Publicité
Publicité
Format du document : text/plain
Prévisualisation
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:06-08-2015
Ran by Laurent (administrator) on LAURENT (07-08-2015 17:01:07)
Running from C:\Users\Laurent\Downloads
Loaded Profiles: Laurent (Available Profiles: Laurent)
Platform: Microsoft Windows 8 Professionnel (X86) Language: Français (France)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Beijing Rising Information Technology Co., Ltd.) C:\Program Files\Rising\RSD\RsMgrSvc.exe
(Beijing Rising Information Technology Co., Ltd.) C:\Program Files\Rising\RAV\ravmond.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Users\Laurent\AppData\Roaming\Startled Promise\Startled Promise.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BingDesktop] => C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe [2258056 2013-09-22] (Microsoft Corp.)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2303256 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [RSDTRAY] => C:\Program Files\Rising\RSD\popwndexe.exe [126808 2012-09-25] (Beijing Rising Information Technology Co., Ltd.)
HKLM\...\Run: [RavTRAY] => C:\Program Files\Rising\RAV\RSTRAY.EXE [111000 2014-05-15] (Beijing Rising Information Technology Co., Ltd.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2014-03-25] (Logitech, Inc.)
HKU\S-1-5-21-1558589277-265320636-2682692885-1001\...\Run: [EADM] => C:\Program Files\Origin\Origin.exe [3632112 2015-07-02] (Electronic Arts)
HKU\S-1-5-21-1558589277-265320636-2682692885-1001\...\Run: [uTorrent] => C:\Users\Laurent\AppData\Roaming\uTorrent\uTorrent.exe [1693024 2015-07-23] (BitTorrent Inc.)
HKU\S-1-5-21-1558589277-265320636-2682692885-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-1558589277-265320636-2682692885-1001\...\Run: [Dropbox Update] => C:\Users\Laurent\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-24] (Dropbox, Inc.)
HKU\S-1-5-21-1558589277-265320636-2682692885-1001\...\Run: [apphide] => C:\Program Files\baidu\baidu.exe [69632 2015-07-22] ()
IFEO: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\bingdesktop.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\cracked steam.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\darksteam.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\dropbox.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\dropboxuninstaller.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
Startup: C:\Users\Laurent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-04-09]
ShortcutTarget: Dropbox.lnk -> C:\Users\Laurent\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Laurent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Enregistrement du produit.lnk [2013-07-16]
ShortcutTarget: Logitech . Enregistrement du produit.lnk -> C:\Program Files\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Laurent\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Laurent\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Laurent\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Laurent\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Laurent\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Laurent\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Laurent\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Laurent\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1558589277-265320636-2682692885-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1558589277-265320636-2682692885-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1438940493&z=783d7df8bc30790272712a3g5z9c1b5tbz1eazfo1e&from=face&uid=SAMSUNGXHD252HJ_S17HJDWQ930445&q={searchTerms}
HKU\S-1-5-21-1558589277-265320636-2682692885-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1438940493&z=783d7df8bc30790272712a3g5z9c1b5tbz1eazfo1e&from=face&uid=SAMSUNGXHD252HJ_S17HJDWQ930445&q={searchTerms}
HKU\S-1-5-21-1558589277-265320636-2682692885-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hppp&ts=1438940519&z=3a7afce3db1fa860d9c1f1dgcz3c4bftfz0e2z0z3q&from=face&uid=SAMSUNGXHD252HJ_S17HJDWQ930445
HKU\S-1-5-21-1558589277-265320636-2682692885-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hppp&ts=1438940519&z=3a7afce3db1fa860d9c1f1dgcz3c4bftfz0e2z0z3q&from=face&uid=SAMSUNGXHD252HJ_S17HJDWQ930445
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1558589277-265320636-2682692885-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=dspp&ts=1438940519&z=3a7afce3db1fa860d9c1f1dgcz3c4bftfz0e2z0z3q&from=face&uid=SAMSUNGXHD252HJ_S17HJDWQ930445&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1558589277-265320636-2682692885-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=SAMSUNGXHD252HJ_S17HJDWQ930445&ts=1438940557&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1558589277-265320636-2682692885-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=SAMSUNGXHD252HJ_S17HJDWQ930445&ts=1438940557&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1558589277-265320636-2682692885-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=dspp&ts=1438940519&z=3a7afce3db1fa860d9c1f1dgcz3c4bftfz0e2z0z3q&from=face&uid=SAMSUNGXHD252HJ_S17HJDWQ930445&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1558589277-265320636-2682692885-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=SAMSUNGXHD252HJ_S17HJDWQ930445&ts=1438940557&type=default&q={searchTerms}
BHO: RaNdomPriicea -> {68EB996E-7358-4D46-BA65-BDCA6D915312} -> C:\Program Files\RaNdomPriicea\9C6ux883JDiViL.dll [2015-08-07] ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 195.130.130.129 195.130.131.129
Tcpip\..\Interfaces\{0AD342AB-3089-45CB-A357-7577ED3AE57E}: [DhcpNameServer] 195.130.130.129 195.130.131.129
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-20] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin: @rising.com.cn/nprising -> C:\Program Files\Rising\RAV\nprising.dll [2013-06-27] (Beijing Rising Information Technology Co., Ltd.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-1558589277-265320636-2682692885-1001: @chicalogic.com/PasswordManager -> C:\Program Files\ChicaLogic\Chica Password Manager\npchAutofill.dll No File
FF Plugin HKU\S-1-5-21-1558589277-265320636-2682692885-1001: @rising.com.cn/nprising -> C:\Program Files\Rising\RAV\nprising.dll [2013-06-27] (Beijing Rising Information Technology Co., Ltd.)
FF Plugin HKU\S-1-5-21-1558589277-265320636-2682692885-1001: vasco.com/VascoCardReaderPlugin -> C:\Users\Laurent\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.4\npVascoCardReaderPlugin.dll [2014-10-27] (VASCO Data Security)
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-11-08]
FF HKU\S-1-5-21-1558589277-265320636-2682692885-1001\...\Firefox\Extensions: [{c4363eea-4551-4203-ae0e-8ef3a679998d}] - C:\Users\Laurent\AppData\Roaming\Chicalogic\Chica Password Manager\chAutofill
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Laurent\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Laurent\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Laurent\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-26]
CHR Extension: (Palette for Chrome) - C:\Users\Laurent\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolpphfmdmjbojolagcbgdemojhcnlod [2015-08-07]
CHR HKLM\...\Chrome\Extension: [gfkbfjcbkhnmiignagpkiijohkcdkffb] - https://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - Chrome.exe
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 5b9f95c1; c:\Program Files\StatMonitor\StatMonitor.dll [2638336 2015-08-07] () [File not signed]
S4 BingDesktopUpdate; C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-09-22] (Microsoft Corp.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [918160 2015-03-28] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20696720 2015-03-28] (NVIDIA Corporation)
R2 RsMgrSvc; C:\Program Files\Rising\RSD\RsMgrSvc.exe [196288 2015-08-06] (Beijing Rising Information Technology Co., Ltd.)
R2 RsRavMon; C:\Program Files\Rising\RAV\ravmond.exe [277552 2014-05-15] (Beijing Rising Information Technology Co., Ltd.)
R2 Startled Promise; C:\Users\Laurent\AppData\Roaming\Startled Promise\Startled Promise.exe [66048 2015-08-07] () [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1731896 2014-01-28] (TuneUp Software)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14456 2015-01-31] (Microsoft Corporation)
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [24576 2012-07-26] (Microsoft Corporation)
R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [243128 2013-12-11] (Disc Soft Ltd)
R1 HyperVM; C:\WINDOWS\system32\drivers\hvm.sys [32568 2015-08-06] (Beijing Rising Information Technology Co., Ltd.)
R1 kguard; C:\WINDOWS\System32\DRIVERS\kguard.sys [77080 2015-08-06] (Beijing Rising Information Technology Co., Ltd.)
S3 ks4avs; C:\WINDOWS\System32\Drivers\ks4avs.sys [347496 2012-12-18] (Native Instruments GmbH)
S3 ks4usb_svc; C:\WINDOWS\System32\Drivers\ks4usb.sys [99176 2012-12-18] (Native Instruments GmbH)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18576 2015-03-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad32v.sys [32912 2014-11-22] (NVIDIA Corporation)
S1 prodrv06; C:\WINDOWS\System32\drivers\prodrv06.sys [80768 2006-12-23] (Protection Technology) [File not signed]
S0 prohlp02; C:\WINDOWS\System32\drivers\prohlp02.sys [77120 2006-12-23] (Protection Technology) [File not signed]
S0 prosync1; C:\WINDOWS\System32\drivers\prosync1.sys [7136 2005-12-21] (Protection Technology) [File not signed]
R2 rsdsys; C:\WINDOWS\system32\drivers\protreg.sys [24120 2014-05-28] (Beijing Rising Information Technology Co., Ltd.)
R1 rsutils; C:\WINDOWS\System32\DRIVERS\rsutils.sys [83384 2015-08-06] (Beijing Rising Information Technology Co., Ltd.)
S0 sfhlp01; C:\WINDOWS\System32\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology) [File not signed]
R0 sysmon; C:\WINDOWS\System32\DRIVERS\sysmon.sys [157896 2015-08-06] (Beijing Rising Information Technology Co., Ltd.)
R3 tap0901t; C:\WINDOWS\system32\DRIVERS\tap0901t.sys [27136 2009-09-16] (Tunngle.net)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-11-16] (TuneUp Software)
S3 WUDFSensorLP; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\WINDOWS\System32\drivers\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)
S3 xusb22; C:\WINDOWS\System32\drivers\xusb22.sys [68608 2012-07-26] (Microsoft Corporation)
S3 ma-config_x86; \??\C:\Program Files\ma-config.com\Drivers\ma-config_x86.sys [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-08-07 17:01 - 2015-08-07 17:01 - 00018818 _____ C:\Users\Laurent\Downloads\FRST.txt
2015-08-07 17:00 - 2015-08-07 17:01 - 00000000 ___DC C:\FRST
2015-08-07 17:00 - 2015-08-07 17:00 - 01673728 _____ (Farbar) C:\Users\Laurent\Downloads\FRST.exe
2015-08-07 16:58 - 2015-08-07 16:58 - 02170368 _____ (Farbar) C:\Users\Laurent\Downloads\FRST64.exe
2015-08-07 12:51 - 2015-08-07 12:51 - 00000024 _____ C:\Users\Laurent\AppData\Roaming\appdataFr25.bin
2015-08-07 12:36 - 2015-08-07 12:36 - 00000000 ____D C:\Program Files\RaNdomPriicea
2015-08-07 12:36 - 2015-08-07 12:36 - 00000000 ____D C:\Program Files\Palette for Chrome
2015-08-07 12:35 - 2015-08-07 12:35 - 00000000 ____D C:\Program Files\RaandomPriicE
2015-08-07 12:35 - 2015-08-07 12:35 - 00000000 ____D C:\Program Files\RaanddOmPrice
2015-08-07 11:55 - 2015-08-07 11:55 - 00000000 ____D C:\Program Files\StatMonitor
2015-08-07 11:54 - 2015-08-07 12:35 - 00000000 ____D C:\Program Files\youtubeadblocker
2015-08-07 11:54 - 2015-08-07 11:54 - 00000000 ____D C:\Program Files\Silver Bird
2015-08-07 11:53 - 2015-08-07 12:36 - 00000000 ____D C:\ProgramData\1932916710937654368
2015-08-07 11:53 - 2015-08-07 12:35 - 00000000 ____D C:\Program Files\PPruiaceLess
2015-08-07 11:52 - 2015-08-07 11:52 - 00000382 _____ C:\WINDOWS\Tasks\HandyLogs.job
2015-08-07 11:52 - 2015-08-07 11:52 - 00000000 ____D C:\Users\Laurent\AppData\Roaming\Startled Promise
2015-08-07 11:52 - 2015-08-07 11:52 - 00000000 ____D C:\ProgramData\{ec6e8280-eeec-824d-ec6e-e8280eee0a03}
2015-08-07 11:51 - 2015-08-07 11:51 - 00001277 _____ C:\Users\Laurent\Desktop\MBAM.txt
2015-08-07 11:44 - 2015-08-07 11:44 - 00613255 _____ (CMI Limited) C:\Users\Laurent\AppData\Local\nsc5B3B.tmp
2015-08-07 11:29 - 2015-08-07 11:29 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\22551E6D.sys
2015-08-07 11:27 - 2015-08-07 11:27 - 00001060 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-07 11:22 - 2015-08-07 11:22 - 00086283 _____ C:\Users\Laurent\Desktop\ZHPDiag fin.txt
2015-08-07 10:52 - 2015-08-07 10:52 - 00071250 _____ C:\Users\Laurent\Desktop\ZHPCleaner.txt
2015-08-07 10:39 - 2015-08-07 10:57 - 00000000 ____D C:\Users\Laurent\AppData\Local\30927
2015-08-07 10:35 - 2015-08-07 11:56 - 00093304 _____ C:\Users\Laurent\Desktop\ZHPDiag.txt
2015-08-07 10:31 - 2015-08-07 10:31 - 01858560 _____ C:\Users\Laurent\ZHPDiag3.exe
2015-08-07 10:30 - 2015-08-07 11:28 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-08-07 10:30 - 2015-08-07 11:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-07 10:30 - 2015-08-07 11:27 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-08-07 10:30 - 2015-08-07 10:30 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Laurent\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-07 10:30 - 2015-08-07 10:30 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-07 10:30 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-08-07 10:30 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-08-07 10:30 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-08-07 10:29 - 2015-08-07 10:29 - 02248704 _____ C:\Users\Laurent\Downloads\adwcleaner_4.208.exe
2015-08-07 10:28 - 2015-08-07 10:43 - 00000794 _____ C:\Users\Laurent\Desktop\ZHPCleaner.lnk
2015-08-07 10:28 - 2015-08-07 10:28 - 01873920 _____ C:\Users\Laurent\Downloads\ZHPCleaner.exe
2015-08-06 14:22 - 2015-08-06 14:10 - 00032568 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\system32\Drivers\hvm.sys
2015-08-06 12:36 - 2015-08-07 12:09 - 00000000 ____D C:\Users\Laurent\AppData\Roaming\ZHP
2015-08-06 12:36 - 2015-08-07 11:52 - 00000784 _____ C:\Users\Laurent\Desktop\ZHPDiag.lnk
2015-08-06 12:35 - 2015-08-06 12:35 - 01858048 _____ C:\Users\Laurent\Downloads\ZHPDiag3.exe
2015-08-05 16:06 - 2015-08-07 11:41 - 00001310 _____ C:\Users\Laurent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-05 16:05 - 2015-08-05 16:05 - 00308912 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-05 16:04 - 2015-08-07 16:53 - 00157888 _____ C:\WINDOWS\PFRO.log
2015-08-05 10:16 - 2015-08-07 12:36 - 00000000 __RDC C:\RavBin
2015-08-05 10:16 - 2015-08-06 14:09 - 00157896 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\system32\Drivers\sysmon.sys
2015-08-05 10:16 - 2015-08-06 14:09 - 00083384 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\system32\Drivers\rsutils.sys
2015-08-05 10:16 - 2015-08-06 14:09 - 00077080 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\system32\Drivers\kguard.sys
2015-08-05 10:16 - 2015-08-05 10:16 - 00000132 _RSHC C:\rising.ini
2015-08-05 10:16 - 2014-07-30 04:44 - 00091928 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\system32\vpatch.dll
2015-08-05 10:16 - 2013-12-30 09:33 - 00256280 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\system32\ravext.dll
2015-08-05 10:16 - 2012-09-06 02:30 - 00240472 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\system32\bsmain.exe
2015-08-05 10:16 - 2012-02-29 09:49 - 00010808 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\system32\Drivers\rsndisp.sys
2015-08-05 10:15 - 2015-08-05 10:16 - 00000000 ____D C:\ProgramData\Rising
2015-08-05 10:15 - 2015-08-05 10:16 - 00000000 ____D C:\Program Files\Rising
2015-08-05 10:15 - 2014-05-28 09:37 - 00024120 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\system32\Drivers\protreg.sys
2015-08-05 10:07 - 2015-08-05 16:21 - 00000000 ____D C:\Program Files\VS Revo Group
2015-08-05 10:06 - 2015-08-05 10:06 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Laurent\Downloads\revosetup.exe
2015-08-05 09:59 - 2015-08-06 12:26 - 00000000 ____D C:\Users\Laurent\AppData\Roaming\ppslog
2015-08-05 09:59 - 2015-08-05 09:59 - 00000000 ___DC C:\Qiyi
2015-08-05 09:59 - 2015-08-05 09:59 - 00000000 ____D C:\Users\Laurent\.android
2015-08-05 09:58 - 2015-08-05 10:03 - 00001278 _____ C:\Users\Laurent\Desktop\全网影视.lnk
2015-08-05 09:42 - 2015-08-05 16:21 - 00000000 ____D C:\Users\Laurent\AppData\Local\Unity
2015-08-05 09:42 - 2015-08-05 09:42 - 00000000 ___DC C:\ppsfile
2015-08-05 09:41 - 2015-08-05 09:41 - 00000000 ____D C:\Users\Public\QiYi
2015-08-05 09:40 - 2015-08-06 12:42 - 00000000 ____D C:\Program Files\baidu
2015-08-05 09:40 - 2015-08-05 09:40 - 00000000 ____C C:\dummy.htm
2015-08-05 09:39 - 2015-08-05 09:39 - 00000000 _____ C:\WINDOWS\prleth.sys
2015-08-05 09:39 - 2015-08-05 09:39 - 00000000 _____ C:\WINDOWS\hgfs.sys
2015-08-05 09:11 - 2015-08-05 09:11 - 00000000 _____ C:\Users\Laurent\AppData\Local\Temp.dat
2015-08-02 10:25 - 2015-08-02 10:25 - 00931408 _____ (Google Inc.) C:\Users\Laurent\Downloads\ChromeSetup.exe
2015-08-01 20:35 - 2015-08-07 11:51 - 00001204 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-31 18:54 - 2015-07-31 18:54 - 11208771 _____ C:\Users\Laurent\Downloads\FMRTE 15.3.2 build 16 (1).zip
2015-07-31 18:47 - 2015-08-03 09:15 - 00000000 ____D C:\Users\Laurent\Downloads\FMRTE_keygen_by_ViKiNG (3)
2015-07-31 18:46 - 2015-04-08 14:36 - 00000025 _____ C:\Users\Laurent\Downloads\FILE_ID.DIZ
2015-07-31 18:46 - 2015-04-07 21:46 - 00002921 _____ C:\Users\Laurent\Downloads\ViKiNG.nfo
2015-07-31 18:45 - 2015-07-31 18:45 - 00000000 ____D C:\Users\Laurent\Downloads\FMRTE_keygen_by_ViKiNG (2)
2015-07-31 18:45 - 2015-07-31 18:45 - 00000000 ____D C:\Users\Laurent\Downloads\FMRTE_keygen_by_ViKiNG
2015-07-31 18:43 - 2015-07-31 18:44 - 01676262 _____ C:\Users\Laurent\Downloads\FMRTE_keygen_by_ViKiNG (1).zip
2015-07-31 18:43 - 2015-07-31 18:43 - 01676262 _____ C:\Users\Laurent\Downloads\FMRTE_keygen_by_ViKiNG.zip
2015-07-31 18:21 - 2015-07-31 18:21 - 00000000 ____D C:\Users\Laurent\AppData\Roaming\FMRTE15
2015-07-31 18:16 - 2015-07-31 18:16 - 00000807 _____ C:\Users\Public\Desktop\miniFMRTE.lnk
2015-07-31 18:16 - 2015-07-31 18:16 - 00000783 _____ C:\Users\Public\Desktop\FMRTE 15.lnk
2015-07-31 18:16 - 2015-07-31 18:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FMRTE
2015-07-31 18:12 - 2015-07-31 18:12 - 09483144 _____ (FMRTE ) C:\Users\Laurent\Downloads\FMRTE 15.3.2.16-Setup.exe
2015-07-31 18:04 - 2015-07-31 18:04 - 00000000 ____D C:\Users\Laurent\Downloads\FMRTE 15.3.2 build 16.zip
2015-07-31 17:38 - 2015-07-31 17:39 - 00000000 ____D C:\Users\Laurent\Downloads\FMEL15-v3.1.1
2015-07-31 17:36 - 2015-07-31 17:36 - 02318459 _____ C:\Users\Laurent\Downloads\FMEL15-v3.1.1.zip
2015-07-30 11:36 - 2015-07-30 11:36 - 36081324 _____ (Electronic Arts ) C:\Users\Laurent\Downloads\Breakthrough_patch_2.40b.exe
2015-07-30 11:26 - 2015-07-30 11:26 - 04136147 _____ C:\Users\Laurent\Downloads\MOHAAB_240b.rar
2015-07-30 11:10 - 2015-07-30 13:22 - 00002115 _____ C:\Users\Public\Desktop\Medal of Honor Débarquement Allié(tm) l'Offensive.lnk
2015-07-30 11:10 - 2015-07-30 11:10 - 00000734 _____ C:\WINDOWS\eReg.dat
2015-07-29 13:16 - 2015-07-29 13:16 - 00016756 _____ C:\Users\Laurent\Downloads\Medal of honor débarquement allié -L'offensive (1).torrent
2015-07-28 16:15 - 2015-07-28 16:15 - 09291508 _____ (Electronic Arts ) C:\Users\Laurent\Downloads\Medal_Of_Honor_-_En_Formation_Patch_v2.15.exe
2015-07-28 16:14 - 2015-07-28 16:15 - 57108284 _____ (Electronic Arts ) C:\Users\Laurent\Downloads\Medal_Of_Honor_-_En_Formation_Patch_v2.11.exe
2015-07-28 15:18 - 2015-07-28 15:18 - 00001954 _____ C:\Users\Public\Desktop\Medal of Honor Débarquement allié(tm) En Formation.lnk
2015-07-28 14:50 - 2015-07-28 14:50 - 00016756 _____ C:\Users\Laurent\Downloads\Medal of honor débarquement allié -L'offensive.torrent
2015-07-28 14:49 - 2015-07-28 14:49 - 00015789 _____ C:\Users\Laurent\Downloads\Medal of honor débarquement allié - En Formation.torrent
2015-07-24 09:23 - 2015-07-24 09:23 - 00001168 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1558589277-265320636-2682692885-1001Core1d0c5e192676c4c.job
2015-07-24 09:13 - 2015-07-24 09:13 - 00000000 ____D C:\Users\Laurent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-24 09:12 - 2015-07-24 09:12 - 00000000 ____D C:\Users\Laurent\AppData\Local\Dropbox
2015-07-24 09:12 - 2015-07-24 09:12 - 00000000 ____D C:\ProgramData\Dropbox
2015-07-23 13:16 - 2015-07-23 13:23 - 00001304 _____ C:\Users\Laurent\Documents\unnamedsoldier.cfg
2015-07-23 13:03 - 2015-07-23 13:03 - 00001351 _____ C:\Users\Laurent\Documents\unnamedsoldier new.txt
2015-07-23 12:21 - 2015-07-23 12:21 - 00000000 ____D C:\Users\Laurent\Downloads\Medal.of.Honor.Allied.Assault.Widescreen.1440x900_PATCH-FFF
2015-07-23 12:19 - 2015-07-23 12:19 - 00003790 _____ C:\Users\Laurent\Downloads\Medal.of.Honor.Allied.Assault.Widescreen.1440x900_PATCH-FFF.zip
2015-07-23 11:53 - 2007-06-24 00:53 - 00001549 _____ C:\ProgramData\unnamedsoldier.cfg
2015-07-23 11:26 - 2015-07-23 11:26 - 16222906 _____ (EA GAMES ) C:\Users\Laurent\Downloads\MOHAA_FR_ONLY_patch111v9safedisk.exe
2015-07-23 10:52 - 2015-07-23 10:52 - 00000000 ____D C:\Users\Laurent\Downloads\Reborn_RC1_WINDOWS
2015-07-23 10:50 - 2015-07-23 10:50 - 16033625 _____ C:\Users\Laurent\Downloads\Medal_Of_Honor_Debarquement_allie_Patch_1.11 (2).zip
2015-07-23 10:49 - 2015-07-28 11:56 - 00002050 _____ C:\Users\Public\Desktop\Medal of Honor débarquement allié.lnk
2015-07-23 10:48 - 2015-07-23 10:50 - 16033625 _____ C:\Users\Laurent\Downloads\Medal_Of_Honor_Debarquement_allie_Patch_1.11.zip
2015-07-23 10:42 - 2015-07-23 10:42 - 03414667 _____ C:\Users\Laurent\Downloads\Reborn_RC1_WINDOWS.rar
2015-07-23 10:36 - 2015-07-23 12:39 - 00000000 ____D C:\Program Files\EA GAMES
2015-07-23 10:16 - 2015-07-23 10:16 - 00012799 _____ C:\Users\Laurent\Downloads\medal of honor debarquement allie.zip.torrent
2015-07-22 15:42 - 2015-07-22 15:43 - 37811525 _____ C:\Users\Laurent\Downloads\cod_1.5_patch_JeuxVideo.com_9214.zip
2015-07-22 15:11 - 2015-07-22 15:11 - 00029591 _____ C:\Users\Laurent\Downloads\Call_of_Duty_ 1[Solo][Multi][Cracké][Keygen incluse].torrent
2015-07-21 10:45 - 2015-07-14 22:11 - 00035328 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-07-21 10:45 - 2015-07-14 21:43 - 00304128 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-07-18 10:51 - 2015-07-18 10:51 - 00000000 ____D C:\Program Files\Microsoft ASP.NET
2015-07-16 12:55 - 2015-07-16 12:55 - 00007653 _____ C:\Users\Laurent\AppData\Local\Resmon.ResmonCfg
2015-07-16 12:01 - 2015-07-13 23:22 - 00792032 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-07-16 12:01 - 2015-07-13 23:22 - 00177632 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-07-16 11:08 - 2014-04-16 20:20 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-07-16 10:56 - 2015-05-11 23:00 - 00753496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-07-16 10:56 - 2015-04-30 20:59 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2015-07-16 10:56 - 2015-04-30 20:58 - 01000960 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-07-16 10:56 - 2015-04-30 20:58 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2015-07-15 15:42 - 2015-07-15 15:42 - 00000000 ____D C:\Users\Laurent\Documents\CPY_SAVES
2015-07-15 15:41 - 2015-07-17 11:45 - 00000000 ____D C:\Users\Public\Documents\Sports Interactive
2015-07-15 15:41 - 2015-07-17 11:45 - 00000000 ____D C:\Users\Laurent\Documents\Sports Interactive
2015-07-15 15:41 - 2015-07-17 11:45 - 00000000 ____D C:\Users\Laurent\AppData\Local\Sports Interactive
2015-07-15 15:40 - 2015-07-15 15:40 - 00001141 _____ C:\Users\Public\Desktop\Football Manager 2015 Resource Archiver.lnk
2015-07-15 15:40 - 2015-07-15 15:40 - 00001051 _____ C:\Users\Public\Desktop\Football Manager 2015 Editor.lnk
2015-07-15 15:40 - 2015-07-15 15:40 - 00001000 _____ C:\Users\Public\Desktop\Football Manager 2015.lnk
2015-07-15 15:40 - 2015-07-15 15:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sports Interactive
2015-07-15 15:14 - 2015-07-15 15:14 - 00018244 _____ C:\Users\Laurent\Downloads\Football.Manager.2015-CPY-[rarbg.com].torrent
2015-07-15 14:55 - 2015-07-15 14:55 - 00002607 _____ C:\Users\Laurent\Downloads\Football Manager 2015-CPY.torrent
2015-07-15 11:32 - 2015-06-29 16:22 - 00024240 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-07-15 11:32 - 2015-06-29 15:30 - 00628224 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-07-15 11:32 - 2015-06-29 15:30 - 00587264 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-07-15 11:32 - 2015-06-29 15:29 - 00923648 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-07-15 11:32 - 2015-06-29 15:29 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-07-15 11:32 - 2015-06-29 15:29 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-07-15 11:32 - 2015-06-29 15:29 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-07-15 11:32 - 2015-06-27 15:55 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-07-15 11:32 - 2015-06-26 15:06 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-07-15 11:32 - 2015-06-25 03:53 - 03391488 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-07-15 11:32 - 2015-06-15 17:22 - 13771264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-07-15 11:32 - 2015-06-15 17:22 - 08858112 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-07-15 11:32 - 2015-06-15 17:22 - 02416640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-07-15 11:32 - 2015-06-15 17:22 - 02056704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-07-15 11:32 - 2015-06-15 17:22 - 02037760 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-07-15 11:32 - 2015-06-15 17:22 - 01763328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-07-15 11:32 - 2015-06-15 17:22 - 01181696 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-07-15 11:32 - 2015-06-15 17:22 - 00737280 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-07-15 11:32 - 2015-06-15 17:22 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-07-15 11:32 - 2015-06-15 17:22 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-07-15 11:32 - 2015-06-15 17:22 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-07-15 11:32 - 2015-06-15 17:22 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-07-15 11:32 - 2015-06-15 17:22 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-07-15 11:32 - 2015-06-15 17:22 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-07-15 11:32 - 2015-06-15 17:22 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-07-15 11:32 - 2015-06-15 17:22 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-07-15 11:32 - 2015-06-09 16:27 - 02801664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-07-15 11:32 - 2015-05-07 15:04 - 00410739 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-07-15 11:32 - 2015-04-30 15:44 - 00478296 _____ C:\WINDOWS\system32\locale.nls
2015-07-15 11:31 - 2015-07-02 21:15 - 14384640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-07-15 11:31 - 2015-06-27 16:34 - 00155992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-07-15 11:31 - 2015-06-27 15:56 - 00839168 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-07-15 11:31 - 2015-06-27 15:56 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2015-07-15 11:31 - 2015-06-27 15:55 - 00668160 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-07-15 11:31 - 2015-06-27 15:55 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2015-07-15 11:31 - 2015-06-25 20:09 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-07-15 11:31 - 2015-06-25 20:07 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2015-07-15 11:31 - 2015-06-17 16:13 - 01150264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2015-07-15 11:31 - 2015-06-11 21:05 - 01079296 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-07-15 11:31 - 2015-01-07 05:57 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-07-11 21:31 - 2015-07-11 21:31 - 00000000 ____D C:\Users\Laurent\Documents\My Cheat Tables
2015-07-08 20:23 - 2015-07-08 20:23 - 00000834 _____ C:\Users\Public\Desktop\FIFA 14.lnk
2015-07-08 20:23 - 2015-07-08 20:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 14
2015-07-08 17:36 - 2015-07-08 17:36 - 00000000 ____D C:\Users\Laurent\AppData\Local\Setup Integrity Check
2015-07-08 16:36 - 2015-07-08 16:36 - 02319694 _____ C:\Users\Laurent\Downloads\48190_FI-XIV-MWM551_(with_updated_stats_6-3-15) Nerdoholic.com.rar
2015-07-08 16:33 - 2015-07-08 16:33 - 00026706 _____ C:\Users\Laurent\Downloads\FIFA.14.Multi13-RU.Repack.by.z10yded.torrent
2015-07-08 12:13 - 2015-07-08 12:13 - 00012889 _____ C:\Users\Laurent\Downloads\Crack.torrent
2015-07-08 11:01 - 2015-07-08 11:01 - 00000000 ____D C:\Users\Laurent\Downloads\50348_FI-XIV-MWM622
2015-07-08 11:00 - 2015-07-08 11:00 - 00633649 _____ C:\Users\Laurent\Downloads\50348_FI-XIV-MWM622.rar
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-08-07 17:01 - 2013-09-17 08:57 - 00001002 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-08-07 16:58 - 2014-08-31 10:32 - 02005915 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-07 16:54 - 2012-07-26 08:04 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-07 16:53 - 2013-07-15 13:42 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-07 16:53 - 2012-07-26 08:53 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2015-08-07 14:00 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\system32\sru
2015-08-07 12:09 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2015-08-07 11:25 - 2014-11-08 19:16 - 00000000 ___DC C:\AdwCleaner
2015-08-07 11:09 - 2014-11-08 19:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-07 10:31 - 2013-07-15 13:33 - 00000000 ____D C:\Users\Laurent
2015-08-07 10:10 - 2015-03-25 14:10 - 00000004 _____ C:\WINDOWS\system32\029B560A371F4E00AB32838EBC01B9E7
2015-08-06 15:48 - 2012-07-26 06:17 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-08-05 16:17 - 2015-04-11 19:57 - 00000000 ____D C:\Users\Laurent\AppData\Local\Google
2015-08-05 16:06 - 2012-07-26 06:43 - 00000000 ___RD C:\Users\Public
2015-07-30 11:58 - 2015-04-11 20:43 - 00000000 ____D C:\Users\Laurent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-30 11:37 - 2013-07-16 11:48 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-07-30 11:28 - 2014-12-12 14:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Star Wars - Knights of the Old Republic 2
2015-07-30 11:08 - 2015-03-02 12:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
2015-07-30 00:28 - 2013-08-16 14:23 - 00000000 ____D C:\Users\Laurent\AppData\Roaming\uTorrent
2015-07-28 09:14 - 2014-10-16 15:04 - 00000000 ___RD C:\Users\Laurent\Dropbox
2015-07-28 09:14 - 2014-10-16 14:45 - 00000000 ____D C:\Users\Laurent\AppData\Roaming\Dropbox
2015-07-23 11:02 - 2015-04-12 11:43 - 00000000 ____D C:\Users\Laurent\AppData\Local\VirtualStore
2015-07-22 16:16 - 2009-04-22 09:16 - 00000000 ___RD C:\Program Files (x86)
2015-07-21 12:45 - 2012-07-26 08:43 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-17 21:09 - 2015-04-17 15:47 - 00000000 ____D C:\WINDOWS\rescache
2015-07-16 13:09 - 2014-11-08 19:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ma-config.com
2015-07-16 11:29 - 2015-04-25 10:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrackMania
2015-07-16 11:29 - 2014-11-04 16:02 - 00000000 ____D C:\Users\Laurent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hotel Dash Suite Success
2015-07-16 11:29 - 2014-10-26 17:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Re-Volt
2015-07-16 11:29 - 2013-08-18 10:28 - 00000000 ____D C:\Users\Laurent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-07-16 11:04 - 2013-07-30 17:29 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-07-15 19:43 - 2014-12-11 19:21 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-07-15 19:43 - 2014-07-10 16:37 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-07-15 19:43 - 2012-07-26 08:53 - 00000000 ___RD C:\WINDOWS\ToastData
2015-07-15 13:37 - 2015-07-02 18:18 - 00000000 ____D C:\Users\Laurent\Documents\FIFA 14
2015-07-11 21:23 - 2015-04-15 13:28 - 00000000 ____D C:\Users\Laurent\AppData\Local\NFS Underground 2
2015-07-11 11:16 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2015-07-08 16:50 - 2015-05-31 19:16 - 00000000 ____D C:\Program Files\Pixum
2015-07-08 16:50 - 2015-05-24 09:30 - 00000000 ____D C:\Users\Laurent\AppData\Roaming\Notepad++
2015-07-08 16:50 - 2015-05-24 09:30 - 00000000 ____D C:\Program Files\Notepad++
2015-07-08 16:22 - 2013-07-18 12:44 - 00000000 ____D C:\ProgramData\Origin
==================== Files in the root of some directories =======
2015-08-07 12:51 - 2015-08-07 12:51 - 0000024 _____ () C:\Users\Laurent\AppData\Roaming\appdataFr25.bin
2015-08-07 11:44 - 2015-08-07 11:44 - 0613255 _____ (CMI Limited) C:\Users\Laurent\AppData\Local\nsc5B3B.tmp
2015-07-16 12:55 - 2015-07-16 12:55 - 0007653 _____ () C:\Users\Laurent\AppData\Local\Resmon.ResmonCfg
2015-08-05 09:11 - 2015-08-05 09:11 - 0000000 _____ () C:\Users\Laurent\AppData\Local\Temp.dat
2015-07-23 11:53 - 2007-06-24 00:53 - 0001549 _____ () C:\ProgramData\unnamedsoldier.cfg
Some files in TEMP:
====================
C:\Users\Laurent\AppData\Local\Temp\64755_updater.exe
C:\Users\Laurent\AppData\Local\Temp\fsdBC3D.exe
C:\Users\Laurent\AppData\Local\Temp\install1804741.exe
C:\Users\Laurent\AppData\Local\Temp\qqpcmgr_v10.7.16066.216_71780_Silence.exe
C:\Users\Laurent\AppData\Local\Temp\setup3.exe
C:\Users\Laurent\AppData\Local\Temp\tf7a1d1609.dll
C:\Users\Laurent\AppData\Local\Temp\Uninstall.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-08-07 11:02
==================== End of log ============================
Ran by Laurent (administrator) on LAURENT (07-08-2015 17:01:07)
Running from C:\Users\Laurent\Downloads
Loaded Profiles: Laurent (Available Profiles: Laurent)
Platform: Microsoft Windows 8 Professionnel (X86) Language: Français (France)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Beijing Rising Information Technology Co., Ltd.) C:\Program Files\Rising\RSD\RsMgrSvc.exe
(Beijing Rising Information Technology Co., Ltd.) C:\Program Files\Rising\RAV\ravmond.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Users\Laurent\AppData\Roaming\Startled Promise\Startled Promise.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BingDesktop] => C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe [2258056 2013-09-22] (Microsoft Corp.)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2303256 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [RSDTRAY] => C:\Program Files\Rising\RSD\popwndexe.exe [126808 2012-09-25] (Beijing Rising Information Technology Co., Ltd.)
HKLM\...\Run: [RavTRAY] => C:\Program Files\Rising\RAV\RSTRAY.EXE [111000 2014-05-15] (Beijing Rising Information Technology Co., Ltd.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2014-03-25] (Logitech, Inc.)
HKU\S-1-5-21-1558589277-265320636-2682692885-1001\...\Run: [EADM] => C:\Program Files\Origin\Origin.exe [3632112 2015-07-02] (Electronic Arts)
HKU\S-1-5-21-1558589277-265320636-2682692885-1001\...\Run: [uTorrent] => C:\Users\Laurent\AppData\Roaming\uTorrent\uTorrent.exe [1693024 2015-07-23] (BitTorrent Inc.)
HKU\S-1-5-21-1558589277-265320636-2682692885-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-1558589277-265320636-2682692885-1001\...\Run: [Dropbox Update] => C:\Users\Laurent\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-24] (Dropbox, Inc.)
HKU\S-1-5-21-1558589277-265320636-2682692885-1001\...\Run: [apphide] => C:\Program Files\baidu\baidu.exe [69632 2015-07-22] ()
IFEO: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\bingdesktop.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\cracked steam.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\darksteam.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\dropbox.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\dropboxuninstaller.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
Startup: C:\Users\Laurent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-04-09]
ShortcutTarget: Dropbox.lnk -> C:\Users\Laurent\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Laurent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Enregistrement du produit.lnk [2013-07-16]
ShortcutTarget: Logitech . Enregistrement du produit.lnk -> C:\Program Files\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Laurent\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Laurent\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Laurent\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Laurent\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Laurent\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Laurent\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Laurent\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Laurent\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1558589277-265320636-2682692885-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1558589277-265320636-2682692885-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1438940493&z=783d7df8bc30790272712a3g5z9c1b5tbz1eazfo1e&from=face&uid=SAMSUNGXHD252HJ_S17HJDWQ930445&q={searchTerms}
HKU\S-1-5-21-1558589277-265320636-2682692885-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1438940493&z=783d7df8bc30790272712a3g5z9c1b5tbz1eazfo1e&from=face&uid=SAMSUNGXHD252HJ_S17HJDWQ930445&q={searchTerms}
HKU\S-1-5-21-1558589277-265320636-2682692885-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hppp&ts=1438940519&z=3a7afce3db1fa860d9c1f1dgcz3c4bftfz0e2z0z3q&from=face&uid=SAMSUNGXHD252HJ_S17HJDWQ930445
HKU\S-1-5-21-1558589277-265320636-2682692885-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hppp&ts=1438940519&z=3a7afce3db1fa860d9c1f1dgcz3c4bftfz0e2z0z3q&from=face&uid=SAMSUNGXHD252HJ_S17HJDWQ930445
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1558589277-265320636-2682692885-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=dspp&ts=1438940519&z=3a7afce3db1fa860d9c1f1dgcz3c4bftfz0e2z0z3q&from=face&uid=SAMSUNGXHD252HJ_S17HJDWQ930445&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1558589277-265320636-2682692885-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=SAMSUNGXHD252HJ_S17HJDWQ930445&ts=1438940557&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1558589277-265320636-2682692885-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=SAMSUNGXHD252HJ_S17HJDWQ930445&ts=1438940557&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1558589277-265320636-2682692885-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=dspp&ts=1438940519&z=3a7afce3db1fa860d9c1f1dgcz3c4bftfz0e2z0z3q&from=face&uid=SAMSUNGXHD252HJ_S17HJDWQ930445&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1558589277-265320636-2682692885-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=SAMSUNGXHD252HJ_S17HJDWQ930445&ts=1438940557&type=default&q={searchTerms}
BHO: RaNdomPriicea -> {68EB996E-7358-4D46-BA65-BDCA6D915312} -> C:\Program Files\RaNdomPriicea\9C6ux883JDiViL.dll [2015-08-07] ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 195.130.130.129 195.130.131.129
Tcpip\..\Interfaces\{0AD342AB-3089-45CB-A357-7577ED3AE57E}: [DhcpNameServer] 195.130.130.129 195.130.131.129
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-20] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin: @rising.com.cn/nprising -> C:\Program Files\Rising\RAV\nprising.dll [2013-06-27] (Beijing Rising Information Technology Co., Ltd.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-1558589277-265320636-2682692885-1001: @chicalogic.com/PasswordManager -> C:\Program Files\ChicaLogic\Chica Password Manager\npchAutofill.dll No File
FF Plugin HKU\S-1-5-21-1558589277-265320636-2682692885-1001: @rising.com.cn/nprising -> C:\Program Files\Rising\RAV\nprising.dll [2013-06-27] (Beijing Rising Information Technology Co., Ltd.)
FF Plugin HKU\S-1-5-21-1558589277-265320636-2682692885-1001: vasco.com/VascoCardReaderPlugin -> C:\Users\Laurent\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.4\npVascoCardReaderPlugin.dll [2014-10-27] (VASCO Data Security)
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-11-08]
FF HKU\S-1-5-21-1558589277-265320636-2682692885-1001\...\Firefox\Extensions: [{c4363eea-4551-4203-ae0e-8ef3a679998d}] - C:\Users\Laurent\AppData\Roaming\Chicalogic\Chica Password Manager\chAutofill
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Laurent\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Laurent\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Laurent\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-26]
CHR Extension: (Palette for Chrome) - C:\Users\Laurent\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolpphfmdmjbojolagcbgdemojhcnlod [2015-08-07]
CHR HKLM\...\Chrome\Extension: [gfkbfjcbkhnmiignagpkiijohkcdkffb] - https://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - Chrome.exe
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 5b9f95c1; c:\Program Files\StatMonitor\StatMonitor.dll [2638336 2015-08-07] () [File not signed]
S4 BingDesktopUpdate; C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-09-22] (Microsoft Corp.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [918160 2015-03-28] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20696720 2015-03-28] (NVIDIA Corporation)
R2 RsMgrSvc; C:\Program Files\Rising\RSD\RsMgrSvc.exe [196288 2015-08-06] (Beijing Rising Information Technology Co., Ltd.)
R2 RsRavMon; C:\Program Files\Rising\RAV\ravmond.exe [277552 2014-05-15] (Beijing Rising Information Technology Co., Ltd.)
R2 Startled Promise; C:\Users\Laurent\AppData\Roaming\Startled Promise\Startled Promise.exe [66048 2015-08-07] () [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1731896 2014-01-28] (TuneUp Software)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14456 2015-01-31] (Microsoft Corporation)
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [24576 2012-07-26] (Microsoft Corporation)
R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [243128 2013-12-11] (Disc Soft Ltd)
R1 HyperVM; C:\WINDOWS\system32\drivers\hvm.sys [32568 2015-08-06] (Beijing Rising Information Technology Co., Ltd.)
R1 kguard; C:\WINDOWS\System32\DRIVERS\kguard.sys [77080 2015-08-06] (Beijing Rising Information Technology Co., Ltd.)
S3 ks4avs; C:\WINDOWS\System32\Drivers\ks4avs.sys [347496 2012-12-18] (Native Instruments GmbH)
S3 ks4usb_svc; C:\WINDOWS\System32\Drivers\ks4usb.sys [99176 2012-12-18] (Native Instruments GmbH)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18576 2015-03-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad32v.sys [32912 2014-11-22] (NVIDIA Corporation)
S1 prodrv06; C:\WINDOWS\System32\drivers\prodrv06.sys [80768 2006-12-23] (Protection Technology) [File not signed]
S0 prohlp02; C:\WINDOWS\System32\drivers\prohlp02.sys [77120 2006-12-23] (Protection Technology) [File not signed]
S0 prosync1; C:\WINDOWS\System32\drivers\prosync1.sys [7136 2005-12-21] (Protection Technology) [File not signed]
R2 rsdsys; C:\WINDOWS\system32\drivers\protreg.sys [24120 2014-05-28] (Beijing Rising Information Technology Co., Ltd.)
R1 rsutils; C:\WINDOWS\System32\DRIVERS\rsutils.sys [83384 2015-08-06] (Beijing Rising Information Technology Co., Ltd.)
S0 sfhlp01; C:\WINDOWS\System32\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology) [File not signed]
R0 sysmon; C:\WINDOWS\System32\DRIVERS\sysmon.sys [157896 2015-08-06] (Beijing Rising Information Technology Co., Ltd.)
R3 tap0901t; C:\WINDOWS\system32\DRIVERS\tap0901t.sys [27136 2009-09-16] (Tunngle.net)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-11-16] (TuneUp Software)
S3 WUDFSensorLP; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\WINDOWS\System32\drivers\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)
S3 xusb22; C:\WINDOWS\System32\drivers\xusb22.sys [68608 2012-07-26] (Microsoft Corporation)
S3 ma-config_x86; \??\C:\Program Files\ma-config.com\Drivers\ma-config_x86.sys [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-08-07 17:01 - 2015-08-07 17:01 - 00018818 _____ C:\Users\Laurent\Downloads\FRST.txt
2015-08-07 17:00 - 2015-08-07 17:01 - 00000000 ___DC C:\FRST
2015-08-07 17:00 - 2015-08-07 17:00 - 01673728 _____ (Farbar) C:\Users\Laurent\Downloads\FRST.exe
2015-08-07 16:58 - 2015-08-07 16:58 - 02170368 _____ (Farbar) C:\Users\Laurent\Downloads\FRST64.exe
2015-08-07 12:51 - 2015-08-07 12:51 - 00000024 _____ C:\Users\Laurent\AppData\Roaming\appdataFr25.bin
2015-08-07 12:36 - 2015-08-07 12:36 - 00000000 ____D C:\Program Files\RaNdomPriicea
2015-08-07 12:36 - 2015-08-07 12:36 - 00000000 ____D C:\Program Files\Palette for Chrome
2015-08-07 12:35 - 2015-08-07 12:35 - 00000000 ____D C:\Program Files\RaandomPriicE
2015-08-07 12:35 - 2015-08-07 12:35 - 00000000 ____D C:\Program Files\RaanddOmPrice
2015-08-07 11:55 - 2015-08-07 11:55 - 00000000 ____D C:\Program Files\StatMonitor
2015-08-07 11:54 - 2015-08-07 12:35 - 00000000 ____D C:\Program Files\youtubeadblocker
2015-08-07 11:54 - 2015-08-07 11:54 - 00000000 ____D C:\Program Files\Silver Bird
2015-08-07 11:53 - 2015-08-07 12:36 - 00000000 ____D C:\ProgramData\1932916710937654368
2015-08-07 11:53 - 2015-08-07 12:35 - 00000000 ____D C:\Program Files\PPruiaceLess
2015-08-07 11:52 - 2015-08-07 11:52 - 00000382 _____ C:\WINDOWS\Tasks\HandyLogs.job
2015-08-07 11:52 - 2015-08-07 11:52 - 00000000 ____D C:\Users\Laurent\AppData\Roaming\Startled Promise
2015-08-07 11:52 - 2015-08-07 11:52 - 00000000 ____D C:\ProgramData\{ec6e8280-eeec-824d-ec6e-e8280eee0a03}
2015-08-07 11:51 - 2015-08-07 11:51 - 00001277 _____ C:\Users\Laurent\Desktop\MBAM.txt
2015-08-07 11:44 - 2015-08-07 11:44 - 00613255 _____ (CMI Limited) C:\Users\Laurent\AppData\Local\nsc5B3B.tmp
2015-08-07 11:29 - 2015-08-07 11:29 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\22551E6D.sys
2015-08-07 11:27 - 2015-08-07 11:27 - 00001060 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-07 11:22 - 2015-08-07 11:22 - 00086283 _____ C:\Users\Laurent\Desktop\ZHPDiag fin.txt
2015-08-07 10:52 - 2015-08-07 10:52 - 00071250 _____ C:\Users\Laurent\Desktop\ZHPCleaner.txt
2015-08-07 10:39 - 2015-08-07 10:57 - 00000000 ____D C:\Users\Laurent\AppData\Local\30927
2015-08-07 10:35 - 2015-08-07 11:56 - 00093304 _____ C:\Users\Laurent\Desktop\ZHPDiag.txt
2015-08-07 10:31 - 2015-08-07 10:31 - 01858560 _____ C:\Users\Laurent\ZHPDiag3.exe
2015-08-07 10:30 - 2015-08-07 11:28 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-08-07 10:30 - 2015-08-07 11:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-07 10:30 - 2015-08-07 11:27 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-08-07 10:30 - 2015-08-07 10:30 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Laurent\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-07 10:30 - 2015-08-07 10:30 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-07 10:30 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-08-07 10:30 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-08-07 10:30 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-08-07 10:29 - 2015-08-07 10:29 - 02248704 _____ C:\Users\Laurent\Downloads\adwcleaner_4.208.exe
2015-08-07 10:28 - 2015-08-07 10:43 - 00000794 _____ C:\Users\Laurent\Desktop\ZHPCleaner.lnk
2015-08-07 10:28 - 2015-08-07 10:28 - 01873920 _____ C:\Users\Laurent\Downloads\ZHPCleaner.exe
2015-08-06 14:22 - 2015-08-06 14:10 - 00032568 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\system32\Drivers\hvm.sys
2015-08-06 12:36 - 2015-08-07 12:09 - 00000000 ____D C:\Users\Laurent\AppData\Roaming\ZHP
2015-08-06 12:36 - 2015-08-07 11:52 - 00000784 _____ C:\Users\Laurent\Desktop\ZHPDiag.lnk
2015-08-06 12:35 - 2015-08-06 12:35 - 01858048 _____ C:\Users\Laurent\Downloads\ZHPDiag3.exe
2015-08-05 16:06 - 2015-08-07 11:41 - 00001310 _____ C:\Users\Laurent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-05 16:05 - 2015-08-05 16:05 - 00308912 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-05 16:04 - 2015-08-07 16:53 - 00157888 _____ C:\WINDOWS\PFRO.log
2015-08-05 10:16 - 2015-08-07 12:36 - 00000000 __RDC C:\RavBin
2015-08-05 10:16 - 2015-08-06 14:09 - 00157896 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\system32\Drivers\sysmon.sys
2015-08-05 10:16 - 2015-08-06 14:09 - 00083384 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\system32\Drivers\rsutils.sys
2015-08-05 10:16 - 2015-08-06 14:09 - 00077080 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\system32\Drivers\kguard.sys
2015-08-05 10:16 - 2015-08-05 10:16 - 00000132 _RSHC C:\rising.ini
2015-08-05 10:16 - 2014-07-30 04:44 - 00091928 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\system32\vpatch.dll
2015-08-05 10:16 - 2013-12-30 09:33 - 00256280 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\system32\ravext.dll
2015-08-05 10:16 - 2012-09-06 02:30 - 00240472 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\system32\bsmain.exe
2015-08-05 10:16 - 2012-02-29 09:49 - 00010808 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\system32\Drivers\rsndisp.sys
2015-08-05 10:15 - 2015-08-05 10:16 - 00000000 ____D C:\ProgramData\Rising
2015-08-05 10:15 - 2015-08-05 10:16 - 00000000 ____D C:\Program Files\Rising
2015-08-05 10:15 - 2014-05-28 09:37 - 00024120 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\system32\Drivers\protreg.sys
2015-08-05 10:07 - 2015-08-05 16:21 - 00000000 ____D C:\Program Files\VS Revo Group
2015-08-05 10:06 - 2015-08-05 10:06 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Laurent\Downloads\revosetup.exe
2015-08-05 09:59 - 2015-08-06 12:26 - 00000000 ____D C:\Users\Laurent\AppData\Roaming\ppslog
2015-08-05 09:59 - 2015-08-05 09:59 - 00000000 ___DC C:\Qiyi
2015-08-05 09:59 - 2015-08-05 09:59 - 00000000 ____D C:\Users\Laurent\.android
2015-08-05 09:58 - 2015-08-05 10:03 - 00001278 _____ C:\Users\Laurent\Desktop\全网影视.lnk
2015-08-05 09:42 - 2015-08-05 16:21 - 00000000 ____D C:\Users\Laurent\AppData\Local\Unity
2015-08-05 09:42 - 2015-08-05 09:42 - 00000000 ___DC C:\ppsfile
2015-08-05 09:41 - 2015-08-05 09:41 - 00000000 ____D C:\Users\Public\QiYi
2015-08-05 09:40 - 2015-08-06 12:42 - 00000000 ____D C:\Program Files\baidu
2015-08-05 09:40 - 2015-08-05 09:40 - 00000000 ____C C:\dummy.htm
2015-08-05 09:39 - 2015-08-05 09:39 - 00000000 _____ C:\WINDOWS\prleth.sys
2015-08-05 09:39 - 2015-08-05 09:39 - 00000000 _____ C:\WINDOWS\hgfs.sys
2015-08-05 09:11 - 2015-08-05 09:11 - 00000000 _____ C:\Users\Laurent\AppData\Local\Temp.dat
2015-08-02 10:25 - 2015-08-02 10:25 - 00931408 _____ (Google Inc.) C:\Users\Laurent\Downloads\ChromeSetup.exe
2015-08-01 20:35 - 2015-08-07 11:51 - 00001204 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-31 18:54 - 2015-07-31 18:54 - 11208771 _____ C:\Users\Laurent\Downloads\FMRTE 15.3.2 build 16 (1).zip
2015-07-31 18:47 - 2015-08-03 09:15 - 00000000 ____D C:\Users\Laurent\Downloads\FMRTE_keygen_by_ViKiNG (3)
2015-07-31 18:46 - 2015-04-08 14:36 - 00000025 _____ C:\Users\Laurent\Downloads\FILE_ID.DIZ
2015-07-31 18:46 - 2015-04-07 21:46 - 00002921 _____ C:\Users\Laurent\Downloads\ViKiNG.nfo
2015-07-31 18:45 - 2015-07-31 18:45 - 00000000 ____D C:\Users\Laurent\Downloads\FMRTE_keygen_by_ViKiNG (2)
2015-07-31 18:45 - 2015-07-31 18:45 - 00000000 ____D C:\Users\Laurent\Downloads\FMRTE_keygen_by_ViKiNG
2015-07-31 18:43 - 2015-07-31 18:44 - 01676262 _____ C:\Users\Laurent\Downloads\FMRTE_keygen_by_ViKiNG (1).zip
2015-07-31 18:43 - 2015-07-31 18:43 - 01676262 _____ C:\Users\Laurent\Downloads\FMRTE_keygen_by_ViKiNG.zip
2015-07-31 18:21 - 2015-07-31 18:21 - 00000000 ____D C:\Users\Laurent\AppData\Roaming\FMRTE15
2015-07-31 18:16 - 2015-07-31 18:16 - 00000807 _____ C:\Users\Public\Desktop\miniFMRTE.lnk
2015-07-31 18:16 - 2015-07-31 18:16 - 00000783 _____ C:\Users\Public\Desktop\FMRTE 15.lnk
2015-07-31 18:16 - 2015-07-31 18:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FMRTE
2015-07-31 18:12 - 2015-07-31 18:12 - 09483144 _____ (FMRTE ) C:\Users\Laurent\Downloads\FMRTE 15.3.2.16-Setup.exe
2015-07-31 18:04 - 2015-07-31 18:04 - 00000000 ____D C:\Users\Laurent\Downloads\FMRTE 15.3.2 build 16.zip
2015-07-31 17:38 - 2015-07-31 17:39 - 00000000 ____D C:\Users\Laurent\Downloads\FMEL15-v3.1.1
2015-07-31 17:36 - 2015-07-31 17:36 - 02318459 _____ C:\Users\Laurent\Downloads\FMEL15-v3.1.1.zip
2015-07-30 11:36 - 2015-07-30 11:36 - 36081324 _____ (Electronic Arts ) C:\Users\Laurent\Downloads\Breakthrough_patch_2.40b.exe
2015-07-30 11:26 - 2015-07-30 11:26 - 04136147 _____ C:\Users\Laurent\Downloads\MOHAAB_240b.rar
2015-07-30 11:10 - 2015-07-30 13:22 - 00002115 _____ C:\Users\Public\Desktop\Medal of Honor Débarquement Allié(tm) l'Offensive.lnk
2015-07-30 11:10 - 2015-07-30 11:10 - 00000734 _____ C:\WINDOWS\eReg.dat
2015-07-29 13:16 - 2015-07-29 13:16 - 00016756 _____ C:\Users\Laurent\Downloads\Medal of honor débarquement allié -L'offensive (1).torrent
2015-07-28 16:15 - 2015-07-28 16:15 - 09291508 _____ (Electronic Arts ) C:\Users\Laurent\Downloads\Medal_Of_Honor_-_En_Formation_Patch_v2.15.exe
2015-07-28 16:14 - 2015-07-28 16:15 - 57108284 _____ (Electronic Arts ) C:\Users\Laurent\Downloads\Medal_Of_Honor_-_En_Formation_Patch_v2.11.exe
2015-07-28 15:18 - 2015-07-28 15:18 - 00001954 _____ C:\Users\Public\Desktop\Medal of Honor Débarquement allié(tm) En Formation.lnk
2015-07-28 14:50 - 2015-07-28 14:50 - 00016756 _____ C:\Users\Laurent\Downloads\Medal of honor débarquement allié -L'offensive.torrent
2015-07-28 14:49 - 2015-07-28 14:49 - 00015789 _____ C:\Users\Laurent\Downloads\Medal of honor débarquement allié - En Formation.torrent
2015-07-24 09:23 - 2015-07-24 09:23 - 00001168 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1558589277-265320636-2682692885-1001Core1d0c5e192676c4c.job
2015-07-24 09:13 - 2015-07-24 09:13 - 00000000 ____D C:\Users\Laurent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-24 09:12 - 2015-07-24 09:12 - 00000000 ____D C:\Users\Laurent\AppData\Local\Dropbox
2015-07-24 09:12 - 2015-07-24 09:12 - 00000000 ____D C:\ProgramData\Dropbox
2015-07-23 13:16 - 2015-07-23 13:23 - 00001304 _____ C:\Users\Laurent\Documents\unnamedsoldier.cfg
2015-07-23 13:03 - 2015-07-23 13:03 - 00001351 _____ C:\Users\Laurent\Documents\unnamedsoldier new.txt
2015-07-23 12:21 - 2015-07-23 12:21 - 00000000 ____D C:\Users\Laurent\Downloads\Medal.of.Honor.Allied.Assault.Widescreen.1440x900_PATCH-FFF
2015-07-23 12:19 - 2015-07-23 12:19 - 00003790 _____ C:\Users\Laurent\Downloads\Medal.of.Honor.Allied.Assault.Widescreen.1440x900_PATCH-FFF.zip
2015-07-23 11:53 - 2007-06-24 00:53 - 00001549 _____ C:\ProgramData\unnamedsoldier.cfg
2015-07-23 11:26 - 2015-07-23 11:26 - 16222906 _____ (EA GAMES ) C:\Users\Laurent\Downloads\MOHAA_FR_ONLY_patch111v9safedisk.exe
2015-07-23 10:52 - 2015-07-23 10:52 - 00000000 ____D C:\Users\Laurent\Downloads\Reborn_RC1_WINDOWS
2015-07-23 10:50 - 2015-07-23 10:50 - 16033625 _____ C:\Users\Laurent\Downloads\Medal_Of_Honor_Debarquement_allie_Patch_1.11 (2).zip
2015-07-23 10:49 - 2015-07-28 11:56 - 00002050 _____ C:\Users\Public\Desktop\Medal of Honor débarquement allié.lnk
2015-07-23 10:48 - 2015-07-23 10:50 - 16033625 _____ C:\Users\Laurent\Downloads\Medal_Of_Honor_Debarquement_allie_Patch_1.11.zip
2015-07-23 10:42 - 2015-07-23 10:42 - 03414667 _____ C:\Users\Laurent\Downloads\Reborn_RC1_WINDOWS.rar
2015-07-23 10:36 - 2015-07-23 12:39 - 00000000 ____D C:\Program Files\EA GAMES
2015-07-23 10:16 - 2015-07-23 10:16 - 00012799 _____ C:\Users\Laurent\Downloads\medal of honor debarquement allie.zip.torrent
2015-07-22 15:42 - 2015-07-22 15:43 - 37811525 _____ C:\Users\Laurent\Downloads\cod_1.5_patch_JeuxVideo.com_9214.zip
2015-07-22 15:11 - 2015-07-22 15:11 - 00029591 _____ C:\Users\Laurent\Downloads\Call_of_Duty_ 1[Solo][Multi][Cracké][Keygen incluse].torrent
2015-07-21 10:45 - 2015-07-14 22:11 - 00035328 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-07-21 10:45 - 2015-07-14 21:43 - 00304128 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-07-18 10:51 - 2015-07-18 10:51 - 00000000 ____D C:\Program Files\Microsoft ASP.NET
2015-07-16 12:55 - 2015-07-16 12:55 - 00007653 _____ C:\Users\Laurent\AppData\Local\Resmon.ResmonCfg
2015-07-16 12:01 - 2015-07-13 23:22 - 00792032 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-07-16 12:01 - 2015-07-13 23:22 - 00177632 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-07-16 11:08 - 2014-04-16 20:20 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-07-16 10:56 - 2015-05-11 23:00 - 00753496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-07-16 10:56 - 2015-04-30 20:59 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2015-07-16 10:56 - 2015-04-30 20:58 - 01000960 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-07-16 10:56 - 2015-04-30 20:58 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2015-07-15 15:42 - 2015-07-15 15:42 - 00000000 ____D C:\Users\Laurent\Documents\CPY_SAVES
2015-07-15 15:41 - 2015-07-17 11:45 - 00000000 ____D C:\Users\Public\Documents\Sports Interactive
2015-07-15 15:41 - 2015-07-17 11:45 - 00000000 ____D C:\Users\Laurent\Documents\Sports Interactive
2015-07-15 15:41 - 2015-07-17 11:45 - 00000000 ____D C:\Users\Laurent\AppData\Local\Sports Interactive
2015-07-15 15:40 - 2015-07-15 15:40 - 00001141 _____ C:\Users\Public\Desktop\Football Manager 2015 Resource Archiver.lnk
2015-07-15 15:40 - 2015-07-15 15:40 - 00001051 _____ C:\Users\Public\Desktop\Football Manager 2015 Editor.lnk
2015-07-15 15:40 - 2015-07-15 15:40 - 00001000 _____ C:\Users\Public\Desktop\Football Manager 2015.lnk
2015-07-15 15:40 - 2015-07-15 15:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sports Interactive
2015-07-15 15:14 - 2015-07-15 15:14 - 00018244 _____ C:\Users\Laurent\Downloads\Football.Manager.2015-CPY-[rarbg.com].torrent
2015-07-15 14:55 - 2015-07-15 14:55 - 00002607 _____ C:\Users\Laurent\Downloads\Football Manager 2015-CPY.torrent
2015-07-15 11:32 - 2015-06-29 16:22 - 00024240 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-07-15 11:32 - 2015-06-29 15:30 - 00628224 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-07-15 11:32 - 2015-06-29 15:30 - 00587264 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-07-15 11:32 - 2015-06-29 15:29 - 00923648 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-07-15 11:32 - 2015-06-29 15:29 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-07-15 11:32 - 2015-06-29 15:29 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-07-15 11:32 - 2015-06-29 15:29 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-07-15 11:32 - 2015-06-27 15:55 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-07-15 11:32 - 2015-06-26 15:06 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-07-15 11:32 - 2015-06-25 03:53 - 03391488 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-07-15 11:32 - 2015-06-15 17:22 - 13771264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-07-15 11:32 - 2015-06-15 17:22 - 08858112 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-07-15 11:32 - 2015-06-15 17:22 - 02416640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-07-15 11:32 - 2015-06-15 17:22 - 02056704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-07-15 11:32 - 2015-06-15 17:22 - 02037760 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-07-15 11:32 - 2015-06-15 17:22 - 01763328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-07-15 11:32 - 2015-06-15 17:22 - 01181696 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-07-15 11:32 - 2015-06-15 17:22 - 00737280 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-07-15 11:32 - 2015-06-15 17:22 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-07-15 11:32 - 2015-06-15 17:22 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-07-15 11:32 - 2015-06-15 17:22 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-07-15 11:32 - 2015-06-15 17:22 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-07-15 11:32 - 2015-06-15 17:22 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-07-15 11:32 - 2015-06-15 17:22 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-07-15 11:32 - 2015-06-15 17:22 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-07-15 11:32 - 2015-06-15 17:22 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-07-15 11:32 - 2015-06-09 16:27 - 02801664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-07-15 11:32 - 2015-05-07 15:04 - 00410739 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-07-15 11:32 - 2015-04-30 15:44 - 00478296 _____ C:\WINDOWS\system32\locale.nls
2015-07-15 11:31 - 2015-07-02 21:15 - 14384640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-07-15 11:31 - 2015-06-27 16:34 - 00155992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-07-15 11:31 - 2015-06-27 15:56 - 00839168 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-07-15 11:31 - 2015-06-27 15:56 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2015-07-15 11:31 - 2015-06-27 15:55 - 00668160 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-07-15 11:31 - 2015-06-27 15:55 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2015-07-15 11:31 - 2015-06-25 20:09 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-07-15 11:31 - 2015-06-25 20:07 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2015-07-15 11:31 - 2015-06-17 16:13 - 01150264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2015-07-15 11:31 - 2015-06-11 21:05 - 01079296 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-07-15 11:31 - 2015-01-07 05:57 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-07-11 21:31 - 2015-07-11 21:31 - 00000000 ____D C:\Users\Laurent\Documents\My Cheat Tables
2015-07-08 20:23 - 2015-07-08 20:23 - 00000834 _____ C:\Users\Public\Desktop\FIFA 14.lnk
2015-07-08 20:23 - 2015-07-08 20:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 14
2015-07-08 17:36 - 2015-07-08 17:36 - 00000000 ____D C:\Users\Laurent\AppData\Local\Setup Integrity Check
2015-07-08 16:36 - 2015-07-08 16:36 - 02319694 _____ C:\Users\Laurent\Downloads\48190_FI-XIV-MWM551_(with_updated_stats_6-3-15) Nerdoholic.com.rar
2015-07-08 16:33 - 2015-07-08 16:33 - 00026706 _____ C:\Users\Laurent\Downloads\FIFA.14.Multi13-RU.Repack.by.z10yded.torrent
2015-07-08 12:13 - 2015-07-08 12:13 - 00012889 _____ C:\Users\Laurent\Downloads\Crack.torrent
2015-07-08 11:01 - 2015-07-08 11:01 - 00000000 ____D C:\Users\Laurent\Downloads\50348_FI-XIV-MWM622
2015-07-08 11:00 - 2015-07-08 11:00 - 00633649 _____ C:\Users\Laurent\Downloads\50348_FI-XIV-MWM622.rar
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-08-07 17:01 - 2013-09-17 08:57 - 00001002 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-08-07 16:58 - 2014-08-31 10:32 - 02005915 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-07 16:54 - 2012-07-26 08:04 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-07 16:53 - 2013-07-15 13:42 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-07 16:53 - 2012-07-26 08:53 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2015-08-07 14:00 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\system32\sru
2015-08-07 12:09 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2015-08-07 11:25 - 2014-11-08 19:16 - 00000000 ___DC C:\AdwCleaner
2015-08-07 11:09 - 2014-11-08 19:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-07 10:31 - 2013-07-15 13:33 - 00000000 ____D C:\Users\Laurent
2015-08-07 10:10 - 2015-03-25 14:10 - 00000004 _____ C:\WINDOWS\system32\029B560A371F4E00AB32838EBC01B9E7
2015-08-06 15:48 - 2012-07-26 06:17 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-08-05 16:17 - 2015-04-11 19:57 - 00000000 ____D C:\Users\Laurent\AppData\Local\Google
2015-08-05 16:06 - 2012-07-26 06:43 - 00000000 ___RD C:\Users\Public
2015-07-30 11:58 - 2015-04-11 20:43 - 00000000 ____D C:\Users\Laurent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-30 11:37 - 2013-07-16 11:48 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-07-30 11:28 - 2014-12-12 14:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Star Wars - Knights of the Old Republic 2
2015-07-30 11:08 - 2015-03-02 12:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
2015-07-30 00:28 - 2013-08-16 14:23 - 00000000 ____D C:\Users\Laurent\AppData\Roaming\uTorrent
2015-07-28 09:14 - 2014-10-16 15:04 - 00000000 ___RD C:\Users\Laurent\Dropbox
2015-07-28 09:14 - 2014-10-16 14:45 - 00000000 ____D C:\Users\Laurent\AppData\Roaming\Dropbox
2015-07-23 11:02 - 2015-04-12 11:43 - 00000000 ____D C:\Users\Laurent\AppData\Local\VirtualStore
2015-07-22 16:16 - 2009-04-22 09:16 - 00000000 ___RD C:\Program Files (x86)
2015-07-21 12:45 - 2012-07-26 08:43 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-17 21:09 - 2015-04-17 15:47 - 00000000 ____D C:\WINDOWS\rescache
2015-07-16 13:09 - 2014-11-08 19:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ma-config.com
2015-07-16 11:29 - 2015-04-25 10:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrackMania
2015-07-16 11:29 - 2014-11-04 16:02 - 00000000 ____D C:\Users\Laurent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hotel Dash Suite Success
2015-07-16 11:29 - 2014-10-26 17:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Re-Volt
2015-07-16 11:29 - 2013-08-18 10:28 - 00000000 ____D C:\Users\Laurent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-07-16 11:04 - 2013-07-30 17:29 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-07-15 19:43 - 2014-12-11 19:21 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-07-15 19:43 - 2014-07-10 16:37 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-07-15 19:43 - 2012-07-26 08:53 - 00000000 ___RD C:\WINDOWS\ToastData
2015-07-15 13:37 - 2015-07-02 18:18 - 00000000 ____D C:\Users\Laurent\Documents\FIFA 14
2015-07-11 21:23 - 2015-04-15 13:28 - 00000000 ____D C:\Users\Laurent\AppData\Local\NFS Underground 2
2015-07-11 11:16 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2015-07-08 16:50 - 2015-05-31 19:16 - 00000000 ____D C:\Program Files\Pixum
2015-07-08 16:50 - 2015-05-24 09:30 - 00000000 ____D C:\Users\Laurent\AppData\Roaming\Notepad++
2015-07-08 16:50 - 2015-05-24 09:30 - 00000000 ____D C:\Program Files\Notepad++
2015-07-08 16:22 - 2013-07-18 12:44 - 00000000 ____D C:\ProgramData\Origin
==================== Files in the root of some directories =======
2015-08-07 12:51 - 2015-08-07 12:51 - 0000024 _____ () C:\Users\Laurent\AppData\Roaming\appdataFr25.bin
2015-08-07 11:44 - 2015-08-07 11:44 - 0613255 _____ (CMI Limited) C:\Users\Laurent\AppData\Local\nsc5B3B.tmp
2015-07-16 12:55 - 2015-07-16 12:55 - 0007653 _____ () C:\Users\Laurent\AppData\Local\Resmon.ResmonCfg
2015-08-05 09:11 - 2015-08-05 09:11 - 0000000 _____ () C:\Users\Laurent\AppData\Local\Temp.dat
2015-07-23 11:53 - 2007-06-24 00:53 - 0001549 _____ () C:\ProgramData\unnamedsoldier.cfg
Some files in TEMP:
====================
C:\Users\Laurent\AppData\Local\Temp\64755_updater.exe
C:\Users\Laurent\AppData\Local\Temp\fsdBC3D.exe
C:\Users\Laurent\AppData\Local\Temp\install1804741.exe
C:\Users\Laurent\AppData\Local\Temp\qqpcmgr_v10.7.16066.216_71780_Silence.exe
C:\Users\Laurent\AppData\Local\Temp\setup3.exe
C:\Users\Laurent\AppData\Local\Temp\tf7a1d1609.dll
C:\Users\Laurent\AppData\Local\Temp\Uninstall.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-08-07 11:02
==================== End of log ============================