cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ÿþOTL logfile created on: 13/07/2015 10:01:32 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Spectre\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17842)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,90 Gb Total Physical Memory | 1,07 Gb Available Physical Memory | 27,47% Memory free
8,28 Gb Paging File | 4,61 Gb Available in Paging File | 55,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 93,66 Gb Total Space | 13,22 Gb Free Space | 14,12% Space Free | Partition Type: NTFS
Drive D: | 20,37 Gb Total Space | 2,85 Gb Free Space | 14,00% Space Free | Partition Type: NTFS

Computer Name: SPECTREXT | User Name: Spectre | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2015/07/13 09:27:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Spectre\Downloads\OTL.exe
PRC - [2015/06/20 07:46:07 | 000,813,896 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2015/06/12 09:25:00 | 000,082,112 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2015/06/10 22:36:06 | 043,871,584 | ---- | M] (Dropbox, Inc.) -- C:\Users\Spectre\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2015/05/29 10:14:05 | 000,191,696 | ---- | M] () -- C:\Program Files (x86)\Cool Deals\cool_deals_helper_service.exe
PRC - [2015/05/20 18:32:19 | 001,999,976 | ---- | M] (BitTorrent Inc.) -- C:\Users\Spectre\AppData\Roaming\BitTorrent\BitTorrent.exe
PRC - [2015/05/01 11:17:04 | 001,772,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2015/05/01 11:16:10 | 001,394,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2015/04/06 22:32:56 | 000,065,536 | -H-- | M] () -- C:\Program Files (x86)\baidu\baidu.exe
PRC - [2014/11/21 01:19:18 | 000,418,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2013/06/21 11:30:26 | 000,094,720 | ---- | M] (Simpo Technologies) -- C:\Program Files (x86)\Simpo PDF Creator Pro\SpcProSrv.exe
PRC - [2012/10/23 19:42:06 | 000,347,120 | ---- | M] () -- C:\Program Files (x86)\InternetEverywhere\InternetEverywhere_Service.exe
PRC - [2012/08/08 11:23:28 | 001,112,000 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2012/08/08 11:23:08 | 001,091,520 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2012/07/27 18:21:26 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2012/07/20 12:09:42 | 000,193,576 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\irstrtsv.exe
PRC - [2012/07/18 03:10:32 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012/07/18 03:10:30 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012/07/18 03:10:16 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/07/09 13:40:02 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/09/14 22:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2015/07/13 09:19:05 | 000,043,008 | ---- | M] () -- c:\users\spectre\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpexkz8n.dll
MOD - [2015/06/20 07:46:06 | 015,003,976 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\PepperFlash\pepflashplayer.dll
MOD - [2015/06/20 07:46:04 | 001,281,864 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libglesv2.dll
MOD - [2015/06/20 07:46:04 | 000,080,712 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libegl.dll
MOD - [2015/05/29 10:14:05 | 000,191,696 | ---- | M] () -- C:\Program Files (x86)\Cool Deals\cool_deals_helper_service.exe
MOD - [2015/04/06 22:32:56 | 000,065,536 | -H-- | M] () -- C:\Program Files (x86)\baidu\baidu.exe
MOD - [2015/03/19 09:15:28 | 000,865,280 | ---- | M] () -- C:\Users\Spectre\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
MOD - [2015/03/19 09:15:28 | 000,750,080 | ---- | M] () -- C:\Users\Spectre\AppData\Roaming\Dropbox\bin\libGLESv2.dll
MOD - [2015/03/19 09:15:28 | 000,726,016 | ---- | M] () -- C:\Users\Spectre\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
MOD - [2015/03/19 09:15:28 | 000,200,704 | ---- | M] () -- C:\Users\Spectre\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
MOD - [2015/03/19 09:15:28 | 000,047,616 | ---- | M] () -- C:\Users\Spectre\AppData\Roaming\Dropbox\bin\libEGL.dll
MOD - [2015/03/19 09:15:28 | 000,010,240 | ---- | M] () -- C:\Users\Spectre\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
MOD - [2015/03/19 09:15:28 | 000,010,240 | ---- | M] () -- C:\Users\Spectre\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - [2015/06/12 09:25:00 | 000,082,112 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2015/06/03 16:42:38 | 000,327,296 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2015/05/01 11:17:04 | 001,772,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2015/05/01 11:16:10 | 001,394,816 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2015/01/28 16:46:15 | 000,475,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2015/01/28 16:46:14 | 000,066,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV - [2015/01/28 16:46:14 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2014/11/26 18:40:36 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/11/21 01:19:24 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2014/11/21 01:18:02 | 000,367,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2014/11/21 01:18:02 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2014/11/21 01:17:56 | 002,987,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2014/10/01 20:54:28 | 000,281,488 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/10/23 19:42:06 | 000,347,120 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\InternetEverywhere\InternetEverywhere_Service.exe -- (InternetEverywhere_Service)
SRV - [2012/08/10 17:53:44 | 000,085,504 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/08/08 11:23:28 | 001,112,000 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2012/08/08 11:23:08 | 001,091,520 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2012/07/20 12:09:42 | 000,193,576 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysWOW64\irstrtsv.exe -- (irstrtsv)
SRV - [2012/07/18 03:10:32 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/18 03:10:30 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/07/18 03:10:16 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/07/14 03:02:16 | 002,451,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2012/07/09 13:40:02 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/09/14 22:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://fr.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-3576394613-746847976-1990929794-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-3576394613-746847976-1990929794-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-3576394613-746847976-1990929794-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3576394613-746847976-1990929794-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3576394613-746847976-1990929794-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3576394613-746847976-1990929794-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3576394613-746847976-1990929794-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.isUS: false
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.searchengine.desc: "this is my first firefox searchEngine"
FF - prefs.js..browser.search.searchengine.ptid: "amt"
FF - prefs.js..browser.search.searchengine.uid: "SAMSUNGXMZMPC128HBFU-000H1_S0Y8NSAC518715"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: sweetsearch%40gmail.com:1.0.0.1031
FF - prefs.js..extensions.enabledAddons: KnxrqfJEj%40gmail.com:1002.60.415.0
FF - prefs.js..extensions.enabledAddons: downintab%40max.max:1004.8.19
FF - prefs.js..extensions.enabledAddons: sweetsearch%40gmail.com:1.0.0.1031
FF - prefs.js..extensions.enabledAddons: searchffv2%40gmail.com:0.0.4
FF - prefs.js..extensions.enabledAddons: d9676068985d4d81bb390a%407be93ab3c8e144f694a0509d5.com:0.95.51
FF - prefs.js..extensions.enabledAddons: ccf7276c-d388-480f-8835-5b680025e1ca%40gmail.com:0.95.59
FF - prefs.js..extensions.enabledAddons: 389579c4-efa9-4d96-a1dd-3c86f7bd1a51%40gmail.com:0.95.51
FF - prefs.js..extensions.enabledAddons: %7B746505DC-0E21-4667-97F8-72EA6BCF5EEF%7D:1.0.0.4
FF - prefs.js..extensions.enabledAddons: e9d197d59f2f45f382b1aa5c14d82%408706aaed9b904554b5cb7984e9.com:0.95.51
FF - prefs.js..extensions.enabledAddons: TTSD90021300%40PYDKGV101145942.com:0.95.50
FF - prefs.js..extensions.enabledAddons: e7daf4d8afbe4d9ab56c9%407ab4780e92d643c7a6215.com:0.95.35
FF - prefs.js..extensions.enabledAddons: dBihzrSki%40gmail.com:1007.3.15.0
FF - prefs.js..extensions.enabledAddons: jid1-aPwS0JCl36iLkQ%40jetpack:1000.8.6
FF - prefs.js..extensions.enabledAddons: quick_searchff%40gmail.com:5.4.13
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:34.0.5
FF - prefs.js..keyword.URL: ""
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2015/07/09 10:47:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\BingExtension\\BingSearchExtension: enable
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\BingExtension\\DSE: true

[2014/12/18 13:23:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Spectre\AppData\Roaming\mozilla\Extensions
[2015/07/13 09:18:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Spectre\AppData\Roaming\mozilla\Firefox\Profiles\1lfpt6tm.default\extensions
[2015/06/30 10:07:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Spectre\AppData\Roaming\mozilla\Firefox\Profiles\1lfpt6tm.default\extensions\staged
[2015/03/18 13:25:47 | 000,006,122 | ---- | M] () -- C:\Users\Spectre\AppData\Roaming\mozilla\firefox\profiles\1lfpt6tm.default\searchplugins\bing-.xml
[2015/04/20 11:48:41 | 000,000,000 | ---- | M] () -- C:\Users\Spectre\AppData\Roaming\mozilla\firefox\profiles\1lfpt6tm.default\searchplugins\doctype-html-public--w3cdtd-html-4.xml
[2014/12/18 13:23:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/12/18 13:23:03 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\USERS\SPECTRE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1LFPT6TM.DEFAULT\EXTENSIONS\{4572B88F-B0F6-490D-AC1D-566E27C62495}.XPI
File not found (No name found) -- C:\USERS\SPECTRE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1LFPT6TM.DEFAULT\EXTENSIONS\SWEETSEARCH@GMAIL.COM
[2015/03/31 10:23:14 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

[color=#E56717]========== Chrome ==========[/color]

CHR - Extension: No name found = C:\Users\Spectre\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.4.0.9058_0\

O1 HOSTS File: ([2013/08/22 15:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Simpo PDF Creator Pro Server] C:\Program Files (x86)\Simpo PDF Creator Pro\SpcProSrv.exe (Simpo Technologies)
O4 - HKU\S-1-5-21-3576394613-746847976-1990929794-1001..\Run: [apphide] C:\Program Files (x86)\baidu\baidu.exe ()
O4 - HKU\S-1-5-21-3576394613-746847976-1990929794-1001..\Run: [BitTorrent] C:\Users\Spectre\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
O4 - HKU\S-1-5-21-3576394613-746847976-1990929794-1001..\Run: [CAHeadless] C:\Program Files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-3576394613-746847976-1990929794-1001..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-3576394613-746847976-1990929794-1001..\Run: [Dropbox Update] C:\Users\Spectre\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Spectre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Spectre\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Envoyer à Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6484F9CD-262D-487E-99D5-FBAC67B9C77B}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1D91B9F-1FAE-4BD7-BCE3-4BF01329D3D3}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{70e1793b-e743-11e4-be9c-c48508dbc21f}\Shell - "" = AutoRun
O33 - MountPoints2\{70e1793b-e743-11e4-be9c-c48508dbc21f}\Shell\AutoRun\command - "" = "E:\KODAK_Camera_Setup_App.exe"
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)



SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: TBS - Service
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {9DA2B80F-F89F-4A49-A5C2-511B085B9E8A} - Enhanced Storage Devices
SafeBootMin: {A0A588A4-C46F-4B37-B7EA-C82FE89870C6} - SDA Standard Compliant SD Host Controller
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdpencdd.sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SmartcardSimulator - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TBS - Service
SafeBootNet: TDI - Driver Group
SafeBootNet: VirtualSmartcardReader - Driver
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {9DA2B80F-F89F-4A49-A5C2-511B085B9E8A} - Enhanced Storage Devices
SafeBootNet: {A0A588A4-C46F-4B37-B7EA-C82FE89870C6} - SDA Standard Compliant SD Host Controller
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\WINDOWS\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll",CreateReaderUserSettings
ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EC43E638-09F0-38CC-A585-72FCCDDF035C} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

Drivers32: aux - wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi - wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - midimap.dll (Microsoft Corporation)
Drivers32: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32: vidc.cvid - iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - msyuv.dll (Microsoft Corporation)
Drivers32: wave - wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - msacm32.drv (Microsoft Corporation)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2015/07/13 09:10:42 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/07/01 10:10:58 | 000,000,000 | ---D | C] -- C:\Users\Spectre\AppData\Local\GWX
[2015/06/26 09:46:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CutterMaker
[2015/06/26 09:45:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UrlChecker
[2015/06/17 11:50:38 | 000,000,000 | ---D | C] -- C:\Users\Spectre\Documents\islem ftiss
[2015/06/17 09:23:50 | 000,000,000 | ---D | C] -- C:\Users\Spectre\Documents\UNFTK
[2015/06/17 09:16:50 | 000,000,000 | ---D | C] -- C:\Users\Spectre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2015/06/17 09:16:19 | 000,000,000 | ---D | C] -- C:\Users\Spectre\AppData\Local\Dropbox
[2015/06/17 09:16:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Dropbox
[2015/06/15 10:45:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Migration
[1 C:\Users\Spectre\Desktop\*.tmp files -> C:\Users\Spectre\Desktop\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2015/07/13 10:02:29 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2015/07/13 09:43:00 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\Bidaily Synchronize Task[pr].job
[2015/07/13 09:21:12 | 000,001,224 | ---- | M] () -- C:\WINDOWS\tasks\DropboxUpdateTaskUserS-1-5-21-3576394613-746847976-1990929794-1001UA.job
[2015/07/13 09:21:00 | 000,001,172 | ---- | M] () -- C:\WINDOWS\tasks\DropboxUpdateTaskUserS-1-5-21-3576394613-746847976-1990929794-1001Core.job
[2015/07/13 09:20:32 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2015/07/13 09:18:43 | 000,000,526 | ---- | M] () -- C:\WINDOWS\tasks\cool_deals_helper_service.job
[2015/07/13 09:18:31 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2015/07/13 09:18:30 | 3348,959,232 | -HS- | M] () -- C:\hiberfil.sys
[2015/07/13 08:02:09 | 000,000,024 | ---- | M] () -- C:\Users\Spectre\AppData\Roaming\appdataFr25.bin
[2015/07/09 13:19:43 | 000,030,035 | ---- | M] () -- C:\Users\Spectre\Desktop\shared economy.jpg
[2015/07/09 10:47:01 | 000,002,067 | ---- | M] () -- C:\Users\Public\Desktop\Acrobat Reader DC.lnk
[2015/07/08 12:04:00 | 000,000,360 | ---- | M] () -- C:\WINDOWS\tasks\HPCeeScheduleForSpectre.job
[2015/07/07 08:05:21 | 000,064,992 | ---- | M] () -- C:\Users\Spectre\Desktop\immeuble.JPG
[2015/07/06 23:24:13 | 000,792,568 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2015/07/06 23:24:13 | 000,178,168 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2015/07/06 12:03:16 | 000,283,606 | ---- | M] () -- C:\Users\Spectre\Desktop\Country Logistic Manager_Khaled Essaidi.pdf
[2015/07/06 11:38:46 | 000,288,173 | ---- | M] () -- C:\Users\Spectre\Desktop\Country Logistic Manager_Amin Riahi.pdf
[2015/07/04 17:38:09 | 000,031,346 | ---- | M] () -- C:\Users\Spectre\Desktop\Zouhair rec letter_Nadia Blackton.pdf
[2015/07/04 17:32:33 | 000,110,356 | ---- | M] () -- C:\Users\Spectre\Desktop\Karen Kaplan_Recommendation Letter_ Zouhair Bouallagui.pdf
[2015/07/04 17:30:34 | 000,202,988 | ---- | M] () -- C:\Users\Spectre\Desktop\Zouhair Bouallagui_cover letter.pdf
[2015/07/04 17:30:11 | 000,200,343 | ---- | M] () -- C:\Users\Spectre\Desktop\Zouhair Bouallagui.pdf
[2015/07/02 12:03:19 | 000,207,422 | ---- | M] () -- C:\Users\Spectre\Desktop\EEO_Candidate_Voluntary_Self_Form_May_2014_Zouhair Bouallagui.pdf
[2015/06/25 10:29:32 | 000,000,004 | ---- | M] () -- C:\WINDOWS\SysWow64\029B560A371F4E00AB32838EBC01B9E7
[2015/06/25 10:15:31 | 000,002,201 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015/06/25 10:15:31 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2015/06/25 10:15:30 | 000,002,297 | ---- | M] () -- C:\Users\Spectre\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2015/06/25 10:15:30 | 000,001,440 | ---- | M] () -- C:\Users\Spectre\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2015/06/25 10:06:21 | 000,017,189 | ---- | M] () -- C:\Users\Spectre\Desktop\Samurai watch 2.jpg
[2015/06/25 10:05:29 | 000,017,993 | ---- | M] () -- C:\Users\Spectre\Desktop\Samurai Watch 1.jpg
[2015/06/17 09:17:04 | 000,001,153 | ---- | M] () -- C:\Users\Spectre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[1 C:\Users\Spectre\Desktop\*.tmp files -> C:\Users\Spectre\Desktop\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2015/07/13 10:02:29 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2015/07/09 13:19:42 | 000,030,035 | ---- | C] () -- C:\Users\Spectre\Desktop\shared economy.jpg
[2015/07/09 10:47:01 | 000,002,457 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
[2015/07/09 10:47:01 | 000,002,067 | ---- | C] () -- C:\Users\Public\Desktop\Acrobat Reader DC.lnk
[2015/07/06 13:33:30 | 000,064,992 | ---- | C] () -- C:\Users\Spectre\Desktop\immeuble.JPG
[2015/07/06 12:03:16 | 000,283,606 | ---- | C] () -- C:\Users\Spectre\Desktop\Country Logistic Manager_Khaled Essaidi.pdf
[2015/07/06 11:38:45 | 000,288,173 | ---- | C] () -- C:\Users\Spectre\Desktop\Country Logistic Manager_Amin Riahi.pdf
[2015/07/04 17:38:09 | 000,031,346 | ---- | C] () -- C:\Users\Spectre\Desktop\Zouhair rec letter_Nadia Blackton.pdf
[2015/07/04 17:32:33 | 000,110,356 | ---- | C] () -- C:\Users\Spectre\Desktop\Karen Kaplan_Recommendation Letter_ Zouhair Bouallagui.pdf
[2015/07/04 17:30:34 | 000,202,988 | ---- | C] () -- C:\Users\Spectre\Desktop\Zouhair Bouallagui_cover letter.pdf
[2015/07/04 17:30:10 | 000,200,343 | ---- | C] () -- C:\Users\Spectre\Desktop\Zouhair Bouallagui.pdf
[2015/07/02 12:03:16 | 000,207,422 | ---- | C] () -- C:\Users\Spectre\Desktop\EEO_Candidate_Voluntary_Self_Form_May_2014_Zouhair Bouallagui.pdf
[2015/06/26 09:57:23 | 000,000,024 | ---- | C] () -- C:\Users\Spectre\AppData\Roaming\appdataFr25.bin
[2015/06/25 10:06:21 | 000,017,189 | ---- | C] () -- C:\Users\Spectre\Desktop\Samurai watch 2.jpg
[2015/06/25 10:05:28 | 000,017,993 | ---- | C] () -- C:\Users\Spectre\Desktop\Samurai Watch 1.jpg
[2015/06/17 09:16:20 | 000,001,224 | ---- | C] () -- C:\WINDOWS\tasks\DropboxUpdateTaskUserS-1-5-21-3576394613-746847976-1990929794-1001UA.job
[2015/06/17 09:16:20 | 000,001,172 | ---- | C] () -- C:\WINDOWS\tasks\DropboxUpdateTaskUserS-1-5-21-3576394613-746847976-1990929794-1001Core.job
[2015/06/08 15:14:23 | 000,175,616 | ---- | C] () -- C:\WINDOWS\SysWow64\unrar.dll
[2015/05/20 21:33:40 | 000,120,832 | ---- | C] () -- C:\WINDOWS\PreConvertPro.dll
[2015/03/31 10:14:36 | 000,004,387 | ---- | C] () -- C:\Users\Spectre\AppData\Roaming\h4M5JnV4HU9iXCjjGP6
[2015/01/30 10:25:33 | 000,000,290 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2015/01/28 16:50:23 | 001,959,360 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2014/11/21 01:19:40 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2014/11/21 01:18:02 | 000,107,008 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2014/11/21 00:55:19 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2014/10/06 11:13:59 | 000,014,427 | ---- | C] () -- C:\Users\Spectre\AppData\Roaming\AbsoluteReminder.xml
[2014/10/01 20:54:10 | 000,183,808 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
[2014/10/01 20:54:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\SysWow64\igdail32.dll
[2013/08/22 17:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013/08/22 17:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013/08/22 16:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/22 09:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013/08/22 01:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013/08/22 01:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2015/01/28 17:00:37 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015/02/12 19:40:58 | 022,291,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/02/12 19:34:06 | 019,731,824 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2014/11/21 01:18:18 | 001,013,760 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2014/11/21 01:19:18 | 000,786,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2014/11/21 01:18:18 | 000,512,512 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== LOP Check ==========[/color]

[2015/05/21 16:03:38 | 000,000,000 | ---D | M] -- C:\Users\Spectre\AppData\Roaming\Baidu
[2015/07/13 10:04:10 | 000,000,000 | ---D | M] -- C:\Users\Spectre\AppData\Roaming\BitTorrent
[2015/07/13 09:19:12 | 000,000,000 | ---D | M] -- C:\Users\Spectre\AppData\Roaming\Dropbox
[2015/04/20 11:45:29 | 000,000,000 | ---D | M] -- C:\Users\Spectre\AppData\Roaming\DVDVideoSoft
[2015/04/20 11:53:03 | 000,000,000 | ---D | M] -- C:\Users\Spectre\AppData\Roaming\FileAdvisor
[2014/12/19 22:41:05 | 000,000,000 | ---D | M] -- C:\Users\Spectre\AppData\Roaming\InternetEverywhere
[2015/04/20 11:49:16 | 000,000,000 | ---D | M] -- C:\Users\Spectre\AppData\Roaming\Opera Software
[2015/01/13 15:07:01 | 000,000,000 | ---D | M] -- C:\Users\Spectre\AppData\Roaming\PDF Architect 2
[2014/10/06 11:13:01 | 000,000,000 | ---D | M] -- C:\Users\Spectre\AppData\Roaming\Synaptics
[2015/05/21 14:08:29 | 000,000,000 | ---D | M] -- C:\Users\Spectre\AppData\Roaming\uTorrent
[2015/04/21 15:50:52 | 000,000,000 | ---D | M] -- C:\Users\Spectre\AppData\Roaming\ZHP

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color]
[2012/07/26 05:44:30 | 000,398,156 | RHS- | M] () -- C:\bootmgr
[2013/06/18 14:18:29 | 000,000,001 | -HS- | M] () -- C:\BOOTNXT
[2012/08/04 01:21:37 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2015/07/13 09:18:30 | 3348,959,232 | -HS- | M] () -- C:\hiberfil.sys
[2015/07/13 09:18:31 | 414,367,743 | -HS- | M] () -- C:\pagefile.sys
[2015/07/13 10:02:29 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014/10/06 21:10:23 | 000,000,000 | ---- | M] () -- C:\Recovery.txt
[2015/07/13 09:18:31 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2015/05/20 21:21:51 | 000,000,011 | ---- | M] () -- C:\trace.ini

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]

[color=#A23BEC]< %PROGRAMFILES%\*.* >[/color]
[2013/08/22 17:34:52 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

[color=#A23BEC]< %PROGRAMFILES%\*. >[/color]
[2015/06/25 10:22:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Absolute Software
[2015/07/09 10:46:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2015/05/20 21:21:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Auralog
[2015/06/25 10:14:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AviSynth 2.5
[2015/06/08 15:13:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AVN Products
[2015/05/21 16:17:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\baidu
[2015/05/21 16:05:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\BaiduSd3.0
[2014/12/17 17:39:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cisco
[2015/05/21 16:06:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2015/05/29 10:14:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cool Deals
[2015/06/26 09:46:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CutterMaker
[2012/10/21 04:01:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CyberLink
[2015/05/21 19:03:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2014/12/16 11:53:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hewlett-Packard
[2012/08/21 20:34:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HPConnectedMusic
[2015/05/15 12:54:41 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2015/01/28 16:54:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel
[2015/06/15 10:45:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2014/12/19 21:47:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\InternetEverywhere
[2015/06/08 15:14:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\K-Lite Codec Pack
[2015/03/11 23:48:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Lenovo
[2014/12/15 21:39:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Analysis Services
[2014/12/15 21:40:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2014/12/15 21:41:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server
[2012/08/21 20:28:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2015/02/02 12:07:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2015/07/13 09:18:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2014/12/18 13:23:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2015/01/28 16:46:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2014/10/06 11:13:24 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Online Services
[2015/04/20 11:49:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Opera
[2012/10/21 03:51:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2015/01/28 16:46:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2015/05/21 16:02:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SevenZip
[2015/05/20 21:34:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Simpo PDF Creator Pro
[2015/07/13 08:02:30 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2012/10/21 03:57:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\sMedio
[2012/10/21 04:05:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SymSilent
[2015/06/26 09:45:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\UrlChecker
[2015/03/15 12:53:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2012/08/21 20:28:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2014/11/21 07:55:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2015/01/28 16:54:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2014/11/21 07:55:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Multimedia Platform
[2013/08/22 17:36:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2014/11/21 07:55:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2014/11/21 07:55:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2015/01/28 16:54:05 | 000,000,000 | -HSD | M] -- C:\Program Files (x86)\Windows Sidebar
[2013/08/22 17:36:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WindowsPowerShell
[2015/01/08 14:48:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WinRAR

[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2013/08/22 14:43:40 | 000,062,304 | ---- | M] (Microsoft Corporation) MD5=7DFAEBA9AD62D20102B576D5CAC45EC8 -- C:\WINDOWS\SysNative\drivers\AGP440.sys
[2013/08/22 14:43:40 | 000,062,304 | ---- | M] (Microsoft Corporation) MD5=7DFAEBA9AD62D20102B576D5CAC45EC8 -- C:\WINDOWS\SysNative\DriverStore\FileRepository\machine.inf_amd64_36be84f8fc597ea3\AGP440.sys
[2013/08/22 14:43:40 | 000,062,304 | ---- | M] (Microsoft Corporation) MD5=7DFAEBA9AD62D20102B576D5CAC45EC8 -- C:\Windows\WinSxS\amd64_machine.inf_31bf3856ad364e35_6.3.9600.17238_none_ab0b455c927bd60f\AGP440.sys

[color=#A23BEC]< MD5 for: APPMGMTS.DLL >[/color]
[2013/08/22 16:55:04 | 000,086,064 | ---- | M] () MD5=1336BE8A8B1E8B8744D5217AE5FDD303 -- C:\Windows\WinSxS\amd64_microsoft-windows-g..oftwareinstallation_31bf3856ad364e35_6.3.9600.16384_none_728d486f3000a7ad\appmgmts.dll
[2014/11/21 08:31:19 | 000,087,855 | ---- | M] () MD5=5B2A9B5E87542C65457B527CC512AF25 -- C:\Windows\WinSxS\amd64_microsoft-windows-g..oftwareinstallation_31bf3856ad364e35_6.3.9600.17415_none_72d9e34b2fc71435\appmgmts.dll
[2013/08/22 17:00:05 | 000,071,466 | ---- | M] () MD5=9424C4C8AE9114A121553818824D33A3 -- C:\Windows\WinSxS\wow64_microsoft-windows-g..oftwareinstallation_31bf3856ad364e35_6.3.9600.16384_none_7ce1f2c1646169a8\appmgmts.dll
[2014/11/21 08:32:39 | 000,072,712 | ---- | M] () MD5=C73D54BF555388E7DF11A9C0AFC1F139 -- C:\Windows\WinSxS\wow64_microsoft-windows-g..oftwareinstallation_31bf3856ad364e35_6.3.9600.17415_none_7d2e8d9d6427d630\appmgmts.dll

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2013/08/22 14:43:41 | 000,026,464 | ---- | M] (Microsoft Corporation) MD5=74B14192CF79A72F7536B27CB8814FBD -- C:\WINDOWS\SysNative\drivers\atapi.sys
[2013/08/22 14:43:41 | 000,026,464 | ---- | M] (Microsoft Corporation) MD5=74B14192CF79A72F7536B27CB8814FBD -- C:\WINDOWS\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_64aa4354da84c2df\atapi.sys
[2013/08/22 14:43:41 | 000,026,464 | ---- | M] (Microsoft Corporation) MD5=74B14192CF79A72F7536B27CB8814FBD -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.3.9600.16384_none_cdf68824f580d510\atapi.sys

[color=#A23BEC]< MD5 for: AUTOCHK.EXE >[/color]
[2014/11/21 00:55:24 | 000,792,576 | ---- | M] (Microsoft Corporation) MD5=1D31E78ED5C40B5C6CC8D3DE713177A5 -- C:\Windows\SysWOW64\autochk.exe
[2014/11/21 00:55:24 | 000,792,576 | ---- | M] (Microsoft Corporation) MD5=1D31E78ED5C40B5C6CC8D3DE713177A5 -- C:\Windows\WinSxS\x86_microsoft-windows-autochk_31bf3856ad364e35_6.3.9600.17031_none_76c6a414dd35029f\autochk.exe
[2014/11/21 00:55:04 | 000,890,880 | ---- | M] (Microsoft Corporation) MD5=387A1E98BE548E4F199343CBA01E9D6D -- C:\WINDOWS\SysNative\autochk.exe
[2014/11/21 00:55:04 | 000,890,880 | ---- | M] (Microsoft Corporation) MD5=387A1E98BE548E4F199343CBA01E9D6D -- C:\Windows\WinSxS\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.3.9600.17031_none_d2e53f98959273d5\autochk.exe

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2013/08/22 13:40:24 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=EC19013E4CF87609534165DF897274D6 -- C:\WINDOWS\SysNative\drivers\beep.sys
[2013/08/22 13:40:24 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=EC19013E4CF87609534165DF897274D6 -- C:\Windows\WinSxS\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.3.9600.16384_none_b4df015ddb944ecf\beep.sys

[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2015/03/15 13:09:07 | 000,087,190 | ---- | M] () MD5=1BF154F7BFAE2B9E0545FB09946C1817 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17415_none_42bfa1f94d79e1bb\explorer.exe
[2015/02/04 14:53:44 | 000,395,976 | ---- | M] () MD5=45DD8FAA7B53ABD29BCB9BACABFFC818 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17284_none_4272ee6f4db391ad\explorer.exe
[2015/03/15 15:43:03 | 000,107,122 | ---- | M] () MD5=52063502D4A2E28FEBEA781D0EE5C453 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17415_none_4d144c4b81daa3b6\explorer.exe
[2015/02/04 15:30:37 | 000,351,441 | ---- | M] () MD5=6A6935B33EE18E13EDFEF98404654FA5 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17238_none_4d01a98581e82d4f\explorer.exe
[2015/01/28 01:41:17 | 002,207,488 | ---- | M] (Microsoft Corporation) MD5=91E24273FCA076EA9E65DAFA98901225 -- C:\Windows\SysWOW64\explorer.exe
[2015/01/28 01:41:17 | 002,207,488 | ---- | M] (Microsoft Corporation) MD5=91E24273FCA076EA9E65DAFA98901225 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17667_none_4ce0410f82015c67\explorer.exe
[2015/02/04 15:30:41 | 000,338,811 | ---- | M] () MD5=9E110FC1BA4AB7CB5F2F9D27DB534223 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17284_none_4cc798c1821453a8\explorer.exe
[2015/01/28 01:47:12 | 002,501,368 | ---- | M] (Microsoft Corporation) MD5=C10A66189DC8C090E7C84873EDCEBC88 -- C:\Windows\explorer.exe
[2015/01/28 01:47:12 | 002,501,368 | ---- | M] (Microsoft Corporation) MD5=C10A66189DC8C090E7C84873EDCEBC88 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17667_none_428b96bd4da09a6c\explorer.exe
[2015/02/04 14:53:41 | 000,406,199 | ---- | M] () MD5=C976EC89ECC3E8F0A96CF0FB4B2D4524 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17238_none_42acff334d876b54\explorer.exe

[color=#A23BEC]< MD5 for: HIDSERV.DLL >[/color]
[2014/11/21 01:18:02 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=AE71B1BC1A17000F7B8F9AB79D4668D4 -- C:\Windows\SysWOW64\hidserv.dll
[2014/11/21 01:18:02 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=AE71B1BC1A17000F7B8F9AB79D4668D4 -- C:\Windows\WinSxS\wow64_microsoft-windows-hid-user_31bf3856ad364e35_6.3.9600.17415_none_d20beda68f8cdd2e\hidserv.dll
[2014/11/21 01:18:36 | 000,033,792 | ---- | M] (Microsoft Corporation) MD5=EA85B5093DF7B5C3E80362B053740AE2 -- C:\WINDOWS\SysNative\hidserv.dll
[2014/11/21 01:18:36 | 000,033,792 | ---- | M] (Microsoft Corporation) MD5=EA85B5093DF7B5C3E80362B053740AE2 -- C:\Windows\WinSxS\amd64_microsoft-windows-hid-user_31bf3856ad364e35_6.3.9600.17415_none_c7b743545b2c1b33\hidserv.dll

[color=#A23BEC]< MD5 for: IASTORV.SYS >[/color]
[2013/08/22 14:43:45 | 000,412,000 | ---- | M] (Intel Corporation) MD5=A2200C3033FA4EF249FC096A7A7D02A2 -- C:\WINDOWS\SysNative\drivers\iaStorV.sys
[2013/08/22 14:43:45 | 000,412,000 | ---- | M] (Intel Corporation) MD5=A2200C3033FA4EF249FC096A7A7D02A2 -- C:\WINDOWS\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_5069105fb236ae4b\iaStorV.sys
[2013/08/22 14:43:45 | 000,412,000 | ---- | M] (Intel Corporation) MD5=A2200C3033FA4EF249FC096A7A7D02A2 -- C:\Windows\WinSxS\amd64_iastorv.inf_31bf3856ad364e35_6.3.9600.16384_none_9fcfb2835bbf0103\iaStorV.sys

[color=#A23BEC]< MD5 for: IMM32.DLL >[/color]
[2014/11/21 01:18:16 | 000,141,312 | ---- | M] (Microsoft Corporation) MD5=59452E147C6A5D055E5EBCB6B8E99CB7 -- C:\Windows\SysWOW64\imm32.dll
[2014/11/21 01:18:16 | 000,141,312 | ---- | M] (Microsoft Corporation) MD5=59452E147C6A5D055E5EBCB6B8E99CB7 -- C:\Windows\WinSxS\wow64_microsoft-windows-imm32_31bf3856ad364e35_6.3.9600.17415_none_57b5c34f828931f9\imm32.dll
[2014/11/21 01:19:14 | 000,210,744 | ---- | M] (Microsoft Corporation) MD5=DEB33D08FBF708CAAC08080054D4C7CC -- C:\WINDOWS\SysNative\imm32.dll
[2014/11/21 01:19:14 | 000,210,744 | ---- | M] (Microsoft Corporation) MD5=DEB33D08FBF708CAAC08080054D4C7CC -- C:\Windows\WinSxS\amd64_microsoft-windows-imm32_31bf3856ad364e35_6.3.9600.17415_none_4d6118fd4e286ffe\imm32.dll

[color=#A23BEC]< MD5 for: KERNEL32.DLL >[/color]
[2014/11/21 01:19:24 | 001,040,384 | ---- | M] (Microsoft Corporation) MD5=00DC86D9068D7E780407A8B66E2AFD9D -- C:\Windows\SysWOW64\kernel32.dll
[2014/11/21 01:19:24 | 001,040,384 | ---- | M] (Microsoft Corporation) MD5=00DC86D9068D7E780407A8B66E2AFD9D -- C:\Windows\WinSxS\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.3.9600.17415_none_8f1d8a7a5e69bda5\kernel32.dll
[2014/11/21 01:18:31 | 001,309,744 | ---- | M] (Microsoft Corporation) MD5=4F455778B6CDA2FD61D4F8B0A3E0543C -- C:\WINDOWS\SysNative\kernel32.dll
[2014/11/21 01:18:31 | 001,309,744 | ---- | M] (Microsoft Corporation) MD5=4F455778B6CDA2FD61D4F8B0A3E0543C -- C:\Windows\WinSxS\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.3.9600.17415_none_84c8e0282a08fbaa\kernel32.dll

[color=#A23BEC]< MD5 for: MSWSOCK.DLL >[/color]
[2014/11/21 01:19:41 | 000,286,208 | ---- | M] (Microsoft Corporation) MD5=98ECA44A09EFA23890205D2B5233FC96 -- C:\Windows\SysWOW64\mswsock.dll
[2014/11/21 01:19:41 | 000,286,208 | ---- | M] (Microsoft Corporation) MD5=98ECA44A09EFA23890205D2B5233FC96 -- C:\Windows\WinSxS\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.3.9600.17415_none_4d3fb66948abc054\mswsock.dll
[2014/11/21 01:18:01 | 000,339,456 | ---- | M] (Microsoft Corporation) MD5=B394EB3E443DCB195BC65B9A54CD8FE3 -- C:\WINDOWS\SysNative\mswsock.dll
[2014/11/21 01:18:01 | 000,339,456 | ---- | M] (Microsoft Corporation) MD5=B394EB3E443DCB195BC65B9A54CD8FE3 -- C:\Windows\WinSxS\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.3.9600.17415_none_a95e51ed0109318a\mswsock.dll

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2015/02/05 22:24:44 | 001,113,920 | ---- | M] (Microsoft Corporation) MD5=6D3A2565E01B3E4B0F1BEDB0D4B00B3F -- C:\WINDOWS\SysNative\drivers\ndis.sys
[2015/02/05 22:24:44 | 001,113,920 | ---- | M] (Microsoft Corporation) MD5=6D3A2565E01B3E4B0F1BEDB0D4B00B3F -- C:\Windows\WinSxS\amd64_microsoft-windows-ndis-minwin_31bf3856ad364e35_6.3.9600.17673_none_4a1d9ccbfbfbedff\ndis.sys
[2015/03/15 13:10:52 | 000,080,695 | ---- | M] () MD5=9C48968B0344AD63559D0D080DA66103 -- C:\Windows\WinSxS\amd64_microsoft-windows-ndis-minwin_31bf3856ad364e35_6.3.9600.17399_none_4a0df8fdfc06c676\ndis.sys
[2015/02/04 14:59:20 | 000,162,319 | ---- | M] () MD5=A627B5D38300791075615FF3C8BB3991 -- C:\Windows\WinSxS\amd64_microsoft-windows-ndis-minwin_31bf3856ad364e35_6.3.9600.17199_none_4a0df531fc06cc28\ndis.sys

[color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color]
[2014/11/21 01:18:01 | 000,838,656 | ---- | M] (Microsoft Corporation) MD5=02D117FC638B768BD1A15F8000B83EAE -- C:\WINDOWS\SysNative\netlogon.dll
[2014/11/21 01:18:01 | 000,838,656 | ---- | M] (Microsoft Corporation) MD5=02D117FC638B768BD1A15F8000B83EAE -- C:\Windows\WinSxS\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.3.9600.17415_none_eec2b22a0bb75b53\netlogon.dll
[2014/11/21 01:19:41 | 000,695,296 | ---- | M] (Microsoft Corporation) MD5=CCEC6CB98A00ECE7F5AFB9C0FC9427B3 -- C:\Windows\SysWOW64\netlogon.dll
[2014/11/21 01:19:41 | 000,695,296 | ---- | M] (Microsoft Corporation) MD5=CCEC6CB98A00ECE7F5AFB9C0FC9427B3 -- C:\Windows\WinSxS\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.3.9600.17415_none_f9175c7c40181d4e\netlogon.dll

[color=#A23BEC]< MD5 for: NTFS.SYS >[/color]
[2014/11/21 01:18:00 | 002,025,792 | ---- | M] (Microsoft Corporation) MD5=7F68063A5A0461E02BC860CE0E6BFDDC -- C:\WINDOWS\SysNative\drivers\ntfs.sys
[2014/11/21 01:18:00 | 002,025,792 | ---- | M] (Microsoft Corporation) MD5=7F68063A5A0461E02BC860CE0E6BFDDC -- C:\Windows\WinSxS\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.3.9600.17401_none_9782f367f0a48b42\ntfs.sys
[2015/02/04 14:59:36 | 000,378,139 | ---- | M] () MD5=E5D1987CD7FBB2169440CD9B8E2AB87E -- C:\Windows\WinSxS\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.3.9600.17238_none_976981ddf0b69628\ntfs.sys

[color=#A23BEC]< MD5 for: NVSTOR.SYS >[/color]
[2013/08/22 14:43:32 | 000,168,288 | ---- | M] (NVIDIA Corporation) MD5=1F43ABFFAC3D6CA356851D517392966E -- C:\WINDOWS\SysNative\drivers\nvstor.sys
[2013/08/22 14:43:32 | 000,168,288 | ---- | M] (NVIDIA Corporation) MD5=1F43ABFFAC3D6CA356851D517392966E -- C:\WINDOWS\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_7ba65ba4b222e751\nvstor.sys
[2013/08/22 14:43:32 | 000,168,288 | ---- | M] (NVIDIA Corporation) MD5=1F43ABFFAC3D6CA356851D517392966E -- C:\Windows\WinSxS\amd64_nvraid.inf_31bf3856ad364e35_6.3.9600.16384_none_2a99233292f5aadb\nvstor.sys

[color=#A23BEC]< MD5 for: PROQUOTA.EXE >[/color]
[2014/11/21 01:18:41 | 000,032,256 | ---- | M] (Microsoft Corporation) MD5=864379396733031C99B64550358CAEBD -- C:\WINDOWS\SysNative\proquota.exe
[2014/11/21 01:18:41 | 000,032,256 | ---- | M] (Microsoft Corporation) MD5=864379396733031C99B64550358CAEBD -- C:\Windows\WinSxS\amd64_microsoft-windows-proquota_31bf3856ad364e35_6.3.9600.17415_none_18d1f2be66229ae5\proquota.exe
[2014/11/21 01:19:29 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=DF801B9FC4247EBFBFE07E5EC417C5B0 -- C:\Windows\SysWOW64\proquota.exe
[2014/11/21 01:19:29 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=DF801B9FC4247EBFBFE07E5EC417C5B0 -- C:\Windows\WinSxS\x86_microsoft-windows-proquota_31bf3856ad364e35_6.3.9600.17415_none_bcb3573aadc529af\proquota.exe

[color=#A23BEC]< MD5 for: QMGR.DLL >[/color]
[2014/11/21 01:18:22 | 000,933,376 | ---- | M] (Microsoft Corporation) MD5=48554994279BFE17A3D2B00076D0CB1A -- C:\WINDOWS\SysNative\qmgr.dll
[2014/11/21 01:18:22 | 000,933,376 | ---- | M] (Microsoft Corporation) MD5=48554994279BFE17A3D2B00076D0CB1A -- C:\Windows\WinSxS\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.3.9600.17415_none_149bbfd3cd2f7e88\qmgr.dll

[color=#A23BEC]< MD5 for: SCECLI.DLL >[/color]
[2014/11/21 01:18:37 | 000,274,944 | ---- | M] (Microsoft Corporation) MD5=9A475B8F19A15BFDE8DF84E40ECAE8AA -- C:\WINDOWS\SysNative\scecli.dll
[2014/11/21 01:18:37 | 000,274,944 | ---- | M] (Microsoft Corporation) MD5=9A475B8F19A15BFDE8DF84E40ECAE8AA -- C:\Windows\WinSxS\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.3.9600.17415_none_2918dd42acd8e20e\scecli.dll
[2014/11/21 01:19:29 | 000,214,016 | ---- | M] (Microsoft Corporation) MD5=FB740FE549197E7B08021EF30327921D -- C:\Windows\SysWOW64\scecli.dll
[2014/11/21 01:19:29 | 000,214,016 | ---- | M] (Microsoft Corporation) MD5=FB740FE549197E7B08021EF30327921D -- C:\Windows\WinSxS\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.3.9600.17415_none_336d8794e139a409\scecli.dll

[color=#A23BEC]< MD5 for: SPOOLSV.EXE >[/color]
[2015/02/04 15:00:40 | 000,144,407 | ---- | M] () MD5=5E94BD87266C67420DCB3FF2516D8A9D -- C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.3.9600.17238_none_c743fb429553c1ab\spoolsv.exe
[2014/11/21 01:19:00 | 000,827,392 | ---- | M] (Microsoft Corporation) MD5=FCB156A6745631A67DEA61827061D483 -- C:\WINDOWS\SysNative\spoolsv.exe
[2014/11/21 01:19:00 | 000,827,392 | ---- | M] (Microsoft Corporation) MD5=FCB156A6745631A67DEA61827061D483 -- C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.3.9600.17415_none_c7569e0895463812\spoolsv.exe

[color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color]
[2014/11/21 01:19:41 | 000,033,088 | ---- | M] (Microsoft Corporation) MD5=D0ABC231C0B3E88C6B612B28ABBF734D -- C:\Windows\SysWOW64\svchost.exe
[2014/11/21 01:19:41 | 000,033,088 | ---- | M] (Microsoft Corporation) MD5=D0ABC231C0B3E88C6B612B28ABBF734D -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.3.9600.17415_none_4aa7b90420adbfab\svchost.exe
[2014/11/21 01:18:00 | 000,038,792 | ---- | M] (Microsoft Corporation) MD5=E3A2AD05E24105B35E986CF9CB38EC47 -- C:\WINDOWS\SysNative\svchost.exe
[2014/11/21 01:18:00 | 000,038,792 | ---- | M] (Microsoft Corporation) MD5=E3A2AD05E24105B35E986CF9CB38EC47 -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.3.9600.17415_none_a6c65487d90b30e1\svchost.exe

[color=#A23BEC]< MD5 for: TERMSRV.DLL >[/color]
[2014/11/21 01:19:09 | 001,114,624 | ---- | M] (Microsoft Corporation) MD5=C50997E282576DA492EBA66B059D4196 -- C:\WINDOWS\SysNative\termsrv.dll
[2014/11/21 01:19:09 | 001,114,624 | ---- | M] (Microsoft Corporation) MD5=C50997E282576DA492EBA66B059D4196 -- C:\Windows\WinSxS\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.3.9600.17415_none_7faa3caf28018a5e\termsrv.dll

[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color]
[2014/11/21 01:18:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=5C131534A3EA4A461A793FB507A8004F -- C:\WINDOWS\SysNative\userinit.exe
[2014/11/21 01:18:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=5C131534A3EA4A461A793FB507A8004F -- C:\Windows\WinSxS\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.3.9600.17415_none_cd33b4fca56d6b07\userinit.exe
[2014/11/21 01:19:41 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=D10643FC0095434C819316CA6CD748C0 -- C:\Windows\SysWOW64\userinit.exe
[2014/11/21 01:19:41 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=D10643FC0095434C819316CA6CD748C0 -- C:\Windows\WinSxS\x86_microsoft-windows-userinit_31bf3856ad364e35_6.3.9600.17415_none_71151978ed0ff9d1\userinit.exe

[color=#A23BEC]< MD5 for: VOLSNAP.SYS >[/color]
[2015/02/04 15:19:06 | 000,031,490 | ---- | M] () MD5=50C79EDB89463E12CA94E0840DFD0932 -- C:\Windows\WinSxS\amd64_volume.inf_31bf3856ad364e35_6.3.9600.17041_none_069d39e3cfee67a4\volsnap.sys
[2014/11/21 01:17:55 | 000,310,080 | ---- | M] (Microsoft Corporation) MD5=64CA2B4A49A8EAF495E435623ECCE7DB -- C:\WINDOWS\SysNative\drivers\volsnap.sys
[2014/11/21 01:17:55 | 000,310,080 | ---- | M] (Microsoft Corporation) MD5=64CA2B4A49A8EAF495E435623ECCE7DB -- C:\WINDOWS\SysNative\DriverStore\FileRepository\volume.inf_amd64_8687137d6e4faf5d\volsnap.sys
[2014/11/21 01:17:55 | 000,310,080 | ---- | M] (Microsoft Corporation) MD5=64CA2B4A49A8EAF495E435623ECCE7DB -- C:\Windows\WinSxS\amd64_volume.inf_31bf3856ad364e35_6.3.9600.17215_none_06c1ae9bcfd2737b\volsnap.sys

[color=#A23BEC]< MD5 for: WININET.DLL >[/color]
[2015/03/15 13:09:18 | 000,281,361 | ---- | M] () MD5=18657B28917AC11E8D14C441B98D9A36 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.0.9600.17631_none_05892a9284e42b37\wininet.dll
[2015/04/17 12:50:35 | 000,162,297 | ---- | M] () MD5=31E93A671DB46286530E39490BCDCB91 -- C:\Windows\WinSxS\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.0.9600.17690_none_a970a792cc81386a\wininet.dll
[2015/05/22 19:50:20 | 002,426,880 | ---- | M] (Microsoft Corporation) MD5=417F80E4AFBA1AA9EBBD618F1C6D9165 -- C:\WINDOWS\SysNative\wininet.dll
[2015/05/22 19:50:20 | 002,426,880 | ---- | M] (Microsoft Corporation) MD5=417F80E4AFBA1AA9EBBD618F1C6D9165 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.0.9600.17842_none_0574743c84f39611\wininet.dll
[2015/05/18 13:09:00 | 000,239,417 | ---- | M] () MD5=45357D0C245C663DEF3CF18ADED0C7A7 -- C:\Windows\WinSxS\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.0.9600.17728_none_a95e1f60cc907002\wininet.dll
[2015/05/18 12:09:51 | 000,318,756 | ---- | M] () MD5=74900A2ADA0D5347414E96EC3A270F8F -- C:\Windows\WinSxS\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.0.9600.17728_none_057cbae484ede138\wininet.dll
[2015/06/15 14:10:02 | 000,382,194 | ---- | M] () MD5=9DF188CA82BC185FABD3A4707CBD9895 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.0.9600.17801_none_057089dc84f71714\wininet.dll
[2015/02/13 13:55:46 | 000,059,876 | ---- | M] () MD5=B23BBE12AF200084BC77C83140046803 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.0.9600.17498_none_05a42cae84cf3ec6\wininet.dll
[2015/02/05 06:20:10 | 000,253,886 | ---- | M] () MD5=B2DC3CB5B3FAEB2C012BF1B22DBEFC6C -- C:\Windows\WinSxS\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.0.9600.17416_none_a97dbc6acc78cf96\wininet.dll
[2015/02/04 14:54:54 | 000,333,928 | ---- | M] () MD5=BDB363574A2F060164762ACBAEC5B613 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.0.9600.17416_none_059c57ee84d640cc\wininet.dll
[2015/06/15 15:09:25 | 000,286,789 | ---- | M] () MD5=D432C40F1EA5CF48D05503742240805B -- C:\Windows\WinSxS\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.0.9600.17801_none_a951ee58cc99a5de\wininet.dll
[2015/03/15 15:52:11 | 000,200,265 | ---- | M] () MD5=D594CB3F63B80335D5B7A9478C90C2AF -- C:\Windows\WinSxS\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.0.9600.17631_none_a96a8f0ecc86ba01\wininet.dll
[2015/02/13 14:00:57 | 000,003,879 | ---- | M] () MD5=DD9BB654041748399F4F03E4573A9EA8 -- C:\Windows\WinSxS\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.0.9600.17498_none_a985912acc71cd90\wininet.dll
[2015/05/23 04:20:35 | 001,950,720 | ---- | M] (Microsoft Corporation) MD5=E4EB138060BAE0DBAB1A3B71A3141FE7 -- C:\Windows\SysWOW64\wininet.dll
[2015/05/23 04:20:35 | 001,950,720 | ---- | M] (Microsoft Corporation) MD5=E4EB138060BAE0DBAB1A3B71A3141FE7 -- C:\Windows\WinSxS\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.0.9600.17842_none_a955d8b8cc9624db\wininet.dll
[2015/04/17 12:12:15 | 000,004,139 | ---- | M] () MD5=F3CE3F1A9A574391CFDD1CDAE092287E -- C:\Windows\WinSxS\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.0.9600.17690_none_058f431684dea9a0\wininet.dll

[color=#A23BEC]< MD5 for: WININIT.EXE >[/color]
[2014/11/21 01:18:00 | 000,145,920 | ---- | M] (Microsoft Corporation) MD5=A570A64292214C43E0BA50E6A72A6380 -- C:\WINDOWS\SysNative\wininit.exe
[2014/11/21 01:18:00 | 000,145,920 | ---- | M] (Microsoft Corporation) MD5=A570A64292214C43E0BA50E6A72A6380 -- C:\Windows\WinSxS\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.3.9600.17415_none_21fdb3b5d80e199e\wininit.exe

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2014/11/21 01:18:37 | 000,572,416 | ---- | M] (Microsoft Corporation) MD5=EC498BAE1F0D3E0E401C963F8D76C437 -- C:\WINDOWS\SysNative\winlogon.exe
[2014/11/21 01:18:37 | 000,572,416 | ---- | M] (Microsoft Corporation) MD5=EC498BAE1F0D3E0E401C963F8D76C437 -- C:\WINDOWS\SysNative\winlogon.exe
[2014/11/21 01:18:37 | 000,572,416 | ---- | M] (Microsoft Corporation) MD5=EC498BAE1F0D3E0E401C963F8D76C437 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.3.9600.17415_none_60cdfbfda8aeeef1\winlogon.exe
[2014/11/21 01:18:37 | 000,572,416 | ---- | M] (Microsoft Corporation) MD5=EC498BAE1F0D3E0E401C963F8D76C437 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.3.9600.17415_none_60cdfbfda8aeeef1\winlogon.exe

[color=#A23BEC]< MD5 for: WS2_32.DLL >[/color]
[2014/11/21 01:19:29 | 000,321,248 | ---- | M] (Microsoft Corporation) MD5=34E71A52A1BFA68411CAECCFB6D72F8C -- C:\Windows\SysWOW64\ws2_32.dll
[2014/11/21 01:19:29 | 000,321,248 | ---- | M] (Microsoft Corporation) MD5=34E71A52A1BFA68411CAECCFB6D72F8C -- C:\Windows\WinSxS\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.3.9600.17415_none_87a41025e9b6078a\ws2_32.dll
[2014/11/21 01:17:59 | 000,363,080 | ---- | M] (Microsoft Corporation) MD5=3A0B3B44C263DB1823360FF3E5C223CE -- C:\WINDOWS\SysNative\ws2_32.dll
[2014/11/21 01:17:59 | 000,363,080 | ---- | M] (Microsoft Corporation) MD5=3A0B3B44C263DB1823360FF3E5C223CE -- C:\Windows\WinSxS\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.3.9600.17415_none_e3c2aba9a21378c0\ws2_32.dll

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s >[/color]
"" = mnmsrvc
"Required" = DebugWindows [binary data]
"Debug" =
"Kmode" = \SystemRoot\System32\win32k.sys
"Windows" = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
"Posix" = %SystemRoot%\system32\psxss.exe
"Optional" = Posix [binary data]

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2014/11/21 01:19:33 | 000,543,232 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\FirewallAPI.dll
[2015/05/23 04:28:25 | 012,829,696 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\ieframe.dll
[2015/05/23 04:47:55 | 000,128,000 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\iepeers.dll

[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]

[color=#A23BEC]< c:\$recycle.bin\*.* /s >[/color]
[2015/03/24 15:39:11 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-19\desktop.ini
[2015/07/09 09:34:21 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3576394613-746847976-1990929794-1001\$I09RJXV.jpg
[2015/07/06 08:59:44 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3576394613-746847976-1990929794-1001\$I109GJZ.zip
[2015/07/06 08:59:51 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3576394613-746847976-1990929794-1001\$I5LOPX9.zip
[2015/07/09 09:34:21 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3576394613-746847976-1990929794-1001\$I9N4NVQ.jpg
[2015/07/06 08:58:38 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3576394613-746847976-1990929794-1001\$IAANR4M.zip
[2015/07/06 09:00:24 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3576394613-746847976-1990929794-1001\$IAOZPKI.zip
[2015/07/09 09:42:35 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3576394613-746847976-1990929794-1001\$IAQP5SC.zip
[2015/07/09 09:34:21 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3576394613-746847976-1990929794-1001\$IBF8LVP.jpg
[2015/07/06 11:34:09 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3576394613-746847976-1990929794-1001\$IBHJXKL.zip
[2015/07/06 11:33:52 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3576394613-746847976-1990929794-1001\$IHRKDR0.zip
[2015/07/06 09:00:02 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3576394613-746847976-1990929794-1001\$IOJ5UEB.zip
[2015/07/09 09:30:44 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3576394613-746847976-1990929794-1001\$IROCWTH.pdf
[2015/07/09 09:34:21 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3576394613-746847976-1990929794-1001\$IXNNU7E.jpg
[2015/07/09 09:41:22 | 000,581,009 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3576394613-746847976-1990929794-1001\$R09RJXV.jpg
[2015/07/06 08:53:50 | 001,801,374 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3576394613-746847976-1990929794-1001\$R109GJZ.zip
[2015/07/06 08:52:07 | 002,665,139 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3576394613-746847976-1990929794-1001\$R5LOPX9.zip
[2015/07/09 09:41:24 | 000,665,932 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3576394613-746847976-1990929794-1001\$R9N4NVQ.jpg
[2015/07/06 08:56:32 | 002,471,444 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3576394613-746847976-1990929794-1001\$RAANR4M.zip
[2015/07/06 09:27:51 | 001,002,001 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3576394613-746847976-1990929794-1001\$RAOZPKI.zip
[2015/07/09 08:44:24 | 003,934,501 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3576394613-746847976-1990929794-1001\$RAQP5SC.zip
[2015/07/09 09:41:22 | 000,560,879 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3576394613-746847976-1990929794-1001\$RBF8LVP.jpg
[2015/07/06 09:24:27 | 006,873,473 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3576394613-746847976-1990929794-1001\$RBHJXKL.zip
[2015/07/06 11:32:53 | 008,608,169 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3576394613-746847976-1990929794-1001\$RHRKDR0.zip
[2015/07/06 08:56:44 | 006,873,473 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3576394613-746847976-1990929794-1001\$ROJ5UEB.zip
[2015/07/09 09:41:24 | 000,777,654 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3576394613-746847976-1990929794-1001\$RROCWTH.pdf
[2015/07/09 09:41:24 | 000,540,047 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3576394613-746847976-1990929794-1001\$RXNNU7E.jpg
[2015/01/28 17:13:22 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-3576394613-746847976-1990929794-1001\desktop.ini
[2013/08/22 16:45:54 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2015/01/20 11:42:50 | 000,000,360 | ---- | C] () -- C:\WINDOWS\Tasks\HPCeeScheduleForSpectre.job
[2015/01/28 16:49:35 | 000,000,264 | ---- | C] () -- C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job
[2015/05/20 21:43:48 | 000,000,382 | ---- | C] () -- C:\WINDOWS\Tasks\Bidaily Synchronize Task[pr].job
[2015/05/29 10:14:05 | 000,000,526 | ---- | C] () -- C:\WINDOWS\Tasks\cool_deals_helper_service.job
[2015/06/17 09:16:20 | 000,001,172 | ---- | C] () -- C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3576394613-746847976-1990929794-1001Core.job
[2015/06/17 09:16:20 | 000,001,224 | ---- | C] () -- C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3576394613-746847976-1990929794-1001UA.job

[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2015/01/12 16:45:25 | 000,145,694 | ---- | C] ()(C:\Users\Spectre\Desktop\????? ?????_1.docx) -- C:\Users\Spectre\Desktop\0G(J) .DJAJ_1.docx
[2015/01/05 10:21:22 | 000,145,694 | ---- | M] ()(C:\Users\Spectre\Desktop\????? ?????_1.docx) -- C:\Users\Spectre\Desktop\0G(J) .DJAJ_1.docx
[2014/12/26 17:11:16 | 000,079,289 | ---- | M] ()(C:\Users\Spectre\Desktop\?????? ?????? - Recrutement.html) -- C:\Users\Spectre\Desktop\'D/A'9 'DH7FJ - Recrutement.html
[2014/12/26 17:11:16 | 000,079,289 | ---- | C] ()(C:\Users\Spectre\Desktop\?????? ?????? - Recrutement.html) -- C:\Users\Spectre\Desktop\'D/A'9 'DH7FJ - Recrutement.html
[2014/12/26 17:11:16 | 000,000,000 | ---D | M](C:\Users\Spectre\Desktop\?????? ?????? - Recrutement_files) -- C:\Users\Spectre\Desktop\'D/A'9 'DH7FJ - Recrutement_files
[2014/12/26 17:11:16 | 000,000,000 | ---D | C](C:\Users\Spectre\Desktop\?????? ?????? - Recrutement_files) -- C:\Users\Spectre\Desktop\'D/A'9 'DH7FJ - Recrutement_files

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 83 bytes -> c:\$recycle.bin\S-1-5-21-3576394613-746847976-1990929794-1001\$RROCWTH.pdf:com.dropbox.attributes
@Alternate Data Stream - 83 bytes -> c:\$recycle.bin\S-1-5-21-3576394613-746847976-1990929794-1001\$ROJ5UEB.zip:com.dropbox.attributes
@Alternate Data Stream - 83 bytes -> c:\$recycle.bin\S-1-5-21-3576394613-746847976-1990929794-1001\$RHRKDR0.zip:com.dropbox.attributes
@Alternate Data Stream - 83 bytes -> c:\$recycle.bin\S-1-5-21-3576394613-746847976-1990929794-1001\$RBHJXKL.zip:com.dropbox.attributes
@Alternate Data Stream - 83 bytes -> c:\$recycle.bin\S-1-5-21-3576394613-746847976-1990929794-1001\$RAQP5SC.zip:com.dropbox.attributes
@Alternate Data Stream - 83 bytes -> c:\$recycle.bin\S-1-5-21-3576394613-746847976-1990929794-1001\$RAOZPKI.zip:com.dropbox.attributes
@Alternate Data Stream - 83 bytes -> c:\$recycle.bin\S-1-5-21-3576394613-746847976-1990929794-1001\$RAANR4M.zip:com.dropbox.attributes
@Alternate Data Stream - 83 bytes -> c:\$recycle.bin\S-1-5-21-3576394613-746847976-1990929794-1001\$R5LOPX9.zip:com.dropbox.attributes
@Alternate Data Stream - 83 bytes -> c:\$recycle.bin\S-1-5-21-3576394613-746847976-1990929794-1001\$R109GJZ.zip:com.dropbox.attributes
@Alternate Data Stream - 220 bytes -> C:\Users\Spectre\OneDrive:ms-properties
@Alternate Data Stream - 212 bytes -> c:\$recycle.bin\S-1-5-21-3576394613-746847976-1990929794-1001\$R9N4NVQ.jpg:com.dropbox.attributes
@Alternate Data Stream - 211 bytes -> c:\$recycle.bin\S-1-5-21-3576394613-746847976-1990929794-1001\$RXNNU7E.jpg:com.dropbox.attributes
@Alternate Data Stream - 211 bytes -> c:\$recycle.bin\S-1-5-21-3576394613-746847976-1990929794-1001\$RBF8LVP.jpg:com.dropbox.attributes
@Alternate Data Stream - 211 bytes -> c:\$recycle.bin\S-1-5-21-3576394613-746847976-1990929794-1001\$R09RJXV.jpg:com.dropbox.attributes

< End of report >

Publicité


Signaler le contenu de ce document

Publicité