Se connecter / S'enregistrer
Votre question
Fermé

Fenetre porno et publicitaire qui s'ouvre automatiquement [Résolu]

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
7 Septembre 2011 13:03:06

Comme le sujet le dit: Dans IE ou Firefox, j'ai des pages web pornos et autres pub qui s'ouvrent toutes seules .
comment faire pour les empecher de s'ouvrire chaque foi ?
Merci de votre aide :??: 

Autres pages sur : fenetre porno publicitaire ouvre automatiquement resolu

a b 8 Sécurité
7 Septembre 2011 13:46:17

Bonjour,


__________________


Pour le bon déroulement de la désinfection :[/#ff]


  • Utilise le moins possible ton PC pendant la procédure, afin de faciliter la désinfection.

  • Suis les procédures données, mais ne tente rien par toi-même : si il y a un souci pendant une procédure, fais-m'en part plutôt que de cliquer au hasard et provoquer une panne sur ton système.

  • Si tu suis déjà une procédure sur un autre forum, merci de le signaler, il est important de ne suivre qu'une seule désinfection à la fois.

  • Même si les symptômes de l'infection ont disparu, le PC n'est pas forcément clean : attends bien que l'on t'ait dit que le PC est désinfecté avant de l'utiliser à nouveau.

  • Même si les désinfections sont faites par des personnes ayant des connaissances approfondies dans la désinfection, il est toujours possible que ton PC plante. Pense à bien sauvegarder tes données ;) 

    __________________


    Si tu es prêt(e), allons-y :

    [#ff9000]Diagnostic :


  • Télécharge OTL (de [#ff9000]OldTimer[/#ff]) sur ton Bureau.

  • Si tu es sous XP, double-clique dessus pour le lancer, si tu es sous Vista/7, fais un clic droit dessus et fais Exécuter en tant qu'administrateur pour le lancer.

  • Une fenêtre apparaît.

  • Coche la case : Tous les utilisateurs

  • Coche les cases correspondant à la Recherche LOP et à la Recherche Purity (En bleu vers le bas de la fenêtre).

  • Sous Personnalisation, copie-colle l'ensemble du texte ci-dessous, laisse les autres options par défaut.

    netsvcs
    msconfig
    drivers32
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    %systemroot%\System32\config\*.sav
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\*.dll /lockedfiles
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    iexplore.exe
    /md5stop
    CREATERESTOREPOINT


  • Enfin, clique sur le bouton Analyse. Pendant la durée du scanne, ne touche à rien. Le scan prendra quelques temps.

  • A la fin du scan, deux rapports s'ouvriront : OTL.Txt et Extras.Txt. Copie/colle ici l'ensemble des rapports.

    Pour les rapports, qui ont tendance à être trop longs pour le forum, merci d'utiliser ce service de rapport en ligne : dépose le fichier via "parcourir" et poste simplement le lien obtenu.
    7 Septembre 2011 17:41:54

    OTL logfile created on: 07/09/2011 16:30:46 - Run 1
    OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\pc\Mes documents\Downloads\Programs
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    2,99 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 67,35% Memory free
    4,83 Gb Paging File | 3,91 Gb Available in Paging File | 81,00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 97,65 Gb Total Space | 75,29 Gb Free Space | 77,10% Space Free | Partition Type: NTFS
    Drive D: | 200,43 Gb Total Space | 131,75 Gb Free Space | 65,74% Space Free | Partition Type: NTFS

    Computer Name: PC-99311CDCC9FA | User Name: pc | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/09/07 16:24:50 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\pc\Mes documents\Downloads\Programs\OTL.exe
    PRC - [2011/09/07 09:32:46 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2011/08/12 16:34:51 | 000,462,848 | ---- | M] (ESET, spol. s r.o.) -- C:\Program Files\ESET\UpdateReminder.exe
    PRC - [2011/08/09 12:24:41 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Documents and Settings\pc\Local Settings\Application Data\Google\Update\1.3.21.65\GoogleCrashHandler.exe
    PRC - [2011/07/01 08:35:49 | 000,212,992 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\pc\Local Settings\Temp\RtkBtMnt.exe
    PRC - [2011/04/08 12:59:52 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
    PRC - [2011/02/22 13:50:15 | 000,333,824 | ---- | M] () -- C:\Program Files\tuEagles\EglSrv.exe
    PRC - [2010/12/27 11:56:36 | 000,353,792 | ---- | M] (ExecutiveIM.com) -- C:\directory\zbdhbdzedf\install\server.exe
    PRC - [2010/12/03 17:57:05 | 003,245,408 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
    PRC - [2010/05/25 15:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
    PRC - [2010/05/24 10:51:35 | 000,949,376 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32kui.exe
    PRC - [2010/05/24 10:51:35 | 000,552,064 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32krn.exe
    PRC - [2010/05/24 10:42:44 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    PRC - [2010/01/10 12:32:32 | 000,819,200 | ---- | M] (Zbshareware Lab) -- C:\Program Files\USB Disk Security\USBGuard.exe
    PRC - [2009/08/16 20:36:06 | 000,955,392 | ---- | M] (SFX TEAM) -- C:\Program Files\SuperCopier2\SuperCopier2.exe
    PRC - [2008/12/31 13:12:40 | 000,693,512 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
    PRC - [2008/04/14 15:00:00 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/04/01 09:02:38 | 000,568,176 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    PRC - [2006/12/23 14:35:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    PRC - [2006/12/23 14:34:42 | 000,905,216 | ---- | M] (Nero AG) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    PRC - [2006/12/23 14:24:04 | 000,262,144 | ---- | M] (Nero AG) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    PRC - [2006/12/14 14:19:10 | 000,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    PRC - [2006/03/26 22:44:06 | 000,159,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/09/07 09:32:46 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
    MOD - [2011/09/04 12:02:08 | 006,277,280 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    MOD - [2011/03/15 07:13:46 | 004,254,560 | ---- | M] () -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
    MOD - [2011/02/22 13:50:15 | 000,333,824 | ---- | M] () -- C:\Program Files\tuEagles\EglSrv.exe
    MOD - [2010/05/24 10:51:36 | 000,064,568 | ---- | M] () -- C:\Program Files\ESET\pr_emon.dll
    MOD - [2010/05/24 10:51:36 | 000,056,376 | ---- | M] () -- C:\Program Files\ESET\pr_imon.dll
    MOD - [2010/05/24 10:51:36 | 000,023,608 | ---- | M] () -- C:\Program Files\ESET\pr_dmon.dll
    MOD - [2010/05/24 10:51:35 | 000,113,720 | ---- | M] () -- C:\Program Files\ESET\nod32rui.dll
    MOD - [2010/05/24 10:51:35 | 000,060,544 | ---- | M] () -- C:\Program Files\ESET\nodshex.dll
    MOD - [2010/05/24 10:51:35 | 000,056,376 | ---- | M] () -- C:\Program Files\ESET\pr_upd.dll
    MOD - [2008/06/15 15:48:08 | 000,094,720 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
    MOD - [2008/04/14 15:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
    MOD - [2007/04/01 09:00:28 | 002,842,624 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
    MOD - [2007/04/01 08:57:16 | 000,053,248 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
    MOD - [2005/12/29 21:26:48 | 000,005,376 | ---- | M] () -- C:\WINDOWS\system32\AntiWPA.dll
    MOD - [2004/12/26 20:30:00 | 000,121,344 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/02/22 13:50:15 | 000,333,824 | ---- | M] () [Auto | Running] -- C:\Program Files\tuEagles\EglSrv.exe -- (tuEaglesService)
    SRV - [2010/12/03 17:46:20 | 000,072,704 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
    SRV - [2010/05/24 10:51:35 | 000,552,064 | ---- | M] (Eset ) [Auto | Running] -- C:\Program Files\Eset\nod32krn.exe -- (NOD32krn)
    SRV - [2010/05/11 08:04:36 | 000,271,728 | ---- | M] (CybelSoft) [On_Demand | Stopped] -- C:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice)
    SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
    SRV - [2010/01/09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
    SRV - [2010/01/09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
    SRV - [2008/12/31 13:12:44 | 000,910,600 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe -- (PD91Engine)
    SRV - [2008/12/31 13:12:40 | 000,693,512 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe -- (PD91Agent)
    SRV - [2008/09/08 04:29:00 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2006/12/23 14:24:04 | 000,262,144 | ---- | M] (Nero AG) [On_Demand | Running] -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
    SRV - [2006/12/14 14:19:10 | 000,061,440 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe -- (LightScribeService)


    ========== Driver Services (SafeList) ==========

    DRV - [2010/05/24 10:51:35 | 000,512,096 | ---- | M] (Eset ) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON)
    DRV - [2010/05/24 10:51:35 | 000,015,424 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nod32drv.sys -- (nod32drv)
    DRV - [2010/05/13 23:05:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
    DRV - [2010/05/01 10:35:04 | 000,014,336 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2)
    DRV - [2009/01/07 23:39:36 | 000,020,744 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BtHidBus.sys -- (BtHidBus)
    DRV - [2009/01/05 14:16:36 | 000,071,184 | R--- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\DefragFS.sys -- (DefragFS)
    DRV - [2008/12/07 12:44:54 | 000,030,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btnetBus.sys -- (btnetBUs)
    DRV - [2008/08/26 06:56:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
    DRV - [2008/07/02 14:58:48 | 000,026,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IvtBtBus.sys -- (IvtBtBUs)
    DRV - [2008/04/17 15:33:26 | 004,707,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2007/10/22 09:24:14 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2007/08/28 18:59:20 | 002,210,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Pilote de carte Intel(R)
    DRV - [2007/04/01 04:02:42 | 000,876,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
    DRV - [2007/04/01 04:02:40 | 000,055,352 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
    DRV - [2007/03/24 01:50:42 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
    DRV - [2007/03/24 01:50:24 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
    DRV - [2007/03/24 01:50:08 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
    DRV - [2007/03/24 01:49:54 | 000,539,072 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
    DRV - [2007/01/25 02:14:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
    DRV - [2006/12/22 23:26:44 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
    DRV - [2006/12/22 23:26:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
    DRV - [2006/12/22 23:25:56 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2004/11/05 11:08:06 | 000,670,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.Facesounds.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 172.16.10.0:3128

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 172.16.10.0:3128

    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-1614895754-1292428093-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
    IE - HKU\S-1-5-21-1614895754-1292428093-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
    IE - HKU\S-1-5-21-1614895754-1292428093-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=wbst
    IE - HKU\S-1-5-21-1614895754-1292428093-1417001333-1003\..\URLSearchHook: {ec6f5dfb-c370-45e2-bf02-f13d0163bf78} - C:\Program Files\Radio_Tunisienne\prxtbRad0.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-1614895754-1292428093-1417001333-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    IE - HKU\S-1-5-21-1614895754-1292428093-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1614895754-1292428093-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 217.173.75.6:3128

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Bing"
    FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.suggest.enabled: false
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.google.com"
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
    FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.2.0
    FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:7.1.6
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.9.3.1
    FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.36
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
    FF - prefs.js..keyword.URL: "http://search.Facesounds.com/?q="
    FF - prefs.js..network.proxy.backup.ftp: "84.19.176.62"
    FF - prefs.js..network.proxy.backup.ftp_port: 8080
    FF - prefs.js..network.proxy.backup.gopher: "84.19.176.62"
    FF - prefs.js..network.proxy.backup.gopher_port: 8080
    FF - prefs.js..network.proxy.backup.socks: "84.19.176.62"
    FF - prefs.js..network.proxy.backup.socks_port: 8080
    FF - prefs.js..network.proxy.backup.ssl: "84.19.176.62"
    FF - prefs.js..network.proxy.backup.ssl_port: 8080
    FF - prefs.js..network.proxy.ftp: "84.19.176.62"
    FF - prefs.js..network.proxy.ftp_port: 8080
    FF - prefs.js..network.proxy.gopher: "84.19.176.62"
    FF - prefs.js..network.proxy.gopher_port: 8080
    FF - prefs.js..network.proxy.http: "84.19.176.62"
    FF - prefs.js..network.proxy.http_port: 8080
    FF - prefs.js..network.proxy.share_proxy_settings: true
    FF - prefs.js..network.proxy.socks: "84.19.176.62"
    FF - prefs.js..network.proxy.socks_port: 8080
    FF - prefs.js..network.proxy.ssl: "84.19.176.62"
    FF - prefs.js..network.proxy.ssl_port: 8080

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@ma-config.com/HardwareDetection: C:\Program Files\ma-config.com\nphardwaredetection.dll (Cybelsoft)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2240: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2298: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1348: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\pc\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\pc\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\pc\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\pc\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/07 09:32:47 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/26 14:08:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.14\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/05/24 10:42:46 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.14\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Documents and Settings\pc\Application Data\IDM\idmmzcc3 [2010/12/03 18:01:52 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Documents and Settings\pc\Application Data\IDM\idmmzcc3 [2010/12/03 18:01:52 | 000,000,000 | ---D | M]

    [2010/05/24 09:53:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\pc\Application Data\Mozilla\Extensions
    [2011/08/22 14:46:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\pc\Application Data\Mozilla\Firefox\Profiles\t3i2mr5p.default\extensions
    [2010/07/17 22:35:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\pc\Application Data\Mozilla\Firefox\Profiles\t3i2mr5p.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/08/19 12:28:24 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\pc\Application Data\Mozilla\Firefox\Profiles\t3i2mr5p.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
    [2011/02/04 15:10:54 | 000,000,000 | ---D | M] (SearchStatus) -- C:\Documents and Settings\pc\Application Data\Mozilla\Firefox\Profiles\t3i2mr5p.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
    [2010/05/24 09:57:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\pc\Application Data\Mozilla\Firefox\Profiles\t3i2mr5p.default\extensions\temp
    [2010/05/24 19:09:52 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\pc\Application Data\Mozilla\Firefox\Profiles\t3i2mr5p.default\searchplugins\bing.xml
    [2008/06/13 06:23:30 | 000,002,258 | ---- | M] () -- C:\Documents and Settings\pc\Application Data\Mozilla\Firefox\Profiles\t3i2mr5p.default\searchplugins\binsearch.xml
    [2008/06/13 06:23:30 | 000,002,036 | ---- | M] () -- C:\Documents and Settings\pc\Application Data\Mozilla\Firefox\Profiles\t3i2mr5p.default\searchplugins\exalead.xml
    [2011/09/07 09:35:02 | 000,006,394 | ---- | M] () -- C:\Documents and Settings\pc\Application Data\Mozilla\Firefox\Profiles\t3i2mr5p.default\searchplugins\nowtorrents.xml
    [2008/01/17 21:52:17 | 000,002,261 | ---- | M] () -- C:\Documents and Settings\pc\Application Data\Mozilla\Firefox\Profiles\t3i2mr5p.default\searchplugins\opensubtitlesorg.xml
    [2007/08/13 21:50:47 | 000,005,532 | ---- | M] () -- C:\Documents and Settings\pc\Application Data\Mozilla\Firefox\Profiles\t3i2mr5p.default\searchplugins\vidos-dailymotion.xml
    [2006/11/16 21:11:10 | 000,001,025 | ---- | M] () -- C:\Documents and Settings\pc\Application Data\Mozilla\Firefox\Profiles\t3i2mr5p.default\searchplugins\wikipedia-english.xml
    [2011/09/07 09:35:02 | 000,002,087 | ---- | M] () -- C:\Documents and Settings\pc\Application Data\Mozilla\Firefox\Profiles\t3i2mr5p.default\searchplugins\youtube---videos.xml
    [2011/06/25 08:36:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/08/04 17:00:10 | 000,000,000 | ---D | M] (BlueSoleil Extension) -- C:\Program Files\Mozilla Firefox\extensions\{231D7D17-4F1B-4933-AB61-E502DB82FD11}
    [2011/02/06 18:55:32 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2010/10/22 13:04:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2010/12/17 19:17:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/05/02 10:18:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
    [2011/06/25 08:36:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    () (No name found) -- C:\DOCUMENTS AND SETTINGS\PC\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T3I2MR5P.DEFAULT\EXTENSIONS\PANEL@EFFECTIVEMEASURE.COM.XPI
    [2010/10/22 13:04:25 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2011/09/07 09:32:47 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2011/05/07 21:02:01 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
    [2011/05/07 21:02:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2011/05/07 21:02:01 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
    [2011/05/07 21:02:01 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
    [2010/03/10 16:00:26 | 000,002,025 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
    [2010/12/28 10:35:38 | 000,000,748 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MediaDICO-fr.xml
    [2011/05/07 21:02:01 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
    [2011/05/07 21:02:01 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

    O1 HOSTS File: ([2008/04/14 15:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
    O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (dsWebAllowBHO Class) - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll (Microsoft Corporation)
    O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (Radio Tunisienne Toolbar) - {ec6f5dfb-c370-45e2-bf02-f13d0163bf78} - C:\Program Files\Radio_Tunisienne\prxtbRad0.dll (Conduit Ltd.)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Radio Tunisienne Toolbar) - {ec6f5dfb-c370-45e2-bf02-f13d0163bf78} - C:\Program Files\Radio_Tunisienne\prxtbRad0.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Radio Tunisienne Toolbar) - {EC6F5DFB-C370-45E2-BF02-F13D0163BF78} - C:\Program Files\Radio_Tunisienne\prxtbRad0.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Radio Tunisienne Toolbar) - {EC6F5DFB-C370-45E2-BF02-F13D0163BF78} - C:\Program Files\Radio_Tunisienne\prxtbRad0.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-1614895754-1292428093-1417001333-1003\..\Toolbar\WebBrowser: (Radio Tunisienne Toolbar) - {EC6F5DFB-C370-45E2-BF02-F13D0163BF78} - C:\Program Files\Radio_Tunisienne\prxtbRad0.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [hpqSRMon] File not found
    O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe (Nero AG)
    O4 - HKLM..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe (Eset )
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [UpdateReminder] C:\Program Files\ESET\UpdateReminder.exe (ESET, spol. s r.o.)
    O4 - HKLM..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe (Zbshareware Lab)
    O4 - HKU\S-1-5-21-1614895754-1292428093-1417001333-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe (Nero AG)
    O4 - HKU\S-1-5-21-1614895754-1292428093-1417001333-1003..\Run: [HKCU] c:\directory\zbdhbdzedf\install\server.exe (ExecutiveIM.com)
    O4 - HKU\S-1-5-21-1614895754-1292428093-1417001333-1003..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
    O4 - HKU\S-1-5-21-1614895754-1292428093-1417001333-1003..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe (SFX TEAM)
    O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] File not found
    O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] File not found
    O4 - HKU\S-1-5-19..\RunOnce: [nltide_2] File not found
    O4 - HKU\S-1-5-20..\RunOnce: [nltide_2] File not found
    O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()
    O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = c:\directory\CyberGate\install\soprano.exe
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 1
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 1
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 1
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
    O7 - HKU\S-1-5-21-1614895754-1292428093-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1614895754-1292428093-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
    O7 - HKU\S-1-5-21-1614895754-1292428093-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
    O7 - HKU\S-1-5-21-1614895754-1292428093-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
    O7 - HKU\S-1-5-21-1614895754-1292428093-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 1
    O7 - HKU\S-1-5-21-1614895754-1292428093-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
    O7 - HKU\S-1-5-21-1614895754-1292428093-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
    O7 - HKU\S-1-5-21-1614895754-1292428093-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 1
    O7 - HKU\S-1-5-21-1614895754-1292428093-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
    O7 - HKU\S-1-5-21-1614895754-1292428093-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
    O7 - HKU\S-1-5-21-1614895754-1292428093-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 0
    O7 - HKU\S-1-5-21-1614895754-1292428093-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 128
    O7 - HKU\S-1-5-21-1614895754-1292428093-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 1
    O7 - HKU\S-1-5-21-1614895754-1292428093-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = c:\directory\CyberGate\install\soprano.exe
    O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: &Envoyer à OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
    O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
    O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
    O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\imon.dll (Eset )
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\imon.dll (Eset )
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\imon.dll (Eset )
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\imon.dll (Eset )
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\imon.dll (Eset )
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\imon.dll (Eset )
    O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
    O16 - DPF: {05CA9FB0-3E3E-4b36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls... (WUWebControl Class)
    O16 - DPF: {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} http://update.microsoft.com/microsoftupdate/v6/V5Contro... (MUWebControl Class)
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://fichiers.touslesdrivers.com/maconfig/MaConfig_4_... ("Ma-Config.com control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-wind... (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-wind... (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-wind... (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-wind... (Java Plug-in 1.6.0_26)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2AECBCF5-4BF3-416B-A561-F1056EBA2B41}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\Antiwpa: DllName - antiwpa.dll - C:\WINDOWS\System32\AntiWPA.dll ()
    O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\pc\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\pc\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O27 - HKLM IFEO\taskmgr.exe: Debugger - "C:\PROGRAM FILES\PROCESS EXPLORER\PROCEXP.EXE" (Sysinternals - www.sysinternals.com)
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/05/24 09:46:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    MsConfig - State: "system.ini" - 0
    MsConfig - State: "win.ini" - 0
    MsConfig - State: "bootini" - 0
    MsConfig - State: "services" - 0
    MsConfig - State: "startup" - 0

    Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: VIDC.3iv2 - C:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx.com)
    Drivers32: VIDC.ACDV - C:\WINDOWS\System32\ACDV.dll (ACD Systems)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
    Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
    Drivers32: VIDC.HFYU - C:\WINDOWS\System32\huffyuv.dll (Disappearing Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: VIDC.MP42 - C:\WINDOWS\System32\msmpeg4.dll (Microsoft Corporation)
    Drivers32: VIDC.MP43 - C:\WINDOWS\System32\msmpeg4.dll (Microsoft Corporation)
    Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\msmpeg4.dll (Microsoft Corporation)
    Drivers32: VIDC.VP31 - C:\WINDOWS\System32\vp31vfw.dll (On2.com)
    Drivers32: VIDC.wmv3 - C:\WINDOWS\System32\WMV9VCM.dll (Microsoft Corporation)
    Drivers32: VIDC.X264 - C:\WINDOWS\System32\x264vfw.dll ()
    Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
    Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/09/07 09:30:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
    [2011/08/25 15:51:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pc\Bureau\7lou
    [2011/08/18 15:57:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Radio_Tunisienne
    [2011/08/18 15:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
    [2011/08/18 13:26:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
    [2011/08/17 21:30:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\QuickTime
    [2011/08/17 21:29:36 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Apple
    [2011/08/17 21:29:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pc\Local Settings\Application Data\Apple
    [2011/08/17 21:29:23 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
    [2011/08/17 21:29:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
    [2011/08/10 10:55:28 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
    [2011/08/10 10:40:59 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/09/07 16:30:43 | 025,340,621 | -H-- | M] () -- C:\Documents and Settings\pc\Application Data\pclog.dat
    [2011/09/07 16:29:00 | 000,001,136 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1292428093-1417001333-1003UA.job
    [2011/09/07 15:53:00 | 000,001,048 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/09/07 13:57:10 | 011,685,715 | ---- | M] () -- C:\Documents and Settings\pc\Bureau\135217869908323_46750.mp4
    [2011/09/07 12:53:00 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/09/07 12:29:00 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1292428093-1417001333-1003Core.job
    [2011/09/07 10:47:27 | 000,000,129 | ---- | M] () -- C:\Documents and Settings\pc\default.pls
    [2011/09/07 10:45:36 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2011/09/07 09:32:37 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
    [2011/09/07 09:27:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/09/07 09:27:08 | 3211,186,176 | -HS- | M] () -- C:\hiberfil.sys
    [2011/09/05 12:24:44 | 000,000,012 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ReminderNextRun
    [2011/09/04 12:02:09 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2011/09/03 12:08:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/09/01 15:57:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/08/18 13:35:33 | 000,000,212 | -HS- | M] () -- C:\boot.ini
    [2011/08/10 19:19:03 | 000,513,706 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
    [2011/08/10 19:19:03 | 000,444,344 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/08/10 19:19:03 | 000,086,694 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
    [2011/08/10 19:19:03 | 000,072,602 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/08/10 19:17:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/09/07 13:55:18 | 011,685,715 | ---- | C] () -- C:\Documents and Settings\pc\Bureau\135217869908323_46750.mp4
    [2011/08/17 21:29:25 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/08/17 21:29:23 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Apple Software Update.lnk
    [2011/07/18 19:30:30 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ReminderNextRun
    [2011/02/06 18:57:07 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2011/01/05 19:57:46 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\TINAKEY.SYS
    [2010/12/24 14:58:39 | 000,000,116 | ---- | C] () -- C:\WINDOWS\chess.ini
    [2010/12/03 17:44:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
    [2010/10/05 13:14:30 | 000,177,726 | ---- | C] () -- C:\WINDOWS\hpoins27.dat
    [2010/10/05 13:14:30 | 000,000,932 | ---- | C] () -- C:\WINDOWS\hpomdl27.dat
    [2010/08/13 00:23:00 | 000,000,048 | ---- | C] () -- C:\WINDOWS\System32\imon1.dat
    [2010/07/09 15:34:43 | 000,000,028 | ---- | C] () -- C:\WINDOWS\boxworld.ini
    [2010/06/15 21:00:53 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
    [2010/06/06 05:27:03 | 000,110,592 | ---- | C] () -- C:\Documents and Settings\pc\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/05/27 17:55:42 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2010/05/24 11:34:48 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2010/05/24 11:34:23 | 000,017,920 | ---- | C] () -- C:\WINDOWS\NOTEPAD.EXE
    [2010/05/24 11:28:21 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
    [2010/05/24 11:28:21 | 000,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
    [2010/05/24 11:28:14 | 001,843,784 | ---- | C] () -- C:\WINDOWS\System32\igklg400.dll
    [2010/05/24 11:28:14 | 001,399,880 | ---- | C] () -- C:\WINDOWS\System32\igklg450.dll
    [2010/05/24 11:24:48 | 000,355,360 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/05/24 10:51:14 | 000,015,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\nod32drv.sys
    [2010/05/24 10:44:08 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2010/05/24 10:38:06 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
    [2010/05/24 10:01:06 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2010/05/24 09:58:07 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
    [2010/05/24 09:58:06 | 002,121,235 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
    [2010/05/24 09:58:06 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2010/05/24 09:58:05 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2010/05/24 09:58:05 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2010/05/24 09:58:05 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2010/05/24 09:55:19 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2010/05/24 09:47:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2010/05/24 09:42:59 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2009/06/17 10:32:46 | 000,030,088 | ---- | C] () -- C:\WINDOWS\System32\drivers\btnetBus.sys
    [2008/04/14 15:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2008/04/14 15:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2008/04/14 15:00:00 | 000,513,706 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat
    [2008/04/14 15:00:00 | 000,444,344 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2008/04/14 15:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat
    [2008/04/14 15:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2008/04/14 15:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2008/04/14 15:00:00 | 000,086,694 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat
    [2008/04/14 15:00:00 | 000,072,602 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2008/04/14 15:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2008/04/14 15:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat
    [2008/04/14 15:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2008/04/14 15:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2008/04/14 15:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
    [2008/04/14 15:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2007/04/01 09:00:28 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
    [2007/04/01 08:41:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
    [2006/12/30 19:27:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2006/06/13 16:35:32 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
    [2005/12/29 21:26:48 | 000,005,376 | ---- | C] () -- C:\WINDOWS\System32\AntiWPA.dll
    [2005/04/08 03:16:43 | 025,340,621 | -H-- | C] () -- C:\Documents and Settings\pc\Application Data\pclog.dat
    [2003/04/01 06:28:02 | 000,005,260 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [2002/03/21 13:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
    [2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

    ========== LOP Check ==========

    [2010/05/24 09:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
    [2011/01/11 15:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
    [2010/05/27 16:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
    [2010/11/17 11:13:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
    [2010/05/24 09:48:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com
    [2010/12/12 11:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zbshareware Lab
    [2010/05/25 18:27:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\ACD Systems
    [2011/01/07 13:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\BeautyGuide
    [2011/01/11 15:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\DassaultSystemes
    [2010/12/08 10:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\DMCache
    [2010/12/03 17:45:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\DWGeditor
    [2010/11/18 09:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\facemoods.com
    [2011/04/01 23:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\IDM
    [2010/05/24 09:56:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Notepad++
    [2011/04/05 22:32:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Orbit
    [2011/08/11 13:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\sldIM
    [2010/08/04 15:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Uniblue
    [2011/02/22 13:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\UseNeXT
    [2011/04/01 22:26:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\VitySoft
    [2011/09/07 09:32:37 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %APPDATA%\*. >
    [2010/05/25 18:27:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\ACD Systems
    [2010/05/30 18:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Adobe
    [2010/05/24 13:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Ahead
    [2011/01/07 13:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\BeautyGuide
    [2011/01/11 15:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\DassaultSystemes
    [2010/12/08 10:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\DMCache
    [2010/08/07 00:40:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\dvdcss
    [2010/12/03 17:45:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\DWGeditor
    [2010/11/18 09:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\facemoods.com
    [2010/11/26 21:49:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Google
    [2011/04/11 12:02:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\HP
    [2011/05/11 16:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\HpUpdate
    [2010/05/24 09:51:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Identities
    [2011/04/01 23:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\IDM
    [2010/09/25 13:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Macromedia
    [2010/06/01 07:11:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Media Player Classic
    [2010/12/03 17:45:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\pc\Application Data\Microsoft
    [2011/08/19 02:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Mozilla
    [2011/04/30 18:11:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Nero
    [2010/05/24 09:56:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Notepad++
    [2011/04/05 22:32:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Orbit
    [2010/05/24 10:43:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Real
    [2011/06/07 12:07:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Skype
    [2011/06/07 09:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\skypePM
    [2011/08/11 13:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\sldIM
    [2010/12/04 23:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\SolidWorks
    [2010/05/24 09:55:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Sun
    [2010/08/04 15:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Uniblue
    [2011/02/22 13:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\UseNeXT
    [2011/04/01 22:26:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\VitySoft
    [2010/05/25 19:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\vlc
    [2011/03/03 23:06:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Yahoo!

    < %APPDATA%\*.exe /s >
    [2010/12/03 17:45:12 | 000,061,440 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\pc\Application Data\Microsoft\Installer\{26621E14-A45B-45CD-9ED9-7A0A9B585DB4}\ARPPRODUCTICON.exe
    [2010/12/03 17:45:12 | 000,061,440 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\pc\Application Data\Microsoft\Installer\{26621E14-A45B-45CD-9ED9-7A0A9B585DB4}\NewShortcut1_3668F00AED454A6E8105AD5B99FD99C6.exe
    [2011/02/26 14:24:31 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\pc\Application Data\Microsoft\Installer\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}\ARPPRODUCTICON.exe

    < %SYSTEMDRIVE%\*.* >
    [2010/05/24 09:46:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2011/08/18 13:35:33 | 000,000,212 | -HS- | M] () -- C:\boot.ini
    [2008/04/14 15:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
    [2010/05/24 09:46:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2011/09/07 09:27:08 | 3211,186,176 | -HS- | M] () -- C:\hiberfil.sys
    [2010/05/24 09:46:00 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010/05/24 09:46:00 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2008/04/14 15:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/04/14 15:00:00 | 000,252,240 | RHS- | M] () -- C:\ntldr
    [2011/09/07 09:27:05 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2010/05/24 11:23:57 | 000,098,304 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2010/05/24 11:23:57 | 001,093,632 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2010/05/24 11:23:57 | 000,466,944 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\system32\*.dll /lockedfiles >
    [2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]


    < MD5 for: EXPLORER.EXE >
    [2008/04/14 15:00:00 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe

    < MD5 for: IEXPLORE.EXE >
    [2008/04/22 09:02:46 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=197B7E4030CFBD8D2979D375E1787AA2 -- C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\iexplore.exe
    [2008/04/22 08:41:30 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=232B22817B90AE0AFF2D189E3E3735AC -- C:\WINDOWS\ie7updates\KB980182-IE7\iexplore.exe
    [2010/04/16 12:08:29 | 000,634,648 | ---- | M] (Mi
    Contenus similaires
    7 Septembre 2011 17:43:45

    voici ci dessous les fichiers
    OTL Extras logfile created on: 07/09/2011 16:30:46 - Run 1
    OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\pc\Mes documents\Downloads\Programs
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    2,99 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 67,35% Memory free
    4,83 Gb Paging File | 3,91 Gb Available in Paging File | 81,00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 97,65 Gb Total Space | 75,29 Gb Free Space | 77,10% Space Free | Partition Type: NTFS
    Drive D: | 200,43 Gb Total Space | 131,75 Gb Free Space | 65,74% Space Free | Partition Type: NTFS

    Computer Name: PC-99311CDCC9FA | User Name: pc | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    [HKEY_USERS\S-1-5-21-1614895754-1292428093-1417001333-1003\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 1
    "AntiVirusOverride" = 1
    "FirewallDisableNotify" = 1
    "FirewallOverride" = 1
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0
    "DisableUnicastResponsesToMulticastBroadcast" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0
    "DisableUnicastResponsesToMulticastBroadcast" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "48113:TCP" = 48113:TCP:LocalSubNet:Enabled:maconfig_tcp
    "48113:UDP" = 48113:UDP:LocalSubNet:Enabled:maconfig_udp

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:o rbit -- (Orbitdownloader.com)
    "C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:o rbit -- (Orbitdownloader.com)
    "C:\Program Files\ma-config.com\maconfservice.exe" = C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice -- (CybelSoft)
    "C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX00.343\IVT_BlueSoleil_6.4.237.0_www.tunisia-sat.com_AMN\IVT_BlueSoleil_6.4.237.0\Crack\BlueSoleilCS.exe" = C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX00.343\IVT_BlueSoleil_6.4.237.0_www.tunisia-sat.com_AMN\IVT_BlueSoleil_6.4.237.0\Crack\BlueSoleilCS.exe:*:Enabled:BlueSoleilCS
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
    "C:\Documents and Settings\pc\Mes documents\Downloads\logiciel\Facemoods.exe" = C:\Documents and Settings\pc\Mes documents\Downloads\logiciel\Facemoods.exe:*:Enabled:Facemoods Installer
    "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
    "C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
    "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
    "C:\Documents and Settings\pc\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\pc\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
    "C:\Program Files\Fichiers communs\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Fichiers communs\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
    "{0F7E065E-CAB1-44F1-987B-64CE3BE0B15C}" = Adobe Dreamweaver CS3
    "{133742BA-6F46-4D3E-85AF-78631D9AD8B8}" = Installation Windows Live
    "{14E3D14B-7852-477D-ACE2-895AF4322804}" = Ma-Config.com
    "{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26621E14-A45B-45CD-9ED9-7A0A9B585DB4}" = SolidWorks Installation Manager
    "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
    "{2B6EC03E-6FA0-4D7C-9CCE-1B03819AB613}" = PerfectDisk 2008 Professional
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
    "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
    "{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
    "{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
    "{3F7924B9-D148-3141-87B1-68F36043A940}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA
    "{445B183D-F4F1-45C8-B9DB-F11355CA657B}" = Windows Live Messenger
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{511DF669-2930-30C0-8EB6-552887E29EC8}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA
    "{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
    "{559FAB96-A0CD-4105-A02F-1C21DEBCEF89}" = SolidWorks Explorer 2007 sp0
    "{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
    "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{75FEB085-179F-4C85-B0E4-B517D2160750}" = eDrawings 2007
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
    "{83258E90-1F76-4E13-9F60-A0F8ED41E76F}" = PC Connectivity Solution
    "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
    "{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
    "{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
    "{90140000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 14
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2010
    "{90140000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2010
    "{90140000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2010
    "{90140000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2010
    "{90140000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2010
    "{90140000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2010
    "{90140000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2010
    "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2010
    "{90140000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2010
    "{90140000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2010
    "{90140000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2010
    "{90140000-00BA-040C-0000-0000000FF1CE}" = Microsoft Office Groove MUI (French) 2010
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
    "{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
    "{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
    "{A89DEBCA-F743-3412-97F6-B2E489194551}" = Google Talk Plugin
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC76BA86-7AD7-1036-7B44-A80000000002}" = Adobe Reader 8 - Français
    "{B28B351F-1232-46EA-85EF-B8EA91641036}" = Nero 7 Essentials
    "{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}" = ACDSee 9 Photo Manager
    "{B3B487E7-6171-4376-9074-B28082CEB504}" = Windows Live Call
    "{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
    "{B69187F8-4264-400C-BCD3-1FE71DA71BD9}" = Adobe PhotoShop CS3
    "{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
    "{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}" = Nokia Connectivity Cable Driver
    "{c6922d7f-c698-4d9e-9671-8b3de04d1511}" = DJ_AIO_03_F2200_Software_Min
    "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
    "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D0B5FD6D-F787-4D40-BB8F-7EDD73DD523E}" = SolidWorks 2007 SP0
    "{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
    "{D77D43B5-ED55-426b-B67B-E21F804F6102}" = HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3
    "{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
    "{db18dc72-cd20-4801-be82-f5d2caeec4d7}" = DJ_AIO_03_F2200_Software
    "{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
    "{DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1" = NOD32 FiX v2.1
    "{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
    "{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
    "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
    "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
    "{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
    "{F5125699-C01A-4ED8-BD3A-265DF29859FE}" = DWGeditor
    "504244733D18C8F63FF584AEB290E3904E791693" = Package de pilotes Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Audacity_is1" = Audacity 1.2.3
    "CCleaner" = CCleaner (remove only)
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
    "conduitEngine" = Conduit Engine
    "Didapages" = Didapages 1.2
    "Edison 4" = Edison 4
    "FileZilla Client" = FileZilla Client 3.0.11
    "FLV Player" = FLV Player 2.0 (build 25)
    "HashTab" = HashTab 2.1.0
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HP Imaging Device Functions" = HP Imaging Device Functions 10.0
    "HP Photosmart Essential" = HP Photosmart Essential 2.5
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
    "HPExtendedCapabilities" = HP Customer Participation Program 10.0
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
    "Internet Download Manager" = Internet Download Manager
    "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 1.49
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox 6.0.2 (x86 fr)" = Mozilla Firefox 6.0.2 (x86 fr)
    "Mozilla Thunderbird (2.0.0.14)" = Mozilla Thunderbird (2.0.0.14)
    "Muslim Bag1.5" = Muslim Bag
    "Nero8Lite_is1" = Nero 8 Micro 8.3.2.1b
    "NOD32" = NOD32 Antivirus System
    "Notepad++" = Notepad++
    "Office14.PROPLUS" = Microsoft Office Professionnel Plus 2010
    "Orbit_is1" = Orbit Downloader
    "qt7lite_is1" = QT Lite 2.6.0
    "Radio_Tunisienne Toolbar" = Radio Tunisienne Toolbar
    "RealAlt_is1" = Real Alternative 1.8.0 Lite
    "RealPlayer 6.0" = RealPlayer
    "Serious Samurize" = Serious Samurize
    "Shop for HP Supplies" = Shop for HP Supplies
    "SuperCopier2" = SuperCopier2
    "USB Disk Security_is1" = USB Disk Security
    "UseNeXT_is1" = UseNeXT
    "VLC media player" = VideoLAN VLC media player 0.8.4a
    "WinLiveSuite_Wave3" = Installation Windows Live
    "WinRAR archiver" = Archiveur WinRAR
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
    "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
    "Yahoo! Companion" = Yahoo! Toolbar

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1614895754-1292428093-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome
    "QUICKMEDIACONVERTER" = Player

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 24/07/2011 07:49:14 | Computer Name = PC-99311CDCC9FA | Source = Application Error | ID = 1000
    Description = Application défaillante server.exe, version 1.2.0.2237, module défaillant
    unknown, version 0.0.0.0, adresse de défaillance 0x00000000.

    Error - 31/07/2011 05:35:31 | Computer Name = PC-99311CDCC9FA | Source = Application Error | ID = 1000
    Description = Application défaillante explorer.exe, version 6.0.2900.5512, module
    défaillant mfc71u.dll, version 7.10.3077.0, adresse de défaillance 0x0008dc0a.

    Error - 31/07/2011 05:35:38 | Computer Name = PC-99311CDCC9FA | Source = Application Error | ID = 1000
    Description = Application défaillante drwtsn32.exe, version 5.1.2600.0, module défaillant
    dbghelp.dll, version 5.1.2600.5512, adresse de défaillance 0x0001295d.

    Error - 01/08/2011 18:06:51 | Computer Name = PC-99311CDCC9FA | Source = Application Error | ID = 1000
    Description = Application défaillante hpqtra08.exe, version 100.0.170.0, module
    défaillant ntdll.dll, version 5.1.2600.6055, adresse de défaillance 0x000101b3.

    Error - 03/08/2011 07:23:47 | Computer Name = PC-99311CDCC9FA | Source = Application Error | ID = 1000
    Description = Application défaillante wmplayer.exe, version 11.0.5721.5145, module
    défaillant ffdshow.ax, version 1.0.2.2001, adresse de défaillance 0x00070b33.

    Error - 03/08/2011 07:24:15 | Computer Name = PC-99311CDCC9FA | Source = Application Error | ID = 1000
    Description = Application défaillante wmplayer.exe, version 11.0.5721.5145, module
    défaillant ffdshow.ax, version 1.0.2.2001, adresse de défaillance 0x00070b83.

    Error - 03/08/2011 07:29:37 | Computer Name = PC-99311CDCC9FA | Source = Application Error | ID = 1000
    Description = Application défaillante wmplayer.exe, version 11.0.5721.5145, module
    défaillant ffdshow.ax, version 1.0.2.2001, adresse de défaillance 0x00070b33.

    Error - 03/08/2011 15:46:54 | Computer Name = PC-99311CDCC9FA | Source = Application Error | ID = 1000
    Description = Application défaillante hpqtra08.exe, version 100.0.170.0, module
    défaillant ntdll.dll, version 5.1.2600.6055, adresse de défaillance 0x000101b3.

    Error - 05/08/2011 08:22:33 | Computer Name = PC-99311CDCC9FA | Source = Application Error | ID = 1000
    Description = Application défaillante wmplayer.exe, version 11.0.5721.5145, module
    défaillant ffdshow.ax, version 1.0.2.2001, adresse de défaillance 0x00070b83.

    Error - 29/08/2011 20:13:12 | Computer Name = PC-99311CDCC9FA | Source = EventSystem | ID = 4614
    Description = Le système d'événements de COM+ a détecté une incohérence dans son
    état interne. Échec de l'assertion "GetLastError() == 122L" à la ligne 162 de d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp.
    Contactez les services du Support Technique Microsoft pour signaler cette erreu

    [ OSession Events ]
    Error - 20/07/2010 05:48:15 | Computer Name = PC-99311CDCC9FA | Source = Microsoft Office 12 Sessions | ID = 7001
    Description =

    [ System Events ]
    Error - 27/06/2011 10:36:46 | Computer Name = PC-99311CDCC9FA | Source = Dhcp | ID = 1002
    Description = Le bail de l'adresse IP 192.168.1.2 pour la carte réseau dont l'adresse
    réseau est 001F3B7134EF a été refusé par le serveur DHCP 192.168.1.1 (celui-ci a
    envoyé un message DHCPNACK).

    Error - 27/06/2011 16:10:34 | Computer Name = PC-99311CDCC9FA | Source = Dhcp | ID = 1002
    Description = Le bail de l'adresse IP 192.168.1.3 pour la carte réseau dont l'adresse
    réseau est 001F3B7134EF a été refusé par le serveur DHCP 192.168.1.1 (celui-ci a
    envoyé un message DHCPNACK).

    Error - 24/07/2011 04:13:32 | Computer Name = PC-99311CDCC9FA | Source = Dhcp | ID = 1002
    Description = Le bail de l'adresse IP 192.168.1.2 pour la carte réseau dont l'adresse
    réseau est 001F3B7134EF a été refusé par le serveur DHCP 192.168.1.1 (celui-ci a
    envoyé un message DHCPNACK).

    Error - 30/07/2011 16:08:38 | Computer Name = PC-99311CDCC9FA | Source = PSched | ID = 14101
    Description = QoS [Carte {2AECBCF5-4BF3-416B-A561-F1056EBA2B41}] : le pilote de carte
    réseau n'a pas pu effectuer la requête pour OID_GEN_MAXIMUM_FRAME_SIZE.

    Error - 02/08/2011 13:08:34 | Computer Name = PC-99311CDCC9FA | Source = PSched | ID = 14101
    Description = QoS [Carte {2AECBCF5-4BF3-416B-A561-F1056EBA2B41}] : le pilote de carte
    réseau n'a pas pu effectuer la requête pour OID_GEN_MAXIMUM_FRAME_SIZE.

    Error - 07/08/2011 12:47:51 | Computer Name = PC-99311CDCC9FA | Source = Dhcp | ID = 1002
    Description = Le bail de l'adresse IP 192.168.1.2 pour la carte réseau dont l'adresse
    réseau est 001F3B7134EF a été refusé par le serveur DHCP 192.168.1.1 (celui-ci a
    envoyé un message DHCPNACK).

    Error - 08/08/2011 06:27:47 | Computer Name = PC-99311CDCC9FA | Source = Dhcp | ID = 1002
    Description = Le bail de l'adresse IP 192.168.1.2 pour la carte réseau dont l'adresse
    réseau est 001F3B7134EF a été refusé par le serveur DHCP 192.168.1.1 (celui-ci a
    envoyé un message DHCPNACK).

    Error - 20/08/2011 09:57:48 | Computer Name = PC-99311CDCC9FA | Source = Dhcp | ID = 1002
    Description = Le bail de l'adresse IP 192.168.1.2 pour la carte réseau dont l'adresse
    réseau est 001F3B7134EF a été refusé par le serveur DHCP 192.168.1.1 (celui-ci a
    envoyé un message DHCPNACK).

    Error - 30/08/2011 07:08:36 | Computer Name = PC-99311CDCC9FA | Source = Dhcp | ID = 1002
    Description = Le bail de l'adresse IP 192.168.1.2 pour la carte réseau dont l'adresse
    réseau est 001F3B7134EF a été refusé par le serveur DHCP 192.168.1.1 (celui-ci a
    envoyé un message DHCPNACK).

    Error - 30/08/2011 17:57:11 | Computer Name = PC-99311CDCC9FA | Source = Dhcp | ID = 1002
    Description = Le bail de l'adresse IP 192.168.1.2 pour la carte réseau dont l'adresse
    réseau est 001F3B7134EF a été refusé par le serveur DHCP 192.168.1.1 (celui-ci a
    envoyé un message DHCPNACK).


    < End of report >

    a b 8 Sécurité
    7 Septembre 2011 18:58:55

    Mouais... Ton Windows est légal ?
    7 Septembre 2011 22:08:38

    guigui0001 a dit :
    Mouais... Ton Windows est légal ?

    plus de details car je ne sais pas trop sur windows et tous le systeme je n'utilise ce pc que recement
    merci d'avance pour tout eclaircissement
    8 Septembre 2011 16:20:42

    j'attend votre aide svp
    a b 8 Sécurité
    8 Septembre 2011 18:47:44

    En clair : as-tu utilisé le programme Antiwpa pour contourner l'activation de Windows XP ?

    Citation :
    O20 - Winlogon\Notify\Antiwpa: DllName - antiwpa.dll - C:\WINDOWS\System32\AntiWPA.dll ()
    8 Septembre 2011 19:19:02

    guigui0001 a dit :
    En clair : as-tu utilisé le programme Antiwpa pour contourner l'activation de Windows XP ?

    Citation :
    O20 - Winlogon\Notify\Antiwpa: DllName - antiwpa.dll - C:\WINDOWS\System32\AntiWPA.dll ()

    svp ayez de La patience avec moi car je ne suis pas trop professionelle dans ce domaine d'informatique , alors ce logiciel je ne le connais pas et pour windows XP c'est pas moi qui l'a installer dans le pc mais plutot un technicien en informatique et je n'ai pas trop d'idées sur la procedure
    10 Septembre 2011 10:59:10

    alors je croi comprendre que personne ne veut m'aider !!
    a b 8 Sécurité
    10 Septembre 2011 11:48:21

    Bonjour,

    Désolé pour le délai, je suis assez occupé en ce moment.

    Bon on va dire que j'ai rien vu, par contre merci de lire ceci > http://redirectingat.com/?id=1402X522807&xs=1&url=http%...

    +++++++++++++++++++++++++++++

    Infection Conduit/Offerbox :


    Scan Ad-Remover

  • Télécharge Ad-Remover (de C_XX[/#ff]) sur ton Bureau.

    [#ff0000]Déconnecte-toi et ferme toutes applications en cours[/#ff]


  • Double-clique sur AD-R présent sur ton bureau. (Clic droit -> "Exécuter en tant qu'administrateur" pour VISTA/7)

  • Patiente jusqu'à l'apparition du menu principal. A partir de là, clique sur Scanner. On te demandera de confirmer, clique sur Oui et patiente jusqu'à la fin du scan.

    [#ff0000]Laisse travailler l'outil [/#ff]


  • Une fenêtre contenant le rapport va s'ouvrir, poste-moi le rapport dans ta prochaine réponse.
    ( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
    Ensuite clique sur Quitter pour fermer Ad-Remover.

    Note : Le rapport que Ad-Remover viens de générer se trouve ici : C:\Ad-Report-SCAN

    [#ff9d00]Pour t'aider :
  • Tuto sur AD-R
    10 Septembre 2011 12:18:15

    merciiiiiiiiiiiiiiiiiiii infinement , je vien de lire l'article sur le lien que tu m'as mis c'est tres interessant mais je ne sais pas trop sur ce domaine , mon windows c'est pas moi qui l'a installé et je ne sais meme pas comment installer des truc comme ça , moi lorsque j'ai un probleme grave ou bien je le prend chez un technicien ou chez un ami connaissant dans ce domaine c'est pourqu'oi je ne voit pas comment pourrai je resoudre ce probleme de windows piraté !!!!
    alors je vais maintenant suivre tes instructions pour resoudre le 1er probleme et desolé pour tout derangement :-) j'appreci beaucoup ton aide
    10 Septembre 2011 12:24:03

    alors voila le rapport que j'ai eu
    ======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

    Mis à jour par TeamXscript le 12/04/11
    Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
    Site web: http://www.teamxscript.org

    C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 11:18:57 le 10/09/2011, Mode normal

    Microsoft Windows XP Professionnel Service Pack 3 (X86)
    pc@PC-99311CDCC9FA ( )

    ============== RECHERCHE ==============


    Fichier trouvé: C:\WINDOWS\system32\ConduitEngine.tmp
    Dossier trouvé: C:\Documents and Settings\pc\Local Settings\Application Data\Conduit
    Dossier trouvé: C:\Program Files\Conduit
    Dossier trouvé: C:\Documents and Settings\pc\Local Settings\Application Data\ConduitEngine
    Dossier trouvé: C:\Program Files\ConduitEngine

    Clé trouvée: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Clé trouvée: HKLM\Software\Classes\CLSID\{E49F0B41-3322-11D4-AEFE-00C04F61025C}
    Clé trouvée: HKLM\Software\Classes\CLSID\{F78B7AA6-9D10-4059-B55B-2B4025AE2ACD}
    Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F78B7AA6-9D10-4059-B55B-2B4025AE2ACD}
    Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F78B7AA6-9D10-4059-B55B-2B4025AE2ACD}
    Clé trouvée: HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Clé trouvée: HKLM\Software\Classes\Conduit.Engine
    Clé trouvée: HKLM\Software\Classes\Toolbar.CT1666883
    Clé trouvée: HKLM\Software\Conduit
    Clé trouvée: HKLM\Software\conduitEngine
    Clé trouvée: HKCU\Software\Conduit
    Clé trouvée: HKCU\Software\conduitEngine
    Clé trouvée: HKU\.DEFAULT\Software\Conduit
    Clé trouvée: HKU\.DEFAULT\Software\conduitEngine
    Clé trouvée: HKU\S-1-5-18\Software\Conduit
    Clé trouvée: HKU\S-1-5-18\Software\conduitEngine
    Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
    Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49F11BC9-62E6-425F-A377-959F6973A2EB}
    Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine

    Valeur trouvée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}


    ============== SCAN ADDITIONNEL ==============

    **** Mozilla Firefox Version [6.0.2 (fr)] ****

    Searchplugins\bing.xml ( hxxp://www.bing.com/search)
    Searchplugins\fcmdSrch.xml (hxxp://start.facemoods.com/?f=4&q={searchTerms}/)
    Components\browsercomps.dll (Mozilla Foundation)
    Extensions\{231D7D17-4F1B-4933-AB61-E502DB82FD11} (BlueSoleil Extension)
    Extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} (Skype extension )
    HKCU_Extensions|mozilla_cc@internetdownloadmanager.com - C:\Documents and Settings\pc\Application Data\IDM\idmmzcc3

    -- C:\Documents and Settings\pc\Application Data\Mozilla\FireFox\Profiles\t3i2mr5p.default --
    Extensions\temp (?)
    Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} (ReminderFox)
    Extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a} (SearchStatus)
    Searchplugins\binsearch.xml (?)
    Searchplugins\exalead.xml (?)
    Searchplugins\nowtorrents.xml (?)
    Searchplugins\opensubtitlesorg.xml (?)
    Searchplugins\vidos-dailymotion.xml (?)
    Searchplugins\wikipedia-english.xml (?)
    Searchplugins\youtube---videos.xml (?)
    Prefs.js - browser.download.dir,
    Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\pc\\Bureau
    Prefs.js - browser.search.defaultenginename, Bing
    Prefs.js - browser.search.defaulturl, hxxp://www.bing.com/search?FORM=IEFM1&q=
    Prefs.js - browser.search.selectedEngine, Google
    Prefs.js - browser.startup.homepage, hxxp://www.google.com
    Prefs.js - browser.startup.homepage_override.buildID, 20110902133214
    Prefs.js - browser.startup.homepage_override.mstone, rv:6.0.2
    Prefs.js - keyword.URL, hxxp://search.Facesounds.com/?q=

    ========================================

    **** Google Chrome Version [13.0.782.220] ****

    Extension\ihflimipbcaljfnojhhknppphnnciiif (C:\Program Files\facemoods.com\facemoods\1.4.17.1\facemoods.crx) (x)
    Extension\lifbcibllhkdhoafpjfnlhfpfgnpldfl (C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx) (?)

    -- C:\Documents and Settings\pc\Local Settings\Application Data\Google\Chrome\User Data\Default --
    Preferences - default_search_provider: "FaceSounds Search" (Activé: true) (hxxp://search.facesounds.com?q={searchTerms})
    Preferences - homepage: hxxp://www.google.com/
    Preferences - homepage_is_newtabpage: false
    Plugin - RealJukebox NS Plugin (Activé: true) (C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll)
    Plugin - "RealJukebox NS Plugin" (Activé: true)

    ========================================

    **** Internet Explorer Version [8.0.6001.18702] ****

    HKCU_Main|Start Page - hxxp://start.facemoods.com/?a=wbst
    HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157
    HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
    HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
    HKLM_Main|Start Page - hxxp://search.Facesounds.com
    HKCU_URLSearchHooks|{ec6f5dfb-c370-45e2-bf02-f13d0163bf78} - "Radio Tunisienne Toolbar" (C:\Program Files\Radio_Tunisienne\prxtbRad0.dll)
    HKCU_SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A} - "Search" (hxxp://start.facemoods.com/?a=wbst&s={searchTerms}&f=4)
    HKCU_SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} - "Radio Tunisienne Customized Web Search" (hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT...)
    HKLM_SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A} - "?" (hxxp://start.facemoods.com/?a=wbst&s={searchTerms}&f=4&hl={language}&src=chrm)
    HKCU_Toolbar\WebBrowser|{EC6F5DFB-C370-45E2-BF02-F13D0163BF78} (C:\Program Files\Radio_Tunisienne\prxtbRad0.dll)
    HKLM_Toolbar|{ec6f5dfb-c370-45e2-bf02-f13d0163bf78} (C:\Program Files\Radio_Tunisienne\prxtbRad0.dll)
    HKLM_Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D} (C:\Program Files\ConduitEngine\prxConduitEngine.dll)
    HKCU_ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} - C:\Program Files\Internet Download Manager\IEMonitor.exe (Tonec Inc.)
    HKCU_ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} - C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
    HKLM_ElevationPolicy\0826e9d7-69f5-4926-af78-bbb119b99e5d - C:\Program Files\Radio_Tunisienne\Radio_TunisienneToolbarHelper.exe (?)
    HKLM_ElevationPolicy\be71d1f5-bb05-4c26-943f-6243e99ebe56 - C:\Program Files\Hotspot_Shield\Hotspot_ShieldToolbarHelper.exe (x)
    HKLM_ElevationPolicy\{49F11BC9-62E6-425F-A377-959F6973A2EB} - C:\Program Files\ConduitEngine\ConduitEngineHelper.exe (?)
    HKLM_ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} - C:\Program Files\FaceSounds Toolbar\TbHelper2.exe (x)
    HKLM_ElevationPolicy\{90645C64-ED00-4763-BC52-A03892BB8A62} - C:\Program Files\Radio_Tunisienne\Radio_TunisienneToolbarHelper.exe (?)
    HKLM_ElevationPolicy\{E0D11031-98BA-47B0-BEC1-78C55BF98EFD} - C:\Documents and Settings\pc\Local Settings\Application Data\Conduit\CT1666883\Radio_TunisienneAutoUpdaterHelper.exe (?)
    HKLM_ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} - C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
    HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
    BHO\{000123B4-9B42-4900-B3F7-F4B073EFC214} - "Octh Class" (C:\Program Files\Orbitdownloader\orbitcth.dll)
    BHO\{0055C089-8582-441B-A0BF-17B458C2A3A8} - "IDMIEHlprObj Class" (C:\Program Files\Internet Download Manager\IDMIECC.dll)
    BHO\{2F85D76C-0569-466F-A488-493E6BD0E955} - "dsWebAllowBHO Class" (C:\Program Files\Windows Desktop Search\dsWebAllow.dll)
    BHO\{30F9B915-B755-4826-820B-08FBA6BD249D} - "Conduit Engine " (C:\Program Files\ConduitEngine\prxConduitEngine.dll)
    BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
    BHO\{ec6f5dfb-c370-45e2-bf02-f13d0163bf78} - "Radio Tunisienne Toolbar" (C:\Program Files\Radio_Tunisienne\prxtbRad0.dll)

    ========================================

    C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
    C:\Program Files\Ad-Remover\Backup: 1 Fichier(s)

    C:\Ad-Report-SCAN[1].txt - 10/09/2011 11:20:31 (2538 Octet(s))

    Fin à: 11:21:29, 10/09/2011

    ============== E.O.F ==============
    a b 8 Sécurité
    10 Septembre 2011 15:09:58

    ok


    Fix Ad-Remover

    Déconnecte-toi et ferme toutes applications en cours[/#ff]


  • Relance Ad-Remover. (Clic droit -> "Exécuter en tant qu'administrateur" pour VISTA/7)

  • Patiente jusqu'à l'apparition du menu principal. A partir de là, clique sur Nettoyer. On te demandera de confirmer, clique sur Oui et patiente jusqu'à la fin du scan.

    [#ff0000]Laisse travailler l'outil [/#ff]


  • Une fenêtre contenant un nouveau rapport va s'ouvrir, poste-moi le rapport dans ta prochaine réponse.
    ( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
    Ensuite clique sur Quitter pour fermer Ad-Remover.

    Note : Le rapport que Ad-Remover viens de générer se trouve ici : C:\Ad-Report-CLEAN

    [#ff9d00]Pour t'aider :
  • Tuto sur AD-R

    Scan de rootkit

    Télécharge Gmer. (de Przemyslaw Gmerek[/#ff])

  • Dézippe-le dans un dossier dédié ou sur ton Bureau.

    [#ff0000] Ferme toutes les applications en cours (à part GMER) [/#ff]

  • Double-clique sur Gmer.exe.

    [#ff0000]Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.[/#ff]

  • Clique sur l'onglet Rootkit/Malware.

  • A droite, coche seulement Files, Services & Registry, comme dans l'image ci-dessous :



  • Clique maintenant sur Scan.

  • Lorsque le scan est terminé, clique sur Copy.

  • Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.

  • Le rapport doit alors apparaître.

  • Enregistre le fichier sur ton Bureau et poste le contenu ici.

    [#ffb200]Pour t'aider
  • : Tuto sur GMER

    --> As-tu encore des pubs après ces manips ?
    10 Septembre 2011 17:10:14

    voila le 1er rapport
    ======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

    Mis à jour par TeamXscript le 12/04/11
    Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
    Site web: http://www.teamxscript.org

    C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 14:56:07 le 10/09/2011, Mode normal

    Microsoft Windows XP Professionnel Service Pack 3 (X86)
    pc@PC-99311CDCC9FA ( )

    ============== ACTION(S) ==============


    Fichier supprimé: C:\WINDOWS\system32\ConduitEngine.tmp
    Dossier supprimé: C:\Documents and Settings\pc\Local Settings\Application Data\Conduit
    Dossier supprimé: C:\Program Files\Conduit
    Dossier supprimé: C:\Documents and Settings\pc\Local Settings\Application Data\ConduitEngine
    Dossier supprimé: C:\Program Files\ConduitEngine

    (!) -- Fichiers temporaires supprimés.


    Clé supprimée: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Clé supprimée: HKLM\Software\Classes\CLSID\{E49F0B41-3322-11D4-AEFE-00C04F61025C}
    Clé supprimée: HKLM\Software\Classes\CLSID\{F78B7AA6-9D10-4059-B55B-2B4025AE2ACD}
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F78B7AA6-9D10-4059-B55B-2B4025AE2ACD}
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F78B7AA6-9D10-4059-B55B-2B4025AE2ACD}
    Clé supprimée: HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Clé supprimée: HKLM\Software\Classes\Conduit.Engine
    Clé supprimée: HKLM\Software\Classes\Toolbar.CT1666883
    Clé supprimée: HKLM\Software\Conduit
    Clé supprimée: HKLM\Software\conduitEngine
    Clé supprimée: HKCU\Software\Conduit
    Clé supprimée: HKCU\Software\conduitEngine
    Clé supprimée: HKU\.DEFAULT\Software\Conduit
    Clé supprimée: HKU\.DEFAULT\Software\conduitEngine
    Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
    Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49F11BC9-62E6-425F-A377-959F6973A2EB}
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine

    Valeur supprimée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}


    ============== SCAN ADDITIONNEL ==============

    **** Mozilla Firefox Version [6.0.2 (fr)] ****

    Searchplugins\bing.xml ( hxxp://www.bing.com/search)
    Searchplugins\fcmdSrch.xml (hxxp://start.facemoods.com/?f=4&q={searchTerms}/)
    Components\browsercomps.dll (Mozilla Foundation)
    Extensions\{231D7D17-4F1B-4933-AB61-E502DB82FD11} (BlueSoleil Extension)
    Extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} (Skype extension )
    HKCU_Extensions|mozilla_cc@internetdownloadmanager.com - C:\Documents and Settings\pc\Application Data\IDM\idmmzcc3

    -- C:\Documents and Settings\pc\Application Data\Mozilla\FireFox\Profiles\t3i2mr5p.default --
    Extensions\temp (?)
    Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} (ReminderFox)
    Extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a} (SearchStatus)
    Searchplugins\binsearch.xml (?)
    Searchplugins\exalead.xml (?)
    Searchplugins\nowtorrents.xml (?)
    Searchplugins\opensubtitlesorg.xml (?)
    Searchplugins\vidos-dailymotion.xml (?)
    Searchplugins\wikipedia-english.xml (?)
    Searchplugins\youtube---videos.xml (?)
    Prefs.js - browser.download.dir,
    Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\pc\\Bureau
    Prefs.js - browser.search.defaultenginename, Bing
    Prefs.js - browser.search.defaulturl, hxxp://www.bing.com/search?FORM=IEFM1&q=
    Prefs.js - browser.search.selectedEngine, Google
    Prefs.js - browser.startup.homepage, hxxp://www.google.com
    Prefs.js - browser.startup.homepage_override.buildID, 20110902133214
    Prefs.js - browser.startup.homepage_override.mstone, rv:6.0.2
    Prefs.js - keyword.URL, hxxp://search.Facesounds.com/?q=

    ========================================

    **** Google Chrome Version [13.0.782.220] ****

    Extension\ihflimipbcaljfnojhhknppphnnciiif (C:\Program Files\facemoods.com\facemoods\1.4.17.1\facemoods.crx) (x)
    Extension\lifbcibllhkdhoafpjfnlhfpfgnpldfl (C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx) (?)

    -- C:\Documents and Settings\pc\Local Settings\Application Data\Google\Chrome\User Data\Default --
    Preferences - default_search_provider: "FaceSounds Search" (Activé: true) (hxxp://search.facesounds.com?q={searchTerms})
    Preferences - homepage: hxxp://www.google.com/
    Preferences - homepage_is_newtabpage: false
    Plugin - RealJukebox NS Plugin (Activé: true) (C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll)
    Plugin - "RealJukebox NS Plugin" (Activé: true)

    ========================================

    **** Internet Explorer Version [8.0.6001.18702] ****

    HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
    HKCU_Main|Start Page - hxxp://fr.msn.com/
    HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
    HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
    HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM_Main|Start Page - hxxp://fr.msn.com/
    HKCU_URLSearchHooks|{ec6f5dfb-c370-45e2-bf02-f13d0163bf78} - "Radio Tunisienne Toolbar" (C:\Program Files\Radio_Tunisienne\prxtbRad0.dll)
    HKCU_SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A} - "Search" (hxxp://start.facemoods.com/?a=wbst&s={searchTerms}&f=4)
    HKLM_SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A} - "?" (hxxp://start.facemoods.com/?a=wbst&s={searchTerms}&f=4&hl={language}&src=chrm)
    HKCU_Toolbar\WebBrowser|{EC6F5DFB-C370-45E2-BF02-F13D0163BF78} (C:\Program Files\Radio_Tunisienne\prxtbRad0.dll)
    HKLM_Toolbar|{ec6f5dfb-c370-45e2-bf02-f13d0163bf78} (C:\Program Files\Radio_Tunisienne\prxtbRad0.dll)
    HKCU_ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} - C:\Program Files\Internet Download Manager\IEMonitor.exe (Tonec Inc.)
    HKCU_ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} - C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
    HKLM_ElevationPolicy\0826e9d7-69f5-4926-af78-bbb119b99e5d - C:\Program Files\Radio_Tunisienne\Radio_TunisienneToolbarHelper.exe (?)
    HKLM_ElevationPolicy\be71d1f5-bb05-4c26-943f-6243e99ebe56 - C:\Program Files\Hotspot_Shield\Hotspot_ShieldToolbarHelper.exe (x)
    HKLM_ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} - C:\Program Files\FaceSounds Toolbar\TbHelper2.exe (x)
    HKLM_ElevationPolicy\{90645C64-ED00-4763-BC52-A03892BB8A62} - C:\Program Files\Radio_Tunisienne\Radio_TunisienneToolbarHelper.exe (?)
    HKLM_ElevationPolicy\{E0D11031-98BA-47B0-BEC1-78C55BF98EFD} - C:\Documents and Settings\pc\Local Settings\Application Data\Conduit\CT1666883\Radio_TunisienneAutoUpdaterHelper.exe (x)
    HKLM_ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} - C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
    HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
    BHO\{000123B4-9B42-4900-B3F7-F4B073EFC214} - "Octh Class" (C:\Program Files\Orbitdownloader\orbitcth.dll)
    BHO\{0055C089-8582-441B-A0BF-17B458C2A3A8} - "IDMIEHlprObj Class" (C:\Program Files\Internet Download Manager\IDMIECC.dll)
    BHO\{2F85D76C-0569-466F-A488-493E6BD0E955} - "dsWebAllowBHO Class" (C:\Program Files\Windows Desktop Search\dsWebAllow.dll)
    BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
    BHO\{ec6f5dfb-c370-45e2-bf02-f13d0163bf78} - "Radio Tunisienne Toolbar" (C:\Program Files\Radio_Tunisienne\prxtbRad0.dll)

    ========================================

    C:\Program Files\Ad-Remover\Quarantine: 101 Fichier(s)
    C:\Program Files\Ad-Remover\Backup: 14 Fichier(s)

    C:\Ad-Report-CLEAN[1].txt - 10/09/2011 14:58:42 (2541 Octet(s))
    C:\Ad-Report-SCAN[1].txt - 10/09/2011 11:20:31 (8523 Octet(s))

    Fin à: 15:00:24, 10/09/2011

    ============== E.O.F ==============
    10 Septembre 2011 17:11:24

    et là c'est le 2eme
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-09-10 16:05:16
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e WDC_WD3200BEVT-22ZCT0 rev.11.01A11
    Running: gmer.exe; Driver: C:\DOCUME~1\pc\LOCALS~1\Temp\kfdyafow.sys


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 6139
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0F96ECA58E3Abe44881CA048E1071008\Usage@TrayApp 1059728630
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\990BFB432B7059E46A3737266D80662A\Usage@UpgradeInformationFeature 1059721076
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\CC0F0E2D0EB6b0940BB8297680E3439C\Usage@MarketResearch 1059718330
    Reg HKLM\SOFTWARE\Classes\CLSID\{181d7f40-9b96-4c61-a6d6-1a99437e1577}@MData 0x73 0xD5 0xCF 0xB8 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{2cbd0db8-adc9-47cc-8070-a70f40ea7d8f}@Model 228
    Reg HKLM\SOFTWARE\Classes\CLSID\{2cbd0db8-adc9-47cc-8070-a70f40ea7d8f}@Therad 32
    Reg HKLM\SOFTWARE\Classes\CLSID\{2cbd0db8-adc9-47cc-8070-a70f40ea7d8f}@MData 0x2B 0x8F 0x78 0x29 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}@scansk 0x47 0xA4 0xF7 0xF1 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}@scansk 0x4B 0x67 0x88 0x34 ...

    ---- EOF - GMER 1.0.15 ----
    a b 8 Sécurité
    10 Septembre 2011 21:18:32

    Bonsoir,

    Tu as encore des pubs qui s'affichent ?

    --> Refais un scan OTL sans personnalisation et poste le rapport obtenu.
    11 Septembre 2011 09:20:07

    depuis hier ça va beaucoup mieux pas de fenetre de pub qui s'ouvre et j'espere que ça dur comme ça , merciiiiiiiiiiii tres bien pour ton precieux aide , voila le rapport et si tu peu me conseillé pour ne plus etre infectée je serai reconnaissante
    OTL logfile created on: 11/09/2011 08:08:47 - Run 2
    OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\pc\Mes documents\Downloads\Programs
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    2,99 Gb Total Physical Memory | 2,18 Gb Available Physical Memory | 72,92% Memory free
    4,83 Gb Paging File | 4,08 Gb Available in Paging File | 84,48% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 97,65 Gb Total Space | 75,00 Gb Free Space | 76,80% Space Free | Partition Type: NTFS
    Drive D: | 200,43 Gb Total Space | 131,75 Gb Free Space | 65,73% Space Free | Partition Type: NTFS

    Computer Name: PC-99311CDCC9FA | User Name: pc | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/09/07 16:24:50 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\pc\Mes documents\Downloads\Programs\OTL.exe
    PRC - [2011/09/07 09:32:46 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2011/08/12 16:34:51 | 000,462,848 | ---- | M] (ESET, spol. s r.o.) -- C:\Program Files\ESET\UpdateReminder.exe
    PRC - [2011/08/09 12:24:41 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Documents and Settings\pc\Local Settings\Application Data\Google\Update\1.3.21.65\GoogleCrashHandler.exe
    PRC - [2011/07/21 16:20:08 | 000,161,336 | ---- | M] (Google) -- C:\Documents and Settings\pc\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
    PRC - [2011/04/08 12:59:52 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
    PRC - [2011/02/22 13:50:15 | 000,333,824 | ---- | M] () -- C:\Program Files\tuEagles\EglSrv.exe
    PRC - [2010/12/27 11:56:36 | 000,353,792 | ---- | M] (ExecutiveIM.com) -- C:\directory\zbdhbdzedf\install\server.exe
    PRC - [2010/12/03 17:57:05 | 003,245,408 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
    PRC - [2010/05/25 15:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
    PRC - [2010/05/24 10:51:35 | 000,949,376 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32kui.exe
    PRC - [2010/05/24 10:51:35 | 000,552,064 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32krn.exe
    PRC - [2010/05/24 10:42:44 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    PRC - [2010/01/10 12:32:32 | 000,819,200 | ---- | M] (Zbshareware Lab) -- C:\Program Files\USB Disk Security\USBGuard.exe
    PRC - [2009/08/16 20:36:06 | 000,955,392 | ---- | M] (SFX TEAM) -- C:\Program Files\SuperCopier2\SuperCopier2.exe
    PRC - [2008/12/31 13:12:40 | 000,693,512 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
    PRC - [2008/04/14 15:00:00 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/04/01 09:02:38 | 000,568,176 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    PRC - [2006/12/23 14:35:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    PRC - [2006/12/23 14:34:42 | 000,905,216 | ---- | M] (Nero AG) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    PRC - [2006/12/23 14:24:04 | 000,262,144 | ---- | M] (Nero AG) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    PRC - [2006/12/14 14:19:10 | 000,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    PRC - [2006/03/26 22:44:06 | 000,159,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/09/07 09:32:46 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
    MOD - [2011/09/04 12:02:08 | 006,277,280 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    MOD - [2011/07/18 22:04:08 | 000,296,448 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_04.dll
    MOD - [2011/03/15 07:13:46 | 004,254,560 | ---- | M] () -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
    MOD - [2011/02/22 13:50:15 | 000,333,824 | ---- | M] () -- C:\Program Files\tuEagles\EglSrv.exe
    MOD - [2010/05/24 10:51:36 | 000,064,568 | ---- | M] () -- C:\Program Files\ESET\pr_emon.dll
    MOD - [2010/05/24 10:51:36 | 000,056,376 | ---- | M] () -- C:\Program Files\ESET\pr_imon.dll
    MOD - [2010/05/24 10:51:36 | 000,023,608 | ---- | M] () -- C:\Program Files\ESET\pr_dmon.dll
    MOD - [2010/05/24 10:51:35 | 000,113,720 | ---- | M] () -- C:\Program Files\ESET\nod32rui.dll
    MOD - [2010/05/24 10:51:35 | 000,060,544 | ---- | M] () -- C:\Program Files\ESET\nodshex.dll
    MOD - [2010/05/24 10:51:35 | 000,056,376 | ---- | M] () -- C:\Program Files\ESET\pr_upd.dll
    MOD - [2008/06/15 15:48:08 | 000,094,720 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
    MOD - [2008/04/14 15:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
    MOD - [2007/04/01 09:00:28 | 002,842,624 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
    MOD - [2007/04/01 08:57:16 | 000,053,248 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
    MOD - [2005/12/29 21:26:48 | 000,005,376 | ---- | M] () -- C:\WINDOWS\system32\AntiWPA.dll
    MOD - [2004/12/26 20:30:00 | 000,121,344 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/02/22 13:50:15 | 000,333,824 | ---- | M] () [Auto | Running] -- C:\Program Files\tuEagles\EglSrv.exe -- (tuEaglesService)
    SRV - [2010/12/03 17:46:20 | 000,072,704 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
    SRV - [2010/05/24 10:51:35 | 000,552,064 | ---- | M] (Eset ) [Auto | Running] -- C:\Program Files\Eset\nod32krn.exe -- (NOD32krn)
    SRV - [2010/05/11 08:04:36 | 000,271,728 | ---- | M] (CybelSoft) [On_Demand | Stopped] -- C:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice)
    SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
    SRV - [2010/01/09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
    SRV - [2010/01/09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
    SRV - [2008/12/31 13:12:44 | 000,910,600 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe -- (PD91Engine)
    SRV - [2008/12/31 13:12:40 | 000,693,512 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe -- (PD91Agent)
    SRV - [2008/09/08 04:29:00 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2006/12/23 14:24:04 | 000,262,144 | ---- | M] (Nero AG) [On_Demand | Running] -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
    SRV - [2006/12/14 14:19:10 | 000,061,440 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe -- (LightScribeService)


    ========== Driver Services (SafeList) ==========

    DRV - [2010/05/24 10:51:35 | 000,512,096 | ---- | M] (Eset ) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON)
    DRV - [2010/05/24 10:51:35 | 000,015,424 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nod32drv.sys -- (nod32drv)
    DRV - [2010/05/13 23:05:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
    DRV - [2010/05/01 10:35:04 | 000,014,336 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2)
    DRV - [2009/01/07 23:39:36 | 000,020,744 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BtHidBus.sys -- (BtHidBus)
    DRV - [2009/01/05 14:16:36 | 000,071,184 | R--- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\DefragFS.sys -- (DefragFS)
    DRV - [2008/12/07 12:44:54 | 000,030,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btnetBus.sys -- (btnetBUs)
    DRV - [2008/08/26 06:56:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
    DRV - [2008/07/02 14:58:48 | 000,026,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IvtBtBus.sys -- (IvtBtBUs)
    DRV - [2008/04/17 15:33:26 | 004,707,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2007/10/22 09:24:14 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2007/08/28 18:59:20 | 002,210,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Pilote de carte Intel(R)
    DRV - [2007/04/01 04:02:42 | 000,876,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
    DRV - [2007/04/01 04:02:40 | 000,055,352 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
    DRV - [2007/03/24 01:50:42 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
    DRV - [2007/03/24 01:50:24 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
    DRV - [2007/03/24 01:50:08 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
    DRV - [2007/03/24 01:49:54 | 000,539,072 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
    DRV - [2007/01/25 02:14:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
    DRV - [2006/12/22 23:26:44 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
    DRV - [2006/12/22 23:26:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
    DRV - [2006/12/22 23:25:56 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2004/11/05 11:08:06 | 000,670,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 172.16.10.0:3128

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 172.16.10.0:3128

    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-1614895754-1292428093-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    IE - HKU\S-1-5-21-1614895754-1292428093-1417001333-1003\..\URLSearchHook: {ec6f5dfb-c370-45e2-bf02-f13d0163bf78} - C:\Program Files\Radio_Tunisienne\prxtbRad0.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-1614895754-1292428093-1417001333-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    IE - HKU\S-1-5-21-1614895754-1292428093-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1614895754-1292428093-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 217.173.75.6:3128

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Bing"
    FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.suggest.enabled: false
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.google.com"
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
    FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.2.0
    FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:7.1.6
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.9.3.1
    FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.36
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
    FF - prefs.js..keyword.URL: "http://search.Facesounds.com/?q="
    FF - prefs.js..network.proxy.backup.ftp: "84.19.176.62"
    FF - prefs.js..network.proxy.backup.ftp_port: 8080
    FF - prefs.js..network.proxy.backup.gopher: "84.19.176.62"
    FF - prefs.js..network.proxy.backup.gopher_port: 8080
    FF - prefs.js..network.proxy.backup.socks: "84.19.176.62"
    FF - prefs.js..network.proxy.backup.socks_port: 8080
    FF - prefs.js..network.proxy.backup.ssl: "84.19.176.62"
    FF - prefs.js..network.proxy.backup.ssl_port: 8080
    FF - prefs.js..network.proxy.ftp: "84.19.176.62"
    FF - prefs.js..network.proxy.ftp_port: 8080
    FF - prefs.js..network.proxy.gopher: "84.19.176.62"
    FF - prefs.js..network.proxy.gopher_port: 8080
    FF - prefs.js..network.proxy.http: "84.19.176.62"
    FF - prefs.js..network.proxy.http_port: 8080
    FF - prefs.js..network.proxy.share_proxy_settings: true
    FF - prefs.js..network.proxy.socks: "84.19.176.62"
    FF - prefs.js..network.proxy.socks_port: 8080
    FF - prefs.js..network.proxy.ssl: "84.19.176.62"
    FF - prefs.js..network.proxy.ssl_port: 8080

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@ma-config.com/HardwareDetection: C:\Program Files\ma-config.com\nphardwaredetection.dll (Cybelsoft)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2240: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2298: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1348: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\pc\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\pc\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\pc\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\pc\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/07 09:32:47 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/26 14:08:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.14\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/05/24 10:42:46 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.14\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Documents and Settings\pc\Application Data\IDM\idmmzcc3 [2010/12/03 18:01:52 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Documents and Settings\pc\Application Data\IDM\idmmzcc3 [2010/12/03 18:01:52 | 000,000,000 | ---D | M]

    [2010/05/24 09:53:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\pc\Application Data\Mozilla\Extensions
    [2011/08/22 14:46:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\pc\Application Data\Mozilla\Firefox\Profiles\t3i2mr5p.default\extensions
    [2010/07/17 22:35:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\pc\Application Data\Mozilla\Firefox\Profiles\t3i2mr5p.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/08/19 12:28:24 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\pc\Application Data\Mozilla\Firefox\Profiles\t3i2mr5p.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
    [2011/02/04 15:10:54 | 000,000,000 | ---D | M] (SearchStatus) -- C:\Documents and Settings\pc\Application Data\Mozilla\Firefox\Profiles\t3i2mr5p.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
    [2010/05/24 09:57:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\pc\Application Data\Mozilla\Firefox\Profiles\t3i2mr5p.default\extensions\temp
    [2010/05/24 19:09:52 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\pc\Application Data\Mozilla\Firefox\Profiles\t3i2mr5p.default\searchplugins\bing.xml
    [2008/06/13 06:23:30 | 000,002,258 | ---- | M] () -- C:\Documents and Settings\pc\Application Data\Mozilla\Firefox\Profiles\t3i2mr5p.default\searchplugins\binsearch.xml
    [2008/06/13 06:23:30 | 000,002,036 | ---- | M] () -- C:\Documents and Settings\pc\Application Data\Mozilla\Firefox\Profiles\t3i2mr5p.default\searchplugins\exalead.xml
    [2011/09/07 09:35:02 | 000,006,394 | ---- | M] () -- C:\Documents and Settings\pc\Application Data\Mozilla\Firefox\Profiles\t3i2mr5p.default\searchplugins\nowtorrents.xml
    [2008/01/17 21:52:17 | 000,002,261 | ---- | M] () -- C:\Documents and Settings\pc\Application Data\Mozilla\Firefox\Profiles\t3i2mr5p.default\searchplugins\opensubtitlesorg.xml
    [2007/08/13 21:50:47 | 000,005,532 | ---- | M] () -- C:\Documents and Settings\pc\Application Data\Mozilla\Firefox\Profiles\t3i2mr5p.default\searchplugins\vidos-dailymotion.xml
    [2006/11/16 21:11:10 | 000,001,025 | ---- | M] () -- C:\Documents and Settings\pc\Application Data\Mozilla\Firefox\Profiles\t3i2mr5p.default\searchplugins\wikipedia-english.xml
    [2011/09/07 09:35:02 | 000,002,087 | ---- | M] () -- C:\Documents and Settings\pc\Application Data\Mozilla\Firefox\Profiles\t3i2mr5p.default\searchplugins\youtube---videos.xml
    [2011/06/25 08:36:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/08/04 17:00:10 | 000,000,000 | ---D | M] (BlueSoleil Extension) -- C:\Program Files\Mozilla Firefox\extensions\{231D7D17-4F1B-4933-AB61-E502DB82FD11}
    [2011/02/06 18:55:32 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2010/10/22 13:04:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2010/12/17 19:17:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/05/02 10:18:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
    [2011/06/25 08:36:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    () (No name found) -- C:\DOCUMENTS AND SETTINGS\PC\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T3I2MR5P.DEFAULT\EXTENSIONS\PANEL@EFFECTIVEMEASURE.COM.XPI
    [2010/10/22 13:04:25 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2011/09/07 09:32:47 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2011/05/07 21:02:01 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
    [2011/05/07 21:02:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2011/05/07 21:02:01 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
    [2011/05/07 21:02:01 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
    [2010/03/10 16:00:26 | 000,002,025 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
    [2010/12/28 10:35:38 | 000,000,748 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MediaDICO-fr.xml
    [2011/05/07 21:02:01 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
    [2011/05/07 21:02:01 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

    O1 HOSTS File: ([2008/04/14 15:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
    O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (dsWebAllowBHO Class) - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll (Microsoft Corporation)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (Radio Tunisienne Toolbar) - {ec6f5dfb-c370-45e2-bf02-f13d0163bf78} - C:\Program Files\Radio_Tunisienne\prxtbRad0.dll (Conduit Ltd.)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (Radio Tunisienne Toolbar) - {ec6f5dfb-c370-45e2-bf02-f13d0163bf78} - C:\Program Files\Radio_Tunisienne\prxtbRad0.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Radio Tunisienne Toolbar) - {EC6F5DFB-C370-45E2-BF02-F13D0163BF78} - C:\Program Files\Radio_Tunisienne\prxtbRad0.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Radio Tunisienne Toolbar) - {EC6F5DFB-C370-45E2-BF02-F13D0163BF78} - C:\Program Files\Radio_Tunisienne\prxtbRad0.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-1614895754-1292428093-1417001333-1003\..\Toolbar\WebBrowser: (Radio Tunisienne Toolbar) - {EC6F5DFB-C370-45E2-BF02-F13D0163BF78} - C:\Program Files\Radio_Tunisienne\prxtbRad0.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [hpqSRMon] File not found
    O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe (Nero AG)
    O4 - HKLM..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe (Eset )
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [UpdateReminder] C:\Program Files\ESET\UpdateReminder.exe (ESET, spol. s r.o.)
    O4 - HKLM..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe (Zbshareware Lab)
    O4 - HKU\S-1-5-21-1614895754-1292428093-1417001333-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe (Nero AG)
    O4 - HKU\S-1-5-21-1614895754-1292428093-1417001333-1003..\Run: [HKCU] c:\directory\zbdhbdzedf\install\server.exe (ExecutiveIM.com)
    O4 - HKU\S-1-5-21-1614895754-1292428093-1417001333-1003..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
    O4 - HKU\S-1-5-21-1614895754-1292428093-1417001333-1003..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe (SFX TEAM)
    O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] File not found
    O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] File not found
    O4 - HKU\S-1-5-19..\RunOnce: [nltide_2] File not found
    O4 - HKU\S-1-5-20..\RunOnce: [nltide_2] File not found
    O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()
    O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = c:\directory\CyberGate\install\soprano.exe
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 1
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 1
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 1
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
    O7 - HKU\S-1-5-21-1614895754-1292428093-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1614895754-1292428093-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
    O7 - HKU\S-1-5-21-1614895754-1292428093-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
    O7 - HKU\S-1-5-21-1614895754-1292428093-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
    O7 - HKU\S-1-5-21-1614895754-1292428093-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 1
    O7 - HKU\S-1-5-21-1614895754-1292428093-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
    O7 - HKU\S-1-5-21-1614895754-1292428093-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
    O7 - HKU\S-1-5-21-1614895754-1292428093-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 1
    O7 - HKU\S-1-5-21-1614895754-1292428093-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
    O7 - HKU\S-1-5-21-1614895754-1292428093-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
    O7 - HKU\S-1-5-21-1614895754-1292428093-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 0
    O7 - HKU\S-1-5-21-1614895754-1292428093-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 128
    O7 - HKU\S-1-5-21-1614895754-1292428093-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 1
    O7 - HKU\S-1-5-21-1614895754-1292428093-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = c:\directory\CyberGate\install\soprano.exe
    O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: &Envoyer à OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
    O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
    O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
    O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\imon.dll (Eset )
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\imon.dll (Eset )
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\imon.dll (Eset )
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\imon.dll (Eset )
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\imon.dll (Eset )
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\imon.dll (Eset )
    O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
    O16 - DPF: {05CA9FB0-3E3E-4b36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls... (WUWebControl Class)
    O16 - DPF: {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} http://update.microsoft.com/microsoftupdate/v6/V5Contro... (MUWebControl Class)
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://fichiers.touslesdrivers.com/maconfig/MaConfig_4_... ("Ma-Config.com control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-wind... (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-wind... (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-wind... (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-wind... (Java Plug-in 1.6.0_26)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2AECBCF5-4BF3-416B-A561-F1056EBA2B41}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\Antiwpa: DllName - antiwpa.dll - C:\WINDOWS\System32\AntiWPA.dll ()
    O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\pc\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\pc\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O27 - HKLM IFEO\taskmgr.exe: Debugger - "C:\PROGRAM FILES\PROCESS EXPLORER\PROCEXP.EXE" (Sysinternals - www.sysinternals.com)
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/05/24 09:46:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/09/10 11:18:51 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover
    [2011/09/03 11:17:22 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
    [2011/08/25 15:51:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pc\Bureau\7lou
    [2011/08/18 15:57:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Radio_Tunisienne
    [2011/08/18 15:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
    [2011/08/18 13:26:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
    [2011/08/17 21:30:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\QuickTime
    [2011/08/17 21:29:36 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Apple
    [2011/08/17 21:29:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pc\Local Settings\Application Data\Apple
    [2011/08/17 21:29:23 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
    [2011/08/17 21:29:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/09/11 08:02:30 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
    [2011/09/11 08:01:57 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/09/11 08:01:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/09/11 08:01:31 | 3211,186,176 | -HS- | M] () -- C:\hiberfil.sys
    [2011/09/10 20:03:48 | 026,050,646 | -H-- | M] () -- C:\Documents and Settings\pc\Application Data\pclog.dat
    [2011/09/10 19:53:03 | 000,001,048 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/09/10 19:29:03 | 000,001,136 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1292428093-1417001333-1003UA.job
    [2011/09/10 12:29:00 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1292428093-1417001333-1003Core.job
    [2011/09/10 09:48:52 | 000,000,012 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ReminderNextRun
    [2011/09/09 12:17:34 | 000,000,146 | ---- | M] () -- C:\Documents and Settings\pc\default.pls
    [2011/09/09 10:26:53 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2011/09/08 19:49:43 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\pc\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/09/08 15:57:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/09/04 12:02:09 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2011/09/03 12:08:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/09/03 11:17:22 | 000,606,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
    [2011/08/24 19:43:52 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/08/18 13:35:33 | 000,000,212 | -HS- | M] () -- C:\boot.ini
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/08/17 21:29:25 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/08/17 21:29:23 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Apple Software Update.lnk
    [2011/07/18 19:30:30 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ReminderNextRun
    [2011/02/06 18:57:07 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2011/01/05 19:57:46 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\TINAKEY.SYS
    [2010/12/24 14:58:39 | 000,000,116 | ---- | C] () -- C:\WINDOWS\chess.ini
    [2010/12/03 17:44:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
    [2010/10/05 13:14:30 | 000,177,726 | ---- | C] () -- C:\WINDOWS\hpoins27.dat
    [2010/10/05 13:14:30 | 000,000,932 | ---- | C] () -- C:\WINDOWS\hpomdl27.dat
    [2010/08/13 00:23:00 | 000,000,048 | ---- | C] () -- C:\WINDOWS\System32\imon1.dat
    [2010/07/09 15:34:43 | 000,000,028 | ---- | C] () -- C:\WINDOWS\boxworld.ini
    [2010/06/15 21:00:53 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
    [2010/06/06 05:27:03 | 000,110,592 | ---- | C] () -- C:\Documents and Settings\pc\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/05/27 17:55:42 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2010/05/24 11:34:48 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2010/05/24 11:34:23 | 000,017,920 | ---- | C] () -- C:\WINDOWS\NOTEPAD.EXE
    [2010/05/24 11:28:21 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
    [2010/05/24 11:28:21 | 000,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
    [2010/05/24 11:28:14 | 001,843,784 | ---- | C] () -- C:\WINDOWS\System32\igklg400.dll
    [2010/05/24 11:28:14 | 001,399,880 | ---- | C] () -- C:\WINDOWS\System32\igklg450.dll
    [2010/05/24 11:24:48 | 000,355,360 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/05/24 10:51:14 | 000,015,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\nod32drv.sys
    [2010/05/24 10:44:08 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2010/05/24 10:38:06 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
    [2010/05/24 10:01:06 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2010/05/24 09:58:07 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
    [2010/05/24 09:58:06 | 002,121,235 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
    [2010/05/24 09:58:06 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2010/05/24 09:58:05 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2010/05/24 09:58:05 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2010/05/24 09:58:05 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2010/05/24 09:55:19 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2010/05/24 09:47:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2010/05/24 09:42:59 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2009/06/17 10:32:46 | 000,030,088 | ---- | C] () -- C:\WINDOWS\System32\drivers\btnetBus.sys
    [2008/04/14 15:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2008/04/14 15:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2008/04/14 15:00:00 | 000,513,706 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat
    [2008/04/14 15:00:00 | 000,444,344 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2008/04/14 15:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat
    [2008/04/14 15:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2008/04/14 15:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2008/04/14 15:00:00 | 000,086,694 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat
    [2008/04/14 15:00:00 | 000,072,602 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2008/04/14 15:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2008/04/14 15:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat
    [2008/04/14 15:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2008/04/14 15:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2008/04/14 15:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
    [2008/04/14 15:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2007/04/01 09:00:28 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
    [2007/04/01 08:41:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
    [2006/12/30 19:27:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2006/06/13 16:35:32 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
    [2005/12/29 21:26:48 | 000,005,376 | ---- | C] () -- C:\WINDOWS\System32\AntiWPA.dll
    [2005/04/08 03:16:43 | 026,050,646 | -H-- | C] () -- C:\Documents and Settings\pc\Application Data\pclog.dat
    [2003/04/01 06:28:02 | 000,005,260 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [2002/03/21 13:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
    [2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

    ========== LOP Check ==========

    [2010/05/24 09:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
    [2011/01/11 15:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
    [2010/05/27 16:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
    [2010/11/17 11:13:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
    [2010/05/24 09:48:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com
    [2010/12/12 11:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zbshareware Lab
    [2010/05/25 18:27:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\ACD Systems
    [2011/01/07 13:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\BeautyGuide
    [2011/01/11 15:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\DassaultSystemes
    [2010/12/08 10:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\DMCache
    [2010/12/03 17:45:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\DWGeditor
    [2010/11/18 09:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\facemoods.com
    [2011/04/01 23:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\IDM
    [2011/09/07 16:50:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Notepad++
    [2011/04/05 22:32:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Orbit
    [2011/08/11 13:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\sldIM
    [2010/08/04 15:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Uniblue
    [2011/02/22 13:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\UseNeXT
    [2011/04/01 22:26:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\VitySoft
    [2011/09/11 08:02:30 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

    ========== Purity Check ==========



    ========== Files - Unicode (All) ==========
    [2011/03/05 20:41:15 | 000,000,000 | ---D | M](C:\Do?) -- C:\Doϒ
    [2011/03/05 20:41:15 | 000,000,000 | ---D | C](C:\Do?) -- C:\Doϒ

    < End of report >
    a b 8 Sécurité
    11 Septembre 2011 11:08:44

    Bonjour, on termine :

  • Désinstalle via le panneau de configuration > Ajout/Suppression de programmes Radio_Tunisienne.

    Fix OTL :[/#ff]

  • Relance OTL.exe.

  • Copie exactement le texte ci-dessous :

    :OTL
    IE - HKU\S-1-5-21-1614895754-1292428093-1417001333-1003\..\URLSearchHook: {ec6f5dfb-c370-45e2-bf02-f13d0163bf78} - C:\Program Files\Radio_Tunisienne\prxtbRad0.dll (Conduit Ltd.)
    O2 - BHO: (Radio Tunisienne Toolbar) - {ec6f5dfb-c370-45e2-bf02-f13d0163bf78} - C:\Program Files\Radio_Tunisienne\prxtbRad0.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Radio Tunisienne Toolbar) - {ec6f5dfb-c370-45e2-bf02-f13d0163bf78} - C:\Program Files\Radio_Tunisienne\prxtbRad0.dll (Conduit Ltd.)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Radio Tunisienne Toolbar) - {EC6F5DFB-C370-45E2-BF02-F13D0163BF78} - C:\Program Files\Radio_Tunisienne\prxtbRad0.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Radio Tunisienne Toolbar) - {EC6F5DFB-C370-45E2-BF02-F13D0163BF78} - C:\Program Files\Radio_Tunisienne\prxtbRad0.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-1614895754-1292428093-1417001333-1003\..\Toolbar\WebBrowser: (Radio Tunisienne Toolbar) - {EC6F5DFB-C370-45E2-BF02-F13D0163BF78} - C:\Program Files\Radio_Tunisienne\prxtbRad0.dll (Conduit Ltd.)

    :Files
    C:\Program Files\Radio_Tunisienne
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Radio_Tunisienne
    C:\Do? /u

    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]


  • Colle-le dans le cadre Personnalisation en bas à gauche.

  • Clique sur le bouton [#ff9000]Correction[/#ff] en haut à gauche.

  • Si le pc te demande de redémarrer, confirme l'opération.

  • Un rapport après le redémarrage va apparaître, copie/colle-le dans ta prochaine réponse.

    Si tu n'as plus de soucis,

    1)

    [#ff0000]Important : purge de la restauration du système[/#ff]


    --> Il y a toujours des virus dans tes points de restauration. Suis ce tuto pour la purger.

    N'oublie pas de créer un nouveau point de restauration une fois l'opération effectuée (en appuyant sur le bouton créer)

    2)

    Je te conseille fortement de légaliser ta situation vis à vis du windows cracké.

    [#0033ff]
    Prévention



  • Les menaces diverses sur Internet étant de plus en plus nombreuses, je te conseille vivement de consulter ces liens, afin de mieux te protéger sur le Net :



    Les dangers du P2P (comme emule, limewire...) : http://forum.zebulon.fr/index.php?showtopic=85544

    Pour télécharger gratuitement et légalement, je te conseille Beezik , qui a pour avantages :

  • Une meilleure qualité de son

  • Pas de virus !

    Les dangers des cracks, des keygens : http://forum.malekal.com/danger-des-cracks-t893.html

    Rappels sur les OS piratés : http://redirectingat.com/?id=1402X522807&xs=1&url=http%...

    ********************************

    Logiciels de sécurité conseillés :

    Anti-virus : Avast 6.0

    Pour scanner tes fichiers : MBAM

    ********************************

    Attention, contrairement aux idées reçues :

  • Ne jamais avoir deux anti-virus avec la protection en temps réelle activée, c'est la meilleure façon de créer des conflits. Plusieurs anti-virus actifs peuvent s'entraver, et, au final, le PC que l'on croyait plus sécurisé devient une vraie passoire...

  • Les anti-spywares ne servent à rien !!

  • Je te conseille fortement de ne pas installer des packs de "transformation', qui donnent par exemple l'allure de Windows Vista à un Windows XP. Ce genre de programmes posent beaucoup de problèmes !!!

    Enfin, n'oublie pas que la meilleure protection de ton ordinateur, c'est toi !


    3)

    Si tu estimes que ton problème est résolu, ajoute [Résolu] au titre de ton sujet :

  • Clique, dans ton premier message, sur le bouton Editer .

  • Ajoute [Résolu] devant le titre.

  • Clique ensuite sur Valider votre message.

    Sois plus vigilant(e) sur Internet ! ;) 

    A+ sur Tom's Guide :hello: 
    11 Septembre 2011 11:23:48

    je n'arrive pas a desinstaller le programme Radio tunisienne toolbar ni via le panneau de configuration ni via CCleaner !!!!
    a b 8 Sécurité
    11 Septembre 2011 13:00:39

    Ce n'est pas grave, passe à l'étape suivante.
    12 Septembre 2011 09:54:45

    desolée pour le retard , alors voila le rapport
    All processes killed
    ========== OTL ==========
    Registry value HKEY_USERS\S-1-5-21-1614895754-1292428093-1417001333-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ec6f5dfb-c370-45e2-bf02-f13d0163bf78} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec6f5dfb-c370-45e2-bf02-f13d0163bf78}\ deleted successfully.
    C:\Program Files\Radio_Tunisienne\prxtbRad0.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ec6f5dfb-c370-45e2-bf02-f13d0163bf78}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec6f5dfb-c370-45e2-bf02-f13d0163bf78}\ not found.
    File C:\Program Files\Radio_Tunisienne\prxtbRad0.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ec6f5dfb-c370-45e2-bf02-f13d0163bf78} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec6f5dfb-c370-45e2-bf02-f13d0163bf78}\ not found.
    File C:\Program Files\Radio_Tunisienne\prxtbRad0.dll not found.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EC6F5DFB-C370-45E2-BF02-F13D0163BF78} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC6F5DFB-C370-45E2-BF02-F13D0163BF78}\ not found.
    File C:\Program Files\Radio_Tunisienne\prxtbRad0.dll not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EC6F5DFB-C370-45E2-BF02-F13D0163BF78} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC6F5DFB-C370-45E2-BF02-F13D0163BF78}\ not found.
    File C:\Program Files\Radio_Tunisienne\prxtbRad0.dll not found.
    Registry value HKEY_USERS\S-1-5-21-1614895754-1292428093-1417001333-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EC6F5DFB-C370-45E2-BF02-F13D0163BF78} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC6F5DFB-C370-45E2-BF02-F13D0163BF78}\ not found.
    File C:\Program Files\Radio_Tunisienne\prxtbRad0.dll not found.
    ========== FILES ==========
    C:\Program Files\Radio_Tunisienne folder moved successfully.
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Radio_Tunisienne\Logs folder moved successfully.
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Radio_Tunisienne folder moved successfully.
    C:\Doϒ\Local Settings\Temporary Internet Files\Content.IE5\O6M42MEJ folder moved successfully.
    C:\Doϒ\Local Settings\Temporary Internet Files\Content.IE5\FUQS8PHT folder moved successfully.
    C:\Doϒ\Local Settings\Temporary Internet Files\Content.IE5\56WMKHVQ folder moved successfully.
    C:\Doϒ\Local Settings\Temporary Internet Files\Content.IE5\25FN42RK folder moved successfully.
    C:\Doϒ\Local Settings\Temporary Internet Files\Content.IE5 folder moved successfully.
    C:\Doϒ\Local Settings\Temporary Internet Files folder moved successfully.
    C:\Doϒ\Local Settings\Historique\History.IE5 folder moved successfully.
    C:\Doϒ\Local Settings\Historique folder moved successfully.
    C:\Doϒ\Local Settings folder moved successfully.
    C:\Doϒ\Cookies folder moved successfully.
    C:\Doϒ folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: pc
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 0,00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default User

    User: LocalService

    User: NetworkService

    User: pc
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0,00 mb

    Restore point Set: OTL Restore Point (0)

    OTL by OldTimer - Version 3.2.27.0 log created on 09122011_084356

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...

    et maintenant je vais lire tes conseils et faire de mon mieux pour les suivres
    23 Décembre 2011 11:43:07

    Bonjour
    J'ai également ce problème d'apparition de pub et malgrès les renseignements trouvé sur le web, je ne trouve pas de solution donc j'essaie avec votre méthode en espérant que ce soit bon

    Voici le rapport:

    ======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

    Mis à jour par TeamXscript le 12/04/11
    Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
    Site web: http://www.teamxscript.org

    C:\Program Files (x86)\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 11:35:40 le 23/12/2011, Mode normal

    Microsoft Windows 7 Édition Familiale Premium (X64)
    Soizic@SOIZIC-HP (Hewlett-Packard HP G72 Notebook PC)

    ============== RECHERCHE ==============


    Dossier trouvé: C:\Users\Soizic\AppData\Roaming\OpenCandy
    Dossier trouvé: C:\Users\Soizic\AppData\Local\OpenCandy

    Clé trouvée: HKCU\Software\AppDataLow\Software\PriceGong
    Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}


    ============== SCAN ADDITIONNEL ==============

    **** Mozilla Firefox Version [4.0.1 (fr)] ****

    HKLM_MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0 (x)
    HKLM_MozillaPlugins\@www.dlmanager.net/omaha/tools//Software Update;version=8 (x)
    HKLM_MozillaPlugins\Adobe Reader (x)
    Searchplugins\babylon.xml (hxxp://search.babylon.com/)
    Searchplugins\bing.xml ( hxxp://www.bing.com/search)
    Components\browsercomps.dll (Mozilla Foundation)
    HKLM_Extensions|msntoolbar@msn.com - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\Firefox

    -- C:\Users\Soizic\AppData\Roaming\Mozilla\FireFox\Profiles\32tibo3h.default --
    Prefs.js - browser.download.dir, C:\\Users\\Soizic\\Desktop
    Prefs.js - browser.download.lastDir, C:\\Users\\Soizic\\Desktop\\cadeau benji
    Prefs.js - browser.startup.homepage, hxxp://www.google.fr/
    Prefs.js - browser.startup.homepage_override.buildID, 20110413222027
    Prefs.js - browser.startup.homepage_override.mstone, rv:2.0.1
    Prefs.js - keyword.URL, hxxp://search.babylon.com/?AF=18173&babsrc=adbartrp&mntrId=9a1c0ee1000000000000c0cb3871e877&q=

    ========================================

    **** Internet Explorer Version [9.0.8112.16421] ****

    HKCU_Main|Default_Page_URL - hxxp://g.uk.msn.com/HPNOT/3
    HKCU_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
    HKCU_Main|Start Page - hxxp://www.google.fr/
    HKLM_Main|Default_Page_URL - hxxp://g.uk.msn.com/HPNOT/3
    HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
    HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
    HKLM_Main|Start Page - hxxp://g.uk.msn.com/HPNOT/3
    HKCU_SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - "Search the web (Babylon)" (hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=18173)
    HKCU_SearchScopes\{2BD8977C-6BD9-482A-AD99-FB505734D5DC} - "Wikipedia" (hxxp://fr.wikipedia.org/wiki/Special:Search?search={searchTerms})
    HKCU_SearchScopes\{E86AC442-98C2-462D-8D83-E6119FB9BA45} - "?" (?)
    HKCU_SearchScopes\{F45A9CD0-D6C7-4074-AA79-2365DD56327D} - "?" (?)
    HKLM_SearchScopes\{2BD8977C-6BD9-482A-AD99-FB505734D5DC} - "Wikipedia" (hxxp://fr.wikipedia.org/wiki/Special:Search?search={searchTerms})
    HKLM_Toolbar|{8dcb7100-df86-4384-8842-8fa844297b3f} (C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll)
    HKCU_ElevationPolicy\{4169044D-6BA4-4661-B7D6-E29274F1F458} - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\wtapp_ProtocolHandler.exe (WildTangent, Inc.)
    HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\SysWOW64\wpcer.exe (x)
    HKLM_ElevationPolicy\{08FF730A-494F-4cba-AA0B-E4F1D44715F9} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\symerr.exe (x)
    HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\SysWOW64\winfxdocobj.exe (x)
    HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files (x86)\Internet Explorer\iedw.exe (x)
    HKLM_ElevationPolicy\{7555B87D-D711-48B2-B97D-04DF700652BA} - C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe (Boxore OU.)
    HKLM_ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01} - C:\Windows\system32\TSWbPrxy.exe (x)
    HKLM_ElevationPolicy\{C9FC4C5A-2C9B-4E41-8DA2-2F379D74CF45} - C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe (Boxore OU.)
    BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
    BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)

    ========================================

    C:\Program Files (x86)\Ad-Remover\Quarantine: 0 Fichier(s)
    C:\Program Files (x86)\Ad-Remover\Backup: 0 Fichier(s)

    C:\Ad-Report-SCAN[1].txt - 23/12/2011 11:35:47 (4458 Octet(s))

    Fin à: 11:36:46, 23/12/2011

    ============== E.O.F ==============

    Je tiens à préciser également que je n'utilise que mozilla firefox
    Je vous remercie d'avance pour votre réponse
    Cordialement
    a b 8 Sécurité
    23 Décembre 2011 11:45:49

    Bonjour, merci de créer ton propre sujet.
    6 Mars 2012 17:39:56

    OTL logfile created on: 06/03/2012 20:22:18 - Run 1
    OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\Didier\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    3,25 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 60,69% Memory free
    6,69 Gb Paging File | 5,36 Gb Available in Paging File | 80,05% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 244,14 Gb Total Space | 130,19 Gb Free Space | 53,33% Space Free | Partition Type: NTFS

    Computer Name: PC-DE-DIDIER | User Name: Didier | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - File not found --
    PRC - [2012/03/05 23:37:59 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Didier\Desktop\OTL.exe
    PRC - [2012/03/02 14:35:47 | 001,049,072 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
    PRC - [2011/11/28 22:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2011/04/21 15:31:04 | 000,982,656 | ---- | M] (PCTUTO) -- C:\Program Files\PCTuto\pctuto.exe
    PRC - [2011/03/02 18:43:58 | 000,663,168 | ---- | M] (PCTuto) -- C:\Users\Didier\AppData\Roaming\PCTuto\PCTuto\autoupdater.exe
    PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/04/10 23:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
    PRC - [2008/01/21 06:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
    PRC - [2007/04/06 11:06:58 | 000,057,344 | ---- | M] (ZSMCSNAP) -- C:\Windows\ZSSnp211.exe
    PRC - [2006/08/18 16:58:14 | 000,049,152 | ---- | M] () -- C:\Windows\Domino.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/03/05 19:26:25 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\bc01d91f95947c7f25f3ae4e16db2cb5\System.Core.ni.dll
    MOD - [2012/03/02 14:35:46 | 000,429,040 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\17.0.963.65\ppGoogleNaClPluginChrome.dll
    MOD - [2012/03/02 14:35:45 | 003,772,912 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\17.0.963.65\pdf.dll
    MOD - [2012/03/02 14:34:21 | 000,122,880 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\17.0.963.65\avutil-51.dll
    MOD - [2012/03/02 14:34:19 | 000,220,672 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\17.0.963.65\avformat-53.dll
    MOD - [2012/03/02 14:34:18 | 001,747,456 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\17.0.963.65\avcodec-53.dll
    MOD - [2012/03/02 11:36:24 | 008,593,056 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\17.0.963.65\gcswf32.dll
    MOD - [2012/03/02 11:36:24 | 008,593,056 | ---- | M] () -- C:\PROGRA~1\Google\Chrome\APPLIC~1\170963~1.65\gcswf32.dll
    MOD - [2012/02/17 12:46:54 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\9a22784f4af63232128cbaa639e1852b\WindowsFormsIntegration.ni.dll
    MOD - [2012/02/17 12:42:25 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\2598077ccea480c6120d3a1ad4455be0\System.Web.ni.dll
    MOD - [2012/02/17 12:42:15 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll
    MOD - [2012/02/17 12:42:00 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll
    MOD - [2012/02/17 12:10:10 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll
    MOD - [2012/02/17 12:09:48 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll
    MOD - [2012/02/17 12:09:36 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll
    MOD - [2012/02/17 12:08:58 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d48e106e015d0f8cb2d5295015cee508\PresentationFramework.Aero.ni.dll
    MOD - [2012/02/17 12:08:57 | 014,328,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a8b83e9bce632f045bd41a23b1871a03\PresentationFramework.ni.dll
    MOD - [2012/02/17 12:08:37 | 012,216,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\b88a8c8526191ee538f40d330fd2bf56\PresentationCore.ni.dll
    MOD - [2012/02/17 12:08:21 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1e258a951222c818540b33880ca45f2e\WindowsBase.ni.dll
    MOD - [2012/02/17 12:08:15 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll
    MOD - [2011/10/14 10:41:14 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5aab9bc687029a908fc01473f8e5f77b\UIAutomationProvider.ni.dll
    MOD - [2011/10/14 10:05:10 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
    MOD - [2011/01/05 06:17:40 | 000,023,040 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll
    MOD - [2011/01/04 22:06:00 | 000,095,232 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
    MOD - [2011/01/04 21:54:12 | 000,243,712 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
    MOD - [2009/03/29 21:42:28 | 000,430,080 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_fr_b77a5c561934e089\System.Windows.Forms.resources.dll
    MOD - [2009/03/29 21:42:28 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.resources.dll
    MOD - [2009/03/29 21:42:28 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_fr_b77a5c561934e089\System.resources.dll
    MOD - [2009/03/29 21:42:28 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_fr_b77a5c561934e089\System.Runtime.Remoting.resources.dll
    MOD - [2006/08/18 16:58:14 | 000,049,152 | ---- | M] () -- C:\Windows\Domino.exe


    ========== Win32 Services (SafeList) ==========

    SRV - [2012/01/03 17:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/11/28 22:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2011/01/05 06:57:32 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
    SRV - [2011/01/04 22:05:54 | 000,284,672 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
    SRV - [2010/06/17 05:23:34 | 000,140,224 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
    SRV - [2008/01/21 06:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (gdrv)
    DRV - [2011/11/28 21:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2011/11/28 21:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2011/11/28 21:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2011/11/28 21:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2011/11/28 21:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2011/11/28 21:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2011/01/05 07:36:10 | 006,789,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
    DRV - [2011/01/05 06:19:18 | 000,235,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
    DRV - [2010/12/30 15:19:40 | 000,016,640 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys -- (Apowersoft_AudioDevice)
    DRV - [2010/11/17 16:04:12 | 000,097,296 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
    DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
    DRV - [2010/04/08 22:32:36 | 000,215,656 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
    DRV - [2010/02/18 09:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
    DRV - [2010/02/05 05:16:10 | 000,028,048 | ---- | M] (CSR, plc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp)
    DRV - [2007/08/31 10:00:00 | 000,474,368 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vvftav.sys -- (vvftav)
    DRV - [2007/08/03 10:27:04 | 001,470,592 | ---- | M] (ZSMC.Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZS211.sys -- (ZSMC30x)
    DRV - [2006/11/02 11:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1357999196-2640852219-2256871205-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    IE - HKU\S-1-5-21-1357999196-2640852219-2256871205-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
    IE - HKU\S-1-5-21-1357999196-2640852219-2256871205-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
    IE - HKU\S-1-5-21-1357999196-2640852219-2256871205-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 28 1D 46 4A DB CB 01 [binary data]
    IE - HKU\S-1-5-21-1357999196-2640852219-2256871205-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-1357999196-2640852219-2256871205-1000\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - No CLSID value found
    IE - HKU\S-1-5-21-1357999196-2640852219-2256871205-1000\..\SearchScopes,DefaultScope = ${searchCLSID}
    IE - HKU\S-1-5-21-1357999196-2640852219-2256871205-1000\..\SearchScopes\${searchCLSID}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKU\S-1-5-21-1357999196-2640852219-2256871205-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-1357999196-2640852219-2256871205-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}
    IE - HKU\S-1-5-21-1357999196-2640852219-2256871205-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/11/03 20:49:53 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/11/03 20:49:53 | 000,000,000 | ---D | M]

    [2012/02/25 23:09:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Didier\AppData\Roaming\mozilla\Extensions
    [2012/02/26 11:43:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Didier\AppData\Roaming\mozilla\Firefox\Profiles\pkz6sgr7.default\extensions
    [2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2012/02/25 19:26:40 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:o riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Didier\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.65\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.65\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.65\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: YouTube = C:\Users\Didier\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Recherche Google = C:\Users\Didier\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
    CHR - Extension: Gmail = C:\Users\Didier\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2006/09/19 01:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (PCTBHO Class) - {293A63F7-C3B6-423a-9845-901AC0A7EE6E} - C:\Program Files\PCTuto\pctutoBHO.dll (PCTUTO)
    O2 - BHO: (no name) - {2DA14D1D-AE74-4A74-A0FE-C79504755DB8} - No CLSID value found.
    O3 - HKU\S-1-5-21-1357999196-2640852219-2256871205-1000\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [Domino] C:\Windows\Domino.exe ()
    O4 - HKLM..\Run: [PCTuto] C:\Program Files\PCTuto\pctuto.exe (PCTUTO)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [ZSSnp211] C:\Windows\ZSSnp211.exe (ZSMCSNAP)
    O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1357999196-2640852219-2256871205-1000..\Run: [AROReminder] C:\Program Files\ARO 2011\ARO.exe (Support.com)
    O4 - HKLM..\RunOnce: [autoupdater] C:\Users\Didier\AppData\Roaming\PCTuto\PCTuto\autoupdater.exe (PCTuto)
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
    O9 - Extra Button: Seeearch - {CDB982ED-F9D6-4E3B-B94B-96F705D35AD1} - Reg Error: Key error. File not found
    O9 - Extra 'Tools' menuitem : Seeearch - {CDB982ED-F9D6-4E3B-B94B-96F705D35AD1} - Reg Error: Key error. File not found
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-1357999196-2640852219-2256871205-1000\..Trusted Domains: dainrauscher.com ([]https in Local intranet)
    O15 - HKU\S-1-5-21-1357999196-2640852219-2256871205-1000\..Trusted Domains: rbcdain.com ([]https in Local intranet)
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/Gam... (UnoCtrl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-wind... (Java Plug-in 1.6.0_29)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPACl... (MessengerStatsClient Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-wind... (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-wind... (Java Plug-in 1.6.0_29)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/fl... (Shockwave Flash Object)
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab569... (Minesweeper Flags Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14CFD418-D66A-4F67-9532-905DFD339851}: DhcpNameServer = 192.168.1.1
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Didier\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Didier\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/19 01:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found


    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/03/06 10:48:56 | 000,000,000 | ---D | C] -- C:\Users\Didier\AppData\Local\{62417AF1-0475-4346-8A05-7F782A4604AD}
    [2012/03/06 10:48:32 | 000,000,000 | ---D | C] -- C:\Users\Didier\AppData\Local\{29D4BFC4-E3EF-4CB3-9BF1-B251823C99F6}
    [2012/03/06 00:13:54 | 000,000,000 | ---D | C] -- C:\Users\Didier\AppData\Roaming\Malwarebytes
    [2012/03/06 00:13:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/03/06 00:13:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2012/03/06 00:13:48 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/03/06 00:13:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/03/06 00:13:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/03/06 00:12:46 | 004,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Didier\Desktop\mbam-setup.exe
    [2012/03/05 23:37:51 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\Didier\Desktop\OTL.exe
    [2012/03/05 19:26:19 | 000,000,000 | ---D | C] -- C:\Users\Didier\AppData\Local\{41DA0491-0C28-403F-87F9-E6A84EE6FFB1}
    [2012/03/05 19:25:47 | 000,000,000 | ---D | C] -- C:\Users\Didier\AppData\Local\{431C7943-1C32-4647-9319-3F62BC676960}
    [2012/03/03 09:35:32 | 000,000,000 | ---D | C] -- C:\Users\Didier\AppData\Local\{C5CDB5BC-8B19-49C9-A27D-C7DDBA312D72}
    [2012/03/03 09:35:02 | 000,000,000 | ---D | C] -- C:\Users\Didier\AppData\Local\{92160EF2-33FD-477B-84FC-8C3AF7E15D2B}
    [2012/03/02 19:04:42 | 000,000,000 | ---D | C] -- C:\Users\Didier\AppData\Local\{E9C87AF1-01FB-4838-959A-36E247B6AD53}
    [2012/03/02 19:04:24 | 000,000,000 | ---D | C] -- C:\Users\Didier\AppData\Local\{51030AA2-D25A-4287-8E95-09FC1BDDF1BE}
    [2012/03/01 20:29:30 | 000,000,000 | ---D | C] -- C:\Users\Didier\AppData\Roaming\PCTuto
    [2012/03/01 20:29:30 | 000,000,000 | ---D | C] -- C:\Users\Didier\AppData\Local\PCTuto
    [2012/03/01 20:29:30 | 000,000,000 | ---D | C] -- C:\Program Files\PCTuto
    [2012/03/01 20:28:46 | 001,894,048 | ---- | C] (PCTuto ) -- C:\Users\Didier\Desktop\pctuto_1011.exe
    [2012/03/01 20:13:23 | 000,000,000 | ---D | C] -- C:\Program Files\Selteco
    [2012/03/01 12:04:59 | 000,000,000 | ---D | C] -- C:\Users\Didier\AppData\Local\{CBF2894F-6CD7-4FAD-A96D-4B974A3B00D3}
    [2012/03/01 12:04:36 | 000,000,000 | ---D | C] -- C:\Users\Didier\AppData\Local\{5CDC47BF-6F5C-46DE-BB84-7908B4F1D2B6}
    [2012/02/29 11:50:49 | 000,000,000 | ---D | C] -- C:\Users\Didier\AppData\Local\{5726AE6E-C40D-4003-976F-B04AC4FBE141}
    [2012/02/29 11:49:54 | 000,000,000 | ---D | C] -- C:\Users\Didier\AppData\Local\{9F0B0A18-C0DE-4182-8DDA-2ED28D575D28}
    [2012/02/26 11:32:08 | 000,000,000 | ---D | C] -- C:\Users\Didier\AppData\Local\{7C90BD23-94AE-48C5-BF90-FB4429692015}
    [2012/02/26 11:31:45 | 000,000,000 | ---D | C] -- C:\Users\Didier\AppData\Local\{E2E73C22-7E0D-4635-831F-9D7F9DE3BF2E}
    [2012/02/25 20:34:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2012/02/25 20:00:32 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2012/02/25 19:43:08 | 000,000,000 | ---D | C] -- C:\Users\Didier\AppData\Local\widestream6 Air
    [2012/02/25 19:37:22 | 000,000,000 | ---D | C] -- C:\ToolBar SD
    [2012/02/25 19:28:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\Grand Theft Auto IV Screenshot dir
    [2012/02/25 19:27:08 | 000,520,192 | ---- | C] (ScreenTime Media) -- C:\Windows\System32\Grand Theft Auto IV Screenshot.scr
    [2012/02/25 19:26:39 | 000,000,000 | ---D | C] -- C:\Users\Didier\AppData\Local\Babylon
    [2012/02/25 19:26:38 | 000,000,000 | ---D | C] -- C:\Users\Didier\AppData\Roaming\Babylon
    [2012/02/25 19:26:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
    [2012/02/25 19:16:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
    [2012/02/25 19:07:07 | 000,000,000 | ---D | C] -- C:\Users\Didier\AppData\Local\{58D9A0EA-F067-48B1-AE3F-F50B3C614DA0}
    [2012/02/25 19:06:55 | 000,000,000 | ---D | C] -- C:\Users\Didier\AppData\Local\{DD1CFB07-4E5C-4482-AB75-C62A27762623}
    [2012/02/25 10:27:54 | 000,000,000 | ---D | C] -- C:\Users\Didier\AppData\Local\{50F1C159-DB53-41CA-9083-E75A315BC827}
    [2012/02/24 12:10:32 | 000,000,000 | ---D | C] -- C:\Users\Didier\AppData\Local\{A66471F8-61E9-4969-9F5E-1512BA8433B7}
    [2012/02/24 12:09:46 | 000,000,000 | ---D | C] -- C:\Users\Didier\AppData\Local\{5BCD40B6-9C96-4EF8-9E31-AF14ACD12CB3}
    [2012/02/23 12:01:02 | 000,000,000 | ---D | C] -- C:\Users\Didier\AppData\Local\{BC5D6F1C-FD3B-449E-9FC5-BF6EFA832FE6}
    [2012/02/23 12:00:43 | 000,000,000 | ---D | C] -- C:\Users\Didier\AppData\Local\{DD71D60C-DB8F-48EA-9588-E03E3C82AFCE}
    [2012/02/22 12:22:54 | 000,000,000 | ---D | C] -- C:\Users\Didier\AppData\Local\{356CAE1E-67E8-4056-ADE3-D4958C4E3F1A}
    [2012/02/22 12:22:34 | 000,000,000 | ---D | C] -- C:\Users\Didier\AppData\Local\{8F7A44D4-6ADD-4ECA-83FF-F03320796E59}
    [2012/02/21 19:39:43 | 000,000,000 | ---D | C] -- C:\Users\Didier\AppData\Local\{DFB89325-6DF3-4AC0-B83F-35D8E92BAD62}
    [2012/02/20 18:34:26 | 000,000,000 | ---D | C] -- C:\Users\Didier\Desktop\fdffff
    [2012/02/20 12:00:43 | 000,000,000 | ---D | C] -- C:\Users\Didier\AppData\Local\{5CACF2E5-A78F-4EFB-92DF-27588E374A13}
    [2012/02/20 12:00:22 | 000,000,000 | ---D | C] -- C:\Users\Didier\AppData\Local\{2F886F2E-EB3F-4437-9ECF-C0BE8DA87740}
    [2012/02/19 06:33:38 | 000,000,000 | ---D | C] -- C:\Users\Didier\AppData\Local\{79540C6E-CAEF-45FC-98B5-09FC57E499EE}
    [2012/02/18 23:01:32 | 000,000,000 | ---D | C] -- C:\Users\Didier\AppData\Local\{8D34D36E-CCFB-4FF5-BA26-A8FEC693D971}
    [2012/02/18 23:01:14 | 000,000,000 | ---D | C] -- C:\Users\Didier\AppData\Local\{AEB2874B-1E0B-4DB5-8741-11883B5E29AC}
    [2012/02/17 12:11:00 | 000,000,000 | ---D | C] -- C:\Users\Didier\AppData\Local\{1D4FE35C-4902-4923-930D-EC0808355C8D}
    [2012/02/17 12:10:48 | 000,000,000 | ---D | C] -- C:\Users\Didier\AppData\Local\{A0D435E5-EAAF-47CC-8B96-DD369821198C}
    [2012/02/16 22:03:56 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2012/02/16 22:03:54 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
    [2012/02/16 22:03:53 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
    [2012/02/16 22:03:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2012/02/16 22:03:53 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2012/02/16 22:03:49 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2012/02/16 11:47:22 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2012/02/16 11:43:26 | 000,000,000 | ---D | C] -- C:\Users\Didier\AppData\Local\{F5E7C95C-B258-4DC9-AC2A-538C2830F4DD}
    [2012/02/16 11:42:53 | 000,000,000 | ---D | C] -- C:\Users\Didier\AppData\Local\{4AD43762-5588-4F98-BDFF-AA4265AE7023}
    [2012/02/15 23:01:45 | 000,000,000 | ---D | C] -- C:\Users\Didier\Desktop\Pictures
    [2012/02/15 22:58:55 | 000,000,000 | ---D | C] -- C:\Users\Didier\Desktop\mes tof 974
    [2012/02/15 16:54:45 | 000,000,000 | ---D | C] -- C:\Users\Didier\AppData\Local\{5ECC2F04-5311-4BF9-A01C-03B6960C4691}
    [2012/02/15 16:54:11 | 000,000,000 | ---D | C] -- C:\Users\Didier\AppData\Local\{6AF9E6B0-0A38-4CA8-B345-0AD7F0639E09}
    [2012/02/14 06:47:30 | 000,000,000 | ---D | C] -- C:\Users\Didier\AppData\Local\{0A34B48C-9D36-4AA5-B081-3025C3FCC94A}
    [2012/02/14 06:47:07 | 000,000,000 | ---D | C] -- C:\Users\Didier\AppData\Local\{1F3BCFBC-B75C-43A1-AF33-044DC130545F}
    [2012/02/13 16:31:10 | 000,000,000 | ---D | C] -- C:\Users\Didier\AppData\Local\{CC01F6A5-C0C6-4DFF-8BD3-A959084C94BE}
    [2012/02/13 16:30:36 | 000,000,000 | ---D | C] -- C:\Users\Didier\AppData\Local\{D9CCB71F-1584-48E3-A27A-E8DD9E4EC857}
    [2012/02/12 11:20:46 | 000,000,000 | ---D | C] -- C:\Users\Didier\AppData\Local\{79D5952E-E872-4AF4-A604-397377521D0E}
    [2012/02/12 11:20:19 | 000,000,000 | ---D | C] -- C:\Users\Didier\AppData\Local\{4D0F7B07-778B-489D-B0B1-AEB57193BDE1}
    [2012/02/11 11:36:01 | 000,000,000 | ---D | C] -- C:\Users\Didier\AppData\Local\{DA8E5AB2-4652-4FAF-BF1F-2EC1FA1E2C84}
    [2012/02/11 11:35:23 | 000,000,000 | ---D | C] -- C:\Users\Didier\AppData\Local\{13AF7A34-1B0A-4151-B430-5F904A17EC3A}
    [2012/02/10 12:08:45 | 000,000,000 | ---D | C] -- C:\Users\Didier\AppData\Local\{F6911AED-5984-4962-900D-C99CD9B175FE}
    [2012/02/10 12:08:02 | 000,000,000 | ---D | C] -- C:\Users\Didier\AppData\Local\{0C340E45-3317-4FF7-8D0A-57713655A530}
    [2012/02/09 19:05:32 | 000,000,000 | ---D | C] -- C:\Users\Didier\AppData\Local\{DF25FE86-CB7A-4E63-A813-800B05C35C32}
    [2012/02/09 19:04:57 | 000,000,000 | ---D | C] -- C:\Users\Didier\AppData\Local\{0697D1C6-7226-451E-9316-DC006F3B422B}
    [2012/02/08 17:50:25 | 000,000,000 | ---D | C] -- C:\Users\Didier\AppData\Local\{4A1C6493-6F77-4EF1-84C7-AF145F8EA1DE}
    [2012/02/08 17:49:41 | 000,000,000 | ---D | C] -- C:\Users\Didier\AppData\Local\{60295C39-78B8-4743-BF97-0BCB68BFAC8C}
    [2012/02/07 19:31:11 | 000,000,000 | ---D | C] -- C:\Users\Didier\AppData\Local\{2C7E3BDD-43C5-407D-A187-1FB5293309A1}
    [2012/02/07 19:30:30 | 000,000,000 | ---D | C] -- C:\Users\Didier\AppData\Local\{398C469C-4774-47BD-95F1-B2AD76AC277B}
    [2012/02/06 20:00:34 | 000,000,000 | ---D | C] -- C:\Users\Didier\AppData\Local\{B56BED96-829A-448C-9A0F-2B7D636A76E0}
    [2012/02/06 20:00:13 | 000,000,000 | ---D | C] -- C:\Users\Didier\AppData\Local\{F84D6555-02EE-4220-8D6E-1FA9A1A6D270}
    [2011/08/13 11:52:52 | 000,075,456 | ---- | C] (MyWebSearch.com) -- C:\Users\Didier\AppData\Local\mwsauto.exe

    ========== Files - Modified Within 30 Days ==========

    [2012/03/06 19:43:04 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/03/06 19:30:56 | 000,678,804 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
    [2012/03/06 19:30:56 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/03/06 19:30:56 | 000,126,420 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
    [2012/03/06 19:30:55 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/03/06 19:24:11 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/03/06 19:23:56 | 000,004,112 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/03/06 19:23:55 | 000,004,112 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/03/06 19:23:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/03/06 19:23:40 | 3488,026,624 | -HS- | M] () -- C:\hiberfil.sys
    [2012/03/06 19:22:59 | 000,005,332 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2012/03/06 14:25:38 | 018,866,993 | ---- | M] () -- C:\Users\Didier\Desktop\video-2012-03-06-14-09-05.mp4
    [2012/03/06 11:39:54 | 003,392,731 | ---- | M] () -- C:\Users\Didier\Desktop\TAL - Le sens de la vie.mp3
    [2012/03/06 00:13:52 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2012/03/06 00:12:52 | 004,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Didier\Desktop\mbam-setup.exe
    [2012/03/05 23:37:59 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Didier\Desktop\OTL.exe
    [2012/03/05 18:49:59 | 000,001,840 | ---- | M] () -- C:\Users\Didier\Documents\cc_20120305_184955.reg
    [2012/03/05 12:44:21 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2012/03/04 18:59:22 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Didier.job
    [2012/03/03 10:48:15 | 000,067,072 | ---- | M] () -- C:\Users\Didier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/03/03 10:32:44 | 734,509,056 | ---- | M] () -- C:\Users\Didier\Desktop\Titanic.2.FRENCH.DVDRiP.XViD._1divx.com_.avi
    [2012/03/01 22:37:38 | 000,074,417 | ---- | M] () -- C:\Users\Didier\Desktop\DSC00011.JPG
    [2012/03/01 20:28:57 | 001,894,048 | ---- | M] (PCTuto ) -- C:\Users\Didier\Desktop\pctuto_1011.exe
    [2012/03/01 17:27:40 | 000,060,169 | ---- | M] () -- C:\Users\Didier\Desktop\417044_170172119766082_100003198853737_248750_116090442_n.jpg
    [2012/02/29 21:36:42 | 004,376,065 | ---- | M] () -- C:\Users\Didier\Desktop\booba comme une etoile.mp3
    [2012/02/29 12:27:40 | 003,072,867 | ---- | M] () -- C:\Users\Didier\Desktop\AVSEQ11.MP3
    [2012/02/29 12:25:30 | 005,708,518 | ---- | M] () -- C:\Users\Didier\Desktop\AVSEQ01_New1.mp3
    [2012/02/29 12:24:10 | 005,392,826 | ---- | M] () -- C:\Users\Didier\Desktop\03-Petit Frère.mp3
    [2012/02/29 12:21:44 | 000,001,597 | ---- | M] () -- C:\Users\Didier\Desktop\Bluetooth File Transfer Wizard.lnk
    [2012/02/28 21:30:20 | 000,095,252 | ---- | M] () -- C:\Users\Didier\Desktop\Sow.jpg
    [2012/02/26 20:02:05 | 000,034,110 | ---- | M] () -- C:\Users\Didier\Desktop\Fortunna.jpg
    [2012/02/25 21:02:59 | 000,262,728 | ---- | M] () -- C:\Users\Didier\Documents\cc_20120225_210247.reg
    [2012/02/25 20:34:23 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2012/02/25 20:34:13 | 000,001,955 | ---- | M] () -- C:\Users\Didier\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/02/25 19:34:32 | 000,319,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
    [2012/02/25 19:28:31 | 000,520,192 | ---- | M] (ScreenTime Media) -- C:\Windows\System32\Grand Theft Auto IV Screenshot.scr
    [2012/02/25 19:27:58 | 000,000,638 | ---- | M] () -- C:\user.js
    [2012/02/24 13:22:00 | 000,001,356 | ---- | M] () -- C:\Users\Didier\AppData\Local\d3d9caps.dat
    [2012/02/23 21:22:32 | 004,910,343 | ---- | M] () -- C:\Users\Didier\Desktop\Marvin tu me manqueras toujours.mp3
    [2012/02/23 09:18:36 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
    [2012/02/16 11:46:45 | 004,917,508 | ---- | M] () -- C:\Users\Didier\Desktop\Youssoupha feat. Corneille - Histoires Vraies.mp3
    [2012/02/10 22:10:15 | 000,324,318 | ---- | M] () -- C:\Users\Didier\P300112_0804.jpg

    ========== Files Created - No Company Name ==========

    [2012/03/06 14:25:38 | 018,866,993 | ---- | C] () -- C:\Users\Didier\Desktop\video-2012-03-06-14-09-05.mp4
    [2012/03/06 11:39:47 | 003,392,731 | ---- | C] () -- C:\Users\Didier\Desktop\TAL - Le sens de la vie.mp3
    [2012/03/06 00:13:52 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2012/03/05 18:49:56 | 000,001,840 | ---- | C] () -- C:\Users\Didier\Documents\cc_20120305_184955.reg
    [2012/03/03 09:51:56 | 734,509,056 | ---- | C] () -- C:\Users\Didier\Desktop\Titanic.2.FRENCH.DVDRiP.XViD._1divx.com_.avi
    [2012/03/01 22:37:29 | 000,074,417 | ---- | C] () -- C:\Users\Didier\Desktop\DSC00011.JPG
    [2012/03/01 17:27:38 | 000,060,169 | ---- | C] () -- C:\Users\Didier\Desktop\417044_170172119766082_100003198853737_248750_116090442_n.jpg
    [2012/02/29 21:36:32 | 004,376,065 | ---- | C] () -- C:\Users\Didier\Desktop\booba comme une etoile.mp3
    [2012/02/29 12:27:40 | 003,072,867 | ---- | C] () -- C:\Users\Didier\Desktop\AVSEQ11.MP3
    [2012/02/29 12:25:30 | 005,708,518 | ---- | C] () -- C:\Users\Didier\Desktop\AVSEQ01_New1.mp3
    [2012/02/29 12:24:10 | 005,392,826 | ---- | C] () -- C:\Users\Didier\Desktop\03-Petit Frère.mp3
    [2012/02/29 12:21:44 | 000,001,597 | ---- | C] () -- C:\Users\Didier\Desktop\Bluetooth File Transfer Wizard.lnk
    [2012/02/28 21:30:19 | 000,095,252 | ---- | C] () -- C:\Users\Didier\Desktop\Sow.jpg
    [2012/02/26 20:02:03 | 000,034,110 | ---- | C] () -- C:\Users\Didier\Desktop\Fortunna.jpg
    [2012/02/25 21:02:49 | 000,262,728 | ---- | C] () -- C:\Users\Didier\Documents\cc_20120225_210247.reg
    [2012/02/25 20:34:23 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2012/02/25 20:34:13 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2012/02/25 20:34:13 | 000,001,955 | ---- | C] () -- C:\Users\Didier\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/02/25 20:32:37 | 000,001,056 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/02/25 20:32:36 | 000,001,052 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/02/25 19:14:17 | 000,000,638 | ---- | C] () -- C:\user.js
    [2012/02/23 21:22:12 | 004,910,343 | ---- | C] () -- C:\Users\Didier\Desktop\Marvin tu me manqueras toujours.mp3
    [2012/02/16 11:46:22 | 004,917,508 | ---- | C] () -- C:\Users\Didier\Desktop\Youssoupha feat. Corneille - Histoires Vraies.mp3
    [2012/02/10 22:09:22 | 000,324,318 | ---- | C] () -- C:\Users\Didier\P300112_0804.jpg
    [2011/11/03 20:42:36 | 000,177,982 | ---- | C] () -- C:\Windows\hphins33.dat
    [2011/11/03 20:42:36 | 000,000,512 | ---- | C] () -- C:\Windows\hphmdl33.dat
    [2011/10/28 21:03:36 | 000,005,488 | RH-- | C] () -- C:\Program Files\rbjcl.vbs
    [2011/03/04 22:53:04 | 000,067,072 | ---- | C] () -- C:\Users\Didier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/02/04 07:55:47 | 000,005,332 | ---- | C] () -- C:\Windows\bthservsdp.dat
    [2011/02/02 13:23:29 | 000,049,152 | ---- | C] () -- C:\Windows\Domino.exe
    [2011/01/29 16:05:34 | 000,010,084 | R--- | C] () -- C:\Windows\System32\drivers\nvphy.bin
    [2011/01/29 16:04:07 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
    [2011/01/29 15:37:10 | 000,001,356 | ---- | C] () -- C:\Users\Didier\AppData\Local\d3d9caps.dat
    [2011/01/29 13:52:42 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2011/01/29 13:52:20 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2011/01/29 13:52:20 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2011/01/29 12:24:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2011/01/05 06:17:40 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
    [2010/12/15 23:33:32 | 000,002,975 | ---- | C] () -- C:\Windows\System32\atipblag.dat
    [2010/10/28 02:13:58 | 000,226,857 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

    ========== LOP Check ==========

    [2011/11/07 20:48:34 | 000,000,000 | ---D | M] -- C:\Users\Didier\AppData\Roaming\Apowersoft
    [2012/02/25 19:26:38 | 000,000,000 | ---D | M] -- C:\Users\Didier\AppData\Roaming\Babylon
    [2011/11/19 21:02:49 | 000,000,000 | ---D | M] -- C:\Users\Didier\AppData\Roaming\GetRightToGo
    [2011/10/12 15:52:14 | 000,000,000 | ---D | M] -- C:\Users\Didier\AppData\Roaming\OpenOffice.org
    [2012/03/01 20:29:30 | 000,000,000 | ---D | M] -- C:\Users\Didier\AppData\Roaming\PCTuto
    [2011/12/13 19:22:36 | 000,000,000 | ---D | M] -- C:\Users\Didier\AppData\Roaming\Sammsoft
    [2011/12/28 23:53:53 | 000,000,000 | ---D | M] -- C:\Users\Didier\AppData\Roaming\smc
    [2011/02/07 17:03:11 | 000,000,000 | ---D | M] -- C:\Users\Didier\AppData\Roaming\UseNeXT
    [2012/03/06 19:22:59 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < >

    < >

    < >

    < %APPDATA%\*. >
    [2011/02/22 17:32:00 | 000,000,000 | ---D | M] -- C:\Users\Didier\AppData\Roaming\Adobe
    [2011/11/07 20:48:34 | 000,000,000 | ---D | M] -- C:\Users\Didier\AppData\Roaming\Apowersoft
    [2011/01/31 15:07:58 | 000,000,000 | ---D | M] -- C:\Users\Didier\AppData\Roaming\Apple Computer
    [2011/01/29 15:20:46 | 000,000,000 | ---D | M] -- C:\Users\Didier\AppData\Roaming\ATI
    [2012/02/25 19:26:38 | 000,000,000 | ---D | M] -- C:\Users\Didier\AppData\Roaming\Babylon
    [2011/11/19 21:02:49 | 000,000,000 | ---D | M] -- C:\Users\Didier\AppData\Roaming\GetRightToGo
    [2011/11/03 20:52:21 | 000,000,000 | ---D | M] -- C:\Users\Didier\AppData\Roaming\HP
    [2011/12/24 22:52:15 | 000,000,000 | ---D | M] -- C:\Users\Didier\AppData\Roaming\HpUpdate
    [2011/01/29 15:37:15 | 000,000,000 | ---D | M] -- C:\Users\Didier\AppData\Roaming\Identities
    [2011/02/02 13:23:08 | 000,000,000 | ---D | M] -- C:\Users\Didier\AppData\Roaming\InstallShield
    [2011/02/02 20:08:51 | 000,000,000 | ---D | M] -- C:\Users\Didier\AppData\Roaming\Macromedia
    [2012/03/06 00:13:54 | 000,000,000 | ---D | M] -- C:\Users\Didier\AppData\Roaming\Malwarebytes
    [2006/11/02 16:37:34 | 000,000,000 | ---D | M] -- C:\Users\Didier\AppData\Roaming\Media Center Programs
    [2011/12/17 20:20:49 | 000,000,000 | --SD | M] -- C:\Users\Didier\AppData\Roaming\Microsoft
    [2012/02/25 23:09:03 | 000,000,000 | ---D | M] -- C:\Users\Didier\AppData\Roaming\Mozilla
    [2011/10/12 15:52:14 | 000,000,000 | ---D | M] -- C:\Users\Didier\AppData\Roaming\OpenOffice.org
    [2012/03/01 20:29:30 | 000,000,000 | ---D | M] -- C:\Users\Didier\AppData\Roaming\PCTuto
    [2011/12/13 19:22:36 | 000,000,000 | ---D | M] -- C:\Users\Didier\AppData\Roaming\Sammsoft
    [2011/12/28 23:53:53 | 000,000,000 | ---D | M] -- C:\Users\Didier\AppData\Roaming\smc
    [2011/02/07 17:03:11 | 000,000,000 | ---D | M] -- C:\Users\Didier\AppData\Roaming\UseNeXT
    [2011/11/05 10:25:13 | 000,000,000 | ---D | M] -- C:\Users\Didier\AppData\Roaming\vlc
    [2011/03/03 20:16:01 | 000,000,000 | ---D | M] -- C:\Users\Didier\AppData\Roaming\WinRAR

    < >

    < %APPDATA%\*.exe /s >
    [2011/12/17 20:20:49 | 000,010,134 | R--- | M] () -- C:\Users\Didier\AppData\Roaming\Microsoft\Installer\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}\ARPPRODUCTICON.exe
    [2011/03/02 18:43:58 | 000,663,168 | ---- | M] (PCTuto) -- C:\Users\Didier\AppData\Roaming\PCTuto\PCTuto\autoupdater.exe
    [2011/03/02 18:43:58 | 000,769,664 | ---- | M] (Agence-Exclusive) -- C:\Users\Didier\AppData\Roaming\PCTuto\PCTuto\UpdatePCTuto.exe

    < >

    < %SYSTEMDRIVE%\*.* >
    [2011/10/03 10:56:27 | 000,005,909 | ---- | M] () -- C:\Ad-Report-CLEAN[1].txt
    [2011/10/03 11:01:09 | 000,003,070 | ---- | M] () -- C:\Ad-Report-CLEAN[2].txt
    [2012/02/25 19:46:52 | 000,008,125 | ---- | M] () -- C:\Ad-Report-CLEAN[3].txt
    [2012/02/25 19:53:18 | 000,005,393 | ---- | M] () -- C:\Ad-Report-CLEAN[4].txt
    [2011/10/03 10:48:22 | 000,006,839 | ---- | M] () -- C:\Ad-Report-SCAN[1].txt
    [2012/03/06 19:38:56 | 000,004,270 | ---- | M] () -- C:\Ad-Report-SCAN[2].txt
    [2011/09/25 11:39:13 | 000,004,116 | ---- | M] () -- C:\AdwCleaner[S1].txt
    [2011/11/19 21:41:06 | 000,007,060 | ---- | M] () -- C:\AdwCleaner[S2].txt
    [2011/11/19 21:42:51 | 000,001,301 | ---- | M] () -- C:\AdwCleaner[S3].txt
    [2011/12/13 19:07:36 | 000,009,384 | ---- | M] () -- C:\AdwCleaner[S4].txt
    [2006/09/19 01:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/04/10 23:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2011/01/29 17:39:16 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2006/09/19 01:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2012/03/06 19:23:40 | 3488,026,624 | -HS- | M] () -- C:\hiberfil.sys
    [2011/11/20 22:35:22 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2011/11/20 22:35:22 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2012/03/06 19:23:37 | 3801,694,208 | -HS- | M] () -- C:\pagefile.sys
    [2012/02/25 19:38:23 | 000,001,900 | ---- | M] () -- C:\TB.txt
    [2012/02/25 19:27:58 | 000,000,638 | ---- | M] () -- C:\user.js

    < >

    < %systemroot%\*. /mp /s >

    < >

    < %systemroot%\System32\config\*.sav >
    [2008/01/21 07:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2008/01/21 07:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2008/01/21 07:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 14:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 14:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < >

    < %systemroot%\Tasks\*.job /lockedfiles >

    < >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < >

    < %systemroot%\system32\*.dll /lockedfiles >

    < >


    < MD5 for: EXPLORER.EXE >
    [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
    [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
    [2008/01/21 06:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

    < MD5 for: IEXPLORE.EXE >
    [2009/04/10 23:27:46 | 000,636,080 | ---- | M] (Microsoft Corporation) MD5=2C5168C856455CC43C4B4E1CC1920001 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6002.18005_none_314d791517204c15\iexplore.exe
    [2010/11/02 10:03:13 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=5AB037B17F8A87D052F5A88E0D29A3C8 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18999_none_11f2d8e9300c984e\iexplore.exe
    [2008/01/21 06:23:50 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=5B92133D3E7FB2644677686305E29E81 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18000_none_2f62000919fe80c9\iexplore.exe
    [2010/10/20 21:48:33 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=63E2F08404C9824C6CE6EE4A308B4083 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18542_none_2f38ca6b1a1d14fe\iexplore.exe
    [2010/12/18 11:19:44 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=7852371DA9EFBC17B645558E23780EAC -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23111_none_12cacae648f0c11a\iexplore.exe
    [2011/05/05 16:23:47 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Program Files\Internet Explorer\iexplore.exe
    [2011/05/05 16:23:47 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16421_none_58a99749ebaa0de6\iexplore.exe
    [2010/11/02 11:13:47 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=92A17B0A89D14815AACC62CD190B6CE3 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23091_none_127449a04931a37b\iexplore.exe
    [2011/02/22 11:18:28 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=9CE5543464432CA73134F170FA2BF823 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23143_none_12ac5bb64907479b\iexplore.exe
    [2009/03/09 01:09:24 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18702_none_124d22632fc9f126\iexplore.exe
    [2010/12/18 10:28:35 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=B988D7F127B94BD5BF8356FE81B985C4 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19019_none_1249306b2fcbec08\iexplore.exe
    [2011/02/22 10:21:12 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=C1D36A2CBE0CEC4DF593DB1288CF586E -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19048_none_1227c05d2fe52684\iexplore.exe
    [2010/10/21 22:50:10 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=ED748658B126A4617A4BA4A8F4F10DBE -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22784_none_2f992a0033595461\iexplore.exe

    < MD5 for: SVCHOST.EXE >
    [2008/01/21 06:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\system32\svchost.exe
    [2008/01/21 06:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

    < MD5 for: USERINIT.EXE >
    [2008/01/21 06:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\system32\userinit.exe
    [2008/01/21 06:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2009/04/10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\system32\winlogon.exe
    [2009/04/10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
    [2008/01/21 06:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

    < >

    < End of report >
    6 Mars 2012 17:43:56

    OTL Extras logfile created on: 06/03/2012 20:22:18 - Run 1
    OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\Didier\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    3,25 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 60,69% Memory free
    6,69 Gb Paging File | 5,36 Gb Available in Paging File | 80,05% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 244,14 Gb Total Space | 130,19 Gb Free Space | 53,33% Space Free | Partition Type: NTFS

    Computer Name: PC-DE-DIDIER | User Name: Didier | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{07EA0B44-7309-4DB6-987A-2EE0D45138F3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{08C97801-6538-4E69-8D53-7CC09F1C3B79}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{0C46ACF3-5058-4109-BD71-AC9E5F699782}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{192D8CD3-1BDD-4B28-AE85-B35E2220DB96}" = lport=137 | protocol=17 | dir=in | app=system |
    "{229066F0-BA49-49C2-BC41-C0FBDFBFAE93}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{23E50BBB-1A3F-401D-AB33-FA8F9EA8265F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{2AFFA054-514D-45B7-AEB8-CD48B24E503B}" = lport=445 | protocol=6 | dir=in | app=system |
    "{37DD9FBB-20A0-4EA3-B71A-BD91B00E7FC5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{4A0768AA-033E-4D2F-9601-C419BC88198A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{4DF0903B-D5DC-4E40-AD47-12F8C99C201B}" = lport=138 | protocol=17 | dir=in | app=system |
    "{677C63B2-5872-47B5-BE75-4AFBA96AD6A5}" = lport=139 | protocol=6 | dir=in | app=system |
    "{69B33A73-39C0-47A6-8158-340EE52C886C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{A2A5DBBA-DA35-462B-B26A-751D1A495AEE}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{A35EFA43-C4C6-4950-8942-33D7A2D18BDE}" = rport=445 | protocol=6 | dir=out | app=system |
    "{B497100D-23C1-4CA6-A3C0-70692BAC0618}" = rport=138 | protocol=17 | dir=out | app=system |
    "{B823133A-241E-47C0-9F8E-E0A818D2E673}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{C71CD128-EF63-4698-B214-39688F53BC4F}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{C7C5BE48-811A-4030-B365-99A467E6665B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{D32FE66B-D7CC-4B04-A3AF-DAFC920D9B51}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{D754E339-0FFD-4E0E-9A96-E767D90A0BFD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{D819858E-4925-48C6-83F0-34D3DA8570C0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{DDF3110F-2EFD-4850-BFB2-D0A33DD6082F}" = rport=137 | protocol=17 | dir=out | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{3C300DAA-144F-42D5-B4A3-21F1720287CC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{3CF123D7-483F-4F45-8E35-84DF93261C0A}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
    "{3FD5CBD7-0738-4C0F-A857-EFC3333E35EF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
    "{4389FE11-CC90-46B4-A1C2-BBE180030644}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
    "{5035C122-7F6E-46F3-919B-C1D3ED5E0B8A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{69B74E65-9305-44EE-8F39-5A59FCA8928D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
    "{7725E80E-97A0-4F86-9A0A-5174DCE0C4F4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{82348CC6-43F9-442C-A71D-B24E55ACA359}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
    "{9C8DB974-9A68-48A8-89B6-BC5B531BF74A}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
    "{9FF4385A-3B5D-48D8-914D-217855111AC6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{AEB89061-C352-4FE1-B27F-874EC5C6C671}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
    "{B260C16E-6F93-4A32-A8E9-4BEFFCC820A6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{D41D1BFB-3BC9-4DDF-8DB3-A9DBEE396C4F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
    "{F4BDAA8A-E9F9-413E-BDEB-73DD2E8FC4CC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
    "{F6798DB4-B652-4A4F-B90C-E3C731585733}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
    "{0AAFCFAF-5544-EEAF-189B-C85B138112D1}" = ATI Catalyst Install Manager
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
    "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
    "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
    "{32BC62C5-32B9-F838-ADD4-CFEF544C6888}" = ccc-core-static
    "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
    "{343A1706-26A4-45EA-88CF-37CA172B0F27}" = D1600
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3CB1AEE0-0B27-F3C8-0582-67976480E480}" = AMD Fuel
    "{44D02D8B-FFB3-4245-8D26-68D10B4C4023}" = ZSMC USB PC Camera (ZS0211)
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
    "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
    "{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{771ABEA0-23AF-8F8E-63FE-168779F294B6}" = CCC Help English
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
    "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{96178C0A-BAF9-4E49-A2A5-CDE76722105B}" = HP Deskjet D1600 Printer Driver Software 14.0 Rel. 6
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
    "{AC76BA86-7AD7-1036-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Français
    "{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
    "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
    "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
    "{C92C89BB-1D11-C8D5-1584-D5259818479A}" = ccc-utility
    "{C9B2F671-870B-43A0-8B9D-7DB30CEBD87E}" = DJ_SF_06_D1600_SW_Min
    "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DB837331-6864-4B66-7248-4CB823DB4222}" = Catalyst Control Center InstallProxy
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{F47C09DB-746B-2ABA-819B-8FC759034E74}" = Catalyst Control Center Graphics Previews Common
    "{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Ad-Remover" = Ad-Remover par C_XX
    "ARO 2011_is1" = ARO 2011
    "Audacity_is1" = Audacity 1.2.6
    "avast" = avast! Free Antivirus
    "CCleaner" = CCleaner
    "Defraggler" = Defraggler
    "Google Chrome" = Google Chrome
    "HP Smart Web Printing" = HP Smart Web Printing 4.60
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "NSS" = Norton Security Scan
    "NVIDIA Drivers" = NVIDIA Drivers
    "Picasa 3" = Picasa 3
    "UseNeXT_is1" = UseNeXT
    "VLC media player" = VLC media player 1.1.5
    "WinGimp-2.0_is1" = GIMP 2.6.11
    "WinLiveSuite" = Windows Live
    "WinRAR archiver" = Logiciel d'archivage WinRAR

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1357999196-2640852219-2256871205-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Ad-Remover" = Ad-Remover
    "Wizard101(FR)_is1" = Wizard101(FR)

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 03/03/2012 11:28:57 | Computer Name = PC-de-Didier | Source = WinMgmt | ID = 10
    Description =

    Error - 04/03/2012 02:21:19 | Computer Name = PC-de-Didier | Source = WinMgmt | ID = 10
    Description =

    Error - 05/03/2012 04:29:08 | Computer Name = PC-de-Didier | Source = WinMgmt | ID = 10
    Description =

    Error - 05/03/2012 09:37:47 | Computer Name = PC-de-Didier | Source = WinMgmt | ID = 10
    Description =

    Error - 05/03/2012 11:24:42 | Computer Name = PC-de-Didier | Source = WinMgmt | ID = 10
    Description =

    Error - 05/03/2012 16:26:13 | Computer Name = PC-de-Didier | Source = WinMgmt | ID = 10
    Description =

    Error - 06/03/2012 02:47:40 | Computer Name = PC-de-Didier | Source = WinMgmt | ID = 10
    Description =

    Error - 06/03/2012 05:39:51 | Computer Name = PC-de-Didier | Source = WinMgmt | ID = 10
    Description =

    Error - 06/03/2012 10:36:14 | Computer Name = PC-de-Didier | Source = WinMgmt | ID = 10
    Description =

    Error - 06/03/2012 11:24:22 | Computer Name = PC-de-Didier | Source = WinMgmt | ID = 10
    Description =

    [ System Events ]
    Error - 05/03/2012 11:24:43 | Computer Name = PC-de-Didier | Source = Service Control Manager | ID = 7026
    Description =

    Error - 05/03/2012 16:25:44 | Computer Name = PC-de-Didier | Source = netbt | ID = 4321
    Description = Le nom "PC-DE-DIDIER :0" n'a pas pu être enregistré sur l'interface
    avec l'adresse IP 192.168.1.60. L'ordinateur avec l'adresse IP 192.168.1.59 n'a
    pas permis que le nom soit réclamé par cet ordinateur.

    Error - 05/03/2012 16:25:44 | Computer Name = PC-de-Didier | Source = netbt | ID = 4321
    Description = Le nom "PC-DE-DIDIER :0" n'a pas pu être enregistré sur l'interface
    avec l'adresse IP 192.168.1.60. L'ordinateur avec l'adresse IP 192.168.1.59 n'a
    pas permis que le nom soit réclamé par cet ordinateur.

    Error - 05/03/2012 16:25:47 | Computer Name = PC-de-Didier | Source = Server | ID = 2505
    Description = Le serveur n'a pas pu se lier au transport \Device\NetBT_Tcpip_{14CFD418-D66A-4F67-9532-905DFD339851}
    car un autre ordinateur du réseau porte le même nom. Le serveur n'a pas pu démarrer.

    Error - 05/03/2012 16:25:47 | Computer Name = PC-de-Didier | Source = netbt | ID = 4321
    Description = Le nom "PC-DE-DIDIER :20" n'a pas pu être enregistré sur l'interface
    avec l'adresse IP 192.168.1.60. L'ordinateur avec l'adresse IP 192.168.1.59 n'a
    pas permis que le nom soit réclamé par cet ordinateur.

    Error - 05/03/2012 16:26:13 | Computer Name = PC-de-Didier | Source = Service Control Manager | ID = 7026
    Description =

    Error - 06/03/2012 02:47:40 | Computer Name = PC-de-Didier | Source = Service Control Manager | ID = 7026
    Description =

    Error - 06/03/2012 05:39:51 | Computer Name = PC-de-Didier | Source = Service Control Manager | ID = 7026
    Description =

    Error - 06/03/2012 10:36:15 | Computer Name = PC-de-Didier | Source = Service Control Manager | ID = 7026
    Description =

    Error - 06/03/2012 11:24:22 | Computer Name = PC-de-Didier | Source = Service Control Manager | ID = 7026
    Description =


    < End of report >
    6 Mars 2012 17:48:17

    ======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

    Mis à jour par TeamXscript le 12/04/11
    Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
    Site web: http://www.teamxscript.org

    C:\Program Files\Ad-Remover\main.exe (SCAN [3]) -> Lancé à 20:43:13 le 06/03/2012, Mode normal

    Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2 (X86)
    Didier@PC-DE-DIDIER (Gigabyte Technology Co., Ltd. M68M-S2P)

    ============== RECHERCHE ==============


    Dossier trouvé: C:\Users\Didier\AppData\Roaming\PCtuto
    Dossier trouvé: C:\Users\Didier\AppData\Local\PCTuto
    Dossier trouvé: C:\Program Files\PCTuto

    Clé trouvée: HKLM\Software\Classes\CLSID\{293A63F7-C3B6-423a-9845-901AC0A7EE6E}
    Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{293A63F7-C3B6-423a-9845-901AC0A7EE6E}
    Clé trouvée: HKLM\Software\Classes\TypeLib\{0BF73E27-2734-4F7B-925A-4BBB1457F5FA}
    Clé trouvée: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar

    Valeur trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|PCTuto


    ============== SCAN ADDITIONNEL ==============

    -- C:\Users\Didier\AppData\Roaming\Mozilla\FireFox\Profiles\pkz6sgr7.default --
    Prefs.js - browser.download.lastDir, C:\\Users\\Didier\\Downloads
    Prefs.js - browser.startup.homepage_override.buildID, 20120215223356
    Prefs.js - browser.startup.homepage_override.mstone, rv:10.0.2

    ========================================

    **** Internet Explorer Version [9.0.8112.16421] ****

    HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
    HKCU_Main|Start Page - hxxp://fr.msn.com/
    HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
    HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
    HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM_Main|Start Page - hxxp://fr.msn.com/
    HKCU_URLSearchHooks|{9565115d-c7d6-46d3-bd63-b67b481a4368} (x)
    HKCU_SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} - "SweetIM Search" (hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms})
    HKLM_SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} - "SweetIM Search" (hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms})
    HKCU_Toolbar\WebBrowser|{EEE6C35B-6118-11DC-9C72-001320C79847} (x)
    HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
    HKLM_ElevationPolicy\{DAABE21E-DB8C-49b8-9511-9E6547ECBC6F} - c:\Program Files\McAfee\SiteAdvisor\saUI.exe (x)
    HKLM_Extensions\{CDB982ED-F9D6-4E3B-B94B-96F705D35AD1} - "Seeearch" (C:\Program Files\Seeearch\tbunssEF3A.tmp\favicon.ico)
    BHO\{293A63F7-C3B6-423a-9845-901AC0A7EE6E} - "PCTBHO Class" (C:\Program Files\PCTuto\pctutoBHO.dll)
    BHO\{2DA14D1D-AE74-4A74-A0FE-C79504755DB8} - "TBSB06155 Class" () (x)

    ========================================

    C:\Program Files\Ad-Remover\Quarantine: 119 Fichier(s)
    C:\Program Files\Ad-Remover\Backup: 37 Fichier(s)

    C:\Ad-Report-CLEAN[1].txt - 03/10/2011 10:55:05 (5909 Octet(s))
    C:\Ad-Report-CLEAN[2].txt - 03/10/2011 11:00:19 (3070 Octet(s))
    C:\Ad-Report-CLEAN[3].txt - 25/02/2012 19:46:03 (8125 Octet(s))
    C:\Ad-Report-CLEAN[4].txt - 25/02/2012 19:52:30 (5393 Octet(s))
    C:\Ad-Report-SCAN[1].txt - 03/10/2011 10:47:45 (6839 Octet(s))
    C:\Ad-Report-SCAN[2].txt - 06/03/2012 19:38:15 (4270 Octet(s))
    C:\Ad-Report-SCAN[3].txt - 06/03/2012 20:45:43 (3702 Octet(s))

    Fin à: 20:46:52, 06/03/2012

    ============== E.O.F ==============

    a c 548 8 Sécurité
    7 Mars 2012 18:34:29

    Bonsoir,

    Merci de ne pas balancer des rapports sans rien d'autre dans un sujet qui n'est pas le tien.

    Crée un nouveau sujet si tu souhaites une prise en charge.
    16 Juillet 2012 17:15:09

    aider moi j'ai des enfants qui utilise ce pc, et je veux surtout pas qu'ils regardent ces images de porno qui arrive toute seule
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS