OTL.Txt

Cliquez pour partager vos propres fichiers

Format du document : text/plain

Prévisualisation

ÿþOTL logfile created on: 11/11/2016 10:58:21 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\admin\Desktop
64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.14393.0)
Locale: 00000409 | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3.97 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 26.95% Memory free
5.87 Gb Paging File | 1.20 Gb Available in Paging File | 20.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.89 Gb Total Space | 119.53 Gb Free Space | 41.96% Space Free | Partition Type: NTFS
Drive D: | 12.66 Gb Total Space | 1.54 Gb Free Space | 12.18% Space Free | Partition Type: NTFS
Drive E: | 7.21 Gb Total Space | 6.77 Gb Free Space | 93.92% Space Free | Partition Type: FAT32

Computer Name: DAVID-HP | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (All) ==========[/color]

PRC - File not found --
PRC - [2016/11/11 10:53:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
PRC - [2016/11/11 10:46:09 | 000,633,024 | ---- | M] (Microsoft Corporation) -- C:\Users\admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe
PRC - [2016/11/05 19:04:32 | 000,143,144 | ---- | M] (Dropbox, Inc.) -- C:\Users\judaicstore\AppData\Local\Dropbox\Update\DropboxUpdate.exe
PRC - [2016/10/24 14:15:44 | 025,424,008 | ---- | M] (Dropbox, Inc.) -- C:\Users\judaicstore\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2016/10/20 09:47:20 | 000,921,704 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2016/09/21 12:56:14 | 000,633,024 | ---- | M] (Microsoft Corporation) -- C:\Users\judaicstore\AppData\Local\Microsoft\OneDrive\OneDrive.exe
PRC - [2016/07/16 12:42:55 | 000,038,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\svchost.exe [comLaunch]
PRC - [2016/07/16 12:42:55 | 000,038,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\svchost.exe [comLaunch]
PRC - [2016/07/16 12:42:55 | 000,038,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\svchost.exe [comLaunch]
PRC - [2016/07/16 12:42:55 | 000,038,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\svchost.exe [comLaunch]
PRC - [2016/07/16 12:42:55 | 000,038,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\svchost.exe [comLaunch]
PRC - [2015/12/08 00:24:14 | 000,211,712 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avpui.exe
PRC - [2015/12/08 00:24:14 | 000,194,000 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe
PRC - [2015/11/30 13:24:28 | 000,061,200 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2015/10/13 11:12:44 | 000,228,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2015/09/02 03:04:14 | 000,721,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2014/10/07 15:09:50 | 000,060,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2014/02/07 11:41:21 | 005,093,216 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/08/21 02:57:28 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/08/21 02:52:10 | 000,707,128 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
PRC - [2010/03/11 23:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2010/02/11 19:07:54 | 000,710,656 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
PRC - [2010/02/02 02:09:48 | 000,281,192 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2010/02/02 02:05:52 | 000,704,512 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
PRC - [2010/01/22 23:28:46 | 000,628,488 | ---- | M] (DigitalPersona, Inc.) -- c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
PRC - [2010/01/12 18:25:26 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
PRC - [2009/12/12 02:57:38 | 011,265,536 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
PRC - [2009/12/12 02:57:20 | 000,297,984 | ---- | M] (Hewlett-Packard) -- c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
PRC - [2009/08/25 03:11:16 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2009/07/02 23:58:40 | 000,406,016 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
PRC - [2009/05/09 01:39:48 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
PRC - [2009/05/09 01:11:00 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
PRC - [2008/11/20 19:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2007/01/05 04:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2016/11/11 10:53:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
MOD - [2016/11/11 10:46:33 | 001,004,224 | ---- | M] (The Qt Company Ltd) -- C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\platforms\qwindows.dll
MOD - [2016/11/11 10:46:19 | 000,196,416 | ---- | M] (Microsoft Corporation) -- C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\sqmapi.dll
MOD - [2016/11/11 10:46:18 | 000,609,984 | ---- | M] (Microsoft Corporation) -- C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\RemoteAccess.dll
MOD - [2016/11/11 10:46:13 | 002,606,272 | ---- | M] (The Qt Company Ltd) -- C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\Qt5Quick.dll
MOD - [2016/11/11 10:46:12 | 002,528,448 | ---- | M] (The Qt Company Ltd) -- C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\Qt5Qml.dll
MOD - [2016/11/11 10:46:11 | 004,884,160 | ---- | M] (The Qt Company Ltd) -- C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\Qt5Gui.dll
MOD - [2016/11/11 10:46:11 | 000,865,472 | ---- | M] (The Qt Company Ltd) -- C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\Qt5Network.dll
MOD - [2016/11/11 10:46:10 | 004,689,600 | ---- | M] (The Qt Company Ltd) -- C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\Qt5Core.dll
MOD - [2016/11/11 10:46:09 | 000,970,912 | ---- | M] (Microsoft Corporation) -- C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\MSVCR120.dll
MOD - [2016/11/11 10:46:09 | 000,633,024 | ---- | M] (Microsoft Corporation) -- C:\Users\admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe
MOD - [2016/11/11 10:46:09 | 000,389,320 | ---- | M] (Microsoft Corporation) -- C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\WnsClientApi.dll
MOD - [2016/11/11 10:46:08 | 000,455,328 | ---- | M] (Microsoft Corporation) -- C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\MSVCP120.dll
MOD - [2016/11/11 10:46:08 | 000,313,544 | ---- | M] (Microsoft Corporation) -- C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\Telemetry.dll
MOD - [2016/11/11 10:46:08 | 000,134,336 | ---- | M] (Microsoft Corporation) -- C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\LoggingPlatform.dll
MOD - [2016/11/11 10:46:08 | 000,118,976 | ---- | M] () -- C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll
MOD - [2016/11/11 10:46:07 | 003,956,416 | ---- | M] (Microsoft Corporation) -- C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\SyncEngine.DLL
MOD - [2016/11/11 10:46:07 | 002,676,416 | ---- | M] (Microsoft Corporation) -- C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSync.Resources.dll
MOD - [2016/11/11 10:46:07 | 002,643,656 | ---- | M] (Microsoft Corporation) -- C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncClient.dll
MOD - [2016/11/11 10:46:07 | 001,439,936 | ---- | M] (Microsoft Corporation) -- C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncSessions.dll
MOD - [2016/11/11 10:46:06 | 001,383,616 | ---- | M] () -- C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
MOD - [2016/11/11 10:46:06 | 000,784,064 | ---- | M] (Microsoft Corporation) -- C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ADAL.dll
MOD - [2016/10/24 12:48:53 | 000,989,656 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\product_metainfo.dll
MOD - [2016/10/24 12:48:50 | 000,262,528 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\licensing_meta.dll
MOD - [2016/10/24 12:48:46 | 005,683,160 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\kasperskylab.platform.nativeinterop.dll
MOD - [2016/10/24 12:48:43 | 001,287,128 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\kasperskylab.kis.ui.loader.dll
MOD - [2016/10/24 12:48:38 | 002,502,168 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avpuimain.dll
MOD - [2016/10/20 09:47:30 | 001,819,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\libglesv2.dll
MOD - [2016/10/20 09:47:29 | 000,093,288 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\libegl.dll
MOD - [2016/10/20 09:47:26 | 000,378,472 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\chrome_elf.dll
MOD - [2016/10/20 09:47:24 | 045,192,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\chrome_child.dll
MOD - [2016/10/20 09:47:22 | 039,048,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\chrome.dll
MOD - [2016/10/20 09:47:20 | 000,921,704 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
MOD - [2016/10/19 18:28:21 | 000,205,272 | ---- | M] (AO Kaspersky Lab) -- C:\ProgramData\Kaspersky Lab\AVP16.0.0\Bases\klsihk.dll
MOD - [2016/10/15 06:11:46 | 000,484,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\AudioSes.dll
MOD - [2016/10/15 05:32:58 | 001,570,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdll.dll
MOD - [2016/10/15 05:32:57 | 000,601,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleaut32.dll
MOD - [2016/10/15 05:20:49 | 002,276,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d11.dll
MOD - [2016/10/15 05:19:54 | 002,256,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iertutil.dll
MOD - [2016/10/15 05:19:01 | 000,272,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll
MOD - [2016/10/15 05:18:59 | 000,576,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wer.dll
MOD - [2016/10/15 05:18:38 | 001,556,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\crypt32.dll
MOD - [2016/10/15 05:18:09 | 000,846,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WinTypes.dll
MOD - [2016/10/15 05:18:01 | 002,166,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\combase.dll
MOD - [2016/10/15 05:15:46 | 000,687,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvproc.dll
MOD - [2016/10/15 05:15:45 | 001,123,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mfplat.dll
MOD - [2016/10/15 05:15:10 | 000,959,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ole32.dll
MOD - [2016/10/15 05:15:08 | 020,969,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shell32.dll
MOD - [2016/10/15 05:14:48 | 002,121,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.351_none_89c04962db040fd9\comctl32.dll
MOD - [2016/10/15 05:11:27 | 001,424,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d9.dll
MOD - [2016/10/15 05:11:22 | 001,435,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\user32.dll
MOD - [2016/10/15 05:11:22 | 001,263,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msctf.dll
MOD - [2016/10/15 04:59:49 | 000,187,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mfksproxy.dll
MOD - [2016/10/15 04:56:05 | 000,327,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\daxexec.dll
MOD - [2016/10/15 04:55:31 | 000,331,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\AppPatch\AcLayers.dll
MOD - [2016/10/15 04:55:07 | 000,182,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mfsensorgroup.dll
MOD - [2016/10/15 04:48:17 | 002,477,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\AppPatch\AcGenral.dll
MOD - [2016/10/15 04:44:17 | 000,636,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winhttp.dll
MOD - [2016/10/15 04:42:12 | 000,090,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\olepro32.dll
MOD - [2016/10/15 04:37:47 | 003,733,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\D3DCompiler_47.dll
MOD - [2016/10/15 04:37:31 | 002,256,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wininet.dll
MOD - [2016/10/15 04:36:55 | 004,423,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ExplorerFrame.dll
MOD - [2016/10/15 04:36:46 | 000,542,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Windows.Networking.Connectivity.dll
MOD - [2016/10/15 04:36:10 | 001,595,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\urlmon.dll
MOD - [2016/10/15 04:35:56 | 000,422,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\twinapi.dll
MOD - [2016/10/15 04:35:36 | 000,772,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntshrui.dll
MOD - [2016/10/15 04:35:31 | 002,005,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\DWrite.dll
MOD - [2016/10/05 11:03:25 | 001,705,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\KernelBase.dll
MOD - [2016/10/05 10:49:21 | 001,980,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msxml6.dll
MOD - [2016/10/05 10:14:24 | 001,456,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.14393.321_none_baab3cb4359688b4\GdiPlus.dll
MOD - [2016/10/05 10:09:49 | 003,369,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Windows.StateRepository.dll
MOD - [2016/09/21 12:26:06 | 002,206,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msmpeg2vdec.dll
MOD - [2016/09/21 12:25:59 | 000,313,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wlanapi.dll
MOD - [2016/09/21 12:25:54 | 005,398,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\aclui.dll
MOD - [2016/09/21 12:25:54 | 000,790,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rpcrt4.dll
MOD - [2016/09/21 12:25:54 | 000,117,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sspicli.dll
MOD - [2016/09/21 12:25:48 | 000,529,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mf.dll
MOD - [2016/09/21 12:25:44 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\container.dll
MOD - [2016/09/21 12:25:44 | 000,079,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\win32u.dll
MOD - [2016/09/21 12:25:43 | 000,389,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schannel.dll
MOD - [2016/09/21 12:25:43 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samlib.dll
MOD - [2016/09/15 18:37:15 | 000,496,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dnsapi.dll
MOD - [2016/09/15 18:37:05 | 000,402,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ws2_32.dll
MOD - [2016/09/15 18:33:53 | 000,083,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devenum.dll
MOD - [2016/09/15 18:23:18 | 000,170,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gdi32.dll
MOD - [2016/09/15 18:23:07 | 001,503,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WindowsCodecs.dll
MOD - [2016/09/15 18:22:40 | 005,722,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\windows.storage.dll
MOD - [2016/09/15 18:22:36 | 000,975,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\twinapi.appcore.dll
MOD - [2016/09/15 18:14:03 | 001,415,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gdi32full.dll
MOD - [2016/09/15 18:13:51 | 000,113,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dwmapi.dll
MOD - [2016/09/15 17:56:50 | 000,262,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\pdh.dll
MOD - [2016/09/15 17:56:42 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\DataExchange.dll
MOD - [2016/09/15 17:55:19 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleacc.dll
MOD - [2016/09/15 17:54:36 | 000,461,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\webio.dll
MOD - [2016/09/15 17:53:34 | 000,284,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Windows.ApplicationModel.dll
MOD - [2016/09/15 17:52:18 | 001,358,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\UIAutomationCore.dll
MOD - [2016/09/15 17:46:00 | 000,713,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wpnapps.dll
MOD - [2016/09/15 17:39:40 | 000,827,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\twinui.appcore.dll
MOD - [2016/07/16 12:44:22 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll
MOD - [2016/07/16 12:44:22 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll
MOD - [2016/07/16 12:44:20 | 007,200,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
MOD - [2016/07/16 12:44:20 | 003,389,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2016/07/16 12:44:20 | 000,987,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcr120_clr0400.dll
MOD - [2016/07/16 12:44:20 | 000,947,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll
MOD - [2016/07/16 12:44:20 | 000,826,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationNative_v0400.dll
MOD - [2016/07/16 12:44:20 | 000,521,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
MOD - [2016/07/16 12:44:20 | 000,511,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
MOD - [2016/07/16 12:44:20 | 000,307,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2016/07/16 12:44:19 | 001,759,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpfgfx_v0400.dll
MOD - [2016/07/16 12:43:52 | 001,133,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll
MOD - [2016/07/16 12:43:52 | 000,147,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\MicrosoftAccountTokenProvider.dll
MOD - [2016/07/16 12:43:52 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nlaapi.dll
MOD - [2016/07/16 12:43:52 | 000,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll
MOD - [2016/07/16 12:43:11 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\browcli.dll
MOD - [2016/07/16 12:43:08 | 000,653,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9247_none_5090cb78bcba4a35\msvcr90.dll
MOD - [2016/07/16 12:43:08 | 000,570,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9247_none_5090cb78bcba4a35\msvcp90.dll
MOD - [2016/07/16 12:43:06 | 000,338,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mscoree.dll
MOD - [2016/07/16 12:43:04 | 000,597,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.14393.0_none_88fef4c26039fb25\comctl32.dll
MOD - [2016/07/16 12:43:04 | 000,515,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\riched20.dll
MOD - [2016/07/16 12:43:04 | 000,457,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\uxtheme.dll
MOD - [2016/07/16 12:43:04 | 000,257,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winsta.dll
MOD - [2016/07/16 12:43:04 | 000,225,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shdocvw.dll
MOD - [2016/07/16 12:43:04 | 000,206,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\bthprops.cpl
MOD - [2016/07/16 12:43:04 | 000,093,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msctfui.dll
MOD - [2016/07/16 12:43:04 | 000,053,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wtsapi32.dll
MOD - [2016/07/16 12:43:04 | 000,027,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\version.dll
MOD - [2016/07/16 12:43:04 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shfolder.dll
MOD - [2016/07/16 12:43:04 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\riched32.dll
MOD - [2016/07/16 12:43:02 | 000,913,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2016/07/16 12:43:02 | 000,565,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasapi32.dll
MOD - [2016/07/16 12:43:02 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winspool.drv
MOD - [2016/07/16 12:43:02 | 000,284,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shlwapi.dll
MOD - [2016/07/16 12:43:02 | 000,248,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\policymanager.dll
MOD - [2016/07/16 12:43:02 | 000,232,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\edputil.dll
MOD - [2016/07/16 12:43:02 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msls31.dll
MOD - [2016/07/16 12:43:02 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2016/07/16 12:43:02 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\loadperf.dll
MOD - [2016/07/16 12:43:02 | 000,099,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wcmapi.dll
MOD - [2016/07/16 12:43:02 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasman.dll
MOD - [2016/07/16 12:43:02 | 000,067,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wwapi.dll
MOD - [2016/07/16 12:43:01 | 000,185,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\xmllite.dll
MOD - [2016/07/16 12:43:01 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netprofm.dll
MOD - [2016/07/16 12:43:01 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\usermgrcli.dll
MOD - [2016/07/16 12:43:01 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\secur32.dll
MOD - [2016/07/16 12:43:01 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\npmproxy.dll
MOD - [2016/07/16 12:43:01 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wsock32.dll
MOD - [2016/07/16 12:43:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasadhlp.dll
MOD - [2016/07/16 12:42:56 | 001,220,608 | ---- | M] (Microsoft) -- C:\Windows\SysWOW64\dbghelp.dll
MOD - [2016/07/16 12:42:56 | 000,524,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sxs.dll
MOD - [2016/07/16 12:42:56 | 000,339,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Faultrep.dll
MOD - [2016/07/16 12:42:56 | 000,135,680 | ---- | M] (Microsoft) -- C:\Windows\SysWOW64\dbgcore.dll
MOD - [2016/07/16 12:42:56 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\linkinfo.dll
MOD - [2016/07/16 12:42:55 | 000,918,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ucrtbase.dll
MOD - [2016/07/16 12:42:55 | 000,528,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\StateRepository.Core.dll
MOD - [2016/07/16 12:42:55 | 000,498,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcp_win.dll
MOD - [2016/07/16 12:42:55 | 000,415,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcp110_win.dll
MOD - [2016/07/16 12:42:55 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\FirewallAPI.dll
MOD - [2016/07/16 12:42:55 | 000,362,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\coml2.dll
MOD - [2016/07/16 12:42:55 | 000,328,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\BCP47Langs.dll
MOD - [2016/07/16 12:42:55 | 000,310,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wldap32.dll
MOD - [2016/07/16 12:42:55 | 000,306,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mswsock.dll
MOD - [2016/07/16 12:42:55 | 000,279,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\FWPUCLNT.DLL
MOD - [2016/07/16 12:42:55 | 000,275,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\powrprof.dll
MOD - [2016/07/16 12:42:55 | 000,213,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cfgmgr32.dll
MOD - [2016/07/16 12:42:55 | 000,184,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rsaenh.dll
MOD - [2016/07/16 12:42:55 | 000,184,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\IPHLPAPI.DLL
MOD - [2016/07/16 12:42:55 | 000,183,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\logoncli.dll
MOD - [2016/07/16 12:42:55 | 000,173,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntasn1.dll
MOD - [2016/07/16 12:42:55 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\fwpolicyiomgr.dll
MOD - [2016/07/16 12:42:55 | 000,154,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntmarta.dll
MOD - [2016/07/16 12:42:55 | 000,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptnet.dll
MOD - [2016/07/16 12:42:55 | 000,132,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devobj.dll
MOD - [2016/07/16 12:42:55 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\fwbase.dll
MOD - [2016/07/16 12:42:55 | 000,120,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ncrypt.dll
MOD - [2016/07/16 12:42:55 | 000,106,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\bcrypt.dll
MOD - [2016/07/16 12:42:55 | 000,104,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ncryptsslp.dll
MOD - [2016/07/16 12:42:55 | 000,094,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\userenv.dll
MOD - [2016/07/16 12:42:55 | 000,086,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mpr.dll
MOD - [2016/07/16 12:42:55 | 000,084,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rmclient.dll
MOD - [2016/07/16 12:42:55 | 000,075,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srvcli.dll
MOD - [2016/07/16 12:42:55 | 000,068,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptsp.dll
MOD - [2016/07/16 12:42:55 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samcli.dll
MOD - [2016/07/16 12:42:55 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcsvc.dll
MOD - [2016/07/16 12:42:55 | 000,058,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wkscli.dll
MOD - [2016/07/16 12:42:55 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcsvc6.dll
MOD - [2016/07/16 12:42:55 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mssprxy.dll
MOD - [2016/07/16 12:42:55 | 000,049,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msasn1.dll
MOD - [2016/07/16 12:42:55 | 000,043,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kernel.appcore.dll
MOD - [2016/07/16 12:42:55 | 000,036,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netutils.dll
MOD - [2016/07/16 12:42:55 | 000,024,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dsrole.dll
MOD - [2016/07/16 12:42:55 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\fltLib.dll
MOD - [2016/07/16 12:42:55 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dpapi.dll
MOD - [2016/07/16 12:42:54 | 001,375,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\propsys.dll
MOD - [2016/07/16 12:42:54 | 000,798,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\OneCoreUAPCommonProxyStub.dll
MOD - [2016/07/16 12:42:54 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mskeyprotect.dll
MOD - [2016/07/16 12:42:54 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atlthunk.dll
MOD - [2016/07/16 12:42:53 | 000,256,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\thumbcache.dll
MOD - [2016/07/16 12:42:53 | 000,200,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mlang.dll
MOD - [2016/07/16 12:42:53 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\OnDemandConnRouteHelper.dll
MOD - [2016/07/16 12:42:49 | 001,122,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dcomp.dll
MOD - [2016/07/16 12:42:49 | 000,773,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcrt.dll
MOD - [2016/07/16 12:42:49 | 000,527,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dxgi.dll
MOD - [2016/07/16 12:42:49 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mscms.dll
MOD - [2016/07/16 12:42:49 | 000,480,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\directmanipulation.dll
MOD - [2016/07/16 12:42:49 | 000,352,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\MMDevAPI.dll
MOD - [2016/07/16 12:42:49 | 000,255,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sechost.dll
MOD - [2016/07/16 12:42:49 | 000,234,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ksproxy.ax
MOD - [2016/07/16 12:42:49 | 000,230,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\icm32.dll
MOD - [2016/07/16 12:42:49 | 000,152,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\RTWorkQ.dll
MOD - [2016/07/16 12:42:49 | 000,144,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imm32.dll
MOD - [2016/07/16 12:42:49 | 000,135,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winmm.dll
MOD - [2016/07/16 12:42:49 | 000,131,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winmmbase.dll
MOD - [2016/07/16 12:42:49 | 000,124,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cabinet.dll
MOD - [2016/07/16 12:42:49 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Kswdmcap.ax
MOD - [2016/07/16 12:42:49 | 000,114,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dxva2.dll
MOD - [2016/07/16 12:42:49 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shacct.dll
MOD - [2016/07/16 12:42:49 | 000,097,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdsapi.dll
MOD - [2016/07/16 12:42:49 | 000,090,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msacm32.dll
MOD - [2016/07/16 12:42:49 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\usp10.dll
MOD - [2016/07/16 12:42:49 | 000,069,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netapi32.dll
MOD - [2016/07/16 12:42:49 | 000,054,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\profapi.dll
MOD - [2016/07/16 12:42:49 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\BitsProxy.dll
MOD - [2016/07/16 12:42:49 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\credui.dll
MOD - [2016/07/16 12:42:49 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vidcap.ax
MOD - [2016/07/16 12:42:49 | 000,031,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptbase.dll
MOD - [2016/07/16 12:42:49 | 000,029,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\avrt.dll
MOD - [2016/07/16 12:42:49 | 000,028,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msdmo.dll
MOD - [2016/07/16 12:42:49 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\hid.dll
MOD - [2016/07/16 12:42:49 | 000,020,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ksuser.dll
MOD - [2016/07/16 12:42:49 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msimg32.dll
MOD - [2016/07/16 12:42:48 | 001,575,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\actxprxy.dll
MOD - [2016/07/16 12:42:48 | 001,187,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mfc42.dll
MOD - [2016/07/16 12:42:48 | 000,608,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\odbc32.dll
MOD - [2016/07/16 12:42:48 | 000,482,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\advapi32.dll
MOD - [2016/07/16 12:42:48 | 000,291,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\adsnt.dll
MOD - [2016/07/16 12:42:48 | 000,224,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\activeds.dll
MOD - [2016/07/16 12:42:48 | 000,219,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\adsldpc.dll
MOD - [2016/07/16 12:42:48 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WinSCard.dll
MOD - [2016/07/16 12:42:48 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll
MOD - [2016/07/16 12:42:46 | 000,528,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\clbcatq.dll
MOD - [2016/07/16 12:42:46 | 000,299,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ninput.dll
MOD - [2016/07/16 12:42:46 | 000,112,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gpapi.dll
MOD - [2016/07/16 12:42:46 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oledlg.dll
MOD - [2016/07/16 12:42:45 | 004,268,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\setupapi.dll
MOD - [2016/07/16 12:42:45 | 000,616,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kernel32.dll
MOD - [2016/07/16 12:42:45 | 000,581,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\apphelp.dll
MOD - [2016/07/16 12:42:45 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc_os.dll
MOD - [2016/07/16 12:42:45 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cscapi.dll
MOD - [2016/07/16 12:42:45 | 000,017,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\psapi.dll
MOD - [2016/07/16 12:42:45 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc.dll
MOD - [2016/07/16 12:42:43 | 000,549,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\SHCore.dll
MOD - [2016/07/16 12:42:27 | 000,367,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\bcryptprimitives.dll
MOD - [2016/07/16 12:42:27 | 000,093,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll
MOD - [2016/07/16 12:42:27 | 000,026,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winnsi.dll
MOD - [2016/07/16 12:42:27 | 000,020,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nsi.dll
MOD - [2016/07/16 12:42:03 | 001,088,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mfperfhelper.dll
MOD - [2016/04/04 15:21:15 | 000,147,904 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\ushata.dll
MOD - [2016/04/04 15:21:13 | 000,371,672 | ---- | M] (AO Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\prcore.dll
MOD - [2016/04/04 15:21:13 | 000,201,152 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\product_info.dll
MOD - [2016/04/04 15:20:45 | 002,776,536 | ---- | M] (AO Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\instrumental_services.dll
MOD - [2015/12/08 00:24:14 | 001,441,016 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\params.ppl
MOD - [2015/12/08 00:24:14 | 001,358,080 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\libeay32.dll
MOD - [2015/12/08 00:24:14 | 000,338,688 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\ssleay32.dll
MOD - [2015/12/08 00:24:14 | 000,211,712 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avpui.exe
MOD - [2015/12/08 00:24:14 | 000,147,936 | ---- | M] (AO Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\fssync.dll
MOD - [2015/12/08 00:24:14 | 000,119,264 | ---- | M] (AO Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\system_interceptors_meta.dll
MOD - [2015/07/08 23:02:44 | 000,230,144 | ---- | M] (AO Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\sw_meta.dll
MOD - [2015/07/08 23:02:40 | 000,050,432 | ---- | M] (AO Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\pxstub.ppl
MOD - [2015/07/08 23:02:28 | 000,550,144 | ---- | M] (Hipp, Wyrick & Company, Inc.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\dblite.dll
MOD - [2015/07/08 23:02:28 | 000,235,776 | ---- | M] (AO Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\backup_facade_metainfo.dll
MOD - [2015/07/08 23:02:06 | 000,175,872 | ---- | M] (AO Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\dumpwriter.dll
MOD - [2015/07/08 22:18:40 | 000,341,760 | ---- | M] (AO Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\office_antivirus.dll
MOD - [2015/07/08 22:18:40 | 000,340,736 | ---- | M] (AO Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\inproc_agent.dll
MOD - [2015/07/08 22:18:40 | 000,327,424 | ---- | M] (AO Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\plugins_meta.dll
MOD - [2015/07/08 22:18:40 | 000,265,984 | ---- | M] (AO Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\vkbd.dll
MOD - [2015/07/08 22:18:24 | 000,347,904 | ---- | M] (AO Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\content_filtering_meta.dll
MOD - [2015/07/08 22:18:00 | 000,162,560 | ---- | M] (AO Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\traffic_processing_meta.dll
MOD - [2015/07/08 22:17:58 | 000,310,528 | ---- | M] (AO Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\am_meta.dll
MOD - [2015/07/08 22:17:54 | 000,263,936 | ---- | M] (AO Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\ucp_meta.dll
MOD - [2015/07/08 22:17:52 | 000,205,056 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\updater_meta.dll
MOD - [2015/07/08 22:17:48 | 000,227,072 | ---- | M] (AO Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\app_core_meta.dll
MOD - [2015/07/08 22:17:42 | 000,701,696 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\kl_service.dll
MOD - [2015/07/08 22:17:42 | 000,371,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\prremote.dll
MOD - [2015/07/08 22:17:42 | 000,198,400 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\remote_eka_prague_loader.dll
MOD - [2015/07/08 22:17:42 | 000,133,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\instrumental_meta.dll
MOD - [2015/07/08 22:17:42 | 000,121,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\nfio.ppl
MOD - [2015/07/08 22:17:42 | 000,039,168 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\winreg.ppl
MOD - [2015/07/08 22:17:42 | 000,032,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\fsdrvplg.ppl
MOD - [2015/07/08 22:17:12 | 000,298,240 | ---- | M] (AO Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\ac_meta.dll
MOD - [2015/07/08 22:17:02 | 000,206,080 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\ksn_meta.dll
MOD - [2015/07/08 22:15:50 | 000,773,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\msvcr100.dll
MOD - [2015/07/08 22:15:50 | 000,421,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\msvcp100.dll
MOD - [2013/03/11 15:48:56 | 004,931,384 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\igdumd32.dll
MOD - [2011/08/30 22:05:02 | 000,121,704 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mdnsNSP.dll
MOD - [2010/02/11 19:07:54 | 000,710,656 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
MOD - [2010/02/02 06:43:52 | 004,557,416 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpFve.dll
MOD - [2010/01/22 23:30:54 | 000,681,224 | ---- | M] (DigitalPersona, Inc.) -- c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOCache.dll
MOD - [2010/01/22 23:30:54 | 000,509,192 | ---- | M] (DigitalPersona, Inc.) -- c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOFeedb.dll
MOD - [2010/01/22 23:30:54 | 000,488,712 | ---- | M] (DigitalPersona, Inc.) -- c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgentOtsPlugin.dll
MOD - [2010/01/22 23:29:04 | 000,120,072 | ---- | M] (DigitalPersona, Inc.) -- c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOSet.dll
MOD - [2010/01/22 23:28:48 | 000,468,744 | ---- | M] (DigitalPersona, Inc.) -- C:\Windows\SysWOW64\DPFPApi.dll
MOD - [2010/01/22 23:28:48 | 000,220,424 | ---- | M] (DigitalPersona, Inc.) -- C:\Windows\SysWOW64\DPSCEL.dll
MOD - [2010/01/22 23:28:46 | 000,628,488 | ---- | M] (DigitalPersona, Inc.) -- c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
MOD - [2010/01/22 23:28:46 | 000,311,048 | ---- | M] (DigitalPersona, Inc.) -- C:\Windows\SysWOW64\DPClback.dll
MOD - [2009/12/14 20:19:52 | 008,980,992 | ---- | M] (Hewlett-Packard) -- c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\PTPMPlugin.dll
MOD - [2009/12/12 02:57:38 | 011,265,536 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
MOD - [2009/12/07 20:37:14 | 000,435,768 | ---- | M] (Hewlett-Packard Ltd) -- c:\Program Files (x86)\Hewlett-Packard\DeviceAccessManager\000C\PTDMLiteResource.dll
MOD - [2009/12/07 20:36:36 | 000,374,328 | ---- | M] (Hewlett-Packard Ltd) -- c:\Program Files (x86)\Hewlett-Packard\DeviceAccessManager\PTDMLiteManagerDP.dll
MOD - [2009/12/07 20:36:18 | 000,329,272 | ---- | M] () -- C:\Windows\SysWOW64\flcdlmsg.dll
MOD - [2009/12/01 22:52:54 | 003,541,608 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Hewlett-Packard\Drive Encryption\Languages\000c\SbHpFve.lng
MOD - [2009/10/02 18:07:26 | 000,483,388 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Hewlett-Packard\Drive Encryption\SbUILib.dll
MOD - [2009/08/25 03:11:16 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
MOD - [2009/07/02 23:58:40 | 000,406,016 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
MOD - [2009/05/09 01:39:48 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
MOD - [2009/05/09 01:11:00 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
MOD - [2009/02/21 02:29:06 | 000,053,248 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\HPCPQUSB.dll
MOD - [2009/02/20 02:22:50 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.dll
MOD - [2008/11/20 19:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

[color=#E56717]========== Services (All) ==========[/color]

SRV - [2016/10/15 04:50:05 | 002,333,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\WsmSvc.dll -- (WinRM)
SRV - [2016/10/15 04:44:17 | 000,636,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2016/10/05 10:09:49 | 003,369,984 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\Windows.StateRepository.dll -- (StateRepository)
SRV - [2016/09/21 12:18:25 | 000,507,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2016/09/21 12:18:25 | 000,507,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2016/09/21 12:18:18 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV - [2016/09/21 12:18:14 | 000,057,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2016/09/15 17:56:09 | 000,298,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Windows.Internal.Management.dll -- (DmEnrollmentSvc)
SRV - [2016/09/15 17:54:09 | 000,431,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2016/09/15 17:38:46 | 000,773,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysWow64\SearchIndexer.exe -- (WSearch)
SRV - [2016/09/15 17:35:53 | 000,331,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\SessEnv.dll -- (SessionEnv)
SRV - [2016/09/15 17:16:15 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\CoreMessaging.dll -- (CoreMessagingRegistrar)
SRV - [2016/08/06 04:33:24 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2016/07/16 23:45:43 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\appmgmts.dll -- (AppMgmt)
SRV - [2016/07/16 12:44:01 | 000,385,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2016/07/16 12:43:53 | 000,052,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2016/07/16 12:43:04 | 000,566,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
SRV - [2016/07/16 12:43:02 | 000,328,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\upnphost.dll -- (upnphost)
SRV - [2016/07/16 12:43:02 | 000,254,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV - [2016/07/16 12:43:01 | 000,234,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\qwave.dll -- (QWAVE)
SRV - [2016/07/16 12:43:00 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\perfhost.exe -- (PerfHost)
SRV - [2016/07/16 12:42:55 | 000,968,704 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysWOW64\Unistore.dll -- (UnistoreSvc)
SRV - [2016/07/16 12:42:55 | 000,670,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\netlogon.dll -- (Netlogon)
SRV - [2016/07/16 12:42:55 | 000,292,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2016/07/16 12:42:55 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\keyiso.dll -- (KeyIso)
SRV - [2016/07/16 12:42:55 | 000,019,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWow64\dllhost.exe -- (COMSysApp)
SRV - [2016/07/16 12:42:46 | 000,347,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV - [2016/07/16 12:42:46 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV - [2016/07/16 12:42:45 | 001,536,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\pla.dll -- (pla)
SRV - [2016/07/16 12:42:45 | 000,198,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\WebClnt.dll -- (WebClient)
SRV - [2016/07/16 12:42:45 | 000,089,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\wdi.dll -- (WdiSystemHost)
SRV - [2016/07/16 12:42:45 | 000,089,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\wdi.dll -- (WdiServiceHost)
SRV - [2016/07/16 12:42:45 | 000,058,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWow64\msiexec.exe -- (msiserver)
SRV - [2016/07/16 12:41:50 | 003,318,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2016/07/16 07:04:26 | 000,122,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\servicing\TrustedInstaller.exe -- (TrustedInstaller)
SRV - [2016/05/25 14:31:18 | 000,043,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2016/03/24 17:43:16 | 000,269,504 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/12/08 00:24:14 | 000,194,000 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe -- (AVP16.0.0)
SRV - [2015/08/28 00:16:04 | 000,144,200 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe -- (gupdatem)
SRV - [2015/08/28 00:16:04 | 000,144,200 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe -- (gupdate)
SRV - [2015/07/08 23:02:50 | 000,144,640 | ---- | M] (AO Kaspersky Lab) [On_Demand | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\vssbridge64.exe -- (vssbrigde64)
SRV - [2014/11/13 11:06:01 | 000,053,320 | ---- | M] (Just Develop It) [Auto | Running] -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe -- (BackupStack)
SRV - [2014/10/07 15:09:50 | 000,060,744 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2014/02/07 11:41:21 | 005,093,216 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/12/19 00:41:02 | 030,814,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2013/11/14 16:57:58 | 000,194,032 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2013/02/21 15:36:25 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/13 14:27:02 | 001,492,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/09/18 01:19:32 | 000,126,008 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe -- (HP Health Check Service)
SRV - [2010/08/21 02:57:28 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/08/21 02:52:10 | 000,707,128 | ---- | M] (Hewlett-Packard Company) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe -- (hpqwmiex)
SRV - [2010/03/11 23:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/01/12 18:25:26 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2010/01/09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009/12/12 02:57:20 | 000,297,984 | ---- | M] (Hewlett-Packard) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2009/12/07 20:36:10 | 000,362,040 | ---- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- c:\Windows\SysWOW64\flcdlock.exe -- (FLCDLOCK)
SRV - [2007/01/05 04:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

[color=#E56717]========== Driver Services (All) ==========[/color]

DRV - [2016/07/16 12:41:50 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys -- (CompositeBus)
DRV - [2010/02/02 02:11:46 | 000,051,800 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SysWow64\drivers\SbAlg.sys -- (SbAlg)
DRV - [2010/02/02 02:11:28 | 000,013,256 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\WINDOWS\SysWow64\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2010/02/02 02:11:24 | 000,040,088 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SysWow64\drivers\rsvlock.sys -- (RsvLock)
DRV - [2010/02/02 02:11:22 | 000,110,520 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SysWow64\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2009/10/28 22:09:34 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\SSPORT.SYS -- (SSPORT)

[color=#E56717]========== Standard Registry (All) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=CMDTDF
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=169&systemid=102&v=a14978-143&apn_uid=6930565553104612&apn_dtid=BND102&o=APN10646&apn_ptnrs=AG7&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031774
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://fr.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-3088098888-1968788725-2100833601-1001\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.searchgol.com/?babsrc=HP_ss&mntrId=083C6431501CBC07&affID=121565&tt=160913_c3&tsp=5015
IE - HKU\S-1-5-21-3088098888-1968788725-2100833601-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1404127339&from=cor&uid=SAMSUNGXHD322GJ_S2AXJ9EB124233&q={searchTerms}
IE - HKU\S-1-5-21-3088098888-1968788725-2100833601-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-3088098888-1968788725-2100833601-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-3088098888-1968788725-2100833601-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-3088098888-1968788725-2100833601-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130856648041665007&GUID=00000000-0000-0000-0000-000000000000
IE - HKU\S-1-5-21-3088098888-1968788725-2100833601-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKU\S-1-5-21-3088098888-1968788725-2100833601-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-3088098888-1968788725-2100833601-1001\..\URLSearchHook: {6ec85fcf-87ad-41d7-ae1f-f116f8ad4848} - No CLSID value found
IE - HKU\S-1-5-21-3088098888-1968788725-2100833601-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-3088098888-1968788725-2100833601-1001\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3088098888-1968788725-2100833601-1001\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKU\S-1-5-21-3088098888-1968788725-2100833601-1001\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" =
IE - HKU\S-1-5-21-3088098888-1968788725-2100833601-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=083C6431501CBC07&affID=121565&tt=160913_c3&tsp=5015
IE - HKU\S-1-5-21-3088098888-1968788725-2100833601-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=CMDTDF
IE - HKU\S-1-5-21-3088098888-1968788725-2100833601-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKU\S-1-5-21-3088098888-1968788725-2100833601-1001\..\SearchScopes\{9486D15E-7AA5-43CB-8E65-ECE22922D6DD}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3088098888-1968788725-2100833601-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=169&systemid=102&v=a13277-143&apn_uid=6930565553104612&apn_dtid=BND102&o=APN10646&apn_ptnrs=AG7&q={searchTerms}
IE - HKU\S-1-5-21-3088098888-1968788725-2100833601-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2500339
IE - HKU\S-1-5-21-3088098888-1968788725-2100833601-1001\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://fr.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
IE - HKU\S-1-5-21-3088098888-1968788725-2100833601-1001\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKU\S-1-5-21-3088098888-1968788725-2100833601-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3088098888-1968788725-2100833601-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-3088098888-1968788725-2100833601-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCOM/9
IE - HKU\S-1-5-21-3088098888-1968788725-2100833601-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-3088098888-1968788725-2100833601-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-3088098888-1968788725-2100833601-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130856648011400954&GUID=00000000-0000-0000-0000-000000000000
IE - HKU\S-1-5-21-3088098888-1968788725-2100833601-1002\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-3088098888-1968788725-2100833601-1002\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
IE - HKU\S-1-5-21-3088098888-1968788725-2100833601-1002\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg.com/search?cid={8D5445E9-DF70-4899-871C-D92F4EE50AA7}&mid=5a91d742cc5947d0ab52b57816f855f4-74878f73ec1f64bd212ebe4474d2bd85efa5fddb&lang=en&ds=ft013&coid=avgtbdisft&cmpid=&pr=sa&d=2014-07-18 13:16:09&v=18.1.8.643&pid=safeguard&sg=&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3088098888-1968788725-2100833601-1002\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
IE - HKU\S-1-5-21-3088098888-1968788725-2100833601-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\vitzo.com/VDownloader: C:\Program Files\VDownloader\Addons\npVDownloader.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2011/02/02 04:15:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox [2016/10/24 12:49:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/02/21 15:36:22 | 000,000,000 | ---D | M]

[2013/09/24 01:15:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[color=#E56717]========== Chrome ==========[/color]

CHR - Extension: No name found = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\
CHR - Extension: No name found = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka\4.6.2.7_0\
CHR - Extension: No name found = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.6.1_0\
CHR - Extension: No name found = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\
CHR - Extension: No name found = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\
CHR - Extension: No name found = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
CHR - Extension: No name found = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (SafeFinder SmartbarEngine) - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\WINDOWS\SysWow64\mscoree.dll (Microsoft Corporation)
O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (IEExtension.VDownloaderBHO) - {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} - C:\WINDOWS\SysWow64\mscoree.dll (Microsoft Corporation)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll File not found
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Kaspersky Protection plugin) - {C66D064F-82FE-4E1A-B06A-B2490BA48B18} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll (AO Kaspersky Lab)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Kaspersky Protection toolbar) - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll (AO Kaspersky Lab)
O3 - HKLM\..\Toolbar: (SafeFinder Smartbar) - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\WINDOWS\SysWow64\mscoree.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3088098888-1968788725-2100833601-1001\..\Toolbar\WebBrowser: (no name) - {4D51F677-2A0B-43E2-B444-A2B384D24B91} - No CLSID value found.
O3 - HKU\S-1-5-21-3088098888-1968788725-2100833601-1001\..\Toolbar\WebBrowser: (no name) - {6EC85FCF-87AD-41D7-AE1F-F116F8AD4848} - No CLSID value found.
O3 - HKU\S-1-5-21-3088098888-1968788725-2100833601-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-3088098888-1968788725-2100833601-1002\..\Toolbar\WebBrowser: (no name) - {6EC85FCF-87AD-41D7-AE1F-F116F8AD4848} - No CLSID value found.
O3 - HKU\S-1-5-21-3088098888-1968788725-2100833601-1002\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard)
O4 - HKLM..\Run: [BCSSync] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~2.EXE File not found
O4 - HKLM..\Run: [File Sanitizer] c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP KEYBOARDx] C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE (Hewlett-Packard)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard)
O4 - HKU\S-1-5-19..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3088098888-1968788725-2100833601-1001..\Run: [Driver Updater] C:\Program Files (x86)\Carambis\Driver Updater\dupdater.exe (MEDIA FOG LTD.)
O4 - HKU\S-1-5-21-3088098888-1968788725-2100833601-1001..\Run: [OneDrive] C:\Users\admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3088098888-1968788725-2100833601-1002..\Run: [Dropbox Update] C:\Users\judaicstore\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
O4 - HKU\S-1-5-21-3088098888-1968788725-2100833601-1002..\Run: [OfficeSyncProcess] C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-3088098888-1968788725-2100833601-1002..\Run: [OneDrive] C:\Users\judaicstore\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3088098888-1968788725-2100833601-1001..\RunOnce: [Uninstall C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6390.0509] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6390.0509" File not found
O4 - HKU\S-1-5-21-3088098888-1968788725-2100833601-1001..\RunOnce: [Uninstall C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64" File not found
O4 - Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
O4 - Startup: C:\Users\judaicstore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found
O4 - Startup: C:\Users\judaicstore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 - Capture d écran et lancement.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DSCAutomationHostEnabled = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O8 - Extra context menu item: &Envoyer à OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{13693718-3edb-4975-b17d-d28629610f83}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9b280a15-14e4-45ef-b28a-177efcb05482}: DhcpNameServer = 172.20.10.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\WINDOWS\SysWow64\DeviceNP.dll (Hewlett-Packard Limited)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {A5BE62CA-DE0F-4764-A0CB-4044816DB174} - C:\Program Files (x86)\tuEagles\EagleObj.dll ()
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\WINDOWS\SysWow64\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\WINDOWS\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\WINDOWS\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/02/19 15:02:12 | 000,000,038 | -H-- | M] () - E:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {71A5A636-652F-3BE0-BC14-02545E9F5EC7} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: CoreMessagingRegistrar - C:\Windows\SysWOW64\CoreMessaging.dll (Microsoft Corporation)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: StateRepository - C:\Windows\SysWOW64\Windows.StateRepository.dll (Microsoft Corporation)
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: TBS - Service
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {9DA2B80F-F89F-4A49-A5C2-511B085B9E8A} - Enhanced Storage Devices
SafeBootMin: {A0A588A4-C46F-4B37-B7EA-C82FE89870C6} - SDA Standard Compliant SD Host Controller
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: {F2E7DD72-6468-4E36-B6F1-6488F42C1B52} - Firmware

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: CoreMessagingRegistrar - C:\Windows\SysWOW64\CoreMessaging.dll (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdpencdd.sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SmartcardSimulator - Driver
SafeBootNet: StateRepository - C:\Windows\SysWOW64\Windows.StateRepository.dll (Microsoft Corporation)
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TBS - Service
SafeBootNet: TDI - Driver Group
SafeBootNet: VirtualSmartcardReader - Driver
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {9DA2B80F-F89F-4A49-A5C2-511B085B9E8A} - Enhanced Storage Devices
SafeBootNet: {A0A588A4-C46F-4B37-B7EA-C82FE89870C6} - SDA Standard Compliant SD Host Controller
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: {F2E7DD72-6468-4E36-B6F1-6488F42C1B52} - Firmware

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2016/11/11 10:53:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2016/11/11 10:45:57 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Skype
[2016/11/11 10:45:39 | 000,000,000 | -H-D | C] -- C:\OneDriveTemp
[2016/11/06 14:39:18 | 000,000,000 | ---D | C] -- C:\Nouveau dossier
[2016/11/02 15:50:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\Embedded
[2016/11/02 15:45:21 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Comms
[2016/11/02 15:41:31 | 000,000,000 | R--D | C] -- C:\Users\admin\OneDrive
[2016/11/02 15:40:54 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\MicrosoftEdge
[2016/11/02 15:38:48 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Publishers
[2016/11/02 15:37:55 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Packages
[2016/11/02 15:37:51 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\TileDataLayer
[2016/11/02 15:37:44 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\ConnectedDevicesPlatform
[2016/10/27 18:36:24 | 001,557,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\winmde.dll
[2016/10/27 18:36:21 | 007,468,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstscax.dll
[2016/10/27 18:36:05 | 000,555,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\StoreAgent.dll
[2016/10/27 18:36:05 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.BackgroundMediaPlayback.dll
[2016/10/27 18:36:05 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Playback.BackgroundMediaPlayer.dll
[2016/10/27 18:36:05 | 000,459,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Playback.MediaPlayer.dll
[2016/10/27 18:36:05 | 000,222,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\InstallAgentUserBroker.exe
[2016/10/27 18:36:05 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\InstallAgent.exe
[2016/10/27 18:36:04 | 000,747,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\RemoteNaturalLanguage.dll
[2016/10/27 18:36:01 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\BluetoothApis.dll
[2016/10/27 18:36:00 | 000,576,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wer.dll
[2016/10/27 18:35:59 | 000,749,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\drvstore.dll
[2016/10/27 18:35:59 | 000,186,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\weretw.dll
[2016/10/27 18:35:58 | 001,228,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\usercpl.dll
[2016/10/27 18:35:57 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iscsiwmi.dll
[2016/10/27 18:35:48 | 004,673,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2016/10/27 18:35:45 | 001,323,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wsp_fs.dll
[2016/10/27 18:35:45 | 001,113,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wsp_health.dll
[2016/10/27 18:35:44 | 000,182,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfsensorgroup.dll
[2016/10/27 18:35:43 | 001,993,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dwmcore.dll
[2016/10/27 18:35:41 | 000,455,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\DolbyDecMFT.dll
[2016/10/27 18:35:41 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\updatepolicy.dll
[2016/10/27 18:35:40 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\cmifw.dll
[2016/10/27 18:35:39 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\LockAppBroker.dll
[2016/10/27 18:35:38 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\FSClient.dll
[2016/10/27 18:35:38 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\stdole2.tlb
[2016/10/27 18:35:34 | 012,349,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wmp.dll
[2016/10/27 18:35:34 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfksproxy.dll
[2016/10/27 18:35:33 | 000,542,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Networking.Connectivity.dll
[2016/10/27 18:35:33 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Geolocation.dll
[2016/10/27 18:35:32 | 001,631,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.Resources.dll
[2016/10/27 18:35:31 | 013,868,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
[2016/10/27 18:35:30 | 006,108,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mos.dll
[2016/10/27 18:35:30 | 002,999,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\win32kfull.sys
[2016/10/27 18:35:29 | 002,748,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mispace.dll
[2016/10/27 18:35:27 | 000,675,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Networking.dll
[2016/10/27 18:35:27 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\splwow64.exe
[2016/10/27 18:35:26 | 002,708,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\esent.dll
[2016/10/27 18:35:25 | 005,376,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\BingMaps.dll
[2016/10/27 18:35:24 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\JpMapControl.dll
[2016/10/27 18:35:24 | 000,760,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\NMAA.dll
[2016/10/27 18:35:23 | 000,715,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MapControlCore.dll
[2016/10/27 18:35:23 | 000,254,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wmpeffects.dll
[2016/10/27 18:35:21 | 000,549,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ActionCenterCPL.dll
[2016/10/27 18:35:21 | 000,336,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msinfo32.exe
[2016/10/27 18:35:21 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wmpdxm.dll
[2016/10/27 18:35:21 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wmpshell.dll
[2016/10/27 18:35:21 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\efsext.dll
[2016/10/27 18:35:20 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\esentutl.exe
[2016/10/27 18:35:20 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\chartv.dll
[2016/10/27 18:35:14 | 005,685,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Data.Pdf.dll
[2016/10/27 18:35:13 | 000,545,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\fontdrvhost.exe
[2016/10/27 18:35:13 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WSManHTTPConfig.exe
[2016/10/27 18:35:12 | 007,626,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.dll
[2016/10/27 18:35:12 | 004,311,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\explorer.exe
[2016/10/27 18:35:12 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppXDeploymentClient.dll
[2016/10/27 18:35:08 | 001,969,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\hevcdecoder.dll
[2016/10/27 18:35:07 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.WiFi.dll
[2016/10/27 18:35:06 | 002,484,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\gameux.dll
[2016/10/27 18:35:06 | 001,556,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Immersive.dll
[2016/10/27 18:35:05 | 000,798,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll
[2016/10/27 18:35:05 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\hgcpl.dll
[2016/10/27 18:35:05 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinapi.dll
[2016/10/27 18:35:05 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dtdump.exe
[2016/10/27 18:35:00 | 000,632,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\sud.dll
[2016/10/27 18:35:00 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\autoplay.dll
[2016/10/27 18:34:59 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\systemcpl.dll
[2016/10/27 18:34:58 | 002,458,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\themecpl.dll
[2016/10/27 18:34:58 | 000,896,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\fontext.dll
[2016/10/27 18:34:58 | 000,506,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\DevicePairing.dll
[2016/10/27 18:34:56 | 000,306,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieproxy.dll
[2016/10/27 18:34:49 | 003,892,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfcore.dll
[2016/10/27 18:34:49 | 003,307,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MFMediaEngine.dll
[2016/10/27 18:34:49 | 001,123,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfplat.dll
[2016/10/27 18:34:49 | 000,952,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfsvr.dll
[2016/10/27 18:34:49 | 000,709,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CPFilters.dll
[2016/10/27 18:34:49 | 000,410,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SndVolSSO.dll
[2016/10/27 18:34:48 | 004,612,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.dll
[2016/10/27 18:34:48 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\daxexec.dll
[2016/10/27 18:34:46 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Speech.dll
[2016/10/27 18:34:46 | 000,712,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Search.dll
[2016/10/27 18:34:45 | 003,733,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\D3DCompiler_47.dll
[2016/10/27 18:34:44 | 019,418,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\edgehtml.dll
[2016/10/27 18:34:43 | 000,846,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WinTypes.dll
[2016/10/27 18:34:42 | 004,423,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ExplorerFrame.dll
[2016/10/27 18:34:42 | 000,806,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\D3D12.dll
[2016/10/27 18:34:41 | 002,276,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\d3d11.dll
[2016/10/27 18:34:41 | 002,166,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\combase.dll
[2016/10/27 18:34:40 | 001,853,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfmp4srcsnk.dll
[2016/10/27 18:34:40 | 000,687,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msvproc.dll
[2016/10/27 18:34:39 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\indexeddbserver.dll
[2016/10/27 18:34:38 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll
[2016/10/27 18:34:36 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dhcpcore6.dll
[2016/10/27 18:34:36 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\powercfg.exe
[2016/10/27 18:34:35 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mshtmled.dll
[2016/10/12 11:55:56 | 006,474,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mspaint.exe
[2016/10/12 11:55:56 | 000,873,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\aadtb.dll
[2016/10/12 11:55:56 | 000,426,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Wallet.dll
[2016/10/12 11:55:56 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UserDeviceRegistration.dll
[2016/10/12 11:55:56 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UserDeviceRegistration.Ngc.dll
[2016/10/12 11:55:55 | 000,566,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ShareHost.dll
[2016/10/12 11:55:55 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.AllJoyn.dll
[2016/10/12 11:55:55 | 000,404,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dsreg.dll
[2016/10/12 11:55:55 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UserMgrProxy.dll
[2016/10/12 11:55:55 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AuthBroker.dll
[2016/10/12 11:55:42 | 000,431,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\efswrt.dll
[2016/10/12 11:55:42 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dialclient.dll
[2016/10/12 11:55:39 | 006,043,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Chakra.dll
[2016/10/12 11:55:39 | 000,822,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Chakradiag.dll
[2016/10/12 11:55:38 | 002,682,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\netshell.dll
[2016/10/12 11:55:36 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\apprepsync.dll
[2016/10/12 11:55:36 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\apprepapi.dll
[2016/10/12 11:55:34 | 001,456,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\GdiPlus.dll
[2016/10/12 11:55:33 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\credprovs.dll
[2016/10/12 11:55:33 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\offreg.dll
[2016/10/12 11:55:31 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ContactApis.dll
[2016/10/12 11:55:31 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppointmentApis.dll
[2016/10/12 11:55:31 | 000,299,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UserDataAccountApis.dll
[2016/10/12 11:55:30 | 002,646,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CertEnroll.dll
[2016/10/12 11:55:30 | 000,858,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\EmailApis.dll
[2016/10/12 11:55:30 | 000,661,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WpcWebFilter.dll
[2016/10/12 11:55:30 | 000,640,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MCRecvSrc.dll
[2016/10/12 11:55:29 | 001,255,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AzureSettingSyncProvider.dll
[2016/10/12 11:55:29 | 000,567,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ChatApis.dll
[2016/10/12 11:55:28 | 003,105,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstsc.exe
[2016/10/12 11:55:28 | 001,430,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.dll
[2016/10/12 11:55:15 | 000,980,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfnetcore.dll
[2016/10/12 11:55:11 | 003,369,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.StateRepository.dll
[2016/10/12 11:55:11 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Networking.BackgroundTransfer.dll
[2016/10/12 11:55:11 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.StateRepositoryClient.dll
[2016/10/12 11:55:09 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UIRibbonRes.dll
[2016/10/12 11:55:08 | 001,013,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Web.Http.dll
[2016/10/12 11:55:08 | 000,598,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Web.dll
[2016/10/12 11:55:08 | 000,116,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CloudExperienceHostCommon.dll
[2016/10/12 11:55:08 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Networking.ServiceDiscovery.Dnssd.dll
[2016/10/12 11:55:07 | 001,360,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfnetsrc.dll
[2016/10/12 11:55:07 | 001,022,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppxPackaging.dll
[2016/10/12 11:55:06 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Networking.HostName.dll
[2016/10/12 11:55:06 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ConfigureExpandedStorage.dll
[2016/10/12 11:54:57 | 000,589,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.Sensors.dll
[2016/10/12 11:54:55 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\adsmsext.dll
[1 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2016/11/11 10:53:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2016/11/11 10:47:22 | 000,000,829 | ---- | M] () -- C:\Users\admin\Desktop\Nouveau dossier - Raccourci.lnk
[2016/11/11 10:43:05 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2016/11/09 23:10:14 | 000,001,238 | ---- | M] () -- C:\WINDOWS\tasks\DropboxUpdateTaskUserS-1-5-21-3088098888-1968788725-2100833601-1002UA1d2378f17240059.job
[2016/11/09 23:10:13 | 000,001,186 | ---- | M] () -- C:\WINDOWS\tasks\DropboxUpdateTaskUserS-1-5-21-3088098888-1968788725-2100833601-1002Core1d2378f14eddbea.job
[2016/11/02 15:37:55 | 000,002,360 | ---- | M] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2016/10/31 00:05:09 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2016/10/31 00:05:04 | 3193,884,672 | -HS- | M] () -- C:\hiberfil.sys
[2016/10/28 14:13:48 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\HPCeeScheduleForDAVID-HP$.job
[2016/10/25 00:30:58 | 000,828,408 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2016/10/25 00:30:58 | 000,176,632 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2016/10/15 05:34:46 | 001,969,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\hevcdecoder.dll
[2016/10/15 05:33:21 | 000,455,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\DolbyDecMFT.dll
[2016/10/15 05:26:14 | 004,673,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2016/10/15 05:20:49 | 002,276,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\d3d11.dll
[2016/10/15 05:18:59 | 000,576,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wer.dll
[2016/10/15 05:18:45 | 000,186,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\weretw.dll
[2016/10/15 05:18:09 | 000,846,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WinTypes.dll
[2016/10/15 05:18:06 | 000,749,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\drvstore.dll
[2016/10/15 05:18:01 | 002,166,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\combase.dll
[2016/10/15 05:15:51 | 003,892,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfcore.dll
[2016/10/15 05:15:48 | 001,853,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfmp4srcsnk.dll
[2016/10/15 05:15:46 | 001,557,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\winmde.dll
[2016/10/15 05:15:46 | 000,687,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msvproc.dll
[2016/10/15 05:15:45 | 001,123,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfplat.dll
[2016/10/15 05:15:43 | 000,952,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfsvr.dll
[2016/10/15 05:14:42 | 004,311,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\explorer.exe
[2016/10/15 05:11:24 | 000,545,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\fontdrvhost.exe
[2016/10/15 05:10:07 | 000,254,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wmpeffects.dll
[2016/10/15 05:06:09 | 005,685,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Data.Pdf.dll
[2016/10/15 05:00:40 | 001,631,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.Resources.dll
[2016/10/15 05:00:03 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\stdole2.tlb
[2016/10/15 04:59:49 | 000,187,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfksproxy.dll
[2016/10/15 04:59:08 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\splwow64.exe
[2016/10/15 04:58:43 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\efsext.dll
[2016/10/15 04:57:50 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mshtmled.dll
[2016/10/15 04:57:40 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wmpdxm.dll
[2016/10/15 04:57:40 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dtdump.exe
[2016/10/15 04:56:51 | 000,306,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\esentutl.exe
[2016/10/15 04:56:06 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\BluetoothApis.dll
[2016/10/15 04:56:05 | 000,327,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\daxexec.dll
[2016/10/15 04:55:33 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.WiFi.dll
[2016/10/15 04:55:07 | 000,182,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfsensorgroup.dll
[2016/10/15 04:54:51 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wmpshell.dll
[2016/10/15 04:54:49 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\InstallAgent.exe
[2016/10/15 04:54:18 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\autoplay.dll
[2016/10/15 04:54:05 | 000,555,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\StoreAgent.dll
[2016/10/15 04:54:00 | 000,410,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SndVolSSO.dll
[2016/10/15 04:53:50 | 000,198,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\FSClient.dll
[2016/10/15 04:53:07 | 000,222,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\InstallAgentUserBroker.exe
[2016/10/15 04:53:00 | 000,549,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ActionCenterCPL.dll
[2016/10/15 04:52:59 | 000,306,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieproxy.dll
[2016/10/15 04:52:51 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\systemcpl.dll
[2016/10/15 04:52:37 | 000,632,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\sud.dll
[2016/10/15 04:52:26 | 000,506,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\DevicePairing.dll
[2016/10/15 04:51:47 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dhcpcore6.dll
[2016/10/15 04:51:15 | 013,868,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
[2016/10/15 04:50:56 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\fontext.dll
[2016/10/15 04:50:36 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\updatepolicy.dll
[2016/10/15 04:50:26 | 000,198,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\indexeddbserver.dll
[2016/10/15 04:50:21 | 000,310,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppXDeploymentClient.dll
[2016/10/15 04:49:09 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WSManHTTPConfig.exe
[2016/10/15 04:49:02 | 000,838,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\JpMapControl.dll
[2016/10/15 04:48:01 | 001,323,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wsp_fs.dll
[2016/10/15 04:47:56 | 004,612,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.dll
[2016/10/15 04:47:49 | 001,113,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wsp_health.dll
[2016/10/15 04:47:04 | 007,626,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.dll
[2016/10/15 04:46:42 | 000,471,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.BackgroundMediaPlayback.dll
[2016/10/15 04:46:39 | 019,418,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\edgehtml.dll
[2016/10/15 04:46:14 | 000,336,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msinfo32.exe
[2016/10/15 04:44:48 | 003,307,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MFMediaEngine.dll
[2016/10/15 04:44:36 | 000,470,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Playback.BackgroundMediaPlayer.dll
[2016/10/15 04:44:20 | 000,747,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\RemoteNaturalLanguage.dll
[2016/10/15 04:44:12 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\LockAppBroker.dll
[2016/10/15 04:43:41 | 002,748,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mispace.dll
[2016/10/15 04:42:59 | 000,459,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Playback.MediaPlayer.dll
[2016/10/15 04:42:47 | 012,349,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wmp.dll
[2016/10/15 04:42:16 | 006,108,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mos.dll
[2016/10/15 04:42:02 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\powercfg.exe
[2016/10/15 04:41:58 | 005,376,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\BingMaps.dll
[2016/10/15 04:41:28 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iscsiwmi.dll
[2016/10/15 04:39:57 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Geolocation.dll
[2016/10/15 04:39:57 | 000,109,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\chartv.dll
[2016/10/15 04:39:42 | 001,228,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\usercpl.dll
[2016/10/15 04:39:08 | 000,806,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\D3D12.dll
[2016/10/15 04:38:55 | 002,458,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\themecpl.dll
[2016/10/15 04:38:41 | 000,675,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Networking.dll
[2016/10/15 04:38:31 | 007,468,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstscax.dll
[2016/10/15 04:38:01 | 001,993,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dwmcore.dll
[2016/10/15 04:37:47 | 003,733,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\D3DCompiler_47.dll
[2016/10/15 04:37:46 | 000,709,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CPFilters.dll
[2016/10/15 04:37:37 | 000,715,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MapControlCore.dll
[2016/10/15 04:37:20 | 000,712,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Search.dll
[2016/10/15 04:36:56 | 002,484,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\gameux.dll
[2016/10/15 04:36:55 | 004,423,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ExplorerFrame.dll
[2016/10/15 04:36:55 | 001,170,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Speech.dll
[2016/10/15 04:36:46 | 000,542,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Networking.Connectivity.dll
[2016/10/15 04:36:43 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\hgcpl.dll
[2016/10/15 04:36:19 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\cmifw.dll
[2016/10/15 04:36:10 | 001,556,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Immersive.dll
[2016/10/15 04:35:59 | 000,760,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\NMAA.dll
[2016/10/15 04:35:56 | 000,422,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinapi.dll
[2016/10/15 04:35:53 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll
[2016/10/15 04:35:34 | 002,999,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\win32kfull.sys
[2016/10/15 04:35:23 | 000,798,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll
[2016/10/15 04:35:18 | 002,708,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\esent.dll
[2016/10/12 11:39:20 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Web.Diagnostics.dll
[2016/10/12 11:39:13 | 000,783,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\TSWorkspace.dll
[1 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2016/11/11 10:47:22 | 000,000,829 | ---- | C] () -- C:\Users\admin\Desktop\Nouveau dossier - Raccourci.lnk
[2016/11/05 19:04:45 | 000,001,238 | ---- | C] () -- C:\WINDOWS\tasks\DropboxUpdateTaskUserS-1-5-21-3088098888-1968788725-2100833601-1002UA1d2378f17240059.job
[2016/11/05 19:04:41 | 000,001,186 | ---- | C] () -- C:\WINDOWS\tasks\DropboxUpdateTaskUserS-1-5-21-3088098888-1968788725-2100833601-1002Core1d2378f14eddbea.job
[2016/11/02 15:41:31 | 000,002,453 | ---- | C] () -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
[2016/09/30 11:10:57 | 000,265,728 | ---- | C] () -- C:\WINDOWS\SysWow64\Windows.Perception.Stub.dll
[2016/09/30 11:10:10 | 002,048,496 | ---- | C] () -- C:\WINDOWS\SysWow64\CoreUIComponents.dll
[2016/09/21 11:37:27 | 001,647,228 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2016/09/21 11:33:11 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2016/07/16 12:47:57 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2016/07/16 12:47:57 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2016/07/16 12:43:04 | 000,055,296 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2016/07/16 12:43:00 | 000,019,968 | ---- | C] () -- C:\WINDOWS\SysWow64\GamePanelExternalHook.dll
[2016/07/16 12:42:55 | 000,167,640 | ---- | C] () -- C:\WINDOWS\SysWow64\chs_singlechar_pinyin.dat
[2016/07/16 12:42:53 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2016/07/16 12:42:49 | 000,304,640 | ---- | C] () -- C:\WINDOWS\SysWow64\HrtfApo.dll
[2016/07/16 12:42:48 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2016/07/16 12:42:43 | 000,002,307 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2016/07/16 12:42:12 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2016/03/31 13:35:57 | 000,000,441 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2016/03/31 13:35:57 | 000,000,026 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2015/08/11 16:35:23 | 000,123,768 | ---- | C] () -- C:\WINDOWS\NFCHS.exe
[2014/09/30 09:44:39 | 000,000,496 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/04/09 18:32:35 | 000,005,113 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
[2011/12/18 14:18:24 | 000,002,516 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/12/18 14:18:24 | 000,000,008 | RHS- | C] () -- C:\ProgramData\E0B24EF92C.sys

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2016/09/24 21:42:03 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\windows.storage.dll -- [2016/09/15 18:16:13 | 007,219,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\windows.storage.dll -- [2016/09/15 18:22:40 | 005,722,320 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2016/07/16 12:42:31 | 000,977,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2016/07/16 12:42:56 | 000,779,776 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2016/07/16 12:42:31 | 000,518,656 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== LOP Check ==========[/color]

[2012/07/30 13:45:25 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Audacity
[2013/09/24 01:14:57 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\BabSolution
[2013/09/24 01:14:49 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Babylon
[2014/04/09 18:31:26 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Carambis
[2013/09/24 01:15:01 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Delta
[2011/09/22 15:19:38 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\DigitalPersona
[2013/09/24 01:19:33 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\DVDVideoSoft
[2013/03/04 23:15:31 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\DVDVideoSoftIEHelpers
[2016/04/05 09:55:23 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\KasperskyUpgradeLogs
[2014/07/22 22:37:17 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\OpenCandy
[2011/12/12 10:59:33 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\pdfforge
[2014/05/30 16:12:59 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Sage
[2014/05/30 15:49:25 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Sage Apicommerce Commerce de détail
[2013/09/24 01:14:00 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\TuneUp Software
[2011/09/22 15:45:02 | 000,000,000 | ---D | M] -- C:\Users\bhl\AppData\Roaming\DigitalPersona
[2013/06/16 15:27:16 | 000,000,000 | ---D | M] -- C:\Users\bhl\AppData\Roaming\Iminent
[2011/10/10 00:06:53 | 000,000,000 | ---D | M] -- C:\Users\bhl\AppData\Roaming\XnView
[2014/06/08 15:05:37 | 000,000,000 | ---D | M] -- C:\Users\judaicstore\AppData\Roaming\.minecraft
[2012/07/30 14:27:03 | 000,000,000 | ---D | M] -- C:\Users\judaicstore\AppData\Roaming\Audacity
[2015/06/04 12:22:15 | 000,000,000 | ---D | M] -- C:\Users\judaicstore\AppData\Roaming\Avery
[2011/09/22 15:45:41 | 000,000,000 | ---D | M] -- C:\Users\judaicstore\AppData\Roaming\DigitalPersona
[2016/10/28 02:38:35 | 000,000,000 | ---D | M] -- C:\Users\judaicstore\AppData\Roaming\Dropbox
[2013/09/24 01:13:05 | 000,000,000 | ---D | M] -- C:\Users\judaicstore\AppData\Roaming\DVDVideoSoft
[2013/01/24 14:03:32 | 000,000,000 | ---D | M] -- C:\Users\judaicstore\AppData\Roaming\Iminent
[2011/12/18 14:18:48 | 000,000,000 | ---D | M] -- C:\Users\judaicstore\AppData\Roaming\InterVideo
[2016/11/07 18:46:51 | 000,000,000 | ---D | M] -- C:\Users\judaicstore\AppData\Roaming\ObviousIdea
[2014/07/18 12:18:26 | 000,000,000 | ---D | M] -- C:\Users\judaicstore\AppData\Roaming\QuickScan
[2014/06/06 08:23:13 | 000,000,000 | ---D | M] -- C:\Users\judaicstore\AppData\Roaming\Sage
[2014/06/01 10:57:39 | 000,000,000 | ---D | M] -- C:\Users\judaicstore\AppData\Roaming\Sage Apicommerce Commerce de détail
[2013/08/01 13:36:51 | 000,000,000 | ---D | M] -- C:\Users\judaicstore\AppData\Roaming\TeamViewer
[2013/02/06 14:31:16 | 000,000,000 | ---D | M] -- C:\Users\judaicstore\AppData\Roaming\Thunderbird
[2013/09/24 01:21:25 | 000,000,000 | ---D | M] -- C:\Users\judaicstore\AppData\Roaming\TuneUp Software
[2014/06/13 13:03:17 | 000,000,000 | ---D | M] -- C:\Users\judaicstore\AppData\Roaming\webex
[2012/08/28 14:36:46 | 000,000,000 | ---D | M] -- C:\Users\judaicstore\AppData\Roaming\WildTangent
[2012/01/03 12:52:49 | 000,000,000 | ---D | M] -- C:\Users\judaicstore\AppData\Roaming\Windows Live Writer
[2014/07/22 22:51:43 | 000,000,000 | ---D | M] -- C:\Users\judaicstore\AppData\Roaming\Xi
[2012/07/15 12:31:08 | 000,000,000 | ---D | M] -- C:\Users\judaicstore\AppData\Roaming\XnView

[color=#E56717]========== Purity Check ==========[/color]

[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< HKCU\Software >[/color]

[HKEY_CURRENT_USER\Software\3rd Eye Solutions]

[HKEY_CURRENT_USER\Software\5bedd8ab03cee13]

[HKEY_CURRENT_USER\Software\Adobe]

[HKEY_CURRENT_USER\Software\AppDataLow]

[HKEY_CURRENT_USER\Software\Apple Computer, Inc.]

[HKEY_CURRENT_USER\Software\Apple Inc.]

[HKEY_CURRENT_USER\Software\Audacity]

[HKEY_CURRENT_USER\Software\BabSolution]

[HKEY_CURRENT_USER\Software\Carambis]

[HKEY_CURRENT_USER\Software\CyberLink]

[HKEY_CURRENT_USER\Software\DataMngr]

[HKEY_CURRENT_USER\Software\DataMngr_Toolbar]

[HKEY_CURRENT_USER\Software\Deal Keeper]

[HKEY_CURRENT_USER\Software\Delta]

[HKEY_CURRENT_USER\Software\DigitalPersona]

[HKEY_CURRENT_USER\Software\DivXNetworks]

[HKEY_CURRENT_USER\Software\DVDVideoSoft]

[HKEY_CURRENT_USER\Software\Fonts101]

[HKEY_CURRENT_USER\Software\Gabest]

[HKEY_CURRENT_USER\Software\Google]

[HKEY_CURRENT_USER\Software\GSpot Appliance Corp]

[HKEY_CURRENT_USER\Software\HPKEYBOARD]

[HKEY_CURRENT_USER\Software\Iminent]

[HKEY_CURRENT_USER\Software\InstallCore]

[HKEY_CURRENT_USER\Software\Intel]

[HKEY_CURRENT_USER\Software\JavaSoft]

[HKEY_CURRENT_USER\Software\jZip]

[HKEY_CURRENT_USER\Software\KasperskyLab]

[HKEY_CURRENT_USER\Software\KeyBoardLED_status]

[HKEY_CURRENT_USER\Software\LogiShrd]

[HKEY_CURRENT_USER\Software\Macromedia]

[HKEY_CURRENT_USER\Software\Malwarebytes' Anti-Malware]

[HKEY_CURRENT_USER\Software\Microsoft]

[HKEY_CURRENT_USER\Software\Mozilla]

[HKEY_CURRENT_USER\Software\MozillaPlugins]

[HKEY_CURRENT_USER\Software\Netscape]

[HKEY_CURRENT_USER\Software\ObviousIdea]

[HKEY_CURRENT_USER\Software\ODBC]

[HKEY_CURRENT_USER\Software\PC SOFT]

[HKEY_CURRENT_USER\Software\PDFCreator]

[HKEY_CURRENT_USER\Software\PegasusImaging]

[HKEY_CURRENT_USER\Software\Pilote PDF API 2.5]

[HKEY_CURRENT_USER\Software\Policies]

[HKEY_CURRENT_USER\Software\RegisteredApplications]

[HKEY_CURRENT_USER\Software\Safer Networking Limited]

[HKEY_CURRENT_USER\Software\Samsung]

[HKEY_CURRENT_USER\Software\SHARP]

[HKEY_CURRENT_USER\Software\Smartbar]

[HKEY_CURRENT_USER\Software\SSPrint]

[HKEY_CURRENT_USER\Software\SSScan]

[HKEY_CURRENT_USER\Software\SyncEngines]

[HKEY_CURRENT_USER\Software\TeamViewer]

[HKEY_CURRENT_USER\Software\Trolltech]

[HKEY_CURRENT_USER\Software\TuneUp]

[HKEY_CURRENT_USER\Software\WeDlMngr]

[HKEY_CURRENT_USER\Software\WinRAR]

[HKEY_CURRENT_USER\Software\WinRAR SFX]

[HKEY_CURRENT_USER\Software\Wow6432Node]

[HKEY_CURRENT_USER\Software\Xi]

[HKEY_CURRENT_USER\Software\Classes]

[color=#A23BEC]< HKCU\Software\AppDataLow /s >[/color]
[HKEY_CURRENT_USER\Software\AppDataLow\Software]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Adobe]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ConduitSearchScopes]
"{afdbddaa-5d3f-42ee-b79c-185a7020515b}" =
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Macromedia]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Macromedia\Shockwave 10]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Macromedia\Shockwave 10\fpng]
"" = y
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\AntiPhishing]
"i" = 0C447314-9ADD-4D49-85F3-A25E73020BF4 [binary data]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\Internet Explorer]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\Internet Explorer\Security]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\Internet Explorer\Security\AntiPhishing]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\Internet Explorer\Security\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2]
"UserFile" = 01 00 00 00 D0 8C 9D DF 01 15 D1 11 8C 7A 00 C0 4F C2 97 EB 01 00 00 00 44 C4 50 6F F9 7C 86 43 99 85 6B 49 35 67 10 3E 00 00 00 00 12 00 00 00 55 00 73 00 65 00 72 00 46 00 69 00 6C 00 65 00 00 00 10 66 00 00 00 01 00 00 20 00 00 00 A5 0F 5C FE 97 DF 60 F1 60 33 9A CA AB F8 10 11 25 71 76 22 2F C0 DD 6D F3 CF 8C 8F 94 DA 96 B1 00 00 00 00 0E 80 00 00 00 02 00 00 20 00 00 00 79 2B 34 05 92 51 29 8B 70 82 62 E1 E5 6F B8 24 48 06 6C 6E F0 34 E2 E8 C5 B1 52 35 0E 6A 91 46 10 00 00 00 63 E4 F4 00 6E 6E 54 3E D1 BD 83 28 C8 45 3F FC 40 00 00 00 72 D0 D6 2F C4 43 C8 66 B3 80 39 D6 8D 27 92 F4 7E 1C 7F ED 6B D0 E0 18 77 8F F5 6B 9C 79 F1 C3 92 DD 8E 89 A1 B5 F9 DF 20 BE DF 30 D0 27 22 BB E1 C7 0C D5 D1 51 12 A0 28 EC 30 7D C6 B2 D6 27 [Binary data over 200 bytes]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\RepService]
"i" = 6E5A64C9-3A05-45CA-86AC-4077B272A3D9 [binary data]
"A" = .cpl,.exe,.dll,.ocx,.sys,.scr,.drv [Binary data over 200 bytes]
"E" = 1 [binary data]
"B" = 50.000000 [binary data]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\Search Enhancement Pack]
"CEIP" = 0
[HKEY_CURRENT_USER\Software\AppDataLow\Software\PriceGong]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\PriceGong\Settings]
"current_user" = 0606A606-C1B8-4A53-8C8E-F7D2D6FF2520
"local_machine" = 083C402B-6431501CBC07
"country" =
"server_req_url" = http://service8.pricegong.com/default.aspx
"menu_action_url" =
"cfg_last_modified" = Tue, 13 Nov 2012 11:31:32
"group" =
"cx_server_location" = http://xml.pricegong.com/SiteXMLFolder
"cfg_time_stamp" = 1352806294
"next_settings_check" = 1352863892
"settings_check_interval" = 16
"impr_type" = 5
"active_type" = 7
"service_support" = 255
"xml_type" = 2
"snooze_interval" = 8760
"up_impr_count" = 0
"up_last_impr" = 0
"pr_link_tag" = DIV
"pr_link_style" = cursor:pointer;
"pr_link_text" = <img src="http://service.pricegong.com/Img/P_Link.png" title="Compare price for this product with PriceGong" />
"rs_link_tag" = DIV
"rs_link_style" = cursor:pointer;
"rs_link_text" = <img src="http://service.pricegong.com/Img/R_Link_16.png" title="Compare price for this product with PriceGong" />
"extra_params" =
"activation_date" = 15-Jul-2012 15:12:34
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Smartbar]
"GlobalUserId" = 21E83EB3-B008-4709-8C10-3ECDCF53438F
[HKEY_CURRENT_USER\Software\AppDataLow\Software\temp]

[color=#A23BEC]< HKLM\Software >[/color]
"" =

[HKEY_LOCAL_MACHINE\Software\5bedd8ab03cee13]

[HKEY_LOCAL_MACHINE\Software\Adobe]

[HKEY_LOCAL_MACHINE\Software\Adobee]

[HKEY_LOCAL_MACHINE\Software\AppDataLow]

[HKEY_LOCAL_MACHINE\Software\Apple Inc.]

[HKEY_LOCAL_MACHINE\Software\AVG]

[HKEY_LOCAL_MACHINE\Software\Conduit]

[HKEY_LOCAL_MACHINE\Software\Corel]

[HKEY_LOCAL_MACHINE\Software\CyberLink]

[HKEY_LOCAL_MACHINE\Software\Datamngr]

[HKEY_LOCAL_MACHINE\Software\Deal Keeper]

[HKEY_LOCAL_MACHINE\Software\DealKeeper]

[HKEY_LOCAL_MACHINE\Software\Delta]

[HKEY_LOCAL_MACHINE\Software\DigitalPersona]

[HKEY_LOCAL_MACHINE\Software\DivXNetworks]

[HKEY_LOCAL_MACHINE\Software\DVDVideoSoft]

[HKEY_LOCAL_MACHINE\Software\EagleEye]

[HKEY_LOCAL_MACHINE\Software\Google]

[HKEY_LOCAL_MACHINE\Software\Hewlett-Packard]

[HKEY_LOCAL_MACHINE\Software\HPS]

[HKEY_LOCAL_MACHINE\Software\I.R.I.S.]

[HKEY_LOCAL_MACHINE\Software\Iminent]

[HKEY_LOCAL_MACHINE\Software\Intel]

[HKEY_LOCAL_MACHINE\Software\InterVideo]

[HKEY_LOCAL_MACHINE\Software\JavaSoft]

[HKEY_LOCAL_MACHINE\Software\JreMetrics]

[HKEY_LOCAL_MACHINE\Software\jZip]

[HKEY_LOCAL_MACHINE\Software\jZipSRTB]

[HKEY_LOCAL_MACHINE\Software\KasperskyLab]

[HKEY_LOCAL_MACHINE\Software\Lake]

[HKEY_LOCAL_MACHINE\Software\LEDPointer]

[HKEY_LOCAL_MACHINE\Software\Licenses]

[HKEY_LOCAL_MACHINE\Software\LogMeIn Rescue]

[HKEY_LOCAL_MACHINE\Software\Macromedia]

[HKEY_LOCAL_MACHINE\Software\Malwarebytes' Anti-Malware]

[HKEY_LOCAL_MACHINE\Software\mdc]

[HKEY_LOCAL_MACHINE\Software\Microsoft]

[HKEY_LOCAL_MACHINE\Software\MimarSinan]

[HKEY_LOCAL_MACHINE\Software\Mon LIVRE PHOTO CEWE]

[HKEY_LOCAL_MACHINE\Software\Mozilla]

[HKEY_LOCAL_MACHINE\Software\MozillaPlugins]

[HKEY_LOCAL_MACHINE\Software\ObviousIdea]

[HKEY_LOCAL_MACHINE\Software\ODBC]

[HKEY_LOCAL_MACHINE\Software\OldTimer Tools]

[HKEY_LOCAL_MACHINE\Software\PDFComplete]

[HKEY_LOCAL_MACHINE\Software\PDFCreator]

[HKEY_LOCAL_MACHINE\Software\PegasusImaging]

[HKEY_LOCAL_MACHINE\Software\Realtek]

[HKEY_LOCAL_MACHINE\Software\Realtek Semiconductor Corp.]

[HKEY_LOCAL_MACHINE\Software\SafeBoot International]

[HKEY_LOCAL_MACHINE\Software\Safer Networking Limited]

[HKEY_LOCAL_MACHINE\Software\Samsung]

[HKEY_LOCAL_MACHINE\Software\SLD]

[HKEY_LOCAL_MACHINE\Software\SSScan]

[HKEY_LOCAL_MACHINE\Software\Stellar Information Systems Ltd.]

[HKEY_LOCAL_MACHINE\Software\sweet-pageSoftware]

[HKEY_LOCAL_MACHINE\Software\TeamViewer]

[HKEY_LOCAL_MACHINE\Software\tueagles]

[HKEY_LOCAL_MACHINE\Software\TuneUp]

[HKEY_LOCAL_MACHINE\Software\VideoLAN]

[HKEY_LOCAL_MACHINE\Software\Volatile]

[HKEY_LOCAL_MACHINE\Software\WinPcap]

[HKEY_LOCAL_MACHINE\Software\WinRAR]

[HKEY_LOCAL_MACHINE\Software\WOW6432Node]

[HKEY_LOCAL_MACHINE\Software\Xi]

[HKEY_LOCAL_MACHINE\Software\XnView]

[HKEY_LOCAL_MACHINE\Software\Classes]

[HKEY_LOCAL_MACHINE\Software\Clients]

[HKEY_LOCAL_MACHINE\Software\Policies]

[HKEY_LOCAL_MACHINE\Software\RegisteredApplications]

[color=#A23BEC]< HKCU\Software\Microsoft\Command Processor /s >[/color]
"CompletionChar" = 9
"DefaultColor" = 0
"EnableExtensions" = 1
"PathCompletionChar" = 9

[color=#A23BEC]< HKLM\Software\Microsoft\Command Processor /s >[/color]
"CompletionChar" = 64
"DefaultColor" = 0
"EnableExtensions" = 1
"PathCompletionChar" = 64

[color=#A23BEC]< HKLM\Software\Microsoft\Windows\CurrentVersion\RunMRU /s >[/color]

[color=#A23BEC]< HKLM\System\CurrentControlSet\Control\Session Manager\AppcertDlls /s >[/color]

[color=#A23BEC]< %Homedrive%\* >[/color]
[2009/07/14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2015/10/30 08:18:34 | 000,000,001 | -HS- | M] () -- C:\BOOTNXT
[2009/07/24 21:14:22 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/07/15 15:09:08 | 000,000,009 | ---- | M] () -- C:\END
[2016/10/31 00:05:04 | 3193,884,672 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/02 04:41:45 | 000,000,000 | RHS- | M] () -- C:\OS
[2016/11/04 16:10:49 | 2043,600,896 | -HS- | M] () -- C:\pagefile.sys
[2016/10/31 00:05:09 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2010/08/07 02:26:40 | 000,047,104 | -HS- | M] () -- C:\Thumbs.db
[1 C:\*.tmp files -> C:\*.tmp -> ]

[color=#A23BEC]< %Homedrive%\*. >[/color]
[2015/03/19 00:42:24 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2014/06/06 07:57:29 | 000,000,000 | ---D | M] -- C:\1f80503758a03d7bcec180a0228ea012
[2014/05/30 15:46:06 | 000,000,000 | ---D | M] -- C:\Apicommerce
[2015/08/03 21:42:33 | 000,000,000 | -HSD | M] -- C:\Boot
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2014/05/30 16:13:00 | 000,000,000 | ---D | M] -- C:\Données Ciel
[2015/09/02 10:35:44 | 000,000,000 | ---D | M] -- C:\Drivers Sagem9626- sharpmx2640
[2013/02/06 17:05:15 | 000,000,000 | RH-D | M] -- C:\ESD
[2011/02/02 04:35:39 | 000,000,000 | RHSD | M] -- C:\hp
[2016/09/21 12:18:33 | 000,000,000 | ---D | M] -- C:\inetpub
[2011/09/22 14:46:27 | 000,000,000 | ---D | M] -- C:\Intel
[2012/09/19 15:19:41 | 000,000,000 | -H-D | M] -- C:\kleaner.tmp
[2013/08/01 13:55:28 | 000,000,000 | ---D | M] -- C:\magasin
[2014/07/01 16:58:33 | 000,000,000 | ---D | M] -- C:\MAGICDVDCOPY_TEMP
[2011/09/22 15:50:51 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2016/11/06 16:17:56 | 000,000,000 | ---D | M] -- C:\Nouveau dossier
[2016/11/11 10:45:39 | 000,000,000 | -H-D | M] -- C:\OneDriveTemp
[2016/07/16 12:47:47 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2016/09/21 11:42:52 | 000,000,000 | R--D | M] -- C:\Program Files
[2016/09/21 11:42:59 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2016/10/02 18:06:05 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2016/09/21 12:15:41 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011/09/22 14:23:33 | 000,000,000 | ---D | M] -- C:\swsetup
[2016/11/11 11:00:27 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011/09/22 14:23:26 | 000,000,000 | -H-D | M] -- C:\SYSTEM.SAV
[2014/04/09 18:32:21 | 000,000,000 | ---D | M] -- C:\Temp
[2016/09/21 11:43:12 | 000,000,000 | R--D | M] -- C:\Users
[2016/11/02 15:50:09 | 000,000,000 | ---D | M] -- C:\Windows

[color=#A23BEC]< %Homedrive%\Recycler\*.exe /s >[/color]

[color=#A23BEC]< %Homedrive%\Recycler\*.scr /s >[/color]

[color=#A23BEC]< %Homedrive%\Recycler\*.pif /s >[/color]

[color=#A23BEC]< %Homedrive%\Recycler\*.vb* /s >[/color]

[color=#A23BEC]< %Homedrive%\$Recycle.bin\*.exe /s >[/color]
[2014/03/03 11:03:52 | 000,000,544 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3088098888-1968788725-2100833601-1002\$ISX4GKY.exe
[1 C:\$Recycle.bin\S-1-5-21-3088098888-1968788725-2100833601-1002\*.tmp files -> C:\$Recycle.bin\S-1-5-21-3088098888-1968788725-2100833601-1002\*.tmp -> ]

[color=#A23BEC]< %Homedrive%\$Recycle.bin\*.scr /s >[/color]

[color=#A23BEC]< %Homedrive%\$Recycle.bin\*.pif /s >[/color]

[color=#A23BEC]< %Homedrive%\$Recycle.bin\*.vb* /s >[/color]

[color=#A23BEC]< %Userprofile%\* >[/color]
[2016/11/06 14:35:54 | 002,359,296 | -H-- | M] () -- C:\Users\admin\NTUSER.DAT
[2016/09/21 11:38:26 | 000,647,168 | -HS- | M] () -- C:\Users\admin\ntuser.dat.LOG1
[2016/09/21 11:38:26 | 000,745,472 | -HS- | M] () -- C:\Users\admin\ntuser.dat.LOG2
[2016/11/02 17:44:34 | 000,065,536 | -HS- | M] () -- C:\Users\admin\NTUSER.DAT{d7724fc8-7fee-11e6-afba-d67e61e5bba4}.TM.blf
[2016/11/02 17:44:34 | 000,524,288 | -HS- | M] () -- C:\Users\admin\NTUSER.DAT{d7724fc8-7fee-11e6-afba-d67e61e5bba4}.TMContainer00000000000000000001.regtrans-ms
[2016/09/21 11:38:27 | 000,524,288 | -HS- | M] () -- C:\Users\admin\NTUSER.DAT{d7724fc8-7fee-11e6-afba-d67e61e5bba4}.TMContainer00000000000000000002.regtrans-ms
[2016/09/22 13:27:04 | 000,000,020 | -HS- | M] () -- C:\Users\admin\ntuser.ini

[color=#A23BEC]< %Userprofile%\*. >[/color]
[2016/09/21 11:41:28 | 000,000,000 | -H-D | M] -- C:\Users\admin\AppData
[2016/09/21 11:38:26 | 000,000,000 | -HSD | M] -- C:\Users\admin\Application Data
[2016/11/02 15:38:19 | 000,000,000 | R--D | M] -- C:\Users\admin\Contacts
[2016/09/21 11:38:26 | 000,000,000 | -HSD | M] -- C:\Users\admin\Cookies
[2016/11/11 10:53:15 | 000,000,000 | R--D | M] -- C:\Users\admin\Desktop
[2016/11/02 15:38:19 | 000,000,000 | R--D | M] -- C:\Users\admin\Documents
[2016/11/11 10:52:46 | 000,000,000 | R--D | M] -- C:\Users\admin\Downloads
[2016/11/02 15:49:08 | 000,000,000 | R--D | M] -- C:\Users\admin\Favorites
[2016/11/02 15:38:19 | 000,000,000 | R--D | M] -- C:\Users\admin\Links
[2016/09/21 11:38:26 | 000,000,000 | -HSD | M] -- C:\Users\admin\Local Settings
[2016/09/21 11:38:26 | 000,000,000 | -HSD | M] -- C:\Users\admin\Menu Démarrer
[2016/09/21 11:38:26 | 000,000,000 | -HSD | M] -- C:\Users\admin\Mes documents
[2016/09/21 11:38:26 | 000,000,000 | -HSD | M] -- C:\Users\admin\Modèles
[2016/11/02 15:38:19 | 000,000,000 | R--D | M] -- C:\Users\admin\Music
[2016/11/11 10:47:30 | 000,000,000 | R--D | M] -- C:\Users\admin\OneDrive
[2016/11/02 15:39:56 | 000,000,000 | R--D | M] -- C:\Users\admin\Pictures
[2016/09/21 11:38:26 | 000,000,000 | -HSD | M] -- C:\Users\admin\Recent
[2016/11/02 15:38:19 | 000,000,000 | R--D | M] -- C:\Users\admin\Saved Games
[2016/11/02 15:39:53 | 000,000,000 | R--D | M] -- C:\Users\admin\Searches
[2016/09/21 11:38:26 | 000,000,000 | -HSD | M] -- C:\Users\admin\SendTo
[2016/11/02 15:38:19 | 000,000,000 | R--D | M] -- C:\Users\admin\Videos
[2016/09/21 11:38:26 | 000,000,000 | -HSD | M] -- C:\Users\admin\Voisinage d'impression
[2016/09/21 11:38:26 | 000,000,000 | -HSD | M] -- C:\Users\admin\Voisinage réseau

[color=#A23BEC]< %Allusersprofile%\* >[/color]
[2011/12/18 14:18:24 | 000,000,008 | RHS- | M] () -- C:\ProgramData\E0B24EF92C.sys
[2015/02/16 09:38:17 | 000,002,516 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2014/04/09 18:32:35 | 000,005,113 | ---- | M] () -- C:\ProgramData\mtbjfghn.xbe
[2016/10/02 18:06:05 | 000,000,496 | RHS- | M] () -- C:\ProgramData\ntuser.pol

[color=#A23BEC]< %Allusersprofile%\*. >[/color]
[2014/10/28 16:46:06 | 000,000,000 | ---D | M] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2011/09/22 15:20:36 | 000,000,000 | ---D | M] -- C:\ProgramData\Adobe
[2014/04/09 18:31:57 | 000,000,000 | ---D | M] -- C:\ProgramData\APN
[2014/07/17 10:50:00 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple
[2014/07/17 10:55:40 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple Computer
[2016/09/21 12:15:42 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2014/07/18 12:15:13 | 000,000,000 | ---D | M] -- C:\ProgramData\AVG Secure Search
[2013/09/24 01:14:49 | 000,000,000 | ---D | M] -- C:\ProgramData\Babylon
[2013/09/24 01:15:03 | 000,000,000 | ---D | M] -- C:\ProgramData\BitGuard
[2013/10/22 11:06:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Browser Manager
[2013/10/22 11:06:32 | 000,000,000 | ---D | M] -- C:\ProgramData\BrowserProtect
[2016/03/31 14:02:57 | 000,000,000 | -HSD | M] -- C:\ProgramData\Bureau
[2012/07/30 14:32:49 | 000,000,000 | -H-D | M] -- C:\ProgramData\Common Files
[2016/07/16 12:47:48 | 000,000,000 | ---D | M] -- C:\ProgramData\Comms
[2011/02/02 04:22:42 | 000,000,000 | ---D | M] -- C:\ProgramData\Corel
[2015/03/16 11:50:55 | 000,000,000 | ---D | M] -- C:\ProgramData\d7a0fe93-7bf3-4f3d-89c3-fe4e144b2eb8
[2015/02/28 22:37:04 | 000,000,000 | ---D | M] -- C:\ProgramData\Datamngr
[2016/09/21 12:15:42 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2015/06/19 09:00:09 | 000,000,000 | ---D | M] -- C:\ProgramData\Dropbox
[2013/09/24 01:14:58 | 000,000,000 | ---D | M] -- C:\ProgramData\DSearchLink
[2016/05/22 11:00:37 | 000,000,000 | ---D | M] -- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
[2016/03/31 14:02:57 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoris
[2011/09/23 00:13:30 | 000,000,000 | ---D | M] -- C:\ProgramData\Hewlett-Packard
[2016/10/31 00:06:01 | 000,000,000 | ---D | M] -- C:\ProgramData\HPQLOG
[2016/02/08 15:21:15 | 000,000,000 | ---D | M] -- C:\ProgramData\hps
[2011/02/02 04:21:07 | 000,000,000 | ---D | M] -- C:\ProgramData\intel
[2016/11/11 10:43:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Kaspersky Lab
[2016/04/05 11:00:20 | 000,000,000 | ---D | M] -- C:\ProgramData\Kaspersky Lab Setup Files
[2011/02/02 04:15:18 | 000,000,000 | ---D | M] -- C:\ProgramData\Macrovision
[2014/07/01 16:57:10 | 000,000,000 | ---D | M] -- C:\ProgramData\MagicSoftware
[2013/01/29 14:01:55 | 000,000,000 | ---D | M] -- C:\ProgramData\Malwarebytes
[2016/03/31 14:02:57 | 000,000,000 | -HSD | M] -- C:\ProgramData\Menu Démarrer
[2016/09/21 12:02:28 | 000,000,000 | --SD | M] -- C:\ProgramData\Microsoft
[2016/10/13 09:26:40 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft Help
[2016/09/21 12:52:16 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft OneDrive
[2016/03/31 14:02:57 | 000,000,000 | -HSD | M] -- C:\ProgramData\Modèles
[2013/02/06 14:31:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Mozilla
[2011/09/22 16:20:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Norton
[2011/02/02 04:32:28 | 000,000,000 | ---D | M] -- C:\ProgramData\NortonInstaller
[2013/08/26 09:32:03 | 000,000,000 | ---D | M] -- C:\ProgramData\PDFC
[2011/09/23 00:05:27 | 000,000,000 | ---D | M] -- C:\ProgramData\Recovery
[2016/09/21 11:49:24 | 000,000,000 | ---D | M] -- C:\ProgramData\regid.1991-06.com.microsoft
[2014/05/30 15:49:28 | 000,000,000 | ---D | M] -- C:\ProgramData\Sage
[2016/07/16 12:47:48 | 000,000,000 | ---D | M] -- C:\ProgramData\SoftwareDistribution
[2013/01/29 14:05:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Spybot - Search & Destroy
[2011/09/22 15:17:16 | 000,000,000 | ---D | M] -- C:\ProgramData\Sun
[2012/07/15 15:37:22 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp
[2016/08/25 17:39:41 | 000,000,000 | ---D | M] -- C:\ProgramData\tmp
[2013/09/24 01:14:01 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software
[2016/09/21 12:17:29 | 000,000,000 | ---D | M] -- C:\ProgramData\USOPrivate
[2016/09/21 12:17:29 | 000,000,000 | ---D | M] -- C:\ProgramData\USOShared
[2014/06/13 13:03:06 | 000,000,000 | ---D | M] -- C:\ProgramData\WebEx
[2012/11/13 14:52:09 | 000,000,000 | ---D | M] -- C:\ProgramData\WildTangent
[2014/02/14 11:03:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Wincert
[2014/07/22 22:38:11 | 000,000,000 | -HSD | M] -- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
[2011/02/02 04:27:02 | 000,000,000 | -H-D | M] -- C:\ProgramData\{0D9D262D-4BA2-4BC3-9CD3-4D1A9AE63E18}
[2012/07/30 14:32:49 | 000,000,000 | -HSD | M] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2013/09/24 01:13:48 | 000,000,000 | -HSD | M] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2011/02/02 04:23:48 | 000,000,000 | ---D | M] -- C:\ProgramData\{D13C0989-F3EC-4F44-A33D-B3F83DF90FAF}

[color=#A23BEC]< %LocalAppData%\* >[/color]
[2015/09/02 09:55:18 | 000,121,152 | ---- | M] () -- C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
[2016/11/02 17:44:29 | 000,013,148 | -H-- | M] () -- C:\Users\admin\AppData\Local\IconCache.db

[color=#A23BEC]< %LocalAppData%\*. >[/color]
[2013/12/30 19:21:28 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\Adobe
[2014/07/17 10:30:14 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\Apple
[2016/04/10 12:13:28 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\Apple Computer
[2016/09/21 11:38:26 | 000,000,000 | -HSD | M] -- C:\Users\admin\AppData\Local\Application Data
[2016/11/02 15:47:59 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\Comms
[2012/11/13 14:35:48 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\Conduit
[2016/11/11 10:45:10 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\ConnectedDevicesPlatform
[2014/07/17 21:27:55 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\CrashDumps
[2011/09/22 15:19:38 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\DigitalPersona
[2015/09/03 21:05:51 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\ElevatedDiagnostics
[2015/08/09 13:54:02 | 000,000,000 | -HSD | M] -- C:\Users\admin\AppData\Local\EmieSiteList
[2015/08/09 13:54:02 | 000,000,000 | -HSD | M] -- C:\Users\admin\AppData\Local\EmieUserList
[2016/11/11 10:56:46 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\Google
[2015/09/02 09:54:55 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\GWX
[2011/09/22 14:23:21 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\Hewlett-Packard
[2011/09/22 15:19:56 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\Hewlett-Packard_Company
[2016/09/21 11:38:26 | 000,000,000 | -HSD | M] -- C:\Users\admin\AppData\Local\Historique
[2015/09/09 09:57:17 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\jZip
[2013/02/20 23:32:54 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\LogMeIn Rescue Applet
[2014/07/01 16:50:21 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\MagicSoftware
[2016/11/02 17:44:31 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\Microsoft
[2011/09/22 15:51:12 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\Microsoft Help
[2016/11/02 15:40:54 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\MicrosoftEdge
[2016/11/02 16:47:59 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\Packages
[2012/07/16 14:27:48 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\Paint.NET
[2011/09/22 14:23:56 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\PDFC
[2013/01/29 14:01:49 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\Programs
[2016/11/02 15:38:48 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\Publishers
[2011/09/22 14:23:20 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\RemEngine
[2016/11/11 11:12:54 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\Temp
[2014/04/09 18:31:26 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\TempDIR
[2016/09/21 11:38:26 | 000,000,000 | -HSD | M] -- C:\Users\admin\AppData\Local\Temporary Internet Files
[2016/11/02 15:37:51 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\TileDataLayer
[2011/09/22 14:23:35 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\VirtualStore
[2013/08/01 13:24:16 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\WDSetup
[2015/08/11 16:28:02 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\Windows Live

[color=#A23BEC]< %Userprofile%\Local Settings\* >[/color]

[color=#A23BEC]< %Userprofile%\Local Settings\*. >[/color]

[color=#A23BEC]< %Userprofile%\Local Settings\Application Data\* >[/color]

[color=#A23BEC]< %Userprofile%\Local Settings\Application Data\*. >[/color]

[color=#A23BEC]< %Userprofile%\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\* >[/color]

[color=#A23BEC]< %Userprofile%\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\*. >[/color]
[2016/11/11 10:51:04 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\4RXLL9F7

[color=#A23BEC]< %Userprofile%\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\* >[/color]

[color=#A23BEC]< %Userprofile%\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\*. >[/color]
[2016/11/11 10:51:04 | 000,000,000 | ---D | M] -- C:\Users\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\4RXLL9F7

[color=#A23BEC]< %programFiles%\* >[/color]
[2016/07/16 12:45:35 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

[color=#A23BEC]< %programFiles%\*. >[/color]
[2011/09/22 15:20:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2016/04/10 12:13:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2014/07/17 10:29:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour
[2014/04/09 18:31:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Carambis
[2016/09/21 11:42:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2015/06/02 19:52:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Conduit
[2014/12/19 09:27:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Deal Keeper
[2013/09/24 01:15:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Delta
[2013/09/24 01:19:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DVDVideoSoft
[2014/02/04 12:53:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2011/02/02 04:34:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hewlett-Packard
[2012/11/13 14:52:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP Games
[2013/09/29 10:25:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Iminent
[2014/05/30 15:46:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2011/02/02 04:05:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel
[2016/10/02 17:50:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2011/02/02 04:22:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\InterVideo
[2011/09/22 15:16:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2016/04/04 15:08:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Kaspersky Lab
[2014/07/01 16:50:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MagicDVDCopier
[2013/01/29 14:01:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/09/04 01:02:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2011/09/22 15:52:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Analysis Services
[2011/09/22 15:53:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2016/10/13 13:20:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2011/10/23 23:20:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2011/09/22 15:53:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Sync Framework
[2011/09/22 15:53:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2011/09/22 15:52:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2016/09/21 11:42:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2013/09/24 01:15:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2013/02/22 09:04:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/02/21 18:20:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Thunderbird
[2016/09/21 11:51:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2014/05/30 15:49:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSECache
[2011/09/22 14:49:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2014/11/25 09:34:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MyPC Backup
[2015/10/13 10:41:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ObviousIdea
[2016/03/11 14:21:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Office DEPOT Designer d´étiquettes 2.0
[2011/09/22 15:20:01 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Online Services
[2011/12/12 10:59:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PDFCreator
[2012/06/04 17:17:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Readiris10
[2011/02/02 04:19:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2016/09/21 12:18:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2014/04/09 20:13:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Samsung
[2014/04/09 20:32:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SamsungPrinterLiveUpdate
[2012/01/15 20:25:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SLD Codec Pack
[2013/01/29 14:03:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/07/15 15:23:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Stellar Phoenix Photo Recovery
[2012/01/23 17:37:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SysTools PDF Unlocker
[2013/02/06 14:00:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TeamViewer
[2011/02/02 04:20:12 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp
[2015/08/11 16:38:55 | 000,000,000 | RHSD | M] -- C:\Program Files (x86)\tuEagles
[2009/07/14 05:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2012/01/15 20:31:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VideoLAN
[2013/05/07 13:14:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Western Digital
[2016/09/21 12:27:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2011/10/23 23:24:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2016/09/21 11:42:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2016/10/28 14:22:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2016/07/16 12:47:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Multimedia Platform
[2016/07/16 12:47:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2016/10/13 13:25:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2016/07/16 12:47:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2016/09/21 11:42:58 | 000,000,000 | -HSD | M] -- C:\Program Files (x86)\Windows Sidebar
[2016/07/16 12:47:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WindowsPowerShell
[2011/09/22 15:22:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WinRAR
[2011/10/10 00:02:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\XnView

[color=#A23BEC]< %programfiles%\Google\Desktop\*. >[/color]

[color=#A23BEC]< %ProgramFiles%\Common Files\*. >[/color]
[2011/09/22 15:20:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Adobe
[2016/05/22 11:00:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Apple
[2014/07/18 12:55:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2016/03/11 14:20:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013/09/24 01:19:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2012/05/29 14:49:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\InstallShield
[2011/02/02 04:21:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Intel
[2011/02/02 04:22:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\InterVideo
[2011/09/22 15:17:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Java
[2016/11/05 19:05:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\logishrd
[2016/09/21 11:42:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Microsoft Shared
[2013/08/01 13:24:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\PC SOFT
[2011/02/02 04:22:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Protexis
[2016/07/16 12:47:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Services
[2016/09/21 11:42:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\SpeechEngines
[2016/09/21 11:42:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\System
[2011/10/23 23:15:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Windows Live

[color=#A23BEC]< %ProgramFiles(X86)%\Common Files\*. >[/color]
[2011/09/22 15:20:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Adobe
[2016/05/22 11:00:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Apple
[2014/07/18 12:55:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2016/03/11 14:20:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013/09/24 01:19:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2012/05/29 14:49:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\InstallShield
[2011/02/02 04:21:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Intel
[2011/02/02 04:22:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\InterVideo
[2011/09/22 15:17:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Java
[2016/11/05 19:05:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\logishrd
[2016/09/21 11:42:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Microsoft Shared
[2013/08/01 13:24:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\PC SOFT
[2011/02/02 04:22:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Protexis
[2016/07/16 12:47:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Services
[2016/09/21 11:42:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\SpeechEngines
[2016/09/21 11:42:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\System
[2011/10/23 23:15:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Windows Live

[color=#A23BEC]< %Systemroot%\Installer\*. >[/color]
[2011/02/02 04:21:41 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$
[2014/07/22 22:37:12 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\MSI51BA.tmp-
[2014/07/22 22:38:30 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\MSI6627.tmp-
[2014/07/22 22:37:09 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\MSIECAF.tmp-
[2011/09/22 14:23:26 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{0436280B-A1FF-4708-90A3-5C6746419BAA}
[2011/02/02 04:15:55 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{07FA4960-B038-49EB-891B-9F95930AA544}
[2016/04/10 12:12:56 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{0DE0A178-AC7B-4650-806C-CF226DE03766}
[2011/09/22 15:16:55 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{26A24AE4-039D-4CA4-87B4-2F83216027FF}
[2011/02/02 04:33:37 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{34E6F14D-68F9-486D-87BA-6AA8431F3F44}
[2011/02/02 04:23:13 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}
[2016/04/10 12:13:22 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}
[2012/07/16 14:28:40 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}
[2011/02/02 04:33:47 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{55B52830-024A-443E-AF61-61E1E71AFA1B}
[2011/02/02 04:22:33 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}
[2013/02/17 16:00:47 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{612C34C7-5E90-47D8-9B5C-0F717DD82726}
[2012/01/12 19:09:15 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}
[2016/04/10 12:12:31 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}
[2011/02/02 04:34:02 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}
[2014/07/17 10:29:16 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}
[2011/10/23 23:24:53 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}
[2016/04/04 15:06:46 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}
[2011/09/22 14:49:10 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
[2016/10/13 09:25:22 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
[2016/10/13 09:26:38 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}
[2011/09/22 15:53:13 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{90140000-002A-0000-1000-0000000FF1CE}
[2016/08/10 19:57:31 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{90140000-006E-040C-0000-0000000FF1CE}
[2011/10/23 23:25:05 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{95140000-007A-040C-0000-0000000FF1CE}
[2011/10/23 23:22:33 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{95140000-007D-0409-0000-0000000FF1CE}
[2011/02/02 04:15:36 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{A1DC4DF6-7493-45B2-B8AA-0A8805866CB9}
[2011/10/23 23:21:29 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{A726AE06-AAA3-43D1-87E3-70F510314F04}
[2011/09/22 15:20:45 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-AA1000000001}
[2011/02/02 04:24:15 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8}
[2014/10/28 16:44:10 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}
[2011/02/02 04:31:29 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{BE1C9464-DEBB-4DA6-B19A-8EC634F22D73}
[2011/02/02 04:15:08 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}
[2011/10/23 23:17:58 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}
[2011/02/02 04:19:30 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{D79A02E9-6713-4335-9668-AAC7474C0C0E}
[2011/10/23 23:22:03 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{DECDCB7C-58CC-4865-91AF-627F9798FE48}
[2011/10/23 23:19:30 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{E5B21F11-6933-4E0B-A25C-7963E3C07D11}
[2011/10/23 23:20:26 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
[2014/05/30 17:37:28 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
[2016/04/10 12:13:05 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}

[color=#A23BEC]< %Systemroot%\Temp\*.exe /s >[/color]
[2016/10/25 16:54:26 | 001,363,560 | ---- | M] (Google Inc.) -- C:\WINDOWS\Temp\CR_441C8.tmp\setup.exe

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2016/07/16 12:42:55 | 000,367,104 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\FirewallAPI.dll
[2016/10/15 04:41:24 | 012,174,848 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\ieframe.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

[color=#A23BEC]< %systemroot%\system32\*.exe /lockedfiles >[/color]
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

[color=#A23BEC]< %systemroot%\system32\*.in* >[/color]
[2004/08/09 16:00:42 | 000,000,114 | ---- | M] () -- C:\WINDOWS\system32\BRLMW03A.INI
[2016/07/16 12:43:59 | 000,003,458 | ---- | M] () -- C:\WINDOWS\system32\ieuinit.inf
[2013/09/29 00:02:50 | 000,001,238 | ---- | M] () -- C:\WINDOWS\system32\InstallUtil.InstallLog
[2016/07/16 12:44:17 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Microsoft.Management.Infrastructure.Native.Unmanaged.dll
[2016/09/21 11:37:27 | 001,647,228 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI
[2016/07/16 12:42:43 | 000,002,307 | ---- | M] () -- C:\WINDOWS\system32\WimBootCompress.ini
[2016/09/15 17:57:56 | 000,392,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Windows.Gaming.Input.dll
[2016/09/15 17:55:32 | 000,332,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
[2016/09/15 17:56:09 | 000,298,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Windows.Internal.Management.dll
[2016/09/21 12:25:58 | 000,104,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
[2016/09/15 17:39:20 | 001,004,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
[2016/09/15 17:49:12 | 000,468,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

[color=#A23BEC]< %systemroot%\PSS\* /s >[/color]

[color=#A23BEC]< %systemroot%\Tasks\* >[/color]
[2016/09/21 10:43:00 | 000,001,002 | ---- | M] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2016/11/09 23:10:13 | 000,001,186 | ---- | M] () -- C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3088098888-1968788725-2100833601-1002Core1d2378f14eddbea.job
[2016/11/09 23:10:14 | 000,001,238 | ---- | M] () -- C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3088098888-1968788725-2100833601-1002UA1d2378f17240059.job
[2016/09/21 08:50:03 | 000,001,090 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2016/09/21 10:53:00 | 000,001,094 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2016/10/28 14:13:48 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\HPCeeScheduleForDAVID-HP$.job
[2016/10/31 00:05:11 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

[color=#A23BEC]< %systemroot%\Tasks\*. >[/color]

[color=#A23BEC]< %systemroot%\system32\Tasks\* >[/color]

[color=#A23BEC]< %systemroot%\system32\Tasks\*. >[/color]
[2016/07/16 12:47:48 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\Tasks\Microsoft

[color=#A23BEC]< %systemroot%\syswow64\Tasks\* >[/color]

[color=#A23BEC]< %systemroot%\syswow64\Tasks\*. >[/color]
[2016/07/16 12:47:48 | 000,000,000 | ---D | M] -- C:\WINDOWS\syswow64\Tasks\Microsoft

[color=#A23BEC]< %systemroot%\system32\drivers\*.sy* /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\system32\config\*.exe /s >[/color]

[color=#A23BEC]< %Systemroot%\ServiceProfiles\*.exe /s >[/color]

[color=#A23BEC]< %systemroot%\system32\*.sys >[/color]
[2016/09/21 12:25:44 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[2016/10/15 04:35:34 | 002,999,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32kfull.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

[color=#A23BEC]< dir %Homedrive%\* /S /A:L /C >[/color]
Le volume dans le lecteur C s'appelle OS
Le num ro de s rie du volume est 083C-402B
R pertoire de C:\
14/07/2009 06:08 <JUNCTION> Documents and Settings [C:\Users]
0 fichier(s) 0 octets
R pertoire de C:\Program Files
31/03/2016 14:02 <JUNCTION> Fichiers communs [C:\Program Files\Common Files]
0 fichier(s) 0 octets
R pertoire de C:\Program Files\Windows NT
21/09/2016 12:15 <JUNCTION> Accessoires [C:\Program Files\Windows NT\Accessories]
0 fichier(s) 0 octets
R pertoire de C:\ProgramData
21/09/2016 12:15 <JUNCTION> Application Data [C:\ProgramData]
31/03/2016 14:02 <JUNCTION> Bureau [C:\Users\Public\Desktop]
21/09/2016 12:15 <JUNCTION> Documents [C:\Users\Public\Documents]
31/03/2016 14:02 <JUNCTION> Favoris [C:\Users\Public\Favorites]
31/03/2016 14:02 <JUNCTION> Menu D marrer [C:\ProgramData\Microsoft\Windows\Start Menu]
31/03/2016 14:02 <JUNCTION> Mod`les [C:\ProgramData\Microsoft\Windows\Templates]
0 fichier(s) 0 octets
R pertoire de C:\ProgramData\Microsoft\Windows\Start Menu
31/03/2016 14:02 <JUNCTION> Programmes [C:\ProgramData\Microsoft\Windows\Start Menu\Programs]
0 fichier(s) 0 octets
R pertoire de C:\Users
16/07/2016 13:40 <SYMLINKD> All Users [C:\ProgramData]
16/07/2016 13:40 <JUNCTION> Default User [C:\Users\Default]
0 fichier(s) 0 octets
R pertoire de C:\Users\admin
21/09/2016 11:38 <JUNCTION> Application Data [C:\Users\admin\AppData\Roaming]
21/09/2016 11:38 <JUNCTION> Cookies [C:\Users\admin\AppData\Local\Microsoft\Windows\INetCookies]
21/09/2016 11:38 <JUNCTION> Local Settings [C:\Users\admin\AppData\Local]
21/09/2016 11:38 <JUNCTION> Menu D marrer [C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu]
21/09/2016 11:38 <JUNCTION> Mes documents [C:\Users\admin\Documents]
21/09/2016 11:38 <JUNCTION> Mod`les [C:\Users\admin\AppData\Roaming\Microsoft\Windows\Templates]
21/09/2016 11:38 <JUNCTION> Recent [C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent]
21/09/2016 11:38 <JUNCTION> SendTo [C:\Users\admin\AppData\Roaming\Microsoft\Windows\SendTo]
21/09/2016 11:38 <JUNCTION> Voisinage d'impression [C:\Users\admin\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
21/09/2016 11:38 <JUNCTION> Voisinage r seau [C:\Users\admin\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
0 fichier(s) 0 octets
R pertoire de C:\Users\admin\AppData\Local
21/09/2016 11:38 <JUNCTION> Application Data [C:\Users\admin\AppData\Local]
21/09/2016 11:38 <JUNCTION> Historique [C:\Users\admin\AppData\Local\Microsoft\Windows\History]
21/09/2016 11:38 <JUNCTION> Temporary Internet Files [C:\Users\admin\AppData\Local\Microsoft\Windows\INetCache]
0 fichier(s) 0 octets
R pertoire de C:\Users\admin\AppData\Local\Microsoft\Windows
21/09/2016 11:38 <JUNCTION> Temporary Internet Files [C:\Users\admin\AppData\Local\Microsoft\Windows\INetCache]
0 fichier(s) 0 octets
R pertoire de C:\Users\admin\AppData\Local\Microsoft\Windows\INetCache
02/11/2016 15:38 <JUNCTION> Content.IE5 [C:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE]
0 fichier(s) 0 octets
R pertoire de C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu
21/09/2016 11:38 <JUNCTION> Programmes [C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]
0 fichier(s) 0 octets
R pertoire de C:\Users\admin\Documents
21/09/2016 11:38 <JUNCTION> Ma musique [C:\Users\admin\Music]
21/09/2016 11:38 <JUNCTION> Mes images [C:\Users\admin\Pictures]
21/09/2016 11:38 <JUNCTION> Mes vid os [C:\Users\admin\Videos]
0 fichier(s) 0 octets
R pertoire de C:\Users\All Users
21/09/2016 12:15 <JUNCTION> Application Data [C:\ProgramData]
31/03/2016 14:02 <JUNCTION> Bureau [C:\Users\Public\Desktop]
21/09/2016 12:15 <JUNCTION> Documents [C:\Users\Public\Documents]
31/03/2016 14:02 <JUNCTION> Favoris [C:\Users\Public\Favorites]
31/03/2016 14:02 <JUNCTION> Menu D marrer [C:\ProgramData\Microsoft\Windows\Start Menu]
31/03/2016 14:02 <JUNCTION> Mod`les [C:\ProgramData\Microsoft\Windows\Templates]
0 fichier(s) 0 octets
R pertoire de C:\Users\All Users\Microsoft\Windows\Start Menu
31/03/2016 14:02 <JUNCTION> Programmes [C:\ProgramData\Microsoft\Windows\Start Menu\Programs]
0 fichier(s) 0 octets
R pertoire de C:\Users\bhl
22/09/2011 15:44 <JUNCTION> Application Data [C:\Users\bhl\AppData\Roaming]
22/09/2011 15:44 <JUNCTION> Cookies [C:\Users\bhl\AppData\Roaming\Microsoft\Windows\Cookies]
22/09/2011 15:44 <JUNCTION> Local Settings [C:\Users\bhl\AppData\Local]
22/09/2011 15:44 <JUNCTION> Menu D marrer [C:\Users\bhl\AppData\Roaming\Microsoft\Windows\Start Menu]
22/09/2011 15:44 <JUNCTION> Mes documents [C:\Users\bhl\Documents]
22/09/2011 15:44 <JUNCTION> Mod`les [C:\Users\bhl\AppData\Roaming\Microsoft\Windows\Templates]
22/09/2011 15:44 <JUNCTION> Recent [C:\Users\bhl\AppData\Roaming\Microsoft\Windows\Recent]
22/09/2011 15:44 <JUNCTION> SendTo [C:\Users\bhl\AppData\Roaming\Microsoft\Windows\SendTo]
22/09/2011 15:44 <JUNCTION> Voisinage d'impression [C:\Users\bhl\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
22/09/2011 15:44 <JUNCTION> Voisinage r seau [C:\Users\bhl\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
0 fichier(s) 0 octets
R pertoire de C:\Users\bhl\AppData\Local
22/09/2011 15:44 <JUNCTION> Application Data [C:\Users\bhl\AppData\Local]
22/09/2011 15:44 <JUNCTION> Historique [C:\Users\bhl\AppData\Local\Microsoft\Windows\History]
22/09/2011 15:44 <JUNCTION> Temporary Internet Files [C:\Users\bhl\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 fichier(s) 0 octets
R pertoire de C:\Users\bhl\AppData\Roaming\Microsoft\Windows\Start Menu
22/09/2011 15:44 <JUNCTION> Programmes [C:\Users\bhl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]
0 fichier(s) 0 octets
R pertoire de C:\Users\bhl\Documents
22/09/2011 15:44 <JUNCTION> Ma musique [C:\Users\bhl\Music]
22/09/2011 15:44 <JUNCTION> Mes images [C:\Users\bhl\Pictures]
22/09/2011 15:44 <JUNCTION> Mes vid os [C:\Users\bhl\Videos]
0 fichier(s) 0 octets
R pertoire de C:\Users\Default
21/09/2016 12:15 <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
21/09/2016 12:15 <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
21/09/2016 12:15 <JUNCTION> Menu D marrer [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
21/09/2016 12:15 <JUNCTION> Mes documents [C:\Users\Default\Documents]
21/09/2016 12:15 <JUNCTION> Mod`les [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
21/09/2016 12:15 <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
21/09/2016 12:15 <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
21/09/2016 12:15 <JUNCTION> Voisinage d'impression [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
21/09/2016 12:15 <JUNCTION> Voisinage r seau [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
0 fichier(s) 0 octets
R pertoire de C:\Users\Default\AppData\Local
21/09/2016 12:15 <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
21/09/2016 12:15 <JUNCTION> Historique [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
21/09/2016 12:15 <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache]
0 fichier(s) 0 octets
R pertoire de C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu
21/09/2016 12:15 <JUNCTION> Programmes [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]
0 fichier(s) 0 octets
R pertoire de C:\Users\Default\Documents
21/09/2016 12:15 <JUNCTION> Ma musique [C:\Users\Default\Music]
21/09/2016 12:15 <JUNCTION> Mes images [C:\Users\Default\Pictures]
21/09/2016 12:15 <JUNCTION> Mes vid os [C:\Users\Default\Videos]
0 fichier(s) 0 octets
R pertoire de C:\Users\Default.migrated
31/03/2016 14:02 <JUNCTION> Menu D marrer [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
31/03/2016 14:02 <JUNCTION> Mes documents [C:\Users\Default\Documents]
31/03/2016 14:02 <JUNCTION> Mod`les [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
31/03/2016 14:02 <JUNCTION> Voisinage d'impression [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
31/03/2016 14:02 <JUNCTION> Voisinage r seau [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
0 fichier(s) 0 octets
R pertoire de C:\Users\Default.migrated\AppData\Local
31/03/2016 14:02 <JUNCTION> Historique [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
0 fichier(s) 0 octets
R pertoire de C:\Users\Default.migrated\AppData\Roaming\Microsoft\Windows\Start Menu
31/03/2016 14:02 <JUNCTION> Programmes [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]
0 fichier(s) 0 octets
R pertoire de C:\Users\Default.migrated\Documents
31/03/2016 14:02 <JUNCTION> Ma musique [C:\Users\Default\Music]
31/03/2016 14:02 <JUNCTION> Mes images [C:\Users\Default\Pictures]
31/03/2016 14:02 <JUNCTION> Mes vid os [C:\Users\Default\Videos]
14/07/2009 06:08 <JUNCTION> My Music [C:\Users\Default\Music]
14/07/2009 06:08 <JUNCTION> My Pictures [C:\Users\Default\Pictures]
14/07/2009 06:08 <JUNCTION> My Videos [C:\Users\Default\Videos]
0 fichier(s) 0 octets
R pertoire de C:\Users\DefaultAppPool
21/09/2016 11:38 <JUNCTION> Application Data [C:\Users\DefaultAppPool\AppData\Roaming]
21/09/2016 11:38 <JUNCTION> Cookies [C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\INetCookies]
21/09/2016 11:38 <JUNCTION> Local Settings [C:\Users\DefaultAppPool\AppData\Local]
21/09/2016 11:38 <JUNCTION> Menu D marrer [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu]
21/09/2016 11:38 <JUNCTION> Mes documents [C:\Users\DefaultAppPool\Documents]
21/09/2016 11:38 <JUNCTION> Mod`les [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Templates]
21/09/2016 11:38 <JUNCTION> Recent [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Recent]
21/09/2016 11:38 <JUNCTION> SendTo [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\SendTo]
21/09/2016 11:38 <JUNCTION> Voisinage d'impression [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
21/09/2016 11:38 <JUNCTION> Voisinage r seau [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
0 fichier(s) 0 octets
R pertoire de C:\Users\DefaultAppPool\AppData\Local
21/09/2016 11:38 <JUNCTION> Application Data [C:\Users\DefaultAppPool\AppData\Local]
21/09/2016 11:38 <JUNCTION> Historique [C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\History]
21/09/2016 11:38 <JUNCTION> Temporary Internet Files [C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\INetCache]
0 fichier(s) 0 octets
R pertoire de C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows
21/09/2016 11:38 <JUNCTION> Temporary Internet Files [C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\INetCache]
0 fichier(s) 0 octets
R pertoire de C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu
21/09/2016 11:38 <JUNCTION> Programmes [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]
0 fichier(s) 0 octets
R pertoire de C:\Users\DefaultAppPool\Documents
21/09/2016 11:38 <JUNCTION> Ma musique [C:\Users\DefaultAppPool\Music]
21/09/2016 11:38 <JUNCTION> Mes images [C:\Users\DefaultAppPool\Pictures]
21/09/2016 11:38 <JUNCTION> Mes vid os [C:\Users\DefaultAppPool\Videos]
0 fichier(s) 0 octets
R pertoire de C:\Users\judaicstore
21/09/2016 11:38 <JUNCTION> Application Data [C:\Users\judaicstore\AppData\Roaming]
21/09/2016 11:38 <JUNCTION> Cookies [C:\Users\judaicstore\AppData\Local\Microsoft\Windows\INetCookies]
21/09/2016 11:38 <JUNCTION> Local Settings [C:\Users\judaicstore\AppData\Local]
21/09/2016 11:38 <JUNCTION> Menu D marrer [C:\Users\judaicstore\AppData\Roaming\Microsoft\Windows\Start Menu]
21/09/2016 11:38 <JUNCTION> Mes documents [C:\Users\judaicstore\Documents]
21/09/2016 11:38 <JUNCTION> Mod`les [C:\Users\judaicstore\AppData\Roaming\Microsoft\Windows\Templates]
21/09/2016 11:38 <JUNCTION> Recent [C:\Users\judaicstore\AppData\Roaming\Microsoft\Windows\Recent]
21/09/2016 11:38 <JUNCTION> SendTo [C:\Users\judaicstore\AppData\Roaming\Microsoft\Windows\SendTo]
21/09/2016 11:38 <JUNCTION> Voisinage d'impression [C:\Users\judaicstore\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
21/09/2016 11:38 <JUNCTION> Voisinage r seau [C:\Users\judaicstore\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
0 fichier(s) 0 octets
R pertoire de C:\Users\judaicstore\AppData\Local
21/09/2016 11:38 <JUNCTION> Application Data [C:\Users\judaicstore\AppData\Local]
21/09/2016 11:38 <JUNCTION> Historique [C:\Users\judaicstore\AppData\Local\Microsoft\Windows\History]
21/09/2016 11:38 <JUNCTION> Temporary Internet Files [C:\Users\judaicstore\AppData\Local\Microsoft\Windows\INetCache]
0 fichier(s) 0 octets
R pertoire de C:\Users\judaicstore\AppData\Local\Microsoft\Windows
21/09/2016 11:38 <JUNCTION> Temporary Internet Files [C:\Users\judaicstore\AppData\Local\Microsoft\Windows\INetCache]
0 fichier(s) 0 octets
R pertoire de C:\Users\judaicstore\AppData\Local\Microsoft\Windows\INetCache
21/09/2016 12:47 <JUNCTION> Content.IE5 [C:\Users\judaicstore\AppData\Local\Microsoft\Windows\INetCache\IE]
0 fichier(s) 0 octets
R pertoire de C:\Users\judaicstore\AppData\Roaming\Microsoft\Windows\Start Menu
21/09/2016 11:38 <JUNCTION> Programmes [C:\Users\judaicstore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]
0 fichier(s) 0 octets
R pertoire de C:\Users\judaicstore\Documents
21/09/2016 11:38 <JUNCTION> Ma musique [C:\Users\judaicstore\Music]
21/09/2016 11:38 <JUNCTION> Mes images [C:\Users\judaicstore\Pictures]
21/09/2016 11:38 <JUNCTION> Mes vid os [C:\Users\judaicstore\Videos]
0 fichier(s) 0 octets
R pertoire de C:\Users\Public\Documents
31/03/2016 14:02 <JUNCTION> Ma musique [C:\Users\Public\Music]
31/03/2016 14:02 <JUNCTION> Mes images [C:\Users\Public\Pictures]
31/03/2016 14:02 <JUNCTION> Mes vid os [C:\Users\Public\Videos]
14/07/2009 06:08 <JUNCTION> My Music [C:\Users\Public\Music]
14/07/2009 06:08 <JUNCTION> My Pictures [C:\Users\Public\Pictures]
14/07/2009 06:08 <JUNCTION> My Videos [C:\Users\Public\Videos]
0 fichier(s) 0 octets
Total des fichiers list sÿ:
0 fichier(s) 0 octets
127 R p(s) 128 095 526 912 octets libres

[color=#A23BEC]< MD5 for: AFD.SYS >[/color]
[2016/10/15 05:21:41 | 000,584,032 | ---- | M] (Microsoft Corporation) MD5=323AA1953ED9C01E23F740FA891FE064 -- C:\Windows\WinSxS\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_10.0.14393.351_none_11b1707cfc6343c4\afd.sys
[2016/10/30 17:08:25 | 000,040,290 | ---- | M] () MD5=5007CE8ACA8BDB690462953110C6F3D4 -- C:\Windows\WinSxS\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_10.0.14393.0_none_055cae0d751fc3b7\afd.sys
[2016/10/15 05:21:41 | 000,584,032 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\SysNative\drivers\afd.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2016/10/09 13:58:41 | 000,000,012 | ---- | M] () MD5=71CEAB07D94C8DE1EB4663C0ED3D50B8 -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_10.0.14393.0_none_0aac9395383c7303\atapi.sys
[2016/07/16 12:41:53 | 000,028,512 | ---- | M] (Microsoft Corporation) MD5=A10F989A812B57B9695F6C305907C9C6 -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_10.0.14393.206_none_173c652cbf52e8e7\atapi.sys
[2016/07/16 12:41:53 | 000,028,512 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\SysNative\drivers\atapi.sys
[2016/07/16 12:41:53 | 000,028,512 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_1f12e6cb61874561\atapi.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2016/07/16 12:41:53 | 000,173,056 | ---- | M] (Microsoft Corporation) MD5=613D0137C269187FA298A157E3D14A18 -- C:\Windows\WinSxS\amd64_cdrom.inf_31bf3856ad364e35_10.0.14393.0_none_8d1dc75dba7a0eb1\cdrom.sys
[2016/07/16 12:41:53 | 000,173,056 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\SysNative\drivers\cdrom.sys
[2016/07/16 12:41:53 | 000,173,056 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_a6b404d9034c85a3\cdrom.sys

[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2016/11/02 11:59:45 | 004,673,304 | ---- | M] (Microsoft Corporation) MD5=43BF96FCF50945BE35C22206980C9068 -- C:\Windows\SoftwareDistribution\Download\9bddd7396db220e25747b2e1eeb9a0c1\amd64_microsoft-windows-explorer_31bf3856ad364e35_10.0.14393.447_none_8b8ea88b17a50c73\explorer.exe
[2016/10/30 16:58:49 | 000,210,133 | ---- | M] () MD5=5EB400F6BFA0499624FCFB4632425907 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_10.0.14393.0_none_7f29128d906f1326\explorer.exe
[2016/10/30 17:12:25 | 000,273,068 | ---- | M] () MD5=85A9872A7FA1F5F4E7E5C72CCF689B78 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_10.0.14393.0_none_897dbcdfc4cfd521\explorer.exe
[2016/10/15 05:26:14 | 004,673,304 | ---- | M] (Microsoft Corporation) MD5=A470FC325D5F69D6B171A5F28232BD4F -- C:\Windows\explorer.exe
[2016/10/15 05:26:14 | 004,673,304 | ---- | M] (Microsoft Corporation) MD5=A470FC325D5F69D6B171A5F28232BD4F -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_10.0.14393.351_none_8b7dd4fd17b29333\explorer.exe
[2016/11/02 12:04:36 | 004,312,248 | ---- | M] (Microsoft Corporation) MD5=C29554D34BC2B4DFBC4C5C761F786179 -- C:\Windows\SoftwareDistribution\Download\9bddd7396db220e25747b2e1eeb9a0c1\wow64_microsoft-windows-explorer_31bf3856ad364e35_10.0.14393.447_none_95e352dd4c05ce6e\explorer.exe
[2016/10/15 05:14:42 | 004,311,736 | ---- | M] (Microsoft Corporation) MD5=E8EDC4785646866E8CE0573D1935FDFB -- C:\Windows\SysWOW64\explorer.exe
[2016/10/15 05:14:42 | 004,311,736 | ---- | M] (Microsoft Corporation) MD5=E8EDC4785646866E8CE0573D1935FDFB -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_10.0.14393.351_none_95d27f4f4c13552e\explorer.exe

[color=#A23BEC]< MD5 for: I8042PRT.SYS >[/color]
[2016/10/09 11:33:14 | 000,000,012 | ---- | M] () MD5=71CEAB07D94C8DE1EB4663C0ED3D50B8 -- C:\Windows\WinSxS\amd64_dual_keyboard.inf_31bf3856ad364e35_10.0.14393.0_none_399bf1fd50502494\i8042prt.sys
[2016/07/16 12:41:54 | 000,114,176 | ---- | M] (Microsoft Corporation) MD5=B54B30992620C97230013A74461C8517 -- C:\Windows\WinSxS\amd64_dual_keyboard.inf_31bf3856ad364e35_10.0.14393.206_none_462bc394d7669a78\i8042prt.sys
[2016/07/16 12:41:54 | 000,114,176 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\SysNative\drivers\i8042prt.sys
[2016/07/16 12:41:54 | 000,114,176 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\SysNative\DriverStore\FileRepository\keyboard.inf_amd64_fde65065f51e7459\i8042prt.sys

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2016/10/05 11:22:30 | 001,181,536 | ---- | M] (Microsoft Corporation) MD5=D5564FC81350458ED570528C4E3B1CCF -- C:\Windows\WinSxS\amd64_microsoft-windows-ndis-minwin_31bf3856ad364e35_10.0.14393.321_none_933f1be3c5e9dc5e\ndis.sys
[2016/10/15 20:12:54 | 000,038,911 | ---- | M] () MD5=D7ED57567267595AC70FE6B4B6AD970B -- C:\Windows\WinSxS\amd64_microsoft-windows-ndis-minwin_31bf3856ad364e35_10.0.14393.0_none_86c9e9b03ebeb024\ndis.sys
[2016/10/05 11:22:30 | 001,181,536 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\SysNative\drivers\ndis.sys

[color=#A23BEC]< MD5 for: NETBT.SYS >[/color]
[2016/07/16 12:42:35 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=6FEBB0A847FFD5F057B9AC8889F1B9A7 -- C:\Windows\WinSxS\amd64_microsoft-windows-netbt-minwin_31bf3856ad364e35_10.0.14393.0_none_1920ecbcee926a45\netbt.sys
[2016/07/16 12:42:35 | 000,279,040 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\SysNative\drivers\netbt.sys

[color=#A23BEC]< MD5 for: TDX.SYS >[/color]
[2016/07/16 12:42:27 | 000,118,112 | ---- | M] (Microsoft Corporation) MD5=9D2DD64A0B51C56285512DC9454340F6 -- C:\Windows\WinSxS\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_10.0.14393.0_none_17b233c6f2c84d1e\tdx.sys
[2016/07/16 12:42:27 | 000,118,112 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\SysNative\drivers\tdx.sys

[color=#A23BEC]< MD5 for: VOLSNAP.SYS >[/color]
[2016/07/16 12:42:35 | 000,391,520 | ---- | M] (Microsoft Corporation) MD5=BF2546583BB75F01DDA60A7921DFB230 -- C:\Windows\WinSxS\amd64_microsoft-windows-volsnap_31bf3856ad364e35_10.0.14393.0_none_8c9e6103b822e42e\volsnap.sys
[2016/07/16 12:42:35 | 000,391,520 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\SysNative\drivers\volsnap.sys

[color=#A23BEC]< MD5 for: WININIT.EXE >[/color]
[2016/07/16 12:42:27 | 000,304,240 | ---- | M] (Microsoft Corporation) MD5=99A19C9A74E2F9820E501DCE77F84F70 -- C:\WINDOWS\SysNative\wininit.exe
[2016/07/16 12:42:27 | 000,304,240 | ---- | M] (Microsoft Corporation) MD5=99A19C9A74E2F9820E501DCE77F84F70 -- C:\Windows\WinSxS\amd64_microsoft-windows-wininit_31bf3856ad364e35_10.0.14393.0_none_5e67244a1b034b09\wininit.exe

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2016/10/30 17:08:22 | 000,044,531 | ---- | M] () MD5=0653215B4AAF91CF63A71B9E300CE4CE -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_10.0.14393.0_none_9d376c91eba4205c\winlogon.exe
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2016/10/15 04:36:59 | 000,673,792 | ---- | M] (Microsoft Corporation) MD5=D243745884BCBC21E91AB569A0AD514E -- C:\WINDOWS\SysNative\winlogon.exe
[2016/10/15 04:36:59 | 000,673,792 | ---- | M] (Microsoft Corporation) MD5=D243745884BCBC21E91AB569A0AD514E -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_10.0.14393.351_none_a98c2f0172e7a069\winlogon.exe

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:7631EA83

< End of report >

Signaler le contenu de ce document