Votre question

Infection du PC par www.search-web.net

Tags :
  • X86
  • Sécurité
Dernière réponse : dans Sécurité et virus
18 Septembre 2011 13:25:00

Bonjour à tous,
Comme plusieurs utilisateurs ici, je suis victime du moteur de recherche search-web.net qui s'ouvre à toutes les sauces.
Mon OS: Vista
Mes navigateurs: Mozilla et Chrome
Merci de votre aide

Autres pages sur : infection www search web net

18 Septembre 2011 13:36:27

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:35:34, on 18/09/2011
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16839)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Users\orl\Protection.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.search-web.net/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.search-web.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.search-web.net/keyword/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.search-web.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.search-web.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-web.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.search-web.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Messenger Plus Live France Toolbar - {59994074-c06d-4a75-9768-49e5a8c21264} - C:\Program Files (x86)\Messenger_Plus_Live_France\tbMess.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Messenger Plus Live France Toolbar - {59994074-c06d-4a75-9768-49e5a8c21264} - C:\Program Files (x86)\Messenger_Plus_Live_France\tbMess.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Messenger Plus Live France Toolbar - {59994074-c06d-4a75-9768-49e5a8c21264} - C:\Program Files (x86)\Messenger_Plus_Live_France\tbMess.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [tempHome] C:\Users\orl\AppData\Local\Temp\racourci.vbe
O4 - HKCU\..\Run: [Protection] C:\Users\orl\Protection.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')
O4 - Startup: Protection.lnk = orl\Protection.exe
O4 - Global Startup: FancyStart daemon.lnk = ?
O4 - Global Startup: SRS Premium Sound.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Recherche avec search-web - C:\Users\orl\AppData\Local\Temp\scriptjava.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: *.chat-land.com
O15 - Trusted Zone: *.chat-land.net
O15 - Trusted Zone: *.chat-land.org
O15 - Trusted Zone: *.search-web.net
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Unknown owner - C:\Windows\System32\appdrvrem01.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Service Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Oberon Media Game Console service (OberonGameConsoleService) - Unknown owner - C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15228 bytes
18 Septembre 2011 17:50:10

up
Contenus similaires
18 Septembre 2011 18:36:21

Bonjour


  • Télécharge Ad-Remover (de Cyrildu17 / C_XX) sur ton Bureau.

    /!\ Déconnecte-toi, désactive ton anti-virus et ferme toutes applications en cours /!\

  • Double-clique sur AD-R situé sur ton Bureau pour le lancer.
    (Sous Vista/Seven, il faut cliquer droit sur AD-R et choisir Exécuter en tant qu'administrateur)
  • Choisis la langue F pour français.
  • Au menu principal, choisis l'option Scanner.

    /!\ Laisse travailler l'outil /!\

  • Poste le rapport qui apparaît à la fin (C:\Ad-Report-CLEAN.log).
    /!\ Pense à réactiver ton antivirus /!\
    18 Septembre 2011 19:10:13

    Merci pour ton aide, voici le rapport:

    ======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

    Mis à jour par TeamXscript le 12/04/11
    Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
    Site web: http://www.teamxscript.org

    C:\Program Files (x86)\Ad-Remover\main.exe (SCAN [2]) -> Lancé à 19:01:43 le 18/09/2011, Mode normal

    Microsoft Windows 7 Édition Familiale Premium (X64)
    orl@ORL-NOTEBOOK (ASUSTeK Computer INC. K50AF)

    ============== RECHERCHE ==============


    Dossier trouvé: C:\Users\orl\AppData\Roaming\Mozilla\FireFox\Profiles\lr23rmxs.default\conduit
    Dossier trouvé: C:\Users\orl\AppData\Roaming\Mozilla\FireFox\Profiles\lr23rmxs.default\ConduitEngine
    Dossier trouvé: C:\Users\orl\AppData\Roaming\Mozilla\FireFox\Profiles\lr23rmxs.default\extensions\engine@conduit.com
    Dossier trouvé: C:\Users\orl\AppData\LocalLow\Conduit
    Dossier trouvé: C:\Program Files (x86)\Conduit

    -- Fichier ouvert: C:\Users\orl\AppData\Roaming\Mozilla\FireFox\Profiles\lr23rmxs.default\Prefs.js --
    Ligne trouvée: user_pref("CT2567681.SearchEngine", "Recherche||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_...
    Ligne trouvée: user_pref("CT2567681.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT256...
    Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/FR", "\"0\"")...
    Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\...
    Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3...
    Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63...
    Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20...
    Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20...
    Ligne trouvée: user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
    Ligne trouvée: user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
    Ligne trouvée: user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
    Ligne trouvée: user_pref("CommunityToolbar.IsEngineShown", true);
    Ligne trouvée: user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
    Ligne trouvée: user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
    Ligne trouvée: user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
    Ligne trouvée: user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
    Ligne trouvée: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr...
    Ligne trouvée: user_pref("CommunityToolbar.ToolbarsList", "CT2567681,ConduitEngine");
    Ligne trouvée: user_pref("CommunityToolbar.ToolbarsList2", "CT2567681");
    Ligne trouvée: user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Fri May 06 2011 19:53:53 GMT+02...
    Ligne trouvée: user_pref("CommunityToolbar.alert.alertEnabled", false);
    Ligne trouvée: user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
    Ligne trouvée: user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Feb 28 2011 11:53:42 GMT+0100");
    Ligne trouvée: user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
    Ligne trouvée: user_pref("CommunityToolbar.alert.locale", "en");
    Ligne trouvée: user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
    Ligne trouvée: user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Jun 25 2011 19:37:21 GMT+0200");
    Ligne trouvée: user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
    Ligne trouvée: user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
    Ligne trouvée: user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
    Ligne trouvée: user_pref("CommunityToolbar.alert.showTrayIcon", false);
    Ligne trouvée: user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
    Ligne trouvée: user_pref("CommunityToolbar.alert.userId", "8c6bfea3-269d-4364-af10-85a4fd22320f");
    Ligne trouvée: user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Jul 09 2010 07:23:40 GMT+0200");
    Ligne trouvée: user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
    Ligne trouvée: user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
    Ligne trouvée: user_pref("ConduitEngine.AppTrackingLastCheckTime", "Thu Jun 23 2011 21:03:56 GMT+0200");
    Ligne trouvée: user_pref("ConduitEngine.CTID", "ConduitEngine");
    Ligne trouvée: user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Thu Jun 23 2011 21:03:45 GMT+0200");
    Ligne trouvée: user_pref("ConduitEngine.FirstServerDate", "02/28/2011 13");
    Ligne trouvée: user_pref("ConduitEngine.FirstTime", true);
    Ligne trouvée: user_pref("ConduitEngine.FirstTimeFF3", true);
    Ligne trouvée: user_pref("ConduitEngine.HasUserGlobalKeys", true);
    Ligne trouvée: user_pref("ConduitEngine.Initialize", true);
    Ligne trouvée: user_pref("ConduitEngine.InitializeCommonPrefs", true);
    Ligne trouvée: user_pref("ConduitEngine.InstalledDate", "Mon Feb 28 2011 11:53:34 GMT+0100");
    Ligne trouvée: user_pref("ConduitEngine.IsMulticommunity", false);
    Ligne trouvée: user_pref("ConduitEngine.IsOpenThankYouPage", false);
    Ligne trouvée: user_pref("ConduitEngine.IsOpenUninstallPage", true);
    Ligne trouvée: user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sun Jun 26 2011 09:11:33 GMT+0200");
    Ligne trouvée: user_pref("ConduitEngine.LastLogin_3.2.3.3", "Mon Feb 28 2011 11:53:34 GMT+0100");
    Ligne trouvée: user_pref("ConduitEngine.LastLogin_3.3.3.2", "Mon Jun 27 2011 14:01:28 GMT+0200");
    Ligne trouvée: user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
    Ligne trouvée: user_pref("ConduitEngine.SettingsLastCheckTime", "Mon Jun 27 2011 19:05:21 GMT+0200");
    Ligne trouvée: user_pref("ConduitEngine.UserID", "UN98857289481907017");
    Ligne trouvée: user_pref("ConduitEngine.componentAlertEnabled", false);
    Ligne trouvée: user_pref("ConduitEngine.engineLocale", "fr");
    Ligne trouvée: user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sun Jun 26 2011 09:11:33 GMT+0200");
    Ligne trouvée: user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sun Jun 26 2011 23:02:24 GMT+0200");
    Ligne trouvée: user_pref("ConduitEngine.initDone", true);
    Ligne trouvée: user_pref("ConduitEngine.isAppTrackingManagerOn", true);
    Ligne trouvée: user_pref("ConduitEngine.isDetectionEnabled", false);
    Ligne trouvée: user_pref("ConduitEngine.usageEnabled", false);
    Ligne trouvée: user_pref("ConduitEngine.usagesFlag", 2);
    -- Fichier Fermé --


    Clé trouvée: HKLM\Software\Classes\Toolbar.CT2567681
    Clé trouvée: HKLM\Software\Conduit
    Clé trouvée: HKLM\Software\OpenCandy NSIS SDK
    Clé trouvée: HKCU\Software\AppDataLow\Toolbar
    Clé trouvée: HKCU\Software\AppDataLow\Software\Conduit
    Clé trouvée: HKLM\Software\Messenger Plus!\OpenCandy
    Clé trouvée: HKLM\Software\Wow6432Node\Messenger Plus!\OpenCandy


    ============== SCAN ADDITIONNEL ==============

    **** Mozilla Firefox Version [6.0.2 (fr)] ****

    HKLM_MozillaPlugins\@garmin.com/GpsControl (x)
    HKLM_MozillaPlugins\Adobe Reader (x)
    Searchplugins\bing.xml ( hxxp://www.bing.com/search)
    Components\browsercomps.dll (Mozilla Foundation)
    Extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} (Skype extension )

    -- C:\Users\orl\AppData\Roaming\Mozilla\FireFox\Profiles\lr23rmxs.default --
    Extensions\engine@conduit.com (Conduit Engine )
    Extensions\{59994074-c06d-4a75-9768-49e5a8c21264} (Messenger Plus Live France Community Toolbar)
    Prefs.js - browser.download.lastDir, C:\\Users\\orl\\Desktop
    Prefs.js - browser.startup.homepage, hxxp://www.search-web.net/
    Prefs.js - browser.startup.homepage_override.buildID, 20110902133214
    Prefs.js - browser.startup.homepage_override.mstone, rv:6.0.2
    Prefs.js - keyword.URL, hxxp://www.search-web.net/results.php?cx=partner-pub-481735735......

    ========================================

    **** Internet Explorer Version [8.0.7600.16385] ****

    HKCU_Main|Default_Page_URL - hxxp://www.search-web.net
    HKCU_Main|Default_Search_URL - hxxp://www.search-web.net/keyword/
    HKCU_Main|SearchMigratedDefaultURL - hxxp://www.search-web.net/results.php?cx=partner-pub-481735735......
    HKCU_Main|Search bar - hxxp://www.search-web.net
    HKCU_Main|Search Page - hxxp://www.search-web.net
    HKCU_Main|Start Page - hxxp://www.search-web.net
    HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157
    HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
    HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
    HKLM_Main|Start Page - hxxp://go.microsoft.com/fwlink/?LinkId=69157
    HKCU_URLSearchHooks|{59994074-c06d-4a75-9768-49e5a8c21264} - "Messenger Plus Live France Toolbar" (C:\Program Files (x86)\Messenger_Plus_Live_France\tbMess.dll)
    HKLM_URLSearchHooks|{59994074-c06d-4a75-9768-49e5a8c21264} - "Messenger Plus Live France Toolbar" (C:\Program Files (x86)\Messenger_Plus_Live_France\tbMess.dll)
    HKCU_SearchScopes\{557C21FE-7274-410D-853E-9ED4471BF193} - "search-web.net" (hxxp://www.search-web.net/results.php?cx=partner-pub-481735735......)
    HKCU_SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} - "?" (?)
    HKCU_Toolbar\WebBrowser|{59994074-C06D-4A75-9768-49E5A8C21264} (C:\Program Files (x86)\Messenger_Plus_Live_France\tbMess.dll)
    HKLM_Toolbar|{59994074-c06d-4a75-9768-49e5a8c21264} (C:\Program Files (x86)\Messenger_Plus_Live_France\tbMess.dll)
    HKLM_Toolbar|{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} (C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll)
    HKCU_ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6} - C:\Program Files (x86)\Spotify\Spotify.exe (Spotify Ltd)
    HKLM_ElevationPolicy\1750090a-39a3-4526-b8bd-05883257c7c7 - C:\Program Files (x86)\Messenger_Plus_Live_France\Messenger_Plus_Live_FranceToolbarHelper.exe (?)
    HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\SysWOW64\wpcer.exe (x)
    HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\SysWOW64\winfxdocobj.exe (x)
    HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files (x86)\Internet Explorer\iedw.exe (x)
    HKLM_ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01} - C:\Windows\system32\TSWbPrxy.exe (x)
    BHO\{59994074-c06d-4a75-9768-49e5a8c21264} - "Messenger Plus Live France Toolbar" (C:\Program Files (x86)\Messenger_Plus_Live_France\tbMess.dll)
    BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)
    BHO\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - "avast! WebRep" (C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll)
    BHO\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - "Google Dictionary Compression sdch" (C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll)

    ========================================

    C:\Program Files (x86)\Ad-Remover\Quarantine: 0 Fichier(s)
    C:\Program Files (x86)\Ad-Remover\Backup: 2 Fichier(s)

    C:\Ad-Report-SCAN[1].txt - 18/09/2011 18:50:32 (11432 Octet(s))
    C:\Ad-Report-SCAN[2].txt - 18/09/2011 19:01:53 (11359 Octet(s))

    Fin à: 19:04:06, 18/09/2011

    ============== E.O.F ==============
    18 Septembre 2011 19:25:39

    re

    Tu ferais bien de lire: Les toolbars c'est pas obligatoire!


    1

  • Double-clique sur AD-R situé sur ton Bureau pour le lancer.
    (Sous Vista/Seven, il faut cliquer droit sur AD-R et choisir Exécuter en tant qu'administrateur)
  • Choisis la langue F pour français.
  • Au menu principal, choisis l'option Nettoyer.

    /!\ Laisse travailler l'outil /!\

  • Poste le rapport qui apparaît à la fin (C:\Ad-Report-CLEAN.log).
    /!\ Pense à réactiver ton antivirus /!\

    2

  • Rends-toi sur cette page AdwCleaner de Xplode , clique sur Télécharger et enregistre le fichier sur ton Bureau
  • Double-clique sur l'icône AdwCleaner0.exe pour lancer l'installation
    /!\ Sous Vista et Windows 7, il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur
  • Sur le menu principal, clique sur Recherche et patiente le temps de l'analyse
  • A la fin du scan, un rapport AdwCleaner[R].txt s'ouvre. Poste le rapport en pièce jointe dans ta prochaine réponse
    Le rapport se trouve sous C:\AdwCleaner[R].txt

    18 Septembre 2011 19:28:58

    Hello,pour hijackthis,à moins que ce soit toi qu'ai placé ces fichiers,tu devrais cocher les cases suivantes :

    O4 - HKLM\..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd
    O4 - HKCU\..\Run: [tempHome] C:\Users\orl\AppData\Local\Temp\racourci.vbe
    O4 - HKCU\..\Run: [Protection] C:\Users\orl\Protection.exe
    O4 - Startup: Protection.lnk = orl\Protection.exe
    O8 - Extra context menu item: Recherche avec search-web - C:\Users\orl\AppData\Local\Temp\scriptjava.html
    O15 - Trusted Zone: *.search-web.net

    j'pense ce que c'est les seuls processus qui peuvent déranger,à moins que j'en ai raté..
    fais ca en mode sans echec,et lance hijackthis en administrateur
    18 Septembre 2011 19:40:25

    Fin de 1ere étape pour Sham_Rock, je poste et ensuite j'attaque l'étape 2:
    ======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

    Mis à jour par TeamXscript le 12/04/11
    Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
    Site web: http://www.teamxscript.org

    C:\Program Files (x86)\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 19:31:40 le 18/09/2011, Mode normal

    Microsoft Windows 7 Édition Familiale Premium (X64)
    orl@ORL-NOTEBOOK (ASUSTeK Computer INC. K50AF)

    ============== ACTION(S) ==============


    Dossier supprimé: C:\Users\orl\AppData\Roaming\Mozilla\FireFox\Profiles\lr23rmxs.default\conduit
    Dossier supprimé: C:\Users\orl\AppData\Roaming\Mozilla\FireFox\Profiles\lr23rmxs.default\ConduitEngine
    Dossier supprimé: C:\Users\orl\AppData\Roaming\Mozilla\FireFox\Profiles\lr23rmxs.default\extensions\engine@conduit.com
    Dossier supprimé: C:\Users\orl\AppData\LocalLow\Conduit
    Dossier supprimé: C:\Program Files (x86)\Conduit

    (!) -- Fichiers temporaires supprimés.


    -- Fichier ouvert: C:\Users\orl\AppData\Roaming\Mozilla\FireFox\Profiles\lr23rmxs.default\Prefs.js --
    Ligne supprimée: user_pref("CT2567681.SearchEngine", "Recherche||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_...
    Ligne supprimée: user_pref("CT2567681.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT256...
    Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/FR", "\"0\"")...
    Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\...
    Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3...
    Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63...
    Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20...
    Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20...
    Ligne supprimée: user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
    Ligne supprimée: user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
    Ligne supprimée: user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
    Ligne supprimée: user_pref("CommunityToolbar.IsEngineShown", true);
    Ligne supprimée: user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
    Ligne supprimée: user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
    Ligne supprimée: user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
    Ligne supprimée: user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
    Ligne supprimée: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr...
    Ligne supprimée: user_pref("CommunityToolbar.ToolbarsList", "CT2567681,ConduitEngine");
    Ligne supprimée: user_pref("CommunityToolbar.ToolbarsList2", "CT2567681");
    Ligne supprimée: user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Fri May 06 2011 19:53:53 GMT+02...
    Ligne supprimée: user_pref("CommunityToolbar.alert.alertEnabled", false);
    Ligne supprimée: user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
    Ligne supprimée: user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Feb 28 2011 11:53:42 GMT+0100");
    Ligne supprimée: user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
    Ligne supprimée: user_pref("CommunityToolbar.alert.locale", "en");
    Ligne supprimée: user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
    Ligne supprimée: user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Jun 25 2011 19:37:21 GMT+0200");
    Ligne supprimée: user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
    Ligne supprimée: user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
    Ligne supprimée: user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
    Ligne supprimée: user_pref("CommunityToolbar.alert.showTrayIcon", false);
    Ligne supprimée: user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
    Ligne supprimée: user_pref("CommunityToolbar.alert.userId", "8c6bfea3-269d-4364-af10-85a4fd22320f");
    Ligne supprimée: user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Jul 09 2010 07:23:40 GMT+0200");
    Ligne supprimée: user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
    Ligne supprimée: user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
    Ligne supprimée: user_pref("ConduitEngine.AppTrackingLastCheckTime", "Thu Jun 23 2011 21:03:56 GMT+0200");
    Ligne supprimée: user_pref("ConduitEngine.CTID", "ConduitEngine");
    Ligne supprimée: user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Thu Jun 23 2011 21:03:45 GMT+0200");
    Ligne supprimée: user_pref("ConduitEngine.FirstServerDate", "02/28/2011 13");
    Ligne supprimée: user_pref("ConduitEngine.FirstTime", true);
    Ligne supprimée: user_pref("ConduitEngine.FirstTimeFF3", true);
    Ligne supprimée: user_pref("ConduitEngine.HasUserGlobalKeys", true);
    Ligne supprimée: user_pref("ConduitEngine.Initialize", true);
    Ligne supprimée: user_pref("ConduitEngine.InitializeCommonPrefs", true);
    Ligne supprimée: user_pref("ConduitEngine.InstalledDate", "Mon Feb 28 2011 11:53:34 GMT+0100");
    Ligne supprimée: user_pref("ConduitEngine.IsMulticommunity", false);
    Ligne supprimée: user_pref("ConduitEngine.IsOpenThankYouPage", false);
    Ligne supprimée: user_pref("ConduitEngine.IsOpenUninstallPage", true);
    Ligne supprimée: user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sun Jun 26 2011 09:11:33 GMT+0200");
    Ligne supprimée: user_pref("ConduitEngine.LastLogin_3.2.3.3", "Mon Feb 28 2011 11:53:34 GMT+0100");
    Ligne supprimée: user_pref("ConduitEngine.LastLogin_3.3.3.2", "Mon Jun 27 2011 14:01:28 GMT+0200");
    Ligne supprimée: user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
    Ligne supprimée: user_pref("ConduitEngine.SettingsLastCheckTime", "Mon Jun 27 2011 19:05:21 GMT+0200");
    Ligne supprimée: user_pref("ConduitEngine.UserID", "UN98857289481907017");
    Ligne supprimée: user_pref("ConduitEngine.componentAlertEnabled", false);
    Ligne supprimée: user_pref("ConduitEngine.engineLocale", "fr");
    Ligne supprimée: user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sun Jun 26 2011 09:11:33 GMT+0200");
    Ligne supprimée: user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sun Jun 26 2011 23:02:24 GMT+0200");
    Ligne supprimée: user_pref("ConduitEngine.initDone", true);
    Ligne supprimée: user_pref("ConduitEngine.isAppTrackingManagerOn", true);
    Ligne supprimée: user_pref("ConduitEngine.isDetectionEnabled", false);
    Ligne supprimée: user_pref("ConduitEngine.usageEnabled", false);
    Ligne supprimée: user_pref("ConduitEngine.usagesFlag", 2);
    -- Fichier Fermé --


    Clé supprimée: HKLM\Software\Classes\Toolbar.CT2567681
    Clé supprimée: HKLM\Software\Conduit
    Clé supprimée: HKLM\Software\OpenCandy NSIS SDK
    Clé supprimée: HKCU\Software\AppDataLow\Toolbar
    Clé supprimée: HKCU\Software\AppDataLow\Software\Conduit
    Clé supprimée: HKLM\Software\Messenger Plus!\OpenCandy


    ============== SCAN ADDITIONNEL ==============

    **** Mozilla Firefox Version [6.0.2 (fr)] ****

    HKLM_MozillaPlugins\@garmin.com/GpsControl (x)
    HKLM_MozillaPlugins\Adobe Reader (x)
    Searchplugins\bing.xml ( hxxp://www.bing.com/search)
    Components\browsercomps.dll (Mozilla Foundation)
    Extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} (Skype extension )

    -- C:\Users\orl\AppData\Roaming\Mozilla\FireFox\Profiles\lr23rmxs.default --
    Extensions\{59994074-c06d-4a75-9768-49e5a8c21264} (Messenger Plus Live France Community Toolbar)
    Prefs.js - browser.download.lastDir, C:\\Users\\orl\\Desktop
    Prefs.js - browser.startup.homepage, hxxp://www.search-web.net/
    Prefs.js - browser.startup.homepage_override.buildID, 20110902133214
    Prefs.js - browser.startup.homepage_override.mstone, rv:6.0.2
    Prefs.js - keyword.URL, hxxp://www.search-web.net/results.php?cx=partner-pub-481735735......

    ========================================

    **** Internet Explorer Version [8.0.7600.16385] ****

    HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
    HKCU_Main|Start Page - hxxp://fr.msn.com/
    HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
    HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
    HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM_Main|Start Page - hxxp://fr.msn.com/
    HKCU_URLSearchHooks|{59994074-c06d-4a75-9768-49e5a8c21264} - "Messenger Plus Live France Toolbar" (C:\Program Files (x86)\Messenger_Plus_Live_France\tbMess.dll)
    HKLM_URLSearchHooks|{59994074-c06d-4a75-9768-49e5a8c21264} - "Messenger Plus Live France Toolbar" (C:\Program Files (x86)\Messenger_Plus_Live_France\tbMess.dll)
    HKCU_SearchScopes\{557C21FE-7274-410D-853E-9ED4471BF193} - "search-web.net" (hxxp://www.search-web.net/results.php?cx=partner-pub-481735735......)
    HKCU_SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} - "?" (?)
    HKCU_Toolbar\WebBrowser|{59994074-C06D-4A75-9768-49E5A8C21264} (C:\Program Files (x86)\Messenger_Plus_Live_France\tbMess.dll)
    HKLM_Toolbar|{59994074-c06d-4a75-9768-49e5a8c21264} (C:\Program Files (x86)\Messenger_Plus_Live_France\tbMess.dll)
    HKLM_Toolbar|{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} (C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll)
    HKCU_ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6} - C:\Program Files (x86)\Spotify\Spotify.exe (Spotify Ltd)
    HKLM_ElevationPolicy\1750090a-39a3-4526-b8bd-05883257c7c7 - C:\Program Files (x86)\Messenger_Plus_Live_France\Messenger_Plus_Live_FranceToolbarHelper.exe (?)
    HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\SysWOW64\wpcer.exe (x)
    HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\SysWOW64\winfxdocobj.exe (x)
    HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files (x86)\Internet Explorer\iedw.exe (x)
    HKLM_ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01} - C:\Windows\system32\TSWbPrxy.exe (x)
    BHO\{59994074-c06d-4a75-9768-49e5a8c21264} - "Messenger Plus Live France Toolbar" (C:\Program Files (x86)\Messenger_Plus_Live_France\tbMess.dll)
    BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)
    BHO\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - "avast! WebRep" (C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll)
    BHO\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - "Google Dictionary Compression sdch" (C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll)

    ========================================

    C:\Program Files (x86)\Ad-Remover\Quarantine: 111 Fichier(s)
    C:\Program Files (x86)\Ad-Remover\Backup: 17 Fichier(s)

    C:\Ad-Report-CLEAN[1].txt - 18/09/2011 19:32:18 (11302 Octet(s))
    C:\Ad-Report-SCAN[1].txt - 18/09/2011 18:50:32 (11432 Octet(s))
    C:\Ad-Report-SCAN[2].txt - 18/09/2011 19:01:53 (11498 Octet(s))

    Fin à: 19:37:08, 18/09/2011

    ============== E.O.F ==============
    18 Septembre 2011 19:51:08

    Etape 2 effectuée, voici le rapport:

    # AdwCleaner v1.306 - Rapport créé le 18/09/2011 à 19:49:27
    # Mis à jour le 14/09/11 à 13h par Xplode
    # Système d'exploitation : Windows 7 Home Premium (64 bits)
    # Nom d'utilisateur : orl - ORL-NOTEBOOK (Administrateur)
    # Exécuté depuis : C:\Users\orl\Downloads\adwcleaner.exe
    # Option [Recherche]


    ***** [Processus] *****


    ***** [Services] *****


    ***** [Fichiers / Dossiers] *****


    ***** [Registre] *****

    Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}

    ***** [Registre (64 bits)] *****


    ***** [Navigateurs] *****

    -\\ Internet Explorer v8.0.7600.16385

    [OK] Le registre ne contient aucune entrée illégitime.

    -\\ Mozilla Firefox v6.0.2 (fr)

    Profil : lr23rmxs.default
    Fichier : C:\Users\orl\AppData\Roaming\Mozilla\Firefox\Profiles\lr23rmxs.default\prefs.js

    Présente : user_pref("CT2567681.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
    Présente : user_pref("CT2567681.CTID", "CT2567681");
    Présente : user_pref("CT2567681.CurrentServerDate", "9-7-2010");
    Présente : user_pref("CT2567681.DialogsAlignMode", "LTR");
    Présente : user_pref("CT2567681.DownloadReferralCookieData", "");
    Présente : user_pref("CT2567681.EMailNotifierPollDate", "Fri Jul 09 2010 07:23:37 GMT+0200");
    Présente : user_pref("CT2567681.FeedLastCount2929882609848814406", 362);
    Présente : user_pref("CT2567681.FeedPollDate129227257783214203", "Fri Jul 09 2010 07:23:35 GMT+0200");
    Présente : user_pref("CT2567681.FeedPollDate129227257783214209", "Fri Jul 09 2010 07:23:35 GMT+0200");
    Présente : user_pref("CT2567681.FeedPollDate129227257783214215", "Fri Jul 09 2010 07:23:35 GMT+0200");
    Présente : user_pref("CT2567681.FeedPollDate129227257783214221", "Fri Jul 09 2010 07:23:35 GMT+0200");
    Présente : user_pref("CT2567681.FeedPollDate129227257783214227", "Fri Jul 09 2010 07:23:35 GMT+0200");
    Présente : user_pref("CT2567681.FeedPollDate129227257783214233", "Fri Jul 09 2010 07:23:35 GMT+0200");
    Présente : user_pref("CT2567681.FeedPollDate129227257783214239", "Fri Jul 09 2010 07:23:35 GMT+0200");
    Présente : user_pref("CT2567681.FeedPollDate129227257783214245", "Fri Jul 09 2010 07:23:35 GMT+0200");
    Présente : user_pref("CT2567681.FeedPollDate129227257783214251", "Fri Jul 09 2010 07:23:35 GMT+0200");
    Présente : user_pref("CT2567681.FeedPollDate129227257783214257", "Fri Jul 09 2010 07:23:35 GMT+0200");
    Présente : user_pref("CT2567681.FeedPollDate129227257783214263", "Fri Jul 09 2010 07:23:36 GMT+0200");
    Présente : user_pref("CT2567681.FeedPollDate129227257783214269", "Fri Jul 09 2010 07:23:36 GMT+0200");
    Présente : user_pref("CT2567681.FeedPollDate129227257783214275", "Fri Jul 09 2010 07:23:36 GMT+0200");
    Présente : user_pref("CT2567681.FeedPollDate129227257783214281", "Fri Jul 09 2010 07:23:36 GMT+0200");
    Présente : user_pref("CT2567681.FeedPollDate129227257783214287", "Fri Jul 09 2010 07:23:36 GMT+0200");
    Présente : user_pref("CT2567681.FeedPollDate129227257783214293", "Fri Jul 09 2010 07:23:36 GMT+0200");
    Présente : user_pref("CT2567681.FeedPollDate129227257783214299", "Fri Jul 09 2010 07:23:37 GMT+0200");
    Présente : user_pref("CT2567681.FeedPollDate129227257783214305", "Fri Jul 09 2010 07:23:37 GMT+0200");
    Présente : user_pref("CT2567681.FeedPollDate129227257783214311", "Fri Jul 09 2010 07:23:37 GMT+0200");
    Présente : user_pref("CT2567681.FeedPollDate129227257783214317", "Fri Jul 09 2010 07:23:37 GMT+0200");
    Présente : user_pref("CT2567681.FeedPollDate129227257783370573", "Fri Jul 09 2010 07:23:37 GMT+0200");
    Présente : user_pref("CT2567681.FeedTTL129227257783214203", 30);
    Présente : user_pref("CT2567681.FeedTTL129227257783214209", 2);
    Présente : user_pref("CT2567681.FeedTTL129227257783214215", 2);
    Présente : user_pref("CT2567681.FeedTTL129227257783214227", 2);
    Présente : user_pref("CT2567681.FeedTTL129227257783214233", 30);
    Présente : user_pref("CT2567681.FeedTTL129227257783214251", 5);
    Présente : user_pref("CT2567681.FeedTTL129227257783214257", 5);
    Présente : user_pref("CT2567681.FeedTTL129227257783214263", 5);
    Présente : user_pref("CT2567681.FeedTTL129227257783214281", 5);
    Présente : user_pref("CT2567681.FirstServerDate", "9-7-2010");
    Présente : user_pref("CT2567681.FirstTime", true);
    Présente : user_pref("CT2567681.FirstTimeFF3", true);
    Présente : user_pref("CT2567681.FirstTimeSettingsDone", true);
    Présente : user_pref("CT2567681.FixPageNotFoundErrors", true);
    Présente : user_pref("CT2567681.GroupingServerCheckInterval", 1440);
    Présente : user_pref("CT2567681.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
    Présente : user_pref("CT2567681.Initialize", true);
    Présente : user_pref("CT2567681.InitializeCommonPrefs", true);
    Présente : user_pref("CT2567681.InstallationAndCookieDataSentCount", 1);
    Présente : user_pref("CT2567681.InstallationType", "UnknownIntegration");
    Présente : user_pref("CT2567681.InstalledDate", "Fri Jul 09 2010 07:23:33 GMT+0200");
    Présente : user_pref("CT2567681.InvalidateCache", false);
    Présente : user_pref("CT2567681.IsGrouping", false);
    Présente : user_pref("CT2567681.IsMulticommunity", false);
    Présente : user_pref("CT2567681.IsOpenThankYouPage", false);
    Présente : user_pref("CT2567681.IsOpenUninstallPage", true);
    Présente : user_pref("CT2567681.LanguagePackLastCheckTime", "Fri Jul 09 2010 07:23:36 GMT+0200");
    Présente : user_pref("CT2567681.LanguagePackReloadIntervalMM", 1440);
    Présente : user_pref("CT2567681.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
    Présente : user_pref("CT2567681.LastLogin_2.6.0.15", "Fri Jul 09 2010 07:23:34 GMT+0200");
    Présente : user_pref("CT2567681.LatestVersion", "2.1.0.18");
    Présente : user_pref("CT2567681.Locale", "fr-fr");
    Présente : user_pref("CT2567681.LoginCache", 4);
    Présente : user_pref("CT2567681.MCDetectTooltipHeight", "83");
    Présente : user_pref("CT2567681.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
    Présente : user_pref("CT2567681.MCDetectTooltipWidth", "295");
    Présente : user_pref("CT2567681.RadioIsPodcast", false);
    Présente : user_pref("CT2567681.RadioLastCheckTime", "Fri Jul 09 2010 07:23:37 GMT+0200");
    Présente : user_pref("CT2567681.RadioLastUpdateIPServer", "3");
    Présente : user_pref("CT2567681.RadioLastUpdateServer", "3");
    Présente : user_pref("CT2567681.RadioMediaID", "9962");
    Présente : user_pref("CT2567681.RadioMediaType", "Media Player");
    Présente : user_pref("CT2567681.RadioMenuSelectedID", "EBRadioMenu_CT25676819962");
    Présente : user_pref("CT2567681.RadioStationName", "California%20Rock");
    Présente : user_pref("CT2567681.RadioStationURL", "hxxp://feedlive.net/california.asx");
    Présente : user_pref("CT2567681.SHRINK_TOOLBAR", 1);
    Présente : user_pref("CT2567681.SearchFromAddressBarIsInit", true);
    Présente : user_pref("CT2567681.SearchInNewTabEnabled", true);
    Présente : user_pref("CT2567681.SearchInNewTabIntervalMM", 1440);
    Présente : user_pref("CT2567681.SearchInNewTabLastCheckTime", "Fri Jul 09 2010 07:23:36 GMT+0200");
    Présente : user_pref("CT2567681.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
    Présente : user_pref("CT2567681.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
    Présente : user_pref("CT2567681.SettingsCheckIntervalMin", 120);
    Présente : user_pref("CT2567681.SettingsLastCheckTime", "Fri Jul 09 2010 07:23:32 GMT+0200");
    Présente : user_pref("CT2567681.SettingsLastUpdate", "1278589422");
    Présente : user_pref("CT2567681.ThirdPartyComponentsInterval", 504);
    Présente : user_pref("CT2567681.ThirdPartyComponentsLastCheck", "Fri Jul 09 2010 07:23:32 GMT+0200");
    Présente : user_pref("CT2567681.ThirdPartyComponentsLastUpdate", "1278589422");
    Présente : user_pref("CT2567681.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=...");
    Présente : user_pref("CT2567681.UserID", "UN46989248294789945");
    Présente : user_pref("CT2567681.ValidationData_Toolbar", 0);
    Présente : user_pref("CT2567681.WeatherNetwork", "");
    Présente : user_pref("CT2567681.WeatherPollDate", "Fri Jul 09 2010 07:23:41 GMT+0200");
    Présente : user_pref("CT2567681.WeatherUnit", "C");
    Présente : user_pref("CT2567681.alertChannelId", "960546");
    Présente : user_pref("CT2567681.backendstorage.hxxp://cmg1_conduit-widgets_com/miniquarium.miniquarium_closed", "66616C7365");
    Présente : user_pref("CT2567681.clientLogIsEnabled", true);
    Présente : user_pref("CT2567681.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
    Présente : user_pref("CT2567681.myStuffEnabled", true);
    Présente : user_pref("CT2567681.myStuffPublihserMinWidth", 400);
    Présente : user_pref("CT2567681.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
    Présente : user_pref("CT2567681.myStuffServiceIntervalMM", 1440);
    Présente : user_pref("CT2567681.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
    Présente : user_pref("CT2567681.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");

    -\\ Google Chrome v [Impossible d'obtenir la version]

    Fichier : C:\Users\orl\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] Le fichier ne contient aucune entrée illégitime.

    *************************

    AdwCleaner[R1].txt - [9527 octets] - [18/09/2011 19:49:27]

    ########## EOF - C:\AdwCleaner[R1].txt - [9655 octets] ##########
    19 Septembre 2011 20:21:20

    Bonsoir
    on termine:

    1

    Mets à jour Malwarebytes' Anti-Malware, fais un scan complet et poste le rapport:
    Aide :
  • Comment utiliser MBAM.

    2


    Télécharge OTL(de OldTimer) sur ton Bureau.
  • Double-clique sur OTL pour le lancer.
  • (Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
  • Une fenêtre apparaît. Dans la section Rapport en haut de cette fenêtre, coche Rapport minimal.
  • Coche également les cases à côté de Recherche Lop et Recherche Purity.
  • Enfin, clique sur le bouton Analyse. Le scan ne prendra pas beaucoup de temps.
  • Une fois l'analyse terminée, deux fenêtres vont s'ouvrir dans le Bloc-notes : OTL.txt et Extras.txt. Ils se trouvent au même endroit que OTL (donc par défaut sur le Bureau).
  • Héberge les rapports, puis donne leurs liens.
    Utilise ceci pour les heberger: http://www.sendspace.com/
    27 Septembre 2011 12:43:50

    Petite absence due à mon emploi du temps professionnel, je reprend les étapes:

    Etape 1, résultat du scan complet Malwarebytes Anti Malwares

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Version de la base de données: 7806

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    27/09/2011 11:56:15
    mbam-log-2011-09-27 (11-56-15).txt

    Type d'examen: Examen complet (C:\|D:\|)
    Elément(s) analysé(s): 417461
    Temps écoulé: 3 heure(s), 21 minute(s), 6 seconde(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    27 Septembre 2011 13:24:07

    Soucis dans la 2ème étape, je n'arrive pas à retrouver les fichiers et je ne sais pas comment faire pour héberger sur Sendscape
    28 Septembre 2011 10:22:19

    Bonjour
    normalement, les rapports sont sur ton bureau...
    sinon, tu recommences la procédure... probablement que tu n'auras que le rapport OTL.txt mais ça me suffira.
    28 Septembre 2011 14:16:55

    OTL logfile created on: 28/09/2011 13:36:56 - Run 1
    OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\orl\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    4,00 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 51,22% Memory free
    8,00 Gb Paging File | 5,63 Gb Available in Paging File | 70,39% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 116,44 Gb Total Space | 63,73 Gb Free Space | 54,73% Space Free | Partition Type: NTFS
    Drive D: | 334,67 Gb Total Space | 171,40 Gb Free Space | 51,21% Space Free | Partition Type: NTFS
    Drive E: | 4,07 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

    Computer Name: ORL-NOTEBOOK | User Name: orl | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\orl\Downloads\OTL(1).exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
    PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
    PRC - C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
    PRC - C:\Windows\AsScrPro.exe (ASUS)
    PRC - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe ()
    PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
    PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
    PRC - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
    PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
    PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS)
    PRC - C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
    PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()


    ========== Modules (No Company Name) ==========

    MOD - C:\Users\orl\AppData\Roaming\Mozilla\Firefox\Profiles\lr23rmxs.default\extensions\{59994074-c06d-4a75-9768-49e5a8c21264}\components\RadioWMPCoreGecko6.dll ()
    MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
    MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe ()
    MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
    MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
    MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
    MOD - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    SRV:64bit: - (appdrvrem01) -- C:\Windows\SysNative\appdrvrem01.exe (Protection Technology)
    SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
    SRV:64bit: - (SfCtlCom) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
    SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
    SRV:64bit: - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
    SRV:64bit: - (TmProxy) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
    SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
    SRV:64bit: - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
    SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
    SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (OberonGameConsoleService) -- C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe ()
    SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe (ASUS)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
    DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
    DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
    DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)
    DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
    DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
    DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
    DRV:64bit: - (appdrv01) Application Driver (01) -- C:\Windows\SysNative\drivers\appdrv01.sys (Protection Technology)
    DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
    DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
    DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
    DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)
    DRV:64bit: - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)
    DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)
    DRV:64bit: - (tmxpflt) -- C:\Windows\SysNative\drivers\tmxpflt.sys (Trend Micro Inc.)
    DRV:64bit: - (tmpreflt) -- C:\Windows\SysNative\drivers\tmpreflt.sys (Trend Micro Inc.)
    DRV:64bit: - (vsapint) -- C:\Windows\SysNative\drivers\vsapint.sys (Trend Micro Inc.)
    DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.)
    DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
    DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
    DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\drivers\tmtdi.sys (Trend Micro Inc.)
    DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
    DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
    DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
    DRV:64bit: - (lullaby) -- C:\Windows\SysNative\drivers\lullaby.sys (Windows (R) Win 7 DDK provider)
    DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
    DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
    DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
    DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)
    DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
    DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
    DRV:64bit: - (ASMMAP64) -- C:\Program Files\ATKGFNEX\ASMMAP64.sys ()
    DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys ()
    DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
    DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    IE - HKLM\..\URLSearchHook: {59994074-c06d-4a75-9768-49e5a8c21264} - C:\Program Files (x86)\Messenger_Plus_Live_France\tbMess.dll (Conduit Ltd.)

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.search-web.net
    IE - HKCU\..\URLSearchHook: {59994074-c06d-4a75-9768-49e5a8c21264} - C:\Program Files (x86)\Messenger_Plus_Live_France\tbMess.dll (Conduit Ltd.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.search-web.net/"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {59994074-c06d-4a75-9768-49e5a8c21264}:3.2.3.3
    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.3.3
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
    FF - prefs.js..keyword.URL: "http://www.search-web.net/results.php?cx=partner-pub-48..."

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/25 10:03:56 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/09/17 18:47:30 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/18 10:24:27 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/25 10:04:27 | 000,000,000 | ---D | M]

    [2010/07/11 20:34:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\orl\AppData\Roaming\mozilla\Extensions
    [2010/07/11 20:34:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\orl\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
    [2011/09/28 08:43:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\orl\AppData\Roaming\mozilla\Firefox\Profiles\lr23rmxs.default\extensions
    [2011/09/28 08:43:57 | 000,000,000 | ---D | M] (Messenger Plus Live France Community Toolbar) -- C:\Users\orl\AppData\Roaming\mozilla\Firefox\Profiles\lr23rmxs.default\extensions\{59994074-c06d-4a75-9768-49e5a8c21264}
    [2011/09/28 08:26:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2010/11/24 22:13:57 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2010/06/11 19:24:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/12/17 15:41:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/09/28 08:26:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    [2011/09/17 18:47:30 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
    [2011/09/03 08:24:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2011/09/03 02:54:18 | 000,001,516 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-france.xml
    [2011/09/03 02:13:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2011/09/03 02:54:18 | 000,001,822 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
    [2011/09/03 02:54:18 | 000,001,154 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-france.xml
    [2011/09/03 02:54:18 | 000,001,426 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-fr.xml
    [2011/09/03 02:54:18 | 000,000,956 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-france.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:o riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.163\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.163\pdf.dll
    CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.163\gears.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: SocialPlus! = C:\Users\orl\AppData\Local\Google\Chrome\User Data\Default\Extensions\eidogommnbbcgnhfjkcgjnlonijjhmjl\2.5.6_0\
    CHR - Extension: avast! WebRep = C:\Users\orl\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\
    CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\orl\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\

    O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Messenger Plus Live France Toolbar) - {59994074-c06d-4a75-9768-49e5a8c21264} - C:\Program Files (x86)\Messenger_Plus_Live_France\tbMess.dll (Conduit Ltd.)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Messenger Plus Live France Toolbar) - {59994074-c06d-4a75-9768-49e5a8c21264} - C:\Program Files (x86)\Messenger_Plus_Live_France\tbMess.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Messenger Plus Live France Toolbar) - {59994074-C06D-4A75-9768-49E5A8C21264} - C:\Program Files (x86)\Messenger_Plus_Live_France\tbMess.dll (Conduit Ltd.)
    O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
    O4:64bit: - HKLM..\Run: [EeeStorageBackup] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
    O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
    O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
    O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
    O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
    O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
    O4 - HKCU..\Run: [Protection] C:\Users\orl\Protection1223.exe (Copyright)
    O4 - Startup: C:\Users\orl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Protection.lnk = File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
    O8:64bit: - Extra context menu item: Recherche avec search-web - C:\Users\orl\AppData\Local\Temp\scriptjava.html File not found
    O8 - Extra context menu item: Recherche avec search-web - C:\Users\orl\AppData\Local\Temp\scriptjava.html File not found
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: chat-land.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: chat-land.net ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: chat-land.org ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: search-web.net ([]* in Trusted sites)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-wind... (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-wind... (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-wind... (Java Plug-in 1.6.0_26)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C3AA09E-121D-4F85-B15D-36DB9BF763B2}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D20BF40C-633D-4DBA-8AB2-678C01387B50}: DhcpNameServer = 10.10.0.1 156.154.70.1 156.154.71.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2011/06/03 15:01:07 | 000,000,059 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
    O33 - MountPoints2\{0e497bcc-2caf-11df-a332-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{0e497bcc-2caf-11df-a332-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Launcher.exe -- [2011/06/03 15:01:08 | 000,305,056 | R--- | M] (Cyanide)
    O33 - MountPoints2\{2058a5a3-2720-11e0-9622-bb9750477bdd}\Shell - "" = AutoRun
    O33 - MountPoints2\{2058a5a3-2720-11e0-9622-bb9750477bdd}\Shell\AutoRun\command - "" = "K:\WD SmartWare.exe" autoplay=true
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/09/28 13:29:02 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{645A90D2-2C4E-4C32-8746-5B4862DD0ACB}
    [2011/09/28 13:28:34 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{EC94454D-851D-4F56-9F9F-1400B90FF19D}
    [2011/09/28 13:28:04 | 000,696,320 | ---- | C] (Copyright) -- C:\Users\orl\Protection1223.exe
    [2011/09/28 08:29:00 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Roaming\GlarySoft
    [2011/09/28 08:26:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2011/09/28 08:25:59 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
    [2011/09/28 08:25:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
    [2011/09/28 08:25:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
    [2011/09/28 08:25:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
    [2011/09/28 08:23:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities
    [2011/09/28 08:23:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
    [2011/09/28 08:23:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities
    [2011/09/27 22:44:15 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{D71285BF-37E1-4E3E-B7B4-BEAE4C3652D3}
    [2011/09/27 22:43:59 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{FF07F0AC-4FB3-4CB2-934C-C02E15FC79AF}
    [2011/09/27 08:27:37 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{1DC65CEA-5391-4A9E-BB3E-31733DDD44B2}
    [2011/09/27 08:27:18 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{7AD23C0E-F459-4BFD-B026-E6450B32FACD}
    [2011/09/26 21:48:22 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{4AEF3ACC-3CCE-448B-BD26-009FD96248FD}
    [2011/09/23 21:47:08 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{3690D743-6624-40BD-890A-C141E156E4B0}
    [2011/09/23 13:17:18 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{9E03C68D-6355-46EB-9BA8-3C3C21AEE9E7}
    [2011/09/22 21:54:03 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{B29FBAD1-DEBC-448E-9D4C-ECA5F27F637F}
    [2011/09/22 12:37:51 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{C5DFA11E-216D-4519-BC58-DC1286F3C01A}
    [2011/09/21 22:04:02 | 000,000,000 | ---D | C] -- C:\Users\orl\Desktop\Classeur HSCT 18-02-11
    [2011/09/21 21:28:18 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{A7FE1409-E587-49B1-A8D9-C6C6D754716D}
    [2011/09/21 12:45:07 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{C0A8ECA0-D819-48E4-944E-B2E022E21946}
    [2011/09/20 21:46:21 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{0797847F-33AA-4E41-9653-B97D080325E5}
    [2011/09/20 10:53:35 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{A634E4B0-7D08-404E-9AED-08A0043E921F}
    [2011/09/19 22:05:57 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{05B1522A-0942-434D-97D2-9C593A9B09B0}
    [2011/09/19 06:51:45 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{665F8A54-1F6D-4580-964B-7864BC97249F}
    [2011/09/19 06:51:23 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{E63BAF0B-D89F-4210-8B43-7BF1487EDAD8}
    [2011/09/18 19:45:11 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{2E5377AD-9BE1-4737-AF8A-BCE909A7118B}
    [2011/09/18 19:44:58 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{590C2DF9-917B-4405-83CC-A7D95F672EF5}
    [2011/09/18 18:48:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Remover
    [2011/09/18 13:30:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
    [2011/09/18 13:30:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
    [2011/09/18 12:18:22 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{EF3E1B44-E21A-4066-80E2-AB397AD046D0}
    [2011/09/18 12:18:07 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{77F555DD-384E-428A-A17F-20C50A2E4FD2}
    [2011/09/18 12:13:02 | 000,069,152 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
    [2011/09/18 12:12:57 | 000,049,752 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
    [2011/09/18 12:03:49 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\Sunbelt Software
    [2011/09/18 11:03:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\{589802B2-1BF3-4609-9ADE-CF6E6608D06D}
    [2011/09/18 11:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
    [2011/09/18 11:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
    [2011/09/18 11:03:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
    [2011/09/18 10:14:10 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{07817E65-2C07-440E-B333-13756859B6E2}
    [2011/09/18 10:13:58 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{9B1BBE27-12C6-4E57-865F-BE05283BA5A7}
    [2011/09/18 07:04:02 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Roaming\Malwarebytes
    [2011/09/18 07:03:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/09/18 07:03:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/09/18 07:03:36 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2011/09/18 07:03:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2011/09/18 00:27:50 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{36B2BC29-ABFB-423F-AAFD-BAB3A9ED30EB}
    [2011/09/18 00:27:36 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{06D03621-4AFE-415D-A6BD-A98A0E87E757}
    [2011/09/17 18:49:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2011/09/17 18:49:14 | 000,301,912 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2011/09/17 18:49:14 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2011/09/17 18:49:11 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
    [2011/09/17 18:49:09 | 000,058,200 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2011/09/17 18:49:06 | 000,601,944 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2011/09/17 18:49:01 | 000,254,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2011/09/17 18:49:01 | 000,065,368 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2011/09/17 18:47:22 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2011/09/17 18:47:21 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2011/09/17 18:47:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2011/09/17 18:47:14 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2011/09/17 18:36:36 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{B849FB76-E985-44FA-87CF-52C614889CED}
    [2011/09/17 18:36:23 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{2C5D4203-6B9C-4B4A-8EB4-0957CCD5462F}
    [2011/09/17 18:14:55 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{0352A802-CB1F-45EB-AACD-C4677A3F3F60}
    [2011/09/17 18:14:42 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{E2CC729F-BFEB-4ABD-8A72-EC000AFBC183}
    [2011/09/17 12:12:48 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{1044261D-8E80-4BD7-B258-392F88D1CD62}
    [2011/09/17 12:12:35 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{0A22A97E-9867-4F02-8431-9B687A57A884}
    [2011/09/17 09:28:11 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{D343807B-9B22-4FF9-B59A-85A5F4AE03C9}
    [2011/09/17 09:27:59 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{E1E3F763-A4DF-44F4-ADCA-4D3FE035AD49}
    [2011/09/17 08:24:39 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{31A81C88-3A3C-43D9-B55B-9527DCD9C485}
    [2011/09/17 08:24:26 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{758F64E6-D79D-401E-8F0E-CFF43D86C35E}
    [2011/09/16 11:43:10 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{88CBCBD8-8C49-4F72-9A2F-F42EA34D2DDC}
    [2011/09/15 17:53:08 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{9AFFF728-99C2-4AC3-ADD8-93004E382677}
    [2011/09/15 17:52:52 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{8C388547-C001-4D37-9578-53D46AAE2F08}
    [2011/09/15 11:55:21 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{A79A2762-A21B-4DAF-B91F-F8C349C331EA}
    [2011/09/15 11:54:59 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{A02E53D7-11B2-4510-8126-5081DA087F97}
    [2011/09/14 19:18:17 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{9478BF1E-77C0-4BE2-BD1C-7076BBBC2E49}
    [2011/09/14 19:17:38 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{338E740C-A636-4F9E-9872-0F737275FE5D}
    [2011/09/14 18:34:29 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{1C0BAB38-01C5-43C9-BEDF-5880A8170208}
    [2011/09/14 18:34:11 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{42AD2C6A-F4F7-43F9-A3F7-939C641BF082}
    [2011/09/13 19:34:32 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{763C6A22-E825-4C1E-9590-0B96E7936FE8}
    [2011/09/13 19:34:17 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{F8E86966-8528-4834-9F5C-4F7911CC19C4}
    [2011/09/13 09:02:11 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{7B08501A-7E23-48EA-8214-7E180CD0F70E}
    [2011/09/13 09:01:56 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{60E2A92A-282F-4060-8D40-3F4E6625F4DE}
    [2011/09/12 10:28:02 | 000,000,000 | ---D | C] -- C:\Windows\system64
    [2011/09/12 08:03:04 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{06F08839-2A4A-497A-A62F-13E9AAF63114}
    [2011/09/11 09:28:07 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{847F5037-AE7C-4CAF-AE62-925B8D459E6C}
    [2011/09/10 21:53:33 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{2044F9AE-E48B-4547-8051-6FCF7905CDDF}
    [2011/09/10 13:20:47 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{8901C7EB-12FE-4F7F-B1C6-78B2C13817A9}
    [2011/09/09 22:10:15 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{720890FB-77FC-4560-A67F-B5B85A09886F}
    [2011/09/09 13:01:21 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{953D4B77-EB32-475B-BF6A-CD4B7A7287B3}
    [2011/09/08 21:41:25 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{2A8FF9E0-DEB1-4307-8C28-01FC37A218B1}
    [2011/09/08 12:28:52 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{4A0C7F22-5A27-472F-8089-EE60FB10CF6E}
    [2011/09/08 08:42:59 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{CAC377C0-73D0-492F-941E-FB79BB23FFC9}
    [2011/09/07 22:00:48 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{F51CB9AD-276F-44B4-9ECC-1D20499D157C}
    [2011/09/07 11:32:26 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{27C7BB4F-84D6-4DB9-BD29-AFB710390174}
    [2011/09/07 04:35:13 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{C6F353E2-DDE0-4515-92B1-96DAA9A3A236}
    [2011/09/07 04:34:52 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{EB102B77-BE2E-4050-B64C-2E8537498435}
    [2011/09/04 21:52:39 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{7A912433-1468-4B42-B81E-6FDE49A14887}
    [2011/09/04 21:52:22 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{ACEE37B0-0FB8-483D-933D-EB40A15E2D8F}
    [2011/09/03 13:57:31 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{3FC900F4-F528-4B85-8D45-963EFAC95535}
    [2011/09/03 13:57:19 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{051FBCF3-C08B-4FAD-807A-E4B2BA940A38}
    [2011/09/03 01:45:15 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{D4CF007A-A066-4F03-9197-FF1F85198736}
    [2011/09/03 01:44:59 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{9586786A-7557-45FD-A3E4-6BAD3E40F7D0}
    [2008/08/12 07:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll
    [1 C:\Users\orl\*.tmp files -> C:\Users\orl\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/09/28 13:31:03 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/09/28 13:31:03 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/09/28 13:29:29 | 001,557,414 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011/09/28 13:29:29 | 000,707,236 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
    [2011/09/28 13:29:29 | 000,618,912 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/09/28 13:29:29 | 000,131,632 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
    [2011/09/28 13:29:29 | 000,107,232 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011/09/28 13:28:48 | 000,000,011 | ---- | M] () -- C:\Users\orl\logie
    [2011/09/28 13:28:48 | 000,000,011 | ---- | M] () -- C:\Users\orl\logff
    [2011/09/28 13:28:10 | 000,696,320 | ---- | M] (Copyright) -- C:\Users\orl\Protection1223.exe
    [2011/09/28 13:27:04 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
    [2011/09/28 13:27:02 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/09/28 13:24:01 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/09/28 13:22:53 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
    [2011/09/28 13:21:09 | 000,472,592 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2011/09/28 13:21:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/09/28 13:20:44 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys
    [2011/09/28 08:40:05 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll
    [2011/09/28 08:40:05 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll
    [2011/09/28 08:23:51 | 000,001,068 | ---- | M] () -- C:\Users\orl\Desktop\Glary Utilities.lnk
    [2011/09/18 19:31:40 | 000,001,893 | ---- | M] () -- C:\Users\orl\Desktop\AD-R.lnk
    [2011/09/18 13:30:52 | 000,002,095 | ---- | M] () -- C:\Users\orl\Desktop\HijackThis.lnk
    [2011/09/18 12:16:19 | 000,001,411 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
    [2011/09/18 12:12:54 | 000,049,752 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
    [2011/09/18 11:03:26 | 000,001,180 | ---- | M] () -- C:\Users\orl\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
    [2011/09/18 11:03:26 | 000,001,156 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
    [2011/09/18 10:24:31 | 000,001,140 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2011/09/18 10:16:39 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2011/09/18 10:12:18 | 000,002,152 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
    [2011/09/17 18:49:16 | 000,001,843 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2011/09/17 18:49:01 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2011/09/17 12:11:24 | 000,000,114 | ---- | M] () -- C:\Users\orl\Application Data\Microsoft\Internet Explorer\Quick Launch\Chat-Land site de chat et de rencontre gratuit.URL
    [2011/09/17 09:21:02 | 000,000,715 | ---- | M] () -- C:\Users\orl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Protection.lnk
    [2011/09/17 09:21:00 | 000,000,000 | ---- | M] () -- C:\Users\orl\tmp1.20
    [2011/09/13 09:02:03 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2011/09/06 22:45:29 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2011/09/06 22:45:29 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2011/09/06 22:45:17 | 000,254,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2011/09/06 22:38:18 | 000,601,944 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2011/09/06 22:38:16 | 000,301,912 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2011/09/06 22:36:41 | 000,058,200 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2011/09/06 22:36:41 | 000,042,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
    [2011/09/06 22:36:30 | 000,065,368 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2011/09/06 22:36:14 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [1 C:\Users\orl\*.tmp files -> C:\Users\orl\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/09/28 08:24:08 | 000,000,320 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
    [2011/09/28 08:23:51 | 000,001,068 | ---- | C] () -- C:\Users\orl\Desktop\Glary Utilities.lnk
    [2011/09/27 08:29:20 | 000,000,396 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
    [2011/09/18 18:48:57 | 000,001,893 | ---- | C] () -- C:\Users\orl\Desktop\AD-R.lnk
    [2011/09/18 13:30:52 | 000,002,095 | ---- | C] () -- C:\Users\orl\Desktop\HijackThis.lnk
    [2011/09/18 11:03:26 | 000,001,180 | ---- | C] () -- C:\Users\orl\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
    [2011/09/18 11:03:26 | 000,001,156 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
    [2011/09/18 10:24:31 | 000,001,140 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2011/09/18 10:24:30 | 000,001,152 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2011/09/18 10:15:37 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2011/09/18 10:15:36 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
    [2011/09/17 18:49:16 | 000,001,843 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2011/09/17 18:49:01 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
    [2011/09/17 12:12:15 | 000,000,011 | ---- | C] () -- C:\Users\orl\logie
    [2011/09/17 12:12:15 | 000,000,011 | ---- | C] () -- C:\Users\orl\logff
    [2011/09/17 12:11:24 | 000,000,114 | ---- | C] () -- C:\Users\orl\Application Data\Microsoft\Internet Explorer\Quick Launch\Chat-Land site de chat et de rencontre gratuit.URL
    [2011/09/17 09:21:02 | 000,000,715 | ---- | C] () -- C:\Users\orl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Protection.lnk
    [2011/09/17 09:21:00 | 000,000,000 | ---- | C] () -- C:\Users\orl\tmp1.20
    [2010/11/24 22:14:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/07/18 22:28:25 | 001,552,872 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010/07/12 14:13:25 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
    [2010/03/11 03:48:24 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll
    [2010/03/11 03:29:03 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
    [2010/03/11 02:52:13 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2009/10/26 05:38:20 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config
    [2009/08/19 10:33:09 | 000,018,432 | ---- | C] () -- C:\Windows\OOBEPlayer.exe
    [2009/08/19 10:33:09 | 000,000,035 | ---- | C] () -- C:\Windows\OOBEPlayer.ini
    [2009/07/29 07:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
    [2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
    [2009/04/08 20:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll
    [2008/05/22 18:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg
    [2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
    [2006/05/19 05:39:57 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini

    ========== LOP Check ==========

    [2010/07/12 14:20:50 | 000,000,000 | -HSD | M] -- C:\Users\orl\AppData\Roaming\.#
    [2010/06/15 21:48:38 | 000,000,000 | ---D | M] -- C:\Users\orl\AppData\Roaming\Asus WebStorage
    [2011/05/04 08:40:22 | 000,000,000 | ---D | M] -- C:\Users\orl\AppData\Roaming\BitZipper
    [2011/09/03 14:06:48 | 000,000,000 | ---D | M] -- C:\Users\orl\AppData\Roaming\Camfrog
    [2010/07/12 14:20:34 | 000,000,000 | ---D | M] -- C:\Users\orl\AppData\Roaming\GameConsole
    [2011/05/06 14:12:49 | 000,000,000 | ---D | M] -- C:\Users\orl\AppData\Roaming\GARMIN
    [2011/09/28 08:39:49 | 000,000,000 | ---D | M] -- C:\Users\orl\AppData\Roaming\GlarySoft
    [2010/11/05 19:55:02 | 000,000,000 | ---D | M] -- C:\Users\orl\AppData\Roaming\LimeWire
    [2010/11/16 15:38:32 | 000,000,000 | ---D | M] -- C:\Users\orl\AppData\Roaming\msn
    [2010/06/11 20:07:31 | 000,000,000 | ---D | M] -- C:\Users\orl\AppData\Roaming\OpenOffice.org
    [2011/06/09 21:21:22 | 000,000,000 | ---D | M] -- C:\Users\orl\AppData\Roaming\Pro Cycling Manager 2010
    [2011/09/26 23:05:23 | 000,000,000 | ---D | M] -- C:\Users\orl\AppData\Roaming\Pro Cycling Manager 2011
    [2010/07/18 22:21:05 | 000,000,000 | ---D | M] -- C:\Users\orl\AppData\Roaming\Samsung
    [2010/11/24 22:05:12 | 000,000,000 | ---D | M] -- C:\Users\orl\AppData\Roaming\Spotify
    [2011/09/28 13:22:53 | 000,000,396 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
    [2011/09/28 13:27:04 | 000,000,320 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
    [2011/09/04 21:51:17 | 000,032,482 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:734E442A

    < End of report >
    28 Septembre 2011 22:33:55

    re


  • Double-clique sur OTL pour le lancer.
    (Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
  • Sous l'onglet Personnalisation (dans le cadre blanc) en bas de la fenêtre, copie-colle le texte que tu auras récupéré à partir du lien suivant

    http://www.sendspace.com/file/lew2u1


  • Puis clique sur le bouton Correction en haut de la fenêtre.
  • Laisse le programme travailler, redémarre une fois le fix terminé.
  • Poste le rapport qui s'affichera après redémarrage.


    +++++++++++++++



    Rends toi sur ce lien : Virus Total
  • Clique sur Parcourir

  • Analyse le fichier en gras et poste le rapport.

    C:\Users\orl\Protection1223.exe

  • Si une fenêtre indique que le fichier a déjà été analysé, clique sur réanalyser le fichier maintenant.

    Aide:
    http://forum.malekal.com/virustotal-comment-scanner-fic...

    4 Octobre 2011 17:32:10

    re

    J'ai effectué la première manip de correction avec OTL mais lors du redémarrage je n'ai pas eu de rapport.

    Ensuite pour la manip avec Virus Total, je n'ai pas trouvé le fichier: C:\Users\orl\Protection1223.exe
    Mais à la place j'ai eu C:\Users\orl\Protection1228.exe , je l'ai tout de même analysé et voici le rapport:

    0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
    File name:
    Protection1228.exe
    Submission date:
    2011-10-04 15:17:10 (UTC)
    Current status:
    finished
    Result:
    1/ 43 (2.3%)

    VT Community

    not reviewed
    Safety score: -
    Compact
    Print results
    Antivirus Version Last Update Result
    AhnLab-V3 2011.10.03.00 2011.10.03 -
    AntiVir 7.11.15.97 2011.10.04 -
    Antiy-AVL 2.0.3.7 2011.10.04 -
    Avast 6.0.1289.0 2011.10.04 -
    AVG 10.0.0.1190 2011.10.04 -
    BitDefender 7.2 2011.10.04 -
    ByteHero 1.0.0.1 2011.09.23 -
    CAT-QuickHeal 11.00 2011.10.04 -
    ClamAV 0.97.0.0 2011.10.04 -
    Commtouch 5.3.2.6 2011.10.04 -
    Comodo 10340 2011.10.04 -
    DrWeb 5.0.2.03300 2011.10.04 -
    Emsisoft 5.1.0.11 2011.10.04 -
    eSafe 7.0.17.0 2011.10.03 -
    eTrust-Vet 36.1.8596 2011.10.04 -
    F-Prot 4.6.2.117 2011.10.03 -
    F-Secure 9.0.16440.0 2011.10.04 -
    Fortinet 4.3.370.0 2011.10.04 -
    GData 22 2011.10.04 -
    Ikarus T3.1.1.107.0 2011.10.04 -
    Jiangmin 13.0.900 2011.10.04 -
    K7AntiVirus 9.114.5242 2011.10.04 -
    Kaspersky 9.0.0.837 2011.10.04 UDS:D angerousObject.Multi.Generic
    McAfee 5.400.0.1158 2011.10.04 -
    McAfee-GW-Edition 2010.1D 2011.10.03 -
    Microsoft 1.7702 2011.10.04 -
    NOD32 6515 2011.10.04 -
    Norman 6.07.11 2011.10.03 -
    nProtect 2011-10-04.01 2011.10.04 -
    Panda 10.0.3.5 2011.10.03 -
    PCTools 8.0.0.5 2011.10.04 -
    Prevx 3.0 2011.10.04 -
    Rising 23.77.04.01 2011.09.30 -
    Sophos 4.69.0 2011.10.04 -
    SUPERAntiSpyware 4.40.0.1006 2011.10.04 -
    Symantec 20111.2.0.82 2011.10.04 -
    TheHacker 6.7.0.1.316 2011.10.04 -
    TrendMicro 9.500.0.1008 2011.10.04 -
    TrendMicro-HouseCall 9.500.0.1008 2011.10.04 -
    VBA32 3.12.16.4 2011.10.03 -
    VIPRE 10657 2011.10.04 -
    ViRobot 2011.10.4.4701 2011.10.04 -
    VirusBuster 14.0.246.0 2011.10.03 -
    Additional information
    MD5 : 15f368770f3897b73f27653d91840783
    SHA1 : 93548b2c1959024d1dcc5557e12ad106e110b3f6
    SHA256: 575e5e093faa754766bd92ff621265647e1eb1eeccecf87aa5524ebc6c4d3104
    ssdeep: 12288:3JSIj+phS9JSIj+phS9JSIj+phSNDhMtX3jQsiuJSIjuphS:cIjch1Ijch1IjchalMtHa
    jIjMh
    File size : 696320 bytes
    First seen: 2011-10-04 15:17:10
    Last seen : 2011-10-04 15:17:10
    TrID:
    Windows Screen Saver (47.2%)
    Win32 Executable Generic (30.7%)
    Win16/32 Executable Delphi generic (7.4%)
    Generic Win/DOS Executable (7.2%)
    DOS Executable Generic (7.2%)
    sigcheck:
    publisher....: Copyright
    copyright....: Copyright (c) 2010
    product......: binternet
    description..: Protection
    original name: Protection.exe
    internal name: Protection.exe
    file version.: 12.28.0.0
    comments.....: Copyright
    signers......: -
    signing date.: -
    verified.....: Unsigned
    PEInfo: PE structure information

    [[ basic data ]]
    entrypointaddress: 0x88C7E
    timedatestamp....: 0x4E8AD65D (Tue Oct 04 09:48:13 2011)
    machinetype......: 0x14c (I386)

    [[ 4 section(s) ]]
    name, viradd, virsiz, rawdsiz, ntropy, md5
    .text, 0x2000, 0x86C84, 0x86E00, 6.85, 0768fe4f85603aa115ebc885a4d945ae
    .sdata, 0x8A000, 0x82, 0x200, 1.83, 159a401ac6d8452cc778446455cf3369
    .rsrc, 0x8C000, 0x22918, 0x22A00, 6.71, d1fcfbf6852ad3deda8e91e8129318b3
    .reloc, 0xB0000, 0xC, 0x200, 0.10, 78359f8abc750260195c790fdf94f29c

    [[ 1 import(s) ]]
    mscoree.dll: _CorExeMain
    ExifTool:
    file metadata
    AssemblyVersion: 12.28.0.0
    CharacterSet: Unicode
    CodeSize: 552448
    Comments: Copyright
    CompanyName: Copyright
    EntryPoint: 0x88c7e
    FileDescription: Protection
    FileFlagsMask: 0x003f
    FileOS: Win32
    FileSize: 680 kB
    FileSubtype: 0
    FileType: Win32 EXE
    FileVersion: 12.28.0.0
    FileVersionNumber: 12.28.0.0
    ImageVersion: 0.0
    InitializedDataSize: 142848
    InternalName: Protection.exe
    LanguageCode: Neutral
    LegalCopyright: Copyright 2010
    LinkerVersion: 8.0
    MIMEType: application/octet-stream
    MachineType: Intel 386 or later, and compatibles
    OSVersion: 4.0
    ObjectFileType: Executable application
    OriginalFilename: Protection.exe
    PEType: PE32
    ProductName: binternet
    ProductVersion: 12.28.0.0
    ProductVersionNumber: 12.28.0.0
    Subsystem: Windows GUI
    SubsystemVersion: 4.0
    TimeStamp: 2011:10:04 11:48:13+02:00
    UninitializedDataSize: 0
    Symantec reputation:Suspicious.Insight
    4 Octobre 2011 22:12:27

    Bonsoir :) 
    bof, je sais pas trop...une seule détection, je pense pas que cela soit infectieux.
    ça te dit rien le dossier orl? Ma déformation professionnelle me ferait dire Observation Réfléchie de la Langue, mais à mon avis, ce n'est pas ça ;O)
    vu le nom, pour avoir des infos sur google, c'est wallou...

    5 Octobre 2011 08:43:28

    Bonjour,

    orl c'est le nom que j'ai donné à mon ordi, c'est mon pseudo à moi également... Si ça peut t'aider!

    Sur mon ordi je n'ai récupéré aucun autre soucis, mis à part cette page qui s'ouvre automatiquement au démarrage de mon navigateur: www.search-web.net
    Moteur de recherche bidon qui m'oriente vers tout et n'importe quoi!

    Merci de ton aide jusque là en tout cas, tu penses qu'il y a une issue favorable possible?
    7 Octobre 2011 13:13:45

    Voila le dernier rapport d'analyse OTL:

    OTL logfile created on: 07/10/2011 12:51:38 - Run 1
    OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\orl\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    4,00 Gb Total Physical Memory | 1,70 Gb Available Physical Memory | 42,62% Memory free
    8,00 Gb Paging File | 5,44 Gb Available in Paging File | 68,05% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 116,44 Gb Total Space | 60,79 Gb Free Space | 52,21% Space Free | Partition Type: NTFS
    Drive D: | 334,67 Gb Total Space | 171,40 Gb Free Space | 51,21% Space Free | Partition Type: NTFS
    Drive E: | 4,07 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

    Computer Name: ORL-NOTEBOOK | User Name: orl | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/10/07 12:40:05 | 000,696,320 | ---- | M] (Copyright) -- C:\Users\orl\Protection1231.exe
    PRC - [2011/10/06 19:44:16 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2011/09/27 08:36:42 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\orl\Downloads\OTL.exe
    PRC - [2011/09/18 12:12:29 | 000,928,496 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
    PRC - [2011/09/06 22:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2011/06/25 10:03:31 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    PRC - [2010/07/04 19:13:56 | 000,095,576 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
    PRC - [2010/03/11 03:48:30 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
    PRC - [2009/11/24 23:45:36 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
    PRC - [2009/11/12 20:10:06 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    PRC - [2009/11/03 00:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    PRC - [2009/08/17 19:58:46 | 006,859,392 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
    PRC - [2009/06/19 20:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
    PRC - [2009/05/19 01:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    PRC - [2009/04/20 21:09:30 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
    PRC - [2007/11/30 21:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/10/06 19:44:16 | 001,833,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2011/09/30 09:59:02 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\47a4b624c147aae197214d4ee5f0661b\Microsoft.VisualBasic.ni.dll
    MOD - [2011/09/29 13:30:36 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e3e3b399b69c569ab1ed3b0ace2c8c20\System.Runtime.Remoting.ni.dll
    MOD - [2011/09/29 13:30:00 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll
    MOD - [2011/09/29 13:29:52 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll
    MOD - [2011/09/29 13:29:29 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll
    MOD - [2011/09/29 13:29:25 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll
    MOD - [2011/09/29 13:29:24 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll
    MOD - [2011/09/29 13:29:16 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll
    MOD - [2011/09/27 14:01:12 | 000,076,800 | ---- | M] () -- C:\Users\orl\AppData\Roaming\Mozilla\Firefox\Profiles\lr23rmxs.default\extensions\{59994074-c06d-4a75-9768-49e5a8c21264}\components\RadioWMPCoreGecko7.dll
    MOD - [2011/09/13 09:02:03 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    MOD - [2010/11/13 01:52:13 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.resources.dll
    MOD - [2010/06/03 13:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2009/11/24 23:45:36 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
    MOD - [2009/11/12 20:10:06 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    MOD - [2009/11/03 00:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
    MOD - [2009/11/03 00:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
    MOD - [2009/09/23 21:07:14 | 000,204,800 | ---- | M] () -- C:\Program Files (x86)\ASUS\VirtualCamera\virtualCamera.ax
    MOD - [2009/08/04 12:01:43 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
    MOD - [2007/11/30 21:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/09/06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2011/06/27 21:27:40 | 000,551,896 | ---- | M] (Protection Technology) [Auto | Stopped] -- C:\Windows\SysNative\appdrvrem01.exe -- (appdrvrem01)
    SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2010/02/23 13:21:40 | 000,859,640 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
    SRV:64bit: - [2009/10/02 05:38:17 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2009/09/29 18:32:31 | 000,570,632 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
    SRV:64bit: - [2009/09/29 18:32:29 | 000,917,768 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
    SRV:64bit: - [2009/09/17 21:36:34 | 000,359,552 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
    SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
    SRV:64bit: - [2007/08/08 10:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
    SRV - [2011/09/18 12:12:27 | 001,378,040 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
    SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/16 03:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
    SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/09/06 22:38:18 | 000,601,944 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2011/09/06 22:38:16 | 000,301,912 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2011/09/06 22:36:41 | 000,058,200 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2011/09/06 22:36:41 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
    DRV:64bit: - [2011/09/06 22:36:30 | 000,065,368 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2011/09/06 22:36:14 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2011/06/27 21:27:40 | 003,852,976 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\appdrv01.sys -- (appdrv01) Application Driver (01)
    DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2010/11/22 10:50:19 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
    DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2010/06/14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
    DRV:64bit: - [2010/04/27 04:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
    DRV:64bit: - [2010/04/27 04:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
    DRV:64bit: - [2010/04/27 04:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
    DRV:64bit: - [2009/12/04 18:40:30 | 000,265,744 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmxpflt.sys -- (tmxpflt)
    DRV:64bit: - [2009/12/04 18:39:44 | 000,042,000 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmpreflt.sys -- (tmpreflt)
    DRV:64bit: - [2009/12/04 18:30:22 | 002,007,056 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vsapint.sys -- (vsapint)
    DRV:64bit: - [2009/10/15 11:23:19 | 000,117,760 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
    DRV:64bit: - [2009/10/05 03:33:59 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2009/10/02 06:11:13 | 006,182,400 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2009/09/29 18:33:17 | 000,107,536 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
    DRV:64bit: - [2009/08/21 08:48:17 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
    DRV:64bit: - [2009/08/12 05:38:01 | 001,799,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
    DRV:64bit: - [2009/07/20 11:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
    DRV:64bit: - [2009/07/17 08:00:11 | 000,068,664 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009/07/17 08:00:11 | 000,029,240 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/09 10:11:31 | 001,222,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
    DRV:64bit: - [2009/06/18 22:18:10 | 000,015,928 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lullaby.sys -- (lullaby)
    DRV:64bit: - [2009/06/10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
    DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/06/05 13:53:42 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
    DRV:64bit: - [2009/05/23 00:52:29 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/05/13 03:07:19 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
    DRV:64bit: - [2009/05/05 16:00:27 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
    DRV:64bit: - [2008/05/24 03:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV:64bit: - [2007/07/24 21:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
    DRV - [2010/11/22 10:50:21 | 000,017,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
    DRV - [2010/06/14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
    DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.search-web.net
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "about:home"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {59994074-c06d-4a75-9768-49e5a8c21264}:3.2.3.3
    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.3.3
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
    FF - prefs.js..keyword.URL: "http://www.search-web.net/results.php?cx=partner-pub-48..."

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/25 10:03:56 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/09/17 18:47:30 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/06 19:44:17 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/30 09:29:41 | 000,000,000 | ---D | M]

    [2010/07/11 20:34:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\orl\AppData\Roaming\mozilla\Extensions
    [2010/07/11 20:34:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\orl\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
    [2011/09/28 08:43:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\orl\AppData\Roaming\mozilla\Firefox\Profiles\lr23rmxs.default\extensions
    [2011/09/28 08:43:57 | 000,000,000 | ---D | M] (Messenger Plus Live France Community Toolbar) -- C:\Users\orl\AppData\Roaming\mozilla\Firefox\Profiles\lr23rmxs.default\extensions\{59994074-c06d-4a75-9768-49e5a8c21264}
    [2011/09/28 08:26:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2010/11/24 22:13:57 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2010/06/11 19:24:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/12/17 15:41:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/09/28 08:26:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    [2011/09/17 18:47:30 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
    [2011/10/06 19:44:17 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2011/10/06 19:44:13 | 000,001,516 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-france.xml
    [2011/10/06 19:44:13 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2011/10/06 19:44:13 | 000,001,822 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
    [2011/10/06 19:44:13 | 000,001,154 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-france.xml
    [2011/10/06 19:44:13 | 000,001,426 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-fr.xml
    [2011/10/06 19:44:13 | 000,000,956 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-france.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:o riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.163\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.163\pdf.dll
    CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.163\gears.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: SocialPlus! = C:\Users\orl\AppData\Local\Google\Chrome\User Data\Default\Extensions\eidogommnbbcgnhfjkcgjnlonijjhmjl\2.5.6_0\
    CHR - Extension: avast! WebRep = C:\Users\orl\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\
    CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\orl\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\

    O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
    O4:64bit: - HKLM..\Run: [EeeStorageBackup] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
    O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
    O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
    O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
    O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
    O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
    O4 - HKCU..\Run: [Protection] C:\Users\orl\Protection1231.exe (Copyright)
    O4 - Startup: C:\Users\orl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Protection.lnk = File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
    O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
    O8:64bit: - Extra context menu item: Recherche avec search-web - C:\Users\orl\AppData\Local\Temp\scriptjava.html File not found
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: Recherche avec search-web - C:\Users\orl\AppData\Local\Temp\scriptjava.html File not found
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - Reg Error: Key error. File not found
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: chat-land.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: chat-land.net ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: chat-land.org ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: search-web.net ([]* in Trusted sites)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-wind... (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-wind... (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-wind... (Java Plug-in 1.6.0_26)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C3AA09E-121D-4F85-B15D-36DB9BF763B2}: DhcpNameServer = 212.27.40.240 212.27.40.241
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D20BF40C-633D-4DBA-8AB2-678C01387B50}: DhcpNameServer = 10.10.0.1 156.154.70.1 156.154.71.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2011/06/03 15:01:07 | 000,000,059 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
    O33 - MountPoints2\{0e497bcc-2caf-11df-a332-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{0e497bcc-2caf-11df-a332-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Launcher.exe -- [2011/06/03 15:01:08 | 000,305,056 | R--- | M] (Cyanide)
    O33 - MountPoints2\{2058a5a3-2720-11e0-9622-bb9750477bdd}\Shell - "" = AutoRun
    O33 - MountPoints2\{2058a5a3-2720-11e0-9622-bb9750477bdd}\Shell\AutoRun\command - "" = "K:\WD SmartWare.exe" autoplay=true
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/10/07 12:40:00 | 000,696,320 | ---- | C] (Copyright) -- C:\Users\orl\Protection1231.exe
    [2011/10/07 12:39:31 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{6D56D13B-A8CA-4D5E-A505-ECF2E424765C}
    [2011/10/07 12:39:02 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{DE353BE6-BBC2-4E29-A1F3-FBBC7F6B2F44}
    [2011/10/07 08:59:37 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{1DC7CF71-C5A6-41A4-9BF1-A7ABA85DB7FF}
    [2011/10/07 08:59:22 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{5C6FE000-0707-412E-BC28-735B025C5C65}
    [2011/10/06 19:42:20 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{FE7E2BB8-1F32-48A2-A0C9-ABF7E9F0DC56}
    [2011/10/06 19:42:06 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{D52DC6C7-0617-4947-936A-EA970367E84A}
    [2011/10/06 12:31:31 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{BFC8F07A-FC65-4845-8564-D9F38E1A16B6}
    [2011/10/06 12:31:02 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{B336BDD9-BC16-4243-974E-D800143A5FAC}
    [2011/10/06 09:26:16 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{2E2DCE59-849B-43D1-8EF3-CB1C33ED27D4}
    [2011/10/06 09:26:04 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{C5770695-38A7-4179-B6E2-AAFC7A02FA11}
    [2011/10/06 08:14:52 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{9C9C9BBF-7415-46BE-89B7-D6CF0E3C27CC}
    [2011/10/06 08:14:33 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{3ECFBB7D-2B40-4D06-B962-481A304369B8}
    [2011/10/05 17:48:20 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{B9E9A155-948C-4DB6-92DA-F7887196AAD7}
    [2011/10/05 17:48:08 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{E15DCD95-4408-4EE8-814E-6F54003052B6}
    [2011/10/05 13:11:59 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{D1C1164F-41E8-4F80-915D-F1DFDE8B4028}
    [2011/10/05 13:11:48 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{352927DA-FC68-4C43-926C-31473F8FAD12}
    [2011/10/05 08:12:58 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{346FD029-8BB5-4B98-9D15-D508109279AA}
    [2011/10/05 08:12:23 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{18024BF0-CCEA-4E0F-B635-B429BA7124B3}
    [2011/10/04 17:05:27 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{32A863EC-728D-4068-A606-115470F9C775}
    [2011/10/04 17:05:02 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{AED3F7AA-B5B4-4ABD-883F-A7DD4441545F}
    [2011/10/04 16:43:49 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{34B5705F-FC57-4865-86C2-E1056A82D9BA}
    [2011/10/04 16:43:33 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{5B4CF0C2-B3D9-4AF3-A08C-8BC9E2B582CD}
    [2011/10/04 16:18:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
    [2011/10/04 16:17:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
    [2011/10/04 14:39:41 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{C7EAEA41-507F-4232-B6F1-9E04E41FD999}
    [2011/10/04 14:38:27 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{20F02AAA-91BE-47FA-A071-F7F82E21538D}
    [2011/10/03 20:21:22 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{236B8A67-E87C-4EFD-BC12-788C0A1EAA63}
    [2011/10/03 10:09:48 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{FE9CDD07-C0A4-4780-9618-FFE8518FA5E3}
    [2011/10/02 21:28:30 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{D6EB74FE-C6B5-46F2-B9B1-22CFC0A01DCF}
    [2011/10/02 11:08:05 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{B8F228B9-31A7-4F16-8542-EDBC9171B1D9}
    [2011/10/01 09:14:00 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{96D6297E-16ED-4CA3-B8AB-C1A51105C42B}
    [2011/09/30 12:46:20 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{80B1B458-7340-40C8-BB6B-989012B08219}
    [2011/09/30 12:45:57 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{A34EC8FA-5605-4BB5-8DF0-15BC8DB84E1E}
    [2011/09/30 10:32:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
    [2011/09/30 09:29:57 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\Microsoft Help
    [2011/09/30 09:25:37 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{DB2AA017-BD31-406E-9341-DB6646EE1917}
    [2011/09/30 09:07:37 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\Seven Zip
    [2011/09/30 08:45:48 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{4D4BA50F-404E-47D2-8423-FD1FE834FF60}
    [2011/09/30 08:45:18 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{70690A3E-21FD-4332-B50F-B0D82862F171}
    [2011/09/29 21:39:29 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{73F93C84-E25A-439A-A777-917255D43507}
    [2011/09/29 13:24:27 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{D2938136-D991-427E-9E74-9D457FBDB0AD}
    [2011/09/29 13:24:00 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{4A30C043-1E42-4514-82DC-7210705E4E48}
    [2011/09/29 08:04:40 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{69DD3F19-5DA5-4167-AAC9-0FCD8D8ACBAA}
    [2011/09/29 08:04:20 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{BE12E02C-5B22-4687-85A7-02895CB7D08F}
    [2011/09/28 13:29:02 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{645A90D2-2C4E-4C32-8746-5B4862DD0ACB}
    [2011/09/28 13:28:34 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{EC94454D-851D-4F56-9F9F-1400B90FF19D}
    [2011/09/28 08:29:00 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Roaming\GlarySoft
    [2011/09/28 08:26:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2011/09/28 08:25:59 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
    [2011/09/28 08:25:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
    [2011/09/28 08:25:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
    [2011/09/28 08:25:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
    [2011/09/28 08:23:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities
    [2011/09/28 08:23:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
    [2011/09/28 08:23:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities
    [2011/09/27 22:44:15 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{D71285BF-37E1-4E3E-B7B4-BEAE4C3652D3}
    [2011/09/27 22:43:59 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{FF07F0AC-4FB3-4CB2-934C-C02E15FC79AF}
    [2011/09/27 08:27:37 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{1DC65CEA-5391-4A9E-BB3E-31733DDD44B2}
    [2011/09/27 08:27:18 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{7AD23C0E-F459-4BFD-B026-E6450B32FACD}
    [2011/09/26 21:48:22 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{4AEF3ACC-3CCE-448B-BD26-009FD96248FD}
    [2011/09/23 21:47:08 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{3690D743-6624-40BD-890A-C141E156E4B0}
    [2011/09/23 13:17:18 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{9E03C68D-6355-46EB-9BA8-3C3C21AEE9E7}
    [2011/09/22 21:54:03 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{B29FBAD1-DEBC-448E-9D4C-ECA5F27F637F}
    [2011/09/22 12:37:51 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{C5DFA11E-216D-4519-BC58-DC1286F3C01A}
    [2011/09/21 22:04:02 | 000,000,000 | ---D | C] -- C:\Users\orl\Desktop\Classeur HSCT 18-02-11
    [2011/09/21 21:28:18 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{A7FE1409-E587-49B1-A8D9-C6C6D754716D}
    [2011/09/21 12:45:07 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{C0A8ECA0-D819-48E4-944E-B2E022E21946}
    [2011/09/20 21:46:21 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{0797847F-33AA-4E41-9653-B97D080325E5}
    [2011/09/20 10:53:35 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{A634E4B0-7D08-404E-9AED-08A0043E921F}
    [2011/09/19 22:05:57 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{05B1522A-0942-434D-97D2-9C593A9B09B0}
    [2011/09/19 06:51:45 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{665F8A54-1F6D-4580-964B-7864BC97249F}
    [2011/09/19 06:51:23 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{E63BAF0B-D89F-4210-8B43-7BF1487EDAD8}
    [2011/09/18 19:45:11 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{2E5377AD-9BE1-4737-AF8A-BCE909A7118B}
    [2011/09/18 19:44:58 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{590C2DF9-917B-4405-83CC-A7D95F672EF5}
    [2011/09/18 18:48:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Remover
    [2011/09/18 13:30:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
    [2011/09/18 13:30:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
    [2011/09/18 12:18:22 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{EF3E1B44-E21A-4066-80E2-AB397AD046D0}
    [2011/09/18 12:18:07 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{77F555DD-384E-428A-A17F-20C50A2E4FD2}
    [2011/09/18 12:13:02 | 000,069,152 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
    [2011/09/18 12:12:57 | 000,049,752 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
    [2011/09/18 12:03:49 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\Sunbelt Software
    [2011/09/18 11:03:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\{589802B2-1BF3-4609-9ADE-CF6E6608D06D}
    [2011/09/18 11:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
    [2011/09/18 11:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
    [2011/09/18 11:03:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
    [2011/09/18 10:14:10 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{07817E65-2C07-440E-B333-13756859B6E2}
    [2011/09/18 10:13:58 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{9B1BBE27-12C6-4E57-865F-BE05283BA5A7}
    [2011/09/18 07:04:02 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Roaming\Malwarebytes
    [2011/09/18 07:03:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/09/18 07:03:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/09/18 07:03:36 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2011/09/18 07:03:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2011/09/18 00:27:50 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{36B2BC29-ABFB-423F-AAFD-BAB3A9ED30EB}
    [2011/09/18 00:27:36 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{06D03621-4AFE-415D-A6BD-A98A0E87E757}
    [2011/09/17 18:49:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2011/09/17 18:49:14 | 000,301,912 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2011/09/17 18:49:14 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2011/09/17 18:49:11 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
    [2011/09/17 18:49:09 | 000,058,200 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2011/09/17 18:49:06 | 000,601,944 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2011/09/17 18:49:01 | 000,254,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2011/09/17 18:49:01 | 000,065,368 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2011/09/17 18:47:22 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2011/09/17 18:47:21 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2011/09/17 18:47:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2011/09/17 18:47:14 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2011/09/17 18:36:36 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{B849FB76-E985-44FA-87CF-52C614889CED}
    [2011/09/17 18:36:23 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{2C5D4203-6B9C-4B4A-8EB4-0957CCD5462F}
    [2011/09/17 18:14:55 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{0352A802-CB1F-45EB-AACD-C4677A3F3F60}
    [2011/09/17 18:14:42 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{E2CC729F-BFEB-4ABD-8A72-EC000AFBC183}
    [2011/09/17 12:12:48 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{1044261D-8E80-4BD7-B258-392F88D1CD62}
    [2011/09/17 12:12:35 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{0A22A97E-9867-4F02-8431-9B687A57A884}
    [2011/09/17 09:28:11 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{D343807B-9B22-4FF9-B59A-85A5F4AE03C9}
    [2011/09/17 09:27:59 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{E1E3F763-A4DF-44F4-ADCA-4D3FE035AD49}
    [2011/09/17 08:24:39 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{31A81C88-3A3C-43D9-B55B-9527DCD9C485}
    [2011/09/17 08:24:26 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{758F64E6-D79D-401E-8F0E-CFF43D86C35E}
    [2011/09/16 11:43:10 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{88CBCBD8-8C49-4F72-9A2F-F42EA34D2DDC}
    [2011/09/15 17:53:08 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{9AFFF728-99C2-4AC3-ADD8-93004E382677}
    [2011/09/15 17:52:52 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{8C388547-C001-4D37-9578-53D46AAE2F08}
    [2011/09/15 11:55:21 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{A79A2762-A21B-4DAF-B91F-F8C349C331EA}
    [2011/09/15 11:54:59 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{A02E53D7-11B2-4510-8126-5081DA087F97}
    [2011/09/14 19:18:17 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{9478BF1E-77C0-4BE2-BD1C-7076BBBC2E49}
    [2011/09/14 19:17:38 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{338E740C-A636-4F9E-9872-0F737275FE5D}
    [2011/09/14 18:34:29 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{1C0BAB38-01C5-43C9-BEDF-5880A8170208}
    [2011/09/14 18:34:11 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{42AD2C6A-F4F7-43F9-A3F7-939C641BF082}
    [2011/09/13 19:34:32 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{763C6A22-E825-4C1E-9590-0B96E7936FE8}
    [2011/09/13 19:34:17 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{F8E86966-8528-4834-9F5C-4F7911CC19C4}
    [2011/09/13 09:02:11 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{7B08501A-7E23-48EA-8214-7E180CD0F70E}
    [2011/09/13 09:01:56 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{60E2A92A-282F-4060-8D40-3F4E6625F4DE}
    [2011/09/12 10:28:02 | 000,000,000 | ---D | C] -- C:\Windows\system64
    [2011/09/12 08:03:04 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{06F08839-2A4A-497A-A62F-13E9AAF63114}
    [2011/09/11 09:28:07 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{847F5037-AE7C-4CAF-AE62-925B8D459E6C}
    [2011/09/10 21:53:33 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{2044F9AE-E48B-4547-8051-6FCF7905CDDF}
    [2011/09/10 13:20:47 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{8901C7EB-12FE-4F7F-B1C6-78B2C13817A9}
    [2011/09/09 22:10:15 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{720890FB-77FC-4560-A67F-B5B85A09886F}
    [2011/09/09 13:01:21 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{953D4B77-EB32-475B-BF6A-CD4B7A7287B3}
    [2011/09/08 21:41:25 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{2A8FF9E0-DEB1-4307-8C28-01FC37A218B1}
    [2011/09/08 12:28:52 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{4A0C7F22-5A27-472F-8089-EE60FB10CF6E}
    [2011/09/08 08:42:59 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{CAC377C0-73D0-492F-941E-FB79BB23FFC9}
    [2011/09/07 22:00:48 | 000,000,000 | ---D | C] -- C:\Users\orl\AppData\Local\{F51CB9AD-276F-44B4-9ECC-1D20499D157C}
    [2008/08/12 07:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll
    [1 C:\Users\orl\*.tmp files -> C:\Users\orl\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/10/07 13:00:43 | 000,000,011 | ---- | M] () -- C:\Users\orl\logie
    [2011/10/07 12:46:29 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/10/07 12:46:28 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/10/07 12:41:10 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
    [2011/10/07 12:40:05 | 000,696,320 | ---- | M] (Copyright) -- C:\Users\orl\Protection1231.exe
    [2011/10/07 12:38:09 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/10/07 12:37:53 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
    [2011/10/07 12:37:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/10/07 12:36:54 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys
    [2011/10/07 10:24:00 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/10/05 14:25:56 | 000,000,008 | ---- | M] () -- C:\Users\orl\logff
    [2011/10/01 10:22:17 | 000,027,249 | ---- | M] () -- C:\Users\orl\Documents\MES RESULTATS 2011.ods
    [2011/09/30 12:43:13 | 000,472,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2011/09/29 08:09:11 | 001,557,414 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011/09/29 08:09:11 | 000,707,236 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
    [2011/09/29 08:09:11 | 000,618,912 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/09/29 08:09:11 | 000,131,632 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
    [2011/09/29 08:09:11 | 000,107,232 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011/09/28 08:40:05 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll
    [2011/09/28 08:40:05 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll
    [2011/09/28 08:23:51 | 000,001,068 | ---- | M] () -- C:\Users\orl\Desktop\Glary Utilities.lnk
    [2011/09/18 19:31:40 | 000,001,893 | ---- | M] () -- C:\Users\orl\Desktop\AD-R.lnk
    [2011/09/18 13:30:52 | 000,002,095 | ---- | M] () -- C:\Users\orl\Desktop\HijackThis.lnk
    [2011/09/18 12:16:19 | 000,001,411 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
    [2011/09/18 12:12:54 | 000,049,752 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
    [2011/09/18 11:03:26 | 000,001,180 | ---- | M] () -- C:\Users\orl\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
    [2011/09/18 11:03:26 | 000,001,156 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
    [2011/09/18 10:24:31 | 000,001,140 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2011/09/18 10:16:39 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2011/09/18 10:12:18 | 000,002,152 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
    [2011/09/17 18:49:16 | 000,001,843 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2011/09/17 18:49:01 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2011/09/17 12:11:24 | 000,000,114 | ---- | M] () -- C:\Users\orl\Application Data\Microsoft\Internet Explorer\Quick Launch\Chat-Land site de chat et de rencontre gratuit.URL
    [2011/09/17 09:21:02 | 000,000,715 | ---- | M] () -- C:\Users\orl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Protection.lnk
    [2011/09/17 09:21:00 | 000,000,000 | ---- | M] () -- C:\Users\orl\tmp1.20
    [2011/09/13 09:02:03 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [1 C:\Users\orl\*.tmp files -> C:\Users\orl\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/10/05 17:48:31 | 000,000,396 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
    [2011/10/01 10:22:15 | 000,027,249 | ---- | C] () -- C:\Users\orl\Documents\MES RESULTATS 2011.ods
    [2011/09/28 08:24:08 | 000,000,320 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
    [2011/09/28 08:23:51 | 000,001,068 | ---- | C] () -- C:\Users\orl\Desktop\Glary Utilities.lnk
    [2011/09/18 18:48:57 | 000,001,893 | ---- | C] () -- C:\Users\orl\Desktop\AD-R.lnk
    [2011/09/18 13:30:52 | 000,002,095 | ---- | C] () -- C:\Users\orl\Desktop\HijackThis.lnk
    [2011/09/18 11:03:26 | 000,001,180 | ---- | C] () -- C:\Users\orl\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
    [2011/09/18 11:03:26 | 000,001,156 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
    [2011/09/18 10:24:31 | 000,001,140 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2011/09/18 10:24:30 | 000,001,152 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2011/09/18 10:15:37 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2011/09/18 10:15:36 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
    [2011/09/17 18:49:16 | 000,001,843 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2011/09/17 18:49:01 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
    [2011/09/17 12:12:15 | 000,000,011 | ---- | C] () -- C:\Users\orl\logie
    [2011/09/17 12:12:15 | 000,000,008 | ---- | C] () -- C:\Users\orl\logff
    [2011/09/17 12:11:24 | 000,000,114 | ---- | C] () -- C:\Users\orl\Application Data\Microsoft\Internet Explorer\Quick Launch\Chat-Land site de chat et de rencontre gratuit.URL
    [2011/09/17 09:21:02 | 000,000,715 | ---- | C] () -- C:\Users\orl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Protection.lnk
    [2011/09/17 09:21:00 | 000,000,000 | ---- | C] () -- C:\Users\orl\tmp1.20
    [2010/11/24 22:14:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/07/18 22:28:25 | 001,552,872 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010/07/12 14:13:25 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
    [2010/03/11 03:48:24 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll
    [2010/03/11 03:29:03 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
    [2010/03/11 02:52:13 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2009/10/26 05:38:20 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config
    [2009/08/19 10:33:09 | 000,018,432 | ---- | C] () -- C:\Windows\OOBEPlayer.exe
    [2009/08/19 10:33:09 | 000,000,035 | ---- | C] () -- C:\Windows\OOBEPlayer.ini
    [2009/07/29 07:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
    [2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
    [2009/04/08 20:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll
    [2008/05/22 18:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg
    [2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
    [2006/05/19 05:39:57 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:734E442A

    < End of report >
    7 Octobre 2011 13:38:48

    OTL Extras logfile created on: 07/10/2011 12:51:38 - Run 1
    OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\orl\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    4,00 Gb Total Physical Memory | 1,70 Gb Available Physical Memory | 42,62% Memory free
    8,00 Gb Paging File | 5,44 Gb Available in Paging File | 68,05% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 116,44 Gb Total Space | 60,79 Gb Free Space | 52,21% Space Free | Partition Type: NTFS
    Drive D: | 334,67 Gb Total Space | 171,40 Gb Free Space | 51,21% Space Free | Partition Type: NTFS
    Drive E: | 4,07 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

    Computer Name: ORL-NOTEBOOK | User Name: orl | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1
    htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1
    http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1
    htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1
    http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "AutoUpdateDisableNotify" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
    "{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{28D73032-5DAA-4F83-B154-85105DBCCB92}" = iTunes
    "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    "{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
    "{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
    "{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
    "{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
    "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
    "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{90120000-0028-0404-1000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2007
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0404-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Chinese (Traditional)) 2007
    "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
    "{90120000-002A-0408-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Greek) 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-002A-040C-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (French) 2007
    "{90120000-002A-040D-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Hebrew) 2007
    "{90120000-002A-0410-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Italian) 2007
    "{90120000-002A-0413-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Dutch) 2007
    "{90120000-002A-0816-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Portuguese (Portugal)) 2007
    "{90120000-002A-0C0A-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Spanish) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9D2B0322-44AE-460E-9283-4D2D7A9205AE}" = Trend Micro Internet Security
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B4F9E407-95F4-EAA4-B253-C1FE391E0A6C}" = ATI Catalyst Install Manager
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FE4BE0BD-1EDB-4D24-9614-847B3C472887}" = Windows Live Family Safety
    "{FF8BC37A-2DFB-95B6-4F09-05C7304891F3}" = ccc-utility64
    "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    "ASUS USB2.0 UVC VGA WebCam" = ASUS USB2.0 UVC VGA WebCam
    "ASUS WebStorage" = ASUS WebStorage
    "Elantech" = ETDWare PS/2-x64 7.0.5.9_WHQL
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0058143E-0C1F-530B-C75D-4B4D272BA857}" = CCC Help Portuguese
    "{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
    "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
    "{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0C5D9A6B-FF26-9DD9-8CFE-6348C6216F90}" = Catalyst Control Center Graphics Full Existing
    "{0E00E89C-D6C1-4736-CBE0-F97566641F2D}" = CCC Help Swedish
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1B75F827-8404-871C-908D-FE2841809879}" = ccc-core-static
    "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
    "{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2582CC36-8FF2-37A4-E4DF-20D98AFC2FD2}" = CCC Help Polish
    "{266517E6-D866-439D-919C-B8B1A52E6080}" = OpenOffice.org 3.2
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{29906EE7-6EDB-8336-4455-A65A5343EA49}" = CCC Help English
    "{2F300A26-2149-4BE3-4E46-0244DE26243A}" = CCC Help Greek
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
    "{37DBA48D-B4D0-FEFD-AC97-A3B02A41D7BD}" = CCC Help Finnish
    "{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
    "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "{455CD05F-2041-F120-992C-8B390FD902B9}" = Catalyst Control Center InstallProxy
    "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4C6F31F8-81E0-CFCE-DCF8-63D0179BE7E8}" = CCC Help Italian
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{4F5B18A3-E921-4FFE-BEF4-ACBB98964FC2}" = AMD USB Filter Driver
    "{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
    "{51B618BD-9DD2-BEDA-9CF3-EE7A7D574234}" = CCC Help French
    "{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
    "{5C6BF318-B9A6-E5FC-6FED-BB010CA4879C}" = CCC Help Chinese Standard
    "{5CF94DB3-AD09-8E75-6780-9CA707E16579}" = CCC Help Hungarian
    "{5DB2F906-140A-E5A1-6CF8-7F8D4D84EE0A}" = CCC Help Korean
    "{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
    "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
    "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
    "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
    "{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7664A6B5-A117-67E2-E49A-AE7E4C64FDCE}" = Catalyst Control Center Graphics Full New
    "{76810709-A7D3-468D-9167-A1780C1E766C}" = Windows Live FolderShare
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
    "{81601299-AD02-403C-9A47-93C509FE2EC2}" = Catalyst Control Center - Branding
    "{81B9F470-8E68-C4EC-9E3C-DE176811887E}" = CCC Help Japanese
    "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8C73B81B-2BBA-744F-2BDA-E2ACFA9E94AA}" = CCC Help Turkish
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8EEE95B9-D3AD-C483-7F3E-BA643FF5A3FE}" = CCC Help Thai
    "{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
    "{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
    "{90120000-0019-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
    "{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0028-0404-1000-0000000FF1CE}_PROHYBRIDR_{1252D255-DB26-4F85-9F0F-D59B9DFE339E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0404-1000-0000000FF1CE}_PROHYBRIDR_{3F96DD0A-F509-4CBD-8130-B3B3194A9C3D}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0407-1000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0408-1000-0000000FF1CE}_PROHYBRIDR_{E3B92295-785F-4FF7-8BE1-67E86F5F8140}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0409-1000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-040C-1000-0000000FF1CE}_PROHYBRIDR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-040D-1000-0000000FF1CE}_PROHYBRIDR_{C4FDF834-B4AF-4B5E-8901-5146204B58CC}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0410-1000-0000000FF1CE}_PROHYBRIDR_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0413-1000-0000000FF1CE}_PROHYBRIDR_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0816-1000-0000000FF1CE}_PROHYBRIDR_{A8523DA4-5563-4F0E-BD9D-4E4CC3CF7239}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0C0A-1000-0000000FF1CE}_PROHYBRIDR_{6113C11D-BACA-4D8E-8002-03C8D06FD5E6}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
    "{90120000-006E-040C-0000-0000000FF1CE}_PROHYBRIDR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0116-0409-1000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
    "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
    "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AC76BA86-7AD7-1036-7B44-A94000000001}" = Adobe Reader 9.4.6 - Français
    "{ADC7E65C-63C5-34EA-E1A9-A6F85D094CC9}" = Catalyst Control Center Graphics Previews Vista
    "{AE5553AA-1429-5618-2B44-82C7B3DA6ACC}" = CCC Help Danish
    "{B1EE1CC5-6CED-4801-BFFF-8454F21A245A}" = Garmin Communicator Plugin
    "{B20B3F6C-F56A-EFED-F806-BCBAECF4D3A9}" = CCC Help German
    "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
    "{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
    "{B7D7704F-7B56-54D4-1E4F-165EC7ABC5A2}" = CCC Help Norwegian
    "{C306FB81-7859-C9BB-7C63-5DCC53AD0706}" = CCC Help Russian
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
    "{C67AFDF7-9A23-2D8D-6CE1-4F13796118C9}" = CCC Help Czech
    "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
    "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
    "{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E2364C90-B2EB-0B43-2462-07F6D4EA3BE0}" = CCC Help Chinese Traditional
    "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
    "{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
    "{EB4BB51C-88D4-5022-5CE9-47DF2A626F75}" = Catalyst Control Center Core Implementation
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
    "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}" = ASUS FancyStart
    "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
    "{F9FDA329-6CDA-BDBB-5B81-F5AF757BE969}" = Catalyst Control Center Localization All
    "{FA9DA7C9-6CF8-25EB-87DE-E0411067E14C}" = CCC Help Dutch
    "{FB74EE62-8513-682F-A55D-31B7A2205D2F}" = Catalyst Control Center Graphics Light
    "{FCFEB590-8CCD-8171-69F4-EA19AEDD8A3A}" = CCC Help Spanish
    "Ad-Aware" = Ad-Aware
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Ad-Remover" = Ad-Remover par C_XX
    "ASUS AP Bank_is1" = ASUS AP Bank
    "ASUS_Screensaver" = ASUS_Screensaver
    "avast" = avast! Free Antivirus
    "BitZipper_is1" = BitZipper 2010
    "Free Tarot" = Free Tarot
    "GameCenter_is1" = GameCenter 1.3.0.5
    "Glary Utilities_is1" = Glary Utilities 2.37.0.1260
    "Google Chrome" = Google Chrome
    "HijackThis" = HijackThis 2.0.2
    "HomePlayer" = HomePlayer 1.5.9d
    "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
    "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
    "InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "Mozilla Firefox 7.0.1 (x86 fr)" = Mozilla Firefox 7.0.1 (x86 fr)
    "Pro Cycling Manager 2010_is1" = Pro Cycling Manager - Saison 2010 - 1.0.0.0
    "Pro Cycling Manager 2011_is1" = Pro Cycling Manager - Saison 2011 version 1.0.1.1
    "PROHYBRIDR" = 2007 Microsoft Office system
    "RealPlayer 12.0" = RealPlayer
    "Spotify" = Spotify
    "VLC media player" = VLC media player 1.0.5
    "WinLiveSuite" = Windows Live
    "WinRAR archiver" = WinRAR 4.01 (32 bits)

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 15/08/2011 14:23:17 | Computer Name = orl-notebook | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    Error - 16/08/2011 04:59:12 | Computer Name = orl-notebook | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Échec de l’extraction de la liste racine tierce depuis le fichier
    CAB de mise à jour automatique à : <http://www.download.windowsupdate.com/msdownload/update...;
    avec l’erreur : Un certificat requis n’est pas dans sa période de validité selon
    la vérification par rapport à l’horloge système en cours ou le tampon daté dans
    le fichier signé. .

    Error - 16/08/2011 06:07:49 | Computer Name = orl-notebook | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    Error - 16/08/2011 07:26:25 | Computer Name = orl-notebook | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    Error - 17/08/2011 02:44:49 | Computer Name = orl-notebook | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    Error - 17/08/2011 05:02:24 | Computer Name = orl-notebook | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Échec de l’extraction de la liste racine tierce depuis le fichier
    CAB de mise à jour automatique à : <http://www.download.windowsupdate.com/msdownload/update...;
    avec l’erreur : Un certificat requis n’est pas dans sa période de validité selon
    la vérification par rapport à l’horloge système en cours ou le tampon daté dans
    le fichier signé. .

    Error - 17/08/2011 05:57:31 | Computer Name = orl-notebook | Source = Application Error | ID = 1000
    Description = Nom de l’application défaillante PCM.exe, version : 1.0.1.1, horodatage
    : 0x4e018e48 Nom du module défaillant : PCM.exe, version : 1.0.1.1, horodatage :
    0x4e018e48 Code d’exception : 0xc0000005 Décalage d’erreur : 0x0047bc63 ID du processus
    défaillant : 0xc74 Heure de début de l’application défaillante : 0x01cc5cbe81b5aec5
    Chemin
    d’accès de l’application défaillante : D:\Cyanide\Pro Cycling Manager - Saison
    2011\PCM.exe Chemin d’accès du module défaillant: D:\Cyanide\Pro Cycling Manager
    - Saison 2011\PCM.exe ID de rapport : 522a21d4-c8b7-11e0-931f-e4e5603053ce

    Error - 17/08/2011 12:41:20 | Computer Name = orl-notebook | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Échec de l’extraction de la liste racine tierce depuis le fichier
    CAB de mise à jour automatique à : <http://www.download.windowsupdate.com/msdownload/update...;
    avec l’erreur : Un certificat requis n’est pas dans sa période de validité selon
    la vérification par rapport à l’horloge système en cours ou le tampon daté dans
    le fichier signé. .

    Error - 18/08/2011 02:43:31 | Computer Name = orl-notebook | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Échec de l’extraction de la liste racine tierce depuis le fichier
    CAB de mise à jour automatique à : <http://www.download.windowsupdate.com/msdownload/update...;
    avec l’erreur : Un certificat requis n’est pas dans sa période de validité selon
    la vérification par rapport à l’horloge système en cours ou le tampon daté dans
    le fichier signé. .

    Error - 18/08/2011 05:20:09 | Computer Name = orl-notebook | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Échec de l’extraction de la liste racine tierce depuis le fichier
    CAB de mise à jour automatique à : <http://www.download.windowsupdate.com/msdownload/update...;
    avec l’erreur : Un certificat requis n’est pas dans sa période de validité selon
    la vérification par rapport à l’horloge système en cours ou le tampon daté dans
    le fichier signé. .

    [ OSession Events ]
    Error - 15/11/2010 17:07:42 | Computer Name = orl-notebook | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
    Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
    lasted 240 seconds with 180 seconds of active time. This session ended with a crash.

    Error - 04/04/2011 03:21:22 | Computer Name = orl-notebook | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 35101
    seconds with 0 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 28/09/2011 07:24:20 | Computer Name = orl-notebook | Source = WMPNetworkSvc | ID = 866321
    Description =

    Error - 28/09/2011 07:24:20 | Computer Name = orl-notebook | Source = WMPNetworkSvc | ID = 866317
    Description =

    Error - 28/09/2011 07:24:20 | Computer Name = orl-notebook | Source = WMPNetworkSvc | ID = 866321
    Description =

    Error - 28/09/2011 07:24:20 | Computer Name = orl-notebook | Source = WMPNetworkSvc | ID = 866317
    Description =

    Error - 29/09/2011 01:59:20 | Computer Name = orl-notebook | Source = Microsoft-Windows-LanguagePackSetup | ID = 1000
    Description = L’initialisation du client CBS a échoué. Dernière erreur : 0x8007045b

    Error - 30/09/2011 02:42:55 | Computer Name = orl-notebook | Source = Service Control Manager | ID = 7011
    Description = Le dépassement de délai (30000 millisecondes) a été atteint lors de
    l’attente de la réponse transactionnelle du service EapHost.

    Error - 04/10/2011 08:37:41 | Computer Name = orl-notebook | Source = Service Control Manager | ID = 7009
    Description = Le dépassement de délai (30000 millisecondes) a été atteint lors de
    l’attente de la connexion du service Apple Mobile Device.

    Error - 04/10/2011 08:37:41 | Computer Name = orl-notebook | Source = Service Control Manager | ID = 7000
    Description = Le service Apple Mobile Device n’a pas pu démarrer en raison de l’erreur :
    %%1053

    Error - 07/10/2011 06:38:03 | Computer Name = orl-notebook | Source = Service Control Manager | ID = 7009
    Description = Le dépassement de délai (30000 millisecondes) a été atteint lors de
    l’attente de la connexion du service Apple Mobile Device.

    Error - 07/10/2011 06:38:03 | Computer Name = orl-notebook | Source = Service Control Manager | ID = 7000
    Description = Le service Apple Mobile Device n’a pas pu démarrer en raison de l’erreur :
    %%1053


    < End of report >
    7 Octobre 2011 22:13:25

    Bonsoir
    tu vas refaire un sript OTL, mais cette fois -ci tu poste le rapport:
    tu récupères le scripot ici et tu le copies/.colles dans la boîte de dialogue OTL, tu fais runfix et tu postes le rapport..


  • Double-clique sur OTL pour le lancer.
    (Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
  • Sous l'onglet Personnalisation(dans le cadre blanc) en bas de la fenêtre, copie-colle le texte que tu vas récupérer à partir de ce lien:
    http://www.sendspace.com/file/lmi3mk

  • Puis clique sur le bouton correction en haut de la fenêtre.
  • Laisse le programme travailler, redémarre une fois le fix terminé.
  • Poste le rapport qui s'affichera après redémarrage.
    ...
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS