Il y a actuellement 55 visiteurs
Vendredi 01 Juillet 2022
accueilactualitésdossierscomparer les prixtélécharger gratuitement vos logicielsoffres d'emploiforum informatique
Connexion
Créer un compte

Peur d'être hack ou contrôle de PC

Un ordinateur qui ralentit, des écrans publicitaires qui apparaissent, des applications qui refusent de démarrer ou encore votre navigateur qui s'obstine à ouvrir une page douteuse sont autant d'éléments qui indiquent que l'intégrité de votre ordinateur est menacée par un virus. Vous trouverez dans ce forum quelques conseils et logiciels pour surfer tranquillement.
Règles du forum
Pour afficher un rapport d'analyse ou un rapport d'infection (HijackThis, OTL, AdwCleaner etc...)‎, veuillez utiliser le système de fichiers joints interne au forum. Seuls les formats les .txt et .log de moins de 1Mo sont acceptés. Pour obtenir de l'aide pour insérer vos fichiers joints, veuillez consulter ce tutoriel

Peur d'être hack ou contrôle de PC

Message le 18 Mai 2012 17:42

Bonjour à tous,
Je vous écris car j'ai bien peur de m'être fait hack ou qu'une personne arrive à s'infiltrer sur mon PC.
Je crois aussi avoir des objets cachés, ou des virus.. Je ne m'y connais pas vraiment en informatique.
Pour l'instant, j'ai téléchargé Malwarebytes Anti-Malware, une analyse est en cours.
Que dois-je faire ensuite ? Merci d'avance à vous.
HelpMePlease
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 10
Inscription: 18 Mai 2012 17:39
 


Re: Peur d'être hack ou contrôle de PC

Message le 18 Mai 2012 17:44

Salut et bienvenue sur PC-Infopratique,

Qu'est-ce qui te fais penser cela ?
"Ce que tu gardes pour toi s'en ira mourir... C'est ce que tu donnes qui te restera" (JF Bernardini / I muvrini )
Image
.1948 | 2012
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Re: Peur d'être hack ou contrôle de PC

Message le 18 Mai 2012 17:47

Merci à toi.
Suite à une menace d'une personne qui m'a dit qu'il avait accès à mon ordinateur et dans une analyse que j'avais faite sur Avira, l'antivirus à trouvé 65 objets cachés et dans l'analyse que je suis en train de faire sur Malwarebytes il y a déjà 21 éléments détectés.
J'ignore comment tous supprimer..
HelpMePlease
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 10
Inscription: 18 Mai 2012 17:39
 

Re: Peur d'être hack ou contrôle de PC

Message le 18 Mai 2012 17:51

OK,

tu peux supprimer tout ce que trouvera malwarebyte sans risque, ensuite poste moi le rapport Malwarebyte que je vois si il faut approfondir la chose :wink:
"Ce que tu gardes pour toi s'en ira mourir... C'est ce que tu donnes qui te restera" (JF Bernardini / I muvrini )
Image
.1948 | 2012
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Re: Peur d'être hack ou contrôle de PC

Message le 18 Mai 2012 17:57

sinom telecharge et installe ZHPDIAG
++ :wink:
@Atom @Web ici vous vivrez éternellement. ∞
« La question de savoir si un ordinateur peut penser n'est pas plus intéressante que de savoir si un sous-marin peut nager »
Avatar de l'utilisateur
whishess
Expert(e)
Expert(e)
 
Messages: 1782
Inscription: 25 Mar 2012 13:36
 

Re: Peur d'être hack ou contrôle de PC

Message le 18 Mai 2012 18:10

N'installes pas ZHPDiag, perso je me sert d'autres outils de diagnostique.
"Ce que tu gardes pour toi s'en ira mourir... C'est ce que tu donnes qui te restera" (JF Bernardini / I muvrini )
Image
.1948 | 2012
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Re: Peur d'être hack ou contrôle de PC

Message le 18 Mai 2012 18:18

Il est bien pourtant mais qu'utilise tu alors
++ :wink:
@Atom @Web ici vous vivrez éternellement. ∞
« La question de savoir si un ordinateur peut penser n'est pas plus intéressante que de savoir si un sous-marin peut nager »
Avatar de l'utilisateur
whishess
Expert(e)
Expert(e)
 
Messages: 1782
Inscription: 25 Mar 2012 13:36
 

Re: Peur d'être hack ou contrôle de PC

Message le 18 Mai 2012 18:20

Merci pour vos réponses, j'attend déjà que Malwarebytes termine son analyse, c'est très long.. J'ai fais un examen complet faut dire. :)
HelpMePlease
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 10
Inscription: 18 Mai 2012 17:39
 

Re: Peur d'être hack ou contrôle de PC

Message le 18 Mai 2012 19:01

le scan complet ne sert pas à grand chose, il ne fait rien de plus sur Windows qu'un examen rapide..et si tu as un gros disque dure avec beaucoup de documents, cela risque d'être très long :wink:
"Ce que tu gardes pour toi s'en ira mourir... C'est ce que tu donnes qui te restera" (JF Bernardini / I muvrini )
Image
.1948 | 2012
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Re: Peur d'être hack ou contrôle de PC

Message le 18 Mai 2012 19:47

L’examen vient de se terminer ( examen rapide ) voilà les résultats :


Code: Tout sélectionner
[Malwarebytes Anti-Malware (Essai) 1.61.0.1400
http://www.malwarebytes.org

Version de la base de données: v2012.05.18.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Sabrinaa :: NEVERLAND [administrateur]

Protection: Activé

18/05/2012 20:36:04
mbam-log-2012-05-18 (20-45-50).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 293325
Temps écoulé: 8 minute(s), 2 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 32
HKCR\CLSID\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Aucune action effectuée.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLab) -> Aucune action effectuée.
HKCR\Interface\{55555555-5555-5555-5555-550055225558} (Adware.GamePlayLab) -> Aucune action effectuée.
HKCR\CrossriderApp0002258.BHO.1 (Adware.GamePlayLab) -> Aucune action effectuée.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Aucune action effectuée.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Aucune action effectuée.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Aucune action effectuée.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Aucune action effectuée.
HKCR\CLSID\{22222222-2222-2222-2222-220022222258} (Adware.GamePlayLab) -> Aucune action effectuée.
HKCR\CrossriderApp0002258.Sandbox.1 (Adware.GamePlayLab) -> Aucune action effectuée.
HKCR\CrossriderApp0002258.Sandbox (Adware.GamePlayLab) -> Aucune action effectuée.
HKCR\CLSID\{33333333-3333-3333-3333-330033223358} (Adware.GamePlayLab) -> Aucune action effectuée.
HKCR\CrossriderApp0002258.FBApi.1 (Adware.GamePlayLab) -> Aucune action effectuée.
HKCR\CrossriderApp0002258.FBApi (Adware.GamePlayLab) -> Aucune action effectuée.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Aucune action effectuée.
HKCR\CrossriderApp0002258.BHO (Adware.GamePlayLab) -> Aucune action effectuée.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This (Adware.GamePlayLab) -> Aucune action effectuée.
HKCR\CrossriderApp0002258.BHO (PUP.CrossFire.Gen) -> Aucune action effectuée.
HKCR\CrossriderApp0002258.BHO.1 (PUP.CrossFire.Gen) -> Aucune action effectuée.
HKCR\CrossriderApp0002258.FBApi (PUP.CrossFire.Gen) -> Aucune action effectuée.
HKCR\CrossriderApp0002258.FBApi.1 (PUP.CrossFire.Gen) -> Aucune action effectuée.
HKCR\CrossriderApp0002258.Sandbox (PUP.CrossFire.Gen) -> Aucune action effectuée.
HKCR\CrossriderApp0002258.Sandbox.1 (PUP.CrossFire.Gen) -> Aucune action effectuée.
HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Aucune action effectuée.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Aucune action effectuée.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Aucune action effectuée.
HKCR\CLSID\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Aucune action effectuée.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (PUP.GamePlayLab) -> Aucune action effectuée.
HKCR\Interface\{55555555-5555-5555-5555-550055225558} (PUP.GamePlayLab) -> Aucune action effectuée.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Aucune action effectuée.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Aucune action effectuée.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Aucune action effectuée.

Valeur(s) du Registre détectée(s): 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This|Publisher (Adware.GamePlayLab) -> Données: 215 Apps -> Aucune action effectuée.

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 1
C:\Program Files (x86)\I Want This (Adware.GamePlayLab) -> Aucune action effectuée.

Fichier(s) détecté(s): 13
C:\Program Files (x86)\I Want This\I Want This.dll (Adware.GamePlayLab) -> Aucune action effectuée.
C:\Users\Rodmilla\Downloads\SoftonicDownloader_pour_media-player-codec-pack.exe (PUP.ToolbarDownloader) -> Aucune action effectuée.
C:\Program Files (x86)\I Want This\I Want This.ini (Adware.GamePlayLab) -> Aucune action effectuée.
C:\Program Files (x86)\I Want This\appAPIinternalWrapper.js (Adware.GamePlayLab) -> Aucune action effectuée.
C:\Program Files (x86)\I Want This\fb.js (Adware.GamePlayLab) -> Aucune action effectuée.
C:\Program Files (x86)\I Want This\I Want This.exe (Adware.GamePlayLab) -> Aucune action effectuée.
C:\Program Files (x86)\I Want This\I Want This.ico (Adware.GamePlayLab) -> Aucune action effectuée.
C:\Program Files (x86)\I Want This\I Want ThisGui.exe (Adware.GamePlayLab) -> Aucune action effectuée.
C:\Program Files (x86)\I Want This\I Want ThisInstaller.log (Adware.GamePlayLab) -> Aucune action effectuée.
C:\Program Files (x86)\I Want This\jquery.js (Adware.GamePlayLab) -> Aucune action effectuée.
C:\Program Files (x86)\I Want This\json.js (Adware.GamePlayLab) -> Aucune action effectuée.
C:\Program Files (x86)\I Want This\Uninstall.exe (Adware.GamePlayLab) -> Aucune action effectuée.
C:\Program Files (x86)\I Want This\I Want This.dll (PUP.GamePlayLab) -> Aucune action effectuée.

(fin)


Merci de ton aide. :)
HelpMePlease
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 10
Inscription: 18 Mai 2012 17:39
 

Re: Peur d'être hack ou contrôle de PC

Message le 18 Mai 2012 20:48

Tu as bien tout sélectionnés et cliqué sur "supprimer la sélection" ?
"Ce que tu gardes pour toi s'en ira mourir... C'est ce que tu donnes qui te restera" (JF Bernardini / I muvrini )
Image
.1948 | 2012
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Re: Peur d'être hack ou contrôle de PC

Message le 18 Mai 2012 20:53

Ah oui, mince, je t'ai envoyé le rapport avant d'avoir supprimer les programmes infectés :x
Mais j'ai bien fais supprimer la sélection.
HelpMePlease
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 10
Inscription: 18 Mai 2012 17:39
 

Re: Peur d'être hack ou contrôle de PC

Message le 18 Mai 2012 20:54

ok, :wink:

* Télécharge >> OTL <<sur ton bureau.

* Fait un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "rapport minimal " soit cochée.

* Coches les case situées devant "Tous les utilisateurs", " Recherche LOP" et "Recherche Purity".

* Copier et colle le contenue de cette citation dans la partie inférieure d'OTL "personnalisation"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon /s
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command /s
%temp%\smtmp\1\*.* /s
%temp%\smtmp\2\*.* /s
%temp%\smtmp\4\*.* /s
nslookup www.google.fr /c
SAVEMBR:0
NetSvcs
%systemroot%\system32\drivers\*.sys /lockedfiles
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
netsvcs
/md5start
dwm.exe
taskhost.exe
taskeng.exe
wscntfy.exe
ctfmon.exe
rdpclip.exe
volsnap.sys
sptd.sys
explorer.exe
userinit.exe
winlogon.exe
wininit.exe
tcpip.sys
Sfloppy.sys
Changer.sys
cdrom.sys
disk.sys
ndis.sys
usbscan.sys
usbprint.sys
tdtcp.sys
tdpipe.sys
swmidi.sys
splitter.sys
rdpwd.sys
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
RASACD.SYS
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%APPDATA%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\*.*



* Cliques sur l'icône "Analyse" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( réduit dans la barre des taches).
* Copie et colle les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL
"Ce que tu gardes pour toi s'en ira mourir... C'est ce que tu donnes qui te restera" (JF Bernardini / I muvrini )
Image
.1948 | 2012
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Re: Peur d'être hack ou contrôle de PC

Message le 18 Mai 2012 21:18

Voici les deux rapports :

Rapport Extra.Txt :
Code: Tout sélectionner

OTL Extras logfile created on: 18/05/2012 22:01:21 - Run 1
OTL by OldTimer - Version 3.2.43.0     Folder = C:\Users\Sabrinaa\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
5,80 Gb Total Physical Memory | 4,01 Gb Available Physical Memory | 69,14% Memory free
11,60 Gb Paging File | 9,40 Gb Available in Paging File | 81,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 678,16 Gb Total Space | 547,70 Gb Free Space | 80,76% Space Free | Partition Type: NTFS
Drive D: | 16,31 Gb Total Space | 1,77 Gb Free Space | 10,84% Space Free | Partition Type: NTFS
Drive E: | 3,96 Gb Total Space | 1,08 Gb Free Space | 27,32% Space Free | Partition Type: FAT32
 
Computer Name: NEVERLAND | User Name: Sabrinaa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /unknown "%1" (Filefacts.net)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /unknown "%1" (Filefacts.net)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{26ECCCF4-6BA1-4146-A771-F0D1BF54D11B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3232AD62-6067-4D3F-853F-E9F6EFA80B78}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{3DC2FBAC-9EB1-4D9E-A1A4-501AECC79B0B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4E75CAF3-7DC0-4078-8ED9-A8887CC6DED1}" = rport=445 | protocol=6 | dir=out | app=system |
"{6238CB5D-01BB-4C10-91A1-1B739D04FB50}" = lport=137 | protocol=17 | dir=in | app=system |
"{9289BB05-07E3-4280-8908-234DC3BE8BE0}" = rport=139 | protocol=6 | dir=out | app=system |
"{936B9592-1F44-4A17-9A7F-FA9C897F4D71}" = lport=139 | protocol=6 | dir=in | app=system |
"{9EE3ED1E-4C1A-4FFA-9012-C7C833C410D0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B1456FBA-FD47-446E-91E9-679C1FFD93C8}" = lport=138 | protocol=17 | dir=in | app=system |
"{B27BD256-FC6B-461B-AF79-E7D54EF9BD42}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B551438E-BF9F-4033-9616-C6588A8011F8}" = rport=138 | protocol=17 | dir=out | app=system |
"{B84C73FF-825C-463C-96B9-32D630AC15B8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B8C61F64-243A-4B42-B005-8283C3789984}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{C4822C8E-91A2-4A82-9123-9CBE98D8BB92}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D4BEEB6E-67FC-4160-8EF9-CF9C7148C6BC}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DBB7BE3D-2033-4F27-AF91-25BEC0492B25}" = rport=137 | protocol=17 | dir=out | app=system |
"{E9299545-0E20-4F0C-B58C-10DCDCB9FAEF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EA3D0FC4-9728-43A5-A3FE-E2B555D2235A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F3E5AE73-3591-4459-8193-DBF3EDCD885A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F52F90AD-CAA5-418C-B94A-D283B9C957A8}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F69FE2C3-E857-462C-BF29-6303A7513567}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F8DF7B6D-AA7A-4EB9-B9B1-540C8AF8B143}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FBDBAA26-C923-42E7-B7C3-2DB336DC0EFB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FDE8DA6B-BA94-4BF7-9571-29A2C9DE925F}" = lport=445 | protocol=6 | dir=in | app=system |
"{FE6351B4-F5C3-4D78-A71E-FB86C7FFBA15}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0617921A-B0E6-44F2-BF2F-315CC84F51B5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{09ECB0F3-F762-4F04-B1FB-880D93865E85}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{18B2E20D-871D-4245-8BAC-2B9AC6FEC536}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{215828CC-4298-4FB1-BD3B-24067823A6FB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2D99A26E-B4B6-4733-921A-C69788680146}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{325BA14C-2636-425A-B08F-1705CB273844}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3D06F625-2579-46E3-AD0F-EB20D61192C2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{42FA7DEF-F976-4FFA-A2CC-6AFC850F2DE3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii - public demo\launcher.exe |
"{4C3ADA7C-6BAA-436A-AA88-1301C6A62C7B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{501E250A-F805-4868-B691-026B0CEFF164}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{519769EE-ED78-4E49-A846-478775010826}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{525CEE2E-6246-493C-98A7-1721A5AD7670}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{5273665F-B3B9-44D9-BB61-4356EE247CA2}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe |
"{5B91EAE8-FEF4-4494-91FD-D81783E89D13}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{5F75D9AA-8B64-49F9-9C3C-1F2EEAD82CC2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{694A275C-2FBC-48B8-8CAB-33C818107E95}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{726277B9-C7D5-44F4-BAA2-FB6D15AC1FC3}" = protocol=6 | dir=out | app=system |
"{74694205-C39B-4CDD-B4F3-A95D8F09F649}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{76B9B0CC-A689-4F91-8020-41E45E66304D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8F5ED59F-B73D-4332-ABF6-0E9EAF96B7DD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{929DE5C9-1F50-4BD6-9077-26F5DEF8A5A8}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{95F6B9D8-1397-4318-9390-D3D23AE87A91}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{99AA5267-A09B-44AD-8CAA-28742E173343}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii - public demo\launcher.exe |
"{A518F148-761C-417A-8F8D-350ED312E188}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{A5525453-DE8F-402E-9778-24C77E45E8C9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A668410B-4BD9-445A-A0F1-D8B52EBBDF17}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BD1F6268-461E-4131-9B53-D68D5C17588C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CD2BCDB9-46EC-4675-BD3B-349369EF550D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D9C61A36-4DFA-4A8E-A183-28BC7D421194}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DA8E8926-6F1A-4235-A825-FB08D2E1A8EB}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{EB78FC44-AA95-43D8-A38F-775600472227}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{F6C62136-AA60-4DDF-938A-44B2049A8A29}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F86CFFEF-FAF6-491E-A96A-86A41F0DEFE2}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{F880189B-9AC5-4926-8D51-FC5FF31C2DF7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{FC113478-5C06-4411-A100-7BA90E1F6E36}" = dir=in | app=c:\program files (x86)\easybits for kids\ezdesktop.exe |
"TCP Query User{04005F96-1764-44A5-B59B-0CD8C732B774}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{53847F3B-1D10-45D7-89C6-D14465CBCD87}C:\program files (x86)\1clickdownload\1clickdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownloader.exe |
"TCP Query User{744125B2-1833-4DF0-A3D1-891168B6BD6D}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe |
"TCP Query User{89DF3FE1-C415-4B29-88A6-E2B26BE8AFC5}C:\program files (x86)\secondlifeviewer\slvoice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\secondlifeviewer\slvoice.exe |
"TCP Query User{E184764B-BCA1-4CE6-9F78-0EAFBFADC797}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{082AFC96-44A0-4873-8EBA-7B43E68D284A}C:\program files (x86)\secondlifeviewer\slvoice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\secondlifeviewer\slvoice.exe |
"UDP Query User{0D37FEB7-2BFB-4E0F-B027-AB59C50D3C75}C:\program files (x86)\1clickdownload\1clickdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownloader.exe |
"UDP Query User{74FDD954-A18C-452F-BEC3-C5CC1B3DC558}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{8BC780EB-A1B8-4F5E-B096-6B346F74B635}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{9B62FBE9-EAFF-4EDF-B0E7-DE615C42E5E0}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe |
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{4B5F58F7-C7D1-3CE3-9B37-B657F0852643}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-040C-1000-0000000FF1CE}" = Microsoft Office « Démarrer en un clic » 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CAB2212-0732-4827-8EC4-61D8EF0AA65B}" = HP Launch Box
"{A39AE3AE-9808-39D2-AB7B-FF5F0335095E}" = Microsoft .NET Framework 4 Extended FRA Language Pack
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panneau de configuration NVIDIA 268.47
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Pilote graphique 268.47
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Extended FRA
"SynTPDeinstKey" = Synaptics TouchPad Driver
"WinRAR archiver" = WinRAR 4.01 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{006E6A46-8D55-4F10-BBA8-2C9653B4278B}" = Software Update Helper
"{00A42832-B21A-4296-B5F4-D296D0BC4A3E}" = HP Quick Launch
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{05653DE1-6567-40C6-B930-39D399B64369}" = OpenOffice.org 3.3
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1235083F-52F9-44CC-9DF5-F9B7802BB9B7}" = ISO Recorder
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2AE21A08-FF8E-44CF-84C7-F5571DBF7360}_is1" = Roadkil's Disk Image Version 1.6
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E526F25-8B1F-46AA-B50C-BBDA00EDFF66}" = BluetoothPCDialer
"{5036764A-435D-40C9-869C-31085A3D741D}" = HP Setup
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D335F5D-4185-4AD8-8E6D-64D8D4AB80D7}" = HP Software Framework
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{872B1C80-38EC-4A31-A25C-980820593900}" = HP Power Manager
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B52057C-15DB-433E-957C-E279BC7D07E3}" = HP QuickWeb
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT5390 802.11b/g/n WiFi Adapter
"{90140011-0066-040C-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Français
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}" = HP On Screen Display
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV pour Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE15C5EC-7C30-44BF-ACEB-03960FC5601D}" = HP Documentation
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1
"{EC510574-6981-4584-BA53-55929B4B7CA5}" = Boxore Client
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.3
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1ClickDownloader" = 1ClickDownloader
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
"Avira AntiVir Desktop" = Avira Free Antivirus
"blekkotb" = Spam Free Search Bar
"DAEMON Tools Lite" = DAEMON Tools Lite
"Davory" = Davory
"EasyBits Magic Desktop" = Magic Desktop
"facemoods" = Facemoods Toolbar
"Free Video Converter_is1" = Free Video Converter V 3.1
"GeoGebra" = GeoGebra
"Google Chrome" = Google Chrome
"ImgBurn" = ImgBurn
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"IsoBuster_is1" = IsoBuster 2.8.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Media Player - Codec Pack" = Media Player Codec Pack 4.1.1
"Mozilla Firefox 10.0.2 (x86 fr)" = Mozilla Firefox 10.0.2 (x86 fr)
"Notepad++" = Notepad++
"Office14.Click2Run" = Microsoft Office « Démarrer en un clic » 2010
"PowerISO" = PowerISO
"Smart File Advisor_is1" = Smart File Advisor 1.1.1
"Stellar Phoenix CD DVD Data Recovery_is1" = Stellar Phoenix CD DVD Data Recovery
"TeamViewer 7" = TeamViewer 7
"Tunatic" = Tunatic
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.1
"WildTangent hp Master Uninstall" = HP Games
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live
"WinRAR archiver" = WinRAR 4.00 (32 bits)
"WTA-022c8366-1dd3-4351-a72b-e7bb48dadf81" = Vacation Quest - The Hawaiian Islands
"WTA-03a3f10b-907f-4d71-8302-c446202b01c9" = FATE
"WTA-0708d685-a149-4fc8-bc9d-1eec6a00e942" = Jewel Quest Solitaire
"WTA-1a48c268-6f0d-40c2-add7-2639f15c3af7" = Plants vs. Zombies - Game of the Year
"WTA-1cf46c6c-6ba9-4758-8340-5afe590f80f2" = Jewel Quest: The Sleepless Star - Collector's Edition
"WTA-378ffae4-bb21-4358-86a7-ee8f639d304f" = Mystery of Mortlake Mansion
"WTA-3d5cb8de-0365-4f25-8d67-46366162b79d" = Polar Bowler
"WTA-4584aadf-418d-41b8-b946-c0e69741a470" = Governor of Poker 2 Premium Edition
"WTA-4c8a9464-e960-42ef-a8ed-a478671940b1" = Slingo Deluxe
"WTA-58dfdd41-a8ad-4bfa-a186-9e3a3302550f" = Zuma Deluxe
"WTA-795984d7-3894-4722-8219-8a90293eb70c" = Mah Jong Medley
"WTA-84f8c2e3-7f33-4132-beca-d83ca0e8543d" = Penguins!
"WTA-8a1dc822-7bbf-4a3e-8041-5c1cbfc3d3ec" = Bounce Symphony
"WTA-abd30ea9-2eb4-4432-a837-5e30a5425b6c" = Cradle of Rome 2
"WTA-af726b2c-8237-40e3-881a-5e12b5fb0a15" = Chuzzle Deluxe
"WTA-b64abc0a-0b8f-48a4-aefa-f8e04139954d" = Bejeweled 3
"WTA-bd8362f0-2588-4859-ac2a-acd44466b599" = Chronicles of Albian
"WTA-c16bdb5e-799d-46e3-9baa-8f1bdf0550ff" = Cake Mania
"WTA-d40932c8-1a59-4a0b-ac37-6066bf754e06" = Blasterball 3
"WTA-de96d453-76fc-4396-8dbf-4aa193f91bea" = Virtual Villagers - The Secret City
"WTA-e5d01dca-e878-43ea-a3d6-f6aae71008d2" = Agatha Christie - Peril at End House
"WTA-fcc29be0-74c3-4355-93fc-c45addc2cf6c" = Namco All-Stars: PAC-MAN
"WTA-fd01091d-291e-47cb-9c56-ee4ee0d4146c" = Farm Frenzy
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 07/05/2012 06:23:57 | Computer Name = Neverland | Source = WinMgmt | ID = 10
Description =
 
Error - 07/05/2012 10:46:43 | Computer Name = Neverland | Source = WinMgmt | ID = 10
Description =
 
Error - 07/05/2012 11:21:17 | Computer Name = Neverland | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 07/05/2012 12:47:22 | Computer Name = Neverland | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 07/05/2012 15:04:09 | Computer Name = Neverland | Source = SideBySide | ID = 16842832
Description = La création du contexte d’activation a échoué pour « C:\Users\Sabrinaa\Downloads\SoftonicDownloader_pour_windows-live-messenger-msn-messenger.exe ».
 Erreur dans le fichier de manifeste ou de stratégie «  » à la ligne .  Une version
 de composant nécessaire à l’application est en conflit avec une autre version de
 composant déjà active.  Les composants en conflit sont :  Composant 1 : C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Composant
 2 : C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 08/05/2012 02:30:41 | Computer Name = Neverland | Source = WinMgmt | ID = 10
Description =
 
Error - 08/05/2012 02:35:31 | Computer Name = Neverland | Source = VSS | ID = 8193
Description =
 
Error - 08/05/2012 06:20:17 | Computer Name = Neverland | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 08/05/2012 11:04:20 | Computer Name = Neverland | Source = WinMgmt | ID = 10
Description =
 
Error - 08/05/2012 17:02:41 | Computer Name = Neverland | Source = WinMgmt | ID = 10
Description =
 
[ Hewlett-Packard Events ]
Error - 12/05/2012 05:23:30 | Computer Name = Neverland | Source = HPSF.exe | ID = 4000
Description =
 
Error - 12/05/2012 05:24:34 | Computer Name = Neverland | Source = HPSF.exe | ID = 4000
Description =
 
Error - 12/05/2012 05:25:10 | Computer Name = Neverland | Source = HPSF.exe | ID = 4000
Description =
 
Error - 12/05/2012 05:26:00 | Computer Name = Neverland | Source = HPSF.exe | ID = 4000
Description =
 
Error - 12/05/2012 05:26:59 | Computer Name = Neverland | Source = HPSF.exe | ID = 4000
Description =
 
Error - 12/05/2012 05:27:40 | Computer Name = Neverland | Source = HPSF.exe | ID = 4000
Description =
 
Error - 12/05/2012 05:28:30 | Computer Name = Neverland | Source = HPSF.exe | ID = 4000
Description =
 
Error - 12/05/2012 05:33:17 | Computer Name = Neverland | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147467261HPSF.exe   à HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

   à HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()     à
 HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate()  Message: La référence
 d'objet n'est pas définie à une instance d'un objet.  StackTrace:   à HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

   à HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()     à
 HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate()  Source: HP.SupportFramework.Communicator

Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: fr-FR  RAM: 5941  Ram Utilization: 60  TargetSite: Void closeConnection()

 
Error - 12/05/2012 05:33:38 | Computer Name = Neverland | Source = HPSF.exe | ID = 4000
Description =
 
Error - 12/05/2012 05:44:48 | Computer Name = Neverland | Source = HPSF.exe | ID = 4000
Description =
 
[ HP Software Framework Events ]
Error - 13/04/2012 07:39:35 | Computer Name = Neverland | Source = CaslWmi | ID = 5
Description = 2012/04/13 13:39:35.748|00001A60|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 20/04/2012 06:44:55 | Computer Name = Neverland | Source = CaslWmi | ID = 5
Description = 2012/04/20 12:44:55.203|000008E4|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 20/04/2012 06:46:10 | Computer Name = Neverland | Source = CaslWmi | ID = 5
Description = 2012/04/20 12:46:10.775|00001EEC|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 20/04/2012 06:46:12 | Computer Name = Neverland | Source = CaslWmi | ID = 5
Description = 2012/04/20 12:46:12.372|00001FB0|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 20/04/2012 06:46:19 | Computer Name = Neverland | Source = CaslWmi | ID = 5
Description = 2012/04/20 12:46:19.653|00000864|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 27/04/2012 17:18:01 | Computer Name = Neverland | Source = CaslWmi | ID = 5
Description = 2012/04/27 23:18:01.207|00001230|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 04/05/2012 08:51:05 | Computer Name = Neverland | Source = CaslWmi | ID = 5
Description = 2012/05/04 14:51:05.235|00001A60|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 11/05/2012 08:24:38 | Computer Name = Neverland | Source = CaslWmi | ID = 5
Description = 2012/05/11 14:24:38.134|000008E0|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 11/05/2012 08:26:04 | Computer Name = Neverland | Source = CaslWmi | ID = 5
Description = 2012/05/11 14:26:04.218|00000EB8|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 11/05/2012 08:26:08 | Computer Name = Neverland | Source = CaslWmi | ID = 5
Description = 2012/05/11 14:26:08.415|0000126C|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
[ System Events ]
Error - 16/05/2012 09:06:33 | Computer Name = Neverland | Source = Service Control Manager | ID = 7024
Description = Le service Windows Search s’est arrêté avec l’erreur service particulière
 %%-1073473535.
 
Error - 16/05/2012 09:06:53 | Computer Name = Neverland | Source = DCOM | ID = 10005
Description =
 
Error - 16/05/2012 09:06:53 | Computer Name = Neverland | Source = Service Control Manager | ID = 7009
Description = Le dépassement de délai (30000 millisecondes) a été atteint lors de
 l’attente de la connexion du service Programme d’installation pour les modules
Windows.
 
Error - 16/05/2012 09:06:53 | Computer Name = Neverland | Source = Service Control Manager | ID = 7000
Description = Le service Programme d’installation pour les modules Windows n’a pas
 pu démarrer en raison de l’erreur :   %%1053
 
Error - 16/05/2012 09:06:53 | Computer Name = Neverland | Source = Service Control Manager | ID = 7031
Description = Le service Windows Search s’est terminé de manière inattendue. Ceci
 s’est produit 1 fois. L’action corrective suivante va être effectuée dans 30000
 millisecondes : Redémarrer le service.
 
Error - 16/05/2012 09:06:53 | Computer Name = Neverland | Source = Microsoft-Windows-LanguagePackSetup | ID = 1000
Description = L’initialisation du client CBS a échoué. Dernière erreur : 0x8007041d
 
Error - 16/05/2012 09:07:17 | Computer Name = Neverland | Source = DCOM | ID = 10005
Description =
 
Error - 16/05/2012 09:07:17 | Computer Name = Neverland | Source = Service Control Manager | ID = 7009
Description = Le dépassement de délai (30000 millisecondes) a été atteint lors de
 l’attente de la connexion du service Windows Search.
 
Error - 16/05/2012 09:07:17 | Computer Name = Neverland | Source = Service Control Manager | ID = 7000
Description = Le service Windows Search n’a pas pu démarrer en raison de l’erreur :
   %%1053
 
Error - 16/05/2012 09:19:37 | Computer Name = Neverland | Source = volsnap | ID = 393224
Description = Le délai de l’opération de vidange et de conservation des écritures
 sur le volume C: a expiré lors de l’attente de la libération d’une commande d’écriture.
 
 
< End of report >
HelpMePlease
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 10
Inscription: 18 Mai 2012 17:39
 

Re: Peur d'être hack ou contrôle de PC

Message le 18 Mai 2012 21:20

Rapport OTL.Txt (1ere partie, car le rapport étant trop long pour un post, il s'étale sur deux posts) :
Code: Tout sélectionner
OTL logfile created on: 18/05/2012 22:01:21 - Run 1
OTL by OldTimer - Version 3.2.43.0     Folder = C:\Users\Sabrinaa\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
5,80 Gb Total Physical Memory | 4,01 Gb Available Physical Memory | 69,14% Memory free
11,60 Gb Paging File | 9,40 Gb Available in Paging File | 81,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 678,16 Gb Total Space | 547,70 Gb Free Space | 80,76% Space Free | Partition Type: NTFS
Drive D: | 16,31 Gb Total Space | 1,77 Gb Free Space | 10,84% Space Free | Partition Type: NTFS
Drive E: | 3,96 Gb Total Space | 1,08 Gb Free Space | 27,32% Space Free | Partition Type: FAT32
 
Computer Name: NEVERLAND | User Name: Sabrinaa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC -  File not found
PRC - C:\Users\Sabrinaa\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Boxore\BoxoreClient\boxore.exe (Boxore OU)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\d89ee849317b4d93ea78842dd78f79c0\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2574fd89f1960bc08f0258723970a23b\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\1a690902e9a6293de228c16fab21e2f7\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_fr_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.resources.dll ()
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - (STacSV) -- C:\Program Files\IDT\WDM\STacSV64.exe (IDT, Inc.)
SRV:[b]64bit:[/b] - (HPAuto) -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe (Hewlett-Packard)
SRV:[b]64bit:[/b] - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:[b]64bit:[/b] - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:[b]64bit:[/b] - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (Crypkey License) -- C:\Windows\SysNative\Crypserv.exe (CrypKey (Canada) Ltd.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (supdate) Software Update Service (supdate) -- C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe (Boxore OU.)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:[b]64bit:[/b] - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:[b]64bit:[/b] - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (mcaudrv_simple) -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys (ManyCam LLC)
DRV:[b]64bit:[/b] - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:[b]64bit:[/b] - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:[b]64bit:[/b] - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:[b]64bit:[/b] - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:[b]64bit:[/b] - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (Power Software Ltd)
DRV:[b]64bit:[/b] - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:[b]64bit:[/b] - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (ManyCam) -- C:\Windows\SysNative\drivers\ManyCam_x64.sys (ManyCam LLC.)
DRV:[b]64bit:[/b] - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:[b]64bit:[/b] - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:[b]64bit:[/b] - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (IntcDAud) Son Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:[b]64bit:[/b] - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:[b]64bit:[/b] - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:[b]64bit:[/b] - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:[b]64bit:[/b] - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:[b]64bit:[/b] - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:[b]64bit:[/b] - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:[b]64bit:[/b] - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:[b]64bit:[/b] - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:[b]64bit:[/b] - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:[b]64bit:[/b] - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:[b]64bit:[/b] - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:[b]64bit:[/b] - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:[b]64bit:[/b] - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:[b]64bit:[/b] - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:[b]64bit:[/b] - (NetworkX) -- C:\Windows\SysNative\Ckldrv.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/3
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT/3
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{3E4948A9-61B8-487C-B4EE-37DF606E81E4}: "URL" = http://www.amazon.fr/s/ref=azs_osd_ieafr?ie=UTF-8&tag=hp-fr2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=414&sr=0&q={searchTerms}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://fr.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://fr.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/709-111075-12437-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/3
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT/3
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{3E4948A9-61B8-487C-B4EE-37DF606E81E4}: "URL" = http://www.amazon.fr/s/ref=azs_osd_ieafr?ie=UTF-8&tag=hp-fr2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=414&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://fr.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://fr.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/709-111075-12437-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/3
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=111020&babsrc=HP_ss&mntrId=9c12b5210000000000003859f9994fa5
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=111020&babsrc=SP_ss&mntrId=9c12b5210000000000003859f9994fa5
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{3E4948A9-61B8-487C-B4EE-37DF606E81E4}: "URL" = http://www.amazon.fr/s/ref=azs_osd_ieafr?ie=UTF-8&tag=hp-fr2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=414&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://fr.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://fr.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/709-111075-12437-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
 
 
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\@www.dlmanager.net/omaha/tools//Software Update;version=8: C:\Program Files (x86)\Software\Update\1.2.195.0\npSoftwareOneClick8.dll (Boxore OU.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9CD2384C-143B-4790-A075-E7FEFE2A554B}: C:\Program Files (x86)\Boxore\BoxoreClient\BoxoreExtension\MozillaFirefox\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/20 11:58:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/04/21 17:58:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sabrinaa\AppData\Roaming\mozilla\Extensions
[2012/05/09 20:11:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sabrinaa\AppData\Roaming\mozilla\Firefox\Profiles\4aeknf08.default\extensions
[2012/05/04 09:40:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/21 11:57:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/04/07 17:30:03 | 000,000,000 | ---D | M] (Toolbar Planet-Surf) -- C:\Program Files (x86)\Mozilla Firefox\extensions\toolbar@planet-surf.com
[2012/02/20 11:58:15 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/19 12:56:32 | 000,001,516 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-france.xml
[2012/04/21 17:58:39 | 000,002,313 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/02/19 12:56:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/26 19:27:25 | 000,002,131 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\blekkotb.xml
[2012/02/19 12:56:32 | 000,001,822 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2012/02/19 12:56:32 | 000,001,154 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-france.xml
[2011/12/25 01:39:42 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2012/02/19 12:56:32 | 000,001,426 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-fr.xml
[2012/02/19 12:56:32 | 000,000,956 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-france.xml
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.46\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.46\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Sabrinaa\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Software Update (Enabled) = C:\Program Files (x86)\Software\Update\1.2.195.0\npSoftwareOneClick8.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: WildTangent Games App V2 Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Users\Sabrinaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Recherche Google = C:\Users\Sabrinaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\Sabrinaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.33_0\
CHR - Extension: Facemoods = C:\Users\Sabrinaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.4.6_0\
CHR - Extension: Smart Display = C:\Users\Sabrinaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaihkehdlhkocphopopahkfjcfcphef\1.1_0\
CHR - Extension: 1Click Downloader = C:\Users\Sabrinaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jplinpmadfkdgipabgcdchbdikologlh\1.2_0\
CHR - Extension: Onizuka = C:\Users\Sabrinaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjkhjocpgaaldjipenkpjmapbbipnolb\1_0\
CHR - Extension: Gmail = C:\Users\Sabrinaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Updater For Spam Free Search Bar) - {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - C:\Program Files (x86)\blekkotb\auxi\blekkoAu.dll (Visicom Media)
O2 - BHO: (Spam Free Search Bar) - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll ()
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Spam Free Search Bar) - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll ()
O3 - HKLM\..\Toolbar: (Planet Surf Toolbar) - {CB14350D-B064-4283-9145-B63F96772108} - C:\Program Files (x86)\PlanetSurf\Toolbar\PlanetSurf.dll (IronW)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4:[b]64bit:[/b] - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Boxore Client] C:\Program Files (x86)\Boxore\BoxoreClient\boxore.exe (Boxore OU)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [facemoods] C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [Smart File Advisor] C:\Program Files (x86)\Smart File Advisor\sfa.exe (Filefacts.net)
O4 - HKCU..\Run: [Clownfish] "C:\Program Files (x86)\Clownfish\Clownfish.exe" File not found
O4 - Startup: C:\Users\Sabrinaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab (PhotoPickConvert Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DC726A76-87A6-457C-9169-44DC54CDC075}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E99B834D-68DE-4A4A-9937-3B6C68A46B38}: DhcpNameServer = 212.27.40.240 212.27.40.241
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O20:[b]64bit:[/b] - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
 
 
 
SafeBootMin:[b]64bit:[/b] AppMgmt - Service
SafeBootMin:[b]64bit:[/b] Base - Driver Group
SafeBootMin:[b]64bit:[/b] Boot Bus Extender - Driver Group
SafeBootMin:[b]64bit:[/b] Boot file system - Driver Group
SafeBootMin:[b]64bit:[/b] File system - Driver Group
SafeBootMin:[b]64bit:[/b] Filter - Driver Group
SafeBootMin:[b]64bit:[/b] HelpSvc - Service
SafeBootMin:[b]64bit:[/b] PCI Configuration - Driver Group
SafeBootMin:[b]64bit:[/b] PNP Filter - Driver Group
SafeBootMin:[b]64bit:[/b] Primary disk - Driver Group
SafeBootMin:[b]64bit:[/b] sacsvr - Service
SafeBootMin:[b]64bit:[/b] SCSI Class - Driver Group
SafeBootMin:[b]64bit:[/b] System Bus Extender - Driver Group
SafeBootMin:[b]64bit:[/b] vmms - Service
SafeBootMin:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:[b]64bit:[/b] AppMgmt - Service
SafeBootNet:[b]64bit:[/b] Base - Driver Group
SafeBootNet:[b]64bit:[/b] Boot Bus Extender - Driver Group
SafeBootNet:[b]64bit:[/b] Boot file system - Driver Group
SafeBootNet:[b]64bit:[/b] File system - Driver Group
SafeBootNet:[b]64bit:[/b] Filter - Driver Group
SafeBootNet:[b]64bit:[/b] HelpSvc - Service
SafeBootNet:[b]64bit:[/b] Messenger - Service
SafeBootNet:[b]64bit:[/b] NDIS Wrapper - Driver Group
SafeBootNet:[b]64bit:[/b] NetBIOSGroup - Driver Group
SafeBootNet:[b]64bit:[/b] NetDDEGroup - Driver Group
SafeBootNet:[b]64bit:[/b] Network - Driver Group
SafeBootNet:[b]64bit:[/b] NetworkProvider - Driver Group
SafeBootNet:[b]64bit:[/b] PCI Configuration - Driver Group
SafeBootNet:[b]64bit:[/b] PNP Filter - Driver Group
SafeBootNet:[b]64bit:[/b] PNP_TDI - Driver Group
SafeBootNet:[b]64bit:[/b] Primary disk - Driver Group
SafeBootNet:[b]64bit:[/b] rdsessmgr - Service
SafeBootNet:[b]64bit:[/b] sacsvr - Service
SafeBootNet:[b]64bit:[/b] SCSI Class - Driver Group
SafeBootNet:[b]64bit:[/b] Streams Drivers - Driver Group
SafeBootNet:[b]64bit:[/b] System Bus Extender - Driver Group
SafeBootNet:[b]64bit:[/b] TDI - Driver Group
SafeBootNet:[b]64bit:[/b] vmms - Service
SafeBootNet:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:[b]64bit:[/b] WudfUsbccidDriver - Driver
SafeBootNet:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:[b]64bit:[/b] {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:[b]64bit:[/b] {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:[b]64bit:[/b] {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:[b]64bit:[/b] {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:[b]64bit:[/b] {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:[b]64bit:[/b] {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:[b]64bit:[/b] {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:[b]64bit:[/b] {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:[b]64bit:[/b] {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:[b]64bit:[/b] {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:[b]64bit:[/b] {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:[b]64bit:[/b] {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:[b]64bit:[/b] {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:[b]64bit:[/b] {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:[b]64bit:[/b] {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:[b]64bit:[/b] {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:[b]64bit:[/b] {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:[b]64bit:[/b] {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:[b]64bit:[/b] {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:[b]64bit:[/b] {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:[b]64bit:[/b] {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:[b]64bit:[/b] {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:[b]64bit:[/b] {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:[b]64bit:[/b] {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:[b]64bit:[/b] >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:[b]64bit:[/b] >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:[b]64bit:[/b] >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:[b]64bit:[/b] msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm ()
Drivers32: msacm.divxa32 - C:\Windows\SysWow64\DivXa32.acm (Packed With Joy !)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://www.mp3dev.org/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.divx - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\Windows\SysWow64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWow64\vp6vfw.dll (On2.com)
Drivers32: vidc.vp62 - C:\Windows\SysWow64\vp6vfw.dll (On2.com)
Drivers32: vidc.xvid - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012/05/18 19:03:05 | 000,000,000 | ---D | C] -- C:\ZHP
[2012/05/18 18:24:34 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Roaming\Malwarebytes
[2012/05/18 18:24:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/18 18:24:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/18 18:24:29 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/05/18 18:24:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/18 18:02:32 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\Documents\Youcam
[2012/05/18 14:45:28 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\Documents\Mes fichiers reçus
[2012/05/18 14:30:48 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{223596B5-558B-46B5-A8CF-9F20DD80A7D4}
[2012/05/18 14:30:34 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{25516383-784E-4DDF-BB76-D75E10C73F7E}
[2012/05/17 15:49:46 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{00D6ACF1-CA29-4168-96D0-43CE9A126F94}
[2012/05/17 15:49:35 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{C2B94B86-AF77-4EA1-B4C8-99FBAA9E880F}
[2012/05/16 14:28:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/05/16 14:28:43 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/05/16 14:01:02 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Roaming\ImgBurn
[2012/05/16 13:55:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2012/05/16 13:55:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2012/05/16 13:43:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Sandlot Games
[2012/05/16 12:59:47 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Roaming\WildTangent
[2012/05/16 11:40:29 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{933C6EC0-777E-42E8-953F-7B1B7BB6147A}
[2012/05/16 11:40:14 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{A1530758-463B-4A6B-8AEE-BD969F73F610}
[2012/05/15 19:27:05 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Roaming\Windows Live Writer
[2012/05/15 19:27:05 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\Windows Live Writer
[2012/05/15 18:59:23 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{4ECDDB0E-D8A3-4B83-8816-726A8976A2A3}
[2012/05/15 18:59:07 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{55F11B89-3B68-4863-9257-A92DB25F9F80}
[2012/05/14 17:55:47 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{F2CE7DA6-5F7F-498A-9782-8564FF5BEEA7}
[2012/05/14 17:55:08 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{44C82BB7-C78C-4E6C-8DF0-01CC0B14BB37}
[2012/05/14 11:38:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/05/14 11:37:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/05/14 11:37:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/05/14 11:29:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\FxsTmp
[2012/05/14 11:29:42 | 000,000,000 | ---D | C] -- C:\Windows\addins
[2012/05/14 11:29:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\FxsTmp
[2012/05/13 20:22:02 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{15C9C697-9F42-464A-A71A-4611C3835037}
[2012/05/13 20:21:39 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{06811555-9A60-4D1D-A9B1-72BA0E6B9A99}
[2012/05/12 17:27:58 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{B0A2DF1C-643D-4377-82E4-92AB2EACA2CC}
[2012/05/12 17:27:25 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{0C7232BE-D864-4FA2-9AC0-01008B271497}
[2012/05/12 09:35:50 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/05/12 09:35:45 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/05/12 09:35:43 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/05/12 09:35:43 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/05/11 14:16:37 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{ACF4B0CC-FD3B-49FF-A55D-F9A19F931CB7}
[2012/05/11 14:16:19 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{7698C3A9-4991-4C56-9427-C5D03E717399}
[2012/05/10 16:35:44 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{FA550602-4160-43EB-A6EE-834BB44C6EE4}
[2012/05/10 16:35:32 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{DE249252-5137-4770-A7DC-4A133E87C116}
[2012/05/09 12:01:33 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{020706DA-9D89-4522-9926-AAB699B7F81F}
[2012/05/09 12:01:21 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{A85E9411-B122-4D62-A4CF-9D54F5321D4C}
[2012/05/08 17:07:13 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{B94EF3AA-A6B5-4AE7-953E-3359A0EBEF07}
[2012/05/08 17:07:00 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{2DF7B1F5-13C7-4959-81FF-EE00477639BB}
[2012/05/07 12:25:41 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{807E2922-CF4B-47BE-ACB0-BAC6F437920B}
[2012/05/07 12:25:26 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{29E07670-2625-403E-91F0-A464641182D7}
[2012/05/06 16:27:01 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{7AAB9EC1-029B-4088-B223-FA10B5F404FE}
[2012/05/06 16:26:49 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{5D16710B-91DA-436C-A384-CB9194BDEB16}
[2012/05/05 14:25:27 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{87A5B7E7-5DF3-4CC5-B44D-26ECAC045478}
[2012/05/05 14:25:04 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{FB85D350-329B-4336-A92F-158C3BD1DEE9}
[2012/05/05 00:06:09 | 008,744,608 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/05/04 14:39:44 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{CA1CBFFA-79C6-40D5-9219-93042A50C6A7}
[2012/05/04 14:39:28 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{7ED92B8B-92BD-444D-A75D-CDC1D9B11A32}
[2012/05/04 11:30:34 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/05/03 15:08:16 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{97173424-D0FB-4B55-B14A-66C25E9C248A}
[2012/05/03 15:08:02 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{5E120B33-A472-40D3-9C41-CC5EF97C6D82}
[2012/05/03 11:45:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1ClickDownload
[2012/05/02 17:56:01 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Clownfish
[2012/05/02 17:56:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clownfish
[2012/05/02 12:51:27 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{AB4AB386-ED52-4E2F-9655-96C1969E2982}
[2012/05/02 12:51:08 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{497FF0A7-DEB1-4954-8707-FC1A0A87DB05}
[2012/05/01 15:47:12 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\SoftGrid Client
[2012/05/01 15:47:11 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Roaming\SoftGrid Client
[2012/05/01 13:31:08 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Roaming\OpenOffice.org
[2012/05/01 13:25:50 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{2EC47D74-0BC9-4E11-B9CA-11596670292A}
[2012/05/01 13:25:38 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{AB95E4A1-F17C-4EC2-948A-4A033502F220}
[2012/04/30 12:30:35 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{D3C82C55-5E56-4018-A73E-8E0368920749}
[2012/04/30 12:30:21 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{1DD1AFDE-B84C-4268-9AAF-B99D1C908058}
[2012/04/29 17:21:25 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{4536BFE0-AFFA-42AE-AC79-72C7631A594B}
[2012/04/29 17:21:09 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{34449F10-E6E6-4CC0-A27C-084529F608E1}
[2012/04/29 17:15:24 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{131EE165-0F2E-41A9-B7BB-3FC86C411552}
[2012/04/29 17:14:42 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{6B31E66C-1111-4428-B229-3A659999B1A7}
[2012/04/28 20:17:49 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Roaming\Avira
[2012/04/28 20:13:35 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{EEBA479B-3FC5-47C6-970D-1DA0A023B6DC}
[2012/04/28 20:12:55 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{DAAA2940-15AE-48E2-92D6-BC9A1D3164DA}
[2012/04/28 00:20:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/04/28 00:20:27 | 000,132,320 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012/04/28 00:20:27 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012/04/28 00:20:27 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012/04/28 00:20:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/04/28 00:20:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012/04/27 14:24:48 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{A5F96A13-024C-42F2-BB1A-256F9249C16C}
[2012/04/27 14:24:16 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{43514B5A-3D19-4612-ABA9-E7814C891EA6}
[2012/04/26 12:58:59 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{CCA38D81-5CEF-489F-9E87-394664DA78BE}
[2012/04/26 12:58:46 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{DD66C32E-19E4-4DFF-80E8-C667212B3565}
[2012/04/25 15:51:41 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{81008C6B-94D6-4599-978A-0CBC649E3E23}
[2012/04/25 15:51:25 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{B49F41DC-0CA4-40C9-BB05-7ABE21E539AB}
[2012/04/24 20:11:37 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{496F63F8-F827-43C3-A8F9-6341BEC60EF9}
[2012/04/24 20:11:17 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{3624585F-703C-4673-AAE4-65ABBE2BE43A}
[2012/04/23 15:49:34 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{F32F3649-235A-4AB3-8F00-1541CDC1E4C3}
[2012/04/23 15:49:21 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{F63EEAF4-EA6E-43D0-9C1C-FD4C21025ACA}
[2012/04/22 14:21:53 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{5476B7D8-B697-4BAC-BFD6-0A550C39C491}
[2012/04/22 14:21:33 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{7619DCED-17C1-4A5B-8D9B-F10AEFDD5591}
[2012/04/21 19:58:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tunaatic
[2012/04/21 17:58:55 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Roaming\Mozilla
[2012/04/21 17:58:55 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\Mozilla
[2012/04/21 17:58:34 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\Babylon
[2012/04/21 17:58:31 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Roaming\Babylon
[2012/04/21 14:09:00 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{B3A45586-FE42-44B0-AE56-EDDC6A2015D1}
[2012/04/21 14:08:49 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{B2F69FE4-0FB7-43AF-8086-C0F952BD0676}
[2012/04/21 14:08:49 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{638132D4-C807-4CC7-998C-A25ADB3FBBB2}
[2012/04/20 12:46:22 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Roaming\Hewlett-Packard
[2012/04/20 12:44:39 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\Hewlett-Packard
[2012/04/20 11:06:13 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{70EE9027-4E1B-4A8A-B3D1-F1FDB3160B53}
[2012/04/20 11:06:02 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{DBB461B3-42C0-4BA1-A0F6-9D31D4FC0658}
[2012/04/20 01:06:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GeoGebra
[2012/04/20 01:06:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GeoGebra
[2012/04/19 13:39:08 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{E75634C4-40EB-4ABD-8378-C678D8A573D0}
[2012/04/19 13:38:56 | 000,000,000 | ---D | C] -- C:\Users\Sabrinaa\AppData\Local\{D199475A-9C98-4459-852E-9AE28E3EB3E6}
 
HelpMePlease
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 10
Inscription: 18 Mai 2012 17:39
 

Suivante


Sujets similaires

Message [Réglé] Firmware+Contrôle des bus+Contrôleur PCI+Ecran bleu
Bonjour à vous, j'ai un grand soucis que je ne sais comment régler. Mon PC a 3 exclamations jaunes dans les périphériques.Firmeware + Contrôle des bus + Contrôleur PCI. Mon PC c'est HP 550-149 / Processeur Intel(R) Core(TM) i5-4690 CPU @ 3.50GHz, 3501 MHz, 4 c?ur(s), 4 processeur(s) logique(s). Je r ...
Réponses: 10

Message petit controle
bonjour je trouve que mon pc rame un peuShortcut.txtFRST.txtAddition.txt
Réponses: 7

Message Contrôle sur nouvelles tour
Bonjour;J'aimerai faire un contrôle de mon pc car j'ai un doute sur certain logiciels.Je joins les fichiers texte demander.Merci d'avance de votre aide.Addition.txtFRST.txt
Réponses: 4

Message Contrôle virus
BonjourJe vous écris sur le conseil de Routman 54. J'ai cumulé divers problèmes avec mon Lenovo, Windows 8.1 (vous pouvez voir mon historique sur le site?, ce sera plus facile) Il m'a demandé de faire juste un contrôle dans la rubrique Virus et sécurité en préparant la demande comme expliqué.Pour ré ...
Réponses: 11

Message Logiciel de contrôle à distance (No machine)
Bonjour, Je viens de découvrir un excellent logiciel qui s'appel No machine(GRATUIT), il est très intéressant a partir du moment ou tu n'a plus besoin d?installer le serveur et le client sur les machines dont tu a besoin pour le contrôle a distance, mais se qui m'intrigue c'est que comment ce logici ...
Réponses: 1

Message Contrôle à distance via LiteManager
Salut, Je suis nouveau à l'administration à distance. Nous devons nous connecter à distance pour surveiller le travail des employés au bureau. Pour cela, nous avons le programme LiteManager.Que pouvez-vous me conseiller sur l'administration à distance?Et bien si vous pouvez dire à propos de ce prog ...
Réponses: 1

Message Problème virus, connexion internet, prise de contrôle Win 10
Bonsoir voila dans le passé un amis m'as installer himachi pour jouer en réseau Lan.Depuis j'ai l'impression mon pc portable Asus F75V et possédé même si il est en veille il se rallume travaille.Quand je suis dessus comme en ce moment ma souris bouge seul ouvre des fenêtre seule et pour finir quand ...
Réponses: 17


Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 4 invités


.: Nous contacter :: Flux RSS :: Données personnelles :.