cjoint

Publicité

Cliquez pour partager vos propres fichiers

Publicité

Commentaire : GdesBois

Format du document : text/plain

Prévisualisation

ÿþOTL logfile created on: 06/09/2016 18:58:09 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Aurélie\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.17607)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

7,82 Gb Total Physical Memory | 5,79 Gb Available Physical Memory | 74,10% Memory free
9,32 Gb Paging File | 6,72 Gb Available in Paging File | 72,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 680,39 Gb Total Space | 201,87 Gb Free Space | 29,67% Space Free | Partition Type: NTFS

Computer Name: METWO | User Name: Aurélie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2016/09/06 18:55:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Aurélie\Downloads\OTL.exe
PRC - [2016/09/06 18:38:10 | 015,414,960 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\RegHunter\Downloads\RHSetup.exe
PRC - [2016/08/30 21:37:02 | 000,288,920 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
PRC - [2016/08/03 02:20:56 | 000,961,352 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2016/04/06 00:26:13 | 000,144,008 | ---- | M] (© 2015 Microsoft Corporation) -- C:\Users\Aurélie\AppData\Local\Microsoft\BingSvc\BingSvc.exe
PRC - [2013/12/21 12:29:14 | 000,755,080 | ---- | M] (Samsung) -- C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
PRC - [2013/07/02 10:16:32 | 000,507,264 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2012/11/03 02:36:24 | 000,624,192 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
PRC - [2012/08/23 01:04:22 | 000,025,232 | ---- | M] () -- C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
PRC - [2012/08/23 01:04:20 | 000,044,176 | ---- | M] () -- C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
PRC - [2012/07/17 11:10:32 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012/07/17 11:10:30 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012/07/17 11:10:16 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2016/08/03 02:24:15 | 001,771,336 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
MOD - [2016/08/03 02:23:49 | 000,094,024 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll
MOD - [2016/08/03 01:54:39 | 017,602,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\PepperFlash\pepflashplayer.dll
MOD - [2015/12/23 19:34:38 | 012,438,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f44084b9b8111c211ae70e63299fc0be\System.Windows.Forms.ni.dll
MOD - [2015/10/03 14:04:00 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\7ce9cd39367910f8322619a69ba28a85\System.Drawing.ni.dll
MOD - [2014/11/02 11:04:27 | 007,991,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9188b682a091faf275c0294fe77ccbf3\System.ni.dll
MOD - [2014/09/14 21:58:07 | 011,500,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b9d3e6f3fe8936deb2f1defb3a205f9a\mscorlib.ni.dll
MOD - [2012/11/03 02:38:02 | 000,465,384 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
MOD - [2012/08/23 01:04:22 | 000,025,232 | ---- | M] () -- C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
MOD - [2012/08/23 01:04:20 | 000,044,176 | ---- | M] () -- C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2016/02/09 19:54:44 | 001,042,304 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV:[b]64bit:[/b] - [2015/12/04 16:51:13 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:[b]64bit:[/b] - [2015/11/16 16:26:38 | 000,439,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:[b]64bit:[/b] - [2015/07/06 18:16:09 | 000,016,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:[b]64bit:[/b] - [2015/03/18 15:22:58 | 000,616,288 | ---- | M] (Copyright 2013 SAMSUNG) [Auto | Running] -- C:\Program Files\Samsung\Samsung Link\Samsung Link.exe -- (Samsung Link Service)
SRV:[b]64bit:[/b] - [2014/11/06 09:09:55 | 002,676,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:[b]64bit:[/b] - [2014/07/07 07:52:33 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:[b]64bit:[/b] - [2013/12/21 12:31:20 | 000,404,360 | ---- | M] (Samsung) [Auto | Running] -- C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe -- (AllShare Framework DMS)
SRV:[b]64bit:[/b] - [2013/08/16 07:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:[b]64bit:[/b] - [2013/06/01 11:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:[b]64bit:[/b] - [2013/05/04 08:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:[b]64bit:[/b] - [2013/05/04 08:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:[b]64bit:[/b] - [2013/03/02 04:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:[b]64bit:[/b] - [2013/03/02 04:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:[b]64bit:[/b] - [2013/01/10 01:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:[b]64bit:[/b] - [2012/11/17 00:07:20 | 000,469,648 | ---- | M] (Acer Incorporated) [On_Demand | Stopped] -- C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe -- (DeviceFastLaneService)
SRV:[b]64bit:[/b] - [2012/10/23 12:26:26 | 000,658,064 | ---- | M] (Acer Incorporated) [On_Demand | Running] -- C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:[b]64bit:[/b] - [2012/09/20 08:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:[b]64bit:[/b] - [2012/07/26 05:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:[b]64bit:[/b] - [2012/07/26 05:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:[b]64bit:[/b] - [2012/07/26 05:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:[b]64bit:[/b] - [2012/07/26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:[b]64bit:[/b] - [2012/07/26 05:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:[b]64bit:[/b] - [2012/07/26 05:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:[b]64bit:[/b] - [2012/07/26 05:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:[b]64bit:[/b] - [2012/07/26 05:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:[b]64bit:[/b] - [2012/07/26 05:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:[b]64bit:[/b] - [2012/07/26 05:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:[b]64bit:[/b] - [2012/07/26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:[b]64bit:[/b] - [2012/07/26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:[b]64bit:[/b] - [2012/07/26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:[b]64bit:[/b] - [2012/07/26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:[b]64bit:[/b] - [2012/07/26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:[b]64bit:[/b] - [2012/07/26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:[b]64bit:[/b] - [2012/04/20 15:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2014/11/06 09:09:55 | 002,676,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013/11/24 14:46:30 | 000,816,208 | ---- | M] (MooSoft Development LLC) [Disabled | Stopped] -- C:\Program Files (x86)\The Cleaner\mhelper.exe -- (moohelp)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/12 02:32:06 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013/03/12 02:06:28 | 000,093,296 | ---- | M] (Dritek System INC.) [Disabled | Stopped] -- C:\Windows\RfBtnSvc64.exe -- (RfButtonDriverService)
SRV - [2013/01/28 14:47:24 | 000,227,456 | ---- | M] (Qualcomm Atheros Commnucations) [Disabled | Stopped] -- C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2012/12/10 10:39:09 | 000,350,544 | ---- | M] (Dritek System Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2012/11/03 02:36:52 | 000,259,136 | ---- | M] (NTI Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2012/10/23 05:37:58 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/07/26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/17 11:10:32 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/17 11:10:30 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/07/17 11:10:16 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/07/12 06:10:24 | 000,174,160 | ---- | M] (Egis Technology Inc. ) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2016/07/22 05:51:40 | 000,164,992 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudmdm.sys -- (ssudmdm)
DRV:[b]64bit:[/b] - [2016/07/22 05:51:36 | 000,130,688 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudbus.sys -- (dg_ssudbus)
DRV:[b]64bit:[/b] - [2015/07/06 18:16:32 | 000,044,560 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:[b]64bit:[/b] - [2015/07/06 16:32:07 | 000,281,944 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:[b]64bit:[/b] - [2015/03/04 09:29:17 | 000,361,280 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:[b]64bit:[/b] - [2014/12/18 10:51:28 | 000,096,576 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:[b]64bit:[/b] - [2014/11/01 20:20:59 | 000,015,920 | ---- | M] (Enigma Software Group USA, LLC.) [Kernel | On_Demand | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:[b]64bit:[/b] - [2014/11/01 20:20:58 | 000,022,704 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\EsgScanner.sys -- (EsgScanner)
DRV:[b]64bit:[/b] - [2014/09/12 20:22:04 | 000,044,632 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\{6eaeb8af-e4d9-4df5-b9d7-815f2928cdf7}w64.sys -- ({6eaeb8af-e4d9-4df5-b9d7-815f2928cdf7}w64)
DRV:[b]64bit:[/b] - [2014/07/24 15:50:54 | 000,447,296 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:[b]64bit:[/b] - [2013/10/05 08:10:20 | 000,285,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:[b]64bit:[/b] - [2013/08/16 07:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:[b]64bit:[/b] - [2013/08/10 08:30:22 | 000,151,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:[b]64bit:[/b] - [2013/07/25 17:53:46 | 000,023,040 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\netaapl64.sys -- (Netaapl)
DRV:[b]64bit:[/b] - [2013/07/09 10:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:[b]64bit:[/b] - [2013/07/02 03:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:[b]64bit:[/b] - [2013/07/02 03:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:[b]64bit:[/b] - [2013/06/29 08:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2013/06/01 05:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:[b]64bit:[/b] - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)
DRV:[b]64bit:[/b] - [2013/03/12 02:06:28 | 000,026,736 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\aPs2Kb2Hid.sys -- (Ps2Kb2Hid)
DRV:[b]64bit:[/b] - [2013/03/02 12:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:[b]64bit:[/b] - [2013/03/02 12:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:[b]64bit:[/b] - [2013/01/28 14:23:28 | 000,581,200 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btfilter.sys -- (BtFilter)
DRV:[b]64bit:[/b] - [2013/01/28 14:23:24 | 000,136,424 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:[b]64bit:[/b] - [2013/01/28 14:23:24 | 000,077,464 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:[b]64bit:[/b] - [2013/01/28 14:23:22 | 000,179,432 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:[b]64bit:[/b] - [2013/01/28 14:23:20 | 000,089,168 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_flt.sys -- (AthBTPort)
DRV:[b]64bit:[/b] - [2013/01/28 14:23:20 | 000,034,384 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_bus.sys -- (BTATH_BUS)
DRV:[b]64bit:[/b] - [2013/01/28 14:23:18 | 000,346,192 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:[b]64bit:[/b] - [2013/01/28 14:23:18 | 000,115,280 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_avdt.sys -- (btath_avdt)
DRV:[b]64bit:[/b] - [2013/01/21 02:56:12 | 003,747,840 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athw8x.sys -- (athr)
DRV:[b]64bit:[/b] - [2013/01/10 03:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:[b]64bit:[/b] - [2012/12/20 06:30:27 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:[b]64bit:[/b] - [2012/12/20 06:30:27 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:[b]64bit:[/b] - [2012/12/20 06:30:27 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:[b]64bit:[/b] - [2012/12/13 15:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:[b]64bit:[/b] - [2012/11/27 05:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:[b]64bit:[/b] - [2012/11/20 12:48:40 | 000,331,152 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ETD.sys -- (ETD)
DRV:[b]64bit:[/b] - [2012/11/20 06:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:[b]64bit:[/b] - [2012/11/06 05:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:[b]64bit:[/b] - [2012/10/23 05:37:42 | 005,343,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2012/10/12 10:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2012/10/11 09:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:[b]64bit:[/b] - [2012/09/20 09:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2012/09/20 09:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:[b]64bit:[/b] - [2012/08/16 07:33:42 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:[b]64bit:[/b] - [2012/07/26 07:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2012/07/26 07:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:[b]64bit:[/b] - [2012/07/26 07:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:[b]64bit:[/b] - [2012/07/26 07:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:[b]64bit:[/b] - [2012/07/26 07:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:[b]64bit:[/b] - [2012/07/26 07:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:[b]64bit:[/b] - [2012/07/26 07:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:[b]64bit:[/b] - [2012/07/26 07:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2012/07/26 07:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2012/07/26 07:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:[b]64bit:[/b] - [2012/07/26 07:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2012/07/26 07:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:[b]64bit:[/b] - [2012/07/26 07:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:[b]64bit:[/b] - [2012/07/26 07:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2012/07/26 07:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:[b]64bit:[/b] - [2012/07/26 07:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2012/07/26 07:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2012/07/26 06:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:[b]64bit:[/b] - [2012/07/26 05:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:[b]64bit:[/b] - [2012/07/26 04:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:[b]64bit:[/b] - [2012/07/26 04:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:[b]64bit:[/b] - [2012/07/26 04:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:[b]64bit:[/b] - [2012/07/26 04:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:[b]64bit:[/b] - [2012/07/26 04:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:[b]64bit:[/b] - [2012/07/26 04:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:[b]64bit:[/b] - [2012/07/26 04:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:[b]64bit:[/b] - [2012/07/26 04:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:[b]64bit:[/b] - [2012/07/26 04:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:[b]64bit:[/b] - [2012/07/26 04:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:[b]64bit:[/b] - [2012/07/26 04:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:[b]64bit:[/b] - [2012/07/26 04:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:[b]64bit:[/b] - [2012/07/26 04:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:[b]64bit:[/b] - [2012/07/26 04:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2012/07/26 04:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:[b]64bit:[/b] - [2012/07/26 04:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:[b]64bit:[/b] - [2012/07/26 04:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2012/07/26 04:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:[b]64bit:[/b] - [2012/07/26 04:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:[b]64bit:[/b] - [2012/07/26 04:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:[b]64bit:[/b] - [2012/07/26 04:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:[b]64bit:[/b] - [2012/07/26 04:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:[b]64bit:[/b] - [2012/07/19 11:21:42 | 000,110,744 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\L1C63x64.sys -- (L1C)
DRV:[b]64bit:[/b] - [2012/07/02 09:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:[b]64bit:[/b] - [2012/06/19 01:40:50 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:[b]64bit:[/b] - [2012/03/29 08:26:12 | 000,342,632 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:[b]64bit:[/b] - [2010/07/09 05:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UBHelper.sys -- (UBHelper)
DRV:[b]64bit:[/b] - [2010/04/20 04:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NTIDrvr.sys -- (NTIDrvr)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1851224643-4139104602-1926703782-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1851224643-4139104602-1926703782-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1851224643-4139104602-1926703782-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1851224643-4139104602-1926703782-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1851224643-4139104602-1926703782-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1851224643-4139104602-1926703782-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1851224643-4139104602-1926703782-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1851224643-4139104602-1926703782-1001\..\SearchScopes\{43BC2BAF-29FD-42F4-BD0D-422D65D3EDC6}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1851224643-4139104602-1926703782-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKU\S-1-5-21-1851224643-4139104602-1926703782-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1851224643-4139104602-1926703782-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[color=#E56717]========== FireFox ==========[/color]

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)


[2013/06/28 00:33:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[color=#E56717]========== Chrome ==========[/color]

CHR - Extension: No name found = C:\Users\Aurélie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\
CHR - Extension: No name found = C:\Users\Aurélie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_1\
CHR - Extension: No name found = C:\Users\Aurélie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\Aurélie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\Aurélie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\
CHR - Extension: No name found = C:\Users\Aurélie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd\0.0.0.9_0\
CHR - Extension: No name found = C:\Users\Aurélie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_1\
CHR - Extension: No name found = C:\Users\Aurélie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\
CHR - Extension: No name found = C:\Users\Aurélie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlincbpgbkpbjepghokdnhnnpphmegig\4.5.0_0\
CHR - Extension: No name found = C:\Users\Aurélie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\
CHR - Extension: No name found = C:\Users\Aurélie\AppData\Local\Google\Chrome\User Data\Default\Extensions\oedcnlmdiigaodlpnljmelpgodnncldl\1.0.5568.28096_0\
CHR - Extension: No name found = C:\Users\Aurélie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
CHR - Extension: No name found = C:\Users\Aurélie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5216.530.0.15_0\

O1 HOSTS File: ([2014/02/25 01:58:12 | 000,000,871 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O1 - Hosts: 54.204.28.26 nikdaiaidiiiogaidkkekcmokcgcdeac
O2:[b]64bit:[/b] - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Samsung Link] C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe (Copyright 2013 SAMSUNG)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-1851224643-4139104602-1926703782-1001..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-1851224643-4139104602-1926703782-1001..\Run: [BingSvc] C:\Users\Aurélie\AppData\Local\Microsoft\BingSvc\BingSvc.exe (© 2015 Microsoft Corporation)
O4 - HKU\S-1-5-21-1851224643-4139104602-1926703782-1001..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-1851224643-4139104602-1926703782-1001..\Run: [lollipop] lollipop File not found
O4 - HKU\S-1-5-21-1851224643-4139104602-1926703782-1001..\Run: [Neuf Media Center] C:\Program Files (x86)\SFR\Media Center\MediaCenter.exe (SFR)
O4 - HKU\S-1-5-21-1851224643-4139104602-1926703782-1001..\Run: [NextLive] C:\Windows\SysWOW64\rundll32.exe ",EntryPoint -m l File not found
O4 - HKU\S-1-5-21-1851224643-4139104602-1926703782-1001..\Run: [uTorrent] C:\Users\Aurélie\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - HKU\S-1-5-21-1851224643-4139104602-1926703782-1001..\RunOnce: [Uninstall C:\Users\Aurélie\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Aurélie\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64" File not found
O4 - Startup: C:\Users\Aurélie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SFR Cloud.lnk = C:\Users\Aurélie\AppData\Local\F-Secure\SFR Cloud\Application\SFR Cloud.exe (F-Secure Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: BtvStack = "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe" (Qualcomm Atheros Commnucations)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O7 - HKU\S-1-5-21-1851224643-4139104602-1926703782-1001\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O8:[b]64bit:[/b] - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A841F5A-C322-4211-824E-A108835430DB}: DhcpNameServer = 192.168.0.254
O18:[b]64bit:[/b] - Protocol\Handler\mso-minsb.16 - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\mso-minsb-roaming.16 - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\osf.16 - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\osf-roaming.16 - No CLSID value found
O20:[b]64bit:[/b] - AppInit_DLLs: (0) - File not found
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\System32\Userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (bj.dll) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/09/14 22:32:07 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

MsConfig:64bit - State: "services" - Reg Error: Key error.

NetSvcs:[b]64bit:[/b] wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
NetSvcs:[b]64bit:[/b] DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
NetSvcs:[b]64bit:[/b] NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
NetSvcs:[b]64bit:[/b] SystemEventsBroker - C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2016/09/05 20:06:26 | 000,000,000 | ---D | C] -- C:\Users\Aurélie\Documents\Video Corentin
[2016/09/02 07:40:17 | 000,000,000 | ---D | C] -- C:\Users\Aurélie\Documents\House of Cards
[2016/09/02 07:39:43 | 000,000,000 | ---D | C] -- C:\Users\Aurélie\Documents\Napoléon
[2016/09/02 07:39:11 | 000,000,000 | ---D | C] -- C:\Users\Aurélie\Documents\True Detective S02
[2016/09/02 07:36:29 | 000,000,000 | ---D | C] -- C:\Users\Aurélie\Documents\True Detective S01 (BR)
[2016/08/30 22:15:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2016/08/30 22:14:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2016/08/30 22:14:46 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2016/08/30 22:14:39 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2016/08/30 22:13:45 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2016/08/30 22:13:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2016/08/30 22:12:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Aurélie\AppData\Local\*.tmp files -> C:\Users\Aurélie\AppData\Local\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2016/09/06 18:42:00 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2016/09/06 18:36:09 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2016/09/06 18:36:09 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\SpeedUpMyPC Startup.job
[2016/09/06 18:22:39 | 000,067,584 | -H-- | M] () -- C:\Windows\bootstat.dat
[2016/09/06 18:20:36 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2016/09/06 18:20:36 | 2422,853,631 | -HS- | M] () -- C:\hiberfil.sys
[2016/09/05 16:49:59 | 001,793,362 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2016/09/05 16:49:59 | 000,800,978 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2016/09/05 16:49:59 | 000,710,244 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2016/09/05 16:49:59 | 000,155,650 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2016/09/05 16:49:59 | 000,132,614 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2016/09/02 22:49:17 | 000,007,600 | ---- | M] () -- C:\Users\Aurélie\AppData\Local\Resmon.ResmonCfg
[2016/08/30 22:17:08 | 000,016,824 | ---- | M] () -- C:\Users\Aurélie\Documents\cc_20160830_221635.reg
[2016/08/30 22:15:52 | 000,001,757 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2016/08/30 21:55:09 | 000,002,175 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Aurélie\AppData\Local\*.tmp files -> C:\Users\Aurélie\AppData\Local\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2016/08/30 22:16:55 | 000,016,824 | ---- | C] () -- C:\Users\Aurélie\Documents\cc_20160830_221635.reg
[2016/08/30 22:15:52 | 000,001,757 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2015/04/01 09:12:14 | 000,161,916 | ---- | C] () -- C:\Users\Aurélie\AppData\Local\dsi2.dat
[2015/04/01 09:12:13 | 000,274,045 | ---- | C] () -- C:\Users\Aurélie\AppData\Local\dsi1.dat
[2014/12/24 00:52:38 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2014/08/17 12:31:59 | 000,000,015 | ---- | C] () -- C:\Users\Aurélie\AppData\Local\X-Plane_drm.prf
[2014/08/17 12:31:25 | 000,000,080 | ---- | C] () -- C:\Users\Aurélie\AppData\Local\X-Plane Installer.prf
[2014/06/10 20:02:44 | 000,000,320 | ---- | C] () -- C:\Users\Aurélie\AppData\Roaming\aps.uninstall.scan.results
[2014/02/26 08:35:38 | 000,000,143 | ---- | C] () -- C:\Users\Aurélie\AppData\Roaming\WB.CFG
[2014/02/24 23:57:17 | 000,000,290 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/11/27 20:33:50 | 000,007,600 | ---- | C] () -- C:\Users\Aurélie\AppData\Local\Resmon.ResmonCfg
[2013/11/17 15:57:47 | 000,000,443 | ---- | C] () -- C:\Users\Aurélie\AppData\Local\SQ.RemoverDelete.bat
[2013/03/12 02:10:32 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2013/06/28 00:27:26 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015/08/01 15:56:43 | 019,778,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/08/01 16:50:55 | 017,562,112 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== LOP Check ==========[/color]

[2013/11/27 19:27:18 | 000,000,000 | ---D | M] -- C:\Users\Aurélie\AppData\Roaming\ArchiFacile
[2013/11/28 00:38:33 | 000,000,000 | ---D | M] -- C:\Users\Aurélie\AppData\Roaming\EASYTools
[2016/06/06 14:29:56 | 000,000,000 | ---D | M] -- C:\Users\Aurélie\AppData\Roaming\Enigma Software Group
[2014/08/17 21:50:14 | 000,000,000 | ---D | M] -- C:\Users\Aurélie\AppData\Roaming\F-Secure
[2013/12/13 20:51:01 | 000,000,000 | ---D | M] -- C:\Users\Aurélie\AppData\Roaming\flightgear.org
[2013/11/23 02:44:35 | 000,000,000 | ---D | M] -- C:\Users\Aurélie\AppData\Roaming\fltk.org
[2013/06/27 21:48:49 | 000,000,000 | ---D | M] -- C:\Users\Aurélie\AppData\Roaming\lm
[2014/09/16 22:25:13 | 000,000,000 | ---D | M] -- C:\Users\Aurélie\AppData\Roaming\OpenOffice
[2013/07/23 23:49:14 | 000,000,000 | ---D | M] -- C:\Users\Aurélie\AppData\Roaming\OpenOffice.org
[2014/03/05 08:38:51 | 000,000,000 | ---D | M] -- C:\Users\Aurélie\AppData\Roaming\QuickScan
[2014/08/08 17:30:11 | 000,000,000 | ---D | M] -- C:\Users\Aurélie\AppData\Roaming\Samsung
[2013/11/23 03:17:04 | 000,000,000 | ---D | M] -- C:\Users\Aurélie\AppData\Roaming\Subversion
[2014/09/15 01:00:36 | 000,000,000 | ---D | M] -- C:\Users\Aurélie\AppData\Roaming\systweak
[2014/02/25 01:35:17 | 000,000,000 | ---D | M] -- C:\Users\Aurélie\AppData\Roaming\thecleaner
[2016/01/02 21:21:43 | 000,000,000 | ---D | M] -- C:\Users\Aurélie\AppData\Roaming\Uniblue
[2016/08/30 22:13:50 | 000,000,000 | ---D | M] -- C:\Users\Aurélie\AppData\Roaming\uTorrent
[2014/03/01 22:15:00 | 000,000,000 | ---D | M] -- C:\Users\Aurélie\AppData\Roaming\WildTangent

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2013/06/01 13:34:21 | 002,391,280 | ---- | M] (Microsoft Corporation) MD5=0E8E6463F81C80AFBED533E0F1F8895D -- C:\Windows\explorer.exe
[2013/06/01 13:34:21 | 002,391,280 | ---- | M] (Microsoft Corporation) MD5=0E8E6463F81C80AFBED533E0F1F8895D -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16628_none_aac334d9034c59e1\explorer.exe
[2013/08/17 13:59:45 | 000,190,101 | ---- | M] () MD5=10A6E8294B445E04476AFFC1AE3831CA -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20733_none_b591aa9850d758e4\explorer.exe
[2013/08/12 21:16:28 | 000,220,310 | ---- | M] () MD5=11216FE94CC4F51FA6008C2547C8AC12 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_aab35faf0358fcd1\explorer.exe
[2013/08/17 13:59:36 | 000,191,911 | ---- | M] () MD5=24C3CC43BC531909059F68DBF3B38A29 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_b5080a0137b9becc\explorer.exe
[2013/08/12 21:16:45 | 000,217,360 | ---- | M] () MD5=3EE55EF3DCD92FCFF0AEA6FF42529789 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20733_none_ab3d00461c7696e9\explorer.exe
[2013/07/29 22:32:22 | 000,003,739 | ---- | M] () MD5=57B8269CFAE18202716379CDABEDC358 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_ab3dfcc41c75b5f2\explorer.exe
[2013/07/29 22:32:19 | 000,188,441 | ---- | M] () MD5=83919050CD86569A775450E90B9A1D7C -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_aa7e4e770380a4b6\explorer.exe
[2015/01/28 01:41:17 | 002,207,488 | ---- | M] (Microsoft Corporation) MD5=91E24273FCA076EA9E65DAFA98901225 -- C:\$Windows.~BT\Sources\Panther\3C01D26A-74EA-40C5-B23C-1B683684956B\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17667_none_4ce0410f82015c67\explorer.exe
[2015/01/28 01:47:12 | 002,501,368 | ---- | M] (Microsoft Corporation) MD5=C10A66189DC8C090E7C84873EDCEBC88 -- C:\$Windows.~BT\Sources\Panther\3C01D26A-74EA-40C5-B23C-1B683684956B\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17667_none_428b96bd4da09a6c\explorer.exe
[2013/08/17 13:59:31 | 000,193,351 | ---- | M] () MD5=C2BF4781E00C6DB76AB1ADB59147A564 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_b4d2f8c937e166b1\explorer.exe
[2013/08/17 13:59:40 | 000,191,929 | ---- | M] () MD5=D08C963C926953F8A0CB2D096574E191 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_b592a71650d677ed\explorer.exe
[2013/06/01 12:24:46 | 002,106,176 | ---- | M] (Microsoft Corporation) MD5=EAFE46B0292D2BD2467835E2ACF717CC -- C:\Windows\SysWOW64\explorer.exe
[2013/06/01 12:24:46 | 002,106,176 | ---- | M] (Microsoft Corporation) MD5=EAFE46B0292D2BD2467835E2ACF717CC -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16628_none_b517df2b37ad1bdc\explorer.exe

[color=#A23BEC]< MD5 for: SERVICES.EXE >[/color]
[2015/02/18 04:50:00 | 000,091,480 | ---- | M] () MD5=26D8CB45796E3A5CB7DEA50102E40341 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.16420_none_981f4d19863a6591\services.exe
[2015/06/04 00:03:51 | 000,092,243 | ---- | M] () MD5=396116D77E11BBD940A9823FB9E68BD2 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.21457_none_988f63789f6a2709\services.exe
[2013/08/12 22:07:11 | 000,001,252 | ---- | M] () MD5=48DD7D9CB99E9CD6FDB5FB0C2DB0BC56 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.20521_none_98a9ea2e9f571eb2\services.exe
[2015/04/13 07:32:42 | 000,417,280 | ---- | M] (Microsoft Corporation) MD5=590A2B4198DD35AA42893BA04F66FD3F -- C:\Windows\SysNative\services.exe
[2015/04/13 07:32:42 | 000,417,280 | ---- | M] (Microsoft Corporation) MD5=590A2B4198DD35AA42893BA04F66FD3F -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.17343_none_980c9571864805f2\services.exe
[2015/02/18 04:50:01 | 000,092,806 | ---- | M] () MD5=6206140FE456066475FBDCE4B89851DB -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.21283_none_986aeec09f861b32\services.exe
[2013/08/12 22:07:11 | 000,038,189 | ---- | M] () MD5=A8A9F1F54ED3053B95480C1CFED2CD00 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.16384_none_97e26cd38667756c\services.exe
[2015/06/04 00:03:50 | 000,066,773 | ---- | M] () MD5=DE400843DCC250C0EF83ABBC936B7A8F -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.17166_none_97f9f2ab86558f8b\services.exe
[2015/04/09 00:55:21 | 000,410,128 | ---- | M] (Microsoft Corporation) MD5=E0C7813A97CA7947FF5C18A8F3B61A45 -- C:\$Windows.~BT\Sources\Panther\B370BB82-8C90-41E7-BD42-896E694EEC4C\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.3.9600.17794_none_2fcc465dd0a27017\services.exe

[color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color]
[2012/09/20 07:55:26 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=A46DC432F81473F526E3994AA483E366 -- C:\Windows\SysWOW64\svchost.exe
[2012/09/20 07:55:26 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=A46DC432F81473F526E3994AA483E366 -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16420_none_b2a345c7d68772cb\svchost.exe
[2013/08/23 00:56:15 | 000,003,208 | ---- | M] () MD5=AA0665F7010F4729407F1B09165743D0 -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16384_none_b2666581d6b482a6\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2013/08/12 22:09:01 | 000,000,609 | ---- | M] () MD5=BBD25BEE98AC0944F2D29241E1F8405A -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.20521_none_0f4c7e60a8019d22\svchost.exe
[2013/08/23 00:56:16 | 000,000,583 | ---- | M] () MD5=CA085CA3A8FB3F56168EC8C5E05627C7 -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.20521_none_b32de2dcefa42bec\svchost.exe
[2013/08/12 22:09:01 | 000,002,873 | ---- | M] () MD5=CA7E83285B8285ECFCF141F0D5E4BBF4 -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16384_none_0e8501058f11f3dc\svchost.exe
[2012/09/20 08:33:52 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=EDE27EACE742EE2888C5DD36400A2EC0 -- C:\Windows\SysNative\svchost.exe
[2012/09/20 08:33:52 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=EDE27EACE742EE2888C5DD36400A2EC0 -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16420_none_0ec1e14b8ee4e401\svchost.exe

[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color]
[2012/07/26 05:08:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E925F7BA032920D58DD284B6181A247 -- C:\Windows\SysNative\userinit.exe
[2012/07/26 05:08:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E925F7BA032920D58DD284B6181A247 -- C:\Windows\WinSxS\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_34f2617a5b742e02\userinit.exe
[2012/07/26 05:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows\SysWOW64\userinit.exe
[2012/07/26 05:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows\WinSxS\x86_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_d8d3c5f6a316bccc\userinit.exe

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2015/10/04 16:12:04 | 000,072,808 | ---- | M] () MD5=093D693690B7132F5132CAC84AAE2F75 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.21548_none_c945713c77af5e16\winlogon.exe
[2013/08/17 11:16:29 | 000,001,620 | ---- | M] () MD5=0B87EC2A52E7E41024203260EA1D5D36 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20534_none_c94c56c877aac328\winlogon.exe
[2016/04/10 22:30:37 | 000,040,275 | ---- | M] () MD5=16105173EF0C7A567F542915EE1079E5 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.17450_none_c8a902355ea10f85\winlogon.exe
[2016/04/10 22:30:41 | 000,072,580 | ---- | M] () MD5=17127D3C7C4DAB263E03A0B44DCBF8AD -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.21458_none_c93a9f6a77b77ce0\winlogon.exe
[2015/10/04 16:12:05 | 000,072,808 | ---- | M] () MD5=17F68B4AD47E9A38D08078952ADC6C02 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.21561_none_c928cf5e77c5e497\winlogon.exe
[2013/08/17 11:16:23 | 000,053,876 | ---- | M] () MD5=27D55AF3A71E28EF06420BD3372F7CA4 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16420_none_c8c988c15e88a211\winlogon.exe
[2016/04/10 22:30:43 | 000,072,867 | ---- | M] () MD5=30C1D917FDED8B887DE4D188E08A4F37 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.21703_none_c96bb346779369ed\winlogon.exe
[2016/04/10 22:30:42 | 000,072,580 | ---- | M] () MD5=330CABA1AC9346C24F3E58993E99ACFE -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.21648_none_c945732277af5b3d\winlogon.exe
[2016/04/10 22:30:45 | 000,072,867 | ---- | M] () MD5=3C9E2ECC570FDB293D9A9B459F5228AC -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.21736_none_c94e446077a909c5\winlogon.exe
[2014/11/24 10:25:15 | 000,072,808 | ---- | M] () MD5=57A9D8884004501B98F59CE753B486B6 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.21290_none_c907599e77df279e\winlogon.exe
[2014/06/04 00:18:11 | 000,072,808 | ---- | M] () MD5=7131EC46AFA40F6D940B3CAAE8E20C16 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.21012_none_c95fd5c6779c8076\winlogon.exe
[2013/08/17 11:16:27 | 000,053,884 | ---- | M] () MD5=74545B5B011AC58677623FB09DC94514 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20521_none_c95425d677a55b32\winlogon.exe
[2014/04/12 11:10:31 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=75DD70A14145499C9F7D903CF9A8C91B -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16891_none_c87ee12f5ec0739b\winlogon.exe
[2014/04/12 11:10:31 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=75DD70A14145499C9F7D903CF9A8C91B -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.17014_none_c8d83b755e7d1081\winlogon.exe
[2014/04/12 11:10:31 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=75DD70A14145499C9F7D903CF9A8C91B -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.17172_none_c8955d3f5eaf82a0\winlogon.exe
[2014/04/12 11:10:31 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=75DD70A14145499C9F7D903CF9A8C91B -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.17422_none_c8cb728d5e86ee60\winlogon.exe
[2014/04/12 11:10:31 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=75DD70A14145499C9F7D903CF9A8C91B -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.17438_none_c8c6a45d5e89a25b\winlogon.exe
[2013/08/17 11:16:22 | 000,053,889 | ---- | M] () MD5=794D1A0CCBA31F1F164C59D5299F4173 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16384_none_c88ca87b5eb5b1ec\winlogon.exe
[2016/04/10 22:30:42 | 000,072,580 | ---- | M] () MD5=866C0C6CB4C51018E396D74F9482C39E -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.21645_none_c942724477b20f38\winlogon.exe
[2015/11/16 16:27:10 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=88B4DA29CF8C3628F3647447FD5CDAE5 -- C:\Windows\SysNative\winlogon.exe
[2015/11/16 16:27:10 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=88B4DA29CF8C3628F3647447FD5CDAE5 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.17584_none_c88c957f5eb5c5db\winlogon.exe
[2015/11/16 16:27:10 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=88B4DA29CF8C3628F3647447FD5CDAE5 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.17617_none_c8db47b75e7a4b70\winlogon.exe
[2016/04/10 22:30:40 | 000,001,641 | ---- | M] () MD5=9DBB6B190D82A203FEB096E4195F88A4 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.17592_none_c87fc4ff5ebfaf1e\winlogon.exe
[2016/04/10 22:30:38 | 000,040,275 | ---- | M] () MD5=ADE994D77DC161EE26E13C109F044F86 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.17528_none_c8d1762f5e818391\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2016/04/10 22:30:44 | 000,072,861 | ---- | M] () MD5=B4EAB1C66A63F0C688F3569B919DB372 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.21709_none_c971b502778e01f7\winlogon.exe
[2014/08/09 11:19:29 | 000,072,808 | ---- | M] () MD5=BF0A5022BB5E2B68CBD81C22429A03A0 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.21133_none_c94b381e77abced6\winlogon.exe
[2014/06/04 00:18:10 | 000,082,423 | ---- | M] () MD5=DC901FA6F1101B267A691625B45C390A -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16433_none_c8c1b9b35e8e0a07\winlogon.exe
[2016/04/10 22:30:39 | 000,040,275 | ---- | M] () MD5=E3231A82128F85CEC8D8493A4CD87EC7 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.17531_none_c8bfa43d5e8fee21\winlogon.exe
[2016/04/10 22:30:37 | 000,040,275 | ---- | M] () MD5=F4E2B62FEEC9BBD0B7DA5D82F204083F -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.17344_none_c8b7d1635e955bc9\winlogon.exe
[2015/10/04 16:12:03 | 000,072,808 | ---- | M] () MD5=FF4D6C1956E9AA3568557366B23F2290 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.21531_none_c9493f2277ad90c4\winlogon.exe

[color=#A23BEC]< %temp%\*.exe /s >[/color]

[color=#A23BEC]< %PROGRAMFILES%\*. >[/color]
[2014/06/10 20:41:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Acer
[2015/08/03 00:34:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ADSDemo
[2013/07/29 23:25:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Alinéa
[2016/08/30 22:12:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2014/01/28 23:32:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AppsHat Mobile Apps
[2014/02/26 01:39:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AskPartnerNetwork
[2016/08/30 22:13:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour
[2015/03/27 15:21:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2015/03/26 15:39:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\COPROCPTA
[2012/12/20 06:33:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CyberLink
[2013/11/24 14:28:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Devolutions
[2012/12/20 06:30:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\EgisTec IPS
[2012/12/20 06:30:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\EgisTec MyWinLocker
[2012/12/20 06:29:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\EgisTec MyWinLockerSuite
[2012/12/20 06:30:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\EgisTec Shredder
[2013/06/27 23:17:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\eMule
[2014/06/08 23:18:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GameHouse
[2014/10/27 16:22:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2014/08/08 17:30:09 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2013/03/12 02:01:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel
[2016/01/31 19:41:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2016/08/30 22:14:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iTunes
[2014/03/14 18:51:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2014/12/24 00:52:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\K-Lite Codec Pack
[2013/03/12 02:02:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Launch Manager
[2013/07/19 00:01:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/08/07 22:25:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MarkAny
[2013/11/28 00:14:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Micro Application
[2016/09/06 18:54:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2015/12/13 15:18:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft OneDrive
[2016/09/06 18:20:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2014/05/31 20:00:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SkyDrive
[2015/12/13 15:06:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2015/09/19 22:09:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\monAlbumPhoto
[2013/06/28 00:33:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2012/12/20 05:38:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2014/08/08 17:25:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MyFree Codec
[2014/06/10 20:17:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Norton Security Scan
[2014/06/10 20:17:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NortonInstaller
[2013/03/12 02:32:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NTI
[2013/06/27 21:49:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OEM
[2014/09/16 22:14:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OpenOffice
[2014/09/16 22:23:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OpenOffice 4
[2014/06/10 20:23:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\predm
[2013/07/05 02:09:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Qualcomm Atheros
[2012/12/20 05:38:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2014/08/08 17:29:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Samsung
[2014/02/18 23:58:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SFR
[2016/01/01 18:36:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Smart View
[2013/03/12 02:19:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Spotify
[2013/03/12 02:34:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Symantec
[2014/06/10 20:48:19 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp
[2014/03/01 22:25:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\The Cleaner
[2016/01/02 21:21:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Uniblue
[2013/07/16 21:40:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VideoLAN
[2015/09/26 13:06:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2013/03/12 10:35:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2013/03/12 10:35:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2012/07/26 10:13:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Multimedia Platform
[2012/07/26 10:12:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2013/07/02 22:50:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2012/07/26 10:13:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2012/07/26 10:12:59 | 000,000,000 | -HSD | M] -- C:\Program Files (x86)\Windows Sidebar

[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]

[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]

[color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
[2016/06/06 14:29:33 | 014,856,368 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Users\Aurélie\AppData\Roaming\Enigma Software Group\rh_installer.exe
[2016/02/09 19:54:10 | 072,702,336 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Users\Aurélie\AppData\Roaming\Enigma Software Group\sh_installer.exe
[2014/06/10 20:38:27 | 000,016,384 | ---- | M] () -- C:\Users\Aurélie\AppData\Roaming\QuickScan\chromeqs.exe
[2016/06/06 13:46:07 | 002,133,504 | ---- | M] (BitTorrent Inc.) -- C:\Users\Aurélie\AppData\Roaming\uTorrent\uTorrent.exe
[2016/01/02 21:17:50 | 002,026,520 | ---- | M] (BitTorrent Inc.) -- C:\Users\Aurélie\AppData\Roaming\uTorrent\updates\3.4.5_41372.exe
[2016/04/10 19:11:19 | 001,959,424 | ---- | M] (BitTorrent Inc.) -- C:\Users\Aurélie\AppData\Roaming\uTorrent\updates\3.4.6_42094.exe
[2016/06/06 13:46:07 | 002,133,504 | ---- | M] (BitTorrent Inc.) -- C:\Users\Aurélie\AppData\Roaming\uTorrent\updates\3.4.7_42330.exe
[2016/08/30 21:37:09 | 001,972,224 | ---- | M] (BitTorrent Inc.) -- C:\Users\Aurélie\AppData\Roaming\uTorrent\updates\3.4.8_42449.exe
[2016/01/02 21:19:54 | 000,336,896 | ---- | M] (BitTorrent Inc.) -- C:\Users\Aurélie\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
[2016/04/10 21:13:41 | 000,340,480 | ---- | M] (BitTorrent Inc.) -- C:\Users\Aurélie\AppData\Roaming\uTorrent\updates\3.4.6_42094\utorrentie.exe
[2016/06/06 15:49:23 | 000,387,072 | ---- | M] (BitTorrent Inc.) -- C:\Users\Aurélie\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe

[color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color]
[2014/09/14 22:32:07 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2012/06/02 16:30:55 | 000,000,001 | -HS- | M] () -- C:\BOOTNXT
[2016/09/06 18:20:36 | 2422,853,631 | -HS- | M] () -- C:\hiberfil.sys
[2016/06/06 16:43:29 | 000,001,552 | ---- | M] () -- C:\native log.txt
[2016/09/06 18:20:36 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2014/02/18 01:01:15 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2016/06/06 16:43:32 | 000,000,357 | ---- | M] () -- C:\sh4_service.log
[2013/10/18 15:01:12 | 000,285,747 | ---- | M] () -- C:\shldr
[2013/10/18 15:01:12 | 000,008,192 | ---- | M] () -- C:\shldr.mbr
[2016/09/06 18:20:36 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:373E1720

< End of report >

Publicité

Signaler le contenu de ce document

Publicité