cjoint

Publicité


Publicité

Commentaire : Je n'arrive pas à ouvrir les fichiers word et pdf sur l'ordinateur et en plus il y a une apparition d'une extension LNK. J'ai suivit les conseils le forum 01net.com et je suis sur le point de finir les étapes décrites en espérant que le problème va être résolue.

Format du document : text/plain

Prévisualisation

ÿþOTL logfile created on: 18/02/2016 22:07:41 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\admin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18097)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

15,96 Gb Total Physical Memory | 12,79 Gb Available Physical Memory | 80,15% Memory free
31,92 Gb Paging File | 29,20 Gb Available in Paging File | 91,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238,37 Gb Total Space | 36,35 Gb Free Space | 15,25% Space Free | Partition Type: NTFS
Drive E: | 1863,01 Gb Total Space | 1621,22 Gb Free Space | 87,02% Space Free | Partition Type: NTFS

Computer Name: ADMIN-PC | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Users\admin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - E:\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes)
PRC - E:\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\ROCCAT\Kone Pure Mouse\KonePureMonitor.exe (ROCCAT GmbH)
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll ()
MOD - C:\Program Files (x86)\ROCCAT\Kone Pure Mouse\hiddriver.dll ()
MOD - C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll ()
MOD - C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJWF\WJWF.dll ()
MOD - C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJWF\WJWF_WPS_WIN7.dll ()
MOD - C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
MOD - C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll ()


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:[b]64bit:[/b] - (DiagTrack) -- C:\Windows\SysNative\diagtrack.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (GfExperienceService) -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (NVIDIA Corporation)
SRV:[b]64bit:[/b] - (NvStreamSvc) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation)
SRV:[b]64bit:[/b] - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe ()
SRV:[b]64bit:[/b] - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:[b]64bit:[/b] - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe ()
SRV - (Origin Client Service) -- C:\Program Files (x86)\Origin\OriginClientService.exe (Electronic Arts)
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (c2cautoupdatesvc) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation)
SRV - (c2cpnrsvc) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- E:\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes)
SRV - (MBAMScheduler) -- E:\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (NvNetworkService) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (BRSptStub) -- C:\ProgramData\BitRaider\BRSptStub.exe (BitRaider, LLC)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys (Malwarebytes)
DRV:[b]64bit:[/b] - (TrueSight) -- C:\Windows\SysNative\drivers\TrueSight.sys ()
DRV:[b]64bit:[/b] - (MBAMWebAccessControl) -- C:\Windows\SysNative\drivers\mwac.sys (Malwarebytes Corporation)
DRV:[b]64bit:[/b] - (mbamchameleon) -- C:\Windows\SysNative\drivers\mbamchameleon.sys (Malwarebytes)
DRV:[b]64bit:[/b] - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes)
DRV:[b]64bit:[/b] - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:[b]64bit:[/b] - (NvStreamKms) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys (NVIDIA Corporation)
DRV:[b]64bit:[/b] - (nvvad_WaveExtensible) -- C:\Windows\SysNative\drivers\nvvad64v.sys (NVIDIA Corporation)
DRV:[b]64bit:[/b] - (CSRBC) -- C:\Windows\SysNative\drivers\rider64.sys (CSR plc.)
DRV:[b]64bit:[/b] - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:[b]64bit:[/b] - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:[b]64bit:[/b] - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys ()
DRV:[b]64bit:[/b] - (UsbCharger) -- C:\Windows\SysNative\drivers\UsbCharger.sys ()
DRV:[b]64bit:[/b] - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc)
DRV:[b]64bit:[/b] - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc)
DRV:[b]64bit:[/b] - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (AODDriver4.2) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:[b]64bit:[/b] - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:[b]64bit:[/b] - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:[b]64bit:[/b] - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:[b]64bit:[/b] - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:[b]64bit:[/b] - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:[b]64bit:[/b] - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:[b]64bit:[/b] - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:[b]64bit:[/b] - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BRDriver64_1_3_3_E02B25FC) -- C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys (BitRaider)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [String data over 1000 bytes]
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [String data over 1000 bytes]
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2565627032-1629897032-959241574-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2565627032-1629897032-959241574-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/
IE - HKU\S-1-5-21-2565627032-1629897032-959241574-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/fr-fr/?ocid=iehp
IE - HKU\S-1-5-21-2565627032-1629897032-959241574-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-FR
IE - HKU\S-1-5-21-2565627032-1629897032-959241574-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C3 80 73 34 E2 21 D1 01 [binary data]
IE - HKU\S-1-5-21-2565627032-1629897032-959241574-1000\..\SearchScopes,DefaultScope = {2f23ab71-4ac6-41f2-a955-ea576e553146}
IE - HKU\S-1-5-21-2565627032-1629897032-959241574-1000\..\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKU\S-1-5-21-2565627032-1629897032-959241574-1000\..\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKU\S-1-5-21-2565627032-1629897032-959241574-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-2565627032-1629897032-959241574-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js - File not found
FF - user.js - File not found

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.5.1: C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.6.2: C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.7.1: C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.5.1: C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.6.2: C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.7.1: C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@my.com/Games: C:\Users\admin\AppData\Local\MyComGames\NPMyComDetector.dll (My.com, Inc)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 43.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 43.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 43.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 43.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2016/02/18 19:30:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Extensions
[2016/02/18 19:30:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\xro26lt7.default-1447837616578\extensions
[2016/02/18 16:11:12 | 000,009,184 | ---- | M] () -- C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\xro26lt7.default-1447837616578\searchplugins\Recovery+kchhl.html
[2016/02/18 16:11:12 | 000,068,724 | ---- | M] () -- C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\xro26lt7.default-1447837616578\searchplugins\Recovery+kchhl.png
[2016/02/18 16:11:12 | 000,002,163 | ---- | M] () -- C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\xro26lt7.default-1447837616578\searchplugins\Recovery+kchhl.txt
[2016/02/18 19:30:08 | 000,009,184 | ---- | M] () -- C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\xro26lt7.default-1447837616578\searchplugins\Recovery+njvln.html
[2016/02/18 19:30:08 | 000,068,724 | ---- | M] () -- C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\xro26lt7.default-1447837616578\searchplugins\Recovery+njvln.png
[2016/02/18 19:30:08 | 000,002,163 | ---- | M] () -- C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\xro26lt7.default-1447837616578\searchplugins\Recovery+njvln.txt
[2016/02/18 16:26:21 | 000,009,184 | ---- | M] () -- C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\xro26lt7.default-1447837616578\searchplugins\Recovery+tqhrg.html
[2016/02/18 16:26:21 | 000,068,724 | ---- | M] () -- C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\xro26lt7.default-1447837616578\searchplugins\Recovery+tqhrg.png
[2016/02/18 16:26:21 | 000,002,163 | ---- | M] () -- C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\xro26lt7.default-1447837616578\searchplugins\Recovery+tqhrg.txt
[2016/01/15 08:21:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2016/01/09 14:48:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[color=#E56717]========== Chrome ==========[/color]

CHR - Extension: No name found = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\

O1 HOSTS File: ([2016/01/25 17:55:38 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:[b]64bit:[/b] - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:[b]64bit:[/b] - HKU\S-1-5-21-2565627032-1629897032-959241574-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" File not found
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [RoccatKonePure] C:\Program Files (x86)\ROCCAT\Kone Pure Mouse\KonePureMonitor.EXE (ROCCAT GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2565627032-1629897032-959241574-1000..\Run: [BlueCoreInterfaceTrayApp] C:\Program Files (x86)\Cardo Updater\CardoUpdater.exe ()
O4 - HKU\S-1-5-21-2565627032-1629897032-959241574-1000..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKU\S-1-5-21-2565627032-1629897032-959241574-1000..\Run: [hjwxfmkdoqum] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2565627032-1629897032-959241574-1000..\Run: [occeqnlnectq] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2565627032-1629897032-959241574-1000..\Run: [trcoupclhqab] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2565627032-1629897032-959241574-1000..\Run: [xmfohjwxfmkd] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+kchhl.html ()
O4 - Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+kchhl.png ()
O4 - Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+kchhl.txt ()
O4 - Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+njvln.html ()
O4 - Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+njvln.png ()
O4 - Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+njvln.txt ()
O4 - Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+tqhrg.html ()
O4 - Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+tqhrg.png ()
O4 - Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+tqhrg.txt ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O9:[b]64bit:[/b] - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD02C544-ABB1-4B3B-8F8D-759978026188}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FEFDE819-7356-40F2-93F4-390592312BC4}: DhcpNameServer = 192.168.1.1
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\text/xml - No CLSID value found
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ab57230c-5612-11e4-814b-74d4359df3ee}\Shell - "" = AutoRun
O33 - MountPoints2\{ab57230c-5612-11e4-814b-74d4359df3ee}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)



SafeBootMin:[b]64bit:[/b] AppMgmt - Service
SafeBootMin:[b]64bit:[/b] Base - Driver Group
SafeBootMin:[b]64bit:[/b] Boot Bus Extender - Driver Group
SafeBootMin:[b]64bit:[/b] Boot file system - Driver Group
SafeBootMin:[b]64bit:[/b] File system - Driver Group
SafeBootMin:[b]64bit:[/b] Filter - Driver Group
SafeBootMin:[b]64bit:[/b] HelpSvc - Service
SafeBootMin:[b]64bit:[/b] PCI Configuration - Driver Group
SafeBootMin:[b]64bit:[/b] PNP Filter - Driver Group
SafeBootMin:[b]64bit:[/b] Primary disk - Driver Group
SafeBootMin:[b]64bit:[/b] QQPCRTP - service
SafeBootMin:[b]64bit:[/b] sacsvr - Service
SafeBootMin:[b]64bit:[/b] SCSI Class - Driver Group
SafeBootMin:[b]64bit:[/b] System Bus Extender - Driver Group
SafeBootMin:[b]64bit:[/b] vmms - Service
SafeBootMin:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: QQPCRTP - service
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:[b]64bit:[/b] AppMgmt - Service
SafeBootNet:[b]64bit:[/b] Base - Driver Group
SafeBootNet:[b]64bit:[/b] Boot Bus Extender - Driver Group
SafeBootNet:[b]64bit:[/b] Boot file system - Driver Group
SafeBootNet:[b]64bit:[/b] File system - Driver Group
SafeBootNet:[b]64bit:[/b] Filter - Driver Group
SafeBootNet:[b]64bit:[/b] HelpSvc - Service
SafeBootNet:[b]64bit:[/b] Jaerhaffe - service
SafeBootNet:[b]64bit:[/b] Messenger - Service
SafeBootNet:[b]64bit:[/b] NDIS Wrapper - Driver Group
SafeBootNet:[b]64bit:[/b] NetBIOSGroup - Driver Group
SafeBootNet:[b]64bit:[/b] NetDDEGroup - Driver Group
SafeBootNet:[b]64bit:[/b] Network - Driver Group
SafeBootNet:[b]64bit:[/b] NetworkProvider - Driver Group
SafeBootNet:[b]64bit:[/b] PCI Configuration - Driver Group
SafeBootNet:[b]64bit:[/b] PNP Filter - Driver Group
SafeBootNet:[b]64bit:[/b] PNP_TDI - Driver Group
SafeBootNet:[b]64bit:[/b] Primary disk - Driver Group
SafeBootNet:[b]64bit:[/b] QQPCRTP - service
SafeBootNet:[b]64bit:[/b] rdsessmgr - Service
SafeBootNet:[b]64bit:[/b] sacsvr - Service
SafeBootNet:[b]64bit:[/b] SCSI Class - Driver Group
SafeBootNet:[b]64bit:[/b] Streams Drivers - Driver Group
SafeBootNet:[b]64bit:[/b] System Bus Extender - Driver Group
SafeBootNet:[b]64bit:[/b] TDI - Driver Group
SafeBootNet:[b]64bit:[/b] vmms - Service
SafeBootNet:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:[b]64bit:[/b] WudfUsbccidDriver - Driver
SafeBootNet:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:[b]64bit:[/b] {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:[b]64bit:[/b] {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:[b]64bit:[/b] {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:[b]64bit:[/b] {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:[b]64bit:[/b] {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Jaerhaffe - service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: QQPCRTP - service
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:[b]64bit:[/b] {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:[b]64bit:[/b] {26784146-6E05-3FF9-9335-786C7C0FB5BE} - .NET Framework
ActiveX:[b]64bit:[/b] {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:[b]64bit:[/b] {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:[b]64bit:[/b] {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:[b]64bit:[/b] {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:[b]64bit:[/b] {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:[b]64bit:[/b] {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:[b]64bit:[/b] {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:[b]64bit:[/b] {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:[b]64bit:[/b] {66C64F22-FC60-4E6C-A6B5-F0D580E680CE} - C:\Windows\System32\ie4uinit.exe -EnableTLS
ActiveX:[b]64bit:[/b] {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:[b]64bit:[/b] {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:[b]64bit:[/b] {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:[b]64bit:[/b] {7D715857-A67C-4C2F-A929-038448584D63} - C:\Windows\System32\ie4uinit.exe -DisableSSL3
ActiveX:[b]64bit:[/b] {7DEBE4EB-6B40-3766-BB35-5CBBC385DA37} - .NET Framework
ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:[b]64bit:[/b] {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:[b]64bit:[/b] {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:[b]64bit:[/b] {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:[b]64bit:[/b] {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:[b]64bit:[/b] {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:[b]64bit:[/b] {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:[b]64bit:[/b] {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:[b]64bit:[/b] >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {26784146-6E05-3FF9-9335-786C7C0FB5BE} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Dossiers Web
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {7DEBE4EB-6B40-3766-BB35-5CBBC385DA37} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

Drivers32:[b]64bit:[/b] msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:[b]64bit:[/b] vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Program Files (x86)\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.mjpg - pvmjpg30.dll File not found
Drivers32: vidc.pDAD - C:\Windows\SysWow64\prodad-codec.dll (proDAD GmbH)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2016/02/18 21:44:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2016/02/18 15:05:01 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\A IMPRIMER AUJOUR'HUI
[2016/02/01 10:07:10 | 000,192,216 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2016/02/01 10:07:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2016/02/01 10:07:01 | 000,109,272 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2016/02/01 10:07:01 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2016/02/01 10:07:01 | 000,025,816 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys
[2016/01/25 17:54:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2016/01/25 17:54:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2016/01/25 17:54:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2016/01/25 17:46:00 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Gameo
[2016/01/20 00:18:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCSOFT
[2016/01/20 00:00:18 | 003,916,368 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\GameMon.des
[2016/01/20 00:00:03 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\npptNT2.sys
[2016/01/19 23:59:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2016/02/18 21:44:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2016/02/18 21:38:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2016/02/18 21:37:17 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2016/02/18 21:29:04 | 000,024,688 | ---- | M] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2016/02/18 19:55:13 | 000,029,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2016/02/18 19:55:13 | 000,029,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2016/02/18 19:54:20 | 001,669,584 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2016/02/18 19:54:20 | 000,747,644 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2016/02/18 19:54:20 | 000,654,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2016/02/18 19:54:20 | 000,150,168 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2016/02/18 19:54:20 | 000,122,126 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2016/02/18 19:47:26 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2016/02/18 19:47:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2016/02/18 19:47:17 | 4264,083,454 | -HS- | M] () -- C:\hiberfil.sys
[2016/02/18 19:30:25 | 000,068,724 | ---- | M] () -- C:\Users\Public\Documents\Recovery+njvln.png
[2016/02/18 19:30:25 | 000,009,184 | ---- | M] () -- C:\Users\Public\Documents\Recovery+njvln.html
[2016/02/18 19:30:18 | 000,068,724 | ---- | M] () -- C:\Users\admin\Recovery+njvln.png
[2016/02/18 19:30:18 | 000,068,724 | ---- | M] () -- C:\Users\admin\Documents\Recovery+njvln.png
[2016/02/18 19:30:18 | 000,068,724 | ---- | M] () -- C:\Users\admin\AppData\Local\Recovery+njvln.png
[2016/02/18 19:30:18 | 000,009,184 | ---- | M] () -- C:\Users\admin\Recovery+njvln.html
[2016/02/18 19:30:18 | 000,009,184 | ---- | M] () -- C:\Users\admin\Documents\Recovery+njvln.html
[2016/02/18 19:30:18 | 000,009,184 | ---- | M] () -- C:\Users\admin\AppData\Local\Recovery+njvln.html
[2016/02/18 19:30:13 | 000,068,724 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Recovery+njvln.png
[2016/02/18 19:30:13 | 000,009,184 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Recovery+njvln.html
[2016/02/18 19:30:06 | 000,068,724 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+njvln.png
[2016/02/18 19:30:06 | 000,009,184 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+njvln.html
[2016/02/18 19:30:05 | 000,068,724 | ---- | M] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Recovery+njvln.png
[2016/02/18 19:30:05 | 000,009,184 | ---- | M] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Recovery+njvln.html
[2016/02/18 16:26:39 | 000,068,724 | ---- | M] () -- C:\Users\Public\Documents\Recovery+tqhrg.png
[2016/02/18 16:26:39 | 000,009,184 | ---- | M] () -- C:\Users\Public\Documents\Recovery+tqhrg.html
[2016/02/18 16:26:31 | 000,068,724 | ---- | M] () -- C:\Users\admin\Recovery+tqhrg.png
[2016/02/18 16:26:31 | 000,009,184 | ---- | M] () -- C:\Users\admin\Recovery+tqhrg.html
[2016/02/18 16:26:30 | 000,068,724 | ---- | M] () -- C:\Users\admin\Documents\Recovery+tqhrg.png
[2016/02/18 16:26:30 | 000,068,724 | ---- | M] () -- C:\Users\admin\AppData\Local\Recovery+tqhrg.png
[2016/02/18 16:26:30 | 000,009,184 | ---- | M] () -- C:\Users\admin\Documents\Recovery+tqhrg.html
[2016/02/18 16:26:30 | 000,009,184 | ---- | M] () -- C:\Users\admin\AppData\Local\Recovery+tqhrg.html
[2016/02/18 16:26:26 | 000,068,724 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Recovery+tqhrg.png
[2016/02/18 16:26:26 | 000,009,184 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Recovery+tqhrg.html
[2016/02/18 16:26:20 | 000,068,724 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+tqhrg.png
[2016/02/18 16:26:20 | 000,009,184 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+tqhrg.html
[2016/02/18 16:26:18 | 000,068,724 | ---- | M] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Recovery+tqhrg.png
[2016/02/18 16:26:18 | 000,009,184 | ---- | M] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Recovery+tqhrg.html
[2016/02/18 16:11:46 | 000,068,724 | ---- | M] () -- C:\Users\Public\Documents\Recovery+kchhl.png
[2016/02/18 16:11:46 | 000,009,184 | ---- | M] () -- C:\Users\Public\Documents\Recovery+kchhl.html
[2016/02/18 16:11:44 | 000,068,724 | ---- | M] () -- C:\ProgramData\Recovery+kchhl.png
[2016/02/18 16:11:44 | 000,009,184 | ---- | M] () -- C:\ProgramData\Recovery+kchhl.html
[2016/02/18 16:11:40 | 000,068,724 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+kchhl.png
[2016/02/18 16:11:40 | 000,009,184 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+kchhl.html
[2016/02/18 16:11:34 | 000,068,724 | ---- | M] () -- C:\Users\admin\Recovery+kchhl.png
[2016/02/18 16:11:34 | 000,068,724 | ---- | M] () -- C:\Users\admin\Documents\Recovery+kchhl.png
[2016/02/18 16:11:34 | 000,068,724 | ---- | M] () -- C:\Users\admin\AppData\Local\Recovery+kchhl.png
[2016/02/18 16:11:34 | 000,009,184 | ---- | M] () -- C:\Users\admin\Recovery+kchhl.html
[2016/02/18 16:11:34 | 000,009,184 | ---- | M] () -- C:\Users\admin\Documents\Recovery+kchhl.html
[2016/02/18 16:11:34 | 000,009,184 | ---- | M] () -- C:\Users\admin\AppData\Local\Recovery+kchhl.html
[2016/02/18 16:11:31 | 000,084,288 | ---- | M] () -- C:\Users\admin\Desktop\ReleveIdentiteBancaire.pdf.mp3
[2016/02/18 16:11:31 | 000,028,480 | ---- | M] () -- C:\Users\admin\Desktop\Rib.pdf.mp3
[2016/02/18 16:11:31 | 000,018,288 | ---- | M] () -- C:\Users\admin\Desktop\timbres_3.pdf.mp3
[2016/02/18 16:11:31 | 000,018,288 | ---- | M] () -- C:\Users\admin\Desktop\timbres_2.pdf.mp3
[2016/02/18 16:11:31 | 000,018,288 | ---- | M] () -- C:\Users\admin\Desktop\timbres_12022016.155815.pdf.mp3
[2016/02/18 16:11:31 | 000,018,288 | ---- | M] () -- C:\Users\admin\Desktop\restitutionTimbre-20160212-190201.pdf.mp3
[2016/02/18 16:11:31 | 000,002,768 | ---- | M] () -- C:\Users\admin\Documents\MumbleAutomaticCertificateBackup.p12.mp3
[2016/02/18 16:11:25 | 001,480,560 | ---- | M] () -- C:\Users\admin\Desktop\Dossier d'échange de permis étranger.pdf.mp3
[2016/02/18 16:11:25 | 000,325,680 | ---- | M] () -- C:\Users\admin\Desktop\déclaration 2014.pdf.mp3
[2016/02/18 16:11:25 | 000,144,528 | ---- | M] () -- C:\Users\admin\Desktop\Devis N°8872828 assurance.pdf.mp3
[2016/02/18 16:11:25 | 000,132,400 | ---- | M] () -- C:\Users\admin\Desktop\Les sites du SDIS 77.pdf.mp3
[2016/02/18 16:11:25 | 000,131,760 | ---- | M] () -- C:\Users\admin\Desktop\cerfa_11247_02_demande_permis_conduire_selon_autres_modalites_que_examen.pdf.mp3
[2016/02/18 16:11:25 | 000,098,032 | ---- | M] () -- C:\Users\admin\Desktop\COMMANDE PASCUAL OLIVIER.pdf.mp3
[2016/02/18 16:11:25 | 000,091,872 | ---- | M] () -- C:\Users\admin\Desktop\Facture Malware.pdf.mp3
[2016/02/18 16:11:25 | 000,068,724 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Recovery+kchhl.png
[2016/02/18 16:11:25 | 000,047,680 | ---- | M] () -- C:\Users\admin\Desktop\Facture mr Pascual.pdf.mp3
[2016/02/18 16:11:25 | 000,009,184 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Recovery+kchhl.html
[2016/02/18 16:11:11 | 000,068,724 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+kchhl.png
[2016/02/18 16:11:11 | 000,009,184 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+kchhl.html
[2016/02/18 16:11:05 | 000,068,724 | ---- | M] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Recovery+kchhl.png
[2016/02/18 16:11:05 | 000,009,184 | ---- | M] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Recovery+kchhl.html
[2016/02/18 16:09:33 | 000,068,724 | ---- | M] () -- C:\Program Files\Recovery+kchhl.png
[2016/02/18 16:09:33 | 000,009,184 | ---- | M] () -- C:\Program Files\Recovery+kchhl.html
[2016/02/18 16:09:27 | 000,068,724 | ---- | M] () -- C:\Program Files\Common Files\Recovery+kchhl.png
[2016/02/18 16:09:27 | 000,009,184 | ---- | M] () -- C:\Program Files\Common Files\Recovery+kchhl.html
[2016/02/11 08:40:35 | 000,002,181 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2016/02/03 09:50:18 | 000,000,997 | ---- | M] () -- C:\Users\admin\Desktop\Glyph.lnk
[2016/02/01 10:07:04 | 000,000,613 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2016/02/01 02:44:02 | 000,000,067 | ---- | M] () -- C:\Users\admin\AppData\Roaming\WB.CFG
[2016/01/25 17:54:36 | 000,002,047 | ---- | M] () -- C:\Users\Public\Desktop\Acrobat Reader DC.lnk
[2016/01/25 17:44:41 | 000,000,290 | RHS- | M] () -- C:\ProgramData\ntuser.pol

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2016/02/18 19:30:21 | 000,068,724 | ---- | C] () -- C:\Users\Public\Documents\Recovery+njvln.png
[2016/02/18 19:30:21 | 000,009,184 | ---- | C] () -- C:\Users\Public\Documents\Recovery+njvln.html
[2016/02/18 19:30:18 | 000,068,724 | ---- | C] () -- C:\Users\admin\Recovery+njvln.png
[2016/02/18 19:30:18 | 000,009,184 | ---- | C] () -- C:\Users\admin\Recovery+njvln.html
[2016/02/18 19:30:17 | 000,068,724 | ---- | C] () -- C:\Users\admin\Documents\Recovery+njvln.png
[2016/02/18 19:30:17 | 000,009,184 | ---- | C] () -- C:\Users\admin\Documents\Recovery+njvln.html
[2016/02/18 19:30:13 | 000,068,724 | ---- | C] () -- C:\Users\admin\AppData\Roaming\Recovery+njvln.png
[2016/02/18 19:30:13 | 000,009,184 | ---- | C] () -- C:\Users\admin\AppData\Roaming\Recovery+njvln.html
[2016/02/18 19:30:06 | 000,068,724 | ---- | C] () -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+njvln.png
[2016/02/18 19:30:06 | 000,068,724 | ---- | C] () -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+njvln.png
[2016/02/18 19:30:06 | 000,009,184 | ---- | C] () -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+njvln.html
[2016/02/18 19:30:06 | 000,009,184 | ---- | C] () -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+njvln.html
[2016/02/18 19:30:05 | 000,068,724 | ---- | C] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Recovery+njvln.png
[2016/02/18 19:30:05 | 000,009,184 | ---- | C] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Recovery+njvln.html
[2016/02/18 19:29:24 | 000,068,724 | ---- | C] () -- C:\Users\admin\AppData\Local\Recovery+njvln.png
[2016/02/18 19:29:24 | 000,009,184 | ---- | C] () -- C:\Users\admin\AppData\Local\Recovery+njvln.html
[2016/02/18 16:26:33 | 000,068,724 | ---- | C] () -- C:\Users\Public\Documents\Recovery+tqhrg.png
[2016/02/18 16:26:33 | 000,009,184 | ---- | C] () -- C:\Users\Public\Documents\Recovery+tqhrg.html
[2016/02/18 16:26:31 | 000,068,724 | ---- | C] () -- C:\Users\admin\Recovery+tqhrg.png
[2016/02/18 16:26:31 | 000,009,184 | ---- | C] () -- C:\Users\admin\Recovery+tqhrg.html
[2016/02/18 16:26:29 | 000,068,724 | ---- | C] () -- C:\Users\admin\Documents\Recovery+tqhrg.png
[2016/02/18 16:26:29 | 000,009,184 | ---- | C] () -- C:\Users\admin\Documents\Recovery+tqhrg.html
[2016/02/18 16:26:26 | 000,068,724 | ---- | C] () -- C:\Users\admin\AppData\Roaming\Recovery+tqhrg.png
[2016/02/18 16:26:26 | 000,009,184 | ---- | C] () -- C:\Users\admin\AppData\Roaming\Recovery+tqhrg.html
[2016/02/18 16:26:20 | 000,068,724 | ---- | C] () -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+tqhrg.png
[2016/02/18 16:26:20 | 000,068,724 | ---- | C] () -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+tqhrg.png
[2016/02/18 16:26:20 | 000,009,184 | ---- | C] () -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+tqhrg.html
[2016/02/18 16:26:20 | 000,009,184 | ---- | C] () -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+tqhrg.html
[2016/02/18 16:26:18 | 000,068,724 | ---- | C] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Recovery+tqhrg.png
[2016/02/18 16:26:18 | 000,009,184 | ---- | C] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Recovery+tqhrg.html
[2016/02/18 16:25:18 | 000,068,724 | ---- | C] () -- C:\Users\admin\AppData\Local\Recovery+tqhrg.png
[2016/02/18 16:25:18 | 000,009,184 | ---- | C] () -- C:\Users\admin\AppData\Local\Recovery+tqhrg.html
[2016/02/18 16:11:40 | 000,009,184 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+kchhl.html
[2016/02/18 16:11:39 | 000,068,724 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+kchhl.png
[2016/02/18 16:11:39 | 000,068,724 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recovery+kchhl.png
[2016/02/18 16:11:39 | 000,009,184 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recovery+kchhl.html
[2016/02/18 16:11:36 | 000,068,724 | ---- | C] () -- C:\Users\Public\Documents\Recovery+kchhl.png
[2016/02/18 16:11:36 | 000,068,724 | ---- | C] () -- C:\ProgramData\Recovery+kchhl.png
[2016/02/18 16:11:36 | 000,009,184 | ---- | C] () -- C:\Users\Public\Documents\Recovery+kchhl.html
[2016/02/18 16:11:36 | 000,009,184 | ---- | C] () -- C:\ProgramData\Recovery+kchhl.html
[2016/02/18 16:11:34 | 000,068,724 | ---- | C] () -- C:\Users\admin\Recovery+kchhl.png
[2016/02/18 16:11:34 | 000,009,184 | ---- | C] () -- C:\Users\admin\Recovery+kchhl.html
[2016/02/18 16:11:33 | 000,068,724 | ---- | C] () -- C:\Users\admin\Documents\Recovery+kchhl.png
[2016/02/18 16:11:33 | 000,009,184 | ---- | C] () -- C:\Users\admin\Documents\Recovery+kchhl.html
[2016/02/18 16:11:25 | 000,068,724 | ---- | C] () -- C:\Users\admin\AppData\Roaming\Recovery+kchhl.png
[2016/02/18 16:11:25 | 000,009,184 | ---- | C] () -- C:\Users\admin\AppData\Roaming\Recovery+kchhl.html
[2016/02/18 16:11:11 | 000,068,724 | ---- | C] () -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+kchhl.png
[2016/02/18 16:11:11 | 000,068,724 | ---- | C] () -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+kchhl.png
[2016/02/18 16:11:11 | 000,009,184 | ---- | C] () -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+kchhl.html
[2016/02/18 16:11:11 | 000,009,184 | ---- | C] () -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+kchhl.html
[2016/02/18 16:11:05 | 000,068,724 | ---- | C] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Recovery+kchhl.png
[2016/02/18 16:11:05 | 000,009,184 | ---- | C] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Recovery+kchhl.html
[2016/02/18 16:09:34 | 000,068,724 | ---- | C] () -- C:\Users\admin\AppData\Local\Recovery+kchhl.png
[2016/02/18 16:09:34 | 000,009,184 | ---- | C] () -- C:\Users\admin\AppData\Local\Recovery+kchhl.html
[2016/02/18 16:09:33 | 000,068,724 | ---- | C] () -- C:\Program Files\Recovery+kchhl.png
[2016/02/18 16:09:33 | 000,009,184 | ---- | C] () -- C:\Program Files\Recovery+kchhl.html
[2016/02/18 16:09:26 | 000,068,724 | ---- | C] () -- C:\Program Files\Common Files\Recovery+kchhl.png
[2016/02/18 16:09:26 | 000,009,184 | ---- | C] () -- C:\Program Files\Common Files\Recovery+kchhl.html
[2016/02/13 06:56:59 | 000,018,288 | ---- | C] () -- C:\Users\admin\Desktop\restitutionTimbre-20160212-190201.pdf.mp3
[2016/02/12 16:00:05 | 000,018,288 | ---- | C] () -- C:\Users\admin\Desktop\timbres_3.pdf.mp3
[2016/02/12 15:59:54 | 000,018,288 | ---- | C] () -- C:\Users\admin\Desktop\timbres_2.pdf.mp3
[2016/02/12 15:58:04 | 000,018,288 | ---- | C] () -- C:\Users\admin\Desktop\timbres_12022016.155815.pdf.mp3
[2016/02/03 09:50:18 | 000,000,997 | ---- | C] () -- C:\Users\admin\Desktop\Glyph.lnk
[2016/02/01 10:07:04 | 000,000,613 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2016/01/25 18:44:02 | 000,000,067 | ---- | C] () -- C:\Users\admin\AppData\Roaming\WB.CFG
[2016/01/25 17:54:36 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
[2016/01/25 17:54:36 | 000,002,047 | ---- | C] () -- C:\Users\Public\Desktop\Acrobat Reader DC.lnk
[2016/01/25 17:46:02 | 000,000,173 | ---- | C] () -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
[2016/01/25 17:44:41 | 000,000,290 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2016/01/20 00:00:03 | 000,005,174 | ---- | C] () -- C:\Windows\SysWow64\nppt9x.vxd
[2015/11/16 22:02:46 | 000,000,187 | ---- | C] () -- C:\Users\admin\AppData\Local\Quoteelectrics.exe.config
[2015/08/16 20:49:09 | 000,003,584 | ---- | C] () -- C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2015/06/29 13:19:29 | 037,748,880 | ---- | C] () -- C:\Windows\SysWow64\nvcompiler.dll
[2015/04/19 13:20:16 | 000,005,872 | ---- | C] () -- C:\Users\admin\AppData\Roaming\SZ8qSiH1
[2015/04/14 17:28:56 | 000,004,387 | ---- | C] () -- C:\Users\admin\AppData\Roaming\9CEj7XNltX0xHbuvD30Cn
[2014/11/08 05:13:51 | 000,000,382 | ---- | C] () -- C:\Windows\ODBC.INI
[2014/10/18 14:29:50 | 000,226,168 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2014/10/18 14:29:50 | 000,076,152 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2014/09/23 15:30:23 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2014/09/23 15:27:42 | 001,643,716 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/09/23 15:24:59 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015/08/06 19:04:07 | 014,176,768 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/08/06 18:44:51 | 012,875,776 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== LOP Check ==========[/color]

[2016/02/18 19:30:03 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Awesomium
[2016/02/18 19:30:03 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\FiraxisLive
[2016/02/18 19:30:03 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Gameo
[2016/02/18 19:30:03 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\LolClient
[2016/02/18 19:30:08 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Mumble
[2016/02/18 19:30:08 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\nBrowser
[2016/02/18 19:30:08 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\NCSOFT
[2016/02/18 19:30:09 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Origin
[2016/02/18 19:30:09 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\RIFT
[2016/02/18 19:30:09 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Riot Games
[2016/02/18 19:30:12 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\TP-LINK
[2016/02/18 19:30:13 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\TS3Client
[2016/02/18 19:30:13 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\ZHP

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color]
[2014/09/23 15:33:58 | 000,000,032 | ---- | M] () -- C:\csb.log
[2016/02/18 19:47:17 | 4264,083,454 | -HS- | M] () -- C:\hiberfil.sys
[2014/09/23 15:30:26 | 000,000,189 | ---- | M] () -- C:\Install.log
[2016/02/18 19:47:19 | 4253,790,205 | -HS- | M] () -- C:\pagefile.sys
[2014/09/23 15:55:09 | 000,000,032 | ---- | M] () -- C:\setup.log

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]

[color=#A23BEC]< %PROGRAMFILES%\*.* >[/color]
[2009/07/14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

[color=#A23BEC]< %PROGRAMFILES%\*. >[/color]
[2016/01/25 17:54:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2015/07/06 19:28:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AGEIA Technologies
[2015/11/18 10:15:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ASUS
[2014/09/23 15:32:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ATI Technologies
[2015/08/01 13:49:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Battlelog Web Plugins
[2015/04/16 21:40:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cardo Updater
[2014/11/01 07:50:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Combined Community Codec Pack
[2016/01/25 17:54:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2014/09/23 15:30:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dolby Home Theater v4
[2014/09/23 15:33:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Etron Technology
[2014/09/23 15:33:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GIGABYTE
[2016/02/17 16:03:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Glyph
[2014/10/18 14:46:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2016/01/29 14:01:20 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2015/11/19 03:28:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2015/08/16 20:35:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iZotope
[2014/11/08 05:13:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2014/11/08 05:13:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2016/02/01 09:53:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2016/02/01 09:53:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2009/07/14 06:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2015/11/19 03:05:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2015/04/30 19:12:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mumble
[2016/01/20 00:18:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NCSOFT
[2016/01/19 20:34:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NCWest
[2014/10/22 21:12:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NVIDIA Corporation
[2016/02/01 09:59:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Origin
[2015/03/22 17:36:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Origin Games
[2015/08/16 20:26:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Pinnacle
[2015/02/05 05:31:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Razer Surround Driver Installer
[2014/09/23 15:29:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2009/07/14 06:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2014/10/23 08:47:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ROCCAT
[2016/01/15 08:21:21 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2014/09/23 15:30:34 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp
[2014/10/18 10:53:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TP-LINK
[2009/07/14 05:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2014/10/19 03:31:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2010/11/21 07:19:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2015/06/30 02:19:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/14 06:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2010/11/21 07:19:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2010/11/21 04:31:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2010/11/21 07:19:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2014/10/18 17:01:04 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Zero G Registry

[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

[color=#A23BEC]< MD5 for: APPMGMTS.DLL >[/color]
[2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) MD5=4ABA3E75A76195A3E38ED2766C962899 -- C:\Windows\winsxs\amd64_microsoft-windows-g..oftwareinstallation_31bf3856ad364e35_6.1.7600.16385_none_ddc3da0b75baa7e0\appmgmts.dll
[2009/07/14 02:14:53 | 000,149,504 | ---- | M] (Microsoft Corporation) MD5=A45D184DF6A8803DA13A0B329517A64A -- C:\Windows\winsxs\wow64_microsoft-windows-g..oftwareinstallation_31bf3856ad364e35_6.1.7600.16385_none_e818845daa1b69db\appmgmts.dll

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys

[color=#A23BEC]< MD5 for: AUTOCHK.EXE >[/color]
[2010/11/21 04:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SysNative\autochk.exe
[2010/11/21 04:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2010/11/21 04:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010/11/21 04:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2009/07/14 01:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\SysNative\drivers\beep.sys
[2009/07/14 01:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\winsxs\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_201592fa214e4f02\beep.sys

[color=#A23BEC]< MD5 for: CNGAUDIT.DLL >[/color]
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

[color=#A23BEC]< MD5 for: HIDSERV.DLL >[/color]
[2009/07/14 02:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=2BC6F6A1992B3A77F5F41432CA6B3B6B -- C:\Windows\SysWOW64\hidserv.dll
[2009/07/14 02:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=2BC6F6A1992B3A77F5F41432CA6B3B6B -- C:\Windows\winsxs\wow64_microsoft-windows-hid-user_31bf3856ad364e35_6.1.7600.16385_none_3cf5e466d58070d9\hidserv.dll
[2009/07/14 02:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) MD5=BD9EB3958F213F96B97B1D897DEE006D -- C:\Windows\SysNative\hidserv.dll
[2009/07/14 02:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) MD5=BD9EB3958F213F96B97B1D897DEE006D -- C:\Windows\winsxs\amd64_microsoft-windows-hid-user_31bf3856ad364e35_6.1.7600.16385_none_32a13a14a11faede\hidserv.dll

[color=#A23BEC]< MD5 for: IASTORV.SYS >[/color]
[2010/11/21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

[color=#A23BEC]< MD5 for: IMM32.DLL >[/color]
[2010/11/21 04:24:25 | 000,119,808 | ---- | M] (Microsoft Corporation) MD5=A6F09E5669D9A19035F6D942CAA15882 -- C:\Windows\SysWOW64\imm32.dll
[2010/11/21 04:24:25 | 000,119,808 | ---- | M] (Microsoft Corporation) MD5=A6F09E5669D9A19035F6D942CAA15882 -- C:\Windows\winsxs\wow64_microsoft-windows-imm32_31bf3856ad364e35_6.1.7601.17514_none_c4d0cdd7c56b493e\imm32.dll
[2009/07/14 02:41:09 | 000,167,424 | ---- | M] (Microsoft Corporation) MD5=AA2C08CE85653B1A0D2E4AB407FA176C -- C:\Windows\SysNative\imm32.dll
[2009/07/14 02:41:09 | 000,167,424 | ---- | M] (Microsoft Corporation) MD5=AA2C08CE85653B1A0D2E4AB407FA176C -- C:\Windows\winsxs\amd64_microsoft-windows-imm32_31bf3856ad364e35_6.1.7600.16385_none_b84b0fbd941c03a9\imm32.dll

[color=#A23BEC]< MD5 for: KERNEL32.DLL >[/color]
[2015/07/15 04:20:03 | 001,164,288 | ---- | M] (Microsoft Corporation) MD5=093861BB2A36B95CE824683714737CAD -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23126_none_f2648115860f42d7\kernel32.dll
[2015/04/27 20:03:36 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=1569F20BB9DB9FDC87A6D3C8A3726ABF -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18839_none_fc27e586a1579c95\kernel32.dll
[2015/04/27 20:23:19 | 001,162,752 | ---- | M] (Microsoft Corporation) MD5=1C9F2F4A2C603739BD8CC8C64310AFD7 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18839_none_f1d33b346cf6da9a\kernel32.dll
[2015/07/22 18:52:03 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=1E679BB6671C67B2097A5E53D884D4D0 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18939_none_fc27e76ca15799bc\kernel32.dll
[2015/04/27 20:17:34 | 001,163,776 | ---- | M] (Microsoft Corporation) MD5=2A782D0DD0C53C8B0A0A2318EBBCEC5D -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23040_none_f248dd9b8624e588\kernel32.dll
[2015/10/01 19:06:41 | 001,166,336 | ---- | M] (Microsoft Corporation) MD5=2E52D789C4B17017556ED45D771DA5EB -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23226_none_f26482fb860f3ffe\kernel32.dll
[2015/07/22 23:03:57 | 001,164,288 | ---- | M] (Microsoft Corporation) MD5=313D319AB74D0218F44CC66BE393E38A -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23142_none_f24ae0158623155d\kernel32.dll
[2015/10/20 02:05:40 | 001,164,800 | ---- | M] (Microsoft Corporation) MD5=386BF677B78B66AABBA92C0FCA0579A6 -- C:\Windows\SysNative\kernel32.dll
[2015/10/20 02:05:40 | 001,164,800 | ---- | M] (Microsoft Corporation) MD5=386BF677B78B66AABBA92C0FCA0579A6 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.19045_none_f1c444286d02c198\kernel32.dll
[2015/05/25 19:22:03 | 001,163,776 | ---- | M] (Microsoft Corporation) MD5=3A2E4CB43CC4AE0195F686146ADCAD3D -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23072_none_f22a6e6b863b6c09\kernel32.dll
[2015/10/20 01:44:17 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=4166C05FA57548E6518D7EE20896C0A5 -- C:\Windows\SysWOW64\kernel32.dll
[2015/10/20 01:44:17 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=4166C05FA57548E6518D7EE20896C0A5 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.19045_none_fc18ee7aa1638393\kernel32.dll
[2015/07/15 18:48:28 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=50159C0AEE9029D43B7E27022B6C0B37 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23136_none_fcae5b7bba7820c3\kernel32.dll
[2015/05/25 19:05:29 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=5EA4D6D52DB2679B8F9DE67A7F8BC41A -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23072_none_fc7f18bdba9c2e04\kernel32.dll
[2012/11/30 06:41:07 | 001,161,216 | ---- | M] (Microsoft Corporation) MD5=65C113214F7B05820F6D8A65B1485196 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18015_none_f1e4cab46cea5424\kernel32.dll
[2015/10/20 01:45:50 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=6D2B6BCAE365F879F958BCAB2B0EBC9D -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23250_none_fc92bbcdba8dbdc2\kernel32.dll
[2015/07/23 00:56:40 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=6F5C056D1AEB8713E403259B5FB38EE8 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23142_none_fc9f8a67ba83d758\kernel32.dll
[2015/05/25 19:19:02 | 001,162,752 | ---- | M] (Microsoft Corporation) MD5=6FDF03A3B110C5264F52F979335AE301 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18869_none_f1b2cb706d0f2e6d\kernel32.dll
[2015/07/15 19:10:48 | 001,163,264 | ---- | M] (Microsoft Corporation) MD5=72585BDAF2EC5237EBD71D540657D6A2 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18933_none_f1cd3b5e6cfc3fb7\kernel32.dll
[2014/03/04 10:16:17 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=76161B9D78A275F8F28DD67436013110 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18409_none_fc484db2a13f5426\kernel32.dll
[2014/04/12 03:32:01 | 001,164,800 | ---- | M] (Microsoft Corporation) MD5=77BBBF70BCE286CD19E1E68F248363FA -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22653_none_f24130b9862a22c7\kernel32.dll
[2010/11/21 04:24:07 | 001,161,216 | ---- | M] (Microsoft Corporation) MD5=7A6326D96D53048FDEC542DF23D875A0 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_f1e3eab06ceb12ef\kernel32.dll
[2015/07/23 01:02:40 | 001,163,264 | ---- | M] (Microsoft Corporation) MD5=9C261AB78DE420AA52FC08D69FD5745D -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18939_none_f1d33d1a6cf6d7c1\kernel32.dll
[2012/11/30 05:57:47 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=9CC2571E3646B9A24296AD7ADCC71682 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22177_none_fc8432ddba97903d\kernel32.dll
[2015/07/15 04:19:54 | 001,163,264 | ---- | M] (Microsoft Corporation) MD5=9D0A88DF1CCB89596DDB876093CD16A4 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18923_none_f1d80b4a6cf423c6\kernel32.dll
[2015/09/28 21:15:54 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=A0CFCED64576C13EC04AD7B39940BE93 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23223_none_fcb62c6fba72b5f4\kernel32.dll
[2015/07/15 18:53:35 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=A38E10B4143A19F32D64517B6A1FCB98 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18933_none_fc21e5b0a15d01b2\kernel32.dll
[2015/07/15 19:09:09 | 001,164,288 | ---- | M] (Microsoft Corporation) MD5=A3A71E4BEE2BA121C969B39AD1EB30FC -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23136_none_f259b12986175ec8\kernel32.dll
[2012/11/30 05:53:59 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=AC0B6F41882FC6ED186962D770EBF1D2 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18015_none_fc397506a14b161f\kernel32.dll
[2012/11/30 06:52:53 | 001,163,264 | ---- | M] (Microsoft Corporation) MD5=B3BEA6420D482356E53B7C728E05C637 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22177_none_f22f888b8636ce42\kernel32.dll
[2015/04/27 19:54:53 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=B4E11856DF2535DF158D32DA7B780FDF -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23040_none_fc9d87edba85a783\kernel32.dll
[2015/07/15 03:54:33 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=C3856345C4FB053140237236D1146242 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18923_none_fc2cb59ca154e5c1\kernel32.dll
[2015/10/20 02:11:29 | 001,166,336 | ---- | M] (Microsoft Corporation) MD5=C86A77F9C93B7E04E4044B1D12E4E085 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23250_none_f23e117b862cfbc7\kernel32.dll
[2014/04/12 03:05:53 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=C8C41EBEE097FEB29FB816854D3AD1E7 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22653_none_fc95db0bba8ae4c2\kernel32.dll
[2015/07/15 03:58:52 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=CA1A5EE549FE248BC127C1A5CAB72B70 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23126_none_fcb92b67ba7004d2\kernel32.dll
[2014/03/04 10:44:00 | 001,163,264 | ---- | M] (Microsoft Corporation) MD5=D2A513EE880D71BDE7F0257F38B9D019 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18409_none_f1f3a3606cde922b\kernel32.dll
[2010/11/21 04:24:15 | 000,837,632 | ---- | M] (Microsoft Corporation) MD5=E80758CF485DB142FCA1EE03A34EAD05 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_fc389502a14bd4ea\kernel32.dll
[2015/05/25 18:59:51 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=F81920ADB15012CF4E9FF8238C85686A -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18869_none_fc0775c2a16ff068\kernel32.dll

[color=#A23BEC]< MD5 for: MSWSOCK.DLL >[/color]
[2010/11/21 04:24:00 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
[2013/09/07 03:04:16 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=6547D445C4B69DC0083B619AC642DF04 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.22444_none_bac3d364a4c3ea89\mswsock.dll
[2010/11/21 04:24:09 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll
[2013/09/08 03:27:14 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=9A9F9F1A77D6A80EE28B57664F00013E -- C:\Windows\SysNative\mswsock.dll
[2013/09/08 03:27:14 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=9A9F9F1A77D6A80EE28B57664F00013E -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.18254_none_164e004b440bdabf\mswsock.dll
[2013/09/07 03:24:39 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=BDDB1FD258B92DEE00F222D3304B5D9C -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.22444_none_16e26ee85d215bbf\mswsock.dll
[2013/09/08 03:03:58 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=E94C583CDE2348950155F2AF2876F34D -- C:\Windows\SysWOW64\mswsock.dll
[2013/09/08 03:03:58 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=E94C583CDE2348950155F2AF2876F34D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.18254_none_ba2f64c78bae6989\mswsock.dll

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2012/08/22 19:06:07 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=5E74508FCB5820B29EEAFE24E6035BCF -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.22097_none_06232d534c0a8d67\ndis.sys
[2012/08/22 19:12:40 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=760E38053BF56E501D562B70AD796B88 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17939_none_05dc9a6832ba428a\ndis.sys
[2010/11/21 04:23:55 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_05ed313632ae9759\ndis.sys
[2015/10/13 00:04:07 | 000,949,184 | ---- | M] (Microsoft Corporation) MD5=901D1BE3F8567B5D02747B1174FF708F -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.23235_none_0661f94b4bdbc702\ndis.sys
[2015/10/13 05:57:21 | 000,950,720 | ---- | M] (Microsoft Corporation) MD5=F7309F42555F8AAB7144A51A1F2585B0 -- C:\Windows\SysNative\drivers\ndis.sys
[2015/10/13 05:57:21 | 000,950,720 | ---- | M] (Microsoft Corporation) MD5=F7309F42555F8AAB7144A51A1F2585B0 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.19030_none_05d3592832c2ab5e\ndis.sys

[color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color]
[2010/11/21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

[color=#A23BEC]< MD5 for: NTFS.SYS >[/color]
[2010/11/21 04:23:55 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=05D78AA5CB5F3F5C31160BDB955D0B7C -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17514_none_04972f2c338b23d4\ntfs.sys
[2014/01/24 03:37:55 | 001,684,928 | ---- | M] (Microsoft Corporation) MD5=1A29A59A4C5BA6F8C85062A613B7E2B2 -- C:\Windows\SysNative\drivers\ntfs.sys
[2014/01/24 03:37:55 | 001,684,928 | ---- | M] (Microsoft Corporation) MD5=1A29A59A4C5BA6F8C85062A613B7E2B2 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.18378_none_045a363833b85029\ntfs.sys
[2014/01/24 03:40:06 | 001,684,416 | ---- | M] (Microsoft Corporation) MD5=48B6047F82D5A8D0AEC71593F4ACD79B -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.22580_none_04d102ad4ce53e53\ntfs.sys
[2011/03/11 07:19:20 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=87B104128D4D3BA3C13098BAEBF38082 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.21680_none_04d11b5b4ce521d9\ntfs.sys
[2011/03/11 07:41:34 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=A2F74975097F52A00745F9637451FDD8 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17577_none_0459508233b9177f\ntfs.sys

[color=#A23BEC]< MD5 for: NVSTOR.SYS >[/color]
[2011/03/11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

[color=#A23BEC]< MD5 for: PROQUOTA.EXE >[/color]
[2010/11/21 04:24:32 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E77BAB79F078654782F83F0A0AEFE31 -- C:\Windows\SysWOW64\proquota.exe
[2010/11/21 04:24:32 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E77BAB79F078654782F83F0A0AEFE31 -- C:\Windows\winsxs\x86_microsoft-windows-proquota_31bf3856ad364e35_6.1.7601.17514_none_29ce61c2f0a740f4\proquota.exe
[2010/11/21 04:24:16 | 000,031,744 | ---- | M] (Microsoft Corporation) MD5=C6C83C0DF40E11FA1F06625E95E41DE7 -- C:\Windows\SysNative\proquota.exe
[2010/11/21 04:24:16 | 000,031,744 | ---- | M] (Microsoft Corporation) MD5=C6C83C0DF40E11FA1F06625E95E41DE7 -- C:\Windows\winsxs\amd64_microsoft-windows-proquota_31bf3856ad364e35_6.1.7601.17514_none_85ecfd46a904b22a\proquota.exe

[color=#A23BEC]< MD5 for: QMGR.DLL >[/color]
[2010/11/21 04:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
[2010/11/21 04:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll

[color=#A23BEC]< MD5 for: SCECLI.DLL >[/color]
[2010/11/21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

[color=#A23BEC]< MD5 for: SPOOLSV.EXE >[/color]
[2012/02/11 07:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) MD5=85DAA09A98C9286D4EA2BA8D0E644377 -- C:\Windows\SysNative\spoolsv.exe
[2012/02/11 07:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) MD5=85DAA09A98C9286D4EA2BA8D0E644377 -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17777_none_3433cdb2d8563d50\spoolsv.exe
[2010/11/21 04:24:27 | 000,559,104 | ---- | M] (Microsoft Corporation) MD5=B96C17B5DC1424D56EEA3A99E97428CD -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_3471a890d8284f57\spoolsv.exe
[2012/02/11 07:20:28 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=B9D7A4858CF32A6A15D2763F1DE47E0E -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.21921_none_34ed7a43f150b682\spoolsv.exe

[color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color]
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

[color=#A23BEC]< MD5 for: TERMSRV.DLL >[/color]
[2014/10/14 03:13:06 | 000,683,520 | ---- | M] (Microsoft Corporation) MD5=008CD4EBFABCF78D0F19B3778492648C -- C:\Windows\SysNative\termsrv.dll
[2014/10/14 03:13:06 | 000,683,520 | ---- | M] (Microsoft Corporation) MD5=008CD4EBFABCF78D0F19B3778492648C -- C:\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.18637_none_ecb2935b6af13c52\termsrv.dll
[2010/11/21 04:24:07 | 000,680,960 | ---- | M] (Microsoft Corporation) MD5=2E648163254233755035B46DD7B89123 -- C:\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_ecc547376ae3a1a3\termsrv.dll
[2014/07/17 03:07:44 | 000,681,984 | ---- | M] (Microsoft Corporation) MD5=4FC4C50985E5B840F4D72E57286887B8 -- C:\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.18540_none_eca0bf836affa9bb\termsrv.dll
[2014/10/14 03:16:40 | 000,686,592 | ---- | M] (Microsoft Corporation) MD5=6A5B600AD0041E9AF564DE73B716F3D2 -- C:\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.22843_none_ed2d60f8841a8fd8\termsrv.dll
[2014/07/16 04:23:41 | 000,686,080 | ---- | M] (Microsoft Corporation) MD5=F4D7114060C034134A440846F411BB7F -- C:\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.22750_none_ed1f8e488425629d\termsrv.dll

[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color]
[2010/11/21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

[color=#A23BEC]< MD5 for: WININET.DLL >[/color]
[2015/10/30 23:17:06 | 002,487,808 | ---- | M] (Microsoft Corporation) MD5=033E70DEEE5FED5E9A3E197A2DB1A618 -- C:\Windows\SysNative\wininet.dll
[2015/10/30 23:17:06 | 002,487,808 | ---- | M] (Microsoft Corporation) MD5=033E70DEEE5FED5E9A3E197A2DB1A618 -- C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.18097_none_e47262d5b6ba65d6\wininet.dll
[2015/07/16 19:42:02 | 001,951,232 | ---- | M] (Microsoft Corporation) MD5=0AC8CD2138FD10C4A0E2FF08F892359C -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17959_none_87ee4767fea9c0d8\wininet.dll
[2015/02/20 02:28:25 | 002,358,784 | ---- | M] (Microsoft Corporation) MD5=36F99BD8A0F09BDBB7850A138845A014 -- C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17691_none_e4320a17b6ea768f\wininet.dll
[2015/05/22 18:50:20 | 002,426,880 | ---- | M] (Microsoft Corporation) MD5=417F80E4AFBA1AA9EBBD618F1C6D9165 -- C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17843_none_e4173b3db6ff6300\wininet.dll
[2010/11/21 04:24:08 | 000,980,992 | ---- | M] (Microsoft Corporation) MD5=44214C94911C7CFB1D52CB64D5E8368D -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_1eaaa4a07717236e\wininet.dll
[2014/11/22 02:28:21 | 002,358,272 | ---- | M] (Microsoft Corporation) MD5=4AF089160FE082E5EA5C4AA72782DCA2 -- C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17501_none_e433d769b6ea768f\wininet.dll
[2014/11/22 02:00:20 | 001,888,256 | ---- | M] (Microsoft Corporation) MD5=5E4E0E43E0A5BF9F089696DFA7A3D677 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17501_none_88153be5fe8d0559\wininet.dll
[2015/06/19 18:15:43 | 001,951,232 | ---- | M] (Microsoft Corporation) MD5=63B01F72FD727D5736DBEF54174D8F93 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17914_none_87eab827feacdb57\wininet.dll
[2014/11/06 02:52:35 | 001,892,864 | ---- | M] (Microsoft Corporation) MD5=6DD7D61A8EF3DFEC4FAEFEB395E77424 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17420_none_8822232dfe830275\wininet.dll
[2014/11/06 03:17:24 | 002,365,440 | ---- | M] (Microsoft Corporation) MD5=6FC2819A4F80AAB2DADEDFC1EFEE3C3F -- C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17420_none_e440beb1b6e073ab\wininet.dll
[2015/03/13 03:45:57 | 002,358,784 | ---- | M] (Microsoft Corporation) MD5=77B35D0FC22A2D2EAC8D07C3F9784DBF -- C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17728_none_e41f98adb6f99486\wininet.dll
[2014/10/19 23:02:03 | 001,810,944 | ---- | M] (Microsoft Corporation) MD5=7AE80F921027CF88CB9D0433088A3E55 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17358_none_882f3db7fe78ff91\wininet.dll
[2015/10/30 22:51:28 | 002,011,136 | ---- | M] (Microsoft Corporation) MD5=832CA97817B20B74E2D74A8154630311 -- C:\Windows\SysWOW64\wininet.dll
[2015/10/30 22:51:28 | 002,011,136 | ---- | M] (Microsoft Corporation) MD5=832CA97817B20B74E2D74A8154630311 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.18097_none_8853c751fe5cf4a0\wininet.dll
[2014/07/25 11:52:06 | 002,266,624 | ---- | M] (Microsoft Corporation) MD5=8E71A5CB5312B8392D4DA4CA37BB5868 -- C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17239_none_e45691cbb6d03bc9\wininet.dll
[2014/10/19 23:02:03 | 002,309,632 | ---- | M] (Microsoft Corporation) MD5=9D98D4F390F0B14A782F3B931E613A1A -- C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17358_none_e44dd93bb6d670c7\wininet.dll
[2015/01/12 02:27:32 | 002,358,272 | ---- | M] (Microsoft Corporation) MD5=9DFE41A69DF70AAB75CB5BA8C1109EA2 -- C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17633_none_e42bdacbb6f011c7\wininet.dll
[2014/07/25 11:05:23 | 001,792,512 | ---- | M] (Microsoft Corporation) MD5=B945BAA81B4805AD6BDDF4D026DCFB47 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17239_none_8837f647fe72ca93\wininet.dll
[2015/03/13 03:20:28 | 001,888,256 | ---- | M] (Microsoft Corporation) MD5=C46904F2E9E121A91DDDABB48D7648C3 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17728_none_8800fd29fe9c2350\wininet.dll
[2015/07/16 20:12:42 | 002,427,904 | ---- | M] (Microsoft Corporation) MD5=C555B5C8142844DED9E3BD94E6313000 -- C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17959_none_e40ce2ebb707320e\wininet.dll
[2015/04/21 16:02:00 | 001,882,112 | ---- | M] (Microsoft Corporation) MD5=CB5F450D21B9D76B7F01D006E4AEDB40 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17801_none_87f4cc21fea5592c\wininet.dll
[2015/06/20 19:26:01 | 002,427,392 | ---- | M] (Microsoft Corporation) MD5=E066FDC3A2074D926903B8C31EF3B347 -- C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17914_none_e40953abb70a4c8d\wininet.dll
[2015/05/23 03:20:35 | 001,950,720 | ---- | M] (Microsoft Corporation) MD5=E4EB138060BAE0DBAB1A3B71A3141FE7 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17843_none_87f89fb9fea1f1ca\wininet.dll
[2015/02/20 02:01:25 | 001,888,256 | ---- | M] (Microsoft Corporation) MD5=EA6EA6912F27F05C61D8D747517EB47E -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17691_none_88136e93fe8d0559\wininet.dll
[2015/04/21 16:27:25 | 002,352,128 | ---- | M] (Microsoft Corporation) MD5=F0289B3A341429117696F0279DA977B6 -- C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17801_none_e41367a5b702ca62\wininet.dll
[2015/01/12 02:00:17 | 001,888,256 | ---- | M] (Microsoft Corporation) MD5=F285D499EC42969D963CA49EADA63218 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17633_none_880d3f47fe92a091\wininet.dll
[2010/11/21 04:23:55 | 001,188,864 | ---- | M] (Microsoft Corporation) MD5=F6C5302E1F4813D552F41A0AC82455E5 -- C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_7ac940242f7494a4\wininet.dll

[color=#A23BEC]< MD5 for: WININIT.EXE >[/color]
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2010/11/21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2010/11/21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2014/03/04 12:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[2014/03/04 12:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[2014/03/04 10:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
[2014/03/04 10:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
[2014/07/17 03:07:24 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=8CEBD9D0A0A879CDE9F36F4383B7CAEA -- C:\Windows\SysNative\winlogon.exe
[2014/07/17 03:07:24 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=8CEBD9D0A0A879CDE9F36F4383B7CAEA -- C:\Windows\SysNative\winlogon.exe
[2014/07/17 03:07:24 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=8CEBD9D0A0A879CDE9F36F4383B7CAEA -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_cdc47ed1ebad0e4e\winlogon.exe
[2014/07/17 03:07:24 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=8CEBD9D0A0A879CDE9F36F4383B7CAEA -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_cdc47ed1ebad0e4e\winlogon.exe
[2014/07/16 04:23:23 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=98AA0BFEE089C7E5DADB94190D93456C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_ce434d9704d2c730\winlogon.exe
[2014/07/16 04:23:23 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=98AA0BFEE089C7E5DADB94190D93456C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_ce434d9704d2c730\winlogon.exe

[color=#A23BEC]< MD5 for: WS2_32.DLL >[/color]
[2010/11/21 04:24:28 | 000,297,984 | ---- | M] (Microsoft Corporation) MD5=4BBFA57F594F7E8A8EDC8F377184C3F0 -- C:\Windows\SysNative\ws2_32.dll
[2010/11/21 04:24:28 | 000,297,984 | ---- | M] (Microsoft Corporation) MD5=4BBFA57F594F7E8A8EDC8F377184C3F0 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_50ddb631e4f59005\ws2_32.dll
[2010/11/21 04:23:55 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\SysWOW64\ws2_32.dll
[2010/11/21 04:23:55 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2015/10/30 23:09:39 | 012,854,272 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\system32\ieframe.dll

[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\system32\drivers\ *.sys /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\System32\config\* .sav >[/color]

[color=#A23BEC]< c:\$recycle.bin\*.* /s >[/color]
[2015/11/16 22:04:40 | 000,000,000 | ---- | M] () -- c:\$recycle.bin\5DPCO6CZCIWONZNJH4KJRJWJMCUKIPI4_2.log
[2016/02/18 16:09:25 | 000,009,184 | ---- | M] () -- c:\$recycle.bin\Recovery+kchhl.html
[2016/02/18 16:09:25 | 000,068,724 | ---- | M] () -- c:\$recycle.bin\Recovery+kchhl.png
[2016/02/18 16:09:25 | 000,002,163 | ---- | M] () -- c:\$recycle.bin\Recovery+kchhl.txt
[2014/09/23 15:23:50 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-2565627032-1629897032-959241574-1000\desktop.ini
[2016/02/18 16:09:25 | 000,009,184 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2565627032-1629897032-959241574-1000\Recovery+kchhl.html
[2016/02/18 16:09:25 | 000,068,724 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2565627032-1629897032-959241574-1000\Recovery+kchhl.png
[2016/02/18 16:09:25 | 000,002,163 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2565627032-1629897032-959241574-1000\Recovery+kchhl.txt
[2016/02/18 19:29:18 | 000,009,184 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2565627032-1629897032-959241574-1000\Recovery+njvln.html
[2016/02/18 19:29:18 | 000,068,724 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2565627032-1629897032-959241574-1000\Recovery+njvln.png
[2016/02/18 19:29:18 | 000,002,163 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2565627032-1629897032-959241574-1000\Recovery+njvln.txt
[2016/02/18 16:25:13 | 000,009,184 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2565627032-1629897032-959241574-1000\Recovery+tqhrg.html
[2016/02/18 16:25:13 | 000,068,724 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2565627032-1629897032-959241574-1000\Recovery+tqhrg.png
[2016/02/18 16:25:13 | 000,002,163 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2565627032-1629897032-959241574-1000\Recovery+tqhrg.txt
[2009/07/14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 06:08:49 | 000,027,160 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2014/11/16 10:04:46 | 000,001,066 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2014/11/16 10:04:48 | 000,001,070 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

< End of report >

Publicité


Signaler le contenu de ce document

Publicité