Actualité informatique
Test comparatif matériel informatique
Jeux vidéo
Astuces informatique
Vidéo
Télécharger
Services en ligne
Forum informatique
01Business

|-  SECURITE


|||-  

virus ukash

 

Peter07c
Ajouter une réponse
 

 
Page photos
 
     
Vider la liste des messages à citer
 
 Page :
1
Auteur
 Sujet :

virus ukash

Prévenir les modérateurs en cas d'abus 
petitelyly
petitelyly
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 28/10/2012 à 12:15:56  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonjour, je suis en train de faire analyser mon ordi par malwarebytes car j'ai le virus ukash, je poste le rapport ensuite et vous m'aidez?? merci :heink:

Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 28/10/2012 à 12:57:21  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut petitelyly


 Poste le rapport que l'on vérifie  ;)


 @++    :)

(Publicité)
petitelyly
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 28/10/2012 à 13:01:36  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 

 Malwarebytes Anti-Malware (Essai) 1.65.1.1000
 www.malwarebytes.org

 Version de la base de données: v2012.10.28.01

 Windows 7 Service Pack 1 x64 NTFS (Mode sans échec/Réseau)
 Internet Explorer 8.0.7601.17514
 petitelyly :: PETITELYLY-PC [administrateur]

 Protection: Désactivé

 28/10/2012 11:34:04
 mbam-log-2012-10-28 (11-34-04).txt

 Type d'examen: Examen complet (C:\|D:\|E:\|)
 Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
 Options d'examen désactivées: P2P
 Elément(s) analysé(s): 461929
 Temps écoulé: 1 heure(s), 13 minute(s), 3 seconde(s)

 Processus mémoire détecté(s): 0
 (Aucun élément nuisible détecté)

 Module(s) mémoire détecté(s): 0
 (Aucun élément nuisible détecté)

 Clé(s) du Registre détectée(s): 5
 HKCU\SOFTWARE\Microsoft\Window​s\CurrentVersion\Explorer\Brow​ser Helper Objects\{de4e75d3-60aa-4f02-a0​e4-c8a40576574c} (PUP.FCTPlugin) -> Aucune action effectuée.
 HKLM\SOFTWARE\Microsoft\Window​s\CurrentVersion\Explorer\Brow​ser Helper Objects\{de4e75d3-60aa-4f02-a0​e4-c8a40576574c} (PUP.FCTPlugin) -> Aucune action effectuée.
 HKCU\SOFTWARE\Microsoft\Window​s\CurrentVersion\Ext\Settings\​{de4e75d3-60aa-4f02-a0e4-c8a40​576574c} (PUP.FCTPlugin) -> Aucune action effectuée.
 HKCU\SOFTWARE\Microsoft\Window​s\CurrentVersion\Ext\Stats\{de​4e75d3-60aa-4f02-a0e4-c8a40576​574c} (PUP.FCTPlugin) -> Aucune action effectuée.
 HKLM\SOFTWARE\Google\Chrome\Ex​tensions\kincjchfokkeneeofpeef​omkikfkiedl (PUP.FCTPlugin) -> Aucune action effectuée.

 Valeur(s) du Registre détectée(s): 0
 (Aucun élément nuisible détecté)

 Elément(s) de données du Registre détecté(s): 0
 (Aucun élément nuisible détecté)

 Dossier(s) détecté(s): 1
 C:\Program Files (x86)\Object (PUP.FCTPlugin) -> Aucune action effectuée.

 Fichier(s) détecté(s): 9
 C:\Program Files (x86)\Object\status.txt (PUP.FCTPlugin) -> Aucune action effectuée.
 C:\Program Files (x86)\Object\config.ini (PUP.FCTPlugin) -> Aucune action effectuée.
 C:\Program Files (x86)\Object\enable.txt (PUP.FCTPlugin) -> Aucune action effectuée.
 C:\Program Files (x86)\Object\status2.txt (PUP.FCTPlugin) -> Aucune action effectuée.
 C:\Users\petitelyly\AppData\Lo​cal\Temp\wgsdgsdgdsgsd.exe (Trojan.Agent) -> Mis en quarantaine et supprimé avec succès.
 C:\Users\petitelyly\AppData\Lo​cal\Thinstall\Cache\Stubs\571a​67281e6483b6ea6eac3f3fb5e9d7b4​a82ce4\PaigeHarper.exe (Trojan.Backdoor) -> Mis en quarantaine et supprimé avec succès.
 C:\Users\petitelyly\Downloads\​setup.exe (Trojan.FakeVLC) -> Mis en quarantaine et supprimé avec succès.
 C:\ProgramData\lsass.exe (Trojan.Delf) -> Mis en quarantaine et supprimé avec succès.
 C:\Users\petitelyly\AppData\Ro​aming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.l​nk (Trojan.Ransom.Gen) -> Mis en quarantaine et supprimé avec succès.

 (fin)

Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 28/10/2012 à 14:07:37  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut petitelyly


 



C:\Program Files (x86)\Object\status.txt (PUP.FCTPlugin) -> Aucune action effectuée.
 C:\Program Files (x86)\Object\config.ini (PUP.FCTPlugin) -> Aucune action effectuée.



 Certaine case n'étais pas coché lors de la suppression des malware, refais un scan rapide et assure toi que toute les cases sont cochés lors de la suppression et poste le rapport.


 -----


 Télécharge AdwCleaner ( d'Xplode ) sur ton bureau.
 http://general-changelog-team. [...] adwcleaner

 Lance le, clique sur [Suppression] puis patiente le temps du scan.
 Une fois le scan fini, un rapport s'ouvrira, poste le contenu de ce rapport.
 Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt


 -----


 On va vérifier le PC :

 Télécharge OTL (de OldTimer) et enregistre-le sur ton Bureau.

 - Quitte les applications en cours afin de ne pas interrompre le scan.
 - Faire double clique sur OTL.exe présent sur le bureau pour lancer le programme
 Vista/Seven -- Faire un clique droit sur OTL.exe présent sur le bureau et choisir exécuter en tant qu'administrateur pour lancer le programme
 - Une fenêtre apparaît. Dans la section Rapport en haut de cette fenêtre, coche "Rapport standard". Fais de même avec "Tous les utilisateurs" à coté.
 - Coche également les cases à côté de "Recherche LOP" et "Recherche Purity".

 Ne modifie pas les autres paramètres !

 Copie la liste qui se trouve en gras ci-dessous, et colle-la dans la zone sous " Personnalisation "

 netsvcs
 msconfig
 safebootminimal
 safebootnetwork
 activex
 drivers32
 %SYSTEMDRIVE%\*.*
 %SYSTEMDRIVE%\*.exe
 %PROGRAMFILES%\*.*
 %PROGRAMFILES%\*.
 /md5start
 consrv.dll
 volsnap.sys
 hidserv.dll
 appmgmts.dll
 eventlog.dll
 winlogon.exe
 scecli.dll
 netlogon.dll
 cngaudit.dll
 sceclt.dll
 ntelogon.dll
 logevent.dll
 iaStor.sys
 nvstor.sys
 atapi.sys
 IdeChnDr.sys
 viasraid.sys
 AGP440.sys
 vaxscsi.sys
 nvatabus.sys
 viamraid.sys
 wininet.dll
 wininit.exe
 nvata.sys
 nvgts.sys
 iastorv.sys
 ViPrt.sys
 eNetHook.dll
 explorer.exe
 svchost.exe
 userinit.exe
 qmgr.dll
 ws2_32.dll
 proquota.exe
 imm32.dll
 kernel32.dll
 ndis.sys
 autochk.exe
 spoolsv.exe
 xmlprov.dll
 ntmssvc.dll
 mswsock.dll
 Beep.SYS
 ntfs.sys
 termsrv.dll
 sfcfiles.dll
 st3shark.sys
 winlogon.exe
 wininit.ini
 /md5stop
 HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Control\Session Manager\SubSystems /s
 SAVEMBR:0
 %systemroot%\*. /mp /s
 %systemroot%\system32\*.dll /lockedfiles
 %systemroot%\Tasks\*.job /lockedfiles
 %systemroot%\system32\drivers\​*.sys /lockedfiles
 %systemroot%\System32\config\*​.sav
 c:\$recycle.bin\*.* /s


 - Clique sur le bouton Analyse.
 - Une fois l'analyse terminée, deux fenêtres vont s'ouvrir dans le Bloc-notes : OTL.txt et Extras.txt. Ils se trouvent au même endroit que OTListIT2 (donc par défaut sur le Bureau).

 Utilise cjoint.com pour poster en lien tes rapports :
 http://cjoint.com/

 - Clique sur Parcourir pour aller chercher le rapport OTL.txt sur le bureau
 - Clique sur Ouvrir ensuite sur Créer le lien Cjoint

 - Fais un copier/coller du lien qui est devant Le lien a été créé: dans ta prochaine réponse.

 Après fais de même avec l'autre rapport Extras.txt


 @++   :)

petitelyly
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 28/10/2012 à 14:39:06  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Malwarebytes Anti-Malware (Essai) 1.65.1.1000
 www.malwarebytes.org

 Version de la base de données: v2012.10.28.01

 Windows 7 Service Pack 1 x64 NTFS
 Internet Explorer 8.0.7601.17514
 petitelyly :: PETITELYLY-PC [administrateur]

 Protection: Activé

 28/10/2012 14:10:34
 mbam-log-2012-10-28 (14-10-34).txt

 Type d'examen: Examen rapide
 Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
 Options d'examen désactivées: P2P
 Elément(s) analysé(s): 233704
 Temps écoulé: 10 minute(s), 8 seconde(s)

 Processus mémoire détecté(s): 0
 (Aucun élément nuisible détecté)

 Module(s) mémoire détecté(s): 0
 (Aucun élément nuisible détecté)

 Clé(s) du Registre détectée(s): 5
 HKCU\SOFTWARE\Microsoft\Window​s\CurrentVersion\Explorer\Brow​ser Helper Objects\{de4e75d3-60aa-4f02-a0​e4-c8a40576574c} (PUP.FCTPlugin) -> Mis en quarantaine et supprimé avec succès.
 HKLM\SOFTWARE\Microsoft\Window​s\CurrentVersion\Explorer\Brow​ser Helper Objects\{de4e75d3-60aa-4f02-a0​e4-c8a40576574c} (PUP.FCTPlugin) -> Mis en quarantaine et supprimé avec succès.
 HKCU\SOFTWARE\Microsoft\Window​s\CurrentVersion\Ext\Settings\​{de4e75d3-60aa-4f02-a0e4-c8a40​576574c} (PUP.FCTPlugin) -> Mis en quarantaine et supprimé avec succès.
 HKCU\SOFTWARE\Microsoft\Window​s\CurrentVersion\Ext\Stats\{de​4e75d3-60aa-4f02-a0e4-c8a40576​574c} (PUP.FCTPlugin) -> Mis en quarantaine et supprimé avec succès.
 HKLM\SOFTWARE\Google\Chrome\Ex​tensions\kincjchfokkeneeofpeef​omkikfkiedl (PUP.FCTPlugin) -> Mis en quarantaine et supprimé avec succès.

 Valeur(s) du Registre détectée(s): 0
 (Aucun élément nuisible détecté)

 Elément(s) de données du Registre détecté(s): 0
 (Aucun élément nuisible détecté)

 Dossier(s) détecté(s): 1
 C:\Program Files (x86)\Object (PUP.FCTPlugin) -> Mis en quarantaine et supprimé avec succès.

 Fichier(s) détecté(s): 4
 C:\Program Files (x86)\Object\status.txt (PUP.FCTPlugin) -> Mis en quarantaine et supprimé avec succès.
 C:\Program Files (x86)\Object\config.ini (PUP.FCTPlugin) -> Mis en quarantaine et supprimé avec succès.
 C:\Program Files (x86)\Object\enable.txt (PUP.FCTPlugin) -> Mis en quarantaine et supprimé avec succès.
 C:\Program Files (x86)\Object\status2.txt (PUP.FCTPlugin) -> Mis en quarantaine et supprimé avec succès.

 (fin)
 C'est le rapport après le scan rapide, je passe a la suite?

(Publicité)
petitelyly
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 28/10/2012 à 15:22:16  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
# AdwCleaner v2.005 - Rapport créé le 28/10/2012 à 15:12:46
 # Mis à jour le 14/10/2012 par Xplode
 # Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
 # Nom d'utilisateur : petitelyly - PETITELYLY-PC
 # Mode de démarrage : Normal
 # Exécuté depuis : C:\Users\petitelyly\AppData\Lo​cal\Microsoft\Windows\Temporar​y Internet Files\Content.IE5\KK5TWBIU\adw​cleaner[1].exe
 # Option [Suppression]


 ***** [Services] *****


 ***** [Fichiers / Dossiers] *****

 Dossier Supprimé : C:\Program Files (x86)\Ask.com
 Dossier Supprimé : C:\Program Files (x86)\Conduit
 Dossier Supprimé : C:\ProgramData\Ask
 Dossier Supprimé : C:\ProgramData\Babylon
 Dossier Supprimé : C:\Users\PETITE~1\AppData\Loca​l\Temp\AskSearch
 Dossier Supprimé : C:\Users\petitelyly\AppData\Lo​cal\Conduit
 Dossier Supprimé : C:\Users\petitelyly\AppData\Lo​cal\Google\Chrome\User Data\Default\Extensions\ehdmae​hkiiampolokajdcelladmnopgp
 Dossier Supprimé : C:\Users\petitelyly\AppData\Lo​calLow\AskToolbar
 Dossier Supprimé : C:\Users\petitelyly\AppData\Lo​calLow\BabylonToolbar
 Dossier Supprimé : C:\Users\petitelyly\AppData\Lo​calLow\Conduit
 Dossier Supprimé : C:\Users\petitelyly\AppData\Ro​aming\Babylon
 Dossier Supprimé : C:\Windows\Installer\{86D4B82A​-ABED-442A-BE86-96357B70F4FE}
 Fichier Supprimé : C:\ProgramData\Microsoft\Windo​ws\Start Menu\Programs\eBay.lnk

 ***** [Registre] *****

 Clé Supprimée : HKCU\Software\APN
 Clé Supprimée : HKCU\Software\AppDataLow\Softw​are\AskToolbar
 Clé Supprimée : HKCU\Software\AppDataLow\Softw​are\Conduit
 Clé Supprimée : HKCU\Software\AppDataLow\Softw​are\ConduitSearchScopes
 Clé Supprimée : HKCU\Software\AppDataLow\Softw​are\SmartBar
 Clé Supprimée : HKCU\Software\Ask.com
 Clé Supprimée : HKCU\Software\Conduit
 Clé Supprimée : HKCU\Software\Google\Chrome\Ex​tensions\ehdmaehkiiampolokajdc​elladmnopgp
 Clé Supprimée : HKCU\Software\Microsoft\Intern​et Explorer\Low Rights\ElevationPolicy\{A5AA24​EA-11B8-4113-95AE-9ED71DEAF12A​}
 Clé Supprimée : HKCU\Software\Microsoft\Intern​et Explorer\MenuExt\Rechercher sur le Web
 Clé Supprimée : HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Settings\​{2EECD738-5844-4A99-B4B6-146BF​802613B}
 Clé Supprimée : HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Settings\​{32099AAC-C132-4136-9E9A-4E364​A424E17}
 Clé Supprimée : HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Settings\​{98889811-442D-49DD-99D7-DC866​BE87DBC}
 Clé Supprimée : HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Settings\​{D4027C7F-154A-4066-A1AD-4243D​8127440}
 Clé Supprimée : HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Stats\{2E​ECD738-5844-4A99-B4B6-146BF802​613B}
 Clé Supprimée : HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Stats\{32​099AAC-C132-4136-9E9A-4E364A42​4E17}
 Clé Supprimée : HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Stats\{98​889811-442D-49DD-99D7-DC866BE8​7DBC}
 Clé Supprimée : HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Stats\{D4​027C7F-154A-4066-A1AD-4243D812​7440}
 Clé Supprimée : HKCU\Software\Microsoft\Intern​et Explorer\SearchScopes\{0ECDF79​6-C2DC-4D79-A620-CCE0C0A66CC9}
 Clé Supprimée : HKCU\Software\Microsoft\Intern​et Explorer\SearchScopes\{AD22EBA​F-0D18-4FC7-90CC-5EA0ABBE9EB8}
 Clé Supprimée : HKCU\Software\Microsoft\Intern​et Explorer\SearchScopes\{AFDBDDA​A-5D3F-42EE-B79C-185A7020515B}
 Clé Supprimée : HKLM\Software\APN
 Clé Supprimée : HKLM\Software\AskToolbar
 Clé Supprimée : HKLM\Software\Babylon
 Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{9​B0CB95C-933A-4B8C-B6D4-EDCD19A​43874}
 Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{B​DB69379-802F-4EAF-B541-F8DE92D​D98DB}
 Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\Ge​nericAskToolbar.DLL
 Clé Supprimée : HKLM\SOFTWARE\Classes\GenericA​skToolbar.ToolbarWnd
 Clé Supprimée : HKLM\SOFTWARE\Classes\GenericA​skToolbar.ToolbarWnd.1
 Clé Supprimée : HKLM\SOFTWARE\Classes\Installe​r\Features\A28B4D68DEBAA244EB6​86953B7074FEF
 Clé Supprimée : HKLM\SOFTWARE\Classes\Installe​r\Products\A28B4D68DEBAA244EB6​86953B7074FEF
 Clé Supprimée : HKLM\SOFTWARE\Classes\SearchBa​r.Client
 Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar.​CT3128284
 Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\​{2996F0E7-292B-4CAE-893F-47B8B​1C05B56}
 Clé Supprimée : HKLM\Software\Conduit
 Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Clas​ses\CLSID\{00000000-6E41-4FD3-​8538-502F5495E5FC}
 Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Clas​ses\CLSID\{D4027C7F-154A-4066-​A1AD-4243D8127440}
 Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Clas​ses\Interface\{6C434537-053E-4​86D-B62A-160059D9D456}
 Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Clas​ses\Interface\{91CF619A-4686-4​CA4-9232-3B2E6B63AA92}
 Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Clas​ses\Interface\{AC71B60E-94C9-4​EDE-BA46-E146747BB67E}
 Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Goog​le\Chrome\Extensions\ehdmaehki​iampolokajdcelladmnopgp
 Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Micr​osoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24​EA-11B8-4113-95AE-9ED71DEAF12A​}
 Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Micr​osoft\Internet Explorer\SearchScopes\{0633EE9​3-D776-472f-A0FF-E1416B8B2E3A}
 Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Micr​osoft\Internet Explorer\SearchScopes\{AFDBDDA​A-5D3F-42EE-B79C-185A7020515B}
 Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Micr​osoft\Windows\CurrentVersion\E​xplorer\Browser Helper Objects\{D4027C7F-154A-4066-A1​AD-4243D8127440}
 Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Micr​osoft\Windows\CurrentVersion\U​ninstall\{86D4B82A-ABED-442A-B​E86-96357B70F4FE}
 Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{3​2099AAC-C132-4136-9E9A-4E364A4​24E17}
 Clé Supprimée : HKLM\SOFTWARE\Classes\Interfac​e\{6C434537-053E-486D-B62A-160​059D9D456}
 Clé Supprimée : HKLM\SOFTWARE\Classes\Interfac​e\{91CF619A-4686-4CA4-9232-3B2​E6B63AA92}
 Clé Supprimée : HKLM\SOFTWARE\Classes\Interfac​e\{AC71B60E-94C9-4EDE-BA46-E14​6747BB67E}
 Clé Supprimée : HKLM\SOFTWARE\Microsoft\Intern​et Explorer\SearchScopes\{0633EE9​3-D776-472f-A0FF-E1416B8B2E3A}
 Clé Supprimée : HKLM\SOFTWARE\Microsoft\Window​s\CurrentVersion\Installer\Use​rData\S-1-5-18\Products\A28B4D​68DEBAA244EB686953B7074FEF
 Valeur Supprimée : HKCU\Software\Microsoft\Intern​et Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364​A424E17}]
 Valeur Supprimée : HKCU\Software\Microsoft\Intern​et Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D​8127440}]
 Valeur Supprimée : HKCU\Software\Microsoft\Intern​et Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-00132​0C79847}]
 Valeur Supprimée : HKCU\Software\Microsoft\Intern​et Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5​495E5FC}]
 Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Window​s\CurrentVersion\Run [ApnUpdater]
 Valeur Supprimée : HKLM\SOFTWARE\Wow6432Node\Micr​osoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D​8127440}]
 Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Intern​et Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364​A424E17}]

 ***** [Navigateurs] *****

 -\\ Internet Explorer v8.0.7601.17514

 [OK] Le registre ne contient aucune entrée illégitime.

 -\\ Google Chrome v [Impossible d'obtenir la version]

 Fichier : C:\Users\petitelyly\AppData\Lo​cal\Google\Chrome\User Data\Default\Preferences

 Supprimée [l.1] : icon_url ={"browser":{"window_placement​":{"bottom":758,"left":10,"max​imized":false,"right":1060,"to​p":10,"work_area_bottom":768,"​work_area_left":0,"work_area_r​ight":1284,"work_area_top":0}}​,"countryid_at_install":18002,​"default_search_provider":{"en​abled":true,"encodings":"UTF-8​","hxxp://www.google.com/favic​on.ico","id":"2","instant_url"​:"{google:baseURL}webhp?{googl​e:RLZ}sourceid=chrome-instant&​{google:instantFieldTrialGroup​Parameter}ie={inputEncoding}&i​on=1{searchTerms}&nord=1","key​word":"google.fr","name":"Goog​le","prepopulate_id":"1","sear​ch_url":"{google:baseURL}searc​h?{google:RLZ}{google:accepted​Suggestion}{google:originalQue​ryForSuggestion}{google:search​FieldtrialParameter}{google:in​stantFieldTrialGroupParameter}​sourceid=chrome&ie={inputEncod​ing}&q={searchTerms}","suggest​_url":"{google:baseSuggestURL}​search?{google:searchFieldtria​lParameter}{google:instantFiel​dTrialGroupParameter}client=ch​rome&hl={language}&q={searchTe​rms}"},"distribution":{"import​_search_engine":false,"make_ch​rome_default_for_user":true},"​dns_prefetching":{"host_referr​al_list":[2,["hxxp://ad.turn.co​m/",["hxxp://cdn.tur​n.com/",2.208657065706000​3]],["hxxp://adserver​.itsfogo.com/",["hxx​ps://adserver.itsfogo.com/​4;,0.8529914037622123]],[&​#034;hxxp://cti.w55c.net/"​;,["hxxp://d.p-td.com/�​34;,2.2086570657060003,"h​xxp://pixel.rubiconproject.com​/",2.2086570657060003,�​34;hxxp://tags.bluekai.com/�​34;,2.2086570657060003]],[​"hxxp://eurosportbet.loa2​4.com/",["hxxp://eur​osportbet.loa24.com/",0.6​462075945352532,"hxxp://w​ww.google-analytics.com/"​,0.9749421894631723]],[�​34;hxxp://fl01.ct2.comclick.co​m/",["hxxp://elstati​c.weborama.fr/",1.4577136​6336596,"hxxp://hstfr.tra​dedoubler.com/",2.5295730​49612,"hxxp://impfr.trade​doubler.com/",2.208657065​7060003,"hxxp://istatic.w​eborama.fr/",1.6695182127​439199,"hxxp://pmu3.solut​ion.weborama.fr/",1.45771​366336596]],["hxxp://​googleads.g.doubleclick.net/&#​034;,["hxxp://google.com/​",0.12048579226949033,�​34;hxxp://googleads.g.doublecl​ick.net/",0.1204857922694​9033,"hxxp://pagead2.goog​lesyndication.com/",1.967​5763465883882,"hxxps://go​ogleads.g.doubleclick.net/​4;,0.12048579226949033]],[​"hxxp://hstfr.tradedouble​r.com/",["hxxp://c61​7982.r82.cf0.rackcdn.com/"​;,2.2733802]],["hxxp:​//impfr.tradedoubler.com/"​;,["hxxp://hstfr.tradedou​bler.com/",1.513631803762​212,"hxxp://vht.tradedoub​ler.com/",1.5136318037622​12]],["hxxp://pixel.i​nvitemedia.com/",["h​xxp://pixel.rubiconproject.com​/",2.2086570657060003,�​34;hxxp://tap.rubiconproject.c​om/",2.2086570657060003]]​,["hxxp://s7.addthis.​com/",["hxxp://l.add​thiscdn.com/",1.510422549​8215338]],["hxxp://ta​p2-cdn.rubiconproject.com/​4;,["hxxp://pixel.quantse​rve.com/",0.8532644164276​911]],["hxxp://tools.​google.com/",["hxxp:​//fonts.googleapis.com/",​2.4575561048895462,"hxxp:​//themes.googleusercontent.com​/",2.4575561048895462,�​34;hxxp://tools.google.com/�​34;,3.7046741282663302,"h​xxp://www.google-analytics.com​/",2.4575561048895462,�​34;hxxp://www.google.com/"​;,3.0811151165779385]],[&#​034;hxxp://www.eurosport.fr/&#​034;,["hxxp://akamai.smar​tadserver.com/",2.2733802​,"hxxp://content.yieldman​ager.edgesuite.net/",2.27​33802,"hxxp://cstatic.web​orama.fr/",3.264340799999​9994,"hxxp://openad.tf1.f​r/",4.585621599999999,�​34;hxxp://optimized-by.rubicon​project.com/",3.264340799​9999994,"hxxp://ping.char​tbeat.net/",2.2733802,�​34;hxxp://s7.addthis.com/"​;,2.2733802,"hxxp://stati​c.chartbeat.com/",2.27338​02,"hxxp://tap2-cdn.rubic​onproject.com/",2.9340205​999999998,"hxxp://weboram​a02.adsafe.fr/",2.9340205​999999998]],["hxxp://​www.google.com/",["h​xxp://www.google.fr/",1.4​768250359221144]],["h​xxp://www.google.fr/",[&#​034;hxxp://id.google.fr/"​,0.63709817936306,"hxxp:/​/news.google.fr/",0.69799​11400910261,"hxxp://ssl.g​static.com/",0.8655763422​060172,"hxxp://www.google​.fr/",6.8217873343279205]​],["hxxps://www.faceb​ook.com/",["hxxps://​fbcdn-profile-a.akamaihd.net/&​#034;,8.27817478115329,"h​xxps://s-static.ak.facebook.co​m/",9.493935382358366]]],​"startup_list":[1,&#​034;hxxp://connect.facebook.ne​t/","hxxp://id.googl​e.fr/","hxxp://layou​t.eurosport.com/","h​xxp://layout.eurosport.fr/​4;,"hxxp://news.google.fr​/","hxxp://openad.tf​1.fr/","hxxp://ssl.g​static.com/","hxxp:/​/www.eurosport.fr/","​;hxxp://www.google.com/",​"hxxp://www.google.fr/�​34;]},"download":{&#​034;directory_upgra​de":t​rue},"extensions":{&​#034;autou​pdate":{"​last_check":"1296135​9​800046125","next_c​heck":"12961​3771116​37237"},"blacklistup​dat​e":{"lastpingday​":"12961321195​32612​5","version":&#​034;0.0.0.5"},"​chro​me_url_overrides":{"​bookma​rks":["chrome​-extension://eemcgdkfndhakfkno​mpkggombfjjjeno/main.html"​;]},"settings":{​4;hpibmhghjndidee​bpackbdlpncg​kcppp":{"blacklist​&​#034;:true},"lncjcfkpannm​ofmpgdfoo​nkniofdnaba":{&​#034;blacklist":true​},&#​034;ehdmaehkiiampolokajdcellad​m​nopgp":{"ack_exter​nal":true}}}​,"homep​age":"hxxp://search.​con​duit.com/?ctid=CT3128284&Searc​hSource=48","homepage_is_newta​bpage":false,"ntp":{"pref_vers​ion":3,"promo_build":0,"promo_​closed":false,"promo_end":1299​830340.0,"promo_group":70,"pro​mo_group_max":0,"promo_group_t​imeslice":0,"promo_line":"Vous utilisez Chrome sur un autre ordinateur\u00A0? Emportez vos favoris et bien plus encore.","promo_resource_cache​_update":"1316885751.171554","​promo_start":1299830280.0},"pl​ugins":{"enabled_internal_pdf3​":true,"enabled_nacl":true,"la​st_internal_directory":"C:\\Us​ers\\petitelyly\\AppData\\Loca​l\\Google\\Chrome\\Application​\\14.0.835.186","plugins_list"​:[{"enabled":true,​4;name":"Shockwave Flash","path":"C:\\Users\\petitelyly\\AppData\\Local\\Google\\Chrome\\Application\\14.0.835.186\\gcswf32.dll","version":"10,3,183,10"},{"enabled":true,"name":"QuickTime Plug-in 7.2","path":"C:\\Program Files (x86)\\QuickTime\\plugins\\npqtplugin.dll","version":"7.2"},{"enabled":true,"name":"QuickTime Plug-in 7.2","path":"C:\\Program Files (x86)\\QuickTime\\plugins\\npqtplugin2.dll","version":"7.2"},{"enabled":true,"name":"QuickTime Plug-in 7.2","path":"C:\\Program Files (x86)\\QuickTime\\plugins\\npqtplugin3.dll","version":"7.2"},{"enabled":true,"name":"QuickTime Plug-in 7.2","path":"C:\\Program Files (x86)\\QuickTime\\plugins\\npqtplugin4.dll","version":"7.2"},{"enabled":true,"name":"QuickTime Plug-in 7.2","path":"C:\\Program Files (x86)\\QuickTime\\plugins\\npqtplugin5.dll","version":"7.2"},{"enabled":true,"name":"QuickTime Plug-in 7.2","path":"C:\\Program Files (x86)\\QuickTime\\plugins\\npqtplugin6.dll","version":"7.2"},{"enabled":true,"name":"QuickTime Plug-in 7.2","path":"C:\\Program Files (x86)\\QuickTime\\plugins\\npqtplugin7.dll","version":"7.2"},{"enabled":true,"name":"Java Deployment Toolkit 6.0.260.3","path":"C:\\Program Files (x86)\\Java\\jre6\\bin\\new_plugin\\npdeployJava1.dll","version":"6.0.260.3"},{"enabled":true,"name":"Java(TM) Platform SE 6 U26","path":"C:\\Program Files (x86)\\Java\\jre6\\bin\\new_plugin\\npjp2.dll","version":"6.0.260.3"},{"enabled":false,"name":"Adobe Acrobat","path":"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\Browser\\nppdf32.dll","version":"9.4.5.236"},{"enabled":true,"name":"Silverlight Plug-In","path":"c:\\Program Files (x86)\\Microsoft Silverlight\\4.0.60531.0\\npctrl.dll","version":"4.0.60531.0"},{"enabled":true,"name":"Shockwave for Director","path":"C:\\Windows\\SysWOW64\\Adobe\\Director\\np32dsw.dll","version":"11.5r595"},{"enabled":true,"name":"Remoting Viewer","path":"internal-remoting-viewer","version":""},{"enabled":true,"name":"Native Client","path":"C:\\Users\\petitelyly\\AppData\\Local\\Google\\Chrome\\Application\\14.0.835.186\\ppGoogleNaClPluginChrome.dll","version":""},{"enabled":true,"name":"Chrome PDF Viewer","path":"C:\\Users\\petitelyly\\AppData\\Local\\Google\\Chrome\\Application\\14.0.835.186\\pdf.dll","version":""},{"enabled":true,"name":"WildTangent Games App Presence Detector","path":"C:\\Program Files (x86)\\WildTangent Games\\App\\BrowserIntegration\\Registered\\1\\NP_wtapp.dll","version":"4.0.5.4"},{"enabled":true,"name":"Google Update","path":"C:\\Users\\petitelyly\\AppData\\Local\\Google\\Update\\1.3.21.69\\npGoogleUpdate3.dll","version":"1.3.21.69"},{"enabled":true,"name":"Default Plug-in","path":"default_plugin","version":"1"},{"enabled":true,"name":"Flash"},{"enabled":true,"name":"QuickTime"},{"enabled":true,"name":"Java"},{"enabled":false,"name":"Adobe Acrobat"},{"enabled":true,"name":"Silverlight"},{"enabled":true,"name":"Shockwave"},{"enabled":true,"name":"Remoting Viewer"},{"enabled":true,"name":"Native Client"},{"enabled":true,"name":"Chrome PDF Viewer"},{"enabled":true,"name":"WildTangent Games App Presence Detector"},{"enabled":true,"name":"Google Update"},{"enabled":true,"name":"Default Plug-in"}]},"profile":{"content_settings​":{"pref_version":1},"exited_c​leanly":true},"tabs":{"use_com​pact_navigation_bar":false,"us​e_vertical_tabs":false},"sessi​on":{"restore_on_startup":4,"u​rls_to_restore_on_startup":["hxxp://search.conduit.co​m/?ctid=CT3128284&SearchSource=48"]}}

 *************************

 AdwCleaner[R1].txt - [16368 octets] - [28/10/2012 15:12:07]
 AdwCleaner[S1].txt - [15928 octets] - [28/10/2012 15:12:46]

 ########## EOF - C:\AdwCleaner[S1].txt - [15989 octets] ##########
 rapport adwcleaner

Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 28/10/2012 à 15:43:58  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut petitelyly


 Il y avais beaucoup de monde  :ouch:  


 Faire attention quant tu installes un logiciel gratuit quelque soit le site(toujours recommandé le site de l'auteur du logiciel), bien lire chaque pages du programme d'installation(ne pas cliquer suivant/suivant/suivant/etc... sans lire), souvent est proposé des programmes inutiles(souvent des toolbars et adware), toujours une case à décocher lors de l'installation. De bonne lecture que je t'invite à lire :

 http://www.libellules.ch/opt_out.php
 http://forum.malekal.com/les-t [...] t6173.html

 Bon j'attends les deux dernier rapports (OTL.txt et Extras.txt)...


 @++    :)

petitelyly
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 28/10/2012 à 18:57:52  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 

 OTL logfile created on: 28/10/2012 15:28:28 - Run 1
 OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\petitelyly\Desktop
 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
 Internet Explorer (Version = 8.0.7601.17514)
 Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
 2,93 Gb Total Physical Memory | 1,70 Gb Available Physical Memory | 58,00% Memory free
 5,86 Gb Paging File | 4,32 Gb Available in Paging File | 73,61% Paging File free
 Paging file location(s): ?:\pagefile.sys [binary data]
 
 %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
 Drive C: | 285,19 Gb Total Space | 144,36 Gb Free Space | 50,62% Space Free | Partition Type: NTFS
 Drive D: | 12,71 Gb Total Space | 2,12 Gb Free Space | 16,69% Space Free | Partition Type: NTFS
 
 Computer Name: PETITELYLY-PC | User Name: petitelyly | Logged in as Administrator.
 Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
 Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
 ========== Processes (SafeList) ==========
 
 PRC - [2012/10/28 15:25:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\petitelyly\Desktop\OT​L.exe
 PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
 PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
 PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
 PRC - [2012/07/24 10:13:24 | 001,511,424 | ---- | M] (Orange) -- C:\Users\petitelyly\AppData\Ro​aming\Orange\OrangeInside\one\​OrangeInside.exe
 PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\H​PDrvMntSvc.exe
 PRC - [2010/11/04 09:10:44 | 000,634,368 | ---- | M] () -- C:\Program Files (x86)\Orange\MailNotifier\Mail​Notifier.exe
 PRC - [2010/04/01 10:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
 PRC - [2009/09/05 16:29:50 | 000,319,488 | ---- | M] (Orange) -- C:\Program Files (x86)\Orange\Media Player\Media Player.exe
 
 
 ========== Modules (No Company Name) ==========
 
 MOD - [2012/06/15 07:27:50 | 000,095,232 | ---- | M] () -- C:\Windows\assembly\NativeImag​es_v2.0.50727_32\MediaPlayer.I​nstall#\eab44695baabe63d24460a​c344d4a9a0\MediaPlayer.Install​er.ni.dll
 MOD - [2012/06/15 07:27:49 | 007,819,776 | ---- | M] () -- C:\Windows\assembly\NativeImag​es_v2.0.50727_32\MediaPlayer.A​pplica#\acd206b0c6a13c16699e60​2a6830b340\MediaPlayer.Applica​tionPlayer.ni.dll
 MOD - [2012/06/15 07:27:46 | 000,097,280 | ---- | M] () -- C:\Windows\assembly\NativeImag​es_v2.0.50727_32\MediaPlayer.D​ownloa#\7fd9dff48b8616e06609d6​9bdee39b0a\MediaPlayer.Downloa​dManager.ni.dll
 MOD - [2012/06/15 07:27:45 | 000,368,640 | ---- | M] () -- C:\Windows\assembly\NativeImag​es_v2.0.50727_32\MediaPlayer.M​ediaCo#\096de9a69d4962bed7334d​80b3f5d1ad\MediaPlayer.MediaCo​re.ni.dll
 MOD - [2012/06/15 07:27:45 | 000,112,128 | ---- | M] () -- C:\Windows\assembly\NativeImag​es_v2.0.50727_32\MediaPlayer.F​reeDB\01c193542f56fd55214db6bb​31561ab8\MediaPlayer.FreeDB.ni​.dll
 MOD - [2012/06/15 07:27:43 | 001,290,240 | ---- | M] () -- C:\Windows\assembly\NativeImag​es_v2.0.50727_32\MediaPlayer.A​pplica#\15e400b7cc5fd15c277fe3​d6f52121d0\MediaPlayer.Applica​tionCore.ni.dll
 MOD - [2012/06/15 07:27:42 | 001,505,280 | ---- | M] () -- C:\Windows\assembly\NativeImag​es_v2.0.50727_32\MediaPlayer.T​racksM#\609241d2a47045120b3aa6​e00fea28f7\MediaPlayer.TracksM​anager.ni.dll
 MOD - [2012/06/15 07:27:41 | 001,245,696 | ---- | M] () -- C:\Windows\assembly\NativeImag​es_v2.0.50727_32\MediaPlayer.R​esourc#\04a7153c9d3db27dc1413a​490b706a55\MediaPlayer.Resourc​es.ni.dll
 MOD - [2012/06/15 07:27:41 | 000,089,088 | ---- | M] () -- C:\Windows\assembly\NativeImag​es_v2.0.50727_32\MessageBoxExL​ib\d787a471c0fff1c648e830d0eb8​f5fee\MessageBoxExLib.ni.dll
 MOD - [2012/06/15 07:27:41 | 000,048,128 | ---- | M] () -- C:\Windows\assembly\NativeImag​es_v2.0.50727_32\MediaPlayer.S​ubtitl#\a422d9818eb580bd29c8b7​cd4c08af9d\MediaPlayer.Subtitl​esManager.ni.dll
 MOD - [2012/06/15 07:27:40 | 001,004,032 | ---- | M] () -- C:\Windows\assembly\NativeImag​es_v2.0.50727_32\MediaPlayer.U​tils\af3e52ec2d1888b8759246fb0​0609e70\MediaPlayer.Utils.ni.d​ll
 MOD - [2012/06/15 07:27:39 | 000,910,848 | ---- | M] () -- C:\Windows\assembly\NativeImag​es_v2.0.50727_32\MediaPlayer.C​oreUI\fe5a3b61f5c847f1d5f5b295​ef1d6866\MediaPlayer.CoreUI.ni​.dll
 MOD - [2012/06/15 07:27:38 | 000,203,776 | ---- | M] () -- C:\Windows\assembly\NativeImag​es_v2.0.50727_32\MediaPlayer.T​oaster\b9247a6e0e3be28bfb2e3c7​62634e78b\MediaPlayer.Toaster.​ni.dll
 MOD - [2012/06/15 07:27:37 | 000,022,528 | ---- | M] () -- C:\Windows\assembly\NativeImag​es_v2.0.50727_32\Media Player\3e0c2452ba83d0ab9e4b40d​0a19c03b2\Media Player.ni.exe
 MOD - [2012/06/15 07:27:22 | 000,155,136 | ---- | M] () -- C:\Windows\assembly\NativeImag​es_v2.0.50727_32\AxInterop.WMP​Lib\06d5c669394dcc57935d4d8f29​ef15e9\AxInterop.WMPLib.ni.dll
 MOD - [2012/06/15 06:40:23 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImag​es_v2.0.50727_32\System.Web\a5​01b7960f6c6e2e39162b83f3303aaa​\System.Web.ni.dll
 MOD - [2012/06/15 06:39:50 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImag​es_v2.0.50727_32\System.Window​s.Forms\7b7fbe651c6e72f12099a2​98654c9594\System.Windows.Form​s.ni.dll
 MOD - [2012/06/15 01:00:58 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImag​es_v2.0.50727_32\PresentationF​ramewo#\e717a230496832656b05b5​15eb9f3bc5\PresentationFramewo​rk.ni.dll
 MOD - [2012/06/15 01:00:31 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImag​es_v2.0.50727_32\System.Drawin​g\6bb439b3f87736d3248ae27d43e2​c0d6\System.Drawing.ni.dll
 MOD - [2012/06/15 01:00:20 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImag​es_v2.0.50727_32\PresentationC​ore\14a87218ea49639f38097e278b​98a3da\PresentationCore.ni.dll
 MOD - [2012/05/14 10:25:36 | 000,083,968 | ---- | M] () -- C:\Program Files (x86)\Free Download Manager\fdmumsp.dll
 MOD - [2012/05/12 10:36:50 | 000,023,040 | ---- | M] () -- C:\Windows\assembly\NativeImag​es_v2.0.50727_32\MediaPlayer.V​iivMan#\4289ae4f9aa89034f9dfdf​befd952ca8\MediaPlayer.ViivMan​ager.ni.dll
 MOD - [2012/05/12 10:36:36 | 000,015,360 | ---- | M] () -- C:\Windows\assembly\NativeImag​es_v2.0.50727_32\MediaPlayer.A​ssembl#\7ba7aa397ac5382e411a75​dd4264f3a4\MediaPlayer.Assembl​yLoader.ni.dll
 MOD - [2012/05/12 10:36:35 | 000,083,968 | ---- | M] () -- C:\Windows\assembly\NativeImag​es_v2.0.50727_32\MediaPlayer.D​evices#\1e0b3db924cb7a13ddf860​23ad1b3529\MediaPlayer.Devices​ManagementInterface.ni.dll
 MOD - [2012/05/12 10:36:33 | 000,055,296 | ---- | M] () -- C:\Windows\assembly\NativeImag​es_v2.0.50727_32\MediaPlayer.E​ventSc#\901035f1b01a7374777018​164dafad47\MediaPlayer.EventSc​heduler.ni.dll
 MOD - [2012/05/12 10:36:28 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImag​es_v2.0.50727_32\System.Manage​ment\9b2f17fb61b7197f2a04108f5​d1a1cc6\System.Management.ni.d​ll
 MOD - [2012/05/12 10:36:27 | 000,062,464 | ---- | M] () -- C:\Windows\assembly\NativeImag​es_v2.0.50727_32\Interop.Scrip​ting\c899c64a81d28c8b3c03d79eb​f06f410\Interop.Scripting.ni.d​ll
 MOD - [2012/05/12 10:36:27 | 000,043,520 | ---- | M] () -- C:\Windows\assembly\NativeImag​es_v2.0.50727_32\MediaPlayer.E​xcepti#\05d09af9f7545a81102f18​4d66b4240a\MediaPlayer.Excepti​onManager.ni.dll
 MOD - [2012/05/12 10:36:21 | 000,030,208 | ---- | M] () -- C:\Windows\assembly\NativeImag​es_v2.0.50727_32\Interop.DrmCo​ntentM#\9187b624c7dc2baed8b2c9​7d12e2589e\Interop.DrmContentM​anager.ni.dll
 MOD - [2012/05/12 10:36:21 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\NativeImag​es_v2.0.50727_32\Interop.Intel​DHLib\72021613089c9ce1fcb6a660​45d9f089\Interop.IntelDHLib.ni​.dll
 MOD - [2012/05/12 10:36:21 | 000,015,360 | ---- | M] () -- C:\Windows\assembly\NativeImag​es_v2.0.50727_32\Interop.MSNET​OBJLib\8bb0e36c89f809221bcf2b2​aadc9d64a\Interop.MSNETOBJLib.​ni.dll
 MOD - [2012/05/12 10:36:20 | 000,032,256 | ---- | M] () -- C:\Windows\assembly\NativeImag​es_v2.0.50727_32\Interop.CMMSL​ib\3e47fac640aed3883e0b4b0987b​82f45\Interop.CMMSLib.ni.dll
 MOD - [2012/05/12 10:36:20 | 000,018,432 | ---- | M] () -- C:\Windows\assembly\NativeImag​es_v2.0.50727_32\Interop.DrmBu​rning\2b79ff79c168ad914a7a12b1​ec2ed4ec\Interop.DrmBurning.ni​.dll
 MOD - [2012/05/12 10:36:19 | 000,026,112 | ---- | M] () -- C:\Windows\assembly\NativeImag​es_v2.0.50727_32\Interop.Choru​sWav2M#\30ae3152db2ccd4ac9390c​f5026aa4fd\Interop.ChorusWav2M​p3.ni.dll
 MOD - [2012/05/12 10:36:19 | 000,023,040 | ---- | M] () -- C:\Windows\assembly\NativeImag​es_v2.0.50727_32\Interop.Choru​sWav2W#\ef9b0f8c38bd0cac544e4a​019fbb89fc\Interop.ChorusWav2W​ma.ni.dll
 MOD - [2012/05/12 10:36:05 | 000,808,960 | ---- | M] () -- C:\Windows\assembly\NativeImag​es_v2.0.50727_32\Interop.WMPLi​b\28ba6433cd2789fbdc9a05699816​104a\Interop.WMPLib.ni.dll
 MOD - [2012/05/12 05:32:10 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImag​es_v2.0.50727_32\PresentationF​ramewo#\8e56489276063ededde74e​597a121df3\PresentationFramewo​rk.Aero.ni.dll
 MOD - [2012/05/12 05:30:55 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImag​es_v2.0.50727_32\System.Runtim​e.Remo#\03dee80574f4ec770b6f77​ca030ded6c\System.Runtime.Remo​ting.ni.dll
 MOD - [2012/05/12 05:30:52 | 006,610,944 | ---- | M] () -- C:\Windows\assembly\NativeImag​es_v2.0.50727_32\System.Data\e​eaa41950485f16229afc7b409c073c​d\System.Data.ni.dll
 MOD - [2012/05/12 05:29:31 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImag​es_v2.0.50727_32\UIAutomationT​ypes\d8af9a65cf0ed85d47360796e​2645a06\UIAutomationTypes.ni.d​ll
 MOD - [2012/05/12 05:29:13 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImag​es_v2.0.50727_32\WindowsBase\4​6fce56db7685a586d3eeb7c373e3c1​c\WindowsBase.ni.dll
 MOD - [2012/05/12 05:28:47 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImag​es_v2.0.50727_32\System.Xml\ba​3d70b651454c7d49b407b93663bfed​\System.Xml.ni.dll
 MOD - [2012/05/12 05:28:41 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImag​es_v2.0.50727_32\System.Config​uration\cfa9c506bfb9254c89dace​7b83bc9f9d\System.Configuratio​n.ni.dll
 MOD - [2012/05/12 05:28:39 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImag​es_v2.0.50727_32\System\ce9ff6​baf9053ed2ed673d948179195c\Sys​tem.ni.dll
 MOD - [2012/05/12 05:28:25 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImag​es_v2.0.50727_32\mscorlib\acfc​1391e45fedd2a359778ea57d914c\m​scorlib.ni.dll
 MOD - [2012/01/20 21:38:59 | 000,036,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\H​P.ActiveSupportLibrary\2.0.0.1​__01a974bc1760f423\HP.ActiveSu​pportLibrary.dll
 MOD - [2010/11/13 01:54:34 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\m​scorlib.resources\2.0.0.0_fr_b​77a5c561934e089\mscorlib.resou​rces.dll
 MOD - [2010/11/05 03:00:03 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\S​ystem.resources\2.0.0.0_fr_b77​a5c561934e089\System.resources​.dll
 MOD - [2010/11/05 02:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\Sys​tem.Data\2.0.0.0__b77a5c561934​e089\System.Data.dll
 MOD - [2010/11/04 09:10:52 | 000,337,408 | ---- | M] () -- C:\Program Files (x86)\Orange\MailNotifier\QtXm​l4.dll
 MOD - [2010/11/04 09:10:50 | 000,875,520 | ---- | M] () -- C:\Program Files (x86)\Orange\MailNotifier\QtNe​twork4.dll
 MOD - [2010/11/04 09:10:48 | 007,390,720 | ---- | M] () -- C:\Program Files (x86)\Orange\MailNotifier\QtGu​i4.dll
 MOD - [2010/11/04 09:10:46 | 002,012,160 | ---- | M] () -- C:\Program Files (x86)\Orange\MailNotifier\QtCo​re4.dll
 MOD - [2010/11/04 09:10:46 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\Orange\MailNotifier\phon​on4.dll
 MOD - [2010/11/04 09:10:46 | 000,182,784 | ---- | M] () -- C:\Program Files (x86)\Orange\MailNotifier\Prox​yDetection.dll
 MOD - [2010/11/04 09:10:46 | 000,177,664 | ---- | M] () -- C:\Program Files (x86)\Orange\MailNotifier\phon​on_backend\phonon_ds94.dll
 MOD - [2010/11/04 09:10:44 | 000,634,368 | ---- | M] () -- C:\Program Files (x86)\Orange\MailNotifier\Mail​Notifier.exe
 MOD - [2010/11/04 09:10:44 | 000,022,016 | ---- | M] () -- C:\Program Files (x86)\Orange\MailNotifier\imag​eformats\qgif4.dll
 MOD - [2009/11/09 22:48:15 | 000,245,760 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\P​resentationFramework.resources​\3.0.0.0_fr_31bf3856ad364e35\P​resentationFramework.resources​.dll
 MOD - [2009/09/29 15:25:46 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAle​rtsPillar.dll
 MOD - [2009/09/29 15:25:44 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibr​ary.dll
 MOD - [2009/09/29 15:25:38 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
 MOD - [2009/09/29 15:25:38 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
 MOD - [2009/09/29 15:25:38 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
 MOD - [2009/09/29 15:25:36 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
 MOD - [2009/09/29 15:25:28 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
 MOD - [2009/09/29 15:25:18 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.En​terpriseLibrary.ExceptionHandl​ing.Logging.dll
 MOD - [2009/08/20 12:35:48 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
 MOD - [2009/08/20 12:35:46 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
 MOD - [2009/08/20 12:35:46 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imag​eformats\qjpeg4.dll
 
 
 ========== Services (SafeList) ==========
 
 SRV:64bit: - [2010/06/01 19:51:24 | 000,035,416 | ---- | M] (Data Storage Group, Inc.) [Auto | Running] -- C:\Program Files\PACT Informatique\StorexProteK Scalable Business Server\Server\ArchiveIQSearch.​exe -- (ASESVC)
 SRV:64bit: - [2010/06/01 19:50:06 | 000,084,568 | ---- | M] (Data Storage Group, Inc.) [Auto | Stopped] -- C:\Program Files\PACT Informatique\StorexProteK Scalable Business Server\Server\ArchiveIQManager​.exe -- (AAMSVC)
 SRV:64bit: - [2010/06/01 19:46:16 | 000,105,048 | ---- | M] (Data Storage Group, Inc.) [Auto | Stopped] -- C:\Program Files\PACT Informatique\StorexProteK Scalable Business Server\Server\ArchiveIQViewSto​r.exe -- (AVSSVC)
 SRV:64bit: - [2010/03/23 13:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverSto​re\FileRepository\stwrt64.inf_​amd64_neutral_960c1f056a541068​\stacsv64.exe -- (STacSV)
 SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
 SRV:64bit: - [2009/03/02 17:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverSto​re\FileRepository\stwrt64.inf_​amd64_neutral_960c1f056a541068​\AESTSr64.exe -- (AESTFilters)
 SRV - [2012/10/28 11:55:26 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\F​lash\FlashPlayerUpdateService.​exe -- (AdobeFlashPlayerUpdateSvc)
 SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
 SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
 SRV - [2012/04/13 15:06:16 | 001,081,984 | ---- | M] (France Telecom SA) [Auto | Stopped] -- C:\Program Files (x86)\Orange\OrangeUpdate\Serv​ice\OUCore.exe -- (Orange update Core Service)
 SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
 SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\H​PDrvMntSvc.exe -- (HPDrvMntSvc.exe)
 SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
 SRV - [2010/03/23 13:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStor​e\FileRepository\stwrt64.inf_a​md64_neutral_960c1f056a541068\​STacSV64.exe -- (STacSV)
 SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Frame​work\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_3​2)
 SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Frame​work\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_3​2)
 SRV - [2009/03/02 17:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStor​e\FileRepository\stwrt64.inf_a​md64_neutral_960c1f056a541068\​AESTSr64.exe -- (AESTFilters)
 SRV - [2009/02/22 12:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
 
 
 ========== Driver Services (SafeList) ==========
 
 DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\m​bam.sys -- (MBAMProtector)
 DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\f​s_rec.sys -- (Fs_Rec)
 DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\a​mdsata.sys -- (amdsata)
 DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\a​mdxata.sys -- (amdxata)
 DRV:64bit: - [2011/02/11 22:23:34 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\n​pf.sys -- (npf)
 DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\H​pSAMD.sys -- (HpSAMD)
 DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\T​sUsbFlt.sys -- (TsUsbFlt)
 DRV:64bit: - [2010/11/20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s​dbus.sys -- (sdbus)
 DRV:64bit: - [2010/05/27 21:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\S​ynTP.sys -- (SynTP)
 DRV:64bit: - [2010/05/15 20:44:58 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\s​ptd.sys -- (sptd)
 DRV:64bit: - [2010/03/23 13:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\s​twrt64.sys -- (STHDA)
 DRV:64bit: - [2009/09/21 19:47:14 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\a​thrx.sys -- (athr)
 DRV:64bit: - [2009/09/02 18:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\R​tsUStor.sys -- (RSUSBSTOR)
 DRV:64bit: - [2009/08/27 17:07:06 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\i​gdkmd64.sys -- (igfx)
 DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\a​mdsbs.sys -- (amdsbs)
 DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\l​si_sas2.sys -- (LSI_SAS2)
 DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\s​texstor.sys -- (stexstor)
 DRV:64bit: - [2009/07/10 15:45:12 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\I​ntcHdmi.sys -- (IntcHdmiAddService)
 DRV:64bit: - [2009/06/10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\V​STDPV6.SYS -- (SrvHsfV92)
 DRV:64bit: - [2009/06/10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\V​STCNXT6.SYS -- (SrvHsfWinac)
 DRV:64bit: - [2009/06/10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\V​STAZL6.SYS -- (SrvHsfHDA)
 DRV:64bit: - [2009/06/10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\a​grsm64.sys -- (AgereSoftModem)
 DRV:64bit: - [2009/06/10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\y​k62x64.sys -- (yukonw7)
 DRV:64bit: - [2009/06/10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\n​etw5v64.sys -- (netw5v64)
 DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e​vbda.sys -- (ebdrv)
 DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b​xvbda.sys -- (b06bdrv)
 DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b​57nd60a.sys -- (b57nd60a)
 DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\h​cw85cir.sys -- (hcw85cir)
 DRV:64bit: - [2009/04/29 08:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\H​pqKbFiltr.sys -- (HpqKbFiltr)
 DRV:64bit: - [2009/03/01 22:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\R​t64win7.sys -- (RTL8167)
 DRV:64bit: - [2008/07/29 03:47:00 | 001,075,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\a​thrxusb.sys -- (athrusb)
 DRV:64bit: - [2008/04/04 13:48:30 | 000,031,744 | ---- | M] (OPTO ELECTRONICS CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\o​ptovcm.sys -- (optovcm)
 DRV:64bit: - [2008/04/04 13:48:30 | 000,022,656 | ---- | M] (OPTO ELECTRONICS CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\o​ptousb.sys -- (optousb)
 DRV - [2009/09/02 18:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\Rt​sUStor.sys -- (RSUSBSTOR)
 DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wi​mmount.sys -- (WIMMount)
 
 
 ========== Standard Registry (SafeList) ==========
 
 
 ========== Internet Explorer ==========
 
 IE:64bit: - HKLM\SOFTWARE\Microsoft\Intern​et Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQNOT/3
 IE:64bit: - HKLM\SOFTWARE\Microsoft\Intern​et Explorer\Main,Start Page = http://g.uk.msn.com/CQNOT/3
 IE:64bit: - HKLM\..\SearchScopes,DefaultSc​ope =
 IE:64bit: - HKLM\..\SearchScopes\{643A060B​-483E-4467-A290-19367CADB834}: "URL" = http://www.bing.com/search?q={ [...] -SearchBox
 IE:64bit: - HKLM\..\SearchScopes\{6A1806CD​-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q [...] urceid=ie7
 IE - HKLM\SOFTWARE\Microsoft\Intern​et Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQNOT/3
 IE - HKLM\SOFTWARE\Microsoft\Intern​et Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 IE - HKLM\SOFTWARE\Microsoft\Intern​et Explorer\Main,Start Page = http://g.uk.msn.com/CQNOT/3
 IE - HKLM\..\SearchScopes,DefaultSc​ope =
 IE - HKLM\..\SearchScopes\{643A060B​-483E-4467-A290-19367CADB834}: "URL" = http://www.bing.com/search?q={ [...] -SearchBox
 IE - HKLM\..\SearchScopes\{6A1806CD​-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q [...] urceid=ie7
 
 
 IE - HKU\.DEFAULT\..\SearchScopes,D​efaultScope =
 IE - HKU\.DEFAULT\Software\Microsof​t\Windows\CurrentVersion\Inter​net Settings: "ProxyEnable" = 0
 
 IE - HKU\S-1-5-18\..\SearchScopes,D​efaultScope =
 IE - HKU\S-1-5-18\Software\Microsof​t\Windows\CurrentVersion\Inter​net Settings: "ProxyEnable" = 0
 
 IE - HKU\S-1-5-19\..\SearchScopes,D​efaultScope =
 
 IE - HKU\S-1-5-20\..\SearchScopes,D​efaultScope =
 
 IE - HKU\S-1-5-21-517684841-1992110​198-3038868213-1001\SOFTWARE\M​icrosoft\Internet Explorer\Main,Default_Page_URL = http://r.orange.fr/r/Ohome_por [...] efaultpage
 IE - HKU\S-1-5-21-517684841-1992110​198-3038868213-1001\SOFTWARE\M​icrosoft\Internet Explorer\Main,Start Page = http://r.orange.fr/r/Ohome_por [...] ultPage_IE
 IE - HKU\S-1-5-21-517684841-1992110​198-3038868213-1001\SOFTWARE\M​icrosoft\Internet Explorer\Main,Start Page Redirect Cache = http://compaq-notebook.fr.msn.com/
 IE - HKU\S-1-5-21-517684841-1992110​198-3038868213-1001\SOFTWARE\M​icrosoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
 IE - HKU\S-1-5-21-517684841-1992110​198-3038868213-1001\SOFTWARE\M​icrosoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 91 15 2F 03 35 CC 01  [binary data]
 IE - HKU\S-1-5-21-517684841-1992110​198-3038868213-1001\..\URLSear​chHook: {8e5025c2-8ea3-430d-80b8-a1415​1068a6d} - No CLSID value found
 IE - HKU\S-1-5-21-517684841-1992110​198-3038868213-1001\..\SearchS​copes,DefaultScope = {814C76CB-2623-43F4-AAD0-58A0E​5190A20}
 IE - HKU\S-1-5-21-517684841-1992110​198-3038868213-1001\..\SearchS​copes\{643A060B-483E-4467-A290​-19367CADB834}: "URL" = http://www.bing.com/search?FOR [...] r:source?}
 IE - HKU\S-1-5-21-517684841-1992110​198-3038868213-1001\..\SearchS​copes\{6A1806CD-94D4-4689-BA73​-E35EA1EA9990}: "URL" = http://www.google.com/search?q [...] 1I7SUNC_fr
 IE - HKU\S-1-5-21-517684841-1992110​198-3038868213-1001\..\SearchS​copes\{814C76CB-2623-43F4-AAD0​-58A0E5190A20}: "URL" = http://r.orange.fr/r?ref=O_OI_ [...] archTerms}
 IE - HKU\S-1-5-21-517684841-1992110​198-3038868213-1001\..\SearchS​copes\{D4D2FDF4-29A5-478D-95B1​-86F85602AA65}: "URL" = http://websearch.ask.com/redir [...] EF0934097A
 IE - HKU\S-1-5-21-517684841-1992110​198-3038868213-1001\Software\M​icrosoft\Windows\CurrentVersio​n\Internet Settings: "ProxyEnable" = 0
 
 
 ========== FireFox ==========
 
 FF:64bit: - HKLM\Software\MozillaPlugins\@​microsoft.com/GENUINE: disabled File not found
 FF:64bit: - HKLM\Software\MozillaPlugins\@​Microsoft.com/NpCtrl,version=1​.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl​.dll ( Microsoft Corporation)
 FF - HKLM\Software\MozillaPlugins\@​adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Dire​ctor\np32dsw.dll (Adobe Systems, Inc.)
 FF - HKLM\Software\MozillaPlugins\@​java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\np​jp2.dll (Sun Microsystems, Inc.)
 FF - HKLM\Software\MozillaPlugins\@​microsoft.com/GENUINE: disabled File not found
 FF - HKLM\Software\MozillaPlugins\@​Microsoft.com/NpCtrl,version=1​.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl​.dll ( Microsoft Corporation)
 FF - HKLM\Software\MozillaPlugins\@​WildTangent.com/GamesAppPresen​ceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\R​egistered\1\NP_wtapp.dll ()
 FF - HKLM\Software\MozillaPlugins\A​dobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 [2012/09/19 21:27:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\petitelyly\AppData\Ro​aming\mozilla\Firefox\extensio​ns
 [2012/09/19 21:27:28 | 000,000,000 | ---D | M] (01NET.com) -- C:\Users\petitelyly\AppData\Ro​aming\mozilla\Firefox\extensio​ns\{8e5025c2-8ea3-430d-80b8-a1​4151068a6d}
 [2012/10/12 22:10:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
 
 ========== Chrome  ==========
 
 
 O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\e​tc\hosts
 O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C​1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
 O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF​1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
 O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b853​7e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
 O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-83778​50BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
 O3 - HKU\S-1-5-21-517684841-1992110​198-3038868213-1001\..\Toolbar​\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D​3229068} - No CLSID value found.
 O3 - HKU\S-1-5-21-517684841-1992110​198-3038868213-1001\..\Toolbar​\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-00902​7A5CD4F} - No CLSID value found.
 O3 - HKU\S-1-5-21-517684841-1992110​198-3038868213-1001\..\Toolbar​\WebBrowser: (no name) - {8E5025C2-8EA3-430D-80B8-A1415​1068A6D} - No CLSID value found.
 O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
 O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.​exe (Intel Corporation)
 O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.​exe (Intel Corporation)
 O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
 O4 - HKLM..\Run: []  File not found
 O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
 O4 - HKU\.DEFAULT..\Run: [OrangePlayer] C:\Program Files (x86)\Orange\Media Player\Media Player.exe (Orange)
 O4 - HKU\S-1-5-18..\Run: [OrangePlayer] C:\Program Files (x86)\Orange\Media Player\Media Player.exe (Orange)
 O4 - HKU\S-1-5-19..\Run: [OrangePlayer] C:\Program Files (x86)\Orange\Media Player\Media Player.exe (Orange)
 O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
 O4 - HKU\S-1-5-20..\Run: [OrangePlayer] C:\Program Files (x86)\Orange\Media Player\Media Player.exe (Orange)
 O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
 O4 - HKU\S-1-5-21-517684841-1992110​198-3038868213-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
 O4 - HKU\S-1-5-21-517684841-1992110​198-3038868213-1001..\Run: [Free Download Manager] C:\Program Files (x86)\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
 O4 - HKU\S-1-5-21-517684841-1992110​198-3038868213-1001..\Run: [MailNotifier] C:\Program Files (x86)\Orange\MailNotifier\Mail​Notifier.exe ()
 O4 - HKU\S-1-5-21-517684841-1992110​198-3038868213-1001..\Run: [OrangeInside] C:\Users\petitelyly\AppData\Ro​aming\Orange\OrangeInside\one\​OrangeInside.exe (Orange)
 O4 - HKU\S-1-5-21-517684841-1992110​198-3038868213-1001..\Run: [OrangePlayer] C:\Program Files (x86)\Orange\Media Player\Media Player.exe (Orange)
 O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.e​xe File not found
 O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.e​xe File not found
 O6 - HKLM\SOFTWARE\Microsoft\Window​s\CurrentVersion\policies\Expl​orer: NoActiveDesktop = 1
 O6 - HKLM\SOFTWARE\Microsoft\Window​s\CurrentVersion\policies\Expl​orer: NoActiveDesktopChanges = 1
 O6 - HKLM\SOFTWARE\Microsoft\Window​s\CurrentVersion\policies\Syst​em: ConsentPromptBehaviorAdmin = 0
 O6 - HKLM\SOFTWARE\Microsoft\Window​s\CurrentVersion\policies\Syst​em: ConsentPromptBehaviorUser = 3
 O6 - HKLM\SOFTWARE\Microsoft\Window​s\CurrentVersion\policies\Syst​em: EnableLUA = 0
 O6 - HKLM\SOFTWARE\Microsoft\Window​s\CurrentVersion\policies\Syst​em: PromptOnSecureDesktop = 0
 O6 - HKLM\SOFTWARE\Microsoft\Window​s\CurrentVersion\policies\Syst​em: HideFastUserSwitching = 0
 O7 - HKU\S-1-5-21-517684841-1992110​198-3038868213-1001\SOFTWARE\M​icrosoft\Windows\CurrentVersio​n\policies\System: DisableLockWorkstation = 0
 O7 - HKU\S-1-5-21-517684841-1992110​198-3038868213-1001\SOFTWARE\M​icrosoft\Windows\CurrentVersio​n\policies\System: DisableChangePassword = 0
 O8:64bit: - Extra context menu item: ajouter cette page à vos favoris Orange - C:\Users\petitelyly\AppData\Ro​aming\Orange\OrangeInside\src\​addfavorites_html\addfavorites​.html ()
 O8:64bit: - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files (x86)\Megaupload\Mega Manager\mm_file.htm ()
 O8:64bit: - Extra context menu item: envoyer le texte sélectionné par sms - C:\Users\petitelyly\AppData\Ro​aming\Orange\OrangeInside\src\​sendsmsselectedtext_html\sends​msselectedtext.html ()
 O8:64bit: - Extra context menu item: envoyer par sms - C:\Users\petitelyly\AppData\Ro​aming\Orange\OrangeInside\src\​sendsms_html\sendsms.html ()
 O8:64bit: - Extra context menu item: envoyer un mail - C:\Users\petitelyly\AppData\Ro​aming\Orange\OrangeInside\src\​sendmail_html\sendmail.html ()
 O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolba​rDynamic_mui_en_6CE5017F567343​CA.dll/cmsidewiki.html File not found
 O8:64bit: - Extra context menu item: orange.fr - C:\Users\petitelyly\AppData\Ro​aming\Orange\OrangeInside\src\​orange_html\orange.html ()
 O8:64bit: - Extra context menu item: rechercher le texte sélectionné - C:\Users\petitelyly\AppData\Ro​aming\Orange\OrangeInside\src\​selectedsearch_html\selectedse​arch.html ()
 O8:64bit: - Extra context menu item: Télécharger avec Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
 O8:64bit: - Extra context menu item: Télécharger la sélection avec Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
 O8:64bit: - Extra context menu item: Télécharger la vidéo avec Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
 O8:64bit: - Extra context menu item: Tout télécharger avec Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
 O8:64bit: - Extra context menu item: traduire la page - C:\Users\petitelyly\AppData\Ro​aming\Orange\OrangeInside\src\​translate_html\translate.html ()
 O8:64bit: - Extra context menu item: traduire le texte sélectionné - C:\Users\petitelyly\AppData\Ro​aming\Orange\OrangeInside\src\​translateSelectedText_html\tra​nslateSelectedText.html ()
 O8 - Extra context menu item: ajouter cette page à vos favoris Orange - C:\Users\petitelyly\AppData\Ro​aming\Orange\OrangeInside\src\​addfavorites_html\addfavorites​.html ()
 O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files (x86)\Megaupload\Mega Manager\mm_file.htm ()
 O8 - Extra context menu item: envoyer le texte sélectionné par sms - C:\Users\petitelyly\AppData\Ro​aming\Orange\OrangeInside\src\​sendsmsselectedtext_html\sends​msselectedtext.html ()
 O8 - Extra context menu item: envoyer par sms - C:\Users\petitelyly\AppData\Ro​aming\Orange\OrangeInside\src\​sendsms_html\sendsms.html ()
 O8 - Extra context menu item: envoyer un mail - C:\Users\petitelyly\AppData\Ro​aming\Orange\OrangeInside\src\​sendmail_html\sendmail.html ()
 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolba​rDynamic_mui_en_6CE5017F567343​CA.dll/cmsidewiki.html File not found
 O8 - Extra context menu item: orange.fr - C:\Users\petitelyly\AppData\Ro​aming\Orange\OrangeInside\src\​orange_html\orange.html ()
 O8 - Extra context menu item: rechercher le texte sélectionné - C:\Users\petitelyly\AppData\Ro​aming\Orange\OrangeInside\src\​selectedsearch_html\selectedse​arch.html ()
 O8 - Extra context menu item: Télécharger avec Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
 O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
 O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
 O8 - Extra context menu item: Tout télécharger avec Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
 O8 - Extra context menu item: traduire la page - C:\Users\petitelyly\AppData\Ro​aming\Orange\OrangeInside\src\​translate_html\translate.html ()
 O8 - Extra context menu item: traduire le texte sélectionné - C:\Users\petitelyly\AppData\Ro​aming\Orange\OrangeInside\src\​translateSelectedText_html\tra​nslateSelectedText.html ()
 O1364bit: - gopher Prefix: missing
 O13 - gopher Prefix: missing
 O15 - HKU\S-1-5-21-517684841-1992110​198-3038868213-1001\..Trusted Domains: consoclicker.com ([www] http in Sites de confiance)
 O15 - HKU\S-1-5-21-517684841-1992110​198-3038868213-1001\..Trusted Domains: orange.fr ([logicielsgratuits] http in Sites de confiance)
 O15 - HKU\S-1-5-21-517684841-1992110​198-3038868213-1001\..Trusted Domains: spigo.fr ([www] * in Sites de confiance)
 O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA​029102D} http://assets.photobox.com/ass [...] 0902075556 (PhotoboxPhotowaysUploader5 Control)
 O16 - DPF: {3A226D85-574D-4272-B73C-DBCAE​CF709B3} http://www.consoclicker.com/TNSClickrb.CAB (TNSClickerb.Clicker)
 O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD4​11D24C1} http://king.orange.fr/ctl/kingcomie.cab (king.com)
 O16 - DPF: {5D6F45B3-9043-443D-A792-11544​7494D24} http://messenger.zone.msn.com/ [...] E_UNO1.cab (UnoCtrl Class)
 O16 - DPF: {70A5EBDC-3EA6-464A-9FF7-084BC​150C417} http://www.consoclicker.com/TNSClickra.CAB (TNSClickera.Clicker)
 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805​F499D93} http://java.sun.com/update/1.6 [...] s-i586.cab (Java Plug-in 1.6.0_31)
 O16 - DPF: {C345E174-3E87-4F41-A01C-B066A​90A49B4} http://trial.trymicrosoftoffic [...] /wrc32.ocx (WRC Class)
 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46​475B072} http://messenger.zone.msn.com/ [...] b56907.cab (MessengerStatsClient Class)
 O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDE​FFEDCBA} http://java.sun.com/update/1.6 [...] s-i586.cab (Java Plug-in 1.6.0_31)
 O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDE​FFEDCBA} http://java.sun.com/update/1.6 [...] s-i586.cab (Java Plug-in 1.6.0_31)
 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-44455​3540000} http://fpdownload2.macromedia. [...] wflash.cab (Shockwave Flash Object)
 O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB1​6A1543A} http://pogofr.oberon-media.com [...] v10_fr.cab (PopCapLoader Object)
 O17 - HKLM\System\CCS\Services\Tcpip​\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
 O17 - HKLM\System\CCS\Services\Tcpip​\Parameters\Interfaces\{430377​B1-93A4-4692-93B0-B46DB0613398​}: DhcpNameServer = 192.168.1.1 192.168.1.1
 O17 - HKLM\System\CCS\Services\Tcpip​\Parameters\Interfaces\{967D47​E5-1888-431C-8BB8-C1145890AC15​}: DhcpNameServer = 192.168.1.254
 O18:64bit: - Protocol\Handler\livecall - No CLSID value found
 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
 O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
 O18:64bit: - Protocol\Handler\msnim - No CLSID value found
 O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
 O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D​022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\​OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
 O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.​exe) - C:\Windows\SysNative\userinit.​exe (Microsoft Corporation)
 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.e​xe (Microsoft Corporation)
 O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.e​xe (Microsoft Corporation)
 O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.d​ll (Intel Corporation)
 O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA0​05127ED} - No CLSID value found.
 O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA0​05127ED} - No CLSID value found.
 O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389E​A579090} - C:\Windows\SysWOW64\ezUPBHook.​dll (EasyBits Software Corp.)
 O32 - HKLM CDRom: AutoRun - 1
 O33 - MountPoints2\{8a4a61df-3494-11​e1-8904-c80aa901e33d}\Shell - "" = AutoRun
 O33 - MountPoints2\{8a4a61df-3494-11​e1-8904-c80aa901e33d}\Shell\Au​toRun\command - "" = G:\AutoLcd209x.exe
 O33 - MountPoints2\{ab603322-4490-11​df-8d79-c80aa901e33d}\Shell - "" = AutoRun
 O33 - MountPoints2\{ab603322-4490-11​df-8d79-c80aa901e33d}\Shell\Au​toRun\command - "" = G:\AutoLcd209x.exe
 O33 - MountPoints2\{f6e0ca1a-664a-11​df-be0b-c80aa901e33d}\Shell - "" = AutoRun
 O33 - MountPoints2\{f6e0ca1a-664a-11​df-be0b-c80aa901e33d}\Shell\Au​toRun\command - "" = G:\AutoLcd209x.exe
 O33 - MountPoints2\H\Shell - "" = AutoRun
 O33 - MountPoints2\H\Shell\AutoRun\c​ommand - "" = H:\AutoLcd209x.exe
 O34 - HKLM BootExecute: (autocheck autochk *)
 O35:64bit: - HKLM\..comfile [open] -- "%1" %*
 O35:64bit: - HKLM\..exefile [open] -- "%1" %*
 O35 - HKLM\..comfile [open] -- "%1" %*
 O35 - HKLM\..exefile [open] -- "%1" %*
 O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
 O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
 O37 - HKLM\...com [@ = comfile] -- "%1" %*
 O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDl​lInitialization,3)
 O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDll​Initialization,2)
 O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
 
 
 SafeBootMin:64bit: AppMgmt - Service
 SafeBootMin:64bit: Base - Driver Group
 SafeBootMin:64bit: Boot Bus Extender - Driver Group
 SafeBootMin:64bit: Boot file system - Driver Group
 SafeBootMin:64bit: File system - Driver Group
 SafeBootMin:64bit: Filter - Driver Group
 SafeBootMin:64bit: HelpSvc - Service
 SafeBootMin:64bit: PCI Configuration - Driver Group
 SafeBootMin:64bit: PNP Filter - Driver Group
 SafeBootMin:64bit: Primary disk - Driver Group
 SafeBootMin:64bit: sacsvr - Service
 SafeBootMin:64bit: SCSI Class - Driver Group
 SafeBootMin:64bit: System Bus Extender - Driver Group
 SafeBootMin:64bit: vmms - Service
 SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
 SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-44455​3540000} - Universal Serial Bus controllers
 SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002​BE10318} - CD-ROM Drive
 SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002​BE10318} - DiskDrive
 SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002​BE10318} - Standard floppy disk controller
 SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002​BE10318} - Hdc
 SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002​BE10318} - Keyboard
 SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002​BE10318} - Mouse
 SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002​BE10318} - PCMCIA Adapters
 SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002​BE10318} - SCSIAdapter
 SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002​BE10318} - System
 SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002​BE10318} - Floppy disk drive
 SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04​F79DEAF} - Volume shadow copy
 SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002​BE2092F} - IEEE 1394 Bus host controllers
 SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002​BE2092F} - Volume
 SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C​90F57DA} - Human Interface Devices
 SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04​FA372A7} - SBP2 IEEE 1394 Devices
 SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7​D41B0E6} - SecurityDevices
 SafeBootMin: AppMgmt - Service
 SafeBootMin: Base - Driver Group
 SafeBootMin: Boot Bus Extender - Driver Group
 SafeBootMin: Boot file system - Driver Group
 SafeBootMin: File system - Driver Group
 SafeBootMin: Filter - Driver Group
 SafeBootMin: HelpSvc - Service
 SafeBootMin: PCI Configuration - Driver Group
 SafeBootMin: PNP Filter - Driver Group
 SafeBootMin: Primary disk - Driver Group
 SafeBootMin: sacsvr - Service
 SafeBootMin: SCSI Class - Driver Group
 SafeBootMin: System Bus Extender - Driver Group
 SafeBootMin: vmms - Service
 SafeBootMin: {36FC9E60-C465-11CF-8056-44455​3540000} - Universal Serial Bus controllers
 SafeBootMin: {4D36E965-E325-11CE-BFC1-08002​BE10318} - CD-ROM Drive
 SafeBootMin: {4D36E967-E325-11CE-BFC1-08002​BE10318} - DiskDrive
 SafeBootMin: {4D36E969-E325-11CE-BFC1-08002​BE10318} - Standard floppy disk controller
 SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002​BE10318} - Hdc
 SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002​BE10318} - Keyboard
 SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002​BE10318} - Mouse
 SafeBootMin: {4D36E977-E325-11CE-BFC1-08002​BE10318} - PCMCIA Adapters
 SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002​BE10318} - SCSIAdapter
 SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002​BE10318} - System
 SafeBootMin: {4D36E980-E325-11CE-BFC1-08002​BE10318} - Floppy disk drive
 SafeBootMin: {533C5B84-EC70-11D2-9505-00C04​F79DEAF} - Volume shadow copy
 SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002​BE2092F} - IEEE 1394 Bus host controllers
 SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002​BE2092F} - Volume
 SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C​90F57DA} - Human Interface Devices
 SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04​FA372A7} - SBP2 IEEE 1394 Devices
 SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7​D41B0E6} - SecurityDevices
 
 SafeBootNet:64bit: AppMgmt - Service
 SafeBootNet:64bit: Base - Driver Group
 SafeBootNet:64bit: Boot Bus Extender - Driver Group
 SafeBootNet:64bit: Boot file system - Driver Group
 SafeBootNet:64bit: File system - Driver Group
 SafeBootNet:64bit: Filter - Driver Group
 SafeBootNet:64bit: HelpSvc - Service
 SafeBootNet:64bit: Messenger - Service
 SafeBootNet:64bit: NDIS Wrapper - Driver Group
 SafeBootNet:64bit: NetBIOSGroup - Driver Group
 SafeBootNet:64bit: NetDDEGroup - Driver Group
 SafeBootNet:64bit: Network - Driver Group
 SafeBootNet:64bit: NetworkProvider - Driver Group
 SafeBootNet:64bit: PCI Configuration - Driver Group
 SafeBootNet:64bit: PNP Filter - Driver Group
 SafeBootNet:64bit: PNP_TDI - Driver Group
 SafeBootNet:64bit: Primary disk - Driver Group
 SafeBootNet:64bit: rdsessmgr - Service
 SafeBootNet:64bit: sacsvr - Service
 SafeBootNet:64bit: SCSI Class - Driver Group
 SafeBootNet:64bit: Streams Drivers - Driver Group
 SafeBootNet:64bit: System Bus Extender - Driver Group
 SafeBootNet:64bit: TDI - Driver Group
 SafeBootNet:64bit: vmms - Service
 SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
 SafeBootNet:64bit: WudfUsbccidDriver - Driver
 SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-44455​3540000} - Universal Serial Bus controllers
 SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002​BE10318} - CD-ROM Drive
 SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002​BE10318} - DiskDrive
 SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002​BE10318} - Standard floppy disk controller
 SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002​BE10318} - Hdc
 SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002​BE10318} - Keyboard
 SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002​BE10318} - Mouse
 SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002​BE10318} - Net
 SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002​BE10318} - NetClient
 SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002​BE10318} - NetService
 SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002​BE10318} - NetTrans
 SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002​BE10318} - PCMCIA Adapters
 SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002​BE10318} - SCSIAdapter
 SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002​BE10318} - System
 SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002​BE10318} - Floppy disk drive
 SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F​805F530} - Smart card readers
 SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04​F79DEAF} - Volume shadow copy
 SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002​BE2092F} - IEEE 1394 Bus host controllers
 SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002​BE2092F} - Volume
 SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C​90F57DA} - Human Interface Devices
 SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04​FA372A7} - SBP2 IEEE 1394 Devices
 SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7​D41B0E6} - SecurityDevices
 SafeBootNet: AppMgmt - Service
 SafeBootNet: Base - Driver Group
 SafeBootNet: Boot Bus Extender - Driver Group
 SafeBootNet: Boot file system - Driver Group
 SafeBootNet: File system - Driver Group
 SafeBootNet: Filter - Driver Group
 SafeBootNet: HelpSvc - Service
 SafeBootNet: Messenger - Service
 SafeBootNet: NDIS Wrapper - Driver Group
 SafeBootNet: NetBIOSGroup - Driver Group
 SafeBootNet: NetDDEGroup - Driver Group
 SafeBootNet: Network - Driver Group
 SafeBootNet: NetworkProvider - Driver Group
 SafeBootNet: PCI Configuration - Driver Group
 SafeBootNet: PNP Filter - Driver Group
 SafeBootNet: PNP_TDI - Driver Group
 SafeBootNet: Primary disk - Driver Group
 SafeBootNet: rdsessmgr - Service
 SafeBootNet: sacsvr - Service
 SafeBootNet: SCSI Class - Driver Group
 SafeBootNet: Streams Drivers - Driver Group
 SafeBootNet: System Bus Extender - Driver Group
 SafeBootNet: TDI - Driver Group
 SafeBootNet: vmms - Service
 SafeBootNet: WudfUsbccidDriver - Driver
 SafeBootNet: {36FC9E60-C465-11CF-8056-44455​3540000} - Universal Serial Bus controllers
 SafeBootNet: {4D36E965-E325-11CE-BFC1-08002​BE10318} - CD-ROM Drive
 SafeBootNet: {4D36E967-E325-11CE-BFC1-08002​BE10318} - DiskDrive
 SafeBootNet: {4D36E969-E325-11CE-BFC1-08002​BE10318} - Standard floppy disk controller
 SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002​BE10318} - Hdc
 SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002​BE10318} - Keyboard
 SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002​BE10318} - Mouse
 SafeBootNet: {4D36E972-E325-11CE-BFC1-08002​BE10318} - Net
 SafeBootNet: {4D36E973-E325-11CE-BFC1-08002​BE10318} - NetClient
 SafeBootNet: {4D36E974-E325-11CE-BFC1-08002​BE10318} - NetService
 SafeBootNet: {4D36E975-E325-11CE-BFC1-08002​BE10318} - NetTrans
 SafeBootNet: {4D36E977-E325-11CE-BFC1-08002​BE10318} - PCMCIA Adapters
 SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002​BE10318} - SCSIAdapter
 SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002​BE10318} - System
 SafeBootNet: {4D36E980-E325-11CE-BFC1-08002​BE10318} - Floppy disk drive
 SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F​805F530} - Smart card readers
 SafeBootNet: {533C5B84-EC70-11D2-9505-00C04​F79DEAF} - Volume shadow copy
 SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002​BE2092F} - IEEE 1394 Bus host controllers
 SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002​BE2092F} - Volume
 SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C​90F57DA} - Human Interface Devices
 SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04​FA372A7} - SBP2 IEEE 1394 Devices
 SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7​D41B0E6} - SecurityDevices
 
 ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c​74c7e95} - Microsoft Windows Media Player 12.0
 ActiveX:64bit: {238591C0-AB01-43B1-8062-38D66​9A378E1} - Package Orange
 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508​C9228ED} - %SystemRoot%\system32\regsvr32​.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.​dll
 ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E​6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.e​xe -ClearIconCache
 ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f​8051515} - Offline Browsing Pack
 ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA0​0B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
 ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA0​0B6015F} - DirectDrawEx
 ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f​8051515} - Internet Explorer Help
 ActiveX:64bit: {4f645220-306d-11d2-995d-00c04​f98bbc9} - Microsoft Windows Script 5.6
 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04​f98bbc9} - Internet Explorer Setup Tools
 ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04​f98bbc9} - Browsing Enhancements
 ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04​F79FAA6} - Microsoft Windows Media Player
 ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04​f98bbc9} - MSN Site Access
 ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04​FA35D02} - Address Book 7
 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA0​05B4340} - regsvr32.exe /s /n /i:U shell32.dll
 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA0​05B4383} - C:\Windows\System32\ie4uinit.e​xe -BaseSettings
 ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476D​BF70820} - C:\Windows\system32\Rundll32.e​xe C:\Windows\system32\mscories.d​ll,Install
 ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA0​0B911A5} - Dynamic HTML Data Binding
 ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-44455​3540600} - Internet Explorer Core Fonts
 ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04​f98bbc9} - HTML Help
 ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F​87A369E} - Active Directory Service Interface
 ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B​63FC7B4} - .NET Framework
 ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A​6C9E703} - .NET Framework
 ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080​c74c7e95} - %SystemRoot%\system32\unregmp2​.exe /ShowWMP
 ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de46​0746276c} - C:\Windows\System32\ie4uinit.e​xe -UserIconConfig
 ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0​C90347FF} -
 ActiveX:64bit: >{8378279B-717C-471F-BCB4-50DC​EF70D913} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401​C608500} - Java (Sun)
 ActiveX: {10880D85-AAD9-4558-ABDC-2AB15​52D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.ex​e"
 ActiveX: {166B1BCA-3F9C-11CF-8075-44455​3540000} - Macromedia Shockwave Director 10.1
 ActiveX: {22d6f312-b0f6-11d0-94ab-0080c​74c7e95} - Microsoft Windows Media Player 12.0
 ActiveX: {2A202491-F00D-11cf-87CC-0020A​FEECF20} - Macromedia Shockwave Director 10.1
 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508​C9228ED} - %SystemRoot%\system32\regsvr32​.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.​dll
 ActiveX: {2D46B6DC-2207-486B-B523-A557E​6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.e​xe -ClearIconCache
 ActiveX: {3af36230-a269-11d1-b5bf-0000f​8051515} - Offline Browsing Pack
 ActiveX: {44BBA840-CC51-11CF-AAFA-00AA0​0B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
 ActiveX: {44BBA855-CC51-11CF-AAFA-00AA0​0B6015F} - DirectDrawEx
 ActiveX: {45ea75a0-a269-11d1-b5bf-0000f​8051515} - Internet Explorer Help
 ActiveX: {4f645220-306d-11d2-995d-00c04​f98bbc9} - Microsoft Windows Script 5.6
 ActiveX: {5fd399c0-a70a-11d1-9948-00c04​f98bbc9} - Internet Explorer Setup Tools
 ActiveX: {630b1da0-b465-11d1-9948-00c04​f98bbc9} - Browsing Enhancements
 ActiveX: {6BF52A52-394A-11d3-B153-00C04​F79FAA6} - Microsoft Windows Media Player
 ActiveX: {6fab99d0-bab8-11d1-994a-00c04​f98bbc9} - MSN Site Access
 ActiveX: {7790769C-0471-11d2-AF11-00C04​FA35D02} - Address Book 7
 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E​41B1089} - .NET Framework
 ActiveX: {89820200-ECBD-11cf-8B85-00AA0​05B4340} - regsvr32.exe /s /n /i:U shell32.dll
 ActiveX: {89820200-ECBD-11cf-8B85-00AA0​05B4383} - C:\Windows\SysWOW64\ie4uinit.e​xe -BaseSettings
 ActiveX: {89B4C1CD-B018-4511-B0A1-5476D​BF70820} - C:\Windows\SysWOW64\Rundll32.e​xe C:\Windows\SysWOW64\mscories.d​ll,Install
 ActiveX: {9381D8F2-0288-11D0-9501-00AA0​0B911A5} - Dynamic HTML Data Binding
 ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789​CFEFCDD} - .NET Framework
 ActiveX: {C9E9A340-D1F1-11D0-821E-44455​3540600} - Internet Explorer Core Fonts
 ActiveX: {D27CDB6E-AE6D-11CF-96B8-44455​3540000} - Adobe Flash Player
 ActiveX: {de5aed00-a4bf-11d1-9948-00c04​f98bbc9} - HTML Help
 ActiveX: {E92B03AB-B707-11d2-9CBD-0000F​87A369E} - Active Directory Service Interface
 ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B​63FC7B4} - .NET Framework
 ActiveX: >{22d6f312-b0f6-11d0-94ab-0080​c74c7e95} - %SystemRoot%\system32\unregmp2​.exe /ShowWMP
 ActiveX: >{26923b43-4d38-484f-9b9e-de46​0746276c} - C:\Windows\SysWOW64\ie4uinit.e​xe -UserIconConfig
 ActiveX: >{60B49E34-C7CC-11D0-8953-00A0​C90347FF} -
 
 Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.a​cm (Fraunhofer Institut Integrierte Schaltungen IIS)
 Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.a​cm (Fraunhofer Institut Integrierte Schaltungen IIS)
 Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.a​cm (Fraunhofer Institut Integrierte Schaltungen IIS)
 Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
 
 ========== Files/Folders - Created Within 30 Days ==========
 
 [2012/10/28 15:25:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\petitelyly\Desktop\OT​L.exe
 [2012/10/28 11:55:25 | 000,696,760 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlaye​rApp.exe
 [2012/10/28 11:55:25 | 000,073,656 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlaye​rCPLApp.cpl
 [2012/10/28 11:33:10 | 000,000,000 | ---D | C] -- C:\Users\petitelyly\AppData\Ro​aming\Malwarebytes
 [2012/10/28 11:33:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windo​ws\Start Menu\Programs\Malwarebytes' Anti-Malware
 [2012/10/28 11:33:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
 [2012/10/28 11:33:04 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\m​bam.sys
 [2012/10/28 11:33:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
 [2012/10/28 09:08:19 | 000,000,000 | ---D | C] -- C:\Users\petitelyly\AppData\Lo​cal\{ED8261A4-F38F-4D5A-8641-E​5C899E070D0}
 [2012/10/27 11:08:18 | 000,000,000 | ---D | C] -- C:\Users\petitelyly\AppData\Lo​cal\{64FBCA1F-EECB-45C1-A4DA-8​CAC859C4CE7}
 [2012/10/26 21:47:59 | 000,000,000 | ---D | C] -- C:\Users\petitelyly\AppData\Lo​cal\{64DB4742-0C48-404B-B4C0-4​E2CCC3E71F5}
 [2012/10/26 09:47:47 | 000,000,000 | ---D | C] -- C:\Users\petitelyly\AppData\Lo​cal\{E7AD774B-17D8-4DA5-B532-C​45DBEA5E7A7}
 [2012/10/25 09:47:01 | 000,000,000 | ---D | C] -- C:\Users\petitelyly\AppData\Lo​cal\{66BD82B5-E79E-4D8C-B890-D​8AA44D4E6C8}
 [2012/10/24 09:46:06 | 000,000,000 | ---D | C] -- C:\Users\petitelyly\AppData\Lo​cal\{BE22BC7D-904E-4671-AD68-F​3D423CCB503}
 [2012/10/23 21:45:27 | 000,000,000 | ---D | C] -- C:\Users\petitelyly\AppData\Lo​cal\{C7A9E7DA-191F-4430-AA53-6​5DD9D213418}
 [2012/10/23 09:45:16 | 000,000,000 | ---D | C] -- C:\Users\petitelyly\AppData\Lo​cal\{F1D56322-70B0-4F84-95C5-3​58617180096}
 [2012/10/22 09:44:50 | 000,000,000 | ---D | C] -- C:\Users\petitelyly\AppData\Lo​cal\{88123E98-5345-49E1-9526-B​285EE275160}
 [2012/10/21 21:44:24 | 000,000,000 | ---D | C] -- C:\Users\petitelyly\AppData\Lo​cal\{14B56AF2-473C-4B8F-90DA-A​CA2358470A4}
 [2012/10/21 09:44:13 | 000,000,000 | ---D | C] -- C:\Users\petitelyly\AppData\Lo​cal\{6A34468A-B3ED-497D-A615-4​4D00E0FBDB3}
 [2012/10/20 08:12:33 | 000,000,000 | ---D | C] -- C:\Users\petitelyly\AppData\Lo​cal\{0F6495D2-ABFA-4A3A-AFB9-8​15669838E65}
 [2012/10/19 20:10:42 | 000,000,000 | ---D | C] -- C:\Users\petitelyly\AppData\Lo​cal\{D7056015-527E-42ED-A52F-1​986F20C0DE7}
 [2012/10/19 08:10:29 | 000,000,000 | ---D | C] -- C:\Users\petitelyly\AppData\Lo​cal\{00B2A98A-1C7A-4C5C-9BEB-5​1AD2C89AAB9}
 [2012/10/18 20:10:01 | 000,000,000 | ---D | C] -- C:\Users\petitelyly\AppData\Lo​cal\{7685577B-0953-46AC-B706-7​6479AC44988}
 [2012/10/18 08:09:24 | 000,000,000 | ---D | C] -- C:\Users\petitelyly\AppData\Lo​cal\{DA2D7490-1A3F-4997-981D-7​828ADAA47AB}
 [2012/10/17 08:08:39 | 000,000,000 | ---D | C] -- C:\Users\petitelyly\AppData\Lo​cal\{280A50B6-3131-40A9-9527-F​9F47960A899}
 [2012/10/16 07:30:36 | 000,000,000 | ---D | C] -- C:\Users\petitelyly\AppData\Lo​cal\{99BFA846-B183-45A4-B4F5-9​3FAE7B4F9BF}
 [2012/10/15 19:30:04 | 000,000,000 | ---D | C] -- C:\Users\petitelyly\AppData\Lo​cal\{B680E759-C2D3-4AD7-85BA-A​B3756A7D192}
 [2012/10/15 07:29:49 | 000,000,000 | ---D | C] -- C:\Users\petitelyly\AppData\Lo​cal\{8E9ECB8C-61BE-4F94-A265-8​A5B877428D9}
 [2012/10/14 10:40:11 | 000,000,000 | ---D | C] -- C:\Users\petitelyly\AppData\Lo​cal\{EE7F28BD-831F-4CB7-984B-1​B1C3AB8A432}
 [2012/10/13 10:39:20 | 000,000,000 | ---D | C] -- C:\Users\petitelyly\AppData\Lo​cal\{92AAE118-B447-4EC6-BADE-7​86800AF3FFE}
 [2012/10/12 22:10:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
 [2012/10/12 22:09:59 | 000,000,000 | ---D | C] -- C:\Users\petitelyly\AppData\Ro​aming\GameCenter
 [2012/10/12 22:09:52 | 000,000,000 | ---D | C] -- C:\Users\petitelyly\AppData\Ro​aming\GoforFiles
 [2012/10/12 22:09:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GoforFiles
 [2012/10/12 10:38:59 | 000,000,000 | ---D | C] -- C:\Users\petitelyly\AppData\Lo​cal\{7728BDA7-B74F-4F5B-9A32-C​825B9D9C878}
 [2012/10/11 22:38:32 | 000,000,000 | ---D | C] -- C:\Users\petitelyly\AppData\Lo​cal\{4F12F7B4-70F3-42CC-960C-F​25C09A26C54}
 [2012/10/11 10:38:04 | 000,000,000 | ---D | C] -- C:\Users\petitelyly\AppData\Lo​cal\{637961C1-600A-4F56-BDFF-5​4C0DBCA092B}
 [2012/10/10 10:37:20 | 000,000,000 | ---D | C] -- C:\Users\petitelyly\AppData\Lo​cal\{4CD4B534-59D1-4F9B-9C05-3​03478AC3633}
 [2012/10/10 09:16:09 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.​exe
 [2012/10/10 09:16:08 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.e​xe
 [2012/10/10 09:16:08 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.e​xe
 [2012/10/10 09:16:01 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.​dll
 [2012/10/10 09:15:51 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBas​e.dll
 [2012/10/10 09:15:50 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel3

(Publicité)
petitelyly
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 28/10/2012 à 18:59:16  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 


 OTL Extras logfile created on: 28/10/2012 15:28:28 - Run 1
 OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\petitelyly\Desktop
 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
 Internet Explorer (Version = 8.0.7601.17514)
 Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
 2,93 Gb Total Physical Memory | 1,70 Gb Available Physical Memory | 58,00% Memory free
 5,86 Gb Paging File | 4,32 Gb Available in Paging File | 73,61% Paging File free
 Paging file location(s): ?:\pagefile.sys [binary data]
 
 %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
 Drive C: | 285,19 Gb Total Space | 144,36 Gb Free Space | 50,62% Space Free | Partition Type: NTFS
 Drive D: | 12,71 Gb Total Space | 2,12 Gb Free Space | 16,69% Space Free | Partition Type: NTFS
 
 Computer Name: PETITELYLY-PC | User Name: petitelyly | Logged in as Administrator.
 Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
 Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
 ========== Extra Registry (SafeList) ==========
 
 
 ========== File Associations ==========
 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\<extension>]
 .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.​exe (Microsoft Corporation)
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\<extension>]
 .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.ex​e (Microsoft Corporation)
 
 ========== Shell Spawning ==========
 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\<key>\shell\[comma​nd]\command]
 batfile [open] -- "%1" %*
 cmdfile [open] -- "%1" %*
 comfile [open] -- "%1" %*
 exefile [open] -- "%1" %*
 helpfile [open] -- Reg Error: Key error.
 inffile [install] -- %SystemRoot%\System32\InfDefau​ltInstall.exe "%1" (Microsoft Corporation)
 InternetShortcut [open] -- "C:\Windows\System32\rundll32.​exe" "C:\Windows\System32\ieframe.d​ll",OpenURL %l (Microsoft Corporation)
 InternetShortcut [print] -- "C:\Windows\System32\rundll32.​exe" "C:\Windows\System32\mshtml.dl​l",PrintHTML "%1" (Microsoft Corporation)
 piffile [open] -- "%1" %*
 regfile [merge] -- Reg Error: Key error.
 scrfile [config] -- "%1"
 scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
 scrfile [open] -- "%1" /S
 txtfile [edit] -- Reg Error: Key error.
 Unknown [openas] -- %SystemRoot%\system32\rundll32​.exe %SystemRoot%\system32\shell32.​dll,OpenAs_RunDLL %1
 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
 Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 Folder [explore] -- Reg Error: Value error.
 Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\<key>\shell\[comma​nd]\command]
 batfile [open] -- "%1" %*
 cmdfile [open] -- "%1" %*
 comfile [open] -- "%1" %*
 cplfile [cplopen] -- %SystemRoot%\System32\control.​exe "%1",%* (Microsoft Corporation)
 exefile [open] -- "%1" %*
 helpfile [open] -- Reg Error: Key error.
 inffile [install] -- %SystemRoot%\System32\InfDefau​ltInstall.exe "%1" (Microsoft Corporation)
 piffile [open] -- "%1" %*
 regfile [merge] -- Reg Error: Key error.
 scrfile [config] -- "%1"
 scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
 scrfile [open] -- "%1" /S
 txtfile [edit] -- Reg Error: Key error.
 Unknown [openas] -- %SystemRoot%\system32\rundll32​.exe %SystemRoot%\system32\shell32.​dll,OpenAs_RunDLL %1
 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
 Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 Folder [explore] -- Reg Error: Value error.
 Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
 ========== Security Center Settings ==========
 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Security Center]
 "cval" = 1
 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Security Center\Monitoring]
 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Security Center\Svc]
 "VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
 "AntiVirusOverride" = 0
 "AntiSpywareOverride" = 0
 "FirewallOverride" = 0
 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Security Center\Svc\Vol]
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Security Center]
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Security Center\Svc]
 
 ========== Firewall Settings ==========
 
 [HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Services\SharedA​ccess\Parameters\FirewallPolic​y\DomainProfile]
 "DisableNotifications" = 0
 "EnableFirewall" = 1
 
 [HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Services\SharedA​ccess\Parameters\FirewallPolic​y\StandardProfile]
 "DisableNotifications" = 0
 "EnableFirewall" = 1
 
 [HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Services\SharedA​ccess\Parameters\FirewallPolic​y\PublicProfile]
 "DisableNotifications" = 0
 "EnableFirewall" = 1
 
 ========== Authorized Applications List ==========
 
 
 ========== Vista Active Open Ports Exception List ==========
 
 [HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Services\SharedA​ccess\Parameters\FirewallPolic​y\FirewallRules]
 "{077EC234-F224-41E4-86CC-E1BE​DB85DEA3}" = lport=10243 | protocol=6 | dir=in | app=system |
 "{1461C244-6178-4BD4-9D48-EB21​0C611378}" = lport=2869 | protocol=6 | dir=in | app=system |
 "{1617F0B3-7B72-4032-88FB-4D9D​E462E9AC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
 "{1B57E112-ED36-4763-881D-EA3B​023AE059}" = lport=137 | protocol=17 | dir=in | app=system |
 "{1DF7DEC9-568F-4064-8A2C-3662​DFBB55AE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svch​ost.exe |
 "{1E8ED1FA-8F14-42F4-82E1-B748​90A7B279}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svch​ost.exe |
 "{20371FD5-1C59-43C8-A5E7-EE18​E722DFB7}" = rport=137 | protocol=17 | dir=out | app=system |
 "{24806182-C85B-4EA7-A69D-9CA2​96831A77}" = lport=2869 | protocol=6 | dir=in | app=system |
 "{26E3EFCF-1615-475F-917D-8F07​D0B989E6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svch​ost.exe |
 "{2F672628-574C-4578-9CBE-7847​B5C8D71C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svch​ost.exe |
 "{4FC0B9EE-1A90-42CC-B478-1431​B5539978}" = rport=139 | protocol=6 | dir=out | app=system |
 "{5D14FAEC-3157-47D2-9DE8-AD15​A5CB7488}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoo​lsv.exe |
 "{8150AA98-665F-4780-A230-C584​1CF7410E}" = lport=139 | protocol=6 | dir=in | app=system |
 "{8330911F-53F8-4697-B54C-4985​90FDDFB0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svch​ost.exe |
 "{92D00DF6-4B99-402D-A485-18D1​89EAC4A8}" = lport=138 | protocol=17 | dir=in | app=system |
 "{9BC27C43-2D5D-46F3-A56C-3A33​38F95133}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svch​ost.exe |
 "{A955EF1A-860D-4EBA-95A6-6165​5ABEAF3B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
 "{B60E7F35-67AC-4BE7-B235-A2B6​31AE59B7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svch​ost.exe |
 "{C0E04C66-7F03-43F7-AB94-EC63​7AB3AB7B}" = lport=445 | protocol=6 | dir=in | app=system |
 "{CD41EE8F-BAC9-43D1-A1B2-B3B6​AC720F19}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svch​ost.exe |
 "{CF0E824F-E31F-4134-A2C9-5BB0​8BF14F13}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
 "{D6DC6B64-BA77-45AE-9216-95E8​707552D8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
 "{E7051EE1-AC59-43FF-A04E-61D8​EB74D6B9}" = rport=445 | protocol=6 | dir=out | app=system |
 "{F0CA6C5D-74A6-4DD5-9A1A-3B80​247C4AE8}" = rport=138 | protocol=17 | dir=out | app=system |
 "{F39968FA-D350-42FE-A880-C923​AF1DC314}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svch​ost.exe |
 "{F3C6C095-EC6E-44D0-A343-409F​D720E299}" = rport=10243 | protocol=6 | dir=out | app=system |
 "{FA70BF8E-D563-4998-A378-B4D7​11E795B8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svch​ost.exe |
 
 ========== Vista Active Application Exception List ==========
 
 [HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Services\SharedA​ccess\Parameters\FirewallPolic​y\FirewallRules]
 "{00A622F3-FDBE-4281-89B7-4324​3968500F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
 "{081B9BFF-9252-442E-9A43-54B3​3B0BE330}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\​pdr.exe |
 "{1B2CC359-B792-49DC-8887-D376​153DF4A9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
 "{1C67C4C5-B4A9-46BF-A6FD-2B5E​0AEEBC11}" = protocol=17 | dir=in | app=c:\program files (x86)\orange\rim\fscommand\cks​ocketserver.exe |
 "{2342966E-7D4D-470A-878A-ACFB​FD81422A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
 "{2DB5B2D0-B12A-4AE1-89B6-9C7B​53BEBCEC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
 "{380FCC84-2796-4133-8F7F-FDB7​AE377CC6}" = protocol=17 | dir=in | app=c:\program files (x86)\orange\orangeupdate\serv​ice\oucore.exe |
 "{53B810A2-6829-4CF9-8DDF-0188​D870BBC8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
 "{5EFC8262-A709-4890-BFD2-E286​2C148AD3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
 "{617992BA-B834-44DB-9D61-9DE8​9A84A5D9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
 "{6B703D38-C24B-4076-A0CE-5931​301F0EBE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
 "{6B818D48-AD97-4DB9-BB70-4EA2​2ABD61E5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
 "{7E1CB81C-C686-42B0-BACB-6DCA​FA933131}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
 "{81143EE1-4246-4EE6-BACE-836B​B790E54A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
 "{839E590C-9C33-4478-921A-F071​1C1F8765}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
 "{8E9D8517-3356-4618-B752-58FF​9B4382E7}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
 "{90CEA85B-886B-4335-A470-012D​C591855A}" = protocol=17 | dir=in | app=%programfiles(x86)%\window​s media player\wmplayer.exe |
 "{A615E4F4-715F-4238-9EE2-21BA​D6772FE6}" = protocol=6 | dir=in | app=e:\fscommand\cksocketserve​r.exe |
 "{A675527B-496E-486F-B25B-8B83​BF424408}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
 "{B773D663-4951-4418-9341-419C​2F039D51}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.ex​e |
 "{BDF2A419-EE1E-49E2-87F0-76AB​4BF1D81C}" = protocol=6 | dir=in | app=c:\program files (x86)\orange\orangeupdate\serv​ice\oucore.exe |
 "{BF17E0D0-7219-4383-AAFF-D350​E4DBE351}" = protocol=6 | dir=in | app=c:\program files (x86)\orange\rim\fscommand\cks​ocketserver.exe |
 "{C001E868-A0A2-467E-9804-A4A5​82DD6030}" = protocol=17 | dir=out | app=%programfiles(x86)%\window​s media player\wmplayer.exe |
 "{C195E831-73D2-4667-877E-E189​18AD74DE}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
 "{C1BAF9FF-4858-493C-8009-9A3C​B73B2239}" = protocol=17 | dir=in | app=e:\fscommand\cksocketserve​r.exe |
 "{CDF87AAF-933E-455D-886B-C8C7​9AAEBF6F}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.​exe |
 "{DBD24320-714B-4849-92BE-7710​DEDB1B83}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
 "{DE2CE205-401D-4398-8B54-112D​8E8B428A}" = protocol=6 | dir=in | app=c:\program files (x86)\orange\rim\fscommand\rim​.exe |
 "{E08C8F0E-37B5-432C-BEB9-D9D4​AE0B0BBF}" = protocol=17 | dir=in | app=c:\program files (x86)\orange\rim\fscommand\rim​.exe |
 "{E51254F2-0C62-4389-8266-EAAF​DE04DE66}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.​exe |
 "{E7934C22-2727-48BE-B17D-89F6​B643891C}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.ex​e |
 "{F001A22B-1CEC-4F40-89F8-6D75​7C5FA21C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svch​ost.exe |
 "{F523EBDB-10BF-4D3C-9C6A-9F34​BB88717F}" = protocol=6 | dir=out | app=system |
 "{F9BF0AF1-9DBE-4E13-B937-2036​34CB5B0C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powe​rdvd8.exe |
 "{FD20600B-96E7-451B-8DCA-552F​F8FF778C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
 "{FDEA7C1C-7FB0-4EE1-ABBD-45A8​DD0DBA12}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
 "{FEF55D18-95E6-476A-9A37-D1ED​049A8905}" = protocol=6 | dir=out | app=%programfiles(x86)%\window​s media player\wmplayer.exe |
 "TCP Query User{050FB594-EFA1-4535-A627-0​EBEB474F011}C:\program files (x86)\freetorrentviewer\freeto​rrentviewer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\freetorrentviewer\freeto​rrentviewer.exe |
 "TCP Query User{18A17D4E-2AD2-4692-BD9F-9​7E89412833A}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
 "TCP Query User{1D0B85EC-81A9-4FA0-8928-9​D7EF673DFE8}C:\program files (x86)\orange\media player\media player.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orange\media player\media player.exe |
 "TCP Query User{9C53C79D-A957-4564-BC45-7​9FA410E65B1}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
 "TCP Query User{9DA550FB-D274-4209-A013-8​3AE4731487F}C:\program files (x86)\orange\assistance livebox\dist\st2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orange\assistance livebox\dist\st2.exe |
 "TCP Query User{D5F740B8-2581-4779-84FC-7​1EAB3737245}C:\program files (x86)\free download manager\fdm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\free download manager\fdm.exe |
 "TCP Query User{D7B38B26-CA32-43D8-A61A-C​427E6FA8820}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
 "UDP Query User{63FAAA3E-91A9-47AE-93B0-3​1FA9FF6AEFD}C:\program files (x86)\orange\media player\media player.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orange\media player\media player.exe |
 "UDP Query User{74E5903A-7D45-4081-89E8-E​A42EAE44AD8}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
 "UDP Query User{7594864E-E777-41CD-8DC8-5​F3DB02F0568}C:\program files (x86)\free download manager\fdm.exe" = protocol=17 | dir=in | app=c:\program files (x86)\free download manager\fdm.exe |
 "UDP Query User{8F26056B-353A-4681-97AA-5​A8FC8DBFCAE}C:\program files (x86)\orange\assistance livebox\dist\st2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orange\assistance livebox\dist\st2.exe |
 "UDP Query User{C8FEFD53-92F0-4712-A602-6​E50261BB117}C:\program files (x86)\freetorrentviewer\freeto​rrentviewer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\freetorrentviewer\freeto​rrentviewer.exe |
 "UDP Query User{CE6DA013-7721-4DE7-8283-7​627825B00FA}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
 "UDP Query User{EBFD8289-DBF8-41CB-AB35-C​920987CF9BA}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Uninstall]
 "{027E5FAB-1476-4C59-AAB4-32EF​28520399}" = Windows Live Language Selector
 "{1ACC8FFB-9D84-4C05-A4DE-D28A​9BC91698}" = Windows Live ID Sign-in Assistant
 "{4B5F58F7-C7D1-3CE3-9B37-B657​F0852643}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
 "{4B6C7001-C7D6-3710-913E-5BC2​3FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
 "{5FCE6D76-F5DC-37AB-B2B8-22AB​8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
 "{8220EEFE-38CD-377E-8595-1339​8D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
 "{8338783A-0968-3B85-AFC7-BAAE​0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
 "{89F4137D-6C26-4A84-BDB8-2E5A​4BB71E00}" = Microsoft Silverlight
 "{90120000-002A-0000-1000-0000​000FF1CE}" = Microsoft Office Office 64-bit Components 2007
 "{90120000-002A-040C-1000-0000​000FF1CE}" = Microsoft Office Shared 64-bit MUI (French) 2007
 "{95120000-00B9-0409-1000-0000​000FF1CE}" = Microsoft Application Error Reporting
 "{D9473D19-26F1-4B91-BBAC-4089​CB41BC48}" = Microsoft SQL Server 2008 Management Objects
 "{DA54F80E-261C-41A2-A855-549A​144F2F59}" = Windows Live MIME IFilter
 "{E59DA96D-CCB1-4cf1-9677-AEEF​910F7D59}" = PACT Informatique StorexProteK Scalable Business Server 2010
 "{F4264106-F90E-4076-98CF-1B87​8DB14513}" = SQL Server System CLR Types
 "{F5B09CFD-F0B2-36AF-8DF4-1DF6​B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
 "245A139F08D3D69654D8822673D0B​5EBFB63EF38" = Windows Driver Package - OPTO ELECTRONICS CO.,LTD (optousb) Ports  (06/02/2008 2.0.5.5)
 "HDMI" = Intel(R) Graphics Media Accelerator Driver
 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
 "Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA
 "SynTPDeinstKey" = Synaptics Pointing Device Driver
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Uninstall]
 "{01FB4998-33C4-4431-85ED-079E​3EEFE75D}" = CyberLink YouCam
 "{05E379CC-F626-4E7D-8354-4638​65B303BF}" = Windows Live UX Platform Language Pack
 "{07FA4960-B038-49EB-891B-9F95​930AA544}" = HP Customer Experience Enhancements
 "{0B0F231F-CE6A-483D-AA23-77B3​64F75917}" = Windows Live Installer
 "{17B4760F-334B-475D-829F-1A3E​94A6A4E6}" = HP Setup
 "{196BB40D-1578-3D01-B289-BEFC​77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
 "{1F1C2DFC-2D24-3E06-BCB8-7251​34ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
 "{1F6AB0E7-8CDD-4B93-8A23-AA9E​B2FEFCE4}" = Junk Mail filter update
 "{1FBF6C24-C1FD-4101-A42B-0C56​4F9E8E79}" = CyberLink DVD Suite
 "{200FEC62-3C34-4D60-9CE8-EC37​2E01C08F}" = Windows Live SOXE Definitions
 "{26A24AE4-039D-4CA4-87B4-2F83​216031FF}" = Java(TM) 6 Update 31
 "{287ECFA4-719A-2143-A09B-D6A1​2DE54E40}" = Acrobat.com
 "{2BF2E31F-B8BB-40A7-B650-98D2​8E0F7D47}" = CyberLink PowerDVD 8
 "{2FA94A64-C84E-49d1-97DD-7BF0​6C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
 "{34319F1F-7CF2-4CC9-B357-1AE7​D2FF3AC5}" = Windows Live
 "{34D2AB40-150D-475D-AE32-BD23​FB5EE355}" = HP Quick Launch Buttons
 "{3B160861-7250-451E-B5EE-8B92​BF30A710}" = Microsoft Works
 "{3B6E3FC6-274C-4B6C-BC85-5C3B​15DE18E2}" = Mega Manager
 "{40BF1E83-20EB-11D8-97C5-0009​C5020658}" = Power2Go
 "{40FB8D7C-6FF8-4AF2-BC8B-0B1D​B32AF04B}" = HP Advisor
 "{41BB38A4-ED84-4682-8329-042F​EBD8C30B}" = Mega Manager
 "{43BA31BA-04BD-2EA3-0A60-A9C5​4E06D3F2}" = muvee Reveal
 "{44B2A0AB-412E-4F8C-B058-D1E8​AECCDFF5}" = Recovery Manager
 "{4E432692-A736-4F77-AF77-F907​8CF88D31}" = HP Wireless Assistant
 "{6068A42A-C1CF-45F2-9859-5DB1​6287FE5D}" = msvcrt_installer
 "{62687B11-58B5-4A18-9BC3-9DF4​CE03F194}" = Windows Live Writer Resources
 "{682B3E4F-696A-42DE-A41C-4C07​EA1678B4}" = Windows Live SOXE
 "{6AFCA4E1-9B78-3640-8F72-A7BF​33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
 "{6F340107-F9AA-47C6-B54C-C3A1​9F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
 "{6F44AF95-3CDE-4513-AD3F-6D45​F17BF324}" = HP Support Assistant
 "{70B446D1-E03B-4ab0-9B3C-0832​142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
 "{710f4c1c-cc18-4c49-8cbf-5124​0c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
 "{74EC78BC-B379-4E29-9006-8F16​1DCAABA6}" = Apple Software Update
 "{770657D0-A123-3C07-8E44-1C83​EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
 "{80E158EA-7181-40FE-A701-301C​E6BE64AB}" = CyberLink MediaShow
 "{83C292B7-38A5-440B-A731-0707​0E81A64F}" = Windows Live PIMT Platform
 "{86CE85E6-DBAC-3FFD-B977-E4B7​9F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
 "{8833FFB6-5B0C-4764-81AA-06DF​EED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
 "{8DD46C6A-0056-4FEC-B70A-28BB​16A1F11F}" = MSVCRT
 "{90120000-0016-040C-0000-0000​000FF1CE}" = Microsoft Office Excel MUI (French) 2007
 "{90120000-0016-040C-0000-0000​000FF1CE}_HOMESTUDENTR_{CF3C20​A6-47B7-48DA-95C1-6FBB5A439AF8​}" = Microsoft Office 2007 Service Pack 3 (SP3)
 "{90120000-0018-040C-0000-0000​000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
 "{90120000-0018-040C-0000-0000​000FF1CE}_HOMESTUDENTR_{CF3C20​A6-47B7-48DA-95C1-6FBB5A439AF8​}" = Microsoft Office 2007 Service Pack 3 (SP3)
 "{90120000-001B-040C-0000-0000​000FF1CE}" = Microsoft Office Word MUI (French) 2007
 "{90120000-001B-040C-0000-0000​000FF1CE}_HOMESTUDENTR_{CF3C20​A6-47B7-48DA-95C1-6FBB5A439AF8​}" = Microsoft Office 2007 Service Pack 3 (SP3)
 "{90120000-001F-0401-0000-0000​000FF1CE}" = Microsoft Office Proof (Arabic) 2007
 "{90120000-001F-0401-0000-0000​000FF1CE}_HOMESTUDENTR_{3E8EA4​73-ECCE-405F-A9CA-59446AEADD3A​}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
 "{90120000-001F-0407-0000-0000​000FF1CE}" = Microsoft Office Proof (German) 2007
 "{90120000-001F-0407-0000-0000​000FF1CE}_HOMESTUDENTR_{928D7B​99-2BEA-49F9-83B8-20FA57860643​}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
 "{90120000-001F-0409-0000-0000​000FF1CE}" = Microsoft Office Proof (English) 2007
 "{90120000-001F-0409-0000-0000​000FF1CE}_HOMESTUDENTR_{1FF960​26-A04A-4C3E-B50A-BB7022654D0F​}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
 "{90120000-001F-040C-0000-0000​000FF1CE}" = Microsoft Office Proof (French) 2007
 "{90120000-001F-040C-0000-0000​000FF1CE}_HOMESTUDENTR_{71F055​E8-E2C6-4214-BB3D-BFE03561B89E​}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
 "{90120000-001F-0413-0000-0000​000FF1CE}" = Microsoft Office Proof (Dutch) 2007
 "{90120000-001F-0413-0000-0000​000FF1CE}_HOMESTUDENTR_{2C95E7​EE-FEA7-4B3A-A6E5-DF90A88B816A​}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
 "{90120000-001F-0C0A-0000-0000​000FF1CE}" = Microsoft Office Proof (Spanish) 2007
 "{90120000-001F-0C0A-0000-0000​000FF1CE}_HOMESTUDENTR_{2314F9​A1-126F-45CC-8A5E-DFAF866F3FBC​}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
 "{90120000-0020-040C-0000-0000​000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
 "{90120000-002A-0000-1000-0000​000FF1CE}_HOMESTUDENTR_{664655​D8-B9BB-455D-8A58-7EAF7B0B2862​}" = Microsoft Office 2007 Service Pack 3 (SP3)
 "{90120000-002A-040C-1000-0000​000FF1CE}_HOMESTUDENTR_{8283FD​64-6A3B-4104-9E12-7CA25EF29A1A​}" = Microsoft Office 2007 Service Pack 3 (SP3)
 "{90120000-002C-040C-0000-0000​000FF1CE}" = Microsoft Office Proofing (French) 2007
 "{90120000-006E-040C-0000-0000​000FF1CE}" = Microsoft Office Shared MUI (French) 2007
 "{90120000-006E-040C-0000-0000​000FF1CE}_HOMESTUDENTR_{8283FD​64-6A3B-4104-9E12-7CA25EF29A1A​}" = Microsoft Office 2007 Service Pack 3 (SP3)
 "{90120000-00A1-040C-0000-0000​000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
 "{90120000-00A1-040C-0000-0000​000FF1CE}_HOMESTUDENTR_{CF3C20​A6-47B7-48DA-95C1-6FBB5A439AF8​}" = Microsoft Office 2007 Service Pack 3 (SP3)
 "{90140000-2005-0000-0000-0000​000FF1CE}" = Microsoft Office File Validation Add-In
 "{91120000-002F-0000-0000-0000​000FF1CE}" = Microsoft Office Home and Student 2007
 "{91120000-002F-0000-0000-0000​000FF1CE}_HOMESTUDENTR_{6E107E​B7-8B55-48BF-ACCB-199F86A2CD93​}" = Microsoft Office 2007 Service Pack 3 (SP3)
 "{95120000-00AF-040C-0000-0000​000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)
 "{95A890AA-B3B1-44B6-9C18-A8F7​AB3EE7FC}" = QuickTime
 "{96AE7E41-E34E-47D0-AC07-1091​A8127911}" = Realtek USB 2.0 Card Reader
 "{9A25302D-30C0-39D9-BD6F-21E6​EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
 "{9BE518E6-ECC6-35A9-88E4-8775​5C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
 "{9D3318E1-5A9F-4A95-A7A1-7E04​5403AE34}" = HP User Guides 0148
 "{9D56775A-93F3-44A3-8092-840E​3826DE30}" = Windows Live Mail
 "{9FAE6E8D-E686-49F5-A574-0A58​DFD9580C}" = Windows Live Mail
 "{A047FE02-C91C-41CB-898C-4ED2​1B86025A}" = ToolbarFR
 "{A9BDCA6B-3653-467B-AC83-9436​7DA3BFE3}" = Windows Live Photo Common
 "{AAAFC670-569B-4A2F-82B4-4294​5E0DE3EF}" = Windows Live Writer
 "{AB61A2E9-37D3-485D-9085-19FB​DF8CEF4A}" = Windows Live Messenger
 "{AC76BA86-7AD7-FFFF-7B44-A910​00000001}" = Adobe Reader 9.5.2 MUI
 "{AD72CFB4-C2BF-424E-9DF0-C7BA​D1F30A11}" = Adobe Shockwave Player
 "{C06EFB22-B5DB-46C5-9215-BCB5​C19C0858}" = LauncherMA
 "{C3A32068-8AB1-4327-BB16-BED9​C6219DC7}" = Atheros Driver Installation Program
 "{C59C179C-668D-49A9-B6EA-0121​CCFC1243}" = LabelPrint
 "{C893D8C0-1BA0-4517-B11C-E89B​65E72F70}" = Windows Live Photo Common
 "{CB099890-1D5F-11D5-9EA9-0050​BAE317E1}" = PowerDirector
 "{CC8E94A2-55C7-4460-953C-2A79​0180578C}" = LightScribe System Software
 "{CE95A79E-E4FC-4FFF-8A75-29F0​4B942FF2}" = Windows Live UX Platform
 "{CFF8B8E8-E086-4DE0-935F-FE22​CAB54F80}" = Microsoft Search Enhancement Pack
 "{D0B44725-3666-492D-BEF6-587A​14BD9BD9}" = MSVCRT_amd64
 "{D13FE823-C575-4451-AC37-E645​A67AA581}_1.2.5.0" = Orange Installeur version 1.2.5.0
 "{D45240D3-B6B3-4FF9-B243-54EC​E3E10066}" = Windows Live Communications Platform
 "{D46D081B-F60E-467E-A7C4-117B​70D76731}" = HP Update
 "{E09C4DB7-630C-4F06-A631-8EA7​239923AF}" = D3DX10
 "{E3A5A8AB-58F6-45FF-AFCB-C9AE​18C05001}" = IDT Audio
 "{E503B4BF-F7BB-3D5F-8BC8-F694​B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
 "{E50AE784-FABE-46DA-A1F8-7B6B​56DCB22E}" = Microsoft Office Suite Activation Assistant
 "{E5B21F11-6933-4E0B-A25C-7963​E3C07D11}" = Windows Live Messenger
 "{F1D7AC58-554A-4A58-B784-B615​58B1449A}" = QLBCASL
 "{FE0646A7-19D0-41B4-A2BB-2C35​D644270D}" = Windows Live OneCare safety scanner
 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
 "Assistance Livebox" = Assistance Livebox
 "AVS Update Manager_is1" = AVS Update Manager 1.0
 "CFWebAdvancedU_BOBTV.FR" = CamfrogWEB Advanced ActiveX Plugin (www.bobtv.fr)
 "EasyBits Magic Desktop" = Magic Desktop
 "Free Download Manager_is1" = Free Download Manager 3.9
 "FreeTorrentViewer" = FreeTorrentViewer
 "HOMESTUDENTR" = Microsoft Office Home and Student 2007
 "InstallShield_{01FB4998-33C4-​4431-85ED-079E3EEFE75D}" = CyberLink YouCam
 "InstallShield_{1FBF6C24-C1FD-​4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
 "InstallShield_{2BF2E31F-B8BB-​40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
 "InstallShield_{40BF1E83-20EB-​11D8-97C5-0009C5020658}" = Power2Go
 "InstallShield_{80E158EA-7181-​40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
 "InstallShield_{C59C179C-668D-​49A9-B6EA-0121CCFC1243}" = LabelPrint
 "InstallShield_{CB099890-1D5F-​11D5-9EA9-0050BAE317E1}" = PowerDirector
 "MailNotifier" = Notification Mail
 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
 "Media Player" = Media Player
 "Orange Web Player_is1" = Orange Web Player 1.213932
 "OrangeToolbar" = barre d'outils Orange
 "OrangeUpdateManager" = Orange update
 "PACT Informatique StorexProteK Scalable Business Server 2010" = PACT Informatique StorexProteK Scalable Business Server 2010
 "ReussirCodeLite" = Réussir l'examen officiel du code de la route - Version d'évaluation
 "VLC media player" = VLC media player 1.0.5
 "WildTangent hp Master Uninstall" = HP Games
 "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
 "WinLiveSuite" = Windows Live
 "WinPcapInst" = WinPcap 4.1.2
 "WinRAR archiver" = Logiciel d'archivage WinRAR
 
 ========== HKEY_USERS Uninstall List ==========
 
 [HKEY_USERS\S-1-5-21-517684841-​1992110198-3038868213-1001\SOF​TWARE\Microsoft\Windows\Curren​tVersion\Uninstall]
 "Orange Inside" = Orange Inside
 
 ========== Last 20 Event Log Errors ==========
 
 [ Application Events ]
 Error - 24/11/2011 06:07:29 | Computer Name = petitelyly-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
 Description = Échec de l’extraction de la liste racine tierce depuis le fichier
 CAB de mise à jour automatique à : <http://www.download.windowsup​date.com/msdownload/update/v3/​static/trustedr/en/authrootstl​.cab>
 avec l’erreur : Un certificat requis n’est pas dans sa période de validité selon
 la vérification par rapport à l’horloge système en cours ou le tampon daté dans
 le fichier signé.  .
 
 Error - 24/11/2011 06:36:47 | Computer Name = petitelyly-PC | Source = MsiInstaller | ID = 1024
 Description =
 
 Error - 24/11/2011 06:37:09 | Computer Name = petitelyly-PC | Source = MsiInstaller | ID = 11303
 Description =
 
 Error - 24/11/2011 07:11:30 | Computer Name = petitelyly-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
 Description = Échec de l’extraction de la liste racine tierce depuis le fichier
 CAB de mise à jour automatique à : <http://www.download.windowsup​date.com/msdownload/update/v3/​static/trustedr/en/authrootstl​.cab>
 avec l’erreur : Un certificat requis n’est pas dans sa période de validité selon
 la vérification par rapport à l’horloge système en cours ou le tampon daté dans
 le fichier signé.  .
 
 Error - 24/11/2011 08:14:53 | Computer Name = petitelyly-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
 Description = Échec de l’extraction de la liste racine tierce depuis le fichier
 CAB de mise à jour automatique à : <http://www.download.windowsup​date.com/msdownload/update/v3/​static/trustedr/en/authrootstl​.cab>
 avec l’erreur : Un certificat requis n’est pas dans sa période de validité selon
 la vérification par rapport à l’horloge système en cours ou le tampon daté dans
 le fichier signé.  .
 
 Error - 24/11/2011 09:04:31 | Computer Name = petitelyly-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
 Description = Échec de l’extraction de la liste racine tierce depuis le fichier
 CAB de mise à jour automatique à : <http://www.download.windowsup​date.com/msdownload/update/v3/​static/trustedr/en/authrootstl​.cab>
 avec l’erreur : Un certificat requis n’est pas dans sa période de validité selon
 la vérification par rapport à l’horloge système en cours ou le tampon daté dans
 le fichier signé.  .
 
 Error - 24/11/2011 09:24:00 | Computer Name = petitelyly-PC | Source = Application Hang | ID = 1002
 Description = Le programme Explorer.EXE version 6.1.7600.16768 a cessé d’interagir
 avec Windows et a été fermé. Pour déterminer si des informations supplémentaires
 sont disponibles, consultez l’historique du problème dans le Centre de maintenance.

 ID
 de processus : 938    Heure de début : 01ccaa7686d13f77    Heure de fin : 5414    Chemin d’accès
 de l’application : C:\Windows\Explorer.EXE    ID de rapport :  
 
 Error - 24/11/2011 09:26:45 | Computer Name = petitelyly-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
 Description = Échec de l’extraction de la liste racine tierce depuis le fichier
 CAB de mise à jour automatique à : <http://www.download.windowsup​date.com/msdownload/update/v3/​static/trustedr/en/authrootstl​.cab>
 avec l’erreur : Un certificat requis n’est pas dans sa période de validité selon
 la vérification par rapport à l’horloge système en cours ou le tampon daté dans
 le fichier signé.  .
 
 Error - 24/11/2011 10:10:25 | Computer Name = petitelyly-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
 Description = Échec de l’extraction de la liste racine tierce depuis le fichier
 CAB de mise à jour automatique à : <http://www.download.windowsup​date.com/msdownload/update/v3/​static/trustedr/en/authrootstl​.cab>
 avec l’erreur : Un certificat requis n’est pas dans sa période de validité selon
 la vérification par rapport à l’horloge système en cours ou le tampon daté dans
 le fichier signé.  .
 
 Error - 24/11/2011 10:14:22 | Computer Name = petitelyly-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
 Description = Échec de l’extraction de la liste racine tierce depuis le fichier
 CAB de mise à jour automatique à : <http://www.download.windowsup​date.com/msdownload/update/v3/​static/trustedr/en/authrootstl​.cab>
 avec l’erreur : Un certificat requis n’est pas dans sa période de validité selon
 la vérification par rapport à l’horloge système en cours ou le tampon daté dans
 le fichier signé.  .
 
 [ Hewlett-Packard Events ]
 Error - 13/09/2012 14:07:16 | Computer Name = petitelyly-PC | Source = hpsa_service.exe | ID = 2000
 Description = HP Error ID: -2146233088   à HP.ActiveCheckLocalMode.Sessio​nManager.ActiveCheckManager.Up​dateAndDetect()

à HP.SupportAssistant.Service.AC​LM.ActiveCheck.LaunchActiveChe​ck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:

à HP.ActiveCheckLocalMode.Sessio​nManager.ActiveCheckManager.Up​dateAndDetect()

à HP.SupportAssistant.Service.AC​LM.ActiveCheck.LaunchActiveChe​ck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.Sessio​nManager    Name: hpsa_service.exe
 Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
 Format:
 fr-FR  RAM: 3002  Ram Utilization:   TargetSite: Void UpdateAndDetect()  
 
 Error - 13/09/2012 14:09:09 | Computer Name = petitelyly-PC | Source = HPSF.exe | ID = 4000
 Description =
 
 Error - 20/09/2012 14:19:49 | Computer Name = petitelyly-PC | Source = hpsa_service.exe | ID = 2000
 Description = HP Error ID: -2146233088   à HP.ActiveCheckLocalMode.Sessio​nManager.ActiveCheckManager.Up​dateAndDetect()

à HP.SupportAssistant.Service.AC​LM.ActiveCheck.LaunchActiveChe​ck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:

à HP.ActiveCheckLocalMode.Sessio​nManager.ActiveCheckManager.Up​dateAndDetect()

à HP.SupportAssistant.Service.AC​LM.ActiveCheck.LaunchActiveChe​ck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.Sessio​nManager    Name: hpsa_service.exe
 Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
 Format:
 fr-FR  RAM: 3002  Ram Utilization: 40  TargetSite: Void UpdateAndDetect()  
 
 Error - 20/09/2012 14:20:47 | Computer Name = petitelyly-PC | Source = HPSF.exe | ID = 4000
 Description =
 
 Error - 27/09/2012 14:50:05 | Computer Name = petitelyly-PC | Source = hpsa_service.exe | ID = 2000
 Description = HP Error ID: -2146233088   à HP.ActiveCheckLocalMode.Sessio​nManager.ActiveCheckManager.Up​dateAndDetect()

à HP.SupportAssistant.Service.AC​LM.ActiveCheck.LaunchActiveChe​ck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:

à HP.ActiveCheckLocalMode.Sessio​nManager.ActiveCheckManager.Up​dateAndDetect()

à HP.SupportAssistant.Service.AC​LM.ActiveCheck.LaunchActiveChe​ck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.Sessio​nManager    Name: hpsa_service.exe
 Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
 Format:
 fr-FR  RAM: 3002  Ram Utilization:   TargetSite: Void UpdateAndDetect()  
 
 Error - 04/10/2012 14:59:17 | Computer Name = petitelyly-PC | Source = HPSF.exe | ID = 4000
 Description =
 
 Error - 04/10/2012 15:00:54 | Computer Name = petitelyly-PC | Source = hpsa_service.exe | ID = 2000
 Description = HP Error ID: -2146233088   à HP.ActiveCheckLocalMode.Sessio​nManager.ActiveCheckManager.Up​dateAndDetect()

à HP.SupportAssistant.Service.AC​LM.ActiveCheck.LaunchActiveChe​ck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:

à HP.ActiveCheckLocalMode.Sessio​nManager.ActiveCheckManager.Up​dateAndDetect()

à HP.SupportAssistant.Service.AC​LM.ActiveCheck.LaunchActiveChe​ck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.Sessio​nManager    Name: hpsa_service.exe
 Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
 Format:
 fr-FR  RAM: 3002  Ram Utilization: 40  TargetSite: Void UpdateAndDetect()  
 
 Error - 11/10/2012 14:34:45 | Computer Name = petitelyly-PC | Source = HPSF.exe | ID = 4000
 Description =
 
 Error - 11/10/2012 14:37:25 | Computer Name = petitelyly-PC | Source = hpsa_service.exe | ID = 2000
 Description = HP Error ID: -2146233088   à HP.ActiveCheckLocalMode.Sessio​nManager.ActiveCheckManager.Up​dateAndDetect()

à HP.SupportAssistant.Service.AC​LM.ActiveCheck.LaunchActiveChe​ck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:

à HP.ActiveCheckLocalMode.Sessio​nManager.ActiveCheckManager.Up​dateAndDetect()

à HP.SupportAssistant.Service.AC​LM.ActiveCheck.LaunchActiveChe​ck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.Sessio​nManager    Name: hpsa_service.exe
 Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
 Format:
 fr-FR  RAM: 3002  Ram Utilization: 60  TargetSite: Void UpdateAndDetect()  
 
 Error - 18/10/2012 14:11:20 | Computer Name = petitelyly-PC | Source = hpsa_service.exe | ID = 2000
 Description = HP Error ID: -2146233088   à HP.ActiveCheckLocalMode.Sessio​nManager.ActiveCheckManager.Up​dateAndDetect()

à HP.SupportAssistant.Service.AC​LM.ActiveCheck.LaunchActiveChe​ck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:

à HP.ActiveCheckLocalMode.Sessio​nManager.ActiveCheckManager.Up​dateAndDetect()

à HP.SupportAssistant.Service.AC​LM.ActiveCheck.LaunchActiveChe​ck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.Sessio​nManager    Name: hpsa_service.exe
 Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
 Format:
 fr-FR  RAM: 3002  Ram Utilization: 70  TargetSite: Void UpdateAndDetect()  
 
 [ Media Center Events ]
 Error - 23/06/2010 07:49:27 | Computer Name = petitelyly-PC | Source = MCUpdate | ID = 0
 Description = 13:49:26 - Erreur de connexion à Internet.  13:49:27 -     Impossible
 de contacter le service..  
 
 Error - 23/06/2010 07:49:37 | Computer Name = petitelyly-PC | Source = MCUpdate | ID = 0
 Description = 13:49:32 - Erreur de connexion à Internet.  13:49:32 -     Impossible
 de contacter le service..  
 
 Error - 19/10/2011 15:33:38 | Computer Name = petitelyly-PC | Source = MCUpdate | ID = 0
 Description = 21:33:37 - Erreur de connexion à Internet.  21:33:37 -     Impossible
 de contacter le service..  
 
 Error - 19/10/2011 15:34:16 | Computer Name = petitelyly-PC | Source = MCUpdate | ID = 0
 Description = 21:33:43 - Erreur de connexion à Internet.  21:33:43 -     Impossible
 de contacter le service..  
 
 Error - 26/10/2011 05:41:51 | Computer Name = petitelyly-PC | Source = MCUpdate | ID = 0
 Description = 11:41:51 - Erreur de connexion à Internet.  11:41:51 -     Impossible
 de contacter le service..  
 
 Error - 26/10/2011 05:42:11 | Computer Name = petitelyly-PC | Source = MCUpdate | ID = 0
 Description = 11:41:57 - Erreur de connexion à Internet.  11:41:57 -     Impossible
 de contacter le service..  
 
 [ System Events ]
 Error - 28/10/2012 07:51:17 | Computer Name = petitelyly-PC | Source = Service Control Manager | ID = 7001
 Description = Le service Explorateur d’ordinateurs dépend du service Serveur qui
 n’a pas pu démarrer en raison de l’erreur :   %%1068
 
 Error - 28/10/2012 07:51:17 | Computer Name = petitelyly-PC | Source = Service Control Manager | ID = 7001
 Description = Le service Explorateur d’ordinateurs dépend du service Serveur qui
 n’a pas pu démarrer en raison de l’erreur :   %%1068
 
 Error - 28/10/2012 07:51:17 | Computer Name = petitelyly-PC | Source = Service Control Manager | ID = 7001
 Description = Le service Explorateur d’ordinateurs dépend du service Serveur qui
 n’a pas pu démarrer en raison de l’erreur :   %%1068
 
 Error - 28/10/2012 07:51:19 | Computer Name = petitelyly-PC | Source = Service Control Manager | ID = 7001
 Description = Le service Explorateur d’ordinateurs dépend du service Serveur qui
 n’a pas pu démarrer en raison de l’erreur :   %%1068
 
 Error - 28/10/2012 07:51:19 | Computer Name = petitelyly-PC | Source = Service Control Manager | ID = 7001
 Description = Le service Explorateur d’ordinateurs dépend du service Serveur qui
 n’a pas pu démarrer en raison de l’erreur :   %%1068
 
 Error - 28/10/2012 07:51:19 | Computer Name = petitelyly-PC | Source = Service Control Manager | ID = 7001
 Description = Le service Explorateur d’ordinateurs dépend du service Serveur qui
 n’a pas pu démarrer en raison de l’erreur :   %%1068
 
 Error - 28/10/2012 07:53:25 | Computer Name = petitelyly-PC | Source = Service Control Manager | ID = 7001
 Description = Le service Explorateur d’ordinateurs dépend du service Serveur qui
 n’a pas pu démarrer en raison de l’erreur :   %%1068
 
 Error - 28/10/2012 07:53:25 | Computer Name = petitelyly-PC | Source = Service Control Manager | ID = 7001
 Description = Le service Explorateur d’ordinateurs dépend du service Serveur qui
 n’a pas pu démarrer en raison de l’erreur :   %%1068
 
 Error - 28/10/2012 07:53:25 | Computer Name = petitelyly-PC | Source = Service Control Manager | ID = 7001
 Description = Le service Explorateur d’ordinateurs dépend du service Serveur qui
 n’a pas pu démarrer en raison de l’erreur :   %%1068
 
 Error - 28/10/2012 10:33:57 | Computer Name = petitelyly-PC | Source = Service Control Manager | ID = 7009
 Description = Le dépassement de délai (30000 millisecondes) a été atteint lors de
 l’attente de la connexion du service Service de rapport d’erreurs Windows.
 
 
 < End of report >

Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 28/10/2012 à 19:46:46  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut petitelyly


 Ton premier rapport(otl.txt) n'est pas complet, utilise cjoint comme demandé...


 @++    :)

petitelyly
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 28/10/2012 à 20:10:21  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
(Publicité)
petitelyly
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 28/10/2012 à 20:11:44  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 29/10/2012 à 01:17:58  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut petitelyly


 Double clic sur OTL.exe pour le lancer.
 (Vista/Seven --> Faire un clique droit sur OTL.exe pour lancer le programme et choisi "Exécuter en tant qu'administrateur".

 * Copie la liste qui se trouve en citation ci-dessous, et colle-la dans la zone sous " Personnalisation "

 



:OTL
 IE - HKU\S-1-5-21-517684841-1992110​198-3038868213-1001\..\URLSear​chHook: {8e5025c2-8ea3-430d-80b8-a1415​1068a6d} - No CLSID value found
 O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C​1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found    
 O3 - HKU\S-1-5-21-517684841-1992110​198-3038868213-1001\..\Toolbar​\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D​3229068} - No CLSID value found.    
 O3 - HKU\S-1-5-21-517684841-1992110​198-3038868213-1001\..\Toolbar​\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-00902​7A5CD4F} - No CLSID value found.    
 O3 - HKU\S-1-5-21-517684841-1992110​198-3038868213-1001\..\Toolbar​\WebBrowser: (no name) - {8E5025C2-8EA3-430D-80B8-A1415​1068A6D} - No CLSID value found.
 O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB1​6A1543A} http://pogofr.oberon-media.com [...] v10_fr.cab (PopCapLoader Object)    
 O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA0​05127ED} - No CLSID value found.    
 O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA0​05127ED} - No CLSID value found.    
 [2012/10/28 11:20:23 | 083,023,306 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.p​ad
 [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 [2012/09/19 21:27:38 | 000,000,009 | ---- | M] () -- C:\END    
 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:EF5B3572

 :Commands
 [EMPTYFLASH]
 [Emptytemp]





 * Clique sur " Correction " pour lancer la suppression.

 * Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur Oui.

 * Au redémarrage , autorise OTL a s'exécuter.

 * Poste le rapport généré par OTL.


 @++   :)

petitelyly
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 29/10/2012 à 08:51:51  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 

 Bonjour, je l'es fait hier tout ca j'ai posté le rapport

(Publicité)
petitelyly
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 29/10/2012 à 09:22:27  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Pardon j'avais pas bien lu, c'est fait, voici le rapport
 All processes killed
 ========== OTL ==========
 Registry value HKEY_USERS\S-1-5-21-517684841-​1992110198-3038868213-1001\Sof​tware\Microsoft\Internet Explorer\URLSearchHooks\\{8e50​25c2-8ea3-430d-80b8-a14151068a​6d} deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{8e5025c2-8ea3-430​d-80b8-a14151068a6d}\ not found.
 Registry key HKEY_LOCAL_MACHINE\Software\Mi​crosoft\Windows\CurrentVersion​\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC​74-9C25C1C588A9}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{DBC80044-A445-435​b-BC74-9C25C1C588A9}\ deleted successfully.
 Registry value HKEY_USERS\S-1-5-21-517684841-​1992110198-3038868213-1001\Sof​tware\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{​21FA44EF-376D-4D53-9B0F-8A89D3​229068} deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{21FA44EF-376D-4D5​3-9B0F-8A89D3229068}\ not found.
 Registry value HKEY_USERS\S-1-5-21-517684841-​1992110198-3038868213-1001\Sof​tware\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{​2318C2B1-4965-11D4-9B18-009027​A5CD4F} deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{2318C2B1-4965-11D​4-9B18-009027A5CD4F}\ not found.
 Registry value HKEY_USERS\S-1-5-21-517684841-​1992110198-3038868213-1001\Sof​tware\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{​8E5025C2-8EA3-430D-80B8-A14151​068A6D} deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{8E5025C2-8EA3-430​D-80B8-A14151068A6D}\ not found.
 Starting removal of ActiveX control {DF780F87-FF2B-4DF8-92D0-73DB1​6A1543A}
 C:\Windows\Downloaded Program Files\popcaploader.inf moved successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Code Store Database\Distribution Units\{DF780F87-FF2B-4DF8-92D0​-73DB16A1543A}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{DF780F87-FF2B-4DF​8-92D0-73DB16A1543A}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Active Setup\Installed Components\{DF780F87-FF2B-4DF8​-92D0-73DB16A1543A}\ not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{DF780F87-FF2B-4DF​8-92D0-73DB16A1543A}\ not found.
 Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\ShellServiceObjectDelayLoad\\​WebCheck deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{E6FB5E20-DE35-11C​F-9C87-00AA005127ED}\ not found.
 Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\ShellServiceObjectDelayLoad\\​WebCheck not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{E6FB5E20-DE35-11C​F-9C87-00AA005127ED}\ not found.
 C:\ProgramData\dsgsdgdsgdsgw.p​ad moved successfully.
 C:\Windows\msdownld.tmp folder deleted successfully.
 C:\END moved successfully.
 ADS C:\ProgramData\Temp:EF5B3572 deleted successfully.
 ========== COMMANDS ==========
 
 [EMPTYFLASH]
 
 User: All Users
 
 User: Default
 
 User: Default User
 
 User: Invité
 ->Flash cache emptied: 2851 bytes
 
 User: petitelyly
 ->Flash cache emptied: 2050321 bytes
 
 User: Public
 
 Total Flash Files Cleaned = 2,00 mb
 
 
 [EMPTYTEMP]
 
 User: All Users
 
 User: Default
 ->Temp folder emptied: 0 bytes
 ->Temporary Internet Files folder emptied: 33170 bytes
 
 User: Default User
 ->Temp folder emptied: 0 bytes
 ->Temporary Internet Files folder emptied: 0 bytes
 
 User: Invité
 ->Temp folder emptied: 82188045 bytes
 ->Temporary Internet Files folder emptied: 135149472 bytes
 ->Java cache emptied: 17028955 bytes
 ->Flash cache emptied: 0 bytes
 
 User: petitelyly
 ->Temp folder emptied: 492857858 bytes
 ->Temporary Internet Files folder emptied: 1007316542 bytes
 ->Java cache emptied: 88671755 bytes
 ->Google Chrome cache emptied: 9483355 bytes
 ->Flash cache emptied: 766 bytes
 
 User: Public
 
 %systemdrive% .tmp files removed: 0 bytes
 %systemroot% .tmp files removed: 0 bytes
 %systemroot%\System32 .tmp files removed: 0 bytes
 %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
 %systemroot%\System32\drivers .tmp files removed: 0 bytes
 Windows Temp folder emptied: 335735424 bytes
 %systemroot%\sysnative\config\​systemprofile\AppData\Local\Mi​crosoft\Windows\Temporary Internet Files folder emptied: 85280 bytes
 %systemroot%\sysnative\config\​systemprofile\AppData\LocalLow​\Sun\Java\Deployment folder emptied: 749 bytes
 RecycleBin emptied: 0 bytes
 
 Total Files Cleaned = 2 068,00 mb
 
 
 OTL by OldTimer - Version 3.2.69.0 log created on 10292012_085256

 Files\Folders moved on Reboot...
 C:\Users\petitelyly\AppData\Lo​cal\Temp\FXSAPIDebugLogFile.tx​t moved successfully.
 File\Folder C:\Users\petitelyly\AppData\Lo​cal\Microsoft\Windows\Temporar​y Internet Files\Content.IE5\YB3IKU71\aiC​AD332P2.htm not found!
 File\Folder C:\Users\petitelyly\AppData\Lo​cal\Microsoft\Windows\Temporar​y Internet Files\Content.IE5\YB3IKU71\aiC​ANKLEUK.htm not found!
 C:\Users\petitelyly\AppData\Lo​cal\Microsoft\Windows\Temporar​y Internet Files\Content.IE5\YB3IKU71\mes​sages-1[1].htm moved successfully.
 C:\Users\petitelyly\AppData\Lo​cal\Microsoft\Windows\Temporar​y Internet Files\Content.IE5\XW5JCSBW\lik​ebox[2].htm moved successfully.
 File\Folder C:\Users\petitelyly\AppData\Lo​cal\Microsoft\Windows\Temporar​y Internet Files\Content.IE5\W1K1N7R9\aiC​A12SIJK.htm not found!
 File\Folder C:\Users\petitelyly\AppData\Lo​cal\Microsoft\Windows\Temporar​y Internet Files\Content.IE5\PRVRRSVP\ope​nx[11].htm not found!
 File\Folder C:\Users\petitelyly\AppData\Lo​cal\Microsoft\Windows\Temporar​y Internet Files\Content.IE5\K46Y369L\sh1​02[2].html not found!
 File\Folder C:\Users\petitelyly\AppData\Lo​cal\Microsoft\Windows\Temporar​y Internet Files\Content.IE5\BTKH814M\xd_​arbiter[1].htm not found!
 File\Folder C:\Users\petitelyly\AppData\Lo​cal\Microsoft\Windows\Temporar​y Internet Files\Content.IE5\4R67Z3O3\xd_​arbiter[1].htm not found!
 File\Folder C:\Users\petitelyly\AppData\Lo​cal\Microsoft\Windows\Temporar​y Internet Files\Content.IE5\35VPHP1G\12[1].htm not found!
 C:\Users\petitelyly\AppData\Lo​cal\Microsoft\Windows\Temporar​y Internet Files\Content.IE5\35VPHP1G\can​dycrush[1].htm moved successfully.
 C:\Users\petitelyly\AppData\Lo​cal\Microsoft\Windows\Temporar​y Internet Files\AntiPhishing\2CEDBFBC-DB​A8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

 PendingFileRenameOperations files...

 Registry entries deleted on Reboot...

Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 29/10/2012 à 15:12:09  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut petitelyly


 Cela est bon, as-tu d'autre souci?


 @++    :)

petitelyly
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 29/10/2012 à 19:03:56  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 

 pour ca c'est nickel! je met un antivirus ou pas?
 sinon oui quand j'allume mon ordi j'ai un message d'acrobat reader qui s'ouvre a chaque fois, c'est enervant

Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 29/10/2012 à 21:07:12  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut petitelyly


 



je met un antivirus ou pas?



 Oui cela est mieux, tu avais quoi avant?


 



j'ai un message d'acrobat reader qui s'ouvre a chaque fois, c'est enervant



 Quel message, si pour une mise à jour tu le fais...


 @++   :)

petitelyly
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 29/10/2012 à 21:14:12  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 

 je n'es pas d'antivirus!
 le message je sais plus je vais voir

Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 29/10/2012 à 21:32:49  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut petitelyly


 



je n'es pas d'antivirus!



 Voir avec Antivir  http://personal.avira-update.c [...] rus_fr.exe


 @++    :)

petitelyly
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 29/03/2013 à 10:55:07  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonjour dédétraqué! peux tu m'aider? le virus est revenu mais par contre je ne peux passer que par la session invité et donc je n'arrive pas a démarrer malwarbytes ou autre logiciel car ce n'es pas la session administrateur, comment je peux faire stp????  :hurle:

Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 29/03/2013 à 13:36:04  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut petitelyly


 Voir a faire un scan avec OTL comme mentionné plus haut et poste les rapports via cjoint cette fois.


 @++   :)

petitelyly
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 29/03/2013 à 14:54:20  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
j'ai fais une analyse complete avec malwarebytes

petitelyly
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 29/03/2013 à 15:03:47  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Malwarebytes Anti-Malware 1.70.0.1100
 www.malwarebytes.org

 Version de la base de données: v2013.03.29.01

 Windows 7 Service Pack 1 x64 NTFS
 Internet Explorer 8.0.7601.17514
 petitelyly :: PETITELYLY-PC [administrateur]

 29/03/2013 12:48:45
 mbam-log-2013-03-29 (12-48-45).txt

 Type d'examen: Examen complet (C:\|D:\|E:\|)
 Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
 Options d'examen désactivées: P2P
 Elément(s) analysé(s): 469367
 Temps écoulé: 1 heure(s), 59 minute(s), 3 seconde(s)

 Processus mémoire détecté(s): 0
 (Aucun élément nuisible détecté)

 Module(s) mémoire détecté(s): 0
 (Aucun élément nuisible détecté)

 Clé(s) du Registre détectée(s): 3
 HKLM\SOFTWARE\Boxore (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès.
 HKLM\SOFTWARE\TUTO4PC (PUP.Tuto4PC) -> Mis en quarantaine et supprimé avec succès.
 HKLM\SOFTWARE\TUTO4PC (Trojan.EORezo) -> Mis en quarantaine et supprimé avec succès.

 Valeur(s) du Registre détectée(s): 0
 (Aucun élément nuisible détecté)

 Elément(s) de données du Registre détecté(s): 0
 (Aucun élément nuisible détecté)

 Dossier(s) détecté(s): 0
 (Aucun élément nuisible détecté)

 Fichier(s) détecté(s): 13
 C:\$Recycle.Bin\S-1-5-18\$756f​576d8d8769a6ebdf61766b6acc32\n (Trojan.0Access) -> Suppression au redémarrage.
 C:\$Recycle.Bin\S-1-5-18\$756f​576d8d8769a6ebdf61766b6acc32\U​\00000004.@ (Trojan.0Access) -> Mis en quarantaine et supprimé avec succès.
 C:\$Recycle.Bin\S-1-5-18\$756f​576d8d8769a6ebdf61766b6acc32\U​\00000008.@ (Trojan.0Access) -> Mis en quarantaine et supprimé avec succès.
 C:\$Recycle.Bin\S-1-5-18\$756f​576d8d8769a6ebdf61766b6acc32\U​\000000cb.@ (Trojan.0Access) -> Mis en quarantaine et supprimé avec succès.
 C:\$Recycle.Bin\S-1-5-18\$756f​576d8d8769a6ebdf61766b6acc32\U​\80000000.@ (Trojan.0Access) -> Mis en quarantaine et supprimé avec succès.
 C:\$Recycle.Bin\S-1-5-18\$756f​576d8d8769a6ebdf61766b6acc32\U​\80000032.@ (Trojan.0Access) -> Mis en quarantaine et supprimé avec succès.
 C:\$Recycle.Bin\S-1-5-18\$756f​576d8d8769a6ebdf61766b6acc32\U​\80000064.@ (Trojan.0Access) -> Mis en quarantaine et supprimé avec succès.
 C:\$Recycle.Bin\S-1-5-21-51768​4841-1992110198-3038868213-100​1\$756f576d8d8769a6ebdf61766b6​acc32\n (Trojan.0Access) -> Suppression au redémarrage.
 C:\Users\petitelyly\AppData\Lo​cal\Temp\BoxoreInstaller.exe (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès.
 C:\Users\petitelyly\AppData\Lo​cal\Temp\pricepeep.exe (Adware.Shopper) -> Mis en quarantaine et supprimé avec succès.
 C:\Users\petitelyly\AppData\Lo​cal\Temp\{35851868-4FD2-4790-A​57B-07F0EE663A9E}\Addons\brows​er_addon_setup.exe (Adware.MultiPlug) -> Mis en quarantaine et supprimé avec succès.
 C:\Users\petitelyly\AppData\Lo​calLow\Sun\Java\Deployment\cac​he\6.0\32\75d89e20-630b9aba (Trojan.Zaccess.PE) -> Mis en quarantaine et supprimé avec succès.
 C:\Users\petitelyly\AppData\Ro​aming\id.cff (Trojan.Agent) -> Mis en quarantaine et supprimé avec succès.

 (fin)

Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 29/03/2013 à 15:24:40  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut petitelyly


 OK fais le scan OTL sur ta session et poste les rapports via cjoint.


 @++    :)

 Page :
1

Aller à :
 

Sujets relatifs
Virus Ukash - gendarmerie nationale [résolu] Invasion virus, plus de connection internet! (RESOLU)
virus porn.exe et sexy.exe virus ou autre ? malgrès le blocage trafic internet continue
Virus Michael Jackson  
Plus de sujets relatifs à : virus ukash

Les 5 sujets de discussion précédents Nombre de réponses Dernier message
comprendre mon rapport hijackthis 4
claro-search me gène vraiment! Comment s'en débarrasser??? 1
Désinstaller la barre FLV RESOLU 18
Comment supprimer snap.do 7
[résolu] PC lent comme une tortue 18