,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d11.dll MOD - [2014/10/29 04:12:03 | 000,430,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dxgi.dll MOD - [2014/10/29 04:12:03 | 000,102,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dwmapi.dll MOD - [2014/10/29 04:11:32 | 000,031,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\avrt.dll MOD - [2014/10/29 04:10:54 | 001,287,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\propsys.dll MOD - [2014/10/29 04:10:54 | 000,278,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shlwapi.dll MOD - [2014/10/29 04:10:54 | 000,026,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\version.dll MOD - [2014/10/29 04:10:07 | 000,276,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winsta.dll MOD - [2014/10/29 04:10:07 | 000,052,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wtsapi32.dll MOD - [2014/10/29 04:10:01 | 000,569,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\clbcatq.dll MOD - [2014/10/29 04:07:09 | 000,370,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\AudioSes.dll MOD - [2014/10/29 04:07:01 | 000,331,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\MMDevAPI.dll MOD - [2014/10/29 04:07:01 | 000,136,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winmm.dll MOD - [2014/10/29 04:07:01 | 000,134,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winmmbase.dll MOD - [2014/10/29 04:06:28 | 000,800,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcrt.dll MOD - [2014/10/29 04:06:28 | 000,080,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\bcd.dll MOD - [2014/10/29 04:06:28 | 000,074,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll MOD - [2014/10/29 04:05:15 | 000,321,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ws2_32.dll MOD - [2014/10/29 04:05:15 | 000,052,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\profapi.dll MOD - [2014/10/29 04:05:14 | 000,120,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\IPHLPAPI.DLL MOD - [2014/10/29 04:05:14 | 000,030,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptbase.dll MOD - [2014/10/29 04:05:14 | 000,026,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winnsi.dll MOD - [2014/10/29 04:05:14 | 000,020,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nsi.dll MOD - [2014/10/29 03:00:28 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc_os.dll MOD - [2014/10/29 03:00:15 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll MOD - [2014/10/29 03:00:13 | 000,642,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\apphelp.dll MOD - [2014/10/29 03:00:11 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\davhlpr.dll MOD - [2014/10/29 02:59:50 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wsock32.dll MOD - [2014/10/29 02:59:49 | 000,141,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imm32.dll MOD - [2014/10/29 02:58:23 | 001,040,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kernel32.dll MOD - [2014/10/29 02:58:06 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\drprov.dll MOD - [2014/10/29 02:57:59 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\pcacli.dll MOD - [2014/10/29 02:57:31 | 000,169,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WinSCard.dll MOD - [2014/10/29 02:56:40 | 000,499,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sxs.dll MOD - [2014/10/29 02:55:53 | 000,171,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dinput8.dll MOD - [2014/10/29 02:51:01 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\olepro32.dll MOD - [2014/10/29 02:50:50 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx MOD - [2014/10/29 02:47:53 | 000,517,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dsound.dll MOD - [2014/10/29 02:40:34 | 000,224,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll MOD - [2014/10/29 02:35:58 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Query.dll MOD - [2014/10/29 02:32:29 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll MOD - [2014/10/29 02:29:05 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dlnashext.dll MOD - [2014/10/29 02:14:54 | 000,609,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll MOD - [2014/10/29 02:08:36 | 002,174,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10warp.dll MOD - [2014/10/29 02:06:27 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dnsapi.dll MOD - [2014/10/29 02:06:25 | 000,325,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wldap32.dll MOD - [2014/10/29 02:06:20 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dpapi.dll MOD - [2014/10/29 02:06:19 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\secur32.dll MOD - [2014/10/29 02:06:17 | 000,286,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mswsock.dll MOD - [2014/10/29 02:06:04 | 000,104,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sspicli.dll MOD - [2014/10/29 02:05:50 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msimg32.dll MOD - [2014/10/29 02:05:46 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\bcrypt.dll MOD - [2014/10/29 02:05:41 | 000,137,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptnet.dll MOD - [2014/10/29 02:05:33 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samlib.dll MOD - [2014/10/29 02:05:32 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasadhlp.dll MOD - [2014/10/29 02:05:25 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samcli.dll MOD - [2014/10/29 02:05:12 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devrtl.dll MOD - [2014/10/29 02:05:02 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\OnDemandConnRouteHelper.dll MOD - [2014/10/29 02:04:34 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntlanman.dll MOD - [2014/10/29 02:04:21 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cscapi.dll MOD - [2014/10/29 02:03:37 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\icm32.dll MOD - [2014/10/29 02:03:12 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasman.dll MOD - [2014/10/29 02:02:54 | 000,087,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\DevDispItemProvider.dll MOD - [2014/10/29 02:00:02 | 000,251,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dcomp.dll MOD - [2014/10/29 01:59:28 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll MOD - [2014/10/29 01:58:41 | 000,246,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WindowsCodecsExt.dll MOD - [2014/10/29 01:58:34 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msimtf.dll MOD - [2014/10/29 01:58:05 | 000,306,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleacc.dll MOD - [2014/10/29 01:57:46 | 000,254,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\UIAnimation.dll MOD - [2014/10/29 01:57:42 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mlang.dll MOD - [2014/10/29 01:56:21 | 000,631,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winhttp.dll MOD - [2014/10/29 01:55:27 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ninput.dll MOD - [2014/10/29 01:55:11 | 000,503,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mscms.dll MOD - [2014/10/29 01:49:12 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\tiptsf.dll MOD - [2014/10/29 01:48:28 | 000,949,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\uxtheme.dll MOD - [2014/10/29 01:48:01 | 001,142,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll MOD - [2014/10/29 01:45:16 | 000,397,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winspool.drv MOD - [2014/10/29 01:45:07 | 000,573,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PortableDeviceApi.dll MOD - [2014/10/29 01:44:46 | 000,677,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntshrui.dll MOD - [2014/10/29 01:43:55 | 000,624,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasapi32.dll MOD - [2014/10/29 01:30:15 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PlayToDevice.dll MOD - [2014/06/06 22:28:34 | 000,126,336 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWOW64\atiuxpag.dll MOD - [2014/06/06 22:28:16 | 001,107,384 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWOW64\aticfx32.dll MOD - [2014/06/06 22:27:54 | 008,764,952 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWOW64\atidxx32.dll MOD - [2014/03/18 16:40:53 | 000,148,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\slc.dll MOD - [2014/03/18 16:40:53 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sppc.dll MOD - [2013/08/03 05:40:17 | 000,653,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_5094ca96bcb6b2bb\msvcr90.dll MOD - [2013/08/03 05:40:17 | 000,570,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_5094ca96bcb6b2bb\msvcp90.dll MOD - [2012/07/27 21:51:34 | 000,066,496 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll MOD - [2012/07/27 21:51:32 | 000,063,944 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [color=#E56717]========== Services (All) ==========[/color] SRV - [2016/02/24 11:59:01 | 000,194,032 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) SRV - [2015/11/01 16:24:42 | 000,147,624 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2015/09/28 09:19:10 | 000,025,800 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe -- (HPSupportSolutionsFrameworkService) SRV - [2015/08/31 17:56:50 | 000,144,200 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe -- (gupdatem) SRV - [2015/08/31 17:56:50 | 000,144,200 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe -- (gupdate) SRV - [2015/07/01 22:37:18 | 000,198,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\WebClnt.dll -- (WebClient) SRV - [2015/06/15 22:16:41 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\windows\SysWow64\msiexec.exe -- (msiserver) SRV - [2015/05/07 16:05:40 | 000,367,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc) SRV - [2015/04/28 15:39:48 | 001,102,472 | ---- | M] (Hewlett-Packard Company) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex) SRV - [2015/04/01 03:12:53 | 000,710,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\windows\SysWow64\SearchIndexer.exe -- (WSearch) SRV - [2014/12/25 10:17:09 | 000,265,808 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2014/10/29 04:50:12 | 002,987,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2014/10/29 04:09:40 | 000,017,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysWow64\dllhost.exe -- (COMSysApp) SRV - [2014/10/29 02:59:46 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv) SRV - [2014/10/29 02:51:55 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc) SRV - [2014/10/29 02:46:07 | 000,183,296 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess) SRV - [2014/10/29 02:38:42 | 000,034,304 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\WcsPlugInService.dll -- (WcsPlugInService) SRV - [2014/10/29 02:34:59 | 000,254,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv) SRV - [2014/10/29 02:25:07 | 001,534,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\pla.dll -- (pla) SRV - [2014/10/29 02:19:39 | 000,106,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\servicing\TrustedInstaller.exe -- (TrustedInstaller) SRV - [2014/10/29 02:05:58 | 000,292,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp) SRV - [2014/10/29 02:04:45 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost) SRV - [2014/10/29 02:04:13 | 000,010,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\wpcsvc.dll -- (WPCSvc) SRV - [2014/10/29 02:02:34 | 000,695,296 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\netlogon.dll -- (Netlogon) SRV - [2014/10/29 02:01:27 | 000,046,592 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\keyiso.dll -- (KeyIso) SRV - [2014/10/29 02:00:55 | 000,084,992 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\wdi.dll -- (WdiSystemHost) SRV - [2014/10/29 02:00:55 | 000,084,992 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\wdi.dll -- (WdiServiceHost) SRV - [2014/10/29 01:57:39 | 000,261,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\qwave.dll -- (QWAVE) SRV - [2014/10/29 01:56:21 | 000,631,808 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2014/10/29 01:55:10 | 000,367,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem) SRV - [2014/10/29 01:52:47 | 002,170,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\WsmSvc.dll -- (WinRM) SRV - [2014/10/29 01:49:09 | 000,576,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection) SRV - [2014/10/29 01:42:30 | 000,366,080 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider) SRV - [2014/10/29 01:42:08 | 000,331,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\upnphost.dll -- (upnphost) SRV - [2014/10/29 01:40:28 | 000,296,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\SessEnv.dll -- (SessionEnv) SRV - [2014/04/16 00:33:38 | 000,050,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe -- (aspnet_state) SRV - [2014/04/02 15:45:42 | 000,475,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS) SRV - [2014/04/02 15:45:42 | 000,066,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\w3logsvc.dll -- (w3logsvc) SRV - [2014/04/02 15:45:42 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2014/03/21 07:14:56 | 000,051,712 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\tbaseprovisioning.exe -- (tbaseprovisioning) SRV - [2014/03/18 18:37:26 | 000,043,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0) SRV - [2014/03/03 15:05:44 | 000,023,040 | ---- | M] (MUST info) [Auto | Running] -- C:\Program Files (x86)\MediMust\Outils\Sauvegarder_MediMustv2.0\service\Service_sauvegarde.exe -- (Postgres_Backup) SRV - [2014/01/23 06:54:32 | 000,150,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2013/08/22 05:12:15 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\perfhost.exe -- (PerfHost) SRV - [2013/04/02 04:27:32 | 000,079,872 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\9.2\bin\pg_ctl.exe -- (postgresql-9.2) SRV - [2012/03/16 21:39:58 | 000,476,728 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) [color=#E56717]========== Driver Services (All) ==========[/color] [color=#E56717]========== Standard Registry (All) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\System32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/ IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPDSK14/3 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/ IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPDSK14/3 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/ IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3514722453-3218668315-90442094-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm IE - HKU\S-1-5-21-3514722453-3218668315-90442094-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/ IE - HKU\S-1-5-21-3514722453-3218668315-90442094-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-21-3514722453-3218668315-90442094-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-3514722453-3218668315-90442094-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-3514722453-3218668315-90442094-1001\..\SearchScopes,DefaultScope = {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} IE - HKU\S-1-5-21-3514722453-3218668315-90442094-1001\..\SearchScopes\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 IE - HKU\S-1-5-21-3514722453-3218668315-90442094-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-3514722453-3218668315-90442094-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3514722453-3218668315-90442094-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.countryCode: "FR" FF - prefs.js..browser.search.region: "FR" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:43.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.66.2: C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.66.2: C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2016/02/24 11:56:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 44.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 44.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 38.6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 38.6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2015/07/27 08:58:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jacqueline\AppData\Roaming\mozilla\Extensions [2016/01/08 09:28:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jacqueline\AppData\Roaming\mozilla\Firefox\Profiles\5h8g5fox.default-1442568323441\extensions [2015/09/18 10:18:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [color=#E56717]========== Chrome ==========[/color] O1 HOSTS File: ([2013/08/22 14:25:41 | 000,000,824 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKU\S-1-5-21-3514722453-3218668315-90442094-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) O4 - HKLM..\Run: [FbNotifications] C:\Program Files (x86)\Goto.Games\Funbridge2\FbNotificationsComServer.exe (Goto.Games) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [sfagent] C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe File not found O4 - HKLM..\Run: [SrvSVCNAM] C:\Program Files (x86)\santesocial\srvsvcnam\SRVSVCNAM.exe (CNAMTS - GIE SESAM-Vitale) O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Oracle Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5.hp.com/WCLWeb/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9E82796-9265-46D9-AF93-996EB0861057}: DhcpNameServer = 192.168.0.254 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O29 - HKLM SecurityProviders - (credssp.dll) - C:\windows\SysWow64\credssp.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\windows\SysWow64\msv1_0.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2015/02/02 14:26:06 | 000,000,016 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2016/01/29 12:09:03 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ] O32 - AutoRun File - [2016/01/29 12:09:03 | 000,000,000 | RHSD | M] - D:\Autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MCODS - Reg Error: Value error. SafeBootMin: mcpltsvc - SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: TBS - Service SafeBootMin: vga.sys - Driver SafeBootMin: vgasave.sys - Driver SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {9DA2B80F-F89F-4A49-A5C2-511B085B9E8A} - Enhanced Storage Devices SafeBootMin: {A0A588A4-C46F-4B37-B7EA-C82FE89870C6} - SDA Standard Compliant SD Host Controller SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: MCODS - Reg Error: Value error. SafeBootNet: mcpltsvc - SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: ntrexeservice - Service SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdpencdd.sys - Driver SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: SmartcardSimulator - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TBS - Service SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: vgasave.sys - Driver SafeBootNet: VirtualSmartcardReader - Driver SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {9DA2B80F-F89F-4A49-A5C2-511B085B9E8A} - Enhanced Storage Devices SafeBootNet: {A0A588A4-C46F-4B37-B7EA-C82FE89870C6} - SDA Standard Compliant SD Host Controller SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices 77.CREATERESTOREPOINT Restore point Set: OTL Restore Point [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2016/02/24 14:07:07 | 000,000,000 | ---D | C] -- C:\Users\jacqueline\AppData\Roaming\TouchDRL [2016/02/24 11:54:29 | 000,000,000 | ---D | C] -- C:\Users\jacqueline\AppData\Roaming\AVAST Software [2016/02/24 11:54:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software [2016/02/24 11:52:10 | 000,052,184 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr [2016/02/17 08:58:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2016/02/11 10:10:54 | 000,000,000 | ---D | C] -- C:\windows\Minidump [2016/02/10 09:24:43 | 000,702,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\CPFilters.dll [2016/02/10 09:24:39 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\EncDec.dll [2016/02/10 09:24:34 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mtxoci.dll [2016/02/10 09:24:33 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msorcl32.dll [2016/02/10 09:24:21 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cfgbkend.dll [2016/02/10 09:23:39 | 005,267,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\glcndFilter.dll [2016/02/10 09:23:39 | 005,264,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Data.Pdf.dll [2016/02/10 09:19:26 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\certcli.dll [2016/02/10 09:18:19 | 012,879,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\twinui.dll [2016/02/10 09:18:16 | 002,464,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll [2016/02/10 09:15:31 | 001,564,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\combase.dll [2016/02/10 09:15:31 | 000,548,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WinTypes.dll [2016/02/10 09:15:31 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wincorlib.dll [2016/02/10 09:15:22 | 000,578,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WinSync.dll [2016/02/10 09:14:40 | 002,050,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl [2016/02/10 09:14:39 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll [2016/02/10 09:14:39 | 000,663,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll [2016/02/10 09:14:29 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuapi.dll [2016/02/10 09:14:28 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuwebv.dll [2016/02/10 09:14:28 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wudriver.dll [2016/02/10 09:14:28 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuapp.exe [2016/02/04 09:32:53 | 000,000,000 | ---D | C] -- C:\Users\jacqueline\AppData\Local\G DATA [2016/02/03 10:42:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\G DATA [2016/02/03 10:38:32 | 000,000,000 | ---D | C] -- C:\ProgramData\G Data [2016/01/30 08:42:32 | 000,000,000 | ---D | C] -- C:\KVRT_Data [2016/01/29 12:09:03 | 000,000,000 | RHSD | C] -- C:\Autorun.inf [2016/01/29 11:40:55 | 000,000,000 | ---D | C] -- C:\UsbFix [2016/01/26 08:43:55 | 000,000,000 | ---D | C] -- C:\Users\jacqueline\Doctor Web [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2016/02/24 22:25:12 | 000,001,146 | ---- | M] () -- C:\Users\jacqueline\Desktop\OTL.exe - Raccourci.lnk [2016/02/24 22:23:20 | 000,001,082 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2016/02/24 22:22:45 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2016/02/24 19:20:48 | 000,000,490 | ---- | M] () -- C:\Instal.reg [2016/02/24 19:17:20 | 000,001,086 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2016/02/24 15:03:02 | 003,920,134 | ---- | M] () -- C:\windows\SysWow64\rootpa.e2e [2016/02/24 15:02:19 | 000,000,507 | ---- | M] () -- C:\windows\SESAM.INI [2016/02/24 15:02:16 | 000,000,056 | ---- | M] () -- C:\CNDA.INI [2016/02/24 14:59:13 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2016/02/24 14:59:12 | 2951,303,168 | -HS- | M] () -- C:\hiberfil.sys [2016/02/24 12:27:24 | 000,026,163 | ---- | M] () -- C:\Users\jacqueline\Documents\CONTRAT DE REMPLACEMENT REGULIER (3)SAAL.odt [2016/02/24 12:27:24 | 000,026,163 | ---- | M] () -- C:\Users\jacqueline\Desktop\CONTRAT DE REMPLACEMENT REGULIER (3)SAAL.odt [2016/02/24 11:52:10 | 000,052,184 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr [2016/02/22 18:25:54 | 000,000,362 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForjacqueline.job [2016/02/22 10:07:04 | 000,000,432 | ---- | M] () -- C:\THALWIN.BAT [2016/02/22 09:51:08 | 000,000,432 | ---- | M] () -- C:\THALWIN.BAK [2016/02/07 18:58:00 | 000,021,993 | ---- | M] () -- C:\Users\jacqueline\Documents\COURRIER BNP.odt [2016/02/04 10:05:57 | 000,000,000 | ---- | M] () -- C:\windows\topsecret.INI [2016/02/04 10:05:56 | 000,000,000 | ---- | M] () -- C:\windows\GDDevCtrl.INI [2016/02/02 03:37:41 | 000,828,920 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2016/02/02 03:37:41 | 000,176,632 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [color=#E56717]========== Files Created - No Company Name ==========[/color] [2016/02/24 22:25:12 | 000,001,146 | ---- | C] () -- C:\Users\jacqueline\Desktop\OTL.exe - Raccourci.lnk [2016/02/24 13:09:16 | 000,026,163 | ---- | C] () -- C:\Users\jacqueline\Documents\CONTRAT DE REMPLACEMENT REGULIER (3)SAAL.odt [2016/02/24 12:26:53 | 000,026,163 | ---- | C] () -- C:\Users\jacqueline\Desktop\CONTRAT DE REMPLACEMENT REGULIER (3)SAAL.odt [2016/02/22 17:39:49 | 000,000,362 | ---- | C] () -- C:\windows\tasks\HPCeeScheduleForjacqueline.job [2016/02/07 18:10:59 | 000,021,993 | ---- | C] () -- C:\Users\jacqueline\Documents\COURRIER BNP.odt [2016/02/04 10:05:57 | 000,000,000 | ---- | C] () -- C:\windows\topsecret.INI [2016/02/04 10:05:56 | 000,000,000 | ---- | C] () -- C:\windows\GDDevCtrl.INI [2016/01/19 15:02:56 | 000,000,132 | ---- | C] () -- C:\windows\wininit.ini [2015/06/01 15:47:36 | 000,254,976 | ---- | C] () -- C:\windows\SysWow64\SMSEQ.DLL [2015/06/01 15:47:36 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\SMOOTHS.DLL [2015/06/01 15:47:36 | 000,014,048 | ---- | C] () -- C:\windows\SysWow64\SMOOTH16.DLL [2015/06/01 15:47:36 | 000,010,720 | ---- | C] () -- C:\windows\SysWow64\SCRLIB.DLL [2015/06/01 15:47:35 | 000,009,984 | ---- | C] () -- C:\windows\SysWow64\BTDESIGN.DLL [2015/04/22 08:37:20 | 000,107,008 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll [2015/04/22 08:34:29 | 000,046,080 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll [2015/02/02 13:11:46 | 000,305,664 | ---- | C] () -- C:\windows\BKL_CPS.DLL [2015/02/02 13:11:46 | 000,057,344 | ---- | C] () -- C:\windows\cgcode32.dll [2015/02/02 13:11:44 | 000,262,864 | ---- | C] () -- C:\windows\SysWow64\Bole16.dll [2015/02/02 13:11:44 | 000,228,902 | ---- | C] () -- C:\windows\SysWow64\Vmpeg.dll [2015/02/02 13:11:44 | 000,034,283 | ---- | C] () -- C:\windows\LHA.EXE [2015/02/02 13:11:44 | 000,024,094 | ---- | C] () -- C:\windows\SysWow64\Mcivmpeg.drv [2015/02/02 13:11:44 | 000,003,570 | ---- | C] () -- C:\windows\Spot.ini [2015/02/02 13:11:44 | 000,001,986 | ---- | C] () -- C:\windows\Socket.ini [2015/02/02 13:11:41 | 000,180,096 | ---- | C] () -- C:\windows\SysWow64\LTKRN61W.DLL [2015/02/02 13:11:41 | 000,140,928 | ---- | C] () -- C:\windows\SysWow64\LFCMP61W.DLL [2015/02/02 13:11:41 | 000,110,592 | ---- | C] () -- C:\windows\SysWow64\UNLHA.DLL [2015/02/02 13:11:41 | 000,055,136 | ---- | C] () -- C:\windows\SysWow64\LTIMG61W.DLL [2015/02/02 13:11:41 | 000,046,080 | ---- | C] () -- C:\windows\SysWow64\Oc25fra.dll [2015/02/02 13:11:41 | 000,025,216 | ---- | C] () -- C:\windows\SysWow64\LTFIL61W.DLL [2015/02/02 13:11:41 | 000,016,800 | ---- | C] () -- C:\windows\SysWow64\LTTWN61W.DLL [2015/02/02 13:11:41 | 000,010,304 | ---- | C] () -- C:\windows\SysWow64\LFBMP61W.DLL [2015/02/02 13:11:41 | 000,007,008 | ---- | C] () -- C:\windows\SysWow64\SETUPKIT.DLL [2015/02/02 13:11:41 | 000,004,416 | ---- | C] () -- C:\windows\SysWow64\REGOCX16.EXE [2015/02/02 13:11:32 | 000,343,040 | ---- | C] () -- C:\windows\SysWow64\lffpx7.dll [2015/02/02 13:11:32 | 000,116,736 | ---- | C] () -- C:\windows\SysWow64\lfkodak.dll [2015/02/02 13:11:32 | 000,068,096 | ---- | C] () -- C:\windows\SysWow64\lfplt11n.dll [2015/02/02 13:11:31 | 000,258,048 | ---- | C] () -- C:\windows\SysWow64\Unlha32.dll [2015/02/02 13:11:31 | 000,250,368 | ---- | C] () -- C:\windows\THLFILES.DLL [2015/01/12 09:58:36 | 000,000,044 | ---- | C] () -- C:\windows\RSS.INI [2015/01/12 09:55:45 | 000,000,507 | ---- | C] () -- C:\windows\SESAM.INI [2015/01/12 09:55:42 | 000,045,056 | ---- | C] () -- C:\windows\ATLW32.DLL [2015/01/12 09:55:41 | 000,024,064 | ---- | C] () -- C:\windows\FTUASETU.EXE [2015/01/12 09:55:40 | 000,000,407 | ---- | C] () -- C:\windows\EMAILWIN.INI [2014/12/26 18:09:06 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2014/10/20 09:09:25 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe [2014/10/20 08:41:56 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin [2014/06/12 12:29:40 | 000,000,645 | ---- | C] () -- C:\windows\galss.ini [2014/06/06 19:53:58 | 000,995,342 | ---- | C] () -- C:\windows\SysWow64\amdocl_as32.exe [2014/06/06 19:53:58 | 000,798,734 | ---- | C] () -- C:\windows\SysWow64\amdocl_ld32.exe [2014/06/06 18:48:00 | 000,204,952 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat [2014/06/06 18:48:00 | 000,157,144 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat [2014/06/06 18:26:06 | 000,123,392 | ---- | C] () -- C:\windows\SysWow64\amdhdl32.dll [2014/04/02 15:45:51 | 001,855,518 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2014/03/21 07:14:56 | 000,002,473 | ---- | C] () -- C:\windows\SysWow64\tbaseprovisioning.exe.config [2014/03/18 16:40:52 | 000,002,255 | ---- | C] () -- C:\windows\SysWow64\WimBootCompress.ini [color=#E56717]========== ZeroAccess Check ==========[/color] [2014/10/20 09:00:23 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2016/01/22 09:01:44 | 022,365,992 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2016/01/22 08:11:11 | 019,794,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2014/10/29 02:19:43 | 001,013,760 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2014/10/29 01:59:23 | 000,786,944 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2014/10/29 02:16:01 | 000,512,512 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2015/01/10 08:30:24 | 000,000,000 | ---D | M] -- C:\Users\Invité\AppData\Roaming\4D [2015/01/02 12:19:15 | 000,000,000 | ---D | M] -- C:\Users\Invité\AppData\Roaming\Goto.Games [2015/01/10 08:30:22 | 000,000,000 | ---D | M] -- C:\Users\Invité\AppData\Roaming\MediMust 10_03c [2016/02/24 19:46:29 | 000,000,000 | ---D | M] -- C:\Users\jacqueline\AppData\Roaming\4D [2016/01/19 11:53:46 | 000,000,000 | ---D | M] -- C:\Users\jacqueline\AppData\Roaming\apilec [2016/02/24 11:54:29 | 000,000,000 | ---D | M] -- C:\Users\jacqueline\AppData\Roaming\AVAST Software [2015/01/14 12:12:59 | 000,000,000 | ---D | M] -- C:\Users\jacqueline\AppData\Roaming\Canon Electronics [2015/01/19 09:47:57 | 000,000,000 | ---D | M] -- C:\Users\jacqueline\AppData\Roaming\ComptaMust 7_03a [2015/01/09 15:11:36 | 000,000,000 | ---D | M] -- C:\Users\jacqueline\AppData\Roaming\FileZilla [2015/10/02 18:11:39 | 000,000,000 | ---D | M] -- C:\Users\jacqueline\AppData\Roaming\Foxit Software [2014/12/24 18:25:59 | 000,000,000 | ---D | M] -- C:\Users\jacqueline\AppData\Roaming\Goto.Games [2015/10/30 16:14:05 | 000,000,000 | ---D | M] -- C:\Users\jacqueline\AppData\Roaming\MediMust 10_03c [2016/01/19 14:08:31 | 000,000,000 | ---D | M] -- C:\Users\jacqueline\AppData\Roaming\MediMust 10_04h [2015/01/15 16:00:18 | 000,000,000 | ---D | M] -- C:\Users\jacqueline\AppData\Roaming\OpenOffice [2015/01/21 15:44:11 | 000,000,000 | ---D | M] -- C:\Users\jacqueline\AppData\Roaming\postgresql [2015/06/09 10:46:44 | 000,000,000 | ---D | M] -- C:\Users\jacqueline\AppData\Roaming\TeamViewer [2015/09/10 09:08:11 | 000,000,000 | ---D | M] -- C:\Users\jacqueline\AppData\Roaming\Thunderbird [2016/02/24 14:58:13 | 000,000,000 | ---D | M] -- C:\Users\jacqueline\AppData\Roaming\TouchDRL [2014/12/25 10:16:42 | 000,000,000 | ---D | M] -- C:\Users\jacqueline\AppData\Roaming\WildTangent [2015/01/29 16:37:13 | 000,000,000 | ---D | M] -- C:\Users\jacqueline\AppData\Roaming\Windows Live Writer [2015/12/17 09:04:32 | 000,000,000 | ---D | M] -- C:\Users\jacqueline\AppData\Roaming\ZHP [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< 1.HKCU\Software >[/color] [2013/08/22 15:45:54 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT [2014/12/25 10:11:28 | 000,001,082 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineCore.job [2014/12/25 10:11:29 | 000,001,086 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineUA.job [2016/02/22 17:39:49 | 000,000,362 | ---- | C] () -- C:\windows\Tasks\HPCeeScheduleForjacqueline.job [color=#A23BEC]< >[/color] [color=#A23BEC]< 2.HKCU\Software\AppDataLow /s >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< 3.HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /s >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< 4.HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /s >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< 5.HKLM\Software >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< 6.HKCU\Software\Microsoft\Command Processor /s >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< 7.HKLM\Software\Microsoft\Command Processor /s >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< 8.HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /s >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< 9.HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /s >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< 10.HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /s >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< 11.HKLM\System\CurrentControlSet\Control\Session Manager\AppcertDlls /s >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< 12.%Homedrive%\* >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< 13.%Homedrive%\*. >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< 14.%Homedrive%\Recycler\*.exe /s >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< 15.%Homedrive%\Recycler\*.scr /s >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< 16.%Homedrive%\Recycler\*.pif /s >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< 17.%Homedrive%\Recycler\*.vb* /s >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< 18.%Homedrive%\$Recycle.bin\*.exe /s >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< 19.%Homedrive%\$Recycle.bin\*.scr /s >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< 20.%Homedrive%\$Recycle.bin\*.pif /s >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< 21.%Homedrive%\$Recycle.bin\*.vb* /s >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< 22.%Userprofile%\* >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< 23.%Userprofile%\*. >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< 24.%Allusersprofile%\* >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< 25.%Allusersprofile%\*. >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< 26.%LocalAppData%\* >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< 27.%LocalAppData%\*. >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< 28.%Userprofile%\Local Settings\* >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< 29.%Userprofile%\Local Settings\*. >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< 30.%Userprofile%\Local Settings\Application Data\* >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< 31.%Userprofile%\Local Settings\Application Data\*. >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< 32.%Userprofile%\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\* >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< 33.%Userprofile%\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\*. >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< 34.%Userprofile%\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\* >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< 35.%Userprofile%\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\*. >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< 36.%programFiles%\* >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< 37.%programFiles%\*. >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< 38.%programfiles%\Google\Desktop\*. >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< 39.%ProgramFiles%\Common Files\*. >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< 40.%ProgramFiles(X86)%\Common Files\*. >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< 41.%Systemroot%\Installer\*. >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< 42.%Systemroot%\Temp\*.exe /s >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< 43.%systemroot%\system32\*.dll /lockedfiles >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< 44.%systemroot%\system32\*.exe /lockedfiles >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< 45.%systemroot%\system32\*.in* >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< 46.%systemroot%\PSS\* /s >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< 47.%systemroot%\Tasks\* >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< 48.%systemroot%\Tasks\*. >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< 49.%systemroot%\system32\Tasks\* >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< 50.%systemroot%\system32\Tasks\*. >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< 51.%systemroot%\syswow64\Tasks\* >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< 52.%systemroot%\syswow64\Tasks\*. >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< 53.%systemroot%\system32\drivers\*.sy* /lockedfiles >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< 54.%systemroot%\system32\config\*.exe /s >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< 55.%Systemroot%\ServiceProfiles\*.exe /s >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< 56.%systemroot%\system32\*.sys >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< 57.dir %Homedrive%\* /S /A:L /C >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< 58.msconfig >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< 59.activex >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< >[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 220 bytes -> C:\Users\jacqueline\OneDrive:ms-properties < End of report >