OTL logfile created on: 15/10/2014 17:45:12 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = D:\Mes documents\Téléchargements Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 1.87 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 45.77% Memory free 2.38 Gb Paging File | 1.40 Gb Available in Paging File | 58.61% Paging File free Paging file location(s): C:\pagefile.sys 672 1344 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 30.07 Gb Total Space | 1.23 Gb Free Space | 4.08% Space Free | Partition Type: NTFS Drive D: | 22.89 Gb Total Space | 15.70 Gb Free Space | 68.59% Space Free | Partition Type: NTFS Computer Name: ACER-6281EFDEF1 | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2014/10/15 17:24:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Mes documents\Téléchargements\OTL.exe PRC - [2014/10/01 11:09:30 | 000,968,504 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe PRC - [2014/10/01 11:09:28 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe PRC - [2014/10/01 11:09:20 | 007,229,752 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe PRC - [2014/09/25 17:14:59 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2014/06/12 19:32:48 | 000,043,336 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2014/03/13 22:09:53 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2014/03/13 22:07:15 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2014/03/13 22:07:14 | 000,689,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2013/12/19 16:22:51 | 000,431,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2008/04/14 05:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008/01/16 09:46:24 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2014/09/25 17:14:47 | 003,715,184 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2014/07/03 13:20:20 | 000,073,544 | ---- | M] () -- C:\Program Files\Fichiers communs\Apple\Apple Application Support\zlib1.dll MOD - [2014/07/03 13:19:50 | 001,044,808 | ---- | M] () -- C:\Program Files\Fichiers communs\Apple\Apple Application Support\libxml2.dll MOD - [2013/01/25 10:26:32 | 000,397,704 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2014/10/01 11:09:30 | 000,968,504 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2014/10/01 11:09:28 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2014/09/25 17:14:50 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2014/09/22 13:58:33 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2014/06/12 19:32:48 | 000,043,336 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2014/03/13 22:09:53 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2014/03/13 22:07:15 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013/10/23 09:15:08 | 000,172,192 | ---- | M] (Skype Technologies) [On_Demand | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011/10/14 08:01:50 | 000,994,360 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent) SRV - [2011/10/14 08:01:48 | 000,399,416 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2008/01/16 09:46:24 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2007/08/09 09:27:52 | 000,073,728 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\VBoxNetFlt.sys -- (VBoxNetFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\LV561AV.SYS -- (PID_0928) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCAMPR5.SYS -- (PCAMPR5) DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm) DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\lvusbsta.sys -- (LVUSBSta) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\user\LOCALS~1\Temp\ALSysIO.sys -- (ALSysIO) DRV - [2014/10/15 17:49:12 | 000,114,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy) DRV - [2014/10/01 11:11:10 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2013/12/19 16:23:46 | 000,135,648 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2013/12/19 16:23:46 | 000,090,400 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2013/12/04 09:59:52 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2013/07/25 16:53:46 | 000,018,944 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl) DRV - [2013/03/07 10:49:20 | 000,013,896 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv) DRV - [2013/03/07 10:49:20 | 000,009,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv) DRV - [2012/08/27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010/09/01 10:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI) DRV - [2010/01/05 13:31:32 | 001,714,176 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\athuw.sys -- (AR9271) DRV - [2008/11/03 00:34:42 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2008/03/09 21:05:50 | 000,716,272 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2005/03/02 01:09:02 | 000,240,640 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315) DRV - [2005/02/25 20:45:32 | 000,013,312 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp) DRV - [2005/02/24 15:20:22 | 002,311,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) DRV - [2005/01/17 15:48:34 | 000,023,000 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb) DRV - [2005/01/13 16:20:36 | 000,012,500 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VBTEnum.sys -- (BTHidEnum) DRV - [2005/01/13 15:46:16 | 000,069,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\acer\eRecovery\int15.sys -- (int15.sys) DRV - [2004/12/21 11:32:12 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2004/12/16 17:32:54 | 000,013,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BTNetFilter.sys -- (BTNetFilter) DRV - [2004/11/05 12:39:08 | 000,082,148 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr) DRV - [2004/11/05 02:43:58 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnicxp.sys -- (SISNICXP) DRV - [2004/10/19 14:40:56 | 000,028,207 | ---- | M] (IVT Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\BTHidMgr.sys -- (BTHidMgr) DRV - [2004/10/19 14:37:38 | 000,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm) DRV - [2004/10/19 12:39:26 | 000,020,096 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio) DRV - [2004/10/07 20:51:08 | 001,270,540 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2004/09/21 19:15:34 | 000,010,804 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT) DRV - [2003/12/05 19:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc) DRV - [2003/08/04 15:22:44 | 000,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5) DRV - [2003/07/18 10:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SISAGPX.SYS -- (SISAGP) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://www.google.com/ IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.google.com IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.google.com IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1529987398-1430356828-1210237423-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.01net.com/telecharger/ [Binary data over 200 bytes] IE - HKU\S-1-5-21-1529987398-1430356828-1210237423-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com IE - HKU\S-1-5-21-1529987398-1430356828-1210237423-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-1529987398-1430356828-1210237423-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-1529987398-1430356828-1210237423-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-21-1529987398-1430356828-1210237423-1005\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com IE - HKU\S-1-5-21-1529987398-1430356828-1210237423-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com IE - HKU\S-1-5-21-1529987398-1430356828-1210237423-1005\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1529987398-1430356828-1210237423-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1529987398-1430356828-1210237423-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1529987398-1430356828-1210237423-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: %7B1BC9BA34-1EED-42ca-A505-6D2F1A935BBB%7D:5.12.12.1 FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0.3 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/09/25 17:09:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/09/25 17:12:35 | 000,000,000 | ---D | M] [2009/02/09 21:39:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions [2009/02/09 21:39:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions\home2@tomtom.com [2010/01/02 12:24:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions\IMVUClientXUL@imvu.com [2014/07/23 20:53:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ijq9ez8h.default\extensions [2013/12/17 22:46:30 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ijq9ez8h.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2014/07/23 20:53:21 | 000,967,685 | ---- | M] () (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ijq9ez8h.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014/09/25 17:09:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2014/09/25 17:09:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014/09/25 17:09:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014/09/25 17:09:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014/09/25 17:09:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2014/09/25 17:15:04 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/09/04 03:00:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011/12/09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll O1 HOSTS File: ([2010/12/23 21:08:04 | 000,000,780 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O3 - HKU\S-1-5-21-1529987398-1430356828-1210237423-1005\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found. O3 - HKU\S-1-5-21-1529987398-1430356828-1210237423-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\S-1-5-21-1529987398-1430356828-1210237423-1005\..\Toolbar\ShellBrowser: (no name) - {A20A76AD-7A29-4756-87FE-70C334CB40C0} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnablELUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1529987398-1430356828-1210237423-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221 O7 - HKU\S-1-5-21-1529987398-1430356828-1210237423-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.5.0.1 10.5.32.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D14FBDA2-87F6-43F2-B3A7-F5CEE8A829E3}: DhcpNameServer = 10.5.0.1 10.5.32.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - No CLSID value found. O24 - Desktop Components:0 (Ma page d'accueil) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/03/11 10:58:50 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2013/02/27 19:22:56 | 000,000,086 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Ligos Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll () Drivers32: vidc.I263 - C:\WINDOWS\System32\i263_32.drv (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Ligos Corporation) Drivers32: VIDC.wmv3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation) Drivers32: VIDC.X264 - C:\WINDOWS\System32\x264vfw.dll () Drivers32: vidc.yv12 - DivX.dll File not found PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Secunia PSI Tray.lnk - C:\Program Files\Secunia\PSI\psi_tray.exe - (Secunia) MsConfig - StartUpReg: [b]Adobe ARM[/b] - hkey= - key= - C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: [b]AGRSMMSG[/b] - hkey= - key= - C:\WINDOWS\AGRSMMSG.exe (Agere Systems) MsConfig - StartUpReg: [b]APSDaemon[/b] - hkey= - key= - C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) MsConfig - StartUpReg: [b]EaseUS EPM tray[/b] - hkey= - key= - C:\Program Files\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe (CHENGDU YIWO Tech Development Co., Ltd) MsConfig - StartUpReg: [b]LManager[/b] - hkey= - key= - C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) MsConfig - StartUpReg: [b]OODefragTray[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]QuickTime Task[/b] - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: [b]Shockwave Updater[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]SiS Windows KeyHook[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]SunJavaUpdateSched[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]SynTPEnh[/b] - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) MsConfig - StartUpReg: [b]SynTPLpr[/b] - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) MsConfig - StartUpReg: [b]WinampAgent[/b] - hkey= - key= - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: nm - File not found SafeBootNet: nm.sys - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser ActiveX: {8F736E10-8E5C-4399-A532-D0C00A406227} - Microsoft .NET Framework 1.1 Security Update (KB2698023) ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0} - Microsoft .NET Framework 1.1 Security Update (KB2833941) ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: >{DA74DE13-84ED-4456-96DE-95872C5E37C2} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Ligos Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll () Drivers32: vidc.I263 - C:\WINDOWS\System32\i263_32.drv (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Ligos Corporation) Drivers32: VIDC.wmv3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation) Drivers32: VIDC.X264 - C:\WINDOWS\System32\x264vfw.dll () Drivers32: vidc.yv12 - DivX.dll File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2014/10/14 21:54:07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user\Recent [2014/10/14 08:57:10 | 000,114,904 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2014/10/14 08:45:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malwarebytes Anti-Malware [2014/10/14 08:45:40 | 000,054,360 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys [2014/10/14 08:45:40 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2014/10/14 08:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware [2014/10/13 22:03:13 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2014/10/13 21:44:42 | 000,000,000 | ---D | C] -- C:\ZHP [2014/10/13 21:35:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ZHP [2014/10/13 21:35:52 | 000,000,000 | ---D | C] -- C:\Program Files\ZHPDiag [2014/10/13 21:35:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\ZHP [2014/10/11 08:46:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Bureau\mes documents [2014/10/11 08:29:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance [2014/10/11 08:28:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Microsoft Corporation [2014/10/11 08:27:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor [2014/09/25 17:09:44 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2014/10/15 17:52:55 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin [2014/10/15 17:49:12 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2014/10/15 16:17:58 | 000,002,559 | ---- | M] () -- C:\Documents and Settings\user\Bureau\Microsoft Word.lnk [2014/10/15 16:10:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2014/10/15 16:09:52 | 2011,746,304 | -HS- | M] () -- C:\hiberfil.sys [2014/10/15 15:48:22 | 000,000,322 | ---- | M] () -- C:\Documents [2014/10/15 15:23:32 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\user\Bureau\ZHPFix.lnk [2014/10/15 15:23:32 | 000,001,527 | ---- | M] () -- C:\Documents and Settings\user\Bureau\ZHPDiag.lnk [2014/10/15 09:21:35 | 000,000,781 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes Anti-Malware.lnk [2014/10/13 21:25:23 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2014/10/01 11:11:18 | 000,054,360 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys [2014/10/01 11:11:10 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2014/09/25 17:24:41 | 000,001,755 | ---- | M] () -- C:\Documents and Settings\user\Bureau\images.jpg [2014/09/22 13:58:34 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2014/09/22 13:58:33 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2014/09/22 13:58:33 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2014/10/15 17:52:55 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin [2014/10/15 13:50:54 | 000,000,322 | ---- | C] () -- C:\Documents [2014/10/14 08:46:01 | 000,000,781 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes Anti-Malware.lnk [2014/10/13 21:36:21 | 000,001,632 | ---- | C] () -- C:\Documents and Settings\user\Bureau\ZHPFix.lnk [2014/10/13 21:36:21 | 000,001,527 | ---- | C] () -- C:\Documents and Settings\user\Bureau\ZHPDiag.lnk [2014/10/11 08:27:49 | 000,001,872 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Conseiller de mise à niveau vers Windows 7.lnk [2014/09/25 17:24:39 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\user\Bureau\images.jpg [2014/03/18 13:00:59 | 002,499,656 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe [2014/03/18 13:00:59 | 000,087,112 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe [2014/03/18 13:00:59 | 000,019,840 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll [2014/03/18 13:00:59 | 000,013,896 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys [2014/03/18 13:00:59 | 000,009,160 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys [2014/01/03 19:39:27 | 000,340,240 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013/02/17 22:21:01 | 000,069,748 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2011/02/24 15:10:44 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\user\defogger_reenable [2009/06/15 17:15:59 | 000,000,175 | ---- | C] () -- C:\Program Files\autorun.inf [2009/06/15 17:07:20 | 000,002,599 | ---- | C] () -- C:\Program Files\LISEZMOI.HTM [2008/10/13 21:24:43 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt [2007/12/21 21:53:09 | 000,004,803 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\vhkgws.dat [2007/03/01 15:13:56 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\fusioncache.dat [2005/11/18 13:45:33 | 000,015,428 | ---- | C] () -- C:\Documents and Settings\user\RefEdit.exd [2005/09/01 01:45:32 | 000,117,760 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [color=#E56717]========== ZeroAccess Check ==========[/color] [2007/03/01 15:12:40 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2010/12/21 00:15:25 | 001,510,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 12:53:55 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:33:48 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl|FEATURE_BROWSER_EMULATION /rs >[/color] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\\sllauncher.exe: 8000 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\\Skype.exe: 10001 [color=#A23BEC]< HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\FeatureControl|feature_enable_ie_compression /rs >[/color] [color=#A23BEC]< HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\FeatureControl|feature_enable_ie_compression /rs >[/color] [color=#A23BEC]< hklm\software\clients\startmenuinternet|command /rs >[/color] HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2014/09/25 17:13:43 | 000,899,672 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2014/09/25 17:13:43 | 000,899,672 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2014/09/25 17:13:43 | 000,899,672 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" [2014/09/25 17:14:59 | 000,275,568 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2014/09/25 17:14:59 | 000,275,568 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2014/09/25 17:14:59 | 000,275,568 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2014/03/06 06:17:24 | 000,174,592 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2014/03/06 06:17:24 | 000,174,592 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2014/03/06 06:17:24 | 000,174,592 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\WOOBrowser.exe\shell\open\command\\: C:\PROGRA~1\WANADOO\WOOBrowser\WOOBrowser.exe [color=#A23BEC]< hklm\software\clients\startmenuinternet|command /64 /rs >[/color] HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2014/09/25 17:13:43 | 000,899,672 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2014/09/25 17:13:43 | 000,899,672 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2014/09/25 17:13:43 | 000,899,672 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" [2014/09/25 17:14:59 | 000,275,568 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2014/09/25 17:14:59 | 000,275,568 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2014/09/25 17:14:59 | 000,275,568 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2014/03/06 06:17:24 | 000,174,592 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2014/03/06 06:17:24 | 000,174,592 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2014/03/06 06:17:24 | 000,174,592 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\WOOBrowser.exe\shell\open\command\\: C:\PROGRA~1\WANADOO\WOOBrowser\WOOBrowser.exe [color=#A23BEC]< HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers /s >[/color] "timer" = timer.drv -- [2004/08/05 06:00:00 | 000,004,096 | ---- | M] (Microsoft Corporation) [color=#A23BEC]< HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\drivers.desc /s >[/color] "msaud32.acm" = Windows Media Audio "sl_anet.acm" = Sipro Lab Telecom Audio Codec "C:\WINDOWS\system32\iac25_32.ax" = Indeo® Audio Software "ir50_32.dll" = Ligos Indeo® Video 5.11 "C:\WINDOWS\system32\l3codeca.acm" = Fraunhofer IIS MPEG Layer-3 Codec "wdmaud.drv" = Bluetooth AV/HS Audio "wmv9vcm.dll" = Microsoft Windows Media Video 9 "vfwwdm32.dll" = Vidéo WDM pour le pilote de capture Windows (Win32) "x264vfw.dll" = x264 H.264 Video Codec "ac3acm.acm" = AC3 ACM Decompressor "ff_vfw.dll" = ffdshow video encoder [color=#A23BEC]< %temp%\smtmp\1\*.* /s >[/color] [color=#A23BEC]< %temp%\smtmp\2\*.* /s >[/color] [color=#A23BEC]< %temp%\smtmp\4\*.* /s >[/color] [color=#A23BEC]< nslookup http://www.google.fr /c >[/color] No captured output from command... [color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\system32\*.tmp /lockedfiles >[/color] [4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] [color=#A23BEC]< %APPDATA%\*.exe /s >[/color] [2013/11/26 18:47:31 | 000,054,632 | ---- | M] (Adobe Systems Inc.) -- C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2014/04/03 08:15:53 | 000,001,078 | R--- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_18be6784.exe [2014/04/03 08:15:52 | 000,001,078 | R--- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_294823.exe [2014/04/03 08:15:53 | 000,001,078 | R--- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_2cd672ae.exe [2014/04/03 08:15:53 | 000,001,078 | R--- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_4ae13d6c.exe [2006/11/08 14:48:54 | 000,007,918 | R--- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Installer\{BBB1528C-2F8C-4526-9C8E-699F17AF21CA}\ARPPRODUCTICON.exe [2013/02/23 18:30:09 | 008,057,840 | ---- | M] (WindSolutions) -- C:\Documents and Settings\user\Application Data\WindSolutions\CopyTransControlCenter\Applications\CopyTrans.exe [2013/02/18 22:25:40 | 009,855,216 | ---- | M] () -- C:\Documents and Settings\user\Application Data\WindSolutions\CopyTransControlCenter\Applications\CopyTransContacts.exe [2013/02/18 22:13:07 | 004,279,440 | ---- | M] (WindSolutions) -- C:\Documents and Settings\user\Application Data\WindSolutions\CopyTransControlCenter\Applications\CopyTransControlCenter.exe [2013/02/23 18:51:02 | 007,891,920 | ---- | M] (WindSolutions) -- C:\Documents and Settings\user\Application Data\WindSolutions\CopyTransControlCenter\Applications\CopyTransPhoto.exe [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color] [color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color] [2014/07/13 14:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2013/10/10 17:51:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe [2012/01/25 11:10:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software [2014/07/13 14:44:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple [2013/02/15 22:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer [2013/05/27 22:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avira [2009/01/11 19:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU [2007/11/27 01:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ConeXware [2005/09/01 01:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink [2012/01/24 23:46:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DivX [2005/08/31 23:14:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink [2013/02/15 22:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google [2007/06/25 18:55:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP [2014/07/12 17:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2013/11/17 13:41:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee [2011/03/27 16:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom [2013/02/24 17:14:58 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft [2009/09/06 22:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help [2012/05/17 14:52:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mozilla [2011/03/19 19:54:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\saves [2011/03/04 05:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScreenSeven [2014/03/09 17:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype [2011/02/24 17:37:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun [2007/10/13 11:52:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2009/02/09 21:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom [2011/03/01 07:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software [2006/07/04 09:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage [2009/03/23 21:30:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller [2013/02/18 22:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions [2007/07/05 09:43:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WLInstaller [color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color] [2012/08/21 13:01:28 | 001,977,816 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1\GEARDIFx.exe [2012/08/21 13:01:22 | 000,115,672 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\DifXInst32.exe [2012/12/03 09:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.4\22351\AcrobatUpdater.exe [2012/12/03 09:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.4\22351\AdobeARM.exe [2012/12/03 09:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.4\22351\AdobeARMHelper.exe [2012/12/03 09:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.4\22351\ReaderUpdater.exe [2013/09/05 17:53:26 | 000,364,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Setup\{AC76BA86-7AD7-1036-7B44-AB0000000001}\setup.exe [2014/07/08 09:46:50 | 000,077,136 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 11.3.0.54\SetupAdmin.exe [2014/03/13 22:05:39 | 000,997,968 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\SELFUPDATE\update.exe [2014/03/13 22:05:41 | 000,399,416 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\SELFUPDATE\updrgui.exe [2013/02/15 22:33:37 | 000,530,464 | ---- | M] (Google Inc.) -- C:\Documents and Settings\All Users\Application Data\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe [2014/10/13 21:35:42 | 019,828,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware\mbam-setup.exe [2014/06/27 12:05:37 | 017,292,760 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe [color=#A23BEC]< %APPDATA%\*. >[/color] [2011/10/09 12:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Adobe [2005/12/08 06:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\AdobeUM [2008/10/06 14:12:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Ahead [2013/02/16 21:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Apple Computer [2011/03/04 05:49:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Artifex Mundi [2011/03/27 16:38:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Artogon [2013/05/29 18:04:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Avira [2009/01/11 19:06:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\AVS4YOU [2007/01/29 09:36:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\BSplayer [2013/05/17 18:49:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\CallingID [2011/03/27 16:43:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\casanova [2007/12/27 16:07:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\ConvertTemp [2007/01/05 17:15:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Corel [2005/09/01 01:08:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\CyberLink [2006/11/07 09:09:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\DivX [2011/06/13 21:30:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\dvdcss [2012/01/09 20:34:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\EASYTools [2011/03/27 16:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\ERS G-Studio [2013/10/07 17:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\FastStone [2013/02/22 18:19:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Google [2011/03/04 05:54:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\HdO Adventure [2006/01/26 20:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Help [2007/06/25 18:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\HP [2005/03/07 21:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Identities [2010/06/01 20:19:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Image Zone Express [2006/01/15 13:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Macromedia [2014/07/12 17:58:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Malwarebytes [2006/09/14 17:37:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Media Player Classic [2011/03/27 16:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Merscom [2012/04/24 16:45:32 | 000,000,000 | --SD | M] -- C:\Documents and Settings\user\Application Data\Microsoft [2005/08/31 23:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Microsoft Web Folders [2006/09/15 10:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla [2008/10/19 15:11:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\MSNInstaller [2011/03/04 05:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Phantasmat_bf_ce1 [2008/02/06 18:15:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Printer Info Cache [2011/02/13 18:13:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Samsung [2011/03/04 05:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\ScreenSeven [2008/02/24 12:46:44 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\user\Application Data\SecuROM [2013/03/16 19:31:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Skype [2010/06/10 21:42:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\skypePM [2006/12/07 11:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Sun [2005/09/01 00:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Symantec [2009/02/09 21:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\TomTom [2007/12/27 16:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\TransRender [2014/10/10 11:44:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\vlc [2010/03/13 20:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\VSO [2011/10/09 12:37:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1 [2009/06/10 09:39:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Windows Search [2013/02/18 23:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\WindSolutions [2011/03/01 07:05:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\WinRAR [2014/10/15 15:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\ZHP [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color] [2005/03/07 21:15:40 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2005/03/07 21:15:40 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2005/03/07 21:15:40 | 000,413,696 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2004/08/05 06:00:00 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=4C33E5B9A6197B6ED215F6CFBA0A2DAA -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe [2007/06/13 16:10:54 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=B795475444D6D57A572C14B9E1A29839 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe [2007/06/13 16:22:28 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=D0288319660EDCFED07C7E74C4EA38A5 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [2008/04/14 05:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe [2008/04/14 05:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe [color=#A23BEC]< MD5 for: SERVICES.EXE >[/color] [2008/04/14 05:34:20 | 000,109,056 | ---- | M] (Microsoft Corporation) MD5=54CB50058851D95E56EC70D09F70857F -- C:\WINDOWS\$NtUninstallKB956572$\services.exe [2008/04/14 05:34:20 | 000,109,056 | ---- | M] (Microsoft Corporation) MD5=54CB50058851D95E56EC70D09F70857F -- C:\WINDOWS\ServicePackFiles\i386\services.exe [2009/02/09 13:16:53 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=62789101F9C2401ED598AA2CDE7450C0 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe [2004/08/05 06:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=732E0B1ABAACE15D80EC19056B0A2AF9 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe [2009/02/09 13:23:48 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=C3FB1D70CB88722267949694BA51759E -- C:\WINDOWS\system32\dllcache\services.exe [2009/02/09 13:23:48 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=C3FB1D70CB88722267949694BA51759E -- C:\WINDOWS\system32\services.exe [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2014/10/01 11:09:16 | 000,761,656 | ---- | M] (MalwareBytes) MD5=C0AFB3C7E6C7CA3F6E42FF242BBBCB1F -- C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe [2004/08/05 06:00:00 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=D2DE785AEAB0BB8CA4C14A8A199DBE4E -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008/04/14 05:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008/04/14 05:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe [color=#E56717]========== Files - Unicode (All) ==========[/color] [2013/11/26 14:51:45 | 106,304,885 | ---- | M] ()(C:\WINDOWS\System32\??L) -- C:\WINDOWS\System32\⺀蟋L [2013/11/26 14:51:45 | 106,304,885 | ---- | C] ()(C:\WINDOWS\System32\??L) -- C:\WINDOWS\System32\⺀蟋L [2013/11/17 19:06:39 | 104,695,876 | ---- | M] ()(C:\WINDOWS\System32\???) -- C:\WINDOWS\System32\ẓ硩ƌ [2013/11/17 19:06:39 | 104,695,876 | ---- | C] ()(C:\WINDOWS\System32\???) -- C:\WINDOWS\System32\ẓ硩ƌ [2013/11/17 13:06:06 | 104,641,146 | ---- | M] ()(C:\WINDOWS\System32\???) -- C:\WINDOWS\System32\⦉ꘌƌ [2013/11/17 13:06:06 | 104,641,146 | ---- | C] ()(C:\WINDOWS\System32\???) -- C:\WINDOWS\System32\⦉ꘌƌ [2013/11/04 11:23:25 | 104,845,822 | ---- | M] ()(C:\WINDOWS\System32\?I?) -- C:\WINDOWS\System32\▏Iƌ [2013/11/04 11:23:25 | 104,845,822 | ---- | C] ()(C:\WINDOWS\System32\?I?) -- C:\WINDOWS\System32\▏Iƌ [2013/10/29 21:28:33 | 104,021,456 | ---- | M] ()(C:\WINDOWS\System32\???) -- C:\WINDOWS\System32\涁淂ƌ [2013/10/29 21:28:33 | 104,021,456 | ---- | C] ()(C:\WINDOWS\System32\???) -- C:\WINDOWS\System32\涁淂ƌ [2013/10/26 19:56:31 | 103,214,166 | ---- | M] ()(C:\WINDOWS\System32\???) -- C:\WINDOWS\System32\ᤚ囪ƌ [2013/10/26 19:56:31 | 103,214,166 | ---- | C] ()(C:\WINDOWS\System32\???) -- C:\WINDOWS\System32\ᤚ囪ƌ [2013/10/22 16:49:09 | 102,329,055 | ---- | M] ()(C:\WINDOWS\System32\???) -- C:\WINDOWS\System32\ƌ [2013/10/22 16:49:09 | 102,329,055 | ---- | C] ()(C:\WINDOWS\System32\???) -- C:\WINDOWS\System32\ƌ [2013/10/22 10:50:56 | 102,310,053 | ---- | M] ()(C:\WINDOWS\System32\???) -- C:\WINDOWS\System32\陖꿈ƌ [2013/10/22 10:50:56 | 102,310,053 | ---- | C] ()(C:\WINDOWS\System32\???) -- C:\WINDOWS\System32\陖꿈ƌ [2013/10/21 17:33:13 | 102,154,219 | ---- | M] ()(C:\WINDOWS\System32\???) -- C:\WINDOWS\System32\몹鄅ƌ [2013/10/21 17:33:13 | 102,154,219 | ---- | C] ()(C:\WINDOWS\System32\???) -- C:\WINDOWS\System32\몹鄅ƌ [2013/10/13 04:04:09 | 100,651,105 | ---- | M] ()(C:\WINDOWS\System32\???) -- C:\WINDOWS\System32\ﱆƌ [2013/10/13 04:04:09 | 100,651,105 | ---- | C] ()(C:\WINDOWS\System32\???) -- C:\WINDOWS\System32\ﱆƌ [2013/10/12 04:11:26 | 100,595,853 | ---- | M] ()(C:\WINDOWS\System32\???) -- C:\WINDOWS\System32\曃ᵯƌ [2013/10/12 04:11:26 | 100,595,853 | ---- | C] ()(C:\WINDOWS\System32\???) -- C:\WINDOWS\System32\曃ᵯƌ [2013/10/10 17:33:57 | 100,267,706 | ---- | M] ()(C:\WINDOWS\System32\???) -- C:\WINDOWS\System32\ꅷƌ [2013/10/10 17:33:57 | 100,267,706 | ---- | C] ()(C:\WINDOWS\System32\???) -- C:\WINDOWS\System32\ꅷƌ [2013/10/09 18:39:08 | 100,163,860 | ---- | M] ()(C:\WINDOWS\System32\???) -- C:\WINDOWS\System32\﷮ૉƌ [2013/10/09 18:39:08 | 100,163,860 | ---- | C] ()(C:\WINDOWS\System32\???) -- C:\WINDOWS\System32\﷮ૉƌ [2013/10/08 17:50:36 | 099,859,239 | ---- | M] ()(C:\WINDOWS\System32\???) -- C:\WINDOWS\System32\缆죒ƌ [2013/10/08 17:50:36 | 099,859,239 | ---- | C] ()(C:\WINDOWS\System32\???) -- C:\WINDOWS\System32\缆죒ƌ [2013/10/07 17:26:07 | 099,717,279 | ---- | M] ()(C:\WINDOWS\System32\???) -- C:\WINDOWS\System32\Һƌ [2013/10/07 17:26:07 | 099,717,279 | ---- | C] ()(C:\WINDOWS\System32\???) -- C:\WINDOWS\System32\Һƌ [2013/10/06 10:48:47 | 099,386,337 | ---- | M] ()(C:\WINDOWS\System32\???) -- C:\WINDOWS\System32\ᐉ엡ƌ [2013/10/06 10:48:47 | 099,386,337 | ---- | C] ()(C:\WINDOWS\System32\???) -- C:\WINDOWS\System32\ᐉ엡ƌ [2013/10/04 16:56:53 | 099,209,434 | ---- | M] ()(C:\WINDOWS\System32\???) -- C:\WINDOWS\System32\熭뉕ƌ [2013/10/04 16:56:53 | 099,209,434 | ---- | C] ()(C:\WINDOWS\System32\???) -- C:\WINDOWS\System32\熭뉕ƌ [2013/10/03 23:57:05 | 099,176,917 | ---- | M] ()(C:\WINDOWS\System32\???) -- C:\WINDOWS\System32\忂ௗƌ [2013/10/03 23:57:05 | 099,176,917 | ---- | C] ()(C:\WINDOWS\System32\???) -- C:\WINDOWS\System32\忂ௗƌ [2013/10/03 17:58:54 | 099,131,034 | ---- | M] ()(C:\WINDOWS\System32\???) -- C:\WINDOWS\System32\蟑ƌ [2013/10/03 17:58:54 | 099,131,034 | ---- | C] ()(C:\WINDOWS\System32\???) -- C:\WINDOWS\System32\蟑ƌ [2013/10/02 23:02:13 | 098,878,632 | ---- | M] ()(C:\WINDOWS\System32\???) -- C:\WINDOWS\System32\䁖ᷯƌ [2013/10/02 23:02:13 | 098,878,632 | ---- | C] ()(C:\WINDOWS\System32\???) -- C:\WINDOWS\System32\䁖ᷯƌ [2013/09/28 20:02:04 | 098,442,955 | ---- | M] ()(C:\WINDOWS\System32\???) -- C:\WINDOWS\System32\鹥옅ƌ [2013/09/28 20:02:04 | 098,442,955 | ---- | C] ()(C:\WINDOWS\System32\???) -- C:\WINDOWS\System32\鹥옅ƌ [2013/09/18 13:13:15 | 098,123,923 | ---- | M] ()(C:\WINDOWS\System32\???) -- C:\WINDOWS\System32\䮚颙ƌ [2013/09/18 13:13:15 | 098,123,923 | ---- | C] ()(C:\WINDOWS\System32\???) -- C:\WINDOWS\System32\䮚颙ƌ [2013/09/17 16:15:56 | 097,949,955 | ---- | M] ()(C:\WINDOWS\System32\???) -- C:\WINDOWS\System32\⢗괾ƌ [2013/09/17 16:15:56 | 097,949,955 | ---- | C] ()(C:\WINDOWS\System32\???) -- C:\WINDOWS\System32\⢗괾ƌ < End of report >