OTL logfile created on: 16/05/2016 16:01:29 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\SAMSUNG\Downloads\Programs Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy 1013,30 Mb Total Physical Memory | 80,66 Mb Available Physical Memory | 7,96% Memory free 1,99 Gb Paging File | 0,87 Gb Available in Paging File | 43,91% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 50,00 Gb Total Space | 23,43 Gb Free Space | 46,85% Space Free | Partition Type: NTFS Drive D: | 166,57 Gb Total Space | 93,31 Gb Free Space | 56,02% Space Free | Partition Type: NTFS Computer Name: SAMSUNG-PC | User Name: SAMSUNG | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2016/05/16 15:54:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\SAMSUNG\Downloads\Programs\OTL.exe PRC - [2016/05/12 10:48:12 | 007,400,576 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\avastui.exe PRC - [2016/05/11 12:23:25 | 000,243,296 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2016/05/11 12:20:26 | 000,370,656 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe PRC - [2016/05/11 11:48:49 | 000,881,304 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe PRC - [2016/03/11 20:29:34 | 006,667,992 | ---- | M] (Piriform Ltd) -- C:\Program Files\CCleaner\CCleaner.exe PRC - [2014/05/15 17:33:54 | 003,829,328 | R--- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe PRC - [2013/11/07 11:17:30 | 000,269,848 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe PRC - [2010/11/20 21:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/11/20 21:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010/11/20 21:29:10 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2008/08/02 09:57:14 | 001,757,184 | ---- | M] () -- C:\Program Files\ESRI\License\arcgis9x\ARCGIS.EXE PRC - [2008/08/02 09:57:14 | 001,431,440 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2016/05/11 12:23:53 | 000,123,344 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\log.dll MOD - [2016/05/11 12:23:51 | 000,479,680 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\ffl2.dll MOD - [2016/05/11 12:23:27 | 000,135,816 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\JsonRpcServer.dll MOD - [2016/05/11 11:48:37 | 017,565,848 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\50.0.2661.102\PepperFlash\pepflashplayer.dll MOD - [2016/03/11 20:31:50 | 000,065,536 | ---- | M] () -- C:\Program Files\CCleaner\Lang\lang-1036.dll MOD - [2016/02/07 13:44:47 | 040,539,648 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\libcef.dll MOD - [2014/02/10 12:44:24 | 004,592,128 | ---- | M] () -- C:\Users\SAMSUNG\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll MOD - [2014/02/10 12:44:24 | 000,112,128 | ---- | M] () -- C:\Users\SAMSUNG\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - [2016/05/13 14:18:33 | 000,269,504 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2016/05/11 12:23:25 | 000,243,296 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2016/05/11 12:20:26 | 000,370,656 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall) SRV - [2009/07/14 01:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008/08/02 09:57:14 | 001,431,440 | ---- | M] (Acresso Software Inc.) [Auto | Running] -- C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe -- (ArcGIS License Manager) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2016/05/11 12:24:58 | 000,124,808 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswStm.sys -- (aswStm) DRV - [2016/05/11 12:24:56 | 000,221,368 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm) DRV - [2016/05/11 12:24:55 | 000,449,640 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2016/05/11 12:24:54 | 000,058,776 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt) DRV - [2016/05/11 12:24:53 | 000,091,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr) DRV - [2016/05/11 12:24:53 | 000,091,168 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2016/05/11 12:24:53 | 000,032,792 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswHwid.sys -- (aswHwid) DRV - [2016/05/11 12:22:14 | 000,815,792 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2016/05/11 12:22:11 | 000,035,096 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd) DRV - [2016/05/11 12:20:29 | 000,334,776 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswNetSec.sys -- (aswNetSec) DRV - [2016/04/13 18:49:12 | 000,026,776 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\aswNetNd6.sys -- (aswNetNd6) DRV - [2013/12/12 05:46:28 | 010,382,576 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwsn00.sys -- (NETwNs32) DRV - [2013/11/28 00:24:18 | 000,108,000 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP) DRV - [2010/11/20 21:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 21:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010/11/20 21:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc) DRV - [2010/11/20 21:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010/11/20 21:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/11/20 21:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010/11/20 21:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2010/11/20 21:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010/11/20 21:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009/07/13 23:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009/07/13 23:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.globasearch.com/?serie=219&b=3&installkey=hLuiNWvyXQy3aXkhMC6k IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.globasearch.com/?serie=219&installkey=hLuiNWvyXQy3aXkhMC6k&b=3&q={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2137221974-1873688461-3697685379-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.globasearch.com/?serie=219&b=3&installkey=hLuiNWvyXQy3aXkhMC6k IE - HKU\S-1-5-21-2137221974-1873688461-3697685379-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2137221974-1873688461-3697685379-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.countryCode: "MA" FF - prefs.js..browser.search.region: "MA" FF - prefs.js..browser.startup.homepage: "http://www.globasearch.com/?serie=219&b=2&installkey=hLuiNWvyXQy3aXkhMC6k" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:43.0.4 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_242.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2016/05/11 12:25:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\sp@avast.com: C:\Program Files\Alwil Software\Avast5\SafePrice\FF [2016/05/11 12:25:24 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\SAMSUNG\AppData\Roaming\IDM\idmmzcc5 [2016/03/15 13:07:05 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc2@internetdownloadmanager.com: C:\Program Files\Internet Download Manager\idmmzcc2.xpi FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\SAMSUNG\AppData\Roaming\IDM\idmmzcc5 [2016/03/15 13:07:05 | 000,000,000 | ---D | M] [2016/02/04 20:06:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SAMSUNG\AppData\Roaming\mozilla\Extensions [2016/02/10 13:05:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SAMSUNG\AppData\Roaming\mozilla\Firefox\Profiles\ek897z94.default\extensions [color=#E56717]========== Chrome ==========[/color] CHR - Extension: No name found = C:\Users\SAMSUNG\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck\11.1.0.221_0\ CHR - Extension: No name found = C:\Users\SAMSUNG\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn\6.19.8_0\ CHR - Extension: No name found = C:\Users\SAMSUNG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\ O1 HOSTS File: ([2009/06/10 21:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software) O4 - HKU\S-1-5-21-2137221974-1873688461-3697685379-1000..\Run: [CCleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd) O4 - HKU\S-1-5-21-2137221974-1873688461-3697685379-1000..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd) O4 - HKU\S-1-5-21-2137221974-1873688461-3697685379-1000..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.) O4 - HKU\S-1-5-21-2137221974-1873688461-3697685379-1000..\Run: [VEFLSQM] wscript.exe //B //E:vbs "C:\Users\SAMSUNG\AppData\Local\Temp\VEFLSQM" File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1 O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Télécharger avec Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm () O8 - Extra context menu item: Télécharger tous les liens avec Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm () O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C7A5076-616C-4322-9734-2C2D65F78EE8}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C7A5076-616C-4322-9734-2C2D65F78EE8}: NameServer = 8.8.8.8,8.8.4.4 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2013/09/22 21:39:48 | 000,014,679 | -HS- | M] () - D:\AUTOEXE -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: [b]Adobe ARM[/b] - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: [b]BCSSync[/b] - hkey= - key= - C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) MsConfig - StartUpReg: [b]IDMan[/b] - hkey= - key= - C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.) MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\50.0.2661.102\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2016/05/11 12:25:27 | 000,334,280 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2016/05/11 12:23:56 | 000,052,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2016/04/13 18:54:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software [2016/04/13 18:50:56 | 000,334,776 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswNetSec.sys [2016/04/13 18:49:12 | 000,026,776 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswNetNd6.sys [2016/04/11 17:26:33 | 000,000,000 | ---D | C] -- C:\Users\SAMSUNG\Desktop\malak [2016/04/11 17:25:39 | 000,000,000 | ---D | C] -- C:\Users\SAMSUNG\Desktop\clé usb mama [2016/04/11 17:24:52 | 000,000,000 | ---D | C] -- C:\Users\SAMSUNG\Desktop\abderrahim [2016/04/11 17:23:59 | 000,000,000 | ---D | C] -- C:\Users\SAMSUNG\Desktop\logiciel pour netoyage de pc [2016/04/11 17:16:48 | 000,000,000 | ---D | C] -- C:\ProgramData\ccleaner sauveguarde [2016/04/11 16:56:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2016/04/11 16:56:28 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2016/04/10 14:27:55 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2016/04/09 15:57:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\16040901_stream [2016/03/23 23:21:04 | 000,000,000 | ---D | C] -- C:\Users\SAMSUNG\AppData\Local\videocapture [2016/03/23 23:11:26 | 000,000,000 | ---D | C] -- C:\Users\SAMSUNG\AppData\Local\Movavi [2016/03/23 23:11:15 | 000,000,000 | ---D | C] -- C:\Users\SAMSUNG\AppData\Local\VideoEditor [2016/03/23 23:08:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Movavi Video Editor 11 [2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2016/05/16 16:18:38 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2016/05/16 16:09:01 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2016/05/16 15:13:52 | 000,027,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2016/05/16 15:13:52 | 000,027,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2016/05/16 15:06:18 | 000,000,204 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job [2016/05/16 15:06:00 | 000,000,204 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job [2016/05/16 15:05:31 | 000,078,848 | ---- | M] () -- C:\Windows\KMSEmulator.exe [2016/05/16 15:03:41 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2016/05/16 15:03:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2016/05/16 15:03:10 | 796,889,088 | -HS- | M] () -- C:\hiberfil.sys [2016/05/13 14:18:31 | 000,797,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2016/05/13 14:18:31 | 000,142,528 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2016/05/12 16:14:51 | 000,695,004 | ---- | M] () -- C:\Windows\System32\perfh00C.dat [2016/05/12 16:14:51 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2016/05/12 16:14:51 | 000,127,684 | ---- | M] () -- C:\Windows\System32\perfc00C.dat [2016/05/12 16:14:51 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2016/05/11 12:24:58 | 000,124,808 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswStm.sys [2016/05/11 12:24:56 | 000,221,368 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswVmm.sys [2016/05/11 12:24:55 | 000,449,640 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2016/05/11 12:24:54 | 000,058,776 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRvrt.sys [2016/05/11 12:24:53 | 000,091,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys [2016/05/11 12:24:53 | 000,091,168 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2016/05/11 12:24:53 | 000,032,792 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswHwid.sys [2016/05/11 12:23:56 | 000,334,280 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2016/05/11 12:23:56 | 000,052,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2016/05/11 12:22:14 | 000,815,792 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2016/05/11 12:22:11 | 000,035,096 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys [2016/05/11 12:20:29 | 000,334,776 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswNetSec.sys [2016/05/08 11:57:23 | 000,001,387 | ---- | M] () -- C:\Users\SAMSUNG\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2016/04/19 19:16:24 | 000,000,000 | ---- | M] () -- C:\Windows\System32\last.dump [2016/04/13 18:49:12 | 000,026,776 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswNetNd6.sys [2016/04/11 13:57:48 | 000,000,988 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2016/03/27 19:34:17 | 000,396,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2016/03/23 23:08:16 | 000,004,972 | ---- | M] () -- C:\ProgramData\rxsmznjf.zcp [2016/03/23 23:08:16 | 000,000,016 | ---- | M] () -- C:\ProgramData\mntemp [2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2016/05/15 15:25:52 | 000,000,204 | ---- | C] () -- C:\Windows\tasks\AutoKMSDaily.job [2016/05/08 11:57:22 | 000,001,387 | ---- | C] () -- C:\Users\SAMSUNG\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2016/04/19 19:16:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\last.dump [2016/04/11 13:57:48 | 000,000,988 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2016/03/23 23:08:16 | 000,004,972 | ---- | C] () -- C:\ProgramData\rxsmznjf.zcp [2016/03/23 23:08:16 | 000,000,016 | ---- | C] () -- C:\ProgramData\mntemp [2016/02/07 14:44:24 | 000,000,865 | ---- | C] () -- C:\Windows\LAROUSSE.INI [2016/02/04 20:03:48 | 000,647,168 | ---- | C] () -- C:\Windows\AutoKMS.exe [2016/02/04 20:03:48 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini [2016/02/04 20:02:38 | 000,078,848 | ---- | C] () -- C:\Windows\KMSEmulator.exe [color=#E56717]========== ZeroAccess Check ==========[/color] [2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 21:29:11 | 012,872,192 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2016/02/09 10:33:32 | 000,000,000 | ---D | M] -- C:\Users\SAMSUNG\AppData\Roaming\AVAST Software [2016/05/16 15:54:00 | 000,000,000 | ---D | M] -- C:\Users\SAMSUNG\AppData\Roaming\DMCache [2016/03/10 19:48:23 | 000,000,000 | ---D | M] -- C:\Users\SAMSUNG\AppData\Roaming\ESRI [2016/05/16 15:54:07 | 000,000,000 | ---D | M] -- C:\Users\SAMSUNG\AppData\Roaming\IDM [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color] [color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color] [color=#A23BEC]< %APPDATA%\*. >[/color] [2016/03/13 17:33:42 | 000,000,000 | ---D | M] -- C:\Users\SAMSUNG\AppData\Roaming\Adobe [2016/02/09 10:33:32 | 000,000,000 | ---D | M] -- C:\Users\SAMSUNG\AppData\Roaming\AVAST Software [2016/05/16 15:54:00 | 000,000,000 | ---D | M] -- C:\Users\SAMSUNG\AppData\Roaming\DMCache [2016/03/10 19:48:23 | 000,000,000 | ---D | M] -- C:\Users\SAMSUNG\AppData\Roaming\ESRI [2016/02/04 18:28:30 | 000,000,000 | ---D | M] -- C:\Users\SAMSUNG\AppData\Roaming\Identities [2016/05/16 15:54:07 | 000,000,000 | ---D | M] -- C:\Users\SAMSUNG\AppData\Roaming\IDM [2010/11/21 00:47:05 | 000,000,000 | ---D | M] -- C:\Users\SAMSUNG\AppData\Roaming\Media Center Programs [2016/03/13 17:33:42 | 000,000,000 | --SD | M] -- C:\Users\SAMSUNG\AppData\Roaming\Microsoft [2016/02/04 20:06:24 | 000,000,000 | ---D | M] -- C:\Users\SAMSUNG\AppData\Roaming\Mozilla [2016/05/16 14:15:21 | 000,000,000 | ---D | M] -- C:\Users\SAMSUNG\AppData\Roaming\vlc [2016/02/04 20:01:53 | 000,000,000 | ---D | M] -- C:\Users\SAMSUNG\AppData\Roaming\WinRAR [color=#A23BEC]< %APPDATA%\*.exe /s >[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2009/07/14 01:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009/07/14 01:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009/07/14 01:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys [color=#A23BEC]< MD5 for: ALG.EXE >[/color] [2009/07/14 01:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) MD5=18A54E132947CD98FEA9ACCC57F98F13 -- C:\Windows\System32\alg.exe [2009/07/14 01:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) MD5=18A54E132947CD98FEA9ACCC57F98F13 -- C:\Windows\winsxs\x86_microsoft-windows-alg_31bf3856ad364e35_6.1.7600.16385_none_a8bfa843bc721ead\alg.exe [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2009/07/14 01:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009/07/14 01:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009/07/14 01:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2010/11/20 21:29:03 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\drivers\cdrom.sys [2010/11/20 21:29:03 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys [2010/11/20 21:29:03 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys [color=#A23BEC]< MD5 for: CNGAUDIT.DLL >[/color] [2009/07/14 01:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009/07/14 01:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [color=#A23BEC]< MD5 for: CSRSS.EXE >[/color] [2009/07/14 01:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\System32\csrss.exe [2009/07/14 01:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_58ba39fb456943bd\csrss.exe [color=#A23BEC]< MD5 for: CTFMON.EXE >[/color] [2009/07/14 01:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4A3CDCEF8ED41B221F3DBEF5792FB52D -- C:\Windows\System32\ctfmon.exe [2009/07/14 01:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4A3CDCEF8ED41B221F3DBEF5792FB52D -- C:\Windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe [color=#A23BEC]< MD5 for: DISK.SYS >[/color] [2009/07/14 01:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\drivers\disk.sys [2009/07/14 01:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_x86_neutral_b431b61a11f8df6c\disk.sys [2009/07/14 01:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_f99cd807d58018cb\disk.sys [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2010/11/20 21:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\explorer.exe [2010/11/20 21:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [color=#A23BEC]< MD5 for: I8042PRT.SYS >[/color] [2009/07/13 23:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- C:\Windows\System32\drivers\i8042prt.sys [2009/07/13 23:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_x86_neutral_50ad659974198591\i8042prt.sys [2009/07/13 23:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_x86_neutral_7a9084e0177406eb\i8042prt.sys [2009/07/13 23:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_9955d7c4373b0589\i8042prt.sys [2009/07/13 23:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_4e0a61a033aec8c3\i8042prt.sys [color=#A23BEC]< MD5 for: IASTORV.SYS >[/color] [2010/11/20 21:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\drivers\iaStorV.sys [2010/11/20 21:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010/11/20 21:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [color=#A23BEC]< MD5 for: INTELIDE.SYS >[/color] [2009/07/14 01:20:36 | 000,015,424 | ---- | M] (Microsoft Corporation) MD5=A0F12F2C9BA6C72F3987CE780E77C130 -- C:\Windows\System32\drivers\intelide.sys [2009/07/14 01:20:36 | 000,015,424 | ---- | M] (Microsoft Corporation) MD5=A0F12F2C9BA6C72F3987CE780E77C130 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\intelide.sys [2009/07/14 01:20:36 | 000,015,424 | ---- | M] (Microsoft Corporation) MD5=A0F12F2C9BA6C72F3987CE780E77C130 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\intelide.sys [color=#A23BEC]< MD5 for: MOUNTMGR.SYS >[/color] [2010/11/20 21:29:11 | 000,078,208 | ---- | M] (Microsoft Corporation) MD5=FC8771F45ECCCFD89684E38842539B9B -- C:\Windows\System32\drivers\mountmgr.sys [2010/11/20 21:29:11 | 000,078,208 | ---- | M] (Microsoft Corporation) MD5=FC8771F45ECCCFD89684E38842539B9B -- C:\Windows\winsxs\x86_microsoft-windows-mountpointmanager_31bf3856ad364e35_6.1.7601.17514_none_f49f8eb16547dc9f\mountmgr.sys [color=#A23BEC]< MD5 for: MRXSMB.SYS >[/color] [2010/11/20 21:29:15 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=B272B4C3E085EA860C12F2E4FAF2FFA2 -- C:\Windows\System32\drivers\mrxsmb.sys [2010/11/20 21:29:15 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=B272B4C3E085EA860C12F2E4FAF2FFA2 -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.17514_none_8198d720af5f882e\mrxsmb.sys [color=#A23BEC]< MD5 for: MRXSMB10.SYS >[/color] [2010/11/20 21:29:13 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=9AC33EF26C8A3AD0F117D00EB7301D03 -- C:\Windows\System32\drivers\mrxsmb10.sys [2010/11/20 21:29:13 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=9AC33EF26C8A3AD0F117D00EB7301D03 -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.17514_none_8aabf574a9b0c690\mrxsmb10.sys [color=#A23BEC]< MD5 for: MRXSMB20.SYS >[/color] [2010/11/20 21:29:20 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=E0ABDB5ED7E199E242A7D028E76C1D3A -- C:\Windows\System32\drivers\mrxsmb20.sys [2010/11/20 21:29:20 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=E0ABDB5ED7E199E242A7D028E76C1D3A -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.17514_none_8ce25f86e807fa01\mrxsmb20.sys [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2010/11/20 21:29:12 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\System32\drivers\ndis.sys [2010/11/20 21:29:12 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_a9ce95b27a512623\ndis.sys [color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color] [2010/11/20 21:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010/11/20 21:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [color=#A23BEC]< MD5 for: NVSTOR.SYS >[/color] [2010/11/20 21:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\drivers\nvstor.sys [2010/11/20 21:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010/11/20 21:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [color=#A23BEC]< MD5 for: RASACD.SYS >[/color] [2009/07/13 23:54:40 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=30A81B53C766D0133BB86D234E5556AB -- C:\Windows\System32\drivers\rasacd.sys [2009/07/13 23:54:40 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=30A81B53C766D0133BB86D234E5556AB -- C:\Windows\winsxs\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_0fb054d9c6a6b4d4\rasacd.sys [color=#A23BEC]< MD5 for: RDPCDD.SYS >[/color] [2010/11/20 21:29:12 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=23DAE03F29D253AE74C44F99E515F9A1 -- C:\Windows\System32\drivers\RDPCDD.sys [2010/11/20 21:29:12 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=23DAE03F29D253AE74C44F99E515F9A1 -- C:\Windows\winsxs\x86_microsoft-windows-t..niportdisplaydriver_31bf3856ad364e35_6.1.7601.17514_none_d6e28e069c8110ef\RDPCDD.sys [color=#A23BEC]< MD5 for: SCECLI.DLL >[/color] [2010/11/20 21:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010/11/20 21:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll [color=#A23BEC]< MD5 for: SERVICES.EXE >[/color] [2009/07/14 01:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe [2009/07/14 01:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe [color=#A23BEC]< MD5 for: SMSS.EXE >[/color] [2009/07/14 01:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\System32\smss.exe [2009/07/14 01:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_ac10fe207a85352b\smss.exe [color=#A23BEC]< MD5 for: SPOOLSV.EXE >[/color] [2010/11/20 21:29:06 | 000,317,440 | ---- | M] (Microsoft Corporation) MD5=866A43013535DC8587C258E43579C764 -- C:\Windows\System32\spoolsv.exe [2010/11/20 21:29:06 | 000,317,440 | ---- | M] (Microsoft Corporation) MD5=866A43013535DC8587C258E43579C764 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_d8530d0d1fcade21\spoolsv.exe [color=#A23BEC]< MD5 for: STORPORT.SYS >[/color] [2010/11/20 21:29:12 | 000,148,864 | ---- | M] (Microsoft Corporation) MD5=B40CCEC755DC3FBAE95E568C7849405E -- C:\Windows\System32\drivers\storport.sys [2010/11/20 21:29:12 | 000,148,864 | ---- | M] (Microsoft Corporation) MD5=B40CCEC755DC3FBAE95E568C7849405E -- C:\Windows\winsxs\x86_microsoft-windows-storport_31bf3856ad364e35_6.1.7601.17514_none_2983b8948e70fede\storport.sys [color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color] [2009/07/14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe [2009/07/14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe [color=#A23BEC]< MD5 for: TCPIP.SYS >[/color] [2010/11/20 21:29:20 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\System32\drivers\tcpip.sys [2010/11/20 21:29:20 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys [color=#A23BEC]< MD5 for: TERMDD.SYS >[/color] [2010/11/20 21:29:03 | 000,053,120 | ---- | M] (Microsoft Corporation) MD5=04DBF4B01EA4BF25A9A3E84AFFAC9B20 -- C:\Windows\System32\drivers\termdd.sys [2010/11/20 21:29:03 | 000,053,120 | ---- | M] (Microsoft Corporation) MD5=04DBF4B01EA4BF25A9A3E84AFFAC9B20 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\termdd.sys [2010/11/20 21:29:03 | 000,053,120 | ---- | M] (Microsoft Corporation) MD5=04DBF4B01EA4BF25A9A3E84AFFAC9B20 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\termdd.sys [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] [2010/11/20 21:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010/11/20 21:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [color=#A23BEC]< MD5 for: WIN32K.SYS >[/color] [2010/11/20 21:29:24 | 002,329,088 | ---- | M] (Microsoft Corporation) MD5=687464342342B933D6B7FAA4A907AF4C -- C:\Windows\System32\win32k.sys [2010/11/20 21:29:24 | 002,329,088 | ---- | M] (Microsoft Corporation) MD5=687464342342B933D6B7FAA4A907AF4C -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17514_none_bafae3a5f8c8e2cb\win32k.sys [color=#A23BEC]< MD5 for: WININIT.EXE >[/color] [2009/07/14 01:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009/07/14 01:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2010/11/20 21:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010/11/20 21:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color] [color=#E56717]========== Files - Unicode (All) ==========[/color] [2016/05/04 18:24:46 | 000,019,377 | ---- | M] ()(C:\Users\SAMSUNG\Desktop\?????? ?????? ???????.xlsx) -- C:\Users\SAMSUNG\Desktop\مستخلص عمليات العمارة.xlsx [2016/05/04 18:08:55 | 000,019,377 | ---- | C] ()(C:\Users\SAMSUNG\Desktop\?????? ?????? ???????.xlsx) -- C:\Users\SAMSUNG\Desktop\مستخلص عمليات العمارة.xlsx < End of report >