Trojan : win32/comisproc

Blackraven · le 15 août 2011

Bonjour à tous,

Je vous le refais alors :$

Rapport AD-Remover :

============== SCAN ADDITIONNEL ==============

**** Mozilla Firefox Version [4.0.1 (fr)] ****

FIREFOX.EXE\Shell\Open\Command - C:\Users\Manon\Downloads\mozilla firefox\firefox.exe

HKLM_MozillaPlugins\@pandonetworks.com/PandoWebPlugin (x)

HKLM_MozillaPlugins\Adobe Reader (x)

HKCU_MozillaPlugins\pandonetworks.com/PandoWebPlugin (x)

Extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} (Skype extension )

HKLM_Extensions|{B7082FAA-CB62-4872-9106-E42DD88EDE45} - C:\Program Files (x86)\McAfee\SiteAdvisor

HKLM_Extensions|{EB132DB0-A4CA-11DF-9732-0E29E0D72085} - C:\Program Files (x86)\Object\facetheme

HKCU_Extensions|{EB132DB0-A4CA-11DF-9732-0E29E0D72085} - C:\Program Files (x86)\Object\facetheme

-- C:\Users\Manon\AppData\Roaming\Mozilla\FireFox\Profiles\9469jxz2.default --

Extensions\engine@plasmoo.com (Plasmoo Search Engine)

Extensions\{59994074-c06d-4a75-9768-49e5a8c21264} (Messenger Plus Live France Community Toolbar)

Extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8} (IMVU Inc Community Toolbar)

Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} (Free YouTube Download (Free Studio) Menu)

Searchplugins\plasmoo.xml (hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}/)

Prefs.js - browser.download.lastDir, C:\\Users\\Manon\\Pictures\\belles images

Prefs.js - browser.search.defaultenginename, Plasmoo

Prefs.js - browser.search.defaulturl, hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}

Prefs.js - browser.search.selectedEngine, Plasmoo

Prefs.js - browser.startup.homepage, hxxp://www.google.fr/ig?hl=fr

Prefs.js - browser.startup.homepage_override.buildID, 20110615151330

Prefs.js - browser.startup.homepage_override.mstone, rv:5.0

Prefs.js - keyword.URL, hxxp://plasmoo.com/index.htm?SearchMashine=true&q=

========================================

**** Internet Explorer Version [9.0.8112.16421] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896

HKCU_Main|Start Page - hxxp://fr.msn.com/

HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896

HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm

HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Start Page - hxxp://fr.msn.com/

HKCU_URLSearchHooks|{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - "McAfee SiteAdvisor Toolbar" (c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll)

HKCU_URLSearchHooks|{59994074-c06d-4a75-9768-49e5a8c21264} - "Messenger Plus Live France Toolbar" (C:\Program Files (x86)\Messenger_Plus_Live_France\tbMes1.dll)

HKCU_URLSearchHooks|{90b49673-5506-483e-b92b-ca0265bd9ca8} - "IMVU Inc Toolbar" (C:\Program Files (x86)\IMVU_Inc\tbIMVU.dll)

HKCU_URLSearchHooks|{a65e491f-a436-4952-b49a-b24ed99a0f67} - "Tom's Guide France Toolbar" (C:\Program Files (x86)\Tom's_Guide_France\tbTom'.dll)

HKLM_URLSearchHooks|{59994074-c06d-4a75-9768-49e5a8c21264} - "Messenger Plus Live France Toolbar" (C:\Program Files (x86)\Messenger_Plus_Live_France\tbMes1.dll)

HKLM_URLSearchHooks|{90b49673-5506-483e-b92b-ca0265bd9ca8} - "IMVU Inc Toolbar" (C:\Program Files (x86)\IMVU_Inc\tbIMVU.dll)

HKLM_URLSearchHooks|{a65e491f-a436-4952-b49a-b24ed99a0f67} - "Tom's Guide France Toolbar" (C:\Program Files (x86)\Tom's_Guide_France\tbTom'.dll)

HKCU_SearchScopes\Plasmoo - "Plasmoo" (hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms})

HKCU_Toolbar\WebBrowser|{59994074-C06D-4A75-9768-49E5A8C21264} (C:\Program Files (x86)\Messenger_Plus_Live_France\tbMes1.dll)

HKCU_Toolbar\WebBrowser|{90B49673-5506-483E-B92B-CA0265BD9CA8} (C:\Program Files (x86)\IMVU_Inc\tbIMVU.dll)

HKCU_Toolbar\WebBrowser|{A65E491F-A436-4952-B49A-B24ED99A0F67} (C:\Program Files (x86)\Tom's_Guide_France\tbTom'.dll)

HKLM_Toolbar|{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} (c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll)

HKLM_Toolbar|{59994074-c06d-4a75-9768-49e5a8c21264} (C:\Program Files (x86)\Messenger_Plus_Live_France\tbMes1.dll)

HKLM_Toolbar|{90b49673-5506-483e-b92b-ca0265bd9ca8} (C:\Program Files (x86)\IMVU_Inc\tbIMVU.dll)

HKLM_Toolbar|{a65e491f-a436-4952-b49a-b24ed99a0f67} (C:\Program Files (x86)\Tom's_Guide_France\tbTom'.dll)

HKLM_ElevationPolicy\cc6c8997-57d7-4898-b6c8-f65ec56257cf - C:\Program Files (x86)\Messenger_Plus_Live_France\Messenger_Plus_Live_FranceToolbarHelper.exe (?)

HKLM_ElevationPolicy\fbc21d5b-2960-421e-a63f-5de5072ec6be - C:\Program Files (x86)\Messenger_Plus_Live_France\Messenger_Plus_Live_FranceToolbarHelper.exe (?)

HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\SysWOW64\wpcer.exe (x)

HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\SysWOW64\winfxdocobj.exe (x)

HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files (x86)\Internet Explorer\iedw.exe (x)

HKLM_ElevationPolicy\{717EB489-E60D-46CC-BC3C-7EEFB1FBBEE3} - C:\Program Files (x86)\Tom's_Guide_France\Tom's_Guide_FranceToolbarHelper.exe (?)

HKLM_ElevationPolicy\{A6E2003F-95C5-4591-BA9A-0093080FDB5C} - C:\Program Files (x86)\Common Files\Oberon Media\OberonBroker\1.0.0.63\OberonBroker.exe (?)

HKLM_ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01} - C:\Windows\system32\TSWbPrxy.exe (x)

HKLM_ElevationPolicy\{DAABE21E-DB8C-49b8-9511-9E6547ECBC5F} - c:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)

HKLM_ElevationPolicy\{E699E65D-23A5-44D0-B542-4B5D6E545B04} - C:\Program Files (x86)\IMVU_Inc\IMVU_IncToolbarHelper.exe (?)

BHO\{27B4851A-3207-45A2-B947-BE8AFE6163AB} - "McAfee Phishing Filter" (c:\PROGRA~2\mcafee\msk\mskapbho.dll)

BHO\{59994074-c06d-4a75-9768-49e5a8c21264} - "Messenger Plus Live France Toolbar" (C:\Program Files (x86)\Messenger_Plus_Live_France\tbMes1.dll)

BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)

BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)

BHO\{7DB2D5A0-7241-4E79-B68D-6309F01C5231} - "scriptproxy" (c:\PROGRA~2\mcafee\VIRUSS~1\scriptsn.dll)

BHO\{90b49673-5506-483e-b92b-ca0265bd9ca8} - "IMVU Inc Toolbar" (C:\Program Files (x86)\IMVU_Inc\tbIMVU.dll)

BHO\{a65e491f-a436-4952-b49a-b24ed99a0f67} - "Tom's Guide France Toolbar" (C:\Program Files (x86)\Tom's_Guide_France\tbTom'.dll)

BHO\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} - "McAfee SiteAdvisor BHO" (c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll)

========================================

C:\Users\Manon\Desktop\Quarantine: 226 Fichier(s)

C:\Users\Manon\Desktop\Backup: 15 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 15/08/2011 17:43:13 (20298 Octet(s))

C:\Ad-Report-CLEAN[2].txt - 15/08/2011 18:38:15 (7339 Octet(s))

Fin à: 18:40:30, 15/08/2011

============== E.O.F ==============

Rapport Malwarebytes :

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Version de la base de données: 7470

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

15/08/2011 18:07:10

mbam-log-2011-08-15 (18-07-10).txt

Type d'examen: Examen rapide

Elément(s) analysé(s): 176257

Temps écoulé: 7 minute(s), 53 seconde(s)

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 7

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 4

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):

HKEY_CLASSES_ROOT\CLSID\{66D8FBA6-D90F-40A9-AC55-84896F79CA69} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\bho_project.bho_object.1 (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\bho_project.bho_object (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66D8FBA6-D90F-40A9-AC55-84896F79CA69} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66D8FBA6-D90F-40A9-AC55-84896F79CA69} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{66D8FBA6-D90F-40A9-AC55-84896F79CA69} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{66D8FBA6-D90F-40A9-AC55-84896F79CA69} (Trojan.BHO) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

Fichier(s) infecté(s):

c:\program files (x86)\Object\bho_project.dll (Trojan.BHO) -> Quarantined and deleted successfully.

c:\Users\Manon\AppData\Local\Temp\is-85O3U.tmp\PCTuto\inst.exe (Adware.Agent) -> Quarantined and deleted successfully.

c:\Users\Manon\AppData\Local\Temp\is-DJ7D1.tmp\PCTuto\inst.exe (Adware.Agent) -> Quarantined and deleted successfully.

c:\Users\Manon\AppData\Local\Temp\_ir_sf_temp_0\88.exe (Rootkit.Agent) -> Quarantined and deleted successfully.

Rapport OTL.Txt :

OTL logfile created on: 15/08/2011 18:15:36 - Run 1

OTL by OldTimer - Version 3.2.26.4 Folder = C:\Users\Manon\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,93 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 58,10% Memory free

7,86 Gb Paging File | 6,04 Gb Available in Paging File | 76,80% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 453,66 Gb Total Space | 371,87 Gb Free Space | 81,97% Space Free | Partition Type: NTFS

Computer Name: MANON-PC | User Name: Manon | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Manon\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10v_ActiveX.exe (Adobe Systems, Inc.)

PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)

PRC - C:\Users\Manon\Downloads\msn\Messenger Plus! Live\PlusService.exe (Yuna Software)

PRC - C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe (Uniblue Systems Limited)

PRC - C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)

PRC - C:\Users\Manon\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)

PRC - c:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)

PRC - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)

PRC - C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)

PRC - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)

PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

PRC - C:\Program Files (x86)\McAfee\MSK\msksrver.exe (McAfee, Inc.)

PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)

PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)

PRC - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)

PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)

PRC - c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)

PRC - c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)

PRC - C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)

PRC - C:\Windows\SysWOW64\NlsSrv32.exe (Nalpeiron Ltd.)

PRC - C:\Windows\PLFSetI.exe ()

========== Modules (No Company Name) ==========

MOD - C:\Users\Manon\Downloads\msn\Messenger Plus! Live\Detoured.dll ()

MOD - c:\Program Files (x86)\McAfee\MSK\mskapbho.dll ()

MOD - C:\Windows\PLFSetI.exe ()

========== Win32 Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)

SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SRV:64bit: - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)

SRV - (Akamai) -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_2da1ebd.dll ()

SRV - (McAfee SiteAdvisor Service) -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)

SRV - (mcmscsvc) -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (McODS) -- C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (McAfee, Inc.)

SRV - (McShield) -- C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (McAfee, Inc.)

SRV - (McSysmon) -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)

SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)

SRV - (MpfService) -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)

SRV - (IAANTMON) Intel® -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

SRV - (MSK80Service) -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe (McAfee, Inc.)

SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()

SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)

SRV - (McProxy) -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)

SRV - (McNASvc) -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (nlsX86cc) -- C:\Windows\SysWOW64\NlsSrv32.exe (Nalpeiron Ltd.)

========== Driver Services (SafeList) ==========

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)

DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)

DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)

DRV:64bit: - (mfesmfk) -- C:\Windows\SysNative\drivers\mfesmfk.sys (McAfee, Inc.)

DRV:64bit: - (mferkdk) -- C:\Windows\SysNative\drivers\mferkdk.sys (McAfee, Inc.)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)

DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)

DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)

DRV:64bit: - (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)

DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)

DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)

DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)

DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)

DRV:64bit: - (MPFP) -- C:\Windows\SysNative\drivers\Mpfp.sys (McAfee, Inc.)

DRV - (RSUSBSTOR) -- C:\Windows\SysWOW64\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.a s px?b=ACAW&l=040c&m=a s pire_7715z&r=27360510p205l0434z1l5t4462e70 s

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = Le Complément de recherche d'Internet Explorer 6 n'est plus pris en charge.

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

IE - HKLM\..\URLSearchHook: {59994074-c06d-4a75-9768-49e5a8c21264} - C:\Program Files (x86)\Messenger_Plus_Live_France\tbMes1.dll (Conduit Ltd.)

IE - HKLM\..\URLSearchHook: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\tbIMVU.dll (Conduit Ltd.)

IE - HKLM\..\URLSearchHook: {a65e491f-a436-4952-b49a-b24ed99a0f67} - C:\Program Files (x86)\Tom's_Guide_France\tbTom'.dll (Conduit Ltd.)

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1673646550-512130197-2364748181-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

IE - HKU\S-1-5-21-1673646550-512130197-2364748181-1001\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

IE - HKU\S-1-5-21-1673646550-512130197-2364748181-1001\..\URLSearchHook: {59994074-c06d-4a75-9768-49e5a8c21264} - C:\Program Files (x86)\Messenger_Plus_Live_France\tbMes1.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-1673646550-512130197-2364748181-1001\..\URLSearchHook: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\tbIMVU.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-1673646550-512130197-2364748181-1001\..\URLSearchHook: {a65e491f-a436-4952-b49a-b24ed99a0f67} - C:\Program Files (x86)\Tom's_Guide_France\tbTom'.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-1673646550-512130197-2364748181-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Plasmoo"

FF - prefs.js..browser.search.defaultthis.engineName: "Plasmoo"

FF - prefs.js..browser.search.defaulturl: "http://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "Plasmoo"

FF - prefs.js..browser.startup.homepage: "http://www.google.fr/ig?hl=fr"

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906

FF - prefs.js..extensions.enabledItems: {59994074-c06d-4a75-9768-49e5a8c21264}:2.7.2.0

FF - prefs.js..extensions.enabledItems: {90b49673-5506-483e-b92b-ca0265bd9ca8}:2.7.2.0

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1

FF - prefs.js..extensions.enabledItems: {D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}:1.0

FF - prefs.js..extensions.enabledItems: ClickPotatoLite@ClickPotatoLite.com:10.0.0.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}:1.0

FF - prefs.js..extensions.enabledItems: engine@plasmoo.com:1.0.0.32

FF - prefs.js..keyword.URL: "http://plasmoo.com/index.htm?SearchMashine=true&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011/08/10 20:02:02 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files (x86)\Object\facetheme [2011/05/28 22:10:52 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/05 13:30:57 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/27 20:15:10 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Users\Manon\Downloads\mozilla firefox\components [2011/06/26 21:06:26 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Users\Manon\Downloads\mozilla firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files (x86)\Object\facetheme [2011/05/28 22:10:52 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Users\Manon\Downloads\mozilla firefox\components [2011/06/26 21:06:26 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Users\Manon\Downloads\mozilla firefox\plugins

[2010/07/12 23:23:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Manon\AppData\Roaming\mozilla\Extensions

[2010/07/12 23:23:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Manon\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com

[2011/08/15 17:44:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Manon\AppData\Roaming\mozilla\Firefox\Profiles\9469jxz2.default\extensions

[2011/06/29 14:04:49 | 000,000,000 | ---D | M] (Messenger Plus Live France Community Toolbar) -- C:\Users\Manon\AppData\Roaming\mozilla\Firefox\Profiles\9469jxz2.default\extensions\{59994074-c06d-4a75-9768-49e5a8c21264}

[2011/06/29 14:04:51 | 000,000,000 | ---D | M] (IMVU Inc Community Toolbar) -- C:\Users\Manon\AppData\Roaming\mozilla\Firefox\Profiles\9469jxz2.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}

[2010/12/21 00:20:25 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Manon\AppData\Roaming\mozilla\Firefox\Profiles\9469jxz2.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2011/05/12 19:55:54 | 000,000,000 | ---D | M] (Plasmoo Search Engine) -- C:\Users\Manon\AppData\Roaming\mozilla\Firefox\Profiles\9469jxz2.default\extensions\engine@plasmoo.com

[2010/07/27 18:45:28 | 000,002,650 | ---- | M] () -- C:\Users\Manon\AppData\Roaming\Mozilla\Firefox\Profiles\9469jxz2.default\searchplugins\bing.xml

[2011/04/28 19:42:58 | 000,001,975 | ---- | M] () -- C:\Users\Manon\AppData\Roaming\Mozilla\Firefox\Profiles\9469jxz2.default\searchplugins\plasmoo.xml

[2011/08/15 17:44:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2010/12/29 17:30:14 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2011/04/11 01:00:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

File not found (No name found) --

[2011/05/28 22:10:52 | 000,000,000 | ---D | M] (FaceTheme - Change your Facebook layout!) -- C:\PROGRAM FILES (X86)\OBJECT\FACETHEME

[2011/04/11 01:00:27 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2010/06/26 09:59:00 | 000,001,516 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-france.xml

[2010/06/26 09:59:00 | 000,001,822 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml

[2010/06/26 09:59:00 | 000,000,757 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-france.xml

[2010/06/26 09:59:00 | 000,001,426 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-fr.xml

[2010/06/26 09:59:00 | 000,000,956 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho64.dll ()

O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)

O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho.dll ()

O2 - BHO: (Messenger Plus Live France Toolbar) - {59994074-c06d-4a75-9768-49e5a8c21264} - C:\Program Files (x86)\Messenger_Plus_Live_France\tbMes1.dll (Conduit Ltd.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)

O2 - BHO: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\tbIMVU.dll (Conduit Ltd.)

O2 - BHO: (Tom's Guide France Toolbar) - {a65e491f-a436-4952-b49a-b24ed99a0f67} - C:\Program Files (x86)\Tom's_Guide_France\tbTom'.dll (Conduit Ltd.)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (Messenger Plus Live France Toolbar) - {59994074-c06d-4a75-9768-49e5a8c21264} - C:\Program Files (x86)\Messenger_Plus_Live_France\tbMes1.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\tbIMVU.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Tom's Guide France Toolbar) - {a65e491f-a436-4952-b49a-b24ed99a0f67} - C:\Program Files (x86)\Tom's_Guide_France\tbTom'.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3:64bit: - HKU\S-1-5-21-1673646550-512130197-2364748181-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKU\S-1-5-21-1673646550-512130197-2364748181-1001\..\Toolbar\WebBrowser: (Messenger Plus Live France Toolbar) - {59994074-C06D-4A75-9768-49E5A8C21264} - C:\Program Files (x86)\Messenger_Plus_Live_France\tbMes1.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-1673646550-512130197-2364748181-1001\..\Toolbar\WebBrowser: (IMVU Inc Toolbar) - {90B49673-5506-483E-B92B-CA0265BD9CA8} - C:\Program Files (x86)\IMVU_Inc\tbIMVU.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-1673646550-512130197-2364748181-1001\..\Toolbar\WebBrowser: (Tom's Guide France Toolbar) - {A65E491F-A436-4952-B49A-B24ED99A0F67} - C:\Program Files (x86)\Tom's_Guide_France\tbTom'.dll (Conduit Ltd.)

O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)

O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)

O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)

O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)

O4 - HKLM..\Run: [PlusService] C:\Users\Manon\Downloads\msn\Messenger Plus! Live\PlusService.exe (Yuna Software)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1673646550-512130197-2364748181-1001..\Run: [RegistryBooster] C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found

O4 - Startup: C:\Users\Manon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk = C:\Users\Manon\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe ()

O4 - Startup: C:\Users\Manon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Notification de cadeaux MSN.lnk = C:\Users\Manon\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Manon\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Manon\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll (Google Inc.)

O8 - Extra context menu item: Free YouTube Download - C:\Users\Manon\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Manon\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll (Google Inc.)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O13 - gopher Prefix: missing

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micro s oft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitChec k Control.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://me s s enger.zone.m s n.com/binary/m s grch k r.cab56986.cab (Checkers Class)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/s hoc k wave/cab s /director/s w.cab (Shockwave ActiveX Control)

O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.s can.onecare.live.com/re s ource/download/s canner/fr-fr/wl s cctrl2.cab (Windows Live OneCare safety scanner control)

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://me s s enger.zone.m s n.com/Me s s engerGame s Content/GameContent/fr/uno1/GAME_UNO1.cab (UnoCtrl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.s un.com/update/1.6.0/jin s tall-1_6_0_24-window s -i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicro s oftoffice.com/trialoaa/buym s office_a s s et s /framewor k /micro s oft/wrc32.ocx (WRC Class)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://me s s enger.zone.m s n.com/binary/Me s s enger S tat s PAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.s un.com/update/1.6.0/jin s tall-1_6_0_24-window s -i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.s un.com/update/1.6.0/jin s tall-1_6_0_24-window s -i586.cab (Java Plug-in 1.6.0_24)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

SafeBootMin:64bit: AppMgmt - Service

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: mcmscsvc - C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)

SafeBootMin: MCODS - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (McAfee, Inc.)

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: mcmscsvc - C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)

SafeBootNet: MCODS - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (McAfee, Inc.)

SafeBootNet: Messenger - Service

SafeBootNet: MpfService - C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2011/08/15 18:13:45 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Manon\Desktop\OTL.exe

[2011/08/15 17:58:05 | 000,000,000 | ---D | C] -- C:\Users\Manon\AppData\Roaming\Malwarebytes

[2011/08/15 17:57:52 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2011/08/15 17:57:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/08/15 17:57:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011/08/15 17:57:46 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011/08/15 17:57:45 | 000,000,000 | ---D | C] -- C:\Users\Manon\Desktop\Malwarebytes' Anti-Malware

[2011/08/15 17:55:32 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Manon\Desktop\mbam-setup-1.51.1.1800.exe

[2011/08/15 17:42:59 | 000,000,000 | ---D | C] -- C:\Users\Manon\Desktop\Quarantine

[2011/08/15 17:42:59 | 000,000,000 | ---D | C] -- C:\Users\Manon\Desktop\Backup

[2011/08/15 17:42:20 | 000,000,000 | ---D | C] -- C:\Users\Manon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ad-Remover

[2011/08/15 17:42:19 | 000,000,000 | ---D | C] -- C:\Users\Manon\Desktop\res

[2011/08/15 17:42:11 | 000,000,000 | ---D | C] -- C:\Users\Manon\Desktop\Lang

[2011/08/15 17:42:09 | 000,000,000 | ---D | C] -- C:\Users\Manon\Desktop\Erunt

[2011/08/15 17:42:03 | 000,000,000 | ---D | C] -- C:\Users\Manon\Desktop\bin

[2011/08/10 22:42:19 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2011/08/10 22:42:19 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2011/08/10 22:42:17 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2011/08/10 22:42:17 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2011/08/10 22:42:17 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2011/08/10 22:42:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2011/08/10 22:42:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2011/08/10 22:42:16 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2011/08/10 22:42:16 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2011/08/10 21:55:21 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll

[2011/08/10 21:55:16 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll

[2011/08/10 21:55:16 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll

[2011/08/10 21:55:16 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll

[2011/08/10 21:55:16 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll

[2011/08/10 21:55:15 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll

[2011/08/10 21:55:15 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll

[2011/08/10 21:55:15 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll

[2011/08/10 21:55:14 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll

[2011/08/10 21:55:14 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll

[2011/08/10 21:54:51 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll

[2011/08/10 21:54:51 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe

[2011/08/10 21:54:51 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll

[2011/08/10 21:54:50 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll

[2011/08/10 21:54:50 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll

[2011/08/10 21:54:50 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe

[2011/08/10 21:54:49 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll

[2011/08/10 21:54:49 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll

[2011/08/10 21:54:49 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll

[2011/08/10 21:54:49 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll

[2011/08/10 21:54:48 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

[2011/08/10 21:54:48 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll

[2011/08/10 21:54:48 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll

[2011/08/10 21:54:48 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

[2011/08/10 21:54:48 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll

[2011/08/10 21:54:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

[2011/08/10 21:54:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll

[2011/08/10 21:54:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

[2011/08/10 21:54:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll

[2011/08/10 21:54:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

[2011/08/10 21:54:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll

[2011/08/10 21:54:47 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll

[2011/08/10 21:54:47 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll

[2011/08/10 21:54:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

[2011/08/10 21:54:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll

[2011/08/10 21:54:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll

[2011/08/10 21:54:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll

[2011/08/10 21:54:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll

[2011/08/10 21:54:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

[2011/08/10 21:54:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll

[2011/08/10 21:54:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll

[2011/08/10 21:54:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

[2011/08/10 21:54:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll

[2011/08/10 21:54:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll

[2011/08/10 21:54:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

[2011/08/10 21:54:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll

[2011/08/10 21:54:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll

[2011/08/10 21:54:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

[2011/08/10 21:54:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

[2011/08/10 21:54:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

[2011/08/10 21:54:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll

[2011/08/10 21:54:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

[2011/08/10 21:54:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll

[2011/08/10 21:54:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

[2011/08/10 21:54:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

[2011/08/10 21:54:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll

[2011/08/10 21:54:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

[2011/08/10 21:54:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll

[2011/08/10 21:54:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll

[2011/08/10 21:54:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

[2011/08/10 21:54:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll

[2011/08/10 21:54:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

[2011/08/10 21:54:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll

[2011/08/10 21:54:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

[2011/08/10 21:54:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

[2011/08/10 21:54:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll

[2011/08/10 21:54:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

[2011/08/10 21:54:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll

[2011/08/10 21:54:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

[2011/08/10 21:54:42 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe

[2011/08/10 21:54:42 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

[2011/08/10 21:54:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

[2011/08/10 21:54:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

[2011/08/10 21:54:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll

[2011/08/10 21:54:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

[2011/08/10 21:54:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

[2011/08/10 21:54:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

[2011/08/10 21:54:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll

[2011/08/10 21:54:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe

[2011/08/10 21:54:32 | 005,561,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2011/08/10 21:54:32 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2011/08/10 21:54:31 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2011/08/08 12:19:45 | 000,000,000 | ---D | C] -- C:\Users\Manon\AppData\Roaming\DVDVideoSoft

[2009/10/29 12:21:14 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe

========== Files - Modified Within 30 Days ==========

[2011/08/15 18:21:16 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin

[2011/08/15 18:18:01 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011/08/15 18:18:01 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011/08/15 18:14:01 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Manon\Desktop\OTL.exe

[2011/08/15 18:11:59 | 000,000,921 | ---- | M] () -- C:\Users\Manon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk

[2011/08/15 18:11:18 | 000,058,747 | ---- | M] () -- C:\Windows\SysNative\Config.MPF

[2011/08/15 18:10:45 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/08/15 18:10:42 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job

[2011/08/15 18:10:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/08/15 18:10:22 | 3166,154,752 | -HS- | M] () -- C:\hiberfil.sys

[2011/08/15 17:57:52 | 000,000,787 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/08/15 17:56:55 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Manon\Desktop\mbam-setup-1.51.1.1800.exe

[2011/08/15 17:42:22 | 000,083,496 | ---- | M] () -- C:\Users\Manon\Desktop\Uninstal.exe

[2011/08/15 17:42:22 | 000,001,366 | ---- | M] () -- C:\Users\Manon\Desktop\Ad-Remover.lnk

[2011/08/15 17:41:37 | 001,563,105 | ---- | M] () -- C:\Users\Manon\Desktop\AD-R.exe

[2011/08/15 17:40:10 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/08/15 01:10:34 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job

[2011/08/14 23:22:00 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2011/08/10 22:45:02 | 001,578,082 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011/08/10 22:45:02 | 000,706,580 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat

[2011/08/10 22:45:02 | 000,618,108 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011/08/10 22:45:02 | 000,131,754 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat

[2011/08/10 22:45:02 | 000,107,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011/08/10 13:19:18 | 000,001,879 | ---- | M] () -- C:\Users\Manon\Desktop\IMVU.lnk

[2011/08/08 12:19:27 | 000,001,188 | ---- | M] () -- C:\Users\Manon\Desktop\Free YouTube to MP3 Converter.lnk

[2011/08/07 17:46:56 | 000,545,071 | ---- | M] () -- C:\Users\Manon\Desktop\main.exe

[2011/08/04 16:42:52 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2011/08/02 14:02:04 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif

[2011/08/02 14:01:45 | 001,578,010 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/07/22 07:42:23 | 002,303,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2011/07/22 07:35:31 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2011/07/22 07:33:41 | 000,818,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2011/07/22 07:32:49 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2011/07/22 07:30:55 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2011/07/22 04:47:24 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2011/07/22 04:45:41 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2011/07/22 04:44:42 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2011/07/22 04:43:07 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2011/07/21 18:57:29 | 000,001,901 | ---- | M] () -- C:\Users\Manon\Desktop\Microsoft Security Essentials.lnk

========== Files Created - No Company Name ==========

[2011/08/15 18:21:16 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin

[2011/08/15 17:57:52 | 000,000,787 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/08/15 17:42:22 | 000,001,366 | ---- | C] () -- C:\Users\Manon\Desktop\Ad-Remover.lnk

[2011/08/15 17:42:03 | 000,083,496 | ---- | C] () -- C:\Users\Manon\Desktop\Uninstal.exe

[2011/08/15 17:41:35 | 001,563,105 | ---- | C] () -- C:\Users\Manon\Desktop\AD-R.exe

[2011/08/07 17:46:55 | 000,545,071 | ---- | C] () -- C:\Users\Manon\Desktop\main.exe

[2011/08/04 16:42:52 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2011/07/21 18:57:29 | 000,001,901 | ---- | C] () -- C:\Users\Manon\Desktop\Microsoft Security Essentials.lnk

[2011/05/12 19:12:47 | 000,082,575 | ---- | C] () -- C:\Windows\Désinstaller reparermsn.exe

[2011/01/25 23:09:00 | 001,578,010 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010/08/27 16:14:30 | 000,014,848 | ---- | C] () -- C:\Users\Manon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin

[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin

[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll

[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll

[2010/07/24 15:21:18 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/06/21 18:24:04 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2010/06/06 14:35:00 | 000,000,983 | ---- | C] () -- C:\Windows\AZPR3.INI

[2010/05/18 20:12:14 | 000,001,220 | ---- | C] () -- C:\Windows\WinInit.Ini

[2010/02/22 08:16:03 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll

[2010/02/22 08:16:03 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe

[2010/02/22 08:16:03 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe

[2010/02/22 08:16:03 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini

[2009/10/29 13:00:05 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin

[2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2010/05/18 20:45:10 | 000,000,000 | -HSD | M] -- C:\Users\Manon\AppData\Roaming\.#

[2011/05/26 19:23:06 | 000,000,000 | ---D | M] -- C:\Users\Manon\AppData\Roaming\Audacity

[2010/10/25 01:05:59 | 000,000,000 | ---D | M] -- C:\Users\Manon\AppData\Roaming\Blender Foundation

[2011/03/18 19:34:03 | 000,000,000 | ---D | M] -- C:\Users\Manon\AppData\Roaming\Blue Cat Audio

[2011/05/11 16:20:49 | 000,000,000 | ---D | M] -- C:\Users\Manon\AppData\Roaming\DAZ 3D

[2011/08/08 12:19:48 | 000,000,000 | ---D | M] -- C:\Users\Manon\AppData\Roaming\DVDVideoSoft

[2011/05/12 19:48:34 | 000,000,000 | ---D | M] -- C:\Users\Manon\AppData\Roaming\DVDVideoSoftIEHelpers

[2010/05/18 20:44:47 | 000,000,000 | ---D | M] -- C:\Users\Manon\AppData\Roaming\GameConsole

[2010/10/24 17:29:04 | 000,000,000 | ---D | M] -- C:\Users\Manon\AppData\Roaming\gtk-2.0

[2011/03/18 19:34:57 | 000,000,000 | ---D | M] -- C:\Users\Manon\AppData\Roaming\HighAndes

[2011/08/15 18:12:00 | 000,000,000 | ---D | M] -- C:\Users\Manon\AppData\Roaming\IMVU

[2011/08/10 13:19:12 | 000,000,000 | ---D | M] -- C:\Users\Manon\AppData\Roaming\IMVUClient

[2010/11/06 03:09:42 | 000,000,000 | ---D | M] -- C:\Users\Manon\AppData\Roaming\inkscape

[2010/05/26 14:53:10 | 000,000,000 | ---D | M] -- C:\Users\Manon\AppData\Roaming\Netscape

[2010/06/17 18:33:02 | 000,000,000 | ---D | M] -- C:\Users\Manon\AppData\Roaming\OpenOffice.org

[2010/05/26 15:02:44 | 000,000,000 | ---D | M] -- C:\Users\Manon\AppData\Roaming\Photodex

[2010/08/01 20:02:21 | 000,000,000 | ---D | M] -- C:\Users\Manon\AppData\Roaming\PhotoFiltre

[2010/06/23 13:27:10 | 000,000,000 | ---D | M] -- C:\Users\Manon\AppData\Roaming\PowerCinema

[2011/05/06 22:27:13 | 000,000,000 | ---D | M] -- C:\Users\Manon\AppData\Roaming\Uniblue

[2010/07/12 23:24:50 | 000,000,000 | ---D | M] -- C:\Users\Manon\AppData\Roaming\Vivox

[2010/08/27 15:57:26 | 000,000,000 | ---D | M] -- C:\Users\Manon\AppData\Roaming\Windows Live Writer

[2011/08/15 01:10:34 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job

[2011/08/15 18:10:42 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job

[2011/05/18 13:09:07 | 000,032,482 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon /s >

"ReportBootOk" = 1

"Shell" = explorer.exe -- [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation)

"PreCreateKnownFolders" = {A520A1A4-1780-4FF6-BD18-167343C5AF16}

"DefaultDomainName" =

"DefaultUserName" =

"Userinit" = userinit.exe,

"VMApplet" = SystemPropertiesPerformance.exe /pagefile -- [2009/07/14 03:14:42 | 000,081,920 | ---- | M] (Microsoft Corporation)

"System" =

"Taskman" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]

"" = Wireless Group Policy

"DisplayName" = @wlgpclnt.dll,-100

"ProcessGroupPolicyEx" = ProcessWLANPolicyEx

"GenerateGroupPolicy" = GenerateWLANPolicy

"DllName" = wlgpclnt.dll -- [2009/07/14 03:16:19 | 000,118,784 | ---- | M] (Microsoft Corporation)

"NoUserPolicy" = 1

"NoGPOListChanges" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]

"" = Folder Redirection

"ProcessGroupPolicyEx" = ProcessGroupPolicyEx

"DllName" = fdeploy.dll -- [2010/11/20 14:19:02 | 000,059,904 | ---- | M] (Microsoft Corporation)

"NoMachinePolicy" = 1

"NoSlowLink" = 1

"PerUserLocalSettings" = 1

"NoGPOListChanges" = 0

"NoBackgroundPolicy" = 0

"GenerateGroupPolicy" = GenerateGroupPolicy

"EventSources" = (Folder Redirection,Application) [binary data]

"DisplayName" = @fdeploy.dll,-261

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]

"" = Microsoft Disk Quota

"DisplayName" = @%SystemRoot%\System32\dskquota.dll,-100

"NoMachinePolicy" = 0

"NoUserPolicy" = 1

"NoSlowLink" = 1

"NoBackgroundPolicy" = 1

"NoGPOListChanges" = 1

"PerUserLocalSettings" = 0

"RequiresSuccessfulRegistry" = 1

"EnableAsynchronousProcessing" = 0

"DllName" = %SystemRoot%\System32\dskquota.dll -- [2009/07/14 03:15:13 | 000,087,040 | ---- | M] (Microsoft Corporation)

"ProcessGroupPolicy" = ProcessGroupPolicy

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]

"" = QoS Packet Scheduler

"DisplayName" = @gptext.dll,-201

"ProcessGroupPolicy" = ProcessPSCHEDPolicy

"DllName" = gptext.dll -- [2009/07/14 03:15:24 | 000,018,944 | ---- | M] (Microsoft Corporation)

"NoUserPolicy" = 1

"NoGPOListChanges" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]

"" = Internet Explorer Zonemapping

"ProcessGroupPolicy" = ProcessGroupPolicyForZoneMap

"DllName" = C:\Windows\SysWOW64\iedkcs32.dll -- [2011/05/01 19:47:06 | 000,353,584 | ---- | M] (Microsoft Corporation)

"RequiresSuccessfulRegistry" = 1

"NoGPOListChanges" = 1

"DisplayName" = @C:\Windows\SysWOW64\iedkcs32.dll,-3051

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7933F41E-56F8-41d6-A31C-4148A711EE93}]

"" = Windows Search Group Policy Extension

"ProcessGroupPolicy" = ProcessGroupPolicy

"DllName" = %SystemRoot%\System32\srchadmin.dll -- [2010/11/20 14:21:25 | 000,301,568 | ---- | M] (Microsoft Corporation)

"RequiresSuccessfulRegistry" = 1

"NoSlowLink" = 0

"NoGPOListChanges" = 1

"NoUserPolicy" = 0

"NoMachinePolicy" = 0

"PerUserLocalSettings" = 0

"EnableAsynchronousProcessing" = 1

"NoBackgroundPolicy" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}]

"" = Internet Explorer User Accelerators

"ProcessGroupPolicy" = ProcessGroupPolicyForActivities

"DllName" = C:\Windows\SysWOW64\iedkcs32.dll -- [2011/05/01 19:47:06 | 000,353,584 | ---- | M] (Microsoft Corporation)

"RequiresSuccessfulRegistry" = 1

"ProcessGroupPolicyEx" = ProcessGroupPolicyForActivitiesEx

"NoGPOListChanges" = 1

"DisplayName" = @C:\Windows\SysWOW64\iedkcs32.dll,-3051

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]

"" = Security -- [2009/07/14 03:09:53 | 000,004,608 | ---- | M] (Microsoft Corporation)

"DisplayName" = @(runtime.system32)\scecli.dll,-7650

"ProcessGroupPolicy" = SceProcessSecurityPolicyGPO

"GenerateGroupPolicy" = SceGenerateGroupPolicy

"ExtensionRsopPlanningDebugLevel" = 1

"ProcessGroupPolicyEx" = SceProcessSecurityPolicyGPOEx

"ExtensionDebugLevel" = 1

"DllName" = scecli.dll -- [2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation)

"NoUserPolicy" = 1

"NoGPOListChanges" = 1

"EnableAsynchronousProcessing" = 1

"MaxNoGPOListChangesInterval" = 960

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{8A28E2C5-8D06-49A4-A08C-632DAA493E17}]

"" = Deployed Printer Connections

"DisplayName" = @%systemroot%\system32\gpprnext.dll,-1

"DllName" = %systemroot%\system32\gpprnext.dll -- [2009/07/14 03:15:24 | 000,033,792 | ---- | M] (Microsoft Corporation)

"EnableAsynchronousProcessing" = 1

"ExtensionEventSource" =

"GenerateGroupPolicy" = PrinterGenerateGroupPolicy

"MaxNoGPOListChangesInterval" = 0

"NoBackgroundPolicy" = 0

"NoGPOListChanges" = 0

"NoMachinePolicy" = 0

"NoSlowLink" = 1

"NotifyLinkTransition" = 0

"NoUserPolicy" = 0

"PerUserLocalSettings" = 0

"ProcessGroupPolicy" = PrinterProcessGroupPolicy

"ProcessGroupPolicyEx" = PrinterProcessGroupPolicyEx

"RequiresSuccessfulRegistry" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]

"" = Internet Explorer Branding

"ProcessGroupPolicy" = ProcessGroupPolicy

"DllName" = C:\Windows\SysWOW64\iedkcs32.dll -- [2011/05/01 19:47:06 | 000,353,584 | ---- | M] (Microsoft Corporation)

"GenerateGroupPolicy" = GenerateGroupPolicy

"NoSlowLink" = 1

"ProcessGroupPolicyEx" = ProcessGroupPolicyEx

"NoGPOListChanges" = 1

"NoMachinePolicy" = 1

"DisplayName" = @C:\Windows\SysWOW64\iedkcs32.dll,-3014

"NoBackgroundPolicy" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]

"" = 802.3 Group Policy

"DisplayName" = @dot3gpclnt.dll,-100

"ProcessGroupPolicyEx" = ProcessLANPolicyEx

"GenerateGroupPolicy" = GenerateLANPolicy

"DllName" = dot3gpclnt.dll -- [2009/07/14 03:15:12 | 000,074,752 | ---- | M] (Microsoft Corporation)

"NoUserPolicy" = 1

"NoGPOListChanges" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}]

"" = TCPIP

"DisplayName" = @gptext.dll,-204

"ProcessGroupPolicy" = ProcessTCPIPPolicy

"DllName" = gptext.dll -- [2009/07/14 03:15:24 | 000,018,944 | ---- | M] (Microsoft Corporation)

"NoUserPolicy" = 1

"NoGPOListChanges" = 1

"RequiresSuccessfulRegistry" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}]

"" = Internet Explorer Machine Accelerators

"ProcessGroupPolicy" = ProcessGroupPolicyForActivities

"DllName" = C:\Windows\SysWOW64\iedkcs32.dll -- [2011/05/01 19:47:06 | 000,353,584 | ---- | M] (Microsoft Corporation)

"RequiresSuccessfulRegistry" = 1

"ProcessGroupPolicyEx" = ProcessGroupPolicyForActivitiesEx

"NoGPOListChanges" = 1

"DisplayName" = @C:\Windows\SysWOW64\iedkcs32.dll,-3051

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]

"" = IP Security

"ProcessGroupPolicyEx" = ProcessIPSECPolicyEx

"GenerateGroupPolicy" = GenerateIPSECPolicy

"DllName" = %SystemRoot%\System32\polstore.dll -- [2009/07/14 03:16:12 | 000,273,920 | ---- | M] (Microsoft Corporation)

"NoUserPolicy" = 1

"NoGPOListChanges" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{FB2CA36D-0B40-4307-821B-A13B252DE56C}]

"" = Enterprise QoS

"DisplayName" = @gptext.dll,-203

"ProcessGroupPolicy" = ProcessEQoSPolicy

"DllName" = gptext.dll -- [2009/07/14 03:15:24 | 000,018,944 | ---- | M] (Microsoft Corporation)

"RequiresSuccessfulRegistry" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f}]

"" = CP

"DisplayName" = @gptext.dll,-205

"ProcessGroupPolicy" = ProcessConnectivityPlatformPolicy

"DllName" = gptext.dll -- [2009/07/14 03:15:24 | 000,018,944 | ---- | M] (Microsoft Corporation)

"NoUserPolicy" = 1

"NoGPOListChanges" = 1

"RequiresSuccessfulRegistry" = 1

< HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command /s >

"" = C:\Program Files (x86)\Internet Explorer\iexplore.exe -- [2011/05/01 19:47:06 | 000,748,336 | ---- | M] (Microsoft Corporation)

< %temp%\smtmp\1\*.* /s >

< %temp%\smtmp\2\*.* /s >

< %temp%\smtmp\4\*.* /s >

< nslookup www.google.fr /c >

Serveur : neufbox

Address: 192.168.1.1

Nom : www.l.google.com

Addresses: 74.125.39.99

74.125.39.105

74.125.39.104

74.125.39.106

74.125.39.147

74.125.39.103

Aliases: WWW.GOOGLE.FR

www.google.com

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >

[2010/05/18 20:45:10 | 000,000,000 | -HSD | M] -- C:\Users\Manon\AppData\Roaming\.#

[2010/05/19 13:11:19 | 000,000,000 | ---D | M] -- C:\Users\Manon\AppData\Roaming\Adobe

[2011/05/26 19:23:06 | 000,000,000 | ---D | M] -- C:\Users\Manon\AppData\Roaming\Audacity

[2010/10/25 01:05:59 | 000,000,000 | ---D | M] -- C:\Users\Manon\AppData\Roaming\Blender Foundation

[2011/03/18 19:34:03 | 000,000,000 | ---D | M] -- C:\Users\Manon\AppData\Roaming\Blue Cat Audio

[2010/06/23 13:27:05 | 000,000,000 | ---D | M] -- C:\Users\Manon\AppData\Roaming\CyberLink

[2011/05/11 16:20:49 | 000,000,000 | ---D | M] -- C:\Users\Manon\AppData\Roaming\DAZ 3D

[2011/08/08 12:19:48 | 000,000,000 | ---D | M] -- C:\Users\Manon\AppData\Roaming\DVDVideoSoft

[2011/05/12 19:48:34 | 000,000,000 | ---D | M] -- C:\Users\Manon\AppData\Roaming\DVDVideoSoftIEHelpers

[2010/05/18 20:44:47 | 000,000,000 | ---D | M] -- C:\Users\Manon\AppData\Roaming\GameConsole

[2010/05/16 19:19:27 | 000,000,000 | ---D | M] -- C:\Users\Manon\AppData\Roaming\Google

[2010/10/24 17:29:04 | 000,000,000 | ---D | M] -- C:\Users\Manon\AppData\Roaming\gtk-2.0

[2011/03/18 19:34:57 | 000,000,000 | ---D | M] -- C:\Users\Manon\AppData\Roaming\HighAndes

[2010/06/21 11:16:13 | 000,000,000 | ---D | M] -- C:\Users\Manon\AppData\Roaming\Identities

[2011/08/15 18:12:00 | 000,000,000 | ---D | M] -- C:\Users\Manon\AppData\Roaming\IMVU

[2011/08/10 13:19:12 | 000,000,000 | ---D | M] -- C:\Users\Manon\AppData\Roaming\IMVUClient

[2010/11/06 03:09:42 | 000,000,000 | ---D | M] -- C:\Users\Manon\AppData\Roaming\inkscape

[2011/02/12 04:06:59 | 000,000,000 | ---D | M] -- C:\Users\Manon\AppData\Roaming\InstallShield

[2010/05/16 19:01:33 | 000,000,000 | ---D | M] -- C:\Users\Manon\AppData\Roaming\Macromedia

[2011/08/15 17:58:05 | 000,000,000 | ---D | M] -- C:\Users\Manon\AppData\Roaming\Malwarebytes

[2009/07/14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\Manon\AppData\Roaming\Media Center Programs

[2011/04/15 21:49:28 | 000,000,000 | --SD | M] -- C:\Users\Manon\AppData\Roaming\Microsoft

[2010/06/21 18:24:21 | 000,000,000 | ---D | M] -- C:\Users\Manon\AppData\Roaming\Mozilla

[2010/05/26 14:53:10 | 000,000,000 | ---D | M] -- C:\Users\Manon\AppData\Roaming\Netscape

[2010/06/17 18:33:02 | 000,000,000 | ---D | M] -- C:\Users\Manon\AppData\Roaming\OpenOffice.org

[2010/05/26 15:02:44 | 000,000,000 | ---D | M] -- C:\Users\Manon\AppData\Roaming\Photodex

[2010/08/01 20:02:21 | 000,000,000 | ---D | M] -- C:\Users\Manon\AppData\Roaming\PhotoFiltre

[2010/06/23 13:27:10 | 000,000,000 | ---D | M] -- C:\Users\Manon\AppData\Roaming\PowerCinema

[2011/08/14 22:35:18 | 000,000,000 | ---D | M] -- C:\Users\Manon\AppData\Roaming\Skype

[2011/08/02 17:47:45 | 000,000,000 | ---D | M] -- C:\Users\Manon\AppData\Roaming\skypePM

[2011/05/06 22:27:13 | 000,000,000 | ---D | M] -- C:\Users\Manon\AppData\Roaming\Uniblue

[2010/07/12 23:24:50 | 000,000,000 | ---D | M] -- C:\Users\Manon\AppData\Roaming\Vivox

[2011/07/12 18:23:57 | 000,000,000 | ---D | M] -- C:\Users\Manon\AppData\Roaming\vlc

[2010/08/27 15:57:26 | 000,000,000 | ---D | M] -- C:\Users\Manon\AppData\Roaming\Windows Live Writer

[2010/12/05 20:05:25 | 000,000,000 | ---D | M] -- C:\Users\Manon\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >

[2011/02/08 00:11:20 | 007,509,008 | ---- | M] (Vivox, Inc.) -- C:\Users\Manon\AppData\Roaming\IMVUClient\1VivoxVoice.exe

[2011/07/23 00:30:32 | 000,203,776 | ---- | M] () -- C:\Users\Manon\AppData\Roaming\IMVUClient\devicefingerprint.exe

[2011/07/27 18:28:54 | 000,009,216 | ---- | M] () -- C:\Users\Manon\AppData\Roaming\IMVUClient\devicefingerprint_v94.exe

[2011/07/29 07:44:26 | 000,053,504 | ---- | M] () -- C:\Users\Manon\AppData\Roaming\IMVUClient\IMVUClient.exe

[2011/07/29 07:44:26 | 000,022,784 | ---- | M] () -- C:\Users\Manon\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe

[2011/07/29 07:44:28 | 000,097,200 | ---- | M] () -- C:\Users\Manon\AppData\Roaming\IMVUClient\IMVUupdater.exe

[2011/07/27 18:27:26 | 000,009,728 | ---- | M] (Mozilla Corporation) -- C:\Users\Manon\AppData\Roaming\IMVUClient\plugin-container.exe

[2011/08/10 13:19:18 | 000,077,973 | ---- | M] () -- C:\Users\Manon\AppData\Roaming\IMVUClient\Uninstall.exe

[2011/04/28 20:51:30 | 000,049,664 | ---- | M] () -- C:\Users\Manon\AppData\Roaming\IMVUClient\w9xpopen.exe

[2011/07/05 21:44:14 | 000,121,856 | ---- | M] () -- C:\Users\Manon\AppData\Roaming\IMVUClient\WriteMiniDump.exe

[2011/08/10 13:18:53 | 022,503,976 | ---- | M] () -- C:\Users\Manon\AppData\Roaming\IMVUClient\installer\SetupImvu_update.exe

[2011/04/27 19:38:13 | 000,046,502 | R--- | M] () -- C:\Users\Manon\AppData\Roaming\Microsoft\Installer\{9D1D6545-B912-4C58-A444-1E879BCD7453}\_27ca61b9.exe

[2011/04/27 19:38:13 | 000,095,315 | R--- | M] () -- C:\Users\Manon\AppData\Roaming\Microsoft\Installer\{9D1D6545-B912-4C58-A444-1E879BCD7453}\_3a1b11d8.exe

[2011/04/27 19:38:13 | 000,053,559 | R--- | M] () -- C:\Users\Manon\AppData\Roaming\Microsoft\Installer\{9D1D6545-B912-4C58-A444-1E879BCD7453}\_3a1e3bd4.exe

[2011/04/27 19:38:13 | 000,061,203 | R--- | M] () -- C:\Users\Manon\AppData\Roaming\Microsoft\Installer\{9D1D6545-B912-4C58-A444-1E879BCD7453}\_3a2165d0.exe

[2011/04/27 19:38:13 | 000,057,332 | R--- | M] () -- C:\Users\Manon\AppData\Roaming\Microsoft\Installer\{9D1D6545-B912-4C58-A444-1E879BCD7453}\_3a24fcd.exe

[2011/04/27 19:38:13 | 000,003,638 | R--- | M] () -- C:\Users\Manon\AppData\Roaming\Microsoft\Installer\{9D1D6545-B912-4C58-A444-1E879BCD7453}\_62023ba.exe

[2011/04/27 19:38:13 | 000,014,846 | R--- | M] () -- C:\Users\Manon\AppData\Roaming\Microsoft\Installer\{9D1D6545-B912-4C58-A444-1E879BCD7453}\_6d923fb8.exe

[2011/04/27 19:38:13 | 000,053,394 | R--- | M] () -- C:\Users\Manon\AppData\Roaming\Microsoft\Installer\{9D1D6545-B912-4C58-A444-1E879BCD7453}\_78a61aa.exe

[2010/05/16 22:25:04 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Users\Manon\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe

[2010/05/16 22:25:04 | 000,086,576 | ---- | M] (Microsoft Corporation) -- C:\Users\Manon\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe

[2010/05/16 22:25:04 | 000,132,672 | ---- | M] (Microsoft Corporation) -- C:\Users\Manon\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe

< %SYSTEMDRIVE%\*.exe >

[2007/11/07 08:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< MD5 for: AGP440.SYS >

[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys

[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys

[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >

[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys

[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys

[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CDROM.SYS >

[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys

[2010/11/20 11:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys

[2010/11/20 11:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys

[2010/11/20 11:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys

< MD5 for: CNGAUDIT.DLL >

[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll

[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: CTFMON.EXE >

[2009/07/14 03:39:02 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=42B6A94DD747DF2B5F628A2752E62A98 -- C:\Windows\SysNative\ctfmon.exe

[2009/07/14 03:39:02 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=42B6A94DD747DF2B5F628A2752E62A98 -- C:\Windows\winsxs\amd64_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_f9257e7aaa4290ce\ctfmon.exe

[2009/07/14 03:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4A3CDCEF8ED41B221F3DBEF5792FB52D -- C:\Windows\SysWOW64\ctfmon.exe

[2009/07/14 03:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4A3CDCEF8ED41B221F3DBEF5792FB52D -- C:\Windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe

< MD5 for: DISK.SYS >

[2009/07/14 03:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\drivers\disk.sys

[2009/07/14 03:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys

[2009/07/14 03:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys

< MD5 for: DWM.EXE >

[2009/07/14 03:39:08 | 000,120,320 | ---- | M] (Microsoft Corporation) MD5=F162D5F5E845B9DC352DD1BAD8CEF1BC -- C:\Windows\SysNative\dwm.exe

[2009/07/14 03:39:08 | 000,120,320 | ---- | M] (Microsoft Corporation) MD5=F162D5F5E845B9DC352DD1BAD8CEF1BC -- C:\Windows\winsxs\amd64_microsoft-windows-d..pwindowmanager-core_31bf3856ad364e35_6.1.7600.16385_none_e99885bbd6e301de\dwm.exe

[2009/07/14 03:39:08 | 000,120,320 | ---- | M] (Microsoft Corporation) MD5=F162D5F5E845B9DC352DD1BAD8CEF1BC -- C:\Windows\winsxs\amd64_microsoft-windows-d..pwindowmanager-core_31bf3856ad364e35_6.1.7601.17514_none_ebc99983d3d18578\dwm.exe

< MD5 for: EXPLORER.EXE >

[2011/02/26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe

[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe

[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe

[2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe

[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe

[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe

[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe

[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe

[2011/02/26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe

[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe

[2009/08/03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe

[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe

[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe

[2009/10/31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe

[2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe

[2010/11/20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

[2009/10/31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe

[2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe

[2009/07/14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe

[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe

[2011/02/26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe

[2009/08/03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: IASTOR.SYS >

[2009/10/13 20:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys

[2009/10/13 20:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys

[2009/10/13 20:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Windows\SysNative\drivers\iaStor.sys

[2009/10/13 20:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_6fca727099cdabf1\iaStor.sys

< MD5 for: IASTORV.SYS >

[2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys

[2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys

[2011/03/11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys

[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys

[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys

[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

[2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys

[2011/03/11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys

[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NDIS.SYS >

[2010/11/20 15:33:45 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\SysNative\drivers\ndis.sys

[2010/11/20 15:33:45 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_05ed313632ae9759\ndis.sys

[2009/07/14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys

< MD5 for: NETLOGON.DLL >

[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll

[2010/11/20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll

[2010/11/20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll

[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll

[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >

[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

[2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys

[2011/03/11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys

[2011/03/11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys

[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys

[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys

[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

[2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys

[2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< MD5 for: RASACD.SYS >

[2009/07/14 02:10:09 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=5A0DA8AD5762FA2D91678A8A01311704 -- C:\Windows\SysNative\drivers\rasacd.sys

[2009/07/14 02:10:09 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=5A0DA8AD5762FA2D91678A8A01311704 -- C:\Windows\winsxs\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_6bcef05d7f04260a\rasacd.sys

< MD5 for: RDPCLIP.EXE >

[2010/11/20 15:25:05 | 000,210,944 | ---- | M] (Microsoft Corporation) MD5=25D284EB2F12254C001AFE9A82575A81 -- C:\Windows\winsxs\amd64_microsoft-windows-t..lipboardredirection_31bf3856ad364e35_6.1.7601.17514_none_5ffc161221c1b4f6\rdpclip.exe

[2009/07/14 03:39:28 | 000,209,408 | ---- | M] (Microsoft Corporation) MD5=798F5E39068FD3BC9D999A401FAB5F62 -- C:\Windows\winsxs\amd64_microsoft-windows-t..lipboardredirection_31bf3856ad364e35_6.1.7600.16385_none_5dcb024a24d3315c\rdpclip.exe

< MD5 for: RDPWD.SYS >

[2010/11/20 13:04:37 | 000,210,944 | ---- | M] (Microsoft Corporation) MD5=15B66C206B5CB095BAB980553F38ED23 -- C:\Windows\SysNative\drivers\rdpwd.sys

[2010/11/20 13:04:37 | 000,210,944 | ---- | M] (Microsoft Corporation) MD5=15B66C206B5CB095BAB980553F38ED23 -- C:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.17514_none_a99b8db6eba2129b\rdpwd.sys

[2009/07/14 02:16:48 | 000,204,800 | ---- | M] (Microsoft Corporation) MD5=8A3E6BEA1C53EA6177FE2B6EBA2C80D7 -- C:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.16385_none_a76a79eeeeb38f01\rdpwd.sys

< MD5 for: SCECLI.DLL >

[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll

[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll

[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll

[2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll

[2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: SFLOPPY.SYS >

[2009/07/14 02:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=A9D601643A1647211A1EE2EC4E433FF4 -- C:\Windows\SysNative\drivers\sfloppy.sys

[2009/07/14 02:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=A9D601643A1647211A1EE2EC4E433FF4 -- C:\Windows\SysNative\DriverStore\FileRepository\flpydisk.inf_amd64_neutral_f54222cc59267e1e\sfloppy.sys

[2009/07/14 02:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=A9D601643A1647211A1EE2EC4E433FF4 -- C:\Windows\winsxs\amd64_flpydisk.inf_31bf3856ad364e35_6.1.7600.16385_none_42ff01d4942cc5ea\sfloppy.sys

< MD5 for: TASKENG.EXE >

[2010/11/02 06:24:43 | 000,192,000 | ---- | M] (Microsoft Corporation) MD5=41C52AF44FB96BDDB1EFB25D2D943BBA -- C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7600.20830_none_e63d55df39278cc6\taskeng.exe

[2010/11/20 14:17:47 | 000,192,000 | ---- | M] (Microsoft Corporation) MD5=4F2659160AFCCA990305816946F69407 -- C:\Windows\SysWOW64\taskeng.exe

[2010/11/20 14:17:47 | 000,192,000 | ---- | M] (Microsoft Corporation) MD5=4F2659160AFCCA990305816946F69407 -- C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7601.17514_none_e7b3b71a1d1c8662\taskeng.exe

[2010/11/02 07:10:47 | 000,464,384 | ---- | M] (Microsoft Corporation) MD5=60CAE1FA4888ED41B41AEE91C774E4A2 -- C:\Windows\winsxs\amd64_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7600.16699_none_419a75c3d88fecc0\taskeng.exe

[2010/11/20 15:25:23 | 000,464,384 | ---- | M] (Microsoft Corporation) MD5=65EA57712340C09B1B0C427B4848AE05 -- C:\Windows\SysNative\taskeng.exe

[2010/11/20 15:25:23 | 000,464,384 | ---- | M] (Microsoft Corporation) MD5=65EA57712340C09B1B0C427B4848AE05 -- C:\Windows\winsxs\amd64_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7601.17514_none_43d2529dd579f798\taskeng.exe

[2010/11/02 07:16:39 | 000,464,384 | ---- | M] (Microsoft Corporation) MD5=84343003E0E6716B3E782FF781B92815 -- C:\Windows\winsxs\amd64_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7600.20830_none_425bf162f184fdfc\taskeng.exe

[2009/07/14 03:39:47 | 000,463,872 | ---- | M] (Microsoft Corporation) MD5=C1BDC97E8C9404245DE87F1EF08D1764 -- C:\Windows\winsxs\amd64_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7600.16385_none_41a13ed5d88b73fe\taskeng.exe

[2009/07/14 03:14:42 | 000,190,464 | ---- | M] (Microsoft Corporation) MD5=DE5DACEBD4C89834EC6D2C41C8643CDA -- C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7600.16385_none_e582a352202e02c8\taskeng.exe

[2010/11/02 06:34:44 | 000,192,000 | ---- | M] (Microsoft Corporation) MD5=F8952E80B7F778DA2F7AA8393CA2D30E -- C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7600.16699_none_e57bda4020327b8a\taskeng.exe

< MD5 for: TASKHOST.EXE >

[2009/07/14 03:39:47 | 000,069,120 | ---- | M] (Microsoft Corporation) MD5=3EEFB971D61EF9638FD21F14C703CA11 -- C:\Windows\winsxs\amd64_microsoft-windows-taskhost_31bf3856ad364e35_6.1.7600.16385_none_84339a007406dfa0\taskhost.exe

[2010/11/20 15:25:23 | 000,069,120 | ---- | M] (Microsoft Corporation) MD5=517110BD83835338C037269E603DB55D -- C:\Windows\SysNative\taskhost.exe

[2010/11/20 15:25:23 | 000,069,120 | ---- | M] (Microsoft Corporation) MD5=517110BD83835338C037269E603DB55D -- C:\Windows\winsxs\amd64_microsoft-windows-taskhost_31bf3856ad364e35_6.1.7601.17514_none_8664adc870f5633a\taskhost.exe

< MD5 for: TCPIP.SYS >

[2011/04/25 07:28:24 | 001,893,248 | ---- | M] (Microsoft Corporation) MD5=1F748D5439B65E0BEBD92F65048F030D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys

[2010/11/20 15:33:57 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys

[2011/06/21 08:16:55 | 001,888,128 | ---- | M] (Microsoft Corporation) MD5=5279D4DD69C7C71524B8E7A5746D15CC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_0f8ed978993fa916\tcpip.sys

[2010/06/14 08:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys

[2011/04/25 07:32:22 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=61DC720BB065D607D5823F13D2A64321 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_0f668bf97fd90dd3\tcpip.sys

[2010/04/09 13:06:28 | 001,898,376 | ---- | M] (Microsoft Corporation) MD5=7FC877A25796D8ADF539E64703FCA7E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16569_none_0f2ca8c580036f65\tcpip.sys

[2010/06/14 08:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys

[2009/07/14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys

[2011/04/25 07:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys

[2011/06/21 08:20:30 | 001,914,752 | ---- | M] (Microsoft Corporation) MD5=A0EB71E0DC047C7CC95CD6AB4036296E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_11a276c29643d7ec\tcpip.sys

[2010/04/09 09:56:29 | 001,892,232 | ---- | M] (Microsoft Corporation) MD5=A9C0F786AC1F736891D05CE0A1D29DEB -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20687_none_0f9ea52499331463\tcpip.sys

[2011/04/25 08:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys

[2011/06/21 08:27:14 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=B9D87C7707F058AC652A398CD28DE14B -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_0f4d1e3b7feb1307\tcpip.sys

[2011/06/21 08:34:00 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=F0E98C00A09FDF791525829A1D14240F -- C:\Windows\SysNative\drivers\tcpip.sys

[2011/06/21 08:34:00 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=F0E98C00A09FDF791525829A1D14240F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_11327af77d12659c\tcpip.sys

< MD5 for: TDPIPE.SYS >

[2009/07/14 02:16:32 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=3371D21011695B16333A3934340C4E7C -- C:\Windows\SysNative\drivers\tdpipe.sys

[2009/07/14 02:16:32 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=3371D21011695B16333A3934340C4E7C -- C:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.16385_none_37a129135e68497e\tdpipe.sys

< MD5 for: TDTCP.SYS >

[2009/07/14 02:16:32 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=E4245BDA3190A582D55ED09E137401A9 -- C:\Windows\SysNative\drivers\tdtcp.sys

[2009/07/14 02:16:32 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=E4245BDA3190A582D55ED09E137401A9 -- C:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.16385_none_37a129135e68497e\tdtcp.sys

< MD5 for: USBPRINT.SYS >

[2009/07/14 02:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=73188F58FB384E75C4063D29413CEE3D -- C:\Windows\SysNative\drivers\usbprint.sys

[2009/07/14 02:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=73188F58FB384E75C4063D29413CEE3D -- C:\Windows\SysNative\DriverStore\FileRepository\usbprint.inf_amd64_neutral_54948be2bc4bcdd1\usbprint.sys

[2009/07/14 02:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=73188F58FB384E75C4063D29413CEE3D -- C:\Windows\winsxs\amd64_usbprint.inf_31bf3856ad364e35_6.1.7600.16385_none_8eeeb411db1b01c5\usbprint.sys

< MD5 for: USBSCAN.SYS >

[2009/07/14 02:35:32 | 000,041,984 | ---- | M] (Microsoft Corporation) MD5=AAA2513C8AED8B54B189FD0C6B1634C0 -- C:\Windows\SysNative\DriverStore\FileRepository\sti.inf_amd64_neutral_9d9a7113099a28a2\usbscan.sys

[2009/07/14 02:35:32 | 000,041,984 | ---- | M] (Microsoft Corporation) MD5=AAA2513C8AED8B54B189FD0C6B1634C0 -- C:\Windows\winsxs\amd64_sti.inf_31bf3856ad364e35_6.1.7600.16385_none_b5d3c30ffa77a77a\usbscan.sys

< MD5 for: USERINIT.EXE >

[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: VOLSNAP.SYS >

[2010/11/20 15:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\drivers\volsnap.sys

[2010/11/20 15:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys

[2010/11/20 15:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys

[2009/07/14 03:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_71aba92815c60174\volsnap.sys

< MD5 for: WININIT.EXE >

[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >

[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

[2009/10/28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe

[2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

[2011/05/01 19:47:06 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll

[2011/05/01 19:47:06 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll

[2011/07/22 04:51:14 | 009,704,448 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll

[2011/05/01 19:47:06 | 000,118,784 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\iepeers.dll

[2010/11/20 14:19:56 | 001,236,992 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\msxml3.dll

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:4CF61E54

< End of report >

Rapport Extras.Txt :

OTL Extras logfile created on: 15/08/2011 18:15:36 - Run 1

OTL by OldTimer - Version 3.2.26.4 Folder = C:\Users\Manon\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,93 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 58,10% Memory free

7,86 Gb Paging File | 6,04 Gb Available in Paging File | 76,80% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 453,66 Gb Total Space | 371,87 Gb Free Space | 81,97% Space Free | Partition Type: NTFS

Computer Name: MANON-PC | User Name: Manon | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1673646550-512130197-2364748181-1001\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Users\Manon\Downloads\mozilla firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [AddToPlaylistVLC] -- "C:\Users\Manon\Downloads\vlc\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Users\Manon\Downloads\vlc\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Users\Manon\Downloads\vlc\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Users\Manon\Downloads\vlc\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware

"{32E9C1A5-0FDA-4483-987D-DBABF9CC1DD8}" = Microsoft Antimalware Service FR-FR Language Pack

"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client

"{4B5F58F7-C7D1-3CE3-9B37-B657F0852643}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-002A-040C-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (French) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9B48B0AC-C813-4174-9042-476A887592C7}" = Assistant de connexion Windows Live ID

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver

"{A8A4C98E-08D8-41BB-BDCB-2C412327535E}" = Windows Live Contrôle parental

"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client FR-FR Language Pack

"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Blender" = Blender

"CCleaner" = CCleaner

"HDMI" = Intel® Graphics Media Accelerator Driver

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA

"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{0214A441-A4AB-43A8-8DEF-2F73C5364673}" = Microsoft Works

"{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}" = Uniblue RegistryBooster

"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard

"{133742BA-6F46-4D3E-85AF-78631D9AD8B8}" = Installation Windows Live

"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1EE04769-91C4-4A06-92B7-FCAFE6BABDD9}" = Galerie de photos Windows Live

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1FD8CA85-5AFB-4100-995E-90337CE8F35B}" = PowerArchiver 2010

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{230B83A5-7D88-4B95-B71E-F44C0C78B002}" = Windows Live Movie Maker

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8

"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe

"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java 6 Update 24

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{3AFDD2C6-8663-46B5-B195-6CEB00D44768}" = adsl TV

"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management

"{445B183D-F4F1-45C8-B9DB-F11355CA657B}" = Windows Live Messenger

"{4634B21A-CC07-4396-890C-2B8168661FEA}" = Windows Live Writer

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack

"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows

"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail

"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker

"{69B040CC-E9B1-4769-950E-87786C9E16AD}" = OpenOffice.org 3.2

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{76810709-A7D3-468D-9167-A1780C1E766C}" = Windows Live FolderShare

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam

"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}" = First Class Flurry

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update

"{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console

"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007

"{90120000-0015-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007

"{90120000-0016-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0017-040C-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (French) 2007

"{90120000-0017-040C-0000-0000000FF1CE}_OMUI.fr-fr_{CCDA3DD6-E33D-4D75-B7C9-FF585580CE83}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007

"{90120000-0018-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007

"{90120000-0019-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007

"{90120000-001A-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007

"{90120000-001B-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007

"{90120000-001F-0401-0000-0000000FF1CE}_OMUI.fr-fr_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.fr-fr_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007

"{90120000-001F-0413-0000-0000000FF1CE}_OMUI.fr-fr_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007

"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-002A-040C-1000-0000000FF1CE}_OMUI.fr-fr_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007

"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007

"{90120000-0044-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007

"{90120000-006E-040C-0000-0000000FF1CE}_OMUI.fr-fr_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007

"{90120000-00A1-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-040C-0000-0000000FF1CE}" = Microsoft Office Groove MUI (French) 2007

"{90120000-00BA-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0100-040C-0000-0000000FF1CE}" = Microsoft Office O MUI (French) 2007

"{90120000-0100-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0101-040C-0000-0000000FF1CE}" = Microsoft Office X MUI (French) 2007

"{90120000-0101-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D1D6545-B912-4C58-A444-1E879BCD7453}" = 3D Canvas

"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV pour Windows Media Center

"{9D6524E6-15CF-4852-BF70-04FE973A3DE1}" = Windows Live Toolbar

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.5 MUI

"{B3B487E7-6171-4376-9074-B28082CEB504}" = Windows Live Call

"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup

"{CAB81583-0310-43E1-8E33-0864985EDD67}" = trakAxPC

"{CC431AE0-60DC-451B-A7A9-FBBC2BE5E86F}" = LastChaosFRA

"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5

"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide

"{E2A6B1A0-C1E3-4311-BF86-EAF18841FD67}" = CANAL+ pour Windows Media Center

"{E32B0931-C97B-48E1-A466-27D4088060EF}" = Install(Fr)

"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant

"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1

"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"Acer Registration" = Acer Registration

"Acer Screensaver" = Acer ScreenSaver

"Acer Welcome Center" = Welcome Center

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Akamai" = Akamai NetSession Interface

"aniMate 2 DS3 2.0.0.7" = aniMate 2 DS3

"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)

"facetheme" = Facetheme

"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.6.727

"GridVista" = Acer GridVista

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"Identity Card" = Identity Card

"IMVU_Inc Toolbar" = IMVU Inc Toolbar

"Inkscape" = Inkscape 0.48.0

"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5

"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2

"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8

"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe

"LManager" = Launch Manager

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800

"McAfee Security Scan" = McAfee Security Scan Plus

"Messenger Plus!" = Messenger Plus! 5

"Messenger_Plus_Live_France Toolbar" = Messenger_Plus_Live_France Toolbar

"Mozilla Firefox (3.6." = Mozilla Firefox (3.6.

"Mozilla Firefox 4.0.1 (x86 fr)" = Mozilla Firefox 4.0.1 (x86 fr)

"MSC" = McAfee SecurityCenter

"OMUI.fr-fr" = Microsoft Office Language Pack 2007 - French/Français

"OpenAL" = OpenAL

"PcCloneEX" = PcCloneEX

"PCTuto Avast_is1" = PCTuto Avast 2.0

"PCTuto_is1" = PCTuto 2.0

"Photodex Presenter" = Photodex Presenter

"Tom's_Guide_France Toolbar" = Tom's Guide France Toolbar

"TuxGuitar_0" = TuxGuitar 1.2

"Uniblue RegistryBooster" = Uniblue RegistryBooster

"Uninstall_is1" = Uninstall 1.0.0.1

"UpdatePCTuto_is1" = UpdatePCTuto 2.0

"VLC media player" = VLC media player 1.0.5

"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner

"WinGimp-2.0_is1" = GIMP 2.6.11

"WinLiveSuite_Wave3" = Installation Windows Live

"WinRAR archiver" = Logiciel d'archivage WinRAR

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1673646550-512130197-2364748181-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Ad-Remover" = Ad-Remover

"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software

"Mozilla Firefox 5.0 (x86 fr)" = Mozilla Firefox 5.0 (x86 fr)

"Notification de cadeaux MSN" = Notification de cadeaux MSN

"PhotoFiltre" = PhotoFiltre

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 16/07/2011 09:22:20 | Computer Name = Manon-PC | Source = McLogEvent | ID = 5051

Description = Un thread du processus C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe a

mis plus de 90000 ms à effectuer une requête. Le processus va se terminer. ID du thread :

440 (0x1b8) Adresse du thread : 0x00000000776C138A Message du thread : Build VSCORE.14.0.0.435

/ 5400.1158 Object being scanned = \Device\HarddiskVolume3\Users\Manon\AppData\Local\Microsoft\Windows\Temporary

Internet Files\Low\Content.IE5\4FCF3AEN\world_of_warcraft_mise_a_jour_depuis_v3.0.1.8874_francais_294816[1].exe

by C:\Program Files (x86)\Internet Explorer\iexplore.exe 4(0)(0) 4(0)(0) 7200(0)(0)

7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 16/07/2011 14:53:49 | Computer Name = Manon-PC | Source = McLogEvent | ID = 5051

Description = Un thread du processus C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe a

mis plus de 90000 ms à effectuer une requête. Le processus va se terminer. ID du thread :

3196 (0xc7c) Adresse du thread : 0x0000000076FF138A Message du thread : Build VSCORE.14.0.0.435

/ 5400.1158 Object being scanned = \Device\HarddiskVolume3\Users\Manon\Downloads\Wow\world_of_warcraft_mise_a_jour_depuis_v3.0.1.8874_francais_294816.exe

by C:\Program Files (x86)\Internet Explorer\iexplore.exe 4(0)(0) 4(0)(0) 7200(0)(0)

7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 21/07/2011 12:56:34 | Computer Name = Manon-PC | Source = MsiInstaller | ID = 1013

Description =

Error - 21/07/2011 12:58:06 | Computer Name = Manon-PC | Source = MsiInstaller | ID = 1013

Description =

Error - 21/07/2011 14:51:59 | Computer Name = Manon-PC | Source = SideBySide | ID = 16842815

Description = La création du contexte d’activation a échoué pour « c:\Program Files

(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll ». Erreur dans le fichier

de manifeste ou de stratégie « c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe

AIR.dll » à la ligne 3. La valeur « MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR »

de l’attribut « version » de l’élément « assemblyIdentity » n’est pas valide.

Error - 21/07/2011 14:56:09 | Computer Name = Manon-PC | Source = SideBySide | ID = 16842787

Description = La création du contexte d’activation a échoué pour « c:\program files

(x86)\windows live\photo gallery\MovieMaker.Exe ». Erreur dans le fichier de manifeste

ou de stratégie « c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL »

à la ligne 8. L’identité de composant trouvé dans le manifeste ne correspond pas

à celle du composant demandé. La référence est WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".

La

définition est WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".

Utilisez

sxstrace.exe pour un diagnostic détaillé.

Error - 22/07/2011 09:17:33 | Computer Name = Manon-PC | Source = SideBySide | ID = 16842815

Description = La création du contexte d’activation a échoué pour « c:\Program Files

(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll ». Erreur dans le fichier

de manifeste ou de stratégie « c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe

AIR.dll » à la ligne 3. La valeur « MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR »

de l’attribut « version » de l’élément « assemblyIdentity » n’est pas valide.

Error - 22/07/2011 09:21:24 | Computer Name = Manon-PC | Source = SideBySide | ID = 16842787

Description = La création du contexte d’activation a échoué pour « c:\program files

(x86)\windows live\photo gallery\MovieMaker.Exe ». Erreur dans le fichier de manifeste

ou de stratégie « c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL »

à la ligne 8. L’identité de composant trouvé dans le manifeste ne correspond pas

à celle du composant demandé. La référence est WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".

La

définition est WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".

Utilisez

sxstrace.exe pour un diagnostic détaillé.

Error - 22/07/2011 09:22:46 | Computer Name = Manon-PC | Source = SideBySide | ID = 16842811

Description = La création du contexte d’activation a échoué pour « c:\program files

(x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll ».

Erreur dans le fichier de manifeste ou de stratégie « c:\program files (x86)\microsoft\search

enhancement pack\search helper\sepsearchhelperie.dll » à la ligne 2. Syntaxe XML

non valide.

Error - 25/07/2011 14:47:40 | Computer Name = Manon-PC | Source = SideBySide | ID = 16842815

Description = La création du contexte d’activation a échoué pour « c:\Program Files

(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll ». Erreur dans le fichier

de manifeste ou de stratégie « c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe

AIR.dll » à la ligne 3. La valeur « MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR »

de l’attribut « version » de l’élément « assemblyIdentity » n’est pas valide.

[ Media Center Events ]

Error - 07/07/2010 16:19:51 | Computer Name = Manon-PC | Source = MCUpdate | ID = 0

Description = 22:19:50 - Échec de la récupération de MCEClientUX (Erreur : La connexion

sous-jacente a été fermée : Une erreur inattendue s'est produite lors de la réception.)

Error - 05/08/2010 05:08:02 | Computer Name = Manon-PC | Source = MCUpdate | ID = 0

Description = 11:08:02 - Erreur de connexion à Internet. 11:08:02 - Impossible

de contacter le service..

Error - 05/08/2010 05:08:14 | Computer Name = Manon-PC | Source = MCUpdate | ID = 0

Description = 11:08:08 - Erreur de connexion à Internet. 11:08:08 - Impossible

de contacter le service..

[ OSession Events ]

Error - 23/01/2011 15:39:41 | Computer Name = Manon-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 57

seconds with 0 seconds of active time. This session ended with a crash.

Error - 13/02/2011 09:35:28 | Computer Name = Manon-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4

seconds with 0 seconds of active time. This session ended with a crash.

Error - 15/05/2011 16:29:32 | Computer Name = Manon-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application

Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session

lasted 7 seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]

Error - 10/08/2011 17:01:45 | Computer Name = Manon-PC | Source = Microsoft Antimalware | ID = 3002

Description = La fonctionnalité de protection en temps réel %%860 a rencontré une

erreur et s'est arrêtée. Fonctionnalité : %%835 Code d'erreur : 0x80004005 Description

de l'erreur : Erreur non spécifiée Raison : %%842

Error - 11/08/2011 05:58:21 | Computer Name = Manon-PC | Source = Microsoft Antimalware | ID = 3002

Description = La fonctionnalité de protection en temps réel %%860 a rencontré une

erreur et s'est arrêtée. Fonctionnalité : %%835 Code d'erreur : 0x80004005 Description

de l'erreur : Erreur non spécifiée Raison : %%842

Error - 14/08/2011 11:51:30 | Computer Name = Manon-PC | Source = Microsoft Antimalware | ID = 3002

Description = La fonctionnalité de protection en temps réel %%860 a rencontré une

erreur et s'est arrêtée. Fonctionnalité : %%835 Code d'erreur : 0x80004005 Description

de l'erreur : Erreur non spécifiée Raison : %%842

Error - 14/08/2011 17:19:38 | Computer Name = Manon-PC | Source = EventLog | ID = 6008

Description = L’arrêt système précédant à 23:17:27 le ?14/?08/?2011 n’était pas

prévu.

Error - 14/08/2011 17:20:07 | Computer Name = Manon-PC | Source = Microsoft Antimalware | ID = 3002

Description = La fonctionnalité de protection en temps réel %%860 a rencontré une

erreur et s'est arrêtée. Fonctionnalité : %%835 Code d'erreur : 0x80004005 Description

de l'erreur : Erreur non spécifiée Raison : %%842

Error - 15/08/2011 06:00:07 | Computer Name = Manon-PC | Source = Microsoft Antimalware | ID = 3002

Description = La fonctionnalité de protection en temps réel %%860 a rencontré une

erreur et s'est arrêtée. Fonctionnalité : %%835 Code d'erreur : 0x80004005 Description

de l'erreur : Erreur non spécifiée Raison : %%842

Error - 15/08/2011 09:50:32 | Computer Name = Manon-PC | Source = Service Control Manager | ID = 7031

Description = Le service McAfee Real-time Scanner s’est terminé de manière inattendue.

Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans

60000 millisecondes : Redémarrer le service.

Error - 15/08/2011 11:37:40 | Computer Name = Manon-PC | Source = Service Control Manager | ID = 7031

Description = Le service McAfee Real-time Scanner s’est terminé de manière inattendue.

Ceci s’est produit 2 fois. L’action corrective suivante va être effectuée dans

60000 millisecondes : Redémarrer le service.

Error - 15/08/2011 11:47:26 | Computer Name = Manon-PC | Source = Microsoft Antimalware | ID = 3002

Description = La fonctionnalité de protection en temps réel %%860 a rencontré une

erreur et s'est arrêtée. Fonctionnalité : %%835 Code d'erreur : 0x80004005 Description

de l'erreur : Erreur non spécifiée Raison : %%842

Error - 15/08/2011 12:11:16 | Computer Name = Manon-PC | Source = Microsoft Antimalware | ID = 3002

Description = La fonctionnalité de protection en temps réel %%860 a rencontré une

erreur et s'est arrêtée. Fonctionnalité : %%835 Code d'erreur : 0x80004005 Description

de l'erreur : Erreur non spécifiée Raison : %%842

< End of report >

Apollo · le 15 août 2011

Bonsoir,

ZHPDiag :

Télécharge ZHPDiag de Nicolas Coolman. et enregistre-le sur le BUREAU.
Double-clique sur ZHPDiag.exe pour lancer l'installation
- Important:
  Sous Vista et Windows 7 : il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur

N'oublie pas de cocher la case qui permet de mettre un raccourci sur le Bureau.

[*]L'outil a créé 2 icônes ZHPDiag et ZHPFix sur le Bureau.

[*]Double-clique sur ZHPDiag pour lancer l'exécution

Important:
Sous Vista et Windows 7 : il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur

[*]Clique sur le tournevis.

[*]Clique sur la loupe pour lancer l'analyse. Tu patientes jusqu'à ce que le scan affiche 100%

Tu refermes ZHPDiag

[*]Le rapport ZHPDiag.txt se trouve sur le Bureau.

Ce rapport étant trop long pour le forum, héberge le :

soit directement sur le forum en pièce jointe dans ta réponse : Ajouter un fichier en pièce jointe sur le forum <<< Seulement pour le forum Vista-XP.fr!
soit sur Cijoint.fr et copie-colle le lien fourni dans ta réponse.
Free large file hosting. Send big files the easy way! copier/coller le tout premier lien fourni.

Info: Apollo Et Compagnie :: ZHPDiag, un outil de diagnostic

@++

Blackraven · le 15 août 2011

Merci de ta réponse,

Voilà le lien du rapport : Mon lien

Apollo · le 15 août 2011

Re,

1) ZHPFix :

Ferme toutes les applications ouvertes
Double-clique sur ZHPFix, raccourci installé par ZHPDiag sur le Bureau
Important:
Sous Vista et Windows 7 : il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur.
Clique sur H .
Copie-colle les lignes ci-dessous dans la fenêtre

O42 - Logiciel: PCTuto 2.0 - (.PCTuto.) [HKLM] -- PCTuto_is1     
O42 - Logiciel: PCTuto Avast 2.0 - (.PCTuto.) [HKLM] -- PCTuto Avast_is1    
O42 - Logiciel: UpdatePCTuto 2.0 - (.PCtuto.) [HKLM] -- UpdatePCTuto_is1    
[HKCU\Software\PCTuto]    
[HKLM\Software\PCTuto]    
O43 - CFD: 12/05/2011 - 19:55:12 - [1231626] ----D- C:\Program Files (x86)\Common Files\Plasmoo    
[HKLM\Software\WOW6432Node\Classes\AppID\PCTutoBHO.DLL]   
[HKLM\Software\WOW6432Node\Classes\AppID\{759F1421-4D31-4c1f-8C51-E4956A037676}]    
[HKLM\Software\WOW6432Node\Classes\Interface\{E2ED56B6-35FC-4484-9530-EC87FB458E78}]    
[HKLM\Software\WOW6432Node\PCTuto]    
C:\Program Files (x86)\Common Files\Plasmoo    
C:\Users\Manon\AppData\Roaming\Mozilla\Firefox\Profiles\9469jxz2.default\user.js (.not file.)    
O4 - Global Startup: C:\Users\Manon\Desktop\Choix de navigateur .lnk . (.Microsoft Corporation.)  -- C:\Windows\System32\browserchoice.exe  
[MD5.00000000000000000000000000000000] [APT] [{92054A2C-A74A-442C-A79B-42C2EFCB7195}] (...) -- C:\Windows\World of Warcraft - Darluok\uninstall.exe (.not file.)   
O43 - CFD: 07/06/2010 - 21:18:22 - [1715] ----D- C:\ProgramData\Partner    
O43 - CFD: 18/03/2011 - 19:34:58 - [0] ----D- C:\Users\Manon\AppData\Local\HighAndes    
O44 - LFC:[MD5.B2CBCD878A3F1C8D376B3669D6C3EEEF] - 15/08/2011 - 17:40:31 ---A- . (...) -- C:\Ad-Report-CLEAN[2].txt   [7478]  
O44 - LFC:[MD5.040CF11A85F6129EE97B43C407FBB2CC] - 15/08/2011 - 16:45:40 ---A- . (...) -- C:\Ad-Report-CLEAN[1].txt   [20298]  
emptytemp
emptyflash

Clique sur l'icone représentant la lettre H (« coller les lignes Helper »). Le script doit automatiquement apparaitre dans ZHPFix, sinon, colle-le.

Clique sur le bouton GO pour lancer le nettoyage

Valide par Oui la désinstallation des programmes si demandé
Laisse l'outil travailler. Si un redémarrage est demandé, accepte et redémarre le PC
Le rapport ZHPFixReport.txt s'affiche. Copie-colle le contenu de ce rapport dans ta réponse.
Le rapport ZHPFixReport.txt est enregistré sous C:\ZHP\ZHPFixReport.txt

Info: Apollo Et Compagnie :: ZHPDiag, un outil de diagnostic

~~~~~~~~~~~~~~~~~~~~~~

Je vois trois versions différentes de Firefox dans le log ZHPDiag...?

Qu'en est-il dans tes programmes et fonctionnalités?

~~~~~~~~~~~~~~~~~~~~~~~~~~

Tu vas devoir relancer MBAM mais cette fois en analyse complète, voici la procédure habituelle:

Télécharge Malwarebytes' Anti-Malware (MBAM).

Malwarebytes : Malwarebytes Anti-Malware PRO removes malware including viruses, spyware, worms and trojans, plus it protects your computer clique pour la version FREE et enregistre l'exécutable sur le bureau.

Si MBAM est déjà installé, aller directement à la mise à jour puis à l'analyse.

Ce logiciel est à garder.

Uniquement en cas de problème de mise à jour:

Télécharger mises à jour MBAM

Exécute le fichier après l'installation de MBAM

Connecter les supports amovibles (clés usb etc.) avant de lancer l'analyse.

Double clique sur le fichier téléchargé pour lancer le processus d'installation.
Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
Sélectionne "Exécuter un examen complet"
Clique sur "Rechercher"
L'analyse démarre, le scan est relativement long, c'est normal.
A la fin de l'analyse, un message s'affiche :
L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.
Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

Si MBAM demande à redémarrer le pc, fais-le.

Si au redémarrage Windows te dit qu'il a bloqué certains programmes de démarrage, clique sur la bulle puis sur Exécuter les programmes bloqués/Malwarebytes Anti-Malware.

@++

Blackraven · le 15 août 2011

Re,

Pour ce qui est des trois versions de Firefox, je ne sais pas ce que j'ai trafiqué :$

L'analyse est en cours pour le moment, je peux te donner le premier rapport "ZHPFixReport.txt" :

Rapport de ZHPFix 1.12.3354 par Nicolas Coolman, Update du 14/08/2011

Fichier d'export Registre :

Run by Manon at 15/08/2011 21:30:13

Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)

Web site : ZHPFix Fix de rapport

========== Logiciel(s) ==========

ABSENT Software Key: PCTuto_is1 O42 - Logiciel: PCTuto Avast 2.0 - (.PCTuto.) [HKLM] -- PCTuto Avast_is1 O42 - Logiciel: UpdatePCTuto 2.0 - (.PCtuto.) [HKLM] -- UpdatePCTuto_is1 [HKCU\Software\PCTuto] [HKLM\Softwas\World of Warcraft - Darluok\uninstall.exe (.not file.) O43 - CFD: 07/06/2010 - 21:18:22 - [1715] ----D- C:\ProgramData\Partner O43 - CFD: 18/03/2011 - 19:34:58 - [0] ----D- C:\Users\Manon\AppData\Local\HighAndes O44 - LFC:[MD5.B2CBCD878A3F1C8D376B3669D6C3EEEF] - 15/08/2011 - 17:40:31 ---A- . (...) -- C:\Ad-Report-CLEAN[2].txt [7478] O44 - LFC:[MD5.040CF11A85F6129EE97B43C407FBB2CC] - 15/08/2011 - 16:45:40 ---A- . (...) -- C:\Ad-Report-CLEAN[1].txt [20298] emptytempemptyflash

========== Récapitulatif ==========

1 : Logiciel(s)

End of the scan in 00mn 00s

========== Chemin de fichier rapport ==========

C:\ZHP\ZHPFix[R1].txt - 15/08/2011 20:26:46

C:\ZHP\ZHPFix[R2].txt - 15/08/2011 20:27:55

C:\ZHP\ZHPFix[R3].txt - 15/08/2011 20:29:47

C:\ZHP\ZHPFix[R4].txt - 15/08/2011 21:30:14

Apollo · le 15 août 2011

C'est bizarre ce rapport; on dirait que ton bloc-note ne fait pas le retour automatique à la ligne...

Il faudra retenter le script avec zhpfix car là, il n'a rien fait de bon

Bon, on verra bien ce que raconte MBAM.

@++

Blackraven · le 15 août 2011

Oui, là il a trouvé 2 éléments infectés déjà :s

Blackraven · le 15 août 2011

C'est bon, l'analyse vient de se terminer

Voilà le rapport :

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Version de la base de données: 7473

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

15/08/2011 23:57:29

mbam-log-2011-08-15 (23-57-29).txt

Type d'examen: Examen complet (C:\|)

Elément(s) analysé(s): 429836

Temps écoulé: 2 heure(s), 13 minute(s), 18 seconde(s)

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 1

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 1

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facetheme (Rootkit.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

Fichier(s) infecté(s):

c:\program files (x86)\Object\facetheme_uninstall.exe (Rootkit.Agent) -> Quarantined and deleted successfully.

Apollo · le 16 août 2011

Bonjour,

As-tu encore le problème qui t'a amenée ici?

1) Télécharge TFC par OldTimer et enregistre-le sur le bureau.

Fais un double clic sur TFC.exe pour le lancer. (Note: Si tu es sous Vista/7, fais un clic droit sur le fichier et choisis Exécuter en tant qu'Administrateur).
L'outil va fermer tous les programmes lors de son exécution, donc vérifie que tu as sauvegardé tout ton travail en cours avant de commencer.
Clique sur le bouton Start pour lancer le processus. Selon la fréquence à laquelle tu supprimes tes fichiers temporaires, cela peut durer de quelques secondes à une minute ou deux. Laisse le programme s'exécuter sans l'interrompre.
Lorsqu'il a terminé, l'outil devrait faire redémarrer ton système. S'il ne le fait pas, fais redémarrer manuellement le PC pour parachever le nettoyage.

2) ESET ONLINE SCANNER

Télécharge ESET Online Scanner sur ton Bureau en cliquant sur ce logo:

http://download.e s et.com/s pecial/eo s /e s et s martin s taller_enu.exe

Double-clique sur le fichier esetsmartinstaller_enu.exe présent sur ton Bureau pour installer le scanner. Attention: si tu disposes de Windows VISTA, clique droit sur esetsmartinstaller_enu.exe puis sélectionne "exécuter en tant qu'administrateur"
Accepte la licence en cochant la case "YES, i accept the terms of use", puis clique sur le bouton "Start"
Une fois le scanner installé, configure-le en cochant la case "Remove found threats" et en cochant la case "Scan archives" de même que la case "scan for the potentially unsafe applications."
Lance la recherche antivirale en cliquant sur le bouton "Start": l'outil se met à jour puis lance le scan: une barre de progression indique où en est la recherche
Quand le scan est terminé, si des virus ont été détectés, clique sur la ligne "List of found threats":
Une nouvelle fenêtre aparaît: clique sur "Export to text file" et enregistre le rapport sur ton Bureau en le nommant logESET.txt
Clique sur le bouton "Back" pour retourner à l'interface précédente, puis coche la case "Uninstall application on close"

NB: Tu peux également désinstaller eset online par ajout/suppression de programmes (xp), ou programmes et fonctionnalités sous Vista/7 ou alors via le dossier eset qui est sur le C:\ qui contient un fichier unins ou uninstall.exe à exécuter.
Clique enfin sur le bouton "Finish" puis ferme la fenêtre du scanner
Ouvre le fichier logESET sur ton Bureau et copie-colle son contenu dans ta prochaine réponse

Nota : ce scan peut être très long et prendre plusieurs heures.

@++

Blackraven · le 16 août 2011

Bonjour,

Le scan vient à peine de se terminer x)

Voilà le fichier logESET :

C:\Program Files (x86)\Uniblue\RegistryBooster\Launcher.exe Win32/RegistryBooster application cleaned by deleting - quarantined

C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe Win32/RegistryBooster application cleaned by deleting - quarantined

C:\Program Files (x86)\Uniblue\RegistryBooster\rbnotifier.exe Win32/RegistryBooster application cleaned by deleting - quarantined

C:\Program Files (x86)\Uniblue\RegistryBooster\rb_move_serial.exe Win32/RegistryBooster application cleaned by deleting - quarantined

C:\Program Files (x86)\Uniblue\RegistryBooster\rb_ubm.exe Win32/RegistryBooster application cleaned by deleting - quarantined

C:\Program Files (x86)\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application cleaned by deleting - quarantined

C:\Users\Manon\Downloads\msn\messenger-plus-live_messenger_plus_live_4.84.382_francais_11159.exe a variant of Win32/MessengerPlus application cleaned by deleting - quarantined

C:\Users\Manon\Downloads\scan fichiers\registrybooster.exe Win32/RegistryBooster application deleted - quarantined

Connexion

Pas encore inscrit ?

Trojan : win32/comisproc

Messages recommandés

Blackraven

Apollo

Blackraven

Apollo

Blackraven

Apollo

Blackraven

Blackraven

Apollo

Blackraven

Rejoindre la conversation

En ligne récemment 0 membre est en ligne

Zebulon

Outils en ligne

Naviguer