cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ÿþOTL logfile created on: 30.10.2013 08:01:14 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Downloads
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 0000100C | Country: Suisse | Language: FRS | Date Format: dd.MM.yyyy

1011.87 Mb Total Physical Memory | 357.68 Mb Available Physical Memory | 35.35% Memory free
2.63 Gb Paging File | 1.11 Gb Available in Paging File | 42.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 212.85 Gb Total Space | 167.31 Gb Free Space | 78.61% Space Free | Partition Type: NTFS
Drive D: | 19.74 Gb Total Space | 2.87 Gb Free Space | 14.53% Space Free | Partition Type: NTFS
Drive E: | 99.18 Mb Total Space | 89.04 Mb Free Space | 89.78% Space Free | Partition Type: FAT32

Computer Name: USER-HP | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2013.10.30 07:57:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Downloads\OTL (4).exe
PRC - [2013.09.25 16:37:00 | 020,133,824 | ---- | M] (Google) -- C:\Program Files\Google\Drive\googledrivesync.exe
PRC - [2013.08.12 09:12:38 | 000,295,376 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013.08.12 09:12:38 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013.08.12 09:11:20 | 000,995,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013.08.02 01:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2013.05.10 08:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013.03.07 21:32:38 | 000,248,240 | ---- | M] (Facebook) -- C:\Users\User\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
PRC - [2013.01.08 09:41:08 | 003,674,320 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2012.11.23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.09.27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
PRC - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.10.07 10:40:42 | 001,387,288 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2011.09.27 20:05:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.07.08 12:45:32 | 000,103,992 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
PRC - [2010.07.08 12:45:10 | 000,363,064 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
PRC - [2010.06.29 18:00:08 | 000,027,192 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010.06.18 06:10:14 | 000,237,650 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\STacSV.exe
PRC - [2010.06.08 22:04:02 | 002,831,648 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
PRC - [2010.06.08 22:04:02 | 000,828,704 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2010.06.08 22:04:02 | 000,656,672 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009.10.13 09:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009.03.03 11:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\IDT\WDM\aestsrv.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2013.10.29 21:45:24 | 000,128,512 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI54442\_elementtree.pyd
MOD - [2013.10.29 21:45:24 | 000,098,816 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI54442\win32api.pyd
MOD - [2013.10.29 21:45:24 | 000,044,032 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI54442\_socket.pyd
MOD - [2013.10.29 21:45:23 | 000,557,056 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI54442\pysqlite2._sqlite.pyd
MOD - [2013.10.29 21:45:23 | 000,026,624 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI54442\_multiprocessing.pyd
MOD - [2013.10.29 21:45:23 | 000,022,528 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI54442\win32ts.pyd
MOD - [2013.10.29 21:45:22 | 000,320,512 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI54442\win32com.shell.shell.pyd
MOD - [2013.10.29 21:45:22 | 000,070,656 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI54442\wx._html2.pyd
MOD - [2013.10.29 21:45:22 | 000,011,264 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI54442\win32crypt.pyd
MOD - [2013.10.29 21:45:21 | 000,805,888 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI54442\wx._gdi_.pyd
MOD - [2013.10.29 21:45:21 | 000,504,832 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI54442\windows._cacheinvalidation.pyd
MOD - [2013.10.29 21:45:20 | 000,087,040 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI54442\_ctypes.pyd
MOD - [2013.10.29 21:45:20 | 000,017,408 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI54442\win32profile.pyd
MOD - [2013.10.29 21:45:19 | 000,735,232 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI54442\wx._misc_.pyd
MOD - [2013.10.29 21:45:19 | 000,364,544 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI54442\pythoncom27.dll
MOD - [2013.10.29 21:45:18 | 000,110,080 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI54442\pywintypes27.dll
MOD - [2013.10.29 21:45:17 | 001,175,040 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI54442\wx._core_.pyd
MOD - [2013.10.29 21:45:17 | 000,108,544 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI54442\win32security.pyd
MOD - [2013.10.29 21:45:16 | 001,153,024 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI54442\_ssl.pyd
MOD - [2013.10.29 21:45:14 | 000,811,008 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI54442\wx._windows_.pyd
MOD - [2013.10.29 21:45:14 | 000,711,680 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI54442\_hashlib.pyd
MOD - [2013.10.29 21:45:14 | 000,035,840 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI54442\win32process.pyd
MOD - [2013.10.29 21:45:14 | 000,025,600 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI54442\win32pdh.pyd
MOD - [2013.10.29 21:45:13 | 000,122,368 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI54442\wx._wizard.pyd
MOD - [2013.10.29 21:45:13 | 000,119,808 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI54442\win32file.pyd
MOD - [2013.10.29 21:45:12 | 000,038,912 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI54442\win32inet.pyd
MOD - [2013.10.29 21:45:09 | 001,062,400 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI54442\wx._controls_.pyd
MOD - [2013.10.29 21:45:08 | 000,686,080 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI54442\unicodedata.pyd
MOD - [2013.10.29 21:45:08 | 000,127,488 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI54442\pyexpat.pyd
MOD - [2013.10.29 21:45:08 | 000,018,432 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI54442\win32event.pyd
MOD - [2013.10.29 21:45:07 | 000,010,240 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\_MEI54442\select.pyd
MOD - [2013.10.10 12:49:17 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\a7050888802d2e208fb611c2868bc597\System.Core.ni.dll
MOD - [2013.10.10 11:54:27 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1f443acd25f61fb10e3d0ec8566ceb40\System.Windows.Forms.ni.dll
MOD - [2013.10.10 11:52:38 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\981177f0face7d87945d09a734c0ff27\PresentationCore.ni.dll
MOD - [2013.10.10 11:51:08 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c64f38ff86a71cd6bd31bf803f72a99b\WindowsBase.ni.dll
MOD - [2013.10.10 11:50:33 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\39b7f2b4193fa35ea88115f17c826b87\System.Configuration.ni.dll
MOD - [2013.10.09 01:02:43 | 000,415,184 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
MOD - [2013.10.09 01:02:41 | 004,055,504 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll
MOD - [2013.10.09 01:01:50 | 000,698,832 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\30.0.1599.101\libglesv2.dll
MOD - [2013.10.09 01:01:49 | 000,099,792 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\30.0.1599.101\libegl.dll
MOD - [2013.10.09 01:01:47 | 001,604,560 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
MOD - [2013.09.12 00:23:52 | 011,914,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\021cb29466d4ef60e8a3247d40acc12e\System.Web.ni.dll
MOD - [2013.09.12 00:23:09 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\bbba53eeb52eb3f89c9068ee535964ea\System.Runtime.Remoting.ni.dll
MOD - [2013.08.16 19:29:07 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\4608da59bdf32e7fa6fff80c543b6ef2\System.Data.ni.dll
MOD - [2013.08.14 17:45:50 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\2adda14481abfd80e5f5ddd00e7e7b03\System.Xml.ni.dll
MOD - [2013.08.14 17:44:33 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\236425a622e01d4de0630ff570caf040\System.ni.dll
MOD - [2013.07.18 13:29:04 | 001,597,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0ac100a90df96d9c6b0031b549cc23c3\System.Drawing.ni.dll
MOD - [2013.07.11 21:40:46 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ba13f10c426d3dfce1dd3fa6dfaa1e95\PresentationFramework.Aero.ni.dll
MOD - [2013.07.11 21:09:52 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\90f888763fcc308fb0f73b95aceca195\mscorlib.ni.dll
MOD - [2013.04.15 23:56:16 | 005,283,840 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
MOD - [2013.03.07 21:32:40 | 021,014,960 | ---- | M] () -- C:\Users\User\AppData\Local\Facebook\Messenger\2.1.4814.0\libcef.dll
MOD - [2013.03.07 21:32:38 | 000,292,272 | ---- | M] () -- C:\Users\User\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.dll
MOD - [2013.03.07 21:32:38 | 000,179,632 | ---- | M] () -- C:\Users\User\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.WinForms.dll
MOD - [2011.10.07 10:41:16 | 000,879,896 | ---- | M] () -- C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.11.13 01:58:32 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 02:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010.08.23 18:22:36 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Core.resources\3.5.0.0_fr_b77a5c561934e089\System.Core.resources.dll
MOD - [2010.08.23 18:21:53 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_fr_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.08.23 11:42:49 | 000,237,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\hpCASLLibrary\3.0.1.1__67b8d1b5179ba5f8\hpCASLLibrary.dll
MOD - [2010.07.08 12:46:24 | 000,030,264 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
MOD - [2010.07.08 12:46:18 | 000,267,832 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
MOD - [2010.07.08 12:45:54 | 000,052,280 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
MOD - [2010.06.08 22:04:14 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - [2013.10.09 22:00:12 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.09.05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.08.12 09:12:38 | 000,295,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.08.12 09:12:38 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013.05.27 05:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2013.05.10 08:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011.10.21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.09.27 20:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe -- (LBTServ)
SRV - [2010.07.08 12:45:32 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV - [2010.06.29 18:00:08 | 000,027,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010.06.18 06:10:14 | 000,237,650 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\STacSV.exe -- (STacSV)
SRV - [2010.06.08 22:04:02 | 000,656,672 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010.04.04 00:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009.10.13 09:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
SRV - [2009.03.03 11:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\aestsrv.exe -- (AESTFilters)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\User\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013.06.18 20:50:08 | 000,107,392 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013.02.05 00:35:07 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012.08.23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.08.23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012.02.15 23:24:36 | 000,080,824 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2011.09.02 07:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011.09.02 07:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011.09.02 07:31:10 | 000,042,648 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2011.09.02 07:31:10 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.06.18 06:10:14 | 000,431,616 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009.11.11 12:09:22 | 000,018,136 | -H-- | M] (DeviceVM, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\dvmio.sys -- (DVMIO)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.13 23:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{38902832-BC52-49ED-91C3-912D63D64F7B}: "URL" = http://fr.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{76435165-B00B-4C55-996B-DB3650FFE5BA}: "URL" = http://fr.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{AECAB8DE-DADB-4D72-8F76-16809CE17398}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3189978512-3857647014-4098137333-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3189978512-3857647014-4098137333-1000\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ewenusDefaultPack/UP97_FRPage
IE - HKU\S-1-5-21-3189978512-3857647014-4098137333-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=UP97&ocid=UP97DHP
IE - HKU\S-1-5-21-3189978512-3857647014-4098137333-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3189978512-3857647014-4098137333-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3189978512-3857647014-4098137333-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3189978512-3857647014-4098137333-1000\..\SearchScopes\{38902832-BC52-49ED-91C3-912D63D64F7B}: "URL" = http://fr.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-3189978512-3857647014-4098137333-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-3189978512-3857647014-4098137333-1000\..\SearchScopes\{76435165-B00B-4C55-996B-DB3650FFE5BA}: "URL" = http://fr.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKU\S-1-5-21-3189978512-3857647014-4098137333-1000\..\SearchScopes\{AECAB8DE-DADB-4D72-8F76-16809CE17398}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-3189978512-3857647014-4098137333-1000\..\SearchScopes\{D1F01A9E-3D55-4FE6-811B-DFF57EA7F6F8}: "URL" = http://www.google.fr/search?hl=fr&q={searchTerms}+&meta=
IE - HKU\S-1-5-21-3189978512-3857647014-4098137333-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3189978512-3857647014-4098137333-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons: {34712C68-7391-4c47-94F3-8F88D49AD632}:1.3.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Users\User\Desktop\Picasa3\npPicasa3.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\User\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\User\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\User\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\User\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)


[2012.02.23 00:49:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2013.10.27 00:34:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\qzs9h8tm.default\extensions
[2013.10.27 00:34:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES\WINDOWS ILIVID TOOLBAR\DATAMNGR\FIREFOXEXTENSION
File not found (No name found) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT
File not found (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QZS9H8TM.DEFAULT\EXTENSIONS\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
File not found (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QZS9H8TM.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}
File not found (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QZS9H8TM.DEFAULT\EXTENSIONS\COUPONS@CHILICOUPON.COM.XPI
File not found (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QZS9H8TM.DEFAULT\EXTENSIONS\FFXTLBR@BABYLON.COM

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: npIPcam DLL (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlfgljgmajfgihpnkgedbiichbenhifo\2.0.0.0_0\plugins/npIPcam.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\User\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\User\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Citrix Online Web Deployment Plugin 1.0.0.104 (Enabled) = C:\Users\User\AppData\Local\Citrix\Plugins\104\npappdetector.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\User\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - Extension: W2MO: Mod\u00E9lisation, 3D-Simulation & Optimiz. = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\acbokjkdobbboamnnfehlboekicdhcog\3.2.0.1_0\
CHR - Extension: Bureau = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahfpbkogcgkoecgolaojpcijkabngljl\1.5_0\
CHR - Extension: Bureau = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahfpbkogcgkoecgolaojpcijkabngljl\1.5_0\~
CHR - Extension: Calendrier = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\amlmhkflbgjoeeophdjheadfljoielhi\1.1_0\
CHR - Extension: Google\u00A0Drive = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Less Annoying CRM = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjiddacoabcloecailojkglecpliblik\3.0.6_0\
CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Cash Organizer = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bppdehaogjdmkkiaiokmjdjmjnjicddk\2.0.0.77_0\
CHR - Extension: Gestion de projets Smartsheet = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cindmhdfkimaeggbebfjkmkdfiohldbm\2.5.0_0\
CHR - Extension: Recherche Google = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Memo Calendar = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpmolbenmlmgaljalobagjldokeoocco\1.0_0\
CHR - Extension: IPCAM = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlfgljgmajfgihpnkgedbiichbenhifo\2.0.0.0_0\
CHR - Extension: Google\u00A0Maps = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
CHR - Extension: ImageShack-Clickberry Extension = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpoheopifiepihlmifonnknocnlfapgc\2.1.3_0\
CHR - Extension: Planificateur de logements = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcafejemebbngbglfoinpoaannbihjna\1.2.0.4_0\
CHR - Extension: SmartPlace = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhhicokjdeiibcdhoejkcjhdkejoebhh\2_0\
CHR - Extension: Dessins Google = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkaakpdehdafacodkgkpghoibnmamcme\0.8_0\
CHR - Extension: My Time Organizer = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbgjpoemniodpkigbjkleiaoifclhfdm\1.0.3_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Clever Elements = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdfdcifbpbfgooijdefcahghfakaoiho\1.1.6_0\
CHR - Extension: Gmail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: SimplyCast Contact Manager = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgikfapnoojlaolndpkpheiokbmboom\8.3.1_0\

O1 HOSTS File: ([2013.10.28 21:40:06 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZumoDrive] C:\Program Files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk ()
O4 - HKU\S-1-5-21-3189978512-3857647014-4098137333-1000..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-3189978512-3857647014-4098137333-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3189978512-3857647014-4098137333-1000..\Run: [Facebook Update] C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-3189978512-3857647014-4098137333-1000..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-3189978512-3857647014-4098137333-1000..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\User\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3189978512-3857647014-4098137333-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3189978512-3857647014-4098137333-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.2.24.158 62.2.17.60 62.2.24.162 62.2.17.61
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95431554-F914-4F52-BA6E-DD605BFFE8F0}: DhcpNameServer = 62.2.24.158 62.2.17.60 62.2.24.162 62.2.17.61
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B723F451-AE95-4A8B-A29D-EE80D9685E55}: DhcpNameServer = 62.2.24.158 62.2.17.60 62.2.24.162 62.2.17.61
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {4FB2407C-C8E4-BBC8-BB1C-FCCB2EF5914B} - C:\Program Files\Hewlett-Packard\HP Media Suite\Home\HPMediaSuite.exe "/installer"
ActiveX: {4FB2AA7C-C8E4-BBC8-BB1C-FAAB2EF5914B} - C:\Windows\system32\wscript.exe "C:\Program Files\Hewlett-Packard\HP Media Suite\Home\PinItem.vbs"
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2013.10.28 21:50:45 | 000,012,288 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Windows\System32\drivers\PROCEXP113.SYS
[2013.10.28 21:40:20 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013.10.28 18:50:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.10.28 18:50:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.10.28 18:50:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.10.28 18:49:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.10.27 20:33:37 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2013.10.27 20:33:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.10.27 20:33:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.10.27 20:32:57 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.10.27 20:32:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.10.27 20:32:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Programs
[2013.10.27 00:28:01 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013.10.10 09:18:40 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.10.10 09:18:36 | 002,876,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.10.10 09:18:34 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.10.10 09:18:33 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.10.10 09:18:31 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.10.10 09:18:27 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.10.10 09:18:26 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.10.10 09:18:26 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.10.10 09:18:23 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.10.10 09:18:21 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.10.09 09:07:24 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2013.10.09 09:07:23 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2013.10.09 09:07:21 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2013.10.09 09:07:21 | 000,025,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
[2013.10.09 09:07:11 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.10.09 09:07:10 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.10.09 09:07:10 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdh.dll
[2013.10.09 09:07:05 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2013.10.09 09:07:04 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013.10.09 09:07:04 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2013.10.09 09:07:03 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2013.10.09 09:07:03 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013.10.09 09:07:00 | 000,434,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavengeui.dll
[2013.10.09 09:06:53 | 002,348,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[1 C:\Users\User\Desktop\*.tmp files -> C:\Users\User\Desktop\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2013.10.30 08:08:01 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013.10.30 07:51:10 | 000,001,074 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3189978512-3857647014-4098137333-1000UA.job
[2013.10.30 07:33:12 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3189978512-3857647014-4098137333-1000UA.job
[2013.10.30 07:25:02 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.10.30 07:20:04 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.10.30 06:32:16 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3189978512-3857647014-4098137333-1000Core.job
[2013.10.30 06:17:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.10.29 22:14:27 | 000,126,566 | ---- | M] () -- C:\Users\User\Desktop\pce mot 3.jpg
[2013.10.29 22:12:55 | 000,103,318 | ---- | M] () -- C:\Users\User\Desktop\pce mot 2.jpg
[2013.10.29 22:10:41 | 000,133,200 | ---- | M] () -- C:\Users\User\Desktop\pce mot 1.jpg
[2013.10.29 21:57:22 | 000,133,200 | ---- | M] () -- C:\Users\User\Desktop\pce moteur 1.jpg
[2013.10.29 21:56:32 | 000,014,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.10.29 21:56:32 | 000,014,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.10.29 21:43:01 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.10.29 21:42:30 | 795,762,688 | -HS- | M] () -- C:\hiberfil.sys
[2013.10.28 21:50:45 | 000,012,288 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Windows\System32\drivers\PROCEXP113.SYS
[2013.10.28 21:40:06 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.10.28 18:29:32 | 000,704,714 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2013.10.28 18:29:32 | 000,622,800 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.10.28 18:29:32 | 000,130,988 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2013.10.28 18:29:32 | 000,040,040 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.10.28 13:14:37 | 000,060,969 | ---- | M] () -- C:\Users\User\Desktop\manuel 2.jpeg
[2013.10.28 13:06:57 | 000,063,998 | ---- | M] () -- C:\Users\User\Desktop\manuel Chrysler fusible.jpeg
[2013.10.27 20:33:16 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.10.27 18:44:44 | 000,900,965 | ---- | M] () -- C:\Users\User\Desktop\carrosserie chrysler eraflures1.jpg
[2013.10.27 18:41:10 | 000,132,114 | ---- | M] () -- C:\Users\User\Desktop\carrosserie Chrysler eraflures 2.jpg
[2013.10.27 18:36:27 | 001,026,552 | ---- | M] () -- C:\Users\User\Desktop\P_20131027_160432.jpg
[2013.10.26 18:14:56 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3189978512-3857647014-4098137333-1000Core.job
[2013.10.22 19:48:01 | 000,113,559 | ---- | M] () -- C:\Users\User\Desktop\payment starting production led 01 . 22.10.2013.jpg
[2013.10.20 09:53:46 | 000,171,802 | ---- | M] () -- C:\Users\User\Desktop\chrysler 17.jpg
[2013.10.20 09:51:18 | 000,171,939 | ---- | M] () -- C:\Users\User\Desktop\chrysler17.jpg
[2013.10.20 09:35:07 | 000,171,939 | ---- | M] () -- C:\Users\User\Desktop\chrysler16.jpg
[2013.10.20 09:31:50 | 000,068,574 | ---- | M] () -- C:\Users\User\Desktop\chrysler 15.jpg
[2013.10.20 09:24:06 | 000,160,279 | ---- | M] () -- C:\Users\User\Desktop\chrysler 14.jpg
[2013.10.20 09:10:48 | 000,070,970 | ---- | M] () -- C:\Users\User\Desktop\chrysler 13.jpg
[2013.10.20 08:58:55 | 000,069,659 | ---- | M] () -- C:\Users\User\Desktop\chrysler_voyager12.jpg
[2013.10.20 08:58:30 | 000,663,148 | ---- | M] () -- C:\Users\User\Desktop\chrysler11.jpg
[2013.10.20 08:57:47 | 000,072,512 | ---- | M] () -- C:\Users\User\Desktop\chrysler_voyager10.jpg
[2013.10.17 23:13:14 | 000,059,593 | ---- | M] () -- C:\Users\User\Desktop\payment slizestar.pdf
[2013.10.17 07:31:24 | 000,139,975 | ---- | M] () -- C:\Users\User\Desktop\slizestar paym.jpg
[2013.10.17 07:05:40 | 000,002,362 | ---- | M] () -- C:\Users\User\Desktop\Google Chrome.lnk
[2013.10.16 02:22:52 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.10.15 09:51:46 | 000,133,280 | ---- | M] () -- C:\Users\User\Desktop\paym Tracy 15 oct 2013.jpg
[2013.10.14 00:56:34 | 000,138,949 | ---- | M] () -- C:\Users\User\Desktop\LN 1335204.jpg
[2013.10.14 00:37:59 | 000,074,092 | ---- | M] () -- C:\Users\User\Desktop\proj rail manuel.jpg
[2013.10.14 00:30:03 | 000,089,401 | ---- | M] () -- C:\Users\User\Desktop\track light manual.jpg
[2013.10.14 00:14:12 | 000,006,918 | ---- | M] () -- C:\Users\User\Desktop\60°.jpg
[2013.10.14 00:14:00 | 000,007,665 | ---- | M] () -- C:\Users\User\Desktop\24°.jpg
[2013.10.13 23:31:49 | 000,213,598 | ---- | M] () -- C:\Users\User\Desktop\Offre galerie Latham pdf 14.10.2013.pdf
[2013.10.11 18:22:07 | 000,212,363 | ---- | M] () -- C:\Users\User\Desktop\Offre galerie Latham pdf1.pdf
[2013.10.11 18:08:35 | 000,212,742 | ---- | M] () -- C:\Users\User\Desktop\Offre galerie Latham pdf.pdf
[2013.10.11 17:13:51 | 000,322,984 | ---- | M] () -- C:\Users\User\Desktop\Qs-COB led track light.pdf
[2013.10.11 17:04:58 | 000,008,493 | ---- | M] () -- C:\Users\User\Desktop\rail 30w led.jpg
[2013.10.11 16:11:50 | 000,036,473 | ---- | M] () -- C:\Users\User\Desktop\projecteur latham.jpg
[2013.10.11 16:05:58 | 000,169,009 | ---- | M] () -- C:\Users\User\Desktop\size 30w.jpg
[2013.10.11 15:26:57 | 000,156,658 | ---- | M] () -- C:\Users\User\Desktop\IMG_11102013_222433.png
[2013.10.11 15:19:15 | 000,090,380 | ---- | M] () -- C:\Users\User\Desktop\IMG_11102013_221649.png
[2013.10.11 15:12:50 | 000,033,024 | ---- | M] () -- C:\Users\User\Desktop\flood light slim 30w.png
[2013.10.11 14:59:18 | 000,017,497 | ---- | M] () -- C:\Users\User\Desktop\flood light 30w new modell.png
[2013.10.10 11:38:19 | 000,412,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.10.09 21:59:55 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.10.09 21:59:55 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.10.08 09:14:17 | 000,122,389 | ---- | M] () -- C:\Users\User\Desktop\paym. Tracy 8 oct 2013.jpg
[2013.10.07 06:48:25 | 000,163,099 | ---- | M] () -- C:\Users\User\Desktop\T8 tube installation.jpg
[2013.10.06 23:25:15 | 000,087,055 | ---- | M] () -- C:\Users\User\Desktop\led rech vert.jpg
[2013.10.06 23:21:45 | 000,094,476 | ---- | M] () -- C:\Users\User\Desktop\Rechargeable_portable_10W_LED_flood_light.jpg
[2013.10.06 21:50:44 | 000,056,701 | ---- | M] () -- C:\Users\User\Desktop\lampe bureau couleures disponible.jpg
[2013.10.06 11:39:10 | 000,044,843 | ---- | M] () -- C:\Users\User\Desktop\bande led white.jpg
[2013.10.04 07:49:11 | 000,511,861 | ---- | M] () -- C:\Users\User\Desktop\chrysler avec verte.jpg
[2013.10.03 22:37:26 | 000,010,871 | ---- | M] () -- C:\Users\User\Desktop\chrysler le 3.10.13.jpg
[2013.09.30 22:06:42 | 000,156,667 | ---- | M] () -- C:\Users\User\Desktop\30.09.13 vers.Ouriel 300.--.jpg
[1 C:\Users\User\Desktop\*.tmp files -> C:\Users\User\Desktop\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013.10.29 22:14:14 | 000,126,566 | ---- | C] () -- C:\Users\User\Desktop\pce mot 3.jpg
[2013.10.29 22:12:31 | 000,103,318 | ---- | C] () -- C:\Users\User\Desktop\pce mot 2.jpg
[2013.10.29 22:10:32 | 000,133,200 | ---- | C] () -- C:\Users\User\Desktop\pce mot 1.jpg
[2013.10.29 21:55:59 | 000,133,200 | ---- | C] () -- C:\Users\User\Desktop\pce moteur 1.jpg
[2013.10.28 18:50:50 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.10.28 18:50:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.10.28 18:50:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.10.28 18:50:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.10.28 18:50:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.10.28 13:14:19 | 000,060,969 | ---- | C] () -- C:\Users\User\Desktop\manuel 2.jpeg
[2013.10.28 13:06:31 | 000,063,998 | ---- | C] () -- C:\Users\User\Desktop\manuel Chrysler fusible.jpeg
[2013.10.27 20:33:16 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.10.27 18:44:24 | 000,900,965 | ---- | C] () -- C:\Users\User\Desktop\carrosserie chrysler eraflures1.jpg
[2013.10.27 18:40:52 | 000,132,114 | ---- | C] () -- C:\Users\User\Desktop\carrosserie Chrysler eraflures 2.jpg
[2013.10.27 18:36:26 | 001,026,552 | ---- | C] () -- C:\Users\User\Desktop\P_20131027_160432.jpg
[2013.10.22 19:48:00 | 000,113,559 | ---- | C] () -- C:\Users\User\Desktop\payment starting production led 01 . 22.10.2013.jpg
[2013.10.20 09:53:20 | 000,171,802 | ---- | C] () -- C:\Users\User\Desktop\chrysler 17.jpg
[2013.10.20 09:51:16 | 000,171,939 | ---- | C] () -- C:\Users\User\Desktop\chrysler17.jpg
[2013.10.20 09:35:06 | 000,171,939 | ---- | C] () -- C:\Users\User\Desktop\chrysler16.jpg
[2013.10.20 09:31:48 | 000,068,574 | ---- | C] () -- C:\Users\User\Desktop\chrysler 15.jpg
[2013.10.20 09:23:50 | 000,160,279 | ---- | C] () -- C:\Users\User\Desktop\chrysler 14.jpg
[2013.10.20 09:10:35 | 000,070,970 | ---- | C] () -- C:\Users\User\Desktop\chrysler 13.jpg
[2013.10.20 08:58:54 | 000,069,659 | ---- | C] () -- C:\Users\User\Desktop\chrysler_voyager12.jpg
[2013.10.20 08:58:23 | 000,663,148 | ---- | C] () -- C:\Users\User\Desktop\chrysler11.jpg
[2013.10.20 08:57:22 | 000,072,512 | ---- | C] () -- C:\Users\User\Desktop\chrysler_voyager10.jpg
[2013.10.17 23:13:14 | 000,059,593 | ---- | C] () -- C:\Users\User\Desktop\payment slizestar.pdf
[2013.10.17 07:31:22 | 000,139,975 | ---- | C] () -- C:\Users\User\Desktop\slizestar paym.jpg
[2013.10.15 09:51:44 | 000,133,280 | ---- | C] () -- C:\Users\User\Desktop\paym Tracy 15 oct 2013.jpg
[2013.10.14 00:56:34 | 000,138,949 | ---- | C] () -- C:\Users\User\Desktop\LN 1335204.jpg
[2013.10.14 00:37:58 | 000,074,092 | ---- | C] () -- C:\Users\User\Desktop\proj rail manuel.jpg
[2013.10.14 00:30:01 | 000,089,401 | ---- | C] () -- C:\Users\User\Desktop\track light manual.jpg
[2013.10.14 00:14:12 | 000,006,918 | ---- | C] () -- C:\Users\User\Desktop\60°.jpg
[2013.10.14 00:13:52 | 000,007,665 | ---- | C] () -- C:\Users\User\Desktop\24°.jpg
[2013.10.13 22:54:21 | 000,213,598 | ---- | C] () -- C:\Users\User\Desktop\Offre galerie Latham pdf 14.10.2013.pdf
[2013.10.11 18:22:01 | 000,212,363 | ---- | C] () -- C:\Users\User\Desktop\Offre galerie Latham pdf1.pdf
[2013.10.11 18:08:34 | 000,212,742 | ---- | C] () -- C:\Users\User\Desktop\Offre galerie Latham pdf.pdf
[2013.10.11 17:13:09 | 000,322,984 | ---- | C] () -- C:\Users\User\Desktop\Qs-COB led track light.pdf
[2013.10.11 17:04:41 | 000,008,493 | ---- | C] () -- C:\Users\User\Desktop\rail 30w led.jpg
[2013.10.11 16:11:46 | 000,036,473 | ---- | C] () -- C:\Users\User\Desktop\projecteur latham.jpg
[2013.10.11 16:05:57 | 000,169,009 | ---- | C] () -- C:\Users\User\Desktop\size 30w.jpg
[2013.10.11 15:26:30 | 000,156,658 | ---- | C] () -- C:\Users\User\Desktop\IMG_11102013_222433.png
[2013.10.11 15:18:56 | 000,090,380 | ---- | C] () -- C:\Users\User\Desktop\IMG_11102013_221649.png
[2013.10.11 15:12:32 | 000,033,024 | ---- | C] () -- C:\Users\User\Desktop\flood light slim 30w.png
[2013.10.11 14:55:40 | 000,017,497 | ---- | C] () -- C:\Users\User\Desktop\flood light 30w new modell.png
[2013.10.08 09:14:17 | 000,122,389 | ---- | C] () -- C:\Users\User\Desktop\paym. Tracy 8 oct 2013.jpg
[2013.10.07 06:48:18 | 000,163,099 | ---- | C] () -- C:\Users\User\Desktop\T8 tube installation.jpg
[2013.10.06 23:25:13 | 000,087,055 | ---- | C] () -- C:\Users\User\Desktop\led rech vert.jpg
[2013.10.06 23:21:21 | 000,094,476 | ---- | C] () -- C:\Users\User\Desktop\Rechargeable_portable_10W_LED_flood_light.jpg
[2013.10.06 11:38:41 | 000,044,843 | ---- | C] () -- C:\Users\User\Desktop\bande led white.jpg
[2013.10.04 07:48:51 | 000,511,861 | ---- | C] () -- C:\Users\User\Desktop\chrysler avec verte.jpg
[2013.10.03 22:36:58 | 000,010,871 | ---- | C] () -- C:\Users\User\Desktop\chrysler le 3.10.13.jpg
[2013.09.30 22:06:39 | 000,156,667 | ---- | C] () -- C:\Users\User\Desktop\30.09.13 vers.Ouriel 300.--.jpg
[2013.07.20 14:10:58 | 000,004,096 | -H-- | C] () -- C:\Users\User\AppData\Local\keyfile3.drm
[2012.10.11 23:13:19 | 000,000,288 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.10.11 23:13:18 | 000,001,644 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.08.18 01:58:17 | 000,011,776 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.04 00:28:36 | 000,000,098 | ---- | C] () -- C:\Users\User\AppData\Roaming\MPUI.ini
[2011.02.02 12:39:34 | 000,000,128 | ---- | C] () -- C:\Users\User\AppData\Local\mv_Photo.xml
[2011.02.02 12:39:34 | 000,000,119 | ---- | C] () -- C:\Users\User\AppData\Local\mv_music.xml

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== LOP Check ==========[/color]

[2013.05.26 05:20:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DAEMON Tools Lite
[2012.06.20 13:47:32 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Leadertech
[2012.01.11 07:07:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Markets.com MarketTrader
[2012.06.04 16:56:18 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PhotoFiltre 7
[2012.12.22 17:10:10 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ZumoDrive

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color]
[2009.06.10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009.07.14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2013.10.28 21:50:35 | 000,024,412 | ---- | M] () -- C:\ComboFix.txt
[2009.06.10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2013.07.23 00:51:06 | 000,002,730 | ---- | M] () -- C:\DelFix.txt
[2013.10.29 21:42:30 | 795,762,688 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.11 23:13:05 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012.10.11 23:13:05 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013.10.29 23:32:52 | 1759,371,264 | -HS- | M] () -- C:\pagefile.sys
[2013.10.30 08:08:01 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]

[color=#A23BEC]< %PROGRAMFILES%\*.* >[/color]
[2009.07.14 05:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

[color=#A23BEC]< %PROGRAMFILES%\*. >[/color]
[2011.10.27 02:17:42 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010.09.16 10:52:02 | 000,000,000 | ---D | M] -- C:\Program Files\AmIcoSingLun
[2011.11.01 13:43:49 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2013.02.04 23:21:23 | 000,000,000 | ---D | M] -- C:\Program Files\AVS4YOU
[2012.05.02 23:45:44 | 000,000,000 | ---D | M] -- C:\Program Files\BearShare Applications
[2011.11.01 13:49:10 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010.09.16 10:44:04 | 000,000,000 | ---D | M] -- C:\Program Files\Broadcom
[2013.05.26 05:05:42 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2013.06.24 17:05:51 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2013.07.27 21:51:45 | 000,000,000 | ---D | M] -- C:\Program Files\CodeTwo
[2013.10.28 21:04:23 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2013.09.23 22:56:31 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2013.02.05 00:35:07 | 000,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Lite
[2010.09.16 11:09:32 | 000,000,000 | ---D | M] -- C:\Program Files\Downloaded Installations
[2012.02.26 01:26:13 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Maker
[2013.02.03 23:22:45 | 000,000,000 | ---D | M] -- C:\Program Files\FixBee
[2011.02.02 11:24:32 | 000,000,000 | -HSD | M] -- C:\Program Files\Gemeinsame Dateien
[2013.03.31 22:31:44 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2012.11.19 22:08:59 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2011.08.16 21:38:44 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2010.09.16 11:21:57 | 000,000,000 | ---D | M] -- C:\Program Files\HP Games
[2010.09.16 10:58:04 | 000,000,000 | ---D | M] -- C:\Program Files\IDT
[2011.06.02 22:35:05 | 000,000,000 | ---D | M] -- C:\Program Files\IKG
[2013.09.24 00:12:23 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010.09.16 10:50:59 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2013.10.10 10:13:45 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2013.02.12 16:49:31 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2013.02.12 16:51:11 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2011.08.03 21:19:12 | 000,000,000 | ---D | M] -- C:\Program Files\IVCsoft
[2012.09.30 04:43:00 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2012.06.20 13:45:39 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2013.10.27 20:33:22 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.01.11 06:12:47 | 000,000,000 | ---D | M] -- C:\Program Files\Markets.com MetaTrader
[2011.11.25 08:49:31 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2009.07.14 05:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2011.10.02 11:47:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2013.10.16 02:19:29 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Security Client
[2013.10.10 11:37:52 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2011.02.02 12:30:19 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011.02.02 12:31:04 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
[2011.02.03 13:18:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2011.02.03 13:12:16 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2011.02.03 14:15:05 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2011.03.16 14:37:54 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2013.02.04 23:02:21 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2011.02.03 13:18:26 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2011.08.17 16:09:59 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2011.02.02 12:33:39 | 000,000,000 | R--D | M] -- C:\Program Files\Online Services
[2010.09.16 11:01:41 | 000,000,000 | ---D | M] -- C:\Program Files\onlineservices
[2012.06.04 15:06:25 | 000,000,000 | ---D | M] -- C:\Program Files\PhotoFiltre 7
[2012.02.05 01:33:05 | 000,000,000 | ---D | M] -- C:\Program Files\PlayerPlus
[2013.01.24 23:30:27 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2013.02.04 23:15:57 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2010.09.16 10:48:55 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2009.07.14 05:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2013.10.28 07:45:26 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2010.09.16 10:48:34 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2009.07.14 05:53:23 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2012.11.24 02:27:40 | 000,000,000 | ---D | M] -- C:\Program Files\UPC Fiber Power Optimizer
[2012.04.13 21:39:49 | 000,000,000 | ---D | M] -- C:\Program Files\Video Codec
[2012.05.01 21:00:39 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2013.10.28 00:05:11 | 000,000,000 | ---D | M] -- C:\Program Files\Vlcclassic
[2010.09.16 10:52:25 | 000,000,000 | ---D | M] -- C:\Program Files\WIDCOMM
[2013.07.11 21:00:11 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2011.02.02 12:31:29 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2011.02.02 12:28:53 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2012.02.26 01:26:13 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2012.02.26 01:26:12 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2011.02.02 11:24:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2012.02.26 01:26:12 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Viewer
[2012.02.26 01:26:12 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2012.02.26 01:26:13 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2013.02.05 14:05:13 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR

[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

[color=#A23BEC]< MD5 for: APPMGMTS.DLL >[/color]
[2009.07.14 02:14:53 | 000,149,504 | ---- | M] (Microsoft Corporation) MD5=A45D184DF6A8803DA13A0B329517A64A -- C:\Windows\winsxs\x86_microsoft-windows-g..oftwareinstallation_31bf3856ad364e35_6.1.7600.16385_none_81a53e87bd5d36aa\appmgmts.dll

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_a5025d31bee4647c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_df26d4d57fdef5b0\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_dfc9143c98e9a6c4\atapi.sys

[color=#A23BEC]< MD5 for: AUTOCHK.EXE >[/color]
[2010.11.20 13:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\System32\autochk.exe
[2010.11.20 13:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2009.07.14 00:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\ERDNT\cache\beep.sys
[2009.07.14 00:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\System32\drivers\beep.sys
[2009.07.14 00:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_c3f6f77668f0ddcc\beep.sys

[color=#A23BEC]< MD5 for: CNGAUDIT.DLL >[/color]
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\ERDNT\cache\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

[color=#A23BEC]< MD5 for: HIDSERV.DLL >[/color]
[2009.07.14 02:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=2BC6F6A1992B3A77F5F41432CA6B3B6B -- C:\Windows\System32\hidserv.dll
[2009.07.14 02:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=2BC6F6A1992B3A77F5F41432CA6B3B6B -- C:\Windows\winsxs\x86_microsoft-windows-hid-user_31bf3856ad364e35_6.1.7600.16385_none_d6829e90e8c23da8\hidserv.dll

[color=#A23BEC]< MD5 for: IASTOR.SYS >[/color]
[2009.10.13 09:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009.10.13 09:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Windows\System32\drivers\iaStor.sys
[2009.10.13 09:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_b12590c8dd605296\iaStor.sys
[2009.10.13 09:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys

[color=#A23BEC]< MD5 for: IASTORV.SYS >[/color]
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys

[color=#A23BEC]< MD5 for: IMM32.DLL >[/color]
[2010.11.20 13:19:22 | 000,118,272 | ---- | M] (Microsoft Corporation) MD5=4A8E2F20809CC161107FAA94F6CF2685 -- C:\Windows\ERDNT\cache\imm32.dll
[2010.11.20 13:19:22 | 000,118,272 | ---- | M] (Microsoft Corporation) MD5=4A8E2F20809CC161107FAA94F6CF2685 -- C:\Windows\System32\imm32.dll
[2010.11.20 13:19:22 | 000,118,272 | ---- | M] (Microsoft Corporation) MD5=4A8E2F20809CC161107FAA94F6CF2685 -- C:\Windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.1.7601.17514_none_5e5d8801d8ad160d\imm32.dll

[color=#A23BEC]< MD5 for: KERNEL32.DLL >[/color]
[2011.05.14 07:26:31 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=02D5E2D9D9497F314C97E082A1CB9808 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17617_none_95c851f0b48aeae5\kernel32.dll
[2013.08.02 06:54:18 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=071350D18F2ABC93496040F44D44F592 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22411_none_964bd085cdae14d1\kernel32.dll
[2012.10.04 17:43:05 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=3ED262888758E350C29E02207AF9AC59 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17965_none_95904772b4b53b61\kernel32.dll
[2010.11.20 13:19:26 | 000,857,600 | ---- | M] (Microsoft Corporation) MD5=5553784D774CA845380650E010BBDA2C -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_95c54f2cb48da1b9\kernel32.dll
[2011.05.14 08:40:52 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=5717FC9D2A1DAA0596DC7D940F2D613C -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21728_none_96481f19cdafbff7\kernel32.dll
[2012.10.04 17:32:16 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=63350392C018D28C87E6FCB638DFCFE8 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22125_none_9644fc0fcdb29ea9\kernel32.dll
[2013.08.02 02:49:19 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=6933E2AFF444A7A95D5C67E98449163E -- C:\Windows\ERDNT\cache\kernel32.dll
[2013.08.02 02:49:19 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=6933E2AFF444A7A95D5C67E98449163E -- C:\Windows\System32\kernel32.dll
[2013.08.02 02:49:19 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=6933E2AFF444A7A95D5C67E98449163E -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18229_none_95bf6438b4915e89\kernel32.dll
[2012.11.30 06:01:46 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=6D0D4B00C7CB4FA829F396A83B327894 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22177_none_9610ed07cdd95d0c\kernel32.dll
[2012.08.20 18:40:01 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=6F93A0F455963DC8A9A16BB682C8D589 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17932_none_95adb658b49f9b89\kernel32.dll
[2012.08.20 18:34:45 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=9139B25AA9CA8749A11F2BE863EF391B -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22091_none_95f5498dcdeeffbd\kernel32.dll
[2011.07.16 05:54:28 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=921F8B3FF01501C9934CCB3C270833D7 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_960c0dc1cdddb3a2\kernel32.dll
[2012.11.30 05:47:44 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=AE09B85158C66E2C154C5C9B3C0027B3 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18015_none_95c62f30b48ce2ee\kernel32.dll
[2013.10.29 21:45:12 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\Users\User\AppData\Local\Temp\_MEI54442\kernel32.dll
[2011.07.16 05:27:30 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=E570CBD732848438EAC574EB3442A2A8 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_95971084b4b0c29f\kernel32.dll
[2013.01.04 05:46:46 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=F14125F0B2ACB29963E896E3441DC30C -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22209_none_965e9ef5cd9ec94a\kernel32.dll

[color=#A23BEC]< MD5 for: MSWSOCK.DLL >[/color]
[2013.09.07 03:04:16 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=6547D445C4B69DC0083B619AC642DF04 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.22444_none_bac3d364a4c3ea89\mswsock.dll
[2010.11.20 13:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll
[2013.09.08 03:03:58 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=E94C583CDE2348950155F2AF2876F34D -- C:\Windows\ERDNT\cache\mswsock.dll
[2013.09.08 03:03:58 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=E94C583CDE2348950155F2AF2876F34D -- C:\Windows\System32\mswsock.dll
[2013.09.08 03:03:58 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=E94C583CDE2348950155F2AF2876F34D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.18254_none_ba2f64c78bae6989\mswsock.dll

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2012.08.22 18:05:16 | 000,712,048 | ---- | M] (Microsoft Corporation) MD5=15B74B6283CEBCCE3054C1001CA01B5E -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.22097_none_aa0491cf93ad1c31\ndis.sys
[2012.08.22 18:16:46 | 000,712,048 | ---- | M] (Microsoft Corporation) MD5=8C9C922D71F1CD4DEF73F186416B7896 -- C:\Windows\ERDNT\cache\ndis.sys
[2012.08.22 18:16:46 | 000,712,048 | ---- | M] (Microsoft Corporation) MD5=8C9C922D71F1CD4DEF73F186416B7896 -- C:\Windows\System32\drivers\ndis.sys
[2012.08.22 18:16:46 | 000,712,048 | ---- | M] (Microsoft Corporation) MD5=8C9C922D71F1CD4DEF73F186416B7896 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17939_none_a9bdfee47a5cd154\ndis.sys
[2010.11.20 13:30:06 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_a9ce95b27a512623\ndis.sys

[color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color]
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\ERDNT\cache\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll

[color=#A23BEC]< MD5 for: NTFS.SYS >[/color]
[2012.08.31 18:18:09 | 001,211,760 | ---- | M] (Microsoft Corporation) MD5=0D87503986BB3DFED58E343FE39DDE13 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17945_none_a8592bc67b451464\ntfs.sys
[2010.11.20 13:30:06 | 001,211,264 | ---- | M] (Microsoft Corporation) MD5=33C3093D09017CFE2E219F2472BFF6EB -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17514_none_a87893a87b2db29e\ntfs.sys
[2013.04.12 14:45:29 | 001,211,752 | ---- | M] (Microsoft Corporation) MD5=5E43D2B0EE64123D4880DFA6626DEFDE -- C:\Windows\ERDNT\cache\ntfs.sys
[2013.04.12 14:45:29 | 001,211,752 | ---- | M] (Microsoft Corporation) MD5=5E43D2B0EE64123D4880DFA6626DEFDE -- C:\Windows\System32\drivers\ntfs.sys
[2013.04.12 14:45:29 | 001,211,752 | ---- | M] (Microsoft Corporation) MD5=5E43D2B0EE64123D4880DFA6626DEFDE -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.18127_none_a870a63a7b333f99\ntfs.sys
[2011.03.11 06:39:00 | 001,211,264 | ---- | M] (Microsoft Corporation) MD5=81189C3D7763838E55C397759D49007A -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17577_none_a83ab4fe7b5ba649\ntfs.sys
[2013.03.02 06:07:36 | 001,212,264 | ---- | M] (Microsoft Corporation) MD5=9CDAEBE5160B9AF02AE17C62BDB6C4B5 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.18106_none_a88545c87b23ee60\ntfs.sys
[2013.04.12 14:53:03 | 001,213,288 | ---- | M] (Microsoft Corporation) MD5=A543D7FD38F51123CA6B8B4722E4D322 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.22297_none_a8ae93919489a2fa\ntfs.sys
[2013.03.02 05:30:20 | 001,213,272 | ---- | M] (Microsoft Corporation) MD5=BDC9CE1B497B6C266ED70E3D34184F40 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.22272_none_a8bf31f7947dec65\ntfs.sys
[2011.03.11 06:28:10 | 001,211,264 | ---- | M] (Microsoft Corporation) MD5=E2EDE3F02F95B896A1C7C6F0CC0C4083 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.21680_none_a8b27fd79487b0a3\ntfs.sys
[2012.08.31 18:01:43 | 001,212,272 | ---- | M] (Microsoft Corporation) MD5=E6C295C6F8E639957235FEE1D95077F4 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.22104_none_a90ce01994435e55\ntfs.sys

[color=#A23BEC]< MD5 for: NVSTOR.SYS >[/color]
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys

[color=#A23BEC]< MD5 for: PROQUOTA.EXE >[/color]
[2010.11.20 13:17:30 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E77BAB79F078654782F83F0A0AEFE31 -- C:\Windows\System32\proquota.exe
[2010.11.20 13:17:30 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E77BAB79F078654782F83F0A0AEFE31 -- C:\Windows\winsxs\x86_microsoft-windows-proquota_31bf3856ad364e35_6.1.7601.17514_none_29ce61c2f0a740f4\proquota.exe

[color=#A23BEC]< MD5 for: QMGR.DLL >[/color]
[2010.11.20 13:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\ERDNT\cache\qmgr.dll
[2010.11.20 13:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\System32\qmgr.dll
[2010.11.20 13:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_25982ed857b42497\qmgr.dll

[color=#A23BEC]< MD5 for: SCECLI.DLL >[/color]
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

[color=#A23BEC]< MD5 for: SPOOLSV.EXE >[/color]
[2010.11.20 13:17:45 | 000,317,440 | ---- | M] (Microsoft Corporation) MD5=866A43013535DC8587C258E43579C764 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_d8530d0d1fcade21\spoolsv.exe
[2012.02.11 06:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) MD5=9AEA093B8F9C37CF45538382CABA2475 -- C:\Windows\ERDNT\cache\spoolsv.exe
[2012.02.11 06:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) MD5=9AEA093B8F9C37CF45538382CABA2475 -- C:\Windows\System32\spoolsv.exe
[2012.02.11 06:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) MD5=9AEA093B8F9C37CF45538382CABA2475 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17777_none_d815322f1ff8cc1a\spoolsv.exe
[2012.02.11 06:21:14 | 000,317,952 | ---- | M] (Microsoft Corporation) MD5=CAE10A25F936C053E41CBE0FA06FF15D -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.21921_none_d8cedec038f3454c\spoolsv.exe

[color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color]
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

[color=#A23BEC]< MD5 for: TERMSRV.DLL >[/color]
[2010.11.20 13:21:28 | 000,521,216 | ---- | M] (Microsoft Corporation) MD5=382C804C92811BE57829D8E550A900E2 -- C:\Windows\ERDNT\cache\termsrv.dll
[2010.11.20 13:21:28 | 000,521,216 | ---- | M] (Microsoft Corporation) MD5=382C804C92811BE57829D8E550A900E2 -- C:\Windows\System32\termsrv.dll
[2010.11.20 13:21:28 | 000,521,216 | ---- | M] (Microsoft Corporation) MD5=382C804C92811BE57829D8E550A900E2 -- C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_90a6abb3b286306d\termsrv.dll

[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color]
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[color=#A23BEC]< MD5 for: VOLSNAP.SYS >[/color]
[2010.11.20 13:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\drivers\volsnap.sys
[2010.11.20 13:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_6dee0205881d1a1d\volsnap.sys
[2010.11.20 13:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_17be216c5a5713d8\volsnap.sys

[color=#A23BEC]< MD5 for: WININET.DLL >[/color]
[2013.02.02 04:30:21 | 001,129,472 | ---- | M] (Microsoft Corporation) MD5=03728C624D05C2F157BBD46F6B7F6EA0 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16470_none_1a318655bc42d5b9\wininet.dll
[2012.08.24 17:58:13 | 000,982,016 | ---- | M] (Microsoft Corporation) MD5=0D5ADA91A4176674D12DC990DD022E84 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.22099_none_1ee2a15190714c2a\wininet.dll
[2013.02.02 04:36:46 | 001,129,472 | ---- | M] (Microsoft Corporation) MD5=1284D72C04B553ED5382EA14303D66DB -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20580_none_1ab05334d5689174\wininet.dll
[2013.01.08 21:41:13 | 001,129,472 | ---- | M] (Microsoft Corporation) MD5=16C45E6881449C6330567E51C13920FA -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20573_none_1abe23fed55dc188\wininet.dll
[2011.11.05 05:31:42 | 000,982,016 | ---- | M] (Microsoft Corporation) MD5=1903228FE0C7D402B26A217F8D7713FD -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21855_none_1f0a05d1905446a1\wininet.dll
[2011.11.05 05:35:00 | 000,981,504 | ---- | M] (Microsoft Corporation) MD5=19714FA7D7204D9BEE1EE12791DA9010 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17720_none_1e9bd7587722d451\wininet.dll
[2013.04.05 06:19:01 | 001,775,616 | ---- | M] (Microsoft Corporation) MD5=1D48B7F4618EE77430ACECCA1BCA88E1 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.20681_none_0cd17cc273935223\wininet.dll
[2013.05.17 02:25:57 | 001,767,936 | ---- | M] (Microsoft Corporation) MD5=2473CA6595A2659D7039A4A89FECA269 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16614_none_2397dd0059f28df0\wininet.dll
[2013.06.12 05:19:11 | 001,777,664 | ---- | M] (Microsoft Corporation) MD5=24AE444B165D11835EF3D38CF3CC7FA4 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.20742_none_0cc294e6739f2259\wininet.dll
[2012.05.15 04:03:54 | 000,981,504 | ---- | M] (Microsoft Corporation) MD5=2606B35DDADCA19BEA9A08033C621B97 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17842_none_1e8839fa77313c08\wininet.dll
[2013.08.10 05:33:03 | 001,777,664 | ---- | M] (Microsoft Corporation) MD5=26BD13BB9196C2D8F8155C3C6169BC22 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.20794_none_0cc768c8739ad44e\wininet.dll
[2011.04.22 20:10:01 | 000,981,504 | ---- | M] (Microsoft Corporation) MD5=2CA020EACDC6DDB2BEA89FEA02C90945 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17601_none_1eb275947711b89f\wininet.dll
[2012.05.15 03:51:09 | 000,982,016 | ---- | M] (Microsoft Corporation) MD5=3E5195AB78F4DCE48E04CC6979D9B428 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21995_none_1edec8079074b38c\wininet.dll
[2013.05.17 02:42:58 | 001,777,664 | ---- | M] (Microsoft Corporation) MD5=425A20F1C6855222944BFD4FA9BE61A5 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.20719_none_0cbef49073a289bb\wininet.dll
[2012.10.27 07:26:55 | 000,981,504 | ---- | M] (Microsoft Corporation) MD5=42C671E0525618E23371D0E68282F37C -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17984_none_1e5efcc4774fdba1\wininet.dll
[2010.11.20 13:21:36 | 000,980,992 | ---- | M] (Microsoft Corporation) MD5=44214C94911C7CFB1D52CB64D5E8368D -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_1eaaa4a07717236e\wininet.dll
[2012.08.24 17:57:48 | 000,981,504 | ---- | M] (Microsoft Corporation) MD5=4F4E2103C7F8A2AB6679071855549C93 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17940_none_1e863b4c77330681\wininet.dll
[2013.08.10 04:59:10 | 001,767,936 | ---- | M] (Microsoft Corporation) MD5=535F6263035F2530A62D5D64EF6E73D3 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16686_none_239eb17659ec7293\wininet.dll
[2012.06.27 06:49:12 | 000,982,016 | ---- | M] (Microsoft Corporation) MD5=54D506A1F7D9E1AF6439F7A06CC6488A -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.22032_none_1f1c7ed39046f323\wininet.dll
[2012.06.27 06:53:07 | 000,981,504 | ---- | M] (Microsoft Corporation) MD5=58CFAE82CC4092C5988555B73CD557B8 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17874_none_1e69caca7747c289\wininet.dll
[2013.04.05 06:28:24 | 001,767,424 | ---- | M] (Microsoft Corporation) MD5=5ABB3F36AF17007F33FA275E96A2C95E -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16576_none_23a8811859e53d4b\wininet.dll
[2012.10.27 05:50:37 | 000,982,016 | ---- | M] (Microsoft Corporation) MD5=5CD2659F5F1728C7A71D4A15AA4A7D53 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.22145_none_1f14b1ab904c5840\wininet.dll
[2013.09.23 00:36:52 | 001,777,152 | ---- | M] (Microsoft Corporation) MD5=67220EB57550F10E1219D57D89937456 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.20831_none_0cb6db7873a80b52\wininet.dll
[2012.02.28 06:25:01 | 000,982,016 | ---- | M] (Microsoft Corporation) MD5=6A5778483A8023B4DB9C5A509D382392 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21931_none_1f1ba6679047a68a\wininet.dll
[2011.06.21 06:28:33 | 000,981,504 | ---- | M] (Microsoft Corporation) MD5=748FD4CAB1AFFD90A9556EB7D5AA1FEB -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17638_none_1e9907d67723bdd3\wininet.dll
[2011.08.20 06:53:02 | 000,981,504 | ---- | M] (Microsoft Corporation) MD5=7570FA3FC82E08FB637E32D2D95DB41D -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21795_none_1edec43b9074b93e\wininet.dll
[2011.04.22 20:51:33 | 000,981,504 | ---- | M] (Microsoft Corporation) MD5=7A11DB452989040AD8570A3DCE2E9DE2 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21710_none_1f30422990385b03\wininet.dll
[2012.02.28 06:38:52 | 000,981,504 | ---- | M] (Microsoft Corporation) MD5=7CCA8574A3B9BB41A4150739E21F1B23 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17785_none_1e5ff942774efaaa\wininet.dll
[2013.01.31 00:10:11 | 001,129,472 | ---- | M] (Microsoft Corporation) MD5=7FA3A810F383588D46220967DE8B64FF -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16457_none_1a4e2833bc2c4f38\wininet.dll
[2011.12.16 10:00:03 | 000,982,016 | ---- | M] (Microsoft Corporation) MD5=808C0CE9D4DBC0A6F72761294EB10FB2 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21878_none_1ef766d79061ca88\wininet.dll
[2013.06.12 00:43:37 | 001,767,936 | ---- | M] (Microsoft Corporation) MD5=9BF7C7654EFD098EE3A27B49492A382A -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16635_none_2399c6cc59f0da3f\wininet.dll
[2011.03.07 06:33:13 | 000,981,504 | ---- | M] (Microsoft Corporation) MD5=A5B19B240901CAB0C8E7767D2873613E -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17573_none_1e68c4ce7748b1bd\wininet.dll
[2013.01.08 23:03:20 | 001,129,472 | ---- | M] (Microsoft Corporation) MD5=B49B56B64F57699A1A663D2CF7D0A56F -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16464_none_1a405769bc371f24\wininet.dll
[2013.02.25 00:26:06 | 001,775,616 | ---- | M] (Microsoft Corporation) MD5=B9A72493B83C77E78FE6213F4B01DB5D -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.20644_none_0ccd3742739739aa\wininet.dll
[2013.03.19 03:11:26 | 001,766,912 | ---- | M] (Microsoft Corporation) MD5=BA15504FA59A8DC304F1CBAEBA6252A1 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16521_none_23a3f18e59e93e73\wininet.dll
[2011.12.16 08:54:22 | 000,981,504 | ---- | M] (Microsoft Corporation) MD5=BDB7450CC556F238FD973C9DA300FEB8 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17744_none_1e8a38a8772f718f\wininet.dll
[2013.02.21 11:30:16 | 001,766,912 | ---- | M] (Microsoft Corporation) MD5=CFE0CEE587F9CEA4C29DEEC6D85FC91C -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16540_none_23a608ea59e75780\wininet.dll
[2011.06.21 07:49:27 | 000,981,504 | ---- | M] (Microsoft Corporation) MD5=D1E7C4FA045B34C32D12BFBB415EBE1B -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21754_none_1f0903a190553023\wininet.dll
[2013.07.26 04:13:24 | 001,767,936 | ---- | M] (Microsoft Corporation) MD5=DAA3903F06116AE9EE7AC1D1B93684A4 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16660_none_239d399259eda61f\wininet.dll
[2011.08.20 05:31:05 | 000,981,504 | ---- | M] (Microsoft Corporation) MD5=DBF24E87CB605A4F6E7424DD86F7A62C -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17671_none_1e66c620774a7c36\wininet.dll
[2013.07.26 04:10:53 | 001,777,664 | ---- | M] (Microsoft Corporation) MD5=DE581A5E0E70BB63898F8776EB274428 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.20768_none_0cc40cca739deecd\wininet.dll
[2013.09.23 00:28:06 | 001,767,936 | ---- | M] (Microsoft Corporation) MD5=E4FEB264B47360B7296AEA4E052F88D8 -- C:\Windows\ERDNT\cache\wininet.dll
[2013.09.23 00:28:06 | 001,767,936 | ---- | M] (Microsoft Corporation) MD5=E4FEB264B47360B7296AEA4E052F88D8 -- C:\Windows\System32\wininet.dll
[2013.09.23 00:28:06 | 001,767,936 | ---- | M] (Microsoft Corporation) MD5=E4FEB264B47360B7296AEA4E052F88D8 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16721_none_238e51b659f97655\wininet.dll
[2011.03.07 06:22:07 | 000,981,504 | ---- | M] (Microsoft Corporation) MD5=EDEB2904636B657782F824D8FF97D0B8 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21676_none_1ef5627790639d8c\wininet.dll

[color=#A23BEC]< MD5 for: WININIT.EXE >[/color]
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[color=#A23BEC]< MD5 for: WS2_32.DLL >[/color]
[2010.11.20 13:21:38 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\ERDNT\cache\ws2_32.dll
[2010.11.20 13:21:38 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\System32\ws2_32.dll
[2010.11.20 13:21:38 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SYSTEM\Curr entControlSet\Control\Session Manager\SubSystems /s >[/color]

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2013.03.19 03:11:22 | 000,117,248 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\system32\iepeers.dll

[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\system32\drivers\ *.sys /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\System32\config\* .sav >[/color]

[color=#A23BEC]< c:\$recycle.bin\*.* /s >[/color]
[2013.10.28 21:40:20 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-3189978512-3857647014-4098137333-1000\desktop.ini
[2009.07.14 05:53:46 | 000,032,482 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2011.02.05 23:01:23 | 000,001,022 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3189978512-3857647014-4098137333-1000Core.job
[2011.02.05 23:01:24 | 000,001,074 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3189978512-3857647014-4098137333-1000UA.job
[2011.10.24 21:44:21 | 000,001,070 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3189978512-3857647014-4098137333-1000Core.job
[2011.10.24 21:44:22 | 000,001,092 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3189978512-3857647014-4098137333-1000UA.job
[2013.03.31 22:31:11 | 000,001,048 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013.03.31 22:31:13 | 000,001,052 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013.08.19 02:43:59 | 000,001,002 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2013.09.04 08:27:04 | 000,133,043 | ---- | M] ()(C:\Users\User\Desktop\02_??.jpg) -- C:\Users\User\Desktop\02_oR,g.jpg
[2013.09.04 08:26:51 | 000,133,043 | ---- | C] ()(C:\Users\User\Desktop\02_??.jpg) -- C:\Users\User\Desktop\02_oR,g.jpg

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 176 bytes -> C:\Users\User\Desktop\spc dentiste devis.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 176 bytes -> C:\Users\User\Desktop\resto samuel led.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 176 bytes -> C:\Users\User\Desktop\resto samuel led.jpeg.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 176 bytes -> C:\Users\User\Desktop\poursuites doc.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 176 bytes -> C:\Users\User\Desktop\poursuites doc.jpeg.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 176 bytes -> C:\Users\User\Desktop\permis conduire.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 176 bytes -> C:\Users\User\Desktop\permis conduire verso.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 176 bytes -> C:\Users\User\Desktop\passport.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 176 bytes -> C:\Users\User\Desktop\paiement bnd rgb.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 176 bytes -> C:\Users\User\Desktop\lily4.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 176 bytes -> C:\Users\User\Desktop\la plancha.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 176 bytes -> C:\Users\User\Desktop\la plancha.jpeg.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 176 bytes -> C:\Users\User\Desktop\kevin payment 10x10w.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 176 bytes -> C:\Users\User\Desktop\hotel Geneve.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 176 bytes -> C:\Users\User\Desktop\contrat association samuel-led avec Ouriel.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 176 bytes -> C:\Users\User\Desktop\cartes de visites clients.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 176 bytes -> C:\Users\User\Desktop\carte grise Chrysler voyager 3.0.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 176 bytes -> C:\Users\User\Desktop\anniv.juif.maman.jpeg:3or4kl4x13tuuug3Byamue2s4b

< End of report >

Publicité


Signaler le contenu de ce document

Publicité