Eliminer bera share web search

(2 Pages)
1
2
→

Vous ne pouvez pas commencer un sujet
Vous ne pouvez pas répondre à ce sujet

Eliminer bera share web search Noter :

#1 Zorba 1

Junior Member

Groupe : Membres
Messages : 16
Inscrit(e) : 03-juillet 11

Posté 03 juillet 2011 - 06:03

Bonsoir;
A coté de la barre d' adresse principale s'est intallé "bear search web search" qui prend la main sur mes recherches. J'ai lancé une recherche dans programmes pour localiser cet intrus.
Je n'ai rien trouvé.Les seules traces trouvées sont dans la base de registre. Comment faire pour elimer l'intrus Merçi

Retour en haut of the page up there ^

#2 jeanmimigab

Extrem Member

Groupe : Equipe Sécurité
Messages : 765
Inscrit(e) : 21-janvier 10

Posté 03 juillet 2011 - 07:07

Bonsoir et bienvenu sur Zébulon,

Fais cela stp...

* Télécharge >> OTL <<sur ton bureau.

* Fait un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "rapport minimal " soit cochée.

* Coches les case situées devant "Tous les utilisateurs", " Recherche LOP" et "Recherche Purity".

* Copier et colle le contenue de cette citation dans la partie inférieure d'OTL "personnalisation"

Citation

%temp%\smtmp\1\*.* /s
%temp%\smtmp\2\*.* /s
%temp%\smtmp\4\*.* /s
nslookup www.google.fr /c
SAVEMBR:0
NetSvcs
%systemroot%\system32\drivers\*.sys /lockedfiles
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
netsvcs
/md5start
dwm.exe
taskhost.exe
taskeng.exe
wscntfy.exe
ctfmon.exe
rdpclip.exe
volsnap.sys
sptd.sys
explorer.exe
userinit.exe
winlogon.exe
wininit.exe
tcpip.sys
Sfloppy.sys
Changer.sys
cdrom.sys
disk.sys
ndis.sys
usbscan.sys
usbprint.sys
tdtcp.sys
tdpipe.sys
swmidi.sys
splitter.sys
rdpwd.sys
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
RASACD.SYS
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles

* Cliques sur l'icône "Analyse" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( réduit dans la barre des taches).
* Copie et colle les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL

@+

Notre ami...

私の友人に勇気

Retour en haut of the page up there ^

#3 Zorba 1

Junior Member

Groupe : Membres
Messages : 16
Inscrit(e) : 03-juillet 11

Posté 05 juillet 2011 - 06:46

Bonjour;
J'ai suivi les instructions et voila la copie des rapports.
Citation
%temp%\smtmp\1\*.* /s
%temp%\smtmp\2\*.* /s
%temp%\smtmp\4\*.* /s
nslookup www.google.fr /c
SAVEMBR:0
NetSvcs
%systemroot%\system32\drivers\*.sys /lockedfiles
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
netsvcs
/md5start
dwm.exe
taskhost.exe
taskeng.exe
wscntfy.exe
ctfmon.exe
rdpclip.exe
volsnap.sys
sptd.sys
explorer.exe
userinit.exe
winlogon.exe
wininit.exe
tcpip.sys
Sfloppy.sys
Changer.sys
cdrom.sys
disk.sys
ndis.sys
usbscan.sys
usbprint.sys
tdtcp.sys
tdpipe.sys
swmidi.sys
splitter.sys
rdpwd.sys
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
RASACD.SYS
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles

Citation
%temp%\smtmp\1\*.* /s
%temp%\smtmp\2\*.* /s
%temp%\smtmp\4\*.* /s
nslookup www.google.fr /c
SAVEMBR:0
NetSvcs
%systemroot%\system32\drivers\*.sys /lockedfiles
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
netsvcs
/md5start
dwm.exe
taskhost.exe
taskeng.exe
wscntfy.exe
ctfmon.exe
rdpclip.exe
volsnap.sys
sptd.sys
explorer.exe
userinit.exe
winlogon.exe
wininit.exe
tcpip.sys
Sfloppy.sys
Changer.sys
cdrom.sys
disk.sys
ndis.sys
usbscan.sys
usbprint.sys
tdtcp.sys
tdpipe.sys
swmidi.sys
splitter.sys
rdpwd.sys
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
RASACD.SYS
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles

Citation
%temp%\smtmp\1\*.* /s
%temp%\smtmp\2\*.* /s
%temp%\smtmp\4\*.* /s
nslookup www.google.fr /c
SAVEMBR:0
NetSvcs
%systemroot%\system32\drivers\*.sys /lockedfiles
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
netsvcs
/md5start
dwm.exe
taskhost.exe
taskeng.exe
wscntfy.exe
ctfmon.exe
rdpclip.exe
volsnap.sys
sptd.sys
explorer.exe
userinit.exe
winlogon.exe
wininit.exe
tcpip.sys
Sfloppy.sys
Changer.sys
cdrom.sys
disk.sys
ndis.sys
usbscan.sys
usbprint.sys
tdtcp.sys
tdpipe.sys
swmidi.sys
splitter.sys
rdpwd.sys
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
RASACD.SYS
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles

Merçi

Retour en haut of the page up there ^

#4 jeanmimigab

Extrem Member

Groupe : Equipe Sécurité
Messages : 765
Inscrit(e) : 21-janvier 10

Posté 07 juillet 2011 - 09:51

hello,

relis bien les instructions car tu ne m'as pas poster les rapports générés par OTL, tu m'as poster 3 fois le contenu de la citation à coller dans "dans la partie inférieure d'OTL "personnalisation". :chpas:

@++

Notre ami...

私の友人に勇気

Retour en haut of the page up there ^

#5 Zorba 1

Junior Member

Groupe : Membres
Messages : 16
Inscrit(e) : 03-juillet 11

Posté 08 juillet 2011 - 10:32

Bonjour;
Merçi pour ta réponse.
J'ai un probleme au lancement de OTL.Quelques précisions:j'ai Windows 7 64 bits et Avast.Le logiciel se lance dans la Sand box et quelques fois au cours de mes tentatives j'ai un message d'erreur qui apparait. Je fait l'analyse hors connection.
"Exception Eole System. Un module OTL.exe at 000571.Classe non enregistrée.Si j'insiste le logiel demarre mais a la fin pour coller les rapports.txt l'option copier n'est pas disponible. (grisée). Merçi de m'eclairer.

Ce message a été modifié par Zorba 1 - 08 juillet 2011 - 10:46 .

Retour en haut of the page up there ^

#6 Zorba 1

Junior Member

Groupe : Membres
Messages : 16
Inscrit(e) : 03-juillet 11

Posté 08 juillet 2011 - 10:40

jeanmimigab, le 07 juillet 2011 - 09:51 , dit :

@++

Retour en haut of the page up there ^

#7 jeanmimigab

Extrem Member

Groupe : Equipe Sécurité
Messages : 765
Inscrit(e) : 21-janvier 10

Posté 08 juillet 2011 - 11:27

hello,

Désactive Avast à chaque utilisations d'outils, il ne faut lancer aucuns outils en "SandBox"

Notre ami...

私の友人に勇気

Retour en haut of the page up there ^

#8 Zorba 1

Junior Member

Groupe : Membres
Messages : 16
Inscrit(e) : 03-juillet 11

Posté 10 juillet 2011 - 05:41

Bonjour; Voila les rapports:
OTL logfile created on: 10/07/2011 06:49:39 - Run 1
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Users\Paul\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,99 Gb Total Physical Memory | 2,58 Gb Available Physical Memory | 64,73% Memory free
7,98 Gb Paging File | 6,45 Gb Available in Paging File | 80,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 578,94 Gb Total Space | 427,83 Gb Free Space | 73,90% Space Free | Partition Type: NTFS
Drive D: | 596,17 Gb Total Space | 518,96 Gb Free Space | 87,05% Space Free | Partition Type: NTFS
Drive E: | 16,94 Gb Total Space | 2,74 Gb Free Space | 16,15% Space Free | Partition Type: NTFS
Drive F: | 99,34 Mb Total Space | 92,74 Mb Free Space | 93,36% Space Free | Partition Type: FAT32

Computer Name: PAUL-PC | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Users\Paul\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
PRC - C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
PRC - C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files (x86)\Nero\Nero BackItUp 4\IoctlSvc.exe (Prolific Technology Inc.)
PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)

========== Modules (SafeList) ==========

MOD - C:\Users\Paul\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Firewall) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe (AVAST Software)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (vcsFPService) -- C:\Windows\SysNative\vcsFPService.exe (Validity Sensors, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (UDisk Monitor) -- C:\Program Files\MOOV 3G+\bin\MonServiceUDisk.exe ()
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (vcsFPService) -- C:\Windows\SysWOW64\vcsFPService.exe (Validity Sensors, Inc.)
SRV - (DpHost) -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (PLFlash DeviceIoControl Service) -- C:\Program Files (x86)\Nero\Nero BackItUp 4\IoctlSvc.exe (Prolific Technology Inc.)
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)

========== Driver Services (SafeList) ==========

DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (NETw5s64) Pilote de carte Intel® -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (aswNdis) -- C:\Windows\SysNative\drivers\aswNdis.sys (ALWIL Software)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (enecir) -- C:\Windows\SysNative\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) Intel® -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (zteusbser) -- C:\Windows\SysNative\drivers\zteusbser.sys (ZTE Corporation)
DRV:64bit: - (umpusbvista) -- C:\Windows\SysNative\drivers\umpusbvista.sys (Texas Instruments Inc)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (CyberLink Corp.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HP | MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = Le Complément de recherche d'Internet Explorer 6 n'est plus pris en charge.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3619440750-2551092191-1784321679-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-3619440750-2551092191-1784321679-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3619440750-2551092191-1784321679-1000\..\URLSearchHook: {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3619440750-2551092191-1784321679-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "iMesh Web Search"
FF - prefs.js..browser.search.order.1: "iMesh Web Search"
FF - prefs.js..browser.search.selectedEngine: "BearShare Web Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"
FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.imesh.com/web?src=ffb&systemid=1&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2010/05/11 04:06:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/27 18:03:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/27 18:03:38 | 000,000,000 | ---D | M]

[2011/04/16 08:09:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\mozilla\Extensions
[2010/09/15 22:05:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2011/07/09 09:38:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\mozilla\Firefox\Profiles\gevs52mp.default\extensions
[2011/02/18 14:31:25 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Users\Paul\AppData\Roaming\mozilla\Firefox\Profiles\gevs52mp.default\extensions\tineye@ideeinc.com
[2010/09/14 15:48:25 | 000,002,506 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\gevs52mp.default\searchplugins\BearShareWebSearch.xml
[2010/11/05 10:47:22 | 000,002,272 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\gevs52mp.default\searchplugins\flickr-search-suggestions.xml
[2011/05/28 12:43:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/24 17:03:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/23 10:38:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/16 15:12:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/09 19:05:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/05/18 15:04:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/21 08:22:04 | 001,680,272 | ---- | M] (Caminova, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdjvu.dll
[2011/06/27 18:03:36 | 000,001,516 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-france.xml
[2010/09/14 15:48:25 | 000,002,506 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\BearShareWebSearch.xml
[2011/06/27 18:03:36 | 000,001,822 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2011/06/27 18:03:36 | 000,000,757 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-france.xml
[2011/06/27 18:03:36 | 000,001,426 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-fr.xml
[2011/06/27 18:03:36 | 000,000,956 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2009/06/11 00:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (T4PCBHO Class) - {AB720781-0670-4e46-B82E-376AEF228F25} - C:\Program Files (x86)\Tuto4pc\Tuto4pcBHO.dll (Tuto4PC)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Tuto4pc] File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\S-1-5-21-3619440750-2551092191-1784321679-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-3619440750-2551092191-1784321679-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8:64bit: - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Envoyer à Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Envoyer au périphérique &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll) - File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll) - File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll) - File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1a4354f5-44d1-11e0-a2e8-ea74066c9e26}\Shell - "" = AutoRun
O33 - MountPoints2\{1a4354f5-44d1-11e0-a2e8-ea74066c9e26}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{1a43553f-44d1-11e0-a2e8-ea74066c9e26}\Shell - "" = AutoRun
O33 - MountPoints2\{1a43553f-44d1-11e0-a2e8-ea74066c9e26}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{1f75ca31-68ad-11e0-9939-c3f415ed5c67}\Shell - "" = AutoRun
O33 - MountPoints2\{1f75ca31-68ad-11e0-9939-c3f415ed5c67}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{2315a6b7-329b-11e0-a74a-a541ef095626}\Shell - "" = AutoRun
O33 - MountPoints2\{2315a6b7-329b-11e0-a74a-a541ef095626}\Shell\AutoRun\command - "" = I:\Setup.exe
O33 - MountPoints2\{36e25065-44cd-11e0-a70b-ab79091e1e27}\Shell - "" = AutoRun
O33 - MountPoints2\{36e25065-44cd-11e0-a70b-ab79091e1e27}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{36e250bc-44cd-11e0-a70b-ab79091e1e27}\Shell - "" = AutoRun
O33 - MountPoints2\{36e250bc-44cd-11e0-a70b-ab79091e1e27}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{3a95681d-4df8-11e0-8892-f67cec26442c}\Shell - "" = AutoRun
O33 - MountPoints2\{3a95681d-4df8-11e0-8892-f67cec26442c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{3a95687a-4df8-11e0-8892-f67cec26442c}\Shell - "" = AutoRun
O33 - MountPoints2\{3a95687a-4df8-11e0-8892-f67cec26442c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{445341ec-44e6-11e0-9bee-9e4e5ee88325}\Shell - "" = AutoRun
O33 - MountPoints2\{445341ec-44e6-11e0-9bee-9e4e5ee88325}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{44534225-44e6-11e0-9bee-9e4e5ee88325}\Shell - "" = AutoRun
O33 - MountPoints2\{44534225-44e6-11e0-9bee-9e4e5ee88325}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{48394d9b-4629-11e0-be78-d09f50c5b57c}\Shell - "" = AutoRun
O33 - MountPoints2\{48394d9b-4629-11e0-be78-d09f50c5b57c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{48394dbf-4629-11e0-be78-d09f50c5b57c}\Shell - "" = AutoRun
O33 - MountPoints2\{48394dbf-4629-11e0-be78-d09f50c5b57c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{48394f81-4629-11e0-be78-d09f50c5b57c}\Shell - "" = AutoRun
O33 - MountPoints2\{48394f81-4629-11e0-be78-d09f50c5b57c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{48394fa4-4629-11e0-be78-d09f50c5b57c}\Shell - "" = AutoRun
O33 - MountPoints2\{48394fa4-4629-11e0-be78-d09f50c5b57c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{48395045-4629-11e0-be78-d09f50c5b57c}\Shell - "" = AutoRun
O33 - MountPoints2\{48395045-4629-11e0-be78-d09f50c5b57c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{48395065-4629-11e0-be78-d09f50c5b57c}\Shell - "" = AutoRun
O33 - MountPoints2\{48395065-4629-11e0-be78-d09f50c5b57c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{609e810a-44d3-11e0-9adc-cbfee5fc1c08}\Shell - "" = AutoRun
O33 - MountPoints2\{609e810a-44d3-11e0-9adc-cbfee5fc1c08}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{609e8145-44d3-11e0-9adc-cbfee5fc1c08}\Shell - "" = AutoRun
O33 - MountPoints2\{609e8145-44d3-11e0-9adc-cbfee5fc1c08}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{705457bc-4e44-11e0-a5ee-94b564520324}\Shell - "" = AutoRun
O33 - MountPoints2\{705457bc-4e44-11e0-a5ee-94b564520324}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{a57f1ecb-4587-11e0-bba2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a57f1ecb-4587-11e0-bba2-806e6f6e6963}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{a57f214a-4587-11e0-bba2-baf7bd883e25}\Shell - "" = AutoRun
O33 - MountPoints2\{a57f214a-4587-11e0-bba2-baf7bd883e25}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{b5927f2b-44d2-11e0-a52b-d06e6d1e9926}\Shell - "" = AutoRun
O33 - MountPoints2\{b5927f2b-44d2-11e0-a52b-d06e6d1e9926}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{b5927f45-44d2-11e0-a52b-d06e6d1e9926}\Shell - "" = AutoRun
O33 - MountPoints2\{b5927f45-44d2-11e0-a52b-d06e6d1e9926}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{cc93fcc0-44eb-11e0-9372-b4496b98bb25}\Shell - "" = AutoRun
O33 - MountPoints2\{cc93fcc0-44eb-11e0-9372-b4496b98bb25}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{cc93fcfa-44eb-11e0-9372-b4496b98bb25}\Shell - "" = AutoRun
O33 - MountPoints2\{cc93fcfa-44eb-11e0-9372-b4496b98bb25}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{e479a994-4651-11e0-8d0e-ae25e291f525}\Shell - "" = AutoRun
O33 - MountPoints2\{e479a994-4651-11e0-8d0e-ae25e291f525}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{e479a9aa-4651-11e0-8d0e-ae25e291f525}\Shell - "" = AutoRun
O33 - MountPoints2\{e479a9aa-4651-11e0-8d0e-ae25e291f525}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe - (Broadcom Corporation.)
MsConfig:64bit - StartUpFolder: C:^Users^Paul^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 - Capture d'écran et lancement.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig:64bit - StartUpFolder: C:^Users^Paul^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig:64bit - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig:64bit - StartUpReg: NBKeyScan - hkey= - key= - C:\Program Files (x86)\Nero\Nero BackItUp 4\NBKeyScan.exe (Nero AG)
MsConfig:64bit - StartUpReg: WirelessAssistant - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard)
MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Dossiers Web
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.dvacm - C:\Program Files (x86)\Common Files\Ulead Systems\VIO\DVACM.acm (Corel TW Corp.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.MPEGacm - C:\Program Files (x86)\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.ulmp3acm - C:\Program Files (x86)\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)

========== Files/Folders - Created Within 30 Days ==========

[2011/07/10 06:15:05 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\showthread.php 22_fichiers
[2011/07/09 11:49:17 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\demander-la-cloture-d-un-compte-bancaire_72725_fichiers
[2011/07/09 11:29:16 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\vos-droits-vis-a-vis-des-hoteliers_160877_fichiers
[2011/07/09 10:26:05 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Pics
[2011/07/09 07:07:22 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Jigs
[2011/07/09 07:05:24 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\BOOKS 1
[2011/07/08 12:53:18 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\comment-installer-une-plaque-de-cuisson-encastrable---1300718747_fichiers
[2011/07/07 18:18:51 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Rocking Chair University Week – Day 1 _ Woodworker's Guide_fichiers
[2011/07/07 18:16:07 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\A Simple Plunge Router Mortising Jig _ Woodworker's Guide_fichiers
[2011/07/07 08:00:59 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\lyman_fichiers
[2011/07/06 15:45:50 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\a4083bc4-cdb5-436b-a64b-fb5bdb98a910_fichiers
[2011/07/06 09:01:46 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\actualiteNationale.php_fichiers
[2011/07/05 17:21:06 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\print.asp router_fichiers
[2011/07/05 17:19:20 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\article-30676114_fichiers
[2011/07/05 12:29:11 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\moteur-de-recherche-t185982_fichiers
[2011/07/04 11:59:33 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\eliminer-bera-share-web-search-t186379_fichiers
[2011/07/04 10:02:12 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Docs Camping, Eclairage,Orientation,Optique
[2011/07/04 09:56:12 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Doc Fixations ,Visserie,Mecanique,
[2011/07/04 09:54:16 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Docs Transports,
[2011/07/04 09:51:27 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Docs Madagascar
[2011/07/03 20:29:18 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\la-restauration-systeme-dans-windows-7-409_fichiers
[2011/07/03 18:49:53 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Forum Seven-Windows 7 communauté française Entraide, dépannage, actualité_fichiers
[2011/07/03 14:57:54 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\showthread.php_fichiers
[2011/07/03 14:55:26 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\questi-ns-pour-table-a-effet-ventury-t12297-10_fichiers
[2011/07/03 14:54:00 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\questi-111-ns-pour-table-quot-effet-ventury-quot-t12297_fichiers
[2011/07/02 12:41:07 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\zhpdiag_fichiers
[2011/06/30 19:29:02 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\edit_fichiers
[2011/06/30 18:18:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tuto4PC
[2011/06/30 18:16:26 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Tuto4pc
[2011/06/30 18:16:26 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\Tuto4pc
[2011/06/30 18:16:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tuto4pc
[2011/06/30 16:32:09 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\domaines-registrars-dans-monde-des-malwares-t15436_fichiers
[2011/06/29 21:12:57 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\oregon-450_fichiers
[2011/06/29 20:43:14 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Makay Nature n°2 _ Makay Nature_fichiers
[2011/06/29 20:41:47 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Makay Nature n°1 _ Makay Nature_fichiers
[2011/06/29 16:54:07 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2011/06/29 16:54:07 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2011/06/29 16:54:01 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2011/06/29 16:54:01 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2011/06/29 16:54:01 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2011/06/29 16:54:01 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2011/06/29 16:54:01 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2011/06/29 16:54:00 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2011/06/29 16:54:00 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2011/06/29 16:54:00 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2011/06/29 16:54:00 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2011/06/29 16:54:00 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2011/06/29 16:54:00 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssphtb.dll
[2011/06/29 16:54:00 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2011/06/29 16:54:00 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2011/06/29 16:53:59 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2011/06/29 13:33:23 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Massif+du+Makay_fichiers
[2011/06/29 13:31:29 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\tananarive_manambato_fichiers
[2011/06/29 13:14:29 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\trajet_fichiers
[2011/06/29 13:10:50 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\stations_fichiers
[2011/06/28 17:38:02 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\index.php_fichiers
[2011/06/28 11:58:59 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\welcome_fichiers
[2011/06/27 20:11:56 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\12-hk500-en-laiton-poli_fichiers
[2011/06/27 18:22:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Souris Microsoft
[2011/06/27 18:22:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2011/06/27 18:15:10 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\messages-2_fichiers
[2011/06/27 18:12:55 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\messages-1_fichiers
[2011/06/27 13:18:25 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\choix-disjoncteur-installation-electrique-tableau-precable_fichiers
[2011/06/27 12:59:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2011/06/25 17:15:51 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Dossier
[2011/06/25 11:59:28 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\nouvelles-technologies-informatique-multimedia-realiser-une-lettre-type-avec-openoffice,6195_fichiers
[2011/06/25 11:58:14 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\spip.php_fichiers
[2011/06/23 18:57:34 | 000,000,000 | ---D | C] -- C:\ProgramData\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60}
[2011/06/23 13:00:19 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\callcreditcard3D_fichiers
[2011/06/23 07:21:06 | 000,000,000 | ---D | C] -- C:\ProgramData\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
[2011/06/21 13:20:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2011/06/19 06:28:39 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\5ch3_seq1_act2_fichiers
[2011/06/18 19:17:15 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/06/18 19:17:15 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/06/18 19:17:14 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/06/18 19:17:14 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/06/18 19:16:28 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/06/13 15:03:36 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\la-carte-mere_fichiers
[2011/06/13 09:28:03 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Logiciels
[2011/06/13 08:19:47 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Fims vus Marc
[2011/06/12 20:54:31 | 000,000,000 | ---D | C] -- C:\Users\Paul\Documents\LDW
[2011/06/12 20:53:42 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\WildTangent
[2011/06/12 17:09:45 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\cyclone_fichiers
[2011/06/11 09:14:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\sun
[2011/06/11 09:09:26 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
[2011/06/11 07:47:41 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Films 4
[2011/06/10 17:18:55 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\viewtopic.php_fichiers
[2011/06/10 17:05:32 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\bv.aspx_fichiers
[2011/06/10 16:49:59 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\imgres_fichiers
[2 C:\Users\Paul\AppData\Local\*.tmp files -> C:\Users\Paul\AppData\Local\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/10 06:50:25 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011/07/10 06:29:05 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/10 06:15:06 | 000,089,080 | ---- | M] () -- C:\Users\Paul\Desktop\showthread.php 22.htm
[2011/07/10 05:58:49 | 000,057,273 | ---- | M] () -- C:\Users\Paul\Desktop\demander-la-cloture-d-un-compte-bancaire_72725.html
[2011/07/10 05:52:11 | 002,114,056 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/07/10 05:52:11 | 001,530,784 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/07/10 05:52:11 | 000,416,924 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/07/10 05:52:11 | 000,377,956 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2011/07/10 05:52:11 | 000,050,046 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2011/07/10 05:48:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/09 20:44:17 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/09 20:44:17 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/09 20:37:02 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/09 20:36:19 | 3214,045,184 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/09 11:29:18 | 000,132,384 | ---- | M] () -- C:\Users\Paul\Desktop\vos-droits-vis-a-vis-des-hoteliers_160877.html
[2011/07/08 16:40:59 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/07/08 12:53:20 | 000,133,638 | ---- | M] () -- C:\Users\Paul\Desktop\comment-installer-une-plaque-de-cuisson-encastrable---1300718747.htm
[2011/07/08 07:21:04 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForPaul.job
[2011/07/07 19:09:56 | 000,491,366 | ---- | M] () -- C:\Users\Paul\Desktop\manuel-installation-biodigesteur.pdf
[2011/07/07 18:18:59 | 000,161,882 | ---- | M] () -- C:\Users\Paul\Desktop\Rocking Chair University Week – Day 1 _ Woodworker's Guide.htm
[2011/07/07 18:16:08 | 000,154,058 | ---- | M] () -- C:\Users\Paul\Desktop\A Simple Plunge Router Mortising Jig _ Woodworker's Guide.htm
[2011/07/07 08:40:39 | 000,550,990 | ---- | M] () -- C:\Users\Paul\Desktop\pdf la lettre.pdf
[2011/07/07 08:01:00 | 000,006,533 | ---- | M] () -- C:\Users\Paul\Desktop\lyman.html
[2011/07/06 15:45:51 | 000,097,715 | ---- | M] () -- C:\Users\Paul\Desktop\a4083bc4-cdb5-436b-a64b-fb5bdb98a910.htm
[2011/07/06 09:01:48 | 000,037,181 | ---- | M] () -- C:\Users\Paul\Desktop\actualiteNationale.php.htm
[2011/07/05 17:21:06 | 000,016,367 | ---- | M] () -- C:\Users\Paul\Desktop\print.asp router.htm
[2011/07/05 17:19:21 | 000,051,406 | ---- | M] () -- C:\Users\Paul\Desktop\article-30676114.html
[2011/07/05 12:29:13 | 000,141,423 | ---- | M] () -- C:\Users\Paul\Desktop\moteur-de-recherche-t185982.html
[2011/07/04 18:48:35 | 000,001,046 | ---- | M] () -- C:\Users\Paul\Desktop\OTL - Raccourci.lnk
[2011/07/04 17:12:52 | 000,125,233 | ---- | M] () -- C:\Users\Paul\Desktop\eliminer-bera-share-web-search-t186379.html
[2011/07/04 14:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/07/04 14:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/07/04 14:43:42 | 000,253,888 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/07/04 14:37:39 | 000,129,368 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[2011/07/04 14:36:56 | 000,600,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/07/04 14:36:54 | 000,288,088 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/07/04 14:36:24 | 000,257,368 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2011/07/04 14:35:28 | 000,045,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/07/04 14:32:35 | 000,031,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/07/04 14:32:24 | 000,064,856 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/07/04 14:32:14 | 000,022,360 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/07/03 20:29:18 | 000,073,885 | ---- | M] () -- C:\Users\Paul\Desktop\la-restauration-systeme-dans-windows-7-409.htm
[2011/07/03 18:49:53 | 000,085,796 | ---- | M] () -- C:\Users\Paul\Desktop\Forum Seven-Windows 7 communauté française Entraide, dépannage, actualité.htm
[2011/07/03 14:57:54 | 000,120,396 | ---- | M] () -- C:\Users\Paul\Desktop\showthread.php.htm
[2011/07/03 14:55:27 | 000,148,276 | ---- | M] () -- C:\Users\Paul\Desktop\questi-ns-pour-table-a-effet-ventury-t12297-10.html
[2011/07/03 14:54:02 | 000,147,715 | ---- | M] () -- C:\Users\Paul\Desktop\questi-111-ns-pour-table-quot-effet-ventury-quot-t12297.html
[2011/07/02 21:02:20 | 000,393,179 | ---- | M] () -- C:\Users\Paul\Desktop\bpt6k121915z.r='la+certenue'.langFR
[2011/07/02 18:03:53 | 001,350,812 | ---- | M] () -- C:\Users\Paul\Desktop\multi_page.pdf
[2011/07/02 12:41:09 | 000,105,350 | ---- | M] () -- C:\Users\Paul\Desktop\zhpdiag.html
[2011/07/01 12:34:09 | 000,650,719 | ---- | M] () -- C:\Users\Paul\Desktop\v03180_TRA.pdf
[2011/06/30 19:30:13 | 001,519,156 | ---- | M] () -- C:\Users\Paul\Desktop\34651.pdf
[2011/06/30 19:29:04 | 000,672,993 | ---- | M] () -- C:\Users\Paul\Desktop\edit.htm
[2011/06/30 16:32:09 | 000,035,711 | ---- | M] () -- C:\Users\Paul\Desktop\domaines-registrars-dans-monde-des-malwares-t15436.html
[2011/06/29 21:12:57 | 000,044,010 | ---- | M] () -- C:\Users\Paul\Desktop\oregon-450.html
[2011/06/29 20:43:15 | 000,022,745 | ---- | M] () -- C:\Users\Paul\Desktop\Makay Nature n°2 _ Makay Nature.htm
[2011/06/29 20:41:56 | 000,021,704 | ---- | M] () -- C:\Users\Paul\Desktop\Makay Nature n°1 _ Makay Nature.htm
[2011/06/29 17:37:07 | 000,400,696 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/06/29 13:33:32 | 000,046,840 | ---- | M] () -- C:\Users\Paul\Desktop\Massif+du+Makay.html
[2011/06/29 13:31:31 | 000,039,961 | ---- | M] () -- C:\Users\Paul\Desktop\tananarive_manambato.htm
[2011/06/29 13:14:43 | 000,013,966 | ---- | M] () -- C:\Users\Paul\Desktop\trajet.htm
[2011/06/29 13:11:06 | 000,064,266 | ---- | M] () -- C:\Users\Paul\Desktop\stations.htm
[2011/06/28 17:38:02 | 000,107,769 | ---- | M] () -- C:\Users\Paul\Desktop\index.php.htm
[2011/06/28 15:54:37 | 000,549,814 | ---- | M] () -- C:\Users\Paul\Desktop\open office writer - bien rdiger ses courriers.pdf
[2011/06/28 11:59:00 | 000,177,542 | ---- | M] () -- C:\Users\Paul\Desktop\welcome.htm
[2011/06/27 20:11:57 | 000,039,669 | ---- | M] () -- C:\Users\Paul\Desktop\12-hk500-en-laiton-poli.html
[2011/06/27 18:15:13 | 000,154,208 | ---- | M] () -- C:\Users\Paul\Desktop\messages-2.html
[2011/06/27 18:12:58 | 000,118,477 | ---- | M] () -- C:\Users\Paul\Desktop\messages-1.html
[2011/06/27 13:18:26 | 000,055,583 | ---- | M] () -- C:\Users\Paul\Desktop\choix-disjoncteur-installation-electrique-tableau-precable.htm
[2011/06/25 11:59:29 | 000,057,076 | ---- | M] () -- C:\Users\Paul\Desktop\nouvelles-technologies-informatique-multimedia-realiser-une-lettre-type-avec-openoffice,6195.htm
[2011/06/25 11:58:14 | 000,036,272 | ---- | M] () -- C:\Users\Paul\Desktop\spip.php.htm
[2011/06/25 11:56:13 | 001,314,582 | ---- | M] () -- C:\Users\Paul\Desktop\Guide_Writer.pdf
[2011/06/23 19:07:33 | 000,273,044 | ---- | M] () -- C:\Users\Paul\Documents\numerisation_raboteuse.pdf
[2011/06/23 18:58:59 | 000,002,141 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2011/06/23 18:51:22 | 000,262,253 | ---- | M] () -- C:\Users\Paul\Documents\Jeannot29_Presse_A_Panneaux.pdf
[2011/06/23 18:12:44 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/06/23 13:00:20 | 000,007,566 | ---- | M] () -- C:\Users\Paul\Desktop\callcreditcard3D.htm
[2011/06/19 06:28:40 | 000,010,203 | ---- | M] () -- C:\Users\Paul\Desktop\5ch3_seq1_act2.htm
[2011/06/13 15:03:37 | 000,013,691 | ---- | M] () -- C:\Users\Paul\Desktop\la-carte-mere.htm
[2011/06/12 17:09:47 | 000,011,348 | ---- | M] () -- C:\Users\Paul\Desktop\cyclone.html
[2011/06/11 23:31:47 | 000,000,201 | ---- | M] () -- C:\Users\Paul\Desktop\#q=bois+de+rose+filetypepdf&hl=fr&safe=off&prmd=ivns&ei=RRLxTY2WLs2q8APz74SUBA&start=10&sa=N&bav=on.2,or.r_gc.r_pw.&fp=9a97b.URL
[2011/06/11 09:13:34 | 000,001,201 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2011/06/11 09:09:26 | 000,001,152 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
[2011/06/10 17:18:55 | 000,029,640 | ---- | M] () -- C:\Users\Paul\Desktop\viewtopic.php.htm
[2011/06/10 17:05:32 | 000,006,150 | ---- | M] () -- C:\Users\Paul\Desktop\bv.aspx.htm
[2011/06/10 16:50:07 | 000,009,941 | ---- | M] () -- C:\Users\Paul\Desktop\imgres.htm
[2 C:\Users\Paul\AppData\Local\*.tmp files -> C:\Users\Paul\AppData\Local\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/10 06:50:25 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011/07/10 06:15:05 | 000,089,080 | ---- | C] () -- C:\Users\Paul\Desktop\showthread.php 22.htm
[2011/07/10 05:58:49 | 000,057,273 | ---- | C] () -- C:\Users\Paul\Desktop\demander-la-cloture-d-un-compte-bancaire_72725.html
[2011/07/09 19:32:34 | 736,720,498 | ---- | C] () -- C:\Users\Paul\Desktop\Cash.FRENCH.R5.XviD-GHOST.avi
[2011/07/09 19:31:36 | 733,310,976 | ---- | C] () -- C:\Users\Paul\Desktop\City.Hall.French.DVDRiP.avi
[2011/07/09 11:29:15 | 000,132,384 | ---- | C] () -- C:\Users\Paul\Desktop\vos-droits-vis-a-vis-des-hoteliers_160877.html
[2011/07/08 12:53:18 | 000,133,638 | ---- | C] () -- C:\Users\Paul\Desktop\comment-installer-une-plaque-de-cuisson-encastrable---1300718747.htm
[2011/07/07 19:07:48 | 000,491,366 | ---- | C] () -- C:\Users\Paul\Desktop\manuel-installation-biodigesteur.pdf
[2011/07/07 18:18:51 | 000,161,882 | ---- | C] () -- C:\Users\Paul\Desktop\Rocking Chair University Week – Day 1 _ Woodworker's Guide.htm
[2011/07/07 18:16:07 | 000,154,058 | ---- | C] () -- C:\Users\Paul\Desktop\A Simple Plunge Router Mortising Jig _ Woodworker's Guide.htm
[2011/07/07 08:40:39 | 000,550,990 | ---- | C] () -- C:\Users\Paul\Desktop\pdf la lettre.pdf
[2011/07/07 08:00:59 | 000,006,533 | ---- | C] () -- C:\Users\Paul\Desktop\lyman.html
[2011/07/06 21:07:23 | 892,070,332 | ---- | C] () -- C:\Users\Paul\Desktop\Le secret du chevalier d'Eon.avi
[2011/07/06 21:02:37 | 730,216,448 | ---- | C] () -- C:\Users\Paul\Desktop\Secret.Defense.FRENCH.DVDRip.XviD-ZANBiC.avi
[2011/07/06 21:01:23 | 733,782,016 | ---- | C] () -- C:\Users\Paul\Desktop\Wisegal.STV.2008.FRENCH.DVDRiP.XViD-S60.By.Emulix.[emule-island.com].avi
[2011/07/06 21:00:01 | 733,988,864 | ---- | C] () -- C:\Users\Paul\Desktop\F - The Lost Angel (Action Policier 2004).avi
[2011/07/06 20:57:21 | 655,284,560 | ---- | C] () -- C:\Users\Paul\Desktop\Himalaya, le chemin du ciel.avi
[2011/07/06 15:45:50 | 000,097,715 | ---- | C] () -- C:\Users\Paul\Desktop\a4083bc4-cdb5-436b-a64b-fb5bdb98a910.htm
[2011/07/06 09:01:46 | 000,037,181 | ---- | C] () -- C:\Users\Paul\Desktop\actualiteNationale.php.htm
[2011/07/05 17:21:06 | 000,016,367 | ---- | C] () -- C:\Users\Paul\Desktop\print.asp router.htm
[2011/07/05 17:19:19 | 000,051,406 | ---- | C] () -- C:\Users\Paul\Desktop\article-30676114.html
[2011/07/05 12:29:11 | 000,141,423 | ---- | C] () -- C:\Users\Paul\Desktop\moteur-de-recherche-t185982.html
[2011/07/05 12:11:20 | 734,076,928 | ---- | C] () -- C:\Users\Paul\Desktop\Australia.FRENCH.DVDRiP.XViD.avi
[2011/07/04 18:48:35 | 000,001,046 | ---- | C] () -- C:\Users\Paul\Desktop\OTL - Raccourci.lnk
[2011/07/04 11:59:33 | 000,125,233 | ---- | C] () -- C:\Users\Paul\Desktop\eliminer-bera-share-web-search-t186379.html
[2011/07/03 20:29:18 | 000,073,885 | ---- | C] () -- C:\Users\Paul\Desktop\la-restauration-systeme-dans-windows-7-409.htm
[2011/07/03 18:49:52 | 000,085,796 | ---- | C] () -- C:\Users\Paul\Desktop\Forum Seven-Windows 7 communauté française Entraide, dépannage, actualité.htm
[2011/07/03 14:57:54 | 000,120,396 | ---- | C] () -- C:\Users\Paul\Desktop\showthread.php.htm
[2011/07/03 14:55:26 | 000,148,276 | ---- | C] () -- C:\Users\Paul\Desktop\questi-ns-pour-table-a-effet-ventury-t12297-10.html
[2011/07/03 14:54:00 | 000,147,715 | ---- | C] () -- C:\Users\Paul\Desktop\questi-111-ns-pour-table-quot-effet-ventury-quot-t12297.html
[2011/07/02 21:02:13 | 000,393,179 | ---- | C] () -- C:\Users\Paul\Desktop\bpt6k121915z.r='la+certenue'.langFR
[2011/07/02 18:02:05 | 001,350,812 | ---- | C] () -- C:\Users\Paul\Desktop\multi_page.pdf
[2011/07/02 12:41:07 | 000,105,350 | ---- | C] () -- C:\Users\Paul\Desktop\zhpdiag.html
[2011/07/01 12:33:18 | 000,650,719 | ---- | C] () -- C:\Users\Paul\Desktop\v03180_TRA.pdf
[2011/06/30 19:29:02 | 000,672,993 | ---- | C] () -- C:\Users\Paul\Desktop\edit.htm
[2011/06/30 19:28:32 | 001,519,156 | ---- | C] () -- C:\Users\Paul\Desktop\34651.pdf
[2011/06/30 16:32:09 | 000,035,711 | ---- | C] () -- C:\Users\Paul\Desktop\domaines-registrars-dans-monde-des-malwares-t15436.html
[2011/06/29 21:12:57 | 000,044,010 | ---- | C] () -- C:\Users\Paul\Desktop\oregon-450.html
[2011/06/29 20:43:14 | 000,022,745 | ---- | C] () -- C:\Users\Paul\Desktop\Makay Nature n°2 _ Makay Nature.htm
[2011/06/29 20:41:47 | 000,021,704 | ---- | C] () -- C:\Users\Paul\Desktop\Makay Nature n°1 _ Makay Nature.htm
[2011/06/29 13:33:23 | 000,046,840 | ---- | C] () -- C:\Users\Paul\Desktop\Massif+du+Makay.html
[2011/06/29 13:31:29 | 000,039,961 | ---- | C] () -- C:\Users\Paul\Desktop\tananarive_manambato.htm
[2011/06/29 13:28:13 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForPaul.job
[2011/06/29 13:14:29 | 000,013,966 | ---- | C] () -- C:\Users\Paul\Desktop\trajet.htm
[2011/06/29 13:11:05 | 000,064,266 | ---- | C] () -- C:\Users\Paul\Desktop\stations.htm
[2011/06/28 17:38:01 | 000,107,769 | ---- | C] () -- C:\Users\Paul\Desktop\index.php.htm
[2011/06/28 15:54:06 | 000,549,814 | ---- | C] () -- C:\Users\Paul\Desktop\open office writer - bien rdiger ses courriers.pdf
[2011/06/28 11:58:59 | 000,177,542 | ---- | C] () -- C:\Users\Paul\Desktop\welcome.htm
[2011/06/27 20:11:56 | 000,039,669 | ---- | C] () -- C:\Users\Paul\Desktop\12-hk500-en-laiton-poli.html
[2011/06/27 18:15:10 | 000,154,208 | ---- | C] () -- C:\Users\Paul\Desktop\messages-2.html
[2011/06/27 18:12:55 | 000,118,477 | ---- | C] () -- C:\Users\Paul\Desktop\messages-1.html
[2011/06/27 13:18:25 | 000,055,583 | ---- | C] () -- C:\Users\Paul\Desktop\choix-disjoncteur-installation-electrique-tableau-precable.htm
[2011/06/26 21:11:57 | 720,216,064 | ---- | C] () -- C:\Users\Paul\Desktop\L'Arnaque.avi
[2011/06/26 08:03:11 | 001,016,940 | ---- | C] () -- C:\Users\Paul\Documents\Commande no 24351607.pdf
[2011/06/25 17:24:39 | 000,273,044 | ---- | C] () -- C:\Users\Paul\Documents\numerisation_raboteuse.pdf
[2011/06/25 17:24:39 | 000,262,253 | ---- | C] () -- C:\Users\Paul\Documents\Jeannot29_Presse_A_Panneaux.pdf
[2011/06/25 14:42:48 | 000,013,049 | ---- | C] () -- C:\Users\Paul\Documents\Attestation valeur 3.odt
[2011/06/25 11:59:28 | 000,057,076 | ---- | C] () -- C:\Users\Paul\Desktop\nouvelles-technologies-informatique-multimedia-realiser-une-lettre-type-avec-openoffice,6195.htm
[2011/06/25 11:58:14 | 000,036,272 | ---- | C] () -- C:\Users\Paul\Desktop\spip.php.htm
[2011/06/25 11:56:12 | 001,314,582 | ---- | C] () -- C:\Users\Paul\Desktop\Guide_Writer.pdf
[2011/06/23 18:58:59 | 000,002,141 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2011/06/23 13:00:19 | 000,007,566 | ---- | C] () -- C:\Users\Paul\Desktop\callcreditcard3D.htm
[2011/06/19 06:28:39 | 000,010,203 | ---- | C] () -- C:\Users\Paul\Desktop\5ch3_seq1_act2.htm
[2011/06/13 15:03:36 | 000,013,691 | ---- | C] () -- C:\Users\Paul\Desktop\la-carte-mere.htm
[2011/06/12 17:09:45 | 000,011,348 | ---- | C] () -- C:\Users\Paul\Desktop\cyclone.html
[2011/06/11 23:31:47 | 000,000,201 | ---- | C] () -- C:\Users\Paul\Desktop\#q=bois+de+rose+filetypepdf&hl=fr&safe=off&prmd=ivns&ei=RRLxTY2WLs2q8APz74SUBA&start=10&sa=N&bav=on.2,or.r_gc.r_pw.&fp=9a97b.URL
[2011/06/11 09:13:34 | 000,001,201 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2011/06/11 09:09:26 | 000,001,152 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
[2011/06/11 08:13:39 | 312,237,654 | ---- | C] () -- C:\Users\Paul\Documents\K8_BD.pdf
[2011/06/11 07:56:36 | 000,163,038 | ---- | C] () -- C:\Users\Paul\Documents\DSC09365 (2).JPG
[2011/06/11 07:56:15 | 000,163,038 | ---- | C] () -- C:\Users\Paul\Documents\DSC09365.JPG
[2011/06/11 07:56:05 | 000,191,881 | ---- | C] () -- C:\Users\Paul\Documents\DSC09363.JPG
[2011/06/10 17:18:54 | 000,029,640 | ---- | C] () -- C:\Users\Paul\Desktop\viewtopic.php.htm
[2011/06/10 17:05:32 | 000,006,150 | ---- | C] () -- C:\Users\Paul\Desktop\bv.aspx.htm
[2011/06/10 16:49:59 | 000,009,941 | ---- | C] () -- C:\Users\Paul\Desktop\imgres.htm
[2011/06/08 15:01:02 | 000,003,584 | ---- | C] () -- C:\Users\Paul\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/02 07:28:30 | 000,000,000 | ---- | C] () -- C:\Users\Paul\AppData\Local\{19A7151B-5487-4BA2-A9DE-3AFE66360AF2}
[2011/05/15 17:25:26 | 000,088,064 | ---- | C] () -- C:\Windows\AMUninst01c.exe
[2011/05/14 21:31:26 | 000,000,000 | ---- | C] () -- C:\Users\Paul\AppData\Local\{15096A74-3610-455C-A297-2FCA3671C506}
[2011/05/09 19:18:31 | 000,000,017 | ---- | C] () -- C:\Users\Paul\AppData\Local\resmon.resmoncfg
[2011/04/12 08:58:19 | 000,000,848 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/03/23 01:10:24 | 000,001,854 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\GhostObjGAFix.xml
[2011/01/17 07:47:58 | 000,000,382 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/11/07 08:44:08 | 000,000,571 | ---- | C] () -- C:\Windows\SysWow64\FeMakro.ini
[2010/11/07 08:44:08 | 000,000,497 | ---- | C] () -- C:\Windows\SysWow64\FeAnim.ini
[2010/09/24 08:06:39 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/05/11 03:56:43 | 000,209,040 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2010/05/11 03:56:43 | 000,204,944 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2010/05/11 03:56:43 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2010/05/11 03:56:43 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2010/05/11 03:56:43 | 000,192,656 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2010/05/11 03:56:43 | 000,024,720 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2010/05/11 03:22:24 | 000,000,283 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/05/11 03:22:24 | 000,000,224 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010/01/09 02:31:36 | 000,009,868 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2009/09/29 17:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/14 08:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 05:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 05:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 03:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 02:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 00:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/14 00:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/11 00:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2003/04/01 12:58:02 | 000,005,260 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

========== LOP Check ==========

[2011/03/30 13:06:57 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\com.caffeinatedmind.Sendoid
[2010/09/15 16:54:27 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\DigitalPersona
[2010/09/15 23:00:18 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\eMule
[2011/05/13 13:51:16 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\gtk-2.0
[2010/09/24 17:33:50 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\OpenOffice.org
[2010/10/18 12:58:10 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\OutWit
[2011/05/19 07:57:37 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Scribus
[2011/06/06 18:23:22 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Stellarium
[2011/06/30 18:16:26 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Tuto4pc
[2011/06/12 20:53:42 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\WildTangent
[2011/02/08 19:32:40 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\ZTEEVDO
[2010/09/28 19:11:04 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\_MDLogs
[2011/05/14 07:19:24 | 000,032,482 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %temp%\smtmp\1\*.* /s >

< %temp%\smtmp\2\*.* /s >

< %temp%\smtmp\4\*.* /s >

< nslookup www.google.fr /c >
Serveur : UnKnown
Address: 127.0.0.1

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2011/03/30 13:04:04 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Adobe
[2010/09/19 19:01:05 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Apple Computer
[2011/03/30 13:06:57 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\com.caffeinatedmind.Sendoid
[2011/04/12 08:58:18 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Corel
[2010/09/15 22:23:34 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\CyberLink
[2010/09/15 16:54:27 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\DigitalPersona
[2010/09/15 23:00:18 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\eMule
[2011/05/13 13:51:16 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\gtk-2.0
[2011/02/01 17:38:23 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Hewlett-Packard
[2011/01/19 19:11:38 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\HP Support Assistant
[2010/09/15 18:28:49 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\hpqLog
[2011/01/19 19:11:38 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\HpUpdate
[2010/09/15 16:53:57 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Identities
[2010/09/15 21:15:55 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Macromedia
[2010/09/15 18:24:47 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Macrovision
[2011/05/18 14:57:28 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Malwarebytes
[2010/05/11 12:13:40 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Media Center Programs
[2011/06/08 19:15:14 | 000,000,000 | --SD | M] -- C:\Users\Paul\AppData\Roaming\Microsoft
[2010/09/15 20:35:07 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Mozilla
[2011/02/07 15:36:15 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Nero
[2010/09/24 17:33:50 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\OpenOffice.org
[2010/10/18 12:58:10 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\OutWit
[2011/05/19 07:57:37 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Scribus
[2011/06/06 18:23:22 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Stellarium
[2011/06/30 18:16:26 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Tuto4pc
[2011/06/21 21:22:53 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\vlc
[2011/06/12 20:53:42 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\WildTangent
[2011/02/08 19:32:40 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\ZTEEVDO
[2010/09/28 19:11:04 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\_MDLogs

< %APPDATA%\*.exe /s >
[2011/02/02 12:17:10 | 000,010,134 | R--- | M] () -- C:\Users\Paul\AppData\Roaming\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
[2011/04/21 13:46:12 | 000,769,664 | ---- | M] (Agence-Exclusive) -- C:\Users\Paul\AppData\Roaming\Tuto4pc\Tuto4pc\Software.exe
[2011/04/21 13:46:22 | 000,663,168 | ---- | M] (Tuto4PC) -- C:\Users\Paul\AppData\Roaming\Tuto4pc\Tuto4pc\SoftwareHP.exe
[2011/06/30 18:21:58 | 001,180,627 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\Tuto4pc\Tuto4pc\unins000.exe

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2009/07/14 04:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 04:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 04:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/14 04:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 04:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 04:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 04:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 04:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CDROM.SYS >
[2009/07/14 02:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
[2010/11/20 12:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys
[2010/11/20 12:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010/11/20 12:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 04:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 04:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 04:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 04:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: CTFMON.EXE >
[2009/07/14 04:39:02 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=42B6A94DD747DF2B5F628A2752E62A98 -- C:\Windows\SysNative\ctfmon.exe
[2009/07/14 04:39:02 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=42B6A94DD747DF2B5F628A2752E62A98 -- C:\Windows\winsxs\amd64_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_f9257e7aaa4290ce\ctfmon.exe
[2009/07/14 04:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4A3CDCEF8ED41B221F3DBEF5792FB52D -- C:\Windows\SysWOW64\ctfmon.exe
[2009/07/14 04:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4A3CDCEF8ED41B221F3DBEF5792FB52D -- C:\Windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe

< MD5 for: DISK.SYS >
[2009/07/14 04:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\drivers\disk.sys
[2009/07/14 04:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/14 04:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys

< MD5 for: DWM.EXE >
[2009/07/14 04:39:08 | 000,120,320 | ---- | M] (Microsoft Corporation) MD5=F162D5F5E845B9DC352DD1BAD8CEF1BC -- C:\Windows\SysNative\dwm.exe
[2009/07/14 04:39:08 | 000,120,320 | ---- | M] (Microsoft Corporation) MD5=F162D5F5E845B9DC352DD1BAD8CEF1BC -- C:\Windows\winsxs\amd64_microsoft-windows-d..pwindowmanager-core_31bf3856ad364e35_6.1.7600.16385_none_e99885bbd6e301de\dwm.exe
[2009/07/14 04:39:08 | 000,120,320 | ---- | M] (Microsoft Corporation) MD5=F162D5F5E845B9DC352DD1BAD8CEF1BC -- C:\Windows\winsxs\amd64_microsoft-windows-d..pwindowmanager-core_31bf3856ad364e35_6.1.7601.17514_none_ebc99983d3d18578\dwm.exe

< MD5 for: EVENTLOG.DLL >
[2007/05/17 23:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll

< MD5 for: EXPLORER.EXE >
[2010/01/09 09:07:51 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 09:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 08:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 04:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 08:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 08:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 08:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 09:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 09:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 09:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 15:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/01/09 09:07:51 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2009/08/03 09:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 08:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 08:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 09:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 08:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 16:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 09:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 08:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 04:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 09:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010/01/09 09:07:51 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 09:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 09:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2010/01/09 09:07:51 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: IASTOR.SYS >
[2009/08/08 07:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/08/08 07:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\SwSetup\Drivers\IMSM\Winall\Driver\IaStor.sys
[2009/08/08 07:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/08/08 07:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\SwSetup\Drivers\IMSM\Winall\Driver64\IaStor.sys
[2009/08/08 07:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009/08/08 07:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_4fa22a1c88c09097\iaStor.sys

< MD5 for: IASTORV.SYS >
[2010/11/20 16:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 16:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 09:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 09:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 09:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 09:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 09:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 09:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/14 04:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NDIS.SYS >
[2010/11/20 16:33:45 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\SysNative\drivers\ndis.sys
[2010/11/20 16:33:45 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_05ed313632ae9759\ndis.sys
[2009/07/14 04:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 04:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 16:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/20 16:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 15:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 15:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/14 04:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/14 04:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 09:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 09:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 09:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 09:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 09:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 09:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 16:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 16:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< MD5 for: RASACD.SYS >
[2009/07/14 03:10:09 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=5A0DA8AD5762FA2D91678A8A01311704 -- C:\Windows\SysNative\drivers\rasacd.sys
[2009/07/14 03:10:09 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=5A0DA8AD5762FA2D91678A8A01311704 -- C:\Windows\winsxs\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_6bcef05d7f04260a\rasacd.sys

< MD5 for: RDPCLIP.EXE >
[2010/11/20 16:25:05 | 000,210,944 | ---- | M] (Microsoft Corporation) MD5=25D284EB2F12254C001AFE9A82575A81 -- C:\Windows\winsxs\amd64_microsoft-windows-t..lipboardredirection_31bf3856ad364e35_6.1.7601.17514_none_5ffc161221c1b4f6\rdpclip.exe
[2009/07/14 04:39:28 | 000,209,408 | ---- | M] (Microsoft Corporation) MD5=798F5E39068FD3BC9D999A401FAB5F62 -- C:\Windows\winsxs\amd64_microsoft-windows-t..lipboardredirection_31bf3856ad364e35_6.1.7600.16385_none_5dcb024a24d3315c\rdpclip.exe

< MD5 for: RDPWD.SYS >
[2010/11/20 14:04:37 | 000,210,944 | ---- | M] (Microsoft Corporation) MD5=15B66C206B5CB095BAB980553F38ED23 -- C:\Windows\SysNative\drivers\rdpwd.sys
[2010/11/20 14:04:37 | 000,210,944 | ---- | M] (Microsoft Corporation) MD5=15B66C206B5CB095BAB980553F38ED23 -- C:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.17514_none_a99b8db6eba2129b\rdpwd.sys
[2009/07/14 03:16:48 | 000,204,800 | ---- | M] (Microsoft Corporation) MD5=8A3E6BEA1C53EA6177FE2B6EBA2C80D7 -- C:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.16385_none_a76a79eeeeb38f01\rdpwd.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 04:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 04:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 15:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 15:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 16:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/20 16:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: SFLOPPY.SYS >
[2009/07/14 03:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=A9D601643A1647211A1EE2EC4E433FF4 -- C:\Windows\SysNative\drivers\sfloppy.sys
[2009/07/14 03:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=A9D601643A1647211A1EE2EC4E433FF4 -- C:\Windows\SysNative\DriverStore\FileRepository\flpydisk.inf_amd64_neutral_f54222cc59267e1e\sfloppy.sys
[2009/07/14 03:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=A9D601643A1647211A1EE2EC4E433FF4 -- C:\Windows\winsxs\amd64_flpydisk.inf_31bf3856ad364e35_6.1.7600.16385_none_42ff01d4942cc5ea\sfloppy.sys

< MD5 for: TASKENG.EXE >
[2010/11/02 07:24:43 | 000,192,000 | ---- | M] (Microsoft Corporation) MD5=41C52AF44FB96BDDB1EFB25D2D943BBA -- C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7600.20830_none_e63d55df39278cc6\taskeng.exe
[2010/11/20 15:17:47 | 000,192,000 | ---- | M] (Microsoft Corporation) MD5=4F2659160AFCCA990305816946F69407 -- C:\Windows\SysWOW64\taskeng.exe
[2010/11/20 15:17:47 | 000,192,000 | ---- | M] (Microsoft Corporation) MD5=4F2659160AFCCA990305816946F69407 -- C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7601.17514_none_e7b3b71a1d1c8662\taskeng.exe
[2010/11/02 08:10:47 | 000,464,384 | ---- | M] (Microsoft Corporation) MD5=60CAE1FA4888ED41B41AEE91C774E4A2 -- C:\Windows\winsxs\amd64_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7600.16699_none_419a75c3d88fecc0\taskeng.exe
[2010/11/20 16:25:23 | 000,464,384 | ---- | M] (Microsoft Corporation) MD5=65EA57712340C09B1B0C427B4848AE05 -- C:\Windows\SysNative\taskeng.exe
[2010/11/20 16:25:23 | 000,464,384 | ---- | M] (Microsoft Corporation) MD5=65EA57712340C09B1B0C427B4848AE05 -- C:\Windows\winsxs\amd64_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7601.17514_none_43d2529dd579f798\taskeng.exe
[2010/11/02 08:16:39 | 000,464,384 | ---- | M] (Microsoft Corporation) MD5=84343003E0E6716B3E782FF781B92815 -- C:\Windows\winsxs\amd64_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7600.20830_none_425bf162f184fdfc\taskeng.exe
[2009/07/14 04:39:47 | 000,463,872 | ---- | M] (Microsoft Corporation) MD5=C1BDC97E8C9404245DE87F1EF08D1764 -- C:\Windows\winsxs\amd64_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7600.16385_none_41a13ed5d88b73fe\taskeng.exe
[2009/07/14 04:14:42 | 000,190,464 | ---- | M] (Microsoft Corporation) MD5=DE5DACEBD4C89834EC6D2C41C8643CDA -- C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7600.16385_none_e582a352202e02c8\taskeng.exe
[2010/11/02 07:34:44 | 000,192,000 | ---- | M] (Microsoft Corporation) MD5=F8952E80B7F778DA2F7AA8393CA2D30E -- C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7600.16699_none_e57bda4020327b8a\taskeng.exe

< MD5 for: TASKHOST.EXE >
[2009/07/14 04:39:47 | 000,069,120 | ---- | M] (Microsoft Corporation) MD5=3EEFB971D61EF9638FD21F14C703CA11 -- C:\Windows\winsxs\amd64_microsoft-windows-taskhost_31bf3856ad364e35_6.1.7600.16385_none_84339a007406dfa0\taskhost.exe
[2010/11/20 16:25:23 | 000,069,120 | ---- | M] (Microsoft Corporation) MD5=517110BD83835338C037269E603DB55D -- C:\Windows\SysNative\taskhost.exe
[2010/11/20 16:25:23 | 000,069,120 | ---- | M] (Microsoft Corporation) MD5=517110BD83835338C037269E603DB55D -- C:\Windows\winsxs\amd64_microsoft-windows-taskhost_31bf3856ad364e35_6.1.7601.17514_none_8664adc870f5633a\taskhost.exe

< MD5 for: TCPIP.SYS >
[2011/04/25 08:28:24 | 001,893,248 | ---- | M] (Microsoft Corporation) MD5=1F748D5439B65E0BEBD92F65048F030D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys
[2010/11/20 16:33:57 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2010/06/14 09:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2011/04/25 08:32:22 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=61DC720BB065D607D5823F13D2A64321 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_0f668bf97fd90dd3\tcpip.sys
[2010/06/14 09:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009/07/14 04:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2011/04/25 08:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\SysNative\drivers\tcpip.sys
[2011/04/25 08:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2011/04/25 09:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys

< MD5 for: TDPIPE.SYS >
[2009/07/14 03:16:32 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=3371D21011695B16333A3934340C4E7C -- C:\Windows\SysNative\drivers\tdpipe.sys
[2009/07/14 03:16:32 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=3371D21011695B16333A3934340C4E7C -- C:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.16385_none_37a129135e68497e\tdpipe.sys

< MD5 for: TDTCP.SYS >
[2009/07/14 03:16:32 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=E4245BDA3190A582D55ED09E137401A9 -- C:\Windows\SysNative\drivers\tdtcp.sys
[2009/07/14 03:16:32 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=E4245BDA3190A582D55ED09E137401A9 -- C:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.16385_none_37a129135e68497e\tdtcp.sys

< MD5 for: USBPRINT.SYS >
[2009/07/14 03:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=73188F58FB384E75C4063D29413CEE3D -- C:\Windows\SysNative\drivers\usbprint.sys
[2009/07/14 03:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=73188F58FB384E75C4063D29413CEE3D -- C:\Windows\SysNative\DriverStore\FileRepository\usbprint.inf_amd64_neutral_54948be2bc4bcdd1\usbprint.sys
[2009/07/14 03:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=73188F58FB384E75C4063D29413CEE3D -- C:\Windows\winsxs\amd64_usbprint.inf_31bf3856ad364e35_6.1.7600.16385_none_8eeeb411db1b01c5\usbprint.sys

< MD5 for: USBSCAN.SYS >
[2009/07/14 03:35:32 | 000,041,984 | ---- | M] (Microsoft Corporation) MD5=AAA2513C8AED8B54B189FD0C6B1634C0 -- C:\Windows\SysNative\DriverStore\FileRepository\sti.inf_amd64_neutral_9d9a7113099a28a2\usbscan.sys
[2009/07/14 03:35:32 | 000,041,984 | ---- | M] (Microsoft Corporation) MD5=AAA2513C8AED8B54B189FD0C6B1634C0 -- C:\Windows\winsxs\amd64_sti.inf_31bf3856ad364e35_6.1.7600.16385_none_b5d3c30ffa77a77a\usbscan.sys

< MD5 for: USERINIT.EXE >
[2010/11/20 15:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 15:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 04:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 04:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 16:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 16:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2010/11/20 16:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\drivers\volsnap.sys
[2010/11/20 16:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys
[2010/11/20 16:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys
[2009/07/14 04:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_71aba92815c60174\volsnap.sys

< MD5 for: WININIT.EXE >
[2009/07/14 04:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/14 04:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 04:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 04:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 16:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 16:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 04:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 10:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 09:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< >

< >

< End of report >

OTL Extras logfile created on: 10/07/2011 06:49:39 - Run 1
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Users\Paul\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,99 Gb Total Physical Memory | 2,58 Gb Available Physical Memory | 64,73% Memory free
7,98 Gb Paging File | 6,45 Gb Available in Paging File | 80,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 578,94 Gb Total Space | 427,83 Gb Free Space | 73,90% Space Free | Partition Type: NTFS
Drive D: | 596,17 Gb Total Space | 518,96 Gb Free Space | 87,05% Space Free | Partition Type: NTFS
Drive E: | 16,94 Gb Total Space | 2,74 Gb Free Space | 16,15% Space Free | Partition Type: NTFS
Drive F: | 99,34 Mb Total Space | 92,74 Mb Free Space | 93,36% Space Free | Partition Type: FAT32

Computer Name: PAUL-PC | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-3619440750-2551092191-1784321679-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with Corel Paint Shop Pro Photo X2] -- "C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with Corel Paint Shop Pro Photo X2] -- "C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F86416015FF}" = Java™ 6 Update 15 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3ED4AD02-F631-4A4C-AAC8-2325996E5A56}" = Microsoft IntelliPoint 8.1
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{62A20ECA-920E-4052-BF77-88C78DD20FAA}" = Validity Sensors DDK
"{64A3A4F4-B792-11D6-A78A-00B0D0160150}" = Java™ SE Development Kit 6 Update 15 (64-bit)
"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu
"{8FCDACA0-E090-4A9A-AC71-A96E7371DC6E}" = HP 3D DriveGuard
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-040C-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (French) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{DD3BF908-F6B0-45A5-BED3-79E8888DDA93}" = DigitalPersona Personal 4.10
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"6B8550A319DDC8B17F35F4A89988705E4592349B" = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
"FFE7D41DF3C645075BB149E21988B63996C34187" = ENE CIR Receiver Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ZTEWireless-101_is1" = MOOV 3G+

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{05653DE1-6567-40C6-B930-39D399B64369}" = OpenOffice.org 3.3
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{1e3cc995-65a6-4515-8fa6-15a685cc30f0}" = Nero BackItUp 4 Essentials
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{2075CB0A-D26F-4DAA-B424-5079296B43BA}" = Windows Live FolderShare
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java™ 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2EBA8202-FBD5-4004-81EA-BDC38C054CE2}" = HP User Guides 0153
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3B160861-7250-451E-B5EE-8B92BF30A710}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4634B21A-CC07-4396-890C-2B8168661FEA}" = Windows Live Writer
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{6088FAB2-0239-457C-8B34-CAE6E2E528C4}" = Document Express DjVu Plug-in
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{65883ddf-2152-4cb7-8e13-b99194b13498}" = Nero BackItUp
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75c53f52-398b-4d66-b28a-f9ef170b3b34}" = Nero BackItUp
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{9112040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.5 MUI
"{B131E59D-202C-43C6-84C9-68F0C37541F1}" = Galerie de photos Windows Live
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{E92D47A1-D27D-430A-8368-0BAFD956507D}" = HP Support Assistant
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = VideoStudio
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F7D27C70-90F5-49B9-B188-0A133C0CE353}" = Windows Live Toolbar
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast" = avast! Internet Security
"Celestia_is1" = Celestia 1.6.0
"EasyBits Magic Desktop" = Magic Desktop
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = Corel VideoStudio 12
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"Picasa 3" = Picasa 3
"ST6UNST #1" = Marées dans le Monde
"Stellarium_is1" = Stellarium 0.10.6
"Tuto Archi Facile_is1" = Tuto Archi Facile1.0.0.0
"Tuto Avast_is1" = Tuto Avast1.0.0.0
"Tuto4pc_is1" = Tuto4pc 1.0
"VLC media player" = VLC media player 1.1.7
"WildTangent hp Master Uninstall" = HP Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Installation Windows Live
"YTdetect" = Yahoo! Detect

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 08/07/2011 14:50:57 | Computer Name = Paul-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Les chaînes de performance dans la valeur de Registre Performance
sont endommagées lors du traitement du fournisseur de compteurs d’extension Performance.
La valeur BaseIndex à partir du Registre de performance est le premier DWORD dans
la section Données, la valeur LastCounter est le deuxième DWORD dans la section
Données, et la valeur LastHelp est le troisième DWORD dans la section Données.

Error - 09/07/2011 00:05:51 | Computer Name = Paul-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Les chaînes de performance dans la valeur de Registre Performance
sont endommagées lors du traitement du fournisseur de compteurs d’extension Performance.
La valeur BaseIndex à partir du Registre de performance est le premier DWORD dans
la section Données, la valeur LastCounter est le deuxième DWORD dans la section
Données, et la valeur LastHelp est le troisième DWORD dans la section Données.

Error - 09/07/2011 00:21:10 | Computer Name = Paul-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Les chaînes de performance dans la valeur de Registre Performance
sont endommagées lors du traitement du fournisseur de compteurs d’extension Performance.
La valeur BaseIndex à partir du Registre de performance est le premier DWORD dans
la section Données, la valeur LastCounter est le deuxième DWORD dans la section
Données, et la valeur LastHelp est le troisième DWORD dans la section Données.

Error - 09/07/2011 01:13:03 | Computer Name = Paul-PC | Source = SideBySide | ID = 16842811
Description = La création du contexte d’activation a échoué pour « c:\program files
(x86)\microsoft\search enhancement pack\search helper\searchhelper.dll ». Erreur
dans le fichier de manifeste ou de stratégie « c:\program files (x86)\microsoft\search
enhancement pack\search helper\searchhelper.dll » à la ligne 2. Syntaxe XML non
valide.

Error - 09/07/2011 06:01:15 | Computer Name = Paul-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Échec de l’extraction de la liste racine tierce depuis le fichier
CAB de mise à jour automatique à : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
avec l’erreur : Un certificat requis n’est pas dans sa période de validité selon
la vérification par rapport à l’horloge système en cours ou le tampon daté dans
le fichier signé. .

Error - 09/07/2011 11:13:57 | Computer Name = Paul-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Les chaînes de performance dans la valeur de Registre Performance
sont endommagées lors du traitement du fournisseur de compteurs d’extension Performance.
La valeur BaseIndex à partir du Registre de performance est le premier DWORD dans
la section Données, la valeur LastCounter est le deuxième DWORD dans la section
Données, et la valeur LastHelp est le troisième DWORD dans la section Données.

Error - 09/07/2011 13:41:28 | Computer Name = Paul-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Les chaînes de performance dans la valeur de Registre Performance
sont endommagées lors du traitement du fournisseur de compteurs d’extension Performance.
La valeur BaseIndex à partir du Registre de performance est le premier DWORD dans
la section Données, la valeur LastCounter est le deuxième DWORD dans la section
Données, et la valeur LastHelp est le troisième DWORD dans la section Données.

Error - 09/07/2011 22:52:11 | Computer Name = Paul-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Les chaînes de performance dans la valeur de Registre Performance
sont endommagées lors du traitement du fournisseur de compteurs d’extension Performance.
La valeur BaseIndex à partir du Registre de performance est le premier DWORD dans
la section Données, la valeur LastCounter est le deuxième DWORD dans la section
Données, et la valeur LastHelp est le troisième DWORD dans la section Données.

Error - 09/07/2011 23:36:09 | Computer Name = Paul-PC | Source = Application Error | ID = 1000
Description = Nom de l’application défaillante Explorer.EXE, version : 6.1.7601.17567,
horodatage : 0x4d672ee4 Nom du module défaillant : ntdll.dll, version : 6.1.7601.17514,
horodatage : 0x4ce7c8f9 Code d’exception : 0xc0000005 Décalage d’erreur : 0x0000000000053d4e
ID
du processus défaillant : 0x78c Heure de début de l’application défaillante : 0x01cc3e5ebed63abe
Chemin
d’accès de l’application défaillante : C:\Windows\Explorer.EXE Chemin d’accès du
module défaillant: C:\Windows\SYSTEM32\ntdll.dll ID de rapport : bf9dda93-aaa5-11e0-9881-002713d2f057

Error - 09/07/2011 23:36:14 | Computer Name = Paul-PC | Source = Application Error | ID = 1000
Description = Nom de l’application défaillante Explorer.EXE, version : 6.1.7601.17567,
horodatage : 0x4d672ee4 Nom du module défaillant : ntdll.dll, version : 6.1.7601.17514,
horodatage : 0x4ce7c8f9 Code d’exception : 0xc000041d Décalage d’erreur : 0x0000000000053d4e
ID
du processus défaillant : 0x78c Heure de début de l’application défaillante : 0x01cc3e5ebed63abe
Chemin
d’accès de l’application défaillante : C:\Windows\Explorer.EXE Chemin d’accès du
module défaillant: C:\Windows\SYSTEM32\ntdll.dll ID de rapport : c2da3972-aaa5-11e0-9881-002713d2f057

[ Hewlett-Packard Events ]
Error - 23/11/2010 23:33:57 | Computer Name = Paul-PC | Source = Hewlett-Packard | ID = 0
Description = fr-FR Impossible de trouver le fichier 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib à System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) à System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) à System.IO.FileStream..ctor(String path, FileMode mode, FileAccess
access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath,
Boolean bFromProxy) à System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) à System.IO.StreamReader..ctor(String
path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks, Int32 bufferSize)

à System.IO.StreamReader..ctor(String path, Encoding encoding) à System.IO.File.ReadAllText(String
path, Encoding encoding) à n.a(Object A_0, EventArgs A_1)

Error - 01/12/2010 00:35:35 | Computer Name = Paul-PC | Source = Hewlett-Packard | ID = 0
Description = fr-FR Impossible de trouver le fichier 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib à System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) à System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) à System.IO.FileStream..ctor(String path, FileMode mode, FileAccess
access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath,
Boolean bFromProxy) à System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) à System.IO.StreamReader..ctor(String
path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks, Int32 bufferSize)

à System.IO.StreamReader..ctor(String path, Encoding encoding) à System.IO.File.ReadAllText(String
path, Encoding encoding) à n.a(Object A_0, EventArgs A_1)

Error - 01/12/2010 00:35:36 | Computer Name = Paul-PC | Source = Hewlett-Packard | ID = 0
Description = fr-FR Impossible de trouver le fichier 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib à System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) à System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) à System.IO.FileStream..ctor(String path, FileMode mode, FileAccess
access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath,
Boolean bFromProxy) à System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) à System.IO.StreamReader..ctor(String
path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks, Int32 bufferSize)

à System.IO.StreamReader..ctor(String path, Encoding encoding) à System.IO.File.ReadAllText(String
path, Encoding encoding) à n.a(Object A_0, EventArgs A_1)

Error - 22/12/2010 00:25:05 | Computer Name = Paul-PC | Source = Hewlett-Packard | ID = 0
Description = fr-FR Impossible de trouver le fichier 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib à System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) à System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) à System.IO.FileStream..ctor(String path, FileMode mode, FileAccess
access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath,
Boolean bFromProxy) à System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) à System.IO.StreamReader..ctor(String
path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks, Int32 bufferSize)

à System.IO.StreamReader..ctor(String path, Encoding encoding) à System.IO.File.ReadAllText(String
path, Encoding encoding) à n.a(Object A_0, EventArgs A_1)

Error - 22/12/2010 00:25:06 | Computer Name = Paul-PC | Source = Hewlett-Packard | ID = 0
Description = fr-FR Impossible de trouver le fichier 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib à System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) à System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) à System.IO.FileStream..ctor(String path, FileMode mode, FileAccess
access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath,
Boolean bFromProxy) à System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) à System.IO.StreamReader..ctor(String
path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks, Int32 bufferSize)

à System.IO.StreamReader..ctor(String path, Encoding encoding) à System.IO.File.ReadAllText(String
path, Encoding encoding) à n.a(Object A_0, EventArgs A_1)

Error - 22/03/2011 18:10:23 | Computer Name = Paul-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\031122111020.xml
File not created by asset agent

Error - 06/04/2011 06:17:16 | Computer Name = Paul-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\041106121711.xml
File not created by asset agent

Error - 07/05/2011 10:05:28 | Computer Name = Paul-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051107040525.xml
File not created by asset agent

Error - 23/05/2011 00:17:49 | Computer Name = Paul-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051123071747.xml
File not created by asset agent

Error - 01/06/2011 08:55:11 | Computer Name = Paul-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\061101035502.xml
File not created by asset agent

[ System Events ]
Error - 30/06/2011 02:21:55 | Computer Name = Paul-PC | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk2\DR2 comporte un bloc défectueux.

Error - 30/06/2011 02:22:07 | Computer Name = Paul-PC | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk2\DR2 comporte un bloc défectueux.

Error - 30/06/2011 02:22:19 | Computer Name = Paul-PC | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk2\DR2 comporte un bloc défectueux.

Error - 30/06/2011 02:22:31 | Computer Name = Paul-PC | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk2\DR2 comporte un bloc défectueux.

Error - 30/06/2011 02:25:04 | Computer Name = Paul-PC | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 09:24:07 le ?30/?06/?2011 n’était pas
prévu.

Error - 30/06/2011 02:26:09 | Computer Name = Paul-PC | Source = DCOM | ID = 10010
Description =

Error - 30/06/2011 11:46:49 | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7043
Description = Le service Windows Update ne s’est pas fermé correctement après avoir
reçu une commande d’anticipation de fermeture.

Error - 03/07/2011 00:22:06 | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7000
Description = Le service HP Health Check Service n’a pas pu démarrer en raison de
l’erreur : %%109

Error - 04/07/2011 11:25:04 | Computer Name = Paul-PC | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 18:23:23 le ?04/?07/?2011 n’était pas
prévu.

Error - 09/07/2011 13:37:10 | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d’amorçage suivant n’a pas pu se
charger : aswSnx

< End of report

Retour en haut of the page up there ^

#9 jeanmimigab

Extrem Member

Groupe : Equipe Sécurité
Messages : 765
Inscrit(e) : 21-janvier 10

Posté 11 juillet 2011 - 06:49

hello,

Attention a ne pas installer TutoPC ou Tuto4PC ils contienne des adawares provoquant des pub intempestive et modifie beaucoup de paramêtres dans tes navigateurs web.

Lis bien toutes ma réponse avant de commencer les manipulations demandés.

Désactive Avast le temps de faire tout cela, tu le réactiveras après

* Fais un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"

Citation

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HP | MSN
IE - HKU\S-1-5-21-3619440750-2551092191-1784321679-1000\..\URLSearchHook: {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - Reg Error: Key error. File not found
FF - prefs.js..browser.search.defaultenginename: "iMesh Web Search"
FF - prefs.js..browser.search.order.1: "iMesh Web Search"
FF - prefs.js..browser.search.selectedEngine: "BearShare Web Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..keyword.URL: "http://search.imesh.com/web?src=ffb&systemid=1&q="
[2010/09/14 15:48:25 | 000,002,506 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\gevs52mp.default\searchplugins\BearShareWebSearch.xml
[2010/11/05 10:47:22 | 000,002,272 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\gevs52mp.default\searchplugins\flickr-search-suggestions.xml
[2010/09/14 15:48:25 | 000,002,506 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\BearShareWebSearch.xml
O2 - BHO: (T4PCBHO Class) - {AB720781-0670-4e46-B82E-376AEF228F25} - C:\Program Files (x86)\Tuto4pc\Tuto4pcBHO.dll (Tuto4PC)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM\..\Run: [] File not found
O4 - HKLM\..\Run: [Tuto4pc] File not found
O4 - HKU\S-1-5-19\..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20\..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O18 - Protocol\Handler\msdaipp - No CLSID value found
O20 - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll) - File not found

:Files
C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\gevs52mp.default\searchplugins\BearShareWebSearch.xml
C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\gevs52mp.default\searchplugins\flickr-search-suggestions.xml
C:\Program Files (x86)\mozilla firefox\searchplugins\BearShareWebSearch.xml
C:\Program Files (x86)\Tuto4pc\Tuto4pcBHO.dll
C:\Users\Paul\AppData\Roaming\Tuto4pc
C:\Users\Paul\AppData\Local\Tuto4pc
C:\Program Files (x86)\Tuto4pc
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tuto4PC
C:\ProgramData\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
C:\Users\Paul\AppData\Roaming\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
C:\Users\Paul\AppData\Roaming\Tuto4pc

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Tuto Archi Facile_is1"=-
"Tuto Avast_is1"=-
"Tuto4pc_is1"=-

:Commands
[emptytemp]
[EMPTYFLASH]
[PURITY]
[RESETHOSTS]

* Cliques sur l'icône"Correction" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un rapport va s'ouvrir
* Copie et colle le rapports dans ta réponse stp...

ensuite..

télécharge Malwarebytes et installe le.
Après avoir effectué la mise à jour, Choisis "exécuter un examen rapide", à la fin du scanne, coches tous les éléments trouvés,et clique sur supprimer la sélection.
Poste moi le rapport stp.

@++

Notre ami...

私の友人に勇気

Retour en haut of the page up there ^

#10 Zorba 1

Junior Member

Groupe : Membres
Messages : 16
Inscrit(e) : 03-juillet 11

Posté 15 juillet 2011 - 02:57

Bonjour;
Voila le premier rapport
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3619440750-2551092191-1784321679-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe}\ not found.
Prefs.js: "iMesh Web Search" removed from browser.search.defaultenginename
Prefs.js: "iMesh Web Search" removed from browser.search.order.1
Prefs.js: "BearShare Web Search" removed from browser.search.selectedEngine
Prefs.js: false removed from browser.search.suggest.enabled
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "http://search.imesh.com/web?src=ffb&systemid=1&q=" removed from keyword.URL
File C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\gevs52mp.default\searchplugins\BearShareWebSearch.xml not found.
File C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\gevs52mp.default\searchplugins\flickr-search-suggestions.xml not found.
File C:\Program Files (x86)\mozilla firefox\searchplugins\BearShareWebSearch.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AB720781-0670-4e46-B82E-376AEF228F25}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB720781-0670-4e46-B82E-376AEF228F25}\ not found.
File C:\Program Files (x86)\Tuto4pc\Tuto4pcBHO.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found.
Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry value HKEY_USERS\S-1-5-19\\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_USERS\S-1-5-20\\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ not found.
File Protocol\Handler\msdaipp - No CLSID value found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll deleted successfully.
========== FILES ==========
File\Folder C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\gevs52mp.default\searchplugins\BearShareWebSearch.xml not found.
File\Folder C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\gevs52mp.default\searchplugins\flickr-search-suggestions.xml not found.
File\Folder C:\Program Files (x86)\mozilla firefox\searchplugins\BearShareWebSearch.xml not found.
File\Folder C:\Program Files (x86)\Tuto4pc\Tuto4pcBHO.dll not found.
File\Folder C:\Users\Paul\AppData\Roaming\Tuto4pc not found.
File\Folder C:\Users\Paul\AppData\Local\Tuto4pc not found.
File\Folder C:\Program Files (x86)\Tuto4pc not found.
File\Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tuto4PC not found.
File\Folder C:\ProgramData\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A} not found.
File\Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue not found.
File\Folder C:\Users\Paul\AppData\Roaming\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe not found.
File\Folder C:\Users\Paul\AppData\Roaming\Tuto4pc not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\Tuto Archi Facile_is1 not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\Tuto Avast_is1 not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\Tuto4pc_is1 not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Paul
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 66340 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 7785620 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 7,00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Paul
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.25.0 log created on 07142011_172813

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Retour en haut of the page up there ^

(2 Pages)
1
2
→

Vous ne pouvez pas commencer un sujet
Vous ne pouvez pas répondre à ce sujet

Similar Topics
Sujet	Commencé par	Statistiques	Infos sur le dernier message
[Résolu] Messagerie bloquée par SweetIM Search 1 2	Lul800	14 réponses 317 vues	07 mai 2012 - 09:17 Par : Lul800
[Résolu] search-results.com 1 2 3 5 →	geckel	42 réponses 713 vues	03 mai 2012 - 12:49 Par : geckel
Virus http://fr.search-results.com	jayjay669	2 réponses 443 vues	18 mars 2012 - 02:36 Par : jayjay669
[Résolu] C'est quoi ce truc: http://fr.search-results.com 1 2 3 Depuis que j'ai cela les pages ne sons plus les mêmes	tourfraisetous	25 réponses 1532 vues	02 mars 2012 - 06:56 Par : Apollo
Search Babylon - 1 Comment m'en débarrasser ?	kabel	7 réponses 1159 vues	01 janvier 2012 - 08:58 Par : Tonton
Search Babylon [2]	cluster	1 réponses 450 vues	03 janvier 2012 - 08:46 Par : Tonton
[Résolu] Aide pour éliminer des infections 1 2	JLD95	17 réponses 739 vues	11 octobre 2011 - 06:01 Par : Tonton
Virer Alice Search comment virer ce truc	polpaulin	2 réponses 400 vues	07 octobre 2011 - 06:14 Par : polpaulin
Plus de Firefox et Internet Explorer page Search Impossible de télécharger Firefox	tanaud	1 réponses 972 vues	23 septembre 2011 - 09:15 Par : lexgamer
Avira Search Free Toolbar Plus Web protection 1 2	lou37	11 réponses 3302 vues	14 septembre 2011 - 08:32 Par : Apollo