cjoint

Publicité

Cliquez pour partager vos propres fichiers

Publicité

Format du document : text/plain

Prévisualisation

ÿþOTL logfile created on: 14/02/2013 15:55:58 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marinouh\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16453)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

5,86 Gb Total Physical Memory | 4,31 Gb Available Physical Memory | 73,48% Memory free
7,55 Gb Paging File | 5,90 Gb Available in Paging File | 78,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916,74 Gb Total Space | 683,72 Gb Free Space | 74,58% Space Free | Partition Type: NTFS
Drive F: | 715,13 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 715,13 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive W: | 500,00 Mb Total Space | 223,36 Mb Free Space | 44,67% Space Free | Partition Type: NTFS
Drive X: | 13,63 Gb Total Space | 0,26 Gb Free Space | 1,91% Space Free | Partition Type: NTFS

Computer Name: MARINE | User Name: Marinouh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2013/02/14 15:52:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marinouh\Desktop\OTL.exe
PRC - [2012/12/18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/25 18:12:08 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
PRC - [2012/10/30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/10/09 10:22:48 | 000,173,568 | ---- | M] (Dell Products, LP.) -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
PRC - [2012/09/13 03:18:36 | 004,037,480 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
PRC - [2012/09/13 03:18:34 | 001,914,728 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
PRC - [2012/08/08 17:23:28 | 001,112,000 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2012/08/08 17:23:08 | 001,091,520 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2012/08/06 16:58:50 | 000,491,880 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
PRC - [2012/07/17 20:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012/07/17 20:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012/07/09 19:47:18 | 000,277,504 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2012/07/09 19:47:14 | 000,007,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/06/25 16:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/06/08 04:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
PRC - [2012/06/02 02:47:48 | 000,143,888 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2011/09/20 14:27:52 | 000,024,576 | ---- | M] (OneStopSoft.com) -- C:\Program Files (x86)\OneStopSoft.com\Youtube Downloader\Clip.exe
PRC - [2011/09/20 14:26:42 | 000,573,440 | ---- | M] (OneStopSoft.com) -- C:\Program Files (x86)\OneStopSoft.com\Youtube Downloader\Youtube Downloader.exe
PRC - [2011/09/14 22:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2013/01/25 00:25:31 | 001,073,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\d61814ff75a001a2d657d3a4057a8486\System.ServiceModel.Web.ni.dll
MOD - [2013/01/20 16:04:57 | 000,029,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorDataMcfeeca6f#\7965f87e03e5c405caa81b3d62583733\IAStorDataMgrSvcInterfaces.ni.dll
MOD - [2013/01/20 16:04:53 | 000,026,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorCommon\9cc534d28be95feab5eb7ca2d139da3e\IAStorCommon.ni.dll
MOD - [2013/01/20 16:04:04 | 000,365,568 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorUtil\1b3f76dd563bcc0d73c5963418d66cb5\IAStorUtil.ni.dll
MOD - [2013/01/15 22:05:14 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\20ac6784b368d6ab7efc404421896193\System.ServiceModel.Internals.ni.dll
MOD - [2013/01/15 22:05:13 | 000,121,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\29abafa3547ce7618de3931ba755d61a\SMDiagnostics.ni.dll
MOD - [2013/01/15 22:05:12 | 002,958,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\80c1a42d2b515bcc5dd8b55b24cb5404\System.IdentityModel.ni.dll
MOD - [2013/01/15 22:03:13 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\1ef2c37ad503f11edd14667a41cbb649\System.Xml.Linq.ni.dll
MOD - [2013/01/15 22:03:12 | 007,559,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\da6c54f53b523a6cdb0a1316e1aae820\System.Xml.ni.dll
MOD - [2013/01/15 22:03:03 | 001,879,552 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\0e60c36da126d0a80be942e0f75c2960\System.Xaml.ni.dll
MOD - [2013/01/15 22:03:00 | 012,692,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\5b9dd195123c46d344a0a650e1d352c1\System.Windows.Forms.ni.dll
MOD - [2013/01/14 16:54:39 | 019,524,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\c638e3c6a2e1e2b8938bd822d69d2a4c\System.ServiceModel.ni.dll
MOD - [2013/01/14 13:40:36 | 002,785,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\4186420750660d5b7a67e3e6d11af471\System.Runtime.Serialization.ni.dll
MOD - [2013/01/14 13:40:29 | 001,156,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\85d43a366f283be89f064b6e2b6d018c\System.Management.ni.dll
MOD - [2013/01/14 13:40:27 | 001,630,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\efb8a12d6436b16812746ff9d7fc98b8\System.Drawing.ni.dll
MOD - [2013/01/14 13:40:12 | 000,958,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7401a5b8056a9c3641b277d7193c43bf\System.Configuration.ni.dll
MOD - [2013/01/14 13:40:09 | 000,467,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\8af0ee136f0c82da9394928b3bd7227d\PresentationFramework.Aero2.ni.dll
MOD - [2013/01/14 13:40:07 | 018,524,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\6b55500e41ed13f668c8c036795afd28\PresentationFramework.ni.dll
MOD - [2013/01/14 13:39:45 | 010,914,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\0e5da70eddcf3788a74dc8fbebeb6269\PresentationCore.ni.dll
MOD - [2013/01/14 13:39:31 | 003,905,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\20a433a504e31bac22a69db8713b835f\WindowsBase.ni.dll
MOD - [2013/01/14 13:39:21 | 006,995,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dd8711e10e39622d23a8d5e5da65973e\System.Core.ni.dll
MOD - [2013/01/13 22:55:41 | 009,927,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4b4df94b5fc59b48c84c89791c483437\System.ni.dll
MOD - [2013/01/13 22:55:19 | 016,501,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\81bce73cc3eef6d5a6774a5177323bf8\mscorlib.ni.dll
MOD - [2012/09/13 03:18:38 | 002,003,304 | ---- | M] () -- C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
MOD - [2012/08/06 16:59:24 | 000,117,608 | ---- | M] () -- C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
MOD - [2012/08/06 16:59:16 | 001,153,384 | ---- | M] () -- C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
MOD - [2012/06/08 17:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2012/06/08 04:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
MOD - [2008/03/03 14:28:08 | 000,118,784 | ---- | M] () -- C:\Windows\SysWOW64\AdvTrayIcon.ocx


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2012/10/30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:[b]64bit:[/b] - [2012/09/20 10:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:[b]64bit:[/b] - [2012/09/20 09:18:03 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:[b]64bit:[/b] - [2012/09/20 07:32:59 | 000,169,984 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:[b]64bit:[/b] - [2012/09/20 07:32:58 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:[b]64bit:[/b] - [2012/09/20 07:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:[b]64bit:[/b] - [2012/09/20 07:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:[b]64bit:[/b] - [2012/09/20 07:30:38 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:[b]64bit:[/b] - [2012/07/26 04:17:59 | 000,015,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:[b]64bit:[/b] - [2012/07/26 04:08:04 | 001,968,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:[b]64bit:[/b] - [2012/07/26 04:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:[b]64bit:[/b] - [2012/07/26 04:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:[b]64bit:[/b] - [2012/07/26 04:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:[b]64bit:[/b] - [2012/07/26 04:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:[b]64bit:[/b] - [2012/07/26 04:06:36 | 000,463,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:[b]64bit:[/b] - [2012/07/26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:[b]64bit:[/b] - [2012/07/26 04:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:[b]64bit:[/b] - [2012/07/26 04:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:[b]64bit:[/b] - [2012/07/26 04:06:00 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:[b]64bit:[/b] - [2012/07/26 04:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:[b]64bit:[/b] - [2012/07/26 04:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:[b]64bit:[/b] - [2012/07/26 04:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:[b]64bit:[/b] - [2012/07/26 04:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:[b]64bit:[/b] - [2012/07/26 04:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:[b]64bit:[/b] - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:[b]64bit:[/b] - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:[b]64bit:[/b] - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:[b]64bit:[/b] - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:[b]64bit:[/b] - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:[b]64bit:[/b] - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:[b]64bit:[/b] - [2012/07/24 11:59:56 | 000,321,536 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\STacSV64.exe -- (STacSV)
SRV:[b]64bit:[/b] - [2012/07/18 18:14:38 | 002,699,568 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:[b]64bit:[/b] - [2012/07/18 18:14:16 | 000,272,176 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:[b]64bit:[/b] - [2012/07/18 18:14:04 | 000,627,504 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:[b]64bit:[/b] - [2012/07/18 18:13:40 | 000,149,296 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:[b]64bit:[/b] - [2012/07/17 06:38:26 | 000,731,688 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:[b]64bit:[/b] - [2012/05/30 19:11:34 | 000,149,544 | ---- | M] (Intel(R) Corporation) [On_Demand | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:[b]64bit:[/b] - [2012/05/02 19:49:44 | 000,135,952 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:[b]64bit:[/b] - [2012/04/20 20:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2012/12/18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/10/09 10:22:48 | 000,173,568 | ---- | M] (Dell Products, LP.) [Auto | Running] -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe -- (DellDigitalDelivery)
SRV - [2012/09/20 09:18:03 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/09/13 03:18:34 | 001,914,728 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe -- (SftService)
SRV - [2012/08/08 17:23:28 | 001,112,000 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2012/08/08 17:23:08 | 001,091,520 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2012/08/01 09:02:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/07/27 22:25:28 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/07/26 04:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/17 20:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/17 20:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/07/14 02:02:16 | 002,451,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2012/07/09 19:47:14 | 000,007,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012/06/25 16:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2011/09/14 22:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2012/11/23 22:25:53 | 000,468,144 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\aswnet.sys -- (aswnet)
DRV:[b]64bit:[/b] - [2012/11/22 22:10:51 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:[b]64bit:[/b] - [2012/11/22 22:08:49 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:[b]64bit:[/b] - [2012/10/30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:[b]64bit:[/b] - [2012/10/30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:[b]64bit:[/b] - [2012/10/30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:[b]64bit:[/b] - [2012/10/30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:[b]64bit:[/b] - [2012/10/27 00:02:10 | 000,651,832 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:[b]64bit:[/b] - [2012/10/15 17:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\aswRdr2.sys -- (aswRdr)
DRV:[b]64bit:[/b] - [2012/09/20 09:31:29 | 000,068,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:[b]64bit:[/b] - [2012/09/20 08:55:33 | 000,445,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:[b]64bit:[/b] - [2012/09/20 08:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:[b]64bit:[/b] - [2012/09/20 08:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:[b]64bit:[/b] - [2012/09/20 08:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:[b]64bit:[/b] - [2012/09/20 08:55:30 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:[b]64bit:[/b] - [2012/09/20 08:55:29 | 000,028,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:[b]64bit:[/b] - [2012/09/20 08:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2012/09/20 08:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2012/09/20 08:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:[b]64bit:[/b] - [2012/09/20 08:03:06 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2012/09/20 08:03:03 | 000,055,528 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:[b]64bit:[/b] - [2012/09/20 07:09:11 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:[b]64bit:[/b] - [2012/09/20 07:08:27 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:[b]64bit:[/b] - [2012/09/19 10:02:08 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudbus.sys -- (dg_ssudbus)
DRV:[b]64bit:[/b] - [2012/09/19 10:02:06 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudmdm.sys -- (ssudmdm)
DRV:[b]64bit:[/b] - [2012/08/13 19:22:20 | 004,273,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NETwew00.sys -- (NETwNe64)
DRV:[b]64bit:[/b] - [2012/08/10 01:29:54 | 000,035,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:[b]64bit:[/b] - [2012/08/10 01:29:54 | 000,025,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\iwdbus.sys -- (iwdbus)
DRV:[b]64bit:[/b] - [2012/08/10 01:29:52 | 000,188,384 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\xHCIPort.sys -- (XHCIPort)
DRV:[b]64bit:[/b] - [2012/08/10 01:29:52 | 000,048,096 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usb3Hub.sys -- (usb3Hub)
DRV:[b]64bit:[/b] - [2012/08/05 07:22:10 | 000,010,752 | ---- | M] (OSR Open Systems Resources, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\DellRbtn.sys -- (DellRbtn)
DRV:[b]64bit:[/b] - [2012/08/01 09:57:50 | 000,445,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\nvstusb.sys -- (NvStUSB)
DRV:[b]64bit:[/b] - [2012/08/01 09:02:00 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\nvpciflt.sys -- (nvpciflt)
DRV:[b]64bit:[/b] - [2012/07/26 06:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2012/07/26 06:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:[b]64bit:[/b] - [2012/07/26 06:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:[b]64bit:[/b] - [2012/07/26 06:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:[b]64bit:[/b] - [2012/07/26 06:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:[b]64bit:[/b] - [2012/07/26 06:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:[b]64bit:[/b] - [2012/07/26 06:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:[b]64bit:[/b] - [2012/07/26 06:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:[b]64bit:[/b] - [2012/07/26 06:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:[b]64bit:[/b] - [2012/07/26 06:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2012/07/26 06:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2012/07/26 06:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:[b]64bit:[/b] - [2012/07/26 06:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2012/07/26 06:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:[b]64bit:[/b] - [2012/07/26 06:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:[b]64bit:[/b] - [2012/07/26 06:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2012/07/26 06:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:[b]64bit:[/b] - [2012/07/26 06:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2012/07/26 06:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2012/07/26 05:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:[b]64bit:[/b] - [2012/07/26 05:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:[b]64bit:[/b] - [2012/07/26 05:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:[b]64bit:[/b] - [2012/07/26 05:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:[b]64bit:[/b] - [2012/07/26 05:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:[b]64bit:[/b] - [2012/07/26 04:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:[b]64bit:[/b] - [2012/07/26 04:17:38 | 000,027,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2012/07/26 03:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:[b]64bit:[/b] - [2012/07/26 03:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:[b]64bit:[/b] - [2012/07/26 03:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:[b]64bit:[/b] - [2012/07/26 03:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:[b]64bit:[/b] - [2012/07/26 03:27:58 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:[b]64bit:[/b] - [2012/07/26 03:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:[b]64bit:[/b] - [2012/07/26 03:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:[b]64bit:[/b] - [2012/07/26 03:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:[b]64bit:[/b] - [2012/07/26 03:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:[b]64bit:[/b] - [2012/07/26 03:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:[b]64bit:[/b] - [2012/07/26 03:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:[b]64bit:[/b] - [2012/07/26 03:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:[b]64bit:[/b] - [2012/07/26 03:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:[b]64bit:[/b] - [2012/07/26 03:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:[b]64bit:[/b] - [2012/07/26 03:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2012/07/26 03:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:[b]64bit:[/b] - [2012/07/26 03:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:[b]64bit:[/b] - [2012/07/26 03:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2012/07/26 03:25:54 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:[b]64bit:[/b] - [2012/07/26 03:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:[b]64bit:[/b] - [2012/07/26 03:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:[b]64bit:[/b] - [2012/07/26 03:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:[b]64bit:[/b] - [2012/07/26 03:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:[b]64bit:[/b] - [2012/07/26 03:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:[b]64bit:[/b] - [2012/07/25 21:08:30 | 008,982,208 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2012/07/24 11:59:56 | 000,540,160 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\stwrt64.sys -- (STHDA)
DRV:[b]64bit:[/b] - [2012/07/17 06:39:22 | 000,162,344 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\AmpPal.sys -- (AMPPALP)
DRV:[b]64bit:[/b] - [2012/07/17 06:39:22 | 000,162,344 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AmpPal.sys -- (AMPPAL)
DRV:[b]64bit:[/b] - [2012/07/14 23:36:30 | 000,825,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btmhsf.sys -- (btmhsf)
DRV:[b]64bit:[/b] - [2012/07/12 08:04:30 | 000,445,304 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Apfiltr.sys -- (ApfiltrService)
DRV:[b]64bit:[/b] - [2012/07/12 06:06:56 | 000,025,584 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\program files\dell support center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020200}_0)
DRV:[b]64bit:[/b] - [2012/07/04 18:31:40 | 000,055,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:[b]64bit:[/b] - [2012/07/03 00:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:[b]64bit:[/b] - [2012/06/25 16:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:[b]64bit:[/b] - [2012/06/19 16:40:50 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:[b]64bit:[/b] - [2012/06/15 22:50:46 | 000,315,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:[b]64bit:[/b] - [2012/06/02 15:31:56 | 000,589,824 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:[b]64bit:[/b] - [2012/05/30 19:10:50 | 000,016,168 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\TurboB.sys -- (TurboB)
DRV:[b]64bit:[/b] - [2012/04/24 17:01:12 | 000,110,592 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btmaux.sys -- (btmaux)
DRV:[b]64bit:[/b] - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope =
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{EFADBBE8-BCF6-4913-B04D-CCFBE78EE937}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.22find.com/newtab?utm_source=b&utm_medium=mlv&from=mlv&uid=ST1000LM024XHN-M101MBB_S2WZJ90C819702819702&ts=1360091481
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.22find.com/newtab?utm_source=b&utm_medium=mlv&from=mlv&uid=ST1000LM024XHN-M101MBB_S2WZJ90C819702819702&ts=1360091481
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{EFADBBE8-BCF6-4913-B04D-CCFBE78EE937}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2614940576-3810989277-3188264554-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.22find.com/newtab?utm_source=b&utm_medium=mlv&from=mlv&uid=ST1000LM024XHN-M101MBB_S2WZJ90C819702819702&ts=1360091481
IE - HKU\S-1-5-21-2614940576-3810989277-3188264554-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/
IE - HKU\S-1-5-21-2614940576-3810989277-3188264554-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2614940576-3810989277-3188264554-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Marinouh\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Marinouh\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Marinouh\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Marinouh\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}: C:\Program Files (x86)\RelevantKnowledge\firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK

[2012/11/22 20:38:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[color=#E56717]========== Chrome ==========[/color]

CHR - homepage: https://www.google.fr/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://www.google.fr/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - Extension: Google\u00A0Drive = C:\Users\Marinouh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Marinouh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Recherche Google = C:\Users\Marinouh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Marinouh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/26 06:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:[b]64bit:[/b] - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:[b]64bit:[/b] - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:[b]64bit:[/b] - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:[b]64bit:[/b] - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Motorola Solutions, Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe (Dell Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CLMLServer_For_P2G8] C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink)
O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [YoutubeDownloader] C:\Program Files (x86)\OneStopSoft.com\Youtube Downloader\Youtube Downloader.exe (OneStopSoft.com)
O4 - HKU\S-1-5-21-2614940576-3810989277-3188264554-1003..\Run: [CAHeadless] C:\Program Files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-2614940576-3810989277-3188264554-1003..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2614940576-3810989277-3188264554-1003..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - Startup: C:\Users\Marinouh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Moniteur de la technologie Intel® Turbo Boost 2.6.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:[b]64bit:[/b] - Extra context menu item: Envoyer à Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()
O8 - Extra context menu item: Envoyer à Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.1.1 80.10.246.2 80.10.246.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{11141FEB-5984-4A01-8439-0BE9E9834B0B}: DhcpNameServer = 172.16.1.1 80.10.246.2 80.10.246.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F3F3C8C-E2F5-4688-BB05-ABD8DA44824F}: DhcpNameServer = 13.35.0.103
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O20:[b]64bit:[/b] - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:[b]64bit:[/b] - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/24 00:56:42 | 000,000,175 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2010/03/24 00:56:42 | 000,000,175 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{3ae91b73-34e9-11e2-be6e-84a6c85960d6}\Shell - "" = AutoRun
O33 - MountPoints2\{3ae91b73-34e9-11e2-be6e-84a6c85960d6}\Shell\AutoRun\command - "" = G:\SETUP.EXE -- [2010/03/30 14:51:02 | 001,100,664 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{3ae91b73-34e9-11e2-be6e-84a6c85960d6}\Shell\configure\command - "" = G:\setup.exe -- [2010/03/30 14:51:02 | 001,100,664 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{3ae91b73-34e9-11e2-be6e-84a6c85960d6}\Shell\install\command - "" = G:\setup.exe -- [2010/03/30 14:51:02 | 001,100,664 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{5d29df93-34de-11e2-be6d-84a6c85960d6}\Shell - "" = AutoRun
O33 - MountPoints2\{5d29df93-34de-11e2-be6d-84a6c85960d6}\Shell\AutoRun\command - "" = F:\SETUP.EXE -- [2010/03/30 14:51:02 | 001,100,664 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{5d29df93-34de-11e2-be6d-84a6c85960d6}\Shell\configure\command - "" = F:\setup.exe -- [2010/03/30 14:51:02 | 001,100,664 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{5d29df93-34de-11e2-be6d-84a6c85960d6}\Shell\install\command - "" = F:\setup.exe -- [2010/03/30 14:51:02 | 001,100,664 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:[b]64bit:[/b] wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
NetSvcs:[b]64bit:[/b] DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
NetSvcs:[b]64bit:[/b] NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
NetSvcs:[b]64bit:[/b] SystemEventsBroker - C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)


SafeBootMin:[b]64bit:[/b] AppMgmt - Service
SafeBootMin:[b]64bit:[/b] Base - Driver Group
SafeBootMin:[b]64bit:[/b] BasicDisplay.sys - C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)
SafeBootMin:[b]64bit:[/b] BasicRender.sys - C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)
SafeBootMin:[b]64bit:[/b] Boot Bus Extender - Driver Group
SafeBootMin:[b]64bit:[/b] Boot file system - Driver Group
SafeBootMin:[b]64bit:[/b] BrokerInfrastructure - C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SafeBootMin:[b]64bit:[/b] EFS - C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SafeBootMin:[b]64bit:[/b] File system - Driver Group
SafeBootMin:[b]64bit:[/b] Filter - Driver Group
SafeBootMin:[b]64bit:[/b] HelpSvc - Service
SafeBootMin:[b]64bit:[/b] KeyIso - C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SafeBootMin:[b]64bit:[/b] LSM - C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SafeBootMin:[b]64bit:[/b] MCODS - Reg Error: Value error.
SafeBootMin:[b]64bit:[/b] Netlogon - C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SafeBootMin:[b]64bit:[/b] PCI Configuration - Driver Group
SafeBootMin:[b]64bit:[/b] PNP Filter - Driver Group
SafeBootMin:[b]64bit:[/b] Primary disk - Driver Group
SafeBootMin:[b]64bit:[/b] sacsvr - Service
SafeBootMin:[b]64bit:[/b] SCSI Class - Driver Group
SafeBootMin:[b]64bit:[/b] System Bus Extender - Driver Group
SafeBootMin:[b]64bit:[/b] TBS - Service
SafeBootMin:[b]64bit:[/b] vmms - Service
SafeBootMin:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:[b]64bit:[/b] {9DA2B80F-F89F-4A49-A5C2-511B085B9E8A} - Enhanced Storage Devices
SafeBootMin:[b]64bit:[/b] {A0A588A4-C46F-4B37-B7EA-C82FE89870C6} - SDA Standard Compliant SD Host Controller
SafeBootMin:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: TBS - Service
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {9DA2B80F-F89F-4A49-A5C2-511B085B9E8A} - Enhanced Storage Devices
SafeBootMin: {A0A588A4-C46F-4B37-B7EA-C82FE89870C6} - SDA Standard Compliant SD Host Controller
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:[b]64bit:[/b] AppMgmt - Service
SafeBootNet:[b]64bit:[/b] Base - Driver Group
SafeBootNet:[b]64bit:[/b] BasicDisplay.sys - C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)
SafeBootNet:[b]64bit:[/b] BasicRender.sys - C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)
SafeBootNet:[b]64bit:[/b] Boot Bus Extender - Driver Group
SafeBootNet:[b]64bit:[/b] Boot file system - Driver Group
SafeBootNet:[b]64bit:[/b] BrokerInfrastructure - C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SafeBootNet:[b]64bit:[/b] EFS - C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SafeBootNet:[b]64bit:[/b] File system - Driver Group
SafeBootNet:[b]64bit:[/b] Filter - Driver Group
SafeBootNet:[b]64bit:[/b] HelpSvc - Service
SafeBootNet:[b]64bit:[/b] KeyIso - C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SafeBootNet:[b]64bit:[/b] LSM - C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SafeBootNet:[b]64bit:[/b] MCODS - Reg Error: Value error.
SafeBootNet:[b]64bit:[/b] Messenger - Service
SafeBootNet:[b]64bit:[/b] NDIS Wrapper - Driver Group
SafeBootNet:[b]64bit:[/b] NetBIOSGroup - Driver Group
SafeBootNet:[b]64bit:[/b] NetDDEGroup - Driver Group
SafeBootNet:[b]64bit:[/b] Netlogon - C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SafeBootNet:[b]64bit:[/b] netprofm - C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SafeBootNet:[b]64bit:[/b] Network - Driver Group
SafeBootNet:[b]64bit:[/b] NetworkProvider - Driver Group
SafeBootNet:[b]64bit:[/b] PCI Configuration - Driver Group
SafeBootNet:[b]64bit:[/b] PNP Filter - Driver Group
SafeBootNet:[b]64bit:[/b] PNP_TDI - Driver Group
SafeBootNet:[b]64bit:[/b] Primary disk - Driver Group
SafeBootNet:[b]64bit:[/b] rdpencdd.sys - Driver
SafeBootNet:[b]64bit:[/b] rdsessmgr - Service
SafeBootNet:[b]64bit:[/b] sacsvr - Service
SafeBootNet:[b]64bit:[/b] SCSI Class - Driver Group
SafeBootNet:[b]64bit:[/b] SmartcardSimulator - Driver
SafeBootNet:[b]64bit:[/b] Streams Drivers - Driver Group
SafeBootNet:[b]64bit:[/b] System Bus Extender - Driver Group
SafeBootNet:[b]64bit:[/b] TBS - Service
SafeBootNet:[b]64bit:[/b] TDI - Driver Group
SafeBootNet:[b]64bit:[/b] VaultSvc - C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SafeBootNet:[b]64bit:[/b] VirtualSmartcardReader - Driver
SafeBootNet:[b]64bit:[/b] vmms - Service
SafeBootNet:[b]64bit:[/b] Wcmsvc - C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SafeBootNet:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootNet:[b]64bit:[/b] WudfUsbccidDriver - Driver
SafeBootNet:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:[b]64bit:[/b] {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:[b]64bit:[/b] {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:[b]64bit:[/b] {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:[b]64bit:[/b] {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:[b]64bit:[/b] {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:[b]64bit:[/b] {9DA2B80F-F89F-4A49-A5C2-511B085B9E8A} - Enhanced Storage Devices
SafeBootNet:[b]64bit:[/b] {A0A588A4-C46F-4B37-B7EA-C82FE89870C6} - SDA Standard Compliant SD Host Controller
SafeBootNet:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdpencdd.sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SmartcardSimulator - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TBS - Service
SafeBootNet: TDI - Driver Group
SafeBootNet: VirtualSmartcardReader - Driver
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {9DA2B80F-F89F-4A49-A5C2-511B085B9E8A} - Enhanced Storage Devices
SafeBootNet: {A0A588A4-C46F-4B37-B7EA-C82FE89870C6} - SDA Standard Compliant SD Host Controller
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:[b]64bit:[/b] {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:[b]64bit:[/b] {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:[b]64bit:[/b] {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:[b]64bit:[/b] {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:[b]64bit:[/b] {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:[b]64bit:[/b] {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:[b]64bit:[/b] {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:[b]64bit:[/b] {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:[b]64bit:[/b] {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:[b]64bit:[/b] {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:[b]64bit:[/b] {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:[b]64bit:[/b] {74166507-F39E-305E-A972-2C3478E47350} - .NET Framework
ActiveX:[b]64bit:[/b] {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U %SystemRoot%\System32\shell32.dll
ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:[b]64bit:[/b] {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
ActiveX:[b]64bit:[/b] {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:[b]64bit:[/b] {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:[b]64bit:[/b] {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:[b]64bit:[/b] {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:[b]64bit:[/b] {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:[b]64bit:[/b] >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {3A8403F3-90B5-35DC-8926-EB9B907209F9} - .NET Framework
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

Drivers32:[b]64bit:[/b] msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2013/02/14 15:52:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Marinouh\Desktop\OTL.exe
[2013/02/08 12:38:22 | 000,000,000 | ---D | C] -- C:\Users\Marinouh\AppData\Roaming\Mozilla
[2013/02/07 11:16:56 | 000,000,000 | ---D | C] -- C:\Users\Marinouh\AppData\Roaming\vlc
[2013/02/07 11:16:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/02/07 11:15:55 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2013/02/07 09:26:06 | 000,000,000 | --SD | C] -- C:\Users\Marinouh\Documents\Mes sources de données
[2013/02/05 22:43:39 | 000,000,000 | ---D | C] -- C:\Sharing Downloads
[2013/02/05 22:42:22 | 001,140,472 | ---- | C] (Infragistics, Inc.) -- C:\Windows\SysWow64\IGUltraGrid20.ocx
[2013/02/05 22:42:22 | 000,361,256 | ---- | C] (Namtuk.com) -- C:\Windows\SysWow64\MyCommandButton.ocx
[2013/02/05 22:42:22 | 000,246,304 | ---- | C] (Namtuk.com) -- C:\Windows\SysWow64\MyFramePanel.ocx
[2013/02/05 22:42:22 | 000,131,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSADODC.ocx
[2013/02/05 22:42:22 | 000,115,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSINET.OCX
[2013/02/05 22:42:22 | 000,109,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSWINSCK.OCX
[2013/02/05 22:42:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneStopSoft.com
[2013/02/05 22:42:21 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSSTDFMT.DLL
[2013/02/05 22:42:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OneStopSoft.com
[2013/02/05 21:19:35 | 000,726,464 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Users\Marinouh\Desktop\SpyHunter-Installer.exe
[2013/02/05 21:09:25 | 000,000,000 | ---D | C] -- C:\Users\Marinouh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013/02/05 21:09:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2013/02/05 20:18:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\337
[2013/02/05 20:13:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Desk 365
[2013/02/05 20:11:26 | 000,000,000 | ---D | C] -- C:\Users\Marinouh\AppData\Roaming\Desk 365
[2013/01/21 19:07:33 | 000,000,000 | ---D | C] -- C:\Users\Marinouh\AppData\Local\Windows Live
[2013/01/17 16:04:12 | 000,000,000 | ---D | C] -- C:\Users\Marinouh\Desktop\Films
[2013/01/15 21:55:07 | 000,000,000 | ---D | C] -- C:\Users\Marinouh\Desktop\Galaxy
[4 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2013/02/14 15:57:52 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013/02/14 15:52:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marinouh\Desktop\OTL.exe
[2013/02/14 15:46:33 | 000,001,438 | ---- | M] () -- C:\Users\Marinouh\Desktop\Google Chrome.lnk
[2013/02/14 15:46:33 | 000,001,215 | ---- | M] () -- C:\Users\Marinouh\Desktop\22find.lnk
[2013/02/14 15:45:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/14 15:45:08 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/14 15:43:47 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/02/14 15:43:42 | 739,041,279 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/14 15:42:37 | 000,000,108 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/02/14 15:42:28 | 000,001,178 | ---- | M] () -- C:\Users\Marinouh\Application Data\Microsoft\Internet Explorer\Quick Launch\22find.lnk
[2013/02/14 15:42:28 | 000,001,005 | ---- | M] () -- C:\Users\Marinouh\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/02/14 15:40:30 | 000,587,671 | ---- | M] () -- C:\Users\Marinouh\Desktop\adwcleaner0.exe
[2013/02/14 15:35:03 | 000,081,819 | ---- | M] () -- C:\Users\Marinouh\Desktop\27_le-joueur-de-pipeau.jpg
[2013/02/14 15:17:03 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/12 22:07:01 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2614940576-3810989277-3188264554-1003UA.job
[2013/02/08 11:06:54 | 001,796,784 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/08 11:06:54 | 000,802,016 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2013/02/08 11:06:54 | 000,711,282 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/08 11:06:54 | 000,156,186 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2013/02/08 11:06:54 | 000,133,150 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/07 11:16:49 | 000,000,873 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/02/07 11:04:01 | 000,185,710 | ---- | M] () -- C:\Users\Marinouh\Desktop\Sans titre.jpg
[2013/02/07 10:54:19 | 000,023,086 | ---- | M] () -- C:\Users\Marinouh\Desktop\dexter.my.bad.(2010).fre.1cd.(3855662).zip
[2013/02/05 23:07:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2614940576-3810989277-3188264554-1003Core.job
[2013/02/05 21:26:19 | 000,440,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/05 21:19:38 | 000,726,464 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Users\Marinouh\Desktop\SpyHunter-Installer.exe
[2013/02/05 20:11:22 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite
[2013/02/04 22:36:29 | 000,693,600 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/02/04 22:36:29 | 000,081,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/01/28 00:32:29 | 000,500,338 | ---- | M] () -- C:\Users\Marinouh\Desktop\angi.jpg
[4 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013/02/14 15:57:52 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2013/02/14 15:42:22 | 000,000,108 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/02/14 15:40:27 | 000,587,671 | ---- | C] () -- C:\Users\Marinouh\Desktop\adwcleaner0.exe
[2013/02/14 15:35:03 | 000,081,819 | ---- | C] () -- C:\Users\Marinouh\Desktop\27_le-joueur-de-pipeau.jpg
[2013/02/07 11:16:49 | 000,000,873 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/02/07 11:04:01 | 000,185,710 | ---- | C] () -- C:\Users\Marinouh\Desktop\Sans titre.jpg
[2013/02/07 10:54:19 | 000,023,086 | ---- | C] () -- C:\Users\Marinouh\Desktop\dexter.my.bad.(2010).fre.1cd.(3855662).zip
[2013/02/05 22:42:22 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\AdvTrayIcon.ocx
[2013/02/05 20:11:24 | 000,001,215 | ---- | C] () -- C:\Users\Marinouh\Desktop\22find.lnk
[2013/02/05 20:11:24 | 000,001,178 | ---- | C] () -- C:\Users\Marinouh\Application Data\Microsoft\Internet Explorer\Quick Launch\22find.lnk
[2013/02/05 20:11:22 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite
[2013/01/28 00:27:07 | 000,500,338 | ---- | C] () -- C:\Users\Marinouh\Desktop\angi.jpg
[2013/01/21 23:02:42 | 000,001,104 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2614940576-3810989277-3188264554-1003UA.job
[2013/01/21 23:02:39 | 000,001,052 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2614940576-3810989277-3188264554-1003Core.job
[2013/01/18 16:43:08 | 000,440,448 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/22 21:37:07 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2012/10/12 02:16:28 | 000,597,244 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012/10/12 02:16:23 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012/10/12 02:16:23 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/10/12 00:30:07 | 001,822,530 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/26 09:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012/07/26 09:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012/07/26 08:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/26 02:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012/07/25 21:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/25 21:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/06/02 15:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012/04/20 19:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2012/11/22 19:49:34 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/10/11 06:45:39 | 019,789,824 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/10/11 06:07:29 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== LOP Check ==========[/color]

[2012/11/23 11:44:02 | 000,000,000 | ---D | M] -- C:\Users\Marinouh\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/11/22 22:09:26 | 000,000,000 | ---D | M] -- C:\Users\Marinouh\AppData\Roaming\DAEMON Tools Lite
[2013/02/05 20:14:57 | 000,000,000 | ---D | M] -- C:\Users\Marinouh\AppData\Roaming\Desk 365
[2012/11/29 17:31:39 | 000,000,000 | ---D | M] -- C:\Users\Marinouh\AppData\Roaming\PCDr
[2013/02/08 19:02:32 | 000,000,000 | ---D | M] -- C:\Users\Marinouh\AppData\Roaming\uTorrent
[2012/11/22 19:21:20 | 000,000,000 | ---D | M] -- C:\Users\Marinouh\AppData\Roaming\WebApp

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color]
[2013/02/14 15:42:37 | 000,020,847 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2012/09/04 21:54:56 | 000,006,488 | -H-- | M] () -- C:\bootmenu.xml
[2012/07/26 04:44:30 | 000,398,156 | RHS- | M] () -- C:\bootmgr
[2012/06/02 15:30:55 | 000,000,001 | -HS- | M] () -- C:\BOOTNXT
[2012/10/12 02:41:35 | 000,027,118 | RH-- | M] () -- C:\dell.sdr
[2013/02/05 20:11:22 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite
[2013/02/14 15:43:42 | 739,041,279 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/12 00:02:50 | 000,001,065 | ---- | M] () -- C:\Moniteur de la technologie Intel® Turbo Boost 2.6.lnk
[2013/02/14 15:43:46 | 1811,939,328 | -HS- | M] () -- C:\pagefile.sys
[2013/02/14 15:57:52 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013/02/14 15:43:47 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]

[color=#A23BEC]< %PROGRAMFILES%\*.* >[/color]
[2012/07/26 09:11:35 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
[4 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

[color=#A23BEC]< %PROGRAMFILES%\*. >[/color]
[2012/11/22 20:41:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2012/12/10 01:23:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AVS4YOU
[2012/10/12 00:03:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cisco
[2013/02/05 20:18:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2012/10/12 00:15:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CyberLink
[2012/11/22 22:08:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DAEMON Tools Lite
[2013/02/14 15:53:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell Backup and Recovery
[2012/11/22 19:48:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell Digital Delivery
[2013/02/05 20:20:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Desk 365
[2012/12/06 14:45:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Electronic Arts
[2012/12/10 02:00:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Free FLAC to MP3 Converter
[2012/11/25 18:19:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2012/11/23 21:13:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GUM3645.tmp
[2012/11/23 21:18:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GUM48FA.tmp
[2012/12/06 14:45:23 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2012/10/12 00:08:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel
[2012/12/17 12:05:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2012/11/22 22:18:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012/11/22 22:22:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2012/11/22 22:21:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2012/11/22 22:21:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Sync Framework
[2012/11/22 22:22:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2012/11/22 22:19:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2012/12/06 14:50:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft WSE
[2012/11/22 22:21:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2012/11/22 20:38:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2012/11/22 22:23:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2012/10/11 16:46:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NVIDIA Corporation
[2013/02/05 22:42:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OneStopSoft.com
[2012/10/12 00:02:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2012/10/11 23:59:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2012/11/22 21:08:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SmartSound Software
[2012/12/06 16:16:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\uTorrent
[2013/02/05 21:09:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VS Revo Group
[2012/07/26 11:08:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2012/10/12 00:21:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2012/07/26 11:08:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2012/11/23 22:20:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2012/07/26 09:13:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Multimedia Platform
[2012/07/26 09:12:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2012/07/26 11:08:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2012/07/26 09:13:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2012/07/26 09:12:59 | 000,000,000 | -HSD | M] -- C:\Program Files (x86)\Windows Sidebar
[2012/11/22 21:21:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WinRAR

[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2012/07/26 06:00:49 | 000,063,216 | ---- | M] (Microsoft Corporation) MD5=01590377A5AB19E792528C628A2A68F9 -- C:\Windows\SysNative\drivers\AGP440.sys
[2012/07/26 06:00:49 | 000,063,216 | ---- | M] (Microsoft Corporation) MD5=01590377A5AB19E792528C628A2A68F9 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_81a4c6c9cc9d86a0\AGP440.sys
[2012/07/26 06:00:49 | 000,063,216 | ---- | M] (Microsoft Corporation) MD5=01590377A5AB19E792528C628A2A68F9 -- C:\Windows\WinSxS\amd64_machine.inf_31bf3856ad364e35_6.2.9200.16384_none_12dc94a048750f71\AGP440.sys

[color=#A23BEC]< MD5 for: APPMGMTS.DLL >[/color]
[2012/07/26 04:05:04 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=2D14788C5D0836292BEB27BBE109BE56 -- C:\Windows\WinSxS\amd64_microsoft-windows-g..oftwareinstallation_31bf3856ad364e35_6.2.9200.16384_none_da988fc8e5cdd730\appmgmts.dll
[2012/07/26 04:17:52 | 000,152,064 | ---- | M] (Microsoft Corporation) MD5=8F0F777B167CADDF9D206180B8558433 -- C:\Windows\WinSxS\wow64_microsoft-windows-g..oftwareinstallation_31bf3856ad364e35_6.2.9200.16384_none_e4ed3a1b1a2e992b\appmgmts.dll

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2012/07/26 06:00:48 | 000,025,840 | ---- | M] (Microsoft Corporation) MD5=A721FF570C2387E383BDDEA9632863C9 -- C:\Windows\SysNative\drivers\atapi.sys
[2012/07/26 06:00:48 | 000,025,840 | ---- | M] (Microsoft Corporation) MD5=A721FF570C2387E383BDDEA9632863C9 -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_69660e2be041f47b\atapi.sys
[2012/07/26 06:00:48 | 000,025,840 | ---- | M] (Microsoft Corporation) MD5=A721FF570C2387E383BDDEA9632863C9 -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.2.9200.16384_none_3601cf7eab4e0493\atapi.sys

[color=#A23BEC]< MD5 for: AUTOCHK.EXE >[/color]
[2012/07/26 04:08:17 | 000,887,296 | ---- | M] (Microsoft Corporation) MD5=490B7921C6DC58022FAA908E6310CF24 -- C:\Windows\SysNative\autochk.exe
[2012/07/26 04:08:17 | 000,887,296 | ---- | M] (Microsoft Corporation) MD5=490B7921C6DC58022FAA908E6310CF24 -- C:\Windows\WinSxS\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.2.9200.16384_none_3abd94ae4b8558e6\autochk.exe
[2012/07/26 04:20:43 | 000,792,064 | ---- | M] (Microsoft Corporation) MD5=55653D86D712641DB6930FAB64F452FF -- C:\Windows\SysWOW64\autochk.exe
[2012/07/26 04:20:43 | 000,792,064 | ---- | M] (Microsoft Corporation) MD5=55653D86D712641DB6930FAB64F452FF -- C:\Windows\WinSxS\x86_microsoft-windows-autochk_31bf3856ad364e35_6.2.9200.16384_none_de9ef92a9327e7b0\autochk.exe

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2012/07/26 03:30:19 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=9E7AEA59776D904607985AFFE7E5E183 -- C:\Windows\SysNative\drivers\beep.sys
[2012/07/26 03:30:19 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=9E7AEA59776D904607985AFFE7E5E183 -- C:\Windows\WinSxS\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.2.9200.16384_none_1cea48b791617e52\beep.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2012/01/31 18:22:06 | 000,006,952 | ---- | M] () MD5=D9A27F35D231BAC3AD58E922C7644E8B -- C:\Program Files (x86)\CyberLink\PowerDirector10\EventLog.dll

[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2012/07/26 04:50:01 | 002,114,936 | ---- | M] (Microsoft Corporation) MD5=5B6ED1B57DBFF18D405A0260559B571E -- C:\Windows\SysWOW64\explorer.exe
[2012/07/26 04:50:01 | 002,114,936 | ---- | M] (Microsoft Corporation) MD5=5B6ED1B57DBFF18D405A0260559B571E -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_b4d2f8c937e166b1\explorer.exe
[2012/07/26 05:49:13 | 002,380,440 | ---- | M] (Microsoft Corporation) MD5=928791755FDDEA721B053535EF84FA17 -- C:\Windows\explorer.exe
[2012/07/26 05:49:13 | 002,380,440 | ---- | M] (Microsoft Corporation) MD5=928791755FDDEA721B053535EF84FA17 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_aa7e4e770380a4b6\explorer.exe

[color=#A23BEC]< MD5 for: HIDSERV.DLL >[/color]
[2012/07/26 04:18:34 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=C0A9999E5B4C1953C6B07CD9105B41FD -- C:\Windows\SysWOW64\hidserv.dll
[2012/07/26 04:18:34 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=C0A9999E5B4C1953C6B07CD9105B41FD -- C:\Windows\WinSxS\wow64_microsoft-windows-hid-user_31bf3856ad364e35_6.2.9200.16384_none_39ca9a244593a029\hidserv.dll
[2012/07/26 04:05:46 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=FAC37D7B3D6354A5A5E19A45B50B4008 -- C:\Windows\SysNative\hidserv.dll
[2012/07/26 04:05:46 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=FAC37D7B3D6354A5A5E19A45B50B4008 -- C:\Windows\WinSxS\amd64_microsoft-windows-hid-user_31bf3856ad364e35_6.2.9200.16384_none_2f75efd21132de2e\hidserv.dll

[color=#A23BEC]< MD5 for: IASTORV.SYS >[/color]
[2012/07/26 06:00:52 | 000,411,888 | ---- | M] (Intel Corporation) MD5=5E394EBD26FD68AA9300332C46BEDD62 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2012/07/26 06:00:52 | 000,411,888 | ---- | M] (Intel Corporation) MD5=5E394EBD26FD68AA9300332C46BEDD62 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_819876bbe5c3b25f\iaStorV.sys
[2012/07/26 06:00:52 | 000,411,888 | ---- | M] (Intel Corporation) MD5=5E394EBD26FD68AA9300332C46BEDD62 -- C:\Windows\WinSxS\amd64_iastorv.inf_31bf3856ad364e35_6.2.9200.16384_none_07daf9dd118c3086\iaStorV.sys

[color=#A23BEC]< MD5 for: IMM32.DLL >[/color]
[2012/07/26 03:27:28 | 000,121,344 | ---- | M] (Microsoft Corporation) MD5=51E886381803D55926A6D50643B9436C -- C:\Windows\SysWOW64\imm32.dll
[2012/07/26 03:27:28 | 000,121,344 | ---- | M] (Microsoft Corporation) MD5=51E886381803D55926A6D50643B9436C -- C:\Windows\WinSxS\wow64_microsoft-windows-imm32_31bf3856ad364e35_6.2.9200.16384_none_bf746fcd388ff4f4\imm32.dll
[2012/07/26 04:05:49 | 000,213,504 | ---- | M] (Microsoft Corporation) MD5=DA66D6D4A0B77D57F5CF449B1231010F -- C:\Windows\SysNative\imm32.dll
[2012/07/26 04:05:49 | 000,213,504 | ---- | M] (Microsoft Corporation) MD5=DA66D6D4A0B77D57F5CF449B1231010F -- C:\Windows\WinSxS\amd64_microsoft-windows-imm32_31bf3856ad364e35_6.2.9200.16384_none_b51fc57b042f32f9\imm32.dll

[color=#A23BEC]< MD5 for: KERNEL32.DLL >[/color]
[2012/07/26 03:19:21 | 000,974,848 | ---- | M] (Microsoft Corporation) MD5=1C5F50F98291B7545391BB57C406E615 -- C:\Windows\SysWOW64\kernel32.dll
[2012/07/26 03:19:21 | 000,974,848 | ---- | M] (Microsoft Corporation) MD5=1C5F50F98291B7545391BB57C406E615 -- C:\Windows\WinSxS\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.2.9200.16384_none_f6dc36f8147080a0\kernel32.dll
[2012/07/26 04:05:55 | 001,256,960 | ---- | M] (Microsoft Corporation) MD5=3C6933B638BB812F4084CF44AE698704 -- C:\Windows\SysNative\kernel32.dll
[2012/07/26 04:05:55 | 001,256,960 | ---- | M] (Microsoft Corporation) MD5=3C6933B638BB812F4084CF44AE698704 -- C:\Windows\WinSxS\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.2.9200.16384_none_ec878ca5e00fbea5\kernel32.dll

[color=#A23BEC]< MD5 for: MSWSOCK.DLL >[/color]
[2012/07/26 04:19:18 | 000,289,280 | ---- | M] (Microsoft Corporation) MD5=91A885DCA0639D555AB26132BFFC0785 -- C:\Windows\SysWOW64\mswsock.dll
[2012/07/26 04:19:18 | 000,289,280 | ---- | M] (Microsoft Corporation) MD5=91A885DCA0639D555AB26132BFFC0785 -- C:\Windows\WinSxS\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.2.9200.16384_none_b4fe62e6feb2834f\mswsock.dll
[2012/07/26 04:06:30 | 000,355,328 | ---- | M] (Microsoft Corporation) MD5=F4948E3A3CC52364B6583B74A4239A38 -- C:\Windows\SysNative\mswsock.dll
[2012/07/26 04:06:30 | 000,355,328 | ---- | M] (Microsoft Corporation) MD5=F4948E3A3CC52364B6583B74A4239A38 -- C:\Windows\WinSxS\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.2.9200.16384_none_111cfe6ab70ff485\mswsock.dll

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2012/09/20 07:41:48 | 001,001,192 | ---- | M] (Microsoft Corporation) MD5=865A110A0F7BE89063BE82245A9F2706 -- C:\Windows\WinSxS\amd64_microsoft-windows-ndis-minwin_31bf3856ad364e35_6.2.9200.20521_none_b2e6a2f4cabfeafa\ndis.sys
[2012/07/26 06:26:47 | 001,000,688 | ---- | M] (Microsoft Corporation) MD5=EAB473DFB958489D3145FE4DD5F5E77B -- C:\Windows\WinSxS\amd64_microsoft-windows-ndis-minwin_31bf3856ad364e35_6.2.9200.16384_none_b21f2599b1d041b4\ndis.sys
[2012/09/20 09:04:35 | 001,001,192 | ---- | M] (Microsoft Corporation) MD5=FE6463C1574610E26ED8DE2054DF59A4 -- C:\Windows\SysNative\drivers\ndis.sys
[2012/09/20 09:04:35 | 001,001,192 | ---- | M] (Microsoft Corporation) MD5=FE6463C1574610E26ED8DE2054DF59A4 -- C:\Windows\WinSxS\amd64_microsoft-windows-ndis-minwin_31bf3856ad364e35_6.2.9200.16420_none_b25c05dfb1a331d9\ndis.sys

[color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color]
[2012/07/26 04:19:22 | 000,634,368 | ---- | M] (Microsoft Corporation) MD5=EEF9DA64D7B1DD51FB8AB9EFCC560E3E -- C:\Windows\SysWOW64\netlogon.dll
[2012/07/26 04:19:22 | 000,634,368 | ---- | M] (Microsoft Corporation) MD5=EEF9DA64D7B1DD51FB8AB9EFCC560E3E -- C:\Windows\WinSxS\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.2.9200.16384_none_60d608f9f61ee049\netlogon.dll
[2012/07/26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) MD5=FDC70965F0FC9DFEBC919627DED5DDFF -- C:\Windows\SysNative\netlogon.dll
[2012/07/26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) MD5=FDC70965F0FC9DFEBC919627DED5DDFF -- C:\Windows\WinSxS\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.2.9200.16384_none_56815ea7c1be1e4e\netlogon.dll

[color=#A23BEC]< MD5 for: NTFS.SYS >[/color]
[2012/07/26 06:26:46 | 001,934,064 | ---- | M] (Microsoft Corporation) MD5=4A7EEA9C4AD5CBFDA3C0E5B821C99CAD -- C:\Windows\SysNative\drivers\ntfs.sys
[2012/07/26 06:26:46 | 001,934,064 | ---- | M] (Microsoft Corporation) MD5=4A7EEA9C4AD5CBFDA3C0E5B821C99CAD -- C:\Windows\WinSxS\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.2.9200.16384_none_ff3ad121a6afcf8a\ntfs.sys

[color=#A23BEC]< MD5 for: NVSTOR.SYS >[/color]
[2012/07/26 06:00:55 | 000,168,176 | ---- | M] (NVIDIA Corporation) MD5=27AFC428D1D32ABD04A86763A4EDDEA9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2012/07/26 06:00:55 | 000,168,176 | ---- | M] (NVIDIA Corporation) MD5=27AFC428D1D32ABD04A86763A4EDDEA9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_7ba65ba4b222e751\nvstor.sys
[2012/07/26 06:00:55 | 000,168,176 | ---- | M] (NVIDIA Corporation) MD5=27AFC428D1D32ABD04A86763A4EDDEA9 -- C:\Windows\WinSxS\amd64_nvraid.inf_31bf3856ad364e35_6.2.9200.16384_none_92a46a8c48c2da5e\nvstor.sys

[color=#A23BEC]< MD5 for: PROQUOTA.EXE >[/color]
[2012/07/26 04:08:36 | 000,032,256 | ---- | M] (Microsoft Corporation) MD5=5E3A61CE8F1CE3A166FFD76425CB6340 -- C:\Windows\SysNative\proquota.exe
[2012/07/26 04:08:36 | 000,032,256 | ---- | M] (Microsoft Corporation) MD5=5E3A61CE8F1CE3A166FFD76425CB6340 -- C:\Windows\WinSxS\amd64_microsoft-windows-proquota_31bf3856ad364e35_6.2.9200.16384_none_80909f3c1c295de0\proquota.exe
[2012/07/26 04:20:53 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=B7D1E1915AA8A55E2FAF56BC3B524C48 -- C:\Windows\SysWOW64\proquota.exe
[2012/07/26 04:20:53 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=B7D1E1915AA8A55E2FAF56BC3B524C48 -- C:\Windows\WinSxS\x86_microsoft-windows-proquota_31bf3856ad364e35_6.2.9200.16384_none_247203b863cbecaa\proquota.exe

[color=#A23BEC]< MD5 for: QMGR.DLL >[/color]
[2012/07/26 04:07:01 | 000,826,368 | ---- | M] (Microsoft Corporation) MD5=D598C44A7072D3108D8D8102EC5E07F7 -- C:\Windows\SysNative\qmgr.dll
[2012/07/26 04:07:01 | 000,826,368 | ---- | M] (Microsoft Corporation) MD5=D598C44A7072D3108D8D8102EC5E07F7 -- C:\Windows\WinSxS\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.2.9200.16384_none_7c5a6c5183364183\qmgr.dll

[color=#A23BEC]< MD5 for: SCECLI.DLL >[/color]
[2012/07/26 04:07:07 | 000,224,768 | ---- | M] (Microsoft Corporation) MD5=4F6E1CA672370A9BCAC049CE3AB7F666 -- C:\Windows\SysNative\scecli.dll
[2012/07/26 04:07:07 | 000,224,768 | ---- | M] (Microsoft Corporation) MD5=4F6E1CA672370A9BCAC049CE3AB7F666 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.2.9200.16384_none_90d789c062dfa509\scecli.dll
[2012/07/26 04:19:52 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=B95DC83FF580DD92F487C2F4D0854B6A -- C:\Windows\SysWOW64\scecli.dll
[2012/07/26 04:19:52 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=B95DC83FF580DD92F487C2F4D0854B6A -- C:\Windows\WinSxS\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.2.9200.16384_none_9b2c341297406704\scecli.dll

[color=#A23BEC]< MD5 for: SPOOLSV.EXE >[/color]
[2012/07/26 04:08:47 | 000,769,024 | ---- | M] (Microsoft Corporation) MD5=3F215BF2D4D8D6756298B25B579772C2 -- C:\Windows\SysNative\spoolsv.exe
[2012/07/26 04:08:47 | 000,769,024 | ---- | M] (Microsoft Corporation) MD5=3F215BF2D4D8D6756298B25B579772C2 -- C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.2.9200.16384_none_2f154a864b4cfb0d\spoolsv.exe

[color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color]
[2012/07/26 04:20:58 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=0A175AF8B65797BD22C11903A8BFEB2D -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16384_none_b2666581d6b482a6\svchost.exe
[2012/07/26 04:08:47 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=57350BEDE3834915B6145B67C71C7BDA -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16384_none_0e8501058f11f3dc\svchost.exe
[2012/09/20 07:33:14 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=607F7CB143783A8F9BA058D2FC4F2D36 -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.20521_none_0f4c7e60a8019d22\svchost.exe
[2012/09/20 06:55:26 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=A46DC432F81473F526E3994AA483E366 -- C:\Windows\SysWOW64\svchost.exe
[2012/09/20 06:55:26 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=A46DC432F81473F526E3994AA483E366 -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16420_none_b2a345c7d68772cb\svchost.exe
[2012/09/20 07:33:52 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=EDE27EACE742EE2888C5DD36400A2EC0 -- C:\Windows\SysNative\svchost.exe
[2012/09/20 07:33:52 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=EDE27EACE742EE2888C5DD36400A2EC0 -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16420_none_0ec1e14b8ee4e401\svchost.exe
[2012/09/20 06:56:27 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=EEF5E64822C3E21B186EA53463BE92DA -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.20521_none_b32de2dcefa42bec\svchost.exe

[color=#A23BEC]< MD5 for: TERMSRV.DLL >[/color]
[2012/07/26 04:07:29 | 000,723,968 | ---- | M] (Microsoft Corporation) MD5=541EE228D0DEF392F7B2DFD885DD021B -- C:\Windows\SysNative\termsrv.dll
[2012/07/26 04:07:29 | 000,723,968 | ---- | M] (Microsoft Corporation) MD5=541EE228D0DEF392F7B2DFD885DD021B -- C:\Windows\WinSxS\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.2.9200.16384_none_e768e92cde084d59\termsrv.dll

[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color]
[2012/07/26 04:08:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E925F7BA032920D58DD284B6181A247 -- C:\Windows\SysNative\userinit.exe
[2012/07/26 04:08:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E925F7BA032920D58DD284B6181A247 -- C:\Windows\WinSxS\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_34f2617a5b742e02\userinit.exe
[2012/07/26 04:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows\SysWOW64\userinit.exe
[2012/07/26 04:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows\WinSxS\x86_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_d8d3c5f6a316bccc\userinit.exe

[color=#A23BEC]< MD5 for: VOLSNAP.SYS >[/color]
[2012/07/26 05:57:09 | 000,332,016 | ---- | M] (Microsoft Corporation) MD5=2FB3CDFD5EAF4CD9D4AFAF96877D13AE -- C:\Windows\SysNative\drivers\volsnap.sys
[2012/07/26 05:57:09 | 000,332,016 | ---- | M] (Microsoft Corporation) MD5=2FB3CDFD5EAF4CD9D4AFAF96877D13AE -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_9d78abd6ac3df11c\volsnap.sys
[2012/07/26 05:57:09 | 000,332,016 | ---- | M] (Microsoft Corporation) MD5=2FB3CDFD5EAF4CD9D4AFAF96877D13AE -- C:\Windows\WinSxS\amd64_volume.inf_31bf3856ad364e35_6.2.9200.16384_none_6e805ee585d930c4\volsnap.sys

[color=#A23BEC]< MD5 for: WININET.DLL >[/color]
[2012/11/08 05:25:35 | 001,775,104 | ---- | M] (Microsoft Corporation) MD5=314E662DD78AF3F7766BA25162BEEEDA -- C:\Windows\SysWOW64\wininet.dll
[2012/11/08 05:25:35 | 001,775,104 | ---- | M] (Microsoft Corporation) MD5=314E662DD78AF3F7766BA25162BEEEDA -- C:\Windows\WinSxS\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.0.9200.16453_none_450eb6ff27d2ee7b\wininet.dll
[2012/07/26 04:07:56 | 002,246,656 | ---- | M] (Microsoft Corporation) MD5=3DA7E6053DB9BE3EADC70CE20B1FB92B -- C:\Windows\WinSxS\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.0.9200.16384_none_a13b0c84e025a966\wininet.dll
[2012/12/20 01:31:25 | 001,775,616 | ---- | M] (Microsoft Corporation) MD5=3F12C9EA3E3821065C544943132B188F -- C:\Windows\SoftwareDistribution\Download\6a31ae56eb9fbf459b8d9033c2c30a1d\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.0.9200.20589_none_2e38b8a541804fec\wininet.dll
[2012/09/20 06:56:01 | 001,775,616 | ---- | M] (Microsoft Corporation) MD5=3F9494D8D4B8A2FAB574F9EC63848E41 -- C:\Windows\WinSxS\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.0.9200.20521_none_2e336d294184eada\wininet.dll
[2012/09/20 07:32:42 | 002,246,656 | ---- | M] (Microsoft Corporation) MD5=74044D78CEF55EAEA8493AF48DC2A608 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.0.9200.20521_none_8a5208acf9e25c10\wininet.dll
[2012/11/08 05:25:33 | 001,775,104 | ---- | M] (Microsoft Corporation) MD5=7B51707073DE6128FC8ED3C60D855D6D -- C:\Windows\WinSxS\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.0.9200.20557_none_2e35e5574182d0a5\wininet.dll
[2012/09/20 06:55:02 | 001,775,616 | ---- | M] (Microsoft Corporation) MD5=892AD406F3C57897E6015A959ACF447C -- C:\Windows\WinSxS\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.0.9200.16420_none_450bfa7927d55593\wininet.dll
[2012/12/20 01:20:03 | 002,246,656 | ---- | M] (Microsoft Corporation) MD5=932B20855A5A66639FEA5C72B149DE6B -- C:\Windows\SoftwareDistribution\Download\6a31ae56eb9fbf459b8d9033c2c30a1d\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.0.9200.20589_none_8a575428f9ddc122\wininet.dll
[2012/11/08 05:22:19 | 002,246,656 | ---- | M] (Microsoft Corporation) MD5=AAEF73606F58ADE710208F4B1B988FBF -- C:\Windows\SysNative\wininet.dll
[2012/11/08 05:22:19 | 002,246,656 | ---- | M] (Microsoft Corporation) MD5=AAEF73606F58ADE710208F4B1B988FBF -- C:\Windows\WinSxS\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.0.9200.16453_none_a12d5282e0305fb1\wininet.dll
[2012/12/20 01:29:16 | 002,246,656 | ---- | M] (Microsoft Corporation) MD5=BDE820861D8107C67E182DF66A27074F -- C:\Windows\SoftwareDistribution\Download\6a31ae56eb9fbf459b8d9033c2c30a1d\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.0.9200.16484_none_a1303c98e02dc557\wininet.dll
[2012/07/26 04:20:25 | 001,775,104 | ---- | M] (Microsoft Corporation) MD5=C024001390FBA48FD77605E90E42FBE7 -- C:\Windows\WinSxS\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.0.9200.16384_none_451c710127c83830\wininet.dll
[2012/12/20 01:37:37 | 001,775,616 | ---- | M] (Microsoft Corporation) MD5=E4ED4BC8759829BCEB9CE9CA88A64784 -- C:\Windows\SoftwareDistribution\Download\6a31ae56eb9fbf459b8d9033c2c30a1d\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.0.9200.16484_none_4511a11527d05421\wininet.dll
[2012/11/08 05:26:56 | 002,246,656 | ---- | M] (Microsoft Corporation) MD5=F597C8DFDF2AB23076D884BD8D8BFB97 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.0.9200.20557_none_8a5480daf9e041db\wininet.dll
[2012/09/20 07:33:18 | 002,246,656 | ---- | M] (Microsoft Corporation) MD5=FD0F320A1C7C16A1A20F78BCA4F9D730 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.0.9200.16420_none_a12a95fce032c6c9\wininet.dll

[color=#A23BEC]< MD5 for: WININIT.EXE >[/color]
[2012/07/26 04:08:50 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=FE9AB232B56A12224E8A3F3F9878C9A3 -- C:\Windows\SysNative\wininit.exe
[2012/07/26 04:08:50 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=FE9AB232B56A12224E8A3F3F9878C9A3 -- C:\Windows\WinSxS\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.2.9200.16384_none_89bc60338e14dc99\wininit.exe

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2012/09/20 07:33:55 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=1F84B5F8DBDFFD36DF143C61CE25F12A -- C:\Windows\SysNative\winlogon.exe
[2012/09/20 07:33:55 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=1F84B5F8DBDFFD36DF143C61CE25F12A -- C:\Windows\SysNative\winlogon.exe
[2012/09/20 07:33:55 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=1F84B5F8DBDFFD36DF143C61CE25F12A -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16420_none_c8c988c15e88a211\winlogon.exe
[2012/09/20 07:33:55 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=1F84B5F8DBDFFD36DF143C61CE25F12A -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16420_none_c8c988c15e88a211\winlogon.exe
[2012/09/20 07:33:17 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=6522E98C94A2A81AE11EB66D2AF5743A -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20521_none_c95425d677a55b32\winlogon.exe
[2012/09/20 07:33:17 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=6522E98C94A2A81AE11EB66D2AF5743A -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20521_none_c95425d677a55b32\winlogon.exe
[2012/07/26 04:08:50 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=93AB226C07A9789B2EC7B41F73602F76 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16384_none_c88ca87b5eb5b1ec\winlogon.exe
[2012/07/26 04:08:50 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=93AB226C07A9789B2EC7B41F73602F76 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16384_none_c88ca87b5eb5b1ec\winlogon.exe

[color=#A23BEC]< MD5 for: WS2_32.DLL >[/color]
[2012/07/26 06:26:48 | 000,345,088 | ---- | M] (Microsoft Corporation) MD5=2E5B349ACDA36C20612795754DB93312 -- C:\Windows\SysNative\ws2_32.dll
[2012/07/26 06:26:48 | 000,345,088 | ---- | M] (Microsoft Corporation) MD5=2E5B349ACDA36C20612795754DB93312 -- C:\Windows\WinSxS\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.2.9200.16384_none_4b815827581a3bbb\ws2_32.dll
[2012/07/26 04:20:38 | 000,310,784 | ---- | M] (Microsoft Corporation) MD5=B3CC9EDFD97F7087013A9A47089DF571 -- C:\Windows\SysWOW64\ws2_32.dll
[2012/07/26 04:20:38 | 000,310,784 | ---- | M] (Microsoft Corporation) MD5=B3CC9EDFD97F7087013A9A47089DF571 -- C:\Windows\WinSxS\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.2.9200.16384_none_ef62bca39fbcca85\ws2_32.dll

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s >[/color]
"" = mnmsrvc
"Required" = DebugWindows [binary data]
"Debug" =
"Posix" = %SystemRoot%\system32\psxss.exe
"Kmode" = \SystemRoot\System32\win32k.sys
"Optional" = Posix [binary data]
"Windows" = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2012/07/26 04:19:38 | 000,079,360 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\system32\olepro32.dll
[2012/07/26 04:19:52 | 000,156,160 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\system32\scrrun.dll

[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]

[color=#A23BEC]< c:\$recycle.bin\*.* /s >[/color]
[2013/02/05 23:05:57 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2614940576-3810989277-3188264554-1003\$I04IGGZ.flv
[2013/02/05 22:38:43 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2614940576-3810989277-3188264554-1003\$I0FT25N.crdownload
[2013/01/28 00:56:09 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2614940576-3810989277-3188264554-1003\$I0NRCPA.jpg
[2013/02/07 08:33:19 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2614940576-3810989277-3188264554-1003\$I0YXPF7.exe
[2013/02/05 20:01:59 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2614940576-3810989277-3188264554-1003\$I1CLGXD.jpg
[2013/01/28 00:56:09 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2614940576-3810989277-3188264554-1003\$I7JOFE9.jpg
[2013/02/05 20:02:11 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2614940576-3810989277-3188264554-1003\$I7P0GNV.jpg
[2012/12/12 12:50:37 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2614940576-3810989277-3188264554-1003\$I7R6EAW.docx
[2013/02/05 20:01:59 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2614940576-3810989277-3188264554-1003\$I8RJAK7.jpg
[2013/02/05 23:06:25 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2614940576-3810989277-3188264554-1003\$IBLFN90.flv
[2013/01/10 17:22:28 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2614940576-3810989277-3188264554-1003\$ICWA5UW.docx
[2013/02/05 20:02:11 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2614940576-3810989277-3188264554-1003\$IHE99P8.png
[2013/02/05 20:02:11 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2614940576-3810989277-3188264554-1003\$IJPWNB4.jpg
[2013/02/05 20:21:40 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2614940576-3810989277-3188264554-1003\$IKIV9TD.lnk
[2013/02/05 20:02:11 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2614940576-3810989277-3188264554-1003\$ILSNSRY.jpg
[2013/02/05 23:05:55 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2614940576-3810989277-3188264554-1003\$IN3IF8J.flv
[2013/02/05 23:05:58 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2614940576-3810989277-3188264554-1003\$IP77ZA2.flv
[2013/02/05 20:02:11 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2614940576-3810989277-3188264554-1003\$IPXBBET.jpg
[2013/02/05 23:12:29 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2614940576-3810989277-3188264554-1003\$IQHJRHX.flv
[2013/02/05 20:02:11 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2614940576-3810989277-3188264554-1003\$IQXYRPV.png
[2013/01/28 00:56:09 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2614940576-3810989277-3188264554-1003\$IR48P1X.jpg
[2013/01/28 00:56:09 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2614940576-3810989277-3188264554-1003\$IRNF4XL.jpg
[2013/02/05 20:02:11 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2614940576-3810989277-3188264554-1003\$IS2N6R5.jpg
[2013/01/28 00:56:09 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2614940576-3810989277-3188264554-1003\$ISQ2HAE.jpg
[2013/02/05 20:15:58 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2614940576-3810989277-3188264554-1003\$ITX0CZ9.exe
[2013/02/05 20:02:11 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2614940576-3810989277-3188264554-1003\$IYMICMY.jpg
[2013/02/05 23:04:47 | 000,000,000 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2614940576-3810989277-3188264554-1003\$R04IGGZ.flv
[2013/02/05 20:11:16 | 418,097,008 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2614940576-3810989277-3188264554-1003\$R0FT25N.crdownload
[2013/01/28 00:35:03 | 000,042,386 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2614940576-3810989277-3188264554-1003\$R0NRCPA.jpg
[2013/01/31 18:12:11 | 000,036,054 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2614940576-3810989277-3188264554-1003\$R1CLGXD.jpg
[2013/01/28 00:35:32 | 000,160,416 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2614940576-3810989277-3188264554-1003\$R7JOFE9.jpg
[2013/01/31 17:56:58 | 000,057,689 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2614940576-3810989277-3188264554-1003\$R7P0GNV.jpg
[2013/01/31 18:09:56 | 000,051,050 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2614940576-3810989277-3188264554-1003\$R8RJAK7.jpg
[2013/02/05 23:04:51 | 000,002,048 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2614940576-3810989277-3188264554-1003\$RBLFN90.flv
[2013/01/31 17:55:24 | 000,107,327 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2614940576-3810989277-3188264554-1003\$RHE99P8.png
[2013/01/31 18:09:56 | 000,051,050 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2614940576-3810989277-3188264554-1003\$RJPWNB4.jpg
[2013/01/31 17:59:45 | 000,039,308 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2614940576-3810989277-3188264554-1003\$RLSNSRY.jpg
[2013/02/05 23:04:48 | 000,000,000 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2614940576-3810989277-3188264554-1003\$RN3IF8J.flv
[2013/02/05 23:04:51 | 000,002,048 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2614940576-3810989277-3188264554-1003\$RP77ZA2.flv
[2013/01/31 17:35:35 | 000,026,069 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2614940576-3810989277-3188264554-1003\$RPXBBET.jpg
[2013/02/05 23:06:41 | 000,002,048 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2614940576-3810989277-3188264554-1003\$RQHJRHX.flv
[2013/02/03 22:05:29 | 000,092,637 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2614940576-3810989277-3188264554-1003\$RQXYRPV.png
[2013/01/28 00:34:46 | 000,105,332 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2614940576-3810989277-3188264554-1003\$RR48P1X.jpg
[2013/01/28 00:34:29 | 000,136,772 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2614940576-3810989277-3188264554-1003\$RRNF4XL.jpg
[2013/01/31 18:12:11 | 000,036,054 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2614940576-3810989277-3188264554-1003\$RS2N6R5.jpg
[2013/01/28 00:35:12 | 000,016,922 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2614940576-3810989277-3188264554-1003\$RSQ2HAE.jpg
[2013/02/05 20:00:48 | 000,145,594 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2614940576-3810989277-3188264554-1003\$RTX0CZ9.exe
[2013/01/31 17:37:00 | 000,023,378 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2614940576-3810989277-3188264554-1003\$RYMICMY.jpg
[2012/11/22 18:29:00 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-2614940576-3810989277-3188264554-1003\desktop.ini
[2012/10/12 00:20:55 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-2614940576-3810989277-3188264554-500\desktop.ini
[2012/07/26 08:22:10 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2012/11/25 18:12:09 | 000,001,082 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012/11/25 18:12:10 | 000,001,086 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013/01/21 23:02:39 | 000,001,052 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2614940576-3810989277-3188264554-1003Core.job
[2013/01/21 23:02:42 | 000,001,104 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2614940576-3810989277-3188264554-1003UA.job

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:88050731

< End of report >

Publicité

Signaler le contenu de ce document

Publicité