cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Report of ZHPDiag v2015.3.29.33 - Nicolas Coolman (3/29/2015)
~ Launched by Admin (3/29/2015 7:15:20 PM)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Web forum address : http://forum.nicolascoolman.fr
~ Translated by
~ Version State : New version available
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Not Found


---\\ Internet browsers
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox 30.0 (Defaut)
OPIE: Opera Stable v28.0.1750.48

---\\ Windows product information
~ Langage: Anglais
Windows Automatic Updates : OK
Windows Genuine Advantage : OK
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)

---\\ System protection software
avast! Free Antivirus v7.0.1473.0

---\\ System optimization software

---\\ Sharing software PeerToPeer

---\\ Surveillance software
Adobe Flash Player 14 Plugin
Java 7 Update 60

---\\ Information on the system
~ Processor: x86 Family 6 Model 13 Stepping 8, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1270.4 MB (67% free)
System Restore: Activé (Enable)
System drive C: has 26 GB (53%) free of 49 GB

---\\ Connection to the system mode
~ Computer Name: WXPPX86BE-8067
~ User Name: Admin
~ All Users Names: SUPPORT_388945a0, HelpAssistant, Guest, ASPNET, Administrator, Admin,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\Admin\Application Data\ZHP\
~ %AppData% : C:\Documents and Settings\Admin\Application Data\
~ %Desktop% : C:\Documents and Settings\Admin\Desktop\
~ %Favorites% : C:\Documents and Settings\Admin\Favorites\
~ %LocalAppData% : C:\Documents and Settings\Admin\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\Admin\Start Menu\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 26 Go of 49 Go)
D: Hard drive, Flash drive, Thumb drive (Free 0 Go of 26 Go)
E: Floppy drive, Flash card reader, USB Key (Free 6 Go of 7 Go)
F: CD-ROM drive (Not Inserted)



---\\ State of the Windows Security Center
~ Security Center: 42 Legitimates Filtered in 00mn AMs



---\\ Search Generic System Files
[MD5.2BB75B7F548D82A099125D0C5971DE7D] - (.Microsoft Corporation - Windows Explorer.) (.3/23/2015 - 8:30:45 PM.) -- C:\WINDOWS\Explorer.exe [1033728]
[MD5.1FE5634DE36DD8443D9D23DB0EAE9B9F] - (.Microsoft Corporation - Internet Extensions for Win32.) (.3/23/2015 - 8:37:25 PM.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.4A83111AA75D8A26AB0EABC03CFC95E0] - (.Microsoft Corporation - Windows NT Logon Application.) (.3/23/2015 - 8:37:26 PM.) -- C:\WINDOWS\system32\Winlogon.exe [509440]
[MD5.D80ED631D3AFD47C27311B0614AFA89F] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.3/23/2015 - 8:29:31 PM.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.4/13/2008 - 10:10:32 PM.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.3/23/2015 - 8:29:43 PM.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.4B0A100EAF5C49EF3CCA8C641431EACC] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.3/23/2015 - 8:29:43 PM.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.D45926117EB9FA946A6AF572FBE1CAA3] - (.Microsoft Corporation - FIPS Crypto Driver.) (.3/23/2015 - 8:30:48 PM.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44544]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.3/23/2015 - 8:31:25 PM.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.4A0B06AA8943C1E332520F7440C0AA30] - (.Microsoft Corporation - i8042 Port Driver.) (.3/23/2015 - 8:31:35 PM.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [52480]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.3/23/2015 - 8:31:49 PM.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.3/23/2015 - 8:31:51 PM.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.3/23/2015 - 8:31:55 PM.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.FB2FCCC70F7174C7BF64F48E96D3ADF4] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.3/23/2015 - 8:33:51 PM.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [457856]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.3/23/2015 - 8:34:31 PM.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.4C51D5275AE8A16999EDFE7E647D00DE] - (.Microsoft Corporation - NT File System Driver.) (.3/23/2015 - 8:34:41 PM.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [576384]
[MD5.5575FAF8F97CE5E713D108C2A58D7C7C] - (.Microsoft Corporation - Parallel Port Driver.) (.3/23/2015 - 8:30:27 PM.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80128]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.3/23/2015 - 8:35:26 PM.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.47EA20320E3D6FDC7B7BB22B2B881CA6] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.9/4/2009 - 9:43:46 PM.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [195712]
[MD5.F828DD7E1419B6653894A8F97A0094C5] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.4/13/2008 - 10:10:28 PM.) -- C:\WINDOWS\system32\Drivers\redbook.sys [57600]
[MD5.4C8FCB5CC53AAB716D810740FE59D025] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.3/23/2015 - 8:37:11 PM.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [52352]
~ Generic Processes: Scanned in 00mn AMs



---\\ Hidden files state (Hidden/Total)
~ Mes Favoris (My Favorites) : 1/4
~ Mes Documents (My Documents) : 1/23
~ Mon Bureau (My Desktop) : 0/7
~ Menu demarrer (Programs) : 1/31
~ Hidden Files: Scanned in 00mn AMs



---\\ Process running
[MD5.FB05FF189FC5F57DE636315B1F5E56DB] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808] [PID.184]
[MD5.8920E111F8FED2D8CB986EFD0A241148] - (.Bandoo Media Inc. - Datamngr Coordinator.) -- C:\Program Files\Movies App\Datamngr\DatamngrCoordinator.exe [3204296] [PID.1344] =>PUP.CrossRider
[MD5.EDAD4A8A1D46AFCF9E76B996D55116EB] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896] [PID.1436]
[MD5.EBD2EA535FC47D426D0C2FC7C7293534] - (...) -- C:\WINDOWS\system32\taskswitch.exe [45632] [PID.1480]
[MD5.E87885A59FDC241B6575943A75E495D9] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Program Files\Java\jre7\bin\jqs.exe [182696] [PID.1540]
[MD5.E79977B1ECC05C53F0194750457BBB37] - (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe [131072] [PID.1536]
[MD5.DDE4A991F26179573D2CFA7A093F56FA] - (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe [163840] [PID.1512]
[MD5.EAF47A526B911B0961D3FECEB442E0C4] - (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe [135168] [PID.1012]
[MD5.83292F9FC76395BD298982C14AC82B97] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe [4297136] [PID.1664]
[MD5.9927E906D7997D22E67E476710127070] - (.CybelSoft - Service de détection matériel.) -- C:\Program Files\ma-config.com\MaConfigAgent.exe [2117448] [PID.1724]
[MD5.22C118658BD1F4EEB8FD296A81D9F1C2] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe [3890768] [PID.1896]
[MD5.F6987FF6C6D683F79FDCE707B071A997] - (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe [955392] [PID.1932]
[MD5.325FB38C323C63C7F57885B4DFB1B91E] - (.Windows (R) Codename Longhorn DDK provider - User Profile Hive Cleanup Service.) -- C:\Program Files\UPHClean\uphclean.exe [399872] [PID.188]
[MD5.CEA8F7E45B7B098F5FB085BB6A6A4432] - (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\WINDOWS\system32\wscript.exe [155648] [PID.1244]
[MD5.E9C6EF9437ECB30911488F9313AD821A] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe [269848] [PID.3084]
[MD5.06CC578BC150D9AAAE20672130A36CB9] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8190976] [PID.1800]
~ Processes Running: Scanned in 02mn AMs



---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\2ybpqjrn.default\prefs.js
M3 - MFPP: Plugins - [Admin] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\2ybpqjrn.default\searchplugins\Ask.xml
M0 - MFSP: prefs.js [Admin - 2ybpqjrn.default] http://www.search.ask.com
M2 - MFEP: prefs.js [Admin - 2ybpqjrn.default\{c0caa5fe-7c9c-4dca-a265-63cf55379d1a}] [] Movies Search App (Dist. by Bandoo Media, Inc.) v2.1.0.0 (..) =>Adware.Bandoo
P2 - FPN: [HKLM] [@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin] - (.Simon Bünzli - SumatraPDF Browser Plugin.) -- C:\Program Files\SumatraPDF\npPdfViewer.dll
~ Firefox Browser: 11 Legitimates Filtered in 00mn AMs



---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ask.com
~ IE Browser: 9 Legitimates Filtered in 00mn AMs



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn AMs



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn AMs



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (19)
~ Hosts File: Scanned in 00mn AMs



---\\ Browser Helper Objects (O2)
O2 - BHO: Movies Search App (Dist. by Bandoo Media, Inc.) - {c0caa5fe-7c9c-4dca-a265-63cf55379d1a} . (.IAC Search and Media, Inc. - dtx Dynamic Link Library.) -- C:\Program Files\Movies App\Datamngr\SRTOOL~2\IE\searchresultsDx.dll =>PUP.CrossRider
~ BHO: 14 Legitimates Filtered in 00mn AMs



---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: avast! WebRep - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Movies Search App (Dist. by Bandoo Media, Inc.) - [HKLM]{c0caa5fe-7c9c-4dca-a265-63cf55379d1a} . (.IAC Search and Media, Inc. - dtx Dynamic Link Library.) -- C:\Program Files\Movies App\Datamngr\SRTOOL~2\IE\searchresultsDx.dll =>PUP.CrossRider
~ Toolbar: Scanned in 00mn AMs



---\\ Other User Links (O4)
O4 - GS\Desktop [Admin]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.bahaty.com =>PUP.Bahaty
O4 - GS\Desktop [Admin]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe http://www.bahaty.com =>PUP.Bahaty
~ Global Startup: 2 Legitimates Filtered in 02mn AMs



---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [IMJPMIG8.1] . (.Microsoft Corporation - Microsoft IME.) -- C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe
O4 - HKLM\..\Run: [PHIME2002ASync] . (.Microsoft Corporation - 微軟新注音輸入法 2002a.) -- C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
O4 - HKLM\..\Run: [PHIME2002A] . (.Microsoft Corporation - 微軟新注音輸入法 2002a.) -- C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [CoolSwitch] . (...) -- C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [UIUCU] . (.Conexant Systems, Inc. - Conexant Universal Device Install/Uninstall.) -- C:\Documents and Settings\Admin\Local Settings\Temp\UIUCU.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] . (.Adobe Systems Incorporated - Adobe CS5 Service Manager.) -- C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
O4 - HKLM\..\Run: [bintin] \e:VBScript.Encode D:\bin.doc (.not file.)
O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
O4 - HKUS\S-1-5-21-329068152-1326574676-1606980848-1003\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-329068152-1326574676-1606980848-1003\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
O4 - HKUS\S-1-5-21-329068152-1326574676-1606980848-1003\..\Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe
~ Application: Scanned in 00mn AMs



---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Orphan key
~ IE Extra Buttons: Scanned in 00mn AMs



---\\ Reset Web Settings' hijack (O14)
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="ie.search.msn.com"
~ IE Paramètres WEB: Scanned in 00mn AMs



---\\ Extra protocols (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn AMs



---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Offline Network Agent.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\system32\igfxdev.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - Secondary Logon Service Notification DLL.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn AMs



---\\ SharedTaskScheduler (O22)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Shell Browser UI Library.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Browseui preloader - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Shell Browser UI Library.) -- C:\WINDOWS\system32\browseui.dll
~ STS/SSO: Scanned in 00mn AMs



---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: Datamngr Coordinator (DatamngrCoordinator) . (.Bandoo Media Inc. - Datamngr Coordinator.) - C:\Program Files\Movies App\Datamngr\DatamngrCoordinator.exe =>PUP.CrossRider
O23 - Service: F06DEFF2-5B9C-490D-910F-35D3A91196222 (F06DEFF2-5B9C-490D-910F-35D3A91196222) . (.Bandoo Media Inc. - Datamngr Configuration.) - C:\Program Files\Movies App\Datamngr\setmgrc3.cfg =>PUP.CrossRider
O23 - Service: User Profile Hive Cleanup (UPHClean) . (.Windows (R) Codename Longhorn DDK provider - User Profile Hive Cleanup Service.) - C:\Program Files\UPHClean\uphclean.exe
~ Services: 6 Legitimates Filtered in 05mn AMs



---\\ Windows Active Desktop & MHTML Editor (O24)
O24 - Desktop Component 0: My Current Home Page - file:About:Home
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn AMs



---\\ Task Planned Automatically (039)
[MD5.A1F8D2A9B421C036771CA46C56536CEE] [APT] [Opera scheduled Autoupdate 1427204777] (.Opera Software.) -- C:\Program Files\Opera\launcher.exe [889976]
O39 - APT: Opera scheduled Autoupdate 1427204777 - (.Opera Software.) -- C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1427204777.job [396]
~ Scheduled Task: 10 Legitimates Filtered in 00mn AMs



---\\ ActiveSetup Installed Components (O40)
O40 - ASIC: Installed Component - S-1-5-21-329068152-1326574676-1606980848-1003 - >{WinXP-BE User Account Settings} -- Not Hexadécimal CLSID
~ Active Setup: 11 Legitimates Filtered in 00mn AMs



---\\ Drivers launched at startup (O41)
O41 - Driver: (F06DEFF2-5B9C-490D-910F-35D3A91196222) . (.Bandoo Media Inc. - Datamngr Configuration.) - C:\Program Files\Movies App\Datamngr\setmgrc3.cfg =>PUP.CrossRider
~ Drivers: 63 Legitimates Filtered in 00mn AMs



---\\ Software installed (O42)
O42 - Logiciel: Movies Search App for Firefox (Dist. by Bandoo Media, Inc.) - (.IAC Search and Media, Inc..) [HKLM] -- ilividbandoomoviestoolbarFF =>Adware.Bandoo
~ Logic: 11 Legitimates Filtered in 00mn AMs



---\\ HKCU & HKLM Software Keys
[HKCU\Software\APNDTX] =>Toolbar.Ask
[HKCU\Software\iLivid] =>Adware.Bandoo
~ Key Software: 157 Legitimates Filtered in 00mn AMs



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 3/24/2015 - 9:52:13 PM - [] ----D C:\Program Files\Movies App =>PUP.CrossRider
O43 - CFD: 3/24/2015 - 2:41:18 PM - [] ----D C:\Documents and Settings\Admin\Application Data\OpenCandy =>Adware.OpenCandy
O43 - CFD: 3/24/2015 - 9:56:15 PM - [0] ----D C:\Documents and Settings\Admin\Application Data\searchresultstb =>PUP.SearchResults
~ Program Folder: 110 Legitimates Filtered in 00mn AMs



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.B073E39AC258E2AF10D7105DA2125CBC] - 3/23/2015 - 10:19:07 PM ---A- . (.No owner - About Page.) -- C:\WINDOWS\system32\RtNicProp32.dll [73728]
O44 - LFC:[MD5.B143A6852C9EF93E0BDECB02F524F9F2] - 3/23/2015 - 10:21:49 PM ---A- . (...) -- C:\WINDOWS\system.ini [231]
O44 - LFC:[MD5.B5F08B825FCA7767AF8CE6403A668588] - 3/23/2015 - 10:21:59 PM ---A- . (...) -- C:\WINDOWS\system32\pid.PNF [4444]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 3/23/2015 - 10:25:06 PM ---A- . (...) -- C:\WINDOWS\Sti_Trace.log [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 3/23/2015 - 10:25:18 PM ---A- . (...) -- C:\WINDOWS\system32\h323log.txt [0]
O44 - LFC:[MD5.0A0FEB9EB28BDE8CD835716343B03B14] - 3/23/2015 - 8:29:27 PM ---A- . (...) -- C:\WINDOWS\system32\12520437.cpx [2151]
O44 - LFC:[MD5.D69AE057CD82D04EE7D311809ABEFB2A] - 3/23/2015 - 8:29:27 PM ---A- . (...) -- C:\WINDOWS\system32\12520850.cpx [2233]
O44 - LFC:[MD5.D0A33C77354A6F12CCD8034E4429A30D] - 3/23/2015 - 8:29:28 PM ---A- . (.Sipro Lab Telecom Inc. - ACELP.net Audio Decoder.) -- C:\WINDOWS\system32\acelpdec.ax [61952]
O44 - LFC:[MD5.F8E4901CB3027EB0A0384001F11877C2] - 3/23/2015 - 8:29:32 PM ---A- . (...) -- C:\WINDOWS\system32\amstream.dll [70656]
O44 - LFC:[MD5.8AAD333C876590293F72B315E162BCC7] - 3/23/2015 - 8:29:32 PM ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9029]
O44 - LFC:[MD5.D753EEE17725526A67ACDDAA5D63EF68] - 3/23/2015 - 8:29:33 PM ---A- . (...) -- C:\WINDOWS\system32\append.exe [12498]
O44 - LFC:[MD5.30475F091008E24550523515A023270D] - 3/23/2015 - 8:29:38 PM ---A- . (...) -- C:\WINDOWS\system32\AUTOEXEC.NT [1688]
O44 - LFC:[MD5.C01B81BB10AD14DBC5C4ECD350638096] - 3/23/2015 - 8:29:39 PM ---A- . (...) -- C:\WINDOWS\system32\big5.nls [66728]
O44 - LFC:[MD5.84BDB1E378591D930482B896A1648C53] - 3/23/2015 - 8:29:39 PM ---A- . (...) -- C:\WINDOWS\system32\bios1.rom [28420]
O44 - LFC:[MD5.B44C4C9CA9D4BCC8430F3276576F562B] - 3/23/2015 - 8:29:39 PM ---A- . (...) -- C:\WINDOWS\system32\bios4.rom [8191]
O44 - LFC:[MD5.EE1F60F8774D74BED8B13498F3FE737A] - 3/23/2015 - 8:29:40 PM ---A- . (...) -- C:\WINDOWS\system32\bopomofo.nls [82172]
O44 - LFC:[MD5.405E1EF8E3C88E9BCD2853382BB12430] - 3/23/2015 - 8:29:40 PM ---A- . (...) -- C:\WINDOWS\system32\bopomofo.uce [22984]
O44 - LFC:[MD5.54F89125291CEED1F04402CEFB5812D0] - 3/23/2015 - 8:29:42 PM ---A- . (...) -- C:\WINDOWS\system32\customaddreg.dll [4608]
O44 - LFC:[MD5.E3654E5985547A23FBDBBDB54E62F1B9] - 3/23/2015 - 8:29:43 PM ---A- . (...) -- C:\WINDOWS\system32\certmgr.msc [42339]
O44 - LFC:[MD5.A83B5086BF1786DD46EBE598A7F30397] - 3/23/2015 - 8:29:44 PM ---A- . (...) -- C:\WINDOWS\system32\View Channels.scf [75]
O44 - LFC:[MD5.A3C1501EBB52C4BED19250D91C5FAA12] - 3/23/2015 - 8:29:44 PM ---A- . (...) -- C:\WINDOWS\system32\ciadv.msc [41762]
O44 - LFC:[MD5.35F91C57DACA971CB9A81F908740A7F4] - 3/23/2015 - 8:29:45 PM ---A- . (...) -- C:\WINDOWS\system32\cliconf.chm [71859]
O44 - LFC:[MD5.949CC598C3B2E08CE50E38761FDADFB4] - 3/23/2015 - 8:29:45 PM ---A- . (...) -- C:\WINDOWS\system32\cmdlib.wsc [40505]
O44 - LFC:[MD5.4CE81F86D910436DD3FBFC8F1BE5A8C0] - 3/23/2015 - 8:29:45 PM ---A- . (...) -- C:\WINDOWS\system32\cmmgr32.hlp [61172]
O44 - LFC:[MD5.5D24FB0922E71DE67E20E9F22946A54D] - 3/23/2015 - 8:29:45 PM ---A- . (...) -- C:\WINDOWS\system32\cmos.ram [64]
O44 - LFC:[MD5.BE67D29CA914DE072D9971E3FFFC4050] - 3/23/2015 - 8:29:48 PM ---A- . (...) -- C:\WINDOWS\system32\command.com [50620]
O44 - LFC:[MD5.809CFE39672E833E806E00560DDD7568] - 3/23/2015 - 8:29:49 PM ---A- . (.No owner - CompatUI Module.) -- C:\WINDOWS\system32\compatUI.dll [252928]
O44 - LFC:[MD5.6BE18FD6FB54082FE72627B1D481579C] - 3/23/2015 - 8:30:05 PM ---A- . (...) -- C:\WINDOWS\system32\compmgmt.msc [38302]
O44 - LFC:[MD5.01C47C2ECED034EF6F8C1552A97CFF00] - 3/23/2015 - 8:30:06 PM ----- . (...) -- C:\WINDOWS\system32\CONFIG.TMP [2577]
O44 - LFC:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 3/23/2015 - 8:30:07 PM ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O44 - LFC:[MD5.0D143112394173967A3647096F74E743] - 3/23/2015 - 8:30:10 PM ---A- . (...) -- C:\WINDOWS\system32\c_037.nls [66082]
O44 - LFC:[MD5.A716B23BA6632B7F0DABB5B8AC078F27] - 3/23/2015 - 8:30:10 PM ---A- . (...) -- C:\WINDOWS\system32\c_10000.nls [66082]
O44 - LFC:[MD5.157A2706E78D7B581642F6F787EC37E5] - 3/23/2015 - 8:30:10 PM ---A- . (...) -- C:\WINDOWS\system32\c_10001.nls [162850]
O44 - LFC:[MD5.05C0B7F8FA403E6DA75671685A58A940] - 3/23/2015 - 8:30:10 PM ---A- . (...) -- C:\WINDOWS\system32\c_10002.nls [195618]
O44 - LFC:[MD5.1855E6398A2E937E47809FD8B83647E4] - 3/23/2015 - 8:30:10 PM ---A- . (...) -- C:\WINDOWS\system32\c_10003.nls [177698]
O44 - LFC:[MD5.1DBBCC1B712C2674BDF29A05A5DD366E] - 3/23/2015 - 8:30:10 PM ---A- . (...) -- C:\WINDOWS\system32\c_10004.nls [66082]
O44 - LFC:[MD5.72233F1A1D788A84D4687A258CC97CBF] - 3/23/2015 - 8:30:10 PM ---A- . (...) -- C:\WINDOWS\system32\c_10005.nls [66082]
O44 - LFC:[MD5.0A206B5CACD3CA70D2044DA691304765] - 3/23/2015 - 8:30:10 PM ---A- . (...) -- C:\WINDOWS\system32\c_10006.nls [66082]
O44 - LFC:[MD5.AF4A866226BD04ACF06135088D75BB63] - 3/23/2015 - 8:30:10 PM ---A- . (...) -- C:\WINDOWS\system32\c_10007.nls [66082]
O44 - LFC:[MD5.23C1E8F026FB81824388E8EC457CF75E] - 3/23/2015 - 8:30:10 PM ---A- . (...) -- C:\WINDOWS\system32\c_10008.nls [173602]
O44 - LFC:[MD5.6F8A509550FE8C92D07EE0143BF29BA1] - 3/23/2015 - 8:30:10 PM ---A- . (...) -- C:\WINDOWS\system32\c_10010.nls [66082]
O44 - LFC:[MD5.314E85390BEBDAE5D1E11DB2D8CBC6E9] - 3/23/2015 - 8:30:10 PM ---A- . (...) -- C:\WINDOWS\system32\c_10017.nls [66082]
O44 - LFC:[MD5.F3C139AD492C4F73353057442E6995CE] - 3/23/2015 - 8:30:10 PM ---A- . (...) -- C:\WINDOWS\system32\c_10021.nls [66082]
O44 - LFC:[MD5.D2CA471D36A69D17F82D5C1B64FAEE39] - 3/23/2015 - 8:30:10 PM ---A- . (...) -- C:\WINDOWS\system32\c_10029.nls [66082]
O44 - LFC:[MD5.29B5AF5B12D955C316821F277C5B4D7D] - 3/23/2015 - 8:30:10 PM ---A- . (...) -- C:\WINDOWS\system32\c_10079.nls [66082]
O44 - LFC:[MD5.EFFDFF60A38CF648811BBCDD722ECF5E] - 3/23/2015 - 8:30:10 PM ---A- . (...) -- C:\WINDOWS\system32\c_10081.nls [66082]
O44 - LFC:[MD5.9CA501D2A8E6909C5B2E8C9274682BF1] - 3/23/2015 - 8:30:10 PM ---A- . (...) -- C:\WINDOWS\system32\c_10082.nls [66082]
O44 - LFC:[MD5.71E7F8B0F28585439E95B3D3B296984B] - 3/23/2015 - 8:30:10 PM ---A- . (...) -- C:\WINDOWS\system32\c_1026.nls [66082]
O44 - LFC:[MD5.101444C8A4F5C31AE02DF66689BC10BC] - 3/23/2015 - 8:30:10 PM ---A- . (...) -- C:\WINDOWS\system32\ctype.nls [8386]
O44 - LFC:[MD5.5D038EEABA8EA438F6B5ABD5E91BC851] - 3/23/2015 - 8:30:11 PM ---A- . (...) -- C:\WINDOWS\system32\C_28594.NLS [66082]
O44 - LFC:[MD5.E22D1B9AC7854C0A654E4C4232074E49] - 3/23/2015 - 8:30:11 PM ---A- . (...) -- C:\WINDOWS\system32\C_28595.NLS [66082]
O44 - LFC:[MD5.4D4C7CED88E5621F21A4911A44CADACC] - 3/23/2015 - 8:30:11 PM ---A- . (...) -- C:\WINDOWS\system32\C_28596.NLS [66082]
O44 - LFC:[MD5.B537ACFAB9E70F0EF48DB696A08ADC81] - 3/23/2015 - 8:30:11 PM ---A- . (...) -- C:\WINDOWS\system32\C_28597.NLS [66082]
O44 - LFC:[MD5.2E0B152ED60DE2431DFC0C436363385E] - 3/23/2015 - 8:30:11 PM ---A- . (...) -- C:\WINDOWS\system32\c_1250.nls [66082]
O44 - LFC:[MD5.0E91B896B81CF0B7DF62C824224B891A] - 3/23/2015 - 8:30:11 PM ---A- . (...) -- C:\WINDOWS\system32\c_1251.nls [66082]
O44 - LFC:[MD5.ACB769EC498FB62316EAB45ADB680F22] - 3/23/2015 - 8:30:11 PM ---A- . (...) -- C:\WINDOWS\system32\c_1252.nls [66082]
O44 - LFC:[MD5.E1858EDF032363E84922CDB91E75797A] - 3/23/2015 - 8:30:11 PM ---A- . (...) -- C:\WINDOWS\system32\c_1253.nls [66082]
O44 - LFC:[MD5.808CCC573F51DC7AB3D5151A2D2AF1BF] - 3/23/2015 - 8:30:11 PM ---A- . (...) -- C:\WINDOWS\system32\c_1254.nls [66082]
O44 - LFC:[MD5.C386BDB1A653A4390313AE192EFF2732] - 3/23/2015 - 8:30:11 PM ---A- . (...) -- C:\WINDOWS\system32\c_1255.nls [66082]
O44 - LFC:[MD5.6F42B3E7ED97C9EAC38615B907F08721] - 3/23/2015 - 8:30:11 PM ---A- . (...) -- C:\WINDOWS\system32\c_1256.nls [66082]
O44 - LFC:[MD5.AF381A5B093736A3A28EFDC1BB4F5FCB] - 3/23/2015 - 8:30:11 PM ---A- . (...) -- C:\WINDOWS\system32\c_1257.nls [66082]
O44 - LFC:[MD5.43B0D0C38C885CCF742740FFC1F00535] - 3/23/2015 - 8:30:11 PM ---A- . (...) -- C:\WINDOWS\system32\c_1258.nls [66082]
O44 - LFC:[MD5.A337491EA01F4BE0779A981CB7ACB999] - 3/23/2015 - 8:30:11 PM ---A- . (...) -- C:\WINDOWS\system32\c_1361.nls [189986]
O44 - LFC:[MD5.AAB0740BCBDCE107E0BABEE466905EB4] - 3/23/2015 - 8:30:11 PM ---A- . (...) -- C:\WINDOWS\system32\c_20000.nls [180258]
O44 - LFC:[MD5.6CB26848BCDAA361B6EE21264FB362C3] - 3/23/2015 - 8:30:11 PM ---A- . (...) -- C:\WINDOWS\system32\c_20127.nls [66082]
O44 - LFC:[MD5.7D07126E0ED768C04B245A43AF2F94ED] - 3/23/2015 - 8:30:11 PM ---A- . (...) -- C:\WINDOWS\system32\c_20261.nls [139810]
O44 - LFC:[MD5.B2B3B6A63D9A1837673A2B2C44455A20] - 3/23/2015 - 8:30:11 PM ---A- . (...) -- C:\WINDOWS\system32\c_20290.nls [66082]
O44 - LFC:[MD5.DD7F9900C070890C59417B5271581ED3] - 3/23/2015 - 8:30:11 PM ---A- . (...) -- C:\WINDOWS\system32\c_20866.nls [66082]
O44 - LFC:[MD5.1ADCE2879B486ACB126750EF18B2E658] - 3/23/2015 - 8:30:11 PM ---A- . (...) -- C:\WINDOWS\system32\c_20905.nls [66082]
O44 - LFC:[MD5.3FEF4EEFC8827A03B19124575B17205E] - 3/23/2015 - 8:30:11 PM ---A- . (...) -- C:\WINDOWS\system32\c_20932.nls [180770]
O44 - LFC:[MD5.32919D0DA9A834E8197203C4858ABCF6] - 3/23/2015 - 8:30:11 PM ---A- . (...) -- C:\WINDOWS\system32\c_20936.nls [173602]
O44 - LFC:[MD5.232094E602642181A5A508975665D11B] - 3/23/2015 - 8:30:11 PM ---A- . (...) -- C:\WINDOWS\system32\c_20949.nls [177698]
O44 - LFC:[MD5.07CD5D103AEB4AD2B624EE1ADBFAA456] - 3/23/2015 - 8:30:11 PM ---A- . (...) -- C:\WINDOWS\system32\c_21027.nls [66082]
O44 - LFC:[MD5.41034D46626ECC2CC635FD884E878D6D] - 3/23/2015 - 8:30:11 PM ---A- . (...) -- C:\WINDOWS\system32\c_21866.nls [66082]
O44 - LFC:[MD5.E45ECA3F540E09C039710EF00219A61B] - 3/23/2015 - 8:30:11 PM ---A- . (...) -- C:\WINDOWS\system32\c_28591.nls [66082]
O44 - LFC:[MD5.0F8F998263E4C090C9C9B31D84C41654] - 3/23/2015 - 8:30:11 PM ---A- . (...) -- C:\WINDOWS\system32\c_28592.nls [66082]
O44 - LFC:[MD5.082453B28A3F457FFF330DBDDB32FF45] - 3/23/2015 - 8:30:11 PM ---A- . (...) -- C:\WINDOWS\system32\c_28593.nls [66082]
O44 - LFC:[MD5.BDD5D78F5DB2204A9247C53861357FAF] - 3/23/2015 - 8:30:11 PM ---A- . (...) -- C:\WINDOWS\system32\c_28598.nls [66082]
O44 - LFC:[MD5.C37A21EE1ADFDC13FC707D97073148ED] - 3/23/2015 - 8:30:12 PM ---A- . (...) -- C:\WINDOWS\system32\c_28599.nls [66082]
O44 - LFC:[MD5.35448F3A71EBBECF8E997FAD3A99327D] - 3/23/2015 - 8:30:12 PM ---A- . (...) -- C:\WINDOWS\system32\c_28603.nls [66082]
O44 - LFC:[MD5.DA11C0F72C41A6B3CA24FB83E52D7043] - 3/23/2015 - 8:30:12 PM ---A- . (...) -- C:\WINDOWS\system32\c_28605.nls [66082]
O44 - LFC:[MD5.0BD539284D746E022BDA27C1F85A525A] - 3/23/2015 - 8:30:12 PM ---A- . (...) -- C:\WINDOWS\system32\c_437.nls [66594]
O44 - LFC:[MD5.90F5232D99D17AA1BBA3CE2228CF1B2A] - 3/23/2015 - 8:30:12 PM ---A- . (...) -- C:\WINDOWS\system32\c_500.nls [66082]
O44 - LFC:[MD5.77F127766D758EB2C6451E221A0C7F7D] - 3/23/2015 - 8:30:12 PM ---A- . (...) -- C:\WINDOWS\system32\c_708.nls [66082]
O44 - LFC:[MD5.C050215D8D21DF5658E94187973FB89C] - 3/23/2015 - 8:30:12 PM ---A- . (...) -- C:\WINDOWS\system32\c_720.nls [66594]
O44 - LFC:[MD5.BAC7072B365F9648CA318154BA7E03EC] - 3/23/2015 - 8:30:12 PM ---A- . (...) -- C:\WINDOWS\system32\c_737.nls [66594]
O44 - LFC:[MD5.0E61D6CD6391CE9BF007BAF0DC905320] - 3/23/2015 - 8:30:12 PM ---A- . (...) -- C:\WINDOWS\system32\c_775.nls [66594]
O44 - LFC:[MD5.CAAF621DC0936CCAC5106EA62F350E80] - 3/23/2015 - 8:30:12 PM ---A- . (...) -- C:\WINDOWS\system32\c_850.nls [66594]
O44 - LFC:[MD5.21E928C8E6ED8EEAB0D1AAEE82ACDD76] - 3/23/2015 - 8:30:12 PM ---A- . (...) -- C:\WINDOWS\system32\c_852.nls [66594]
O44 - LFC:[MD5.3E969213F35127D83DAB48FF1283E8E4] - 3/23/2015 - 8:30:12 PM ---A- . (...) -- C:\WINDOWS\system32\c_855.nls [66594]
O44 - LFC:[MD5.A8764750B22B528D85A691A52CB21856] - 3/23/2015 - 8:30:12 PM ---A- . (...) -- C:\WINDOWS\system32\c_857.nls [66594]
O44 - LFC:[MD5.B124A84735113A699F0413F1D6875975] - 3/23/2015 - 8:30:12 PM ---A- . (...) -- C:\WINDOWS\system32\c_860.nls [66594]
O44 - LFC:[MD5.DDE3D4D8C117B5A67F7898DA547F0E4E] - 3/23/2015 - 8:30:12 PM ---A- . (...) -- C:\WINDOWS\system32\c_861.nls [66594]
O44 - LFC:[MD5.A99203A3397A9DB352C5D8DFBDA230A8] - 3/23/2015 - 8:30:12 PM ---A- . (...) -- C:\WINDOWS\system32\c_862.nls [66594]
O44 - LFC:[MD5.0220888BDD435156DE91C5D390FE0166] - 3/23/2015 - 8:30:12 PM ---A- . (...) -- C:\WINDOWS\system32\c_863.nls [66594]
O44 - LFC:[MD5.C58563DF50115E935BC811FFBCE1FC89] - 3/23/2015 - 8:30:12 PM ---A- . (...) -- C:\WINDOWS\system32\c_864.nls [66594]
O44 - LFC:[MD5.4091021638E2591CFAED8E1CF9D54E1F] - 3/23/2015 - 8:30:12 PM ---A- . (...) -- C:\WINDOWS\system32\c_865.nls [66594]
O44 - LFC:[MD5.5CD475CA7B87844DE1E0483B536F9AAE] - 3/23/2015 - 8:30:12 PM ---A- . (...) -- C:\WINDOWS\system32\c_866.nls [66594]
O44 - LFC:[MD5.780C444EB16B65E6DE96F794A732DA12] - 3/23/2015 - 8:30:12 PM ---A- . (...) -- C:\WINDOWS\system32\c_869.nls [66594]
O44 - LFC:[MD5.7A0EE54F89FFE0F038660BA580FB4440] - 3/23/2015 - 8:30:12 PM ---A- . (...) -- C:\WINDOWS\system32\c_874.nls [66594]
O44 - LFC:[MD5.8BE0D77A873730B4EB1DAB7C6622CD46] - 3/23/2015 - 8:30:12 PM ---A- . (...) -- C:\WINDOWS\system32\c_875.nls [66082]
O44 - LFC:[MD5.DFFAFA40198800BA2933977F67B956C2] - 3/23/2015 - 8:30:12 PM ---A- . (...) -- C:\WINDOWS\system32\c_932.nls [162850]
O44 - LFC:[MD5.17028718996FCBCEEE59F38F2D944281] - 3/23/2015 - 8:30:12 PM ---A- . (...) -- C:\WINDOWS\system32\c_936.nls [196642]
O44 - LFC:[MD5.D2558C26CDBF05740348451DB6A5B955] - 3/23/2015 - 8:30:12 PM ---A- . (...) -- C:\WINDOWS\system32\c_949.nls [196642]
O44 - LFC:[MD5.8557D3EDA30586685DAD701ABA69D0DD] - 3/23/2015 - 8:30:12 PM ---A- . (...) -- C:\WINDOWS\system32\c_950.nls [196642]
O44 - LFC:[MD5.01FEE3303D5682B2FC00FBAC326FD7DA] - 3/23/2015 - 8:30:16 PM ---A- . (...) -- C:\WINDOWS\system32\Dcache.bin [1804]
O44 - LFC:[MD5.C17AFA0AAD78C621F818DD6729572C48] - 3/23/2015 - 8:30:17 PM ---A- . (...) -- C:\WINDOWS\system32\debug.exe [20634]
O44 - LFC:[MD5.AA5E22854F56C68148EB3345DBD62970] - 3/23/2015 - 8:30:18 PM ---A- . (...) -- C:\WINDOWS\system32\devenum.dll [59904]
O44 - LFC:[MD5.36F28A9F92B0C5940898B6EA34381F30] - 3/23/2015 - 8:30:18 PM ---A- . (...) -- C:\WINDOWS\system32\devmgmt.msc [33079]
O44 - LFC:[MD5.A2AC58A09D3DF120A0FE36BC98047738] - 3/23/2015 - 8:30:18 PM ---A- . (...) -- C:\WINDOWS\system32\dfrg.msc [41397]
O44 - LFC:[MD5.CDECA2DC2E47E70C45FAA07065572EC4] - 3/23/2015 - 8:30:19 PM ---A- . (...) -- C:\WINDOWS\system32\diskmgmt.msc [33673]
O44 - LFC:[MD5.5507FD0FD6009C98CDFA2EBCBBB3D044] - 3/23/2015 - 8:30:23 PM ---A- . (...) -- C:\WINDOWS\system32\dosx.exe [53840]
O44 - LFC:[MD5.9847F401AB2E463120D9DFF2F9B5AB0B] - 3/23/2015 - 8:30:27 PM ---A- . (...) -- C:\WINDOWS\system32\genibm9.gpd [7444]
O44 - LFC:[MD5.355306C7AB98C079893774BBA5BC2815] - 3/23/2015 - 8:30:27 PM ---A- . (...) -- C:\WINDOWS\system32\genibm9w.gpd [9139]
O44 - LFC:[MD5.C30B39EABB42E5CED1E75796878E5F8B] - 3/23/2015 - 8:30:27 PM ---A- . (...) -- C:\WINDOWS\system32\locale.gpd [14088]
O44 - LFC:[MD5.53A1856261B901CF62F1BD023592E209] - 3/23/2015 - 8:30:27 PM ---A- . (...) -- C:\WINDOWS\system32\msgenbw.ppd [5652]
O44 - LFC:[MD5.C99A247EA57ABE323BA8101710B3ED4B] - 3/23/2015 - 8:30:27 PM ---A- . (...) -- C:\WINDOWS\system32\msgencol.ppd [3532]
O44 - LFC:[MD5.ED34F1206F082C5420185A06679291A6] - 3/23/2015 - 8:30:27 PM ---A- . (...) -- C:\WINDOWS\system32\p6disp.gpd [25489]
O44 - LFC:[MD5.F3836DAD7D535EF6F72BFA3072562060] - 3/23/2015 - 8:30:27 PM ---A- . (...) -- C:\WINDOWS\system32\p6font.gpd [3293]
O44 - LFC:[MD5.C626E924B6A9586DF8A2C09F81F0B598] - 3/23/2015 - 8:30:27 PM ---A- . (...) -- C:\WINDOWS\system32\pclxl.gpd [10375]
O44 - LFC:[MD5.6F30ECFCD1DD6C3AD3BC1BF4C28FBC5E] - 3/23/2015 - 8:30:27 PM ---A- . (...) -- C:\WINDOWS\system32\pjl.gpd [1156]
O44 - LFC:[MD5.ACD06CCD864E483846B624642A0114B3] - 3/23/2015 - 8:30:27 PM ---A- . (...) -- C:\WINDOWS\system32\pscript.ntf [1060548]
O44 - LFC:[MD5.CD0BA5F62202298A6367E0E34CF5A37E] - 3/23/2015 - 8:30:27 PM ---A- . (...) -- C:\WINDOWS\system32\stdnames.gpd [14362]
O44 - LFC:[MD5.BF1BE04891EE2233796C86C1693D0645] - 3/23/2015 - 8:30:27 PM ---A- . (...) -- C:\WINDOWS\system32\ttfsub.gpd [698]
O44 - LFC:[MD5.E4C0DAB3D716B911A89DB993E2330060] - 3/23/2015 - 8:30:27 PM ---A- . (...) -- C:\WINDOWS\system32\tty.gpd [12507]
O44 - LFC:[MD5.545EC462937935AB753418D8CA6D9E10] - 3/23/2015 - 8:30:27 PM ---A- . (...) -- C:\WINDOWS\system32\tty.ini [62]
O44 - LFC:[MD5.B19174DC1845E4DC3BBFF322F3B0C314] - 3/23/2015 - 8:30:27 PM ---A- . (...) -- C:\WINDOWS\system32\ttyui.hlp [14387]
O44 - LFC:[MD5.B3D921CB3D8578D61927C68219DDAAF0] - 3/23/2015 - 8:30:27 PM ---A- . (.No owner - PaqSP Module.) -- C:\WINDOWS\system32\paqsp.dll [157696]
O44 - LFC:[MD5.B989CF7256A3CE36ED874D9EAE9641C6] - 3/23/2015 - 8:30:27 PM ---A- . (.No owner - dvdplay placeholder Application.) -- C:\WINDOWS\system32\dvdplay.exe [55296]
O44 - LFC:[MD5.EA0AD1DA73E731418DDC7B8A7F398061] - 3/23/2015 - 8:30:27 PM ---A- . (.RioPort - WMDM Service Provider driver for MDM Driver.) -- C:\WINDOWS\system32\mdwmdmsp.dll [147968]
O44 - LFC:[MD5.F985C896B37091927E381F3F5121BDAB] - 3/23/2015 - 8:30:36 PM ---A- . (...) -- C:\WINDOWS\system32\dsound.vxd [81]
O44 - LFC:[MD5.B26B88487BB3F49726DEB5E7D160DC38] - 3/23/2015 - 8:30:39 PM ---A- . (...) -- C:\WINDOWS\system32\dssec.dat [218003]
O44 - LFC:[MD5.8B4C502DE1AAAF6AF41AE3C14E40BA0A] - 3/23/2015 - 8:30:41 PM ---A- . (...) -- C:\WINDOWS\system32\dxmasf.dll [498742]
O44 - LFC:[MD5.F6E368E10B600836DD349FF937B183A2] - 3/23/2015 - 8:30:42 PM ---A- . (...) -- C:\WINDOWS\system32\edit.com [69886]
O44 - LFC:[MD5.8AA8DCC96FA0492E3B5D415537FAB8FE] - 3/23/2015 - 8:30:42 PM ---A- . (...) -- C:\WINDOWS\system32\edit.hlp [10790]
O44 - LFC:[MD5.B7A0AA49CBB604B2C3A42A49C36D8A4F] - 3/23/2015 - 8:30:42 PM ---A- . (...) -- C:\WINDOWS\system32\edlin.exe [12642]
O44 - LFC:[MD5.52E91EAC2F3175B1A5B0150382B6D771] - 3/23/2015 - 8:30:42 PM ---A- . (...) -- C:\WINDOWS\system32\ega.cpi [127213]
O44 - LFC:[MD5.E2A0BFA68A236A51B2F2AC01BB268376] - 3/23/2015 - 8:30:43 PM ---A- . (...) -- C:\WINDOWS\system32\encdec.dll [186880]
O44 - LFC:[MD5.9101B57265E2D8CAEB2A0CFC2AF21A29] - 3/23/2015 - 8:30:44 PM ---A- . (...) -- C:\WINDOWS\system32\esentprf.hxx [6708]
O44 - LFC:[MD5.E87C9F42551B986945008592D0F772D6] - 3/23/2015 - 8:30:44 PM ---A- . (...) -- C:\WINDOWS\system32\esentprf.ini [1015477]
O44 - LFC:[MD5.8A2A5B2BF45A995D54EBF9127FDEF9A3] - 3/23/2015 - 8:30:44 PM ---A- . (...) -- C:\WINDOWS\system32\eula.txt [41543]
O44 - LFC:[MD5.41203FBE6973DE3469439CA690B1292B] - 3/23/2015 - 8:30:44 PM ---A- . (...) -- C:\WINDOWS\system32\eventvwr.msc [56678]
O44 - LFC:[MD5.A3975A7D2C98B30A2AE010754FFB9392] - 3/23/2015 - 8:30:45 PM ---A- . (...) -- C:\WINDOWS\explorer.scf [80]
O44 - LFC:[MD5.39660B8AB452876C12CE3981314B12A0] - 3/23/2015 - 8:30:45 PM ---A- . (...) -- C:\WINDOWS\system32\eventquery.vbs [97965]
O44 - LFC:[MD5.683626544E81387771ED55E1A0F2047B] - 3/23/2015 - 8:30:45 PM ---A- . (...) -- C:\WINDOWS\system32\exe2bin.exe [8424]
O44 - LFC:[MD5.68062C0ECE86AB7801B5B47FDC855A06] - 3/23/2015 - 8:30:45 PM ---A- . (...) -- C:\WINDOWS\system32\fastopen.exe [882]
O44 - LFC:[MD5.CE49C477E640463A4F4173E01B661101] - 3/23/2015 - 8:31:06 PM ---A- . (.No owner - Font Registration Utility (x86-32).) -- C:\WINDOWS\system32\FontReg.exe [6144]
O44 - LFC:[MD5.1698F4C28EA75262F53D47CC3836C0DC] - 3/23/2015 - 8:31:14 PM ---A- . (...) -- C:\WINDOWS\system32\fsmgmt.msc [32760]
O44 - LFC:[MD5.7F29903CB8F5590D52DB0C9F97049A25] - 3/23/2015 - 8:31:21 PM ---A- . (...) -- C:\WINDOWS\system32\Drivers\gm.dls [3440660]
O44 - LFC:[MD5.4FDED87068052EEB9B72A97FDBC141DB] - 3/23/2015 - 8:31:21 PM ---A- . (...) -- C:\WINDOWS\system32\gb2312.uce [24006]
O44 - LFC:[MD5.B4A651265E2A6BEA471AB7D4F8559941] - 3/23/2015 - 8:31:21 PM ---A- . (...) -- C:\WINDOWS\system32\geo.nls [24772]
O44 - LFC:[MD5.7111BFA692A22E4B3C07F1E6C6FF6F72] - 3/23/2015 - 8:31:22 PM ---A- . (...) -- C:\WINDOWS\system32\Drivers\gmreadme.txt [646]
O44 - LFC:[MD5.C9AD01520798DC5CD144C2DCE97657C3] - 3/23/2015 - 8:31:24 PM ---A- . (...) -- C:\WINDOWS\system32\gpedit.msc [34871]
O44 - LFC:[MD5.6E4E7884E6489AC4F5E6DAB176A73E52] - 3/23/2015 - 8:31:24 PM ---A- . (...) -- C:\WINDOWS\system32\graphics.com [19694]
O44 - LFC:[MD5.BC33AA625D6B807F718627386DF78426] - 3/23/2015 - 8:31:24 PM ---A- . (...) -- C:\WINDOWS\system32\graphics.pro [21232]
O44 - LFC:[MD5.573C7D0A32852B48F3058CFD8026F511] - 3/23/2015 - 8:31:25 PM ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O44 - LFC:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 3/23/2015 - 8:31:26 PM ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4768]
O44 - LFC:[MD5.BF7DFAD60D4809DAA505765A1A925E3E] - 3/23/2015 - 8:31:27 PM ---A- . (...) -- C:\WINDOWS\system32\homepage.inf [929]
O44 - LFC:[MD5.ECD81B99477AB4A93D7838EB40B870D0] - 3/23/2015 - 8:31:35 PM ---A- . (...) -- C:\WINDOWS\system32\icrav03.rat [8798]
O44 - LFC:[MD5.038F6AD6CEE43585D814CDBC7CDFD3EC] - 3/23/2015 - 8:31:37 PM ---A- . (...) -- C:\WINDOWS\system32\ideograf.uce [60458]
O44 - LFC:[MD5.F7CB4ED1D59D69E2382EA277D430DD41] - 3/23/2015 - 8:31:45 PM ---A- . (...) -- C:\WINDOWS\system32\ieuinit.inf [57667]
O44 - LFC:[MD5.09058D19094A8E055019674108FB6284] - 3/23/2015 - 8:31:51 PM ---A- . (...) -- C:\WINDOWS\system32\instcat.sql [956990]
O44 - LFC:[MD5.43ECA1576906BA76FB3E329A338A3CAE] - 3/23/2015 - 8:31:55 PM ---A- . (...) -- C:\WINDOWS\system32\ir32_32.dll [199168]
O44 - LFC:[MD5.CDA2104AB63D3E68B249D51E789CE81E] - 3/23/2015 - 8:31:56 PM ---A- . (.America Online - JG ART DLL.) -- C:\WINDOWS\system32\jgdw400.dll [163840]
O44 - LFC:[MD5.A9F25B26FFE8C41AF73512139456FBEF] - 3/23/2015 - 8:31:56 PM ---A- . (.America Online - JG ART DLL.) -- C:\WINDOWS\system32\jgsd400.dll [45568]
O44 - LFC:[MD5.F706A21C3A46A18D0ACE2C127CF37E78] - 3/23/2015 - 8:31:56 PM ---A- . (.Johnson-Grace Company - JG ART Player DLL.) -- C:\WINDOWS\system32\jgpl400.dll [27648]
O44 - LFC:[MD5.6A4556189D8B40611B351EF4CDAC5FBA] - 3/23/2015 - 8:31:56 PM ---A- . (.Johnson-Grace Company - JG Audio Interface DLL.) -- C:\WINDOWS\system32\jgaw400.dll [44544]
O44 - LFC:[MD5.DCA543F084FD8B23812F6FF1477D5C50] - 3/23/2015 - 8:31:56 PM ---A- . (.Johnson-Grace Company - JG MIDI Player DLL.) -- C:\WINDOWS\system32\jgmd400.dll [35840]
O44 - LFC:[MD5.C9E191A3F7D8A439343C8F92BE5C0954] - 3/23/2015 - 8:31:56 PM ---A- . (.Johnson-Grace Company - JG Slide Show Player DLL.) -- C:\WINDOWS\system32\jgsh400.dll [65536]
O44 - LFC:[MD5.7C0C25F4BA1084C4ABBEEA2C74194C5F] - 3/23/2015 - 8:32:00 PM ---A- . (...) -- C:\WINDOWS\system32\kanji_1.uce [6948]
O44 - LFC:[MD5.529BBD63519BBD654EF328454019693F] - 3/23/2015 - 8:32:00 PM ---A- . (...) -- C:\WINDOWS\system32\kanji_2.uce [8484]
O44 - LFC:[MD5.4D7E256377A5E934EA1820B2CEA79131] - 3/23/2015 - 8:32:00 PM ---A- . (...) -- C:\WINDOWS\system32\kb16.com [14710]
O44 - LFC:[MD5.6556B40EBEB0879DB90B7AC32B41379B] - 3/23/2015 - 8:32:11 PM ---A- . (...) -- C:\WINDOWS\system32\a15.tbl [1460]
O44 - LFC:[MD5.9CF1E26D5CFC4747AF8BA76297353523] - 3/23/2015 - 8:32:11 PM ---A- . (...) -- C:\WINDOWS\system32\a234.tbl [44370]
O44 - LFC:[MD5.FF0ABF80940C1A6A9E0DB36EB431EB8E] - 3/23/2015 - 8:32:11 PM ---A- . (...) -- C:\WINDOWS\system32\acode.tbl [44370]
O44 - LFC:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 3/23/2015 - 8:32:11 PM ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O44 - LFC:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 3/23/2015 - 8:32:11 PM ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O44 - LFC:[MD5.7A7A04370A6030B9B0E8178DAD4A6E41] - 3/23/2015 - 8:32:11 PM ---A- . (...) -- C:\WINDOWS\system32\korean.uce [12876]
O44 - LFC:[MD5.DB4F8D50EDA4C0C51BDD0753880FA20B] - 3/23/2015 - 8:32:11 PM ---A- . (...) -- C:\WINDOWS\system32\ksc.nls [47066]
O44 - LFC:[MD5.217BC5677C19491A22846324300A363C] - 3/23/2015 - 8:32:12 PM ---A- . (...) -- C:\WINDOWS\system32\arphr.tbl [110566]
O44 - LFC:[MD5.BB30616600212D6EA337441AAC516F22] - 3/23/2015 - 8:32:12 PM ---A- . (...) -- C:\WINDOWS\system32\arptr.tbl [16312]
O44 - LFC:[MD5.2D37D46049C16DEDCF89BF76EC734877] - 3/23/2015 - 8:32:12 PM ---A- . (...) -- C:\WINDOWS\system32\array30.tab [146126]
O44 - LFC:[MD5.1924C588038F922AAB8CB66DF42EA4D6] - 3/23/2015 - 8:32:12 PM ---A- . (...) -- C:\WINDOWS\system32\arrayhw.tab [18600]
O44 - LFC:[MD5.2511B0F32128156F4C7F9F1164D5A108] - 3/23/2015 - 8:32:15 PM ---A- . (...) -- C:\WINDOWS\system32\dayiphr.tbl [520]
O44 - LFC:[MD5.F649C69497F99AA0E87EE81A1E140D0A] - 3/23/2015 - 8:32:15 PM ---A- . (...) -- C:\WINDOWS\system32\dayiptr.tbl [700]
O44 - LFC:[MD5.55DCED5F0946C03E70B255A3AFC932B1] - 3/23/2015 - 8:32:46 PM ---A- . (...) -- C:\WINDOWS\system32\korwbrkr.lex [1158818]
O44 - LFC:[MD5.531FE5A2634D87A078017259F21D9736] - 3/23/2015 - 8:32:46 PM ---A- . (...) -- C:\WINDOWS\system32\lcphrase.tbl [211938]
O44 - LFC:[MD5.D3C85593F8C4576FCF9B42AC48CA4368] - 3/23/2015 - 8:32:46 PM ---A- . (...) -- C:\WINDOWS\system32\lcptr.tbl [24114]
O44 - LFC:[MD5.805EE17EB45B370D75BD8DE1986EE0D5] - 3/23/2015 - 8:32:50 PM ---A- . (...) -- C:\WINDOWS\system32\msdayi.tbl [116285]
O44 - LFC:[MD5.C04D36BBEF5B9BAA8D8DA0B57F22BE20] - 3/23/2015 - 8:32:59 PM ---A- . (...) -- C:\WINDOWS\system32\noise.jpn [2060]
O44 - LFC:[MD5.1C96B3DA6ABE5E18B63C64DF75884F6A] - 3/23/2015 - 8:32:59 PM ---A- . (...) -- C:\WINDOWS\system32\noise.kor [1486]
O44 - LFC:[MD5.87027AC38E50D8185F83F27F92C41330] - 3/23/2015 - 8:33:05 PM ---A- . (...) -- C:\WINDOWS\system32\phon.tbl [4071]
O44 - LFC:[MD5.84E0FC05489B2E05B1F7CD41B3E7FD3B] - 3/23/2015 - 8:33:05 PM ---A- . (...) -- C:\WINDOWS\system32\phoncode.tbl [43242]
O44 - LFC:[MD5.1C47CF06E760E1865C9AAF04710D517C] - 3/23/2015 - 8:33:06 PM ---A- . (...) -- C:\WINDOWS\system32\phonptr.tbl [2714]
O44 - LFC:[MD5.EA2A501A6EE240361FA42FBA90E93611] - 3/23/2015 - 8:33:11 PM ---A- . (...) -- C:\WINDOWS\system32\PINTLPAD.HLP [14821]
O44 - LFC:[MD5.6D62961C6936709C4FE55CE5F7BE4AC1] - 3/23/2015 - 8:33:11 PM ---A- . (...) -- C:\WINDOWS\system32\PINTLPAE.HLP [16254]
O44 - LFC:[MD5.AAF2CFDFCEAE84151060465A4C4506DA] - 3/23/2015 - 8:33:18 PM ---A- . (...) -- C:\WINDOWS\system32\WINPY.MB [1783864]
O44 - LFC:[MD5.FBA8EDF2418C8754D7199B7DCAD9F159] - 3/23/2015 - 8:33:18 PM ---A- . (...) -- C:\WINDOWS\system32\WINSP.MB [1564868]
O44 - LFC:[MD5.5A651B76C819817A2B992F34C3A8BC8D] - 3/23/2015 - 8:33:18 PM ---A- . (...) -- C:\WINDOWS\system32\WINZM.MB [1223500]
O44 - LFC:[MD5.CE25D9F93F0C06C1E58D539ABFDCB8F7] - 3/23/2015 - 8:33:24 PM ---A- . (...) -- C:\WINDOWS\system32\LegitCheckControl.dll [1481728]
O44 - LFC:[MD5.536460507B20AE0F03D7BEE8111028CF] - 3/23/2015 - 8:33:25 PM ---A- . (...) -- C:\WINDOWS\system32\loadfix.com [1131]
O44 - LFC:[MD5.12A560167297E39A376A14E6CC457F7A] - 3/23/2015 - 8:33:26 PM ---A- . (...) -- C:\WINDOWS\system32\login.cmd [487]
O44 - LFC:[MD5.61F5014EA68123B576C5606B91762F83] - 3/23/2015 - 8:33:28 PM ---A- . (...) -- C:\WINDOWS\system32\l_except.nls [168]
O44 - LFC:[MD5.2C8BCB512F91F0B1C7C797822A3E80F6] - 3/23/2015 - 8:33:28 PM ---A- . (...) -- C:\WINDOWS\system32\l_intl.nls [7046]
O44 - LFC:[MD5.98FAC2ADB556164207AF1E803946643D] - 3/23/2015 - 8:33:28 PM ---A- . (...) -- C:\WINDOWS\system32\lusrmgr.msc [42166]
O44 - LFC:[MD5.FD35409BAECF5971BFD8DFCDD33D29A9] - 3/23/2015 - 8:33:29 PM ---A- . (...) -- C:\WINDOWS\system32\mciqtz32.dll [35328]
O44 - LFC:[MD5.390762963E6B4C861E5E0CA5A3E56E40] - 3/23/2015 - 8:33:34 PM ---A- . (...) -- C:\WINDOWS\system32\mem.exe [39274]
O44 - LFC:[MD5.6FAFC044FAC0A871A0D9BE448FF83832] - 3/23/2015 - 8:33:44 PM ---A- . (...) -- C:\WINDOWS\system32\mib.bin [46258]
O44 - LFC:[MD5.ED434A3EBE29070A7E0138C42482EB93] - 3/23/2015 - 8:33:46 PM ---A- . (...) -- C:\WINDOWS\system32\mlang.dat [673088]
O44 - LFC:[MD5.6C8FFEB1A4F7DB9D8F5EF68D953AC139] - 3/23/2015 - 8:33:47 PM ---A- . (...) -- C:\WINDOWS\system32\mmdriver.inf [1492]
O44 - LFC:[MD5.84AC06ECC066322ED277ACA0A2ED2532] - 3/23/2015 - 8:33:49 PM ---A- . (...) -- C:\WINDOWS\system32\mpeg2data.ax [118272]
O44 - LFC:[MD5.E78ABD0A79B1161C2EEF6CB0B588F002] - 3/23/2015 - 8:33:49 PM ---A- . (...) -- C:\WINDOWS\system32\mpg2splt.ax [148992]
O44 - LFC:[MD5.0BF61BE8AF9662A123EF40DB710431C0] - 3/23/2015 - 8:33:50 PM ---A- . (...) -- C:\WINDOWS\system32\mqperf.ini [10110]
O44 - LFC:[MD5.9C10756715DF1689261F7F0451F7E133] - 3/23/2015 - 8:33:50 PM ---A- . (...) -- C:\WINDOWS\system32\mqprfsym.h [2755]
O44 - LFC:[MD5.EC63595D72A69FB5B4E481A7B90CB513] - 3/23/2015 - 8:34:01 PM ---A- . (...) -- C:\WINDOWS\system32\mscdexnt.exe [817]
O44 - LFC:[MD5.B9FB94A8DA62711C6955825DEFB25C5A] - 3/23/2015 - 8:34:03 PM ---A- . (...) -- C:\WINDOWS\msdfmap.ini [1405]
O44 - LFC:[MD5.D25C03D04159D462D69F294BA7142BDB] - 3/23/2015 - 8:34:03 PM ---A- . (...) -- C:\WINDOWS\system32\msdmo.dll [14336]
O44 - LFC:[MD5.CDD932EDCB756FB5F7CE5E2F090BA838] - 3/23/2015 - 8:34:03 PM ---A- . (...) -- C:\WINDOWS\system32\msdtcprf.h [768]
O44 - LFC:[MD5.28E3647CBB608139AFB076103208552B] - 3/23/2015 - 8:34:03 PM ---A- . (...) -- C:\WINDOWS\system32\msdtcprf.ini [1931]
O44 - LFC:[MD5.498E898CA1C33B739E6EB89DF04FC391] - 3/23/2015 - 8:34:03 PM ---A- . (...) -- C:\WINDOWS\system32\msdxm.ocx [844314]
O44 - LFC:[MD5.C2A64A4E8E3CAA6FAF7A35EF8089A64B] - 3/23/2015 - 8:34:03 PM ---A- . (...) -- C:\WINDOWS\system32\msdxmlc.dll [4126]
O44 - LFC:[MD5.F8DA833A1DFB4E6E277E320B586127A5] - 3/23/2015 - 8:34:03 PM ---A- . (...) -- C:\WINDOWS\system32\msencode.dll [94282]
O44 - LFC:[MD5.077F067C69073D1EBC84984E7FE5BA44] - 3/23/2015 - 8:34:12 PM ---A- . (...) -- C:\WINDOWS\system32\msjetoledb40.dll [355112]
O44 - LFC:[MD5.DF252F37880142ED5574C2BE4DADF5A7] - 3/23/2015 - 8:34:22 PM ---A- . (...) -- C:\WINDOWS\system32\msvcrt10.dll [210944]
O44 - LFC:[MD5.470D9EA1F31E6EB3134316C696170F04] - 3/23/2015 - 8:34:28 PM ---A- . (...) -- C:\WINDOWS\system32\net.hlp [102446]
O44 - LFC:[MD5.EDF56E4601B55BA6411402478D222BEB] - 3/23/2015 - 8:34:36 PM ---A- . (...) -- C:\WINDOWS\system32\netware.drv [2656]
O44 - LFC:[MD5.5E835121A3899CFA37E285E0CA2B4E7D] - 3/23/2015 - 8:34:39 PM ---A- . (...) -- C:\WINDOWS\system32\nlsfunc.exe [7052]
O44 - LFC:[MD5.5A34DB0802A96719F9DC08DFC7F356D1] - 3/23/2015 - 8:34:39 PM ---A- . (...) -- C:\WINDOWS\system32\noise.chs [1696]
O44 - LFC:[MD5.6C114885CC2C983BA24F9A4EDE9A48FA] - 3/23/2015 - 8:34:39 PM ---A- . (...) -- C:\WINDOWS\system32\noise.cht [1696]
O44 - LFC:[MD5.DE78E0C57BC478D47CC2F470B68E1A45] - 3/23/2015 - 8:34:39 PM ---A- . (...) -- C:\WINDOWS\system32\noise.dat [741]
O44 - LFC:[MD5.AB3BF6AB274C57123827AFA60354642E] - 3/23/2015 - 8:34:39 PM ---A- . (...) -- C:\WINDOWS\system32\noise.deu [149848]
O44 - LFC:[MD5.65FCC5383C64AE4B0C8100AC75C0F286] - 3/23/2015 - 8:34:39 PM ---A- . (...) -- C:\WINDOWS\system32\noise.eng [751]
O44 - LFC:[MD5.65FCC5383C64AE4B0C8100AC75C0F286] - 3/23/2015 - 8:34:39 PM ---A- . (...) -- C:\WINDOWS\system32\noise.enu [751]
O44 - LFC:[MD5.BF87CC5F09459CFCEFC35A5AB2990E39] - 3/23/2015 - 8:34:39 PM ---A- . (...) -- C:\WINDOWS\system32\noise.esn [19684]
O44 - LFC:[MD5.D0AD0F15FE9249099C98FADC8CCA9B6E] - 3/23/2015 - 8:34:39 PM ---A- . (...) -- C:\WINDOWS\system32\noise.fra [49196]
O44 - LFC:[MD5.010A2958104B44ABF12E483A400E3B05] - 3/23/2015 - 8:34:39 PM ---A- . (...) -- C:\WINDOWS\system32\noise.ita [19618]
O44 - LFC:[MD5.FA6AD4783B2EA52F678AF3808574FB37] - 3/23/2015 - 8:34:39 PM ---A- . (...) -- C:\WINDOWS\system32\noise.nld [13256]
O44 - LFC:[MD5.B71838718F68831B161AE562BF68ECF7] - 3/23/2015 - 8:34:39 PM ---A- . (...) -- C:\WINDOWS\system32\noise.sve [13730]
O44 - LFC:[MD5.BDD9B70A185CA6DEFEAA59BB55B70644] - 3/23/2015 - 8:34:39 PM ---A- . (...) -- C:\WINDOWS\system32\noise.tha [697]
O44 - LFC:[MD5.DA5748A89E22A3932387E65694B25BBB] - 3/23/2015 - 8:34:39 PM ---A- . (...) -- C:\WINDOWS\system32\normidna.nls [59342]
O44 - LFC:[MD5.3831A5E217D6FA828CCE1011DA26E677] - 3/23/2015 - 8:34:39 PM ---A- . (...) -- C:\WINDOWS\system32\normnfc.nls [45794]
O44 - LFC:[MD5.DBDE664E0BA4BACD0A6A04AE2232B205] - 3/23/2015 - 8:34:39 PM ---A- . (...) -- C:\WINDOWS\system32\normnfd.nls [39284]
O44 - LFC:[MD5.C9B88B759FE81D59CE8EBF5A0A8EB75A] - 3/23/2015 - 8:34:39 PM ---A- . (...) -- C:\WINDOWS\system32\normnfkc.nls [66384]
O44 - LFC:[MD5.3CAB6AB66759FCDF73B61EE262C9ACF4] - 3/23/2015 - 8:34:39 PM ---A- . (...) -- C:\WINDOWS\system32\normnfkd.nls [60294]
O44 - LFC:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 3/23/2015 - 8:34:41 PM ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27866]
O44 - LFC:[MD5.CF9ED169FF86D935E47999E82359E898] - 3/23/2015 - 8:34:41 PM ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O44 - LFC:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 3/23/2015 - 8:34:41 PM ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O44 - LFC:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 3/23/2015 - 8:34:41 PM ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O44 - LFC:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 3/23/2015 - 8:34:41 PM ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O44 - LFC:[MD5.4E16974702B0C733F1E669247E8E0D22] - 3/23/2015 - 8:34:41 PM ---A- . (...) -- C:\WINDOWS\system32\ntimage.gif [48794]
O44 - LFC:[MD5.4FE09F868CE65B334B42862C372C69CC] - 3/23/2015 - 8:34:41 PM ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [33840]
O44 - LFC:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 3/23/2015 - 8:34:41 PM ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O44 - LFC:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 3/23/2015 - 8:34:41 PM ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O44 - LFC:[MD5.42E5D3D11EF0D8CE52175727D581BC14] - 3/23/2015 - 8:34:41 PM RSHA- . (...) -- C:\NTDETECT.COM [47596]
O44 - LFC:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 3/23/2015 - 8:34:42 PM ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O44 - LFC:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 3/23/2015 - 8:34:42 PM ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
O44 - LFC:[MD5.C1B29B4E6EEA9510610DB2EC4D6DB160] - 3/23/2015 - 8:34:43 PM RSHA- . (...) -- C:\ntldr [250048]
O44 - LFC:[MD5.247B9EC05417E1DBBB77039AC8570C50] - 3/23/2015 - 8:34:46 PM ---A- . (...) -- C:\WINDOWS\system32\ntmsmgr.msc [26209]
O44 - LFC:[MD5.E32DAB465E868AA82F441928658A8509] - 3/23/2015 - 8:34:46 PM ---A- . (...) -- C:\WINDOWS\system32\ntmsoprq.msc [32968]
O44 - LFC:[MD5.113976FD8FE7E395888AEBAFAD83D8F7] - 3/23/2015 - 8:34:51 PM ---A- . (...) -- C:\WINDOWS\system32\nw16.exe [3252]
O44 - LFC:[MD5.0B698BC91749B56C561283519F9EE272] - 3/23/2015 - 8:34:53 PM ---A- . (...) -- C:\WINDOWS\system32\odbcconf.rsp [4310]
O44 - LFC:[MD5.FE68FED523A46ACC2D9CE3AA693C65D8] - 3/23/2015 - 8:34:56 PM ---A- . (...) -- C:\WINDOWS\system32\oembios.bin [13107200]
O44 - LFC:[MD5.6FF56E89D90A71C85F9E74BBC053DBEB] - 3/23/2015 - 8:35:01 PM ---A- . (...) -- C:\WINDOWS\system32\oembios.dat [4463]
O44 - LFC:[MD5.41773926062E66E7DF3B391FCFB72C8A] - 3/23/2015 - 8:35:01 PM ---A- . (...) -- C:\WINDOWS\system32\oembios.sig [6761]
O44 - LFC:[MD5.65771F818306EEBBCBE4ABD9BF01AE1B] - 3/23/2015 - 8:35:05 PM ---A- . (...) -- C:\WINDOWS\system32\pagefileconfig.vbs [167219]
O44 - LFC:[MD5.A029A434A3035429628CA35102FFB907] - 3/23/2015 - 8:35:09 PM ---A- . (...) -- C:\WINDOWS\system32\pcl.sep [114]
O44 - LFC:[MD5.FB30009167CEE7350030E444042B73E5] - 3/23/2015 - 8:35:12 PM ---A- . (...) -- C:\WINDOWS\system32\pid.inf [974]
O44 - LFC:[MD5.54144F43EDF5AA8F504A30E7C1D1A7B5] - 3/23/2015 - 8:35:16 PM ---A- . (...) -- C:\WINDOWS\system32\prc.nls [83748]
O44 - LFC:[MD5.901863C68E6523336CAC602FE9320ABC] - 3/23/2015 - 8:35:16 PM ---A- . (...) -- C:\WINDOWS\system32\prcp.nls [83748]
O44 - LFC:[MD5.3D51E6F90FD400B16631E1B92A87C4C7] - 3/23/2015 - 8:35:16 PM ---A- . (...) -- C:\WINDOWS\system32\presetup.cmd [3250]
O44 - LFC:[MD5.478A1DAC75FE6C1BFCD873A4D212401A] - 3/23/2015 - 8:35:17 PM ---A- . (...) -- C:\WINDOWS\system32\prncnfg.vbs [35755]
O44 - LFC:[MD5.5E1178ECAAC473B2E50F3D6F09794D62] - 3/23/2015 - 8:35:17 PM ---A- . (...) -- C:\WINDOWS\system32\prndrvr.vbs [25415]
O44 - LFC:[MD5.CDCAA536A14C6564F1EFD304DCBA773F] - 3/23/2015 - 8:35:17 PM ---A- . (...) -- C:\WINDOWS\system32\prnjobs.vbs [21527]
O44 - LFC:[MD5.4460B82D83B9EC9E47489B26CA4E80C1] - 3/23/2015 - 8:35:17 PM ---A- . (...) -- C:\WINDOWS\system32\prnmngr.vbs [32546]
O44 - LFC:[MD5.55EB62F65989F8807D4E6489B8EABA95] - 3/23/2015 - 8:35:18 PM ---A- . (...) -- C:\WINDOWS\system32\prnport.vbs [29454]
O44 - LFC:[MD5.5CED90627A04EC02F5023816CDBB69BA] - 3/23/2015 - 8:35:18 PM ---A- . (...) -- C:\WINDOWS\system32\prnqctl.vbs [15860]
O44 - LFC:[MD5.8004F1C84488D73BD5C118F777A17F40] - 3/23/2015 - 8:35:18 PM ---A- . (...) -- C:\WINDOWS\system32\prodspec.ini [343]
O44 - LFC:[MD5.4E173B55801B28447BFC3C4FDA13FCCA] - 3/23/2015 - 8:35:19 PM ---A- . (...) -- C:\WINDOWS\system32\pschdcnt.h [3010]
O44 - LFC:[MD5.F779197391BC2A2F3E9CC4D7E5628932] - 3/23/2015 - 8:35:19 PM ---A- . (...) -- C:\WINDOWS\system32\pschdprf.ini [6877]
O44 - LFC:[MD5.C09741B9886EF0D15EC3B1443352FB62] - 3/23/2015 - 8:35:19 PM ---A- . (...) -- C:\WINDOWS\system32\pscript.sep [51]
O44 - LFC:[MD5.CDF815D1673A0A030D36A39E98CC00BD] - 3/23/2015 - 8:35:19 PM ---A- . (...) -- C:\WINDOWS\system32\pubprn.vbs [3708]
O44 - LFC:[MD5.54B0324241BBF3642159918F9A4F16FB] - 3/23/2015 - 8:35:19 PM ---A- . (...) -- C:\WINDOWS\system32\qcap.dll [192512]
O44 - LFC:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 3/23/2015 - 8:35:19 PM ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Lib.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O44 - LFC:[MD5.652EFA19CA7EF9ABD4FD68E89A6906C7] - 3/23/2015 - 8:35:22 PM ---A- . (...) -- C:\WINDOWS\system32\qdv.dll [279040]
O44 - LFC:[MD5.5DE54E97A890596043AB5B6388733C18] - 3/23/2015 - 8:35:22 PM ---A- . (...) -- C:\WINDOWS\system32\qdvd.dll [386048]
O44 - LFC:[MD5.04ECFF1368C10CAF7197D9845C1EE453] - 3/23/2015 - 8:35:22 PM ---A- . (...) -- C:\WINDOWS\system32\qedit.dll [562688]
O44 - LFC:[MD5.922DF04AC61B975D90706F7724B03B45] - 3/23/2015 - 8:35:22 PM ---A- . (...) -- C:\WINDOWS\system32\qedwipes.dll [733696]
O44 - LFC:[MD5.B9C876AF88A150D80882EFCF6299917E] - 3/23/2015 - 8:35:22 PM ---A- . (...) -- C:\WINDOWS\system32\quartz.dll [1292288]
O44 - LFC:[MD5.51064C1F2D0E493121CFD2A78A1FBC3B] - 3/23/2015 - 8:35:26 PM ---A- . (...) -- C:\WINDOWS\system32\rasctrnm.h [1818]
O44 - LFC:[MD5.646D5B7CDAE916331E1D4E481B08C22D] - 3/23/2015 - 8:35:26 PM ---A- . (...) -- C:\WINDOWS\system32\rasctrs.ini [3458]
O44 - LFC:[MD5.D6AEA0E2D8C85086A9AA5BE7E7CB167A] - 3/23/2015 - 8:35:27 PM ---A- . (...) -- C:\WINDOWS\system32\redir.exe [3338]
O44 - LFC:[MD5.CAC196B987D19045259D276EC6913561] - 3/23/2015 - 8:35:33 PM ---A- . (...) -- C:\WINDOWS\system32\rsaci.rat [3167]
O44 - LFC:[MD5.104C432F0EC4EC78B8D84CC687949222] - 3/23/2015 - 8:35:34 PM ---A- . (...) -- C:\WINDOWS\system32\rsvp.ini [12082]
O44 - LFC:[MD5.42A74887C8763DEB3EABA791C8106531] - 3/23/2015 - 8:35:34 PM ---A- . (...) -- C:\WINDOWS\system32\rsvpcnts.h [3178]
O44 - LFC:[MD5.7C529517565B1A0D0EED297A087AE5B5] - 3/23/2015 - 8:35:34 PM R---- . (...) -- C:\WINDOWS\system32\rsop.msc [44451]
O44 - LFC:[MD5.F4F1A07AB05D84E300FFCF3AF55C5CA9] - 3/23/2015 - 8:35:38 PM ---A- . (...) -- C:\WINDOWS\system32\sbe.dll [270848]
O44 - LFC:[MD5.796F913484A6138F540A1202057FCEFA] - 3/23/2015 - 8:35:40 PM ---A- . (.No owner - ScriptPW Module.) -- C:\WINDOWS\system32\scriptpw.dll [10240]
O44 - LFC:[MD5.EF87B52460AADDEBACC81590A9E88678] - 3/23/2015 - 8:35:45 PM ---A- . (...) -- C:\WINDOWS\system32\secpol.msc [36364]
O44 - LFC:[MD5.8588009E29654C772D891CD9CE983A1C] - 3/23/2015 - 8:35:47 PM ---A- . (...) -- C:\WINDOWS\system32\secupd.dat [4569]
O44 - LFC:[MD5.D6C4FE43694B4B079516CC16F8082255] - 3/23/2015 - 8:35:47 PM ---A- . (...) -- C:\WINDOWS\system32\secupd.sig [7208]
O44 - LFC:[MD5.E8089AA2A6F7FEE89B38C1F2D77BA6C6] - 3/23/2015 - 8:35:48 PM ---A- . (...) -- C:\WINDOWS\system32\services.msc [33464]
O44 - LFC:[MD5.958011325B4BD0FB2E17609F17F17084] - 3/23/2015 - 8:35:48 PM ---A- . (.iLE d.o.p. - No Comment.) -- C:\WINDOWS\system32\setupold.exe [28672]
O44 - LFC:[MD5.6A4FF6403B925EBEFE84931B22522D61] - 3/23/2015 - 8:35:50 PM ---A- . (...) -- C:\WINDOWS\system32\setup.bmp [240120]
O44 - LFC:[MD5.AD7B906FC883959E56E210B2B077CA00] - 3/23/2015 - 8:35:50 PM ---A- . (...) -- C:\WINDOWS\system32\setver.exe [11753]
O44 - LFC:[MD5.68062C0ECE86AB7801B5B47FDC855A06] - 3/23/2015 - 8:35:53 PM ---A- . (...) -- C:\WINDOWS\system32\share.exe [882]
O44 - LFC:[MD5.8CA32E9D986FA76F60EFBCFCD9D80A58] - 3/23/2015 - 8:35:53 PM ---A- . (...) -- C:\WINDOWS\system32\shiftjis.uce [16740]
O44 - LFC:[MD5.0DBB250A89E2E1C9281009AC269F0805] - 3/23/2015 - 8:36:00 PM ---A- . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\system32\sl_anet.acm [86016]
O44 - LFC:[MD5.81051BCC2CF1BEDF378224B0A93E2877] - 3/23/2015 - 8:36:03 PM ---A- . (...) -- C:\WINDOWS\desktop.ini [2]
O44 - LFC:[MD5.81051BCC2CF1BEDF378224B0A93E2877] - 3/23/2015 - 8:36:03 PM ---A- . (...) -- C:\WINDOWS\system32\desktop.ini [2]
O44 - LFC:[MD5.97C0AA29F21D236EF6C7361C349BDCF0] - 3/23/2015 - 8:36:04 PM ---A- . (...) -- C:\WINDOWS\system32\sortkey.nls [262148]
O44 - LFC:[MD5.56B8519463F1067AB96FB123B395F948] - 3/23/2015 - 8:36:04 PM ---A- . (...) -- C:\WINDOWS\system32\sorttbls.nls [23044]
O44 - LFC:[MD5.10289F161B74CB252C3B57E4DA89EB65] - 3/23/2015 - 8:36:20 PM ---A- . (...) -- C:\WINDOWS\system32\sqlsodbc.chm [46133]
O44 - LFC:[MD5.30F5568679A54042F99CA9EC1102EBCD] - 3/23/2015 - 8:36:24 PM ---A- . (...) -- C:\WINDOWS\system32\subrange.uce [93702]
O44 - LFC:[MD5.74943B60374CB5F9C6F9907F8BD2F79A] - 3/23/2015 - 8:36:41 PM ---A- . (...) -- C:\WINDOWS\system32\sysprint.sep [3214]
O44 - LFC:[MD5.9E1F3509104FCEB377A58A16E8243D39] - 3/23/2015 - 8:36:44 PM ---A- . (...) -- C:\WINDOWS\system32\sysprtj.sep [3577]
O44 - LFC:[MD5.D84209D3FB6FC9A1FD1519CAE28DC9E7] - 3/23/2015 - 8:36:50 PM ---A- . (...) -- C:\WINDOWS\system32\tcpmon.ini [53478]
O44 - LFC:[MD5.72AA643C526DDB882B7DA9394947DF16] - 3/23/2015 - 8:36:50 PM ---A- . (...) -- C:\WINDOWS\system32\termcap [862]
O44 - LFC:[MD5.6D21D0A95286DCD09E354B612F592EB7] - 3/23/2015 - 8:36:52 PM ---A- . (...) -- C:\WINDOWS\system32\ticrf.rat [1988]
O44 - LFC:[MD5.735F504DEEFE4E2AD06360FCE2842DD4] - 3/23/2015 - 8:36:54 PM ---A- . (...) -- C:\WINDOWS\system32\tsd32.dll [15360]
O44 - LFC:[MD5.4A547D74B435E78418BE06406250C1D3] - 3/23/2015 - 8:36:55 PM ---A- . (...) -- C:\WINDOWS\system32\tslabels.h [3286]
O44 - LFC:[MD5.03C361FAB5AD67924C5150A384C62BE6] - 3/23/2015 - 8:36:55 PM ---A- . (...) -- C:\WINDOWS\system32\tslabels.ini [13223]
O44 - LFC:[MD5.E8CD0D7E169ECCE2D4FD829DAAB786ED] - 3/23/2015 - 8:36:55 PM ---A- . (.DSP GROUP, INC. - DSP Group TrueSpeech(TM) Audio Codec for MS.) -- C:\WINDOWS\system32\tssoft32.acm [8192]
O44 - LFC:[MD5.D0EE9D30E36B812EAE1E3655D8D447F8] - 3/23/2015 - 8:36:58 PM ---A- . (...) -- C:\WINDOWS\system32\unicode.nls [89588]
O44 - LFC:[MD5.F463BC45CD34ADE54F801746B6D322B1] - 3/23/2015 - 8:37:06 PM ---A- . (...) -- C:\WINDOWS\system32\usrlogon.cmd [1161]
O44 - LFC:[MD5.8C68E7B815B225220AF43ABFDDA38AAB] - 3/23/2015 - 8:37:07 PM ---A- . (...) -- C:\WINDOWS\system32\vbicodec.ax [53248]
O44 - LFC:[MD5.496EC9D90953AEB7F259D292E7D3EEAE] - 3/23/2015 - 8:37:11 PM ---A- . (...) -- C:\WINDOWS\system32\vwipxspx.exe [1129]
O44 - LFC:[MD5.5D10827B66C97C11D29612BA0380A9B7] - 3/23/2015 - 8:37:12 PM ---A- . (...) -- C:\WINDOWS\system32\wbcache.deu [65489]
O44 - LFC:[MD5.5D10827B66C97C11D29612BA0380A9B7] - 3/23/2015 - 8:37:12 PM ---A- . (...) -- C:\WINDOWS\system32\wbcache.enu [65489]
O44 - LFC:[MD5.5D10827B66C97C11D29612BA0380A9B7] - 3/23/2015 - 8:37:12 PM ---A- . (...) -- C:\WINDOWS\system32\wbcache.esn [65489]
O44 - LFC:[MD5.5D10827B66C97C11D29612BA0380A9B7] - 3/23/2015 - 8:37:12 PM ---A- . (...) -- C:\WINDOWS\system32\wbcache.fra [65489]
O44 - LFC:[MD5.5D10827B66C97C11D29612BA0380A9B7] - 3/23/2015 - 8:37:12 PM ---A- . (...) -- C:\WINDOWS\system32\wbcache.ita [65489]
O44 - LFC:[MD5.5D10827B66C97C11D29612BA0380A9B7] - 3/23/2015 - 8:37:12 PM ---A- . (...) -- C:\WINDOWS\system32\wbcache.nld [65489]
O44 - LFC:[MD5.5D10827B66C97C11D29612BA0380A9B7] - 3/23/2015 - 8:37:12 PM ---A- . (...) -- C:\WINDOWS\system32\wbcache.sve [65489]
O44 - LFC:[MD5.F2BAE36CE7B07CDC32366B8E39C9F546] - 3/23/2015 - 8:37:12 PM ---A- . (...) -- C:\WINDOWS\system32\wbdbase.deu [1309184]
O44 - LFC:[MD5.57E8595A50934D8D74D72EE3F3541166] - 3/23/2015 - 8:37:16 PM ---A- . (...) -- C:\WINDOWS\system32\wbdbase.enu [957440]
O44 - LFC:[MD5.47BDD284DD36F5693F0E0FE820394E96] - 3/23/2015 - 8:37:21 PM ---A- . (...) -- C:\WINDOWS\system32\wbdbase.esn [750080]
O44 - LFC:[MD5.8803C0E2B48BD8C600FE8110AE30B4EC] - 3/23/2015 - 8:37:21 PM ---A- . (...) -- C:\WINDOWS\system32\wbdbase.fra [786944]
O44 - LFC:[MD5.955B85225FDB1E3EFD8451B5C99D9C7E] - 3/23/2015 - 8:37:21 PM ---A- . (...) -- C:\WINDOWS\system32\wbdbase.ita [867840]
O44 - LFC:[MD5.5D616E8BA1B03511F344DA510AE48E12] - 3/23/2015 - 8:37:21 PM ---A- . (...) -- C:\WINDOWS\system32\wbdbase.nld [1095680]
O44 - LFC:[MD5.DDFCDFA3E61D479F9DD0CDC73BDA446A] - 3/23/2015 - 8:37:21 PM ---A- . (...) -- C:\WINDOWS\system32\wbdbase.sve [937984]
O44 - LFC:[MD5.1A69323DFACCE17817F68AC0E53DE42C] - 3/23/2015 - 8:37:22 PM ---A- . (...) -- C:\WINDOWS\system32\wdl.trm [4096]
O44 - LFC:[MD5.F42DDDD518B982CD2BDB0AF7D5171359] - 3/23/2015 - 8:37:23 PM ---A- . (...) -- C:\WINDOWS\system32\webfldrs.msi [1326080]
O44 - LFC:[MD5.BEF31EF51A02F4E18A06EB1806F51403] - 3/23/2015 - 8:37:24 PM ---A- . (...) -- C:\WINDOWS\system32\wiasf.ax [40448]
O44 - LFC:[MD5.C980C971AD4FF3CA5CEFDEF40932D3A1] - 3/23/2015 - 8:37:25 PM ---A- . (...) -- C:\WINDOWS\system32\win87em.dll [13312]
O44 - LFC:[MD5.8955C6718A3E3118394DCE266BA4F4B4] - 3/23/2015 - 8:37:25 PM ---A- . (...) -- C:\WINDOWS\system32\winhelp.hlp [32674]
O44 - LFC:[MD5.2CE7B1EEB99C14032C0E2201B004F80E] - 3/23/2015 - 8:37:40 PM ---A- . (...) -- C:\WINDOWS\system32\wmimgmt.msc [63488]
O44 - LFC:[MD5.372DC86CEA7C860F7F5C94012DE68922] - 3/23/2015 - 8:38:03 PM ---A- . (...) -- C:\WINDOWS\system32\wstpager.ax [164352]
O44 - LFC:[MD5.CCBF788C49E7C486C5420D74AFF9DD62] - 3/23/2015 - 8:38:03 PM ---A- . (...) -- C:\WINDOWS\system32\wstrenderer.ax [239616]
O44 - LFC:[MD5.09E420F90A329BDA68477FA4AF43CB28] - 3/23/2015 - 8:38:06 PM ---A- . (...) -- C:\WINDOWS\system32\xjis.nls [28288]
O44 - LFC:[MD5.B317B33694BAC49D492DD3F23E374899] - 3/23/2015 - 8:38:18 PM ---A- . (...) -- C:\WINDOWS\_default.pif [707]
O44 - LFC:[MD5.10BFA25FE444255DE18C0F6A14DEFB2A] - 3/24/2015 - 11:23:38 PM ---A- . (...) -- C:\WINDOWS\win.ini [582]
O44 - LFC:[MD5.DE4C5379216ACE6197B77D0D6C6C8D8A] - 3/24/2015 - 1:41:27 PM ---A- . (...) -- C:\WINDOWS\system32\igxpxa32.cpa [524850]
O44 - LFC:[MD5.7DEF9DFBDE081CAC48105CFCEC4F385C] - 3/24/2015 - 1:41:27 PM ---A- . (...) -- C:\WINDOWS\system32\igxpxk32.vp [2096]
O44 - LFC:[MD5.B6CC44AC63E33364447357FAF517B52D] - 3/24/2015 - 1:41:27 PM ---A- . (...) -- C:\WINDOWS\system32\igxpxs32.vp [24784]
O44 - LFC:[MD5.54EABEC05A84181FCEDD7F974850116C] - 3/24/2015 - 1:41:28 PM ---A- . (...) -- C:\WINDOWS\system32\igxpxa32.vp [929]
O44 - LFC:[MD5.6DFC1363EDA08B7378040B093595932E] - 3/24/2015 - 1:42:11 PM ---A- . (...) -- C:\WINDOWS\system32\d3d9caps.dat [5536]
O44 - LFC:[MD5.115B7337BF8C2AF2C82B4C3871BA337A] - 3/24/2015 - 1:46:04 PM ---A- . (...) -- C:\WINDOWS\SMinstall.log [711]
O44 - LFC:[MD5.C4A72EA0CBA7B279137D48E690365C50] - 3/24/2015 - 1:48:35 PM ---A- . (...) -- C:\WINDOWS\DPINST.LOG [46582]
O44 - LFC:[MD5.E7368AABECD8B82DE91DFC9C9981D6EC] - 3/24/2015 - 2:12:38 PM ----- . (...) -- C:\WINDOWS\QTA3091K.CAT [10857]
O44 - LFC:[MD5.48BA23373D43BDCD0CEAC891AF7B7226] - 3/24/2015 - 2:41:16 PM ---A- . (...) -- C:\WINDOWS\system32\IScrNB.bmp [121232]
O44 - LFC:[MD5.CB52FDF0B373EEF6CAAB11AE6F435891] - 3/24/2015 - 2:41:16 PM ---A- . (...) -- C:\WINDOWS\system32\IScrNBR.bmp [121232]
O44 - LFC:[MD5.9826B9617A31D31FAC2B2B1DDCFEC6E3] - 3/24/2015 - 2:41:18 PM ---A- . (...) -- C:\WINDOWS\system32\igfxCoIn_v4764.dll [204800]
O44 - LFC:[MD5.7D68A53E8E22B96C1821C710DE34B63A] - 3/24/2015 - 3:25:48 AM ---A- . (...) -- C:\WINDOWS\cmsetacl.log [200]
O44 - LFC:[MD5.5C4EA8D60650F188F49C9BD1AAE7B8D7] - 3/24/2015 - 3:26:47 AM ---A- . (...) -- C:\WINDOWS\DtcInstall.log [135]
O44 - LFC:[MD5.487403459F0B2F1A3ADEEF02496BD80E] - 3/24/2015 - 3:26:54 AM ---A- . (...) -- C:\WINDOWS\vb.ini [36]
O44 - LFC:[MD5.6C2F0BA210C2B53EF07653ABAC6C2490] - 3/24/2015 - 3:26:54 AM ---A- . (...) -- C:\WINDOWS\vbaddin.ini [37]
O44 - LFC:[MD5.8F18F27C2C141492C094041A26A707B9] - 3/24/2015 - 3:27:06 AM ---A- . (...) -- C:\WINDOWS\system32\emptyregdb.dat [21640]
O44 - LFC:[MD5.DADB3267CF9AA47E7EF8BBF043FBC4B8] - 3/24/2015 - 3:27:42 AM ---A- . (...) -- C:\WINDOWS\sessmgr.setup.log [1022]
O44 - LFC:[MD5.CA46B338BB98A9173936A57F609740E2] - 3/24/2015 - 3:28:19 AM ---A- . (...) -- C:\WINDOWS\bitssetup.log [1880]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 3/24/2015 - 3:28:26 AM R-HA- . (...) -- C:\WINDOWS\WindowsShell.Manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 3/24/2015 - 3:28:26 AM R-HA- . (...) -- C:\WINDOWS\system32\cdplayer.exe.manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 3/24/2015 - 3:28:26 AM R-HA- . (...) -- C:\WINDOWS\system32\ncpa.cpl.manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 3/24/2015 - 3:28:26 AM R-HA- . (...) -- C:\WINDOWS\system32\nwc.cpl.manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 3/24/2015 - 3:28:26 AM R-HA- . (...) -- C:\WINDOWS\system32\sapi.cpl.manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 3/24/2015 - 3:28:26 AM R-HA- . (...) -- C:\WINDOWS\system32\wuaucpl.cpl.manifest [749]
O44 - LFC:[MD5.5D76C3FB736514E1D7C88791E7322784] - 3/24/2015 - 3:28:28 AM R-HA- . (...) -- C:\WINDOWS\system32\WindowsLogon.manifest [488]
O44 - LFC:[MD5.5D76C3FB736514E1D7C88791E7322784] - 3/24/2015 - 3:28:28 AM R-HA- . (...) -- C:\WINDOWS\system32\logonui.exe.manifest [488]
O44 - LFC:[MD5.53D7F47255085310F50604FDE3076F97] - 3/24/2015 - 3:29:33 AM ---A- . (...) -- C:\WINDOWS\ODBCINST.INI [4161]
O44 - LFC:[MD5.DC17DD0189B0C36D863B4DD0A036C10F] - 3/24/2015 - 3:29:37 AM ---A- . (...) -- C:\WINDOWS\WMSysPr9.prx [316640]
O44 - LFC:[MD5.6D6F4B1886E91EB37ABCCAD19C561EE0] - 3/24/2015 - 3:29:46 AM ---A- . (...) -- C:\WINDOWS\system32\amcompat.tlb [16832]
O44 - LFC:[MD5.A32B14BE5EDAE794FCE1A9E970827509] - 3/24/2015 - 3:29:46 AM ---A- . (...) -- C:\WINDOWS\system32\nscompat.tlb [23392]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 3/24/2015 - 3:29:50 AM ---A- . (...) -- C:\AUTOEXEC.BAT [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 3/24/2015 - 3:29:50 AM ---A- . (...) -- C:\CONFIG.SYS [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 3/24/2015 - 3:29:50 AM ---A- . (...) -- C:\WINDOWS\control.ini [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 3/24/2015 - 3:29:50 AM RSHA- . (...) -- C:\IO.SYS [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 3/24/2015 - 3:29:50 AM RSHA- . (...) -- C:\MSDOS.SYS [0]
O44 - LFC:[MD5.DC0D6573842201C7C911BE098A0E398F] - 3/24/2015 - 3:31:21 AM ---A- . (...) -- C:\WINDOWS\setuplog.txt [628082]
O44 - LFC:[MD5.60BF7FA604FC7D9D532A7C8F1977390C] - 3/24/2015 - 3:31:21 AM ---A- . (...) -- C:\WINDOWS\system32\$winnt$.inf [710]
O44 - LFC:[MD5.8DAA9E4972E6BFE585830188067AEC7D] - 3/24/2015 - 3:34:39 AM ---A- . (...) -- C:\WINDOWS\DPsFnshr.log [162462]
O44 - LFC:[MD5.DED4C49C39D6CEFC00FDA0C4D7D59407] - 3/24/2015 - 3:56:27 AM ---A- . (...) -- C:\WINDOWS\system32\ff_vfw.dll.manifest [714]
O44 - LFC:[MD5.B8B8047455FE5BB60652585F97424DD5] - 3/24/2015 - 3:56:27 AM ---A- . (.No owner - ffdshow VFW.) -- C:\WINDOWS\system32\ff_vfw.dll [112640]
O44 - LFC:[MD5.A0F43D4AB011F8979E597C1393CA7C50] - 3/24/2015 - 3:56:30 AM ---A- . (...) -- C:\WINDOWS\system32\unrar.dll [218200]
O44 - LFC:[MD5.C26B7B8CA40C627B9DE399F9F8FACC69] - 3/24/2015 - 3:56:33 AM ---A- . (...) -- C:\WINDOWS\system32\xvidcore.dll [650752]
O44 - LFC:[MD5.56552C7C36B6237704CE3BA9DF49FECF] - 3/24/2015 - 3:56:33 AM ---A- . (...) -- C:\WINDOWS\system32\xvidvfw.dll [243200]
O44 - LFC:[MD5.FA425C74CE2EB719B2A77A7A2ADDAE32] - 3/24/2015 - 3:56:33 AM ---A- . (.No owner - Lagarith.) -- C:\WINDOWS\system32\lagarith.dll [216064]
O44 - LFC:[MD5.FBE5C2BDED0E85F6F0E68D1D6F2521DF] - 3/24/2015 - 3:56:33 AM ---A- . (.x264vfw project - x264vfw - H.264/MPEG-4 AVC codec.) -- C:\WINDOWS\system32\x264vfw.dll [3649536]
O44 - LFC:[MD5.688AFB52517EBF2B93D5577E598C5A5F] - 3/24/2015 - 3:58:25 AM ---A- . (...) -- C:\WINDOWS\wmsetup.log [3638]
O44 - LFC:[MD5.E0EFBE3CAF441F8A1396BAF1638B9DD7] - 3/24/2015 - 3:59:47 AM ---A- . (...) -- C:\WINDOWS\COM+.log [1444]
O44 - LFC:[MD5.B41566768D2436B2B13415882E5565E4] - 3/24/2015 - 4:01:01 AM ---A- . (...) -- C:\WINDOWS\regopt.log [3582]
O44 - LFC:[MD5.A2E09ABAA1C9BEA905DD06D7E9B16204] - 3/25/2015 - 11:49:46 PM ---A- . (...) -- C:\WINDOWS\wiadebug.log [408]
O44 - LFC:[MD5.521E6FC5E52BD7DB9CABE34FE49F6A65] - 3/25/2015 - 5:57:45 PM ---A- . (...) -- C:\WINDOWS\wiaservc.log [49]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 3/26/2015 - 1:47:54 PM ---A- . (...) -- C:\فيلم الرســـــــالة - Le Message - VOSTFR - YouTube.mp4 [775174629]
O44 - LFC:[MD5.CF52C39BF39A72E4C1DA8A89F8C89E9F] - 3/28/2015 - 6:59:48 PM ---A- . (...) -- C:\WINDOWS\updspapi.log [2227]
O44 - LFC:[MD5.2E1F7CC94A701E7C21B19E947E0CDD6B] - 3/28/2015 - 6:59:59 PM ---A- . (...) -- C:\WINDOWS\imsins.BAK [1374]
O44 - LFC:[MD5.9A7C27C2D2927015ADD4479B16EFD6C3] - 3/28/2015 - 7:00:09 PM ---A- . (...) -- C:\WINDOWS\FaxSetup.log [89342]
O44 - LFC:[MD5.1BD25E39F81FE3183550644481F23B59] - 3/28/2015 - 7:00:09 PM ---A- . (...) -- C:\WINDOWS\msmqinst.log [46834]
O44 - LFC:[MD5.B6094082971DAA56562D7EBBEFC13253] - 3/28/2015 - 7:00:10 PM ---A- . (...) -- C:\WINDOWS\MedCtrOC.log [7726]
O44 - LFC:[MD5.FB86462DF9604EEA44EB724C3BFE968E] - 3/28/2015 - 7:00:10 PM ---A- . (...) -- C:\WINDOWS\comsetup.log [43060]
O44 - LFC:[MD5.7C63C1149C6D74633E92D8B153F4FFC0] - 3/28/2015 - 7:00:10 PM ---A- . (...) -- C:\WINDOWS\iis6.log [195274]
O44 - LFC:[MD5.2A26101A7FB63D61B0F14EBC1E3D61D4] - 3/28/2015 - 7:00:10 PM ---A- . (...) -- C:\WINDOWS\imsins.log [1374]
O44 - LFC:[MD5.C81ACF6B98AA99506ECD27C9B1634614] - 3/28/2015 - 7:00:10 PM ---A- . (...) -- C:\WINDOWS\netfxocm.log [16859]
O44 - LFC:[MD5.193A4734FCA1F8553E666C382E0B38DA] - 3/28/2015 - 7:00:10 PM ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [26441]
O44 - LFC:[MD5.0061F333DD700F53F8592F668F072BDB] - 3/28/2015 - 7:00:10 PM ---A- . (...) -- C:\WINDOWS\ocgen.log [79732]
O44 - LFC:[MD5.41756F00C2170A48230A9134537A477D] - 3/28/2015 - 7:00:10 PM ---A- . (...) -- C:\WINDOWS\tabletoc.log [4673]
O44 - LFC:[MD5.7B5974C3BADCEA0C1CEC40EAA70FAB03] - 3/28/2015 - 7:00:10 PM ---A- . (...) -- C:\WINDOWS\tsoc.log [52637]
~ Files: 2642 Legitimates Filtered in 48mn AMs



---\\ Operations and functions at Windows Explorer startup (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn AMs



---\\ Export authorized application key (O47)
O47 - AAKE:Key Export SP - "C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\dtuser.exe" [Enabled] .(.IAC Search and Media, Inc..) -- C:\Program Files\Movies App\Datamngr\SRTOOL~1\IE\dtuser.exe =>PUP.CrossRider
O47 - AAKE:Key Export SP - "C:\Program Files\Movies App\Datamngr\SRTOOL~2\IE\dtuser.exe" [Enabled] .(.IAC Search and Media, Inc..) -- C:\Program Files\Movies App\Datamngr\SRTOOL~2\IE\dtuser.exe =>PUP.CrossRider
~ Keys Export: 10 Legitimates Filtered in 02mn AMs



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn AMs



---\\ MountPoints2 Shell Key (MPSK) (O51)
O51 - MPSK:{378d8a3d-cb0b-11d8-b8a2-00c09fbe70ce}\AutoRun\command. (...) -- G:\AutoRun.exe (.not file.)
O51 - MPSK:{378d8a3f-cb0b-11d8-b8a2-00c09fbe70ce}\AutoRun\command. (...) -- G:\AutoRun.exe (.not file.)
O51 - MPSK:{51aebb6c-d1db-11e4-b890-00c09fbe70ce}\AutoRun\command. (...) -- G:\AutoRun.exe (.not file.)
O51 - MPSK:{89aa3d9f-cb18-11d8-b8a3-00c09fbe70ce}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{89aa3da1-cb18-11d8-b8a3-00c09fbe70ce}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{ca8b97a5-d4da-11e4-b89e-00c09fbe70ce}\AutoRun\command. (...) -- G:\AutoRun.exe (.not file.)
~ Keys: Scanned in 00mn AMs



---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "MaxRecentDocs"=18
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoSharedDocuments"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoRecentDocsNetHood"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "HonorAutoRunSetting"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDesktopCleanupWizard"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "ForceClassicControlPanel"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "MemCheckBoxInRunDlg"=1
~ MWPE Keys: 8 Legitimates Filtered in 00mn AMs



---\\ System Drivers List (SDL) (O58)
O58 - SDL:8/8/2011 - 6:13:10 PM ---A- . (.SysProgs.org - WinCDEmu virtual CDROM bus.) -- C:\WINDOWS\system32\Drivers\BazisVirtualCDBus.sys [117584]
O58 - SDL:8/9/2007 - 3:13:04 AM ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\WINDOWS\system32\Drivers\ewdcsc.sys [24448]
O58 - SDL:3/23/2015 - 8:31:25 PM ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:3/19/2015 - 2:27:06 AM ---A- . (.Tonec Inc. - Internet Download Manager TDI Driver.) -- C:\WINDOWS\system32\Drivers\idmtdi.sys [126968]
O58 - SDL:3/23/2015 - 8:35:19 PM ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:3/23/2015 - 8:29:32 PM ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9029]
O58 - SDL:3/23/2015 - 8:30:07 PM ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:3/23/2015 - 8:31:26 PM ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4768]
O58 - SDL:3/23/2015 - 8:32:11 PM ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:3/23/2015 - 8:32:11 PM ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:3/23/2015 - 8:34:41 PM ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27866]
O58 - SDL:3/23/2015 - 8:34:41 PM ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:3/23/2015 - 8:34:41 PM ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:3/23/2015 - 8:34:41 PM ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:3/23/2015 - 8:34:41 PM ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:3/23/2015 - 8:34:41 PM ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [33840]
O58 - SDL:3/23/2015 - 8:34:41 PM ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:3/23/2015 - 8:34:41 PM ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:3/23/2015 - 8:34:42 PM ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:3/23/2015 - 8:34:42 PM ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 46 Legitimates Filtered in 00mn AMs



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn AMs



---\\ List all legacy services(LALS) (O64)
O64 - Services: CurCS - 3/22/2015 - C:\Program Files\Movies App\Datamngr\DatamngrCoordinator.exe (DatamngrCoordinator) .(.Bandoo Media Inc. - Datamngr Coordinator.) - LEGACY_DATAMNGRCOORDINATOR =>PUP.CrossRider
O64 - Services: CurCS - 3/22/2015 - C:\Program Files\Movies App\Datamngr\setmgrc3.cfg (F06DEFF2-5B9C-490D-910F-35D3A91196222) .(.Bandoo Media Inc. - Datamngr Configuration.) - LEGACY_F06DEFF2-5B9C-490D-910F-35D3A91196222 =>PUP.CrossRider
O64 - Services: CurCS - 9/14/2010 - C:\Program Files\UPHClean\uphclean.exe (UPHClean) .(.Windows (R) Codename Longhorn DDK provider - User Profile Hive Cleanup Service.) - LEGACY_UPHCLEAN
~ Legacy: 113 Legitimates Filtered in 00mn AMs



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files\Opera\Launcher.exe
~ FASS Keys: 10 Legitimates Filtered in 00mn AMs



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files\Opera\launcher.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files\Opera\Launcher.exe
~ Keys: Scanned in 00mn AMs



---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - () - http://search.live.com
O69 - SBI: SearchScopes [HKCU] {66C68655-D58D-409E-846F-296E7366BAA4} [DefaultScope] - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} - (Ask.com) - http://dts.search.ask.com
O69 - SBI: SearchScopes [HKCU] {D671275A-5E31-42B8-924E-2DDF8CC2EADB} - (DuckDuckGo) - http://duckduckgo.com
O69 - SBI: SearchScopes [HKCU] {F83B7E7A-688A-47DA-A9E5-A40D9E15266B} - (Yahoo!) - http://search.yahoo.com
~ Keys: Scanned in 00mn AMs



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{c0caa5fe-7c9c-4dca-a265-63cf55379d1a}] (Movies Search App (Dist. by Bandoo Media, Inc.)) =>Adware.Bandoo
~ BCK: 4650 Legitimates Filtered in 15mn AMs



---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 3/23/2015 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 3/23/2015 224768 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Demand 6/6/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 2/19/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SR - | Auto 10/23/2012 44808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 3/22/2015 3204296 | (DatamngrCoordinator) . (.Bandoo Media Inc..) - C:\Program Files\Movies App\Datamngr\DatamngrCoordinator.exe =>PUP.CrossRider
SR - | System 3/22/2015 38472 | (F06DEFF2-5B9C-490D-910F-35D3A91196222) . (.Bandoo Media Inc..) - C:\Program Files\Movies App\Datamngr\setmgrc3.cfg =>PUP.CrossRider
SR - | Auto 3/24/2015 182696 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe
SR - | Auto 10/15/2014 2117448 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SR - | Auto 9/14/2010 399872 | (UPHClean) . (.Windows (R) Codename Longhorn DDK provider.) - C:\Program Files\UPHClean\uphclean.exe
~ Services: Scanned in 16mn AMs



---\\ Scan Additionnel (O88)
Database Version : 13008 - (3/29/2015)
Clés trouvées (Keys found) : 12
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 4
Fichiers trouvés (Files found) : 4

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C0CAA5FE-7C9C-4DCA-A265-63CF55379D1A}] =>PUP.CrossRider^
[HKLM\SYSTEM\CurrentControlSet\Services\DatamngrCoordinator] =>PUP.CrossRider^
[HKLM\SYSTEM\CurrentControlSet\Services\F06DEFF2-5B9C-490D-910F-35D3A91196222] =>PUP.CrossRider^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ilividbandoomoviestoolbarFF] =>Adware.Bandoo^
[HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Toolbar.Ask
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] =>Adware.Bandoo
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] =>Adware.Bandoo
[HKLM\Software\DataMngr] =>Adware.Bandoo
[HKCU\Software\ilivid] =>Adware.Bandoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\Arpcache\ilividbandoomoviestoolbarFF] =>Adware.Bandoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\Arpcache\ilividbandoomoviestoolbarIE] =>Adware.Bandoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ilividbandoomoviestoolbarIE] =>Adware.Bandoo
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{c0caa5fe-7c9c-4dca-a265-63cf55379d1a} =>PUP.CrossRider^
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\2ybpqjrn.default\extensions\{c0caa5fe-7c9c-4dca-a265-63cf55379d1a} =>Adware.Bandoo^
C:\Program Files\Movies App =>PUP.CrossRider^
C:\Documents and Settings\Admin\Application Data\OpenCandy =>Adware.OpenCandy^
C:\Documents and Settings\Admin\Application Data\searchresultstb =>PUP.SearchResults^
C:\Program Files\Movies App\Datamngr\DatamngrCoordinator.exe =>PUP.CrossRider^
[HKCU\Software\APNDTX] =>Toolbar.Ask^
[HKCU\Software\iLivid] =>Adware.Bandoo^
[HKCR\CLSID\{c0caa5fe-7c9c-4dca-a265-63cf55379d1a}] (Movies Search App (Dist. by Bandoo Media, Inc.)) =>Adware.Bandoo^
~ Additionnel Scan: 201626 Items scanned in 52mn AMs



---\\ Additional information about modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects (O2)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Auto loading programs from Registry and folders (O4)
~ http://nicolascoolman.fr/o50-image-file-execution-options-zhpdiag/ =>.Image File Execution Options (IFEO) (O50)
~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.MountPoints2 Shell Key (MPSK) (O51)
~ AMI: 6 Legitimates Filtered in 00mn AMs



---\\ Summary of the detections found on your workstation
http://nicolascoolman.fr/pup-crossrider =>PUP.CrossRider
http://nicolascoolman.fr/adware-bandoo =>Adware.Bandoo
http://nicolascoolman.fr/pup-bahaty =>PUP.Bahaty
http://nicolascoolman.fr/toolbar-ask =>Toolbar.Ask
http://nicolascoolman.fr/adware-opencandy =>Adware.OpenCandy
http://nicolascoolman.fr/pup-searchresults =>PUP.SearchResults
~ MSI: 6 link(s) detected in 00mn AMs



~ 3285 Legitimates filtered by white list
End of the scan (924 lines in 39mn AMs)(0.4)

Publicité


Signaler le contenu de ce document

Publicité