cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ÿþOTL logfile created on: 29/07/2015 18:32:10 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ROMU\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17631)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,89 Gb Total Physical Memory | 2,30 Gb Available Physical Memory | 59,17% Memory free
4,57 Gb Paging File | 2,90 Gb Available in Paging File | 63,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186,30 Gb Total Space | 34,48 Gb Free Space | 18,51% Space Free | Partition Type: NTFS
Drive D: | 258,44 Gb Total Space | 211,69 Gb Free Space | 81,91% Space Free | Partition Type: NTFS
Drive E: | 6,53 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 14,43 Gb Total Space | 12,90 Gb Free Space | 89,42% Space Free | Partition Type: FAT32

Computer Name: PCROMU | User Name: ROMU | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2015/07/29 18:19:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ROMU\Downloads\OTL.exe
PRC - [2015/07/29 08:02:06 | 000,348,672 | ---- | M] () -- C:\Program Files (x86)\58435451-1433529913-3054-4232-50465D31B7DC\knsn774C.tmp
PRC - [2015/07/28 13:05:36 | 000,155,648 | ---- | M] () -- C:\ProgramData\Vajniihdaos\1.0.4.1\nsuuerid.exe
PRC - [2015/07/28 10:58:45 | 003,423,920 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe
PRC - [2015/07/26 17:16:31 | 008,016,511 | ---- | M] () -- C:\Program Files (x86)\Stormy Way\Stormy Way.exe
PRC - [2015/07/26 17:16:12 | 000,159,744 | ---- | M] () -- C:\ProgramData\Avebsumeut\1.0.4.1\guuefnaa.exe
PRC - [2015/07/03 21:04:48 | 002,732,000 | ---- | M] (Useful Technology) -- C:\ProgramData\FoouBxBsXph\uwUBfD.exe
PRC - [2015/07/01 04:30:24 | 000,377,000 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2015/06/05 20:46:03 | 000,167,424 | ---- | M] () -- C:\Users\ROMU\AppData\Roaming\58435451-1433529913-3054-4232-50465D31B7DC\hnsd13E.tmp
PRC - [2015/06/05 20:45:58 | 000,223,232 | ---- | M] () -- C:\Users\ROMU\AppData\Roaming\58435451-1433529913-3054-4232-50465D31B7DC\jnsgC7DD.tmp
PRC - [2015/06/05 19:12:09 | 000,408,576 | ---- | M] () -- c:\Windows\mfic.exe
PRC - [2015/06/05 19:12:08 | 000,417,792 | ---- | M] () -- c:\Windows\fic.exe
PRC - [2013/01/07 21:53:22 | 000,340,992 | ---- | M] () -- C:\ProgramData\CloudSoft\SaveAs\SaveAs.exe
PRC - [2012/10/31 13:09:50 | 000,020,352 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
PRC - [2012/09/14 14:14:16 | 000,328,064 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2012/09/11 17:06:52 | 000,184,704 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2012/09/11 12:41:14 | 000,106,880 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2012/08/06 15:56:14 | 000,590,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
PRC - [2012/07/24 19:21:22 | 001,123,536 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
PRC - [2012/07/17 17:54:20 | 000,178,848 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2012/07/17 15:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012/07/17 15:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012/06/27 13:47:02 | 000,129,856 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/06/25 11:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/05/28 11:04:48 | 000,113,312 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
PRC - [2012/04/13 11:14:00 | 000,277,120 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
PRC - [2011/11/21 15:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009/09/13 00:09:10 | 000,103,768 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2009/09/13 00:09:04 | 000,550,232 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2015/07/28 13:05:36 | 000,155,648 | ---- | M] () -- C:\ProgramData\Vajniihdaos\1.0.4.1\nsuuerid.exe
MOD - [2015/07/28 10:58:45 | 017,448,624 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll
MOD - [2015/07/26 17:16:12 | 000,159,744 | ---- | M] () -- C:\ProgramData\Avebsumeut\1.0.4.1\guuefnaa.exe
MOD - [2015/02/20 15:01:15 | 007,993,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\20af51394609c937507288c2b1cf2c8c\System.ni.dll
MOD - [2015/02/20 15:01:09 | 011,499,520 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3de119146ed0e59408f896aa69cdfc42\mscorlib.ni.dll
MOD - [2015/02/20 13:38:19 | 005,287,936 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
MOD - [2015/02/20 13:38:19 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.resources.dll
MOD - [2013/08/17 02:06:32 | 002,052,096 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2013/08/17 02:06:30 | 003,198,976 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2013/08/17 02:06:29 | 002,972,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2013/08/17 02:06:29 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2013/08/17 02:06:25 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.resources\2.0.0.0_fr_b77a5c561934e089\System.resources.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2015/02/20 13:45:03 | 000,229,888 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:[b]64bit:[/b] - [2014/11/21 05:28:10 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:[b]64bit:[/b] - [2014/11/21 02:23:53 | 000,347,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:[b]64bit:[/b] - [2014/11/21 02:23:53 | 000,023,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:[b]64bit:[/b] - [2014/11/21 01:19:54 | 000,154,112 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:[b]64bit:[/b] - [2014/11/21 01:19:45 | 001,668,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:[b]64bit:[/b] - [2014/11/21 01:19:09 | 000,780,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:[b]64bit:[/b] - [2014/11/21 01:19:03 | 000,562,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:[b]64bit:[/b] - [2014/11/21 01:19:01 | 000,074,752 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:[b]64bit:[/b] - [2014/11/21 01:19:00 | 000,067,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:[b]64bit:[/b] - [2014/11/21 01:18:55 | 000,550,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:[b]64bit:[/b] - [2014/11/21 01:18:55 | 000,374,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:[b]64bit:[/b] - [2014/11/21 01:18:51 | 000,166,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:[b]64bit:[/b] - [2014/11/21 01:18:42 | 003,460,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:[b]64bit:[/b] - [2014/11/21 01:18:41 | 001,639,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:[b]64bit:[/b] - [2014/11/21 01:18:41 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:[b]64bit:[/b] - [2014/11/21 01:18:40 | 000,041,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:[b]64bit:[/b] - [2014/11/21 01:18:38 | 000,131,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:[b]64bit:[/b] - [2014/11/21 01:18:37 | 000,260,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:[b]64bit:[/b] - [2014/11/21 01:18:36 | 000,521,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:[b]64bit:[/b] - [2014/11/21 01:18:32 | 000,407,040 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:[b]64bit:[/b] - [2014/11/21 01:18:32 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:[b]64bit:[/b] - [2014/11/21 01:18:32 | 000,206,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:[b]64bit:[/b] - [2014/11/21 01:18:31 | 000,262,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:[b]64bit:[/b] - [2014/11/21 01:18:27 | 000,294,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:[b]64bit:[/b] - [2014/11/21 01:18:27 | 000,121,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:[b]64bit:[/b] - [2014/11/21 01:18:27 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:[b]64bit:[/b] - [2014/11/21 01:18:27 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:[b]64bit:[/b] - [2014/11/21 01:18:22 | 001,348,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:[b]64bit:[/b] - [2014/11/21 01:18:16 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:[b]64bit:[/b] - [2014/11/21 01:18:16 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:[b]64bit:[/b] - [2014/11/21 01:18:16 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:[b]64bit:[/b] - [2014/11/21 01:18:16 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:[b]64bit:[/b] - [2014/11/21 01:18:16 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:[b]64bit:[/b] - [2014/11/21 01:18:16 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:[b]64bit:[/b] - [2014/11/21 01:18:16 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:[b]64bit:[/b] - [2014/11/21 01:18:01 | 000,838,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:[b]64bit:[/b] - [2014/11/21 01:18:01 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:[b]64bit:[/b] - [2014/11/21 01:17:56 | 002,987,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:[b]64bit:[/b] - [2014/11/21 01:17:55 | 000,324,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\BthHFSrv.dll -- (BthHFSrv)
SRV:[b]64bit:[/b] - [2012/08/14 12:03:42 | 000,027,792 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV:[b]64bit:[/b] - [2012/04/20 15:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:[b]64bit:[/b] - [2011/12/16 11:37:38 | 005,827,072 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV:[b]64bit:[/b] - [2009/11/13 12:28:38 | 000,129,536 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2015/07/29 08:02:06 | 000,348,672 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\58435451-1433529913-3054-4232-50465D31B7DC\knsn774C.tmp -- (ligexyci)
SRV - [2015/07/28 10:58:45 | 000,268,976 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/07/26 17:16:31 | 008,016,511 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Stormy Way\Stormy Way.exe -- (Stormy Way)
SRV - [2015/07/03 21:04:48 | 002,732,000 | ---- | M] (Useful Technology) [Auto | Running] -- C:\ProgramData\FoouBxBsXph\uwUBfD.exe -- (uwUBfD)
SRV - [2015/07/01 04:30:36 | 000,148,136 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015/06/05 20:46:03 | 000,167,424 | ---- | M] () [Auto | Running] -- C:\Users\ROMU\AppData\Roaming\58435451-1433529913-3054-4232-50465D31B7DC\hnsd13E.tmp -- (dequzody)
SRV - [2015/06/05 20:45:58 | 000,223,232 | ---- | M] () [Auto | Running] -- C:\Users\ROMU\AppData\Roaming\58435451-1433529913-3054-4232-50465D31B7DC\jnsgC7DD.tmp -- (cybusyro)
SRV - [2015/06/05 19:12:09 | 000,408,576 | ---- | M] () [Auto | Running] -- c:\Windows\mfic.exe -- (mfic)
SRV - [2015/06/05 19:12:08 | 000,417,792 | ---- | M] () [Auto | Running] -- c:\Windows\fic.exe -- (fic)
SRV - [2014/11/21 01:19:24 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2014/11/21 01:18:02 | 000,367,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2014/11/21 01:18:02 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2014/11/21 01:17:56 | 002,987,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2014/01/30 00:02:44 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/09/11 12:41:14 | 000,106,880 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2012/07/17 15:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/17 15:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/06/27 13:47:02 | 000,129,856 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012/06/25 11:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/04/13 11:14:00 | 000,277,120 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe -- (ASUS InstantOn)
SRV - [2011/11/21 15:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2015/02/20 13:40:46 | 000,075,776 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:[b]64bit:[/b] - [2014/11/21 02:23:53 | 000,257,880 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:[b]64bit:[/b] - [2014/11/21 02:23:53 | 000,123,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:[b]64bit:[/b] - [2014/11/21 02:23:53 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:[b]64bit:[/b] - [2014/11/21 01:57:07 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:[b]64bit:[/b] - [2014/11/21 01:20:09 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:[b]64bit:[/b] - [2014/11/21 01:19:56 | 000,027,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2014/11/21 01:19:54 | 000,054,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:[b]64bit:[/b] - [2014/11/21 01:18:54 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:[b]64bit:[/b] - [2014/11/21 01:18:51 | 000,136,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:[b]64bit:[/b] - [2014/11/21 01:18:51 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:[b]64bit:[/b] - [2014/11/21 01:18:51 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:[b]64bit:[/b] - [2014/11/21 01:18:49 | 000,921,920 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:[b]64bit:[/b] - [2014/11/21 01:18:36 | 000,146,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:[b]64bit:[/b] - [2014/11/21 01:17:57 | 000,086,336 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:[b]64bit:[/b] - [2014/11/21 01:17:57 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2014/11/21 01:17:55 | 000,467,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:[b]64bit:[/b] - [2014/11/21 01:17:55 | 000,415,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:[b]64bit:[/b] - [2014/11/21 01:17:55 | 000,324,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:[b]64bit:[/b] - [2014/11/21 01:17:55 | 000,238,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2014/11/21 01:17:55 | 000,189,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:[b]64bit:[/b] - [2014/11/21 01:17:55 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:[b]64bit:[/b] - [2014/11/21 01:17:55 | 000,069,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:[b]64bit:[/b] - [2014/11/21 01:17:55 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:[b]64bit:[/b] - [2014/11/21 01:17:55 | 000,039,744 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:[b]64bit:[/b] - [2014/11/21 00:55:05 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:[b]64bit:[/b] - [2014/11/21 00:54:51 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:[b]64bit:[/b] - [2014/11/21 00:54:51 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:[b]64bit:[/b] - [2014/11/21 00:54:51 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:[b]64bit:[/b] - [2014/11/21 00:54:51 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:[b]64bit:[/b] - [2014/11/21 00:27:16 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:[b]64bit:[/b] - [2014/01/30 00:02:28 | 005,363,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2013/08/22 15:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:[b]64bit:[/b] - [2013/08/22 15:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2013/08/22 14:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:[b]64bit:[/b] - [2013/08/22 14:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:[b]64bit:[/b] - [2013/08/22 14:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:[b]64bit:[/b] - [2013/08/22 14:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:[b]64bit:[/b] - [2013/08/22 14:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:[b]64bit:[/b] - [2013/08/22 14:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2013/08/22 14:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2013/08/22 14:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:[b]64bit:[/b] - [2013/08/22 14:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2013/08/22 14:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:[b]64bit:[/b] - [2013/08/22 14:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:[b]64bit:[/b] - [2013/08/22 14:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2013/08/22 14:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2013/08/22 14:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:[b]64bit:[/b] - [2013/08/22 14:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2013/08/22 14:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:[b]64bit:[/b] - [2013/08/22 14:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:[b]64bit:[/b] - [2013/08/22 14:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2013/08/22 14:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:[b]64bit:[/b] - [2013/08/22 14:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:[b]64bit:[/b] - [2013/08/22 14:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2013/08/22 14:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:[b]64bit:[/b] - [2013/08/22 14:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:[b]64bit:[/b] - [2013/08/22 14:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:[b]64bit:[/b] - [2013/08/22 14:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:[b]64bit:[/b] - [2013/08/22 14:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:[b]64bit:[/b] - [2013/08/22 13:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:[b]64bit:[/b] - [2013/08/22 13:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:[b]64bit:[/b] - [2013/08/22 13:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:[b]64bit:[/b] - [2013/08/22 13:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:[b]64bit:[/b] - [2013/08/22 13:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:[b]64bit:[/b] - [2013/08/22 13:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:[b]64bit:[/b] - [2013/08/22 13:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:[b]64bit:[/b] - [2013/08/22 13:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:[b]64bit:[/b] - [2013/08/22 13:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:[b]64bit:[/b] - [2013/08/22 13:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:[b]64bit:[/b] - [2013/08/22 13:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:[b]64bit:[/b] - [2013/08/22 13:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2013/08/22 13:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:[b]64bit:[/b] - [2013/08/22 13:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:[b]64bit:[/b] - [2013/08/22 13:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:[b]64bit:[/b] - [2013/08/22 10:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:[b]64bit:[/b] - [2013/08/13 01:25:46 | 000,017,624 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:[b]64bit:[/b] - [2013/08/10 02:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:[b]64bit:[/b] - [2013/07/30 20:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:[b]64bit:[/b] - [2013/07/25 21:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:[b]64bit:[/b] - [2013/07/25 21:05:37 | 002,607,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:[b]64bit:[/b] - [2013/06/18 16:44:59 | 000,129,224 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C63x64.sys -- (L1C)
DRV:[b]64bit:[/b] - [2012/12/08 18:38:38 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:[b]64bit:[/b] - [2012/10/31 13:10:00 | 000,061,824 | ---- | M] (ASUS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AsusTP.sys -- (ATP)
DRV:[b]64bit:[/b] - [2012/08/14 12:03:34 | 002,206,352 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:[b]64bit:[/b] - [2012/08/02 05:22:48 | 000,014,992 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:[b]64bit:[/b] - [2012/07/24 19:21:22 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger)
DRV:[b]64bit:[/b] - [2012/07/24 05:16:28 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:[b]64bit:[/b] - [2012/07/02 16:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:[b]64bit:[/b] - [2012/06/19 01:40:50 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:[b]64bit:[/b] - [2012/05/31 05:47:44 | 000,021,152 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AsHIDSwitch64.sys -- (HIDSwitch)
DRV:[b]64bit:[/b] - [2010/07/30 07:51:52 | 000,020,552 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv)
DRV:[b]64bit:[/b] - [2009/09/08 19:13:16 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:[b]64bit:[/b] - [2009/02/13 12:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2013/12/30 03:54:22 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2011/09/07 10:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2010/07/30 07:51:50 | 000,018,120 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2009/07/02 18:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{55744BF0-1BF3-F908-FE95-7F814CE698D3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{FA475B2F-1B7A-4F8E-B0F2-30D63BCD2B7F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1356767742-894707005-3705527753-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-1356767742-894707005-3705527753-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-1356767742-894707005-3705527753-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1356767742-894707005-3705527753-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1356767742-894707005-3705527753-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1356767742-894707005-3705527753-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1356767742-894707005-3705527753-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.countryCode: "FR"
FF - prefs.js..browser.search.defaultenginename: "Google Default"
FF - prefs.js..browser.search.region: "FR"
FF - prefs.js..browser.search.searchengine.desc: "this is my first firefox searchEngine"
FF - prefs.js..browser.search.searchengine.ptid: "face"
FF - prefs.js..browser.search.searchengine.uid: "HitachiXHTS545050A7E380_TE85123Q06WHTW06WHTWX"
FF - prefs.js..browser.search.selectedEngine: "webssearches"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: magit%40magit.com:1.0
FF - prefs.js..extensions.enabledAddons: veggy%40veggyAddon.com:2.107529
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:39.0
FF - user.js - File not found

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{c3357769-3570-481c-9554-97865d9054e4}: C:\PROGRAM FILES\SHOPPERZ\FIREFOX
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{628f215e-0803-40f0-a52d-25e9ab679f78}: C:\PROGRAM FILES\SHOPPERZ27072015\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{c3357769-3570-481c-9554-97865d9054e4}: C:\Program Files\shopperz\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{628f215e-0803-40f0-a52d-25e9ab679f78}: C:\Program Files\shopperz27072015\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 39.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 39.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK

[2015/07/28 10:50:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ROMU\AppData\Roaming\mozilla\Extensions
[2012/12/05 15:26:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ROMU\AppData\Roaming\mozilla\Firefox\extensions
[2012/12/05 15:26:46 | 000,000,000 | ---D | M] (uTorrentBar_FR) -- C:\Users\ROMU\AppData\Roaming\mozilla\Firefox\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}
[2015/07/29 18:08:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ROMU\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2015/07/29 09:39:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ROMU\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions
[2015/07/03 21:13:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ROMU\AppData\Roaming\mozilla\Firefox\Profiles\extensions\searchplugins
[2015/07/29 10:57:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ROMU\AppData\Roaming\mozilla\Firefox\Profiles\0\extensions
[2015/07/28 17:12:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ROMU\AppData\Roaming\mozilla\Firefox\Profiles\0\extensions\staged
[2015/07/29 18:14:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ROMU\AppData\Roaming\mozilla\Firefox\Profiles\anexiguq.default\extensions
[2015/07/28 14:29:47 | 000,000,000 | ---D | M] ("Magnify It") -- C:\Users\ROMU\AppData\Roaming\mozilla\Firefox\Profiles\anexiguq.default\extensions\magit@magit.com
[2015/07/29 18:14:07 | 000,000,000 | ---D | M] ("Mozilla Firefox Hotfixer") -- C:\Users\ROMU\AppData\Roaming\mozilla\Firefox\Profiles\anexiguq.default\extensions\veggy@veggyAddon.com
[2015/07/28 17:12:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ROMU\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions\staged
[2015/07/29 08:42:35 | 000,008,889 | ---- | M] () (No name found) -- C:\Users\ROMU\AppData\Roaming\mozilla\firefox\profiles\0\extensions\{ca4effac-0561-4c62-8177-ccdd50bd5f33}.xpi
[2015/07/29 08:42:35 | 000,008,889 | ---- | M] () (No name found) -- C:\Users\ROMU\AppData\Roaming\mozilla\firefox\profiles\anexiguq.default\extensions\{ca4effac-0561-4c62-8177-ccdd50bd5f33}.xpi
[2015/07/28 17:20:41 | 000,963,213 | ---- | M] () (No name found) -- C:\Users\ROMU\AppData\Roaming\mozilla\firefox\profiles\anexiguq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/11/29 16:47:10 | 000,197,580 | ---- | M] () (No name found) -- C:\Users\ROMU\AppData\Roaming\mozilla\firefox\profiles\extensions\ftdownloader@ftdownloader.com.xpi
[2015/07/29 08:42:35 | 000,008,889 | ---- | M] () (No name found) -- C:\Users\ROMU\AppData\Roaming\mozilla\firefox\profiles\extensions\extensions\{ca4effac-0561-4c62-8177-ccdd50bd5f33}.xpi
[2015/07/29 09:33:42 | 000,002,382 | ---- | M] () -- C:\Users\ROMU\AppData\Roaming\mozilla\firefox\profiles\anexiguq.default\searchplugins\google-default.xml
[2015/07/28 10:49:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/07/28 10:49:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2013/08/22 15:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O3 - HKU\S-1-5-21-1356767742-894707005-3705527753-1001\..\Toolbar\WebBrowser: (no name) - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [3D BubbleSound] "C:\Program Files\BubbleSound\3D BubbleSound.exe" File not found
O4:[b]64bit:[/b] - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [prtstart] C:\Program Files\shopperz27072015\dr_inst.exe url=aHR0cDovL2Nkcy5zNm01bTlkNy5od2Nkbi5uZXQvYWRkb24vcHIvMjcwNzIwMTUvcHJjNjQuZXhl lpath=QzpcUHJvZ3JhbSBGaWxlc1xzaG9wcGVyejI3MDcyMDE1XHByYy5leGU= time=1 cl=LWluc3RhbGw= File not found
O4:[b]64bit:[/b] - HKLM..\Run: [SpaceSoundPro] "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe" File not found
O4:[b]64bit:[/b] - HKLM..\Run: [Windesk Winsearch] C:\Program Files (x86)\WindeskWinsearch\Windesk Winsearch.exe File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [gmsd_fr_004010020] File not found
O4 - HKLM..\Run: [gmsd_fr_598] File not found
O4 - HKLM..\Run: [gmsd_fr_610] File not found
O4 - HKLM..\Run: [gmsd_fr_618] File not found
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe File not found
O4 - HKLM..\Run: [mbot_fr_641] File not found
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-1356767742-894707005-3705527753-1001..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe File not found
O4 - HKU\S-1-5-21-1356767742-894707005-3705527753-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1356767742-894707005-3705527753-1001..\Run: [GoogleChromeAutoLaunch_86AEFA36D8357027F230CC040355407F] "C:\Users\ROMU\AppData\Local\Chromium\Application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session File not found
O4 - HKU\S-1-5-21-1356767742-894707005-3705527753-1001..\Run: [GoogleChromeAutoLaunch_8D661CF3FD14EAEFD4E70352578F8B91] "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" --no-startup-window File not found
O4 - HKU\S-1-5-21-1356767742-894707005-3705527753-1001..\Run: [Web Companion] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize File not found
O4 - Startup: C:\Users\ROMU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1356767742-894707005-3705527753-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1356767742-894707005-3705527753-1001\..Trusted Domains: localhost ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1356767742-894707005-3705527753-1001\..Trusted Domains: webcompanion.com ([]http in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{326607d1-b8f6-11e4-824e-806e6f6e6963}: NameServer = 52.18.92.32,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E193832-AAB2-4ADE-8397-C8D16A27A44C}: NameServer = 52.18.92.32,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CEF97C16-5BA7-4C47-BD2F-EFFC0C306656}: NameServer = 52.18.92.32,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F32252FF-8073-423C-AE5D-494B231F54A6}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F32252FF-8073-423C-AE5D-494B231F54A6}: NameServer = 52.18.92.32,8.8.8.8
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{e8f68f7c-3c15-11e2-be72-50465d31b7dc}\Shell - "" = AutoRun
O33 - MountPoints2\{e8f68f7c-3c15-11e2-be72-50465d31b7dc}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:[b]64bit:[/b] lfsvc - C:\Windows\SysNative\GeofenceMonitorService.dll (Microsoft Corporation)
NetSvcs:[b]64bit:[/b] wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
NetSvcs:[b]64bit:[/b] DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
NetSvcs:[b]64bit:[/b] NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)


Drivers32:[b]64bit:[/b] msacm.ac3filter - ac3filter64.acm ()
Drivers32:[b]64bit:[/b] msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:[b]64bit:[/b] vidc.xvid - xvidvfw.dll ()
Drivers32: msacm.ac3filter - C:\WINDOWS\SysWow64\ac3filter.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\WINDOWS\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.divx - C:\WINDOWS\SysWow64\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\SysWow64\ff_vfw.dll ()

ActiveX:[b]64bit:[/b] {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:[b]64bit:[/b] {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
ActiveX:[b]64bit:[/b] {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:[b]64bit:[/b] {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:[b]64bit:[/b] {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:[b]64bit:[/b] {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:[b]64bit:[/b] {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:[b]64bit:[/b] {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:[b]64bit:[/b] {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:[b]64bit:[/b] {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:[b]64bit:[/b] {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:[b]64bit:[/b] {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:[b]64bit:[/b] {78E345F7-E976-3595-9C30-2458D6A8EC32} - .NET Framework
ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4340} - U
ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:[b]64bit:[/b] {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
ActiveX:[b]64bit:[/b] {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:[b]64bit:[/b] {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:[b]64bit:[/b] {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:[b]64bit:[/b] {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:[b]64bit:[/b] {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:[b]64bit:[/b] >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EC43E638-09F0-38CC-A585-72FCCDDF035C} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2015/07/29 18:15:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser
[2015/07/29 18:14:17 | 000,000,000 | ---D | C] -- C:\Users\ROMU\AppData\Local\BreakingNewsAlert
[2015/07/29 18:08:30 | 000,000,000 | ---D | C] -- C:\Users\ROMU\AppData\Local\Crossbrowse
[2015/07/29 17:22:15 | 000,000,000 | ---D | C] -- C:\Users\ROMU\AppData\Local\ElevatedDiagnostics
[2015/07/29 13:01:59 | 000,000,000 | ---D | C] -- C:\Users\ROMU\AppData\Local\Cyberlink
[2015/07/29 11:31:28 | 000,000,000 | ---D | C] -- C:\Program Files\shopperz27072015
[2015/07/29 11:21:36 | 000,000,000 | ---D | C] -- C:\Users\ROMU\AppData\Local\Programs
[2015/07/29 11:18:35 | 000,000,000 | ---D | C] -- C:\Users\ROMU\AppData\Local\Macromedia
[2015/07/29 11:18:31 | 000,000,000 | ---D | C] -- C:\Users\ROMU\AppData\Local\Mozilla
[2015/07/29 11:00:20 | 000,000,000 | ---D | C] -- C:\Users\ROMU\AppData\Local\Citrix
[2015/07/29 10:59:48 | 000,000,000 | ---D | C] -- C:\Users\ROMU\AppData\Local\ASUS
[2015/07/29 10:53:27 | 000,000,000 | -HSD | C] -- C:\Users\ROMU\AppData\Local\EmieUserList
[2015/07/29 10:53:27 | 000,000,000 | -HSD | C] -- C:\Users\ROMU\AppData\Local\EmieSiteList
[2015/07/29 10:53:27 | 000,000,000 | -HSD | C] -- C:\Users\ROMU\AppData\Local\EmieBrowserModeList
[2015/07/29 10:12:57 | 000,350,216 | ---- | C] (Abengine) -- C:\WINDOWS\SysNative\acengine64.dll
[2015/07/29 10:12:57 | 000,000,000 | ---D | C] -- C:\ProgramData\7WinManPro7
[2015/07/29 09:38:10 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/07/28 17:12:22 | 000,000,000 | ---D | C] -- C:\Users\ROMU\AppData\Roaming\Nico Mak Computing
[2015/07/28 17:07:31 | 000,000,000 | ---D | C] -- C:\ProgramData\WWinManProW
[2015/07/28 13:49:51 | 000,000,000 | ---D | C] -- C:\ProgramData\9WinManPro9
[2015/07/28 13:05:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Vajniihdaos
[2015/07/28 12:56:48 | 000,000,000 | ---D | C] -- C:\ProgramData\ZombieNews
[2015/07/28 12:49:17 | 000,000,000 | ---D | C] -- C:\ProgramData\rWinManPror
[2015/07/28 11:35:22 | 000,000,000 | ---D | C] -- C:\Program Files\WaInternetEn
[2015/07/28 11:34:07 | 000,000,000 | ---D | C] -- C:\Users\ROMU\AppData\Roaming\Opera Software
[2015/07/28 11:29:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2015/07/28 11:27:53 | 000,000,000 | ---D | C] -- C:\ProgramData\abc
[2015/07/28 11:22:35 | 000,000,000 | ---D | C] -- C:\ProgramData\eWinManProe
[2015/07/28 11:16:13 | 000,000,000 | ---D | C] -- C:\ProgramData\4WinManPro4
[2015/07/28 10:49:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2015/07/28 10:49:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2015/07/28 10:49:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2015/07/28 10:49:13 | 000,000,000 | ---D | C] -- C:\Users\ROMU\AppData\Roaming\TuneUp Software
[2015/07/28 10:47:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2015/07/28 10:47:50 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2015/07/28 10:45:15 | 000,000,000 | ---D | C] -- C:\Users\ROMU\Documents\Freemake
[2015/07/28 10:45:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake
[2015/07/28 10:45:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freemake
[2015/07/28 09:51:32 | 000,000,000 | ---D | C] -- C:\Users\ROMU\Documents\agri video
[2015/07/28 09:50:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2015/07/28 09:49:53 | 000,422,400 | ---- | C] (Lavasoft Limited) -- C:\WINDOWS\SysNative\LavasoftTcpService64.dll
[2015/07/28 09:49:52 | 000,342,016 | ---- | C] (Lavasoft Limited) -- C:\WINDOWS\SysWow64\LavasoftTcpService.dll
[2015/07/28 09:49:01 | 000,000,000 | ---D | C] -- C:\Users\ROMU\AppData\Roaming\Youtube Downloader HD
[2015/07/28 09:01:10 | 000,000,000 | ---D | C] -- C:\Users\ROMU\Desktop\Captvty
[2015/07/26 17:16:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stormy Way
[2015/07/21 18:57:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\58435451-1433529913-3054-4232-50465D31B7DC
[2015/07/03 21:09:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Avebsumeut
[2015/07/03 21:04:48 | 000,000,000 | ---D | C] -- C:\ProgramData\FoouBxBsXph
[2015/06/30 15:55:33 | 000,000,000 | ---D | C] -- C:\ProgramData\12670974670503140408
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2015/07/29 18:30:15 | 000,001,132 | ---- | M] () -- C:\Users\ROMU\Desktop\Continue Live Installation.lnk
[2015/07/29 18:13:46 | 000,001,514 | ---- | M] () -- C:\Users\ROMU\Desktop\firefox - Raccourci.lnk
[2015/07/29 18:13:01 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2015/07/29 18:11:26 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2015/07/29 18:09:41 | 000,000,374 | -H-- | M] () -- C:\WINDOWS\tasks\{0C8FA666-B770-45F8-BFE8-3350B98A781D}.job
[2015/07/29 18:09:25 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2015/07/29 18:09:24 | 3338,510,336 | -HS- | M] () -- C:\hiberfil.sys
[2015/07/29 17:20:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\Optscan.job
[2015/07/29 17:09:00 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\UpdateTask.job
[2015/07/29 17:08:01 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\CallBlockerPro.job
[2015/07/29 16:12:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\Bidaily Synchronize Task[74c7].job
[2015/07/29 10:49:33 | 000,000,004 | ---- | M] () -- C:\WINDOWS\SysWow64\029B560A371F4E00AB32838EBC01B9E7
[2015/07/29 09:37:56 | 002,248,704 | ---- | M] () -- C:\Users\ROMU\Desktop\adwcleaner_4.208.exe
[2015/07/28 18:09:02 | 000,000,042 | ---- | M] () -- C:\Users\ROMU\AppData\Roaming\WB.CFG
[2015/07/28 17:23:45 | 000,812,350 | ---- | M] () -- C:\WINDOWS\SysNative\perfh00C.dat
[2015/07/28 17:23:45 | 000,722,476 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2015/07/28 17:23:45 | 000,159,412 | ---- | M] () -- C:\WINDOWS\SysNative\perfc00C.dat
[2015/07/28 17:23:45 | 000,135,592 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2015/07/28 17:23:44 | 001,824,010 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2015/07/28 11:16:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\prleth.sys
[2015/07/28 11:16:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\hgfs.sys
[2015/07/28 11:08:54 | 000,000,000 | ---- | M] () -- C:\dummy.htm
[2015/07/28 10:45:58 | 000,002,920 | ---- | M] () -- C:\WINDOWS\SysWow64\LavasoftTcpServiceOff.ini
[2015/07/28 10:45:58 | 000,002,920 | ---- | M] () -- C:\WINDOWS\SysNative\LavasoftTcpServiceOff.ini
[2015/07/28 09:49:50 | 000,422,400 | ---- | M] (Lavasoft Limited) -- C:\WINDOWS\SysNative\LavasoftTcpService64.dll
[2015/07/28 09:49:49 | 000,342,016 | ---- | M] (Lavasoft Limited) -- C:\WINDOWS\SysWow64\LavasoftTcpService.dll
[2015/07/13 06:01:32 | 000,350,216 | ---- | M] (Abengine) -- C:\WINDOWS\SysNative\acengine64.dll
[2015/07/03 20:59:15 | 000,002,599 | ---- | M] () -- C:\Users\ROMU\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2015/07/29 18:30:15 | 000,001,132 | ---- | C] () -- C:\Users\ROMU\Desktop\Continue Live Installation.lnk
[2015/07/29 18:13:46 | 000,001,514 | ---- | C] () -- C:\Users\ROMU\Desktop\firefox - Raccourci.lnk
[2015/07/29 09:37:51 | 002,248,704 | ---- | C] () -- C:\Users\ROMU\Desktop\adwcleaner_4.208.exe
[2015/07/28 18:09:02 | 000,000,042 | ---- | C] () -- C:\Users\ROMU\AppData\Roaming\WB.CFG
[2015/07/28 17:09:30 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\UpdateTask.job
[2015/07/28 11:20:01 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\Optscan.job
[2015/07/28 11:16:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\prleth.sys
[2015/07/28 11:16:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hgfs.sys
[2015/07/28 11:08:57 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\CallBlockerPro.job
[2015/07/28 11:08:54 | 000,000,000 | ---- | C] () -- C:\dummy.htm
[2015/07/28 10:58:45 | 000,001,002 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2015/07/28 09:49:56 | 000,002,920 | ---- | C] () -- C:\WINDOWS\SysWow64\LavasoftTcpServiceOff.ini
[2015/07/28 09:49:56 | 000,002,920 | ---- | C] () -- C:\WINDOWS\SysNative\LavasoftTcpServiceOff.ini
[2015/06/05 19:36:57 | 000,110,592 | ---- | C] () -- C:\WINDOWS\SysWow64\FsUsbExDevice.Dll
[2015/06/05 19:36:57 | 000,037,344 | ---- | C] () -- C:\WINDOWS\SysWow64\FsUsbExDisk.Sys
[2015/06/05 19:12:09 | 000,631,296 | ---- | C] () -- C:\WINDOWS\fic.dat
[2015/06/05 19:12:08 | 000,408,576 | ---- | C] () -- C:\WINDOWS\mfic.exe
[2015/06/05 19:12:07 | 000,417,792 | ---- | C] () -- C:\WINDOWS\fic.exe
[2014/12/19 13:43:13 | 000,877,296 | ---- | C] () -- C:\WINDOWS\SysWow64\xvidcore.dll
[2014/12/19 13:43:13 | 000,244,307 | ---- | C] () -- C:\WINDOWS\SysWow64\xvidvfw.dll
[2014/12/19 13:43:12 | 003,596,288 | ---- | C] () -- C:\WINDOWS\SysWow64\qt-dx331.dll
[2014/12/19 13:40:02 | 000,085,504 | ---- | C] () -- C:\WINDOWS\SysWow64\ff_vfw.dll
[2014/11/21 01:19:40 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2014/11/21 01:18:02 | 000,107,008 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2014/11/21 00:55:19 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2014/01/30 00:02:42 | 000,272,928 | ---- | C] () -- C:\WINDOWS\SysWow64\igvpkrng600.bin
[2014/01/30 00:02:22 | 000,077,312 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
[2014/01/30 00:02:20 | 000,963,452 | ---- | C] () -- C:\WINDOWS\SysWow64\igcodeckrng600.bin
[2013/08/22 17:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013/08/22 17:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013/08/22 16:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/22 09:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013/08/22 01:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013/08/22 01:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2013/06/27 18:43:02 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/12/02 02:43:46 | 000,000,437 | ---- | C] () -- C:\Users\ROMU\AppData\Roaming\sp_data.sys
[2012/08/17 02:52:29 | 000,024,576 | ---- | C] () -- C:\ProgramData\SetStretch.exe
[2012/08/17 02:52:28 | 000,000,217 | ---- | C] () -- C:\ProgramData\SetStretch.cmd

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2015/06/05 19:15:50 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/11/21 01:19:01 | 022,295,200 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/11/21 01:19:35 | 019,734,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2014/11/21 01:18:18 | 001,013,760 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2014/11/21 01:19:18 | 000,786,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2014/11/21 01:18:18 | 000,512,512 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2014/11/21 01:19:40 | 002,207,488 | ---- | M] (Microsoft Corporation) MD5=4B37A33F4F5237BF02E537F8D12D1129 -- C:\Windows\SysWOW64\explorer.exe
[2014/11/21 01:19:40 | 002,207,488 | ---- | M] (Microsoft Corporation) MD5=4B37A33F4F5237BF02E537F8D12D1129 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17415_none_4d144c4b81daa3b6\explorer.exe
[2014/11/21 01:19:08 | 002,501,368 | ---- | M] (Microsoft Corporation) MD5=85D47EB257B06094F052E0C8AEFA3BEE -- C:\Windows\explorer.exe
[2014/11/21 01:19:08 | 002,501,368 | ---- | M] (Microsoft Corporation) MD5=85D47EB257B06094F052E0C8AEFA3BEE -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17415_none_42bfa1f94d79e1bb\explorer.exe

[color=#A23BEC]< MD5 for: SERVICES.EXE >[/color]
[2014/11/21 01:18:00 | 000,411,128 | ---- | M] (Microsoft Corporation) MD5=5BF02EBEFEDC706318C96E2E60EDCB91 -- C:\WINDOWS\SysNative\services.exe
[2014/11/21 01:18:00 | 000,411,128 | ---- | M] (Microsoft Corporation) MD5=5BF02EBEFEDC706318C96E2E60EDCB91 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.3.9600.17415_none_3023c055d060b271\services.exe

[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color]
[2014/11/21 01:18:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=5C131534A3EA4A461A793FB507A8004F -- C:\WINDOWS\SysNative\userinit.exe
[2014/11/21 01:18:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=5C131534A3EA4A461A793FB507A8004F -- C:\Windows\WinSxS\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.3.9600.17415_none_cd33b4fca56d6b07\userinit.exe
[2014/11/21 01:19:41 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=D10643FC0095434C819316CA6CD748C0 -- C:\Windows\SysWOW64\userinit.exe
[2014/11/21 01:19:41 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=D10643FC0095434C819316CA6CD748C0 -- C:\Windows\WinSxS\x86_microsoft-windows-userinit_31bf3856ad364e35_6.3.9600.17415_none_71151978ed0ff9d1\userinit.exe

[color=#A23BEC]< MD5 for: WININIT.EXE >[/color]
[2014/11/21 01:18:00 | 000,145,920 | ---- | M] (Microsoft Corporation) MD5=A570A64292214C43E0BA50E6A72A6380 -- C:\WINDOWS\SysNative\wininit.exe
[2014/11/21 01:18:00 | 000,145,920 | ---- | M] (Microsoft Corporation) MD5=A570A64292214C43E0BA50E6A72A6380 -- C:\Windows\WinSxS\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.3.9600.17415_none_21fdb3b5d80e199e\wininit.exe

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2014/11/21 01:18:37 | 000,572,416 | ---- | M] (Microsoft Corporation) MD5=EC498BAE1F0D3E0E401C963F8D76C437 -- C:\WINDOWS\SysNative\winlogon.exe
[2014/11/21 01:18:37 | 000,572,416 | ---- | M] (Microsoft Corporation) MD5=EC498BAE1F0D3E0E401C963F8D76C437 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.3.9600.17415_none_60cdfbfda8aeeef1\winlogon.exe

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]

[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]

[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]

[color=#A23BEC]< %APPDATA%\*. >[/color]
[2015/07/21 18:57:50 | 000,000,000 | ---D | M] -- C:\Users\ROMU\AppData\Roaming\58435451-1433529913-3054-4232-50465D31B7DC
[2012/12/06 15:07:44 | 000,000,000 | ---D | M] -- C:\Users\ROMU\AppData\Roaming\Ableton
[2012/12/02 17:10:37 | 000,000,000 | ---D | M] -- C:\Users\ROMU\AppData\Roaming\Adobe
[2012/12/11 10:44:53 | 000,000,000 | ---D | M] -- C:\Users\ROMU\AppData\Roaming\ASUS
[2012/12/02 02:44:10 | 000,000,000 | ---D | M] -- C:\Users\ROMU\AppData\Roaming\ASUS WebStorage
[2013/06/03 22:35:26 | 000,000,000 | ---D | M] -- C:\Users\ROMU\AppData\Roaming\Azureus
[2012/12/30 11:39:09 | 000,000,000 | ---D | M] -- C:\Users\ROMU\AppData\Roaming\Creevity Mp3 Cover Downloader
[2014/10/01 18:25:12 | 000,000,000 | ---D | M] -- C:\Users\ROMU\AppData\Roaming\CyberLink
[2012/12/08 18:42:03 | 000,000,000 | ---D | M] -- C:\Users\ROMU\AppData\Roaming\DAEMON Tools Lite
[2015/01/29 19:20:04 | 000,000,000 | ---D | M] -- C:\Users\ROMU\AppData\Roaming\dvdcss
[2013/06/01 22:15:07 | 000,000,000 | ---D | M] -- C:\Users\ROMU\AppData\Roaming\ESTsoft
[2015/04/08 19:20:51 | 000,000,000 | ---D | M] -- C:\Users\ROMU\AppData\Roaming\Fugawi
[2014/12/19 14:15:08 | 000,000,000 | -H-D | M] -- C:\Users\ROMU\AppData\Roaming\GoldenGate
[2015/02/08 14:50:35 | 000,000,000 | ---D | M] -- C:\Users\ROMU\AppData\Roaming\ICAClient
[2015/02/20 14:31:20 | 000,000,000 | ---D | M] -- C:\Users\ROMU\AppData\Roaming\Identities
[2014/12/19 13:38:24 | 000,000,000 | ---D | M] -- C:\Users\ROMU\AppData\Roaming\InstallShield
[2012/12/02 02:53:03 | 000,000,000 | ---D | M] -- C:\Users\ROMU\AppData\Roaming\Macromedia
[2015/07/28 11:36:57 | 000,000,000 | --SD | M] -- C:\Users\ROMU\AppData\Roaming\Microsoft
[2015/07/28 10:50:28 | 000,000,000 | ---D | M] -- C:\Users\ROMU\AppData\Roaming\Mozilla
[2015/07/28 17:49:03 | 000,000,000 | ---D | M] -- C:\Users\ROMU\AppData\Roaming\Nico Mak Computing
[2013/06/27 19:06:54 | 000,000,000 | ---D | M] -- C:\Users\ROMU\AppData\Roaming\OpenOffice.org
[2015/07/28 11:40:51 | 000,000,000 | ---D | M] -- C:\Users\ROMU\AppData\Roaming\Opera Software
[2012/12/02 05:24:10 | 000,000,000 | ---D | M] -- C:\Users\ROMU\AppData\Roaming\Propellerhead Software
[2015/07/03 21:22:33 | 000,000,000 | ---D | M] -- C:\Users\ROMU\AppData\Roaming\Samsung
[2012/12/02 05:28:45 | 000,000,000 | ---D | M] -- C:\Users\ROMU\AppData\Roaming\Steinberg
[2015/07/28 10:49:13 | 000,000,000 | ---D | M] -- C:\Users\ROMU\AppData\Roaming\TuneUp Software
[2012/12/05 18:38:33 | 000,000,000 | ---D | M] -- C:\Users\ROMU\AppData\Roaming\uTorrent
[2015/07/28 18:01:22 | 000,000,000 | ---D | M] -- C:\Users\ROMU\AppData\Roaming\vlc
[2012/12/02 05:50:25 | 000,000,000 | ---D | M] -- C:\Users\ROMU\AppData\Roaming\VST3 Presets
[2012/12/05 16:08:22 | 000,000,000 | ---D | M] -- C:\Users\ROMU\AppData\Roaming\Western Digital
[2015/07/28 09:49:01 | 000,000,000 | ---D | M] -- C:\Users\ROMU\AppData\Roaming\Youtube Downloader HD

[color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
[2015/06/05 20:45:43 | 000,207,872 | ---- | M] () -- C:\Users\ROMU\AppData\Roaming\58435451-1433529913-3054-4232-50465D31B7DC\rnse9167.exe
[2015/06/05 20:45:14 | 000,078,475 | ---- | M] ( ) -- C:\Users\ROMU\AppData\Roaming\58435451-1433529913-3054-4232-50465D31B7DC\Uninstall.exe
[4 C:\Users\ROMU\AppData\Roaming\58435451-1433529913-3054-4232-50465D31B7DC\*.tmp files -> C:\Users\ROMU\AppData\Roaming\58435451-1433529913-3054-4232-50465D31B7DC\*.tmp -> ]
[2013/01/21 23:22:25 | 004,177,856 | ---- | M] () -- C:\Users\ROMU\AppData\Roaming\Azureus\plugins\azemp\vuzeplayer.exe
[2012/12/05 18:48:34 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Users\ROMU\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe
[2014/12/19 14:22:02 | 010,196,520 | ---- | M] (ESTsoft Corp.) -- C:\Users\ROMU\AppData\Roaming\ESTsoft\ALUpdate\ALZIP\newfile\TEMP\ALZip851.exe
[2015/07/28 10:52:13 | 000,102,400 | ---- | M] () -- C:\Users\ROMU\AppData\Roaming\Mozilla\Firefox\Profiles\anexiguq.default\CertUtils\certutil.exe

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\syswow64\*.dll /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\syswow64\drivers\*.sys /lockedfiles >[/color]

[color=#A23BEC]< hklm\software\clients\startmenuinternet|command /rs >[/color]
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2015/07/01 06:12:37 | 000,897,144 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2015/07/01 06:12:37 | 000,897,144 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2015/07/01 06:12:37 | 000,897,144 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2015/07/01 04:30:24 | 000,377,000 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2015/07/01 04:30:24 | 000,377,000 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2015/07/01 04:30:24 | 000,377,000 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2014/11/21 05:28:09 | 000,813,712 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2014/11/21 05:28:09 | 000,815,248 | ---- | M] (Microsoft Corporation)

[color=#A23BEC]< hklm\software\clients\startmenuinternet|command /64 /rs >[/color]
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2015/07/01 06:12:37 | 000,897,144 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2015/07/01 06:12:37 | 000,897,144 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2015/07/01 06:12:37 | 000,897,144 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2015/07/01 04:30:24 | 000,377,000 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2015/07/01 04:30:24 | 000,377,000 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2015/07/01 04:30:24 | 000,377,000 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2015/02/20 13:41:58 | 000,718,848 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2015/02/20 13:41:58 | 000,718,848 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2015/02/20 13:41:58 | 000,718,848 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2014/11/21 05:28:09 | 000,813,712 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2014/11/21 05:28:09 | 000,815,248 | ---- | M] (Microsoft Corporation)

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:05E9FFE5
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:DBC416F8

< End of report >

Publicité


Signaler le contenu de ce document

Publicité