OTL.Txt

Cliquez pour partager vos propres fichiers

Format du document : text/plain

Prévisualisation

ÿþOTL logfile created on: 31/10/2015 18:02:02 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\otmane\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18059)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1,93 Gb Total Physical Memory | 0,42 Gb Available Physical Memory | 21,94% Memory free
3,86 Gb Paging File | 1,42 Gb Available in Paging File | 36,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 167,29 Gb Total Space | 2,83 Gb Free Space | 1,69% Space Free | Partition Type: NTFS
Drive D: | 102,78 Gb Total Space | 4,51 Gb Free Space | 4,39% Space Free | Partition Type: NTFS
Drive H: | 3,68 Gb Total Space | 0,63 Gb Free Space | 17,17% Space Free | Partition Type: FAT32

Computer Name: OTMANE-PC | User Name: otmane | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2015/10/31 17:43:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\otmane\Desktop\OTL.exe
PRC - [2015/10/28 18:49:06 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2015/10/19 17:48:42 | 002,030,912 | ---- | M] (Spotify Ltd) -- C:\Users\otmane\AppData\Roaming\Spotify\SpotifyWebHelper.exe
PRC - [2015/10/12 08:28:44 | 001,433,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2015/10/12 08:28:42 | 001,773,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2015/09/30 18:46:27 | 000,445,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\GWX\GWX.exe
PRC - [2015/09/16 21:32:36 | 006,495,144 | ---- | M] (Piriform Ltd) -- C:\Program Files\CCleaner\CCleaner.exe
PRC - [2015/09/03 04:16:12 | 002,327,712 | ---- | M] (Abengine) -- C:\Program Files\Fast-Search\acengine.exe
PRC - [2015/07/21 17:13:12 | 004,188,408 | ---- | M] (Connectify) -- C:\Program Files\Connectify\Connectify.exe
PRC - [2015/07/21 17:13:12 | 003,843,320 | ---- | M] (Connectify) -- C:\Program Files\Connectify\Connectifyd.exe
PRC - [2015/07/21 17:13:12 | 000,390,904 | ---- | M] (Connectify) -- C:\Program Files\Connectify\ConnectifyNetServices.exe
PRC - [2015/07/21 17:12:12 | 000,217,088 | ---- | M] (Connectify) -- C:\Program Files\Connectify\ConnectifyService.exe
PRC - [2015/05/09 04:12:59 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2014/05/04 12:09:40 | 001,216,512 | ---- | M] (www.IslamicFinder.org) -- C:\Program Files\Athan\Athan.exe
PRC - [2012/11/23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/10/30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/07/24 02:16:35 | 001,437,544 | ---- | M] (RockMelt, Inc.) -- C:\Users\otmane\AppData\Local\RockMelt\Application\rockmelt.exe
PRC - [2011/07/18 19:21:23 | 001,622,016 | ---- | M] (Dassault Systemes SIMULIA Corp) -- C:\abaqus6.12\License\ABAQUSLM.exe
PRC - [2011/07/18 19:21:22 | 001,500,424 | ---- | M] (Acresso Software Inc.) -- C:\abaqus6.12\License\lmgrd.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/05/28 11:34:38 | 000,351,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE
PRC - [2007/01/23 17:49:00 | 000,086,016 | ---- | M] (Mobile Systems, Inc.) -- C:\Program Files\Mobile Systems\MSDict\MSDictWin.exe
PRC - [2006/04/29 08:32:56 | 000,049,152 | ---- | M] (Dassault Systemes) -- C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2015/10/08 18:00:09 | 013,584,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\2e832b30b6d5063d8c6db4ead59dde4f\System.Web.ni.dll
MOD - [2015/10/08 17:56:26 | 012,897,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\0e5c6ed744d8e5894eec0b910e4fc7b0\System.Windows.Forms.ni.dll
MOD - [2015/10/08 17:56:13 | 001,929,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\0ce5a71348ce3ef2f033c0065a065a6b\Microsoft.VisualBasic.ni.dll
MOD - [2015/10/08 17:56:12 | 001,639,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\fe41e3eae34ac29f3c1f03a03d8aa1af\System.Drawing.ni.dll
MOD - [2015/07/21 17:13:12 | 000,715,000 | ---- | M] () -- C:\Program Files\Connectify\log4cplus.dll
MOD - [2015/05/15 13:22:00 | 001,071,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\8d17de4cf6bd55506c509502178d2c20\System.ServiceModel.Web.ni.dll
MOD - [2015/05/15 13:21:53 | 019,547,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a78078ff6ff0c28ef3bf65bd84e193f0\System.ServiceModel.ni.dll
MOD - [2015/05/15 13:21:30 | 002,964,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\dd7948371a8babd1bc4291924ec94d05\System.IdentityModel.ni.dll
MOD - [2015/05/15 01:04:32 | 006,982,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\c61bafa9d029e3f2bf83bd5af3f1f5ac\System.Core.ni.dll
MOD - [2015/05/15 01:04:28 | 000,732,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\70c080bdd9225c90a62dde8bd4c0743c\System.Security.ni.dll
MOD - [2015/05/15 01:04:27 | 000,967,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\908075c4922acdf834c67ac802814c9d\System.Configuration.ni.dll
MOD - [2015/04/16 18:43:38 | 000,797,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\228afa6a0391e75c8a30108d259a7bee\System.Runtime.Remoting.ni.dll
MOD - [2015/01/16 23:14:32 | 010,069,504 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\d18e2115a3270f89663fce831547f534\System.ni.dll
MOD - [2015/01/16 23:13:28 | 000,118,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\93a0883923e78cc3e80b7ac4a9768c60\SMDiagnostics.ni.dll
MOD - [2015/01/16 21:28:32 | 000,424,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv30e99c02#\e21f0e40e718941800c576b4ec924ba1\System.ServiceModel.Channels.ni.dll
MOD - [2015/01/16 21:27:29 | 000,524,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Net.Http\38c4c68111265ea3b0e895d6775437ff\System.Net.Http.ni.dll
MOD - [2015/01/15 22:09:07 | 001,172,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\a48bd2a02ed1ae2fbb79ef8797f0c5f6\System.Management.ni.dll
MOD - [2015/01/15 22:06:49 | 000,790,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\14cc73701aac461eb89d6473a88fcd56\System.ServiceModel.Internals.ni.dll
MOD - [2015/01/15 22:06:48 | 002,855,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\187177229c00aec6dec613ea4b9ff209\System.Runtime.Serialization.ni.dll
MOD - [2015/01/15 22:06:47 | 007,793,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\3d6ee4ffbd9a86ac1e7b01800b6fe9c7\System.Xml.ni.dll
MOD - [2015/01/15 22:05:49 | 017,207,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\d1265d6159ea876f9d63ea4c1361b587\mscorlib.ni.dll
MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2012/07/24 02:16:35 | 000,499,048 | ---- | M] () -- C:\Users\otmane\AppData\Local\RockMelt\Application\0.16.91.483\ppGoogleNaClPluginChrome.dll
MOD - [2012/07/24 02:16:34 | 000,643,432 | ---- | M] () -- C:\Users\otmane\AppData\Local\RockMelt\Application\0.16.91.483\libglesv2.dll
MOD - [2012/07/24 02:16:34 | 000,125,288 | ---- | M] () -- C:\Users\otmane\AppData\Local\RockMelt\Application\0.16.91.483\libegl.dll
MOD - [2012/07/24 02:16:28 | 000,122,744 | ---- | M] () -- C:\Users\otmane\AppData\Local\RockMelt\Application\0.16.91.483\avutil-51.dll
MOD - [2012/07/24 02:16:27 | 001,099,128 | ---- | M] () -- C:\Users\otmane\AppData\Local\RockMelt\Application\0.16.91.483\avcodec-53.dll
MOD - [2012/07/24 02:16:27 | 000,190,328 | ---- | M] () -- C:\Users\otmane\AppData\Local\RockMelt\Application\0.16.91.483\avformat-53.dll
MOD - [2012/07/24 02:16:26 | 009,465,032 | ---- | M] () -- C:\Users\otmane\AppData\Local\RockMelt\Application\0.16.91.483\plugins\npswf32.dll
MOD - [2012/06/18 16:24:30 | 000,260,096 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_05.dll
MOD - [2010/03/15 12:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010/03/08 20:08:28 | 000,282,697 | ---- | M] () -- C:\Program Files\Athan\vbp.dll
MOD - [2008/08/26 22:33:28 | 000,083,968 | ---- | M] () -- C:\Program Files\UltraISO\lang\lang_fr.dll
MOD - [2008/05/28 11:37:39 | 000,351,000 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\Reference 2009\MSENCXML.DLL
MOD - [2008/05/28 11:37:38 | 000,228,120 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\Reference 2009\MSENCDAT.DLL
MOD - [2008/05/28 11:37:37 | 000,269,080 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\Reference 2009\ERSREGPR.DLL
MOD - [2008/05/28 11:37:35 | 000,178,968 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\Reference 2009\ENCCONT.DLL
MOD - [2008/05/28 11:34:38 | 000,068,376 | ---- | M] () -- C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICTEIT.EBK
MOD - [2006/03/17 16:50:02 | 000,147,456 | ---- | M] () -- C:\Program Files\Mobile Systems\MSDict\components\gkwidget.dll
MOD - [2004/12/25 11:37:22 | 000,258,121 | ---- | M] () -- C:\Program Files\Athan\vbh.dll
MOD - [2004/03/20 12:49:40 | 000,229,444 | ---- | M] () -- C:\Program Files\Athan\vbq.dll

[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\globalUpdate\Update\globalupdate.exe /medsvc -- (globalUpdatem)
SRV - File not found [Auto | Stopped] -- C:\Program Files\globalUpdate\Update\globalupdate.exe /svc -- (globalUpdate)
SRV - [2015/10/28 18:49:06 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2015/10/15 02:14:39 | 000,147,624 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015/10/12 08:28:44 | 001,433,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2015/10/12 08:28:42 | 001,773,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2015/09/16 04:23:07 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2015/09/03 04:16:12 | 002,327,712 | ---- | M] (Abengine) [Auto | Running] -- C:\Program Files\Fast-Search\acengine.exe -- (acengine)
SRV - [2015/07/22 18:53:34 | 000,937,984 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\diagtrack.dll -- (DiagTrack)
SRV - [2015/07/21 17:12:12 | 000,217,088 | ---- | M] (Connectify) [Auto | Running] -- C:\Program Files\Connectify\ConnectifyService.exe -- (Connectify)
SRV - [2015/06/18 07:39:50 | 001,133,880 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2015/06/03 14:42:38 | 000,327,296 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014/11/10 15:52:29 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2014/11/10 15:52:28 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013/12/19 00:41:02 | 030,814,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2013/05/27 05:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/10/30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/03/31 23:39:55 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/07/18 19:21:22 | 001,500,424 | ---- | M] (Acresso Software Inc.) [Auto | Running] -- C:\abaqus6.12\License\lmgrd.exe -- (abaqus6.12)
SRV - [2009/10/15 06:51:14 | 000,087,336 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2006/04/29 08:32:56 | 000,049,152 | ---- | M] (Dassault Systemes) [Auto | Running] -- C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe -- (BBDemon)
SRV - [2005/09/23 07:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\stwrt.sys -- (STHDA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbwwan.sys -- (ewusbmbb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2015/10/31 16:59:25 | 000,098,520 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2015/09/21 11:15:27 | 000,036,520 | ---- | M] (Connectify) [Kernel | System | Running] -- C:\Windows\System32\drivers\cnnctfy3.sys -- (cnnctfy3)
DRV - [2015/06/18 07:41:54 | 000,051,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV - [2015/06/18 07:41:36 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/11/28 01:24:18 | 000,108,000 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP)
DRV - [2013/10/02 01:42:31 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/10/30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 23:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/10/30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/10/15 16:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/08/23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2011/09/22 17:10:34 | 000,238,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0105.sys -- (RsFx0105)
DRV - [2010/12/03 14:31:48 | 001,113,704 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2010/11/20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/03/15 08:44:46 | 000,127,488 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 23:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/02/10 18:23:02 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2007/01/04 12:48:04 | 000,104,344 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e4usbaw.sys -- (e4usbaw)
DRV - [2007/01/04 12:47:48 | 000,069,656 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\e4ldr.sys -- (E4LOADER)
DRV - [2006/10/13 21:53:00 | 000,014,912 | ---- | M] (IBM) [Kernel | System | Running] -- C:\Windows\System32\drivers\LUMDriver.sys -- (LUMDriver)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{86F14831-D88C-4BC8-B871-C8FB24D95D9B}: "URL" = http://www.questbasic.com/?prt=QUESTBASIC117&keywords={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{86F14831-D88C-4BC8-B871-C8FB24D95D9B}: "URL" = http://www.questbasic.com/?prt=QUESTBASIC117&keywords={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-3668860765-396180957-4125280876-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://www.google.com
IE - HKU\S-1-5-21-3668860765-396180957-4125280876-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
IE - HKU\S-1-5-21-3668860765-396180957-4125280876-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
IE - HKU\S-1-5-21-3668860765-396180957-4125280876-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKU\S-1-5-21-3668860765-396180957-4125280876-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com
IE - HKU\S-1-5-21-3668860765-396180957-4125280876-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-3668860765-396180957-4125280876-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3668860765-396180957-4125280876-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKU\S-1-5-21-3668860765-396180957-4125280876-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 4A 10 4E 6D 0F CD 01 [binary data]
IE - HKU\S-1-5-21-3668860765-396180957-4125280876-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-3668860765-396180957-4125280876-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://www.google.com
IE - HKU\S-1-5-21-3668860765-396180957-4125280876-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3668860765-396180957-4125280876-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-3668860765-396180957-4125280876-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-3668860765-396180957-4125280876-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3668860765-396180957-4125280876-1000\..\SearchScopes,Backup.Old.DefaultScope = {3836152D-318E-4595-969B-14099CDA06F8}
IE - HKU\S-1-5-21-3668860765-396180957-4125280876-1000\..\SearchScopes,DefaultScope = {4883BD94-9F77-4EFE-A9B0-643A3DF15C77}
IE - HKU\S-1-5-21-3668860765-396180957-4125280876-1000\..\SearchScopes\{4883BD94-9F77-4EFE-A9B0-643A3DF15C77}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
IE - HKU\S-1-5-21-3668860765-396180957-4125280876-1000\..\SearchScopes\OldSearch: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
IE - HKU\S-1-5-21-3668860765-396180957-4125280876-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3668860765-396180957-4125280876-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\S-1-5-21-3668860765-396180957-4125280876-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = www.utc.fr/proxy-utc.pac

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.countryCode: "FR"
FF - prefs.js..browser.search.region: "FR"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "https://www.malwarebytes.org/restorebrowser/-bfr-re__alt__ddc_dsssyc_bd_com"
FF - prefs.js..extensions.enabledAddons: fd_plugin%40FD:1.0.2
FF - prefs.js..extensions.enabledAddons: %7B140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA%7D:3.0.0.0
FF - prefs.js..extensions.enabledAddons: bloodyvikings%40ffs.bplaced.net:1004.8.35
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:41.0.2

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Skype Technologies S.A..com/Skype Web Plugin: C:\Program Files\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\otmane\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@us-w1.rockmelt.com/RockMelt Update;version=8: C:\Users\otmane\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll (RockMelt Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/02/22 13:39:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 41.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/08/06 07:41:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 41.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\otmane\AppData\Roaming\IDM\idmmzcc5 [2015/01/12 18:46:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\otmane\AppData\Roaming\IDM\idmmzcc5 [2015/01/12 18:46:08 | 000,000,000 | ---D | M]

[2014/01/18 14:58:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\otmane\AppData\Roaming\mozilla\Extensions
[2012/03/31 19:14:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\otmane\AppData\Roaming\mozilla\Firefox\extensions
[2012/03/31 19:14:50 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\otmane\AppData\Roaming\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2015/10/17 21:29:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\otmane\AppData\Roaming\mozilla\Firefox\Profiles\oviagmkt.default\extensions
[2015/08/07 08:41:04 | 000,000,000 | ---D | M] (bloodyvikingsffsbplacednet) -- C:\Users\otmane\AppData\Roaming\mozilla\Firefox\Profiles\oviagmkt.default\extensions\bloodyvikings@ffs.bplaced.net
[2014/06/28 23:18:52 | 000,000,000 | ---D | M] (FD Plugin) -- C:\Users\otmane\AppData\Roaming\mozilla\Firefox\Profiles\oviagmkt.default\extensions\fd_plugin@FD
[2015/10/06 22:12:44 | 000,002,225 | ---- | M] () -- C:\Users\otmane\AppData\Roaming\mozilla\firefox\profiles\oviagmkt.default\searchplugins\bingcom.xml
[2015/10/17 21:16:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2015/10/17 21:16:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/06/28 23:04:03 | 000,000,000 | ---D | M] (Widget context) -- C:\USERS\OTMANE\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\{140A2D0E-85CC-4ED3-9BA5-8FA35DA7FABA}
[2015/08/01 16:37:00 | 000,000,573 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\oursurfing.xml

[color=#E56717]========== Chrome ==========[/color]

CHR - Extension: No name found = C:\Users\otmane\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\
CHR - Extension: No name found = C:\Users\otmane\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\otmane\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\otmane\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\otmane\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.40_0\
CHR - Extension: No name found = C:\Users\otmane\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\
CHR - Extension: No name found = C:\Users\otmane\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd\0.0.0.8_1\
CHR - Extension: No name found = C:\Users\otmane\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\
CHR - Extension: No name found = C:\Users\otmane\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.0_1\
CHR - Extension: No name found = C:\Users\otmane\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_1\
CHR - Extension: No name found = C:\Users\otmane\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn\6.18.12_0\
CHR - Extension: No name found = C:\Users\otmane\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.5.0.9082_0\
CHR - Extension: No name found = C:\Users\otmane\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_1\
CHR - Extension: No name found = C:\Users\otmane\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\

O1 HOSTS File: ([2015/01/16 16:53:48 | 000,004,716 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 capitalimonline.com
O1 - Hosts: 127.0.0.1 www.verifi-infonet.com
O1 - Hosts: 127.0.0.1 www.forsil-srl.com
O1 - Hosts: 127.0.0.1 trustedppiclaims.co.uk
O1 - Hosts: 127.0.0.1 ftp.signara.org
O1 - Hosts: 127.0.0.1 buy-fifa-ultimateteam-coins.com
O1 - Hosts: 127.0.0.1 pay.pal-schutz.com
O1 - Hosts: 127.0.0.1 swqk3xftx38.h149.pp39dk.com
O1 - Hosts: 127.0.0.1 robertoleal.es
O1 - Hosts: 127.0.0.1 verifi-infonet.com
O1 - Hosts: 127.0.0.1 ssl.paypal.secure.your.billing.information.mytrickworld.com
O1 - Hosts: 127.0.0.1 lastminute-ibiza.net
O1 - Hosts: 127.0.0.1 myaccount.aol.com.onlineaccounts.upgrade.online.billing.account.update.alcaldiadearaure.gob.ve
O1 - Hosts: 127.0.0.1 www.rhnp.org
O1 - Hosts: 127.0.0.1 bit.ly
O1 - Hosts: 127.0.0.1 www.axisengneering.com
O1 - Hosts: 127.0.0.1 www.positive-eft.com
O1 - Hosts: 127.0.0.1 hw0vrcfmu0fpd.com
O1 - Hosts: 127.0.0.1 www.art3c.com.tw
O1 - Hosts: 127.0.0.1 www.kielkoppfest.harzwinter.net
O1 - Hosts: 127.0.0.1 www.battle.net-account.asxp.cn.com
O1 - Hosts: 127.0.0.1 mgstrategiesstudio.com
O1 - Hosts: 127.0.0.1 www.paypal.com.p2jdb5zb17llxg1i.0243cn71m8gjun1.com
O1 - Hosts: 127.0.0.1 paypal.com.update.account.toughbook.cl
O1 - Hosts: 127.0.0.1 www.lappen-123.no
O1 - Hosts: 79 more lines...
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [C-cleaner] C:\WINDOWS\system32\wscript.exe /e:VBScript.Encode D:\$RECYCLEBIN\Adobe.rar File not found
O4 - HKU\.DEFAULT..\Run: [E09FXLRD_386866] C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [E09FXLRD_386866] C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-3668860765-396180957-4125280876-1000..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-3668860765-396180957-4125280876-1000..\Run: [Spotify] C:\Users\otmane\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3668860765-396180957-4125280876-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Envoyer à OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Télécharger avec Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Télécharger tous les liens avec Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\acengine.dll (Abengine)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\acengine.dll (Abengine)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\acengine.dll (Abengine)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\acengine.dll (Abengine)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\acengine.dll (Abengine)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5466ECC2-D4B6-4749-AE49-C00BEC03AB82}: DhcpNameServer = 195.83.155.55
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\itrjckwj\qajymkgw.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{456b1392-5ca0-11e2-b526-a91760d90a19}\Shell - "" = AutoRun
O33 - MountPoints2\{456b1392-5ca0-11e2-b526-a91760d90a19}\Shell\AutoRun\command - "" = I:\Setup.exe
O33 - MountPoints2\{c34295a8-97bc-11e1-ab1a-1cc1de98d396}\Shell - "" = AutoRun
O33 - MountPoints2\{c34295a8-97bc-11e1-ab1a-1cc1de98d396}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{dcb68394-7b59-11e1-b08e-1cc1de98d396}\Shell - "" = AutoRun
O33 - MountPoints2\{dcb68394-7b59-11e1-b08e-1cc1de98d396}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{dcb683a5-7b59-11e1-b08e-1cc1de98d396}\Shell - "" = AutoRun
O33 - MountPoints2\{dcb683a5-7b59-11e1-b08e-1cc1de98d396}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{f20b8b3b-e091-11e1-aba5-1cc1de98d396}\Shell - "" = AutoRun
O33 - MountPoints2\{f20b8b3b-e091-11e1-aba5-1cc1de98d396}\Shell\AutoRun\command - "" = G:\start.exe
O33 - MountPoints2\{fd933178-7b7d-11e1-9fd4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{fd933178-7b7d-11e1-9fd4-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpReg: [b]Athan[/b] - hkey= - key= - C:\Program Files\Athan\Athan.exe (www.IslamicFinder.org)
MsConfig - StartUpReg: [b]avast[/b] - hkey= - key= - C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
MsConfig - StartUpReg: [b]Connectify Hotspot[/b] - hkey= - key= - C:\Program Files\Connectify\Connectify.exe (Connectify)
MsConfig - StartUpReg: [b]DivXMediaServer[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]DivXUpdate[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]E09FXLRD_6532619[/b] - hkey= - key= - C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE (Microsoft Corporation)
MsConfig - StartUpReg: [b]FAHConsole[/b] - hkey= - key= - C:\Program Files\File Association Helper\FAHConsole.exe (Nico Mak Computing)
MsConfig - StartUpReg: [b]RockMelt Update[/b] - hkey= - key= - C:\Users\otmane\AppData\Local\RockMelt\Update\RockMeltUpdate.exe (Google Inc.)
MsConfig - StartUpReg: [b]Sidebar[/b] - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig - StartUpReg: [b]SolidWorks_CheckForUpdates[/b] - hkey= - key= - C:\Program Files\Common Files\Gestionnaire d'installation SolidWorks\Scheduler\sldIMScheduler.exe (Dassault Systemes)
MsConfig - StartUpReg: [b]Spotify Web Helper[/b] - hkey= - key= - C:\Users\otmane\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Spotify Ltd)
MsConfig - StartUpReg: [b]SunJavaUpdateSched[/b] - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: [b]SynTPEnh[/b] - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: acengine - C:\Program Files\Fast-Search\acengine.exe (Abengine)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SecureAssist - service
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} -
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} -
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} -
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} -
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} -
ActiveX: {66C64F22-FC60-4E6C-A6B5-F0D580E680CE} - C:\Windows\System32\ie4uinit.exe -EnableTLS
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} -
ActiveX: {7D715857-A67C-4C2F-A929-038448584D63} -
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} -
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\46.0.2490.80\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} -
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} -

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv50 - C:\Program Files\SPlayer\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.LAGS - C:\Windows\System32\lagarith.dll ( )

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2015/10/31 17:59:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\otmane\Desktop\OTL.exe
[2015/10/17 21:16:05 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2015/10/15 11:41:33 | 000,000,000 | ---D | C] -- C:\Windows\rescache
[2015/10/15 08:31:30 | 001,120,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appraiser.dll
[2015/10/15 08:31:29 | 000,999,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2015/10/15 08:31:29 | 000,587,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\invagent.dll
[2015/10/15 08:31:28 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devinv.dll
[2015/10/15 08:31:27 | 000,615,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\generaltel.dll
[2015/10/15 08:31:27 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\acmigration.dll
[2015/10/15 08:31:27 | 000,023,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CompatTelRunner.exe
[2015/10/14 16:03:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2015/10/14 16:03:00 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2015/10/14 15:56:19 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2015/10/14 15:55:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2015/10/14 15:54:14 | 000,167,480 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hppccompio.dll
[2015/10/14 15:54:14 | 000,018,944 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\System32\hppmopjl.dll
[2015/10/14 15:54:13 | 000,246,784 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpmpm081.dll
[2015/10/14 15:54:13 | 000,223,232 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpmtp115.dll
[2015/10/14 15:54:13 | 000,181,248 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpmpw081.dll
[2015/10/14 15:54:13 | 000,049,252 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpmnque.dll
[2015/10/14 15:54:13 | 000,049,250 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpmnndps.dll
[2015/10/14 15:54:12 | 000,328,704 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpmml115.dll
[2015/10/14 15:54:12 | 000,279,040 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpmja115.dll
[2015/10/14 15:54:09 | 000,288,256 | ---- | C] (Hewlett-Packard Corporation) -- C:\Windows\System32\hpcpn115.dll
[2015/10/14 15:54:08 | 000,902,200 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\System32\hpbuio32.dll
[2015/10/14 15:54:08 | 000,059,928 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\fxcompchannel.dll
[2015/10/14 15:52:23 | 000,000,000 | ---D | C] -- C:\HP Universal Print Driver
[2015/10/14 11:29:41 | 000,019,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-multibyte-l1-1-0.dll
[2015/10/14 11:29:41 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-string-l1-1-0.dll
[2015/10/14 11:29:41 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-2-0.dll
[2015/10/14 11:29:41 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-locale-l1-1-0.dll
[2015/10/14 11:29:41 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-1.dll
[2015/10/14 11:29:41 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l2-1-0.dll
[2015/10/14 11:29:41 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l2-1-0.dll
[2015/10/14 11:29:41 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-2-0.dll
[2015/10/14 11:29:40 | 000,066,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-private-l1-1-0.dll
[2015/10/14 11:29:40 | 000,022,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-math-l1-1-0.dll
[2015/10/14 11:29:40 | 000,016,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-runtime-l1-1-0.dll
[2015/10/14 11:29:40 | 000,015,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-convert-l1-1-0.dll
[2015/10/14 11:29:40 | 000,013,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-filesystem-l1-1-0.dll
[2015/10/14 11:29:40 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-heap-l1-1-0.dll
[2015/10/14 11:29:40 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-utility-l1-1-0.dll
[2015/10/14 11:29:40 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-2-0.dll
[2015/10/14 11:29:39 | 000,901,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ucrtbase.dll
[2015/10/14 11:29:39 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-stdio-l1-1-0.dll
[2015/10/14 11:29:39 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-time-l1-1-0.dll
[2015/10/14 11:29:39 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-process-l1-1-0.dll
[2015/10/14 11:29:39 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-conio-l1-1-0.dll
[2015/10/14 11:29:39 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-crt-environment-l1-1-0.dll
[2015/10/14 11:29:39 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-eventing-provider-l1-1-0.dll
[2015/10/14 11:29:39 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-timezone-l1-1-0.dll
[2015/10/14 11:29:32 | 003,936,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2015/10/14 11:29:31 | 003,990,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2015/10/14 11:29:29 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2015/10/14 11:29:28 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2015/10/14 11:29:27 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2015/10/14 11:29:26 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\auditpol.exe
[2015/10/14 11:29:25 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2015/10/14 11:29:24 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2015/10/14 11:29:24 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apisetschema.dll
[2015/10/14 11:29:23 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2015/10/14 11:29:23 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msaudite.dll
[2015/10/14 11:29:23 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msobjs.dll
[2015/10/14 11:28:45 | 001,498,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2015/10/14 11:28:41 | 002,955,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2015/10/14 11:28:40 | 000,566,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2015/10/14 11:28:40 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2015/10/14 11:28:40 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2015/10/14 11:28:40 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSetupUI.dll
[2015/10/14 11:28:40 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2015/10/14 11:28:39 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2015/10/14 11:28:39 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2015/10/14 11:28:39 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wu.upgrade.ps.dll
[2015/10/14 11:28:21 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appidapi.dll
[2015/10/14 11:28:20 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appidpolicyconverter.exe
[2015/10/14 11:28:19 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setbcdlocale.dll
[2015/10/14 11:28:19 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appidcertstorecheck.exe
[2015/10/14 11:27:52 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2015/10/14 11:27:52 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2015/10/14 11:27:52 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2015/10/14 11:27:51 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2015/10/14 11:27:51 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2015/10/14 11:27:50 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2015/10/14 11:27:49 | 000,345,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2015/10/14 11:27:49 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2015/10/14 11:27:49 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2015/10/14 11:27:48 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2015/10/14 11:27:48 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2015/10/14 11:27:48 | 000,416,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2015/10/14 11:27:47 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2015/10/14 11:27:47 | 000,689,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2015/10/14 11:27:46 | 002,052,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2015/10/14 11:27:45 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2015/10/14 11:27:44 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2015/10/14 11:27:44 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2015/10/14 11:27:42 | 000,279,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2015/10/14 11:27:41 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2015/10/14 11:27:39 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2015/10/14 11:27:38 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2015/10/14 11:27:37 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2015/10/14 11:27:34 | 004,527,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2015/10/08 18:51:30 | 000,269,832 | ---- | C] (Abengine) -- C:\Windows\System32\acengine.dll
[2015/10/08 17:36:32 | 000,103,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2015/10/08 10:59:11 | 000,000,000 | ---D | C] -- C:\Users\otmane\Desktop\Vibromètres
[2015/10/07 21:52:39 | 000,299,520 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2015/10/07 21:52:38 | 002,384,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2015/10/07 21:52:37 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2015/10/07 21:52:36 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2015/10/07 21:52:35 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2015/10/07 21:52:11 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UtcResources.dll
[2015/10/07 21:52:10 | 000,937,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagtrack.dll
[2015/10/07 21:52:03 | 000,635,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdh.dll
[2015/10/07 21:48:42 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmmsp.dll
[2015/10/07 21:47:24 | 001,372,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmcore.dll
[2015/10/07 21:43:39 | 000,856,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdvidcrl.dll
[2015/10/07 21:43:36 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2015/10/07 21:43:34 | 000,355,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe
[2015/10/07 21:05:37 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basesrv.dll
[2015/10/07 21:01:23 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InkEd.dll
[2015/10/07 21:01:19 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jnwmon.dll
[2015/10/07 21:00:39 | 000,105,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2015/10/07 21:00:37 | 001,805,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2015/10/07 20:59:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
[2015/10/07 20:59:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2015/10/07 20:50:30 | 001,251,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2015/10/07 20:50:14 | 001,987,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2015/10/07 19:46:33 | 000,000,000 | ---D | C] -- C:\ProgramData\PlayGemConfig
[2015/10/07 19:41:50 | 000,000,000 | ---D | C] -- C:\Users\otmane\AppData\Roaming\RunDir
[2015/10/07 19:39:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2015/10/07 17:59:53 | 000,000,000 | ---D | C] -- C:\Program Files\Fast-Search
[2015/10/07 16:26:30 | 000,000,000 | ---D | C] -- C:\Users\otmane\AppData\Local\app
[2015/10/07 10:07:57 | 000,000,000 | ---D | C] -- C:\Program Files\Exploremedia
[2015/10/06 23:17:40 | 000,000,000 | ---D | C] -- C:\Users\otmane\AppData\Local\Systweak
[2015/10/06 22:53:21 | 000,000,000 | ---D | C] -- C:\Program Files\predm
[2015/10/06 22:19:09 | 000,000,000 | ---D | C] -- C:\Users\otmane\AppData\Roaming\WTools
[2015/10/06 22:18:58 | 000,000,000 | ---D | C] -- C:\Program Files\Super Optimizer
[2015/10/06 22:18:41 | 000,000,000 | ---D | C] -- C:\Users\otmane\AppData\Roaming\Store
[2015/10/06 22:12:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Boxore
[2015/10/06 22:10:43 | 000,000,000 | ---D | C] -- C:\Program Files\Boxore
[2015/09/21 11:20:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Connectify 2015
[2015/09/21 11:15:27 | 000,036,520 | ---- | C] (Connectify) -- C:\Windows\System32\drivers\cnnctfy3.sys
[2015/09/20 20:28:41 | 000,000,000 | ---D | C] -- C:\Users\otmane\Desktop\Dossier préfecture
[2015/09/19 10:49:25 | 000,000,000 | ---D | C] -- C:\Users\otmane\AppData\Local\CEF
[2015/09/13 22:03:55 | 000,000,000 | ---D | C] -- C:\Users\otmane\Desktop\Liste location 2
[2015/09/08 14:37:27 | 000,000,000 | ---D | C] -- C:\Users\otmane\Desktop\liste location
[2015/09/03 10:11:01 | 000,000,000 | ---D | C] -- C:\Users\otmane\Desktop\Dossier Bourse Maroc
[8 C:\Users\otmane\Desktop\*.tmp files -> C:\Users\otmane\Desktop\*.tmp -> ]
[1 C:\Users\otmane\AppData\Local\*.tmp files -> C:\Users\otmane\AppData\Local\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2015/10/31 18:11:19 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/10/31 18:00:18 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-3668860765-396180957-4125280876-1000UA.job
[2015/10/31 17:43:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\otmane\Desktop\OTL.exe
[2015/10/31 17:37:08 | 001,862,752 | ---- | M] () -- C:\Users\otmane\Desktop\ZHPDiag3.exe
[2015/10/31 17:12:30 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3668860765-396180957-4125280876-1000UA.job
[2015/10/31 16:59:25 | 000,098,520 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2015/10/31 15:48:25 | 000,026,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/10/31 15:48:25 | 000,026,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/10/31 15:37:27 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/10/31 15:36:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/10/31 15:36:54 | 1554,198,528 | -HS- | M] () -- C:\hiberfil.sys
[2015/10/29 11:12:01 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3668860765-396180957-4125280876-1000Core.job
[2015/10/29 11:00:04 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-3668860765-396180957-4125280876-1000Core.job
[2015/10/29 09:35:53 | 000,816,804 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2015/10/29 09:35:53 | 000,723,522 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2015/10/29 09:35:53 | 000,176,508 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2015/10/29 09:35:53 | 000,148,424 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2015/10/18 11:34:52 | 000,002,185 | ---- | M] () -- C:\Users\otmane\Desktop\Google Chrome.lnk
[2015/10/18 11:34:52 | 000,002,124 | ---- | M] () -- C:\Users\otmane\Application Data\Microsoft\Internet Explorer\Quick Launch\chrome.LNK
[2015/10/18 11:34:52 | 000,001,940 | ---- | M] () -- C:\Users\otmane\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.LNK
[2015/10/18 11:34:52 | 000,001,911 | ---- | M] () -- C:\Users\otmane\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.LNK
[2015/10/18 11:34:52 | 000,001,902 | ---- | M] () -- C:\Users\otmane\Desktop\Internet Explorer.lnk
[2015/10/18 11:34:52 | 000,001,873 | ---- | M] () -- C:\Users\otmane\Desktop\Mozilla Firefox.lnk
[2015/10/18 11:34:52 | 000,000,705 | ---- | M] () -- C:\Users\otmane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\C-cleaner.lnk
[2015/10/17 21:16:09 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2015/10/15 08:19:03 | 000,002,183 | ---- | M] () -- C:\Users\otmane\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2015/10/14 16:03:04 | 000,000,925 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2015/10/14 15:55:39 | 000,000,000 | ---- | M] () -- C:\Windows\HPMProp.INI
[2015/10/12 12:17:10 | 000,141,483 | ---- | M] () -- C:\Users\otmane\Desktop\lettre d'opposition.pdf
[2015/10/08 18:55:45 | 000,000,002 | ---- | M] () -- C:\END
[2015/10/08 18:54:46 | 000,010,488 | ---- | M] () -- C:\Windows\System32\acengineOff.ini
[2015/10/08 18:47:55 | 000,495,680 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2015/10/07 23:05:46 | 000,000,615 | ---- | M] () -- C:\Users\otmane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VideoLAN.lnk
[2015/10/07 23:04:44 | 000,001,174 | ---- | M] () -- C:\Users\Public\Desktop\Connectify Hotspot 2015.lnk
[2015/10/07 23:04:20 | 000,000,272 | ---- | M] () -- C:\Users\otmane\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2015/10/07 23:04:19 | 000,000,973 | ---- | M] () -- C:\Users\otmane\Application Data\Microsoft\Internet Explorer\Quick Launch\SPlayer.lnk
[2015/10/07 23:04:18 | 000,002,171 | ---- | M] () -- C:\Users\otmane\Application Data\Microsoft\Internet Explorer\Quick Launch\SolidWorks eDrawings 2010.lnk
[2015/10/07 23:04:18 | 000,000,973 | ---- | M] () -- C:\Users\otmane\Application Data\Microsoft\Internet Explorer\Quick Launch\SPlayer(Home Theater).lnk
[2015/10/07 23:04:17 | 000,002,611 | ---- | M] () -- C:\Users\otmane\Application Data\Microsoft\Internet Explorer\Quick Launch\SolidWorks 2010.lnk
[2015/10/07 23:04:17 | 000,000,290 | ---- | M] () -- C:\Users\otmane\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2015/10/07 23:04:16 | 000,001,967 | ---- | M] () -- C:\Users\otmane\Application Data\Microsoft\Internet Explorer\Quick Launch\MSDict.lnk
[2015/10/07 23:04:16 | 000,001,088 | ---- | M] () -- C:\Users\otmane\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2015/10/07 23:04:15 | 000,001,383 | ---- | M] () -- C:\Users\otmane\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2015/10/07 23:04:14 | 000,001,212 | ---- | M] () -- C:\Users\otmane\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2015/10/07 20:43:14 | 000,000,004 | ---- | M] () -- C:\Windows\System32\029B560A371F4E00AB32838EBC01B9E7
[2015/10/07 19:42:54 | 000,000,102 | ---- | M] () -- C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
[2015/10/06 23:19:07 | 000,000,000 | ---- | M] () -- C:\Windows\gyu.exe
[2015/10/06 22:45:17 | 000,002,588 | ---- | M] () -- C:\Windows\System32\${LOGFILE}
[2015/10/06 22:21:07 | 000,631,808 | ---- | M] () -- C:\Windows\gyu.dat
[2015/10/06 17:48:29 | 000,000,507 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2015/10/05 21:55:25 | 000,070,947 | ---- | M] () -- C:\Users\otmane\Desktop\DOSSIER CAF.pdf
[2015/10/05 21:47:12 | 000,141,527 | ---- | M] () -- C:\Users\otmane\Desktop\AfficheResultatsPrimoDemandeur.pdf
[2015/10/01 18:50:53 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setbcdlocale.dll
[2015/10/01 18:50:35 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\appidapi.dll
[2015/10/01 18:50:00 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\appidpolicyconverter.exe
[2015/10/01 18:50:00 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\appidcertstorecheck.exe
[2015/09/29 04:05:01 | 003,990,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2015/09/29 04:05:01 | 003,936,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2015/09/29 03:59:16 | 000,400,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2015/09/29 03:58:57 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2015/09/29 03:58:33 | 000,262,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2015/09/29 03:58:05 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\auditpol.exe
[2015/09/29 03:53:44 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msobjs.dll
[2015/09/29 03:53:28 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msaudite.dll
[2015/09/29 03:49:51 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apisetschema.dll
[2015/09/29 03:49:50 | 000,686,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2015/09/27 14:10:15 | 001,934,006 | ---- | M] () -- C:\Users\otmane\Desktop\Courir à compiègne 2014.pdf
[2015/09/25 18:59:08 | 002,955,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2015/09/25 18:59:08 | 000,566,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2015/09/25 18:59:08 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2015/09/25 18:59:08 | 000,093,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2015/09/25 18:59:08 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2015/09/25 18:59:08 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2015/09/25 18:58:42 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WinSetupUI.dll
[2015/09/25 18:58:29 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wu.upgrade.ps.dll
[2015/09/25 18:58:25 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2015/09/22 22:37:44 | 000,237,329 | ---- | M] () -- C:\Users\otmane\Desktop\bulletins.zip
[2015/09/21 11:15:27 | 000,036,520 | ---- | M] (Connectify) -- C:\Windows\System32\drivers\cnnctfy3.sys
[2015/09/18 19:58:30 | 000,345,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2015/09/18 18:47:06 | 000,023,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CompatTelRunner.exe
[2015/09/18 18:44:35 | 000,587,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\invagent.dll
[2015/09/18 18:44:34 | 000,615,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\generaltel.dll
[2015/09/18 18:44:30 | 000,423,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devinv.dll
[2015/09/18 18:44:27 | 001,120,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\appraiser.dll
[2015/09/18 18:44:26 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\acmigration.dll
[2015/09/18 18:35:49 | 000,999,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2015/09/18 17:34:26 | 000,047,745 | ---- | M] () -- C:\Users\otmane\Desktop\IR-Avis-1-2014.pdf
[2015/09/17 10:13:42 | 000,112,891 | ---- | M] () -- C:\Users\otmane\Desktop\SMENO-MRH-ETUD.-II-15-60302.pdf
[2015/09/17 09:57:04 | 000,125,255 | ---- | M] () -- C:\Users\otmane\Desktop\LAHYAOUI-9060-20150915 (1).pdf
[2015/09/16 04:45:19 | 002,724,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2015/09/16 04:45:09 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2015/09/16 04:33:07 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2015/09/16 04:32:33 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2015/09/16 04:32:24 | 000,341,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2015/09/16 04:31:57 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2015/09/16 04:26:43 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2015/09/16 04:26:08 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2015/09/16 04:24:24 | 000,480,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2015/09/16 04:23:07 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2015/09/16 04:23:01 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2015/09/16 04:22:43 | 000,620,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2015/09/16 04:18:00 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2015/09/16 04:15:24 | 000,416,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2015/09/16 04:10:46 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2015/09/16 04:07:58 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2015/09/16 04:05:52 | 000,279,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2015/09/16 04:05:51 | 004,527,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2015/09/16 03:56:32 | 000,686,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2015/09/16 03:56:30 | 000,689,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2015/09/16 03:55:49 | 001,155,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2015/09/16 03:55:45 | 002,052,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2015/09/16 03:32:37 | 000,710,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2015/09/15 18:36:40 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2015/09/15 18:36:35 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2015/09/14 21:54:40 | 008,935,222 | ---- | M] () -- C:\Users\otmane\Desktop\Liste location 2.rar
[2015/09/13 22:33:23 | 002,132,073 | ---- | M] () -- C:\Users\otmane\Desktop\liste location.rar
[2015/09/10 15:51:56 | 000,359,523 | ---- | M] () -- C:\Users\otmane\Desktop\attestation utc.PDF
[2015/09/08 22:03:14 | 000,000,000 | ---- | M] () -- C:\Users\otmane\AppData\Local\{562E126F-04FE-4FE6-9C91-BC0D5DF538B8}
[2015/09/03 04:17:42 | 000,269,832 | ---- | M] (Abengine) -- C:\Windows\System32\acengine.dll
[2015/09/02 03:48:31 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2015/09/02 03:48:28 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2015/09/02 03:48:25 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2015/09/02 02:36:35 | 002,384,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2015/09/02 02:33:48 | 000,299,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[8 C:\Users\otmane\Desktop\*.tmp files -> C:\Users\otmane\Desktop\*.tmp -> ]
[1 C:\Users\otmane\AppData\Local\*.tmp files -> C:\Users\otmane\AppData\Local\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2015/10/31 17:41:33 | 001,862,752 | ---- | C] () -- C:\Users\otmane\Desktop\ZHPDiag3.exe
[2015/10/18 11:34:42 | 000,001,911 | ---- | C] () -- C:\Users\otmane\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.LNK
[2015/10/18 11:34:42 | 000,001,873 | ---- | C] () -- C:\Users\otmane\Desktop\Mozilla Firefox.lnk
[2015/10/17 21:16:09 | 000,001,077 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2015/10/17 21:16:09 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2015/10/14 16:03:04 | 000,000,925 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2015/10/14 15:55:39 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2015/10/12 12:15:34 | 000,141,483 | ---- | C] () -- C:\Users\otmane\Desktop\lettre d'opposition.pdf
[2015/10/08 18:54:24 | 000,010,488 | ---- | C] () -- C:\Windows\System32\acengineOff.ini
[2015/10/08 08:25:46 | 000,002,185 | ---- | C] () -- C:\Users\otmane\Desktop\Google Chrome.lnk
[2015/10/07 17:59:10 | 000,000,102 | ---- | C] () -- C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
[2015/10/07 08:17:25 | 000,002,183 | ---- | C] () -- C:\Users\otmane\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2015/10/07 08:17:24 | 000,002,124 | ---- | C] () -- C:\Users\otmane\Application Data\Microsoft\Internet Explorer\Quick Launch\chrome.LNK
[2015/10/06 23:14:55 | 000,000,000 | ---- | C] () -- C:\Windows\gyu.exe
[2015/10/06 22:21:05 | 000,631,808 | ---- | C] () -- C:\Windows\gyu.dat
[2015/10/06 22:06:09 | 000,000,002 | ---- | C] () -- C:\END
[2015/10/05 21:55:25 | 000,070,947 | ---- | C] () -- C:\Users\otmane\Desktop\DOSSIER CAF.pdf
[2015/10/05 21:47:10 | 000,141,527 | ---- | C] () -- C:\Users\otmane\Desktop\AfficheResultatsPrimoDemandeur.pdf
[2015/09/27 14:10:33 | 001,934,006 | ---- | C] () -- C:\Users\otmane\Desktop\Courir à compiègne 2014.pdf
[2015/09/22 22:37:37 | 000,237,329 | ---- | C] () -- C:\Users\otmane\Desktop\bulletins.zip
[2015/09/21 11:20:11 | 000,001,174 | ---- | C] () -- C:\Users\Public\Desktop\Connectify Hotspot 2015.lnk
[2015/09/19 14:45:50 | 000,047,745 | ---- | C] () -- C:\Users\otmane\Desktop\IR-Avis-1-2014.pdf
[2015/09/17 10:15:13 | 000,112,891 | ---- | C] () -- C:\Users\otmane\Desktop\SMENO-MRH-ETUD.-II-15-60302.pdf
[2015/09/17 09:57:30 | 000,125,255 | ---- | C] () -- C:\Users\otmane\Desktop\LAHYAOUI-9060-20150915 (1).pdf
[2015/09/14 21:54:37 | 008,935,222 | ---- | C] () -- C:\Users\otmane\Desktop\Liste location 2.rar
[2015/09/10 15:55:30 | 000,359,523 | ---- | C] () -- C:\Users\otmane\Desktop\attestation utc.PDF
[2015/09/10 11:51:08 | 002,132,073 | ---- | C] () -- C:\Users\otmane\Desktop\liste location.rar
[2015/09/08 22:03:14 | 000,000,000 | ---- | C] () -- C:\Users\otmane\AppData\Local\{562E126F-04FE-4FE6-9C91-BC0D5DF538B8}
[2015/08/01 17:56:25 | 000,000,496 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2015/08/01 16:38:08 | 000,000,000 | ---- | C] () -- C:\Windows\prleth.sys
[2015/08/01 16:38:08 | 000,000,000 | ---- | C] () -- C:\Windows\hgfs.sys
[2014/12/23 00:28:31 | 000,516,608 | ---- | C] () -- C:\Users\otmane\AppData\Local\upd42912833.exe
[2014/12/04 18:26:45 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2014/12/04 18:26:41 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe
[2014/12/04 18:26:40 | 000,001,786 | ---- | C] () -- C:\Windows\unins000.dat
[2014/12/02 23:28:47 | 000,000,010 | ---- | C] () -- C:\Users\otmane\AppData\Local\DSI.DAT
[2014/11/10 15:59:37 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2014/10/11 22:13:37 | 000,000,168 | ---- | C] () -- C:\Windows\adidsl.ini
[2014/10/11 22:13:37 | 000,000,021 | ---- | C] () -- C:\Windows\Fast800.ini
[2014/10/11 22:13:06 | 000,253,008 | ---- | C] () -- C:\Windows\adirasx64.exe
[2014/10/11 22:13:06 | 000,194,128 | ---- | C] () -- C:\Windows\adiras.exe
[2014/10/11 22:13:03 | 000,127,456 | ---- | C] () -- C:\Windows\System32\IPDETECT.EXE
[2014/10/11 22:12:55 | 000,152,126 | ---- | C] () -- C:\Windows\System32\drivers\L1E9P2.BIN
[2014/10/11 22:12:54 | 000,024,576 | ---- | C] () -- C:\Windows\enddisk32.exe
[2014/10/11 22:12:52 | 000,152,308 | ---- | C] () -- C:\Windows\System32\drivers\L1E4I2.BIN
[2014/10/11 22:12:52 | 000,152,306 | ---- | C] () -- C:\Windows\System32\drivers\L1E4I1.BIN
[2014/10/11 22:12:52 | 000,152,306 | ---- | C] () -- C:\Windows\System32\drivers\L1E4I0.BIN
[2014/10/11 22:12:52 | 000,152,146 | ---- | C] () -- C:\Windows\System32\drivers\L1E4P2.BIN
[2014/10/11 22:12:52 | 000,152,145 | ---- | C] () -- C:\Windows\System32\drivers\L1E4P1.BIN
[2014/10/11 22:12:52 | 000,152,145 | ---- | C] () -- C:\Windows\System32\drivers\L1E4P0.BIN
[2014/10/11 22:12:52 | 000,152,126 | ---- | C] () -- C:\Windows\System32\drivers\L1E9P1.BIN
[2014/10/11 22:12:52 | 000,152,126 | ---- | C] () -- C:\Windows\System32\drivers\L1E9P0.BIN
[2014/10/11 22:12:52 | 000,152,126 | ---- | C] () -- C:\Windows\System32\drivers\L1E9I2.BIN
[2014/10/11 22:12:52 | 000,152,126 | ---- | C] () -- C:\Windows\System32\drivers\L1E9I1.BIN
[2014/10/11 22:12:52 | 000,152,126 | ---- | C] () -- C:\Windows\System32\drivers\L1E9I0.BIN
[2014/10/11 22:12:52 | 000,152,036 | ---- | C] () -- C:\Windows\System32\drivers\L1E4D2.BIN
[2014/10/11 22:12:52 | 000,152,034 | ---- | C] () -- C:\Windows\System32\drivers\L1E4D1.BIN
[2014/10/11 22:12:52 | 000,152,034 | ---- | C] () -- C:\Windows\System32\drivers\L1E4D0.BIN
[2014/10/11 22:12:52 | 000,046,892 | ---- | C] () -- C:\Windows\System32\ADADIX16.DLL
[2014/10/11 22:12:52 | 000,022,395 | ---- | C] () -- C:\Windows\System32\drivers\fpga.bin
[2014/08/05 10:03:22 | 000,001,184 | ---- | C] () -- C:\Users\otmane\AppData\Roaming\aps.scan.quick.results
[2014/08/05 10:03:22 | 000,000,314 | ---- | C] () -- C:\Users\otmane\AppData\Roaming\aps.uninstall.scan.results
[2014/08/05 10:03:22 | 000,000,000 | ---- | C] () -- C:\Users\otmane\AppData\Roaming\aps.scan.results
[2014/07/11 13:40:05 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2014/02/08 22:27:10 | 000,000,218 | ---- | C] () -- C:\Users\otmane\AppData\Local\recently-used.xbel
[2013/12/29 16:34:22 | 000,000,181 | ---- | C] () -- C:\Users\otmane\AppData\Roaming\WB.CFG
[2013/02/07 22:34:14 | 000,007,001 | ---- | C] () -- C:\Users\otmane\abaqus_v6.12.gpr
[2012/08/30 15:42:22 | 000,001,051 | ---- | C] () -- C:\Users\otmane\Vidéos - Raccourci.lnk
[2012/08/06 01:23:54 | 000,000,101 | ---- | C] () -- C:\Users\otmane\config.pro
[2012/04/16 21:06:33 | 000,000,048 | ---- | C] () -- C:\Users\otmane\AppData\Roaming\msdreg.dat
[2012/04/01 01:12:41 | 000,000,000 | ---- | C] () -- C:\ProgramData\4ab29b6ce21b6e7d57fadf6c43619532_c

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/08/06 18:44:51 | 012,875,776 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== LOP Check ==========[/color]

[2012/08/06 01:11:56 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\Ansys
[2014/08/05 10:03:16 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\ap_logs
[2012/10/20 16:59:12 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\Babylon
[2015/08/01 16:25:48 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\Canneverbe_Limited
[2014/12/04 18:26:52 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\CDXReader
[2012/07/22 20:05:31 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\DassaultSystemes
[2013/09/27 20:51:16 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\deluge
[2012/10/20 16:58:48 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\Design Science
[2015/01/16 16:58:13 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\DigitalSites
[2015/01/12 18:51:21 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\DMCache
[2013/03/07 23:43:48 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\Downloaded Installations
[2015/01/12 19:09:17 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\Dropbox
[2013/11/24 22:16:31 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\FDRLab
[2013/03/07 23:55:07 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\FileOpen
[2013/10/11 22:10:43 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\FileZilla
[2012/03/31 19:14:07 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\Foxit
[2012/12/29 23:19:26 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\Foxit Software
[2014/07/11 13:41:45 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\FreeAudioPack
[2013/02/13 20:03:48 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\GoforFiles
[2012/05/25 19:59:55 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\Graphe Easy
[2015/10/14 16:20:11 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\IDM
[2015/01/12 19:04:46 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\IM
[2014/12/04 18:26:59 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\LavFilters
[2012/04/16 21:06:32 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\MSDict
[2012/07/11 17:08:52 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\MusicNet
[2013/03/16 13:27:28 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\Nitro
[2014/02/06 21:11:16 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\Nitro PDF
[2013/03/04 00:26:00 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\Notepad++
[2014/02/08 22:18:09 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\OfferBox
[2015/10/07 08:44:33 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\Opera Software
[2014/08/01 16:11:08 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\PhotoFiltre 7
[2012/11/08 00:34:00 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\rdm6
[2015/10/07 19:41:50 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\RunDir
[2012/03/31 22:19:59 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\SPlayer
[2015/10/31 15:44:28 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\Spotify
[2015/10/07 10:09:28 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\Store
[2014/11/11 11:30:11 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\Synaptics
[2015/10/07 20:24:45 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\systweak
[2013/04/07 00:21:09 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\Unigraphics Solutions
[2013/04/05 21:21:06 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\Windows Live Writer
[2015/10/07 22:18:09 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\Windows Loader
[2015/10/07 10:34:29 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\WTools
[2014/09/29 11:52:24 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\Xerox

[color=#E56717]========== Purity Check ==========[/color]

[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]

[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]

[color=#A23BEC]< %APPDATA%\*. >[/color]
[2012/10/18 23:29:51 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\Adobe
[2012/08/06 01:11:56 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\Ansys
[2012/07/24 19:48:33 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\Apple Computer
[2014/08/05 10:03:16 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\ap_logs
[2012/10/20 16:59:12 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\Babylon
[2015/08/01 16:25:48 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\Canneverbe_Limited
[2014/12/04 18:26:52 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\CDXReader
[2012/07/22 20:05:31 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\DassaultSystemes
[2013/09/27 20:51:16 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\deluge
[2012/10/20 16:58:48 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\Design Science
[2015/01/16 16:58:13 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\DigitalSites
[2015/01/14 21:51:38 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\DivX
[2015/01/12 18:51:21 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\DMCache
[2013/03/07 23:43:48 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\Downloaded Installations
[2015/01/12 19:09:17 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\Dropbox
[2013/11/24 22:16:31 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\FDRLab
[2013/03/07 23:55:07 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\FileOpen
[2013/10/11 22:10:43 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\FileZilla
[2012/03/31 19:14:07 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\Foxit
[2012/12/29 23:19:26 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\Foxit Software
[2014/07/11 13:41:45 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\FreeAudioPack
[2013/02/13 20:03:48 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\GoforFiles
[2012/05/25 19:59:55 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\Graphe Easy
[2015/01/09 16:15:11 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\Identities
[2015/10/14 16:20:11 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\IDM
[2015/01/12 19:04:46 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\IM
[2014/10/11 22:12:22 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\InstallShield
[2014/12/04 18:26:59 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\LavFilters
[2012/03/31 22:05:25 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\Macromedia
[2012/04/28 16:30:22 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\MathWorks
[2009/07/14 08:48:45 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\Media Center Programs
[2015/10/07 12:17:47 | 000,000,000 | --SD | M] -- C:\Users\otmane\AppData\Roaming\Microsoft
[2014/11/16 16:45:50 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\Mozilla
[2012/04/16 21:06:32 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\MSDict
[2012/07/11 17:08:52 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\MusicNet
[2013/03/16 13:27:28 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\Nitro
[2014/02/06 21:11:16 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\Nitro PDF
[2013/03/04 00:26:00 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\Notepad++
[2014/02/08 22:18:09 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\OfferBox
[2015/10/07 08:44:33 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\Opera Software
[2014/08/01 16:11:08 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\PhotoFiltre 7
[2012/11/08 00:34:00 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\rdm6
[2015/10/07 19:41:50 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\RunDir
[2015/10/24 20:27:11 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\Skype
[2014/11/16 20:27:57 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\SolidWorks
[2012/03/31 22:19:59 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\SPlayer
[2015/10/31 15:44:28 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\Spotify
[2015/10/07 10:09:28 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\Store
[2014/11/11 11:30:11 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\Synaptics
[2015/10/07 20:24:45 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\systweak
[2013/04/07 00:21:09 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\Unigraphics Solutions
[2015/06/30 22:53:29 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\vlc
[2013/04/05 21:21:06 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\Windows Live Writer
[2015/10/07 22:18:09 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\Windows Loader
[2012/03/31 20:23:53 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\WinRAR
[2015/10/07 10:34:29 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\WTools
[2014/09/29 11:52:24 | 000,000,000 | ---D | M] -- C:\Users\otmane\AppData\Roaming\Xerox

[color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
[2014/12/09 04:45:28 | 039,207,112 | ---- | M] (Dropbox, Inc.) -- C:\Users\otmane\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2014/12/09 04:49:18 | 000,262,160 | ---- | M] (Dropbox, Inc.) -- C:\Users\otmane\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
[2014/12/09 04:45:30 | 000,225,240 | ---- | M] (Dropbox, Inc.) -- C:\Users\otmane\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2014/02/01 23:57:50 | 000,071,894 | R--- | M] () -- C:\Users\otmane\AppData\Roaming\Microsoft\Installer\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}\GPUploader.exe
[2015/07/21 08:59:54 | 000,297,240 | ---- | M] () -- C:\Users\otmane\AppData\Roaming\RunDir\temp\autoupdate.exe
[2015/07/21 10:06:36 | 000,265,160 | ---- | M] () -- C:\Users\otmane\AppData\Roaming\RunDir\temp\execute.exe
[2015/10/19 17:48:41 | 007,736,128 | ---- | M] (Spotify Ltd) -- C:\Users\otmane\AppData\Roaming\Spotify\Spotify.exe
[2015/10/19 17:48:41 | 000,840,512 | ---- | M] (Spotify Ltd) -- C:\Users\otmane\AppData\Roaming\Spotify\SpotifyCrashService.exe
[2015/10/19 17:48:42 | 000,183,104 | ---- | M] (Spotify Ltd) -- C:\Users\otmane\AppData\Roaming\Spotify\SpotifyLauncher.exe
[2015/10/19 17:48:42 | 002,030,912 | ---- | M] (Spotify Ltd) -- C:\Users\otmane\AppData\Roaming\Spotify\SpotifyWebHelper.exe
[2015/10/19 17:49:18 | 000,073,024 | ---- | M] () -- C:\Users\otmane\AppData\Roaming\Spotify\wow_helper.exe

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]

[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

[color=#A23BEC]< MD5 for: ALG.EXE >[/color]
[2009/07/14 02:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) MD5=18A54E132947CD98FEA9ACCC57F98F13 -- C:\Windows\System32\alg.exe
[2009/07/14 02:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) MD5=18A54E132947CD98FEA9ACCC57F98F13 -- C:\Windows\winsxs\x86_microsoft-windows-alg_31bf3856ad364e35_6.1.7600.16385_none_a8bfa843bc721ead\alg.exe

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_a5025d31bee4647c\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_df26d4d57fdef5b0\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_dfc9143c98e9a6c4\atapi.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2009/07/14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys
[2010/11/20 09:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\drivers\cdrom.sys
[2010/11/20 09:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
[2010/11/20 09:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys

[color=#A23BEC]< MD5 for: CNGAUDIT.DLL >[/color]
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[color=#A23BEC]< MD5 for: CSRSS.EXE >[/color]
[2009/07/14 02:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\System32\csrss.exe
[2009/07/14 02:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_58ba39fb456943bd\csrss.exe

[color=#A23BEC]< MD5 for: CTFMON.EXE >[/color]
[2009/07/14 02:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4A3CDCEF8ED41B221F3DBEF5792FB52D -- C:\Windows\System32\ctfmon.exe
[2009/07/14 02:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4A3CDCEF8ED41B221F3DBEF5792FB52D -- C:\Windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe

[color=#A23BEC]< MD5 for: DISK.SYS >[/color]
[2009/07/14 02:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\drivers\disk.sys
[2009/07/14 02:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_x86_neutral_b431b61a11f8df6c\disk.sys
[2009/07/14 02:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_f99cd807d58018cb\disk.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2010/01/26 23:29:28 | 000,028,797 | ---- | M] () MD5=4571E750E4A920D773511F50A2E62A20 -- C:\Program Files\MATLAB\R2010b\sys\perl\win32\lib\auto\Win32\EventLog\EventLog.dll

[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

[color=#A23BEC]< MD5 for: I8042PRT.SYS >[/color]
[2009/07/14 00:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- C:\Windows\System32\drivers\i8042prt.sys
[2009/07/14 00:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_x86_neutral_50ad659974198591\i8042prt.sys
[2009/07/14 00:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_x86_neutral_7a9084e0177406eb\i8042prt.sys
[2009/07/14 00:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.1.7600.16385_none_9724c3fc3a4c81ef\i8042prt.sys
[2009/07/14 00:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_9955d7c4373b0589\i8042prt.sys
[2009/07/14 00:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_4e0a61a033aec8c3\i8042prt.sys

[color=#A23BEC]< MD5 for: IASTORV.SYS >[/color]
[2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011/03/11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011/03/11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys

[color=#A23BEC]< MD5 for: INTELIDE.SYS >[/color]
[2009/07/14 02:20:36 | 000,015,424 | ---- | M] (Microsoft Corporation) MD5=A0F12F2C9BA6C72F3987CE780E77C130 -- C:\Windows\System32\drivers\intelide.sys
[2009/07/14 02:20:36 | 000,015,424 | ---- | M] (Microsoft Corporation) MD5=A0F12F2C9BA6C72F3987CE780E77C130 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_a5025d31bee4647c\intelide.sys
[2009/07/14 02:20:36 | 000,015,424 | ---- | M] (Microsoft Corporation) MD5=A0F12F2C9BA6C72F3987CE780E77C130 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\intelide.sys
[2009/07/14 02:20:36 | 000,015,424 | ---- | M] (Microsoft Corporation) MD5=A0F12F2C9BA6C72F3987CE780E77C130 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\intelide.sys
[2009/07/14 02:20:36 | 000,015,424 | ---- | M] (Microsoft Corporation) MD5=A0F12F2C9BA6C72F3987CE780E77C130 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\intelide.sys
[2009/07/14 02:20:36 | 000,015,424 | ---- | M] (Microsoft Corporation) MD5=A0F12F2C9BA6C72F3987CE780E77C130 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_df26d4d57fdef5b0\intelide.sys
[2009/07/14 02:20:36 | 000,015,424 | ---- | M] (Microsoft Corporation) MD5=A0F12F2C9BA6C72F3987CE780E77C130 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_dfc9143c98e9a6c4\intelide.sys

[color=#A23BEC]< MD5 for: MOUNTMGR.SYS >[/color]
[2015/07/15 18:54:17 | 000,078,784 | ---- | M] (Microsoft Corporation) MD5=2F3DFD64D97830B5F00D2BFC4AC1445F -- C:\Windows\winsxs\x86_microsoft-windows-mountpointmanager_31bf3856ad364e35_6.1.7601.23136_none_f515552a7e742878\mountmgr.sys
[2015/02/03 04:16:30 | 000,078,784 | ---- | M] (Microsoft Corporation) MD5=644905A19D0F37F2233DFCE53BC4BC19 -- C:\Windows\winsxs\x86_microsoft-windows-mountpointmanager_31bf3856ad364e35_6.1.7601.18741_none_f47c0b136562f85c\mountmgr.sys
[2009/07/14 02:20:44 | 000,078,416 | ---- | M] (Microsoft Corporation) MD5=921C18727C5920D6C0300736646931C2 -- C:\Windows\winsxs\x86_microsoft-windows-mountpointmanager_31bf3856ad364e35_6.1.7600.16385_none_f26e7ae968595905\mountmgr.sys
[2015/02/03 04:38:15 | 000,078,784 | ---- | M] (Microsoft Corporation) MD5=B4867EA6A6BC23EBE4DB0839ED3E3DC2 -- C:\Windows\winsxs\x86_microsoft-windows-mountpointmanager_31bf3856ad364e35_6.1.7601.22948_none_f50cabca7e7a46ae\mountmgr.sys
[2015/07/15 18:59:44 | 000,078,784 | ---- | M] (Microsoft Corporation) MD5=BAD9C0366134BA181514E9263C8CE606 -- C:\Windows\System32\drivers\mountmgr.sys
[2015/07/15 18:59:44 | 000,078,784 | ---- | M] (Microsoft Corporation) MD5=BAD9C0366134BA181514E9263C8CE606 -- C:\Windows\winsxs\x86_microsoft-windows-mountpointmanager_31bf3856ad364e35_6.1.7601.18933_none_f488df5f65590967\mountmgr.sys
[2010/11/20 13:30:00 | 000,078,208 | ---- | M] (Microsoft Corporation) MD5=FC8771F45ECCCFD89684E38842539B9B -- C:\Windows\winsxs\x86_microsoft-windows-mountpointmanager_31bf3856ad364e35_6.1.7601.17514_none_f49f8eb16547dc9f\mountmgr.sys

[color=#A23BEC]< MD5 for: MRXSMB.SYS >[/color]
[2015/07/15 02:47:39 | 000,124,928 | ---- | M] (Microsoft Corporation) MD5=000C1EEF05D422A76E57E84736EF25F0 -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.23126_none_82196d85c883b816\mrxsmb.sys
[2015/07/01 20:18:29 | 000,124,416 | ---- | M] (Microsoft Corporation) MD5=01C5B803F6E1FDF8F16F0763DA9B997D -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.18912_none_8196c75caf6163bd\mrxsmb.sys
[2015/09/29 02:43:10 | 000,124,416 | ---- | M] (Microsoft Corporation) MD5=249FE98BD066894910A32DD53C8C5D16 -- C:\Windows\System32\drivers\mrxsmb.sys
[2015/09/29 02:43:10 | 000,124,416 | ---- | M] (Microsoft Corporation) MD5=249FE98BD066894910A32DD53C8C5D16 -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.19018_none_819ca13aaf5c2f09\mrxsmb.sys
[2015/10/01 17:33:42 | 000,124,928 | ---- | M] (Microsoft Corporation) MD5=27CA5A47023AE986A16CDD7A0AAD7093 -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.23226_none_82196f6bc883b53d\mrxsmb.sys
[2011/04/27 03:15:30 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=39A8FF477B3F5D0EDFE814155841C735 -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.21714_none_822275d1c87d251f\mrxsmb.sys
[2015/06/27 17:36:53 | 000,124,928 | ---- | M] (Microsoft Corporation) MD5=40060C3F325133CF0B7244A20706D61B -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.23112_none_82203c49c87f36c9\mrxsmb.sys
[2011/04/27 03:17:22 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=5D16C921E3671636C0EBA3BBAAC5FD25 -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.17605_none_81a4a93caf5682bb\mrxsmb.sys
[2011/02/23 04:37:32 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=5DC06CEB9AA4B65E724376766EB410AB -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.20907_none_8049e995cb4be947\mrxsmb.sys
[2015/08/04 17:45:44 | 000,124,928 | ---- | M] (Microsoft Corporation) MD5=5FD8FE8A4F26A48ABC023B738F853E87 -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.23153_none_81f5fce3c89ebfe4\mrxsmb.sys
[2015/07/15 17:35:53 | 000,124,928 | ---- | M] (Microsoft Corporation) MD5=688E0D9C2F56F4A6C7156F067D43D2FD -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.23136_none_820e9d99c88bd407\mrxsmb.sys
[2015/07/15 02:46:05 | 000,124,416 | ---- | M] (Microsoft Corporation) MD5=7A97B5B6E04AB52FA53C8EA574913A04 -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.18923_none_818cf7baaf689905\mrxsmb.sys
[2015/07/22 21:18:34 | 000,124,928 | ---- | M] (Microsoft Corporation) MD5=8352BF69BECEF0E2F101B39AFBA764B1 -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.23142_none_81ffcc85c8978a9c\mrxsmb.sys
[2011/05/04 03:23:56 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=AE6248D356C6C1DE1623F0610B7FB0A3 -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.20959_none_8015da8dcb72a7aa\mrxsmb.sys
[2010/11/20 09:42:42 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=B272B4C3E085EA860C12F2E4FAF2FFA2 -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.17514_none_8198d720af5f882e\mrxsmb.sys
[2015/07/01 17:36:05 | 000,124,928 | ---- | M] (Microsoft Corporation) MD5=B379802B88B9F1E360E485099B4EB425 -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.23115_none_82233d27c87c82ce\mrxsmb.sys
[2011/02/23 06:05:31 | 000,123,392 | ---- | M] (Microsoft Corporation) MD5=B4C76EF46322A9711C7B0F4E21EF6EA5 -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.16765_none_7f7d6ac8b260c14e\mrxsmb.sys
[2015/07/22 17:33:45 | 000,124,416 | ---- | M] (Microsoft Corporation) MD5=BAF4E2BE25E8EDFDAA98AA17D92E3C35 -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.18939_none_8188298aaf6b4d00\mrxsmb.sys
[2015/09/28 17:35:15 | 000,124,928 | ---- | M] (Microsoft Corporation) MD5=C005DA60943770FBDF1984420AD28631 -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.23223_none_82166e8dc8866938\mrxsmb.sys
[2011/02/23 04:09:47 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=C76FD653DB8B90DA85EAD12B12FFFC9F -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.21666_none_81ee64e3c8a3e65b\mrxsmb.sys
[2011/05/04 03:43:41 | 000,123,392 | ---- | M] (Microsoft Corporation) MD5=CA7570E42522E24324A12161DB14EC02 -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.16808_none_7fc14d14b22d62d4\mrxsmb.sys
[2015/06/27 17:37:29 | 000,124,416 | ---- | M] (Microsoft Corporation) MD5=E8D313F401499D79298E1559CF44D18D -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.18909_none_81a8994eaf52f92d\mrxsmb.sys
[2011/02/23 05:47:36 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=ED3D3419B064F28D812995ED8CADC541 -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.17565_none_8163c7ceaf872d3a\mrxsmb.sys
[2009/07/14 00:14:26 | 000,123,392 | ---- | M] (Microsoft Corporation) MD5=F4A054BE78AF7F410129C4B64B07DC9B -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.16385_none_7f67c358b2710494\mrxsmb.sys
[2015/07/15 17:36:23 | 000,124,416 | ---- | M] (Microsoft Corporation) MD5=FEDAAB6716B44DE8B9EFC14DD9A26215 -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.18933_none_818227ceaf70b4f6\mrxsmb.sys

[color=#A23BEC]< MD5 for: MRXSMB10.SYS >[/color]
[2015/07/01 17:36:35 | 000,226,304 | ---- | M] (Microsoft Corporation) MD5=23E85EB20A3C0ECA1A1DCF337D0E22A7 -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.23115_none_8b365b7bc2cdc130\mrxsmb10.sys
[2015/07/15 02:47:54 | 000,226,304 | ---- | M] (Microsoft Corporation) MD5=2A67D41C8007F57A527CDFF7D8AEB0C3 -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.23126_none_8b2c8bd9c2d4f678\mrxsmb10.sys
[2015/07/22 17:34:18 | 000,225,792 | ---- | M] (Microsoft Corporation) MD5=300E85A19AFD4DF992AB6297C6E64CA1 -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.18939_none_8a9b47dea9bc8b62\mrxsmb10.sys
[2015/08/04 17:46:00 | 000,226,304 | ---- | M] (Microsoft Corporation) MD5=33760E8A56C6763A0F11F9CEECD747F3 -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.23153_none_8b091b37c2effe46\mrxsmb10.sys
[2011/02/23 04:37:48 | 000,222,208 | ---- | M] (Microsoft Corporation) MD5=383A8E2DBE6A3CE587B18AE00B77069C -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7600.20907_none_895d07e9c59d27a9\mrxsmb10.sys
[2015/07/22 21:19:05 | 000,226,304 | ---- | M] (Microsoft Corporation) MD5=4DBAC1277003F1DE0D7ECF8CB2B35B8F -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.23142_none_8b12ead9c2e8c8fe\mrxsmb10.sys
[2015/07/15 02:46:16 | 000,225,792 | ---- | M] (Microsoft Corporation) MD5=59C105984629EEF7B3B72B8235207575 -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.18923_none_8aa0160ea9b9d767\mrxsmb10.sys
[2015/09/28 17:35:40 | 000,226,304 | ---- | M] (Microsoft Corporation) MD5=60DE5932F96738F252CD051D9EE508D4 -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.23223_none_8b298ce1c2d7a79a\mrxsmb10.sys
[2011/07/09 03:30:00 | 000,223,744 | ---- | M] (Microsoft Corporation) MD5=6D17A4791ACA19328C685D256349FEFC -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.17647_none_8a8e8874a9c6638f\mrxsmb10.sys
[2011/07/09 03:20:52 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=6D8AB5E1EF631470014CB167C426A38F -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7600.21005_none_895adf77c59f283d\mrxsmb10.sys
[2015/07/15 17:36:44 | 000,225,792 | ---- | M] (Microsoft Corporation) MD5=77DD652AB8708CDB55FDB7073B868784 -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.18933_none_8a954622a9c1f358\mrxsmb10.sys
[2015/10/01 17:33:50 | 000,226,304 | ---- | M] (Microsoft Corporation) MD5=8804D6679CE7E6040B32421696CDF369 -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.23226_none_8b2c8dbfc2d4f39f\mrxsmb10.sys
[2010/11/20 09:44:18 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=9AC33EF26C8A3AD0F117D00EB7301D03 -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.17514_none_8aabf574a9b0c690\mrxsmb10.sys
[2011/07/09 04:15:40 | 000,223,744 | ---- | M] (Microsoft Corporation) MD5=AC8EB88C4176892062CF7A8952943662 -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.21767_none_8b028567c2f43b3b\mrxsmb10.sys
[2015/07/15 17:35:57 | 000,226,304 | ---- | M] (Microsoft Corporation) MD5=BEE5EA8E1F77925487774ECC9E680C0B -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.23136_none_8b21bbedc2dd1269\mrxsmb10.sys
[2015/07/01 20:18:39 | 000,225,792 | ---- | M] (Microsoft Corporation) MD5=C48A8284F018BEAAFC7A027A570D9C84 -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.18912_none_8aa9e5b0a9b2a21f\mrxsmb10.sys
[2015/06/27 17:37:28 | 000,226,304 | ---- | M] (Microsoft Corporation) MD5=CF9AAE55496E550D20A4FAD8E78DD246 -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.23112_none_8b335a9dc2d0752b\mrxsmb10.sys
[2015/06/27 17:38:06 | 000,225,792 | ---- | M] (Microsoft Corporation) MD5=D0AEE02BC9E7E966647841FEC2F018C4 -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.18909_none_8abbb7a2a9a4378f\mrxsmb10.sys
[2011/02/23 05:47:45 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=DC914446049169A964E27FD8888FFAEE -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.17565_none_8a76e622a9d86b9c\mrxsmb10.sys
[2009/07/14 00:14:37 | 000,221,184 | ---- | M] (Microsoft Corporation) MD5=DEFFA295BD1895C6ED8E3078412AC60B -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7600.16385_none_887ae1acacc242f6\mrxsmb10.sys
[2011/02/23 06:05:41 | 000,221,696 | ---- | M] (Microsoft Corporation) MD5=E593D45024A3FDD11E93CC4A6CA91101 -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7600.16765_none_8890891cacb1ffb0\mrxsmb10.sys
[2011/07/09 03:26:10 | 000,222,720 | ---- | M] (Microsoft Corporation) MD5=F965C3AB2B2AE5C378F4562486E35051 -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7600.16847_none_88a82b6eac9ff7a3\mrxsmb10.sys
[2015/09/29 02:43:28 | 000,225,792 | ---- | M] (Microsoft Corporation) MD5=F9DCC39B1F4797448213725BFE4A26AC -- C:\Windows\System32\drivers\mrxsmb10.sys
[2015/09/29 02:43:28 | 000,225,792 | ---- | M] (Microsoft Corporation) MD5=F9DCC39B1F4797448213725BFE4A26AC -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.19018_none_8aafbf8ea9ad6d6b\mrxsmb10.sys
[2011/02/23 04:10:01 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=FF9C1079052D007EF6650BD526437F08 -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.21666_none_8b018337c2f524bd\mrxsmb10.sys

[color=#A23BEC]< MD5 for: MRXSMB20.SYS >[/color]
[2011/05/04 03:23:59 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=05FCF029FB6915DF707222D3806C760A -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7600.20959_none_8b5f62f4041b197d\mrxsmb20.sys
[2015/08/04 17:45:55 | 000,098,304 | ---- | M] (Microsoft Corporation) MD5=0C99E149EAAED5FBB8811A38D7C600DE -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.23153_none_8d3f854a014731b7\mrxsmb20.sys
[2009/07/14 00:14:31 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=24D76ABE5DCAD22F19D105F76FDF0CE1 -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7600.16385_none_8ab14bbeeb197667\mrxsmb20.sys
[2011/05/04 03:43:48 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=25C38264A3C72594DD21D355D70D7A5D -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7600.16808_none_8b0ad57aead5d4a7\mrxsmb20.sys
[2015/07/15 17:35:52 | 000,098,304 | ---- | M] (Microsoft Corporation) MD5=27689A7AD30ADF2442CB66CE357C964A -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.23136_none_8d582600013445da\mrxsmb20.sys
[2015/10/01 17:33:41 | 000,098,304 | ---- | M] (Microsoft Corporation) MD5=2A5CC64208B4ED110F0D128A5A0A7ED0 -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.23226_none_8d62f7d2012c2710\mrxsmb20.sys
[2015/07/01 17:36:21 | 000,098,304 | ---- | M] (Microsoft Corporation) MD5=4A92DDE951F42360CAFC0AC27BECAF2B -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.23115_none_8d6cc58e0124f4a1\mrxsmb20.sys
[2015/07/15 17:36:23 | 000,098,304 | ---- | M] (Microsoft Corporation) MD5=4ACDB6414918D8920875B00B286E1FBC -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.18933_none_8ccbb034e81926c9\mrxsmb20.sys
[2015/07/15 02:47:39 | 000,098,304 | ---- | M] (Microsoft Corporation) MD5=4FDCF05ED0346C73D148129B7EAE81CE -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.23126_none_8d62f5ec012c29e9\mrxsmb20.sys
[2015/07/22 17:34:02 | 000,098,304 | ---- | M] (Microsoft Corporation) MD5=70EF9F86474BA28A6898228E1C9ABDCB -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.18939_none_8cd1b1f0e813bed3\mrxsmb20.sys
[2015/07/15 02:46:06 | 000,098,304 | ---- | M] (Microsoft Corporation) MD5=7AF31FE4FAAD7770919CF0D3E774D753 -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.18923_none_8cd68020e8110ad8\mrxsmb20.sys
[2011/02/23 04:09:55 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=86CF607351BF18DB7B0B3FE593F5791E -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.21666_none_8d37ed4a014c582e\mrxsmb20.sys
[2011/02/23 04:37:41 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=8C8081CAD5C46D0AFA483F2D26AA61EA -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7600.20907_none_8b9371fc03f45b1a\mrxsmb20.sys
[2011/04/27 03:15:40 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=94191E6C88850E7E8C6713B04FF01006 -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.21714_none_8d6bfe38012596f2\mrxsmb20.sys
[2011/02/23 06:05:35 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=A9F86C82C9CC3B679CC3957E1183A30F -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7600.16765_none_8ac6f32eeb093321\mrxsmb20.sys
[2015/07/22 21:18:56 | 000,098,304 | ---- | M] (Microsoft Corporation) MD5=B1E1F7BD817DEA33577C3A792D9687C6 -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.23142_none_8d4954ec013ffc6f\mrxsmb20.sys
[2015/09/29 02:43:11 | 000,098,304 | ---- | M] (Microsoft Corporation) MD5=B74DE20F28B634FFD5F5F2CAE9D4ABEE -- C:\Windows\System32\drivers\mrxsmb20.sys
[2015/09/29 02:43:11 | 000,098,304 | ---- | M] (Microsoft Corporation) MD5=B74DE20F28B634FFD5F5F2CAE9D4ABEE -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.19018_none_8ce629a0e804a0dc\mrxsmb20.sys
[2011/04/27 03:17:28 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=B81F204D146000BE76651A50670A5E9E -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.17605_none_8cee31a2e7fef48e\mrxsmb20.sys
[2015/06/27 17:37:30 | 000,098,304 | ---- | M] (Microsoft Corporation) MD5=BBA53087F60B164138651013069BA305 -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.18909_none_8cf221b4e7fb6b00\mrxsmb20.sys
[2015/07/01 20:18:35 | 000,098,304 | ---- | M] (Microsoft Corporation) MD5=C1CC047CE391BB88350379153BC1C8FA -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.18912_none_8ce04fc2e809d590\mrxsmb20.sys
[2010/11/20 09:44:09 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=E0ABDB5ED7E199E242A7D028E76C1D3A -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.17514_none_8ce25f86e807fa01\mrxsmb20.sys
[2015/09/28 17:35:15 | 000,098,304 | ---- | M] (Microsoft Corporation) MD5=E45D8868E2AE2E34A00076B1399A735A -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.23223_none_8d5ff6f4012edb0b\mrxsmb20.sys
[2011/02/23 05:47:40 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=E7D90388D14FAE057C166C1801E0BF94 -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.17565_none_8cad5034e82f9f0d\mrxsmb20.sys
[2015/06/27 17:37:21 | 000,098,304 | ---- | M] (Microsoft Corporation) MD5=FC3DC94EBEB18AD8EF7DBC6B24A1178F -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7601.23112_none_8d69c4b00127a89c\mrxsmb20.sys

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2012/08/22 18:05:16 | 000,712,048 | ---- | M] (Microsoft Corporation) MD5=15B74B6283CEBCCE3054C1001CA01B5E -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.22097_none_aa0491cf93ad1c31\ndis.sys
[2009/07/14 02:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys
[2012/08/22 18:16:46 | 000,712,048 | ---- | M] (Microsoft Corporation) MD5=8C9C922D71F1CD4DEF73F186416B7896 -- C:\Windows\System32\drivers\ndis.sys
[2012/08/22 18:16:46 | 000,712,048 | ---- | M] (Microsoft Corporation) MD5=8C9C922D71F1CD4DEF73F186416B7896 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17939_none_a9bdfee47a5cd154\ndis.sys
[2010/11/20 13:30:06 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_a9ce95b27a512623\ndis.sys

[color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color]
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

[color=#A23BEC]< MD5 for: NVSTOR.SYS >[/color]
[2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

[color=#A23BEC]< MD5 for: RASACD.SYS >[/color]
[2009/07/14 00:54:40 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=30A81B53C766D0133BB86D234E5556AB -- C:\Windows\System32\drivers\rasacd.sys
[2009/07/14 00:54:40 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=30A81B53C766D0133BB86D234E5556AB -- C:\Windows\winsxs\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_0fb054d9c6a6b4d4\rasacd.sys

[color=#A23BEC]< MD5 for: RDPCDD.SYS >[/color]
[2009/07/14 01:01:40 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=1E016846895B15A99F9A176A05029075 -- C:\Windows\winsxs\x86_microsoft-windows-t..niportdisplaydriver_31bf3856ad364e35_6.1.7600.16385_none_d4b17a3e9f928d55\RDPCDD.sys
[2010/11/20 11:22:19 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=23DAE03F29D253AE74C44F99E515F9A1 -- C:\Windows\System32\drivers\RDPCDD.sys
[2010/11/20 11:22:19 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=23DAE03F29D253AE74C44F99E515F9A1 -- C:\Windows\winsxs\x86_microsoft-windows-t..niportdisplaydriver_31bf3856ad364e35_6.1.7601.17514_none_d6e28e069c8110ef\RDPCDD.sys

[color=#A23BEC]< MD5 for: SCECLI.DLL >[/color]
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

[color=#A23BEC]< MD5 for: SERVICES.EXE >[/color]
[2015/04/13 04:19:24 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=0780A42DBD7D9969F9BF4A19AA4285B5 -- C:\Windows\System32\services.exe
[2015/04/13 04:19:24 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=0780A42DBD7D9969F9BF4A19AA4285B5 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7601.18829_none_d1614ac32b8ec5cf\services.exe
[2009/07/14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2015/04/11 04:53:55 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=97981140500E86E5BBAD7B76BA890146 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7601.23033_none_d1d9ee0844ba1cc2\services.exe

[color=#A23BEC]< MD5 for: SMSS.EXE >[/color]
[2015/02/03 04:12:00 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=01C6C743FE49D0FB3F0A1391FEF1DEB3 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18741_none_ae1e8e4a778ed482\smss.exe
[2013/03/19 03:43:41 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=0294CC751D7FAEB13621EEFB8A749429 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22280_none_ae7bdfb790cddbcf\smss.exe
[2015/04/27 20:04:21 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=03CD13A169C19558F637C2F36B974BDA -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18839_none_ae31626c777f8070\smss.exe
[2015/08/04 18:52:09 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=04B603E5589954DCB4EFB7FF89664C25 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23153_none_ae9f37ab90b2f07b\smss.exe
[2015/01/29 04:01:22 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=0C41393891E2EB9F8FDF28A0654C5B5E -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18738_none_ae30603c778069f2\smss.exe
[2015/07/15 03:55:18 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=10F4A8EE79F4E0ECC88AC71CA068B54C -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18923_none_ae363282777cc99c\smss.exe
[2009/07/14 02:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_ac10fe207a85352b\smss.exe
[2015/05/25 19:06:40 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=1F4BF2D256946EF3A2426C843F3941D6 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23072_none_ae8895a390c411df\smss.exe
[2015/07/15 18:54:24 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=2B8B8E5AE54D0EAAE5B84F65C325C3A7 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18933_none_ae2b62967784e58d\smss.exe
[2013/03/19 03:51:05 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=37F4765554F2CD34AAAB616F696E5539 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.21490_none_ac8ab2c593af8bd4\smss.exe
[2015/03/17 05:56:43 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=485436C2A90318218777401FB973558C -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18798_none_adef80b477b11198\smss.exe
[2013/07/08 04:02:28 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=634E0B45780F502304592C5615A31089 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22379_none_ae8fb42390bda114\smss.exe
[2015/07/15 03:59:35 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=697A24C3A9F1ECD602C3D961D001036C -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23126_none_aec2a84d9097e8ad\smss.exe
[2015/07/22 18:52:53 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=774202C5F5A03FF413D0B478124AE91A -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18939_none_ae316452777f7d97\smss.exe
[2015/02/03 04:31:31 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=7FFC65934B6CC409D62448ADFE50EBF1 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22948_none_aeaf2f0190a622d4\smss.exe
[2015/09/29 03:58:37 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=9A282F6D9F02EF5DE4C081A7FE65999F -- C:\Windows\System32\smss.exe
[2015/09/29 03:58:37 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=9A282F6D9F02EF5DE4C081A7FE65999F -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.19018_none_ae45dc0277705fa0\smss.exe
[2015/10/01 18:43:06 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=A0139421A3A940E49381EFFC6884DD65 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23226_none_aec2aa339097e5d4\smss.exe
[2015/05/25 19:00:29 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=ABD1DC994FD40C5F74F7DFDCEEB64599 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18869_none_ae10f2a87797d443\smss.exe
[2015/04/27 19:55:24 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=AC1D1026D06D6F74D32356772A3E321E -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23040_none_aea704d390ad8b5e\smss.exe
[2013/03/19 03:50:03 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=B24BF638652522BB5E14AB7993FD4A5D -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.17273_none_ac19b4ca7a7f0306\smss.exe
[2015/03/17 05:45:09 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=BCE230B8626E42E997285173A9426EE5 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23002_none_aed44517908b4e48\smss.exe
[2015/09/28 21:16:48 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=BF9EF8C8D655675485EE8721883457A6 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23223_none_aebfa955909a99cf\smss.exe
[2015/07/15 18:49:21 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=C288ED8B99BC77DD8C8006CB8E97DC10 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23136_none_aeb7d86190a0049e\smss.exe
[2013/08/29 01:51:28 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=D2A72C71CD6C18A99E920EC5761F0C7D -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22436_none_aeb7f4db909fe272\smss.exe
[2014/04/12 03:06:24 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=D8A5E3B8EB601B897AC78B060177E460 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22653_none_ae9f57f190b2c89d\smss.exe
[2014/04/12 03:06:24 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=D8A5E3B8EB601B897AC78B060177E460 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22908_none_aeda6eb19085b310\smss.exe
[2014/04/12 03:06:24 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=D8A5E3B8EB601B897AC78B060177E460 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22921_none_aebdccd3909c3991\smss.exe
[2014/04/12 03:06:24 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=D8A5E3B8EB601B897AC78B060177E460 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22923_none_aebfcd67909a6c3f\smss.exe
[2013/03/19 03:49:16 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=DE91DCC7BC55E940979097E98F743205 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18113_none_ae40f33e7774c473\smss.exe
[2015/07/23 00:57:09 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=E11AC92B5C7A004BA03E65E3AC61D7B2 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23142_none_aea9074d90abbb33\smss.exe
[2015/01/27 04:27:49 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=EA4931A2EE99926C89935FC92526D7A4 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22943_none_aeaa2d8f90aaa421\smss.exe
[2013/05/06 04:02:20 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=EC745C0949B101129AB6D39CD63808A6 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22318_none_aecf9361908de017\smss.exe

[color=#A23BEC]< MD5 for: SPOOLSV.EXE >[/color]
[2012/02/11 06:31:45 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=13B48314BF02091B30597DF20B71CBAC -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.21149_none_d6daba6e3bd61215\spoolsv.exe
[2010/08/20 05:25:14 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=2FB4CE429488156B19C0D8E5C4552043 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.20785_none_d6ab9bc23bf9f1c6\spoolsv.exe
[2009/07/14 02:14:41 | 000,316,416 | ---- | M] (Microsoft Corporation) MD5=49B6DD6AB3715B7A67965F17194E98A9 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16385_none_d621f94522dc5a87\spoolsv.exe
[2010/11/20 13:17:45 | 000,317,440 | ---- | M] (Microsoft Corporation) MD5=866A43013535DC8587C258E43579C764 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_d8530d0d1fcade21\spoolsv.exe
[2012/02/11 06:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) MD5=9AEA093B8F9C37CF45538382CABA2475 -- C:\Windows\System32\spoolsv.exe
[2012/02/11 06:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) MD5=9AEA093B8F9C37CF45538382CABA2475 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17777_none_d815322f1ff8cc1a\spoolsv.exe
[2012/02/11 06:21:14 | 000,317,952 | ---- | M] (Microsoft Corporation) MD5=CAE10A25F936C053E41CBE0FA06FF15D -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.21921_none_d8cedec038f3454c\spoolsv.exe
[2010/08/21 06:32:37 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=D1BB750EB51694DE183E08B9C33BE5B2 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16661_none_d6339da722cfb4be\spoolsv.exe
[2012/02/11 06:41:06 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=E17323B0AA9FB3FF9945731D736EDA2F -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16962_none_d634a3a322cec58a\spoolsv.exe

[color=#A23BEC]< MD5 for: STORPORT.SYS >[/color]
[2011/03/11 06:52:30 | 000,148,864 | ---- | M] (Microsoft Corporation) MD5=1BC029015ACC95FB7D7CC65D29DC5E0E -- C:\Windows\winsxs\x86_microsoft-windows-storport_31bf3856ad364e35_6.1.7600.20921_none_28192975aa72ffcf\storport.sys
[2011/03/11 06:44:09 | 000,146,304 | ---- | M] (Microsoft Corporation) MD5=32C8E15E6F1EF98949A96451D42CEC70 -- C:\Windows\winsxs\x86_microsoft-windows-storport_31bf3856ad364e35_6.1.7600.16778_none_27607d2e91779ff4\storport.sys
[2009/07/14 02:19:04 | 000,144,960 | ---- | M] (Microsoft Corporation) MD5=55DCA8693ED545FD7F2F93776E294AE2 -- C:\Windows\winsxs\x86_microsoft-windows-storport_31bf3856ad364e35_6.1.7600.16385_none_2752a4cc91827b44\storport.sys
[2011/03/11 06:28:17 | 000,148,864 | ---- | M] (Microsoft Corporation) MD5=9B5ED67D98DAEC1DC31F9C2766E90285 -- C:\Windows\winsxs\x86_microsoft-windows-storport_31bf3856ad364e35_6.1.7601.21680_none_29bda4c3a7cafce3\storport.sys
[2010/11/20 13:30:12 | 000,148,864 | ---- | M] (Microsoft Corporation) MD5=B40CCEC755DC3FBAE95E568C7849405E -- C:\Windows\winsxs\x86_microsoft-windows-storport_31bf3856ad364e35_6.1.7601.17514_none_2983b8948e70fede\storport.sys
[2014/02/04 03:06:28 | 000,149,952 | ---- | M] (Microsoft Corporation) MD5=ECFE2AE9092C672965131CF376AAF4BD -- C:\Windows\winsxs\x86_microsoft-windows-storport_31bf3856ad364e35_6.1.7601.22589_none_29c68eafa7c2fd6c\storport.sys
[2011/03/11 06:39:05 | 000,148,864 | ---- | M] (Microsoft Corporation) MD5=EF3D32464EBBB10449465C8CAB57CA19 -- C:\Windows\winsxs\x86_microsoft-windows-storport_31bf3856ad364e35_6.1.7601.17577_none_2945d9ea8e9ef289\storport.sys
[2014/02/04 03:07:53 | 000,149,440 | ---- | M] (Microsoft Corporation) MD5=F1A449D762657230629D8BFC107ABC14 -- C:\Windows\System32\drivers\storport.sys
[2014/02/04 03:07:53 | 000,149,440 | ---- | M] (Microsoft Corporation) MD5=F1A449D762657230629D8BFC107ABC14 -- C:\Windows\winsxs\x86_microsoft-windows-storport_31bf3856ad364e35_6.1.7601.18386_none_2939ef208ea81476\storport.sys

[color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color]
[2015/06/18 07:39:28 | 000,893,752 | ---- | M] (MalwareBytes) MD5=0692C8163852AB5674E2EB3B36131EF3 -- C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

[color=#A23BEC]< MD5 for: TCPIP.SYS >[/color]
[2011/04/25 05:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
[2011/04/25 05:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2009/07/14 02:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2013/01/03 06:01:49 | 001,303,912 | ---- | M] (Microsoft Corporation) MD5=34AE5CC0C7417AB701C2AA8A7BC75417 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21415_none_b3c99dece09ecc3b\tcpip.sys
[2010/11/20 13:30:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2013/01/04 05:56:23 | 001,308,504 | ---- | M] (Microsoft Corporation) MD5=4A95845C5F33A4DDEB6AEF6367FB6520 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_b5becc06ddb98192\tcpip.sys
[2013/07/06 06:05:35 | 001,293,760 | ---- | M] (Microsoft Corporation) MD5=4E8B9BE71B807B3BAEDB7F4243F85E3C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18203_none_b52f2f65c4a146e5\tcpip.sys
[2013/07/06 05:57:37 | 001,309,120 | ---- | M] (Microsoft Corporation) MD5=528F7CC60391DD0FAB0344F32F051FDF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22378_none_b5721e2eddf328f9\tcpip.sys
[2014/04/05 03:25:01 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=5579DD18546999F5D0EC39D018726C6B -- C:\Windows\System32\drivers\tcpip.sys
[2014/04/05 03:25:01 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=5579DD18546999F5D0EC39D018726C6B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18438_none_b513c4dfc4b513b9\tcpip.sys
[2013/05/08 07:15:22 | 001,309,032 | ---- | M] (Microsoft Corporation) MD5=6088D01FAD49729EA0A5A3D9B9BA8B84 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22319_none_b5b3fe00ddc19aaa\tcpip.sys
[2013/09/07 03:06:48 | 001,309,120 | ---- | M] (Microsoft Corporation) MD5=6C4F3D92764FFA22D28061A4D9235446 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_b58e8eb0ddde6cf1\tcpip.sys
[2011/04/25 07:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2013/01/03 06:05:20 | 001,293,672 | ---- | M] (Microsoft Corporation) MD5=7C0507D2391AF5933600CBCED799F277 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_b502eb9fc4c2a304\tcpip.sys
[2011/04/25 05:44:18 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys
[2013/01/04 05:55:21 | 001,287,528 | ---- | M] (Microsoft Corporation) MD5=BBCEAEFF1FD72A026F827CBB2F4AA8AD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.17206_none_b34bcf71c7782cb0\tcpip.sys
[2013/09/08 03:07:12 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=CA59F7C570AF70BC174F477CFE2D9EE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_b4fa2013c4c8ebf1\tcpip.sys
[2013/05/08 06:38:00 | 001,293,672 | ---- | M] (Microsoft Corporation) MD5=D32FDAC73FCD76B85389C39BC1087F2A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18148_none_b508ef41c4bd3835\tcpip.sys
[2012/10/03 17:44:01 | 001,308,040 | ---- | M] (Microsoft Corporation) MD5=D490DD0A91B4EAC3B4EE08D11EE37C31 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_b5a428d6ddce3d9a\tcpip.sys
[2012/10/03 17:58:30 | 001,293,680 | ---- | M] (Microsoft Corporation) MD5=E23A56F843E2AEBBB209D0ACCA73C640 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_b4ef7439c4d0da52\tcpip.sys
[2014/04/05 03:16:21 | 001,310,144 | ---- | M] (Microsoft Corporation) MD5=EA47AB18E289333AB94397D77CA6E3A1 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22648_none_b59293a4dddacc9b\tcpip.sys

[color=#A23BEC]< MD5 for: TERMDD.SYS >[/color]
[2010/11/20 13:30:12 | 000,053,120 | ---- | M] (Microsoft Corporation) MD5=04DBF4B01EA4BF25A9A3E84AFFAC9B20 -- C:\Windows\System32\drivers\termdd.sys
[2010/11/20 13:30:12 | 000,053,120 | ---- | M] (Microsoft Corporation) MD5=04DBF4B01EA4BF25A9A3E84AFFAC9B20 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\termdd.sys
[2010/11/20 13:30:12 | 000,053,120 | ---- | M] (Microsoft Corporation) MD5=04DBF4B01EA4BF25A9A3E84AFFAC9B20 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\termdd.sys
[2009/07/14 02:19:10 | 000,051,776 | ---- | M] (Microsoft Corporation) MD5=C36F41EE20E6999DBF4B0425963268A5 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\termdd.sys

[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color]
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[color=#A23BEC]< MD5 for: WIN32K.SYS >[/color]
[2013/03/01 03:54:56 | 002,355,712 | ---- | M] (Microsoft Corporation) MD5=046885B67396DA1863AC957DA3FF31DC -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.22271_none_bb4081ab121a033b\win32k.sys
[2013/03/01 04:11:14 | 002,345,984 | ---- | M] (Microsoft Corporation) MD5=07D392455923063F463DB218AC5A2B0B -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.17266_none_b8e05751fbc95d20\win32k.sys
[2013/03/01 04:03:47 | 002,354,688 | ---- | M] (Microsoft Corporation) MD5=09F0DB0A4F4B5A94D0A7AE8EFF176C11 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.21482_none_b950550314facc97\win32k.sys
[2015/09/02 02:35:00 | 002,393,600 | ---- | M] (Microsoft Corporation) MD5=14E2A15F6FA13CB8F263BF5F470EDA37 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.23188_none_bb3c9b17121bed07\win32k.sys
[2015/01/09 02:45:45 | 002,380,288 | ---- | M] (Microsoft Corporation) MD5=15E13FB1C22A47A128965287194D1906 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.18713_none_baf9d05ff8c9dd63\win32k.sys
[2014/06/18 01:52:00 | 002,350,080 | ---- | M] (Microsoft Corporation) MD5=2A58DBC1BADEA2F496099F8CB068E698 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.18512_none_baf8cc49f8cac9be\win32k.sys
[2009/07/14 00:26:52 | 002,326,528 | ---- | M] (Microsoft Corporation) MD5=34999766FBCAB11BA5C4D26CE0378903 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16385_none_b8c9cfddfbda5f31\win32k.sys
[2015/06/25 09:46:17 | 002,383,872 | ---- | M] (Microsoft Corporation) MD5=358B1F17A8E5419AD108D5E5C522F674 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.18906_none_bb07a4f5f8bf07c5\win32k.sys
[2013/08/28 02:04:30 | 002,348,544 | ---- | M] (Microsoft Corporation) MD5=445C354D772DFEBF46F73078C8C2C797 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.18246_none_badc57fbf8df8b78\win32k.sys
[2013/06/05 04:05:09 | 002,347,520 | ---- | M] (Microsoft Corporation) MD5=4D52150FC35E333F6CBBB6B6E6D9366D -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.18176_none_babbe651f8f7e224\win32k.sys
[2015/05/25 18:04:27 | 002,393,088 | ---- | M] (Microsoft Corporation) MD5=4D829D464A1CBBA195F8A5F911160E58 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.23072_none_bb41676112193be5\win32k.sys
[2014/06/18 01:55:52 | 002,358,272 | ---- | M] (Microsoft Corporation) MD5=4DEBEBEAEDB6B740172E8C649C8B815C -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.22722_none_bb779b0f11f082a0\win32k.sys
[2013/04/10 04:14:06 | 002,347,520 | ---- | M] (Microsoft Corporation) MD5=52948A58E4E64427DC399A409EF1CAB5 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.18126_none_baf1f5edf8cf566f\win32k.sys
[2014/07/09 01:32:55 | 002,352,640 | ---- | M] (Microsoft Corporation) MD5=5B1828278F3200EE4FAF48411894F6D2 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.18528_none_baf3fe19f8cd7db9\win32k.sys
[2015/02/26 04:10:33 | 002,390,528 | ---- | M] (Microsoft Corporation) MD5=5D68D035BF9AA6EC732F6592B750F0FF -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.22978_none_bb4790fb1213a0ad\win32k.sys
[2012/03/31 03:31:48 | 002,351,616 | ---- | M] (Microsoft Corporation) MD5=5E7C260B168054FCB68BE9C030A81CE8 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21955_none_bb5a46bd12060325\win32k.sys
[2015/07/30 17:47:57 | 002,393,088 | ---- | M] (Microsoft Corporation) MD5=660B481786C666371FD9657A95A6E939 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.23149_none_bb68db1111fa969a\win32k.sys
[2013/04/10 04:19:09 | 002,355,712 | ---- | M] (Microsoft Corporation) MD5=67938E8424598FF65DE0B6D48AFAB258 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.22296_none_bb2fe3451225b9d0\win32k.sys
[2010/11/20 10:09:20 | 002,329,088 | ---- | M] (Microsoft Corporation) MD5=687464342342B933D6B7FAA4A907AF4C -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17514_none_bafae3a5f8c8e2cb\win32k.sys
[2015/04/20 03:02:43 | 002,391,040 | ---- | M] (Microsoft Corporation) MD5=6E4EE2594D3C73861F0F9FF763B12116 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.23038_none_bb72a8cd11f3642b\win32k.sys
[2013/03/01 04:09:59 | 002,347,008 | ---- | M] (Microsoft Corporation) MD5=6FCC2090F055F5C96236DCD057DD705D -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.18105_none_bb06957bf8c00536\win32k.sys
[2013/01/04 03:59:29 | 002,355,712 | ---- | M] (Microsoft Corporation) MD5=73C7E51214D81E8D0B46C207CA2323C9 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.22209_none_bb94336f11da0a5c\win32k.sys
[2013/06/04 04:17:38 | 002,356,224 | ---- | M] (Microsoft Corporation) MD5=79F3AF094AF785C4583387C4F4D2392A -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.22348_none_bb67f55b11fb5df0\win32k.sys
[2014/08/23 01:44:17 | 002,360,832 | ---- | M] (Microsoft Corporation) MD5=7BA73EED90DE2CD00D8F8DB9A9AC0664 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.22783_none_bb37bbd11220439d\win32k.sys
[2014/08/23 01:42:53 | 002,352,640 | ---- | M] (Microsoft Corporation) MD5=7DA17C38F8B8F2E89F52C1A08FD447EB -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.18577_none_babcee33f8f6f017\win32k.sys
[2014/07/09 01:34:24 | 002,360,832 | ---- | M] (Microsoft Corporation) MD5=7E82C4BBA3C8EB0887DCAF8E7BE53D5E -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.22739_none_bb73cd2911f24ff2\win32k.sys
[2015/06/25 09:29:36 | 002,392,576 | ---- | M] (Microsoft Corporation) MD5=857F5AD38074318D3179190C8CC78EDB -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.23109_none_bb941ac111da26d6\win32k.sys
[2014/10/09 07:32:34 | 002,387,968 | ---- | M] (Microsoft Corporation) MD5=9CE8AB74907C51AC59ABAD2C43DD0A78 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.22831_none_bb6bccbf11f98261\win32k.sys
[2013/08/28 02:08:30 | 002,357,248 | ---- | M] (Microsoft Corporation) MD5=9DA2F88950510900733F320DEA3567F7 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.22435_none_bb6fc64f11f5f321\win32k.sys
[2015/07/30 17:52:25 | 002,384,384 | ---- | M] (Microsoft Corporation) MD5=A22126F58B07E937D10F96A506E40107 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.18946_none_badc6545f8df7789\win32k.sys
[2013/01/04 04:00:30 | 002,345,984 | ---- | M] (Microsoft Corporation) MD5=A7F9EAC3EC67C68B216A5AB22EE51BDE -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.17206_none_b92136d9fb98b57a\win32k.sys
[2015/02/26 04:11:26 | 002,381,312 | ---- | M] (Microsoft Corporation) MD5=BA3CB7D5C1DCF17E6FFFB28DB950841A -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.18773_none_bab8f0d7f8fa8509\win32k.sys
[2015/05/25 18:00:20 | 002,384,384 | ---- | M] (Microsoft Corporation) MD5=BCD4C37A7043E75131111EA447210DE7 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.18869_none_bac9c465f8ecfe49\win32k.sys
[2012/03/31 03:38:35 | 002,351,104 | ---- | M] (Microsoft Corporation) MD5=C2A5AC4EE6F5F10A54E557B606257648 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.21179_none_b962214314ec6a92\win32k.sys
[2013/01/04 03:56:44 | 002,354,688 | ---- | M] (Microsoft Corporation) MD5=C60F755DC0B32C7F782F4E7DFD348B5B -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.21416_none_b9a0059f14be6e5c\win32k.sys
[2015/01/09 02:52:49 | 002,388,992 | ---- | M] (Microsoft Corporation) MD5=D2AFEEA178153F4ACDBDA33A45029F19 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.22919_none_bb8970cd11e2125e\win32k.sys
[2013/01/04 04:00:29 | 002,347,008 | ---- | M] (Microsoft Corporation) MD5=D45B118114C9B18814CE18F72A34E934 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.18043_none_bad95351f8e24525\win32k.sys
[2015/04/20 03:03:22 | 002,382,336 | ---- | M] (Microsoft Corporation) MD5=E62FA8858669B48E66DA21C366257F64 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.18834_none_bae532b7f8d92bc3\win32k.sys
[2013/08/08 02:03:07 | 002,348,544 | ---- | M] (Microsoft Corporation) MD5=ED880065BBB2C5F57B74F30812A65F4F -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.18233_none_bae42709f8da2382\win32k.sys
[2013/08/08 02:03:48 | 002,356,736 | ---- | M] (Microsoft Corporation) MD5=F26A2B1000F6AC694B7F0E8FB5778B55 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.22416_none_bb86667111e4d496\win32k.sys
[2014/10/10 01:45:54 | 002,379,264 | ---- | M] (Microsoft Corporation) MD5=F6AF80581A85F657CFCD8ADC7ED0B3DA -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.18635_none_bae62f35f8d84acc\win32k.sys
[2012/03/31 03:36:11 | 002,343,424 | ---- | M] (Microsoft Corporation) MD5=F8DB740114248CE6910E550EE9C054A2 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17803_none_bb04b8f9f8c1a4f8\win32k.sys
[2015/09/02 02:36:35 | 002,384,896 | ---- | M] (Microsoft Corporation) MD5=FB460A3148186CF50CAE91AE5554A43C -- C:\Windows\System32\win32k.sys
[2015/09/02 02:36:35 | 002,384,896 | ---- | M] (Microsoft Corporation) MD5=FB460A3148186CF50CAE91AE5554A43C -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.18985_none_bab0254bf900cdf6\win32k.sys
[2012/04/02 03:43:16 | 002,342,400 | ---- | M] (Microsoft Corporation) MD5=FD853D524C23B8C44AACF28395692680 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16988_none_b8ccdc1ffbd79a20\win32k.sys

[color=#A23BEC]< MD5 for: WININIT.EXE >[/color]
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2015/06/18 07:39:28 | 000,893,752 | ---- | M] (MalwareBytes) MD5=0692C8163852AB5674E2EB3B36131EF3 -- C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2014/07/16 03:56:14 | 000,304,640 | ---- | M] (Microsoft Corporation) MD5=4F37B93C14AEE313BEC52A23AFB15C2E -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_7224b2134c7555fa\winlogon.exe
[2014/07/17 02:39:27 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=52449FD429D6053B78AE564DEF303870 -- C:\Windows\System32\winlogon.exe
[2014/07/17 02:39:27 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=52449FD429D6053B78AE564DEF303870 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_71a5e34e334f9d18\winlogon.exe
[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2014/03/04 10:17:02 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=998507B046BA314CE8245364C686FA67 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_71da23b23327143c\winlogon.exe
[2014/03/04 11:39:02 | 000,304,640 | ---- | M] (Microsoft Corporation) MD5=D53972F87D850CD2EB4B29B60CAFDD77 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_7255f1994c4f8119\winlogon.exe

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >

Signaler le contenu de ce document