Infection du PC par www.search-web.net

Dernière réponse : 7 Octobre 2011 22:13 dans Sécurité

orl80

18 Septembre 2011 11:25:00

Bonjour à tous,
Comme plusieurs utilisateurs ici, je suis victime du moteur de recherche search-web.net qui s'ouvre à toutes les sauces.
Mon OS: Vista
Mes navigateurs: Mozilla et Chrome
Merci de votre aide

Autres pages sur : infection www search web net

| Etre averti des réponses
| Alerter

Répondre à orl80

Lassé par la pub ? Créez un compte

orl80

18 Septembre 2011 11:36:27

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:35:34, on 18/09/2011
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16839)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Users\orl\Protection.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.search-web.net/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.search-web.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.search-web.net/keyword/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.search-web.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.search-web.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-web.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.search-web.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Messenger Plus Live France Toolbar - {59994074-c06d-4a75-9768-49e5a8c21264} - C:\Program Files (x86)\Messenger_Plus_Live_France\tbMess.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Messenger Plus Live France Toolbar - {59994074-c06d-4a75-9768-49e5a8c21264} - C:\Program Files (x86)\Messenger_Plus_Live_France\tbMess.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Messenger Plus Live France Toolbar - {59994074-c06d-4a75-9768-49e5a8c21264} - C:\Program Files (x86)\Messenger_Plus_Live_France\tbMess.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [tempHome] C:\Users\orl\AppData\Local\Temp\racourci.vbe
O4 - HKCU\..\Run: [Protection] C:\Users\orl\Protection.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')
O4 - Startup: Protection.lnk = orl\Protection.exe
O4 - Global Startup: FancyStart daemon.lnk = ?
O4 - Global Startup: SRS Premium Sound.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Recherche avec search-web - C:\Users\orl\AppData\Local\Temp\scriptjava.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: *.chat-land.com
O15 - Trusted Zone: *.chat-land.net
O15 - Trusted Zone: *.chat-land.org
O15 - Trusted Zone: *.search-web.net
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Unknown owner - C:\Windows\System32\appdrvrem01.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Service Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Oberon Media Game Console service (OberonGameConsoleService) - Unknown owner - C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15228 bytes

| Alerter

Répondre à orl80

orl80

18 Septembre 2011 15:50:10

| Alerter

Répondre à orl80

Sham_Rock

18 Septembre 2011 16:36:21

Bonjour

Télécharge

Ad-Remover (de Cyrildu17 / C_XX) sur ton Bureau.

/!\ Déconnecte-toi, désactive ton anti-virus et ferme toutes applications en cours /!\

Double-clique sur AD-R situé sur ton Bureau pour le lancer.
(Sous Vista/Seven, il faut cliquer droit sur AD-R et choisir Exécuter en tant qu'administrateur)

Choisis la langue F pour français.

Au menu principal, choisis l'option Scanner.

/!\ Laisse travailler l'outil /!\

Poste le rapport qui apparaît à la fin (C:\Ad-Report-CLEAN.log).
/!\ Pense à réactiver ton antivirus /!\

| Alerter

Répondre à Sham_Rock

orl80

18 Septembre 2011 17:10:13

Merci pour ton aide, voici le rapport:

======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files (x86)\Ad-Remover\main.exe (SCAN [2]) -> Lancé à 19:01:43 le 18/09/2011, Mode normal

Microsoft Windows 7 Édition Familiale Premium (X64)
orl@ORL-NOTEBOOK (ASUSTeK Computer INC. K50AF)

============== RECHERCHE ==============

Dossier trouvé: C:\Users\orl\AppData\Roaming\Mozilla\FireFox\Profiles\lr23rmxs.default\conduit
Dossier trouvé: C:\Users\orl\AppData\Roaming\Mozilla\FireFox\Profiles\lr23rmxs.default\ConduitEngine
Dossier trouvé: C:\Users\orl\AppData\Roaming\Mozilla\FireFox\Profiles\lr23rmxs.default\extensions\engine@conduit.com
Dossier trouvé: C:\Users\orl\AppData\LocalLow\Conduit
Dossier trouvé: C:\Program Files (x86)\Conduit

-- Fichier ouvert: C:\Users\orl\AppData\Roaming\Mozilla\FireFox\Profiles\lr23rmxs.default\Prefs.js --
Ligne trouvée: user_pref("CT2567681.SearchEngine", "Recherche||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_...
Ligne trouvée: user_pref("CT2567681.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT256...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/FR", "\"0\"")...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20...
Ligne trouvée: user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Ligne trouvée: user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Ligne trouvée: user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Ligne trouvée: user_pref("CommunityToolbar.IsEngineShown", true);
Ligne trouvée: user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Ligne trouvée: user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Ligne trouvée: user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Ligne trouvée: user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Ligne trouvée: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr...
Ligne trouvée: user_pref("CommunityToolbar.ToolbarsList", "CT2567681,ConduitEngine");
Ligne trouvée: user_pref("CommunityToolbar.ToolbarsList2", "CT2567681");
Ligne trouvée: user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Fri May 06 2011 19:53:53 GMT+02...
Ligne trouvée: user_pref("CommunityToolbar.alert.alertEnabled", false);
Ligne trouvée: user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Ligne trouvée: user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Feb 28 2011 11:53:42 GMT+0100");
Ligne trouvée: user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Ligne trouvée: user_pref("CommunityToolbar.alert.locale", "en");
Ligne trouvée: user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Ligne trouvée: user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Jun 25 2011 19:37:21 GMT+0200");
Ligne trouvée: user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Ligne trouvée: user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Ligne trouvée: user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Ligne trouvée: user_pref("CommunityToolbar.alert.showTrayIcon", false);
Ligne trouvée: user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Ligne trouvée: user_pref("CommunityToolbar.alert.userId", "8c6bfea3-269d-4364-af10-85a4fd22320f");
Ligne trouvée: user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Jul 09 2010 07:23:40 GMT+0200");
Ligne trouvée: user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Ligne trouvée: user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Ligne trouvée: user_pref("ConduitEngine.AppTrackingLastCheckTime", "Thu Jun 23 2011 21:03:56 GMT+0200");
Ligne trouvée: user_pref("ConduitEngine.CTID", "ConduitEngine");
Ligne trouvée: user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Thu Jun 23 2011 21:03:45 GMT+0200");
Ligne trouvée: user_pref("ConduitEngine.FirstServerDate", "02/28/2011 13");
Ligne trouvée: user_pref("ConduitEngine.FirstTime", true);
Ligne trouvée: user_pref("ConduitEngine.FirstTimeFF3", true);
Ligne trouvée: user_pref("ConduitEngine.HasUserGlobalKeys", true);
Ligne trouvée: user_pref("ConduitEngine.Initialize", true);
Ligne trouvée: user_pref("ConduitEngine.InitializeCommonPrefs", true);
Ligne trouvée: user_pref("ConduitEngine.InstalledDate", "Mon Feb 28 2011 11:53:34 GMT+0100");
Ligne trouvée: user_pref("ConduitEngine.IsMulticommunity", false);
Ligne trouvée: user_pref("ConduitEngine.IsOpenThankYouPage", false);
Ligne trouvée: user_pref("ConduitEngine.IsOpenUninstallPage", true);
Ligne trouvée: user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sun Jun 26 2011 09:11:33 GMT+0200");
Ligne trouvée: user_pref("ConduitEngine.LastLogin_3.2.3.3", "Mon Feb 28 2011 11:53:34 GMT+0100");
Ligne trouvée: user_pref("ConduitEngine.LastLogin_3.3.3.2", "Mon Jun 27 2011 14:01:28 GMT+0200");
Ligne trouvée: user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Ligne trouvée: user_pref("ConduitEngine.SettingsLastCheckTime", "Mon Jun 27 2011 19:05:21 GMT+0200");
Ligne trouvée: user_pref("ConduitEngine.UserID", "UN98857289481907017");
Ligne trouvée: user_pref("ConduitEngine.componentAlertEnabled", false);
Ligne trouvée: user_pref("ConduitEngine.engineLocale", "fr");
Ligne trouvée: user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sun Jun 26 2011 09:11:33 GMT+0200");
Ligne trouvée: user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sun Jun 26 2011 23:02:24 GMT+0200");
Ligne trouvée: user_pref("ConduitEngine.initDone", true);
Ligne trouvée: user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Ligne trouvée: user_pref("ConduitEngine.isDetectionEnabled", false);
Ligne trouvée: user_pref("ConduitEngine.usageEnabled", false);
Ligne trouvée: user_pref("ConduitEngine.usagesFlag", 2);
-- Fichier Fermé --

Clé trouvée: HKLM\Software\Classes\Toolbar.CT2567681
Clé trouvée: HKLM\Software\Conduit
Clé trouvée: HKLM\Software\OpenCandy NSIS SDK
Clé trouvée: HKCU\Software\AppDataLow\Toolbar
Clé trouvée: HKCU\Software\AppDataLow\Software\Conduit
Clé trouvée: HKLM\Software\Messenger Plus!\OpenCandy
Clé trouvée: HKLM\Software\Wow6432Node\Messenger Plus!\OpenCandy

============== SCAN ADDITIONNEL ==============

**** Mozilla Firefox Version [6.0.2 (fr)] ****

HKLM_MozillaPlugins\@garmin.com/GpsControl (x)
HKLM_MozillaPlugins\Adobe Reader (x)
Searchplugins\bing.xml ( hxxp://www.bing.com/search)
Components\browsercomps.dll (Mozilla Foundation)
Extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} (Skype extension )

-- C:\Users\orl\AppData\Roaming\Mozilla\FireFox\Profiles\lr23rmxs.default --
Extensions\engine@conduit.com (Conduit Engine )
Extensions\{59994074-c06d-4a75-9768-49e5a8c21264} (Messenger Plus Live France Community Toolbar)
Prefs.js - browser.download.lastDir, C:\\Users\\orl\\Desktop
Prefs.js - browser.startup.homepage, hxxp://www.search-web.net/
Prefs.js - browser.startup.homepage_override.buildID, 20110902133214
Prefs.js - browser.startup.homepage_override.mstone, rv:6.0.2
Prefs.js - keyword.URL, hxxp://www.search-web.net/results.php?cx=partner-pub-481735735......

========================================

**** Internet Explorer Version [8.0.7600.16385] ****

HKCU_Main|Default_Page_URL - hxxp://www.search-web.net
HKCU_Main|Default_Search_URL - hxxp://www.search-web.net/keyword/
HKCU_Main|SearchMigratedDefaultURL - hxxp://www.search-web.net/results.php?cx=partner-pub-481735735......
HKCU_Main|Search bar - hxxp://www.search-web.net
HKCU_Main|Search Page - hxxp://www.search-web.net
HKCU_Main|Start Page - hxxp://www.search-web.net
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Start Page - hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKCU_URLSearchHooks|{59994074-c06d-4a75-9768-49e5a8c21264} - "Messenger Plus Live France Toolbar" (C:\Program Files (x86)\Messenger_Plus_Live_France\tbMess.dll)
HKLM_URLSearchHooks|{59994074-c06d-4a75-9768-49e5a8c21264} - "Messenger Plus Live France Toolbar" (C:\Program Files (x86)\Messenger_Plus_Live_France\tbMess.dll)
HKCU_SearchScopes\{557C21FE-7274-410D-853E-9ED4471BF193} - "search-web.net" (hxxp://www.search-web.net/results.php?cx=partner-pub-481735735......)
HKCU_SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} - "?" (?)
HKCU_Toolbar\WebBrowser|{59994074-C06D-4A75-9768-49E5A8C21264} (C:\Program Files (x86)\Messenger_Plus_Live_France\tbMess.dll)
HKLM_Toolbar|{59994074-c06d-4a75-9768-49e5a8c21264} (C:\Program Files (x86)\Messenger_Plus_Live_France\tbMess.dll)
HKLM_Toolbar|{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} (C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll)
HKCU_ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6} - C:\Program Files (x86)\Spotify\Spotify.exe (Spotify Ltd)
HKLM_ElevationPolicy\1750090a-39a3-4526-b8bd-05883257c7c7 - C:\Program Files (x86)\Messenger_Plus_Live_France\Messenger_Plus_Live_FranceToolbarHelper.exe (?)
HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\SysWOW64\wpcer.exe (x)
HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\SysWOW64\winfxdocobj.exe (x)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files (x86)\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01} - C:\Windows\system32\TSWbPrxy.exe (x)
BHO\{59994074-c06d-4a75-9768-49e5a8c21264} - "Messenger Plus Live France Toolbar" (C:\Program Files (x86)\Messenger_Plus_Live_France\tbMess.dll)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)
BHO\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - "avast! WebRep" (C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll)
BHO\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - "Google Dictionary Compression sdch" (C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll)

========================================

C:\Program Files (x86)\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files (x86)\Ad-Remover\Backup: 2 Fichier(s)

C:\Ad-Report-SCAN[1].txt - 18/09/2011 18:50:32 (11432 Octet(s))
C:\Ad-Report-SCAN[2].txt - 18/09/2011 19:01:53 (11359 Octet(s))

Fin à: 19:04:06, 18/09/2011

============== E.O.F ==============

| Alerter

Répondre à orl80

Sham_Rock

18 Septembre 2011 17:25:39

re

Tu ferais bien de lire: Les toolbars c'est pas obligatoire!

1

Double-clique sur AD-R situé sur ton Bureau pour le lancer.
(Sous Vista/Seven, il faut cliquer droit sur AD-R et choisir Exécuter en tant qu'administrateur)

Choisis la langue F pour français.

Au menu principal, choisis l'option Nettoyer.

/!\ Laisse travailler l'outil /!\

Poste le rapport qui apparaît à la fin (C:\Ad-Report-CLEAN.log).
/!\ Pense à réactiver ton antivirus /!\

2

Rends-toi sur cette page AdwCleaner de Xplode , clique sur Télécharger et enregistre le fichier sur ton Bureau

Double-clique sur l'icône AdwCleaner0.exe pour lancer l'installation
/!\ Sous Vista et Windows 7, il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur

Sur le menu principal, clique sur Recherche et patiente le temps de l'analyse

A la fin du scan, un rapport AdwCleaner[R].txt s'ouvre. Poste le rapport en pièce jointe dans ta prochaine réponse
Le rapport se trouve sous C:\AdwCleaner[R].txt

| Alerter

Répondre à Sham_Rock

fastghost93

18 Septembre 2011 17:28:58

Hello,pour hijackthis,à moins que ce soit toi qu'ai placé ces fichiers,tu devrais cocher les cases suivantes :

O4 - HKLM\..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd
O4 - HKCU\..\Run: [tempHome] C:\Users\orl\AppData\Local\Temp\racourci.vbe
O4 - HKCU\..\Run: [Protection] C:\Users\orl\Protection.exe
O4 - Startup: Protection.lnk = orl\Protection.exe
O8 - Extra context menu item: Recherche avec search-web - C:\Users\orl\AppData\Local\Temp\scriptjava.html
O15 - Trusted Zone: *.search-web.net

j'pense ce que c'est les seuls processus qui peuvent déranger,à moins que j'en ai raté..
fais ca en mode sans echec,et lance hijackthis en administrateur

| Alerter

Répondre à fastghost93

orl80

18 Septembre 2011 17:40:25

Fin de 1ere étape pour Sham_Rock, je poste et ensuite j'attaque l'étape 2:
======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files (x86)\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 19:31:40 le 18/09/2011, Mode normal

Microsoft Windows 7 Édition Familiale Premium (X64)
orl@ORL-NOTEBOOK (ASUSTeK Computer INC. K50AF)

============== ACTION(S) ==============

Dossier supprimé: C:\Users\orl\AppData\Roaming\Mozilla\FireFox\Profiles\lr23rmxs.default\conduit
Dossier supprimé: C:\Users\orl\AppData\Roaming\Mozilla\FireFox\Profiles\lr23rmxs.default\ConduitEngine
Dossier supprimé: C:\Users\orl\AppData\Roaming\Mozilla\FireFox\Profiles\lr23rmxs.default\extensions\engine@conduit.com
Dossier supprimé: C:\Users\orl\AppData\LocalLow\Conduit
Dossier supprimé: C:\Program Files (x86)\Conduit

(!) -- Fichiers temporaires supprimés.

-- Fichier ouvert: C:\Users\orl\AppData\Roaming\Mozilla\FireFox\Profiles\lr23rmxs.default\Prefs.js --
Ligne supprimée: user_pref("CT2567681.SearchEngine", "Recherche||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_...
Ligne supprimée: user_pref("CT2567681.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT256...
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/FR", "\"0\"")...
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\...
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3...
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63...
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20...
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20...
Ligne supprimée: user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Ligne supprimée: user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Ligne supprimée: user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Ligne supprimée: user_pref("CommunityToolbar.IsEngineShown", true);
Ligne supprimée: user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Ligne supprimée: user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Ligne supprimée: user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Ligne supprimée: user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Ligne supprimée: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr...
Ligne supprimée: user_pref("CommunityToolbar.ToolbarsList", "CT2567681,ConduitEngine");
Ligne supprimée: user_pref("CommunityToolbar.ToolbarsList2", "CT2567681");
Ligne supprimée: user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Fri May 06 2011 19:53:53 GMT+02...
Ligne supprimée: user_pref("CommunityToolbar.alert.alertEnabled", false);
Ligne supprimée: user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Ligne supprimée: user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Feb 28 2011 11:53:42 GMT+0100");
Ligne supprimée: user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Ligne supprimée: user_pref("CommunityToolbar.alert.locale", "en");
Ligne supprimée: user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Ligne supprimée: user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Jun 25 2011 19:37:21 GMT+0200");
Ligne supprimée: user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Ligne supprimée: user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Ligne supprimée: user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Ligne supprimée: user_pref("CommunityToolbar.alert.showTrayIcon", false);
Ligne supprimée: user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Ligne supprimée: user_pref("CommunityToolbar.alert.userId", "8c6bfea3-269d-4364-af10-85a4fd22320f");
Ligne supprimée: user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Jul 09 2010 07:23:40 GMT+0200");
Ligne supprimée: user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Ligne supprimée: user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Ligne supprimée: user_pref("ConduitEngine.AppTrackingLastCheckTime", "Thu Jun 23 2011 21:03:56 GMT+0200");
Ligne supprimée: user_pref("ConduitEngine.CTID", "ConduitEngine");
Ligne supprimée: user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Thu Jun 23 2011 21:03:45 GMT+0200");
Ligne supprimée: user_pref("ConduitEngine.FirstServerDate", "02/28/2011 13");
Ligne supprimée: user_pref("ConduitEngine.FirstTime", true);
Ligne supprimée: user_pref("ConduitEngine.FirstTimeFF3", true);
Ligne supprimée: user_pref("ConduitEngine.HasUserGlobalKeys", true);
Ligne supprimée: user_pref("ConduitEngine.Initialize", true);
Ligne supprimée: user_pref("ConduitEngine.InitializeCommonPrefs", true);
Ligne supprimée: user_pref("ConduitEngine.InstalledDate", "Mon Feb 28 2011 11:53:34 GMT+0100");
Ligne supprimée: user_pref("ConduitEngine.IsMulticommunity", false);
Ligne supprimée: user_pref("ConduitEngine.IsOpenThankYouPage", false);
Ligne supprimée: user_pref("ConduitEngine.IsOpenUninstallPage", true);
Ligne supprimée: user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sun Jun 26 2011 09:11:33 GMT+0200");
Ligne supprimée: user_pref("ConduitEngine.LastLogin_3.2.3.3", "Mon Feb 28 2011 11:53:34 GMT+0100");
Ligne supprimée: user_pref("ConduitEngine.LastLogin_3.3.3.2", "Mon Jun 27 2011 14:01:28 GMT+0200");
Ligne supprimée: user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Ligne supprimée: user_pref("ConduitEngine.SettingsLastCheckTime", "Mon Jun 27 2011 19:05:21 GMT+0200");
Ligne supprimée: user_pref("ConduitEngine.UserID", "UN98857289481907017");
Ligne supprimée: user_pref("ConduitEngine.componentAlertEnabled", false);
Ligne supprimée: user_pref("ConduitEngine.engineLocale", "fr");
Ligne supprimée: user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sun Jun 26 2011 09:11:33 GMT+0200");
Ligne supprimée: user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sun Jun 26 2011 23:02:24 GMT+0200");
Ligne supprimée: user_pref("ConduitEngine.initDone", true);
Ligne supprimée: user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Ligne supprimée: user_pref("ConduitEngine.isDetectionEnabled", false);
Ligne supprimée: user_pref("ConduitEngine.usageEnabled", false);
Ligne supprimée: user_pref("ConduitEngine.usagesFlag", 2);
-- Fichier Fermé --

Clé supprimée: HKLM\Software\Classes\Toolbar.CT2567681
Clé supprimée: HKLM\Software\Conduit
Clé supprimée: HKLM\Software\OpenCandy NSIS SDK
Clé supprimée: HKCU\Software\AppDataLow\Toolbar
Clé supprimée: HKCU\Software\AppDataLow\Software\Conduit
Clé supprimée: HKLM\Software\Messenger Plus!\OpenCandy

============== SCAN ADDITIONNEL ==============

**** Mozilla Firefox Version [6.0.2 (fr)] ****

HKLM_MozillaPlugins\@garmin.com/GpsControl (x)
HKLM_MozillaPlugins\Adobe Reader (x)
Searchplugins\bing.xml ( hxxp://www.bing.com/search)
Components\browsercomps.dll (Mozilla Foundation)
Extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} (Skype extension )

-- C:\Users\orl\AppData\Roaming\Mozilla\FireFox\Profiles\lr23rmxs.default --
Extensions\{59994074-c06d-4a75-9768-49e5a8c21264} (Messenger Plus Live France Community Toolbar)
Prefs.js - browser.download.lastDir, C:\\Users\\orl\\Desktop
Prefs.js - browser.startup.homepage, hxxp://www.search-web.net/
Prefs.js - browser.startup.homepage_override.buildID, 20110902133214
Prefs.js - browser.startup.homepage_override.mstone, rv:6.0.2
Prefs.js - keyword.URL, hxxp://www.search-web.net/results.php?cx=partner-pub-481735735......

========================================

**** Internet Explorer Version [8.0.7600.16385] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_URLSearchHooks|{59994074-c06d-4a75-9768-49e5a8c21264} - "Messenger Plus Live France Toolbar" (C:\Program Files (x86)\Messenger_Plus_Live_France\tbMess.dll)
HKLM_URLSearchHooks|{59994074-c06d-4a75-9768-49e5a8c21264} - "Messenger Plus Live France Toolbar" (C:\Program Files (x86)\Messenger_Plus_Live_France\tbMess.dll)
HKCU_SearchScopes\{557C21FE-7274-410D-853E-9ED4471BF193} - "search-web.net" (hxxp://www.search-web.net/results.php?cx=partner-pub-481735735......)
HKCU_SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} - "?" (?)
HKCU_Toolbar\WebBrowser|{59994074-C06D-4A75-9768-49E5A8C21264} (C:\Program Files (x86)\Messenger_Plus_Live_France\tbMess.dll)
HKLM_Toolbar|{59994074-c06d-4a75-9768-49e5a8c21264} (C:\Program Files (x86)\Messenger_Plus_Live_France\tbMess.dll)
HKLM_Toolbar|{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} (C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll)
HKCU_ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6} - C:\Program Files (x86)\Spotify\Spotify.exe (Spotify Ltd)
HKLM_ElevationPolicy\1750090a-39a3-4526-b8bd-05883257c7c7 - C:\Program Files (x86)\Messenger_Plus_Live_France\Messenger_Plus_Live_FranceToolbarHelper.exe (?)
HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\SysWOW64\wpcer.exe (x)
HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\SysWOW64\winfxdocobj.exe (x)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files (x86)\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01} - C:\Windows\system32\TSWbPrxy.exe (x)
BHO\{59994074-c06d-4a75-9768-49e5a8c21264} - "Messenger Plus Live France Toolbar" (C:\Program Files (x86)\Messenger_Plus_Live_France\tbMess.dll)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)
BHO\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - "avast! WebRep" (C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll)
BHO\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - "Google Dictionary Compression sdch" (C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll)

========================================

C:\Program Files (x86)\Ad-Remover\Quarantine: 111 Fichier(s)
C:\Program Files (x86)\Ad-Remover\Backup: 17 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 18/09/2011 19:32:18 (11302 Octet(s))
C:\Ad-Report-SCAN[1].txt - 18/09/2011 18:50:32 (11432 Octet(s))
C:\Ad-Report-SCAN[2].txt - 18/09/2011 19:01:53 (11498 Octet(s))

Fin à: 19:37:08, 18/09/2011

============== E.O.F ==============

| Alerter

Répondre à orl80

orl80

18 Septembre 2011 17:51:08

Etape 2 effectuée, voici le rapport:

# AdwCleaner v1.306 - Rapport créé le 18/09/2011 à 19:49:27
# Mis à jour le 14/09/11 à 13h par Xplode
# Système d'exploitation : Windows 7 Home Premium (64 bits)
# Nom d'utilisateur : orl - ORL-NOTEBOOK (Administrateur)
# Exécuté depuis : C:\Users\orl\Downloads\adwcleaner.exe
# Option [Recherche]

***** [Processus] *****

***** [Services] *****

***** [Fichiers / Dossiers] *****

***** [Registre] *****

Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}

***** [Registre (64 bits)] *****

***** [Navigateurs] *****

-\\ Internet Explorer v8.0.7600.16385

[OK] Le registre ne contient aucune entrée illégitime.

-\\ Mozilla Firefox v6.0.2 (fr)

Profil : lr23rmxs.default
Fichier : C:\Users\orl\AppData\Roaming\Mozilla\Firefox\Profiles\lr23rmxs.default\prefs.js

Présente : user_pref("CT2567681.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Présente : user_pref("CT2567681.CTID", "CT2567681");
Présente : user_pref("CT2567681.CurrentServerDate", "9-7-2010");
Présente : user_pref("CT2567681.DialogsAlignMode", "LTR");
Présente : user_pref("CT2567681.DownloadReferralCookieData", "");
Présente : user_pref("CT2567681.EMailNotifierPollDate", "Fri Jul 09 2010 07:23:37 GMT+0200");
Présente : user_pref("CT2567681.FeedLastCount2929882609848814406", 362);
Présente : user_pref("CT2567681.FeedPollDate129227257783214203", "Fri Jul 09 2010 07:23:35 GMT+0200");
Présente : user_pref("CT2567681.FeedPollDate129227257783214209", "Fri Jul 09 2010 07:23:35 GMT+0200");
Présente : user_pref("CT2567681.FeedPollDate129227257783214215", "Fri Jul 09 2010 07:23:35 GMT+0200");
Présente : user_pref("CT2567681.FeedPollDate129227257783214221", "Fri Jul 09 2010 07:23:35 GMT+0200");
Présente : user_pref("CT2567681.FeedPollDate129227257783214227", "Fri Jul 09 2010 07:23:35 GMT+0200");
Présente : user_pref("CT2567681.FeedPollDate129227257783214233", "Fri Jul 09 2010 07:23:35 GMT+0200");
Présente : user_pref("CT2567681.FeedPollDate129227257783214239", "Fri Jul 09 2010 07:23:35 GMT+0200");
Présente : user_pref("CT2567681.FeedPollDate129227257783214245", "Fri Jul 09 2010 07:23:35 GMT+0200");
Présente : user_pref("CT2567681.FeedPollDate129227257783214251", "Fri Jul 09 2010 07:23:35 GMT+0200");
Présente : user_pref("CT2567681.FeedPollDate129227257783214257", "Fri Jul 09 2010 07:23:35 GMT+0200");
Présente : user_pref("CT2567681.FeedPollDate129227257783214263", "Fri Jul 09 2010 07:23:36 GMT+0200");
Présente : user_pref("CT2567681.FeedPollDate129227257783214269", "Fri Jul 09 2010 07:23:36 GMT+0200");
Présente : user_pref("CT2567681.FeedPollDate129227257783214275", "Fri Jul 09 2010 07:23:36 GMT+0200");
Présente : user_pref("CT2567681.FeedPollDate129227257783214281", "Fri Jul 09 2010 07:23:36 GMT+0200");
Présente : user_pref("CT2567681.FeedPollDate129227257783214287", "Fri Jul 09 2010 07:23:36 GMT+0200");
Présente : user_pref("CT2567681.FeedPollDate129227257783214293", "Fri Jul 09 2010 07:23:36 GMT+0200");
Présente : user_pref("CT2567681.FeedPollDate129227257783214299", "Fri Jul 09 2010 07:23:37 GMT+0200");
Présente : user_pref("CT2567681.FeedPollDate129227257783214305", "Fri Jul 09 2010 07:23:37 GMT+0200");
Présente : user_pref("CT2567681.FeedPollDate129227257783214311", "Fri Jul 09 2010 07:23:37 GMT+0200");
Présente : user_pref("CT2567681.FeedPollDate129227257783214317", "Fri Jul 09 2010 07:23:37 GMT+0200");
Présente : user_pref("CT2567681.FeedPollDate129227257783370573", "Fri Jul 09 2010 07:23:37 GMT+0200");
Présente : user_pref("CT2567681.FeedTTL129227257783214203", 30);
Présente : user_pref("CT2567681.FeedTTL129227257783214209", 2);
Présente : user_pref("CT2567681.FeedTTL129227257783214215", 2);
Présente : user_pref("CT2567681.FeedTTL129227257783214227", 2);
Présente : user_pref("CT2567681.FeedTTL129227257783214233", 30);
Présente : user_pref("CT2567681.FeedTTL129227257783214251", 5);
Présente : user_pref("CT2567681.FeedTTL129227257783214257", 5);
Présente : user_pref("CT2567681.FeedTTL129227257783214263", 5);
Présente : user_pref("CT2567681.FeedTTL129227257783214281", 5);
Présente : user_pref("CT2567681.FirstServerDate", "9-7-2010");
Présente : user_pref("CT2567681.FirstTime", true);
Présente : user_pref("CT2567681.FirstTimeFF3", true);
Présente : user_pref("CT2567681.FirstTimeSettingsDone", true);
Présente : user_pref("CT2567681.FixPageNotFoundErrors", true);
Présente : user_pref("CT2567681.GroupingServerCheckInterval", 1440);
Présente : user_pref("CT2567681.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Présente : user_pref("CT2567681.Initialize", true);
Présente : user_pref("CT2567681.InitializeCommonPrefs", true);
Présente : user_pref("CT2567681.InstallationAndCookieDataSentCount", 1);
Présente : user_pref("CT2567681.InstallationType", "UnknownIntegration");
Présente : user_pref("CT2567681.InstalledDate", "Fri Jul 09 2010 07:23:33 GMT+0200");
Présente : user_pref("CT2567681.InvalidateCache", false);
Présente : user_pref("CT2567681.IsGrouping", false);
Présente : user_pref("CT2567681.IsMulticommunity", false);
Présente : user_pref("CT2567681.IsOpenThankYouPage", false);
Présente : user_pref("CT2567681.IsOpenUninstallPage", true);
Présente : user_pref("CT2567681.LanguagePackLastCheckTime", "Fri Jul 09 2010 07:23:36 GMT+0200");
Présente : user_pref("CT2567681.LanguagePackReloadIntervalMM", 1440);
Présente : user_pref("CT2567681.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Présente : user_pref("CT2567681.LastLogin_2.6.0.15", "Fri Jul 09 2010 07:23:34 GMT+0200");
Présente : user_pref("CT2567681.LatestVersion", "2.1.0.18");
Présente : user_pref("CT2567681.Locale", "fr-fr");
Présente : user_pref("CT2567681.LoginCache", 4);
Présente : user_pref("CT2567681.MCDetectTooltipHeight", "83");
Présente : user_pref("CT2567681.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Présente : user_pref("CT2567681.MCDetectTooltipWidth", "295");
Présente : user_pref("CT2567681.RadioIsPodcast", false);
Présente : user_pref("CT2567681.RadioLastCheckTime", "Fri Jul 09 2010 07:23:37 GMT+0200");
Présente : user_pref("CT2567681.RadioLastUpdateIPServer", "3");
Présente : user_pref("CT2567681.RadioLastUpdateServer", "3");
Présente : user_pref("CT2567681.RadioMediaID", "9962");
Présente : user_pref("CT2567681.RadioMediaType", "Media Player");
Présente : user_pref("CT2567681.RadioMenuSelectedID", "EBRadioMenu_CT25676819962");
Présente : user_pref("CT2567681.RadioStationName", "California%20Rock");
Présente : user_pref("CT2567681.RadioStationURL", "hxxp://feedlive.net/california.asx");
Présente : user_pref("CT2567681.SHRINK_TOOLBAR", 1);
Présente : user_pref("CT2567681.SearchFromAddressBarIsInit", true);
Présente : user_pref("CT2567681.SearchInNewTabEnabled", true);
Présente : user_pref("CT2567681.SearchInNewTabIntervalMM", 1440);
Présente : user_pref("CT2567681.SearchInNewTabLastCheckTime", "Fri Jul 09 2010 07:23:36 GMT+0200");
Présente : user_pref("CT2567681.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Présente : user_pref("CT2567681.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Présente : user_pref("CT2567681.SettingsCheckIntervalMin", 120);
Présente : user_pref("CT2567681.SettingsLastCheckTime", "Fri Jul 09 2010 07:23:32 GMT+0200");
Présente : user_pref("CT2567681.SettingsLastUpdate", "1278589422");
Présente : user_pref("CT2567681.ThirdPartyComponentsInterval", 504);
Présente : user_pref("CT2567681.ThirdPartyComponentsLastCheck", "Fri Jul 09 2010 07:23:32 GMT+0200");
Présente : user_pref("CT2567681.ThirdPartyComponentsLastUpdate", "1278589422");
Présente : user_pref("CT2567681.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=...");
Présente : user_pref("CT2567681.UserID", "UN46989248294789945");
Présente : user_pref("CT2567681.ValidationData_Toolbar", 0);
Présente : user_pref("CT2567681.WeatherNetwork", "");
Présente : user_pref("CT2567681.WeatherPollDate", "Fri Jul 09 2010 07:23:41 GMT+0200");
Présente : user_pref("CT2567681.WeatherUnit", "C");
Présente : user_pref("CT2567681.alertChannelId", "960546");
Présente : user_pref("CT2567681.backendstorage.hxxp://cmg1_conduit-widgets_com/miniquarium.miniquarium_closed", "66616C7365");
Présente : user_pref("CT2567681.clientLogIsEnabled", true);
Présente : user_pref("CT2567681.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Présente : user_pref("CT2567681.myStuffEnabled", true);
Présente : user_pref("CT2567681.myStuffPublihserMinWidth", 400);
Présente : user_pref("CT2567681.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Présente : user_pref("CT2567681.myStuffServiceIntervalMM", 1440);
Présente : user_pref("CT2567681.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Présente : user_pref("CT2567681.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");

-\\ Google Chrome v [Impossible d'obtenir la version]

Fichier : C:\Users\orl\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Le fichier ne contient aucune entrée illégitime.

*************************

AdwCleaner[R1].txt - [9527 octets] - [18/09/2011 19:49:27]

########## EOF - C:\AdwCleaner[R1].txt - [9655 octets] ##########

| Alerter

Répondre à orl80

Sham_Rock

19 Septembre 2011 18:21:20

Bonsoir
on termine:

1

Mets à jour Malwarebytes' Anti-Malware, fais un scan complet et poste le rapport:
Aide :

Comment utiliser MBAM.

2

Télécharge OTL(de OldTimer) sur ton Bureau.

Double-clique sur OTL pour le lancer.

(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)

Une fenêtre apparaît. Dans la section Rapport en haut de cette fenêtre, coche Rapport minimal.

Coche également les cases à côté de Recherche Lop et Recherche Purity.

Enfin, clique sur le bouton Analyse. Le scan ne prendra pas beaucoup de temps.

Une fois l'analyse terminée, deux fenêtres vont s'ouvrir dans le Bloc-notes : OTL.txt et Extras.txt. Ils se trouvent au même endroit que OTL (donc par défaut sur le Bureau).

Héberge les rapports, puis donne leurs liens.
Utilise ceci pour les heberger: http://www.sendspace.com/

| Alerter

Répondre à Sham_Rock

orl80

27 Septembre 2011 10:43:50

Petite absence due à mon emploi du temps professionnel, je reprend les étapes:

Etape 1, résultat du scan complet Malwarebytes Anti Malwares

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Version de la base de données: 7806

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

27/09/2011 11:56:15
mbam-log-2011-09-27 (11-56-15).txt

Type d'examen: Examen complet (C:\|D:\|)
Elément(s) analysé(s): 417461
Temps écoulé: 3 heure(s), 21 minute(s), 6 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

| Alerter

Répondre à orl80

orl80

27 Septembre 2011 11:24:07

Soucis dans la 2ème étape, je n'arrive pas à retrouver les fichiers et je ne sais pas comment faire pour héberger sur Sendscape

| Alerter

Répondre à orl80

Sham_Rock

28 Septembre 2011 08:22:19

Bonjour
normalement, les rapports sont sur ton bureau...
sinon, tu recommences la procédure... probablement que tu n'auras que le rapport OTL.txt mais ça me suffira.

| Alerter

Répondre à Sham_Rock

orl80

28 Septembre 2011 12:16:55

OTL logfile created on: 28/09/2011 13:36:56 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\orl\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 51,22% Memory free
8,00 Gb Paging File | 5,63 Gb Available in Paging File | 70,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,44 Gb Total Space | 63,73 Gb Free Space | 54,73% Space Free | Partition Type: NTFS
Drive D: | 334,67 Gb Total Space | 171,40 Gb Free Space | 51,21% Space Free | Partition Type: NTFS
Drive E: | 4,07 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: ORL-NOTEBOOK | User Name: orl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\orl\Downloads\OTL(1).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\AsScrPro.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe ()
PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()

========== Modules (No Company Name) ==========

MOD - C:\Users\orl\AppData\Roaming\Mozilla\Firefox\Profiles\lr23rmxs.default\extensions\{59994074-c06d-4a75-9768-49e5a8c21264}\components\RadioWMPCoreGecko6.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe ()
MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()

========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (appdrvrem01) -- C:\Windows\SysNative\appdrvrem01.exe (Protection Technology)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (SfCtlCom) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV:64bit: - (TmProxy) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (OberonGameConsoleService) -- C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe ()
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (appdrv01) Application Driver (01) -- C:\Windows\SysNative\drivers\appdrv01.sys (Protection Technology)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (tmxpflt) -- C:\Windows\SysNative\drivers\tmxpflt.sys (Trend Micro Inc.)
DRV:64bit: - (tmpreflt) -- C:\Windows\SysNative\drivers\tmpreflt.sys (Trend Micro Inc.)
DRV:64bit: - (vsapint) -- C:\Windows\SysNative\drivers\vsapint.sys (Trend Micro Inc.)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\drivers\tmtdi.sys (Trend Micro Inc.)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (lullaby) -- C:\Windows\SysNative\drivers\lullaby.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV:64bit: - (ASMMAP64) -- C:\Program Files\ATKGFNEX\ASMMAP64.sys ()
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys ()
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKLM\..\URLSearchHook: {59994074-c06d-4a75-9768-49e5a8c21264} - C:\Program Files (x86)\Messenger_Plus_Live_France\tbMess.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.search-web.net
IE - HKCU\..\URLSearchHook: {59994074-c06d-4a75-9768-49e5a8c21264} - C:\Program Files (x86)\Messenger_Plus_Live_France\tbMess.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.search-web.net/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {59994074-c06d-4a75-9768-49e5a8c21264}:3.2.3.3
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.3.3
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..keyword.URL: "http://www.search-web.net/results.php?cx=partner-pub-48..."

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/25 10:03:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/09/17 18:47:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/18 10:24:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/25 10:04:27 | 000,000,000 | ---D | M]

[2010/07/11 20:34:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\orl\AppData\Roaming\mozilla\Extensions
[2010/07/11 20:34:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\orl\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2011/09/28 08:43:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\orl\AppData\Roaming\mozilla\Firefox\Profiles\lr23rmxs.default\extensions
[2011/09/28 08:43:57 | 000,000,000 | ---D | M] (Messenger Plus Live France Community Toolbar) -- C:\Users\orl\AppData\Roaming\mozilla\Firefox\Profiles\lr23rmxs.default\extensions\{59994074-c06d-4a75-9768-49e5a8c21264}
[2011/09/28 08:26:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/11/24 22:13:57 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/06/11 19:24:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/12/17 15:41:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/09/28 08:26:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/09/17 18:47:30 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/09/03 08:24:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/03 02:54:18 | 000,001,516 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-france.xml
[2011/09/03 02:13:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/09/03 02:54:18 | 000,001,822 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2011/09/03 02:54:18 | 000,001,154 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-france.xml
[2011/09/03 02:54:18 | 000,001,426 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-fr.xml
[2011/09/03 02:54:18 | 000,000,956 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-france.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google

riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.163\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.163\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.163\gears.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: SocialPlus! = C:\Users\orl\AppData\Local\Google\Chrome\User Data\Default\Extensions\eidogommnbbcgnhfjkcgjnlonijjhmjl\2.5.6_0\
CHR - Extension: avast! WebRep = C:\Users\orl\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\orl\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\

O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Messenger Plus Live France Toolbar) - {59994074-c06d-4a75-9768-49e5a8c21264} - C:\Program Files (x86)\Messenger_Plus_Live_France\tbMess.dll (Conduit Ltd.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Messenger Plus Live France Toolbar) - {59994074-c06d-4a75-9768-49e5a8c21264} - C:\Program Files (x86)\Messenger_Plus_Live_France\tbMess.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Messenger Plus Live France Toolbar) - {59994074-C06D-4A75-9768-49E5A8C21264} - C:\Program Files (x86)\Messenger_Plus_Live_France\tbMess.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [EeeStorageBackup] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [Protection] C:\Users\orl\Protection1223.exe (Copyright)
O4 - Startup: C:\Users\orl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Protection.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O8:64bit: - Extra context menu item: Recherche avec search-web - C:\Users\orl\AppData\Local\Temp\scriptjava.html File not found
O8 - Extra context menu item: Recherche avec search-web - C:\Users\orl\AppData\Local\Temp\scriptjava.html File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: chat-land.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: chat-land.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: chat-land.org ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: search-web.net ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-wind... (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-wind... (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-wind... (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C3AA09E-121D-4F85-B15D-36DB9BF763B2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D20BF40C-633D-4DBA-8AB2-678C01387B50}: DhcpNameServer = 10.10.0.1 156.154.70.1 156.154.71.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/06/03 15:01:07 | 000,000,059 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{0e497bcc-2caf-11df-a332-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0e497bcc-2caf-11df-a332-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Launcher.exe -- [2011/06/03 15:01:08 | 000,305,056 | R--- | M] (Cyanide)
O33 - MountPoints2\{2058a5a3-2720-11e0-9622-bb9750477bdd}\Shell - "" = AutoRun
O33 - MountPoints2\{2058a5a3-2720-11e0-9622-bb9750477bdd}\Shell\AutoRun\command - "" = "K:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/28 13:29:02 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{645A90D2-2C4E-4C32-8746-5B4862DD0ACB}
[2011/09/28 13:28:34 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{EC94454D-851D-4F56-9F9F-1400B90FF19D}
[2011/09/28 13:28:04 | 000,696,320 | ---- | C] (Copyright) -- C:\Users\orl\Protection1223.exe
[2011/09/28 08:29:00 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Roaming\GlarySoft
[2011/09/28 08:26:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/09/28 08:25:59 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/09/28 08:25:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/09/28 08:25:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/09/28 08:25:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011/09/28 08:23:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities
[2011/09/28 08:23:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2011/09/28 08:23:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities
[2011/09/27 22:44:15 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{D71285BF-37E1-4E3E-B7B4-BEAE4C3652D3}
[2011/09/27 22:43:59 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{FF07F0AC-4FB3-4CB2-934C-C02E15FC79AF}
[2011/09/27 08:27:37 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{1DC65CEA-5391-4A9E-BB3E-31733DDD44B2}
[2011/09/27 08:27:18 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{7AD23C0E-F459-4BFD-B026-E6450B32FACD}
[2011/09/26 21:48:22 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{4AEF3ACC-3CCE-448B-BD26-009FD96248FD}
[2011/09/23 21:47:08 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{3690D743-6624-40BD-890A-C141E156E4B0}
[2011/09/23 13:17:18 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{9E03C68D-6355-46EB-9BA8-3C3C21AEE9E7}
[2011/09/22 21:54:03 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{B29FBAD1-DEBC-448E-9D4C-ECA5F27F637F}
[2011/09/22 12:37:51 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{C5DFA11E-216D-4519-BC58-DC1286F3C01A}
[2011/09/21 22:04:02 | 000,000,000 | ---D | C] -- C:\Users\orl\Desktop\Classeur HSCT 18-02-11
[2011/09/21 21:28:18 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{A7FE1409-E587-49B1-A8D9-C6C6D754716D}
[2011/09/21 12:45:07 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{C0A8ECA0-D819-48E4-944E-B2E022E21946}
[2011/09/20 21:46:21 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{0797847F-33AA-4E41-9653-B97D080325E5}
[2011/09/20 10:53:35 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{A634E4B0-7D08-404E-9AED-08A0043E921F}
[2011/09/19 22:05:57 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{05B1522A-0942-434D-97D2-9C593A9B09B0}
[2011/09/19 06:51:45 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{665F8A54-1F6D-4580-964B-7864BC97249F}
[2011/09/19 06:51:23 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{E63BAF0B-D89F-4210-8B43-7BF1487EDAD8}
[2011/09/18 19:45:11 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{2E5377AD-9BE1-4737-AF8A-BCE909A7118B}
[2011/09/18 19:44:58 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{590C2DF9-917B-4405-83CC-A7D95F672EF5}
[2011/09/18 18:48:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Remover
[2011/09/18 13:30:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/09/18 13:30:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2011/09/18 12:18:22 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{EF3E1B44-E21A-4066-80E2-AB397AD046D0}
[2011/09/18 12:18:07 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{77F555DD-384E-428A-A17F-20C50A2E4FD2}
[2011/09/18 12:13:02 | 000,069,152 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2011/09/18 12:12:57 | 000,049,752 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/09/18 12:03:49 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\Sunbelt Software
[2011/09/18 11:03:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\{589802B2-1BF3-4609-9ADE-CF6E6608D06D}
[2011/09/18 11:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/09/18 11:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/09/18 11:03:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2011/09/18 10:14:10 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{07817E65-2C07-440E-B333-13756859B6E2}
[2011/09/18 10:13:58 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{9B1BBE27-12C6-4E57-865F-BE05283BA5A7}
[2011/09/18 07:04:02 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Roaming\Malwarebytes
[2011/09/18 07:03:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/18 07:03:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/09/18 07:03:36 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/09/18 07:03:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/09/18 00:27:50 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{36B2BC29-ABFB-423F-AAFD-BAB3A9ED30EB}
[2011/09/18 00:27:36 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{06D03621-4AFE-415D-A6BD-A98A0E87E757}
[2011/09/17 18:49:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/09/17 18:49:14 | 000,301,912 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/09/17 18:49:14 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/09/17 18:49:11 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/09/17 18:49:09 | 000,058,200 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/09/17 18:49:06 | 000,601,944 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/09/17 18:49:01 | 000,254,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/09/17 18:49:01 | 000,065,368 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/09/17 18:47:22 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/09/17 18:47:21 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/09/17 18:47:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/09/17 18:47:14 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/09/17 18:36:36 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{B849FB76-E985-44FA-87CF-52C614889CED}
[2011/09/17 18:36:23 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{2C5D4203-6B9C-4B4A-8EB4-0957CCD5462F}
[2011/09/17 18:14:55 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{0352A802-CB1F-45EB-AACD-C4677A3F3F60}
[2011/09/17 18:14:42 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{E2CC729F-BFEB-4ABD-8A72-EC000AFBC183}
[2011/09/17 12:12:48 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{1044261D-8E80-4BD7-B258-392F88D1CD62}
[2011/09/17 12:12:35 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{0A22A97E-9867-4F02-8431-9B687A57A884}
[2011/09/17 09:28:11 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{D343807B-9B22-4FF9-B59A-85A5F4AE03C9}
[2011/09/17 09:27:59 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{E1E3F763-A4DF-44F4-ADCA-4D3FE035AD49}
[2011/09/17 08:24:39 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{31A81C88-3A3C-43D9-B55B-9527DCD9C485}
[2011/09/17 08:24:26 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{758F64E6-D79D-401E-8F0E-CFF43D86C35E}
[2011/09/16 11:43:10 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{88CBCBD8-8C49-4F72-9A2F-F42EA34D2DDC}
[2011/09/15 17:53:08 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{9AFFF728-99C2-4AC3-ADD8-93004E382677}
[2011/09/15 17:52:52 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{8C388547-C001-4D37-9578-53D46AAE2F08}
[2011/09/15 11:55:21 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{A79A2762-A21B-4DAF-B91F-F8C349C331EA}
[2011/09/15 11:54:59 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{A02E53D7-11B2-4510-8126-5081DA087F97}
[2011/09/14 19:18:17 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{9478BF1E-77C0-4BE2-BD1C-7076BBBC2E49}
[2011/09/14 19:17:38 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{338E740C-A636-4F9E-9872-0F737275FE5D}
[2011/09/14 18:34:29 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{1C0BAB38-01C5-43C9-BEDF-5880A8170208}
[2011/09/14 18:34:11 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{42AD2C6A-F4F7-43F9-A3F7-939C641BF082}
[2011/09/13 19:34:32 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{763C6A22-E825-4C1E-9590-0B96E7936FE8}
[2011/09/13 19:34:17 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{F8E86966-8528-4834-9F5C-4F7911CC19C4}
[2011/09/13 09:02:11 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{7B08501A-7E23-48EA-8214-7E180CD0F70E}
[2011/09/13 09:01:56 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{60E2A92A-282F-4060-8D40-3F4E6625F4DE}
[2011/09/12 10:28:02 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/09/12 08:03:04 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{06F08839-2A4A-497A-A62F-13E9AAF63114}
[2011/09/11 09:28:07 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{847F5037-AE7C-4CAF-AE62-925B8D459E6C}
[2011/09/10 21:53:33 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{2044F9AE-E48B-4547-8051-6FCF7905CDDF}
[2011/09/10 13:20:47 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{8901C7EB-12FE-4F7F-B1C6-78B2C13817A9}
[2011/09/09 22:10:15 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{720890FB-77FC-4560-A67F-B5B85A09886F}
[2011/09/09 13:01:21 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{953D4B77-EB32-475B-BF6A-CD4B7A7287B3}
[2011/09/08 21:41:25 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{2A8FF9E0-DEB1-4307-8C28-01FC37A218B1}
[2011/09/08 12:28:52 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{4A0C7F22-5A27-472F-8089-EE60FB10CF6E}
[2011/09/08 08:42:59 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{CAC377C0-73D0-492F-941E-FB79BB23FFC9}
[2011/09/07 22:00:48 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{F51CB9AD-276F-44B4-9ECC-1D20499D157C}
[2011/09/07 11:32:26 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{27C7BB4F-84D6-4DB9-BD29-AFB710390174}
[2011/09/07 04:35:13 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{C6F353E2-DDE0-4515-92B1-96DAA9A3A236}
[2011/09/07 04:34:52 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{EB102B77-BE2E-4050-B64C-2E8537498435}
[2011/09/04 21:52:39 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{7A912433-1468-4B42-B81E-6FDE49A14887}
[2011/09/04 21:52:22 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{ACEE37B0-0FB8-483D-933D-EB40A15E2D8F}
[2011/09/03 13:57:31 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{3FC900F4-F528-4B85-8D45-963EFAC95535}
[2011/09/03 13:57:19 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{051FBCF3-C08B-4FAD-807A-E4B2BA940A38}
[2011/09/03 01:45:15 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{D4CF007A-A066-4F03-9197-FF1F85198736}
[2011/09/03 01:44:59 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{9586786A-7557-45FD-A3E4-6BAD3E40F7D0}
[2008/08/12 07:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll
[1 C:\Users\orl\*.tmp files -> C:\Users\orl\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/28 13:31:03 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/28 13:31:03 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/28 13:29:29 | 001,557,414 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/28 13:29:29 | 000,707,236 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2011/09/28 13:29:29 | 000,618,912 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/28 13:29:29 | 000,131,632 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2011/09/28 13:29:29 | 000,107,232 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/28 13:28:48 | 000,000,011 | ---- | M] () -- C:\Users\orl\logie
[2011/09/28 13:28:48 | 000,000,011 | ---- | M] () -- C:\Users\orl\logff
[2011/09/28 13:28:10 | 000,696,320 | ---- | M] (Copyright) -- C:\Users\orl\Protection1223.exe
[2011/09/28 13:27:04 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2011/09/28 13:27:02 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/28 13:24:01 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/28 13:22:53 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/09/28 13:21:09 | 000,472,592 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/09/28 13:21:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/28 13:20:44 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/28 08:40:05 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll
[2011/09/28 08:40:05 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll
[2011/09/28 08:23:51 | 000,001,068 | ---- | M] () -- C:\Users\orl\Desktop\Glary Utilities.lnk
[2011/09/18 19:31:40 | 000,001,893 | ---- | M] () -- C:\Users\orl\Desktop\AD-R.lnk
[2011/09/18 13:30:52 | 000,002,095 | ---- | M] () -- C:\Users\orl\Desktop\HijackThis.lnk
[2011/09/18 12:16:19 | 000,001,411 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2011/09/18 12:12:54 | 000,049,752 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/09/18 11:03:26 | 000,001,180 | ---- | M] () -- C:\Users\orl\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011/09/18 11:03:26 | 000,001,156 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/09/18 10:24:31 | 000,001,140 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/09/18 10:16:39 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/09/18 10:12:18 | 000,002,152 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2011/09/17 18:49:16 | 000,001,843 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/09/17 18:49:01 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/09/17 12:11:24 | 000,000,114 | ---- | M] () -- C:\Users\orl\Application Data\Microsoft\Internet Explorer\Quick Launch\Chat-Land site de chat et de rencontre gratuit.URL
[2011/09/17 09:21:02 | 000,000,715 | ---- | M] () -- C:\Users\orl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Protection.lnk
[2011/09/17 09:21:00 | 000,000,000 | ---- | M] () -- C:\Users\orl\tmp1.20
[2011/09/13 09:02:03 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/09/06 22:45:29 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/09/06 22:45:29 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/09/06 22:45:17 | 000,254,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/09/06 22:38:18 | 000,601,944 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/09/06 22:38:16 | 000,301,912 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/09/06 22:36:41 | 000,058,200 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/09/06 22:36:41 | 000,042,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/09/06 22:36:30 | 000,065,368 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/09/06 22:36:14 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Users\orl\*.tmp files -> C:\Users\orl\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/28 08:24:08 | 000,000,320 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
[2011/09/28 08:23:51 | 000,001,068 | ---- | C] () -- C:\Users\orl\Desktop\Glary Utilities.lnk
[2011/09/27 08:29:20 | 000,000,396 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/09/18 18:48:57 | 000,001,893 | ---- | C] () -- C:\Users\orl\Desktop\AD-R.lnk
[2011/09/18 13:30:52 | 000,002,095 | ---- | C] () -- C:\Users\orl\Desktop\HijackThis.lnk
[2011/09/18 11:03:26 | 000,001,180 | ---- | C] () -- C:\Users\orl\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011/09/18 11:03:26 | 000,001,156 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/09/18 10:24:31 | 000,001,140 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/09/18 10:24:30 | 000,001,152 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/09/18 10:15:37 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/09/18 10:15:36 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/09/17 18:49:16 | 000,001,843 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/09/17 18:49:01 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/09/17 12:12:15 | 000,000,011 | ---- | C] () -- C:\Users\orl\logie
[2011/09/17 12:12:15 | 000,000,011 | ---- | C] () -- C:\Users\orl\logff
[2011/09/17 12:11:24 | 000,000,114 | ---- | C] () -- C:\Users\orl\Application Data\Microsoft\Internet Explorer\Quick Launch\Chat-Land site de chat et de rencontre gratuit.URL
[2011/09/17 09:21:02 | 000,000,715 | ---- | C] () -- C:\Users\orl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Protection.lnk
[2011/09/17 09:21:00 | 000,000,000 | ---- | C] () -- C:\Users\orl\tmp1.20
[2010/11/24 22:14:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/18 22:28:25 | 001,552,872 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/12 14:13:25 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2010/03/11 03:48:24 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll
[2010/03/11 03:29:03 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010/03/11 02:52:13 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/10/26 05:38:20 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config
[2009/08/19 10:33:09 | 000,018,432 | ---- | C] () -- C:\Windows\OOBEPlayer.exe
[2009/08/19 10:33:09 | 000,000,035 | ---- | C] () -- C:\Windows\OOBEPlayer.ini
[2009/07/29 07:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/08 20:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll
[2008/05/22 18:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2006/05/19 05:39:57 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini

========== LOP Check ==========

[2010/07/12 14:20:50 | 000,000,000 | -HSD | M] -- C:\Users\orl\AppData\Roaming\.#
[2010/06/15 21:48:38 | 000,000,000 | ---D | M] -- C:\Users\orl\AppData\Roaming\Asus WebStorage
[2011/05/04 08:40:22 | 000,000,000 | ---D | M] -- C:\Users\orl\AppData\Roaming\BitZipper
[2011/09/03 14:06:48 | 000,000,000 | ---D | M] -- C:\Users\orl\AppData\Roaming\Camfrog
[2010/07/12 14:20:34 | 000,000,000 | ---D | M] -- C:\Users\orl\AppData\Roaming\GameConsole
[2011/05/06 14:12:49 | 000,000,000 | ---D | M] -- C:\Users\orl\AppData\Roaming\GARMIN
[2011/09/28 08:39:49 | 000,000,000 | ---D | M] -- C:\Users\orl\AppData\Roaming\GlarySoft
[2010/11/05 19:55:02 | 000,000,000 | ---D | M] -- C:\Users\orl\AppData\Roaming\LimeWire
[2010/11/16 15:38:32 | 000,000,000 | ---D | M] -- C:\Users\orl\AppData\Roaming\msn
[2010/06/11 20:07:31 | 000,000,000 | ---D | M] -- C:\Users\orl\AppData\Roaming\OpenOffice.org
[2011/06/09 21:21:22 | 000,000,000 | ---D | M] -- C:\Users\orl\AppData\Roaming\Pro Cycling Manager 2010
[2011/09/26 23:05:23 | 000,000,000 | ---D | M] -- C:\Users\orl\AppData\Roaming\Pro Cycling Manager 2011
[2010/07/18 22:21:05 | 000,000,000 | ---D | M] -- C:\Users\orl\AppData\Roaming\Samsung
[2010/11/24 22:05:12 | 000,000,000 | ---D | M] -- C:\Users\orl\AppData\Roaming\Spotify
[2011/09/28 13:22:53 | 000,000,396 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011/09/28 13:27:04 | 000,000,320 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2011/09/04 21:51:17 | 000,032,482 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:734E442A

< End of report >

| Alerter

Répondre à orl80

Sham_Rock

28 Septembre 2011 20:33:55

Double-clique sur OTL pour le lancer.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)

Sous l'onglet Personnalisation (dans le cadre blanc) en bas de la fenêtre, copie-colle le texte que tu auras récupéré à partir du lien suivant

http://www.sendspace.com/file/lew2u1

Puis clique sur le bouton Correction en haut de la fenêtre.

Laisse le programme travailler, redémarre une fois le fix terminé.

Poste le rapport qui s'affichera après redémarrage.

+++++++++++++++

Rends toi sur ce lien : Virus Total

Clique sur Parcourir

Analyse le fichier en gras et poste le rapport.

C:\Users\orl\Protection1223.exe

Si une fenêtre indique que le fichier a déjà été analysé, clique sur réanalyser le fichier maintenant.

Aide:
http://forum.malekal.com/virustotal-comment-scanner-fic...

Sham_Rock a édité ce message 4 Juin 2012 07:51:47

| Alerter

Répondre à Sham_Rock

orl80

4 Octobre 2011 15:32:10

re

J'ai effectué la première manip de correction avec OTL mais lors du redémarrage je n'ai pas eu de rapport.

Ensuite pour la manip avec Virus Total, je n'ai pas trouvé le fichier: C:\Users\orl\Protection1223.exe
Mais à la place j'ai eu C:\Users\orl\Protection1228.exe , je l'ai tout de même analysé et voici le rapport:

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
Protection1228.exe
Submission date:
2011-10-04 15:17:10 (UTC)
Current status:
finished
Result:
1/ 43 (2.3%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.10.03.00 2011.10.03 -
AntiVir 7.11.15.97 2011.10.04 -
Antiy-AVL 2.0.3.7 2011.10.04 -
Avast 6.0.1289.0 2011.10.04 -
AVG 10.0.0.1190 2011.10.04 -
BitDefender 7.2 2011.10.04 -
ByteHero 1.0.0.1 2011.09.23 -
CAT-QuickHeal 11.00 2011.10.04 -
ClamAV 0.97.0.0 2011.10.04 -
Commtouch 5.3.2.6 2011.10.04 -
Comodo 10340 2011.10.04 -
DrWeb 5.0.2.03300 2011.10.04 -
Emsisoft 5.1.0.11 2011.10.04 -
eSafe 7.0.17.0 2011.10.03 -
eTrust-Vet 36.1.8596 2011.10.04 -
F-Prot 4.6.2.117 2011.10.03 -
F-Secure 9.0.16440.0 2011.10.04 -
Fortinet 4.3.370.0 2011.10.04 -
GData 22 2011.10.04 -
Ikarus T3.1.1.107.0 2011.10.04 -
Jiangmin 13.0.900 2011.10.04 -
K7AntiVirus 9.114.5242 2011.10.04 -
Kaspersky 9.0.0.837 2011.10.04 UDS

angerousObject.Multi.Generic
McAfee 5.400.0.1158 2011.10.04 -
McAfee-GW-Edition 2010.1D 2011.10.03 -
Microsoft 1.7702 2011.10.04 -
NOD32 6515 2011.10.04 -
Norman 6.07.11 2011.10.03 -
nProtect 2011-10-04.01 2011.10.04 -
Panda 10.0.3.5 2011.10.03 -
PCTools 8.0.0.5 2011.10.04 -
Prevx 3.0 2011.10.04 -
Rising 23.77.04.01 2011.09.30 -
Sophos 4.69.0 2011.10.04 -
SUPERAntiSpyware 4.40.0.1006 2011.10.04 -
Symantec 20111.2.0.82 2011.10.04 -
TheHacker 6.7.0.1.316 2011.10.04 -
TrendMicro 9.500.0.1008 2011.10.04 -
TrendMicro-HouseCall 9.500.0.1008 2011.10.04 -
VBA32 3.12.16.4 2011.10.03 -
VIPRE 10657 2011.10.04 -
ViRobot 2011.10.4.4701 2011.10.04 -
VirusBuster 14.0.246.0 2011.10.03 -
Additional information
MD5 : 15f368770f3897b73f27653d91840783
SHA1 : 93548b2c1959024d1dcc5557e12ad106e110b3f6
SHA256: 575e5e093faa754766bd92ff621265647e1eb1eeccecf87aa5524ebc6c4d3104
ssdeep: 12288:3JSIj+phS9JSIj+phS9JSIj+phSNDhMtX3jQsiuJSIjuphS:cIjch1Ijch1IjchalMtHa
jIjMh
File size : 696320 bytes
First seen: 2011-10-04 15:17:10
Last seen : 2011-10-04 15:17:10
TrID:
Windows Screen Saver (47.2%)
Win32 Executable Generic (30.7%)
Win16/32 Executable Delphi generic (7.4%)
Generic Win/DOS Executable (7.2%)
DOS Executable Generic (7.2%)
sigcheck:
publisher....: Copyright
copyright....: Copyright (c) 2010
product......: binternet
description..: Protection
original name: Protection.exe
internal name: Protection.exe
file version.: 12.28.0.0
comments.....: Copyright
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x88C7E
timedatestamp....: 0x4E8AD65D (Tue Oct 04 09:48:13 2011)
machinetype......: 0x14c (I386)

[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x2000, 0x86C84, 0x86E00, 6.85, 0768fe4f85603aa115ebc885a4d945ae
.sdata, 0x8A000, 0x82, 0x200, 1.83, 159a401ac6d8452cc778446455cf3369
.rsrc, 0x8C000, 0x22918, 0x22A00, 6.71, d1fcfbf6852ad3deda8e91e8129318b3
.reloc, 0xB0000, 0xC, 0x200, 0.10, 78359f8abc750260195c790fdf94f29c

[[ 1 import(s) ]]
mscoree.dll: _CorExeMain
ExifTool:
file metadata
AssemblyVersion: 12.28.0.0
CharacterSet: Unicode
CodeSize: 552448
Comments: Copyright
CompanyName: Copyright
EntryPoint: 0x88c7e
FileDescription: Protection
FileFlagsMask: 0x003f
FileOS: Win32
FileSize: 680 kB
FileSubtype: 0
FileType: Win32 EXE
FileVersion: 12.28.0.0
FileVersionNumber: 12.28.0.0
ImageVersion: 0.0
InitializedDataSize: 142848
InternalName: Protection.exe
LanguageCode: Neutral
LegalCopyright: Copyright 2010
LinkerVersion: 8.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
ObjectFileType: Executable application
OriginalFilename: Protection.exe
PEType: PE32
ProductName: binternet
ProductVersion: 12.28.0.0
ProductVersionNumber: 12.28.0.0
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2011:10:04 11:48:13+02:00
UninitializedDataSize: 0
Symantec reputation:Suspicious.Insight

| Alerter

Répondre à orl80

Sham_Rock

4 Octobre 2011 20:12:27

Bonsoir

bof, je sais pas trop...une seule détection, je pense pas que cela soit infectieux.
ça te dit rien le dossier orl? Ma déformation professionnelle me ferait dire Observation Réfléchie de la Langue, mais à mon avis, ce n'est pas ça ;O)
vu le nom, pour avoir des infos sur google, c'est wallou...

Sham_Rock a édité ce message 4 Juin 2012 07:51:47

| Alerter

Répondre à Sham_Rock

orl80

5 Octobre 2011 06:43:28

Bonjour,

orl c'est le nom que j'ai donné à mon ordi, c'est mon pseudo à moi également... Si ça peut t'aider!

Sur mon ordi je n'ai récupéré aucun autre soucis, mis à part cette page qui s'ouvre automatiquement au démarrage de mon navigateur: www.search-web.net
Moteur de recherche bidon qui m'oriente vers tout et n'importe quoi!

Merci de ton aide jusque là en tout cas, tu penses qu'il y a une issue favorable possible?

| Alerter

Répondre à orl80

Sham_Rock

5 Octobre 2011 10:16:52

Bonjour
le script otl aurait dû suffire....
refais un scan avec OTL et poste le rapport pour que je vois ce qu'il en est.

je présume que tu as essayé de virer manuellement cette page de démarrage.

voir ce tuto:
http://www.commentcamarche.net/faq/16919-comment-change...

| Alerter

Répondre à Sham_Rock

orl80

7 Octobre 2011 11:13:45

Voila le dernier rapport d'analyse OTL:

OTL logfile created on: 07/10/2011 12:51:38 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\orl\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 1,70 Gb Available Physical Memory | 42,62% Memory free
8,00 Gb Paging File | 5,44 Gb Available in Paging File | 68,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,44 Gb Total Space | 60,79 Gb Free Space | 52,21% Space Free | Partition Type: NTFS
Drive D: | 334,67 Gb Total Space | 171,40 Gb Free Space | 51,21% Space Free | Partition Type: NTFS
Drive E: | 4,07 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: ORL-NOTEBOOK | User Name: orl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/07 12:40:05 | 000,696,320 | ---- | M] (Copyright) -- C:\Users\orl\Protection1231.exe
PRC - [2011/10/06 19:44:16 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/09/27 08:36:42 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\orl\Downloads\OTL.exe
PRC - [2011/09/18 12:12:29 | 000,928,496 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/09/06 22:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/06/25 10:03:31 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2010/07/04 19:13:56 | 000,095,576 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2010/03/11 03:48:30 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2009/11/24 23:45:36 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
PRC - [2009/11/12 20:10:06 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009/11/03 00:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/08/17 19:58:46 | 006,859,392 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009/06/19 20:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2009/05/19 01:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009/04/20 21:09:30 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2007/11/30 21:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/06 19:44:16 | 001,833,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/09/30 09:59:02 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\47a4b624c147aae197214d4ee5f0661b\Microsoft.VisualBasic.ni.dll
MOD - [2011/09/29 13:30:36 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e3e3b399b69c569ab1ed3b0ace2c8c20\System.Runtime.Remoting.ni.dll
MOD - [2011/09/29 13:30:00 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll
MOD - [2011/09/29 13:29:52 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll
MOD - [2011/09/29 13:29:29 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll
MOD - [2011/09/29 13:29:25 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll
MOD - [2011/09/29 13:29:24 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll
MOD - [2011/09/29 13:29:16 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll
MOD - [2011/09/27 14:01:12 | 000,076,800 | ---- | M] () -- C:\Users\orl\AppData\Roaming\Mozilla\Firefox\Profiles\lr23rmxs.default\extensions\{59994074-c06d-4a75-9768-49e5a8c21264}\components\RadioWMPCoreGecko7.dll
MOD - [2011/09/13 09:02:03 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2010/11/13 01:52:13 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/06/03 13:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/11/24 23:45:36 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
MOD - [2009/11/12 20:10:06 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2009/11/03 00:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/03 00:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009/09/23 21:07:14 | 000,204,800 | ---- | M] () -- C:\Program Files (x86)\ASUS\VirtualCamera\virtualCamera.ax
MOD - [2009/08/04 12:01:43 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
MOD - [2007/11/30 21:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/06/27 21:27:40 | 000,551,896 | ---- | M] (Protection Technology) [Auto | Stopped] -- C:\Windows\SysNative\appdrvrem01.exe -- (appdrvrem01)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/23 13:21:40 | 000,859,640 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV:64bit: - [2009/10/02 05:38:17 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/09/29 18:32:31 | 000,570,632 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV:64bit: - [2009/09/29 18:32:29 | 000,917,768 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
SRV:64bit: - [2009/09/17 21:36:34 | 000,359,552 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2007/08/08 10:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2011/09/18 12:12:27 | 001,378,040 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/16 03:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/09/06 22:38:18 | 000,601,944 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/09/06 22:38:16 | 000,301,912 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/09/06 22:36:41 | 000,058,200 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/09/06 22:36:41 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/09/06 22:36:30 | 000,065,368 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/09/06 22:36:14 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/06/27 21:27:40 | 003,852,976 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\appdrv01.sys -- (appdrv01) Application Driver (01)
DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/11/22 10:50:19 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/06/14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010/04/27 04:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/04/27 04:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2010/04/27 04:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2009/12/04 18:40:30 | 000,265,744 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmxpflt.sys -- (tmxpflt)
DRV:64bit: - [2009/12/04 18:39:44 | 000,042,000 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmpreflt.sys -- (tmpreflt)
DRV:64bit: - [2009/12/04 18:30:22 | 002,007,056 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vsapint.sys -- (vsapint)
DRV:64bit: - [2009/10/15 11:23:19 | 000,117,760 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009/10/05 03:33:59 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/10/02 06:11:13 | 006,182,400 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/09/29 18:33:17 | 000,107,536 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2009/08/21 08:48:17 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/08/12 05:38:01 | 001,799,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009/07/20 11:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/17 08:00:11 | 000,068,664 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/17 08:00:11 | 000,029,240 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 10:11:31 | 001,222,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/06/18 22:18:10 | 000,015,928 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lullaby.sys -- (lullaby)
DRV:64bit: - [2009/06/10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 13:53:42 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/05/23 00:52:29 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/13 03:07:19 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2009/05/05 16:00:27 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2008/05/24 03:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007/07/24 21:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV - [2010/11/22 10:50:21 | 000,017,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2010/06/14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.search-web.net
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {59994074-c06d-4a75-9768-49e5a8c21264}:3.2.3.3
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.3.3
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..keyword.URL: "http://www.search-web.net/results.php?cx=partner-pub-48..."

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/25 10:03:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/09/17 18:47:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/06 19:44:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/30 09:29:41 | 000,000,000 | ---D | M]

[2010/07/11 20:34:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\orl\AppData\Roaming\mozilla\Extensions
[2010/07/11 20:34:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\orl\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2011/09/28 08:43:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\orl\AppData\Roaming\mozilla\Firefox\Profiles\lr23rmxs.default\extensions
[2011/09/28 08:43:57 | 000,000,000 | ---D | M] (Messenger Plus Live France Community Toolbar) -- C:\Users\orl\AppData\Roaming\mozilla\Firefox\Profiles\lr23rmxs.default\extensions\{59994074-c06d-4a75-9768-49e5a8c21264}
[2011/09/28 08:26:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/11/24 22:13:57 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/06/11 19:24:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/12/17 15:41:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/09/28 08:26:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/09/17 18:47:30 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/10/06 19:44:17 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/06 19:44:13 | 000,001,516 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-france.xml
[2011/10/06 19:44:13 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/10/06 19:44:13 | 000,001,822 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2011/10/06 19:44:13 | 000,001,154 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-france.xml
[2011/10/06 19:44:13 | 000,001,426 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-fr.xml
[2011/10/06 19:44:13 | 000,000,956 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-france.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google

riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.163\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.163\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.163\gears.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: SocialPlus! = C:\Users\orl\AppData\Local\Google\Chrome\User Data\Default\Extensions\eidogommnbbcgnhfjkcgjnlonijjhmjl\2.5.6_0\
CHR - Extension: avast! WebRep = C:\Users\orl\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\orl\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\

O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [EeeStorageBackup] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [Protection] C:\Users\orl\Protection1231.exe (Copyright)
O4 - Startup: C:\Users\orl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Protection.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Recherche avec search-web - C:\Users\orl\AppData\Local\Temp\scriptjava.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Recherche avec search-web - C:\Users\orl\AppData\Local\Temp\scriptjava.html File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - Reg Error: Key error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: chat-land.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: chat-land.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: chat-land.org ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: search-web.net ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-wind... (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-wind... (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-wind... (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C3AA09E-121D-4F85-B15D-36DB9BF763B2}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D20BF40C-633D-4DBA-8AB2-678C01387B50}: DhcpNameServer = 10.10.0.1 156.154.70.1 156.154.71.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/06/03 15:01:07 | 000,000,059 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{0e497bcc-2caf-11df-a332-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0e497bcc-2caf-11df-a332-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Launcher.exe -- [2011/06/03 15:01:08 | 000,305,056 | R--- | M] (Cyanide)
O33 - MountPoints2\{2058a5a3-2720-11e0-9622-bb9750477bdd}\Shell - "" = AutoRun
O33 - MountPoints2\{2058a5a3-2720-11e0-9622-bb9750477bdd}\Shell\AutoRun\command - "" = "K:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/07 12:40:00 | 000,696,320 | ---- | C] (Copyright) -- C:\Users\orl\Protection1231.exe
[2011/10/07 12:39:31 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{6D56D13B-A8CA-4D5E-A505-ECF2E424765C}
[2011/10/07 12:39:02 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{DE353BE6-BBC2-4E29-A1F3-FBBC7F6B2F44}
[2011/10/07 08:59:37 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{1DC7CF71-C5A6-41A4-9BF1-A7ABA85DB7FF}
[2011/10/07 08:59:22 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{5C6FE000-0707-412E-BC28-735B025C5C65}
[2011/10/06 19:42:20 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{FE7E2BB8-1F32-48A2-A0C9-ABF7E9F0DC56}
[2011/10/06 19:42:06 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{D52DC6C7-0617-4947-936A-EA970367E84A}
[2011/10/06 12:31:31 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{BFC8F07A-FC65-4845-8564-D9F38E1A16B6}
[2011/10/06 12:31:02 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{B336BDD9-BC16-4243-974E-D800143A5FAC}
[2011/10/06 09:26:16 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{2E2DCE59-849B-43D1-8EF3-CB1C33ED27D4}
[2011/10/06 09:26:04 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{C5770695-38A7-4179-B6E2-AAFC7A02FA11}
[2011/10/06 08:14:52 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{9C9C9BBF-7415-46BE-89B7-D6CF0E3C27CC}
[2011/10/06 08:14:33 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{3ECFBB7D-2B40-4D06-B962-481A304369B8}
[2011/10/05 17:48:20 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{B9E9A155-948C-4DB6-92DA-F7887196AAD7}
[2011/10/05 17:48:08 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{E15DCD95-4408-4EE8-814E-6F54003052B6}
[2011/10/05 13:11:59 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{D1C1164F-41E8-4F80-915D-F1DFDE8B4028}
[2011/10/05 13:11:48 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{352927DA-FC68-4C43-926C-31473F8FAD12}
[2011/10/05 08:12:58 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{346FD029-8BB5-4B98-9D15-D508109279AA}
[2011/10/05 08:12:23 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{18024BF0-CCEA-4E0F-B635-B429BA7124B3}
[2011/10/04 17:05:27 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{32A863EC-728D-4068-A606-115470F9C775}
[2011/10/04 17:05:02 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{AED3F7AA-B5B4-4ABD-883F-A7DD4441545F}
[2011/10/04 16:43:49 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{34B5705F-FC57-4865-86C2-E1056A82D9BA}
[2011/10/04 16:43:33 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{5B4CF0C2-B3D9-4AF3-A08C-8BC9E2B582CD}
[2011/10/04 16:18:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/10/04 16:17:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2011/10/04 14:39:41 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{C7EAEA41-507F-4232-B6F1-9E04E41FD999}
[2011/10/04 14:38:27 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{20F02AAA-91BE-47FA-A071-F7F82E21538D}
[2011/10/03 20:21:22 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{236B8A67-E87C-4EFD-BC12-788C0A1EAA63}
[2011/10/03 10:09:48 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{FE9CDD07-C0A4-4780-9618-FFE8518FA5E3}
[2011/10/02 21:28:30 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{D6EB74FE-C6B5-46F2-B9B1-22CFC0A01DCF}
[2011/10/02 11:08:05 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{B8F228B9-31A7-4F16-8542-EDBC9171B1D9}
[2011/10/01 09:14:00 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{96D6297E-16ED-4CA3-B8AB-C1A51105C42B}
[2011/09/30 12:46:20 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{80B1B458-7340-40C8-BB6B-989012B08219}
[2011/09/30 12:45:57 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{A34EC8FA-5605-4BB5-8DF0-15BC8DB84E1E}
[2011/09/30 10:32:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011/09/30 09:29:57 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\Microsoft Help
[2011/09/30 09:25:37 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{DB2AA017-BD31-406E-9341-DB6646EE1917}
[2011/09/30 09:07:37 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\Seven Zip
[2011/09/30 08:45:48 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{4D4BA50F-404E-47D2-8423-FD1FE834FF60}
[2011/09/30 08:45:18 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{70690A3E-21FD-4332-B50F-B0D82862F171}
[2011/09/29 21:39:29 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{73F93C84-E25A-439A-A777-917255D43507}
[2011/09/29 13:24:27 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{D2938136-D991-427E-9E74-9D457FBDB0AD}
[2011/09/29 13:24:00 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{4A30C043-1E42-4514-82DC-7210705E4E48}
[2011/09/29 08:04:40 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{69DD3F19-5DA5-4167-AAC9-0FCD8D8ACBAA}
[2011/09/29 08:04:20 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{BE12E02C-5B22-4687-85A7-02895CB7D08F}
[2011/09/28 13:29:02 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{645A90D2-2C4E-4C32-8746-5B4862DD0ACB}
[2011/09/28 13:28:34 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{EC94454D-851D-4F56-9F9F-1400B90FF19D}
[2011/09/28 08:29:00 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Roaming\GlarySoft
[2011/09/28 08:26:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/09/28 08:25:59 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/09/28 08:25:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/09/28 08:25:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/09/28 08:25:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011/09/28 08:23:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities
[2011/09/28 08:23:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2011/09/28 08:23:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities
[2011/09/27 22:44:15 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{D71285BF-37E1-4E3E-B7B4-BEAE4C3652D3}
[2011/09/27 22:43:59 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{FF07F0AC-4FB3-4CB2-934C-C02E15FC79AF}
[2011/09/27 08:27:37 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{1DC65CEA-5391-4A9E-BB3E-31733DDD44B2}
[2011/09/27 08:27:18 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{7AD23C0E-F459-4BFD-B026-E6450B32FACD}
[2011/09/26 21:48:22 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{4AEF3ACC-3CCE-448B-BD26-009FD96248FD}
[2011/09/23 21:47:08 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{3690D743-6624-40BD-890A-C141E156E4B0}
[2011/09/23 13:17:18 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{9E03C68D-6355-46EB-9BA8-3C3C21AEE9E7}
[2011/09/22 21:54:03 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{B29FBAD1-DEBC-448E-9D4C-ECA5F27F637F}
[2011/09/22 12:37:51 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{C5DFA11E-216D-4519-BC58-DC1286F3C01A}
[2011/09/21 22:04:02 | 000,000,000 | ---D | C] -- C:\Users\orl\Desktop\Classeur HSCT 18-02-11
[2011/09/21 21:28:18 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{A7FE1409-E587-49B1-A8D9-C6C6D754716D}
[2011/09/21 12:45:07 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{C0A8ECA0-D819-48E4-944E-B2E022E21946}
[2011/09/20 21:46:21 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{0797847F-33AA-4E41-9653-B97D080325E5}
[2011/09/20 10:53:35 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{A634E4B0-7D08-404E-9AED-08A0043E921F}
[2011/09/19 22:05:57 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{05B1522A-0942-434D-97D2-9C593A9B09B0}
[2011/09/19 06:51:45 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{665F8A54-1F6D-4580-964B-7864BC97249F}
[2011/09/19 06:51:23 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{E63BAF0B-D89F-4210-8B43-7BF1487EDAD8}
[2011/09/18 19:45:11 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{2E5377AD-9BE1-4737-AF8A-BCE909A7118B}
[2011/09/18 19:44:58 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{590C2DF9-917B-4405-83CC-A7D95F672EF5}
[2011/09/18 18:48:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Remover
[2011/09/18 13:30:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/09/18 13:30:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2011/09/18 12:18:22 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{EF3E1B44-E21A-4066-80E2-AB397AD046D0}
[2011/09/18 12:18:07 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{77F555DD-384E-428A-A17F-20C50A2E4FD2}
[2011/09/18 12:13:02 | 000,069,152 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2011/09/18 12:12:57 | 000,049,752 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/09/18 12:03:49 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\Sunbelt Software
[2011/09/18 11:03:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\{589802B2-1BF3-4609-9ADE-CF6E6608D06D}
[2011/09/18 11:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/09/18 11:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/09/18 11:03:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2011/09/18 10:14:10 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{07817E65-2C07-440E-B333-13756859B6E2}
[2011/09/18 10:13:58 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{9B1BBE27-12C6-4E57-865F-BE05283BA5A7}
[2011/09/18 07:04:02 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Roaming\Malwarebytes
[2011/09/18 07:03:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/18 07:03:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/09/18 07:03:36 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/09/18 07:03:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/09/18 00:27:50 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{36B2BC29-ABFB-423F-AAFD-BAB3A9ED30EB}
[2011/09/18 00:27:36 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{06D03621-4AFE-415D-A6BD-A98A0E87E757}
[2011/09/17 18:49:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/09/17 18:49:14 | 000,301,912 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/09/17 18:49:14 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/09/17 18:49:11 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/09/17 18:49:09 | 000,058,200 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/09/17 18:49:06 | 000,601,944 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/09/17 18:49:01 | 000,254,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/09/17 18:49:01 | 000,065,368 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/09/17 18:47:22 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/09/17 18:47:21 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/09/17 18:47:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/09/17 18:47:14 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/09/17 18:36:36 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{B849FB76-E985-44FA-87CF-52C614889CED}
[2011/09/17 18:36:23 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{2C5D4203-6B9C-4B4A-8EB4-0957CCD5462F}
[2011/09/17 18:14:55 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{0352A802-CB1F-45EB-AACD-C4677A3F3F60}
[2011/09/17 18:14:42 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{E2CC729F-BFEB-4ABD-8A72-EC000AFBC183}
[2011/09/17 12:12:48 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{1044261D-8E80-4BD7-B258-392F88D1CD62}
[2011/09/17 12:12:35 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{0A22A97E-9867-4F02-8431-9B687A57A884}
[2011/09/17 09:28:11 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{D343807B-9B22-4FF9-B59A-85A5F4AE03C9}
[2011/09/17 09:27:59 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{E1E3F763-A4DF-44F4-ADCA-4D3FE035AD49}
[2011/09/17 08:24:39 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{31A81C88-3A3C-43D9-B55B-9527DCD9C485}
[2011/09/17 08:24:26 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{758F64E6-D79D-401E-8F0E-CFF43D86C35E}
[2011/09/16 11:43:10 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{88CBCBD8-8C49-4F72-9A2F-F42EA34D2DDC}
[2011/09/15 17:53:08 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{9AFFF728-99C2-4AC3-ADD8-93004E382677}
[2011/09/15 17:52:52 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{8C388547-C001-4D37-9578-53D46AAE2F08}
[2011/09/15 11:55:21 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{A79A2762-A21B-4DAF-B91F-F8C349C331EA}
[2011/09/15 11:54:59 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{A02E53D7-11B2-4510-8126-5081DA087F97}
[2011/09/14 19:18:17 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{9478BF1E-77C0-4BE2-BD1C-7076BBBC2E49}
[2011/09/14 19:17:38 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{338E740C-A636-4F9E-9872-0F737275FE5D}
[2011/09/14 18:34:29 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{1C0BAB38-01C5-43C9-BEDF-5880A8170208}
[2011/09/14 18:34:11 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{42AD2C6A-F4F7-43F9-A3F7-939C641BF082}
[2011/09/13 19:34:32 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{763C6A22-E825-4C1E-9590-0B96E7936FE8}
[2011/09/13 19:34:17 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{F8E86966-8528-4834-9F5C-4F7911CC19C4}
[2011/09/13 09:02:11 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{7B08501A-7E23-48EA-8214-7E180CD0F70E}
[2011/09/13 09:01:56 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{60E2A92A-282F-4060-8D40-3F4E6625F4DE}
[2011/09/12 10:28:02 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/09/12 08:03:04 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{06F08839-2A4A-497A-A62F-13E9AAF63114}
[2011/09/11 09:28:07 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{847F5037-AE7C-4CAF-AE62-925B8D459E6C}
[2011/09/10 21:53:33 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{2044F9AE-E48B-4547-8051-6FCF7905CDDF}
[2011/09/10 13:20:47 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{8901C7EB-12FE-4F7F-B1C6-78B2C13817A9}
[2011/09/09 22:10:15 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{720890FB-77FC-4560-A67F-B5B85A09886F}
[2011/09/09 13:01:21 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{953D4B77-EB32-475B-BF6A-CD4B7A7287B3}
[2011/09/08 21:41:25 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{2A8FF9E0-DEB1-4307-8C28-01FC37A218B1}
[2011/09/08 12:28:52 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{4A0C7F22-5A27-472F-8089-EE60FB10CF6E}
[2011/09/08 08:42:59 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{CAC377C0-73D0-492F-941E-FB79BB23FFC9}
[2011/09/07 22:00:48 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{F51CB9AD-276F-44B4-9ECC-1D20499D157C}
[2008/08/12 07:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll
[1 C:\Users\orl\*.tmp files -> C:\Users\orl\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/07 13:00:43 | 000,000,011 | ---- | M] () -- C:\Users\orl\logie
[2011/10/07 12:46:29 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/07 12:46:28 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/07 12:41:10 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/10/07 12:40:05 | 000,696,320 | ---- | M] (Copyright) -- C:\Users\orl\Protection1231.exe
[2011/10/07 12:38:09 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/07 12:37:53 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2011/10/07 12:37:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/07 12:36:54 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/07 10:24:00 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/05 14:25:56 | 000,000,008 | ---- | M] () -- C:\Users\orl\logff
[2011/10/01 10:22:17 | 000,027,249 | ---- | M] () -- C:\Users\orl\Documents\MES RESULTATS 2011.ods
[2011/09/30 12:43:13 | 000,472,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/09/29 08:09:11 | 001,557,414 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/29 08:09:11 | 000,707,236 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2011/09/29 08:09:11 | 000,618,912 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/29 08:09:11 | 000,131,632 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2011/09/29 08:09:11 | 000,107,232 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/28 08:40:05 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll
[2011/09/28 08:40:05 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll
[2011/09/28 08:23:51 | 000,001,068 | ---- | M] () -- C:\Users\orl\Desktop\Glary Utilities.lnk
[2011/09/18 19:31:40 | 000,001,893 | ---- | M] () -- C:\Users\orl\Desktop\AD-R.lnk
[2011/09/18 13:30:52 | 000,002,095 | ---- | M] () -- C:\Users\orl\Desktop\HijackThis.lnk
[2011/09/18 12:16:19 | 000,001,411 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2011/09/18 12:12:54 | 000,049,752 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/09/18 11:03:26 | 000,001,180 | ---- | M] () -- C:\Users\orl\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011/09/18 11:03:26 | 000,001,156 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/09/18 10:24:31 | 000,001,140 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/09/18 10:16:39 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/09/18 10:12:18 | 000,002,152 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2011/09/17 18:49:16 | 000,001,843 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/09/17 18:49:01 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/09/17 12:11:24 | 000,000,114 | ---- | M] () -- C:\Users\orl\Application Data\Microsoft\Internet Explorer\Quick Launch\Chat-Land site de chat et de rencontre gratuit.URL
[2011/09/17 09:21:02 | 000,000,715 | ---- | M] () -- C:\Users\orl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Protection.lnk
[2011/09/17 09:21:00 | 000,000,000 | ---- | M] () -- C:\Users\orl\tmp1.20
[2011/09/13 09:02:03 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[1 C:\Users\orl\*.tmp files -> C:\Users\orl\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/05 17:48:31 | 000,000,396 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/10/01 10:22:15 | 000,027,249 | ---- | C] () -- C:\Users\orl\Documents\MES RESULTATS 2011.ods
[2011/09/28 08:24:08 | 000,000,320 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
[2011/09/28 08:23:51 | 000,001,068 | ---- | C] () -- C:\Users\orl\Desktop\Glary Utilities.lnk
[2011/09/18 18:48:57 | 000,001,893 | ---- | C] () -- C:\Users\orl\Desktop\AD-R.lnk
[2011/09/18 13:30:52 | 000,002,095 | ---- | C] () -- C:\Users\orl\Desktop\HijackThis.lnk
[2011/09/18 11:03:26 | 000,001,180 | ---- | C] () -- C:\Users\orl\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011/09/18 11:03:26 | 000,001,156 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/09/18 10:24:31 | 000,001,140 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/09/18 10:24:30 | 000,001,152 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/09/18 10:15:37 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/09/18 10:15:36 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/09/17 18:49:16 | 000,001,843 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/09/17 18:49:01 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/09/17 12:12:15 | 000,000,011 | ---- | C] () -- C:\Users\orl\logie
[2011/09/17 12:12:15 | 000,000,008 | ---- | C] () -- C:\Users\orl\logff
[2011/09/17 12:11:24 | 000,000,114 | ---- | C] () -- C:\Users\orl\Application Data\Microsoft\Internet Explorer\Quick Launch\Chat-Land site de chat et de rencontre gratuit.URL
[2011/09/17 09:21:02 | 000,000,715 | ---- | C] () -- C:\Users\orl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Protection.lnk
[2011/09/17 09:21:00 | 000,000,000 | ---- | C] () -- C:\Users\orl\tmp1.20
[2010/11/24 22:14:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/18 22:28:25 | 001,552,872 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/12 14:13:25 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2010/03/11 03:48:24 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll
[2010/03/11 03:29:03 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010/03/11 02:52:13 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/10/26 05:38:20 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config
[2009/08/19 10:33:09 | 000,018,432 | ---- | C] () -- C:\Windows\OOBEPlayer.exe
[2009/08/19 10:33:09 | 000,000,035 | ---- | C] () -- C:\Windows\OOBEPlayer.ini
[2009/07/29 07:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/08 20:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll
[2008/05/22 18:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2006/05/19 05:39:57 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:734E442A

< End of report >

| Alerter

Répondre à orl80

orl80

7 Octobre 2011 11:38:48

OTL Extras logfile created on: 07/10/2011 12:51:38 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\orl\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 1,70 Gb Available Physical Memory | 42,62% Memory free
8,00 Gb Paging File | 5,44 Gb Available in Paging File | 68,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,44 Gb Total Space | 60,79 Gb Free Space | 52,21% Space Free | Partition Type: NTFS
Drive D: | 334,67 Gb Total Space | 171,40 Gb Free Space | 51,21% Space Free | Partition Type: NTFS
Drive E: | 4,07 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: ORL-NOTEBOOK | User Name: orl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{28D73032-5DAA-4F83-B154-85105DBCCB92}" = iTunes
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90120000-0028-0404-1000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2007
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0404-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Chinese (Traditional)) 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0408-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Greek) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-002A-040C-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (French) 2007
"{90120000-002A-040D-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Hebrew) 2007
"{90120000-002A-0410-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Italian) 2007
"{90120000-002A-0413-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Dutch) 2007
"{90120000-002A-0816-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Portuguese (Portugal)) 2007
"{90120000-002A-0C0A-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Spanish) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D2B0322-44AE-460E-9283-4D2D7A9205AE}" = Trend Micro Internet Security
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B4F9E407-95F4-EAA4-B253-C1FE391E0A6C}" = ATI Catalyst Install Manager
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FE4BE0BD-1EDB-4D24-9614-847B3C472887}" = Windows Live Family Safety
"{FF8BC37A-2DFB-95B6-4F09-05C7304891F3}" = ccc-utility64
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"ASUS USB2.0 UVC VGA WebCam" = ASUS USB2.0 UVC VGA WebCam
"ASUS WebStorage" = ASUS WebStorage
"Elantech" = ETDWare PS/2-x64 7.0.5.9_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0058143E-0C1F-530B-C75D-4B4D272BA857}" = CCC Help Portuguese
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C5D9A6B-FF26-9DD9-8CFE-6348C6216F90}" = Catalyst Control Center Graphics Full Existing
"{0E00E89C-D6C1-4736-CBE0-F97566641F2D}" = CCC Help Swedish
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B75F827-8404-871C-908D-FE2841809879}" = ccc-core-static
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2582CC36-8FF2-37A4-E4DF-20D98AFC2FD2}" = CCC Help Polish
"{266517E6-D866-439D-919C-B8B1A52E6080}" = OpenOffice.org 3.2
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29906EE7-6EDB-8336-4455-A65A5343EA49}" = CCC Help English
"{2F300A26-2149-4BE3-4E46-0244DE26243A}" = CCC Help Greek
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{37DBA48D-B4D0-FEFD-AC97-A3B02A41D7BD}" = CCC Help Finnish
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{455CD05F-2041-F120-992C-8B390FD902B9}" = Catalyst Control Center InstallProxy
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C6F31F8-81E0-CFCE-DCF8-63D0179BE7E8}" = CCC Help Italian
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4F5B18A3-E921-4FFE-BEF4-ACBB98964FC2}" = AMD USB Filter Driver
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{51B618BD-9DD2-BEDA-9CF3-EE7A7D574234}" = CCC Help French
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{5C6BF318-B9A6-E5FC-6FED-BB010CA4879C}" = CCC Help Chinese Standard
"{5CF94DB3-AD09-8E75-6780-9CA707E16579}" = CCC Help Hungarian
"{5DB2F906-140A-E5A1-6CF8-7F8D4D84EE0A}" = CCC Help Korean
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7664A6B5-A117-67E2-E49A-AE7E4C64FDCE}" = Catalyst Control Center Graphics Full New
"{76810709-A7D3-468D-9167-A1780C1E766C}" = Windows Live FolderShare
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{81601299-AD02-403C-9A47-93C509FE2EC2}" = Catalyst Control Center - Branding
"{81B9F470-8E68-C4EC-9E3C-DE176811887E}" = CCC Help Japanese
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8C73B81B-2BBA-744F-2BDA-E2ACFA9E94AA}" = CCC Help Turkish
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EEE95B9-D3AD-C483-7F3E-BA643FF5A3FE}" = CCC Help Thai
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0028-0404-1000-0000000FF1CE}_PROHYBRIDR_{1252D255-DB26-4F85-9F0F-D59B9DFE339E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0404-1000-0000000FF1CE}_PROHYBRIDR_{3F96DD0A-F509-4CBD-8130-B3B3194A9C3D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0408-1000-0000000FF1CE}_PROHYBRIDR_{E3B92295-785F-4FF7-8BE1-67E86F5F8140}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-040C-1000-0000000FF1CE}_PROHYBRIDR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-040D-1000-0000000FF1CE}_PROHYBRIDR_{C4FDF834-B4AF-4B5E-8901-5146204B58CC}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0410-1000-0000000FF1CE}_PROHYBRIDR_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0413-1000-0000000FF1CE}_PROHYBRIDR_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0816-1000-0000000FF1CE}_PROHYBRIDR_{A8523DA4-5563-4F0E-BD9D-4E4CC3CF7239}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0C0A-1000-0000000FF1CE}_PROHYBRIDR_{6113C11D-BACA-4D8E-8002-03C8D06FD5E6}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROHYBRIDR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1036-7B44-A94000000001}" = Adobe Reader 9.4.6 - Français
"{ADC7E65C-63C5-34EA-E1A9-A6F85D094CC9}" = Catalyst Control Center Graphics Previews Vista
"{AE5553AA-1429-5618-2B44-82C7B3DA6ACC}" = CCC Help Danish
"{B1EE1CC5-6CED-4801-BFFF-8454F21A245A}" = Garmin Communicator Plugin
"{B20B3F6C-F56A-EFED-F806-BCBAECF4D3A9}" = CCC Help German
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B7D7704F-7B56-54D4-1E4F-165EC7ABC5A2}" = CCC Help Norwegian
"{C306FB81-7859-C9BB-7C63-5DCC53AD0706}" = CCC Help Russian
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C67AFDF7-9A23-2D8D-6CE1-4F13796118C9}" = CCC Help Czech
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2364C90-B2EB-0B43-2462-07F6D4EA3BE0}" = CCC Help Chinese Traditional
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EB4BB51C-88D4-5022-5CE9-47DF2A626F75}" = Catalyst Control Center Core Implementation
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}" = ASUS FancyStart
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"{F9FDA329-6CDA-BDBB-5B81-F5AF757BE969}" = Catalyst Control Center Localization All
"{FA9DA7C9-6CF8-25EB-87DE-E0411067E14C}" = CCC Help Dutch
"{FB74EE62-8513-682F-A55D-31B7A2205D2F}" = Catalyst Control Center Graphics Light
"{FCFEB590-8CCD-8171-69F4-EA19AEDD8A3A}" = CCC Help Spanish
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ad-Remover" = Ad-Remover par C_XX
"ASUS AP Bank_is1" = ASUS AP Bank
"ASUS_Screensaver" = ASUS_Screensaver
"avast" = avast! Free Antivirus
"BitZipper_is1" = BitZipper 2010
"Free Tarot" = Free Tarot
"GameCenter_is1" = GameCenter 1.3.0.5
"Glary Utilities_is1" = Glary Utilities 2.37.0.1260
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"HomePlayer" = HomePlayer 1.5.9d
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Mozilla Firefox 7.0.1 (x86 fr)" = Mozilla Firefox 7.0.1 (x86 fr)
"Pro Cycling Manager 2010_is1" = Pro Cycling Manager - Saison 2010 - 1.0.0.0
"Pro Cycling Manager 2011_is1" = Pro Cycling Manager - Saison 2011 version 1.0.1.1
"PROHYBRIDR" = 2007 Microsoft Office system
"RealPlayer 12.0" = RealPlayer
"Spotify" = Spotify
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite" = Windows Live
"WinRAR archiver" = WinRAR 4.01 (32 bits)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 15/08/2011 14:23:17 | Computer Name = orl-notebook | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 16/08/2011 04:59:12 | Computer Name = orl-notebook | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Échec de l’extraction de la liste racine tierce depuis le fichier
CAB de mise à jour automatique à : <http://www.download.windowsupdate.com/msdownload/update...;
avec l’erreur : Un certificat requis n’est pas dans sa période de validité selon
la vérification par rapport à l’horloge système en cours ou le tampon daté dans
le fichier signé. .

Error - 16/08/2011 06:07:49 | Computer Name = orl-notebook | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 16/08/2011 07:26:25 | Computer Name = orl-notebook | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 17/08/2011 02:44:49 | Computer Name = orl-notebook | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 17/08/2011 05:02:24 | Computer Name = orl-notebook | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Échec de l’extraction de la liste racine tierce depuis le fichier
CAB de mise à jour automatique à : <http://www.download.windowsupdate.com/msdownload/update...;
avec l’erreur : Un certificat requis n’est pas dans sa période de validité selon
la vérification par rapport à l’horloge système en cours ou le tampon daté dans
le fichier signé. .

Error - 17/08/2011 05:57:31 | Computer Name = orl-notebook | Source = Application Error | ID = 1000
Description = Nom de l’application défaillante PCM.exe, version : 1.0.1.1, horodatage
: 0x4e018e48 Nom du module défaillant : PCM.exe, version : 1.0.1.1, horodatage :
0x4e018e48 Code d’exception : 0xc0000005 Décalage d’erreur : 0x0047bc63 ID du processus
défaillant : 0xc74 Heure de début de l’application défaillante : 0x01cc5cbe81b5aec5
Chemin
d’accès de l’application défaillante : D:\Cyanide\Pro Cycling Manager - Saison
2011\PCM.exe Chemin d’accès du module défaillant: D:\Cyanide\Pro Cycling Manager
- Saison 2011\PCM.exe ID de rapport : 522a21d4-c8b7-11e0-931f-e4e5603053ce

Error - 17/08/2011 12:41:20 | Computer Name = orl-notebook | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Échec de l’extraction de la liste racine tierce depuis le fichier
CAB de mise à jour automatique à : <http://www.download.windowsupdate.com/msdownload/update...;
avec l’erreur : Un certificat requis n’est pas dans sa période de validité selon
la vérification par rapport à l’horloge système en cours ou le tampon daté dans
le fichier signé. .

Error - 18/08/2011 02:43:31 | Computer Name = orl-notebook | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Échec de l’extraction de la liste racine tierce depuis le fichier
CAB de mise à jour automatique à : <http://www.download.windowsupdate.com/msdownload/update...;
avec l’erreur : Un certificat requis n’est pas dans sa période de validité selon
la vérification par rapport à l’horloge système en cours ou le tampon daté dans
le fichier signé. .

Error - 18/08/2011 05:20:09 | Computer Name = orl-notebook | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Échec de l’extraction de la liste racine tierce depuis le fichier
CAB de mise à jour automatique à : <http://www.download.windowsupdate.com/msdownload/update...;
avec l’erreur : Un certificat requis n’est pas dans sa période de validité selon
la vérification par rapport à l’horloge système en cours ou le tampon daté dans
le fichier signé. .

[ OSession Events ]
Error - 15/11/2010 17:07:42 | Computer Name = orl-notebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 240 seconds with 180 seconds of active time. This session ended with a crash.

Error - 04/04/2011 03:21:22 | Computer Name = orl-notebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 35101
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 28/09/2011 07:24:20 | Computer Name = orl-notebook | Source = WMPNetworkSvc | ID = 866321
Description =

Error - 28/09/2011 07:24:20 | Computer Name = orl-notebook | Source = WMPNetworkSvc | ID = 866317
Description =

Error - 28/09/2011 07:24:20 | Computer Name = orl-notebook | Source = WMPNetworkSvc | ID = 866321
Description =

Error - 28/09/2011 07:24:20 | Computer Name = orl-notebook | Source = WMPNetworkSvc | ID = 866317
Description =

Error - 29/09/2011 01:59:20 | Computer Name = orl-notebook | Source = Microsoft-Windows-LanguagePackSetup | ID = 1000
Description = L’initialisation du client CBS a échoué. Dernière erreur : 0x8007045b

Error - 30/09/2011 02:42:55 | Computer Name = orl-notebook | Source = Service Control Manager | ID = 7011
Description = Le dépassement de délai (30000 millisecondes) a été atteint lors de
l’attente de la réponse transactionnelle du service EapHost.

Error - 04/10/2011 08:37:41 | Computer Name = orl-notebook | Source = Service Control Manager | ID = 7009
Description = Le dépassement de délai (30000 millisecondes) a été atteint lors de
l’attente de la connexion du service Apple Mobile Device.

Error - 04/10/2011 08:37:41 | Computer Name = orl-notebook | Source = Service Control Manager | ID = 7000
Description = Le service Apple Mobile Device n’a pas pu démarrer en raison de l’erreur :
%%1053

Error - 07/10/2011 06:38:03 | Computer Name = orl-notebook | Source = Service Control Manager | ID = 7009
Description = Le dépassement de délai (30000 millisecondes) a été atteint lors de
l’attente de la connexion du service Apple Mobile Device.

Error - 07/10/2011 06:38:03 | Computer Name = orl-notebook | Source = Service Control Manager | ID = 7000
Description = Le service Apple Mobile Device n’a pas pu démarrer en raison de l’erreur :
%%1053

< End of report >

| Alerter

Répondre à orl80

Sham_Rock

7 Octobre 2011 20:13:25

Bonsoir
tu vas refaire un sript OTL, mais cette fois -ci tu poste le rapport:
tu récupères le scripot ici et tu le copies/.colles dans la boîte de dialogue OTL, tu fais runfix et tu postes le rapport..

Double-clique sur OTL pour le lancer.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)

Sous l'onglet Personnalisation(dans le cadre blanc) en bas de la fenêtre, copie-colle le texte que tu vas récupérer à partir de ce lien:
http://www.sendspace.com/file/lmi3mk

Puis clique sur le bouton correction en haut de la fenêtre.

Laisse le programme travailler, redémarre une fois le fix terminé.

Poste le rapport qui s'affichera après redémarrage.
...

| Alerter

Répondre à Sham_Rock

Lassé par la pub ? Créez un compte

Créer un nouveau sujet

Contenus similaires :

Tags :

Tom's guide dans le monde