Jump to content

Welcome to Geeks to Go - Register now for FREE
Geeks To Go is a helpful hub, where thousands of friendly volunteers serve up answers and support. Get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute.
Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message and all ads will be removed once you have signed in.
Create an Account Login to Account

[virus] trojan.winlock ransomware hellomoto [Solved]


  • This topic is locked This topic is locked

#1
jb681131

jb681131

    New Member

  • Member
  • Pip
  • 6 posts
Hi,


I'm infested with this virus/trojan that blocks my pc at startup.
I can boot in safe mode.
I've already done a few procedures:


1- regedit on shell : delete explorer.exe ther rewrite explorer.exe
-> no success
2- complet scan +fix with spybot
-> no success
3- complet scan +fix with MalwareBytes + delete of every quarantined files
-> no success
4- used CCleaner : deleted lots of software at startup, deleted lots of apps and games from my pc et did all the scans possible a few times and fixed any things that were suggested
-> no success
5- I tryed different combinations of those procedures without success.

I also have OTL and Hijackthis.

I'm giving you my latest MalwareBytes log, followed by Hijackthis' repport.


MalwareBytes:
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Version de la base de données: v2012.11.01.04

Windows Vista Service Pack 2 x86 NTFS (Mode sans échec)
Internet Explorer 8.0.6001.19328
Marc :: PC-DELL [administrateur]

03/11/2012 10:31:47
mbam-log-2012-11-03 (10-31-47).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 233796
Temps écoulé: 7 minute(s), 52 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 1
C:\Users\Marc\AppData\Roaming\hellomoto (Trojan.Ransom.FGen) -> Mis en quarantaine et supprimé avec succès.

Fichier(s) détecté(s): 2
C:\Users\Marc\AppData\Roaming\hellomoto\TujP.dat (Trojan.Ransom.FGen) -> Mis en quarantaine et supprimé avec succès.
C:\Users\Marc\AppData\Roaming\hellomoto\BukF.dat (Trojan.Ransom.FGen) -> Mis en quarantaine et supprimé avec succès.

(fin)

Hijackthis:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:02:01, on 03/11/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19328)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
L:\HijackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=3070801
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: AOL Toolbar Search Class - {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll
R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Aide à la navigation SFR - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1187084090\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /F "C:\Windows\TEMP\E_S1ACB.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StructuredQuery] C:\Users\Marc\AppData\Local\Microsoft\Windows\3273\StructuredQuery.exe
O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program Files\Creative\NOMAD Jukebox 2\PlayCenter2\CTNMRun.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Marc\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Vid HD\Vid.exe" -bootmode
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Marc\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [Spotify] "C:\Users\Marc\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Marc\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL Desktop 9.6\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: BDARemote.lnk.disabled
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Search - ?p=ZNfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
O16 - DPF: {0D9392CD-A784-4FCA-9342-0F75F7D7C8CB} (Corporate Language Training Interface) - http://www.cltnet.de/login/dplaunch.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly%20Here%20and%20Now/Images/stg_drm.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30011 (AppHostSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Alcohol Virtual Drive Auto-mount Service (AxAutoMntSrv) - Alcohol Soft Development Team - C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Explorateur d'ordinateurs (Browser) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe
O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: DraftSight API Service - Dassault Systèmes - C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe
O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\emdmgmt.dll,-1000 (EMDMgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Publication des ressources de découverte de fonctions (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Serveur (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Station de travail (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Assistance NetBIOS sur TCP/IP (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Windows Installer (MSIServer) - Unknown owner - C:\Windows\system32\msiexec.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Service Liste des réseaux (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Online Games Manager (ogmservice) - RealNetworks, Inc. - C:\Program Files\Online Games Manager\ogmservice.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe
O23 - Service: @%SystemRoot%\system32\SLUINotify.dll,-103 (SLUINotify) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - Unknown owner - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Service Panneau de saisie Tablet PC (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Services Terminal Server (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe
O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30003 (W3SVC) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30001 (WAS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Service de rapport d'erreurs Windows (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Service de configuration automatique WLAN (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100 (WPFFontCache_v0400) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe

--
End of file - 29140 bytes

Thanks in advance !

ps: I'm on vista
  • 0

Advertisement


#2
Essexboy

Essexboy

    GeekU Moderator

  • GeekU Moderator
  • 63,705 posts
Hi there Hijackthis no longer gives sufficient data

Download OTL to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    winsock.*
    /md5stop
    CREATERESTOREPOINT

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
jb681131

jb681131

    New Member

  • Member
  • Pip
  • 6 posts
here goes my scan

OTL.txt:


OTL logfile created on: 03/11/2012 16:02:35 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = L:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19328)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 61,96% Memory free
4,25 Gb Paging File | 3,81 Gb Available in Paging File | 89,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,77 Gb Total Space | 70,11 Gb Free Space | 31,47% Space Free | Partition Type: NTFS
Drive D: | 232,83 Gb Total Space | 50,16 Gb Free Space | 21,54% Space Free | Partition Type: NTFS
Drive E: | 10,00 Gb Total Space | 6,33 Gb Free Space | 63,31% Space Free | Partition Type: NTFS
Drive F: | 625,86 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive L: | 3,73 Gb Total Space | 3,72 Gb Free Space | 99,72% Space Free | Partition Type: FAT32

Computer Name: PC-DELL | User Name: Marc | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/02 02:18:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- L:\OTL.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2010/01/21 00:34:10 | 008,793,952 | ---- | M] () -- C:\PROGRA~1\MICROS~3\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 19:18:18 | 004,254,560 | ---- | M] () -- C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter -- (sprtsvc_dellsupportcenter)
SRV - [2012/10/11 08:14:17 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/11 17:29:33 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/08 08:02:24 | 000,521,344 | ---- | M] (RealNetworks, Inc.) [Auto | Stopped] -- C:\Program Files\Online Games Manager\ogmservice.exe -- (ogmservice)
SRV - [2012/01/24 11:25:20 | 000,078,336 | ---- | M] (Dassault Systèmes) [On_Demand | Stopped] -- C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe -- (DraftSight API Service)
SRV - [2012/01/05 16:42:34 | 000,075,624 | ---- | M] (Alcohol Soft Development Team) [Auto | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe -- (AxAutoMntSrv)
SRV - [2011/11/28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/06/17 18:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/06/07 20:22:00 | 003,549,224 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2010/04/21 18:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/04/21 18:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/01/21 16:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/12/23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/11/13 10:28:04 | 000,110,592 | ---- | M] (WDC) [Auto | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/06/16 07:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/04/11 07:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2007/10/06 09:30:12 | 000,069,120 | ---- | M] (BOONTY) [On_Demand | Stopped] -- C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe -- (Boonty Games)
SRV - [2007/08/01 10:24:45 | 000,072,704 | ---- | M] (Creative Labs) [Auto | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2006/10/23 13:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva385.sys -- (XDva385)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva383.sys -- (XDva383)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva380.sys -- (XDva380)
DRV - File not found [Kernel | On_Demand | Stopped] -- c:\program files\dell support center\pcdsrvc.pkms -- (PCDSRVC{E9D79540-57D5953E-06020101}_0)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs)
DRV - [2012/07/21 17:16:57 | 000,477,240 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2011/11/28 18:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 18:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 18:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 18:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 18:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 18:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/02/25 21:16:50 | 000,026,192 | ---- | M] (Atola) [Kernel | On_Demand | Stopped] -- C:\Program Files\A-FF Find and Mount\slicedisk.sys -- (SliceDisk5)
DRV - [2010/11/10 02:49:50 | 004,323,040 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2010/11/10 02:48:12 | 000,283,744 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/07/27 09:12:26 | 000,114,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2010/02/11 08:42:22 | 004,450,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2010/02/11 08:42:22 | 004,450,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/04/11 05:46:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2009/02/13 10:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2009/01/11 18:35:24 | 000,004,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nocashio.sys -- (nocashio)
DRV - [2008/07/10 02:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0102.sys -- (RsFx0102)
DRV - [2007/08/09 17:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/03/15 14:57:30 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/02/08 18:44:43 | 000,083,320 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02)
DRV - [2007/02/06 14:01:48 | 000,016,512 | ---- | M] (Adaptec) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aspi32.sys -- (ASPI32)
DRV - [2006/11/29 23:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw)
DRV - [2006/11/02 08:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/07/10 17:19:58 | 000,027,032 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02)
DRV - [2006/07/05 13:39:29 | 000,059,256 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01)
DRV - [2006/06/14 15:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02)
DRV - [2002/10/09 00:07:00 | 000,017,152 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctpdusb.sys -- (Jukebox3)
DRV - [1999/12/17 00:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\PfModNT.sys -- (PfModNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr...=fr&ibd=3070801
IE - HKLM\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL L.L.C.)
IE - HKLM\..\SearchScopes,DefaultScope = {443789B7-F39C-4b5c-9287-DA72D38F4FE6}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...hromesbox-en-us
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DAFR
IE - HKLM\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.c...rchTerms}&crm=1


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {443789B7-F39C-4b5c-9287-DA72D38F4FE6}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {443789B7-F39C-4b5c-9287-DA72D38F4FE6}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2956805866-1808003374-4288406764-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
IE - HKU\S-1-5-21-2956805866-1808003374-4288406764-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.microsof...ss/allinone.asp
IE - HKU\S-1-5-21-2956805866-1808003374-4288406764-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2956805866-1808003374-4288406764-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2956805866-1808003374-4288406764-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKU\S-1-5-21-2956805866-1808003374-4288406764-1000\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL L.L.C.)
IE - HKU\S-1-5-21-2956805866-1808003374-4288406764-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2956805866-1808003374-4288406764-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2956805866-1808003374-4288406764-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000001bfce35927
IE - HKU\S-1-5-21-2956805866-1808003374-4288406764-1000\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...hromesbox-en-us
IE - HKU\S-1-5-21-2956805866-1808003374-4288406764-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DAFR
IE - HKU\S-1-5-21-2956805866-1808003374-4288406764-1000\..\SearchScopes\{9D5BD211-422C-4164-9298-BB4186A30F31}: "URL" = http://search.live.c...-FR&FORM=MIMWA2
IE - HKU\S-1-5-21-2956805866-1808003374-4288406764-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-se...q={searchTerms}
IE - HKU\S-1-5-21-2956805866-1808003374-4288406764-1000\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.c...rchTerms}&crm=1
IE - HKU\S-1-5-21-2956805866-1808003374-4288406764-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2956805866-1808003374-4288406764-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrows...?s=DEF&v=19&q="
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: multipletab@piro.sakura.ne.jp:0.7.2012020901
FF - prefs.js..extensions.enabledAddons: {582195F5-92E7-40a0-A127-DB71295901D7}:0.6.4.1
FF - prefs.js..extensions.enabledAddons: {04253f76-f258-4b03-7b4a-0bebad2ca3e9}:3.0.6
FF - prefs.js..extensions.enabledAddons: firemath@claas.bontus:0.9
FF - prefs.js..extensions.enabledAddons: tabscope@xuldev.org:1.1.7
FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.15
FF - prefs.js..extensions.enabledAddons: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.5.9
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.11
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8
FF - prefs.js..extensions.enabledItems: {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}:5.74.1.6980
FF - prefs.js..extensions.enabledItems: brief@mozdev.org:1.5.4
FF - prefs.js..extensions.enabledItems: {e1170235-2845-420c-acc3-42261a29dd46}:4.0.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.3
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.7
FF - prefs.js..extensions.enabledItems: {94B08592-E5B4-45ff-A0BE-C1D975458688}:0.4.2
FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.5.6
FF - prefs.js..extensions.enabledItems: firemath@claas.bontus:0.4.0.2
FF - prefs.js..extensions.enabledItems: {582195F5-92E7-40a0-A127-DB71295901D7}:0.6.4.1
FF - prefs.js..extensions.enabledItems: multipletab@piro.sakura.ne.jp:0.6.2011051101
FF - prefs.js..extensions.enabledItems: {1f91cde0-c040-11da-a94d-0800200c9a66}:8
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.91
FF - prefs.js..extensions.enabledItems: tabscope@xuldev.org:1.1.2
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.5.1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}:1.0
FF - prefs.js..extensions.enabledItems: ClickPotatoLite@ClickPotatoLite.com:10.0.0.0
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "http://redirecterror.sfr.fr/?q="

FF - user.js..keyword.URL: "http://redirecterror.sfr.fr/?q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Media Convert Master\codec\real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Marc\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Marc\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Marc\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Marc\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Marc\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Marc\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/04 21:46:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010/12/16 14:39:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010/12/16 14:39:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/04 21:46:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/11 17:29:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/04 21:47:11 | 000,000,000 | ---D | M]

[2009/09/26 09:43:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marc\AppData\Roaming\mozilla\Extensions
[2010/04/18 15:09:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\dxk0levs.default\extensions
[2009/09/26 01:05:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\dxk0levs.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2009/09/26 01:06:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\dxk0levs.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/04/18 15:09:59 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\dxk0levs.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2009/09/26 01:05:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\dxk0levs.default\extensions\personas@christopher.beard
[2009/09/26 01:05:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\dxk0levs.default\extensions\rein@notiz.jp
[2009/09/26 01:05:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\dxk0levs.default\extensions\silvermelxt@pardal.de
[2012/11/02 01:14:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\gdbmiai2.default\extensions
[2012/05/24 11:55:52 | 000,000,000 | ---D | M] () -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\gdbmiai2.default\extensions\{04253f76-f258-4b03-7b4a-0bebad2ca3e9}
[2011/06/03 09:27:39 | 000,000,000 | ---D | M] (Gmail Manager) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\gdbmiai2.default\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}
[2012/11/02 01:14:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\gdbmiai2.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/06/23 10:18:45 | 000,152,254 | ---- | M] () (No name found) -- C:\Users\Marc\AppData\Roaming\mozilla\firefox\profiles\gdbmiai2.default\extensions\firemath@claas.bontus.xpi
[2012/02/19 10:35:08 | 000,080,121 | ---- | M] () (No name found) -- C:\Users\Marc\AppData\Roaming\mozilla\firefox\profiles\gdbmiai2.default\extensions\multipletab@piro.sakura.ne.jp.xpi
[2012/08/05 09:58:49 | 000,057,698 | ---- | M] () (No name found) -- C:\Users\Marc\AppData\Roaming\mozilla\firefox\profiles\gdbmiai2.default\extensions\tabscope@xuldev.org.xpi
[2012/10/28 23:59:43 | 000,211,935 | ---- | M] () (No name found) -- C:\Users\Marc\AppData\Roaming\mozilla\firefox\profiles\gdbmiai2.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}.xpi
[2012/08/04 16:18:45 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Marc\AppData\Roaming\mozilla\firefox\profiles\gdbmiai2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/10/26 21:08:10 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\Marc\AppData\Roaming\mozilla\firefox\profiles\gdbmiai2.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2010/01/09 01:32:20 | 000,000,699 | ---- | M] () -- C:\Users\Marc\AppData\Roaming\mozilla\firefox\profiles\gdbmiai2.default\searchplugins\aol-search.xml
[2010/04/19 01:38:01 | 000,000,903 | ---- | M] () -- C:\Users\Marc\AppData\Roaming\mozilla\firefox\profiles\gdbmiai2.default\searchplugins\conduit.xml
[2010/06/05 14:33:22 | 000,002,059 | ---- | M] () -- C:\Users\Marc\AppData\Roaming\mozilla\firefox\profiles\gdbmiai2.default\searchplugins\daemon-search.xml
[2010/06/16 13:06:23 | 000,005,407 | ---- | M] () -- C:\Users\Marc\AppData\Roaming\mozilla\firefox\profiles\gdbmiai2.default\searchplugins\fast-browser-search.xml
[2012/10/29 07:51:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2007/08/09 22:39:44 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/05/24 11:56:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\ffxtlbr@babylon.com
[2009/09/02 06:28:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/07/11 17:29:34 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/17 20:20:07 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/27 20:50:08 | 000,258,560 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\mozilla firefox\plugins\npEModelPlugin.dll
[2012/05/04 21:46:26 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2006/09/26 12:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2012/04/05 19:58:33 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2012/05/24 11:56:09 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/04/05 19:58:33 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/05 19:58:33 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2012/04/05 19:58:33 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2012/04/05 19:58:33 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2012/04/05 19:58:33 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: google.fr (Enabled)
CHR - default_search_provider: search_url = http://www.google.fr...oq=via&gs_rfai=
CHR - default_search_provider: suggest_url =
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Marc\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Marc\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Marc\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: EModel scriptable Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npEModelPlugin.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: AOL Media Playback Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Marc\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Marc\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: D'Fusion @Home Web Plug-In (3.10.17142) (Enabled) = C:\Program Files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: 3DVIA player (Enabled) = C:\Program Files\Virtools\3D Life Player\npvirtools.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Marc\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Entanglement = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Uno 3 = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\afnkkpmcccdffkncbgbajpdgkkbiandf\1.1_0\
CHR - Extension: Beautiful landscape = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ambfimhigppdidfmelpjmojccbfdoeig\1_0\
CHR - Extension: Zuma Revenge = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blacnhhkkiaaicbfldncneejjondmoch\2.3.1_0\
CHR - Extension: Plugin Video = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgnanpinmaknhhdehdhoaaedgilfhmib\1.3.0_0\
CHR - Extension: Fun Switcher = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddeoimiimmmfddbiggnbipkjomlalanb\0.0.0.3_0\
CHR - Extension: DivX HiQ = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\
CHR - Extension: Air Hockey = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcchbhjknakkndfpdbapmdkhbbgojkno\4.0.0_0\
CHR - Extension: La mar\u00E9e des couleurs = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\hidcjhphimkfnacedjcnajpmlaegnddp\1.11_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: PingPong souffle = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjdkomgefikcdchdpjfgjfpagieofnem\1.3_0\
CHR - Extension: Arcade Evolved = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkdaebmimnhlmgpjoppmdeokffoahpan\5.1.0_0\
CHR - Extension: \u003Cvideo\u003E HTML5 DivX Plus Web Player = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\
CHR - Extension: Sinuous = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\omlmnomieeknagejjojcpdomnbnbchdl\1.0.4_0\
CHR - Extension: RSS Feed Reader = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp\3.3.15_0\

O1 HOSTS File: ([2012/11/02 20:57:04 | 001,108,491 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 www.abx4.com #[Adware.ABXToolbar]
O1 - Hosts: 127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
O1 - Hosts: 127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
O1 - Hosts: 127.0.0.1 phpadsnew.abac.com
O1 - Hosts: 127.0.0.1 a.abnad.net
O1 - Hosts: 127.0.0.1 b.abnad.net
O1 - Hosts: 127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
O1 - Hosts: 127.0.0.1 d.abnad.net
O1 - Hosts: 127.0.0.1 e.abnad.net
O1 - Hosts: 127.0.0.1 t.abnad.net
O1 - Hosts: 127.0.0.1 banners.absolpublisher.com
O1 - Hosts: 127.0.0.1 tracking.absolstats.com
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 gtb5.acecounter.com
O1 - Hosts: 127.0.0.1 gtcc1.acecounter.com
O1 - Hosts: 127.0.0.1 gtp1.acecounter.com #[eTrust.Tracking.Cookie]
O1 - Hosts: 127.0.0.1 acestats.com
O1 - Hosts: 127.0.0.1 www.acestats.com
O1 - Hosts: 32712 more lines...
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Objet d'aide à la navigation SFR) - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll (SFR)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O3 - HKU\S-1-5-21-2956805866-1808003374-4288406764-1000\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-21-2956805866-1808003374-4288406764-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EPSON Stylus DX3800 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1187084090\ee\AOLSoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup File not found
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [StructuredQuery] C:\Users\Marc\AppData\Local\Microsoft\Windows\3273\StructuredQuery.exe (Microsoft Corporation)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2956805866-1808003374-4288406764-1000..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-2956805866-1808003374-4288406764-1000..\Run: [AOL Fast Start] C:\Program Files\AOL Desktop 9.6\AOL.EXE (AOL Inc.)
O4 - HKU\S-1-5-21-2956805866-1808003374-4288406764-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2956805866-1808003374-4288406764-1000..\Run: [Facebook Update] C:\Users\Marc\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-2956805866-1808003374-4288406764-1000..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-2956805866-1808003374-4288406764-1000..\Run: [NOMAD Detector] C:\Program Files\Creative\NOMAD Jukebox 2\PlayCenter2\CTNMRun.exe (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-2956805866-1808003374-4288406764-1000..\Run: [Spotify] C:\Users\Marc\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-2956805866-1808003374-4288406764-1000..\Run: [Spotify Web Helper] C:\Users\Marc\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKU\S-1-5-21-2956805866-1808003374-4288406764-1000..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe (SFX TEAM)
O4 - Startup: C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2956805866-1808003374-4288406764-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Search - ?p=ZNfox000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2956805866-1808003374-4288406764-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-2956805866-1808003374-4288406764-1000\..Trusted Ranges: Range1 ([http] in Intranet local)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akama...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} https://static.impot...te/certdgi1.cab (Module de délivrance de certificat MINEFI)
O16 - DPF: {0D9392CD-A784-4FCA-9342-0F75F7D7C8CB} http://www.cltnet.de...in/dplaunch.cab (Corporate Language Training Interface)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnote...ad/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Monopoly%20Here%20and%20Now/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....NPUpldfr-fr.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game08.zylom....gamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C39B1B92-D0F5-4047-959A-A110FBC05E64}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Marc\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Marc\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2002/10/04 06:56:06 | 000,487,424 | R--- | M] (Electronic Arts Inc.) - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2002/10/04 05:44:08 | 001,105,920 | R--- | M] () - F:\AutoRunGUI.dll -- [ CDFS ]
O32 - AutoRun File - [2002/10/04 06:59:14 | 000,000,000 | ---D | M] - F:\autorun -- [ CDFS ]
O32 - AutoRun File - [2002/10/04 06:56:06 | 000,000,091 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{27cd3b6f-400f-11dc-ab44-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{27cd3b6f-400f-11dc-ab44-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2002/10/04 06:56:06 | 000,487,424 | R--- | M] (Electronic Arts Inc.)
O33 - MountPoints2\{2d3e0d53-fc25-11de-891e-00038a000015}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs
O33 - MountPoints2\{3bc438a2-54ef-11df-909a-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{3bc438a2-54ef-11df-909a-00038a000015}\Shell\AutoRun\command - "" = "M:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{83d91655-1456-11de-8ea4-00038a000015}\Shell\Auto\command - "" = C:\Windows\explorer.exe -- [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{83d91655-1456-11de-8ea4-00038a000015}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explorer.exe
O33 - MountPoints2\{9aae9ec0-0f7d-11e2-a75b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9aae9ec0-0f7d-11e2-a75b-806e6f6e6963}\Shell\AutoRun\command - "" = N:\aoesetup.exe /autorun
O33 - MountPoints2\{9aae9ec0-0f7d-11e2-a75b-806e6f6e6963}\Shell\directx\command - "" = N:\DirectX\dxsetup.exe
O33 - MountPoints2\{9aae9ec0-0f7d-11e2-a75b-806e6f6e6963}\Shell\dplay\command - "" = N:\DirectX\dplay61a.exe
O33 - MountPoints2\{9aae9ec0-0f7d-11e2-a75b-806e6f6e6963}\Shell\dxdiag\command - "" = N:\goodies\ar40eng.exe
O33 - MountPoints2\{9aae9ec0-0f7d-11e2-a75b-806e6f6e6963}\Shell\dxinfo\command - "" = N:\goodies\DirectX\dxinfo.exe
O33 - MountPoints2\{9aae9ec0-0f7d-11e2-a75b-806e6f6e6963}\Shell\dxtest\command - "" = N:\DirectX\dxdiag.exe
O33 - MountPoints2\{9aae9ec0-0f7d-11e2-a75b-806e6f6e6963}\Shell\dxtool\command - "" = N:\goodies\DirectX\dxtool.exe
O33 - MountPoints2\{9aae9ec0-0f7d-11e2-a75b-806e6f6e6963}\Shell\log\command - "" = N:\goodies\machine\machine.exe -l
O33 - MountPoints2\{9aae9ec0-0f7d-11e2-a75b-806e6f6e6963}\Shell\machine\command - "" = N:\goodies\machine\machine.exe
O33 - MountPoints2\{9aae9ec0-0f7d-11e2-a75b-806e6f6e6963}\Shell\setup\command - "" = N:\aoesetup.exe /autorun
O33 - MountPoints2\{9aae9ec0-0f7d-11e2-a75b-806e6f6e6963}\Shell\zone\command - "" = N:\goodies\mszone\zoneA600.exe
O33 - MountPoints2\{ad8d4f65-d377-11df-a661-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{ad8d4f65-d377-11df-a661-00038a000015}\Shell\AutoRun\command - "" = "Q:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{e4300a69-77be-11dc-b6f7-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{e4300a69-77be-11dc-b6f7-00038a000015}\Shell\AutoRun\command - "" = O:\ReadMe.exe
O33 - MountPoints2\{e4300a77-77be-11dc-b6f7-00038a000015}\Shell\AutoRun\command - "" = L:\ReadMe.exe
O33 - MountPoints2\{e945466d-e562-11de-9a28-00038a000015}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\ReadMe.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

MsConfig - StartUpReg: Adobe Photo Downloader - hkey= - key= - C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - File not found
MsConfig - StartUpReg: EA Core - hkey= - key= - File not found
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - File not found
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found
MsConfig - StartUpReg: ZoneAlarm Client - hkey= - key= - File not found
MsConfig - State: "bootini" - 2
MsConfig - State: "startup" - 2

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: wuauserv - File not found
NetSvcs: BITS - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084

========== Files/Folders - Created Within 30 Days ==========

[2012/11/02 22:55:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
[2012/11/02 22:55:35 | 000,000,000 | ---D | C] -- C:\Program Files\ZHPDiag
[2012/11/02 22:55:35 | 000,000,000 | ---D | C] -- C:\ZHP
[2012/11/02 21:59:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/11/02 21:59:15 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/11/01 11:37:17 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\{D3E8514C-AF41-451F-B5B8-1287271B882F}
[2012/10/29 07:07:01 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Malwarebytes
[2012/10/29 07:06:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/29 07:06:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/29 07:06:52 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/10/29 07:06:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/10/29 00:01:00 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\{9E180D03-CE21-4314-ADCA-D97703FB978A}
[2012/10/27 23:52:28 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\{BDF5A8B1-AC3D-47F3-84E5-09D4E9B13428}
[2012/10/26 22:00:46 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\{7DCE2A75-86F8-4FDE-A413-F07E6801FFF8}
[2012/10/26 21:06:23 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\Macromedia
[2012/10/20 19:31:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/10/10 07:28:28 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/10/10 07:28:24 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/10/10 07:28:24 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/10/06 16:43:24 | 000,000,000 | ---D | C] -- C:\Users\Marc\Documents\Alcohol 52%
[2012/10/05 20:08:37 | 000,000,000 | ---D | C] -- C:\POINSOFT
[2012/05/26 08:46:52 | 002,983,936 | ---- | C] (Evariste) -- C:\Program Files\Regressi.exe
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/03 10:30:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/02 22:55:36 | 000,000,797 | ---- | M] () -- C:\Users\Public\Desktop\MBRCheck.lnk
[2012/11/02 22:55:36 | 000,000,790 | ---- | M] () -- C:\Users\Public\Desktop\ZHPDiag.lnk
[2012/11/02 22:55:36 | 000,000,785 | ---- | M] () -- C:\Users\Public\Desktop\ZHPFix.lnk
[2012/11/02 22:52:48 | 000,835,512 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2012/11/02 22:52:48 | 000,732,498 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/02 22:52:48 | 000,184,138 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2012/11/02 22:52:48 | 000,155,264 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/02 22:30:25 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/02 22:30:25 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/02 22:26:00 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/11/02 22:24:48 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{AAE5C327-9628-4F3A-9B82-9FDF30A1DD34}.job
[2012/11/02 22:23:43 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Marc.job
[2012/11/02 22:22:09 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/02 22:21:40 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\Registry Reviver-Marc-Startup.job
[2012/11/02 22:17:20 | 002,395,192 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/11/02 22:09:35 | 000,001,356 | ---- | M] () -- C:\Users\Marc\AppData\Local\d3d9caps.dat
[2012/11/02 22:06:57 | 000,435,342 | ---- | M] () -- C:\Users\Marc\Documents\cc_20121102_220639.reg
[2012/11/02 21:59:18 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/11/02 20:57:04 | 001,108,491 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/11/02 20:31:56 | 000,000,011 | R--- | M] () -- C:\Windows\amunres.lsl
[2012/11/02 20:09:00 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/11/02 20:07:01 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/02 02:55:11 | 000,043,520 | ---- | M] () -- C:\Users\Marc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/02 02:55:11 | 000,000,038 | ---- | M] () -- C:\Windows\AviSplitter.INI
[2012/11/01 19:33:59 | 000,001,074 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2956805866-1808003374-4288406764-1000UA.job
[2012/11/01 19:14:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/01 17:21:02 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2956805866-1808003374-4288406764-1000UA.job
[2012/11/01 11:30:10 | 000,001,588 | ---- | M] () -- C:\Users\Marc\Desktop\XnView.lnk
[2012/11/01 11:30:10 | 000,000,754 | ---- | M] () -- C:\Users\Marc\Application Data\Microsoft\Internet Explorer\Quick Launch\XnView.lnk
[2012/11/01 10:32:58 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2012/10/31 23:11:21 | 000,001,566 | ---- | M] () -- C:\Windows\entpack.ini
[2012/10/31 22:34:00 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_Marc.job
[2012/10/31 21:34:01 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Marc.job
[2012/10/30 10:06:14 | 000,000,940 | ---- | M] () -- C:\Users\Marc\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/10/29 07:06:54 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/28 07:33:10 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2956805866-1808003374-4288406764-1000Core1cd6582e5b13bc7.job
[2012/10/28 03:17:21 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Marc.job
[2012/10/22 21:27:23 | 000,016,092 | ---- | M] () -- C:\Users\Marc\AppData\Roaming\wklnhst.dat
[2012/10/15 09:50:05 | 000,002,613 | ---- | M] () -- C:\Users\Marc\Desktop\Microsoft Word 2010.lnk
[2012/10/11 08:14:15 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/10/11 08:14:15 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/10/11 06:49:36 | 000,002,039 | ---- | M] () -- C:\Users\Marc\Desktop\Google Chrome.lnk
[2012/10/11 06:49:36 | 000,002,001 | ---- | M] () -- C:\Users\Marc\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/10/06 16:59:19 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\Age of Empires II.lnk
[2012/10/06 16:45:43 | 000,000,333 | ---- | M] () -- C:\Users\Marc\Documents\ax_files.xml
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/02 22:55:36 | 000,000,797 | ---- | C] () -- C:\Users\Public\Desktop\MBRCheck.lnk
[2012/11/02 22:55:36 | 000,000,790 | ---- | C] () -- C:\Users\Public\Desktop\ZHPDiag.lnk
[2012/11/02 22:55:36 | 000,000,785 | ---- | C] () -- C:\Users\Public\Desktop\ZHPFix.lnk
[2012/11/02 22:06:45 | 000,435,342 | ---- | C] () -- C:\Users\Marc\Documents\cc_20121102_220639.reg
[2012/11/02 21:59:18 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/11/02 20:31:56 | 000,000,011 | R--- | C] () -- C:\Windows\amunres.lsl
[2012/11/01 11:30:10 | 000,001,588 | ---- | C] () -- C:\Users\Marc\Desktop\XnView.lnk
[2012/10/29 22:32:01 | 000,000,372 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Marc.job
[2012/10/29 22:32:01 | 000,000,366 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Marc.job
[2012/10/29 22:32:00 | 000,000,362 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_Marc.job
[2012/10/29 07:06:54 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/11 06:31:39 | 000,001,002 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/06 16:59:19 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\Age of Empires II.lnk
[2012/10/06 16:25:51 | 000,000,333 | ---- | C] () -- C:\Users\Marc\Documents\ax_files.xml
[2012/07/21 19:11:43 | 000,000,114 | ---- | C] () -- C:\Windows\scummvm.ini
[2012/04/14 19:48:49 | 000,001,018 | ---- | C] () -- C:\Users\Marc\oripa.ini
[2012/01/17 19:18:59 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2011/08/20 22:18:11 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2011/02/19 00:34:57 | 000,000,107 | ---- | C] () -- C:\Windows\IfoEdit.INI
[2011/01/13 07:32:58 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/01/09 12:51:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/12/25 15:10:10 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010/11/10 02:45:32 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2010/11/10 02:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2010/11/10 02:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2010/11/10 02:31:42 | 000,026,286 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/11/06 23:26:36 | 000,000,456 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010/11/04 18:24:20 | 000,036,112 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2010/05/26 17:53:01 | 000,000,008 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\DofusAppId0_1
[2010/05/26 11:30:36 | 000,000,173 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\D2Info0
[2010/05/26 11:30:36 | 000,000,008 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\DofusAppId0_2
[2010/01/20 23:55:59 | 000,000,148 | ---- | C] () -- C:\Users\Marc\.bouml
[2010/01/20 23:55:38 | 000,000,102 | ---- | C] () -- C:\Users\Marc\.boumlrc
[2010/01/01 19:28:45 | 000,000,008 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\DofusAppId3_3
[2009/12/20 16:28:37 | 000,000,008 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\DofusAppId3_2
[2009/12/19 14:27:21 | 000,000,169 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\D2Info3
[2009/12/19 14:27:21 | 000,000,008 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\DofusAppId3_1
[2009/09/27 15:27:27 | 000,000,092 | ---- | C] () -- C:\Users\Marc\mm.cfg
[2009/07/07 16:11:56 | 000,000,187 | ---- | C] () -- C:\Users\Marc\Arabella.properties
[2009/07/07 16:11:56 | 000,000,063 | ---- | C] () -- C:\Users\Marc\Arabella.profiles
[2008/11/25 12:49:48 | 000,000,000 | ---- | C] () -- C:\Users\Marc\jagex_runescape_preferences.dat
[2008/05/28 09:18:24 | 000,024,206 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\UserTile.png
[2008/05/28 08:21:19 | 000,290,832 | ---- | C] () -- C:\ProgramData\Does Flaw The.0c0li1z
[2008/05/28 08:20:39 | 000,344,080 | ---- | C] () -- C:\ProgramData\GlueForkFork.hprq0
[2008/05/28 08:20:38 | 000,200,720 | ---- | C] () -- C:\ProgramData\GlueForkFork.al82mq
[2008/05/27 07:51:26 | 000,435,102 | ---- | C] () -- C:\Users\Marc\AppData\Local\pyjfbbac_nav.dat
[2008/05/27 07:51:26 | 000,003,235 | ---- | C] () -- C:\Users\Marc\AppData\Local\pyjfbbac_navps.dat
[2008/05/27 07:51:24 | 000,012,376 | ---- | C] () -- C:\Users\Marc\AppData\Local\pyjfbbac.dat
[2008/05/02 16:11:45 | 000,000,016 | ---- | C] () -- C:\ProgramData\GlueForkFork.ov2qx
[2008/04/23 21:41:34 | 000,053,264 | ---- | C] () -- C:\ProgramData\GlueForkFork.n7a35m
[2007/08/25 07:57:42 | 000,001,356 | ---- | C] () -- C:\Users\Marc\AppData\Local\d3d9caps.dat
[2007/08/05 08:57:59 | 000,278,528 | ---- | C] () -- C:\Program Files\Common Files\FDEUnInstaller.exe
[2007/08/04 20:43:20 | 000,016,092 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\wklnhst.dat
[2007/08/04 11:42:28 | 000,043,520 | ---- | C] () -- C:\Users\Marc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

< MD5 for: EXPLORER.EXE >
[2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/11/15 07:37:19 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/11/15 07:37:18 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
[2008/01/18 22:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SERVICES.EXE >
[2008/01/19 08:33:28 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2008/01/18 22:33:30 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2006/11/02 10:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2009/04/11 07:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 07:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 10:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2008/01/18 22:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/18 22:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/18 22:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/18 22:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
[2008/01/18 22:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %temp%\*.exe /s >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %ALLUSERSPROFILE%\Application Data\*. >

< %APPDATA%\*.exe /s >
[2007/08/20 10:15:12 | 023,489,040 | ---- | M] ( ) -- C:\Users\Marc\AppData\Roaming\Adobe\Acrobat\7.0\Updater\AdbeRdr709_fr_FR.exe
[2010/08/15 15:19:40 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Users\Marc\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe
[2009/05/13 15:25:44 | 003,806,720 | ---- | M] (digital publishing AG) -- C:\Users\Marc\AppData\Roaming\digital publishing\cltlms\CorporateLanguageTraining.exe
[2009/08/07 11:10:56 | 001,053,368 | ---- | M] (D-Jix) -- C:\Users\Marc\AppData\Roaming\D-Jix\D-Jix Media LE\D-Jix Media LE.exe
[2009/07/15 11:23:04 | 007,578,112 | ---- | M] () -- C:\Users\Marc\AppData\Roaming\D-Jix\D-Jix Media LE\encoder.exe
[2009/01/08 12:26:46 | 000,032,664 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Marc\AppData\Roaming\D-Jix\D-Jix Media LE\jre\bin\java-rmi.exe
[2009/01/08 12:26:46 | 000,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Marc\AppData\Roaming\D-Jix\D-Jix Media LE\jre\bin\java.exe
[2009/01/08 12:26:46 | 000,058,776 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Marc\AppData\Roaming\D-Jix\D-Jix Media LE\jre\bin\javacpl.exe
[2009/01/08 12:26:46 | 000,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Marc\AppData\Roaming\D-Jix\D-Jix Media LE\jre\bin\javaw.exe
[2009/01/08 12:26:46 | 000,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Marc\AppData\Roaming\D-Jix\D-Jix Media LE\jre\bin\javaws.exe
[2009/01/08 12:26:46 | 000,079,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Marc\AppData\Roaming\D-Jix\D-Jix Media LE\jre\bin\jbroker.exe
[2009/01/08 12:26:46 | 000,022,424 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Marc\AppData\Roaming\D-Jix\D-Jix Media LE\jre\bin\jp2launcher.exe
[2009/01/08 12:26:46 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Marc\AppData\Roaming\D-Jix\D-Jix Media LE\jre\bin\jqs.exe
[2009/01/08 12:26:46 | 000,054,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Marc\AppData\Roaming\D-Jix\D-Jix Media LE\jre\bin\jqsnotify.exe
[2009/01/08 12:26:46 | 000,382,384 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Marc\AppData\Roaming\D-Jix\D-Jix Media LE\jre\bin\jucheck.exe
[2009/01/08 12:26:46 | 000,054,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Marc\AppData\Roaming\D-Jix\D-Jix Media LE\jre\bin\jureg.exe
[2009/01/08 12:26:46 | 000,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Marc\AppData\Roaming\D-Jix\D-Jix Media LE\jre\bin\jusched.exe
[2009/01/08 12:26:46 | 000,033,176 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Marc\AppData\Roaming\D-Jix\D-Jix Media LE\jre\bin\keytool.exe
[2009/01/08 12:26:46 | 000,033,176 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Marc\AppData\Roaming\D-Jix\D-Jix Media LE\jre\bin\kinit.exe
[2009/01/08 12:26:46 | 000,033,176 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Marc\AppData\Roaming\D-Jix\D-Jix Media LE\jre\bin\klist.exe
[2009/01/08 12:26:46 | 000,033,176 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Marc\AppData\Roaming\D-Jix\D-Jix Media LE\jre\bin\ktab.exe
[2009/01/08 12:26:46 | 000,033,176 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Marc\AppData\Roaming\D-Jix\D-Jix Media LE\jre\bin\orbd.exe
[2009/01/08 12:26:46 | 000,033,176 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Marc\AppData\Roaming\D-Jix\D-Jix Media LE\jre\bin\pack200.exe
[2009/01/08 12:26:46 | 000,033,176 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Marc\AppData\Roaming\D-Jix\D-Jix Media LE\jre\bin\policytool.exe
[2009/01/08 12:26:46 | 000,033,176 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Marc\AppData\Roaming\D-Jix\D-Jix Media LE\jre\bin\rmid.exe
[2009/01/08 12:26:46 | 000,033,176 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Marc\AppData\Roaming\D-Jix\D-Jix Media LE\jre\bin\rmiregistry.exe
[2009/01/08 12:26:46 | 000,033,176 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Marc\AppData\Roaming\D-Jix\D-Jix Media LE\jre\bin\servertool.exe
[2009/01/08 12:26:46 | 000,017,816 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Marc\AppData\Roaming\D-Jix\D-Jix Media LE\jre\bin\ssvagent.exe
[2009/01/08 12:26:46 | 000,033,176 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Marc\AppData\Roaming\D-Jix\D-Jix Media LE\jre\bin\tnameserv.exe
[2009/01/08 12:26:46 | 000,128,408 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Marc\AppData\Roaming\D-Jix\D-Jix Media LE\jre\bin\unpack200.exe
[2009/09/20 14:08:03 | 001,924,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Marc\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2011/01/09 13:07:44 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Marc\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2007/09/30 16:28:54 | 000,003,310 | R--- | M] () -- C:\Users\Marc\AppData\Roaming\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_16496df1.exe
[2007/09/30 16:28:53 | 000,001,078 | R--- | M] () -- C:\Users\Marc\AppData\Roaming\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_18be6784.exe
[2007/09/30 16:28:53 | 000,001,078 | R--- | M] () -- C:\Users\Marc\AppData\Roaming\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_294823.exe
[2007/09/30 16:28:54 | 000,001,078 | R--- | M] () -- C:\Users\Marc\AppData\Roaming\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_2cd672ae.exe
[2007/09/30 16:28:54 | 000,001,078 | R--- | M] () -- C:\Users\Marc\AppData\Roaming\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_4ae13d6c.exe
[2007/09/30 16:28:54 | 000,001,078 | R--- | M] () -- C:\Users\Marc\AppData\Roaming\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_69525f90.exe
[2011/01/09 13:40:37 | 000,009,158 | R--- | M] () -- C:\Users\Marc\AppData\Roaming\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe
[2011/01/09 12:48:52 | 000,010,134 | R--- | M] () -- C:\Users\Marc\AppData\Roaming\Microsoft\Installer\{9DBCF44B-77AC-81D8-0F8E-1E60D6330AC2}\ARPPRODUCTICON.exe
[2008/07/08 11:17:58 | 000,188,416 | R--- | M] (Macrovision Corporation) -- C:\Users\Marc\AppData\Roaming\Microsoft\Installer\{A581099D-139B-4042-8326-22FD13FC58C6}\Amnesty_Generator._41C7F924D0BD410D9D36FCCA75058D1B_1.exe
[2008/07/08 11:17:58 | 000,188,416 | R--- | M] (Macrovision Corporation) -- C:\Users\Marc\AppData\Roaming\Microsoft\Installer\{A581099D-139B-4042-8326-22FD13FC58C6}\Amnesty_Generator._5F8ED782BF234742A57E49338B9764EE.exe
[2008/07/08 11:17:58 | 000,010,134 | R--- | M] () -- C:\Users\Marc\AppData\Roaming\Microsoft\Installer\{A581099D-139B-4042-8326-22FD13FC58C6}\ARPPRODUCTICON.exe
[2009/10/10 20:25:15 | 000,082,726 | R--- | M] () -- C:\Users\Marc\AppData\Roaming\Microsoft\Installer\{D50C3F69-0ECA-4725-8F30-E69B1209C273}\controlPanelIcon.exe
[2009/10/10 20:25:15 | 000,010,134 | R--- | M] () -- C:\Users\Marc\AppData\Roaming\Microsoft\Installer\{D50C3F69-0ECA-4725-8F30-E69B1209C273}\SystemFolder_msiexec.exe
[2011/09/25 20:46:48 | 000,010,134 | R--- | M] () -- C:\Users\Marc\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2008/07/08 11:40:05 | 000,025,214 | R--- | M] () -- C:\Users\Marc\AppData\Roaming\Microsoft\Installer\{F226C1DA-66D7-4ABC-86B5-3F978A660EBF}\_6FEFF9B68218417F98F549.exe
[2011/12/17 09:04:57 | 050,429,056 | ---- | M] (Dell Inc) -- C:\Users\Marc\AppData\Roaming\PCDr\Update\Binaries\full_dsc_5907_16_32_02.exe
[2011/08/10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Marc\AppData\Roaming\PCDr\Update\Rules\1264ce6a-d415-4d49-8ab7-88a7dd620670\au_5899_rules\AddCertificate.exe
[2011/08/10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Marc\AppData\Roaming\PCDr\Update\Rules\27add4f7-5d3b-4a0e-809e-32224caa4b99\au_5899_rules\AddCertificate.exe
[2011/08/10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Marc\AppData\Roaming\PCDr\Update\Rules\37035acb-ad6f-4afe-9df3-392be8204cae\au_5899_rules\AddCertificate.exe
[2011/08/10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Marc\AppData\Roaming\PCDr\Update\Rules\3a045867-d9d3-435d-86ea-558f75edd840\au_5899_rules\AddCertificate.exe
[2011/08/10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Marc\AppData\Roaming\PCDr\Update\Rules\8dca0eaa-d9ca-4a22-9c06-c85e1fdd421b\au_5899_rules\AddCertificate.exe
[2011/08/10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Marc\AppData\Roaming\PCDr\Update\Rules\c2602db1-14d8-4108-ba07-97162cee856b\au_5899_rules\AddCertificate.exe
[2011/08/10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Marc\AppData\Roaming\PCDr\Update\Rules\eaaeead8-2d0a-4d45-90bd-ddd124ec0fff\au_5899_rules\AddCertificate.exe
[2011/08/10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Marc\AppData\Roaming\PCDr\Update\Rules\f13fbc07-e205-4e1c-8d50-54981af9c970\au_5899_rules\AddCertificate.exe
[2011/08/10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Marc\AppData\Roaming\PCDr\Update\Rules\f43e37c4-8f41-4ba9-99ab-be9ffc1e2e13\au_5899_rules\AddCertificate.exe
[2011/08/10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Marc\AppData\Roaming\PCDr\Update\Rules\fda139a9-d0a7-413f-b8e7-f478f07a81b7\au_5899_rules\AddCertificate.exe
[2012/10/29 19:31:06 | 000,449,176 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Marc\AppData\Roaming\Real\Update\temp\~Upg0\rnupgagent.exe
[2012/10/29 19:31:06 | 000,449,176 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Marc\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe
[2012/10/29 22:33:47 | 027,433,440 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Marc\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\stub_data\RealPlayer.exe
[2012/10/29 22:32:05 | 000,760,128 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Marc\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\stub_exe\RealPlayer.exe
[2012/08/20 11:20:57 | 005,576,408 | ---- | M] (Spotify Ltd) -- C:\Users\Marc\AppData\Roaming\Spotify\spotify.exe
[2012/08/20 11:20:57 | 000,114,904 | ---- | M] () -- C:\Users\Marc\AppData\Roaming\Spotify\SpotifyLauncher.exe
[2012/08/20 11:20:56 | 001,193,176 | ---- | M] () -- C:\Users\Marc\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

< %SYSTEMDRIVE%\*.exe >
[2011/06/25 10:01:06 | 000,900,384 | ---- | M] (Sun Microsystems, Inc.) -- C:\chromeinstall.exe
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2008/08/12 16:50:56 | 000,514,083 | ---- | M] () -- C:\Live-Player_setup.exe
[2001/05/24 12:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE

========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:52B72A7C
@Alternate Data Stream - 76 bytes -> C:\Users\Marc\Documents\Regressi:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marc\Documents\Puzzle Quest:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marc\Documents\My Games:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marc\Documents\Morning meeting:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marc\Documents\Mes Historiques de Conversation:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marc\Documents\Mes fichiers reçus:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marc\Documents\lcc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marc\Documents\AOL:Roxio EMC Stream
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:F83DE022
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:0EC44AEB
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:538DC028
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8CE646EE
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:0F43D95C
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:77248999
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:AFFC859A

< End of report >
[/code]

Extra.txt :

[code=auto:0]
OTL Extras logfile created on: 03/11/2012 15:07:19 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = L:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19328)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,36 Gb Available Physical Memory | 68,20% Memory free
4,25 Gb Paging File | 3,91 Gb Available in Paging File | 91,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,77 Gb Total Space | 70,11 Gb Free Space | 31,47% Space Free | Partition Type: NTFS
Drive D: | 232,83 Gb Total Space | 50,16 Gb Free Space | 21,54% Space Free | Partition Type: NTFS
Drive E: | 10,00 Gb Total Space | 6,33 Gb Free Space | 63,31% Space Free | Partition Type: NTFS
Drive F: | 625,86 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive L: | 3,73 Gb Total Space | 3,72 Gb Free Space | 99,73% Space Free | Partition Type: FAT32

Computer Name: PC-DELL | User Name: Marc | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Parcourir avec XnView] -- "C:\Program Files\XnView\xnview.exe" "%1" (XnView, http://www.xnview.com)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2956805866-1808003374-4288406764-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 24

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2956805866-1808003374-4288406764-1001]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2956805866-1808003374-4288406764-1002]
"EnableNotifications" = 0
"EnableNotificationsRef" = 2

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{043F86B7-EE12-3399-B2CA-D0B603D87963}" = Microsoft .NET Framework 4 Extended FRA Language Pack
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{07043840-8EBE-4287-85D8-8EC76D88B906}" = Microsoft Math 3.0
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0DE20748-45A5-6CD9-610E-F881A34E7342}" = Catalyst Control Center Localization Arabic
"{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
"{0FA44E79-CD7D-4E8D-A2EE-26FE05F509B6}" = OpenOffice.org 3.1
"{0FFAC7BB-50DC-CB54-6CA7-A8B74513280B}" = CCC Help Chinese Traditional
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15CC10AB-4266-210D-E2D2-03089C25A028}" = CCC Help English
"{1603C7DC-358B-97AF-B451-B2DDAC734117}" = Catalyst Control Center Localization French
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1C802083-6D79-78ED-BF1C-601DDF908DD1}" = Catalyst Control Center Core Implementation
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{214030BC-490D-57D4-2547-D0D4ECC851A5}" = Catalyst Control Center Localization Japanese
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}" = Supreme Commander
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2758691A-2CDE-4942-A4AC-0E8F61FE2067}" = USB Video Driver
"{27F00C63-449B-2FAB-CBE8-24AB80E17449}" = Acrobat.com
"{282C4EAA-F162-F52F-7BAF-C7B50DAAA00A}" = ccc-utility
"{28728178-FF15-218B-0B63-012692F42C28}" = CCC Help Danish
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"{31DBBB49-CAC2-984A-64CA-A88102056E10}" = CCC Help German
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{32851025-1E46-83A3-1320-471619254E39}" = Catalyst Control Center Localization All
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{38496EC2-78B7-412A-9398-FC6B7DB8E182}" = Orange Preload
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3AFDD2C6-8663-46B5-B195-6CEB00D44768}" = adsl TV
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F900346-A316-BA88-B83C-2513F1260AD7}" = Reg (DOFUS Audio Subsystem)
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40217B2F-462B-94A4-E84E-6A1C6EDBCE2F}" = CCC Help Swedish
"{412FECA2-836F-3DF6-A302-924CEC5B4DE2}" = CCC Help Spanish
"{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}" = Google Talk Plugin
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{46ACAEB5-365A-74BB-D405-980EA4FE3545}" = CCC Help Japanese
"{46BE6D86-7BEF-4DAB-B3E6-7B932D3872F3}_is1" = Dragonica version TEST
"{47FDEFC7-BFE6-FD75-41D1-28DD572BD2D9}" = ATI Catalyst Install Manager
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A526904-440E-11AC-CEF0-5E64A99E1BEA}" = Bamboo Dock
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{5343A801-92E5-C234-9F27-AB27EC738BF6}" = CCC Help Japanese
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = Guide de l'utilisateur
"{5D22226D-EBC1-C95F-7746-2E3A9F4C97BA}" = CCC Help Russian
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5E7A8F05-013C-44FD-B450-5434CA581098}_is1" = MicroVolts
"{5EBF7AAB-98C5-2C43-0844-4BD9B9FCA7AD}" = Dofus
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{600C37F2-098B-A165-C1DB-6AE2B89D8D49}" = Catalyst Control Center Graphics Previews Common
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{61F8CA2C-9A80-8A1B-D3B9-347530CB387F}" = CCC Help Norwegian
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{674B407D-EAB1-B6B6-F9BF-C34CEE4CD83F}" = Catalyst Control Center Graphics Light
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69F411C5-4851-6DA9-EA4C-160BEF8788AA}" = CCC Help French
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}" = Microsoft Works
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6DD27E54-2598-0FEC-7CE1-BE00924C0570}" = Catalyst Control Center Graphics Previews Vista
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76C73966-AED3-5ACB-B438-B47E9B1FB2E3}" = CCC Help Chinese Standard
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{7A3E5243-7B8E-459C-A645-57ACD71B1C2D}" = Nancy Drew :Le Mystère de l'Horloge
"{7C27114E-6FC8-21F5-E501-FE48F09243DF}" = CCC Help Dutch
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7CCA1688-6F09-49AE-887B-E29A552A187A}" = Morrowind
"{7CD5F286-FF0A-E638-8143-0E258E3C17E2}" = CCC Help Thai
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{7EAAF327-D5B0-4f89-A0EF-B1703379705C}" = QuickField 5.6 Student
"{80237C20-CBF3-F841-4AD5-E727AA86FBD1}" = CCC Help Italian
"{802EE127-D32A-1447-09DC-77419772BCDC}" = CCC Help Portuguese
"{836AFA32-7B8B-2C19-99D9-36EF32B42EB8}" = CCC Help Thai
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{8742360F-9348-11D6-85F3-00902722F429}" = NOMAD Jukebox 2
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{9028040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional avec FrontPage
"{9085040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{946942CB-D078-F33A-A3CD-27E0393507FD}" = CCC Help Turkish
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9682B99B-BB28-AD37-CA50-C1CB5BFF0FA6}" = Catalyst Control Center Graphics Full New
"{98698CC8-F4C4-A0A7-F521-8547DDD1BB6B}" = Catalyst Control Center Localization Chinese Standard
"{9954484F-6EE4-4040-94E3-4B380646F867}" = Assistant Personnalisation du systéme Dell
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer-
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9D6D76A6-4328-49E8-97A7-531A74841DA5}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9DBCF44B-77AC-81D8-0F8E-1E60D6330AC2}" = Catalyst Control Center InstallProxy
"{9DE2BE42-7B90-4440-8954-89D9CDC8D4D2}" = SolidWorks eDrawings 2012
"{9F05B89E-2873-11D5-9E9D-0050DA1EA555}" = Myst III Exile
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A02CC93A-134F-0319-1438-B1E895B52577}" = CCC Help German
"{A581099D-139B-4042-8326-22FD13FC58C6}" = Amnesty Generator
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Edition Découverte 3.2
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7E1ADB8-162B-7C33-60FB-0561A17BD876}" = CCC Help Spanish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96EEF55-155C-552E-ABB1-6FDAEF5BD944}" = CCC Help Polish
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA027AE9-DD20-4677-AA72-D760A358320B}" = Microsoft VC9 runtime libraries
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB93C51F-71F9-4A28-8134-FE1B5B9373E9}" = Windows Live Remote Service Resources
"{AC76BA86-7AD7-1036-7B44-A81300000003}" = Adobe Reader 8.1.3 - Français
"{AC76BA86-7AD7-2447-0000-800000000003}" = Chinese Simplified Fonts Support For Adobe Reader 8
"{AC76BA86-7AD7-2448-0000-800000000003}" = Chinese Traditional Fonts Support For Adobe Reader 8
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{ADB25FF0-AEC4-2CFB-130C-2C60D80C5934}" = CCC Help Greek
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B04D5DA5-11DA-830C-85C6-0FF9185787E7}" = Skins
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1F42263-0C77-49E9-BCD8-CE0FC823MER9}_is1" = Mercator
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B3B4E8E4-E2A4-11D6-8D31-00105A629F49}" = eMedia Guitar Lesson - Midnight Special
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BB603E9F-ECE8-7713-B0AC-7E0614E8C058}" = Catalyst Control Center HydraVision Full
"{BE232D60-AEA5-502F-ACBF-9AC188A82C21}" = CCC Help Finnish
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Les Sims™ 3
"{C15C4AB5-EF5D-5050-273C-4636E3FBE301}" = CCC Help Czech
"{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet
"{C23587D9-1415-4042-9B3D-43118A4334C7}_is1" = BoontyBox 2.3
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C3E2D64C-1B8E-D142-A76F-DEAC02AFF4FA}" = CCC Help Polish
"{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}" = Uniblue DriverScanner 2009
"{C5145CD4-4F74-C986-F86B-F57F3995C59B}" = Catalyst Control Center Localization Arabic
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C8D524C0-FBD2-C4F0-2446-912EABA681E0}" = CCC Help Portuguese
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CCF7F09E-A1C5-7D81-437D-B2DC347CC52E}" = Catalyst Control Center Localization Spanish
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEEE47BB-4AB7-9AEB-2212-ECC6D05DDC74}" = Catalyst Control Center Localization Italian
"{D1725D54-279A-40C5-A70D-23C1785DB920}_is1" = AoA Audio Extractor
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D50C3F69-0ECA-4725-8F30-E69B1209C273}" = D-Jix Media LE
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D71B45B0-70B5-12BA-4ACF-2CEC94FE8A06}" = CCC Help Korean
"{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"{D82F4E66-B3F6-4482-879E-AAC745CCFE0F}" = DraftSight
"{D9D937B0-E842-4130-9588-B948E876904A}" = Microsoft SQL Server 2008 Native Client
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFDBE1F9-04CE-4645-BB6C-4590EABC7A9C}" = Windows Live Remote Client Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E09CD13D-7CE3-351C-1625-8DC7F21A99C0}" = ccc-core-static
"{E373E0E2-20F5-90DF-B315-615EA6E52101}" = Catalyst Control Center Graphics Full Existing
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Codeur Windows Media Série 9
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6DA746E-1175-88BD-2B16-1DC62018E060}" = CCC Help Chinese Standard
"{E7744050-4D6F-1280-5331-2EA048B51E94}" = Catalyst Control Center Localization Arabic
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ECA80341-4BFB-172D-EC5D-64FD8DD41F5A}" = Catalyst Control Center Localization German
"{ECBEB9C6-CC47-70F7-E939-1E20E3BEEC8F}" = Catalyst Control Center Localization Korean
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE™ L’atelier des Créatures – version d’essai
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EFAD4066-CAF3-4B27-9669-12EED352C376}" = NVIDIANetworkDiagnostic
"{F053BFD9-4357-6A82-6042-CF919667448F}" = CCC Help English
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F17EB02C-DA0D-EDEF-2E16-501FB700A710}" = CCC Help Hungarian
"{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver
"{F226C1DA-66D7-4ABC-86B5-3F978A660EBF}" = AOL Mail and AIM Gadget
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F4FA8AC4-6B6A-CAA6-8E44-FC64227CC4F7}" = CCC Help Italian
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F5DDC0CD-F13A-83F0-5103-563A17EA306F}" = CCC Help Korean
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F6412237-45F7-B34B-0803-4D77E2D39D0C}" = Catalyst Control Center Localization Chinese Traditional
"{F7828387-C188-4F11-00AB-148CDF607FD6}" = Need For Speed poursuite infernale 2
"{FCFBA290-CB48-4AF1-A241-2685AEDEDD66}" = Windows Live Family Safety
"{FD01FEBF-376F-F125-09F8-E94B04D21E77}" = CCC Help French
"{FF001690-A829-9DFD-9EF6-DA285783C49C}" = CCC Help Chinese Traditional
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"69083DC58646DE46A09847A522A1CC487F918039" = Package de pilotes Windows - eMPIA Technology Inc, (emAudio) MEDIA (08/31/2007 5.7.0831.0)
"8461-7759-5462-8226" = Vuze
"ACDLabs in C__Program_Files_ACDFREE12_" = ACD/Labs Software in C:\Program Files\ACDFREE12\
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Adobe® Photoshop® Album Edition Découverte 3.2" = Adobe® Photoshop® Album Edition Découverte 3.2
"Age of Empires 2.0" = Microsoft Age of Empires II
"AGEIA PhysX v2.5.1" = AGEIA PhysX v2.5.1
"AOL Toolbar" = AOL Toolbar
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"ASIO4ALL" = ASIO4ALL
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.4 (Unicode)
"avast" = avast! Free Antivirus
"AVIConverter" = AVIConverter 5.1.6
"CCleaner" = CCleaner
"CDex" = CDex extraction audio
"Collab" = Collab
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ComicRack" = ComicRack v0.9.143
"Creative Jukebox Driver" = Creative Jukebox Driver
"Cucusoft Ultimate DVD + Video Converter Suite_is1" = Cucusoft Ultimate DVD + Video Converter Suite 7.18.7.11
"CutePDF Writer Installation" = CutePDF Writer 2.7
"D-Fend v2" = D-Fend v2
"Dia" = Dia (supprimer uniquement)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = Configuration DivX
"DjVuLibre+DjView" = DjVuLibre+DjView
"Dofus 1.25.0" = Dofus 1.25.0
"Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1" = Dofus
"DSMT5" = MathType 5
"DVD Shrink_is1" = DVD Shrink 3.2
"EPSON Printer and Utilities" = EPSON Logiciel imprimante
"EPSON Scanner" = EPSON Scan
"ffdshow_is1" = ffdshow [rev 2975] [2009-05-28]
"FileZilla Client" = FileZilla Client 3.3.3
"Find and Mount_is1" = Find and Mount 2.32
"FL Studio 7" = FL Studio 7
"FL Studio 9" = FL Studio 9
"FlashDevelop" = FlashDevelop 3.0.4
"FormatFactory" = FormatFactory 2.70
"Freecorder Toolbar3.02" = Freecorder Toolbar 3.02 Application
"Frets on Fire" = Frets On Fire
"GameSpy Arcade" = GameSpy Arcade
"GeoGebra" = GeoGebra
"gmailbackup" = Gmail Backup
"Google Desktop" = Google Desktop
"Guitar Pro 5_is1" = Guitar Pro 5.0
"HTMLKit_is1" = HTML-Kit
"IL Download Manager" = IL Download Manager
"ImTOO DVD Audio Ripper 5" = ImTOO DVD Audio Ripper 5
"Insaniquarium_Patch_Installer_1.2" = Insaniquarium Patch Installer 1.2
"InstallShield_{EFAD4066-CAF3-4B27-9669-12EED352C376}" = NVIDIANetworkDiagnostic
"Intel® Open Source Computer Vision Library_is1" = Intel® Open Source Computer Vision Library 1.0
"lcc-win32 (base system)_is1" = lcc-win32 version 3.2 (base system)
"Little Shop - City Lights" = Little Shop - City Lights
"Logitech Vid" = Logitech Vid HD
"lvdrivers_12.10" = Coffret de pilotes Logitech Webcam Software
"M4a/Flac/Ogg/Ape/Mpc Tag Support Plugin for Media Player_is1" = M4a/Flac/Ogg/Ape/Mpc Tag Support Plugin for Media Player v 1.1
"Machinarium" = Machinarium
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Media Convert Master_is1" = Media Convert Master 10.0.2.56
"Messenger Plus!" = Messenger Plus! 5
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Extended FRA
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"MiKTeX 2.7" = MiKTeX 2.7
"Minesweeper Variants_is1" = Minesweeper Variants 1.1.0
"MinGW" = MinGW 5.1.6
"Monopoly Here and Now" = Monopoly Here and Now
"Mozilla Firefox 13.0.1 (x86 fr)" = Mozilla Firefox 13.0.1 (x86 fr)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3_File_Editor_5" = Mp3 File Editor 5.11 (standard)
"Neuf_TV_PC" = TV sur PC
"Notepad++" = Notepad++
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"oggcodecs" = oggcodecs 0.71.0946
"Online Games Manager" = Online Games Manager v1.10
"OpenAL" = OpenAL
"pd_is1" = Pd-0.41.4-extended
"Plato DVD to MP3 Ripper_is1" = Plato DVD to MP3 Ripper 7.87
"PlayFLV" = PlayFLV
"Programme de désinstallation AOL" = AOL - Assistant de désinstallation
"Radio Media Player" = Radio Media Player
"RealAlt_is1" = Real Alternative 1.9.0
"RealPlayer 12.0" = RealPlayer
"RealPlayer 15.0" = RealPlayer
"Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1" = Reg (DOFUS Audio Subsystem)
"scilab-4.1.2_is1" = scilab-4.1.2
"SFR_Kit" = SFR - Kit de connexion
"SFR_Mediacenter Evolution" = SFR - Mediacenter Evolution
"SimCity 3000" = SimCity 3000
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Studio d'apprentissage Espagnol_is1" = Studio d'apprentissage Espagnol
"SubtitleWorkshop" = Subtitle Workshop 2.51
"SuperCopier2" = SuperCopier2
"TmNations_is1" = TrackMania Nations ESWC 1.7.9
"Uniblue DriverScanner 2009" = Uniblue DriverScanner 2009
"VLC media player" = VLC media player 2.0.2
"wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock
"Warcraft III" = Warcraft III
"Wheres Waldo The Fantastic Journey" = Wheres Waldo The Fantastic Journey
"Windows Media Encoder 9" = Codeur Windows Media Série 9
"WinLiveSuite" = Windows Live
"WinRAR archiver" = Archiveur WinRAR
"XnView_is1" = XnView 1.99.5
"ZHPDiag_is1" = ZHPDiag 1.31

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2956805866-1808003374-4288406764-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CodeBlocks" = CodeBlocks
"Deck 3D" = Deck 3D
"Google Chrome" = Google Chrome
"Spotify" = Spotify
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 01/11/2012 21:57:32 | Computer Name = PC-DELL | Source = WDSmartWareBackgroundService | ID = 0
Description =

Error - 02/11/2012 15:03:03 | Computer Name = PC-DELL | Source = WDSmartWareBackgroundService | ID = 0
Description =

Error - 02/11/2012 15:14:08 | Computer Name = PC-DELL | Source = EventSystem | ID = 4609
Description =

Error - 02/11/2012 15:28:13 | Computer Name = PC-DELL | Source = EventSystem | ID = 4609
Description =

Error - 02/11/2012 15:31:35 | Computer Name = PC-DELL | Source = System Restore | ID = 8193
Description =

Error - 02/11/2012 16:30:49 | Computer Name = PC-DELL | Source = EventSystem | ID = 4609
Description =

Error - 02/11/2012 17:23:14 | Computer Name = PC-DELL | Source = WDSmartWareBackgroundService | ID = 0
Description =

Error - 02/11/2012 17:30:39 | Computer Name = PC-DELL | Source = WDSmartWareBackgroundService | ID = 0
Description =

Error - 02/11/2012 17:33:12 | Computer Name = PC-DELL | Source = EventSystem | ID = 4609
Description =

Error - 03/11/2012 05:31:07 | Computer Name = PC-DELL | Source = EventSystem | ID = 4609
Description =

[ Media Center Events ]
Error - 07/11/2007 09:58:11 | Computer Name = PC-DELL | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete : échec du téléchargement du package
MCESpotlight.

Error - 16/04/2008 11:25:47 | Computer Name = PC-DELL | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete : échec du téléchargement du package
MCESpotlight.

Error - 25/11/2009 17:26:15 | Computer Name = PC-DELL | Source = Media Center Guide | ID = 0
Description = Info sur l’événement : ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Processus : DefaultDomain Nom de l’objet : Media
Center Guide

Error - 16/05/2010 09:23:40 | Computer Name = PC-DELL | Source = Media Center Guide | ID = 0
Description = Info sur l’événement : ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Processus : DefaultDomain Nom de l’objet : Media
Center Guide

[ System Events ]
Error - 03/11/2012 05:31:51 | Computer Name = PC-DELL | Source = Service Control Manager | ID = 7001
Description =

Error - 03/11/2012 05:31:51 | Computer Name = PC-DELL | Source = Service Control Manager | ID = 7003
Description =

Error - 03/11/2012 05:31:51 | Computer Name = PC-DELL | Source = Service Control Manager | ID = 7003
Description =

Error - 03/11/2012 05:31:51 | Computer Name = PC-DELL | Source = Service Control Manager | ID = 7001
Description =

Error - 03/11/2012 05:31:51 | Computer Name = PC-DELL | Source = Service Control Manager | ID = 7026
Description =

Error - 03/11/2012 05:31:51 | Computer Name = PC-DELL | Source = Service Control Manager | ID = 7001
Description =

Error - 03/11/2012 05:31:51 | Computer Name = PC-DELL | Source = Service Control Manager | ID = 7001
Description =

Error - 03/11/2012 05:31:51 | Computer Name = PC-DELL | Source = Service Control Manager | ID = 7001
Description =

Error - 03/11/2012 05:31:56 | Computer Name = PC-DELL | Source = Service Control Manager | ID = 7001
Description =

Error - 03/11/2012 05:58:56 | Computer Name = PC-DELL | Source = DCOM | ID = 10005
Description =


< End of report >
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • GeekU Moderator
  • 63,705 posts
All these can be run from safe mode

  • Download RogueKiller and save it on your desktop.

    NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image

  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.

  • Next click on the ShortcutsFix
    Posted Image
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

THEN

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva385.sys -- (XDva385) 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva383.sys -- (XDva383) 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva380.sys -- (XDva380) 
IE - HKU\S-1-5-21-2956805866-1808003374-4288406764-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=109129&babsrc=SP_ss&mntrId=e6009f1a000000000000001bfce35927 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q="
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: ClickPotatoLite@ClickPotatoLite.com:10.0.0.0
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
[2012/05/24 11:55:52 | 000,000,000 | ---D | M] () -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\gdbmiai2.default\extensions\{04253f76-f258-4b03-7b4a-0bebad2ca3e9}
[2010/06/16 13:06:23 | 000,005,407 | ---- | M] () -- C:\Users\Marc\AppData\Roaming\mozilla\firefox\profiles\gdbmiai2.default\searchplugins\fast-browser-search.xml
[2012/05/24 11:56:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\ffxtlbr@babylon.com
[2006/09/26 12:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2012/05/24 11:56:09 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
O7 - HKU\S-1-5-21-2956805866-1808003374-4288406764-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Search - ?p=ZNfox000 File not found

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#5
jb681131

jb681131

    New Member

  • Member
  • Pip
  • 6 posts
While I run the OTL fix you asked, here are the Rogue Killer repports (sorry in french and from another pc)

RKreport[1]_S_03112012_171509:
RogueKiller V8.2.2 [03/11/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Website: http://www.sur-la-toile.com/RogueKiller/
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Demarrage : Mode sans echec
Utilisateur : Marc [Droits d'admin]
Mode : Recherche -- Date : 03/11/2012 17:15:09

¤¤¤ Processus malicieux : 0 ¤¤¤

¤¤¤ Entrees de registre : 9 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : StructuredQuery (C:\Users\Marc\AppData\Local\Microsoft\Windows\3273\StructuredQuery.exe) -> TROUVÉ
[HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> TROUVÉ
[HJ] HKLM\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> TROUVÉ
[HJ] HKLM\[...]\System : EnableLUA (0) -> TROUVÉ
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> TROUVÉ
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> TROUVÉ
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$0efea8beb87b60a7203b3b1edb3e3dd7\@ --> TROUVÉ
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-2956805866-1808003374-4288406764-1000\$0efea8beb87b60a7203b3b1edb3e3dd7\@ --> TROUVÉ
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$0efea8beb87b60a7203b3b1edb3e3dd7\U --> TROUVÉ
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-2956805866-1808003374-4288406764-1000\$0efea8beb87b60a7203b3b1edb3e3dd7\U --> TROUVÉ
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$0efea8beb87b60a7203b3b1edb3e3dd7\L --> TROUVÉ
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-2956805866-1808003374-4288406764-1000\$0efea8beb87b60a7203b3b1edb3e3dd7\L --> TROUVÉ

¤¤¤ Driver : [NON CHARGE] ¤¤¤

¤¤¤ Ruches Externes: ¤¤¤
-> E:\windows\system32\config\SOFTWARE
-> E:\Users\Default\NTUSER.DAT

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1  localhost
127.0.0.1  ad.a8.net
127.0.0.1  asy.a8ww.net
127.0.0.1  www.abx4.com #[Adware.ABXToolbar]
127.0.0.1  acezip.net #[SiteAdvisor.acezip.net]
127.0.0.1  www.acezip.net #[Win32/Adware.180Solutions]
127.0.0.1  phpadsnew.abac.com
127.0.0.1  a.abnad.net
127.0.0.1  b.abnad.net
127.0.0.1  c.abnad.net #[eTrust.Tracking.Cookie]
127.0.0.1  d.abnad.net
127.0.0.1  e.abnad.net
127.0.0.1  t.abnad.net
127.0.0.1  banners.absolpublisher.com
127.0.0.1  tracking.absolstats.com
127.0.0.1  adv.abv.bg
127.0.0.1  bimg.abv.bg
127.0.0.1  www2.a-counter.kiev.ua
127.0.0.1  accuserveadsystem.com
127.0.0.1  www.accuserveadsystem.com
[...]


¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: ST325082 0AS SCSI Disk Device +++++
--- User ---
[MBR] 8b5b659faa81e45c42691f1b52e1dc96
[BSP] 7d4755e7c820a24a8f2162a6ed0543bc : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 62 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 129024 | Size: 10240 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21100544 | Size: 228114 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: ST325082 0AS SCSI Disk Device +++++
--- User ---
[MBR] 8b544338f1bf2dff3a86cd7ca132f08e
[BSP] 7f3ac6471476c378e4328afefba6931f : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 238416 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Termine : << RKreport[1]_S_03112012_171509.txt >>
RKreport[1]_S_03112012_171509.txt




RKreport[2]_D_03112012_171534:
RogueKiller V8.2.2 [03/11/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Website: http://www.sur-la-toile.com/RogueKiller/
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Demarrage : Mode sans echec
Utilisateur : Marc [Droits d'admin]
Mode : Suppression -- Date : 03/11/2012 17:15:34

¤¤¤ Processus malicieux : 0 ¤¤¤

¤¤¤ Entrees de registre : 9 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : StructuredQuery (C:\Users\Marc\AppData\Local\Microsoft\Windows\3273\StructuredQuery.exe) -> SUPPRIMÉ
[HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> REMPLACÉ (1)
[HJ] HKLM\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> REMPLACÉ (1)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REMPLACÉ (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REMPLACÉ (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REMPLACÉ (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REMPLACÉ (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REMPLACÉ (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0)

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$0efea8beb87b60a7203b3b1edb3e3dd7\@ --> SUPPRIMÉ
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-2956805866-1808003374-4288406764-1000\$0efea8beb87b60a7203b3b1edb3e3dd7\@ --> SUPPRIMÉ
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$0efea8beb87b60a7203b3b1edb3e3dd7\U --> SUPPRIMÉ
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-2956805866-1808003374-4288406764-1000\$0efea8beb87b60a7203b3b1edb3e3dd7\U --> SUPPRIMÉ
[Del.Parent][FILE] 00000004.@ : C:\$recycle.bin\S-1-5-18\$0efea8beb87b60a7203b3b1edb3e3dd7\L\00000004.@ --> SUPPRIMÉ
[Del.Parent][FILE] 201d3dde : C:\$recycle.bin\S-1-5-18\$0efea8beb87b60a7203b3b1edb3e3dd7\L\201d3dde --> SUPPRIMÉ
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$0efea8beb87b60a7203b3b1edb3e3dd7\L --> SUPPRIMÉ
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-2956805866-1808003374-4288406764-1000\$0efea8beb87b60a7203b3b1edb3e3dd7\L --> SUPPRIMÉ

¤¤¤ Driver : [NON CHARGE] ¤¤¤

¤¤¤ Ruches Externes: ¤¤¤
-> E:\windows\system32\config\SOFTWARE
-> E:\Users\Default\NTUSER.DAT

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1  localhost
127.0.0.1  ad.a8.net
127.0.0.1  asy.a8ww.net
127.0.0.1  www.abx4.com #[Adware.ABXToolbar]
127.0.0.1  acezip.net #[SiteAdvisor.acezip.net]
127.0.0.1  www.acezip.net #[Win32/Adware.180Solutions]
127.0.0.1  phpadsnew.abac.com
127.0.0.1  a.abnad.net
127.0.0.1  b.abnad.net
127.0.0.1  c.abnad.net #[eTrust.Tracking.Cookie]
127.0.0.1  d.abnad.net
127.0.0.1  e.abnad.net
127.0.0.1  t.abnad.net
127.0.0.1  banners.absolpublisher.com
127.0.0.1  tracking.absolstats.com
127.0.0.1  adv.abv.bg
127.0.0.1  bimg.abv.bg
127.0.0.1  www2.a-counter.kiev.ua
127.0.0.1  accuserveadsystem.com
127.0.0.1  www.accuserveadsystem.com
[...]


¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: ST325082 0AS SCSI Disk Device +++++
--- User ---
[MBR] 8b5b659faa81e45c42691f1b52e1dc96
[BSP] 7d4755e7c820a24a8f2162a6ed0543bc : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 62 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 129024 | Size: 10240 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21100544 | Size: 228114 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: ST325082 0AS SCSI Disk Device +++++
--- User ---
[MBR] 8b544338f1bf2dff3a86cd7ca132f08e
[BSP] 7f3ac6471476c378e4328afefba6931f : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 238416 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Termine : << RKreport[2]_D_03112012_171534.txt >>
RKreport[1]_S_03112012_171509.txt ; RKreport[2]_D_03112012_171534.txt




RKreport[3]_SC_03112012_172101:
RogueKiller V8.2.2 [03/11/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Website: http://www.sur-la-toile.com/RogueKiller/
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Demarrage : Mode sans echec
Utilisateur : Marc [Droits d'admin]
Mode : Raccourcis RAZ -- Date : 03/11/2012 17:21:01

¤¤¤ Processus malicieux : 0 ¤¤¤

¤¤¤ Driver : [NON CHARGE] ¤¤¤

¤¤¤ Ruches Externes: ¤¤¤
-> E:\windows\system32\config\SOFTWARE
-> E:\Users\Default\NTUSER.DAT

¤¤¤ Attributs de fichiers restaures: ¤¤¤
Bureau: Success 14 / Fail 0
Lancement rapide: Success 0 / Fail 0
Programmes: Success 915 / Fail 0
Menu demarrer: Success 1 / Fail 0
Dossier utilisateur: Success 5403 / Fail 0
Mes documents: Success 6 / Fail 6
Mes favoris: Success 0 / Fail 0
Mes images: Success 27 / Fail 0
Ma musique: Success 6 / Fail 0
Mes videos: Success 0 / Fail 0
Disques locaux: Success 4867 / Fail 0
Sauvegarde: [NOT FOUND]

Lecteurs:
[C:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume4 -- 0x3 --> Restored
[E:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[F:] \Device\CdRom0 -- 0x5 --> Skipped
[G:] \Device\CdRom1 -- 0x5 --> Skipped
[H:] \Device\HarddiskVolume5 -- 0x2 --> Restored
[I:] \Device\HarddiskVolume6 -- 0x2 --> Restored
[J:] \Device\HarddiskVolume7 -- 0x2 --> Restored
[K:] \Device\HarddiskVolume8 -- 0x2 --> Restored
[L:] \Device\HarddiskVolume13 -- 0x2 --> Restored

¤¤¤ Infection : ZeroAccess ¤¤¤

Termine : << RKreport[3]_SC_03112012_172101.txt >>
RKreport[1]_S_03112012_171509.txt ; RKreport[2]_D_03112012_171534.txt ; RKreport[3]_SC_03112012_172101.txt




  • 0

#6
jb681131

jb681131

    New Member

  • Member
  • Pip
  • 6 posts
after the OTL fix, I rebooted in safe mode and did the quick scan :

OTL.txt:
OTL logfile created on: 03/11/2012 17:36:21 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Marc\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19328)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
2,00 Gb Total Physical Memory | 1,53 Gb Available Physical Memory | 76,70% Memory free
4,23 Gb Paging File | 3,98 Gb Available in Paging File | 94,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,77 Gb Total Space | 70,71 Gb Free Space | 31,74% Space Free | Partition Type: NTFS
Drive D: | 232,83 Gb Total Space | 50,16 Gb Free Space | 21,54% Space Free | Partition Type: NTFS
Drive E: | 10,00 Gb Total Space | 6,33 Gb Free Space | 63,31% Space Free | Partition Type: NTFS
Drive F: | 625,86 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: PC-DELL | User Name: Marc | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2012/11/02 02:18:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marc\Desktop\OTL.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2010/06/13 22:54:28 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla Client\fzshellext.dll
MOD - [2010/01/21 00:34:10 | 008,793,952 | ---- | M] () -- C:\PROGRA~1\MICROS~3\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 19:18:18 | 004,254,560 | ---- | M] () -- C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter -- (sprtsvc_dellsupportcenter)
SRV - [2012/10/11 08:14:17 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/11 17:29:33 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/08 08:02:24 | 000,521,344 | ---- | M] (RealNetworks, Inc.) [Auto | Stopped] -- C:\Program Files\Online Games Manager\ogmservice.exe -- (ogmservice)
SRV - [2012/01/24 11:25:20 | 000,078,336 | ---- | M] (Dassault Systèmes) [On_Demand | Stopped] -- C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe -- (DraftSight API Service)
SRV - [2012/01/05 16:42:34 | 000,075,624 | ---- | M] (Alcohol Soft Development Team) [Auto | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe -- (AxAutoMntSrv)
SRV - [2011/11/28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/06/17 18:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/06/07 20:22:00 | 003,549,224 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2010/04/21 18:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/04/21 18:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/01/21 16:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/12/23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/11/13 10:28:04 | 000,110,592 | ---- | M] (WDC) [Auto | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/06/16 07:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/04/11 07:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2007/10/06 09:30:12 | 000,069,120 | ---- | M] (BOONTY) [On_Demand | Stopped] -- C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe -- (Boonty Games)
SRV - [2007/08/01 10:24:45 | 000,072,704 | ---- | M] (Creative Labs) [Auto | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2006/10/23 13:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand | Stopped] -- c:\program files\dell support center\pcdsrvc.pkms -- (PCDSRVC{E9D79540-57D5953E-06020101}_0)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | Auto | Stopped] --  -- (adfs)
DRV - [2012/07/21 17:16:57 | 000,477,240 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2011/11/28 18:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 18:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 18:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 18:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 18:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 18:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/02/25 21:16:50 | 000,026,192 | ---- | M] (Atola) [Kernel | On_Demand | Stopped] -- C:\Program Files\A-FF Find and Mount\slicedisk.sys -- (SliceDisk5)
DRV - [2010/11/10 02:49:50 | 004,323,040 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2010/11/10 02:48:12 | 000,283,744 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/07/27 09:12:26 | 000,114,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2010/02/11 08:42:22 | 004,450,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2010/02/11 08:42:22 | 004,450,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/04/11 05:46:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2009/02/13 10:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2009/01/11 18:35:24 | 000,004,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nocashio.sys -- (nocashio)
DRV - [2008/07/10 02:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0102.sys -- (RsFx0102)
DRV - [2007/08/09 17:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/03/15 14:57:30 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/02/08 18:44:43 | 000,083,320 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02)
DRV - [2007/02/06 14:01:48 | 000,016,512 | ---- | M] (Adaptec) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aspi32.sys -- (ASPI32)
DRV - [2006/11/29 23:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw)
DRV - [2006/11/02 08:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/07/10 17:19:58 | 000,027,032 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02)
DRV - [2006/07/05 13:39:29 | 000,059,256 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01)
DRV - [2006/06/14 15:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02)
DRV - [2002/10/09 00:07:00 | 000,017,152 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctpdusb.sys -- (Jukebox3)
DRV - [1999/12/17 00:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\PfModNT.sys -- (PfModNT)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=3070801
IE - HKLM\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL L.L.C.)
IE - HKLM\..\SearchScopes,DefaultScope = {443789B7-F39C-4b5c-9287-DA72D38F4FE6}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={SearchTerms}&invocationType=tb50TB50CL-chromesbox-en-us
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DAFR
IE - HKLM\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?o=20012&gct=&gc=1&q={searchTerms}&crm=1
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKCU\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL L.L.C.)
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={SearchTerms}&invocationType=tb50TB50CL-chromesbox-en-us
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DAFR
IE - HKCU\..\SearchScopes\{9D5BD211-422C-4164-9298-BB4186A30F31}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&mkt=fr-FR&FORM=MIMWA2
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?o=20012&gct=&gc=1&q={searchTerms}&crm=1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: ""
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: multipletab@piro.sakura.ne.jp:0.7.2012020901
FF - prefs.js..extensions.enabledAddons: {582195F5-92E7-40a0-A127-DB71295901D7}:0.6.4.1
FF - prefs.js..extensions.enabledAddons: {04253f76-f258-4b03-7b4a-0bebad2ca3e9}:3.0.6
FF - prefs.js..extensions.enabledAddons: firemath@claas.bontus:0.9
FF - prefs.js..extensions.enabledAddons: tabscope@xuldev.org:1.1.7
FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.15
FF - prefs.js..extensions.enabledAddons: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.5.9
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.11
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8
FF - prefs.js..extensions.enabledItems: {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}:5.74.1.6980
FF - prefs.js..extensions.enabledItems: brief@mozdev.org:1.5.4
FF - prefs.js..extensions.enabledItems: {e1170235-2845-420c-acc3-42261a29dd46}:4.0.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.3
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.7
FF - prefs.js..extensions.enabledItems: {94B08592-E5B4-45ff-A0BE-C1D975458688}:0.4.2
FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.5.6
FF - prefs.js..extensions.enabledItems: firemath@claas.bontus:0.4.0.2
FF - prefs.js..extensions.enabledItems: {582195F5-92E7-40a0-A127-DB71295901D7}:0.6.4.1
FF - prefs.js..extensions.enabledItems: multipletab@piro.sakura.ne.jp:0.6.2011051101
FF - prefs.js..extensions.enabledItems: {1f91cde0-c040-11da-a94d-0800200c9a66}:8
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.91
FF - prefs.js..extensions.enabledItems: tabscope@xuldev.org:1.1.2
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.5.1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}:1.0
FF - prefs.js..extensions.enabledItems: 
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "http://redirecterror.sfr.fr/?q="
 
FF - user.js..keyword.URL: "http://redirecterror.sfr.fr/?q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Media Convert Master\codec\real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Marc\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Marc\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Marc\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Marc\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Marc\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Marc\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/04 21:46:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010/12/16 14:39:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010/12/16 14:39:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/04 21:46:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/11 17:29:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/03 17:28:52 | 000,000,000 | ---D | M]
 
[2009/09/26 09:43:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marc\AppData\Roaming\mozilla\Extensions
[2010/04/18 15:09:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\dxk0levs.default\extensions
[2009/09/26 01:05:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\dxk0levs.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2009/09/26 01:06:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\dxk0levs.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/04/18 15:09:59 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\dxk0levs.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2009/09/26 01:05:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\dxk0levs.default\extensions\personas@christopher.beard
[2009/09/26 01:05:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\dxk0levs.default\extensions\rein@notiz.jp
[2009/09/26 01:05:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\dxk0levs.default\extensions\silvermelxt@pardal.de
[2012/11/02 01:14:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\gdbmiai2.default\extensions
[2011/06/03 09:27:39 | 000,000,000 | ---D | M] (Gmail Manager) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\gdbmiai2.default\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}
[2012/11/02 01:14:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Marc\AppData\Roaming\mozilla\Firefox\Profiles\gdbmiai2.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/06/23 10:18:45 | 000,152,254 | ---- | M] () (No name found) -- C:\Users\Marc\AppData\Roaming\mozilla\firefox\profiles\gdbmiai2.default\extensions\firemath@claas.bontus.xpi
[2012/02/19 10:35:08 | 000,080,121 | ---- | M] () (No name found) -- C:\Users\Marc\AppData\Roaming\mozilla\firefox\profiles\gdbmiai2.default\extensions\multipletab@piro.sakura.ne.jp.xpi
[2012/08/05 09:58:49 | 000,057,698 | ---- | M] () (No name found) -- C:\Users\Marc\AppData\Roaming\mozilla\firefox\profiles\gdbmiai2.default\extensions\tabscope@xuldev.org.xpi
[2012/10/28 23:59:43 | 000,211,935 | ---- | M] () (No name found) -- C:\Users\Marc\AppData\Roaming\mozilla\firefox\profiles\gdbmiai2.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}.xpi
[2012/08/04 16:18:45 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Marc\AppData\Roaming\mozilla\firefox\profiles\gdbmiai2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/10/26 21:08:10 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\Marc\AppData\Roaming\mozilla\firefox\profiles\gdbmiai2.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2010/01/09 01:32:20 | 000,000,699 | ---- | M] () -- C:\Users\Marc\AppData\Roaming\mozilla\firefox\profiles\gdbmiai2.default\searchplugins\aol-search.xml
[2010/04/19 01:38:01 | 000,000,903 | ---- | M] () -- C:\Users\Marc\AppData\Roaming\mozilla\firefox\profiles\gdbmiai2.default\searchplugins\conduit.xml
[2010/06/05 14:33:22 | 000,002,059 | ---- | M] () -- C:\Users\Marc\AppData\Roaming\mozilla\firefox\profiles\gdbmiai2.default\searchplugins\daemon-search.xml
[2012/10/29 07:51:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2007/08/09 22:39:44 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
File not found (No name found) -- C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GDBMIAI2.DEFAULT\EXTENSIONS\{04253F76-F258-4B03-7B4A-0BEBAD2CA3E9}
[2009/09/02 06:28:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/07/11 17:29:34 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/17 20:20:07 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/27 20:50:08 | 000,258,560 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\mozilla firefox\plugins\npEModelPlugin.dll
[2012/05/04 21:46:26 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012/04/05 19:58:33 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2012/04/05 19:58:33 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/05 19:58:33 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2012/04/05 19:58:33 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2012/04/05 19:58:33 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2012/04/05 19:58:33 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - homepage: 
CHR - default_search_provider: google.fr (Enabled)
CHR - default_search_provider: search_url = http://www.google.fr/search?source=ig&hl=fr&rlz=&q={searchTerms}&btnG=Recherche+Google&aq=0&aqi=g10&aql=&oq=via&gs_rfai=
CHR - default_search_provider: suggest_url = 
CHR - homepage: 
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Marc\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Marc\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Marc\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: EModel scriptable Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npEModelPlugin.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: AOL Media Playback Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Marc\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Marc\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: D'Fusion @Home Web Plug-In (3.10.17142) (Enabled) = C:\Program Files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: 3DVIA player (Enabled) = C:\Program Files\Virtools\3D Life Player\npvirtools.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Marc\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Entanglement = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Uno 3 = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\afnkkpmcccdffkncbgbajpdgkkbiandf\1.1_0\
CHR - Extension: Beautiful landscape = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ambfimhigppdidfmelpjmojccbfdoeig\1_0\
CHR - Extension: Zuma Revenge = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blacnhhkkiaaicbfldncneejjondmoch\2.3.1_0\
CHR - Extension: Plugin Video = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgnanpinmaknhhdehdhoaaedgilfhmib\1.3.0_0\
CHR - Extension: Fun Switcher = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddeoimiimmmfddbiggnbipkjomlalanb\0.0.0.3_0\
CHR - Extension: DivX HiQ = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\
CHR - Extension: Air Hockey = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcchbhjknakkndfpdbapmdkhbbgojkno\4.0.0_0\
CHR - Extension: La mar\u00E9e des couleurs = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\hidcjhphimkfnacedjcnajpmlaegnddp\1.11_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: PingPong souffle = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjdkomgefikcdchdpjfgjfpagieofnem\1.3_0\
CHR - Extension: Arcade Evolved = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkdaebmimnhlmgpjoppmdeokffoahpan\5.1.0_0\
CHR - Extension: \u003Cvideo\u003E HTML5 DivX Plus Web Player = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\
CHR - Extension: Sinuous = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\omlmnomieeknagejjojcpdomnbnbchdl\1.0.4_0\
CHR - Extension: RSS Feed Reader = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp\3.3.15_0\
 
O1 HOSTS File: ([2012/11/03 17:28:52 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Objet d'aide à la navigation SFR) - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll (SFR)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EPSON Stylus DX3800 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1187084090\ee\AOLSoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup File not found
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\AOL Desktop 9.6\AOL.EXE (AOL Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Marc\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [NOMAD Detector] C:\Program Files\Creative\NOMAD Jukebox 2\PlayCenter2\CTNMRun.exe (Creative Technology Ltd.)
O4 - HKCU..\Run: [Spotify] C:\Users\Marc\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Marc\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKCU..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe (SFX TEAM)
O4 - Startup: C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data]
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Intranet local)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab (Module de délivrance de certificat MINEFI)
O16 - DPF: {0D9392CD-A784-4FCA-9342-0F75F7D7C8CB} http://www.cltnet.de/login/dplaunch.cab (Corporate Language Training Interface)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Monopoly%20Here%20and%20Now/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUpldfr-fr.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game08.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C39B1B92-D0F5-4047-959A-A110FBC05E64}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Marc\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Marc\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2002/10/04 06:56:06 | 000,487,424 | R--- | M] (Electronic Arts Inc.) - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2002/10/04 05:44:08 | 001,105,920 | R--- | M] () - F:\AutoRunGUI.dll -- [ CDFS ]
O32 - AutoRun File - [2002/10/04 06:59:14 | 000,000,000 | ---D | M] - F:\autorun -- [ CDFS ]
O32 - AutoRun File - [2002/10/04 06:56:06 | 000,000,091 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{27cd3b6f-400f-11dc-ab44-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{27cd3b6f-400f-11dc-ab44-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2002/10/04 06:56:06 | 000,487,424 | R--- | M] (Electronic Arts Inc.)
O33 - MountPoints2\{2d3e0d53-fc25-11de-891e-00038a000015}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs
O33 - MountPoints2\{3bc438a2-54ef-11df-909a-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{3bc438a2-54ef-11df-909a-00038a000015}\Shell\AutoRun\command - "" = "M:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{83d91655-1456-11de-8ea4-00038a000015}\Shell\Auto\command - "" = C:\Windows\explorer.exe -- [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{83d91655-1456-11de-8ea4-00038a000015}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explorer.exe
O33 - MountPoints2\{9aae9ec0-0f7d-11e2-a75b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9aae9ec0-0f7d-11e2-a75b-806e6f6e6963}\Shell\AutoRun\command - "" = N:\aoesetup.exe /autorun
O33 - MountPoints2\{9aae9ec0-0f7d-11e2-a75b-806e6f6e6963}\Shell\directx\command - "" = N:\DirectX\dxsetup.exe
O33 - MountPoints2\{9aae9ec0-0f7d-11e2-a75b-806e6f6e6963}\Shell\dplay\command - "" = N:\DirectX\dplay61a.exe
O33 - MountPoints2\{9aae9ec0-0f7d-11e2-a75b-806e6f6e6963}\Shell\dxdiag\command - "" = N:\goodies\ar40eng.exe
O33 - MountPoints2\{9aae9ec0-0f7d-11e2-a75b-806e6f6e6963}\Shell\dxinfo\command - "" = N:\goodies\DirectX\dxinfo.exe
O33 - MountPoints2\{9aae9ec0-0f7d-11e2-a75b-806e6f6e6963}\Shell\dxtest\command - "" = N:\DirectX\dxdiag.exe
O33 - MountPoints2\{9aae9ec0-0f7d-11e2-a75b-806e6f6e6963}\Shell\dxtool\command - "" = N:\goodies\DirectX\dxtool.exe
O33 - MountPoints2\{9aae9ec0-0f7d-11e2-a75b-806e6f6e6963}\Shell\log\command - "" = N:\goodies\machine\machine.exe -l
O33 - MountPoints2\{9aae9ec0-0f7d-11e2-a75b-806e6f6e6963}\Shell\machine\command - "" = N:\goodies\machine\machine.exe
O33 - MountPoints2\{9aae9ec0-0f7d-11e2-a75b-806e6f6e6963}\Shell\setup\command - "" = N:\aoesetup.exe /autorun
O33 - MountPoints2\{9aae9ec0-0f7d-11e2-a75b-806e6f6e6963}\Shell\zone\command - "" = N:\goodies\mszone\zoneA600.exe
O33 - MountPoints2\{ad8d4f65-d377-11df-a661-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{ad8d4f65-d377-11df-a661-00038a000015}\Shell\AutoRun\command - "" = "Q:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{e4300a69-77be-11dc-b6f7-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{e4300a69-77be-11dc-b6f7-00038a000015}\Shell\AutoRun\command - "" = O:\ReadMe.exe
O33 - MountPoints2\{e4300a77-77be-11dc-b6f7-00038a000015}\Shell\AutoRun\command - "" = L:\ReadMe.exe
O33 - MountPoints2\{e945466d-e562-11de-9a28-00038a000015}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\ReadMe.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012/11/03 17:28:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/11/03 17:27:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Marc\Desktop\OTL.exe
[2012/11/03 17:14:45 | 000,000,000 | ---D | C] -- C:\Users\Marc\Desktop\RK_Quarantine
[2012/11/02 22:55:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
[2012/11/02 22:55:35 | 000,000,000 | ---D | C] -- C:\Program Files\ZHPDiag
[2012/11/02 22:55:35 | 000,000,000 | ---D | C] -- C:\ZHP
[2012/11/02 21:59:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/11/02 21:59:15 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/11/01 11:37:17 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\{D3E8514C-AF41-451F-B5B8-1287271B882F}
[2012/10/29 07:07:01 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Malwarebytes
[2012/10/29 07:06:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/29 07:06:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/29 07:06:52 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/10/29 07:06:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/10/29 00:01:00 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\{9E180D03-CE21-4314-ADCA-D97703FB978A}
[2012/10/27 23:52:28 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\{BDF5A8B1-AC3D-47F3-84E5-09D4E9B13428}
[2012/10/26 22:00:46 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\{7DCE2A75-86F8-4FDE-A413-F07E6801FFF8}
[2012/10/26 21:06:23 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\Macromedia
[2012/10/20 19:31:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/10/06 16:43:24 | 000,000,000 | ---D | C] -- C:\Users\Marc\Documents\Alcohol 52%
[2012/10/05 20:08:37 | 000,000,000 | ---D | C] -- C:\POINSOFT
[2012/05/26 08:46:52 | 002,983,936 | ---- | C] (Evariste) -- C:\Program Files\Regressi.exe
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012/11/03 17:34:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/03 17:28:52 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/11/02 22:55:36 | 000,000,797 | ---- | M] () -- C:\Users\Public\Desktop\MBRCheck.lnk
[2012/11/02 22:55:36 | 000,000,790 | ---- | M] () -- C:\Users\Public\Desktop\ZHPDiag.lnk
[2012/11/02 22:55:36 | 000,000,785 | ---- | M] () -- C:\Users\Public\Desktop\ZHPFix.lnk
[2012/11/02 22:52:48 | 000,835,512 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2012/11/02 22:52:48 | 000,732,498 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/02 22:52:48 | 000,184,138 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2012/11/02 22:52:48 | 000,155,264 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/02 22:30:25 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/02 22:30:25 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/02 22:26:00 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/11/02 22:24:48 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{AAE5C327-9628-4F3A-9B82-9FDF30A1DD34}.job
[2012/11/02 22:23:43 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Marc.job
[2012/11/02 22:22:09 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/02 22:21:40 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\Registry Reviver-Marc-Startup.job
[2012/11/02 22:17:20 | 002,395,192 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/11/02 22:09:35 | 000,001,356 | ---- | M] () -- C:\Users\Marc\AppData\Local\d3d9caps.dat
[2012/11/02 22:06:57 | 000,435,342 | ---- | M] () -- C:\Users\Marc\Documents\cc_20121102_220639.reg
[2012/11/02 21:59:18 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/11/02 20:31:56 | 000,000,011 | R--- | M] () -- C:\Windows\amunres.lsl
[2012/11/02 20:09:00 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/11/02 20:07:01 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/02 02:55:11 | 000,043,520 | ---- | M] () -- C:\Users\Marc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/02 02:55:11 | 000,000,038 | ---- | M] () -- C:\Windows\AviSplitter.INI
[2012/11/02 02:18:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marc\Desktop\OTL.exe
[2012/11/01 19:33:59 | 000,001,074 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2956805866-1808003374-4288406764-1000UA.job
[2012/11/01 19:14:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/01 17:21:02 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2956805866-1808003374-4288406764-1000UA.job
[2012/11/01 11:30:10 | 000,001,588 | ---- | M] () -- C:\Users\Marc\Desktop\XnView.lnk
[2012/11/01 11:30:10 | 000,000,754 | ---- | M] () -- C:\Users\Marc\Application Data\Microsoft\Internet Explorer\Quick Launch\XnView.lnk
[2012/11/01 10:32:58 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2012/10/31 23:11:21 | 000,001,566 | ---- | M] () -- C:\Windows\entpack.ini
[2012/10/31 22:34:00 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_Marc.job
[2012/10/31 21:34:01 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Marc.job
[2012/10/30 10:06:14 | 000,000,940 | ---- | M] () -- C:\Users\Marc\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/10/29 07:06:54 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/28 07:33:10 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2956805866-1808003374-4288406764-1000Core1cd6582e5b13bc7.job
[2012/10/28 03:17:21 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Marc.job
[2012/10/22 21:27:23 | 000,016,092 | ---- | M] () -- C:\Users\Marc\AppData\Roaming\wklnhst.dat
[2012/10/15 09:50:05 | 000,002,613 | ---- | M] () -- C:\Users\Marc\Desktop\Microsoft Word 2010.lnk
[2012/10/11 06:49:36 | 000,002,039 | ---- | M] () -- C:\Users\Marc\Desktop\Google Chrome.lnk
[2012/10/11 06:49:36 | 000,002,001 | ---- | M] () -- C:\Users\Marc\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/10/06 16:59:19 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\Age of Empires II.lnk
[2012/10/06 16:45:43 | 000,000,333 | ---- | M] () -- C:\Users\Marc\Documents\ax_files.xml
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012/11/02 22:55:36 | 000,000,797 | ---- | C] () -- C:\Users\Public\Desktop\MBRCheck.lnk
[2012/11/02 22:55:36 | 000,000,790 | ---- | C] () -- C:\Users\Public\Desktop\ZHPDiag.lnk
[2012/11/02 22:55:36 | 000,000,785 | ---- | C] () -- C:\Users\Public\Desktop\ZHPFix.lnk
[2012/11/02 22:06:45 | 000,435,342 | ---- | C] () -- C:\Users\Marc\Documents\cc_20121102_220639.reg
[2012/11/02 21:59:18 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/11/02 20:31:56 | 000,000,011 | R--- | C] () -- C:\Windows\amunres.lsl
[2012/11/01 11:30:10 | 000,001,588 | ---- | C] () -- C:\Users\Marc\Desktop\XnView.lnk
[2012/10/29 22:32:01 | 000,000,372 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Marc.job
[2012/10/29 22:32:01 | 000,000,366 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Marc.job
[2012/10/29 22:32:00 | 000,000,362 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_Marc.job
[2012/10/29 07:06:54 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/11 06:31:39 | 000,001,002 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/06 16:59:19 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\Age of Empires II.lnk
[2012/10/06 16:25:51 | 000,000,333 | ---- | C] () -- C:\Users\Marc\Documents\ax_files.xml
[2012/07/21 19:11:43 | 000,000,114 | ---- | C] () -- C:\Windows\scummvm.ini
[2012/04/14 19:48:49 | 000,001,018 | ---- | C] () -- C:\Users\Marc\oripa.ini
[2012/01/17 19:18:59 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2011/08/20 22:18:11 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2011/02/19 00:34:57 | 000,000,107 | ---- | C] () -- C:\Windows\IfoEdit.INI
[2011/01/13 07:32:58 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/01/09 12:51:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/12/25 15:10:10 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010/11/10 02:45:32 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2010/11/10 02:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2010/11/10 02:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2010/11/10 02:31:42 | 000,026,286 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/11/06 23:26:36 | 000,000,456 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010/11/04 18:24:20 | 000,036,112 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2010/05/26 17:53:01 | 000,000,008 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\DofusAppId0_1
[2010/05/26 11:30:36 | 000,000,173 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\D2Info0
[2010/05/26 11:30:36 | 000,000,008 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\DofusAppId0_2
[2010/01/20 23:55:59 | 000,000,148 | ---- | C] () -- C:\Users\Marc\.bouml
[2010/01/20 23:55:38 | 000,000,102 | ---- | C] () -- C:\Users\Marc\.boumlrc
[2010/01/01 19:28:45 | 000,000,008 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\DofusAppId3_3
[2009/12/20 16:28:37 | 000,000,008 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\DofusAppId3_2
[2009/12/19 14:27:21 | 000,000,169 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\D2Info3
[2009/12/19 14:27:21 | 000,000,008 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\DofusAppId3_1
[2009/09/27 15:27:27 | 000,000,092 | ---- | C] () -- C:\Users\Marc\mm.cfg
[2009/07/07 16:11:56 | 000,000,187 | ---- | C] () -- C:\Users\Marc\Arabella.properties
[2009/07/07 16:11:56 | 000,000,063 | ---- | C] () -- C:\Users\Marc\Arabella.profiles
[2008/11/25 12:49:48 | 000,000,000 | ---- | C] () -- C:\Users\Marc\jagex_runescape_preferences.dat
[2008/05/28 09:18:24 | 000,024,206 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\UserTile.png
[2008/05/28 08:21:19 | 000,290,832 | ---- | C] () -- C:\ProgramData\Does Flaw The.0c0li1z
[2008/05/28 08:20:39 | 000,344,080 | ---- | C] () -- C:\ProgramData\GlueForkFork.hprq0
[2008/05/28 08:20:38 | 000,200,720 | ---- | C] () -- C:\ProgramData\GlueForkFork.al82mq
[2008/05/27 07:51:26 | 000,435,102 | ---- | C] () -- C:\Users\Marc\AppData\Local\pyjfbbac_nav.dat
[2008/05/27 07:51:26 | 000,003,235 | ---- | C] () -- C:\Users\Marc\AppData\Local\pyjfbbac_navps.dat
[2008/05/27 07:51:24 | 000,012,376 | ---- | C] () -- C:\Users\Marc\AppData\Local\pyjfbbac.dat
[2008/05/02 16:11:45 | 000,000,016 | ---- | C] () -- C:\ProgramData\GlueForkFork.ov2qx
[2008/04/23 21:41:34 | 000,053,264 | ---- | C] () -- C:\ProgramData\GlueForkFork.n7a35m
[2007/08/25 07:57:42 | 000,001,356 | ---- | C] () -- C:\Users\Marc\AppData\Local\d3d9caps.dat
[2007/08/05 08:57:59 | 000,278,528 | ---- | C] () -- C:\Program Files\Common Files\FDEUnInstaller.exe
[2007/08/04 20:43:20 | 000,016,092 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\wklnhst.dat
[2007/08/04 11:42:28 | 000,043,520 | ---- | C] () -- C:\Users\Marc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010/02/20 15:11:19 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\.kde
[2011/07/20 19:11:35 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\3M
[2008/05/10 20:06:15 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\7Wonders
[2011/03/27 19:21:08 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Advanced Chemistry Development
[2009/02/22 11:29:15 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Alawar
[2008/03/24 12:14:44 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\AmuletAdventure
[2009/05/03 15:56:20 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Anabel
[2009/01/13 11:14:47 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Ancient Quest of Saqqarah_boonty
[2009/12/19 14:27:30 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\app
[2012/02/13 18:16:07 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\App Launcher Gadget
[2009/07/07 10:24:55 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Argonyt
[2011/07/29 23:00:02 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Audacity
[2012/11/02 22:04:02 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Azureus
[2012/05/24 11:56:01 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Babylon
[2008/12/17 13:32:37 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\BeachPartyCraze
[2008/11/15 16:57:25 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Big Fish Games
[2007/08/09 21:36:01 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\BitTorrent
[2009/05/14 16:35:17 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Boomzap
[2008/12/13 14:04:24 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\cerasus.media
[2009/09/27 15:21:36 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\com.adobe.ExMan
[2009/09/22 07:27:10 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/08/07 18:31:19 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\cYo
[2009/10/10 20:23:07 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\D-Jix
[2009/10/10 20:28:03 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\D-Jix Media LE
[2012/11/02 22:04:11 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\DAEMON Tools Lite
[2012/01/05 16:58:55 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\DassaultSystemes
[2007/09/11 17:46:01 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Design Science
[2008/04/26 13:17:09 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Dev-Cpp
[2010/01/02 11:41:49 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\digital publishing
[2010/01/09 15:33:21 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Dofus
[2012/08/21 18:34:01 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Dofus 2
[2010/05/26 11:30:36 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010/01/01 19:28:45 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Dofus-3.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010/05/26 17:53:01 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2012/02/05 14:56:33 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\DraftSight
[2012/08/11 21:21:51 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\DragonicaECB
[2012/01/05 16:58:56 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\EDrawings
[2007/12/15 20:07:20 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\EPSON
[2009/10/26 14:04:30 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\EscapeFromParadise2
[2008/12/11 18:10:16 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Farm Mania
[2012/11/02 22:04:02 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\FileZilla
[2008/05/29 09:06:57 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\fretsonfire
[2009/02/10 17:31:18 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Friday's games
[2008/04/16 15:36:07 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\funkitron
[2008/09/21 16:25:58 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\GameHouse
[2009/08/08 20:36:20 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\GameInvest
[2009/07/07 16:45:32 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Gamelab
[2008/02/24 18:15:10 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\GAMEON
[2011/01/13 19:57:10 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Gmail Backup
[2009/05/16 13:10:16 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Gogii Games
[2009/01/11 09:08:56 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\gtk-2.0
[2011/01/16 18:04:10 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\HandBrake
[2009/07/18 17:12:01 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\iWin
[2008/05/11 20:55:38 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Jane s Hotel  Family Hero
[2007/09/01 20:06:50 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\KAMPO Interactive
[2010/02/20 14:59:50 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\KDE
[2009/04/05 11:59:26 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Leadertech
[2010/12/16 14:39:16 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Local
[2010/07/10 18:06:51 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Ludia
[2009/07/06 18:39:04 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\MagicBall4
[2008/11/16 17:08:42 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Meridian93
[2012/11/02 22:04:02 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Notepad++
[2009/10/03 10:56:56 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\OpenOffice.org
[2008/05/31 17:29:05 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Panasonic
[2011/03/05 15:29:27 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\PCDr
[2008/05/28 09:18:23 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\PeerNetworking
[2009/10/25 20:01:24 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\PlayFirst
[2011/03/15 22:43:15 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Playrix Entertainment
[2009/07/09 11:41:56 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Pogo Games
[2009/11/22 16:25:38 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Processing
[2008/01/01 10:01:05 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Radios Media Player
[2010/12/04 15:58:14 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Raptr
[2009/12/19 14:27:30 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2009/12/10 10:14:50 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Right Hemisphere
[2009/07/07 09:52:26 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Saved Games
[2010/01/16 18:42:47 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Scilab
[2009/07/05 14:12:31 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\SecretIslandFraBF
[2008/07/04 14:22:49 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\SpinTop
[2010/03/16 22:41:52 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\SPORE Creature Creator
[2012/11/02 22:21:57 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Spotify
[2010/03/10 11:54:28 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\springlobby
[2010/03/10 01:54:57 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\springsettings
[2008/04/15 21:21:06 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Super-Cow
[2007/08/05 13:32:48 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Template
[2010/01/08 21:20:20 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Uniblue
[2012/01/19 16:18:27 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Unity
[2009/02/09 17:31:59 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\URSE Games
[2009/09/27 10:54:36 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\uTorrent
[2008/12/15 15:59:32 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Valusoft
[2008/12/15 12:06:41 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\ViquaSoft
[2008/03/14 18:57:06 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\VisualShape
[2010/05/01 11:35:09 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Western Digital
[2009/08/08 19:30:26 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Wildfire
[2011/01/13 20:00:19 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Windows Live Writer
[2012/11/01 11:31:45 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\XnView
[2009/07/07 15:18:12 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\YoudaGames
[2009/07/07 16:21:34 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Zylom
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:52B72A7C
@Alternate Data Stream - 76 bytes -> C:\Users\Marc\Documents\Regressi:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marc\Documents\Puzzle Quest:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marc\Documents\My Games:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marc\Documents\Morning meeting:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marc\Documents\Mes Historiques de Conversation:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marc\Documents\Mes fichiers reçus:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marc\Documents\lcc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marc\Documents\AOL:Roxio EMC Stream
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:F83DE022
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:0EC44AEB
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:538DC028
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8CE646EE
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:0F43D95C
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:77248999
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:AFFC859A

< End of report >

  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • GeekU Moderator
  • 63,705 posts
OK now we need to remove the remainder of zero access

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#8
jb681131

jb681131

    New Member

  • Member
  • Pip
  • 6 posts
Here is the combixFix repport

I'd like to know your opinion before booting back to stadard mode again

ComboFix 12-11-03.02 - Marc 03/11/2012  19:23:35.1.2 - x86 MINIMAL
Microsoft® Windows Vista™ Édition Familiale Premium   6.0.6002.2.1252.33.1036.18.2046.1326 [GMT 1:00]
Lancé depuis: c:\users\Marc\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
 * Un nouveau point de restauration a été créé
.
.
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\MessengerSkinner
c:\programdata\Microsoft\Windows\Start Menu\Programs\MessengerSkinner\Conditions générales.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\MessengerSkinner\Confidentialité.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\MessengerSkinner\MessengerSkinner.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\MessengerSkinner\Website.lnk
C:\test.txt
c:\users\Marc\AppData\Local\pyjfbbac.dat
c:\users\Marc\AppData\Local\pyjfbbac_nav.dat
c:\users\Marc\AppData\Local\pyjfbbac_navps.dat
c:\users\Marc\AppData\Roaming\app
c:\users\Marc\AppData\Roaming\app\Jerakine_lang.dat
c:\users\Marc\AppData\Roaming\app\Jerakine_lang_vesrion.dat
c:\users\Marc\AppData\Roaming\Local
c:\users\Marc\AppData\Roaming\Local\Temp\DDM\Settings\.ddr
c:\users\Marc\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Marc\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\Marc\AppData\Roaming\Local\Temp\DDM\Settings\2.ddi
c:\users\Marc\AppData\Roaming\Local\Temp\DDM\Settings\3.ddi
c:\users\Marc\AppData\Roaming\Local\Temp\DDM\Settings\Inception_Trailer_592.divx.ddr
c:\users\Marc\AppData\Roaming\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_en.divx.ddr
c:\users\Marc\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Marc\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
c:\users\Marc\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx
c:\users\Marc\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en.divx
c:\users\Marc\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\TheBlindSide_trailer_592.divx
c:\users\Marc\AppData\Roaming\Local\Temp\DDM\Settings\TheBlindSide_trailer_592.divx.ddr
c:\windows\expert
c:\windows\expert\XSNCR.INI
c:\windows\iun6002.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Pilotes/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BOONTY_GAMES
-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_Boonty Games
.
.
(((((((((((((((((((((((((((((   Fichiers créés du 2012-10-03 au 2012-11-03  ))))))))))))))))))))))))))))))))))))
.
.
2012-11-03 18:34 . 2012-11-03 18:37	--------	d-----w-	c:\users\Marc\AppData\Local\temp
2012-11-03 16:28 . 2012-11-03 16:28	--------	d-----w-	C:\_OTL
2012-11-02 21:55 . 2012-11-02 21:58	--------	d-----w-	C:\ZHP
2012-11-02 21:55 . 2012-11-02 21:55	--------	d-----w-	c:\program files\ZHPDiag
2012-11-02 20:59 . 2012-11-02 20:59	--------	d-----w-	c:\program files\CCleaner
2012-10-29 06:07 . 2012-10-29 06:07	--------	d-----w-	c:\users\Marc\AppData\Roaming\Malwarebytes
2012-10-29 06:06 . 2012-10-29 06:06	--------	d-----w-	c:\programdata\Malwarebytes
2012-10-29 06:06 . 2012-10-29 06:06	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-10-29 06:06 . 2012-09-29 18:54	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-10-29 05:42 . 2012-10-29 05:42	--------	d-----w-	c:\users\Invité\AppData\Roaming\Roxio
2012-10-29 05:40 . 2012-10-29 06:00	--------	d-----w-	c:\users\Invité\AppData\Local\Adobe
2012-10-29 05:40 . 2012-10-29 05:48	--------	d-----w-	c:\users\Invité\AppData\Roaming\Adobe
2012-10-29 05:38 . 2012-10-29 05:38	--------	d-----w-	c:\users\Invité\AppData\Roaming\AOL
2012-10-29 05:38 . 2012-10-29 05:38	--------	d-----w-	c:\users\Invité\AppData\Local\Western Digital
2012-10-29 05:38 . 2012-10-29 05:38	--------	d-----w-	c:\users\Invité\AppData\Roaming\Macromedia
2012-10-29 05:37 . 2012-10-29 05:37	--------	d-----w-	c:\users\Invité\AppData\Roaming\Apple Computer
2012-10-29 05:37 . 2012-10-29 05:37	--------	d-----w-	c:\users\Invité\AppData\Roaming\ATI
2012-10-29 05:37 . 2012-10-29 05:37	--------	d-----w-	c:\users\Invité\AppData\Local\ATI
2012-10-29 05:37 . 2012-10-29 05:37	--------	d-----w-	c:\users\Invité\AppData\Roaming\Real
2012-10-29 05:37 . 2012-10-29 05:37	--------	d-----w-	c:\users\Invité\AppData\Local\AOL
2012-10-29 05:36 . 2012-10-29 05:36	--------	d-----r-	c:\users\Invité\Contacts
2012-10-26 20:06 . 2012-10-26 20:06	--------	d-----w-	c:\users\Marc\AppData\Local\Macromedia
2012-10-10 06:28 . 2012-06-02 00:02	985088	----a-w-	c:\windows\system32\crypt32.dll
2012-10-10 06:28 . 2012-06-02 00:02	98304	----a-w-	c:\windows\system32\cryptnet.dll
2012-10-10 06:28 . 2012-06-02 00:02	133120	----a-w-	c:\windows\system32\cryptsvc.dll
2012-10-10 06:28 . 2012-08-29 11:27	3602816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-10-10 06:28 . 2012-08-29 11:27	3550080	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-10-05 19:08 . 2012-10-05 19:08	--------	d-----w-	C:\POINSOFT
.
.
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 07:14 . 2012-04-01 07:46	696760	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-10-11 07:14 . 2011-07-25 18:31	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-13 13:28 . 2012-10-10 06:28	2048	----a-w-	c:\windows\system32\tzres.dll
2012-08-25 11:50 . 2012-09-22 07:04	916992	----a-w-	c:\windows\system32\wininet.dll
2012-08-25 11:44 . 2012-09-22 07:04	43520	----a-w-	c:\windows\system32\licmgr10.dll
2012-08-25 11:44 . 2012-09-22 07:04	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2012-08-25 11:44 . 2012-09-22 07:04	71680	----a-w-	c:\windows\system32\iesetup.dll
2012-08-25 11:44 . 2012-09-22 07:04	109056	----a-w-	c:\windows\system32\iesysprep.dll
2012-08-25 10:11 . 2012-09-22 07:04	385024	----a-w-	c:\windows\system32\html.iec
2012-08-25 08:31 . 2012-09-22 07:04	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2012-08-25 08:29 . 2012-09-22 07:04	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2012-08-24 15:53 . 2012-10-10 06:28	172544	----a-w-	c:\windows\system32\wintrust.dll
2007-08-05 07:57 . 2007-08-05 07:57	278528	----a-w-	c:\program files\Common Files\FDEUnInstaller.exe
2006-12-13 19:41 . 2012-05-26 07:46	2983936	----a-w-	c:\program files\Regressi.exe
2012-07-11 16:29 . 2011-07-26 21:01	85472	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
2008-09-24 18:07 . 2008-09-24 18:07	122880	----a-w-	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}]
2011-06-10 06:24	165256	----a-w-	c:\program files\SFR\Kit\SFRNavErrorHelper.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01	122512	----a-w-	c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NOMAD Detector"="c:\program files\Creative\NOMAD Jukebox 2\PlayCenter2\CTNMRun.exe" [2002-03-05 18432]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2009-08-16 955392]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
"Facebook Update"="c:\users\Marc\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2012-01-05 75624]
"Spotify"="c:\users\Marc\AppData\Roaming\Spotify\Spotify.exe" [2012-08-20 5576408]
"Spotify Web Helper"="c:\users\Marc\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-20 1193176]
"AOL Fast Start"="c:\program files\AOL Desktop 9.6\AOL.EXE" [2011-01-13 42320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-15 4390912]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
"HostManager"="c:\program files\Common Files\AOL\1187084090\ee\AOLSoftware.exe" [2010-03-08 41800]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-10-03 221184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-11-28 3744552]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2011-05-26 800768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BDARemote.lnk.disabled [2011-1-9 637]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-13 2057536]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-13 9117504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-16 10:45	63712	----a-w-	c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-09-24 18:07	29744	----a-w-	c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-07 15:51	421160	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-05-04 20:46	296056	----a-w-	c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" start
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2956805866-1808003374-4288406764-1000]
"EnableNotificationsRef"=dword:00000018
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2956805866-1808003374-4288406764-1001]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2956805866-1808003374-4288406764-1002]
"EnableNotificationsRef"=dword:00000002
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Contenu du dossier 'Tâches planifiées'
.
2012-11-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 07:14]
.
2012-07-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2956805866-1808003374-4288406764-1000Core1cd5ff63350c585.job
- c:\users\Marc\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-28 06:18]
.
2012-11-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2956805866-1808003374-4288406764-1000UA.job
- c:\users\Marc\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-28 06:18]
.
2012-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 08:42]
.
2012-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 08:42]
.
2012-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2956805866-1808003374-4288406764-1000Core1cd6582e5b13bc7.job
- c:\users\Marc\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-06 07:53]
.
2012-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2956805866-1808003374-4288406764-1000UA.job
- c:\users\Marc\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-06 07:53]
.
2012-10-31 c:\windows\Tasks\ReclaimerUpdateFiles_Marc.job
- c:\users\Marc\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-10-29 18:31]
.
2012-10-31 c:\windows\Tasks\ReclaimerUpdateXML_Marc.job
- c:\users\Marc\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-10-29 18:31]
.
2012-11-02 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Marc.job
- c:\users\Marc\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-10-29 18:31]
.
2012-11-02 c:\windows\Tasks\User_Feed_Synchronization-{AAE5C327-9628-4F3A-9B82-9FDF30A1DD34}.job
- c:\windows\system32\msfeedssync.exe [2012-09-22 08:30]
.
.
------- Examen supplémentaire -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Liens de téléchargement avec Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: DhcpNameServer = 192.168.1.1
DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} - hxxps://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
DPF: {0D9392CD-A784-4FCA-9342-0F75F7D7C8CB} - hxxp://www.cltnet.de/login/dplaunch.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game08.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\gdbmiai2.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=
FF - user.js: protocol-handler.warn-external.dnUpdate - false
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=
.
- - - - ORPHELINS SUPPRIMES - - - -
.
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
MSConfigStartUp-AdobeCS4ServiceManager - c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-Windows Defender - c:\program files\Windows Defender\MSASCui.exe
MSConfigStartUp-ZoneAlarm Client - c:\program files\Zone Labs\ZoneAlarm\zlclient.exe
AddRemove-Insaniquarium_Patch_Installer_1.2 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-03 19:40
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachés ... 
.
Recherche d'éléments en démarrage automatique cachés ... 
.
Recherche de fichiers cachés ... 
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f8,5a,ed,03,d5,8a,26,46,9f,1d,8c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f8,5a,ed,03,d5,8a,26,46,9f,1d,8c,\
.
[HKEY_USERS\S-1-5-21-2956805866-1808003374-4288406764-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:15,bc,aa,d5,79,21,55,04,e5,46,53,c8,2c,7f,8f,72,2c,22,f5,c5,5d,2c,45,
   c9,e4,49,25,50,e6,92,5e,33,31,1b,af,fc,08,cb,e1,b6,54,d7,54,5a,35,eb,c7,79,\
"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12
.
[HKEY_USERS\S-1-5-21-2956805866-1808003374-4288406764-1000\Software\SecuROM\License information*]
"datasecu"=hex:6f,2e,80,a8,e6,1d,46,68,a4,d5,86,d4,25,05,1c,de,18,c5,c4,2f,e6,
   21,2a,44,38,6f,e4,81,13,dc,e1,5d,71,1a,48,c5,96,a6,c8,2d,e9,b9,37,09,88,7a,\
"rkeysecu"=hex:ad,9f,98,f4,f9,ce,0f,be,4a,0e,fe,28,ad,41,8a,4c
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\08\00\05\0a\04%¼"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{30788ed2-80e9-411c-a282-a88562b31b82}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07020054
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{531d5a51-7dcc-443e-b45f-67e8bff2a190}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0a001bfc
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{c39b1b92-d0f5-4047-959a-a110fbc05e64}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c001aa0
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{fdfe9393-4014-4056-b112-3418389f58b7}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c001372
"Dhcpv6State"=dword:00000000
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Heure de fin: 2012-11-03  19:45:42 - La machine a redémarré
ComboFix-quarantined-files.txt  2012-11-03 18:45
.
Avant-CF: 75 627 986 944 octets libres
Après-CF: 75 260 907 520 octets libres
.
- - End Of File - - 84CA63584707D5D93452041D4F315C4E


  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • GeekU Moderator
  • 63,705 posts
Could you now reboot to normal windows please and let me know how the computer is behaving
  • 0

#10
jb681131

jb681131

    New Member

  • Member
  • Pip
  • 6 posts
Thank you ! It's now 15 minutes and the pc didn't block. And internet works fine.

It's the family pc so I don't know if it was there before but there is a nameless empty folder on my desktop that won't delete.

And now what firewall and anti-virus would you recommand if any ?
  • 0

#11
Essexboy

Essexboy

    GeekU Moderator

  • GeekU Moderator
  • 63,705 posts
On windows Vista, if you access the net via router then the windows firewall would be sufficient

As for antivirus, you currently have one of the better free ones at a push I would suggest a change to Microsoft Security Essentials

I think I have located the mysterious desktop file

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2012/11/01 11:30:10 | 000,001,588 | ---- | C] () -- C:\Users\Marc\Desktop\XnView.lnk

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix
  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall
    (Notice the space between the "x" and "/")
    then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • GeekU Moderator
  • 63,705 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisement




Similar Topics: [virus] trojan.winlock ransomware hellomoto [Solved]     x


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured