cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ÿþOTL logfile created on: 05/04/2015 21:32:10 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marie\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,75 Gb Total Physical Memory | 1,50 Gb Available Physical Memory | 54,53% Memory free
5,49 Gb Paging File | 3,63 Gb Available in Paging File | 66,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220,78 Gb Total Space | 13,41 Gb Free Space | 6,08% Space Free | Partition Type: NTFS

Computer Name: MARIE-PC | User Name: Marie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2015/04/05 21:29:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marie\Downloads\OTL(1).exe
PRC - [2015/03/22 07:44:43 | 000,376,944 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2015/02/22 18:55:59 | 000,096,256 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\61633938-1424627723-3565-3635-0026221C3664\JOSrv.exe
PRC - [2015/02/22 18:55:40 | 000,141,312 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\61633938-1424627723-3565-3635-0026221C3664\nsz5D50.tmpfs
PRC - [2015/02/07 16:28:17 | 001,880,752 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
PRC - [2014/10/14 20:11:34 | 000,431,920 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/03/29 03:17:40 | 000,191,880 | ---- | M] (VTech) -- C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechUSBSocketService.exe
PRC - [2013/03/29 03:17:39 | 000,082,824 | ---- | M] (VTech) -- C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechServiceInstaller.exe
PRC - [2010/10/27 11:00:02 | 001,015,808 | ---- | M] (Ares Development Group) -- C:\Program Files (x86)\Ares\Ares.exe
PRC - [2009/07/04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
PRC - [2009/06/04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
PRC - [2007/10/23 10:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2015/02/07 16:28:17 | 016,852,144 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
MOD - [2007/10/23 10:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2015/01/30 03:15:10 | 000,366,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:[b]64bit:[/b] - [2015/01/30 03:15:10 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:[b]64bit:[/b] - [2014/07/28 18:27:04 | 000,042,440 | ---- | M] () [Unknown (-1) | Unknown] -- C:\Windows\SysNative\drivers\27cd494e822e1ffd.sys -- (27cd494e822e1ffd)
SRV:[b]64bit:[/b] - [2014/06/19 02:24:12 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:[b]64bit:[/b] - [2014/04/09 15:13:48 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe -- (McComponentHostService)
SRV:[b]64bit:[/b] - [2013/05/27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2013/02/19 13:56:14 | 000,182,752 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:[b]64bit:[/b] - [2012/07/04 08:20:54 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:[b]64bit:[/b] - [2012/07/04 01:36:06 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:[b]64bit:[/b] - [2009/08/06 06:30:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:[b]64bit:[/b] - [2009/07/04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe -- (Updater Service)
SRV - [2015/03/17 06:14:08 | 001,080,120 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2015/02/22 18:55:59 | 000,096,256 | ---- | M] () [Auto | Running] -- C:\Users\Marie\AppData\Roaming\61633938-1424627723-3565-3635-0026221C3664\JOSrv.exe -- (mogyfetu)
SRV - [2015/02/22 18:55:40 | 000,141,312 | ---- | M] () [Auto | Running] -- C:\Users\Marie\AppData\Roaming\61633938-1424627723-3565-3635-0026221C3664\nsz5D50.tmpfs -- (dysijigy)
SRV - [2015/02/07 16:28:17 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/01/19 13:06:40 | 000,182,520 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe -- (Avira.OE.ServiceHost)
SRV - [2014/10/14 20:11:34 | 000,431,920 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/03/29 03:17:39 | 000,082,824 | ---- | M] (VTech) [Auto | Running] -- C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechServiceInstaller.exe -- (VTechUSBSocketService)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/02/10 18:01:49 | 000,116,104 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:[b]64bit:[/b] - [2015/03/17 06:15:38 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:[b]64bit:[/b] - [2015/03/17 06:15:24 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:[b]64bit:[/b] - [2014/11/15 14:46:08 | 000,124,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:[b]64bit:[/b] - [2014/10/14 20:11:34 | 000,131,608 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:[b]64bit:[/b] - [2014/10/14 20:11:34 | 000,119,272 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:[b]64bit:[/b] - [2014/08/15 14:48:37 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:[b]64bit:[/b] - [2014/08/11 06:34:14 | 000,061,632 | ---- | M] (StdLib) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\{2b929fe1-284b-4766-afb9-19b0915b99b0}w64.sys -- ({2b929fe1-284b-4766-afb9-19b0915b99b0}w64)
DRV:[b]64bit:[/b] - [2014/07/28 18:27:04 | 000,042,440 | ---- | M] () [Unknown (-1) | Unknown (-1) | Unknown] -- C:\Windows\SysNative\drivers\27cd494e822e1ffd.sys -- (27cd494e822e1ffd)
DRV:[b]64bit:[/b] - [2014/06/20 17:34:32 | 000,061,112 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{55685567-4840-4a91-962b-49a412e9485a}w64.sys -- ({55685567-4840-4a91-962b-49a412e9485a}w64)
DRV:[b]64bit:[/b] - [2014/05/26 20:57:16 | 000,061,112 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{55685567-4840-4a91-962b-49a412e9485a}Gw64.sys -- ({55685567-4840-4a91-962b-49a412e9485a}Gw64)
DRV:[b]64bit:[/b] - [2014/05/07 16:06:16 | 000,061,112 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys -- ({9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64)
DRV:[b]64bit:[/b] - [2013/08/29 03:29:52 | 000,033,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:[b]64bit:[/b] - [2013/02/19 13:56:26 | 000,340,216 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:[b]64bit:[/b] - [2013/02/19 13:54:32 | 000,771,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:[b]64bit:[/b] - [2013/02/19 13:52:44 | 000,179,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:[b]64bit:[/b] - [2012/07/04 08:59:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:[b]64bit:[/b] - [2012/07/04 08:59:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:[b]64bit:[/b] - [2012/07/04 07:10:56 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:[b]64bit:[/b] - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] () [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2011/02/03 19:10:52 | 000,027,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ggsemc.sys -- (ggsemc)
DRV:[b]64bit:[/b] - [2011/02/03 19:10:52 | 000,013,352 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ggflt.sys -- (ggflt)
DRV:[b]64bit:[/b] - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbflt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010/07/12 00:39:28 | 000,786,432 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Darusb_win7x.sys -- (Darusb_win7x)
DRV:[b]64bit:[/b] - [2010/05/28 17:58:30 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\anodlwfx.sys -- (anodlwf)
DRV:[b]64bit:[/b] - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:[b]64bit:[/b] - [2009/08/10 05:07:14 | 000,222,208 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:[b]64bit:[/b] - [2009/08/06 00:24:16 | 000,061,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:[b]64bit:[/b] - [2009/07/27 09:04:36 | 000,058,880 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\L1C62x64.sys -- (L1C)
DRV:[b]64bit:[/b] - [2009/07/16 13:33:44 | 001,488,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:[b]64bit:[/b] - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/07/07 11:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:[b]64bit:[/b] - [2009/06/18 14:12:32 | 000,272,432 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:[b]64bit:[/b] - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009/05/05 10:46:08 | 000,018,432 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:[b]64bit:[/b] - [2009/05/04 15:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:[b]64bit:[/b] - [2009/04/29 16:28:30 | 000,030,208 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\KMWDFILTER.sys -- (KMWDFILTER)
DRV:[b]64bit:[/b] - [2009/04/03 06:39:58 | 000,034,872 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\usbfilter.sys -- (usbfilter)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://aartemis.com/?type=hp&ts=1387874416&from=ill&uid=TOSHIBAXMK2555GSX_7948S7U4SXX7948S7U4S
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.aartemis.com/web/?type=ds&ts=1387874416&from=ill&uid=TOSHIBAXMK2555GSX_7948S7U4SXX7948S7U4S&q={searchTerms}
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.aartemis.com/web/?type=ds&ts=1387874416&from=ill&uid=TOSHIBAXMK2555GSX_7948S7U4SXX7948S7U4S&q={searchTerms}
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.aartemis.com/web/?type=ds&ts=1387874416&from=ill&uid=TOSHIBAXMK2555GSX_7948S7U4SXX7948S7U4S&q={searchTerms}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{3AA4DDBF-2316-26A2-64F9-0F5AA4D5B8DD}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1QzutDyCtByCyD0EyCzyyDzz0DzzyDtBtC0DtN0D0Tzu0CyCyCyBtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=43258045&ir=
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488}: "URL" = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=101&systemid=488&v=a12521-329&apn_uid=0814849601044516&apn_dtid=TCH001&o=APN11459&apn_ptnrs=AG1&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://aartemis.com/?type=hp&ts=1387874416&from=ill&uid=TOSHIBAXMK2555GSX_7948S7U4SXX7948S7U4S
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.aartemis.com/web/?type=ds&ts=1387874416&from=ill&uid=TOSHIBAXMK2555GSX_7948S7U4SXX7948S7U4S&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.aartemis.com/web/?type=ds&ts=1387874416&from=ill&uid=TOSHIBAXMK2555GSX_7948S7U4SXX7948S7U4S&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - No CLSID value found
IE - HKLM\..\URLSearchHook: {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} - C:\Program Files (x86)\SiteFinder\SiteFinder.dll (Site Finder)
IE - HKLM\..\URLSearchHook: {e4f7b179-a3f6-47d8-9832-cb7b2627312a} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.aartemis.com/web/?type=ds&ts=1387874416&from=ill&uid=TOSHIBAXMK2555GSX_7948S7U4SXX7948S7U4S&q={searchTerms}
IE - HKLM\..\SearchScopes\{60102B88-384C-46D1-BE73-4C154BFC693F: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1QzutDyCtByCyD0EyCzyyDzz0DzzyDtBtC0DtN0D0Tzu0CyCyCyBtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=43258045&ir=
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488}: "URL" = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=101&systemid=488&v=a12521-329&apn_uid=0814849601044516&apn_dtid=TCH001&o=APN11459&apn_ptnrs=AG1&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh.com/web?src=ieb&systemid=1&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851639


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-861114113-520398356-2811192563-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.delta-search.com/?affID=119722&babsrc=HP_ss&mntrId=7C5A82C9B281E060
IE - HKU\S-1-5-21-861114113-520398356-2811192563-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://aartemis.com/?type=hp&ts=1387874416&from=ill&uid=TOSHIBAXMK2555GSX_7948S7U4SXX7948S7U4S
IE - HKU\S-1-5-21-861114113-520398356-2811192563-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-861114113-520398356-2811192563-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
IE - HKU\S-1-5-21-861114113-520398356-2811192563-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.fbdownloader.com/?channel=fpo
IE - HKU\S-1-5-21-861114113-520398356-2811192563-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DA 53 2C FD B6 76 CA 01 [binary data]
IE - HKU\S-1-5-21-861114113-520398356-2811192563-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-861114113-520398356-2811192563-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-861114113-520398356-2811192563-1000\..\URLSearchHook: {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - No CLSID value found
IE - HKU\S-1-5-21-861114113-520398356-2811192563-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKU\S-1-5-21-861114113-520398356-2811192563-1000\..\URLSearchHook: {e4f7b179-a3f6-47d8-9832-cb7b2627312a} - No CLSID value found
IE - HKU\S-1-5-21-861114113-520398356-2811192563-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-861114113-520398356-2811192563-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-861114113-520398356-2811192563-1000\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://www.trovi.com/Results.aspx?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=MC777A0D6-8A93-4E93-8B49-1759726BD855&SearchSource=58&CUI=&UM=6&UP=SPF7A29AC2-FDC3-4068-940F-B07F622B579E&q={searchTerms}&SSPV=
IE - HKU\S-1-5-21-861114113-520398356-2811192563-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-861114113-520398356-2811192563-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-search.com/?q={searchTerms}&affID=119722&babsrc=SP_ss&mntrId=7C5A82C9B281E060
IE - HKU\S-1-5-21-861114113-520398356-2811192563-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=LMW2&o=16050&src=crm&q={searchTerms}&locale=fr_FR
IE - HKU\S-1-5-21-861114113-520398356-2811192563-1000\..\SearchScopes\{2E89D80E-F76B-4250-A02A-9E3713294340}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_frFR353
IE - HKU\S-1-5-21-861114113-520398356-2811192563-1000\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.aartemis.com/web/?type=ds&ts=1387874416&from=ill&uid=TOSHIBAXMK2555GSX_7948S7U4SXX7948S7U4S&q={searchTerms}
IE - HKU\S-1-5-21-861114113-520398356-2811192563-1000\..\SearchScopes\{60102B88-384C-46D1-BE73-4C154BFC693F: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1QzutDyCtByCyD0EyCzyyDzz0DzzyDtBtC0DtN0D0Tzu0CyCyCyBtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=43258045&ir=
IE - HKU\S-1-5-21-861114113-520398356-2811192563-1000\..\SearchScopes\{60102B88-384C-46D1-BE73-4C154BFC693F}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3307695&CUI=UN38362420411714472&UM=3
IE - HKU\S-1-5-21-861114113-520398356-2811192563-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.bing.com/search?FORM=UP21DF&PC=UP21&dt=032213&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-861114113-520398356-2811192563-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-861114113-520398356-2811192563-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://search.fbdownloader.com/search.php?channel=fpo&q={searchTerms}
IE - HKU\S-1-5-21-861114113-520398356-2811192563-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488}: "URL" = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=101&systemid=488&v=a12521-329&apn_uid=0814849601044516&apn_dtid=TCH001&o=APN11459&apn_ptnrs=AG1&q={searchTerms}
IE - HKU\S-1-5-21-861114113-520398356-2811192563-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh.com/web?src=ieb&systemid=1&q={searchTerms}
IE - HKU\S-1-5-21-861114113-520398356-2811192563-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-861114113-520398356-2811192563-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.countryCode: "FR"
FF - prefs.js..browser.search.region: "FR"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:36.0.1
FF - prefs.js..browser.startup.homepage: "http://search.fbdownloader.com/?channel=fpo"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.defaulturl: "http://search.fbdownloader.com/search.php?channel=fpo&q="
FF - prefs.js..keyword.URL: "http://search.fbdownloader.com/search.php?channel=fpo&q="
FF - prefs.js..keyword.enabled: true


FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\bebomedia.com/OfferMosquitoIEHelper: C:\Users\Marie\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll (Bebo Media Ltd)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/19 11:31:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\offerboxffx@offerbox.com: C:\Program Files (x86)\OfferBox\offerboxffx@offerbox.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bubbledock@nosibay.com: C:\Program Files (x86)\Nosibay\Bubble Dock\extensions\FFSurfMatch
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\OKitSpace@OKitSpace.es: C:\Users\Marie\AppData\Roaming\okitSpace\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 36.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 36.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2015/03/22 07:44:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\findlyrics@findlyrics.co: C:\Program Files (x86)\FindLyrics\FF\
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8}: C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014/04/04 12:36:14 | 000,010,691 | ---- | M] ()

[2012/07/27 20:12:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marie\AppData\Roaming\Mozilla\Extensions
[2011/07/06 12:43:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marie\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2009/11/15 03:50:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marie\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2015/04/02 17:42:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\hughxjub.default-1395600463415\extensions
[2015/02/07 15:40:27 | 000,000,000 | ---D | M] (PlayTo) -- C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\hughxjub.default-1395600463415\extensions\{7AD3D107-1B55-7430-CAC5-79C323BEDFE8}
[2015/04/04 20:46:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\jjinn252.marie\extensions
[2014/03/29 10:27:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profilescd26lf26.default\extensions
[2014/03/29 10:27:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profilescd26lf26.default\extensions\staged
[2014/05/16 01:03:00 | 000,041,472 | ---- | M] () (No name found) -- C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\hughxjub.default-1395600463415\extensions\boost@boost.net.xpi
[2015/03/30 19:25:40 | 000,052,454 | ---- | M] () (No name found) -- C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\hughxjub.default-1395600463415\extensions\fg@favgenius.com.xpi
[2014/12/24 13:17:42 | 000,014,818 | ---- | M] () (No name found) -- C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\hughxjub.default-1395600463415\extensions\snt@simplenewtab.com.xpi
[2015/04/01 13:49:12 | 000,970,672 | ---- | M] () (No name found) -- C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\jjinn252.marie\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2015/04/02 17:42:22 | 000,000,888 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a575dwi1.default-1426885566578\searchplugins\search.xml
[2015/03/22 07:44:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/03/22 07:44:44 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url = null,
CHR - plugin: Error reading preferences file
CHR - Extension: PlayTo = C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\4.0.5\
CHR - Extension: No name found = C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\biahaobfpkgeiomkihcdgknebbhadonc\10.22.0.88_1\
CHR - Extension: No name found = C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\biahaobfpkgeiomkihcdgknebbhadonc\10.22.0.88_1\nativeMessaging\nmHost
CHR - Extension: No name found = C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh\3.8.141.12_0\
CHR - Extension: No name found = C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2013.75_0\
CHR - Extension: No name found = C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2016.82_0\
CHR - Extension: No name found = C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo\1.1.7.9_0\
CHR - Extension: No name found = C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo\1.1.7.9_1\
CHR - Extension: No name found = C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\igckfjdcbkimejmjmpmebffdjjjgncfn\3.0.0.10_0\
CHR - Extension: No name found = C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.10.4.1_0\
CHR - Extension: No name found = C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.1\
CHR - Extension: No name found = C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.1_0\
CHR - Extension: No name found = C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.1_1\
CHR - Extension: No name found = C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.2.0.10_0\
CHR - Extension: No name found = C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\llpnaddghmkpkmnghbdpahlgncpieofn\2.9_0\
CHR - Extension: No name found = C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pckaochijkjekcndgjamcfccjimechdg\10.22.0.88_1\
CHR - Extension: No name found = C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pckaochijkjekcndgjamcfccjimechdg\10.22.0.88_1\nativeMessaging\nmHost
CHR - Extension: No name found = C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pckaochijkjekcndgjamcfccjimechdg\10.29.0.520_0\
CHR - Extension: No name found = C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pckaochijkjekcndgjamcfccjimechdg\10.29.0.520_0\nativeMessaging\nmHost
CHR - Extension: No name found = C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.1_0\
CHR - Extension: No name found = C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.1_1\
CHR - Extension: No name found = C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.14_0\
CHR - Extension: No name found = C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgkeimkiojpjcoiiipekfjaopchhjga\1.0.0_0\
CHR - Extension: No name found = C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgkeimkiojpjcoiiipekfjaopchhjga\1.0.1_0\

O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll File not found
O2:[b]64bit:[/b] - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - No CLSID value found.
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Bubble Dock SurfMatch) - {23AF19F7-1D5B-442c-B14C-3D1081953C94} - C:\Program Files (x86)\Nosibay\Bubble Dock\extensions\axSurfMatch.dll File not found
O2 - BHO: (no name) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (FavGenius) - {3FB16A3D-F03E-4565-A532-666B219C9FF3} - C:\Users\Marie\AppData\Local\ext_favgenius\ext_favgenius.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Simple New Tab) - {5C2DD58F-613F-4580-8AC0-F10D760AF938} - C:\Users\Marie\AppData\Local\simple_new_tab\simple_new_tab.dll ()
O2 - BHO: (Deeal) - {70C53538-9F82-42BC-A327-74F7A46E700C} - C:\Program Files (x86)\Deeal\ScriptHost.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (no name) - {e4f7b179-a3f6-47d8-9832-cb7b2627312a} - No CLSID value found.
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll File not found
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (SiteFinder) - {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} - C:\Program Files (x86)\SiteFinder\SiteFinder.dll (Site Finder)
O3 - HKLM\..\Toolbar: (no name) - {e4f7b179-a3f6-47d8-9832-cb7b2627312a} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-861114113-520398356-2811192563-1000\..\Toolbar\WebBrowser: (no name) - {05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E} - No CLSID value found.
O3 - HKU\S-1-5-21-861114113-520398356-2811192563-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-861114113-520398356-2811192563-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-861114113-520398356-2811192563-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-861114113-520398356-2811192563-1000\..\Toolbar\WebBrowser: (no name) - {E4F7B179-A3F6-47D8-9832-CB7B2627312A} - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [Acer ePower Management] C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe (Acer Incorporated)
O4:[b]64bit:[/b] - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [{0d0c7e74-f72e-4933-0888-e99db184c478}] C:\ProgramData\Microsoft\{0d0c7e74-f72e-4933-0888-e99db184c478}\{0d0c7e74-f72e-4933-0888-e99db184c478}.exe ()
O4 - HKLM..\Run: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe ()
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-861114113-520398356-2811192563-1000..\Run: [{67274998-D5E3-23AC-2DBC-A99E51787778}] C:\Users\Marie\AppData\Roaming\Yregyv\rauf.exe (bhyvgtcfrd)
O4 - HKU\S-1-5-21-861114113-520398356-2811192563-1000..\Run: [Akamai NetSession Interface] C:\Users\Marie\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-861114113-520398356-2811192563-1000..\Run: [Akworks] C:\Windows\SysWOW64\regsvr32.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-861114113-520398356-2811192563-1000..\Run: [ares] C:\Program Files (x86)\Ares\Ares.exe (Ares Development Group)
O4 - HKU\S-1-5-21-861114113-520398356-2811192563-1000..\Run: [BackgroundContainer] C:\Users\Marie\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll (Conduit Ltd.)
O4 - HKU\S-1-5-21-861114113-520398356-2811192563-1000..\Run: [DataMgr] C:\Users\Marie\AppData\Roaming\DataMgr\DataMgr.exe (HTTO Group, Ltd.)
O4 - HKU\S-1-5-21-861114113-520398356-2811192563-1000..\Run: [Eption] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-861114113-520398356-2811192563-1000..\Run: [f247916] C:\f2479166\f2479166.exe ()
O4 - HKU\S-1-5-21-861114113-520398356-2811192563-1000..\Run: [f2479166] C:\Users\Marie\AppData\Roaming\f2479166.exe ()
O4 - HKU\S-1-5-21-861114113-520398356-2811192563-1000..\Run: [hofwuxoxuaho] C:\Users\Marie\hofwuxoxuaho.exe File not found
O4 - HKU\S-1-5-21-861114113-520398356-2811192563-1000..\Run: [Intermediate] C:\Users\Marie\AppData\Roaming\Intermediate\Intermediate.exe ()
O4 - HKU\S-1-5-21-861114113-520398356-2811192563-1000..\Run: [LiveSupport] "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log File not found
O4 - HKU\S-1-5-21-861114113-520398356-2811192563-1000..\Run: [nulowuolanu] C:\Users\Marie\nulowuolanu.exe File not found
O4 - HKU\S-1-5-21-861114113-520398356-2811192563-1000..\Run: [OMESupervisor] C:\Users\Marie\AppData\Local\omesuperv.exe ()
O4 - HKU\S-1-5-21-861114113-520398356-2811192563-1000..\Run: [reifov] C:\Users\Marie\vofier\reifov.exe (fvcvdfcvdfd)
O4 - HKU\S-1-5-21-861114113-520398356-2811192563-1000..\Run: [SCheck] C:\Users\Marie\AppData\Roaming\SCheck\SCheck.exe ()
O4 - HKU\S-1-5-21-861114113-520398356-2811192563-1000..\Run: [Seventh] C:\Users\Marie\AppData\Roaming\Seventh\Seventh.exe ()
O4 - HKU\S-1-5-21-861114113-520398356-2811192563-1000..\Run: [Sixth] C:\Users\Marie\AppData\Roaming\Sixth\Sixth.exe ()
O4 - HKU\S-1-5-21-861114113-520398356-2811192563-1000..\Run: [Snoozer] C:\Users\Marie\AppData\Roaming\Snz\Snz.exe ()
O4 - HKU\S-1-5-21-861114113-520398356-2811192563-1000..\Run: [SSync] C:\Users\Marie\AppData\Roaming\SSync\SSync.exe ()
O4 - HKU\S-1-5-21-861114113-520398356-2811192563-1000..\Run: [uTorrent] C:\Users\Marie\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - HKU\S-1-5-21-861114113-520398356-2811192563-1000..\Run: [voaomut] C:\Users\Marie\tumoaov\voaomut.exe /q File not found
O4 - HKU\S-1-5-21-861114113-520398356-2811192563-1000..\Run: [xiiomi] C:\Users\Marie\imoiix\xiiomi.exe /a File not found
O4 - HKU\S-1-5-21-861114113-520398356-2811192563-1000..\Run: [YQDPack] C:\Users\Marie\AppData\Local\YQDPack\1049169.exe ()
O4 - HKU\S-1-5-21-861114113-520398356-2811192563-1000..\Run: [zegcelojezze] C:\Users\Marie\zegcelojezze.exe File not found
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\f2479166.exe ()
O4 - Startup: C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\reifov.lnk = C:\Users\Marie\vofier\reifov.exe (fvcvdfcvdfd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 1281909284 = C:\PROGRA~3\msgfj.exe (Avira Operations GmbH & Co. KG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: {0d0c7e74-f72e-4933-0888-e99db184c478} = "C:\ProgramData\Microsoft\{0d0c7e74-f72e-4933-0888-e99db184c478}\{0d0c7e74-f72e-4933-0888-e99db184c478}.exe" ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 0
O7 - HKU\S-1-5-21-861114113-520398356-2811192563-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O7 - HKU\S-1-5-21-861114113-520398356-2811192563-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 0
O7 - HKU\S-1-5-21-861114113-520398356-2811192563-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 0
O7 - HKU\S-1-5-21-861114113-520398356-2811192563-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O8:[b]64bit:[/b] - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Site Finder - {CCC7B152-1D8C-11E3-B2AD-F3EF3D58318D} - C:\Program Files (x86)\SiteFinder\SiteFinder.dll (Site Finder)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{167F62D8-AC74-4170-83BF-A988147039D3}: DhcpNameServer = 192.168.1.254
O18:[b]64bit:[/b] - Protocol\Handler\gcf - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-itss - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\System32\Userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (bj.dll) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-861114113-520398356-2811192563-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-861114113-520398356-2811192563-1000 Winlogon: Shell - (C:\Users\Marie\AppData\Roaming\template.xml) - C:\Users\Marie\AppData\Roaming\template.xml (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/10/28 17:57:05 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3160a3cf-bc03-11e3-b285-0026221c3664}\Shell - "" = AutoRun
O33 - MountPoints2\{3160a3cf-bc03-11e3-b285-0026221c3664}\Shell\AutoRun\command - "" = E:\Startme.exe
O33 - MountPoints2\{c5b1464d-2f85-11e0-bc4f-0026221c3664}\Shell - "" = AutoRun
O33 - MountPoints2\{c5b1464d-2f85-11e0-bc4f-0026221c3664}\Shell\AutoRun\command - "" = E:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ExifLauncher2.lnk - C:\Program Files (x86)\FinePixViewer\QuickDCF2.exe - (FUJIFILM Corporation)
MsConfig:64bit - StartUpReg: [b]ares[/b] - hkey= - key= - C:\Program Files (x86)\Ares\Ares.exe (Ares Development Group)
MsConfig:64bit - StartUpReg: [b]Best-Softs[/b] - hkey= - key= - C:\Program Files (x86)\EoRezo\Best-Softs.exe (Best-Softs)
MsConfig:64bit - StartUpReg: [b]CanonMyPrinter[/b] - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
MsConfig:64bit - StartUpReg: [b]CanonSolutionMenu[/b] - hkey= - key= - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
MsConfig:64bit - StartUpReg: [b]DATAMNGR[/b] - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: [b]Facemoi[/b] - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: [b]msnmsgr[/b] - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: [b]Skype[/b] - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: [b]TomTomHOME.exe[/b] - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: [b]TrayServer[/b] - hkey= - key= - C:\Program Files (x86)\MAGIX\Video_deluxe_15_Version_a_telecharger\Trayserver.exe (Magix)
MsConfig:64bit - StartUpReg: [b]Yontoo Desktop[/b] - hkey= - key= - File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.

Drivers32:[b]64bit:[/b] msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

ActiveX:[b]64bit:[/b] {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:[b]64bit:[/b] {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:[b]64bit:[/b] {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX:[b]64bit:[/b] {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:[b]64bit:[/b] {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:[b]64bit:[/b] {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:[b]64bit:[/b] {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:[b]64bit:[/b] {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:[b]64bit:[/b] {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:[b]64bit:[/b] {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:[b]64bit:[/b] {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:[b]64bit:[/b] {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:[b]64bit:[/b] {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:[b]64bit:[/b] {7DEBE4EB-6B40-3766-BB35-5CBBC385DA37} - .NET Framework
ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:[b]64bit:[/b] {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:[b]64bit:[/b] {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:[b]64bit:[/b] {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:[b]64bit:[/b] {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:[b]64bit:[/b] {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:[b]64bit:[/b] {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:[b]64bit:[/b] {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:[b]64bit:[/b] >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {7DEBE4EB-6B40-3766-BB35-5CBBC385DA37} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 5

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2015/04/05 21:24:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
[2015/04/05 21:24:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZHPDiag
[2015/04/05 20:41:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2015/04/05 20:40:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2015/04/05 20:14:29 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\ZHP
[2015/04/05 14:02:52 | 000,136,408 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/04/05 14:02:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015/04/05 14:02:10 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2015/04/05 14:02:10 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2015/04/05 14:02:10 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2015/04/05 14:02:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2015/04/05 14:02:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015/04/04 18:57:54 | 000,000,000 | RHSD | C] -- C:\Users\Marie\vofier
[2015/04/02 17:44:04 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\Snz
[2015/04/01 20:07:02 | 000,000,000 | -H-D | C] -- C:\f2479166
[2015/03/29 17:39:29 | 000,000,000 | ---D | C] -- C:\Users\Marie\Desktop\shameless
[2015/03/22 07:44:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2015/03/20 23:06:16 | 000,000,000 | ---D | C] -- C:\Users\Marie\Documents\Anciennes données de Firefox
[2014/08/12 16:33:53 | 000,089,681 | ---- | C] (fvcvdfcvdfd) -- C:\Users\Marie\hhahah.exe
[2014/08/07 20:18:03 | 000,096,607 | ---- | C] (fvcvdfcvdfd) -- C:\Users\Marie\ipapap.exe
[2014/08/07 20:16:56 | 000,096,607 | ---- | C] (fvcvdfcvdfd) -- C:\Users\Marie\icacac.exe
[2014/08/07 20:15:52 | 000,096,607 | ---- | C] (fvcvdfcvdfd) -- C:\Users\Marie\iseses.exe
[2014/08/07 20:12:30 | 000,096,607 | ---- | C] (fvcvdfcvdfd) -- C:\Users\Marie\iririr.exe
[2014/07/29 22:44:55 | 000,197,206 | ---- | C] (dcfvgydrfe) -- C:\Users\Marie\11733.exe
[2014/07/28 08:27:23 | 000,121,578 | ---- | C] (dcfdcvfdcd) -- C:\Users\Marie\iqaqaq.exe
[2013/10/28 16:40:31 | 000,431,920 | -HS- | C] (Avira Operations GmbH & Co. KG) -- C:\ProgramData\msgfj.exe
[2013/10/28 16:40:31 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Users\Marie\AppData\Roaming\template.xml
[2009/08/14 03:10:44 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Marie\AppData\Local\*.tmp files -> C:\Users\Marie\AppData\Local\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2015/04/05 21:31:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/04/05 21:30:24 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/04/05 21:30:24 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/04/05 21:28:08 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/04/05 21:24:37 | 000,001,996 | ---- | M] () -- C:\Users\Marie\Desktop\ZHPFix.lnk
[2015/04/05 21:24:37 | 000,001,869 | ---- | M] () -- C:\Users\Marie\Desktop\ZHPDiag.lnk
[2015/04/05 21:16:00 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\MySearchDial.job
[2015/04/05 21:09:29 | 003,014,444 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/04/05 21:09:29 | 002,313,672 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/04/05 21:09:29 | 000,462,092 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/04/05 21:09:29 | 000,406,656 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2015/04/05 21:09:29 | 000,064,592 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2015/04/05 20:59:56 | 000,000,870 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\reifov.lnk
[2015/04/05 20:59:44 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/04/05 20:59:27 | 000,266,240 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\f2479166.exe
[2015/04/05 20:57:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/04/05 20:57:24 | 2211,483,648 | -HS- | M] () -- C:\hiberfil.sys
[2015/04/05 20:43:21 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2015/04/05 17:48:14 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2015/04/05 14:02:58 | 000,136,408 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/04/05 14:02:16 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/04/04 19:39:12 | 000,047,340 | ---- | M] () -- C:\Users\Marie\Documents\HELP_DECRYPT.PNG
[2015/04/04 19:39:12 | 000,009,032 | ---- | M] () -- C:\Users\Marie\Documents\HELP_DECRYPT.HTML
[2015/04/04 19:39:12 | 000,000,276 | ---- | M] () -- C:\Users\Marie\Documents\HELP_DECRYPT.URL
[2015/04/02 20:01:38 | 000,939,496 | ---- | M] () -- C:\Users\Marie\AppData\Local\omesuperv.exe
[2015/04/02 10:34:27 | 000,047,299 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\HELP_DECRYPT.PNG
[2015/04/02 10:34:27 | 000,009,032 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\HELP_DECRYPT.HTML
[2015/04/02 10:34:27 | 000,000,276 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\HELP_DECRYPT.URL
[2015/04/02 10:30:21 | 000,047,299 | ---- | M] () -- C:\Users\Marie\AppData\Local\HELP_DECRYPT.PNG
[2015/04/02 10:30:21 | 000,009,032 | ---- | M] () -- C:\Users\Marie\AppData\Local\HELP_DECRYPT.HTML
[2015/04/02 10:30:21 | 000,000,276 | ---- | M] () -- C:\Users\Marie\AppData\Local\HELP_DECRYPT.URL
[2015/04/02 09:02:45 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2015/04/01 20:28:23 | 000,047,370 | ---- | M] () -- C:\ProgramData\HELP_DECRYPT.PNG
[2015/04/01 20:28:23 | 000,009,032 | ---- | M] () -- C:\ProgramData\HELP_DECRYPT.HTML
[2015/04/01 20:28:23 | 000,000,276 | ---- | M] () -- C:\ProgramData\HELP_DECRYPT.URL
[2015/04/01 20:07:04 | 000,266,240 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\f2479166.exe
[2015/03/17 06:15:38 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2015/03/17 06:15:28 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2015/03/17 06:15:24 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Marie\AppData\Local\*.tmp files -> C:\Users\Marie\AppData\Local\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2015/04/05 21:24:37 | 000,001,996 | ---- | C] () -- C:\Users\Marie\Desktop\ZHPFix.lnk
[2015/04/05 21:24:37 | 000,001,869 | ---- | C] () -- C:\Users\Marie\Desktop\ZHPDiag.lnk
[2015/04/05 20:43:21 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2015/04/05 20:42:06 | 000,002,086 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2015/04/05 14:02:16 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/04/04 19:39:12 | 000,047,340 | ---- | C] () -- C:\Users\Marie\Documents\HELP_DECRYPT.PNG
[2015/04/04 19:39:12 | 000,009,032 | ---- | C] () -- C:\Users\Marie\Documents\HELP_DECRYPT.HTML
[2015/04/04 19:39:12 | 000,000,276 | ---- | C] () -- C:\Users\Marie\Documents\HELP_DECRYPT.URL
[2015/04/04 18:57:58 | 000,000,870 | ---- | C] () -- C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\reifov.lnk
[2015/04/02 20:01:38 | 000,939,496 | ---- | C] () -- C:\Users\Marie\AppData\Local\omesuperv.exe
[2015/04/02 10:34:27 | 000,047,299 | ---- | C] () -- C:\Users\Marie\AppData\Roaming\HELP_DECRYPT.PNG
[2015/04/02 10:34:27 | 000,009,032 | ---- | C] () -- C:\Users\Marie\AppData\Roaming\HELP_DECRYPT.HTML
[2015/04/02 10:34:27 | 000,000,276 | ---- | C] () -- C:\Users\Marie\AppData\Roaming\HELP_DECRYPT.URL
[2015/04/02 10:30:21 | 000,047,299 | ---- | C] () -- C:\Users\Marie\AppData\Local\HELP_DECRYPT.PNG
[2015/04/02 10:30:21 | 000,009,032 | ---- | C] () -- C:\Users\Marie\AppData\Local\HELP_DECRYPT.HTML
[2015/04/02 10:30:21 | 000,000,276 | ---- | C] () -- C:\Users\Marie\AppData\Local\HELP_DECRYPT.URL
[2015/04/01 20:28:23 | 000,047,370 | ---- | C] () -- C:\ProgramData\HELP_DECRYPT.PNG
[2015/04/01 20:28:23 | 000,009,032 | ---- | C] () -- C:\ProgramData\HELP_DECRYPT.HTML
[2015/04/01 20:28:23 | 000,000,276 | ---- | C] () -- C:\ProgramData\HELP_DECRYPT.URL
[2015/04/01 20:07:07 | 000,266,240 | ---- | C] () -- C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\f2479166.exe
[2015/04/01 20:07:04 | 000,266,240 | ---- | C] () -- C:\Users\Marie\AppData\Roaming\f2479166.exe
[2014/12/28 21:13:59 | 000,000,000 | -H-- | C] () -- C:\Program Files\Cache.mxc3
[2014/10/25 18:22:14 | 000,000,000 | ---- | C] () -- C:\Users\Marie\AppData\Local\{0E6D3392-B22D-45FC-8611-8A62E1E82785}
[2014/09/03 21:35:39 | 000,235,147 | ---- | C] () -- C:\ProgramData\1409772892.bdinstall.bin
[2014/09/03 18:38:03 | 000,172,032 | ---- | C] () -- C:\Users\Marie\09614.exe
[2014/09/03 18:37:39 | 000,118,784 | ---- | C] () -- C:\Users\Marie\ghihih.exe
[2014/09/03 18:36:56 | 000,172,032 | ---- | C] () -- C:\Users\Marie\09604.exe
[2014/09/03 18:35:43 | 000,118,784 | ---- | C] () -- C:\Users\Marie\grurur.exe
[2014/09/03 18:27:43 | 000,140,126 | ---- | C] () -- C:\Users\Marie\19524.exe
[2014/08/14 20:40:06 | 000,179,599 | ---- | C] () -- C:\Users\Marie\hvevev.exe
[2014/08/14 20:38:55 | 000,013,832 | ---- | C] () -- C:\Users\Marie\AppData\Roaming\84fbc1f8f529f1b6.xml
[2014/08/12 18:20:27 | 000,077,968 | ---- | C] () -- C:\Users\Marie\29460.exe
[2014/08/10 14:13:59 | 000,040,960 | ---- | C] () -- C:\Users\Marie\17339.exe
[2014/08/10 13:55:47 | 000,000,296 | ---- | C] () -- C:\Users\Marie\AppData\Roaming\template.css
[2014/08/10 13:55:14 | 000,040,960 | ---- | C] () -- C:\Users\Marie\17182.exe
[2014/07/29 22:44:38 | 000,099,328 | ---- | C] () -- C:\Users\Marie\21733.exe
[2014/07/29 21:11:05 | 000,099,328 | ---- | C] () -- C:\Users\Marie\2924.exe
[2014/07/29 19:45:11 | 000,000,000 | ---- | C] () -- C:\Windows\2188.INI
[2014/07/29 19:45:02 | 000,073,728 | ---- | C] () -- C:\Users\Marie\2188.exe
[2014/07/29 17:52:38 | 000,000,000 | ---- | C] () -- C:\Windows\29217.INI
[2014/07/29 17:52:26 | 000,073,728 | ---- | C] () -- C:\Users\Marie\29217.exe
[2014/07/29 16:38:27 | 000,000,000 | ---- | C] () -- C:\Windows\28583.INI
[2014/07/29 16:38:17 | 000,073,728 | ---- | C] () -- C:\Users\Marie\28583.exe
[2014/07/29 16:35:11 | 000,000,000 | ---- | C] () -- C:\Windows\28553.INI
[2014/07/29 16:34:56 | 000,073,728 | ---- | C] () -- C:\Users\Marie\28553.exe
[2014/07/29 16:33:08 | 000,000,000 | ---- | C] () -- C:\Windows\28538.INI
[2014/07/29 16:32:59 | 000,073,728 | ---- | C] () -- C:\Users\Marie\28538.exe
[2014/07/28 18:18:46 | 000,163,840 | ---- | C] ( ) -- C:\Users\Marie\19439.exe
[2014/07/22 04:50:37 | 000,082,944 | ---- | C] () -- C:\Users\Marie\32495.exe
[2014/06/12 18:09:32 | 000,431,104 | ---- | C] () -- C:\ProgramData\uninstall_Deeal.exe
[2014/03/20 11:00:12 | 000,492,208 | ---- | C] () -- C:\Users\Marie\AppData\Roaming\~kqmmfjb.exe
[2013/12/27 12:38:23 | 000,000,581 | ---- | C] () -- C:\Users\Marie\AppData\Local\cookies.ini
[2013/12/24 10:34:12 | 000,493,272 | ---- | C] () -- C:\Users\Marie\AppData\Roaming\~imswxqx.exe
[2013/12/18 18:17:01 | 000,000,159 | ---- | C] () -- C:\Users\Marie\AppData\Roaming\WB.CFG
[2013/10/28 13:16:18 | 000,351,112 | ---- | C] () -- C:\Users\Marie\AppData\Local\mysearchdial-speeddial.crx
[2013/10/05 17:42:06 | 000,000,000 | ---- | C] () -- C:\Windows\JCMKR32.INI
[2011/11/03 10:48:35 | 000,000,000 | ---- | C] () -- C:\Users\Marie\AppData\Local\{E10D29F2-EFFC-4088-8984-FFAC9629F42C}
[2011/07/20 14:58:35 | 000,032,768 | ---- | C] () -- C:\Users\Marie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/24 21:25:37 | 000,000,124 | ---- | C] () -- C:\Users\Marie\AppData\Roaming\wklnhst.dat
[2004/07/06 12:06:24 | 000,021,504 | ---- | C] () -- C:\Users\Marie\AppData\Roaming\CDRusersDB.v12

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/25 04:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 04:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== LOP Check ==========[/color]

[2010/01/05 20:50:06 | 000,000,000 | -HSD | M] -- C:\Users\Marie\AppData\Roaming\.#
[2014/05/08 11:03:44 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\0F1F1C2Y1H1P1C0I0T
[2015/02/22 18:56:05 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\61633938-1424627723-3565-3635-0026221C3664
[2013/10/30 11:33:28 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Avant Downloader
[2015/04/02 10:31:48 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Babylon
[2010/05/02 11:19:28 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Best-Softs
[2014/09/09 09:43:12 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\betadeeal
[2015/04/02 10:31:50 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Canon
[2014/12/10 20:02:32 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Cevua
[2015/04/02 10:31:52 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2015/04/02 10:32:31 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Common
[2015/04/02 17:44:33 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\DataMgr
[2015/02/25 17:49:08 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\FBDownloader
[2015/04/02 10:32:33 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\FUJIFILM
[2015/04/02 10:32:39 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\G001
[2010/01/05 20:33:50 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\GameConsole
[2015/04/03 10:55:41 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Intermediate
[2014/12/28 21:04:30 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\MAGIX
[2013/10/28 13:16:40 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\mysearchdial
[2014/04/06 22:25:57 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Nokia
[2013/10/30 11:33:25 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\OfferMosquito
[2013/11/03 22:15:33 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\OpenCandy
[2014/04/06 22:24:19 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\PC Suite
[2013/10/30 11:44:08 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\PerformerSoft
[2015/04/02 10:33:53 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\PhotoScape
[2015/04/02 10:33:54 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\PlayFirst
[2014/08/28 21:08:25 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\SCheck
[2015/04/05 20:59:24 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Seventh
[2014/03/29 10:27:32 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\SimilarSites
[2014/07/21 12:39:04 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Sixth
[2015/04/02 17:44:22 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Snz
[2013/10/30 11:37:51 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\SSync
[2015/04/02 10:34:17 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Systweak
[2009/11/24 21:25:42 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Template
[2015/04/02 10:34:20 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\TomTom
[2013/10/28 13:14:14 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\UpdaterEX
[2015/02/28 19:58:13 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\UPH
[2015/04/05 21:09:25 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\uTorrent
[2013/12/24 10:37:56 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Webplayer
[2015/04/02 10:34:27 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\wp_update
[2014/11/21 16:09:35 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Yregyv
[2015/04/05 21:26:13 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\ZHP

[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

[color=#A23BEC]< MD5 for: SERVICES.EXE >[/color]
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color]
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

[color=#A23BEC]< MD5 for: WININIT.EXE >[/color]
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2014/03/04 13:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[2014/03/04 11:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\SysNative\winlogon.exe
[2014/03/04 11:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
[2015/03/17 06:13:56 | 000,878,392 | ---- | M] (MalwareBytes) MD5=F831DDAE2842929B9B40C571C5EB723A -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]

[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]

[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]

[color=#A23BEC]< %APPDATA%\*. >[/color]
[2010/01/05 20:50:06 | 000,000,000 | -HSD | M] -- C:\Users\Marie\AppData\Roaming\.#
[2014/05/08 11:03:44 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\0F1F1C2Y1H1P1C0I0T
[2015/02/22 18:56:05 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\61633938-1424627723-3565-3635-0026221C3664
[2015/04/02 10:31:42 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Adobe
[2009/11/09 20:26:41 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\ATI
[2013/10/30 11:33:28 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Avant Downloader
[2015/04/02 10:31:47 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Avant Profiles
[2014/09/07 21:14:36 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Avira
[2015/04/02 10:31:48 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Babylon
[2010/05/02 11:19:28 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Best-Softs
[2014/09/09 09:43:12 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\betadeeal
[2015/04/02 10:31:50 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Canon
[2014/12/10 20:02:32 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Cevua
[2015/04/02 10:31:52 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2015/04/02 10:32:31 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Common
[2015/04/02 17:44:33 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\DataMgr
[2014/02/27 17:56:06 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\dvdcss
[2015/02/25 17:49:08 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\FBDownloader
[2015/04/02 10:32:33 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\FUJIFILM
[2015/04/02 10:32:39 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\G001
[2010/01/05 20:33:50 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\GameConsole
[2009/11/09 20:40:24 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Google
[2009/11/09 20:25:20 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Identities
[2010/05/25 13:32:59 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\InstallShield
[2015/04/03 10:55:41 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Intermediate
[2009/11/09 20:25:52 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Macromedia
[2014/12/28 21:04:30 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\MAGIX
[2009/07/14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Media Center Programs
[2015/04/02 10:33:05 | 000,000,000 | --SD | M] -- C:\Users\Marie\AppData\Roaming\Microsoft
[2015/04/02 10:33:52 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Mozilla
[2013/10/28 13:16:40 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\mysearchdial
[2014/04/06 22:25:57 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Nokia
[2013/12/24 10:59:12 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Nosibay
[2013/10/30 11:33:25 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\OfferMosquito
[2013/11/03 22:15:33 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\OpenCandy
[2014/04/06 22:24:19 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\PC Suite
[2013/10/30 11:44:08 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\PerformerSoft
[2015/04/02 10:33:53 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\PhotoScape
[2015/04/02 10:33:54 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\PlayFirst
[2015/04/02 10:34:07 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Real
[2014/08/28 21:08:25 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\SCheck
[2015/04/05 20:59:24 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Seventh
[2014/03/29 10:27:32 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\SimilarSites
[2014/07/21 12:39:04 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Sixth
[2015/04/02 10:34:16 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Skype
[2011/08/25 16:05:42 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\skypePM
[2015/04/02 17:44:22 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Snz
[2013/10/30 11:37:51 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\SSync
[2015/04/02 10:34:17 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Systweak
[2009/11/24 21:25:42 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Template
[2015/04/02 10:34:20 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\TomTom
[2009/11/11 21:06:09 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\U3
[2013/10/28 13:14:14 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\UpdaterEX
[2015/02/28 19:58:13 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\UPH
[2015/04/05 21:09:25 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\uTorrent
[2012/04/10 20:46:27 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\vlc
[2013/12/24 10:37:56 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Webplayer
[2015/04/02 10:34:27 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\wp_update
[2014/11/21 16:09:35 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Yregyv
[2015/04/05 21:26:13 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\ZHP

[color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
[2015/04/01 20:07:04 | 000,266,240 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\f2479166.exe
[2013/12/24 10:34:19 | 000,493,272 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\~imswxqx.exe
[2013/12/06 11:04:26 | 000,492,208 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\~kqmmfjb.exe
[2014/04/28 15:53:12 | 000,572,739 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\0F1F1C2Y1H1P1C0I0T\Adblock Plus pour Google Chrome Packages\uninstaller.exe
[2015/02/22 18:56:05 | 000,045,056 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\61633938-1424627723-3565-3635-0026221C3664\jorunasu.exe
[2015/02/22 18:55:59 | 000,096,256 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\61633938-1424627723-3565-3635-0026221C3664\JOSrv.exe
[2015/02/22 18:55:47 | 000,034,304 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\61633938-1424627723-3565-3635-0026221C3664\runasu.exe
[2015/02/22 18:55:23 | 000,123,760 | ---- | M] ( ) -- C:\Users\Marie\AppData\Roaming\61633938-1424627723-3565-3635-0026221C3664\Uninstall.exe
[2015/02/22 18:52:51 | 000,335,430 | ---- | M] ( ) -- C:\Users\Marie\AppData\Roaming\61633938-1424627723-3565-3635-0026221C3664\VOPackage.exe
[1 C:\Users\Marie\AppData\Roaming\61633938-1424627723-3565-3635-0026221C3664\*.tmp files -> C:\Users\Marie\AppData\Roaming\61633938-1424627723-3565-3635-0026221C3664\*.tmp -> ]
[2010/05/02 21:40:55 | 000,725,039 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\Best-Softs\UpdateBest-Softs\unins000.exe
[2010/04/20 12:55:26 | 000,757,760 | ---- | M] (Best-Softs) -- C:\Users\Marie\AppData\Roaming\Best-Softs\UpdateBest-Softs\UpdateBest-Softs.exe
[2010/04/20 12:55:22 | 000,651,264 | ---- | M] (Best-Softs) -- C:\Users\Marie\AppData\Roaming\Best-Softs\UpdateBest-Softs\UpdateBest-SoftsHP.exe
[2009/03/25 17:04:14 | 000,045,056 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\Common\LuaRT\lua.exe
[2009/03/25 17:51:44 | 000,035,840 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\Common\LuaRT\wlua.exe
[2013/10/09 14:03:26 | 000,168,824 | ---- | M] (HTTO Group, Ltd.) -- C:\Users\Marie\AppData\Roaming\DataMgr\DataMgr.exe
[2013/12/09 21:52:10 | 000,037,376 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\Intermediate\Intermediate.exe
[2014/06/18 10:37:49 | 000,429,568 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\Microsoft\~pcubemk.exe
[2015/04/05 20:59:27 | 000,266,240 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\f2479166.exe
[2013/11/03 22:15:51 | 000,197,128 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\OpenCandy\6AD3A5B161F04C27B2BECA3E34FBBF77\SymentecRegMech_Fr_p1v1.exe
[2010/04/15 18:37:47 | 000,443,912 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Marie\AppData\Roaming\Real\Update\setup3.11\setup.exe
[2011/01/29 12:28:28 | 000,510,120 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Marie\AppData\Roaming\Real\Update\setup3.13\setup.exe
[2012/10/23 14:30:46 | 000,450,712 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Marie\AppData\Roaming\Real\Update\temp\~Upg1\rnupgagent.exe
[2013/06/19 16:34:06 | 000,470,096 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Marie\AppData\Roaming\Real\Update\temp\~Upg2\rnupgagent.exe
[2013/10/28 10:00:03 | 000,470,608 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Marie\AppData\Roaming\Real\Update\temp\~Upg4\rnupgagent.exe
[2013/11/10 10:09:02 | 000,470,608 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Marie\AppData\Roaming\Real\Update\temp\~Upg5\rnupgagent.exe
[2014/12/09 18:41:20 | 000,527,440 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Marie\AppData\Roaming\Real\Update\temp\~Upg6\rnupgagent.exe
[2014/12/09 18:41:20 | 000,527,440 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Marie\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe
[2014/12/09 21:42:12 | 001,078,992 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Marie\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\stub_exe\RealPlayerCloud_fr.exe
[2014/12/24 14:49:46 | 000,116,032 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\SCheck\ntcrxinst.exe
[2014/10/28 17:41:32 | 000,129,721 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\SCheck\ntdllinst.exe
[2015/02/15 13:33:50 | 000,245,480 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\SCheck\ntxpiinst.exe
[2013/12/09 21:52:10 | 000,037,376 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\SCheck\SCheck.exe
[2015/02/22 22:21:10 | 000,098,491 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\Seventh\Seventh.exe
[2014/11/24 09:46:36 | 000,074,471 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\Sixth\Sixth.exe
[2015/02/23 21:20:38 | 001,641,117 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\Snz\Snz.exe
[2013/04/10 00:57:44 | 000,036,864 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\SSync\SSync.exe
[2014/02/27 19:42:46 | 000,645,592 | ---- | M] (Systweak Software ) -- C:\Users\Marie\AppData\Roaming\Systweak\ssd\SSDPTstub.exe
[2007/10/23 10:27:20 | 000,110,592 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\U3\temp\cleanup.exe
[2007/10/23 10:22:56 | 003,350,528 | -H-- | M] (SanDisk Corporation) -- C:\Users\Marie\AppData\Roaming\U3\temp\Launchpad Removal.exe
[2013/04/12 16:10:43 | 000,106,496 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe
[2015/03/26 10:10:17 | 001,442,384 | ---- | M] (BitTorrent Inc.) -- C:\Users\Marie\AppData\Roaming\uTorrent\uTorrent.exe
[2014/01/26 18:43:44 | 001,307,736 | ---- | M] (BitTorrent Inc.) -- C:\Users\Marie\AppData\Roaming\uTorrent\updates\3.3.2_30488.exe
[2014/04/26 11:05:31 | 001,268,816 | ---- | M] (BitTorrent Inc.) -- C:\Users\Marie\AppData\Roaming\uTorrent\updates\3.4.1_30740.exe
[2014/04/26 12:57:22 | 001,266,520 | ---- | M] (BitTorrent Inc.) -- C:\Users\Marie\AppData\Roaming\uTorrent\updates\3.4.1_30888.exe
[2014/05/13 09:33:13 | 001,268,560 | ---- | M] (BitTorrent Inc.) -- C:\Users\Marie\AppData\Roaming\uTorrent\updates\3.4.1_31139.exe
[2014/06/26 22:33:13 | 001,267,536 | ---- | M] (BitTorrent Inc.) -- C:\Users\Marie\AppData\Roaming\uTorrent\updates\3.4.1_31395.exe
[2014/06/27 00:09:37 | 001,310,544 | ---- | M] (BitTorrent Inc.) -- C:\Users\Marie\AppData\Roaming\uTorrent\updates\3.4.2_31893.exe
[2014/07/02 11:03:47 | 001,322,832 | ---- | M] (BitTorrent Inc.) -- C:\Users\Marie\AppData\Roaming\uTorrent\updates\3.4.2_32126.exe
[2014/10/12 20:48:46 | 001,385,808 | ---- | M] (BitTorrent Inc.) -- C:\Users\Marie\AppData\Roaming\uTorrent\updates\3.4.2_34309.exe
[2014/11/16 21:37:00 | 001,385,808 | ---- | M] (BitTorrent Inc.) -- C:\Users\Marie\AppData\Roaming\uTorrent\updates\3.4.2_34944.exe
[2014/12/16 17:49:57 | 001,385,808 | ---- | M] (BitTorrent Inc.) -- C:\Users\Marie\AppData\Roaming\uTorrent\updates\3.4.2_35702.exe
[2015/02/25 18:22:45 | 001,742,416 | ---- | M] (BitTorrent Inc.) -- C:\Users\Marie\AppData\Roaming\uTorrent\updates\3.4.2_38758.exe
[2015/03/04 13:45:39 | 001,742,928 | ---- | M] (BitTorrent Inc.) -- C:\Users\Marie\AppData\Roaming\uTorrent\updates\3.4.2_38913.exe
[2015/03/24 22:54:42 | 001,439,144 | ---- | M] (BitTorrent Inc.) -- C:\Users\Marie\AppData\Roaming\uTorrent\updates\3.4.2_39586.exe
[2015/03/26 10:10:17 | 001,442,384 | ---- | M] (BitTorrent Inc.) -- C:\Users\Marie\AppData\Roaming\uTorrent\updates\3.4.2_39710.exe
[2014/11/02 02:52:37 | 000,397,342 | ---- | M] (bhyvgtcfrd) -- C:\Users\Marie\AppData\Roaming\Yregyv\rauf.exe

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\syswow64\*.dll /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\syswow64\drivers\*.sys /lockedfiles >[/color]

[color=#A23BEC]< hklm\software\clients\startmenuinternet|command /rs >[/color]
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2015/03/22 07:44:42 | 000,924,136 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2015/03/22 07:44:42 | 000,924,136 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2015/03/22 07:44:42 | 000,924,136 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [2015/03/22 07:44:43 | 000,376,944 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2015/03/22 07:44:43 | 000,376,944 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2015/03/22 07:44:43 | 000,376,944 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2015/03/30 23:07:57 | 000,809,288 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2015/03/30 23:07:57 | 000,809,288 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2015/03/30 23:07:57 | 000,809,288 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2015/03/30 23:07:57 | 000,809,288 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2014/06/20 22:14:31 | 000,810,160 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe http://aartemis.com/?type=sc&ts=1387873782&from=wpc&uid=TOSHIBAXMK2555GSX_7948S7U4SXX7948S7U4S [2014/06/20 22:14:31 | 000,810,160 | ---- | M] (Microsoft Corporation)

[color=#A23BEC]< hklm\software\clients\startmenuinternet|command /64 /rs >[/color]
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2015/03/22 07:44:42 | 000,924,136 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2015/03/22 07:44:42 | 000,924,136 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2015/03/22 07:44:42 | 000,924,136 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" [2015/03/22 07:44:43 | 000,376,944 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2015/03/22 07:44:43 | 000,376,944 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2015/03/22 07:44:43 | 000,376,944 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2015/03/30 23:07:57 | 000,809,288 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2015/03/30 23:07:57 | 000,809,288 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2015/03/30 23:07:57 | 000,809,288 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2015/03/30 23:07:57 | 000,809,288 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2014/06/19 01:39:30 | 000,608,768 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2014/06/19 01:39:30 | 000,608,768 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2014/06/19 01:39:30 | 000,608,768 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2014/06/20 22:14:31 | 000,810,160 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE HTTP://AARTEMIS.COM/?TYPE=SC&TS=1387873782&FROM=WPC&UID=TOSHIBAXMK2555GSX_7948S7U4SXX7948S7U4S [2014/06/20 22:14:31 | 000,810,160 | ---- | M] (Microsoft Corporation)

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:ABE89FFE
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:E3C56885
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:E1F04E8D
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:5D7E5A8F
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:1D32EC29
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:0B9176C0
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:AB689DEA
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:373E1720
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:93DE1838
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

Publicité


Signaler le contenu de ce document

Publicité