Se connecter / S'enregistrer
Votre question
Résolu

[Résolu] Sweet PAcks toolbar

Tags :
  • Sécurité
  • Sweetim
  • Adware
  • Toolbar
Dernière réponse : dans Sécurité et virus
15 Mai 2013 16:53:59

Bonjour,
suite a un téléchargement sur 01net (ce site a hélas bien changé!), j'ai chopé un m**de. Cela remonte à plusieurs moi. J'ai enlevé tout ce que je voyais mais il reste cette maudite toolbar. Je ne sais pas comment la supprimer. Je peux seulement ne pas l'afficher dans les options de Firexfox mais régulièrement, sans que je lui demande, la barre de menu réapparait comme par magie!
Help!!
Merci de votre aide
Vincent

Autres pages sur : resolu sweet packs toolbar

a b 8 Sécurité
15 Mai 2013 18:03:40

Bonjour,

On va supprimer cet adware.

__________________


Pour le bon déroulement de la désinfection :


  • Utilise le moins possible ton PC pendant la procédure, afin de faciliter la désinfection.

  • Suis les procédures données, mais ne tente rien par toi-même : si il y a un souci pendant une procédure, fais-m'en part plutôt que de cliquer au hasard et provoquer une panne sur ton système.

  • Si tu suis déjà une procédure sur un autre forum, merci de le signaler, il est important de ne suivre qu'une seule désinfection à la fois.

  • Même si les symptômes de l'infection ont disparu, le PC n'est pas forcément clean : attends bien que l'on t'ait dit que le PC est désinfecté avant de l'utiliser à nouveau.

  • Même si les désinfections sont faites par des personnes ayant des connaissances approfondies dans la désinfection, il est toujours possible que ton PC plante. Pense à bien sauvegarder tes données ;) 

    __________________


    1)

    Scan AdwCleaner


    • Télécharge AdwCleaner (de Xplode) sur ton bureau.

    • Double-clique sur l'icône AdwCleaner0.exe pour lancer le programme. (Sous Vista et 7, il faut faire un clic droit dessus, puis exécuter en tant qu'administrateur.)


      Déconnecte-toi et ferme toutes applications en cours


    • Sur le menu principal, clique sur Recherche et patiente le temps de l'analyse

    • A la fin du scan, un rapport AdwCleaner[R].txt s'ouvre. Poste le rapport dans ta prochaine réponse.


  • Le rapport se trouve ici : C:\AdwCleaner[R].txt

    2)

    Diagnostic :

  • Télécharge OTL (de OldTimer) sur ton Bureau.

  • Si tu es sous XP, double-clique dessus pour le lancer, si tu es sous Vista/7, fais un clic droit dessus et fais Exécuter en tant qu'administrateur pour le lancer.

  • Une fenêtre apparaît.

  • Coche la case : Tous les utilisateurs

  • Coche les cases correspondant à la Recherche LOP et à la Recherche Purity (En bleu vers le bas de la fenêtre).

  • Sous Personnalisation, copie-colle l'ensemble du texte ci-dessous, laisse les autres options par défaut.

    netsvcs
    msconfig
    drivers32
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    %systemroot%\System32\config\*.sav
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\*.dll /lockedfiles
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    iexplore.exe
    /md5stop
    CREATERESTOREPOINT


  • Enfin, clique sur le bouton Analyse. Pendant la durée du scan, ne touche à rien. Le scan prendra quelques temps.

  • A la fin du scan, deux rapports s'ouvriront : OTL.Txt et Extras.Txt. Copie/colle ici l'ensemble des rapports.

    Pour les rapports, qui ont tendance à être trop longs pour le forum, merci d'utiliser ce service de rapport en ligne : dépose le fichier via "parcourir" et poste simplement le lien obtenu.
m
0
l
16 Mai 2013 01:28:18

Bonsoir,
voici le rapport de AdwCleaner:

# AdwCleaner v2.300 - Rapport créé le 16/05/2013 à 01:24:24
# Mis à jour le 28/04/2013 par Xplode
# Système d'exploitation : Windows 7 Ultimate N Service Pack 1 (64 bits)
# Nom d'utilisateur : Vinc - VINC-PC
# Mode de démarrage : Normal
# Exécuté depuis : C:\Users\Vinc\Downloads\AdwCleaner.exe
# Option [Recherche]


***** [Services] *****

Présent : IBUpdaterService
Présent : Web Assistant

***** [Fichiers / Dossiers] *****

Dossier Présent : C:\Program Files\Web Assistant
Dossier Présent : C:\ProgramData\Trymedia
Dossier Présent : C:\Users\Vinc\AppData\Roaming\Mozilla\Firefox\Profiles\hxp5fp7z.default\extensions\ffxtlbr@incredibar.com
Dossier Présent : C:\Users\Vinc\AppData\Roaming\Mozilla\Firefox\Profiles\hxp5fp7z.default\SweetPacksToolbarData
Dossier Présent : C:\Windows\SysWOW64\WNLT
Fichier Présent : C:\user.js
Fichier Présent : C:\Users\Vinc\AppData\Roaming\Mozilla\Firefox\Profiles\hxp5fp7z.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
Fichier Présent : C:\Users\Vinc\AppData\Roaming\Mozilla\Firefox\Profiles\hxp5fp7z.default\searchplugins\MyStart Search.xml

***** [Registre] *****

Clé Présente : HKCU\Software\IM
Clé Présente : HKCU\Software\ImInstaller
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Clé Présente : HKCU\Software\Softonic
Clé Présente : HKCU\Software\WNLT
Clé Présente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Clé Présente : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Clé Présente : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Clé Présente : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Clé Présente : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Clé Présente : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Clé Présente : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Clé Présente : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Clé Présente : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Clé Présente : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Clé Présente : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Clé Présente : HKLM\SOFTWARE\Microsoft\Tracing\NEW_CORRECT_incredibar_install_RASAPI32
Clé Présente : HKLM\SOFTWARE\Microsoft\Tracing\NEW_CORRECT_incredibar_install_RASMANCS
Clé Présente : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Clé Présente : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Clé Présente : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Clé Présente : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Clé Présente : HKLM\Software\Web Assistant
Clé Présente : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Clé Présente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Clé Présente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Clé Présente : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Clé Présente : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Clé Présente : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Clé Présente : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Clé Présente : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Clé Présente : HKLM\SOFTWARE\Web Assistant
Clé Présente : HKU\S-1-5-21-2543552910-3823881570-2078352369-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Valeur Présente : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Valeur Présente : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Valeur Présente : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}]

***** [Navigateurs] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Le registre ne contient aucune entrée illégitime.

-\\ Mozilla Firefox v20.0.1 (fr)

Fichier : C:\Users\Vinc\AppData\Roaming\Mozilla\Firefox\Profiles\hxp5fp7z.default\prefs.js

Présente : user_pref("browser.newtab.url", "hxxp://home.sweetim.com/?src=97&barid={0B993262-BFD3-11E1-8239-0022[...]
Présente : user_pref("browser.search.defaultenginename", "SweetIM Search");
Présente : user_pref("browser.search.selectedEngine", "SweetIM Search");
Présente : user_pref("extensions.incredibar.actvtyRptTime", "1347653869755");
Présente : user_pref("extensions.incredibar.admin", false);
Présente : user_pref("extensions.incredibar.aflt", "orgnl");
Présente : user_pref("extensions.incredibar.afterInstallRpt", "sent");
Présente : user_pref("extensions.incredibar.cntry", "FR");
Présente : user_pref("extensions.incredibar.dfltLng", "EN");
Présente : user_pref("extensions.incredibar.dfltSrch", false);
Présente : user_pref("extensions.incredibar.dfltlng", "en");
Présente : user_pref("extensions.incredibar.dfltsrch", "false");
Présente : user_pref("extensions.incredibar.did", "10665");
Présente : user_pref("extensions.incredibar.envrmnt", "production");
Présente : user_pref("extensions.incredibar.excTlbr", false);
Présente : user_pref("extensions.incredibar.hdrMd5", "A4A608972FCC00D3E03F89155988C9DF");
Présente : user_pref("extensions.incredibar.hmpg", false);
Présente : user_pref("extensions.incredibar.hrdid", "60b82315000000000000c43dc7ccc9e1");
Présente : user_pref("extensions.incredibar.id", "60b82315000000000000c43dc7ccc9e1");
Présente : user_pref("extensions.incredibar.installerproductid", "26");
Présente : user_pref("extensions.incredibar.instlDay", "15503");
Présente : user_pref("extensions.incredibar.instlRef", "");
Présente : user_pref("extensions.incredibar.instlday", "15503");
Présente : user_pref("extensions.incredibar.instlref", "");
Présente : user_pref("extensions.incredibar.isDcmntCmplt", true);
Présente : user_pref("extensions.incredibar.isdcmntcmplt", true);
Présente : user_pref("extensions.incredibar.keywordurl", "");
Présente : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.140:55:44");
Présente : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Présente : user_pref("extensions.incredibar.newTab", false);
Présente : user_pref("extensions.incredibar.newtab", "false");
Présente : user_pref("extensions.incredibar.newtaburl", "");
Présente : user_pref("extensions.incredibar.noFFXTlbr", false);
Présente : user_pref("extensions.incredibar.ppd", "");
Présente : user_pref("extensions.incredibar.prdct", "incredibar");
Présente : user_pref("extensions.incredibar.productid", "26");
Présente : user_pref("extensions.incredibar.propectorlck", 78101815);
Présente : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Présente : user_pref("extensions.incredibar.prtnrid", "Incredibar");
Présente : user_pref("extensions.incredibar.sg", "none");
Présente : user_pref("extensions.incredibar.smplGrp", "none");
Présente : user_pref("extensions.incredibar.smplgrp", "none");
Présente : user_pref("extensions.incredibar.srch", "");
Présente : user_pref("extensions.incredibar.srchprvdr", "");
Présente : user_pref("extensions.incredibar.tlbrId", "base");
Présente : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyELCZoPJ&loc=IB_T[...]
Présente : user_pref("extensions.incredibar.tlbrid", "base");
Présente : user_pref("extensions.incredibar.tlbrsrchurl", "hxxp://mystart.Incredibar.com/?a=6OyELCZoPJ&loc=IB_T[...]
Présente : user_pref("extensions.incredibar.upn2", "6OyELCZoPJ");
Présente : user_pref("extensions.incredibar.upn2n", "92261575097237887");
Présente : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Présente : user_pref("extensions.incredibar.vrsnTs", "1.5.11.140:55:44");
Présente : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Présente : user_pref("extensions.incredibar.vrsnts", "1.5.11.140:55:44");
Présente : user_pref("extensions.incredibar_i.aflt", "orgnl");
Présente : user_pref("extensions.incredibar_i.dfltLng", "");
Présente : user_pref("extensions.incredibar_i.did", "10665");
Présente : user_pref("extensions.incredibar_i.excTlbr", false);
Présente : user_pref("extensions.incredibar_i.id", "60b82315000000000000c43dc7ccc9e1");
Présente : user_pref("extensions.incredibar_i.installerproductid", "26");
Présente : user_pref("extensions.incredibar_i.instlDay", "15503");
Présente : user_pref("extensions.incredibar_i.instlRef", "");
Présente : user_pref("extensions.incredibar_i.ms_url_id", "");
Présente : user_pref("extensions.incredibar_i.newTab", false);
Présente : user_pref("extensions.incredibar_i.ppd", "");
Présente : user_pref("extensions.incredibar_i.prdct", "incredibar");
Présente : user_pref("extensions.incredibar_i.productid", "26");
Présente : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Présente : user_pref("extensions.incredibar_i.smplGrp", "none");
Présente : user_pref("extensions.incredibar_i.tlbrId", "base");
Présente : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyELCZoPJ&loc=IB[...]
Présente : user_pref("extensions.incredibar_i.upn2", "6OyELCZoPJ");
Présente : user_pref("extensions.incredibar_i.upn2n", "92261575097237887");
Présente : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Présente : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.140:55:44");
Présente : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Présente : user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?barid={0B993262-BFD3-11E1-8239-002268[...]
Présente : user_pref("sweetim.toolbar.RevertDialog.enable", "false");
Présente : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
Présente : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "1368628754719");
Présente : user_pref("sweetim.toolbar.Visibility.enable", "true");
Présente : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
Présente : user_pref("sweetim.toolbar.cargo", "3.1010000.10001");
Présente : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
Présente : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
Présente : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
Présente : user_pref("sweetim.toolbar.cda.returnValue", "hide");
Présente : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Présente : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-h[...]
Présente : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Présente : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Présente : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Présente : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?la[...]
Présente : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Présente : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Présente : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-h[...]
Présente : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Présente : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Présente : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Présente : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"[...]
Présente : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Présente : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
Présente : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handl[...]
Présente : user_pref("sweetim.toolbar.dialogs.2.height", "150");
Présente : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
Présente : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
Présente : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
Présente : user_pref("sweetim.toolbar.dialogs.2.width", "530");
Présente : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.goog[...]
Présente : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Présente : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
Présente : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Présente : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Présente : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Présente : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Présente : user_pref("sweetim.toolbar.mode.debug", "false");
Présente : user_pref("sweetim.toolbar.newtab.created", "true");
Présente : user_pref("sweetim.toolbar.newtab.enable", "true");
Présente : user_pref("sweetim.toolbar.prad.initialized_by_rc", "true");
Présente : user_pref("sweetim.toolbar.previous.browser.newtab.url", "about:newtab");
Présente : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "MyStart Search");
Présente : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Présente : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://www.google.fr");
Présente : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Présente : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_V[...]
Présente : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Présente : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Présente : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Présente : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Présente : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Présente : user_pref("sweetim.toolbar.scripts.0.enable", "false");
Présente : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Présente : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Présente : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "false");
Présente : user_pref("sweetim.toolbar.scripts.1.callback", "");
Présente : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..[...]
Présente : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "");
Présente : user_pref("sweetim.toolbar.scripts.1.elementid", "id_predict_include_script");
Présente : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Présente : user_pref("sweetim.toolbar.scripts.1.id", "id_script_prad");
Présente : user_pref("sweetim.toolbar.scripts.1.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?[...]
Présente : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "true");
Présente : user_pref("sweetim.toolbar.scripts.2.callback", "simVerification");
Présente : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", "");
Présente : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
Présente : user_pref("sweetim.toolbar.scripts.2.elementid", "id_script_sim_fb");
Présente : user_pref("sweetim.toolbar.scripts.2.enable", "false");
Présente : user_pref("sweetim.toolbar.scripts.2.id", "id_script_fb_hxxpS");
Présente : user_pref("sweetim.toolbar.scripts.2.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
Présente : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Présente : user_pref("sweetim.toolbar.search.history.capacity", "10");
Présente : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "0");
Présente : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "0");
Présente : user_pref("sweetim.toolbar.searchguard.enable", "false");
Présente : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
Présente : user_pref("sweetim.toolbar.simapp_id", "{0B993262-BFD3-11E1-8239-002268375A5E}");
Présente : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010000.10001&barid={0B99[...]
Présente : user_pref("sweetim.toolbar.version", "1.9.0.0");
Présente : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]
Présente : user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=too[...]
Présente : user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

*************************

AdwCleaner[R1].txt - [17502 octets] - [16/05/2013 01:24:24]

########## EOF - C:\AdwCleaner[R1].txt - [17563 octets] ##########
m
0
l
Contenus similaires
16 Mai 2013 02:43:43

OTL Extras logfile created on: 16/05/2013 01:30:37 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Vinc\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 3,14 Gb Available Physical Memory | 78,47% Memory free
8,00 Gb Paging File | 6,72 Gb Available in Paging File | 84,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 142,60 Gb Total Space | 81,90 Gb Free Space | 57,44% Space Free | Partition Type: NTFS
Drive D: | 142,70 Gb Total Space | 50,12 Gb Free Space | 35,13% Space Free | Partition Type: NTFS
Drive F: | 616,26 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: VINC-PC | User Name: Vinc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2543552910-3823881570-2078352369-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 61 01 DA 5A 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1CFB27EA-82A1-4892-90CF-80542B7E705F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{599E9E3C-D091-4234-B3F4-2600189DA15C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5D04D0F3-6F24-4FB4-8EC5-79E3CA707EA2}" = lport=138 | protocol=17 | dir=in | app=system |
"{5DF93513-335C-4254-BB23-63BF27A0B467}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{66DF6070-7ED3-42C7-90B7-1DA0016835BD}" = rport=445 | protocol=6 | dir=out | app=system |
"{85DA45C0-BAB4-4BCB-BCF7-C5D213FBACEB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8D98ECC3-E2DD-4B24-8687-93B13884473A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{93ECCF6B-39B0-4884-9BA6-068EC33C4A1F}" = lport=445 | protocol=6 | dir=in | app=system |
"{B7A95A57-BEF3-438C-A4B3-06B5184747D5}" = rport=138 | protocol=17 | dir=out | app=system |
"{BDAEB0AB-B86A-46D3-9013-905C70C28BB4}" = lport=137 | protocol=17 | dir=in | app=system |
"{BDF12EEF-2CCC-422C-812C-EFE8399DC58A}" = rport=139 | protocol=6 | dir=out | app=system |
"{E3595417-A4E6-439D-A0A9-B6E42FA7294E}" = rport=137 | protocol=17 | dir=out | app=system |
"{EF42F60E-6DF1-46B2-9C03-E529CC76E399}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EFCA1F16-F60B-479C-83BA-C32ADEC460FD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F2B1AF72-E889-409D-92C3-6ABB99D248E5}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0975A129-35B9-46B6-B1E0-1C8A7A83D5B2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0AA1B448-A8DD-4E7A-BE45-33E6D3520914}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{17703614-8B5C-4989-959E-26E193B09863}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{1F8853C7-DEF2-4FD9-B7BA-D9EC6C879422}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{2A2F8468-F9C7-4E4B-9AAC-6A98595AAA10}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{2A8AC815-4D59-4C99-9193-F4F4D47C9177}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{38856B8A-6803-4AB7-8141-6F0DA8A53B30}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{4850005A-D1B1-4524-ACF1-0FD685AB6F18}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{55A29EBA-6510-47CC-94B0-E98C0B9E48B2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{56219151-E4B3-4954-A74E-BC4A2873CFDF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5F1D5DD1-4425-46A1-8EEC-FCAE798E3D0D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{65F69E14-CA44-491C-9363-0B9EF31BD2F0}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{68EEA933-9E5E-4691-B425-4583E7240077}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{68F26B7A-BAE3-4A01-ABA2-C4518A4903FC}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{809A05EE-EFD1-4C9E-82AA-5D40ECDD81FD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{847F85D7-8BC1-4117-AE30-2CF7D78AB5C9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8CBA6BA5-0B3C-43D1-A1C1-66C89EA22C50}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{94192784-5B46-4745-ABB4-CF08272A9253}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{9A11CBAA-B1F1-4E8C-AC58-F8B945EAA987}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{9B9ABCE2-BF4D-47C4-9FEB-2D5A60EF25BC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A2A516FC-2192-4960-84E4-D0A59FF31658}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{A3E6EDFD-6855-4298-90A2-7E1EA6038D2D}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{BF881F59-75E5-4376-83E6-E07EDF6FBC81}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{CDF33C13-EC29-45F4-AA2A-C594EB7F451A}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{CFBF42BE-CB3A-4255-861F-D152A696197E}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{DE6000EE-6037-4FFB-B179-3554ADD932D8}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{E20B5F53-0CD5-4216-A91D-A78B93049C30}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{FDDFF9C3-C063-40AD-AA3E-A8000ED7FD6C}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"TCP Query User{42F580A3-F3B1-4D77-AB78-EE04FC33E8B0}C:\program files (x86)\cobian backup 11\cbremotemanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cobian backup 11\cbremotemanager.exe |
"TCP Query User{64384314-4B15-4384-8CFD-5E6F531AABC9}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"TCP Query User{6CA65BDB-F1FA-4DFE-B94F-A8559282E72B}C:\unrealtournament\system\unrealtournament.exe" = protocol=6 | dir=in | app=c:\unrealtournament\system\unrealtournament.exe |
"TCP Query User{7594583A-0278-4530-81B6-F578F726F72F}D:\jeux\call of duty\codmp.exe" = protocol=6 | dir=in | app=d:\jeux\call of duty\codmp.exe |
"TCP Query User{D3505A3C-B1A7-4AD6-8EEB-32FC7D0882FB}D:\jeux\aoe2\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=d:\jeux\aoe2\age2_x1\age2_x1.exe |
"TCP Query User{D5786791-D04F-42C1-A8F5-A32F2CD2BC1A}D:\jeux\commandos 2\comm2.exe" = protocol=6 | dir=in | app=d:\jeux\commandos 2\comm2.exe |
"TCP Query User{DE549DAF-4525-42D9-9412-6E441A470949}D:\jeux\counter\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\jeux\counter\counter-strike source\hl2.exe |
"UDP Query User{1B22AE46-695F-46FB-A335-B7B8B1A37E17}D:\jeux\aoe2\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=d:\jeux\aoe2\age2_x1\age2_x1.exe |
"UDP Query User{30BB9167-6346-46EC-AC1F-5A17D7D77374}D:\jeux\call of duty\codmp.exe" = protocol=17 | dir=in | app=d:\jeux\call of duty\codmp.exe |
"UDP Query User{57B6DD98-99DA-4821-9C78-5888D67A5773}C:\program files (x86)\cobian backup 11\cbremotemanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cobian backup 11\cbremotemanager.exe |
"UDP Query User{86466B9A-1F0B-4AE7-9A2E-C3397B63DC9E}C:\unrealtournament\system\unrealtournament.exe" = protocol=17 | dir=in | app=c:\unrealtournament\system\unrealtournament.exe |
"UDP Query User{92FA7E45-E7C7-466C-B604-C00085CF8E80}D:\jeux\commandos 2\comm2.exe" = protocol=17 | dir=in | app=d:\jeux\commandos 2\comm2.exe |
"UDP Query User{A2539DF3-6804-442E-9E46-7AB169CE2A64}D:\jeux\counter\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\jeux\counter\counter-strike source\hl2.exe |
"UDP Query User{A6B3D234-67DF-482A-96D4-16A63D29B675}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{26A24AE4-039D-4CA4-87B4-2F86417010FF}" = Java 7 Update 10 (64-bit)
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.573
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-040C-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (French) 2010
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Pilote 3D Vision 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panneau de configuration NVIDIA 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Pilote graphique 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Mises à jour NVIDIA 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B8D7877-0178-4782-818A-0498F2E33BCC}_is1" = Capturino version 2.32
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53C31F6F-719F-4664-BB53-9F63D39B8C87}" = Secure Download Manager
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DA1C06F-C913-46C7-8A0F-DA2CBA17EA1D}" = OpenOffice.org 3.4.1
"{90140000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2010
"{90140000-0015-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2010
"{90140000-0016-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2010
"{90140000-0018-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2010
"{90140000-0019-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2010
"{90140000-001A-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2010
"{90140000-001B-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2010
"{90140000-001F-0401-0000-0000000FF1CE}_Office14.PROPLUSR_{1A43C155-3DDA-43C9-92C5-0E7D0B2B156D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2010
"{90140000-001F-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{5072FEA2-862C-4BF0-9654-CB0DCBE2BE28}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{0CCCD9C7-637C-41CA-A293-6E9992109B09}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2010
"{90140000-002C-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{C8E4AA87-3E5A-4C70-8CB7-43FE25C99B74}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2010
"{90140000-0044-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2010
"{90140000-006E-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{7C5C7E8C-F6D2-43AC-93A4-89E4FF7367E6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2010
"{90140000-00A1-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-040C-0000-0000000FF1CE}" = Microsoft Office Groove MUI (French) 2010
"{90140000-00BA-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{97D23E68-AF01-4B69-B31E-7DFC209D01F3}" = Essential XML Editor
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A8DB611A-D80E-450D-85F6-3ACDD164BE31}" = Pro Evolution Soccer 2009
"{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}" = HTC Sync
"{AC76BA86-7AD7-1036-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Français
"{B279DFD9-284C-40D4-8316-B72533B36F93}" = INDEX EDUCATION - Client PRONOTE 2011
"{D19E4F5B-C6E8-4DC2-BAEA-99E4E661675E}" = MP3 AddIn
"{DCFC65CB-97F5-4B9D-BFCD-BAEC7B053FAE}" = TI-SmartView™
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F7963BA0-EE1C-11D4-9FA5-00A0C9E6A342}" = Commandos 2: Men of Courage
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.22beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Algobox" = Algobox
"Avira AntiVir Desktop" = Avira Free Antivirus
"BrettspielWelt" = BrettspielWelt
"CDex" = CDex - Open Source Digital Audio CD Extractor
"CobBackup11" = Cobian Backup 11 Gravity
"CSS FULL DZ [Oct 15 2007]" = CSS FULL DZ [Oct 15 2007] v18.1
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diaporama Photo Pratic" = Diaporama Photo Pratic
"Essential XML Editor" = Essential XML Editor
"GeoGebra" = GeoGebra
"GeoGebra 4.2" = GeoGebra 4.2
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"ManuelNumeriqueDidier_is1" = Manuel Numérique Didier version 3.0.9
"Mozilla Firefox 20.0.1 (x86 fr)" = Mozilla Firefox 20.0.1 (x86 fr)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUSR" = Microsoft Office Professionnel Plus 2010
"UnrealTournament" = Unreal Tournament G.O.T.Y. Edition
"VLC media player" = VLC media player 2.0.5
"WNLT" = IB Updater Service
"Worms Armageddon" = Worms Armageddon

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 13/04/2013 13:46:02 | Computer Name = Vinc-PC | Source = System Restore | ID = 8193
Description =

Error - 17/04/2013 13:49:15 | Computer Name = Vinc-PC | Source = VSS | ID = 8194
Description =

Error - 01/05/2013 14:02:41 | Computer Name = Vinc-PC | Source = Application Hang | ID = 1002
Description = Le programme firefox.exe version 20.0.1.4847 a cessé d’interagir avec
Windows et a été fermé. Pour déterminer si des informations supplémentaires sont
disponibles, consultez l’historique du problème dans le Centre de maintenance. ID
de processus : b5c Heure de début : 01ce4646f922f74e Heure de fin : 130 Chemin d’accès
de l’application : C:\Program Files (x86)\Mozilla Firefox\firefox.exe ID de rapport
: 4c49c8a6-b289-11e2-9489-002268375a5e

Error - 03/05/2013 11:40:45 | Computer Name = Vinc-PC | Source = VSS | ID = 8194
Description =

Error - 05/05/2013 18:46:39 | Computer Name = Vinc-PC | Source = Application Error | ID = 1000
Description = Nom de l’application défaillante firefox.exe, version : 20.0.1.4847,
horodatage : 0x51650aee Nom du module défaillant : xul.dll, version : 20.0.1.4847,
horodatage : 0x51650a09 Code d’exception : 0xc0000005 Décalage d’erreur : 0x000b10e8
ID
du processus défaillant : 0x128 Heure de début de l’application défaillante : 0x01ce49c07ddb04f5
Chemin
d’accès de l’application défaillante : C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Chemin
d’accès du module défaillant: C:\Program Files (x86)\Mozilla Firefox\xul.dll ID
de rapport : a5c6e7c7-b5d5-11e2-a1f8-002268375a5e

Error - 05/05/2013 18:58:08 | Computer Name = Vinc-PC | Source = VSS | ID = 8194
Description =

Error - 06/05/2013 13:25:23 | Computer Name = Vinc-PC | Source = VSS | ID = 8194
Description =

Error - 06/05/2013 13:26:29 | Computer Name = Vinc-PC | Source = Application Error | ID = 1000
Description = Nom de l’application défaillante firefox.exe, version : 20.0.1.4847,
horodatage : 0x51650aee Nom du module défaillant : xul.dll, version : 20.0.1.4847,
horodatage : 0x51650a09 Code d’exception : 0xc0000005 Décalage d’erreur : 0x000b10e8
ID
du processus défaillant : 0xf80 Heure de début de l’application défaillante : 0x01ce4a6c5c27ac3d
Chemin
d’accès de l’application défaillante : C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Chemin
d’accès du module défaillant: C:\Program Files (x86)\Mozilla Firefox\xul.dll ID
de rapport : 15ea28e7-b672-11e2-9532-002268375a5e

Error - 12/05/2013 19:38:13 | Computer Name = Vinc-PC | Source = VSS | ID = 8194
Description =

Error - 15/05/2013 18:55:16 | Computer Name = Vinc-PC | Source = VSS | ID = 8194
Description =

[ Cobian Backup Gravity VSC Requester Events ]
Error - 02/04/2013 11:25:19 | Computer Name = Vinc-PC | Source = Cobian Backup Gravity VSC Requester | ID = 0
Description = The volume does not support the requested operation, or no provider
supports it.

Error - 02/04/2013 13:44:56 | Computer Name = Vinc-PC | Source = Cobian Backup Gravity VSC Requester | ID = 0
Description = La référence d'objet n'est pas définie à une instance d'un objet.

Error - 02/04/2013 13:44:57 | Computer Name = Vinc-PC | Source = Cobian Backup Gravity VSC Requester | ID = 0
Description = The creation of a shadow copy is already in progress.

Error - 03/04/2013 11:41:13 | Computer Name = Vinc-PC | Source = Cobian Backup Gravity VSC Requester | ID = 0
Description = The volume does not support the requested operation, or no provider
supports it.

Error - 13/04/2013 11:36:39 | Computer Name = Vinc-PC | Source = Cobian Backup Gravity VSC Requester | ID = 0
Description = The volume does not support the requested operation, or no provider
supports it.

Error - 17/04/2013 13:49:16 | Computer Name = Vinc-PC | Source = Cobian Backup Gravity VSC Requester | ID = 0
Description = The volume does not support the requested operation, or no provider
supports it.

Error - 03/05/2013 11:40:46 | Computer Name = Vinc-PC | Source = Cobian Backup Gravity VSC Requester | ID = 0
Description = The volume does not support the requested operation, or no provider
supports it.

Error - 05/05/2013 18:58:09 | Computer Name = Vinc-PC | Source = Cobian Backup Gravity VSC Requester | ID = 0
Description = The volume does not support the requested operation, or no provider
supports it.

Error - 06/05/2013 13:25:23 | Computer Name = Vinc-PC | Source = Cobian Backup Gravity VSC Requester | ID = 0
Description = The volume does not support the requested operation, or no provider
supports it.

Error - 12/05/2013 19:38:14 | Computer Name = Vinc-PC | Source = Cobian Backup Gravity VSC Requester | ID = 0
Description = The volume does not support the requested operation, or no provider
supports it.

[ System Events ]
Error - 17/02/2013 07:28:23 | Computer Name = Vinc-PC | Source = Service Control Manager | ID = 7009
Description = Le dépassement de délai (30000 millisecondes) a été atteint lors de
l’attente de la connexion du service Cobian Backup 11 Service « Volume Shadow Copy
».

Error - 17/02/2013 07:28:23 | Computer Name = Vinc-PC | Source = Service Control Manager | ID = 7000
Description = Le service Cobian Backup 11 Service « Volume Shadow Copy » n’a pas
pu démarrer en raison de l’erreur : %%1053

Error - 12/03/2013 14:14:41 | Computer Name = Vinc-PC | Source = Service Control Manager | ID = 7023
Description = Le service Windows Update s’est arrêté avec l’erreur : %%-2147467243

Error - 20/03/2013 07:04:17 | Computer Name = Vinc-PC | Source = Service Control Manager | ID = 7009
Description = Le dépassement de délai (30000 millisecondes) a été atteint lors de
l’attente de la connexion du service Protection logicielle.

Error - 20/03/2013 07:04:17 | Computer Name = Vinc-PC | Source = Service Control Manager | ID = 7000
Description = Le service Protection logicielle n’a pas pu démarrer en raison de
l’erreur : %%1053

Error - 03/04/2013 11:29:02 | Computer Name = Vinc-PC | Source = Service Control Manager | ID = 7009
Description = Le dépassement de délai (30000 millisecondes) a été atteint lors de
l’attente de la connexion du service Protection logicielle.

Error - 03/04/2013 11:29:02 | Computer Name = Vinc-PC | Source = Service Control Manager | ID = 7000
Description = Le service Protection logicielle n’a pas pu démarrer en raison de
l’erreur : %%1053

Error - 27/04/2013 01:36:15 | Computer Name = Vinc-PC | Source = DCOM | ID = 10010
Description =

Error - 11/05/2013 15:49:38 | Computer Name = Vinc-PC | Source = NetBT | ID = 4321
Description = Le nom "WORKGROUP :1d" n’a pas pu être enregistré sur l’interface
avec l’adresse IP 192.168.1.3. L’ordinateur avec l’adresse IP 192.168.1.253 n’a
pas permis que le nom soit réclamé par cet ordinateur.

Error - 12/05/2013 13:09:16 | Computer Name = Vinc-PC | Source = DCOM | ID = 10010
Description =


< End of report >
m
0
l
16 Mai 2013 02:44:34

OTL logfile created on: 16/05/2013 01:30:37 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Vinc\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 3,14 Gb Available Physical Memory | 78,47% Memory free
8,00 Gb Paging File | 6,72 Gb Available in Paging File | 84,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 142,60 Gb Total Space | 81,90 Gb Free Space | 57,44% Space Free | Partition Type: NTFS
Drive D: | 142,70 Gb Total Space | 50,12 Gb Free Space | 35,13% Space Free | Partition Type: NTFS
Drive F: | 616,26 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: VINC-PC | User Name: Vinc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/16 01:23:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Vinc\Downloads\OTL.exe
PRC - [2013/05/13 15:37:24 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/04/07 10:55:02 | 000,015,152 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\stij.exe
PRC - [2013/03/30 10:17:13 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013/03/30 10:17:01 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/02/26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/01/29 15:28:32 | 000,188,760 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
PRC - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/12/18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/16 22:32:31 | 000,103,736 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2012/07/16 22:32:23 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/03/23 14:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/07 10:55:02 | 000,015,152 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\stij.exe
MOD - [2013/04/07 10:54:20 | 000,306,176 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\lmrn.dll
MOD - [2013/02/05 09:25:06 | 000,362,029 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\sqlite3.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/04/07 10:54:58 | 001,455,408 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dmwu.exe -- (IBUpdaterService)
SRV:64bit: - [2013/01/29 15:28:32 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/05/14 22:34:35 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/13 11:32:21 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/03/30 10:17:13 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/03/30 10:17:01 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/02/26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/12/18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/31 12:12:32 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) [Auto | Running] -- C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe -- (cbVSCService11)
SRV - [2012/07/16 22:32:31 | 000,103,736 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2012/07/16 22:32:23 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/03/23 14:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/03/30 10:17:14 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013/03/30 10:17:14 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013/03/30 10:17:14 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013/02/15 21:27:03 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/10/11 01:11:00 | 001,924,096 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2010/06/25 17:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2009/11/02 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2543552910-3823881570-2078352369-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKU\S-1-5-21-2543552910-3823881570-2078352369-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2543552910-3823881570-2078352369-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-FR
IE - HKU\S-1-5-21-2543552910-3823881570-2078352369-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 77 4E B0 99 3F 22 CD 01 [binary data]
IE - HKU\S-1-5-21-2543552910-3823881570-2078352369-1000\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKU\S-1-5-21-2543552910-3823881570-2078352369-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6OyELCZoPJ&i=26
IE - HKU\S-1-5-21-2543552910-3823881570-2078352369-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "SweetIM Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"
FF - prefs.js..extensions.enabledAddons: %7BEEE6C361-6118-11DC-9C72-001320C79847%7D:1.9.0.0
FF - prefs.js..extensions.enabledAddons: %7BFE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052%7D:2.0.0.573
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?barid={0B993262-BFD3-11E1-8239-002268375A5E}&src=2&crg=3.1010000.10001&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://www.google.fr"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2013/02/28 21:45:22 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2013/02/28 21:45:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2013/02/28 21:45:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\Web Assistant\Firefox [2013/02/28 21:45:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/13 11:32:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/13 11:32:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/09/29 18:11:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vinc\AppData\Roaming\mozilla\Extensions
[2013/05/11 21:57:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vinc\AppData\Roaming\mozilla\Firefox\Profiles\hxp5fp7z.default\extensions
[2012/06/13 00:55:44 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Vinc\AppData\Roaming\mozilla\Firefox\Profiles\hxp5fp7z.default\extensions\ffxtlbr@incredibar.com
[2013/05/11 21:57:35 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Vinc\AppData\Roaming\mozilla\firefox\profiles\hxp5fp7z.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/01/07 00:37:48 | 000,190,000 | ---- | M] () (No name found) -- C:\Users\Vinc\AppData\Roaming\mozilla\firefox\profiles\hxp5fp7z.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2013/05/15 16:34:48 | 000,002,120 | ---- | M] () -- C:\Users\Vinc\AppData\Roaming\mozilla\firefox\profiles\hxp5fp7z.default\searchplugins\MyStart Search.xml
[2013/04/13 11:32:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/02/28 21:45:22 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
[2013/04/13 11:32:22 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/01/11 17:14:43 | 000,001,609 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-france.xml
[2012/09/14 15:04:00 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/12/08 17:28:19 | 000,002,035 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2013/02/27 14:29:26 | 000,001,472 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-france.xml
[2013/01/11 17:14:43 | 000,001,399 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-fr.xml
[2012/12/08 17:28:19 | 000,001,169 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll ()
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2543552910-3823881570-2078352369-1000..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-2543552910-3823881570-2078352369-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2543552910-3823881570-2078352369-1007..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2543552910-3823881570-2078352369-1007..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/fl... (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70DBE56E-7A8F-44FE-A607-2683B615E4FA}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF1E2D82-78E3-4A28-B2AC-A7374F2BB497}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/04/23 10:42:25 | 000,000,050 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{d470a463-77a1-11e2-a7ba-002268375a5e}\Shell - "" = AutoRun
O33 - MountPoints2\{d470a463-77a1-11e2-a7ba-002268375a5e}\Shell\AutoRun\command - "" = F:\Setup.Now.exe -- [2002/04/23 14:10:10 | 000,102,400 | R--- | M] (Sold Out Software Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: HTC Sync Loader - hkey= - key= - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
MsConfig:64bit - StartUpReg: Spotify - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: Spotify Web Helper - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)
MsConfig:64bit - StartUpReg: SweetIM - hkey= - key= - File not found
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
System Restore Service not available.

========== Files/Folders - Created Within 30 Days ==========

[2013/05/13 15:38:27 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013/05/07 18:06:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/05/07 18:06:22 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/05/07 18:06:22 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/05/07 18:06:22 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/16 01:34:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/16 00:18:46 | 006,392,740 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/16 00:18:46 | 000,704,464 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2013/05/16 00:18:46 | 000,693,478 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2013/05/16 00:18:46 | 000,691,216 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2013/05/16 00:18:46 | 000,689,132 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2013/05/16 00:18:46 | 000,679,366 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat
[2013/05/16 00:18:46 | 000,663,828 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2013/05/16 00:18:46 | 000,643,860 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013/05/16 00:18:46 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/16 00:18:46 | 000,137,086 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2013/05/16 00:18:46 | 000,133,776 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat
[2013/05/16 00:18:46 | 000,132,964 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2013/05/16 00:18:46 | 000,130,770 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2013/05/16 00:18:46 | 000,129,564 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013/05/16 00:18:46 | 000,128,118 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2013/05/16 00:18:46 | 000,127,168 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2013/05/16 00:18:46 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/16 00:05:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/15 16:44:13 | 000,020,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/15 16:44:13 | 000,020,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/15 16:34:25 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/14 22:34:35 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/05/14 22:34:35 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/05/13 23:57:10 | 000,009,883 | ---- | M] () -- C:\Users\Vinc\Documents\annonce livre reap.odt
[2013/05/13 15:38:13 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013/04/17 19:39:19 | 000,000,775 | ---- | M] () -- C:\Users\Public\Desktop\GeoGebra.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/13 23:57:08 | 000,009,883 | ---- | C] () -- C:\Users\Vinc\Documents\annonce livre reap.odt
[2012/07/16 22:32:24 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/07/16 22:32:23 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/07/16 22:32:19 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini

========== ZeroAccess Check ==========

[2009/07/14 07:00:09 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/05/01 17:23:43 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\BSW
[2012/03/27 18:18:37 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\Capturino
[2013/02/16 19:40:17 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\DAEMON Tools Lite
[2011/09/30 00:05:13 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\e-academy Inc
[2011/12/29 13:58:04 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\Extensible XML Editor
[2011/11/23 17:30:56 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\fltk.org
[2012/10/26 14:07:17 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\HTC
[2011/12/20 12:09:36 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011/10/01 11:12:52 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\IndexEducation
[2013/03/05 01:18:54 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\ManuelNumeriqueDidier
[2011/09/30 00:51:14 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\OpenOffice.org
[2012/09/17 20:38:06 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\temp
[2012/03/14 15:48:42 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\Texas Instruments
[2013/03/30 16:23:41 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\Thinstall
[2011/12/01 21:22:39 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\TP
[2013/03/30 16:23:57 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\Wabbitemu
[2012/11/02 11:17:18 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\xm1

========== Purity Check ==========



========== Custom Scans ==========

< %APPDATA%\*. >
[2011/12/20 12:05:11 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\Adobe
[2012/12/20 18:12:49 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\Avira
[2013/05/01 17:23:43 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\BSW
[2012/03/27 18:18:37 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\Capturino
[2013/02/16 19:40:17 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\DAEMON Tools Lite
[2011/09/30 00:05:13 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\e-academy Inc
[2011/12/29 13:58:04 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\Extensible XML Editor
[2011/11/23 17:30:56 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\fltk.org
[2012/10/26 14:07:17 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\HTC
[2011/12/20 12:09:36 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011/09/27 20:29:26 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\Identities
[2011/10/01 11:12:52 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\IndexEducation
[2011/09/29 17:48:34 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\InstallShield
[2011/09/29 18:47:44 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\Macromedia
[2013/03/05 01:18:54 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\ManuelNumeriqueDidier
[2013/02/15 22:49:13 | 000,000,000 | --SD | M] -- C:\Users\Vinc\AppData\Roaming\Microsoft
[2011/09/29 18:11:01 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\Mozilla
[2011/09/30 00:51:14 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\OpenOffice.org
[2012/09/17 20:38:06 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\temp
[2012/03/14 15:48:42 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\Texas Instruments
[2013/03/30 16:23:41 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\Thinstall
[2011/12/01 21:22:39 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\TP
[2013/03/16 14:40:03 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\vlc
[2013/03/30 16:23:57 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\Wabbitemu
[2012/11/02 11:17:18 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\xm1

< %APPDATA%\*.exe /s >
[2011/12/20 12:05:08 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Vinc\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011/09/30 00:05:13 | 000,009,662 | R--- | M] () -- C:\Users\Vinc\AppData\Roaming\Microsoft\Installer\{53C31F6F-719F-4664-BB53-9F63D39B8C87}\_112D608FD02CD87FDC7735.exe
[2011/09/30 00:05:13 | 000,009,662 | R--- | M] () -- C:\Users\Vinc\AppData\Roaming\Microsoft\Installer\{53C31F6F-719F-4664-BB53-9F63D39B8C87}\_853F67D554F05449430E7E.exe
[2011/09/30 00:05:13 | 000,009,662 | R--- | M] () -- C:\Users\Vinc\AppData\Roaming\Microsoft\Installer\{53C31F6F-719F-4664-BB53-9F63D39B8C87}\_9C9144E0991A82E1D432EE.exe

< %SYSTEMDRIVE%\*.* >
[2013/05/16 01:24:33 | 000,017,617 | ---- | M] () -- C:\AdwCleaner[R1].txt
[2013/05/15 16:34:25 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2006/12/02 00:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2013/05/15 16:34:27 | 4294,107,136 | -HS- | M] () -- C:\pagefile.sys
[2012/06/13 00:55:45 | 000,000,447 | ---- | M] () -- C:\user.js

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.dll /lockedfiles >

< MD5 for: EXPLORER.EXE >
[2011/02/26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: IEXPLORE.EXE >
[2012/06/02 13:47:54 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=004640AB259C1572EBD5FB0A32F63686 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20553_none_0dbfc836999db0ca\iexplore.exe
[2013/01/09 03:53:45 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=0100BCF23941C83462E4A70F94C3392E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16464_none_0d2c5bc980874648\iexplore.exe
[2012/05/18 01:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=0129BB16161C2FD9A6B19111AB047198 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16446_none_1798a687b4d6030f\iexplore.exe
[2011/11/05 07:28:03 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=0377589BF14A6E5667B730D6D6DB59B4 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16912_none_0fae4f323e42a646\iexplore.exe
[2012/11/14 04:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation) MD5=0D286C0FE561D1A7EB30E83A0FF305B2 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16457_none_178ed6e5b4dd3857\iexplore.exe
[2012/06/29 07:02:52 | 000,754,784 | ---- | M] (Microsoft Corporation) MD5=1223ACBFC1093852DFF039E189599BBD -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16448_none_0d45fcc9807373c2\iexplore.exe
[2012/08/24 09:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=22CC6CDBA678790046693654C3B212E4 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16450_none_1787d4dfb4e386f6\iexplore.exe
[2013/02/22 09:04:50 | 000,763,520 | ---- | M] (Microsoft Corporation) MD5=25B53709A37C3FD814B68EA0A92D18F9 -- C:\Program Files\Internet Explorer\iexplore.exe
[2013/02/22 09:04:50 | 000,763,520 | ---- | M] (Microsoft Corporation) MD5=25B53709A37C3FD814B68EA0A92D18F9 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16476_none_0d238c71808d94e7\iexplore.exe
[2012/05/18 00:59:46 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=268982F1FD671A077C6A2AF41E351436 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20551_none_181271f4ce004017\iexplore.exe
[2012/10/08 10:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=270A1342BD5AF95CA25A586B4C2F1522 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16455_none_178cd651b4df05a9\iexplore.exe
[2009/09/01 02:41:18 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_19ba3f8a72d988f3\iexplore.exe
[2012/08/24 13:23:44 | 000,754,824 | ---- | M] (Microsoft Corporation) MD5=2D53C5F71653EF94E7829846405D4ED2 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16450_none_0d332a8d8082c4fb\iexplore.exe
[2013/02/22 06:10:00 | 000,757,376 | ---- | M] (Microsoft Corporation) MD5=32732CEDE2A1106B736EF3D84054EE04 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2013/02/22 06:10:00 | 000,757,376 | ---- | M] (Microsoft Corporation) MD5=32732CEDE2A1106B736EF3D84054EE04 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16476_none_177836c3b4ee56e2\iexplore.exe
[2012/06/02 11:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=34B01BBD8F00B6B9C9248DC4F1E3CD01 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16447_none_1799a6d1b4d51c66\iexplore.exe
[2011/12/16 10:03:08 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=38668C6CADABC9487C683FADD3D165D0 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16930_none_19eb591872b56d75\iexplore.exe
[2013/02/22 06:10:31 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=4145E2B5663F6FACC08EFDB17B658BB2 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20586_none_17f703a2ce14129d\iexplore.exe
[2011/08/20 06:35:15 | 000,673,024 | ---- | M] (Microsoft Corporation) MD5=41FE5E37EFE0B587A688BA0E4FA41288 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16869_none_19d3ea0872c5a830\iexplore.exe
[2011/11/05 07:34:31 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=441C397A9ECF07747920F7F5E40B419B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21085_none_0fef13a357968bc7\iexplore.exe
[2012/10/08 14:29:46 | 000,754,848 | ---- | M] (Microsoft Corporation) MD5=49442BA6DCE4B4E3C1CB0AB193FE29AD -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16455_none_0d382bff807e43ae\iexplore.exe
[2012/05/18 04:51:05 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=4E99F42504A99D5024C2EFA015001937 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16446_none_0d43fc3580754114\iexplore.exe
[2012/08/24 12:49:07 | 000,754,824 | ---- | M] (Microsoft Corporation) MD5=5A150AFABB25BEA50CEDC8650A7B8A9E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20557_none_0dc3c95e999a1626\iexplore.exe
[2012/06/29 04:45:31 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=5D03518409F37D1483C98869D86E23FF -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20554_none_0dc0c880999cca21\iexplore.exe
[2012/06/02 14:52:21 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=610F6596921C4BAA8834ADBB9BE272EE -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16447_none_0d44fc7f80745a6b\iexplore.exe
[2012/08/24 09:49:25 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=62188720CE27B982B4285C03163C9FB3 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20557_none_181873b0cdfad821\iexplore.exe
[2013/01/09 00:42:06 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=698EB1E5F8C66344D97C00B5699E871D -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16464_none_1781061bb4e80843\iexplore.exe
[2011/06/21 08:14:22 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=6B2383EDA3956983E3219A62D8408DAB -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20992_none_0fe16ab757a12871\iexplore.exe
[2011/06/21 07:25:30 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=6BB506124872ACDFAC5BD912CA1334CE -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20992_none_1a3615098c01ea6c\iexplore.exe
[2013/02/02 10:09:12 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=7C2923004FFC497E54F38E835F108EE8 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20580_none_0d9c579499b8b898\iexplore.exe
[2010/11/20 15:28:25 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe
[2011/11/05 06:38:00 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=8ED7C19AEFA3673AADB0D6864B03FBCE -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16912_none_1a02f98472a36841\iexplore.exe
[2012/03/16 01:43:12 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_17a944edb4ca4c7a\iexplore.exe
[2012/06/29 03:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=93569D46D79F9756ED077156496AFE23 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16448_none_179aa71bb4d435bd\iexplore.exe
[2013/02/02 06:19:03 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=A285E1965C115031DA02B777EE9D7689 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20580_none_17f101e6ce197a93\iexplore.exe
[2011/06/21 07:37:00 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=A3AB0A260049BE22AB52E302D9220A92 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16839_none_19f459cc72ad545d\iexplore.exe
[2011/12/16 10:45:57 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=A3F56CED7B94A30BE8954387F0E2B5D2 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16930_none_0f96aec63e54ab7a\iexplore.exe
[2011/11/05 06:39:45 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=A8A14CD0CB499B80412F75D53996AE29 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21085_none_1a43bdf58bf74dc2\iexplore.exe
[2013/02/02 09:37:58 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=A8EBEBCD9F5C49475194099FCD276992 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16470_none_0d1d8ab58092fcdd\iexplore.exe
[2011/08/20 07:46:07 | 000,696,576 | ---- | M] (Microsoft Corporation) MD5=AC1CC7CD5CBE60EFF105BB3C0DC199C5 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16869_none_0f7f3fb63e64e635\iexplore.exe
[2012/11/16 05:08:58 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=AC4957E154F750DF54F36ADC8E3E040D -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20565_none_0db6f8de99a3ff69\iexplore.exe
[2013/02/22 09:17:45 | 000,763,520 | ---- | M] (Microsoft Corporation) MD5=B21A57AA4CB928059A0C0C58A9E77A02 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20586_none_0da2595099b350a2\iexplore.exe
[2011/06/21 08:21:24 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=B38DE184AC135A4B0AE7D286476FA33F -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16839_none_0f9faf7a3e4c9262\iexplore.exe
[2012/06/02 10:51:58 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=BE967C74B89577B78FB57C061E12B04C -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20553_none_18147288cdfe72c5\iexplore.exe
[2011/12/16 10:42:35 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=C152529FD67ABB61F0609EF5A299794C -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21108_none_104895c75752f56b\iexplore.exe
[2011/12/16 11:19:51 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=C53E41F92B19EC97D987F968403BEC49 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21108_none_1a9d40198bb3b766\iexplore.exe
[2010/11/20 14:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
[2011/08/20 07:42:38 | 000,696,576 | ---- | M] (Microsoft Corporation) MD5=C66C8BF791F9DB974022506265518EE0 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21033_none_102322ab576fcd64\iexplore.exe
[2012/10/08 10:22:05 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=CECB15F834FC2B4B150449717ADE18DD -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20562_none_1808a252ce07755f\iexplore.exe
[2013/02/02 06:19:04 | 000,757,296 | ---- | M] (Microsoft Corporation) MD5=DDE5A0DFAF7C6370FB36402D7A746ED3 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16470_none_17723507b4f3bed8\iexplore.exe
[2012/06/29 01:35:27 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=EB4105348272018D096FEB655CD1608C -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20554_none_181572d2cdfd8c1c\iexplore.exe
[2013/01/09 02:51:57 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=EF1F6F41FB2C9BBB484B21017F380201 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20573_none_0daa285e99ade8ac\iexplore.exe
[2013/01/08 23:32:42 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=F05982E56ABD835AA8DF260EEC873E5B -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20573_none_17fed2b0ce0eaaa7\iexplore.exe
[2012/03/16 01:43:11 | 000,754,480 | ---- | M] (Microsoft Corporation) MD5=F1424C1B9B1813BF825E45DF3790BC8A -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_0d549a9b80698a7f\iexplore.exe
[2009/09/01 02:41:18 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=F2B0D41E1D08D0B2006DF5AA2E74C81E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_0f6595383e78c6f8\iexplore.exe
[2012/10/08 13:09:10 | 000,754,824 | ---- | M] (Microsoft Corporation) MD5=F61714ABCF9BF0CEF0A6249AD4FD490B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20562_none_0db3f80099a6b364\iexplore.exe
[2012/11/14 04:19:28 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=F691418EE9A6344AEB5C1B0518FBF8AE -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20565_none_180ba330ce04c164\iexplore.exe
[2012/05/18 03:37:57 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=F8B2D47ED17C1D087D14EC747E5AC57A -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20551_none_0dbdc7a2999f7e1c\iexplore.exe
[2011/08/20 06:32:44 | 000,673,024 | ---- | M] (Microsoft Corporation) MD5=FA623BE79902A7B49FF4F21117B63C83 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21033_none_1a77ccfd8bd08f5f\iexplore.exe
[2012/11/14 09:11:18 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=FD0D2E1FAEBAE5031BE2EB8000D973F1 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16457_none_0d3a2c93807c765c\iexplore.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< End of report >
m
0
l
a b 8 Sécurité
16 Mai 2013 15:28:16

Bonjour :) 

Effectivement, pas mal d'adwares, notamment Sweet IM.

On va s'en débarrasser :

1)

Désinstallation de programmes

  • Va dans Démarrer > Panneau de configuration. Si tu n'y es pas encore, passe en affichage classique (à gauche), puis double-clique sur Programmes et fonctionnalités.

  • Dans la liste qui s'affiche, désinstalle si présent :

    > IB Updater Service

    2)

    Nettoyage AdwCleaner


    • Relance AdwCleaner. (Sous Vista et 7, il faut faire un clic droit dessus, puis exécuter en tant qu'administrateur.)


      Déconnecte-toi et ferme toutes applications en cours


    • Sur le menu principal, clique sur Suppression et patiente le temps de l'analyse

    • A la fin du scan, un rapport AdwCleaner[R].txt s'ouvre. Poste le rapport dans ta prochaine réponse.


  • Le rapport se trouve ici : C:\AdwCleaner[R].txt

    3)

    Relance OTL et fais un nouveau scan comme précédemment. Fournis-moi le rapport OTL.txt dans ta prochaine réponse :) 

    De plus je voudrais faire une vérification :

    Branche tes clés USB, disques durs externes tels qu'ils étaient branchés précédemment.

    Analyse en ligne

    • Va sur le site Virustotal , un site qui analyse des fichiers avec tous les antivirus présents sur le marché.

    • Clique sur Choisissez un fichier .

    • Dans la fenêtre qui s'ouvre alors, en bas, il est marqué Nom du fichier . Mets alors
      F:\Setup.Now.exe
      (copie et colle avec Ctrl+V)

    • Appuie sur Ouvrir , puis clique sur Envoyer le fichier .

    • Attends quelques secondes. Si c'est marqué que le fichier a déjà été analysé, clique sur Reanalyser le fichier maintenant .

    • Ton fichier est alors analysé. Attends bien que ce soit marqué Situation actuelle : terminé .

    • Sélectionne le tableau (avec les anti-virus, la version, la dernière mise à jour, le résultat), et Colle-le dans ta prochaine réponse stp .


  • Bonne journée !
    m
    0
    l
    18 Mai 2013 21:06:13

    Bonsoir,
    désolé de ne pas avoir donné de news depuis jeudi, petit contre temps!
    Voici le rapport de Adw:

    # AdwCleaner v2.301 - Rapport créé le 18/05/2013 à 20:55:13
    # Mis à jour le 16/05/2013 par Xplode
    # Système d'exploitation : Windows 7 Ultimate N Service Pack 1 (64 bits)
    # Nom d'utilisateur : Vinc - VINC-PC
    # Mode de démarrage : Normal
    # Exécuté depuis : C:\Users\Vinc\Downloads\AdwCleaner.exe
    # Option [Suppression]


    ***** [Services] *****


    ***** [Fichiers / Dossiers] *****

    Dossier Supprimé : C:\ProgramData\Trymedia
    Dossier Supprimé : C:\Users\Vinc\AppData\Roaming\Mozilla\Firefox\Profiles\hxp5fp7z.default\extensions\ffxtlbr@incredibar.com
    Dossier Supprimé : C:\Users\Vinc\AppData\Roaming\Mozilla\Firefox\Profiles\hxp5fp7z.default\SweetPacksToolbarData
    Dossier Supprimé : C:\Windows\SysWOW64\WNLT
    Fichier Supprimé : C:\user.js
    Fichier Supprimé : C:\Users\Vinc\AppData\Roaming\Mozilla\Firefox\Profiles\hxp5fp7z.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
    Fichier Supprimé : C:\Users\Vinc\AppData\Roaming\Mozilla\Firefox\Profiles\hxp5fp7z.default\searchplugins\MyStart Search.xml

    ***** [Registre] *****

    Clé Supprimée : HKCU\Software\IM
    Clé Supprimée : HKCU\Software\ImInstaller
    Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
    Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
    Clé Supprimée : HKCU\Software\Softonic
    Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
    Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\NEW_CORRECT_incredibar_install_RASAPI32
    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\NEW_CORRECT_incredibar_install_RASMANCS
    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
    Clé Supprimée : HKLM\Software\Web Assistant
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
    Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
    Clé Supprimée : HKLM\SOFTWARE\Web Assistant
    Valeur Supprimée : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
    Valeur Supprimée : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}]

    ***** [Navigateurs] *****

    -\\ Internet Explorer v9.0.8112.16483

    [OK] Le registre ne contient aucune entrée illégitime.

    -\\ Mozilla Firefox v20.0.1 (fr)

    Fichier : C:\Users\Vinc\AppData\Roaming\Mozilla\Firefox\Profiles\hxp5fp7z.default\prefs.js

    C:\Users\Vinc\AppData\Roaming\Mozilla\Firefox\Profiles\hxp5fp7z.default\user.js ... Supprimé !

    Supprimée : user_pref("browser.newtab.url", "hxxp://home.sweetim.com/?src=97&barid={0B993262-BFD3-11E1-8239-0022[...]
    Supprimée : user_pref("browser.search.defaultenginename", "SweetIM Search");
    Supprimée : user_pref("browser.search.selectedEngine", "SweetIM Search");
    Supprimée : user_pref("extensions.incredibar.actvtyRptTime", "1347653869755");
    Supprimée : user_pref("extensions.incredibar.admin", false);
    Supprimée : user_pref("extensions.incredibar.aflt", "orgnl");
    Supprimée : user_pref("extensions.incredibar.afterInstallRpt", "sent");
    Supprimée : user_pref("extensions.incredibar.cntry", "FR");
    Supprimée : user_pref("extensions.incredibar.dfltLng", "EN");
    Supprimée : user_pref("extensions.incredibar.dfltSrch", false);
    Supprimée : user_pref("extensions.incredibar.dfltlng", "en");
    Supprimée : user_pref("extensions.incredibar.dfltsrch", "false");
    Supprimée : user_pref("extensions.incredibar.did", "10665");
    Supprimée : user_pref("extensions.incredibar.envrmnt", "production");
    Supprimée : user_pref("extensions.incredibar.excTlbr", false);
    Supprimée : user_pref("extensions.incredibar.hdrMd5", "A4A608972FCC00D3E03F89155988C9DF");
    Supprimée : user_pref("extensions.incredibar.hmpg", false);
    Supprimée : user_pref("extensions.incredibar.hrdid", "60b82315000000000000c43dc7ccc9e1");
    Supprimée : user_pref("extensions.incredibar.id", "60b82315000000000000c43dc7ccc9e1");
    Supprimée : user_pref("extensions.incredibar.installerproductid", "26");
    Supprimée : user_pref("extensions.incredibar.instlDay", "15503");
    Supprimée : user_pref("extensions.incredibar.instlRef", "");
    Supprimée : user_pref("extensions.incredibar.instlday", "15503");
    Supprimée : user_pref("extensions.incredibar.instlref", "");
    Supprimée : user_pref("extensions.incredibar.isDcmntCmplt", true);
    Supprimée : user_pref("extensions.incredibar.isdcmntcmplt", true);
    Supprimée : user_pref("extensions.incredibar.keywordurl", "");
    Supprimée : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.140:55:44");
    Supprimée : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
    Supprimée : user_pref("extensions.incredibar.newTab", false);
    Supprimée : user_pref("extensions.incredibar.newtab", "false");
    Supprimée : user_pref("extensions.incredibar.newtaburl", "");
    Supprimée : user_pref("extensions.incredibar.noFFXTlbr", false);
    Supprimée : user_pref("extensions.incredibar.ppd", "");
    Supprimée : user_pref("extensions.incredibar.prdct", "incredibar");
    Supprimée : user_pref("extensions.incredibar.productid", "26");
    Supprimée : user_pref("extensions.incredibar.propectorlck", 78101815);
    Supprimée : user_pref("extensions.incredibar.prtnrId", "Incredibar");
    Supprimée : user_pref("extensions.incredibar.prtnrid", "Incredibar");
    Supprimée : user_pref("extensions.incredibar.sg", "none");
    Supprimée : user_pref("extensions.incredibar.smplGrp", "none");
    Supprimée : user_pref("extensions.incredibar.smplgrp", "none");
    Supprimée : user_pref("extensions.incredibar.srch", "");
    Supprimée : user_pref("extensions.incredibar.srchprvdr", "");
    Supprimée : user_pref("extensions.incredibar.tlbrId", "base");
    Supprimée : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyELCZoPJ&loc=IB_T[...]
    Supprimée : user_pref("extensions.incredibar.tlbrid", "base");
    Supprimée : user_pref("extensions.incredibar.tlbrsrchurl", "hxxp://mystart.Incredibar.com/?a=6OyELCZoPJ&loc=IB_T[...]
    Supprimée : user_pref("extensions.incredibar.upn2", "6OyELCZoPJ");
    Supprimée : user_pref("extensions.incredibar.upn2n", "92261575097237887");
    Supprimée : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
    Supprimée : user_pref("extensions.incredibar.vrsnTs", "1.5.11.140:55:44");
    Supprimée : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
    Supprimée : user_pref("extensions.incredibar.vrsnts", "1.5.11.140:55:44");
    Supprimée : user_pref("extensions.incredibar_i.aflt", "orgnl");
    Supprimée : user_pref("extensions.incredibar_i.dfltLng", "");
    Supprimée : user_pref("extensions.incredibar_i.did", "10665");
    Supprimée : user_pref("extensions.incredibar_i.excTlbr", false);
    Supprimée : user_pref("extensions.incredibar_i.id", "60b82315000000000000c43dc7ccc9e1");
    Supprimée : user_pref("extensions.incredibar_i.installerproductid", "26");
    Supprimée : user_pref("extensions.incredibar_i.instlDay", "15503");
    Supprimée : user_pref("extensions.incredibar_i.instlRef", "");
    Supprimée : user_pref("extensions.incredibar_i.ms_url_id", "");
    Supprimée : user_pref("extensions.incredibar_i.newTab", false);
    Supprimée : user_pref("extensions.incredibar_i.ppd", "");
    Supprimée : user_pref("extensions.incredibar_i.prdct", "incredibar");
    Supprimée : user_pref("extensions.incredibar_i.productid", "26");
    Supprimée : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
    Supprimée : user_pref("extensions.incredibar_i.smplGrp", "none");
    Supprimée : user_pref("extensions.incredibar_i.tlbrId", "base");
    Supprimée : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyELCZoPJ&loc=IB[...]
    Supprimée : user_pref("extensions.incredibar_i.upn2", "6OyELCZoPJ");
    Supprimée : user_pref("extensions.incredibar_i.upn2n", "92261575097237887");
    Supprimée : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
    Supprimée : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.140:55:44");
    Supprimée : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
    Supprimée : user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?barid={0B993262-BFD3-11E1-8239-002268[...]
    Supprimée : user_pref("sweetim.toolbar.RevertDialog.enable", "false");
    Supprimée : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
    Supprimée : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "1368628754719");
    Supprimée : user_pref("sweetim.toolbar.Visibility.enable", "true");
    Supprimée : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
    Supprimée : user_pref("sweetim.toolbar.cargo", "3.1010000.10001");
    Supprimée : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
    Supprimée : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
    Supprimée : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
    Supprimée : user_pref("sweetim.toolbar.cda.returnValue", "hide");
    Supprimée : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
    Supprimée : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-h[...]
    Supprimée : user_pref("sweetim.toolbar.dialogs.0.height", "335");
    Supprimée : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
    Supprimée : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
    Supprimée : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?la[...]
    Supprimée : user_pref("sweetim.toolbar.dialogs.0.width", "761");
    Supprimée : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
    Supprimée : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-h[...]
    Supprimée : user_pref("sweetim.toolbar.dialogs.1.height", "300");
    Supprimée : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
    Supprimée : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
    Supprimée : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"[...]
    Supprimée : user_pref("sweetim.toolbar.dialogs.1.width", "500");
    Supprimée : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
    Supprimée : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handl[...]
    Supprimée : user_pref("sweetim.toolbar.dialogs.2.height", "150");
    Supprimée : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
    Supprimée : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
    Supprimée : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
    Supprimée : user_pref("sweetim.toolbar.dialogs.2.width", "530");
    Supprimée : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.goog[...]
    Supprimée : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
    Supprimée : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
    Supprimée : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
    Supprimée : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
    Supprimée : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
    Supprimée : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
    Supprimée : user_pref("sweetim.toolbar.mode.debug", "false");
    Supprimée : user_pref("sweetim.toolbar.newtab.created", "true");
    Supprimée : user_pref("sweetim.toolbar.newtab.enable", "true");
    Supprimée : user_pref("sweetim.toolbar.prad.initialized_by_rc", "true");
    Supprimée : user_pref("sweetim.toolbar.previous.browser.newtab.url", "about:newtab");
    Supprimée : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "MyStart Search");
    Supprimée : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
    Supprimée : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://www.google.fr");
    Supprimée : user_pref("sweetim.toolbar.previous.keyword.URL", "");
    Supprimée : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_V[...]
    Supprimée : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
    Supprimée : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
    Supprimée : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
    Supprimée : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
    Supprimée : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
    Supprimée : user_pref("sweetim.toolbar.scripts.0.enable", "false");
    Supprimée : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
    Supprimée : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
    Supprimée : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "false");
    Supprimée : user_pref("sweetim.toolbar.scripts.1.callback", "");
    Supprimée : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..[...]
    Supprimée : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "");
    Supprimée : user_pref("sweetim.toolbar.scripts.1.elementid", "id_predict_include_script");
    Supprimée : user_pref("sweetim.toolbar.scripts.1.enable", "false");
    Supprimée : user_pref("sweetim.toolbar.scripts.1.id", "id_script_prad");
    Supprimée : user_pref("sweetim.toolbar.scripts.1.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?[...]
    Supprimée : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "true");
    Supprimée : user_pref("sweetim.toolbar.scripts.2.callback", "simVerification");
    Supprimée : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", "");
    Supprimée : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
    Supprimée : user_pref("sweetim.toolbar.scripts.2.elementid", "id_script_sim_fb");
    Supprimée : user_pref("sweetim.toolbar.scripts.2.enable", "false");
    Supprimée : user_pref("sweetim.toolbar.scripts.2.id", "id_script_fb_hxxpS");
    Supprimée : user_pref("sweetim.toolbar.scripts.2.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
    Supprimée : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
    Supprimée : user_pref("sweetim.toolbar.search.history.capacity", "10");
    Supprimée : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "0");
    Supprimée : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "0");
    Supprimée : user_pref("sweetim.toolbar.searchguard.enable", "false");
    Supprimée : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
    Supprimée : user_pref("sweetim.toolbar.simapp_id", "{0B993262-BFD3-11E1-8239-002268375A5E}");
    Supprimée : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010000.10001&barid={0B99[...]
    Supprimée : user_pref("sweetim.toolbar.version", "1.9.0.0");
    Supprimée : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]
    Supprimée : user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=too[...]
    Supprimée : user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

    *************************

    AdwCleaner[R1].txt - [17617 octets] - [16/05/2013 01:24:24]
    AdwCleaner[S1].txt - [16144 octets] - [18/05/2013 20:55:13]

    ########## EOF - C:\AdwCleaner[S1].txt - [16205 octets] ##########
    m
    0
    l
    18 Mai 2013 21:42:14

    voila le rapport OTL:

    OTL logfile created on: 18/05/2013 21:09:01 - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Vinc\Downloads
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    4,00 Gb Total Physical Memory | 2,84 Gb Available Physical Memory | 71,12% Memory free
    8,00 Gb Paging File | 6,71 Gb Available in Paging File | 83,85% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 142,60 Gb Total Space | 82,29 Gb Free Space | 57,71% Space Free | Partition Type: NTFS
    Drive D: | 142,70 Gb Total Space | 50,12 Gb Free Space | 35,13% Space Free | Partition Type: NTFS
    Drive F: | 616,26 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

    Computer Name: VINC-PC | User Name: Vinc | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/05/16 01:23:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Vinc\Downloads\OTL.exe
    PRC - [2013/05/13 15:37:24 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2013/05/10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2013/03/30 10:17:13 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    PRC - [2013/03/30 10:17:01 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    PRC - [2013/02/26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    PRC - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2012/07/16 22:32:31 | 000,103,736 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
    PRC - [2012/07/16 22:32:23 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2012/03/23 14:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe


    ========== Modules (No Company Name) ==========


    ========== Services (SafeList) ==========

    SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2013/05/14 22:34:35 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/05/10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2013/04/13 11:32:21 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/03/30 10:17:13 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2013/03/30 10:17:01 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2013/02/26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2012/07/31 12:12:32 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) [Auto | Running] -- C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe -- (cbVSCService11)
    SRV - [2012/07/16 22:32:31 | 000,103,736 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
    SRV - [2012/07/16 22:32:23 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2012/03/23 14:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/03/30 10:17:14 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
    DRV:64bit: - [2013/03/30 10:17:14 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
    DRV:64bit: - [2013/03/30 10:17:14 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
    DRV:64bit: - [2013/02/15 21:27:03 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2010/10/11 01:11:00 | 001,924,096 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
    DRV:64bit: - [2010/06/25 17:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
    DRV:64bit: - [2009/11/02 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
    DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-2543552910-3823881570-2078352369-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    IE - HKU\S-1-5-21-2543552910-3823881570-2078352369-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
    IE - HKU\S-1-5-21-2543552910-3823881570-2078352369-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-FR
    IE - HKU\S-1-5-21-2543552910-3823881570-2078352369-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 77 4E B0 99 3F 22 CD 01 [binary data]
    IE - HKU\S-1-5-21-2543552910-3823881570-2078352369-1000\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-2543552910-3823881570-2078352369-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-2543552910-3823881570-2078352369-1007\..\SearchScopes,DefaultScope =

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaulturl: ""
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/13 11:32:22 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/13 11:32:22 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2011/09/29 18:11:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vinc\AppData\Roaming\mozilla\Extensions
    [2013/05/18 20:55:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vinc\AppData\Roaming\mozilla\Firefox\Profiles\hxp5fp7z.default\extensions
    [2013/05/11 21:57:35 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Vinc\AppData\Roaming\mozilla\firefox\profiles\hxp5fp7z.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2013/04/13 11:32:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2013/04/13 11:32:22 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2013/01/11 17:14:43 | 000,001,609 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-france.xml
    [2012/09/14 15:04:00 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/12/08 17:28:19 | 000,002,035 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
    [2013/02/27 14:29:26 | 000,001,472 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-france.xml
    [2013/01/11 17:14:43 | 000,001,399 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-fr.xml
    [2012/12/08 17:28:19 | 000,001,169 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-france.xml

    O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
    O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-2543552910-3823881570-2078352369-1000..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
    O4 - HKU\S-1-5-21-2543552910-3823881570-2078352369-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKU\S-1-5-21-2543552910-3823881570-2078352369-1007..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-21-2543552910-3823881570-2078352369-1007..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/fl... (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70DBE56E-7A8F-44FE-A607-2683B615E4FA}: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF1E2D82-78E3-4A28-B2AC-A7374F2BB497}: DhcpNameServer = 192.168.1.254
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2002/04/23 10:42:25 | 000,000,050 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
    O33 - MountPoints2\{d470a463-77a1-11e2-a7ba-002268375a5e}\Shell - "" = AutoRun
    O33 - MountPoints2\{d470a463-77a1-11e2-a7ba-002268375a5e}\Shell\AutoRun\command - "" = F:\Setup.Now.exe -- [2002/04/23 14:10:10 | 000,102,400 | R--- | M] (Sold Out Software Ltd.)
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

    MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
    MsConfig:64bit - StartUpReg: HTC Sync Loader - hkey= - key= - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
    MsConfig:64bit - StartUpReg: Spotify - hkey= - key= - File not found
    MsConfig:64bit - StartUpReg: Spotify Web Helper - hkey= - key= - File not found
    MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)
    MsConfig:64bit - StartUpReg: SweetIM - hkey= - key= - File not found
    MsConfig:64bit - State: "bootini" - Reg Error: Key error.
    MsConfig:64bit - State: "startup" - Reg Error: Key error.

    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/05/16 03:26:11 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2013/05/16 03:26:11 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2013/05/16 03:26:09 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2013/05/16 03:26:09 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2013/05/16 03:26:09 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2013/05/16 03:26:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2013/05/16 03:26:09 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2013/05/16 03:26:09 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2013/05/16 03:26:08 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2013/05/16 03:26:08 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2013/05/16 03:26:08 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2013/05/16 03:26:08 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2013/05/16 03:26:06 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2013/05/16 03:26:06 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2013/05/16 03:26:06 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
    [2013/05/16 02:23:29 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
    [2013/05/16 02:23:29 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
    [2013/05/16 02:23:16 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
    [2013/05/16 02:23:16 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
    [2013/05/16 02:23:16 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
    [2013/05/16 02:23:16 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
    [2013/05/16 02:23:08 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
    [2013/05/13 15:38:27 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
    [2013/05/07 18:06:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2013/05/07 18:06:22 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
    [2013/05/07 18:06:22 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
    [2013/05/07 18:06:22 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/05/18 21:02:13 | 000,020,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/05/18 21:02:13 | 000,020,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/05/18 20:56:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/05/18 20:56:47 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
    [2013/05/18 20:40:51 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/05/16 18:05:15 | 006,392,740 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/05/16 18:05:15 | 000,704,464 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
    [2013/05/16 18:05:15 | 000,693,478 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
    [2013/05/16 18:05:15 | 000,691,216 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
    [2013/05/16 18:05:15 | 000,689,132 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
    [2013/05/16 18:05:15 | 000,679,366 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat
    [2013/05/16 18:05:15 | 000,663,828 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
    [2013/05/16 18:05:15 | 000,643,860 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
    [2013/05/16 18:05:15 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/05/16 18:05:15 | 000,137,086 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
    [2013/05/16 18:05:15 | 000,133,776 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat
    [2013/05/16 18:05:15 | 000,132,964 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
    [2013/05/16 18:05:15 | 000,130,770 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
    [2013/05/16 18:05:15 | 000,129,564 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
    [2013/05/16 18:05:15 | 000,128,118 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
    [2013/05/16 18:05:15 | 000,127,168 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
    [2013/05/16 18:05:15 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/05/16 17:59:17 | 000,440,200 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/05/14 22:34:35 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2013/05/14 22:34:35 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2013/05/13 23:57:10 | 000,009,883 | ---- | M] () -- C:\Users\Vinc\Documents\annonce livre reap.odt
    [2013/05/13 15:38:13 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/05/13 23:57:08 | 000,009,883 | ---- | C] () -- C:\Users\Vinc\Documents\annonce livre reap.odt
    [2012/07/16 22:32:24 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2012/07/16 22:32:23 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2012/07/16 22:32:19 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini

    ========== ZeroAccess Check ==========

    [2009/07/14 07:00:09 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2013/05/01 17:23:43 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\BSW
    [2012/03/27 18:18:37 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\Capturino
    [2013/02/16 19:40:17 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\DAEMON Tools Lite
    [2011/09/30 00:05:13 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\e-academy Inc
    [2011/12/29 13:58:04 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\Extensible XML Editor
    [2011/11/23 17:30:56 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\fltk.org
    [2012/10/26 14:07:17 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\HTC
    [2011/12/20 12:09:36 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
    [2011/10/01 11:12:52 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\IndexEducation
    [2013/03/05 01:18:54 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\ManuelNumeriqueDidier
    [2011/09/30 00:51:14 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\OpenOffice.org
    [2012/09/17 20:38:06 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\temp
    [2012/03/14 15:48:42 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\Texas Instruments
    [2013/03/30 16:23:41 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\Thinstall
    [2011/12/01 21:22:39 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\TP
    [2013/03/30 16:23:57 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\Wabbitemu
    [2012/11/02 11:17:18 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\xm1

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %APPDATA%\*. >
    [2011/12/20 12:05:11 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\Adobe
    [2012/12/20 18:12:49 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\Avira
    [2013/05/01 17:23:43 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\BSW
    [2012/03/27 18:18:37 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\Capturino
    [2013/02/16 19:40:17 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\DAEMON Tools Lite
    [2011/09/30 00:05:13 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\e-academy Inc
    [2011/12/29 13:58:04 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\Extensible XML Editor
    [2011/11/23 17:30:56 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\fltk.org
    [2012/10/26 14:07:17 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\HTC
    [2011/12/20 12:09:36 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
    [2011/09/27 20:29:26 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\Identities
    [2011/10/01 11:12:52 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\IndexEducation
    [2011/09/29 17:48:34 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\InstallShield
    [2011/09/29 18:47:44 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\Macromedia
    [2013/03/05 01:18:54 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\ManuelNumeriqueDidier
    [2013/02/15 22:49:13 | 000,000,000 | --SD | M] -- C:\Users\Vinc\AppData\Roaming\Microsoft
    [2011/09/29 18:11:01 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\Mozilla
    [2011/09/30 00:51:14 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\OpenOffice.org
    [2012/09/17 20:38:06 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\temp
    [2012/03/14 15:48:42 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\Texas Instruments
    [2013/03/30 16:23:41 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\Thinstall
    [2011/12/01 21:22:39 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\TP
    [2013/03/16 14:40:03 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\vlc
    [2013/03/30 16:23:57 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\Wabbitemu
    [2012/11/02 11:17:18 | 000,000,000 | ---D | M] -- C:\Users\Vinc\AppData\Roaming\xm1

    < %APPDATA%\*.exe /s >
    [2011/12/20 12:05:08 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Vinc\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
    [2011/09/30 00:05:13 | 000,009,662 | R--- | M] () -- C:\Users\Vinc\AppData\Roaming\Microsoft\Installer\{53C31F6F-719F-4664-BB53-9F63D39B8C87}\_112D608FD02CD87FDC7735.exe
    [2011/09/30 00:05:13 | 000,009,662 | R--- | M] () -- C:\Users\Vinc\AppData\Roaming\Microsoft\Installer\{53C31F6F-719F-4664-BB53-9F63D39B8C87}\_853F67D554F05449430E7E.exe
    [2011/09/30 00:05:13 | 000,009,662 | R--- | M] () -- C:\Users\Vinc\AppData\Roaming\Microsoft\Installer\{53C31F6F-719F-4664-BB53-9F63D39B8C87}\_9C9144E0991A82E1D432EE.exe

    < %SYSTEMDRIVE%\*.* >
    [2013/05/16 01:24:33 | 000,017,617 | ---- | M] () -- C:\AdwCleaner[R1].txt
    [2013/05/18 20:55:33 | 000,016,269 | ---- | M] () -- C:\AdwCleaner[S1].txt
    [2013/05/18 20:56:47 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
    [2006/12/02 00:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
    [2013/05/18 20:56:49 | 4294,107,136 | -HS- | M] () -- C:\pagefile.sys

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\system32\*.dll /lockedfiles >

    < MD5 for: EXPLORER.EXE >
    [2011/02/26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
    [2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
    [2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
    [2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
    [2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
    [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
    [2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
    [2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
    [2011/02/26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
    [2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
    [2009/08/03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
    [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
    [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
    [2009/10/31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
    [2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
    [2010/11/20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
    [2009/10/31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
    [2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
    [2009/07/14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
    [2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
    [2011/02/26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
    [2009/08/03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

    < MD5 for: IEXPLORE.EXE >
    [2012/06/02 13:47:54 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=004640AB259C1572EBD5FB0A32F63686 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20553_none_0dbfc836999db0ca\iexplore.exe
    [2013/01/09 03:53:45 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=0100BCF23941C83462E4A70F94C3392E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16464_none_0d2c5bc980874648\iexplore.exe
    [2012/05/18 01:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=0129BB16161C2FD9A6B19111AB047198 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16446_none_1798a687b4d6030f\iexplore.exe
    [2011/11/05 07:28:03 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=0377589BF14A6E5667B730D6D6DB59B4 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16912_none_0fae4f323e42a646\iexplore.exe
    [2012/11/14 04:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation) MD5=0D286C0FE561D1A7EB30E83A0FF305B2 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16457_none_178ed6e5b4dd3857\iexplore.exe
    [2012/06/29 07:02:52 | 000,754,784 | ---- | M] (Microsoft Corporation) MD5=1223ACBFC1093852DFF039E189599BBD -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16448_none_0d45fcc9807373c2\iexplore.exe
    [2012/08/24 09:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=22CC6CDBA678790046693654C3B212E4 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16450_none_1787d4dfb4e386f6\iexplore.exe
    [2013/02/22 09:04:50 | 000,763,520 | ---- | M] (Microsoft Corporation) MD5=25B53709A37C3FD814B68EA0A92D18F9 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16476_none_0d238c71808d94e7\iexplore.exe
    [2012/05/18 00:59:46 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=268982F1FD671A077C6A2AF41E351436 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20551_none_181271f4ce004017\iexplore.exe
    [2012/10/08 10:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=270A1342BD5AF95CA25A586B4C2F1522 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16455_none_178cd651b4df05a9\iexplore.exe
    [2009/09/01 02:41:18 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_19ba3f8a72d988f3\iexplore.exe
    [2012/08/24 13:23:44 | 000,754,824 | ---- | M] (Microsoft Corporation) MD5=2D53C5F71653EF94E7829846405D4ED2 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16450_none_0d332a8d8082c4fb\iexplore.exe
    [2013/02/22 06:10:00 | 000,757,376 | ---- | M] (Microsoft Corporation) MD5=32732CEDE2A1106B736EF3D84054EE04 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16476_none_177836c3b4ee56e2\iexplore.exe
    [2012/06/02 11:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=34B01BBD8F00B6B9C9248DC4F1E3CD01 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16447_none_1799a6d1b4d51c66\iexplore.exe
    [2011/12/16 10:03:08 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=38668C6CADABC9487C683FADD3D165D0 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16930_none_19eb591872b56d75\iexplore.exe
    [2013/04/05 00:47:49 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=3F00BE80B9CEA20B7FE7363D15EDDB94 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
    [2013/04/05 00:47:49 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=3F00BE80B9CEA20B7FE7363D15EDDB94 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16483_none_176a65f9b4f926ce\iexplore.exe
    [2013/02/22 06:10:31 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=4145E2B5663F6FACC08EFDB17B658BB2 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20586_none_17f703a2ce14129d\iexplore.exe
    [2011/08/20 06:35:15 | 000,673,024 | ---- | M] (Microsoft Corporation) MD5=41FE5E37EFE0B587A688BA0E4FA41288 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16869_none_19d3ea0872c5a830\iexplore.exe
    [2011/11/05 07:34:31 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=441C397A9ECF07747920F7F5E40B419B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21085_none_0fef13a357968bc7\iexplore.exe
    [2012/10/08 14:29:46 | 000,754,848 | ---- | M] (Microsoft Corporation) MD5=49442BA6DCE4B4E3C1CB0AB193FE29AD -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16455_none_0d382bff807e43ae\iexplore.exe
    [2012/05/18 04:51:05 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=4E99F42504A99D5024C2EFA015001937 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16446_none_0d43fc3580754114\iexplore.exe
    [2012/08/24 12:49:07 | 000,754,824 | ---- | M] (Microsoft Corporation) MD5=5A150AFABB25BEA50CEDC8650A7B8A9E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20557_none_0dc3c95e999a1626\iexplore.exe
    [2012/06/29 04:45:31 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=5D03518409F37D1483C98869D86E23FF -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20554_none_0dc0c880999cca21\iexplore.exe
    [2012/06/02 14:52:21 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=610F6596921C4BAA8834ADBB9BE272EE -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16447_none_0d44fc7f80745a6b\iexplore.exe
    [2012/08/24 09:49:25 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=62188720CE27B982B4285C03163C9FB3 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20557_none_181873b0cdfad821\iexplore.exe
    [2013/01/09 00:42:06 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=698EB1E5F8C66344D97C00B5699E871D -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16464_none_1781061bb4e80843\iexplore.exe
    [2011/06/21 08:14:22 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=6B2383EDA3956983E3219A62D8408DAB -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20992_none_0fe16ab757a12871\iexplore.exe
    [2011/06/21 07:25:30 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=6BB506124872ACDFAC5BD912CA1334CE -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20992_none_1a3615098c01ea6c\iexplore.exe
    [2013/02/02 10:09:12 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=7C2923004FFC497E54F38E835F108EE8 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20580_none_0d9c579499b8b898\iexplore.exe
    [2010/11/20 15:28:25 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe
    [2011/11/05 06:38:00 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=8ED7C19AEFA3673AADB0D6864B03FBCE -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16912_none_1a02f98472a36841\iexplore.exe
    [2012/03/16 01:43:12 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_17a944edb4ca4c7a\iexplore.exe
    [2012/06/29 03:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=93569D46D79F9756ED077156496AFE23 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16448_none_179aa71bb4d435bd\iexplore.exe
    [2013/04/05 03:55:57 | 000,763,504 | ---- | M] (Microsoft Corporation) MD5=A1B0DEC3BB845C6369F97BC1A3542A07 -- C:\Program Files\Internet Explorer\iexplore.exe
    [2013/04/05 03:55:57 | 000,763,504 | ---- | M] (Microsoft Corporation) MD5=A1B0DEC3BB845C6369F97BC1A3542A07 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16483_none_0d15bba7809864d3\iexplore.exe
    [2013/02/02 06:19:03 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=A285E1965C115031DA02B777EE9D7689 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20580_none_17f101e6ce197a93\iexplore.exe
    [2011/06/21 07:37:00 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=A3AB0A260049BE22AB52E302D9220A92 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16839_none_19f459cc72ad545d\iexplore.exe
    [2011/12/16 10:45:57 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=A3F56CED7B94A30BE8954387F0E2B5D2 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16930_none_0f96aec63e54ab7a\iexplore.exe
    [2011/11/05 06:39:45 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=A8A14CD0CB499B80412F75D53996AE29 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21085_none_1a43bdf58bf74dc2\iexplore.exe
    [2013/02/02 09:37:58 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=A8EBEBCD9F5C49475194099FCD276992 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16470_none_0d1d8ab58092fcdd\iexplore.exe
    [2011/08/20 07:46:07 | 000,696,576 | ---- | M] (Microsoft Corporation) MD5=AC1CC7CD5CBE60EFF105BB3C0DC199C5 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16869_none_0f7f3fb63e64e635\iexplore.exe
    [2012/11/16 05:08:58 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=AC4957E154F750DF54F36ADC8E3E040D -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20565_none_0db6f8de99a3ff69\iexplore.exe
    [2013/02/22 09:17:45 | 000,763,520 | ---- | M] (Microsoft Corporation) MD5=B21A57AA4CB928059A0C0C58A9E77A02 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20586_none_0da2595099b350a2\iexplore.exe
    [2011/06/21 08:21:24 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=B38DE184AC135A4B0AE7D286476FA33F -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16839_none_0f9faf7a3e4c9262\iexplore.exe
    [2012/06/02 10:51:58 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=BE967C74B89577B78FB57C061E12B04C -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20553_none_18147288cdfe72c5\iexplore.exe
    [2013/04/04 23:55:02 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=C036AB1ED8BAC04FE4A349BA263077BB -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20593_none_17e932d8ce1ee289\iexplore.exe
    [2011/12/16 10:42:35 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=C152529FD67ABB61F0609EF5A299794C -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21108_none_104895c75752f56b\iexplore.exe
    [2013/04/05 02:40:37 | 000,763,504 | ---- | M] (Microsoft Corporation) MD5=C4A4F4AD91677DA1659A9ADE63746B8B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20593_none_0d94888699be208e\iexplore.exe
    [2011/12/16 11:19:51 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=C53E41F92B19EC97D987F968403BEC49 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21108_none_1a9d40198bb3b766\iexplore.exe
    [2010/11/20 14:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
    [2011/08/20 07:42:38 | 000,696,576 | ---- | M] (Microsoft Corporation) MD5=C66C8BF791F9DB974022506265518EE0 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21033_none_102322ab576fcd64\iexplore.exe
    [2012/10/08 10:22:05 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=CECB15F834FC2B4B150449717ADE18DD -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20562_none_1808a252ce07755f\iexplore.exe
    [2013/02/02 06:19:04 | 000,757,296 | ---- | M] (Microsoft Corporation) MD5=DDE5A0DFAF7C6370FB36402D7A746ED3 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16470_none_17723507b4f3bed8\iexplore.exe
    [2012/06/29 01:35:27 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=EB4105348272018D096FEB655CD1608C -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20554_none_181572d2cdfd8c1c\iexplore.exe
    [2013/01/09 02:51:57 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=EF1F6F41FB2C9BBB484B21017F380201 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20573_none_0daa285e99ade8ac\iexplore.exe
    [2013/01/08 23:32:42 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=F05982E56ABD835AA8DF260EEC873E5B -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20573_none_17fed2b0ce0eaaa7\iexplore.exe
    [2012/03/16 01:43:11 | 000,754,480 | ---- | M] (Microsoft Corporation) MD5=F1424C1B9B1813BF825E45DF3790BC8A -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_0d549a9b80698a7f\iexplore.exe
    [2009/09/01 02:41:18 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=F2B0D41E1D08D0B2006DF5AA2E74C81E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_0f6595383e78c6f8\iexplore.exe
    [2012/10/08 13:09:10 | 000,754,824 | ---- | M] (Microsoft Corporation) MD5=F61714ABCF9BF0CEF0A6249AD4FD490B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20562_none_0db3f80099a6b364\iexplore.exe
    [2012/11/14 04:19:28 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=F691418EE9A6344AEB5C1B0518FBF8AE -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20565_none_180ba330ce04c164\iexplore.exe
    [2012/05/18 03:37:57 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=F8B2D47ED17C1D087D14EC747E5AC57A -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20551_none_0dbdc7a2999f7e1c\iexplore.exe
    [2011/08/20 06:32:44 | 000,673,024 | ---- | M] (Microsoft Corporation) MD5=FA623BE79902A7B49FF4F21117B63C83 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21033_none_1a77ccfd8bd08f5f\iexplore.exe
    [2012/11/14 09:11:18 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=FD0D2E1FAEBAE5031BE2EB8000D973F1 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16457_none_0d3a2c93807c765c\iexplore.exe

    < MD5 for: SVCHOST.EXE >
    [2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
    [2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
    [2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
    [2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

    < MD5 for: USERINIT.EXE >
    [2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
    [2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
    [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
    [2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
    [2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
    [2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
    [2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
    [2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
    [2009/10/28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
    [2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

    < End of report >
    m
    0
    l
    18 Mai 2013 21:55:24

    Je ne sais pas trop bien ce que tu attends comme tableau! Voila ce que j'ai pu copier/coller

    Agnitum 20130518
    AhnLab-V3 20130518
    AntiVir 20130518
    Antiy-AVL 20130518
    Avast 20130518
    AVG 20130518
    BitDefender 20130518
    ByteHero 20130517
    CAT-QuickHeal 20130518
    ClamAV 20130518
    Commtouch 20130518
    Comodo 20130518
    DrWeb 20130518
    Emsisoft 20130518
    eSafe 20130516
    ESET-NOD32 20130518
    F-Prot 20130518
    F-Secure 20130518
    Fortinet 20130518
    GData 20130518
    Ikarus 20130518
    Jiangmin 20130518
    K7AntiVirus 20130517
    K7GW 20130517
    Kaspersky 20130518
    Kingsoft 20130506
    Malwarebytes 20130518
    McAfee 20130518
    McAfee-GW-Edition 20130518
    Microsoft 20130518
    MicroWorld-eScan 20130518
    NANO-Antivirus 20130518
    Norman 20130518
    nProtect 20130518
    Panda 20130518
    PCTools 20130518
    Rising 20130517
    Sophos 20130518
    SUPERAntiSpyware 20130518
    Symantec 20130518
    TheHacker 20130516
    TotalDefense 20130517
    TrendMicro 20130518
    TrendMicro-HouseCall 20130518
    VBA32 20130518
    VIPRE 20130518
    ViRobot 20130518
    m
    0
    l
    a b 8 Sécurité
    19 Mai 2013 11:22:11

    Hello :) 

    Ok on approche de la fin :

    1)

    • Télécharge Malwarebytes' Anti-Malware (MBAM) (de Marcin Kleczynski et Bruce Harriss).

    • Installe-le, puis mets bien à jour le programme à la fin de l'installation.

    • Une fois l'opération terminée, MBAM se lance. Vérifie que la case Examen rapide est bien cochée, puis appuye sur Rechercher (encadré en rouge dans l'image ci-dessous )



    • A la fin de l'analyse, un message va s'afficher :
      L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
      ou bien :
      L'examen s'est terminé normalement. Aucun élément nuisible n'a été détecté.


    • Clique sur OK pour continuer. Si MBAM n'a rien trouvé, fais-le moi savoir et quitte le programme.

    • Si il a trouvé des malwares (donc si tu obtiens le message "Afficher les résultats' pour afficher tous les objets trouvés"), continue :

    • !! Ferme toutes les applications en cours !!(à part MBAM)

    • Clique sur Afficher les résultats.

    • Coche toutes les cases et clique sur Supprimer la sélection. Ainsi, les malwares vont être mis en quarantaine.

    • Un rapport va s'afficher. Colle ce rapport dans ta prochaine réponse stp ;) 


  • 2)

    Comment se comporte le PC ? La toolbar a-t-elle disparu ?
    m
    0
    l
    19 Mai 2013 19:10:36

    Bonsoir,
    MBAM n'a rien trouvé! La toolbar a disparu et le pc se comporte bien!
    MERCI beaucoup!
    Dois-je désinstaller tous les logiciels que tu m'as fait installé?

    J'aimerai faire une analyse de mon pc portable aussi! Est-ce possible? Dois-je créer un autre topic?

    Bonne soirée
    Vincent
    m
    0
    l

    Meilleure solution

    a b 8 Sécurité
    20 Mai 2013 11:28:22

    Bien le bonjour en ce lundi férié :) 

    Okay parfait. Oui tu peux désinstaller les outils qu'on a utilisés, tu peux cependant garder MBAM qui peut être utile pour scanner de temps en temps ton PC :)  Pour ton autre PC, merci de créer un autre sujet car chaque désinfection est unique, comme ça on y verra plus clair. Un helper (moi ou quelqu'un d'autre) te prendra en charge.

    On termine avec ceci :

    1)

    Important : purge de la restauration du système


    --> Il y a toujours des virus dans tes points de restauration. Suis ce tuto pour la purger.

    N'oublie pas de créer un nouveau point de restauration une fois l'opération effectuée (en appuyant sur le bouton créer)

    - Tu peux désinstaller les outils qu'on a utilisés.
    - Tu peux éditer tes messages pour masquer ton vrai nom.

    2)


    IMPORTANT : Prévention



    Les virus sur ton ordi étaient liés à des programmes publicitaires. Je te conseille de consulter ce lien pour les éviter à l'avenir : Stop la pub !

    ********************************

    Logiciels de sécurité conseillés :

    Anti-virus : Avast 8.0

    Pour scanner tes fichiers : MBAM

    ********************************

    Attention, contrairement aux idées reçues :

    • Ne jamais avoir deux anti-virus avec la protection en temps réelle activée, c'est la meilleure façon de créer des conflits. Plusieurs anti-virus actifs peuvent s'entraver, et, au final, le PC que l'on croyait plus sécurisé devient une vraie passoire...

    • Les anti-spywares ne servent à rien !!

  • Je te conseille fortement de ne pas installer des packs de "transformation', qui donnent par exemple l'allure de Windows Vista à un Windows XP. Ce genre de programmes posent beaucoup de problèmes !!!

    Enfin, n'oublie pas que la meilleure protection de ton ordinateur, c'est toi !



  • 3)

    Si tu estimes que ton problème est résolu, sélectionne une meilleure réponse, ou bien :

    Ajoute [Résolu] au titre de ton sujet :

    • Clique, dans ton premier message, sur le bouton Editer .

    • Ajoute [Résolu] devant le titre.

    • Clique ensuite sur Valider votre message.


  • Sois plus vigilant(e) sur Internet ! ;) 

    A+ sur Tom's Guide :hello: 
    partage
    20 Mai 2013 23:12:38

    Bonsoir,
    merci beaucoup et fini les téléchargements sur 01net!
    @+
    m
    0
    l
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS