cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ÿþOTL logfile created on: 27/07/2016 08:58:50 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\mezine\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1,99 Gb Total Physical Memory | 0,24 Gb Available Physical Memory | 12,29% Memory free
4,22 Gb Paging File | 1,78 Gb Available in Paging File | 42,14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 132,71 Gb Free Space | 56,99% Space Free | Partition Type: NTFS

Computer Name: OUAHMED | User Name: mezine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2016/07/27 08:51:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mezine\Desktop\OTL.exe
PRC - [2016/07/25 17:10:15 | 003,446,976 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_22_0_0_209.exe
PRC - [2016/06/14 15:51:32 | 000,392,136 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2016/03/10 14:07:30 | 001,136,608 | ---- | M] (Malwarebytes) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2016/03/10 14:07:28 | 001,514,464 | ---- | M] (Malwarebytes) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2016/03/10 14:07:20 | 009,926,112 | ---- | M] (Malwarebytes) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
PRC - [2016/01/29 18:44:58 | 000,292,816 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2016/01/29 18:44:56 | 000,022,216 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2016/01/29 17:56:10 | 000,986,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2015/12/13 23:48:02 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2015/08/04 13:25:48 | 002,344,664 | ---- | M] (AVG Technologies) -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
PRC - [2015/08/04 13:25:46 | 002,449,624 | ---- | M] (AVG Technologies) -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
PRC - [2011/03/17 09:15:46 | 000,382,272 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2007/02/06 08:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2016/07/25 17:10:11 | 019,483,328 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_22_0_0_209.dll
MOD - [2016/03/03 23:30:41 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\1d0bb5ef0c09d4e2240a41182524e24b\System.Configuration.ni.dll
MOD - [2016/03/03 21:45:21 | 005,465,088 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\17f27391eb60fef422349cecc57b9e36\System.Xml.ni.dll
MOD - [2016/03/03 21:44:13 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c5e565e60d6c46124983883991967dbf\System.Drawing.ni.dll
MOD - [2016/03/03 21:41:23 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\75f485fba3d8ce575d2a7e156842af91\System.ni.dll
MOD - [2015/08/04 13:26:08 | 000,734,936 | ---- | M] () -- C:\Program Files\AVG\AVG PC TuneUp\tulngx.dll
MOD - [2014/12/29 12:51:34 | 000,878,080 | ---- | M] () -- C:\Windows\System32\iconv.dll
MOD - [2014/12/29 12:51:34 | 000,721,920 | ---- | M] () -- C:\Windows\System32\libxml2.dll
MOD - [2014/12/11 18:20:22 | 011,496,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\3444fbefcbd532181c499150ace644a4\mscorlib.ni.dll
MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2011/05/28 21:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll
MOD - [2010/07/04 22:32:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2009/03/30 05:42:26 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.resources.dll
MOD - [2007/01/15 08:55:54 | 002,991,616 | ---- | M] () -- C:\Program Files\SYSTRAN\6\GUIRes.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - [2016/07/25 17:10:17 | 000,270,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2016/06/14 15:51:28 | 000,146,888 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2016/05/23 15:17:32 | 000,324,224 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2016/03/10 14:07:30 | 001,136,608 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2016/03/10 14:07:28 | 001,514,464 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2016/01/29 18:44:58 | 000,292,816 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2016/01/29 18:44:56 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2015/12/13 23:48:02 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2015/08/04 13:25:46 | 002,449,624 | ---- | M] (AVG Technologies) [Auto | Running] -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2015/08/04 13:25:42 | 000,036,568 | ---- | M] (AVG Technologies) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2013/12/19 00:41:02 | 030,814,400 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/09/23 17:37:42 | 000,641,832 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2008/04/18 14:54:02 | 000,354,840 | R--- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
SRV - [2008/01/21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007/12/11 11:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/06/08 08:06:42 | 000,172,131 | ---- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\Windows\System32\flcdlock.exe -- (FLCDLOCK)
SRV - [2007/02/06 08:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\mezine\AppData\Local\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aj4qcs94)
DRV - [2016/07/27 07:49:49 | 000,170,200 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2016/03/10 14:09:00 | 000,053,120 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV - [2016/03/10 14:08:52 | 000,024,448 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2015/11/13 08:50:26 | 000,104,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2015/06/25 11:31:48 | 000,030,632 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2014/12/29 11:48:32 | 000,443,448 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2011/10/12 19:32:14 | 000,233,024 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/07/04 20:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010/02/25 00:03:16 | 000,014,904 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBTTN.sys -- (HBtnKey)
DRV - [2009/04/29 06:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2008/12/05 06:55:40 | 000,217,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2008/11/21 20:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/11/17 14:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008/01/21 03:32:45 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2007/06/08 07:49:46 | 000,030,008 | ---- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DAMDrv.sys -- (DAMDrv)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://dz.gdark.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {756D1D40-E491-4E1D-9BC6-5B37CEDE646E}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2B7B7EFC-C234-4532-822B-A8D74D7EF7EB}: "URL" = http://dz.gdark.com/search.php?cx=partner-pub-7902900401080901%3Aadqekgs6wwt&cof=FORID%3A10&ie=UTF-8&q={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3726264710-3343502884-3871826145-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3726264710-3343502884-3871826145-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-3726264710-3343502884-3871826145-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Gdark
IE - HKU\S-1-5-21-3726264710-3343502884-3871826145-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://dz.gdark.com/search.php?cxpartner-pub-7902900401080901%3Aadqekgs6wwt&cof=FORID%3A10&ie=UTF-8&q={searchTerms}
IE - HKU\S-1-5-21-3726264710-3343502884-3871826145-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3726264710-3343502884-3871826145-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3726264710-3343502884-3871826145-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKU\S-1-5-21-3726264710-3343502884-3871826145-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://dz.gdark.com
IE - HKU\S-1-5-21-3726264710-3343502884-3871826145-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3726264710-3343502884-3871826145-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3726264710-3343502884-3871826145-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7PRFA_frDZ451
IE - HKU\S-1-5-21-3726264710-3343502884-3871826145-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.countryCode: "DZ"
FF - prefs.js..browser.search.region: "DZ"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:47.0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_22_0_0_209.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.91.2: C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.91.2: C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2016/07/24 08:31:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 47.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/12/11 17:39:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 47.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2015/11/05 15:45:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\BingExtension\\BingSearchExtension: install
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\BingExtension\\DSE: true

[2012/09/22 22:33:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mezine\AppData\Roaming\mozilla\Extensions
[2016/06/08 15:07:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mezine\AppData\Roaming\mozilla\Firefox\Profiles\60qtsu2z.default-1438902804915\extensions
[2016/06/04 11:03:48 | 000,698,536 | ---- | M] () (No name found) -- C:\Users\mezine\AppData\Roaming\mozilla\firefox\profiles\60qtsu2z.default-1438902804915\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi
[2016/05/15 14:23:23 | 001,036,367 | ---- | M] () (No name found) -- C:\Users\mezine\AppData\Roaming\mozilla\firefox\profiles\60qtsu2z.default-1438902804915\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2016/06/14 15:51:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\browser\extensions

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - Extension: No name found = C:\Users\mezine\AppData\Local\Google\Chrome\User Data\Default\Extensions\anfilkljgdilefcoemmpnlamjnnbmfcb\1\
CHR - Extension: No name found = C:\Users\mezine\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: No name found = C:\Users\mezine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\
CHR - Extension: No name found = C:\Users\mezine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\.bak

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-3726264710-3343502884-3871826145-1000\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
O3 - HKU\S-1-5-21-3726264710-3343502884-3871826145-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3726264710-3343502884-3871826145-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3726264710-3343502884-3871826145-1000..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe File not found
O4 - HKU\S-1-5-21-3726264710-3343502884-3871826145-1000..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-3726264710-3343502884-3871826145-1000..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab (Java Plug-in 11.91.2)
O16 - DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab (Java Plug-in 1.8.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab (Java Plug-in 11.91.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F7A4EF2-70A8-4E0E-B368-C61E66F6CCB3}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A32BC08-C5D7-4592-9CF3-DA294CA75CE4}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FEDFB6F6-409B-41E6-B740-A1E3BA853514}: NameServer = 41.110.32.3 8.8.8.8
O18 - Protocol\Handler\textwareilluminatorbase {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\Windows\System32\textwareilluminatorbaseProtocol.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\Windows\System32\DeviceNP.dll (Hewlett-Packard Limited)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O27 - HKLM IFEO\dtagent.exe: Debugger - C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe (AVG Technologies)
O27 - HKLM IFEO\dtimgeditor.exe: Debugger - C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe (AVG Technologies)
O27 - HKLM IFEO\dtpro.exe: Debugger - C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe (AVG Technologies)
O27 - HKLM IFEO\javaw.exe: Debugger - C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe (AVG Technologies)
O27 - HKLM IFEO\javaws.exe: Debugger - C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe (AVG Technologies)
O27 - HKLM IFEO\sptdinst-x86.exe: Debugger - C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe (AVG Technologies)
O27 - HKLM IFEO\uninst.exe: Debugger - C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe (AVG Technologies)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{c1bf842f-eb54-11e0-890f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c1bf842f-eb54-11e0-890f-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SWSETUP\APPINSTL\setup.exe
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (AVG Technologies)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpReg: [b]Java update[/b] - hkey= - key= - File not found
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {05466845-FF44-4671-92C1-A5FD0F9EEE1C} - Microsoft Reader
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3911CF56-9EF2-39BA-846A-C27BD3CD0685} - .NET Framework
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4903D172-DCCB-392F-93A3-34CA9D47FE3D} - .NET Framework
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8F736E10-8E5C-4399-A532-D0C00A406227} - Microsoft .NET Framework 1.1 Security Update (KB2698023)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0} - Microsoft .NET Framework 1.1 Security Update (KB2833941)
ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Reg Error: Value error.
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codec - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2016/07/27 08:53:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\mezine\Desktop\OTL.exe
[2016/07/25 17:03:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2016/07/27 09:07:47 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2016/07/27 08:51:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mezine\Desktop\OTL.exe
[2016/07/27 08:18:45 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2016/07/27 07:49:49 | 000,170,200 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2016/07/27 07:49:07 | 000,000,432 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2016/07/27 07:48:36 | 000,003,840 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2016/07/27 07:48:36 | 000,003,840 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2016/07/27 07:48:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2016/07/26 23:30:51 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2016/07/25 17:10:16 | 000,796,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2016/07/25 17:10:15 | 000,142,528 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2016/07/25 11:09:41 | 000,658,070 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2016/07/25 11:09:41 | 000,130,024 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2016/07/25 11:09:41 | 000,062,900 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2016/07/25 11:09:41 | 000,026,828 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2016/07/07 01:39:33 | 000,400,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2016/06/28 18:33:13 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFormezine.job
[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2016/07/27 09:07:46 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2015/01/14 17:53:30 | 000,000,165 | ---- | C] () -- C:\Windows\Reimage.ini
[2015/01/03 11:50:05 | 000,399,536 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/12/29 12:47:34 | 000,878,080 | ---- | C] () -- C:\Windows\System32\iconv.dll
[2014/12/29 12:47:34 | 000,721,920 | ---- | C] () -- C:\Windows\System32\libxml2.dll
[2014/12/29 12:47:34 | 000,150,016 | ---- | C] () -- C:\Windows\System32\libxslt.dll
[2014/12/29 12:47:33 | 000,051,200 | ---- | C] () -- C:\Windows\System32\libexslt.dll
[2014/02/21 23:27:43 | 000,003,072 | ---- | C] () -- C:\Users\mezine\AppData\Roaming\chrome-extension.localstorage
[2014/02/21 21:32:21 | 000,014,294 | ---- | C] () -- C:\Users\mezine\AppData\Roaming\addonVont.zip
[2011/10/25 08:39:54 | 000,000,000 | ---- | C] () -- C:\Users\mezine\AppData\Local\{4E08EB21-5CD6-40AC-946C-79152B95F25C}
[2011/10/01 09:15:05 | 000,000,000 | ---- | C] () -- C:\Users\mezine\AppData\Roaming\chrtmp
[2011/09/30 17:10:56 | 000,000,094 | ---- | C] () -- C:\Users\mezine\AppData\Local\fusioncache.dat
[2011/09/30 12:24:09 | 000,001,356 | ---- | C] () -- C:\Users\mezine\AppData\Local\d3d9caps.dat
[2005/12/12 08:38:13 | 000,018,635 | -H-- | C] () -- C:\Users\mezine\AppData\Roaming\mezinev1.18.0 - Trial versionlog.dat
[2005/04/08 03:16:43 | 000,000,587 | -H-- | C] () -- C:\Users\mezine\AppData\Roaming\mezinelog.dat

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2006/11/02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/07/29 01:46:08 | 011,588,096 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== LOP Check ==========[/color]

[2015/01/07 17:37:26 | 000,000,000 | ---D | M] -- C:\Users\mezine\AppData\Roaming\AVG
[2011/10/25 00:18:05 | 000,000,000 | ---D | M] -- C:\Users\mezine\AppData\Roaming\Babylon
[2014/12/22 11:47:13 | 000,000,000 | ---D | M] -- C:\Users\mezine\AppData\Roaming\cald4
[2011/10/11 19:43:42 | 000,000,000 | ---D | M] -- C:\Users\mezine\AppData\Roaming\Cambridge
[2015/09/28 21:35:55 | 000,000,000 | ---D | M] -- C:\Users\mezine\AppData\Roaming\DAEMON Tools Pro
[2011/11/17 14:12:45 | 000,000,000 | ---D | M] -- C:\Users\mezine\AppData\Roaming\Design Science
[2014/12/24 16:58:38 | 000,000,000 | ---D | M] -- C:\Users\mezine\AppData\Roaming\DMCache
[2012/10/29 12:59:32 | 000,000,000 | ---D | M] -- C:\Users\mezine\AppData\Roaming\Foxit Reader
[2011/10/25 00:39:39 | 000,000,000 | ---D | M] -- C:\Users\mezine\AppData\Roaming\FreeFLVConverter
[2011/09/30 16:22:46 | 000,000,000 | ---D | M] -- C:\Users\mezine\AppData\Roaming\Hewlett Packard
[2014/12/24 19:21:40 | 000,000,000 | ---D | M] -- C:\Users\mezine\AppData\Roaming\IDM
[2012/03/02 21:19:19 | 000,000,000 | ---D | M] -- C:\Users\mezine\AppData\Roaming\install
[2011/09/30 17:32:19 | 000,000,000 | ---D | M] -- C:\Users\mezine\AppData\Roaming\InterVideo
[2012/12/31 01:18:36 | 000,000,000 | ---D | M] -- C:\Users\mezine\AppData\Roaming\IObit
[2011/10/21 11:02:46 | 000,000,000 | ---D | M] -- C:\Users\mezine\AppData\Roaming\med2
[2012/05/15 15:26:49 | 000,000,000 | ---D | M] -- C:\Users\mezine\AppData\Roaming\Micro Application
[2015/09/02 12:22:49 | 000,000,000 | ---D | M] -- C:\Users\mezine\AppData\Roaming\oald8
[2014/12/25 11:18:46 | 000,000,000 | ---D | M] -- C:\Users\mezine\AppData\Roaming\olt1
[2011/11/27 17:51:25 | 000,000,000 | ---D | M] -- C:\Users\mezine\AppData\Roaming\PDM
[2012/12/31 15:12:08 | 000,000,000 | ---D | M] -- C:\Users\mezine\AppData\Roaming\Product_NU16
[2011/10/12 21:17:01 | 000,000,000 | ---D | M] -- C:\Users\mezine\AppData\Roaming\QA International
[2012/12/25 10:19:42 | 000,000,000 | ---D | M] -- C:\Users\mezine\AppData\Roaming\Samsung
[2014/12/29 13:46:33 | 000,000,000 | ---D | M] -- C:\Users\mezine\AppData\Roaming\SYSTRAN
[2014/12/31 08:28:25 | 000,000,000 | ---D | M] -- C:\Users\mezine\AppData\Roaming\Systweak
[2011/10/27 19:15:16 | 000,000,000 | ---D | M] -- C:\Users\mezine\AppData\Roaming\thecleaner
[2014/01/29 18:55:16 | 000,000,000 | ---D | M] -- C:\Users\mezine\AppData\Roaming\TuneUp Software
[2011/10/01 20:53:59 | 000,000,000 | ---D | M] -- C:\Users\mezine\AppData\Roaming\uWerTmSqIUIGzSPlVg
[2011/10/13 18:29:30 | 000,000,000 | ---D | M] -- C:\Users\mezine\AppData\Roaming\widestream

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color]
[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2011/09/30 16:26:54 | 000,000,086 | ---- | M] () -- C:\bcmwl6.log
[2009/04/11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2011/09/30 22:09:11 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/09/30 17:10:57 | 003,615,610 | ---- | M] () -- C:\DNSP1.LOG
[2011/09/30 16:36:06 | 000,114,130 | ---- | M] () -- C:\intel_chipset.log
[2011/09/30 16:20:14 | 000,271,492 | ---- | M] () -- C:\intel_msm.log
[2011/10/07 10:45:48 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/10/15 02:58:28 | 000,349,758 | R--- | M] () -- C:\mcafee_av.log
[2011/09/30 17:35:48 | 000,000,693 | ---- | M] () -- C:\mcafee_wl.log
[2011/10/07 10:45:48 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2016/07/27 07:48:12 | 2452,119,552 | -HS- | M] () -- C:\pagefile.sys
[2016/07/27 09:07:47 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011/09/30 17:12:38 | 000,000,163 | ---- | M] () -- C:\Setup.log
[2011/09/30 17:40:39 | 000,025,372 | ---- | M] () -- C:\sunjava.log
[2011/09/30 16:17:17 | 000,000,082 | ---- | M] () -- C:\SYNTPAD.LOG
[2011/10/20 20:37:06 | 000,000,011 | ---- | M] () -- C:\trace.ini
[2012/02/11 10:45:35 | 000,000,237 | ---- | M] () -- C:\user.js
[2010/07/15 03:10:48 | 000,252,968 | ---- | M] () -- C:\vcredis1.cab
[2010/07/15 03:10:56 | 002,818,048 | ---- | M] () -- C:\vcredist.msi
[2011/12/28 20:30:14 | 000,000,238 | ---- | M] () -- C:\Wlid.bat
[2011/12/28 20:30:15 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\WLID.EXE

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[2011/12/28 20:30:15 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\WLID.EXE

[color=#A23BEC]< %PROGRAMFILES%\*.* >[/color]
[2008/01/21 03:57:01 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

[color=#A23BEC]< %PROGRAMFILES%\*. >[/color]
[2016/06/07 16:02:38 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2011/09/30 16:06:28 | 000,000,000 | ---D | M] -- C:\Program Files\Analog Devices
[2011/11/23 14:11:26 | 000,000,000 | ---D | M] -- C:\Program Files\AnyBizSoft
[2011/10/20 20:36:47 | 000,000,000 | ---D | M] -- C:\Program Files\Auralog
[2015/01/07 17:36:51 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2014/01/12 15:18:27 | 000,000,000 | ---D | M] -- C:\Program Files\AVS4YOU
[2011/09/30 16:25:25 | 000,000,000 | ---D | M] -- C:\Program Files\Broadcom
[2014/12/22 11:45:55 | 000,000,000 | ---D | M] -- C:\Program Files\Cambridge
[2016/05/17 15:31:49 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2016/07/25 17:03:36 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2015/03/06 09:49:40 | 000,000,000 | ---D | M] -- C:\Program Files\ConvertHelper
[2015/04/07 15:25:26 | 000,000,000 | ---D | M] -- C:\Program Files\ConvertHelper3
[2011/10/18 15:31:56 | 000,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Pro
[2012/08/23 11:45:47 | 000,000,000 | ---D | M] -- C:\Program Files\FBReader
[2011/09/30 12:18:05 | 000,000,000 | -HSD | M] -- C:\Program Files\Fichiers communs
[2012/12/24 08:48:25 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2012/04/06 20:35:53 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2011/11/04 08:59:20 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2011/09/30 16:09:08 | 000,000,000 | ---D | M] -- C:\Program Files\HPQ
[2011/10/21 11:02:29 | 000,000,000 | ---D | M] -- C:\Program Files\IDM
[2014/12/29 13:01:16 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2011/09/30 16:27:10 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2014/12/24 19:25:15 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Download Manager
[2016/03/03 22:49:20 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2012/12/31 15:36:04 | 000,000,000 | ---D | M] -- C:\Program Files\IObit
[2016/06/07 19:53:24 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2011/10/07 20:59:50 | 000,000,000 | ---D | M] -- C:\Program Files\Larousse
[2015/09/02 15:35:25 | 000,000,000 | ---D | M] -- C:\Program Files\Le Robert
[2011/10/01 09:03:45 | 000,000,000 | ---D | M] -- C:\Program Files\LizardTech
[2011/10/02 05:58:15 | 000,000,000 | ---D | M] -- C:\Program Files\LSI SoftModem
[2011/10/21 11:00:56 | 000,000,000 | ---D | M] -- C:\Program Files\Macmillan Dictionaries
[2014/12/29 12:25:17 | 000,000,000 | ---D | M] -- C:\Program Files\MagicISO
[2016/05/15 14:24:18 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes Anti-Malware
[2015/01/16 19:19:38 | 000,000,000 | ---D | M] -- C:\Program Files\MathType
[2011/10/01 20:39:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Analysis Services
[2006/11/02 13:35:51 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2011/10/01 20:44:05 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/11/27 17:59:51 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Reader
[2016/03/04 01:02:11 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Security Client
[2016/03/03 22:26:32 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2011/10/01 20:44:02 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/10/01 20:44:02 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
[2011/10/01 20:44:59 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Synchronization Services
[2011/10/01 20:42:35 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2011/10/02 05:23:58 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2011/10/01 23:07:39 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2016/06/15 18:20:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2016/06/14 19:31:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Maintenance Service
[2011/10/01 20:46:03 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2011/09/30 22:35:31 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2011/10/11 19:02:10 | 000,000,000 | ---D | M] -- C:\Program Files\Nero
[2014/12/25 11:16:12 | 000,000,000 | ---D | M] -- C:\Program Files\Oxford
[2013/09/25 20:46:18 | 000,000,000 | ---D | M] -- C:\Program Files\PDFCreator
[2014/12/29 12:44:03 | 000,000,000 | ---D | M] -- C:\Program Files\Power Translator 12
[2012/11/08 21:23:52 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2012/08/20 18:07:04 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2006/11/02 13:35:51 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2016/07/25 17:03:44 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2012/10/20 17:13:56 | 000,000,000 | ---D | M] -- C:\Program Files\SuperCopier2
[2012/12/31 15:12:51 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2011/09/30 16:16:40 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2014/12/29 12:52:37 | 000,000,000 | ---D | M] -- C:\Program Files\SYSTRAN
[2011/10/11 19:43:09 | 000,000,000 | ---D | M] -- C:\Program Files\TEXTware
[2015/01/07 17:30:39 | 000,000,000 | ---D | M] -- C:\Program Files\TuneUp Utilities 2014
[2006/11/02 13:58:18 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2011/10/13 08:54:44 | 000,000,000 | ---D | M] -- C:\Program Files\Unlocker
[2011/10/01 10:53:08 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2015/03/28 08:56:33 | 000,000,000 | ---D | M] -- C:\Program Files\WinDjView
[2011/10/01 23:07:39 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2016/03/03 21:31:39 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2011/10/01 23:07:38 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2012/05/23 19:36:57 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2015/07/26 13:18:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2011/09/30 12:18:05 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2011/10/01 23:07:39 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2011/10/06 20:25:12 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2011/10/01 23:07:39 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2012/12/25 09:41:40 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR

[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2008/01/21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 03:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 03:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

[color=#A23BEC]< MD5 for: AUTOCHK.EXE >[/color]
[2009/04/11 07:27:20 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\System32\autochk.exe
[2009/04/11 07:27:20 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6002.18005_none_e3df6655bee2ee3b\autochk.exe
[2008/01/21 03:34:33 | 000,642,560 | ---- | M] (Microsoft Corporation) MD5=2FC5BE79B51714B479809358E4908FC3 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2008/01/21 03:33:14 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\System32\drivers\beep.sys
[2008/01/21 03:33:14 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\beep.sys

[color=#A23BEC]< MD5 for: CNGAUDIT.DLL >[/color]
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 03:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

[color=#A23BEC]< MD5 for: HIDSERV.DLL >[/color]
[2009/04/11 07:28:19 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=84067081F3318162797385E11A8F0582 -- C:\Windows\System32\hidserv.dll
[2009/04/11 07:28:19 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=84067081F3318162797385E11A8F0582 -- C:\Windows\winsxs\x86_microsoft-windows-hid-user_31bf3856ad364e35_6.0.6002.18005_none_d897c17984907383\hidserv.dll
[2006/11/02 10:46:05 | 000,025,600 | ---- | M] (Microsoft Corporation) MD5=8FA640195279ACE21BEA91396A0054FC -- C:\Windows\winsxs\x86_microsoft-windows-hid-user_31bf3856ad364e35_6.0.6000.16386_none_d47586718a839763\hidserv.dll

[color=#A23BEC]< MD5 for: IASTOR.SYS >[/color]
[2008/04/15 18:54:16 | 000,388,120 | R--- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IASTOR.SYS
[2008/04/15 18:53:44 | 000,312,344 | R--- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IASTOR.SYS
[2008/04/15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\drivers\iaStor.sys
[2008/04/15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_77c04a30\iaStor.sys

[color=#A23BEC]< MD5 for: IASTORV.SYS >[/color]
[2008/01/21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

[color=#A23BEC]< MD5 for: IMM32.DLL >[/color]
[2008/01/21 03:34:05 | 000,114,688 | ---- | M] (Microsoft Corporation) MD5=EC17194A193CD8E90D27CFB93DFA9A2E -- C:\Windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.0.6001.18000_none_5c561e167a6afd02\imm32.dll
[2009/04/11 07:28:20 | 000,114,688 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\imm32.dll
[2009/04/11 07:28:20 | 000,114,688 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.0.6002.18005_none_5e419722778cc84e\imm32.dll

[color=#A23BEC]< MD5 for: KERNEL32.DLL >[/color]
[2009/02/13 09:21:09 | 000,890,880 | ---- | M] (Microsoft Corporation) MD5=1987D817D08F5EAF0B7F334026FDDB79 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22376_none_9401d8206f9c7e67\kernel32.dll
[2011/04/12 15:53:05 | 000,890,368 | ---- | M] (Microsoft Corporation) MD5=306835D4E74E49A5D10F0FCA0B422EB1 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18631_none_939e812b5662e4c2\kernel32.dll
[2011/04/12 15:30:37 | 000,892,928 | ---- | M] (Microsoft Corporation) MD5=497A2DA8181560B3E2F8FFE0092FD1E6 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22898_none_93ee425a6faadaba\kernel32.dll
[2011/04/12 17:07:38 | 000,892,416 | ---- | M] (Microsoft Corporation) MD5=574B473FACAA0E91702B86578440B525 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.18449_none_9582275d538a1db6\kernel32.dll
[2014/02/06 02:56:54 | 000,894,464 | ---- | M] (Microsoft Corporation) MD5=695DB97B018FB06F693F37108322AA1E -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.19034_none_9587d7775386a817\kernel32.dll
[2015/05/08 23:51:41 | 000,894,976 | ---- | M] (Microsoft Corporation) MD5=700178867665441A00AB3215B5450C7A -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.23688_none_95df6f4c6cc92ab5\kernel32.dll
[2011/04/12 16:08:23 | 000,893,440 | ---- | M] (Microsoft Corporation) MD5=7062DEB220FA1CCB1B65FC40D6E7D807 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.22625_none_961d64be6c9b1d69\kernel32.dll
[2016/01/30 03:36:01 | 000,895,488 | ---- | M] (Microsoft Corporation) MD5=A3E3901DD6119BA863B559836CBD7B28 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.23905_none_9632f3806c8af69d\kernel32.dll
[2012/09/28 15:53:03 | 000,893,440 | ---- | M] (Microsoft Corporation) MD5=A9204E65A74AF0E801EA46F5A92C87A2 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.22942_none_9604c9ba6cae00bb\kernel32.dll
[2014/02/06 03:43:24 | 000,894,976 | ---- | M] (Microsoft Corporation) MD5=B439D7A2127B81EC7274019D14784D75 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.23323_none_961b47b06c9d0ce7\kernel32.dll
[2009/02/13 08:26:37 | 000,875,520 | ---- | M] (Microsoft Corporation) MD5=B82C7AC1D559F0FD088792171D64C7F3 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16820_none_91c20a8f593529ed\kernel32.dll
[2009/02/13 08:13:01 | 000,875,520 | ---- | M] (Microsoft Corporation) MD5=BB792054BD990EC05D9E260D50FEAD39 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.21010_none_92564f68724ae108\kernel32.dll
[2009/04/11 07:28:20 | 000,891,392 | ---- | M] (Microsoft Corporation) MD5=BB8509089E7DF514310814E1B2593FFC -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.18005_none_95a95e4d536d53fa\kernel32.dll
[2015/05/09 00:08:48 | 000,894,464 | ---- | M] (Microsoft Corporation) MD5=DA10DF349F80E52B7CBDCF296A44FC75 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.19381_none_954eccaf53b1df3c\kernel32.dll
[2009/02/13 09:49:05 | 000,888,832 | ---- | M] (Microsoft Corporation) MD5=DB6E3731E6F5C8AE2843F80B5787F7C6 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18215_none_93b81a93564f1da0\kernel32.dll
[2008/01/21 03:33:52 | 000,888,320 | ---- | M] (Microsoft Corporation) MD5=DC2338093F91BA4E0512208E60206DDD -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18000_none_93bde541564b88ae\kernel32.dll
[2012/09/28 17:11:03 | 000,892,928 | ---- | M] (Microsoft Corporation) MD5=DC3105CC925A0D47F61B54E66AB730FC -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.18704_none_95a86b4d536e26b4\kernel32.dll
[2016/01/30 04:08:20 | 000,894,976 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\kernel32.dll
[2016/01/30 04:08:20 | 000,894,976 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.19594_none_9547016d53b74180\kernel32.dll

[color=#A23BEC]< MD5 for: MSWSOCK.DLL >[/color]
[2009/04/11 07:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\System32\mswsock.dll
[2009/04/11 07:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89da\mswsock.dll
[2008/01/21 03:33:36 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2015/10/10 16:38:52 | 000,526,272 | ---- | M] (Microsoft Corporation) MD5=0F1F3E5E29927C8054A8A21EE78F9EF6 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.23822_none_aa23976a326169bd\ndis.sys
[2009/04/11 07:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys
[2008/01/21 03:33:22 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys
[2008/02/08 05:25:28 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=C8560010A542B5DCA94C62468DC20784 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.22110_none_a845f8a63534c8d3\ndis.sys
[2015/10/10 17:02:40 | 000,526,272 | ---- | M] (Microsoft Corporation) MD5=DEC4B200C459FA929B0A764E79904B79 -- C:\Windows\System32\drivers\ndis.sys
[2015/10/10 17:02:40 | 000,526,272 | ---- | M] (Microsoft Corporation) MD5=DEC4B200C459FA929B0A764E79904B79 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.19512_none_a9a4c6bf193bb3b4\ndis.sys
[2008/02/08 05:22:00 | 000,503,352 | ---- | M] (Microsoft Corporation) MD5=E50187F20ED749F57C97836FEDE14BD6 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.20768_none_a631acb4382f8e4f\ndis.sys

[color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color]
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/21 03:33:41 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

[color=#A23BEC]< MD5 for: NTFS.SYS >[/color]
[2013/03/03 20:07:52 | 001,082,232 | ---- | M] (Microsoft Corporation) MD5=2C1121F2B87E9A6B12485DF53CD848C7 -- C:\Windows\System32\drivers\ntfs.sys
[2013/03/03 20:07:52 | 001,082,232 | ---- | M] (Microsoft Corporation) MD5=2C1121F2B87E9A6B12485DF53CD848C7 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6002.18799_none_a7ff61ef1a52b1c5\ntfs.sys
[2009/04/11 07:32:49 | 001,083,880 | ---- | M] (Microsoft Corporation) MD5=6A4A98CEE84CF9E99564510DDA4BAA47 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6002.18005_none_a85ca2c91a0d64df\ntfs.sys
[2008/01/21 03:33:23 | 001,081,912 | ---- | M] (Microsoft Corporation) MD5=B4EFFE29EB4F15538FD8A9681108492D -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6001.18000_none_a67129bd1ceb9993\ntfs.sys
[2013/03/03 20:07:52 | 001,083,240 | ---- | M] (Microsoft Corporation) MD5=ECB54A0E9C40B00CF8FEFE5F455A1EFB -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6002.23070_none_a895760033686607\ntfs.sys

[color=#A23BEC]< MD5 for: NTMSSVC.DLL >[/color]
[2008/01/21 03:35:18 | 000,460,288 | ---- | M] (Microsoft Corporation) MD5=A7DFF9642D510BE1EEC6664CD0369953 -- C:\Windows\winsxs\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6001.18000_none_0e3e31f00e12b007\ntmssvc.dll

[color=#A23BEC]< MD5 for: NVSTOR.SYS >[/color]
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

[color=#A23BEC]< MD5 for: PROQUOTA.EXE >[/color]
[2006/11/02 10:45:33 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=C31AE90F24870B9A51655C36A9EB4BF3 -- C:\Windows\System32\proquota.exe
[2006/11/02 10:45:33 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=C31AE90F24870B9A51655C36A9EB4BF3 -- C:\Windows\winsxs\x86_microsoft-windows-proquota_31bf3856ad364e35_6.0.6000.16386_none_259035db957a1715\proquota.exe

[color=#A23BEC]< MD5 for: QMGR.DLL >[/color]
[2008/01/21 03:34:49 | 000,758,272 | ---- | M] (Microsoft Corporation) MD5=02ED7B4DBC2A3232A389106DA7515C3D -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8c\qmgr.dll
[2009/04/11 07:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\System32\qmgr.dll
[2009/04/11 07:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6002.18005_none_257c3df8f693d6d8\qmgr.dll

[color=#A23BEC]< MD5 for: SCECLI.DLL >[/color]
[2008/01/21 03:34:39 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

[color=#A23BEC]< MD5 for: SPOOLSV.EXE >[/color]
[2010/08/17 14:32:33 | 000,126,464 | ---- | M] (Microsoft Corporation) MD5=3665F79026A3F91FBCA63F2C65A09B19 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18511_none_d641dcfdc18fec21\spoolsv.exe
[2009/04/11 07:28:05 | 000,127,488 | ---- | M] (Microsoft Corporation) MD5=524BFBEA40E6E404737CCBC754647A2E -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.18005_none_d8371c2dbeaa9062\spoolsv.exe
[2008/01/21 03:34:33 | 000,125,952 | ---- | M] (Microsoft Corporation) MD5=846CDF9A3CF4DA9B306ADFB7D55EE4C2 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18000_none_d64ba321c188c516\spoolsv.exe
[2010/08/17 15:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=8554097E5136C3BF9F69FE578A1B35F4 -- C:\Windows\System32\spoolsv.exe
[2010/08/17 15:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=8554097E5136C3BF9F69FE578A1B35F4 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.18294_none_d7d4d063bef46cd2\spoolsv.exe
[2010/08/17 15:20:09 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=AAE98B295E88D439A6E0F6E8929424FB -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.22468_none_d882e000d7f61b4c\spoolsv.exe
[2010/08/17 14:27:48 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=E807FC542C295BA256CE3567829E02A6 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.22743_none_d6ad0c7edac40f93\spoolsv.exe

[color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color]
[2008/01/21 03:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/21 03:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2016/03/10 14:07:16 | 000,960,480 | ---- | M] (MalwareBytes) MD5=F86A4139730504047F52CCFB8C47E9F5 -- C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe

[color=#A23BEC]< MD5 for: TERMSRV.DLL >[/color]
[2014/10/11 01:34:03 | 000,452,096 | ---- | M] (Microsoft Corporation) MD5=B33E73457ED6616F6CA316694267FEE3 -- C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6002.23521_none_90faa76f6a97633b\termsrv.dll
[2009/04/11 07:28:24 | 000,449,024 | ---- | M] (Microsoft Corporation) MD5=BB95DA09BEF6E7A131BFF3BA5032090D -- C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6002.18005_none_908abad45165e2ae\termsrv.dll
[2008/01/21 03:33:51 | 000,448,512 | ---- | M] (Microsoft Corporation) MD5=D605031E225AACCBCEB5B76A4F1603A6 -- C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6001.18000_none_8e9f41c854441762\termsrv.dll
[2014/10/10 02:01:27 | 000,449,536 | ---- | M] (Microsoft Corporation) MD5=DBD84E59D631569EC3E756EF144E8431 -- C:\Windows\System32\termsrv.dll
[2014/10/10 02:01:27 | 000,449,536 | ---- | M] (Microsoft Corporation) MD5=DBD84E59D631569EC3E756EF144E8431 -- C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6002.19214_none_907ed7a2516ef937\termsrv.dll

[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color]
[2008/01/21 03:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 03:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

[color=#A23BEC]< MD5 for: VOLSNAP.SYS >[/color]
[2006/11/02 10:51:18 | 000,208,488 | ---- | M] (Microsoft Corporation) MD5=11EF6C1CAEF76B685233450A126125D6 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_9320b452\volsnap.sys
[2009/04/11 07:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_1e6030e4\volsnap.sys
[2009/04/11 07:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_17a2308cf936c619\volsnap.sys
[2012/08/21 12:47:42 | 000,225,664 | ---- | M] (Microsoft Corporation) MD5=559F1DB6586DE2EE8E25E172A0CA9A3C -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6002.22913_none_181f0c08125e385e\volsnap.sys
[2012/08/21 12:47:42 | 000,224,640 | ---- | M] (Microsoft Corporation) MD5=786DB5771F05EF300390399F626BF30A -- C:\Windows\System32\drivers\volsnap.sys
[2012/08/21 12:47:42 | 000,224,640 | ---- | M] (Microsoft Corporation) MD5=786DB5771F05EF300390399F626BF30A -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_2abeaeba\volsnap.sys
[2012/08/21 12:47:42 | 000,224,640 | ---- | M] (Microsoft Corporation) MD5=786DB5771F05EF300390399F626BF30A -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6002.18679_none_175a8da4f96bddf6\volsnap.sys
[2008/01/21 03:32:47 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys
[2008/01/21 03:32:47 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys

[color=#A23BEC]< MD5 for: WININET.DLL >[/color]
[2013/02/02 04:30:21 | 001,129,472 | ---- | M] (Microsoft Corporation) MD5=03728C624D05C2F157BBD46F6B7F6EA0 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.16470_none_c1a51e87dfe0ca56\wininet.dll
[2012/06/28 12:37:42 | 000,916,992 | ---- | M] (Microsoft Corporation) MD5=03B4167CC1B30AC22DF413788AFADE97 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.19298_none_e478a801b7e23da4\wininet.dll
[2012/11/14 02:33:20 | 001,129,472 | ---- | M] (Microsoft Corporation) MD5=0635D714351F842D43EA184E75C4A3FF -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.20565_none_c23e8cb0f8f1cce2\wininet.dll
[2015/09/11 08:16:09 | 001,129,472 | ---- | M] (Microsoft Corporation) MD5=0ED0C46A3407B6BA8774603D9327A389 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.16708_none_c1f8d5fddfa0c8ec\wininet.dll
[2013/02/02 04:36:46 | 001,129,472 | ---- | M] (Microsoft Corporation) MD5=1284D72C04B553ED5382EA14303D66DB -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.20580_none_c223eb66f9068611\wininet.dll
[2015/07/22 21:46:19 | 001,129,472 | ---- | M] (Microsoft Corporation) MD5=152110AF82E06FF13C325EB99236B271 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.16684_none_c19e538fdfe545f1\wininet.dll
[2013/01/08 21:41:13 | 001,129,472 | ---- | M] (Microsoft Corporation) MD5=16C45E6881449C6330567E51C13920FA -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.20573_none_c231bc30f8fbb625\wininet.dll
[2011/04/21 17:04:00 | 000,834,048 | ---- | M] (Microsoft Corporation) MD5=17413EF7D95632D892B4C914CD7E66F9 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18457_none_03a065199f1b9031\wininet.dll
[2011/10/01 00:06:24 | 000,916,480 | ---- | M] (Microsoft Corporation) MD5=18F17E90657528C232B1944DEB4EC160 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.19154_none_e49fe4a3b7c56b5d\wininet.dll
[2015/03/09 23:57:20 | 001,129,472 | ---- | M] (Microsoft Corporation) MD5=19B481D70FBC176AE5D3E91347B0128F -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.16636_none_c1d663bfdfbaecea\wininet.dll
[2013/11/14 23:38:27 | 001,130,496 | ---- | M] (Microsoft Corporation) MD5=1C0B5D8A0A0F4614F032751E418E87E1 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.20637_none_c260feeef8d7a8e4\wininet.dll
[2014/02/23 06:40:18 | 001,129,472 | ---- | M] (Microsoft Corporation) MD5=1E5DF19A5F053345430D7AF87943C47A -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.16540_none_c1c59031dfc873aa\wininet.dll
[2012/05/15 09:56:04 | 000,920,064 | ---- | M] (Microsoft Corporation) MD5=1FDE47149D9B08C0CEBEE731FDB39E0B -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23359_none_e52e84c6d0de8701\wininet.dll
[2013/07/31 10:52:44 | 001,129,472 | ---- | M] (Microsoft Corporation) MD5=21A5424935A32080A58DD40F2712212C -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.16506_none_c1f6d19ddfa29bf0\wininet.dll
[2013/04/04 21:55:36 | 001,129,984 | ---- | M] (Microsoft Corporation) MD5=28B2DD8DBAEE306290A74ED03DB3768F -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.20593_none_c21c1c58f90bee07\wininet.dll
[2013/04/04 23:02:17 | 001,129,472 | ---- | M] (Microsoft Corporation) MD5=2C96B3921B4CDE10DBAED5AAD760DB67 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.16483_none_c19d4f79dfe6324c\wininet.dll
[2011/12/15 08:35:21 | 000,919,552 | ---- | M] (Microsoft Corporation) MD5=2F56B044E8ED4FAA812A19A8DF2115EE -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23286_none_e50b123ed0f991a8\wininet.dll
[2011/04/21 16:15:43 | 000,842,240 | ---- | M] (Microsoft Corporation) MD5=3790936B00FBA6EC2053C3E81B42AFCE -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.22629_none_044c7422b81f0bfd\wininet.dll
[2011/11/03 08:31:40 | 000,919,552 | ---- | M] (Microsoft Corporation) MD5=406EEBC1B3FE188DE9D6B3AFB3834E84 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23266_none_e520b216d0e959c6\wininet.dll
[2008/01/21 03:34:21 | 000,825,856 | ---- | M] (Microsoft Corporation) MD5=455D715A840579BDC1CF8E5C1DA76849 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18000_none_01e8f37da1d311e6\wininet.dll
[2013/02/22 04:35:17 | 001,129,984 | ---- | M] (Microsoft Corporation) MD5=490E24D5E427DFA55B1C1182F0DB861C -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.20586_none_c229ed22f9011e1b\wininet.dll
[2013/11/14 23:42:41 | 001,129,472 | ---- | M] (Microsoft Corporation) MD5=4CC9DF09C3D915BA0A101A11DB684F26 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.16526_none_c1e131c5dfb2d3d2\wininet.dll
[2011/11/03 07:22:04 | 000,916,992 | ---- | M] (Microsoft Corporation) MD5=4E45F092670EEE0563AA9E1A7C8A1217 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.19170_none_e48643a3b7d93de3\wininet.dll
[2012/10/11 08:33:14 | 001,129,472 | ---- | M] (Microsoft Corporation) MD5=5553611E2F9EA6F613079177F1233068 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.16450_none_c1babe5fdfd09274\wininet.dll
[2015/06/17 19:03:24 | 001,130,496 | ---- | M] (Microsoft Corporation) MD5=5C59F9736397F0A3284BAA84DEA55343 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.20784_none_c227f05af902e5bb\wininet.dll
[2014/02/05 10:44:41 | 001,130,496 | ---- | M] (Microsoft Corporation) MD5=5EDAA4D8E5E762B4487813DC4053F244 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.20644_none_c2532e24f8e278d0\wininet.dll
[2008/06/27 05:15:28 | 000,827,392 | ---- | M] (Microsoft Corporation) MD5=618A51B5FB9DD5810960F6044C0E9289 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18099_none_0190a6cba213f16e\wininet.dll
[2015/02/21 18:21:58 | 001,129,472 | ---- | M] (Microsoft Corporation) MD5=6293D025E82071B9424877E30B6AC1C8 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.16633_none_c1d362e1dfbda0e5\wininet.dll
[2014/02/05 09:50:39 | 001,129,472 | ---- | M] (Microsoft Corporation) MD5=679EAED8E703235BA81AA2E58F4E2D16 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.16533_none_c1d360fbdfbda3be\wininet.dll
[2013/07/25 03:26:10 | 001,129,472 | ---- | M] (Microsoft Corporation) MD5=6839F14A2507D9273BD13565DD880377 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.16502_none_c1f2d075dfa63694\wininet.dll
[2012/08/25 12:50:39 | 000,916,992 | ---- | M] (Microsoft Corporation) MD5=69D83FEF59F46E9EBF06E805547DB534 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.19328_none_e4c4595bb7a97734\wininet.dll
[2013/05/16 23:28:26 | 001,129,472 | ---- | M] (Microsoft Corporation) MD5=6A25377A76479A0C0BF3DB6FC42FE09A -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.16490_none_c18f7eafdff10238\wininet.dll
[2009/03/08 12:34:57 | 000,914,944 | ---- | M] (Microsoft Corporation) MD5=6CE32F7778061CCC5814D5E0F282D369 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18702_none_e4d415d7b79e8243\wininet.dll
[2012/10/08 08:37:57 | 001,129,472 | ---- | M] (Microsoft Corporation) MD5=6E3AC8A54A1881806BA2B58539483788 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.20562_none_c23b8bd2f8f480dd\wininet.dll
[2010/12/18 07:27:04 | 000,916,480 | ---- | M] (Microsoft Corporation) MD5=74BCC23D622F32DA0450D164735ACAB1 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.19019_none_e4d023dfb7a07d25\wininet.dll
[2014/11/24 22:34:25 | 001,130,496 | ---- | M] (Microsoft Corporation) MD5=771EE57063F9F6798DC2E52DC0042912 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.20715_none_c274a018f8c93b7b\wininet.dll
[2015/01/14 02:42:51 | 001,129,472 | ---- | M] (Microsoft Corporation) MD5=79E75447CCEB8522756FCD1EA1B858FF -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.16609_none_c1f9d461df9fe51c\wininet.dll
[2015/09/11 08:17:43 | 001,130,496 | ---- | M] (Microsoft Corporation) MD5=7B6F72A543118733D028A3387C8ACAE1 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.20823_none_c267d17ef8d321e5\wininet.dll
[2010/12/18 08:18:09 | 000,919,552 | ---- | M] (Microsoft Corporation) MD5=7D6AACE6BF60B5A1D572E082DEC9F0F0 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23111_none_e551be5ad0c55237\wininet.dll
[2012/11/14 02:57:37 | 001,129,472 | ---- | M] (Microsoft Corporation) MD5=7FA3A810F383588D46220967DE8B64FF -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.16457_none_c1c1c065dfca43d5\wininet.dll
[2011/07/23 12:04:29 | 000,916,480 | ---- | M] (Microsoft Corporation) MD5=8419DAE7205374F2CAA4C9CDBD0999E6 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.19120_none_e4bc533fb7b0b22e\wininet.dll
[2009/04/11 07:28:25 | 000,828,416 | ---- | M] (Microsoft Corporation) MD5=8777B44511D8BCCF47B5A7CBDC02DE11 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18005_none_03d46c899ef4dd32\wininet.dll
[2015/01/14 03:34:23 | 001,130,496 | ---- | M] (Microsoft Corporation) MD5=8C1A011CB32B2A254B3DE9138DF10C47 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.20725_none_c269d02cf8d1576c\wininet.dll
[2015/06/17 02:09:57 | 001,129,472 | ---- | M] (Microsoft Corporation) MD5=8F7EB54EC6C488FC086FB4AC3BB29BBD -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.16669_none_c1b8f4d9dfd08cc2\wininet.dll
[2012/02/28 19:07:57 | 000,919,552 | ---- | M] (Microsoft Corporation) MD5=9503972A61EA647A72C326EEB51265C1 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23318_none_e558c42cd0befde6\wininet.dll
[2016/01/25 05:53:34 | 001,129,472 | ---- | M] (Microsoft Corporation) MD5=969D2B980B30DE09941D038A0764359B -- C:\Windows\System32\wininet.dll
[2016/01/25 05:53:34 | 001,129,472 | ---- | M] (Microsoft Corporation) MD5=969D2B980B30DE09941D038A0764359B -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.16748_none_c1cd964ddfc138b0\wininet.dll
[2013/07/31 10:38:25 | 001,129,984 | ---- | M] (Microsoft Corporation) MD5=99991FC7D1430A61F27B48AC3D43B028 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.20617_none_c2769ec6f8c77102\wininet.dll
[2012/10/08 08:48:03 | 001,129,472 | ---- | M] (Microsoft Corporation) MD5=9CB0D2A9A77D91D9614355EE9FF00519 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.16455_none_c1bfbfd1dfcc1127\wininet.dll
[2012/06/28 14:01:34 | 000,920,064 | ---- | M] (Microsoft Corporation) MD5=A9FF16A7FBE708D936AF46AFF1B2579B -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23385_none_e50a13dad0fa7578\wininet.dll
[2014/11/24 21:35:25 | 001,129,472 | ---- | M] (Microsoft Corporation) MD5=AA680F0065A505118BDD9181BCE7C83D -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.16599_none_c198832fdfe8e36e\wininet.dll
[2012/02/28 12:30:48 | 000,916,992 | ---- | M] (Microsoft Corporation) MD5=AA8B3560AED18F5290F80C82C9B75ACC -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.19222_none_e4be55b9b7aee203\wininet.dll
[2008/06/27 04:49:46 | 000,827,904 | ---- | M] (Microsoft Corporation) MD5=AE7150C0696C656D02FDD48259F4EFF5 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20868_none_00537650bdf39044\wininet.dll
[2013/01/08 23:03:20 | 001,129,472 | ---- | M] (Microsoft Corporation) MD5=B49B56B64F57699A1A663D2CF7D0A56F -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.16464_none_c1b3ef9bdfd513c1\wininet.dll
[2015/02/21 18:17:10 | 001,130,496 | ---- | M] (Microsoft Corporation) MD5=B617816D90817B98FF209701B2EAE555 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.20747_none_c25630e8f8dfc1fc\wininet.dll
[2013/02/22 04:38:00 | 001,129,472 | ---- | M] (Microsoft Corporation) MD5=C5B6468422DB1C8AA36C32CBB0197E5E -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.16476_none_c1ab2043dfdb6260\wininet.dll
[2016/01/25 05:51:03 | 001,130,496 | ---- | M] (Microsoft Corporation) MD5=CB8970D62A129E0B19B2209503F05DE1 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.20863_none_c23c91cef8f391a9\wininet.dll
[2013/05/16 22:43:29 | 001,129,984 | ---- | M] (Microsoft Corporation) MD5=CC25EA1287613DC45D25A26037B4DBDD -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.20600_none_c27a6cacf8c5a3b0\wininet.dll
[2011/07/23 12:41:23 | 000,919,552 | ---- | M] (Microsoft Corporation) MD5=D2BA28C2B3CB7F2DBB5A5F92851B3F3F -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23216_none_e556c1b2d0c0ce11\wininet.dll
[2011/04/21 15:36:32 | 000,841,728 | ---- | M] (Microsoft Corporation) MD5=D53D34CA16BE45211F7A13532D181A1A -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22905_none_0277a0eabaec199b\wininet.dll
[2011/10/01 00:47:25 | 000,919,552 | ---- | M] (Microsoft Corporation) MD5=DA000DE8EB63D54DCC206AA0699B9A52 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23250_none_e5258046d0e6a5cb\wininet.dll
[2011/04/21 16:00:34 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=DA5A72211661C7F162B332FEA4F09A69 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18639_none_01d191b7a1e338b2\wininet.dll
[2011/12/15 07:22:01 | 000,916,992 | ---- | M] (Microsoft Corporation) MD5=DA7C58952F082AECABF775C83F913C6F -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.19190_none_e470a3cbb7e975c5\wininet.dll
[2012/08/25 14:55:33 | 000,920,064 | ---- | M] (Microsoft Corporation) MD5=DDC718A719B351415455920F71EC4570 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23415_none_e555c534d0c1af08\wininet.dll
[2011/05/28 07:08:58 | 000,916,480 | ---- | M] (Microsoft Corporation) MD5=DE4685DE5130039FA63DA66C0F72F787 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.19088_none_e4837421b7da2765\wininet.dll
[2012/05/15 07:37:49 | 000,916,992 | ---- | M] (Microsoft Corporation) MD5=DEAF5B0677A6B864B8F4F41C127695DB -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.19272_none_e488461db7d76db8\wininet.dll
[2011/05/28 08:12:07 | 000,919,552 | ---- | M] (Microsoft Corporation) MD5=E1E66EB05099B9DDCA178A9A00FCFF74 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23181_none_e5060ee6d0fe15ce\wininet.dll
[2015/07/22 21:37:33 | 001,130,496 | ---- | M] (Microsoft Corporation) MD5=E64B90961540FE6A07C97C1435A75706 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.20799_none_c22221e0f906805f\wininet.dll
[2008/06/27 04:54:49 | 000,826,368 | ---- | M] (Microsoft Corporation) MD5=E74D932CA7B3DA8CDB7A5F11F5A03ABC -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16711_none_fff8e71ba4b3b364\wininet.dll
[2015/03/10 00:41:29 | 001,130,496 | ---- | M] (Microsoft Corporation) MD5=EB5E1D8224F4EF318708410B469AC239 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.20750_none_c2445ef6f8ee2c8c\wininet.dll
[2008/06/27 04:50:35 | 000,827,904 | ---- | M] (Microsoft Corporation) MD5=EDF59D63DDBC8BE0BB4836EFFFC04BDC -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22212_none_0269c2d6baf6fd76\wininet.dll
[2013/07/25 03:32:36 | 001,129,984 | ---- | M] (Microsoft Corporation) MD5=EFA69C15A411D9794131CBCF6B59EA08 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.20613_none_c2729d9ef8cb0ba6\wininet.dll
[2014/02/23 07:10:01 | 001,130,496 | ---- | M] (Microsoft Corporation) MD5=F68EBB98CE1CFC06EA5CCE5F78056412 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.20651_none_c2455d5af8ed48bc\wininet.dll

[color=#A23BEC]< MD5 for: WININIT.EXE >[/color]
[2008/01/21 03:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/21 03:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

[color=#A23BEC]< MD5 for: WININIT.INI >[/color]
[2011/10/07 21:18:35 | 000,000,146 | ---- | M] () MD5=D3A64B1A40059771133FCA733E750CC4 -- C:\Windows\WININIT.INI

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/21 03:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
[2008/01/21 03:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
[2016/03/10 14:07:16 | 000,960,480 | ---- | M] (MalwareBytes) MD5=F86A4139730504047F52CCFB8C47E9F5 -- C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
[2016/03/10 14:07:16 | 000,960,480 | ---- | M] (MalwareBytes) MD5=F86A4139730504047F52CCFB8C47E9F5 -- C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe

[color=#A23BEC]< MD5 for: WS2_32.DLL >[/color]
[2008/01/21 03:34:36 | 000,179,200 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\ws2_32.dll
[2008/01/21 03:34:36 | 000,179,200 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SYSTEM\Curr entControlSet\Control\Session Manager\SubSystems /s >[/color]

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[6 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\system32\drivers\ *.sys /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\System32\config\* .sav >[/color]

[color=#A23BEC]< c:\$recycle.bin\*.* /s >[/color]
[2011/09/30 12:24:24 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-3726264710-3343502884-3871826145-1000\desktop.ini
[2006/11/02 13:58:10 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006/11/02 13:58:10 | 000,032,502 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/11/16 20:49:14 | 000,000,324 | ---- | C] () -- C:\Windows\Tasks\HPCeeScheduleFormezine.job
[2012/05/23 19:44:54 | 000,001,002 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:792D4CF1

< End of report >

Publicité


Signaler le contenu de ce document

Publicité