OTL logfile created on: 26/11/2014 14:48:35 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Frot\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,75 Gb Total Physical Memory | 1,89 Gb Available Physical Memory | 68,59% Memory free
5,72 Gb Paging File | 4,70 Gb Available in Paging File | 82,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 324,69 Gb Total Space | 250,50 Gb Free Space | 77,15% Space Free | Partition Type: NTFS
Drive D: | 10,66 Gb Total Space | 1,43 Gb Free Space | 13,44% Space Free | Partition Type: NTFS

Computer Name: PC-DE-FROT | User Name: Frot | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2014/11/26 14:45:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Frot\Desktop\OTL.exe
PRC - [2014/11/25 22:59:19 | 000,432,888 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2014/11/25 22:58:30 | 000,427,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2014/11/25 22:58:23 | 000,703,736 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2014/11/25 22:58:23 | 000,432,888 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2014/09/17 03:15:08 | 002,460,488 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014/09/17 03:14:57 | 001,795,912 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2014/09/17 03:14:56 | 000,915,784 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
PRC - [2013/01/31 10:01:06 | 000,865,056 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013/01/31 10:01:05 | 001,821,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011/11/02 16:51:54 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2009/10/07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [1997/08/29 00:00:00 | 000,051,984 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\OSA.EXE


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [1998/07/11 00:00:00 | 003,792,896 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\MSO97.DLL
MOD - [1997/08/29 00:00:00 | 000,051,984 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\OSA.EXE


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - [2014/11/25 22:59:19 | 000,432,888 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2014/11/25 22:58:33 | 000,993,584 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2014/11/25 22:58:23 | 000,432,888 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2014/09/17 03:14:57 | 001,795,912 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2014/09/17 03:14:56 | 000,915,784 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService)
SRV - [2014/04/03 20:21:48 | 000,315,008 | ---- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/04/28 16:27:00 | 003,522,800 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010/01/26 17:45:08 | 000,243,056 | ---- | M] (CybelSoft) [On_Demand | Stopped] -- C:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice)
SRV - [2009/10/07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [File_System | On_Demand | Stopped] -- C:\Program Files\Razer\Razer Game Booster\Driver\WinRing0.sys -- (WinRing0_1_2_0)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (TrueSight)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys -- (FairplayKD)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Frot\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aitq4wrl)
DRV - [2014/10/14 21:57:06 | 000,136,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2014/10/14 21:57:05 | 000,098,160 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013/11/27 17:14:16 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013/09/02 01:13:21 | 000,137,344 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hwpsgt.sys -- (hwpsgt)
DRV - [2013/09/02 01:13:21 | 000,009,472 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lemsgt.sys -- (lemsgt)
DRV - [2013/07/31 18:42:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2013/02/19 20:32:54 | 010,919,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/12/12 16:37:00 | 001,074,944 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcmwlhigh6.sys -- (BCMH43XX)
DRV - [2011/10/27 02:25:54 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2011/10/27 02:25:54 | 000,078,136 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2011/10/27 02:25:48 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2011/10/27 02:25:48 | 000,100,224 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bserd.sys -- (ss_bserd)
DRV - [2011/10/27 02:25:48 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus)
DRV - [2011/10/27 02:25:48 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV - [2010/06/24 19:52:39 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/02/11 14:28:26 | 000,014,336 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2)
DRV - [2009/10/07 09:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2009/10/07 00:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2006/12/12 10:16:06 | 000,022,528 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emAudio.sys -- (emAudio)
DRV - [2006/11/02 08:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2005/12/21 08:14:52 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2005/12/21 08:14:52 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2005/12/21 08:14:52 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2005/09/23 22:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = about:newtab
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = about:newtab
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = about:newtab
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2052413982-4155059550-3282167497-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2052413982-4155059550-3282167497-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2052413982-4155059550-3282167497-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2052413982-4155059550-3282167497-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/
IE - HKU\S-1-5-21-2052413982-4155059550-3282167497-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://www.google.com
IE - HKU\S-1-5-21-2052413982-4155059550-3282167497-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2052413982-4155059550-3282167497-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = about:newtab
IE - HKU\S-1-5-21-2052413982-4155059550-3282167497-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = about:newtab
IE - HKU\S-1-5-21-2052413982-4155059550-3282167497-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2052413982-4155059550-3282167497-1000\..\SearchScopes\{9F2402DF-FD57-4052-AF67-0FD2FAF0B208}: "URL" = https://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-2052413982-4155059550-3282167497-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2052413982-4155059550-3282167497-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


[color=#E56717]========== FireFox ==========[/color]

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)


[2014/11/25 23:02:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frot\AppData\Roaming\mozilla\Firefox\Profiles\KO1yF1yx.default\extensions
[2014/11/25 23:02:37 | 000,000,000 | ---D | M] (Avira Browser Safety) -- C:\Users\Frot\AppData\Roaming\mozilla\Firefox\Profiles\KO1yF1yx.default\extensions\abs@avira.com

[color=#E56717]========== Chrome ==========[/color]

CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Frot\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\
CHR - Extension: No name found = C:\Users\Frot\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Frot\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Frot\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Frot\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Frot\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Frot\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\
CHR - Extension: No name found = C:\Users\Frot\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Frot\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/02/13 10:45:02 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [NvBackend] C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4 - HKU\S-1-5-21-2052413982-4155059550-3282167497-1000..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-2052413982-4155059550-3282167497-1000..\Run: [EPSON Stylus DX8400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE (SEIKO EPSON CORPORATION)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2052413982-4155059550-3282167497-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2052413982-4155059550-3282167497-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-2052413982-4155059550-3282167497-1000\..Trusted Domains: clonewarsadventures.com ([]* in Sites de confiance)
O15 - HKU\S-1-5-21-2052413982-4155059550-3282167497-1000\..Trusted Domains: freerealms.com ([]* in Sites de confiance)
O15 - HKU\S-1-5-21-2052413982-4155059550-3282167497-1000\..Trusted Domains: soe.com ([]* in Sites de confiance)
O15 - HKU\S-1-5-21-2052413982-4155059550-3282167497-1000\..Trusted Domains: sony.com ([]* in Sites de confiance)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB28090B-EDEE-47A4-9EA9-F22E8B9184F9}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\System32\Userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\opretuq: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Users\Frot\Pictures\Bretagne\Saint-Hilaire-des-Landes_décembre_2007.JPG
O24 - Desktop BackupWallPaper: C:\Users\Frot\Pictures\Bretagne\Saint-Hilaire-des-Landes_décembre_2007.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2013/07/31 14:57:53 | 000,000,103 | ---- | M] () - C:\autoupdate.log -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: nmwcdcm - File not found
NetSvcs: SbcpHid - File not found
NetSvcs: lmouflt2 - File not found
NetSvcs: nicser_wmp11 - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^Users^Frot^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Outil de notification Live Search.lnk - - File not found
MsConfig - StartUpFolder: C:^Users^Frot^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ZooskMessenger.lnk - - File not found
MsConfig - StartUpReg: [b]ApnTBMon[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]DAEMON Tools Lite[/b] - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg: [b]Intermediate[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]KiesPDLR[/b] - hkey= - key= - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MsConfig - StartUpReg: [b]Logitech Vid[/b] - hkey= - key= - C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
MsConfig - StartUpReg: [b]Pando Media Booster[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]Skype[/b] - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: [b]SSync[/b] - hkey= - key= - File not found
MsConfig - State: "startup" - 2

Drivers32: Msacm.dvacm - C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm File not found
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.mpegacm - mpegacm.acm File not found
Drivers32: msacm.ulmp3acm - ulmp3acm.acm File not found
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.I420 - C:\Windows\System32\emYUV.dll (Microsoft Corporation)
Drivers32: vidc.mjpg - C:\Windows\System32\pvmjpg30.dll (Pegasus Imaging Corporation)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

ActiveX: {0314A401-4626-EEA4-30E7-13BDDF61A102} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4903D172-DCCB-392F-93A3-34CA9D47FE3D} - .NET Framework
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\39.0.2171.71\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {8F736E10-8E5C-4399-A532-D0C00A406227} - Microsoft .NET Framework 1.1 Security Update (KB2698023)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9F612429-4A00-3D44-88CF-146DA2EE1F92} - .NET Framework
ActiveX: {C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0} - Microsoft .NET Framework 1.1 Security Update (KB2833941)
ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.0
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

CREATERESTOREPOINT[/FIXED]
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2014/11/26 14:45:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Frot\Desktop\OTL.exe
[2014/11/26 14:28:23 | 001,110,016 | ---- | C] (Farbar) -- C:\Users\Frot\Desktop\FRST.exe
[2014/11/25 23:02:36 | 000,000,000 | ---D | C] -- C:\Users\Frot\AppData\Roaming\Mozilla
[2014/11/25 22:53:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
[2014/11/25 22:52:59 | 000,000,000 | ---D | C] -- C:\Program Files\ZHPDiag
[2014/11/25 22:52:59 | 000,000,000 | ---D | C] -- C:\Users\Frot\AppData\Roaming\ZHP
[2014/11/12 14:55:49 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msaudite.dll
[2014/11/12 14:55:48 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2014/11/12 14:55:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2014/11/12 14:54:24 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2014/11/12 14:54:03 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10K.DLL
[2014/11/12 14:52:31 | 000,396,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioEng.dll
[2014/11/12 14:52:31 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AUDIOKSE.dll
[2014/11/12 14:52:31 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDump.dll
[2014/11/12 14:50:42 | 002,054,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014/11/12 13:37:26 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/11/12 13:37:26 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2014/11/12 13:37:26 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2014/11/12 13:37:25 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/11/12 13:37:25 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/11/12 13:37:25 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/11/12 13:37:25 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014/11/12 13:37:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2014/11/12 13:37:25 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014/11/12 13:37:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/11/12 13:37:25 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/11/12 13:37:21 | 001,810,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2010/06/29 23:10:34 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Frot\AppData\Roaming\pcouffin.sys
[9 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2014/11/26 14:45:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Frot\Desktop\OTL.exe
[2014/11/26 14:28:26 | 001,110,016 | ---- | M] (Farbar) -- C:\Users\Frot\Desktop\FRST.exe
[2014/11/26 14:28:09 | 000,003,712 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/11/26 14:28:09 | 000,003,712 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/11/26 14:12:10 | 000,078,584 | ---- | M] () -- C:\Users\Frot\Desktop\redirection.JPG
[2014/11/26 13:11:38 | 000,002,007 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/11/26 13:08:06 | 002,600,292 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/11/26 13:08:06 | 000,114,780 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2014/11/26 13:08:06 | 000,041,452 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2014/11/26 13:08:04 | 001,798,612 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/11/26 13:00:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/11/25 23:08:44 | 000,000,842 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/11/25 22:53:01 | 000,001,806 | ---- | M] () -- C:\Users\Frot\Desktop\ZHPFix.lnk
[2014/11/25 22:53:01 | 000,001,683 | ---- | M] () -- C:\Users\Frot\Desktop\ZHPDiag.lnk
[2014/11/25 22:42:36 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/11/25 22:41:48 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/11/25 17:07:32 | 000,834,290 | ---- | M] () -- C:\Users\Frot\Desktop\Mariage Larcher et Emile 3.jpg
[2014/11/25 17:07:32 | 000,723,087 | ---- | M] () -- C:\Users\Frot\Desktop\Mariage Larcher et Emile 1.jpg
[2014/11/25 17:07:32 | 000,704,263 | ---- | M] () -- C:\Users\Frot\Desktop\Mariage Larcher et Emile 2.jpg
[2014/11/25 14:46:19 | 000,202,531 | ---- | M] () -- C:\Users\Frot\Desktop\Région Sourdeval-Mortain-Barenton.JPG
[2014/11/23 22:10:34 | 000,605,713 | ---- | M] () -- C:\Users\Frot\Desktop\Carte Nord Mayenne.JPG
[2014/11/22 16:21:18 | 000,326,271 | ---- | M] () -- C:\Users\Frot\Desktop\Région de Ducey.JPG
[2014/11/14 13:24:28 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1d00005ef7984b4.job
[2014/11/14 13:24:28 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cfeeb5bd145e6.job
[2014/11/12 15:00:29 | 000,363,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/11/11 18:52:16 | 000,001,763 | ---- | M] () -- C:\Users\Frot\Desktop\Winword - Raccourci.lnk
[2014/11/04 14:30:58 | 000,229,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2014/11/03 22:25:28 | 000,193,024 | ---- | M] () -- C:\Users\Frot\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/11/03 14:16:31 | 000,001,875 | ---- | M] () -- C:\Users\Frot\Application Data\Microsoft\Internet Explorer\Quick Launch\Wordpad.lnk
[2014/10/27 20:05:44 | 001,810,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/10/27 19:58:19 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/10/27 19:57:36 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2014/10/27 19:57:18 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/10/27 19:56:58 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/10/27 19:56:10 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/10/27 19:55:50 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2014/10/27 19:55:44 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014/10/27 19:55:39 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014/10/27 19:55:32 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2014/10/27 19:55:20 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/10/27 19:54:43 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[9 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2014/11/25 22:53:01 | 000,001,806 | ---- | C] () -- C:\Users\Frot\Desktop\ZHPFix.lnk
[2014/11/25 22:53:01 | 000,001,683 | ---- | C] () -- C:\Users\Frot\Desktop\ZHPDiag.lnk
[2014/11/25 22:38:18 | 000,078,584 | ---- | C] () -- C:\Users\Frot\Desktop\redirection.JPG
[2014/11/25 17:07:32 | 000,834,290 | ---- | C] () -- C:\Users\Frot\Desktop\Mariage Larcher et Emile 3.jpg
[2014/11/25 17:07:32 | 000,723,087 | ---- | C] () -- C:\Users\Frot\Desktop\Mariage Larcher et Emile 1.jpg
[2014/11/25 17:07:32 | 000,704,263 | ---- | C] () -- C:\Users\Frot\Desktop\Mariage Larcher et Emile 2.jpg
[2014/11/25 14:46:17 | 000,202,531 | ---- | C] () -- C:\Users\Frot\Desktop\Région Sourdeval-Mortain-Barenton.JPG
[2014/11/23 21:49:04 | 000,605,713 | ---- | C] () -- C:\Users\Frot\Desktop\Carte Nord Mayenne.JPG
[2014/11/22 16:02:59 | 000,326,271 | ---- | C] () -- C:\Users\Frot\Desktop\Région de Ducey.JPG
[2014/11/14 13:24:28 | 000,001,052 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1d00005ef7984b4.job
[2014/11/11 18:52:10 | 000,001,763 | ---- | C] () -- C:\Users\Frot\Desktop\Winword - Raccourci.lnk
[2014/11/03 14:16:31 | 000,001,875 | ---- | C] () -- C:\Users\Frot\Application Data\Microsoft\Internet Explorer\Quick Launch\Wordpad.lnk
[2014/09/07 15:42:17 | 000,363,000 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/09/07 12:29:35 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2014/08/02 12:48:59 | 000,000,147 | ---- | C] () -- C:\Windows\Emploidt.ini
[2014/07/17 20:51:29 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2014/07/17 20:51:29 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2014/07/17 20:51:29 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2014/07/17 20:51:29 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2014/07/17 20:51:29 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2014/07/17 20:51:29 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2014/07/17 20:51:29 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2014/07/17 20:51:29 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2014/07/17 20:51:29 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2014/07/17 20:51:29 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2014/07/17 20:51:29 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2014/07/17 20:51:29 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2014/07/17 20:51:29 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2014/07/17 20:51:29 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2014/07/17 20:51:29 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2014/07/17 20:51:29 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2014/07/17 20:51:29 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2014/07/17 20:51:29 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2014/07/17 20:51:29 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2014/07/17 20:44:14 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX8400DEFGIPS.ini
[2014/06/25 00:43:25 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2014/06/25 00:43:25 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2014/06/25 00:43:25 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2014/06/25 00:39:05 | 000,000,239 | ---- | C] () -- C:\Windows\SIERRA.INI
[2014/01/16 00:47:17 | 000,000,000 | ---- | C] () -- C:\ProgramData\StartupItems
[2014/01/04 18:31:46 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX2.INI
[2014/01/04 18:25:04 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2014/01/04 18:23:51 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2014/01/04 18:23:51 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2014/01/04 18:23:51 | 000,000,000 | ---- | C] () -- C:\Users\Frot\AppData\Roaming\Synth Textures
[2014/01/01 14:26:35 | 000,000,041 | ---- | C] () -- C:\Users\Frot\AppData\Roaming\Offre.ini
[2013/09/02 01:13:21 | 000,137,344 | ---- | C] () -- C:\Windows\System32\drivers\hwpsgt.sys
[2013/09/02 01:13:21 | 000,009,472 | ---- | C] () -- C:\Windows\System32\drivers\lemsgt.sys
[2013/07/31 14:30:32 | 000,268,968 | ---- | C] () -- C:\Windows\System32\sqlite3.dll
[2012/08/25 00:35:40 | 000,001,017 | ---- | C] () -- C:\Users\Frot\AppData\Local\recently-used.xbel
[2012/04/14 01:15:40 | 000,000,097 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012/02/13 15:56:22 | 000,000,092 | ---- | C] () -- C:\Users\Frot\AppData\Local\fusioncache.dat
[2012/02/13 12:02:47 | 000,007,620 | ---- | C] () -- C:\Users\Frot\AppData\Local\d3d9caps.dat
[2011/05/16 23:10:19 | 000,193,024 | ---- | C] () -- C:\Users\Frot\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/29 23:10:34 | 000,007,887 | ---- | C] () -- C:\Users\Frot\AppData\Roaming\pcouffin.cat
[2010/06/29 23:10:34 | 000,001,144 | ---- | C] () -- C:\Users\Frot\AppData\Roaming\pcouffin.inf
[2010/03/15 02:49:15 | 000,052,720 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/03/15 00:05:44 | 000,052,720 | ---- | C] () -- C:\ProgramData\nvModes.dat

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2012/02/08 19:31:39 | 000,000,082 | ---- | M] () -- C:\Windows\$NtUninstallKB41379$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MP87B7DW\t.cxt.ms\lso.swf\u.sol
[2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 14:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]

[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]

[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]

[color=#A23BEC]< %APPDATA%\*. >[/color]
[2012/09/04 01:03:11 | 000,000,000 | ---D | M] -- C:\Users\Frot\AppData\Roaming\.minecraft
[2014/08/29 06:30:37 | 000,000,000 | ---D | M] -- C:\Users\Frot\AppData\Roaming\.mono
[2014/05/29 17:26:20 | 000,000,000 | ---D | M] -- C:\Users\Frot\AppData\Roaming\Adobe
[2010/05/29 17:58:18 | 000,000,000 | ---D | M] -- C:\Users\Frot\AppData\Roaming\AKVIS LLC
[2013/12/08 00:48:40 | 000,000,000 | ---D | M] -- C:\Users\Frot\AppData\Roaming\Apowersoft
[2013/03/28 16:09:15 | 000,000,000 | ---D | M] -- C:\Users\Frot\AppData\Roaming\Apple Computer
[2014/01/16 00:58:43 | 000,000,000 | ---D | M] -- C:\Users\Frot\AppData\Roaming\Audacity
[2011/03/13 00:59:52 | 000,000,000 | ---D | M] -- C:\Users\Frot\AppData\Roaming\avidemux
[2013/07/31 18:48:32 | 000,000,000 | ---D | M] -- C:\Users\Frot\AppData\Roaming\Avira
[2011/06/20 23:12:15 | 000,000,000 | ---D | M] -- C:\Users\Frot\AppData\Roaming\AVS4YOU
[2010/06/30 22:33:01 | 000,000,000 | ---D | M] -- C:\Users\Frot\AppData\Roaming\codeblocks
[2010/06/10 21:23:10 | 000,000,000 | ---D | M] -- C:\Users\Frot\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2014/09/07 14:37:50 | 000,000,000 | ---D | M] -- C:\Users\Frot\AppData\Roaming\Common
[2010/06/28 20:10:20 | 000,000,000 | ---D | M] -- C:\Users\Frot\AppData\Roaming\CyberLink
[2014/09/03 20:41:03 | 000,000,000 | ---D | M] -- C:\Users\Frot\AppData\Roaming\DAEMON Tools Lite
[2011/05/07 21:53:01 | 000,000,000 | ---D | M] -- C:\Users\Frot\AppData\Roaming\DivX
[2014/09/03 22:39:58 | 000,000,000 | ---D | M] -- C:\Users\Frot\AppData\Roaming\dvdcss
[2013/11/22 00:48:56 | 000,000,000 | ---D | M] -- C:\Users\Frot\AppData\Roaming\DVDVideoSoft
[2010/10/09 13:30:14 | 000,000,000 | ---D | M] -- C:\Users\Frot\AppData\Roaming\e frontier
[2011/12/11 19:01:47 | 000,000,000 | ---D | M] -- C:\Users\Frot\AppData\Roaming\FreeFLVConverter
[2014/08/26 06:15:32 | 000,000,000 | ---D | M] -- C:\Users\Frot\AppData\Roaming\FreeVideoConverter
[2010/05/05 09:28:32 | 000,000,000 | ---D | M] -- C:\Users\Frot\AppData\Roaming\GetRightToGo
[2010/06/18 14:22:37 | 000,000,000 | ---D | M] -- C:\Users\Frot\AppData\Roaming\gtk-2.0
[2014/06/09 16:39:03 | 000,000,000 | ---D | M] -- C:\Users\Frot\AppData\Roaming\IcoFX
[2010/03/13 21:20:28 | 000,000,000 | ---D | M] -- C:\Users\Frot\AppData\Roaming\Identities
[2010/05/29 17:51:57 | 000,000,000 | ---D | M] -- C:\Users\Frot\AppData\Roaming\igraal
[2014/07/17 20:51:26 | 000,000,000 | ---D | M] -- C:\Users\Frot\AppData\Roaming\InstallShield
[2012/08/04 13:08:28 | 000,000,000 | ---D | M] -- C:\Users\Frot\AppData\Roaming\iuLab
[2011/05/11 21:19:04 | 000,000,000 | ---D | M] -- C:\Users\Frot\AppData\Roaming\Leadertech
[2010/03/13 21:09:19 | 000,000,000 | ---D | M] -- C:\Users\Frot\AppData\Roaming\Macromedia
[2010/03/13 20:43:18 | 000,000,000 | ---D | M] -- C:\Users\Frot\AppData\Roaming\Malwarebytes
[2006/11/02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Frot\AppData\Roaming\Media Center Programs
[2012/08/18 21:45:42 | 000,000,000 | ---D | M] -- C:\Users\Frot\AppData\Roaming\Media Player Classic
[2014/09/07 13:35:57 | 000,000,000 | ---D | M] -- C:\Users\Frot\AppData\Roaming\Micro Application
[2014/09/05 12:20:16 | 000,000,000 | --SD | M] -- C:\Users\Frot\AppData\Roaming\Microsoft
[2012/08/26 00:35:36 | 000,000,000 | ---D | M] -- C:\Users\Frot\AppData\Roaming\Microsoft Game Studios
[2014/11/25 23:02:36 | 000,000,000 | ---D | M] -- C:\Users\Frot\AppData\Roaming\Mozilla
[2014/01/04 18:30:13 | 000,000,000 | ---D | M] -- C:\Users\Frot\AppData\Roaming\Nikon
[2013/10/10 00:35:12 | 000,000,000 | ---D | M] -- C:\Users\Frot\AppData\Roaming\NVIDIA
[2014/09/07 14:32:04 | 000,000,000 | ---D | M] -- C:\Users\Frot\AppData\Roaming\PhotoFiltre 7
[2010/03/13 21:20:30 | 000,000,000 | ---D | M] -- C:\Users\Frot\AppData\Roaming\PhotoFiltre Studio X
[2014/08/29 06:27:35 | 000,000,000 | ---D | M] -- C:\Users\Frot\AppData\Roaming\Pokémon Trading Card Game Online
[2011/06/03 00:34:11 | 000,000,000 | ---D | M] -- C:\Users\Frot\AppData\Roaming\Publish Providers
[2012/04/15 13:23:20 | 000,000,000 | ---D | M] -- C:\Users\Frot\AppData\Roaming\Real
[2012/01/16 20:50:53 | 000,000,000 | ---D | M] -- C:\Users\Frot\AppData\Roaming\Samsung
[2010/09/22 16:24:02 | 000,000,000 | ---D | M] -- C:\Users\Frot\AppData\Roaming\SecondLife
[2014/05/12 02:04:33 | 000,000,000 | ---D | M] -- C:\Users\Frot\AppData\Roaming\SIX Networks
[2014/11/22 15:19:08 | 000,000,000 | ---D | M] -- C:\Users\Frot\AppData\Roaming\Skype
[2011/06/03 00:34:05 | 000,000,000 | ---D | M] -- C:\Users\Frot\AppData\Roaming\Sony
[2010/07/16 21:30:51 | 000,000,000 | ---D | M] -- C:\Users\Frot\AppData\Roaming\Spacejock Software
[2014/09/07 22:48:52 | 000,000,000 | ---D | M] -- C:\Users\Frot\AppData\Roaming\SumatraPDF
[2013/07/27 18:02:27 | 000,000,000 | ---D | M] -- C:\Users\Frot\AppData\Roaming\TERA
[2010/05/03 19:14:09 | 000,000,000 | ---D | M] -- C:\Users\Frot\AppData\Roaming\Turbine
[2011/03/12 19:02:07 | 000,000,000 | ---D | M] -- C:\Users\Frot\AppData\Roaming\U3
[2012/09/18 02:50:34 | 000,000,000 | ---D | M] -- C:\Users\Frot\AppData\Roaming\UNBALANCE
[2011/05/18 20:29:22 | 000,000,000 | ---D | M] -- C:\Users\Frot\AppData\Roaming\Unity
[2010/05/08 10:46:49 | 000,000,000 | ---D | M] -- C:\Users\Frot\AppData\Roaming\vlc
[2010/06/29 23:10:34 | 000,000,000 | ---D | M] -- C:\Users\Frot\AppData\Roaming\Vso
[2013/11/11 04:48:03 | 000,000,000 | ---D | M] -- C:\Users\Frot\AppData\Roaming\WinRAR
[2014/11/25 22:56:24 | 000,000,000 | ---D | M] -- C:\Users\Frot\AppData\Roaming\ZHP

[color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
[2012/05/20 19:20:33 | 000,029,926 | R--- | M] () -- C:\Users\Frot\AppData\Roaming\Microsoft\Installer\{6DE721A5-5E89-4D74-994C-652BB3C0672E}\ARPPRODUCTICON.exe
[2014/08/29 06:28:01 | 000,032,038 | R--- | M] () -- C:\Users\Frot\AppData\Roaming\Microsoft\Installer\{73550466-AE32-47D0-9868-C6066BDC0A3D}\cake_icon_1.exe
[2014/08/29 06:28:01 | 000,014,534 | R--- | M] () -- C:\Users\Frot\AppData\Roaming\Microsoft\Installer\{73550466-AE32-47D0-9868-C6066BDC0A3D}\SystemFoldermsiexec.exe
[2014/01/04 18:26:27 | 000,057,344 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Frot\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
[2013/05/10 17:37:38 | 000,010,134 | R--- | M] () -- C:\Users\Frot\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2010/06/28 19:28:49 | 000,132,096 | ---- | M] (Microsoft Corporation) -- C:\Users\Frot\AppData\Roaming\Microsoft\Live Search\Suppression-Live-Search.exe
[2010/06/28 19:28:48 | 000,086,576 | ---- | M] (Microsoft Corporation) -- C:\Users\Frot\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe
[2010/06/28 19:28:48 | 000,132,672 | ---- | M] (Microsoft Corporation) -- C:\Users\Frot\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe
[2014/09/04 19:02:51 | 011,533,128 | ---- | M] () -- C:\Users\Frot\AppData\Roaming\Pokémon Trading Card Game Online\PokemonTradingCardGameOnline\Pokemon Trading Card Game Online.exe
[2014/08/13 21:32:44 | 011,533,128 | ---- | M] () -- C:\Users\Frot\AppData\Roaming\Pokémon Trading Card Game Online\PokemonTradingCardGameOnline\Refresher.exe
[2014/08/07 23:54:06 | 000,039,472 | ---- | M] () -- C:\Users\Frot\AppData\Roaming\Pokémon Trading Card Game Online\PokemonTradingCardGameOnline\Refresher_Data\bsrefresh.exe
[2014/08/07 23:54:04 | 000,288,256 | ---- | M] () -- C:\Users\Frot\AppData\Roaming\Pokémon Trading Card Game Online\PokemonTradingCardGameOnline\Refresher_Data\vcdiff.exe
[2007/10/23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Users\Frot\AppData\Roaming\U3\2605530F04414C28\cleanup.exe
[2008/05/02 10:41:48 | 003,493,888 | ---- | M] (SanDisk Corporation) -- C:\Users\Frot\AppData\Roaming\U3\2605530F04414C28\Launchpad Removal.exe
[2008/05/04 16:02:26 | 004,603,904 | ---- | M] () -- C:\Users\Frot\AppData\Roaming\U3\2605530F04414C28\LaunchPad.exe
[2007/10/23 09:44:48 | 000,054,584 | ---- | M] () -- C:\Users\Frot\AppData\Roaming\U3\2605530F04414C28\U3AccessGrant.exe
[2008/05/02 10:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Users\Frot\AppData\Roaming\U3\temp\Launchpad Removal.exe

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2014/10/27 19:55:44 | 000,353,792 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\system32\dxtmsft.dll
[2014/10/27 19:55:39 | 000,223,232 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\system32\dxtrans.dll
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

[color=#A23BEC]< %systemroot%\syswow64\*.dll /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
[2010/06/24 19:52:39 | 000,691,696 | ---- | M] ()[b] Unable to obtain MD5[/b] -- C:\Windows\system32\drivers\sptd.sys
[9 C:\Windows\system32\drivers\*.tmp files -> C:\Windows\system32\drivers\*.tmp -> ]

[color=#A23BEC]< %systemroot%\syswow64\drivers\*.sys /lockedfiles >[/color]

[color=#A23BEC]< hklm\software\clients\startmenuinternet|command /rs >[/color]
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2014/11/25 07:39:27 | 000,856,904 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2014/11/25 07:39:27 | 000,856,904 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2014/11/25 07:39:27 | 000,856,904 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2014/11/25 07:39:27 | 000,856,904 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2012/02/13 16:05:08 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2012/02/13 16:05:08 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2012/02/13 16:05:08 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2014/10/27 20:20:23 | 000,757,968 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2014/10/27 20:20:23 | 000,757,968 | ---- | M] (Microsoft Corporation)

[color=#A23BEC]< hklm\software\clients\startmenuinternet|command /64 /rs >[/color]
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2014/11/25 07:39:27 | 000,856,904 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2014/11/25 07:39:27 | 000,856,904 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2014/11/25 07:39:27 | 000,856,904 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2014/11/25 07:39:27 | 000,856,904 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2012/02/13 16:05:08 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2012/02/13 16:05:08 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2012/02/13 16:05:08 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2014/10/27 20:20:23 | 000,757,968 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2014/10/27 20:20:23 | 000,757,968 | ---- | M] (Microsoft Corporation)

[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2013/11/26 00:28:04 | 106,156,080 | ---- | M] ()(C:\Windows\System32\????) -- C:\Windows\System32\䫸쮠ᰴŸ
[2013/11/26 00:28:04 | 106,156,080 | ---- | C] ()(C:\Windows\System32\????) -- C:\Windows\System32\䫸쮠ᰴŸ
[2013/11/11 20:05:05 | 103,792,856 | ---- | M] ()(C:\Windows\System32\????) -- C:\Windows\System32\ꪥИᰴ•
[2013/11/11 20:05:05 | 103,792,856 | ---- | C] ()(C:\Windows\System32\????) -- C:\Windows\System32\ꪥИᰴ•
[2013/11/11 03:12:36 | 103,551,423 | ---- | M] ()(C:\Windows\System32\???°) -- C:\Windows\System32\⠢Ϊᰴ°
[2013/11/11 03:12:36 | 103,551,423 | ---- | C] ()(C:\Windows\System32\???°) -- C:\Windows\System32\⠢Ϊᰴ°
[2013/10/28 13:59:53 | 103,734,365 | ---- | M] ()(C:\Windows\System32\???­) -- C:\Windows\System32\㳊ᰴ­
[2013/10/28 13:59:53 | 103,734,365 | ---- | C] ()(C:\Windows\System32\???­) -- C:\Windows\System32\㳊ᰴ­
[2013/10/27 22:03:59 | 103,533,600 | ---- | M] ()(C:\Windows\System32\????) -- C:\Windows\System32\杠鹑ᰴ“
[2013/10/27 22:03:59 | 103,533,600 | ---- | C] ()(C:\Windows\System32\????) -- C:\Windows\System32\杠鹑ᰴ“
[2013/10/21 17:53:04 | 102,171,793 | ---- | M] ()(C:\Windows\System32\???±) -- C:\Windows\System32\믄往ᰴ±
[2013/10/21 17:53:04 | 102,171,793 | ---- | C] ()(C:\Windows\System32\???±) -- C:\Windows\System32\믄往ᰴ±
[2013/10/18 23:18:46 | 101,880,815 | ---- | M] ()(C:\Windows\System32\????) -- C:\Windows\System32\泋丹ᰴ’
[2013/10/18 23:18:46 | 101,880,815 | ---- | C] ()(C:\Windows\System32\????) -- C:\Windows\System32\泋丹ᰴ’
[2013/10/16 19:15:07 | 101,406,750 | ---- | M] ()(C:\Windows\System32\????) -- C:\Windows\System32\尕糅ᰴ™
[2013/10/16 19:15:07 | 101,406,750 | ---- | C] ()(C:\Windows\System32\????) -- C:\Windows\System32\尕糅ᰴ™
[2013/09/30 20:52:54 | 098,541,442 | ---- | M] ()(C:\Windows\System32\????) -- C:\Windows\System32\᱗ᰴž
[2013/09/30 20:52:54 | 098,541,442 | ---- | C] ()(C:\Windows\System32\????) -- C:\Windows\System32\᱗ᰴž
[2013/09/24 18:52:51 | 097,540,783 | ---- | M] ()(C:\Windows\System32\????) -- C:\Windows\System32\妴斸ᰴ”
[2013/09/24 18:52:51 | 097,540,783 | ---- | C] ()(C:\Windows\System32\????) -- C:\Windows\System32\妴斸ᰴ”
[2013/09/23 19:12:13 | 098,685,961 | ---- | M] ()(C:\Windows\System32\???) -- C:\Windows\System32\㙗쩩ᰴ
[2013/09/23 19:12:13 | 098,685,961 | ---- | C] ()(C:\Windows\System32\???) -- C:\Windows\System32\㙗쩩ᰴ
[2013/09/18 18:36:37 | 098,159,724 | ---- | M] ()(C:\Windows\System32\????) -- C:\Windows\System32\괧⎨ᰴ’
[2013/09/18 18:36:37 | 098,159,724 | ---- | C] ()(C:\Windows\System32\????) -- C:\Windows\System32\괧⎨ᰴ’
[2013/09/17 17:13:52 | 097,949,955 | ---- | M] ()(C:\Windows\System32\????) -- C:\Windows\System32\䁣ᰴ•
[2013/09/17 17:13:52 | 097,949,955 | ---- | C] ()(C:\Windows\System32\????) -- C:\Windows\System32\䁣ᰴ•
[2013/09/13 18:49:44 | 097,503,480 | ---- | M] ()(C:\Windows\System32\????) -- C:\Windows\System32\鳀ӱᰴ•
[2013/09/13 18:49:44 | 097,503,480 | ---- | C] ()(C:\Windows\System32\????) -- C:\Windows\System32\鳀ӱᰴ•
[2013/09/12 21:58:54 | 097,373,152 | ---- | M] ()(C:\Windows\System32\????) -- C:\Windows\System32\튺娵ᰴ’
[2013/09/12 21:58:54 | 097,373,152 | ---- | C] ()(C:\Windows\System32\????) -- C:\Windows\System32\튺娵ᰴ’

[color=#E56717]========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========[/color]
[C:\Windows\$NtUninstallKB41379$] -> Error: Cannot create file handle -> Unknown point type

< End of report >