Seite 1 von 2 12 LetzteLetzte
Ergebnis 1 bis 10 von 11

Thema: Microsoft Internet Explorer funktioniert nicht

  1. #1
    Einsteiger
    Registriert seit
    19.08.2012
    Beiträge
    18

    Microsoft Internet Explorer funktioniert nicht

    Hallo,

    bei dem vorliegenden PC fubktioniert der Internet Explorer nicht. Hier wird zwar Mozilla benutzt, aber ich würde hier gerne mal einen Online-Virenscan durchführen, was bei mir nicht mal bei Fsecure über Mozilla funktioniert. Ausserdem finde ich es seltsam: Wenn ich den IE löschen will, hängt sich irgendwann das ganze System auf, schwarzer Bildschirm und Sanduhr sind zu sehen. Gleiches passiert, wenn ich IE 8 einfach neu installieren will. Auch komisch: Ich kann nicht mal auf die Internetoptionen zugreifen. Wenn ich draufklicke, öffnet sich das entsprechende Fenster nur für den Bruchteil einer Sekunde. Kann mir jemand sagen, was los ist?

    Code:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 20:51:15, on 19/08/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
    C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\OrangeStats.exe
    C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\HSSModule.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Programmes pour le PC\Update checker\FileHippo.com\UpdateChecker.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Real\RealPlayer\Update\realsched.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://r.orange.fr/r/Ohome_accueil?ref=O_toolbar32_hook_defaultPage
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:27811
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {AEEC3B59-CA98-4EBA-A140-57B94E283583} - (no file)
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\Connexion Internet Orange\SearchURLHook\SearchPageURL.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
    O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O3 - Toolbar: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - (no file)
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [Start_Statistics] C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\OrangeStats.exe
    O4 - HKLM\..\Run: [Start_SMSNotifier] C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\SmsNotifier.exe
    O4 - HKLM\..\Run: [Start_HSSModule] C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\HSSModule.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe"  -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [FileHippo.com] "C:\Programmes pour le PC\Update checker\FileHippo.com\UpdateChecker.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-21-606747145-1682526488-839522115-501\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Invité')
    O4 - HKUS\S-1-5-21-606747145-1682526488-839522115-501\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx (User 'Invité')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - S-1-5-21-606747145-1682526488-839522115-501 Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe (User 'Invité')
    O4 - S-1-5-21-606747145-1682526488-839522115-501 User Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe (User 'Invité')
    O4 - Startup: Barre d'Outils Olitec.lnk = C:\OLIFAXVX\TOOLBAR.EXE
    O4 - Startup: Moniteur Fax-Voix.lnk = C:\OLIFAXVX\MONITEUR.EXE
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
    O8 - Extra context menu item: &Envoyer à OneNote - res://C:\PROGRA~1\MI1933~1\Office14\ONBttnIE.dll/105
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: ajouter cette page à vos favoris Orange - C:\DOCUME~1\Vincent\LOCALS~1\Temp\cce40.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?faf8de032e55463b9014127d42c39933
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?faf8de032e55463b9014127d42c39933
    O8 - Extra context menu item: traduire la page - C:\DOCUME~1\Vincent\LOCALS~1\Temp\cce3E.html
    O8 - Extra context menu item: traduire le texte sélectionné - C:\DOCUME~1\Vincent\LOCALS~1\Temp\cce3F.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
    O15 - Trusted Zone: http://*.mappy.com
    O15 - Trusted Zone: http://*.orange.fr
    O15 - Trusted Zone: http://rw.search.ke.voila.fr
    O15 - Trusted Zone: http://orange.weborama.fr
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A71C3778-88E0-4270-A926-2629FA2CED92}: NameServer = 80.10.246.1,81.253.149.10
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - Unknown owner - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Service Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
    O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
    O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
    
    --
    End of file - 15059 bytes

  2. #2
    Moderator (global) Team-Mitglied Avatar von kira
    Registriert seit
    28.03.2006
    Ort
    Wien/Sprachen: Deutsch-Ungarisch
    Beiträge
    29.692

    AW: Microsoft Internet Explorer funktioniert nicht

    Herzlich Willkommen hier bei uns am HijackThis Supportboard!

    **Bevor du mit Teil 1. der Aufgabe beginnst: HIER KLICKEN UND SORGFÄLTIG DURCHLESEN!** und ich bitte um kurze Bestätigung, dass du dies gelesen und akzeptiert hast!
    Ein System zu bereinigen kann ein paar Tage dauern (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
    ► Unrechtmäßig erworbene Software (durch Keygen, Crack, Keymaker) wird hier nicht geduldet, in diesem Fall wird der Support eingestellt.!
    ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
    Bitte lese Dir zuerst in Ruhe die Anweisungen durch und Du sollst dabei die Reihenfolge einhalten! Ansonsten verlangsamt unsere Arbeit, wenn wir immer wieder noch an Kleinigkeiten nachschlagen müssen und dadurch eventuell die Übersicht verloren geht...


    Zitat Zitat von Fortinbras Beitrag anzeigen
    ... Wenn ich den IE löschen will, ...
    sollst nie versuchen, da der Internet Explorer von Microsoft gehört zur Grundausstattung unter Windows, somit ist eine endgültige Löschung nicht möglich!

    ► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
    **Vista und Win7 Verwender: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen

    1.
    Verwendst Du ProxyServer? wenn nicht, nimm die Proxyeinstellungen aus den Interneteinstellungen raus:
    im Internet Explorer:
    Extras => Internetoptionen => Verbindungen => Lan-Einstellungen
    Haken bei Proxyserver für LAN verwenden und Proxyserver für lokale Adressen umgehen entfernen.
    Code:
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:27811
    2.
    Hast Du zur Zone Vertrauenswürdige Sites absichtlich hinzugefügt?:
    Code:
    O15 - Trusted Zone: http://*.mappy.com
    O15 - Trusted Zone: http://*.orange.fr
    O15 - Trusted Zone: http://rw.search.ke.voila.fr
    O15 - Trusted Zone: http://orange.weborama.fr
    wenn nicht: -> Sicherheitszonen: Hinzufügen oder Entfernen von Websites.

    3.
    Wenn Du nicht absichtlich installiert hast, da oft mit andere Programm wird mitinstalliert bzw angeboten (vermutlich über Adobe oder Flash Player auf dem Rechner gelandet!), deinstalliere:
    Code:
    McAfee Security Scan Plus
    vermutlich über Adobe (Flash Player) auf dem rechner gelandet!
    obwohl selbst die Programmierer/hersteller ein sehr gute Ruf hat, durch dieses "Helferprinzip" wird dein PC nicht noch mehr geschützt, aber beeinträchtigt die Systemleistung
    Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
    Während des Installationsvorgangs lies die Lizenzbestimmungen durch und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert.


    4.
    Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis mit Rechtsklick als Administrator starten-> `Do a system scan only`--> Einträge auswählen-> Häckhen setzen-> "Fix checked"klicken->PC neu aufstarten) - fixe NUR Die von mir angegebenen Einträge!:
    HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen
    Code:
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://r.orange.fr/r/Ohome_accueil?ref=O_toolbar32_hook_defaultPage
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {AEEC3B59-CA98-4EBA-A140-57B94E283583} - (no file)
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\Connexion Internet Orange\SearchURLHook\SearchPageURL.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
    O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
    O3 - Toolbar: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - (no file)
    5.
    Das Program installieren und ausführen:
    Anleitung:-> Bereinigung mit Malwarebytes' Anti-Malware (Vollständiger Suchlauf)

    6.
    Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
    • Download den CCleaner
    • Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
    • starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
    • ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)


    7.
    poste erneut - nach der vorgenommenen Reinigungsaktion:
    TrendMicro™ HijackThis™ -Logfile - Keine offenen Fenster, solang bis HijackThis läuft!!
    ► Rechtsklick auf HijackThis-> "Als administrator ausführen" wählen...(Wista und WIN 7)

    8.
    Systemscan mit OTL

    Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
    • Doppelklick auf die OTL.exe
    • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
    • Mache Häkchen bei LOP- und Purity-Prüfung.
    • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
    • Unter Extra Registry, wähle bitte Use SafeList
    • Klicke nun auf Run Scan links oben
    • Wenn der Scan beendet wurde werden 2 Logfiles erstellt OTL.txt und extra.txt
    • Poste die Logfiles in Code-Tags hier in den Thread.


    ► damit ich weiß, welche Änderungen Du vorgenommen hast:
    Code:
     Berichte mir kurz über alle Umsetzungsschritte (zu jedem Punkt), die Du erledigt hast!
    Bitte alle Ergebnisse im Code-Tags posten!

    vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
    hier kommt dein Logfile rein
    dahinter - also am Ende der Logdatei:[/code]

    Wie es geht:-> Logfiles in Code-Tags setzen
    gruß
    kira
    Warnung!:
    Vorsicht bei Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einem Verschlüsselungs-Trojaner infiziert sein!
    Anhang nicht öffnen, in unserem Forum erst nachfragen!

    Bitte diese Warnung weitergeben, wo Du nur kannst!
    Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
    Bitte diese Warnung weitergeben, wo Du nur kannst!

  3. #3
    Einsteiger
    Registriert seit
    19.08.2012
    Beiträge
    18

    AW: Microsoft Internet Explorer funktioniert nicht

    Hallo und danke schonmal,

    Ich habe die Hinweise gelesen und akzeptiere sie.
    1 und 2: Leider kann ich wegen des eingangs beschriebenen Problems nicht auf die Internetoptionen zugreifen.
    3. McAfee ist nun deinstalliert.
    4. Habe das angegebene gefixt.
    5. Malwarebytes brachte folgendes Ergebnis

    Code:
    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org
    
    Datenbank Version: v2012.08.20.04
    
    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Vincent :: FABAS [Administrator]
    
    20/08/2012 10:45:14
    mbam-log-2012-08-20 (10-45-14).txt
    
    Art des Suchlaufs: Vollständiger Suchlauf
    Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
    Deaktivierte Suchlaufeinstellungen: P2P
    Durchsuchte Objekte: 365270
    Laufzeit: 4 Stunde(n), 35 Minute(n), 47 Sekunde(n)
    
    Infizierte Speicherprozesse: 0
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Speichermodule: 0
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Registrierungsschlüssel: 9
    HKCR\Typelib\{8B8DF25F-2C47-4473-8E1C-7F54AC7EF481} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{18CB1A7B-94CD-4582-8022-ADA16851E44B} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    HKCR\vrmdtneg.brvf (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    HKCR\vrmdtneg.ToolBar.1 (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    HKCU\SOFTWARE\ADSL Software Ltd (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    HKCU\SOFTWARE\Antivirus 2008 PRO (Rogue.AntiVirus2008) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    HKCU\SOFTWARE\Antivirus2008y (Rogue.AntiVirus2008) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    HKCU\Software\mksybupgw (Trojan.FakeAlert.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    HKLM\SOFTWARE\Antivirus2008y (Rogue.AntiVirus2008) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    
    Infizierte Registrierungswerte: 1
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Daten: http=127.0.0.1:27811 -> Erfolgreich gelöscht und in Quarantäne gestellt.
    
    Infizierte Dateiobjekte der Registrierung: 1
    HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.
    
    Infizierte Verzeichnisse: 9
    C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\BASE (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\DELETED (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\SAVED (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\Documents and Settings\Vincent\Application Data\Antivirus2008y (Rogue.AntiVirus2008) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\Documents and Settings\Vincent\Menu Démarrer\Programmes\Antivirus 2008 PRO (Rogue.AntiVirus2008) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\Documents and Settings\Vincent\Menu Démarrer\Antivirus2008y (Rogue.AntiVirus2008) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    
    Infizierte Dateien: 19
    C:\Documents and Settings\Vincent\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus-2008pro.lnk (Rogue.AntiVirus2008) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080620132554875.log (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080620194839078.log (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080624110705031.log (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080625085454000.log (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080626112757937.log (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080626232338750.log (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080627102519781.log (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080630141351062.log (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080704112602765.log (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080705182147312.log (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080708161735343.log (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080709111108015.log (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080710123937765.log (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\LOG\20080711144051236.log (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\Documents and Settings\Vincent\Application Data\Antivirus2008y\antvrs.exe (Rogue.AntiVirus2008) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\Documents and Settings\Vincent\Menu Démarrer\Programmes\Antivirus 2008 PRO\antivirus-2008pro.lnk (Rogue.AntiVirus2008) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\Documents and Settings\Vincent\Menu Démarrer\Antivirus2008y\Antivirus 2008.lnk (Rogue.AntiVirus2008) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    C:\Documents and Settings\Vincent\Menu Démarrer\Antivirus2008y\Uninstall Antivirus 2008.lnk (Rogue.AntiVirus2008) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    
    (Ende)
    6. Hier die installierten Programme:
    Code:
    Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	14/08/2012		11.3.300.271
    Adobe Flash Player 9 ActiveX	Adobe Systems	20/08/2012		9
    Adobe InDesign CS	Adobe Systems Incorporated	01/07/2008		CS
    Adobe Photoshop 5.0	Adobe Systems, Inc.	10/04/2009		5.0
    Adobe Reader X (10.1.3) - Français	Adobe Systems Incorporated	13/05/2012	120,00 Mo	10.1.3
    Adobe Reader X (10.1.4)	Adobe Systems Incorporated	15/08/2012	117,00 Mo	10.1.4
    Adobe® Photoshop® Album Edition Découverte 3.2	http://www.adobe.fr	06/07/2007		3.2.0
    Apple Application Support	Apple Inc.	18/08/2012	62,73 Mo	2.1.9
    Apple Mobile Device Support	Apple Inc.	18/08/2012	24,43 Mo	5.2.0.6
    Apple Software Update	Apple Inc.	18/08/2012	2,38 Mo	2.1.3.127
    Assistant de connexion Windows Live	Microsoft Corporation	05/03/2009	1,93 Mo	5.000.818.6
    avast! Free Antivirus	AVAST Software	15/08/2012		7.0.1456.0
    Bonjour	Apple Inc.	18/08/2012	0,92 Mo	3.0.0.10
    CampBrain 5.3 Trial Version	BrainRunner Inc.	02/08/2012	77,47 Mo	5.3.105
    Canon MP Navigator EX 1.0		14/04/2008		
    Canon MP250 series MP Drivers		17/03/2010		
    Canon My Printer		14/04/2008		
    Canon Utilities Easy-PhotoPrint EX		14/04/2008		
    Canon Utilities Solution Menu		14/04/2008		
    CCleaner	Piriform	24/07/2012		3.21
    Cegid Business Line	Cegid Group	02/04/2010	29,52 Mo	9.0.0.463
    Cegid Business Line Documentation	Cegid Group	02/04/2010	20,50 Mo	9.0.0.463
    Cegid Business Line fichier de connexion	Cegid Group	02/04/2010	0,44 Mo	9.0.0.463
    Cegid Business Line Premium	Cegid Group	02/04/2010	11,48 Mo	9.0.0.463
    Cegid Business Line Structure de référence	Cegid Group	02/04/2010	18,40 Mo	9.0.0.463
    Cegid Expert Run Time CBP	Cegid Group	02/04/2010	27,66 Mo	7.2.14.335
    CopyTrans Suite désinstallation uniquement	WindSolutions	20/08/2012		2.14
    FileHippo.com Update Checker		07/08/2012		
    Google Desktop	Google	13/07/2007		-
    Google SketchUp 8	Google, Inc.	31/12/2011	77,53 Mo	3.0.11758
    Google Earth	Google	18/08/2012	108,00 Mo	6.2.2.6613
    HiJackThis	Trend Micro	19/08/2012	0,36 Mo	1.0.0
    Installation Windows Live	Microsoft Corporation	19/02/2011		14.0.8117.0416
    IrfanView (remove only)		21/03/2008		
    iTunes	Apple Inc.	18/08/2012	183,00 Mo	10.6.3.25
    Java 7 Update 6	Oracle	15/08/2012	130,00 Mo	7.0.60
    Java(TM) 6 Update 3	Sun Microsystems, Inc.	17/10/2007	111,00 Mo	1.6.0.30
    Malwarebytes Anti-Malware Version 1.61.0.1400	Malwarebytes Corporation	20/08/2012		1.61.0.1400
    Microsoft .NET Framework 2.0 Service Pack 2	Microsoft Corporation	13/06/2012	183,00 Mo	2.2.30729
    Microsoft .NET Framework 3.0 Service Pack 2	Microsoft Corporation	11/05/2012	239,00 Mo	3.2.30729
    Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	11/05/2012		
    Microsoft Compression Client Pack 1.0 for Windows XP	Microsoft Corporation	18/08/2012		1
    Microsoft Office File Validation Add-In	Microsoft Corporation	14/09/2011	7,92 Mo	14.0.5130.5003
    Microsoft Office Professional Edition 2003	Microsoft Corporation	11/05/2012	830,00 Mo	11.0.8173.0
    Microsoft Silverlight	Microsoft Corporation	13/05/2012	261,00 Mo	5.1.10411.0
    Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	06/11/2009	1,74 Mo	3.1.0000
    Microsoft Sync Framework Runtime Native v1.0 (x86)	Microsoft Corporation	19/02/2011	2,29 Mo	1.0.1215.0
    Microsoft Sync Framework Services Native v1.0 (x86)	Microsoft Corporation	19/02/2011	1,45 Mo	1.0.1215.0
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411	Microsoft Corporation	07/08/2012	11,10 Mo	9.0.30411
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	30/08/2011	10,19 Mo	9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	31/08/2011	10,20 Mo	9.0.30729.6161
    Mozilla Firefox 14.0.1 (x86 fr)	Mozilla	18/08/2012		14.0.1
    Mozilla Maintenance Service	Mozilla	20/07/2012		14.0.1
    MSN		02/07/2007		
    MSXML 4.0 SP2 (KB936181)	Microsoft Corporation	01/11/2007	2,62 Mo	4.20.9848.0
    MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	13/11/2008	2,67 Mo	4.20.9870.0
    MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	25/11/2009	2,77 Mo	4.20.9876.0
    Notification Mail	Orange	03/07/2010		
    OpenOffice.org 3.4	OpenOffice.org	07/08/2012	303,00 Mo	3.4.9590
    Orange - Logiciels Internet		28/01/2011		
    Orange Clé 3G+	Orange	23/03/2012	13,69 Mo	2.1.6
    Outil de mise à jour Google	Google Inc.	15/09/2011		2.4.2432.1652
    Outil de téléchargement Windows Live	Microsoft Corporation	06/11/2009	0,22 Mo	14.0.8014.1029
    Picasa 3	Google, Inc.	18/08/2012		3.8
    PIXMA Extended Survey Program		14/04/2008		
    QuickTime	Apple Inc.	19/08/2012	73,28 Mo	7.72.80.56
    RealPlayer	RealNetworks	19/08/2012		15.0.6
    Realtek AC'97 Audio	Realtek Semiconductor Corp.	25/06/2007		5.29
    Revo Uninstaller 1.94	VS Revo Group	18/08/2012		1.94
    ScanSoft OmniPage SE 4	Nuance Communications, Inc.	14/04/2008	166,00 Mo	15.2.0020
    Skype Click to Call	Skype Technologies S.A.	26/10/2011	19,59 Mo	5.6.8442
    Skype™ 5.10	Skype Technologies S.A.	18/08/2012	19,45 Mo	5.10.116
    VIA Platform Device Manager	VIA Technologies, Inc.	26/06/2007		1.21
    VIA/S3G Display Driver 6.14.10.0297		26/06/2007		
    VLC media player 2.0.3	VideoLAN	19/08/2012		2.0.3
    VSO CopyToDVD 4	VSO Software	15/08/2007		4.0.4
    Windows Internet Explorer 8	Microsoft Corporation	15/08/2012		20090308.140743
    Windows Live FolderShare	Microsoft Corporation	19/02/2011	2,80 Mo	14.0.8117.416
    Windows Media Format 11 runtime		18/08/2012		
    Windows Media Player 11		18/08/2012		
    WinRAR 4.20 (32-bit)	win.rar GmbH	15/08/2012		4.20.0
    7. Neues HJT Logfile:

    Code:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 16:38:57, on 20/08/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
    C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\OrangeStats.exe
    C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\SmsNotifier.exe
    C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\HSSModule.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Real\RealPlayer\update\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Programmes pour le PC\Update checker\FileHippo.com\UpdateChecker.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - (no file)
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [Start_Statistics] C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\OrangeStats.exe
    O4 - HKLM\..\Run: [Start_SMSNotifier] C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\SmsNotifier.exe
    O4 - HKLM\..\Run: [Start_HSSModule] C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\HSSModule.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe"  -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [FileHippo.com] "C:\Programmes pour le PC\Update checker\FileHippo.com\UpdateChecker.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Barre d'Outils Olitec.lnk = C:\OLIFAXVX\TOOLBAR.EXE
    O4 - Startup: Moniteur Fax-Voix.lnk = C:\OLIFAXVX\MONITEUR.EXE
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: &Envoyer à OneNote - res://C:\PROGRA~1\MI1933~1\Office14\ONBttnIE.dll/105
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: ajouter cette page à vos favoris Orange - C:\DOCUME~1\Vincent\LOCALS~1\Temp\cce40.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?faf8de032e55463b9014127d42c39933
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?faf8de032e55463b9014127d42c39933
    O8 - Extra context menu item: traduire la page - C:\DOCUME~1\Vincent\LOCALS~1\Temp\cce3E.html
    O8 - Extra context menu item: traduire le texte sélectionné - C:\DOCUME~1\Vincent\LOCALS~1\Temp\cce3F.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
    O15 - Trusted Zone: http://*.mappy.com
    O15 - Trusted Zone: http://*.orange.fr
    O15 - Trusted Zone: http://rw.search.ke.voila.fr
    O15 - Trusted Zone: http://orange.weborama.fr
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A71C3778-88E0-4270-A926-2629FA2CED92}: NameServer = 80.10.246.1,81.253.149.10
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - Unknown owner - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Service Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
    O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
    O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
    
    --
    End of file - 13007 bytes
    8. OTL.Txt
    Code:
    OTL logfile created on: 20/08/2012 16:12:28 - Run 2
    OTL by OldTimer - Version 3.2.58.1     Folder = C:\Documents and Settings\Vincent\Bureau
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
     
    958,42 Mb Total Physical Memory | 517,30 Mb Available Physical Memory | 53,97% Memory free
    2,26 Gb Paging File | 1,92 Gb Available in Paging File | 85,21% Paging File free
    Paging file location(s): c:\pagefile.sys 1440 2880 [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 465,76 Gb Total Space | 372,02 Gb Free Space | 79,87% Space Free | Partition Type: NTFS
    Drive E: | 15,10 Gb Total Space | 8,99 Gb Free Space | 59,54% Space Free | Partition Type: FAT32
     
    Computer Name: FABAS | User Name: Vincent | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - C:\Documents and Settings\Vincent\Bureau\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
    PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
    PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    PRC - C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    PRC - C:\Programmes pour le PC\Update checker\FileHippo.com\UpdateChecker.exe (FileHippo.com)
    PRC - C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\OrangeStats.exe ()
    PRC - C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\HSSModule.exe ()
    PRC - C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\SmsNotifier.exe ()
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (France Telecom SA)
    PRC - C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
    PRC - C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe (Nuance Communications, Inc.)
    PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
    PRC - C:\WINDOWS\system32\VTTrayp.exe (S3 Graphics Co., Ltd.)
    PRC - C:\WINDOWS\system32\VTTimer.exe (S3 Graphics, Inc.)
     
     
    ========== Modules (No Company Name) ==========
     
    MOD - C:\Program Files\AVAST Software\Avast\defs\12082000\algo.dll ()
    MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\359fd69eb60e9844ffd497e92345178c\Microsoft.VisualBasic.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll ()
    MOD - C:\Program Files\Fichiers communs\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files\Fichiers communs\Apple\Apple Application Support\libxml2.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
    MOD - C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\OrangeStats.exe ()
    MOD - C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\HSSModule.exe ()
    MOD - C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\SmsNotifier.exe ()
    MOD - C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\ProxyDetection.dll ()
     
     
    ========== Win32 Services (SafeList) ==========
     
    SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
    SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
    SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    SRV - (Apple Mobile Device) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
    SRV - (FTRTSVC) -- C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (France Telecom SA)
    SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV - (WDICA) --  File not found
    DRV - (SetupNTGLM7X) -- D:\NTGLM7X.sys File not found
    DRV - (PDRFRAME) --  File not found
    DRV - (PDRELI) --  File not found
    DRV - (PDFRAME) --  File not found
    DRV - (PDCOMP) --  File not found
    DRV - (PCIDump) --  File not found
    DRV - (oirijshr795b6c63) -- C:\WINDOWS\system32\oirijshr795b6c63.sys File not found
    DRV - (oirijshr77d94031) -- C:\WINDOWS\system32\oirijshr77d94031.sys File not found
    DRV - (NTACCESS) -- D:\NTACCESS.sys File not found
    DRV - (MSICPL) -- D:\install4\MSICPL.sys File not found
    DRV - (lbrtfdc) --  File not found
    DRV - (i2omgmt) --  File not found
    DRV - (GMSIPCI) -- D:\INSTALL\GMSIPCI.SYS File not found
    DRV - (FETNDIS) -- system32\DRIVERS\fetnd5.sys File not found
    DRV - (Changer) --  File not found
    DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
    DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
    DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
    DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
    DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
    DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
    DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
    DRV - (ewusbnet) -- C:\WINDOWS\system32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
    DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
    DRV - (ew_hwusbdev) -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
    DRV - (ew_usbenumfilter) -- C:\WINDOWS\system32\drivers\ew_usbenumfilter.sys (Huawei Technologies Co., Ltd.)
    DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
    DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
    DRV - (PCANDIS5) -- C:\WINDOWS\system32\pcandis5.sys (Printing Communications Assoc., Inc. (PCAUSA))
    DRV - (xfilt) -- C:\WINDOWS\system32\drivers\xfilt.sys (VIA Technologies,Inc)
    DRV - (videX32) -- C:\WINDOWS\system32\drivers\videX32.sys (VIA Technologies, Inc.)
    DRV - (PCAMPR5) -- C:\WINDOWS\system32\pcampr5.sys (Printing Communications Assoc., Inc. (PCAUSA))
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
     
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGIC_fr
    IE - HKCU\..\SearchScopes\{814C76CB-2623-43F4-AAD0-58A0E5190A20}: "URL" = http://r.orange.fr/r?ref=O_toolbar32_hook_openSearchIE&url=http%3A//rw.search.ke.voila.fr/RW/S/toolbar31_ie7?rdata={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
     
    ========== FireFox ==========
     
    FF - prefs.js..browser.search.defaultenginename: "Google"
    FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.google.fr"
    FF - prefs.js..extensions.enabledItems: {3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}:0.9.6
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
    FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:3.0.3
    FF - prefs.js..extensions.enabledItems: toolbar@alot.com:2.4.5000
    FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280
    FF - prefs.js..keyword.URL: "http://r.orange.fr/r?ref=O_toolbar32_hook_syntaxError&url=http%3A//rws.search.ke.voila.fr/RW/A/O_toolbar31?errorigin=noturl&kw="
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found
     
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Documents and Settings\Vincent\Mes documents\Picasa2\npPicasa2.dll File not found
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Documents and Settings\Vincent\Mes documents\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
     
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/10/15 15:41:25 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/08/15 16:59:26 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/19 20:36:26 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/19 20:40:54 | 000,000,000 | ---D | M]
     
    [2008/08/31 20:36:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vincent\Application Data\Mozilla\Extensions
    [2012/05/21 10:29:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\a7iuqv3o.default\extensions
    [2007/12/07 12:55:10 | 000,000,000 | ---D | M] (Metal Lion - Vista) -- C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\a7iuqv3o.default\extensions\{1AF3FC34-0725-4485-A939-6B40EB7CA96A}
    [2011/06/09 15:05:36 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\a7iuqv3o.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2009/02/06 21:07:39 | 000,000,000 | ---D | M] (Forecastbar Enhanced) -- C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\a7iuqv3o.default\extensions\{3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}
    [2012/05/21 10:29:43 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\a7iuqv3o.default\extensions\en-US@dictionaries.addons.mozilla.org
    [2009/02/04 15:19:03 | 000,000,000 | ---D | M] (Dictionnaire HunSpell en Français (réforme 1990)) -- C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\a7iuqv3o.default\extensions\fr@dictionaries.addons.mozilla.org
    [2009/02/04 15:19:03 | 000,000,000 | ---D | M] (Dictionnaire HunSpell en Français) -- C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\a7iuqv3o.default\extensions\fr-FR@dictionaries.addons.mozilla.org
    [2012/04/18 16:39:52 | 000,000,000 | ---D | M] (ALOT Toolbar) -- C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\a7iuqv3o.default\extensions\toolbar@alot.com
    [2010/01/10 12:29:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\suite.User0\extensions
    [2010/07/03 17:59:47 | 000,001,137 | ---- | M] () -- C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\a7iuqv3o.default\searchplugins\orange.xml
    [2011/11/11 12:59:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/10/26 23:27:59 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012/07/19 12:02:46 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/08/19 20:23:13 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
    [2012/02/20 10:35:35 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
    [2012/02/20 10:35:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/02/20 10:35:35 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
    [2012/02/20 10:35:35 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
    [2010/01/17 15:48:01 | 000,000,748 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MediaDICO-fr.xml
    [2012/02/20 10:35:35 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
    [2012/02/20 10:35:35 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml
     
    ========== Chrome  ==========
     
    CHR - homepage: http://www.google.com
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com
    CHR - Extension: Skype Click to Call = C:\Documents and Settings\Vincent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
     
    O1 HOSTS File: ([2008/02/03 16:23:14 | 000,224,387 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1       localhost
    O1 - Hosts: 127.0.0.1	007guard.com
    O1 - Hosts: 127.0.0.1	www.007guard.com
    O1 - Hosts: 127.0.0.1	008i.com
    O1 - Hosts: 127.0.0.1	008k.com
    O1 - Hosts: 127.0.0.1	www.008k.com
    O1 - Hosts: 127.0.0.1	00hq.com
    O1 - Hosts: 127.0.0.1	www.00hq.com
    O1 - Hosts: 127.0.0.1	010402.com
    O1 - Hosts: 127.0.0.1	032439.com
    O1 - Hosts: 127.0.0.1	www.032439.com
    O1 - Hosts: 127.0.0.1	1001-search.info
    O1 - Hosts: 127.0.0.1	www.1001-search.info
    O1 - Hosts: 127.0.0.1	100888290cs.com
    O1 - Hosts: 127.0.0.1	www.100888290cs.com
    O1 - Hosts: 127.0.0.1	100sexlinks.com
    O1 - Hosts: 127.0.0.1	www.100sexlinks.com
    O1 - Hosts: 127.0.0.1	10sek.com
    O1 - Hosts: 127.0.0.1	www.10sek.com
    O1 - Hosts: 127.0.0.1	123topsearch.com
    O1 - Hosts: 127.0.0.1	www.123topsearch.com
    O1 - Hosts: 127.0.0.1	132.com
    O1 - Hosts: 127.0.0.1	www.132.com
    O1 - Hosts: 127.0.0.1	136136.net
    O1 - Hosts: 127.0.0.1	www.136136.net
    O1 - Hosts: 7873 more lines...
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D3028143-6145-4318-99D3-3EDCE54A95A9} - No CLSID value found.
    O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [Start_HSSModule] C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\HSSModule.exe ()
    O4 - HKLM..\Run: [Start_SMSNotifier] C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\SmsNotifier.exe ()
    O4 - HKLM..\Run: [Start_Statistics] C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\OrangeStats.exe ()
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
    O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTTrayp.exe (S3 Graphics Co., Ltd.)
    O4 - HKCU..\Run: [FileHippo.com] C:\Programmes pour le PC\Update checker\FileHippo.com\UpdateChecker.exe (FileHippo.com)
    O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    O4 - Startup: C:\Documents and Settings\Vincent\Menu Démarrer\Programmes\Démarrage\Barre d'Outils Olitec.lnk =  File not found
    O4 - Startup: C:\Documents and Settings\Vincent\Menu Démarrer\Programmes\Démarrage\Moniteur Fax-Voix.lnk =  File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: &Envoyer à OneNote - res://C:\PROGRA~1\MI1933~1\Office14\ONBttnIE.dll/105 File not found
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm File not found
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx File not found
    O8 - Extra context menu item: ajouter cette page à vos favoris Orange - C:\DOCUME~1\Vincent\LOCALS~1\Temp\cce40.html File not found
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office14\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?faf8de032e55463b9014127d42c39933 File not found
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?faf8de032e55463b9014127d42c39933 File not found
    O8 - Extra context menu item: traduire la page - C:\DOCUME~1\Vincent\LOCALS~1\Temp\cce3E.html File not found
    O8 - Extra context menu item: traduire le texte sélectionné - C:\DOCUME~1\Vincent\LOCALS~1\Temp\cce3F.html File not found
    O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Domains: mappy.com ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: orange.fr ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: voila.fr ([rw.search.ke] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: weborama.fr ([orange] http in Trusted sites)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab (MSN Photo Upload Tool)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A71C3778-88E0-4270-A926-2629FA2CED92}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A71C3778-88E0-4270-A926-2629FA2CED92}: NameServer = 80.10.246.1,81.253.149.10
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Fond d'écran.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Fond d'écran.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/06/25 12:47:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2009/12/14 10:00:22 | 000,008,192 | ---- | M] (Microsoft) - E:\AutoOff.exe -- [ FAT32 ]
    O32 - AutoRun File - [2010/03/16 21:14:04 | 000,000,064 | ---- | M] () - E:\autorun.inf -- [ FAT32 ]
    O33 - MountPoints2\{56fa398e-1fff-11dd-9135-0019db85e0d8}\Shell - "" = AutoRun
    O33 - MountPoints2\{56fa398e-1fff-11dd-9135-0019db85e0d8}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
    O33 - MountPoints2\{65a0a460-484a-11de-9390-0019db85e0d8}\Shell\Auto\command - "" = RavMonE.exe e
    O33 - MountPoints2\{65a0a460-484a-11de-9390-0019db85e0d8}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e
    O33 - MountPoints2\{6745366c-7274-11e1-989b-0019db85e0d8}\Shell - "" = AutoRun
    O33 - MountPoints2\{6745366c-7274-11e1-989b-0019db85e0d8}\Shell\AutoRun\command - "" = E:\setup.exe -- [2012/04/17 21:22:36 | 002,539,496 | ---- | M] (LionSea SoftWare                                            )
    O33 - MountPoints2\{7b852879-74d9-11e1-989f-0019db85e0d8}\Shell - "" = AutoRun
    O33 - MountPoints2\{7b852879-74d9-11e1-989f-0019db85e0d8}\Shell\AutoRun\command - "" = E:\setup.exe -- [2012/04/17 21:22:36 | 002,539,496 | ---- | M] (LionSea SoftWare                                            )
    O33 - MountPoints2\{9fcd4e44-3204-11dc-8f54-0019db85e0d8}\Shell - "" = AutoRun
    O33 - MountPoints2\{9fcd4e44-3204-11dc-8f54-0019db85e0d8}\Shell\Auto\command - "" = E:\Cn911.exe
    O33 - MountPoints2\{9fcd4e44-3204-11dc-8f54-0019db85e0d8}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe
    O33 - MountPoints2\{c101fd05-d7fd-11e1-991b-0019db85e0d8}\Shell - "" = AutoRun
    O33 - MountPoints2\{c101fd05-d7fd-11e1-991b-0019db85e0d8}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
    O33 - MountPoints2\E\Shell - "" = AutoRun
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (stera)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2012/08/20 11:51:40 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Vincent\Bureau\OTL.exe
    [2012/08/20 10:43:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincent\Application Data\Malwarebytes
    [2012/08/20 10:42:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2012/08/20 10:42:56 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2012/08/20 10:42:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/08/19 20:41:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincent\Menu Démarrer\Programmes\HiJackThis
    [2012/08/19 20:41:56 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2012/08/19 20:36:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\QuickTime
    [2012/08/19 20:34:54 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2012/08/19 20:24:01 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\xing shared
    [2012/08/19 20:23:26 | 000,198,864 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
    [2012/08/19 20:23:06 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
    [2012/08/19 20:23:06 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
    [2012/08/19 20:23:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\RealNetworks
    [2012/08/18 13:49:42 | 000,000,000 | ---D | C] -- C:\1c4635c3ae739366f51af23775
    [2012/08/18 13:46:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Google Earth
    [2012/08/18 13:35:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\iTunes
    [2012/08/18 13:29:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2012/08/18 13:29:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2012/08/18 13:29:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2012/08/18 13:27:28 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
    [2012/08/18 13:25:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
    [2012/08/18 13:24:22 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2012/08/18 13:09:46 | 000,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
    [2012/08/18 13:04:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincent\Mes documents\Google
    [2012/08/18 13:01:02 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Skype
    [2012/08/18 13:01:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Skype
    [2012/08/18 11:17:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Vincent\Recent
    [2012/08/18 11:14:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincent\Menu Démarrer\Programmes\Revo Uninstaller
    [2012/08/18 11:14:38 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
    [2012/08/18 11:02:43 | 000,000,000 | ---D | C] -- C:\bc23e1cc69b7e9e6506cb086d6
    [2012/08/18 10:56:03 | 000,000,000 | ---D | C] -- C:\77aad79fdb21565822ca1c6024a3be04
    [2012/08/17 16:43:00 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Vincent\PrivacIE
    [2012/08/17 16:40:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\CCleaner
    [2012/08/17 16:40:44 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2012/08/16 11:38:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincent\Local Settings\Application Data\Sun
    [2012/08/16 11:32:50 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Vincent\IETldCache
    [2012/08/16 11:32:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincent\Menu Démarrer\Programmes\Accessories
    [2012/08/15 19:52:22 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
    [2012/08/15 19:52:22 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
    [2012/08/15 19:52:21 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
    [2012/08/15 19:48:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincent\Menu Démarrer\Programmes\WinRAR
    [2012/08/15 19:48:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WinRAR
    [2012/08/15 19:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
    [2012/08/15 19:46:33 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
    [2012/08/15 19:46:33 | 000,746,984 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
    [2012/08/15 19:46:33 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
    [2012/08/15 19:46:20 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
    [2012/08/15 19:46:20 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
    [2012/08/15 19:46:20 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
    [2012/08/07 13:46:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincent\Application Data\OpenOffice.org
    [2012/08/07 13:43:36 | 000,000,000 | ---D | C] -- C:\Programmes pour le PC
    [2012/08/07 13:36:41 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\OpenOffice.org 3.4
    [2012/08/07 13:29:27 | 000,000,000 | ---D | C] -- C:\Programmes d'ecrire
    [2012/08/02 16:06:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\CampBrain 5 Trial
    [2012/08/02 16:06:30 | 000,000,000 | ---D | C] -- C:\Program Files\CampBrain5 Trial
    [2012/08/02 16:06:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CampBrain5
    [2012/08/02 16:06:30 | 000,000,000 | ---D | C] -- C:\CampBrain Database
    [2012/08/02 16:01:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincent\Local Settings\Application Data\Downloaded Installations
    [2012/08/01 20:41:52 | 000,000,000 | ---D | C] -- C:\Campingsoftware
    [2012/07/26 19:28:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Screentime
    [2012/07/26 19:28:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincent\Local Settings\Application Data\Screentime
    [346 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [266 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
    [11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
     
    ========== Files - Modified Within 30 Days ==========
     
    [2012/08/20 15:54:10 | 000,001,056 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/08/20 15:54:04 | 000,001,052 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/08/20 15:53:51 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
    [2012/08/20 15:52:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/08/20 15:48:00 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2012/08/20 13:25:01 | 000,001,000 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
    [2012/08/20 11:51:39 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vincent\Bureau\OTL.exe
    [2012/08/20 10:43:00 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes Anti-Malware.lnk
    [2012/08/20 10:36:30 | 000,002,451 | ---- | M] () -- C:\Documents and Settings\Vincent\Bureau\HiJackThis.lnk
    [2012/08/20 10:20:15 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{DB20F37A-8F04-45F3-8EE7-DDCE8D78B69C}.job
    [2012/08/19 20:23:26 | 000,198,864 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
    [2012/08/19 20:23:06 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
    [2012/08/19 20:23:06 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
    [2012/08/19 20:23:04 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
    [2012/08/18 17:41:29 | 000,501,472 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
    [2012/08/18 17:41:29 | 000,433,328 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012/08/18 17:41:29 | 000,081,514 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
    [2012/08/18 17:41:29 | 000,068,284 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2012/08/18 17:31:19 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\Vincent\Application Data\Launch Internet Explorer Browser.lnk
    [2012/08/18 17:04:29 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/08/18 13:46:27 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Google*Earth.lnk
    [2012/08/18 13:27:32 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2012/08/18 13:09:52 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2012/08/18 13:09:31 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
    [2012/08/18 13:09:31 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
    [2012/08/18 13:06:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/08/18 11:53:19 | 1005,076,480 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
    [2012/08/18 11:14:39 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Vincent\Bureau\Revo Uninstaller.lnk
    [2012/08/17 16:40:50 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\CCleaner.lnk
    [2012/08/15 19:45:40 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
    [2012/08/15 19:45:30 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
    [2012/08/15 19:45:30 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
    [2012/08/15 19:45:29 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
    [2012/08/15 19:45:29 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
    [2012/08/15 19:45:26 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
    [2012/08/15 19:45:26 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
    [2012/08/15 19:23:51 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
    [2012/08/15 16:59:39 | 000,003,120 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2012/08/15 15:21:26 | 000,047,111 | ---- | M] () -- C:\Documents and Settings\Vincent\Bureau\planning réservation.odt
    [2012/08/14 19:48:15 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2012/08/14 19:48:15 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2012/08/07 23:13:49 | 000,017,819 | ---- | M] () -- C:\Documents and Settings\Vincent\Bureau\TOASTMARIAGEFRANCAIS.odt
    [2012/08/07 19:30:50 | 000,307,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/08/07 13:44:07 | 000,001,869 | ---- | M] () -- C:\Documents and Settings\Vincent\Bureau\Update Checker.lnk
    [2012/08/07 13:36:47 | 000,000,887 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\OpenOffice.org 3.4.lnk
    [2012/08/02 16:06:43 | 000,001,693 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\CampBrain 5 Trial.lnk
    [346 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [266 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
    [11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
     
    ========== Files Created - No Company Name ==========
     
    [2012/08/20 10:43:00 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes Anti-Malware.lnk
    [2012/08/19 20:41:57 | 000,002,451 | ---- | C] () -- C:\Documents and Settings\Vincent\Bureau\HiJackThis.lnk
    [2012/08/18 17:35:42 | 000,000,426 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{DB20F37A-8F04-45F3-8EE7-DDCE8D78B69C}.job
    [2012/08/18 17:31:19 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\Vincent\Application Data\Launch Internet Explorer Browser.lnk
    [2012/08/18 17:31:18 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Vincent\Menu Démarrer\Programmes\Internet Explorer.lnk
    [2012/08/18 13:46:27 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Google*Earth.lnk
    [2012/08/18 13:27:31 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2012/08/18 13:27:30 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Apple Software Update.lnk
    [2012/08/18 13:09:27 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Vincent\Menu Démarrer\Programmes\Windows Media Player.lnk
    [2012/08/18 12:09:31 | 001,207,126 | ---- | C] () -- C:\WINDOWS\System32\Spender.bmp
    [2012/08/18 12:09:31 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\GkSui18.EXE
    [2012/08/18 12:09:31 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\gksl_ger.dll
    [2012/08/18 12:09:31 | 000,000,970 | ---- | C] () -- C:\WINDOWS\System32\Spender.NTP
    [2012/08/18 11:20:34 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
    [2012/08/18 11:14:39 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Vincent\Bureau\Revo Uninstaller.lnk
    [2012/08/17 16:40:50 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\CCleaner.lnk
    [2012/08/15 19:23:50 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
    [2012/08/15 16:59:36 | 000,000,316 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
    [2012/08/07 23:13:48 | 000,017,819 | ---- | C] () -- C:\Documents and Settings\Vincent\Bureau\TOASTMARIAGEFRANCAIS.odt
    [2012/08/07 13:44:07 | 000,001,875 | ---- | C] () -- C:\Documents and Settings\Vincent\Menu Démarrer\Programmes\Update Checker.lnk
    [2012/08/07 13:44:07 | 000,001,869 | ---- | C] () -- C:\Documents and Settings\Vincent\Bureau\Update Checker.lnk
    [2012/08/07 13:36:47 | 000,000,887 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\OpenOffice.org 3.4.lnk
    [2012/08/02 16:06:43 | 000,001,693 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\CampBrain 5 Trial.lnk
    [2012/02/15 03:43:30 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2011/07/19 21:37:37 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI
    [2011/04/21 12:36:45 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2011/04/19 16:32:28 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\StrStorage.dll
    [2008/02/26 15:02:45 | 000,038,400 | ---- | C] () -- C:\Documents and Settings\Vincent\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
     
    ========== LOP Check ==========
     
    [2011/08/30 10:27:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2012/08/02 16:06:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CampBrain5
    [2008/04/14 15:23:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
    [2010/02/07 13:58:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
    [2010/06/25 12:52:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
    [2010/06/23 15:28:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cegid
    [2012/03/23 13:32:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Orange
    [2008/04/14 15:27:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
    [2012/07/26 19:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Screentime
    [2012/03/23 13:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2009/06/13 14:55:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
    [2012/08/15 20:03:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2012/08/18 13:34:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/06/13 14:46:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2011/08/31 18:58:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincent\Application Data\Canon
    [2007/09/03 16:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincent\Application Data\CopyToDvd
    [2007/07/14 14:12:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincent\Application Data\Leadertech
    [2012/08/07 13:46:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincent\Application Data\OpenOffice.org
    [2008/04/14 15:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincent\Application Data\ScanSoft
    [2007/08/12 13:05:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincent\Application Data\Thunderbird
    [2012/07/11 16:33:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincent\Application Data\Vso
    [2009/06/13 15:02:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincent\Application Data\WindSolutions
    [2012/08/20 15:53:51 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job
    [2012/08/20 10:20:15 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{DB20F37A-8F04-45F3-8EE7-DDCE8D78B69C}.job
     
    ========== Purity Check ==========
     
     
     
    ========== Alternate Data Streams ==========
     
    @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    
    < End of report >
    OTL Extras:
    Code:
    OTL Extras logfile created on: 20/08/2012 16:12:28 - Run 2
    OTL by OldTimer - Version 3.2.58.1     Folder = C:\Documents and Settings\Vincent\Bureau
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
     
    958,42 Mb Total Physical Memory | 517,30 Mb Available Physical Memory | 53,97% Memory free
    2,26 Gb Paging File | 1,92 Gb Available in Paging File | 85,21% Paging File free
    Paging file location(s): c:\pagefile.sys 1440 2880 [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 465,76 Gb Total Space | 372,02 Gb Free Space | 79,87% Space Free | Partition Type: NTFS
    Drive E: | 15,10 Gb Total Space | 8,99 Gb Free Space | 59,54% Space Free | Partition Type: FAT32
     
    Computer Name: FABAS | User Name: Vincent | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Extra Registry (SafeList) ==========
     
     
    ========== File Associations ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
     
    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found
     
    ========== Shell Spawning ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
    https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
     
    ========== Security Center Settings ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "FirstRunDisabled" = 1
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
     
    ========== System Restore Settings ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2
     
    ========== Firewall Settings ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
     
    ========== Authorized Applications List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
    "C:\Documents and Settings\Invité\Bureau\freezer v1.4 fr\freezer.exe" = C:\Documents and Settings\Invité\Bureau\freezer v1.4 fr\freezer.exe:*:Disabled:freezer -- ()
    "C:\Program Files\Inventel\Gateway\RGWRepair.exe" = C:\Program Files\Inventel\Gateway\RGWRepair.exe:*:Enabled:RGWRepair -- (Inventel)
    "C:\Program Files\Orange\Connexion Internet Orange\Connectivity\ConnectivityManager.exe" = C:\Program Files\Orange\Connexion Internet Orange\Connectivity\ConnectivityManager.exe:*:enabled:CSS -- (France Telecom SA)
    "C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Disabled:Google Earth -- (Google)
    "C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Disabled:VLC media player -- ()
    "C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Disabled:Google Earth -- (Google)
    "C:\Program Files\Fichiers communs\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Fichiers communs\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
     
     
    ========== HKEY_LOCAL_MACHINE Uninstall List ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0385C7DF-4461-48A0-902C-9B98283B1F7B}" = Cegid Business Line Premium
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
    "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
    "{1292B4A7-C072-413A-B1D0-A1BE7FB516B9}" = Google SketchUp 8
    "{133742BA-6F46-4D3E-85AF-78631D9AD8B8}" = Installation Windows Live
    "{1EE04769-91C4-4A06-92B7-FCAFE6BABDD9}" = Galerie de photos Windows Live
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
    "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83217006FF}" = Java 7 Update 6
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google*Earth
    "{2F90A789-DD1E-41CE-BFCA-BD78213BABC7}" = OpenOffice.org 3.4
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
    "{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
    "{3C683090-85C1-4130-BAF7-031E281911A6}" = CampBrain 5.3 Trial Version
    "{416DFEDD-9F1B-4EFC-AF70-FCA891AE0251}" = Adobe InDesign CS
    "{445B183D-F4F1-45C8-B9DB-F11355CA657B}" = Windows Live Messenger
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{4634B21A-CC07-4396-890C-2B8168661FEA}" = Windows Live Writer
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
    "{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
    "{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
    "{76810709-A7D3-468D-9167-A1780C1E766C}" = Windows Live FolderShare
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{83DFACEB-59B2-4981-B50B-2432255F33A3}" = Cegid Business Line Documentation
    "{870F1750-BA89-11DA-A94D-0800200C9A66}_is1" = VSO CopyToDVD 4
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
    "{9011040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9AEE1212-3B26-41D0-8327-DBC8FDE045E2}" = Cegid Business Line Structure de référence
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9FF9FDF7-F84A-4F99-B4BB-066B6F95F33D}" = Windows Live Contrôle parental
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A476A77A-F849-4EF3-BDE8-F437669D7563}" = Cegid Business Line fichier de connexion
    "{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Edition Découverte 3.2
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{AC76BA86-7AD7-1036-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Français
    "{B3B487E7-6171-4376-9074-B28082CEB504}" = Windows Live Call
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}" = Assistant de connexion Windows Live
    "{D6038E8E-9025-481D-B4D2-E7CE05305BD3}" = Cegid Business Line
    "{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{EF106010-14E3-4F84-9962-4AC68AA0968B}" = Cegid Expert Run Time CBP
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
    "{FE19C975-AFC8-44A4-85FA-6DBAD247687D}" = Orange Clé 3G+
    "{ORAHSS}.UninstallSuite" = Orange - Logiciels Internet
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Photoshop 5.0" = Adobe Photoshop 5.0
    "Adobe® Photoshop® Album Edition Découverte 3.2" = Adobe® Photoshop® Album Edition Découverte 3.2
    "avast" = avast! Free Antivirus
    "CANONIJPLM100" = PIXMA Extended Survey Program
    "CanonMyPrinter" = Canon My Printer
    "CanonSolutionMenu" = Canon Utilities Solution Menu
    "CCleaner" = CCleaner
    "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
    "FileHippo.com" = FileHippo.com Update Checker
    "Google Desktop" = Google Desktop
    "Google Updater" = Outil de mise à jour Google
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
    "IrfanView" = IrfanView (remove only)
    "MailNotifier" = Notification Mail
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox 14.0.1 (x86 fr)" = Mozilla Firefox 14.0.1 (x86 fr)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MSNINST" = MSN
    "Picasa 3" = Picasa 3
    "RealPlayer 15.0" = RealPlayer
    "Revo Uninstaller" = Revo Uninstaller 1.94
    "ShockwaveFlash" = Adobe Flash Player 9 ActiveX
    "VIA/S3G UniChrome Family Win2K/XP/Server2003 Display" = VIA/S3G Display Driver 6.14.10.0297
    "VLC media player" = VLC media player 2.0.3
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "WinLiveSuite_Wave3" = Installation Windows Live
    "WinRAR archiver" = WinRAR 4.20 (32-bit)
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
     
    ========== HKEY_CURRENT_USER Uninstall List ==========
     
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "CopyTrans Suite" = CopyTrans Suite désinstallation uniquement
     
    ========== Last 20 Event Log Errors ==========
     
    [ Antivirus Events ]
    Error - 19/07/2011 05:18:55 | Computer Name = FABAS | Source = avast! | ID = 33554522
    Description = 
     
    Error - 19/07/2011 05:18:55 | Computer Name = FABAS | Source = avast! | ID = 33554522
    Description = 
     
    Error - 28/07/2011 14:33:39 | Computer Name = FABAS | Source = avast! | ID = 33554522
    Description = 
     
    Error - 28/07/2011 14:33:39 | Computer Name = FABAS | Source = avast! | ID = 33554522
    Description = 
     
    Error - 28/07/2011 14:33:39 | Computer Name = FABAS | Source = avast! | ID = 33554522
    Description = 
     
    Error - 28/07/2011 14:33:45 | Computer Name = FABAS | Source = avast! | ID = 33554522
    Description = 
     
    Error - 02/08/2011 08:11:10 | Computer Name = FABAS | Source = avast! | ID = 33554522
    Description = 
     
    Error - 02/08/2011 08:11:11 | Computer Name = FABAS | Source = avast! | ID = 33554522
    Description = 
     
    Error - 26/08/2011 15:05:39 | Computer Name = FABAS | Source = avast! | ID = 33554522
    Description = 
     
    Error - 30/08/2011 04:28:41 | Computer Name = FABAS | Source = avast! | ID = 33554522
    Description = 
     
    [ Application Events ]
    Error - 19/08/2012 11:35:33 | Computer Name = FABAS | Source = crypt32 | ID = 131083
    Description = Échec de l'extraction de la liste racine tierce partie depuis le fichier
     CAB de mise à jour automatique à : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
     avec l'erreur : Un certificat requis n'est pas dans sa période de validité selon
     la vérification par rapport à l'horloge système en cours ou le tampon daté dans
     le fichier signé.  
     
    Error - 19/08/2012 11:35:33 | Computer Name = FABAS | Source = crypt32 | ID = 131080
    Description = Échec de la récupération de la mise à jour automatique du numéro de
     séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
     avec l'erreur : Cette connexion réseau n'existe pas.  
     
    Error - 19/08/2012 11:37:08 | Computer Name = FABAS | Source = crypt32 | ID = 131083
    Description = Échec de l'extraction de la liste racine tierce partie depuis le fichier
     CAB de mise à jour automatique à : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
     avec l'erreur : Un certificat requis n'est pas dans sa période de validité selon
     la vérification par rapport à l'horloge système en cours ou le tampon daté dans
     le fichier signé.  
     
    Error - 19/08/2012 11:37:09 | Computer Name = FABAS | Source = crypt32 | ID = 131080
    Description = Échec de la récupération de la mise à jour automatique du numéro de
     séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
     avec l'erreur : A connection with the server could not be established  
     
    Error - 19/08/2012 11:39:07 | Computer Name = FABAS | Source = crypt32 | ID = 131083
    Description = Échec de l'extraction de la liste racine tierce partie depuis le fichier
     CAB de mise à jour automatique à : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
     avec l'erreur : Un certificat requis n'est pas dans sa période de validité selon
     la vérification par rapport à l'horloge système en cours ou le tampon daté dans
     le fichier signé.  
     
    Error - 19/08/2012 11:39:08 | Computer Name = FABAS | Source = crypt32 | ID = 131080
    Description = Échec de la récupération de la mise à jour automatique du numéro de
     séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
     avec l'erreur : A connection with the server could not be established  
     
    Error - 19/08/2012 14:15:37 | Computer Name = FABAS | Source = crypt32 | ID = 131083
    Description = Échec de l'extraction de la liste racine tierce partie depuis le fichier
     CAB de mise à jour automatique à : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
     avec l'erreur : Un certificat requis n'est pas dans sa période de validité selon
     la vérification par rapport à l'horloge système en cours ou le tampon daté dans
     le fichier signé.  
     
    Error - 19/08/2012 14:15:38 | Computer Name = FABAS | Source = crypt32 | ID = 131080
    Description = Échec de la récupération de la mise à jour automatique du numéro de
     séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
     avec l'erreur : A connection with the server could not be established  
     
    Error - 19/08/2012 14:18:46 | Computer Name = FABAS | Source = crypt32 | ID = 131083
    Description = Échec de l'extraction de la liste racine tierce partie depuis le fichier
     CAB de mise à jour automatique à : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
     avec l'erreur : Un certificat requis n'est pas dans sa période de validité selon
     la vérification par rapport à l'horloge système en cours ou le tampon daté dans
     le fichier signé.  
     
    Error - 19/08/2012 14:18:47 | Computer Name = FABAS | Source = crypt32 | ID = 131080
    Description = Échec de la récupération de la mise à jour automatique du numéro de
     séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
     avec l'erreur : A connection with the server could not be established  
     
    [ System Events ]
    Error - 19/08/2012 08:10:47 | Computer Name = FABAS | Source = Service Control Manager | ID = 7000
    Description = Le service oirijshr77d94031 n'a pas pu démarrer en raison de l'erreur*:
       %%2
     
    Error - 19/08/2012 08:10:47 | Computer Name = FABAS | Source = Service Control Manager | ID = 7000
    Description = Le service oirijshr795b6c63 n'a pas pu démarrer en raison de l'erreur*:
       %%2
     
    Error - 19/08/2012 11:09:16 | Computer Name = FABAS | Source = Service Control Manager | ID = 7000
    Description = Le service oirijshr77d94031 n'a pas pu démarrer en raison de l'erreur*:
       %%2
     
    Error - 19/08/2012 11:09:16 | Computer Name = FABAS | Source = Service Control Manager | ID = 7000
    Description = Le service oirijshr795b6c63 n'a pas pu démarrer en raison de l'erreur*:
       %%2
     
    Error - 20/08/2012 04:13:53 | Computer Name = FABAS | Source = Service Control Manager | ID = 7000
    Description = Le service oirijshr77d94031 n'a pas pu démarrer en raison de l'erreur*:
       %%2
     
    Error - 20/08/2012 04:13:53 | Computer Name = FABAS | Source = Service Control Manager | ID = 7000
    Description = Le service oirijshr795b6c63 n'a pas pu démarrer en raison de l'erreur*:
       %%2
     
    Error - 20/08/2012 09:49:20 | Computer Name = FABAS | Source = Service Control Manager | ID = 7000
    Description = Le service oirijshr77d94031 n'a pas pu démarrer en raison de l'erreur*:
       %%2
     
    Error - 20/08/2012 09:49:20 | Computer Name = FABAS | Source = Service Control Manager | ID = 7000
    Description = Le service oirijshr795b6c63 n'a pas pu démarrer en raison de l'erreur*:
       %%2
     
    Error - 20/08/2012 09:53:11 | Computer Name = FABAS | Source = Service Control Manager | ID = 7000
    Description = Le service oirijshr77d94031 n'a pas pu démarrer en raison de l'erreur*:
       %%2
     
    Error - 20/08/2012 09:53:11 | Computer Name = FABAS | Source = Service Control Manager | ID = 7000
    Description = Le service oirijshr795b6c63 n'a pas pu démarrer en raison de l'erreur*:
       %%2
     
     
    < End of report >
    Geändert von Fortinbras (20.08.2012 um 15:45 Uhr)

  4. #4
    Moderator (global) Team-Mitglied Avatar von kira
    Registriert seit
    28.03.2006
    Ort
    Wien/Sprachen: Deutsch-Ungarisch
    Beiträge
    29.692

    AW: Microsoft Internet Explorer funktioniert nicht

    1.
    Nur für 32-Bit-Systeme
    Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :

    Anleitung:-> Rootkit-Suche mit Gmer
    WENN das Tool GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!

    2.
    Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit)

    Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.

    • Downloade die MBR.exe von Gmer und
      kopiere die Datei mbr.exe in den Ordner C:\Windows\system32.
      Falls Du den Ordner nicht sehen kannst, diese Einstellungen in den Ordneroptionen vornehmen.
    • Start => ausführen => cmd (da reinschreiben) => OK
      es öffnet sich eine Eingabeaufforderung.

      Vista- und Windows 7-User: Start => Alle Programme => Zubehör => Rechtsklick auf Eingabeaufforderung und wähle Als Administrator ausführen.
    • Nach dem Prompt (>_) folgenden

      aus der Codebox manuell eingeben oder alternativ den mit STRG + C ins Clipboard kopieren und einfügen.
      Einfügen in der Eingabeaufforderung: in der Titelleiste einen Rechtsklick machen => Bearbeiten => einfügen.

      Code:
      mbr.exe -t > C:\mbr.log & C:\mbr.log
      (Enter drücken)
    • Nach kurzer Zeit wird sich Dein Editor öffnen und die Datei C:\mbr.log beinhalten.
      Bitte kopiere den Inhalt hier in Deinen Thread.


    3.
    TDSSKiller von Kaspersky

    • Lade den TDSSKiller und entpacke das Archiv auf Deinen Desktop.
    • Vergewissere Dich, dass die TDSSKiller.exe direkt auf dem Desktop liegt (nicht in einem Ordner auf dem Desktop).
    • Starte die TDSSKiller.exe durch Doppelklick.
    • Nach Beendigung der Arbeit schlägt das Tool vor, das System neu zu starten.
      Bestätige das ggfs. mit Y(es).
      Beim Hochfahren des Systems führt der Treiber alle geplanten Operationen aus löscht sich danach.
    • Poste mir den Inhalt von C:\TDSSKiller<random>.txt hier in den Thread.

    Hier findest Du eine ausführlichere Anleitung.
    Warnung!:
    Vorsicht bei Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einem Verschlüsselungs-Trojaner infiziert sein!
    Anhang nicht öffnen, in unserem Forum erst nachfragen!

    Bitte diese Warnung weitergeben, wo Du nur kannst!
    Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
    Bitte diese Warnung weitergeben, wo Du nur kannst!

  5. #5
    Einsteiger
    Registriert seit
    19.08.2012
    Beiträge
    18

    AW: Microsoft Internet Explorer funktioniert nicht

    1. Rootkitscan:

    Code:
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-08-21 13:25:47
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST500DM002-1BD142 rev.KC45
    Running: sbsscqii.exe; Driver: C:\DOCUME~1\Vincent\LOCALS~1\Temp\kxtdypow.sys
    
    
    ---- System - GMER 1.0.15 ----
    
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                      ZwAddBootEntry [0xF3A69536]
    SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                      ZwAllocateVirtualMemory [0xF3B3A7BA]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                      ZwAssignProcessToJobObject [0xF3A69F52]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                      ZwClose [0xF3AA9C31]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                      ZwCreateEvent [0xF3A74D7A]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                      ZwCreateEventPair [0xF3A74DC6]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                      ZwCreateIoCompletion [0xF3A74F48]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                      ZwCreateKey [0xF3AA95E5]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                      ZwCreateMutant [0xF3A74CE8]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                      ZwCreateSection [0xF3A74E0A]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                      ZwCreateSemaphore [0xF3A74D30]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                      ZwCreateThread [0xF3A6A146]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                      ZwCreateTimer [0xF3A74F02]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                      ZwDebugActiveProcess [0xF3A6A8CA]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                      ZwDeleteBootEntry [0xF3A69584]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                      ZwDeleteKey [0xF3AAA2F7]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                      ZwDeleteValueKey [0xF3AAA5AD]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                      ZwDuplicateObject [0xF3A6DF36]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                      ZwEnumerateKey [0xF3AAA162]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                      ZwEnumerateValueKey [0xF3AA9FCD]
    SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                      ZwFreeVirtualMemory [0xF3B3A89E]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                      ZwLoadDriver [0xF3A691EC]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                      ZwModifyBootEntry [0xF3A695D2]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                      ZwNotifyChangeKey [0xF3A6E2A8]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                      ZwNotifyChangeMultipleKeys [0xF3A6B292]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                      ZwOpenEvent [0xF3A74DA4]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                      ZwOpenEventPair [0xF3A74DE8]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                      ZwOpenIoCompletion [0xF3A74F6C]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                      ZwOpenKey [0xF3AA9941]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                      ZwOpenMutant [0xF3A74D0E]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                      ZwOpenProcess [0xF3A6DAAC]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                      ZwOpenSection [0xF3A74E8C]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                      ZwOpenSemaphore [0xF3A74D58]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                      ZwOpenThread [0xF3A6DCDE]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                      ZwOpenTimer [0xF3A74F26]
    SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                      ZwProtectVirtualMemory [0xF3B3AA1E]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                      ZwQueryKey [0xF3AA9E48]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                      ZwQueryObject [0xF3A6B15E]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                      ZwQueryValueKey [0xF3AA9C9A]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                      ZwQueueApcThread [0xF3A6AD08]
    SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                      ZwRenameKey [0xF3B46338]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                      ZwRestoreKey [0xF3AA8C58]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                      ZwSetBootEntryOrder [0xF3A69620]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                      ZwSetBootOptions [0xF3A6966E]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                      ZwSetContextThread [0xF3A6A74A]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                      ZwSetSystemInformation [0xF3A69276]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                      ZwSetSystemPowerState [0xF3A69426]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                      ZwSetValueKey [0xF3AAA3FE]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                      ZwShutdownSystem [0xF3A693CC]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                      ZwSuspendProcess [0xF3A6AA2C]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                      ZwSuspendThread [0xF3A6AB88]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                      ZwSystemDebugControl [0xF3A69496]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                      ZwTerminateProcess [0xF3A6A468]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                      ZwTerminateThread [0xF3A6A5CA]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                      ZwVdmControl [0xF3A696BC]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                      ZwWriteVirtualMemory [0xF3A69F96]
    
    Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                      ZwCreateProcessEx [0xF3B52744]
    Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                      ObInsertObject
    Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                      ObMakeTemporaryObject
    
    ---- Kernel code sections - GMER 1.0.15 ----
    
    .text           ntkrnlpa.exe!ZwCallbackReturn + 2C70                                                                                                       805044FC 4 Bytes  [E8, 4C, A7, F3]
    .text           ntkrnlpa.exe!ZwCallbackReturn + 2F10                                                                                                       8050479C 12 Bytes  [20, 96, A6, F3, 6E, 96, A6, ...]
    .text           ntkrnlpa.exe!ZwCallbackReturn + 2FB8                                                                                                       80504844 12 Bytes  [2C, AA, A6, F3, 88, AB, A6, ...]
    .text           win32k.sys!EngMultiByteToWideChar + 2F20                                                                                                   BF8527E0 1 Byte  [E9]
    
    ---- User code sections - GMER 1.0.15 ----
    
    .text           C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[108] ntdll.dll!LdrLoadDll                                         7C9263A3 5 Bytes  JMP 001401F8 
    .text           C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[108] ntdll.dll!RtlDosSearchPath_U + 1D1                           7C9271AA 1 Byte  [62]
    .text           C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[108] ntdll.dll!LdrUnloadDll                                       7C92736B 5 Bytes  JMP 001403FC 
    .text           C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[108] kernel32.dll!GetBinaryTypeW + 80                             7C868C2C 1 Byte  [62]
    .text           C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[108] ADVAPI32.dll!SetServiceObjectSecurity                        77E06D59 5 Bytes  JMP 00381014 
    .text           C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[108] ADVAPI32.dll!ChangeServiceConfigA                            77E06E41 5 Bytes  JMP 00380804 
    .text           C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[108] ADVAPI32.dll!ChangeServiceConfigW                            77E06FD9 5 Bytes  JMP 00380A08 
    .text           C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[108] ADVAPI32.dll!ChangeServiceConfig2A                           77E070D9 5 Bytes  JMP 00380C0C 
    .text           C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[108] ADVAPI32.dll!ChangeServiceConfig2W                           77E07161 5 Bytes  JMP 00380E10 
    .text           C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[108] ADVAPI32.dll!CreateServiceA                                  77E071E9 5 Bytes  JMP 003801F8 
    .text           C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[108] ADVAPI32.dll!CreateServiceW                                  77E07381 5 Bytes  JMP 003803FC 
    .text           C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[108] ADVAPI32.dll!DeleteService                                   77E07489 5 Bytes  JMP 00380600 
    .text           C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[108] USER32.dll!SetWindowsHookExW                                 7E3A820F 5 Bytes  JMP 00390804 
    .text           C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[108] USER32.dll!UnhookWindowsHookEx                               7E3AD5F3 5 Bytes  JMP 00390A08 
    .text           C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[108] USER32.dll!SetWindowsHookExA                                 7E3B1211 5 Bytes  JMP 00390600 
    .text           C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[108] USER32.dll!SetWinEventHook                                   7E3B17F7 5 Bytes  JMP 003901F8 
    .text           C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[108] USER32.dll!UnhookWinEvent                                    7E3B18AC 5 Bytes  JMP 003903FC 
    .text           C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[140] ntdll.dll!LdrLoadDll                       7C9263A3 5 Bytes  JMP 001501F8 
    .text           C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[140] ntdll.dll!RtlDosSearchPath_U + 1D1         7C9271AA 1 Byte  [62]
    .text           C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[140] ntdll.dll!LdrUnloadDll                     7C92736B 5 Bytes  JMP 001503FC 
    .text           C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[140] kernel32.dll!GetBinaryTypeW + 80           7C868C2C 1 Byte  [62]
    .text           C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[140] ADVAPI32.dll!SetServiceObjectSecurity      77E06D59 5 Bytes  JMP 00391014 
    .text           C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[140] ADVAPI32.dll!ChangeServiceConfigA          77E06E41 5 Bytes  JMP 00390804 
    .text           C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[140] ADVAPI32.dll!ChangeServiceConfigW          77E06FD9 5 Bytes  JMP 00390A08 
    .text           C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[140] ADVAPI32.dll!ChangeServiceConfig2A         77E070D9 5 Bytes  JMP 00390C0C 
    .text           C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[140] ADVAPI32.dll!ChangeServiceConfig2W         77E07161 5 Bytes  JMP 00390E10 
    .text           C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[140] ADVAPI32.dll!CreateServiceA                77E071E9 5 Bytes  JMP 003901F8 
    .text           C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[140] ADVAPI32.dll!CreateServiceW                77E07381 5 Bytes  JMP 003903FC 
    .text           C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[140] ADVAPI32.dll!DeleteService                 77E07489 5 Bytes  JMP 00390600 
    .text           C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[140] USER32.dll!SetWindowsHookExW               7E3A820F 5 Bytes  JMP 003A0804 
    .text           C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[140] USER32.dll!UnhookWindowsHookEx             7E3AD5F3 5 Bytes  JMP 003A0A08 
    .text           C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[140] USER32.dll!SetWindowsHookExA               7E3B1211 5 Bytes  JMP 003A0600 
    .text           C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[140] USER32.dll!SetWinEventHook                 7E3B17F7 5 Bytes  JMP 003A01F8 
    .text           C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[140] USER32.dll!UnhookWinEvent                  7E3B18AC 5 Bytes  JMP 003A03FC 
    .text           C:\Program Files\Bonjour\mDNSResponder.exe[156] ntdll.dll!LdrLoadDll                                                                       7C9263A3 5 Bytes  JMP 001501F8 
    .text           C:\Program Files\Bonjour\mDNSResponder.exe[156] ntdll.dll!RtlDosSearchPath_U + 1D1                                                         7C9271AA 1 Byte  [62]
    .text           C:\Program Files\Bonjour\mDNSResponder.exe[156] ntdll.dll!LdrUnloadDll                                                                     7C92736B 5 Bytes  JMP 001503FC 
    .text           C:\Program Files\Bonjour\mDNSResponder.exe[156] kernel32.dll!GetBinaryTypeW + 80                                                           7C868C2C 1 Byte  [62]
    .text           C:\Program Files\Bonjour\mDNSResponder.exe[156] ADVAPI32.dll!SetServiceObjectSecurity                                                      77E06D59 5 Bytes  JMP 00391014 
    .text           C:\Program Files\Bonjour\mDNSResponder.exe[156] ADVAPI32.dll!ChangeServiceConfigA                                                          77E06E41 5 Bytes  JMP 00390804 
    .text           C:\Program Files\Bonjour\mDNSResponder.exe[156] ADVAPI32.dll!ChangeServiceConfigW                                                          77E06FD9 5 Bytes  JMP 00390A08 
    .text           C:\Program Files\Bonjour\mDNSResponder.exe[156] ADVAPI32.dll!ChangeServiceConfig2A                                                         77E070D9 5 Bytes  JMP 00390C0C 
    .text           C:\Program Files\Bonjour\mDNSResponder.exe[156] ADVAPI32.dll!ChangeServiceConfig2W                                                         77E07161 5 Bytes  JMP 00390E10 
    .text           C:\Program Files\Bonjour\mDNSResponder.exe[156] ADVAPI32.dll!CreateServiceA                                                                77E071E9 5 Bytes  JMP 003901F8 
    .text           C:\Program Files\Bonjour\mDNSResponder.exe[156] ADVAPI32.dll!CreateServiceW                                                                77E07381 5 Bytes  JMP 003903FC 
    .text           C:\Program Files\Bonjour\mDNSResponder.exe[156] ADVAPI32.dll!DeleteService                                                                 77E07489 5 Bytes  JMP 00390600 
    .text           C:\Program Files\Bonjour\mDNSResponder.exe[156] USER32.dll!SetWindowsHookExW                                                               7E3A820F 5 Bytes  JMP 003A0804 
    .text           C:\Program Files\Bonjour\mDNSResponder.exe[156] USER32.dll!UnhookWindowsHookEx                                                             7E3AD5F3 5 Bytes  JMP 003A0A08 
    .text           C:\Program Files\Bonjour\mDNSResponder.exe[156] USER32.dll!SetWindowsHookExA                                                               7E3B1211 5 Bytes  JMP 003A0600 
    .text           C:\Program Files\Bonjour\mDNSResponder.exe[156] USER32.dll!SetWinEventHook                                                                 7E3B17F7 5 Bytes  JMP 003A01F8 
    .text           C:\Program Files\Bonjour\mDNSResponder.exe[156] USER32.dll!UnhookWinEvent                                                                  7E3B18AC 5 Bytes  JMP 003A03FC 
    .text           C:\WINDOWS\system32\ctfmon.exe[592] ntdll.dll!LdrLoadDll                                                                                   7C9263A3 5 Bytes  JMP 000A01F8 
    .text           C:\WINDOWS\system32\ctfmon.exe[592] ntdll.dll!RtlDosSearchPath_U + 1D1                                                                     7C9271AA 1 Byte  [62]
    .text           C:\WINDOWS\system32\ctfmon.exe[592] ntdll.dll!LdrUnloadDll                                                                                 7C92736B 5 Bytes  JMP 000A03FC 
    .text           C:\WINDOWS\system32\ctfmon.exe[592] kernel32.dll!GetBinaryTypeW + 80                                                                       7C868C2C 1 Byte  [62]
    .text           C:\WINDOWS\system32\ctfmon.exe[592] ADVAPI32.dll!SetServiceObjectSecurity                                                                  77E06D59 5 Bytes  JMP 002C1014 
    .text           C:\WINDOWS\system32\ctfmon.exe[592] ADVAPI32.dll!ChangeServiceConfigA                                                                      77E06E41 5 Bytes  JMP 002C0804 
    .text           C:\WINDOWS\system32\ctfmon.exe[592] ADVAPI32.dll!ChangeServiceConfigW                                                                      77E06FD9 5 Bytes  JMP 002C0A08 
    .text           C:\WINDOWS\system32\ctfmon.exe[592] ADVAPI32.dll!ChangeServiceConfig2A                                                                     77E070D9 5 Bytes  JMP 002C0C0C 
    .text           C:\WINDOWS\system32\ctfmon.exe[592] ADVAPI32.dll!ChangeServiceConfig2W                                                                     77E07161 5 Bytes  JMP 002C0E10 
    .text           C:\WINDOWS\system32\ctfmon.exe[592] ADVAPI32.dll!CreateServiceA                                                                            77E071E9 5 Bytes  JMP 002C01F8 
    .text           C:\WINDOWS\system32\ctfmon.exe[592] ADVAPI32.dll!CreateServiceW                                                                            77E07381 5 Bytes  JMP 002C03FC 
    .text           C:\WINDOWS\system32\ctfmon.exe[592] ADVAPI32.dll!DeleteService                                                                             77E07489 5 Bytes  JMP 002C0600 
    .text           C:\WINDOWS\system32\ctfmon.exe[592] USER32.dll!SetWindowsHookExW                                                                           7E3A820F 5 Bytes  JMP 002D0804 
    .text           C:\WINDOWS\system32\ctfmon.exe[592] USER32.dll!UnhookWindowsHookEx                                                                         7E3AD5F3 5 Bytes  JMP 002D0A08 
    .text           C:\WINDOWS\system32\ctfmon.exe[592] USER32.dll!SetWindowsHookExA                                                                           7E3B1211 5 Bytes  JMP 002D0600 
    .text           C:\WINDOWS\system32\ctfmon.exe[592] USER32.dll!SetWinEventHook                                                                             7E3B17F7 5 Bytes  JMP 002D01F8 
    .text           C:\WINDOWS\system32\ctfmon.exe[592] USER32.dll!UnhookWinEvent                                                                              7E3B18AC 5 Bytes  JMP 002D03FC 
    .text           C:\WINDOWS\System32\smss.exe[600] ntdll.dll!RtlDosSearchPath_U + 1D1                                                                       7C9271AA 1 Byte  [62]
    .text           C:\Program Files\Real\RealPlayer\update\realsched.exe[632] ntdll.dll!LdrLoadDll                                                            7C9263A3 5 Bytes  JMP 001401F8 
    .text           C:\Program Files\Real\RealPlayer\update\realsched.exe[632] ntdll.dll!RtlDosSearchPath_U + 1D1                                              7C9271AA 1 Byte  [62]
    .text           C:\Program Files\Real\RealPlayer\update\realsched.exe[632] ntdll.dll!LdrUnloadDll                                                          7C92736B 5 Bytes  JMP 001403FC 
    .text           C:\Program Files\Real\RealPlayer\update\realsched.exe[632] kernel32.dll!SetUnhandledExceptionFilter                                        7C8449FD 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
    .text           C:\Program Files\Real\RealPlayer\update\realsched.exe[632] kernel32.dll!GetBinaryTypeW + 80                                                7C868C2C 1 Byte  [62]
    .text           C:\Program Files\Real\RealPlayer\update\realsched.exe[632] ADVAPI32.dll!SetServiceObjectSecurity                                           77E06D59 5 Bytes  JMP 00391014 
    .text           C:\Program Files\Real\RealPlayer\update\realsched.exe[632] ADVAPI32.dll!ChangeServiceConfigA                                               77E06E41 5 Bytes  JMP 00390804 
    .text           C:\Program Files\Real\RealPlayer\update\realsched.exe[632] ADVAPI32.dll!ChangeServiceConfigW                                               77E06FD9 5 Bytes  JMP 00390A08 
    .text           C:\Program Files\Real\RealPlayer\update\realsched.exe[632] ADVAPI32.dll!ChangeServiceConfig2A                                              77E070D9 5 Bytes  JMP 00390C0C 
    .text           C:\Program Files\Real\RealPlayer\update\realsched.exe[632] ADVAPI32.dll!ChangeServiceConfig2W                                              77E07161 5 Bytes  JMP 00390E10 
    .text           C:\Program Files\Real\RealPlayer\update\realsched.exe[632] ADVAPI32.dll!CreateServiceA                                                     77E071E9 5 Bytes  JMP 003901F8 
    .text           C:\Program Files\Real\RealPlayer\update\realsched.exe[632] ADVAPI32.dll!CreateServiceW                                                     77E07381 5 Bytes  JMP 003903FC 
    .text           C:\Program Files\Real\RealPlayer\update\realsched.exe[632] ADVAPI32.dll!DeleteService                                                      77E07489 5 Bytes  JMP 00390600 
    .text           C:\Program Files\Real\RealPlayer\update\realsched.exe[632] USER32.dll!SetWindowsHookExW                                                    7E3A820F 5 Bytes  JMP 003A0804 
    .text           C:\Program Files\Real\RealPlayer\update\realsched.exe[632] USER32.dll!UnhookWindowsHookEx                                                  7E3AD5F3 5 Bytes  JMP 003A0A08 
    .text           C:\Program Files\Real\RealPlayer\update\realsched.exe[632] USER32.dll!SetWindowsHookExA                                                    7E3B1211 5 Bytes  JMP 003A0600 
    .text           C:\Program Files\Real\RealPlayer\update\realsched.exe[632] USER32.dll!SetWinEventHook                                                      7E3B17F7 5 Bytes  JMP 003A01F8 
    .text           C:\Program Files\Real\RealPlayer\update\realsched.exe[632] USER32.dll!UnhookWinEvent                                                       7E3B18AC 5 Bytes  JMP 003A03FC 
    .text           C:\WINDOWS\system32\csrss.exe[648] ntdll.dll!RtlDosSearchPath_U + 1D1                                                                      7C9271AA 1 Byte  [62]
    .text           C:\WINDOWS\system32\csrss.exe[648] KERNEL32.dll!GetBinaryTypeW + 80                                                                        7C868C2C 1 Byte  [62]
    .text           C:\WINDOWS\system32\winlogon.exe[672] ntdll.dll!RtlDosSearchPath_U + 1D1                                                                   7C9271AA 1 Byte  [62]
    .text           C:\WINDOWS\system32\winlogon.exe[672] kernel32.dll!GetBinaryTypeW + 80                                                                     7C868C2C 1 Byte  [62]
    .text           C:\WINDOWS\system32\services.exe[716] ntdll.dll!RtlDosSearchPath_U + 1D1                                                                   7C9271AA 1 Byte  [62]
    .text           C:\WINDOWS\system32\services.exe[716] kernel32.dll!GetBinaryTypeW + 80                                                                     7C868C2C 1 Byte  [62]
    .text           C:\WINDOWS\system32\lsass.exe[728] ntdll.dll!RtlDosSearchPath_U + 1D1                                                                      7C9271AA 1 Byte  [62]
    .text           C:\WINDOWS\system32\lsass.exe[728] kernel32.dll!GetBinaryTypeW + 80                                                                        7C868C2C 1 Byte  [62]
    .text           C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!RtlDosSearchPath_U + 1D1                                                                    7C9271AA 1 Byte  [62]
    .text           C:\WINDOWS\system32\svchost.exe[900] kernel32.dll!GetBinaryTypeW + 80                                                                      7C868C2C 1 Byte  [62]
    .text           C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!RtlDosSearchPath_U + 1D1                                                                    7C9271AA 1 Byte  [62]
    .text           C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!GetBinaryTypeW + 80                                                                      7C868C2C 1 Byte  [62]
    .text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1024] ntdll.dll!LdrLoadDll                                         7C9263A3 5 Bytes  JMP 001501F8 
    .text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1024] ntdll.dll!RtlDosSearchPath_U + 1D1                           7C9271AA 1 Byte  [62]
    .text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1024] ntdll.dll!LdrUnloadDll                                       7C92736B 5 Bytes  JMP 001503FC 
    .text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1024] kernel32.dll!GetBinaryTypeW + 80                             7C868C2C 1 Byte  [62]
    .text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1024] ADVAPI32.dll!SetServiceObjectSecurity                        77E06D59 5 Bytes  JMP 00391014 
    .text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1024] ADVAPI32.dll!ChangeServiceConfigA                            77E06E41 5 Bytes  JMP 00390804 
    .text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1024] ADVAPI32.dll!ChangeServiceConfigW                            77E06FD9 5 Bytes  JMP 00390A08 
    .text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1024] ADVAPI32.dll!ChangeServiceConfig2A                           77E070D9 5 Bytes  JMP 00390C0C 
    .text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1024] ADVAPI32.dll!ChangeServiceConfig2W                           77E07161 5 Bytes  JMP 00390E10 
    .text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1024] ADVAPI32.dll!CreateServiceA                                  77E071E9 5 Bytes  JMP 003901F8 
    .text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1024] ADVAPI32.dll!CreateServiceW                                  77E07381 5 Bytes  JMP 003903FC 
    .text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1024] ADVAPI32.dll!DeleteService                                   77E07489 5 Bytes  JMP 00390600 
    .text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1024] USER32.dll!SetWindowsHookExW                                 7E3A820F 5 Bytes  JMP 00F20804 
    .text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1024] USER32.dll!UnhookWindowsHookEx                               7E3AD5F3 5 Bytes  JMP 00F20A08 
    .text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1024] USER32.dll!SetWindowsHookExA                                 7E3B1211 5 Bytes  JMP 00F20600 
    .text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1024] USER32.dll!SetWinEventHook                                   7E3B17F7 5 Bytes  JMP 00F201F8 
    .text           C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1024] USER32.dll!UnhookWinEvent                                    7E3B18AC 5 Bytes  JMP 00F203FC 
    .text           C:\Program Files\Java\jre7\bin\jqs.exe[1048] ntdll.dll!LdrLoadDll                                                                          7C9263A3 5 Bytes  JMP 001501F8 
    .text           C:\Program Files\Java\jre7\bin\jqs.exe[1048] ntdll.dll!RtlDosSearchPath_U + 1D1                                                            7C9271AA 1 Byte  [62]
    .text           C:\Program Files\Java\jre7\bin\jqs.exe[1048] ntdll.dll!LdrUnloadDll                                                                        7C92736B 5 Bytes  JMP 001503FC 
    .text           C:\Program Files\Java\jre7\bin\jqs.exe[1048] kernel32.dll!GetBinaryTypeW + 80                                                              7C868C2C 1 Byte  [62]
    .text           C:\Program Files\Java\jre7\bin\jqs.exe[1048] ADVAPI32.dll!SetServiceObjectSecurity                                                         77E06D59 5 Bytes  JMP 00391014 
    .text           C:\Program Files\Java\jre7\bin\jqs.exe[1048] ADVAPI32.dll!ChangeServiceConfigA                                                             77E06E41 5 Bytes  JMP 00390804 
    .text           C:\Program Files\Java\jre7\bin\jqs.exe[1048] ADVAPI32.dll!ChangeServiceConfigW                                                             77E06FD9 5 Bytes  JMP 00390A08 
    .text           C:\Program Files\Java\jre7\bin\jqs.exe[1048] ADVAPI32.dll!ChangeServiceConfig2A                                                            77E070D9 5 Bytes  JMP 00390C0C 
    .text           C:\Program Files\Java\jre7\bin\jqs.exe[1048] ADVAPI32.dll!ChangeServiceConfig2W                                                            77E07161 5 Bytes  JMP 00390E10 
    .text           C:\Program Files\Java\jre7\bin\jqs.exe[1048] ADVAPI32.dll!CreateServiceA                                                                   77E071E9 5 Bytes  JMP 003901F8 
    .text           C:\Program Files\Java\jre7\bin\jqs.exe[1048] ADVAPI32.dll!CreateServiceW                                                                   77E07381 5 Bytes  JMP 003903FC 
    .text           C:\Program Files\Java\jre7\bin\jqs.exe[1048] ADVAPI32.dll!DeleteService                                                                    77E07489 5 Bytes  JMP 00390600 
    .text           C:\Program Files\Java\jre7\bin\jqs.exe[1048] user32.dll!SetWindowsHookExW                                                                  7E3A820F 5 Bytes  JMP 006B0804 
    .text           C:\Program Files\Java\jre7\bin\jqs.exe[1048] user32.dll!UnhookWindowsHookEx                                                                7E3AD5F3 5 Bytes  JMP 006B0A08 
    .text           C:\Program Files\Java\jre7\bin\jqs.exe[1048] user32.dll!SetWindowsHookExA                                                                  7E3B1211 5 Bytes  JMP 006B0600 
    .text           C:\Program Files\Java\jre7\bin\jqs.exe[1048] user32.dll!SetWinEventHook                                                                    7E3B17F7 5 Bytes  JMP 006B01F8 
    .text           C:\Program Files\Java\jre7\bin\jqs.exe[1048] user32.dll!UnhookWinEvent                                                                     7E3B18AC 5 Bytes  JMP 006B03FC 
    .text           C:\WINDOWS\System32\svchost.exe[1064] ntdll.dll!RtlDosSearchPath_U + 1D1                                                                   7C9271AA 1 Byte  [62]
    .text           C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!GetBinaryTypeW + 80                                                                     7C868C2C 1 Byte  [62]
    .text           C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!RtlDosSearchPath_U + 1D1                                                                   7C9271AA 1 Byte  [62]
    .text           C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!GetBinaryTypeW + 80                                                                     7C868C2C 1 Byte  [62]
    .text           C:\WINDOWS\System32\alg.exe[1160] ntdll.dll!LdrLoadDll                                                                                     7C9263A3 5 Bytes  JMP 000901F8 
    .text           C:\WINDOWS\System32\alg.exe[1160] ntdll.dll!RtlDosSearchPath_U + 1D1                                                                       7C9271AA 1 Byte  [62]
    .text           C:\WINDOWS\System32\alg.exe[1160] ntdll.dll!LdrUnloadDll                                                                                   7C92736B 5 Bytes  JMP 000903FC 
    .text           C:\WINDOWS\System32\alg.exe[1160] kernel32.dll!GetBinaryTypeW + 80                                                                         7C868C2C 1 Byte  [62]
    .text           C:\WINDOWS\System32\alg.exe[1160] USER32.dll!SetWindowsHookExW                                                                             7E3A820F 5 Bytes  JMP 002B0804 
    .text           C:\WINDOWS\System32\alg.exe[1160] USER32.dll!UnhookWindowsHookEx                                                                           7E3AD5F3 5 Bytes  JMP 002B0A08 
    .text           C:\WINDOWS\System32\alg.exe[1160] USER32.dll!SetWindowsHookExA                                                                             7E3B1211 5 Bytes  JMP 002B0600 
    .text           C:\WINDOWS\System32\alg.exe[1160] USER32.dll!SetWinEventHook                                                                               7E3B17F7 5 Bytes  JMP 002B01F8 
    .text           C:\WINDOWS\System32\alg.exe[1160] USER32.dll!UnhookWinEvent                                                                                7E3B18AC 5 Bytes  JMP 002B03FC 
    .text           C:\WINDOWS\System32\alg.exe[1160] ADVAPI32.dll!SetServiceObjectSecurity                                                                    77E06D59 5 Bytes  JMP 002C1014 
    .text           C:\WINDOWS\System32\alg.exe[1160] ADVAPI32.dll!ChangeServiceConfigA                                                                        77E06E41 5 Bytes  JMP 002C0804 
    .text           C:\WINDOWS\System32\alg.exe[1160] ADVAPI32.dll!ChangeServiceConfigW                                                                        77E06FD9 5 Bytes  JMP 002C0A08 
    .text           C:\WINDOWS\System32\alg.exe[1160] ADVAPI32.dll!ChangeServiceConfig2A                                                                       77E070D9 5 Bytes  JMP 002C0C0C 
    .text           C:\WINDOWS\System32\alg.exe[1160] ADVAPI32.dll!ChangeServiceConfig2W                                                                       77E07161 5 Bytes  JMP 002C0E10 
    .text           C:\WINDOWS\System32\alg.exe[1160] ADVAPI32.dll!CreateServiceA                                                                              77E071E9 5 Bytes  JMP 002C01F8 
    .text           C:\WINDOWS\System32\alg.exe[1160] ADVAPI32.dll!CreateServiceW                                                                              77E07381 5 Bytes  JMP 002C03FC 
    .text           C:\WINDOWS\System32\alg.exe[1160] ADVAPI32.dll!DeleteService                                                                               77E07489 5 Bytes  JMP 002C0600 
    .text           C:\WINDOWS\system32\svchost.exe[1164] ntdll.dll!RtlDosSearchPath_U + 1D1                                                                   7C9271AA 1 Byte  [62]
    .text           C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!GetBinaryTypeW + 80                                                                     7C868C2C 1 Byte  [62]
    .text           C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!RtlDosSearchPath_U + 1D1                                                                   7C9271AA 1 Byte  [62]
    .text           C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!GetBinaryTypeW + 80                                                                     7C868C2C 1 Byte  [62]
    .text           C:\WINDOWS\system32\wscntfy.exe[1308] ntdll.dll!RtlDosSearchPath_U + 1D1                                                                   7C9271AA 1 Byte  [62]
    .text           C:\WINDOWS\system32\wscntfy.exe[1308] kernel32.dll!GetBinaryTypeW + 80                                                                     7C868C2C 1 Byte  [62]
    .text           C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1380] ntdll.dll!RtlDosSearchPath_U + 1D1                                                7C9271AA 1 Byte  [62]
    .text           C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1380] kernel32.dll!SetUnhandledExceptionFilter                                          7C8449FD 4 Bytes  [C2, 04, 00, 90] {RET 0x4; NOP }
    .text           C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1380] kernel32.dll!GetBinaryTypeW + 80                                                  7C868C2C 1 Byte  [62]
    .text           C:\WINDOWS\system32\spoolsv.exe[1480] ntdll.dll!RtlDosSearchPath_U + 1D1                                                                   7C9271AA 1 Byte  [62]
    .text           C:\WINDOWS\system32\spoolsv.exe[1480] kernel32.dll!GetBinaryTypeW + 80                                                                     7C868C2C 1 Byte  [62]
    .text           C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!LdrLoadDll                                                                                 7C9263A3 5 Bytes  JMP 000901F8 
    .text           C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!RtlDosSearchPath_U + 1D1                                                                   7C9271AA 1 Byte  [62]
    .text           C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!LdrUnloadDll                                                                               7C92736B 5 Bytes  JMP 000903FC 
    .text           C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!GetBinaryTypeW + 80                                                                     7C868C2C 1 Byte  [62]
    .text           C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!SetServiceObjectSecurity                                                                77E06D59 5 Bytes  JMP 002B1014 
    .text           C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!ChangeServiceConfigA                                                                    77E06E41 5 Bytes  JMP 002B0804 
    .text           C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!ChangeServiceConfigW                                                                    77E06FD9 5 Bytes  JMP 002B0A08 
    .text           C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!ChangeServiceConfig2A                                                                   77E070D9 5 Bytes  JMP 002B0C0C 
    .text           C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!ChangeServiceConfig2W                                                                   77E07161 5 Bytes  JMP 002B0E10 
    .text           C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!CreateServiceA                                                                          77E071E9 5 Bytes  JMP 002B01F8 
    .text           C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!CreateServiceW                                                                          77E07381 5 Bytes  JMP 002B03FC 
    .text           C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!DeleteService                                                                           77E07489 5 Bytes  JMP 002B0600 
    .text           C:\WINDOWS\system32\svchost.exe[1528] USER32.dll!SetWindowsHookExW                                                                         7E3A820F 5 Bytes  JMP 002C0804 
    .text           C:\WINDOWS\system32\svchost.exe[1528] USER32.dll!UnhookWindowsHookEx                                                                       7E3AD5F3 5 Bytes  JMP 002C0A08 
    .text           C:\WINDOWS\system32\svchost.exe[1528] USER32.dll!SetWindowsHookExA                                                                         7E3B1211 5 Bytes  JMP 002C0600 
    .text           C:\WINDOWS\system32\svchost.exe[1528] USER32.dll!SetWinEventHook                                                                           7E3B17F7 5 Bytes  JMP 002C01F8 
    .text           C:\WINDOWS\system32\svchost.exe[1528] USER32.dll!UnhookWinEvent                                                                            7E3B18AC 5 Bytes  JMP 002C03FC 
    .text           C:\Programmes pour le PC\Update checker\FileHippo.com\UpdateChecker.exe[1728] ntdll.dll!RtlDosSearchPath_U + 1D1                           7C9271AA 1 Byte  [62]
    .text           C:\Programmes pour le PC\Update checker\FileHippo.com\UpdateChecker.exe[1728] KERNEL32.dll!GetBinaryTypeW + 80                             7C868C2C 1 Byte  [62]
    .text           C:\Program Files\iPod\bin\iPodService.exe[2008] ntdll.dll!LdrLoadDll                                                                       7C9263A3 5 Bytes  JMP 001501F8 
    .text           C:\Program Files\iPod\bin\iPodService.exe[2008] ntdll.dll!RtlDosSearchPath_U + 1D1                                                         7C9271AA 1 Byte  [62]
    .text           C:\Program Files\iPod\bin\iPodService.exe[2008] ntdll.dll!LdrUnloadDll                                                                     7C92736B 5 Bytes  JMP 001503FC 
    .text           C:\Program Files\iPod\bin\iPodService.exe[2008] kernel32.dll!GetBinaryTypeW + 80                                                           7C868C2C 1 Byte  [62]
    .text           C:\Program Files\iPod\bin\iPodService.exe[2008] ADVAPI32.dll!SetServiceObjectSecurity                                                      77E06D59 5 Bytes  JMP 00391014 
    .text           C:\Program Files\iPod\bin\iPodService.exe[2008] ADVAPI32.dll!ChangeServiceConfigA                                                          77E06E41 5 Bytes  JMP 00390804 
    .text           C:\Program Files\iPod\bin\iPodService.exe[2008] ADVAPI32.dll!ChangeServiceConfigW                                                          77E06FD9 5 Bytes  JMP 00390A08 
    .text           C:\Program Files\iPod\bin\iPodService.exe[2008] ADVAPI32.dll!ChangeServiceConfig2A                                                         77E070D9 5 Bytes  JMP 00390C0C 
    .text           C:\Program Files\iPod\bin\iPodService.exe[2008] ADVAPI32.dll!ChangeServiceConfig2W                                                         77E07161 5 Bytes  JMP 00390E10 
    .text           C:\Program Files\iPod\bin\iPodService.exe[2008] ADVAPI32.dll!CreateServiceA                                                                77E071E9 5 Bytes  JMP 003901F8 
    .text           C:\Program Files\iPod\bin\iPodService.exe[2008] ADVAPI32.dll!CreateServiceW                                                                77E07381 5 Bytes  JMP 003903FC 
    .text           C:\Program Files\iPod\bin\iPodService.exe[2008] ADVAPI32.dll!DeleteService                                                                 77E07489 5 Bytes  JMP 00390600 
    .text           C:\Program Files\iPod\bin\iPodService.exe[2008] USER32.dll!SetWindowsHookExW                                                               7E3A820F 5 Bytes  JMP 003A0804 
    .text           C:\Program Files\iPod\bin\iPodService.exe[2008] USER32.dll!UnhookWindowsHookEx                                                             7E3AD5F3 5 Bytes  JMP 003A0A08 
    .text           C:\Program Files\iPod\bin\iPodService.exe[2008] USER32.dll!SetWindowsHookExA                                                               7E3B1211 5 Bytes  JMP 003A0600 
    .text           C:\Program Files\iPod\bin\iPodService.exe[2008] USER32.dll!SetWinEventHook                                                                 7E3B17F7 5 Bytes  JMP 003A01F8 
    .text           C:\Program Files\iPod\bin\iPodService.exe[2008] USER32.dll!UnhookWinEvent                                                                  7E3B18AC 5 Bytes  JMP 003A03FC 
    .text           C:\Program Files\Real\RealPlayer\RealPlay.exe[2164] ntdll.dll!LdrLoadDll                                                                   7C9263A3 5 Bytes  JMP 001501F8 
    .text           C:\Program Files\Real\RealPlayer\RealPlay.exe[2164] ntdll.dll!RtlDosSearchPath_U + 1D1                                                     7C9271AA 1 Byte  [62]
    .text           C:\Program Files\Real\RealPlayer\RealPlay.exe[2164] ntdll.dll!LdrUnloadDll                                                                 7C92736B 5 Bytes  JMP 001503FC 
    .text           C:\Program Files\Real\RealPlayer\RealPlay.exe[2164] kernel32.dll!SetUnhandledExceptionFilter                                               7C8449FD 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
    .text           C:\Program Files\Real\RealPlayer\RealPlay.exe[2164] kernel32.dll!GetBinaryTypeW + 80                                                       7C868C2C 1 Byte  [62]
    .text           C:\Program Files\Real\RealPlayer\RealPlay.exe[2164] ADVAPI32.dll!SetServiceObjectSecurity                                                  77E06D59 5 Bytes  JMP 003A1014 
    .text           C:\Program Files\Real\RealPlayer\RealPlay.exe[2164] ADVAPI32.dll!ChangeServiceConfigA                                                      77E06E41 5 Bytes  JMP 003A0804 
    .text           C:\Program Files\Real\RealPlayer\RealPlay.exe[2164] ADVAPI32.dll!ChangeServiceConfigW                                                      77E06FD9 5 Bytes  JMP 003A0A08 
    .text           C:\Program Files\Real\RealPlayer\RealPlay.exe[2164] ADVAPI32.dll!ChangeServiceConfig2A                                                     77E070D9 5 Bytes  JMP 003A0C0C 
    .text           C:\Program Files\Real\RealPlayer\RealPlay.exe[2164] ADVAPI32.dll!ChangeServiceConfig2W                                                     77E07161 5 Bytes  JMP 003A0E10 
    .text           C:\Program Files\Real\RealPlayer\RealPlay.exe[2164] ADVAPI32.dll!CreateServiceA                                                            77E071E9 5 Bytes  JMP 003A01F8 
    .text           C:\Program Files\Real\RealPlayer\RealPlay.exe[2164] ADVAPI32.dll!CreateServiceW                                                            77E07381 5 Bytes  JMP 003A03FC 
    .text           C:\Program Files\Real\RealPlayer\RealPlay.exe[2164] ADVAPI32.dll!DeleteService                                                             77E07489 5 Bytes  JMP 003A0600 
    .text           C:\Program Files\Real\RealPlayer\RealPlay.exe[2164] USER32.dll!SetWindowsHookExW                                                           7E3A820F 5 Bytes  JMP 003B0804 
    .text           C:\Program Files\Real\RealPlayer\RealPlay.exe[2164] USER32.dll!UnhookWindowsHookEx                                                         7E3AD5F3 3 Bytes  JMP 003B0A08 
    .text           C:\Program Files\Real\RealPlayer\RealPlay.exe[2164] USER32.dll!UnhookWindowsHookEx + 4                                                     7E3AD5F7 1 Byte  [82]
    .text           C:\Program Files\Real\RealPlayer\RealPlay.exe[2164] USER32.dll!SetWindowsHookExA                                                           7E3B1211 5 Bytes  JMP 003B0600 
    .text           C:\Program Files\Real\RealPlayer\RealPlay.exe[2164] USER32.dll!SetWinEventHook                                                             7E3B17F7 5 Bytes  JMP 003B01F8 
    .text           C:\Program Files\Real\RealPlayer\RealPlay.exe[2164] USER32.dll!UnhookWinEvent                                                              7E3B18AC 5 Bytes  JMP 003B03FC 
    .text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2356] ntdll.dll!LdrLoadDll                                                                           7C9263A3 5 Bytes  JMP 000901F8 
    .text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2356] ntdll.dll!RtlDosSearchPath_U + 1D1                                                             7C9271AA 1 Byte  [62]
    .text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2356] ntdll.dll!LdrUnloadDll                                                                         7C92736B 5 Bytes  JMP 000903FC 
    .text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2356] kernel32.dll!GetBinaryTypeW + 80                                                               7C868C2C 1 Byte  [62]
    .text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2356] ADVAPI32.dll!SetServiceObjectSecurity                                                          77E06D59 5 Bytes  JMP 002B1014 
    .text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2356] ADVAPI32.dll!ChangeServiceConfigA                                                              77E06E41 5 Bytes  JMP 002B0804 
    .text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2356] ADVAPI32.dll!ChangeServiceConfigW                                                              77E06FD9 5 Bytes  JMP 002B0A08 
    .text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2356] ADVAPI32.dll!ChangeServiceConfig2A                                                             77E070D9 5 Bytes  JMP 002B0C0C 
    .text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2356] ADVAPI32.dll!ChangeServiceConfig2W                                                             77E07161 5 Bytes  JMP 002B0E10 
    .text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2356] ADVAPI32.dll!CreateServiceA                                                                    77E071E9 5 Bytes  JMP 002B01F8 
    .text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2356] ADVAPI32.dll!CreateServiceW                                                                    77E07381 5 Bytes  JMP 002B03FC 
    .text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2356] ADVAPI32.dll!DeleteService                                                                     77E07489 5 Bytes  JMP 002B0600 
    .text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2356] USER32.dll!SetWindowsHookExW                                                                   7E3A820F 5 Bytes  JMP 002C0804 
    .text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2356] USER32.dll!UnhookWindowsHookEx                                                                 7E3AD5F3 5 Bytes  JMP 002C0A08 
    .text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2356] USER32.dll!SetWindowsHookExA                                                                   7E3B1211 5 Bytes  JMP 002C0600 
    .text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2356] USER32.dll!SetWinEventHook                                                                     7E3B17F7 5 Bytes  JMP 002C01F8 
    .text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2356] USER32.dll!UnhookWinEvent                                                                      7E3B18AC 5 Bytes  JMP 002C03FC 
    .text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2408] ntdll.dll!LdrLoadDll                                                                           7C9263A3 5 Bytes  JMP 000901F8 
    .text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2408] ntdll.dll!RtlDosSearchPath_U + 1D1                                                             7C9271AA 1 Byte  [62]
    .text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2408] ntdll.dll!LdrUnloadDll                                                                         7C92736B 5 Bytes  JMP 000903FC 
    .text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2408] kernel32.dll!GetBinaryTypeW + 80                                                               7C868C2C 1 Byte  [62]
    .text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2408] ADVAPI32.dll!SetServiceObjectSecurity                                                          77E06D59 5 Bytes  JMP 002B1014 
    .text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2408] ADVAPI32.dll!ChangeServiceConfigA                                                              77E06E41 5 Bytes  JMP 002B0804 
    .text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2408] ADVAPI32.dll!ChangeServiceConfigW                                                              77E06FD9 5 Bytes  JMP 002B0A08 
    .text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2408] ADVAPI32.dll!ChangeServiceConfig2A                                                             77E070D9 5 Bytes  JMP 002B0C0C 
    .text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2408] ADVAPI32.dll!ChangeServiceConfig2W                                                             77E07161 5 Bytes  JMP 002B0E10 
    .text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2408] ADVAPI32.dll!CreateServiceA                                                                    77E071E9 5 Bytes  JMP 002B01F8 
    .text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2408] ADVAPI32.dll!CreateServiceW                                                                    77E07381 5 Bytes  JMP 002B03FC 
    .text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2408] ADVAPI32.dll!DeleteService                                                                     77E07489 5 Bytes  JMP 002B0600 
    .text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2408] USER32.dll!SetWindowsHookExW                                                                   7E3A820F 5 Bytes  JMP 002C0804 
    .text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2408] USER32.dll!UnhookWindowsHookEx                                                                 7E3AD5F3 5 Bytes  JMP 002C0A08 
    .text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2408] USER32.dll!SetWindowsHookExA                                                                   7E3B1211 5 Bytes  JMP 002C0600 
    .text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2408] USER32.dll!SetWinEventHook                                                                     7E3B17F7 5 Bytes  JMP 002C01F8 
    .text           C:\WINDOWS\system32\wbem\wmiprvse.exe[2408] USER32.dll!UnhookWinEvent                                                                      7E3B18AC 5 Bytes  JMP 002C03FC 
    .text           C:\Documents and Settings\Vincent\Mes documents\téléchargement\sbsscqii.exe[2744] ntdll.dll!RtlDosSearchPath_U + 1D1                       7C9271AA 1 Byte  [62]
    .text           C:\Documents and Settings\Vincent\Mes documents\téléchargement\sbsscqii.exe[2744] kernel32.dll!GetBinaryTypeW + 80                         7C868C2C 1 Byte  [62]
    .text           C:\WINDOWS\Explorer.EXE[3376] ntdll.dll!LdrLoadDll                                                                                         7C9263A3 5 Bytes  JMP 000901F8 
    .text           C:\WINDOWS\Explorer.EXE[3376] ntdll.dll!RtlDosSearchPath_U + 1D1                                                                           7C9271AA 1 Byte  [62]
    .text           C:\WINDOWS\Explorer.EXE[3376] ntdll.dll!LdrUnloadDll                                                                                       7C92736B 5 Bytes  JMP 000903FC 
    .text           C:\WINDOWS\Explorer.EXE[3376] kernel32.dll!GetBinaryTypeW + 80                                                                             7C868C2C 1 Byte  [62]
    .text           C:\WINDOWS\Explorer.EXE[3376] ADVAPI32.dll!SetServiceObjectSecurity                                                                        77E06D59 5 Bytes  JMP 002C1014 
    .text           C:\WINDOWS\Explorer.EXE[3376] ADVAPI32.dll!ChangeServiceConfigA                                                                            77E06E41 5 Bytes  JMP 002C0804 
    .text           C:\WINDOWS\Explorer.EXE[3376] ADVAPI32.dll!ChangeServiceConfigW                                                                            77E06FD9 5 Bytes  JMP 002C0A08 
    .text           C:\WINDOWS\Explorer.EXE[3376] ADVAPI32.dll!ChangeServiceConfig2A                                                                           77E070D9 5 Bytes  JMP 002C0C0C 
    .text           C:\WINDOWS\Explorer.EXE[3376] ADVAPI32.dll!ChangeServiceConfig2W                                                                           77E07161 5 Bytes  JMP 002C0E10 
    .text           C:\WINDOWS\Explorer.EXE[3376] ADVAPI32.dll!CreateServiceA                                                                                  77E071E9 5 Bytes  JMP 002C01F8 
    .text           C:\WINDOWS\Explorer.EXE[3376] ADVAPI32.dll!CreateServiceW                                                                                  77E07381 5 Bytes  JMP 002C03FC 
    .text           C:\WINDOWS\Explorer.EXE[3376] ADVAPI32.dll!DeleteService                                                                                   77E07489 5 Bytes  JMP 002C0600 
    .text           C:\WINDOWS\Explorer.EXE[3376] USER32.dll!SetWindowsHookExW                                                                                 7E3A820F 5 Bytes  JMP 002D0804 
    .text           C:\WINDOWS\Explorer.EXE[3376] USER32.dll!UnhookWindowsHookEx                                                                               7E3AD5F3 5 Bytes  JMP 002D0A08 
    .text           C:\WINDOWS\Explorer.EXE[3376] USER32.dll!SetWindowsHookExA                                                                                 7E3B1211 5 Bytes  JMP 002D0600 
    .text           C:\WINDOWS\Explorer.EXE[3376] USER32.dll!SetWinEventHook                                                                                   7E3B17F7 5 Bytes  JMP 002D01F8 
    .text           C:\WINDOWS\Explorer.EXE[3376] USER32.dll!UnhookWinEvent                                                                                    7E3B18AC 5 Bytes  JMP 002D03FC 
    .text           C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe[3484] ntdll.dll!LdrLoadDll                                 7C9263A3 5 Bytes  JMP 001401F8 
    .text           C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe[3484] ntdll.dll!RtlDosSearchPath_U + 1D1                   7C9271AA 1 Byte  [62]
    .text           C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe[3484] ntdll.dll!LdrUnloadDll                               7C92736B 5 Bytes  JMP 001403FC 
    .text           C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe[3484] kernel32.dll!GetBinaryTypeW + 80                     7C868C2C 1 Byte  [62]
    .text           C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe[3484] ADVAPI32.dll!SetServiceObjectSecurity                77E06D59 5 Bytes  JMP 00381014 
    .text           C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe[3484] ADVAPI32.dll!ChangeServiceConfigA                    77E06E41 5 Bytes  JMP 00380804 
    .text           C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe[3484] ADVAPI32.dll!ChangeServiceConfigW                    77E06FD9 5 Bytes  JMP 00380A08 
    .text           C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe[3484] ADVAPI32.dll!ChangeServiceConfig2A                   77E070D9 5 Bytes  JMP 00380C0C 
    .text           C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe[3484] ADVAPI32.dll!ChangeServiceConfig2W                   77E07161 5 Bytes  JMP 00380E10 
    .text           C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe[3484] ADVAPI32.dll!CreateServiceA                          77E071E9 5 Bytes  JMP 003801F8 
    .text           C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe[3484] ADVAPI32.dll!CreateServiceW                          77E07381 5 Bytes  JMP 003803FC 
    .text           C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe[3484] ADVAPI32.dll!DeleteService                           77E07489 5 Bytes  JMP 00380600 
    .text           C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe[3484] USER32.dll!SetWindowsHookExW                         7E3A820F 5 Bytes  JMP 00390804 
    .text           C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe[3484] USER32.dll!UnhookWindowsHookEx                       7E3AD5F3 5 Bytes  JMP 00390A08 
    .text           C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe[3484] USER32.dll!SetWindowsHookExA                         7E3B1211 5 Bytes  JMP 00390600 
    .text           C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe[3484] USER32.dll!SetWinEventHook                           7E3B17F7 5 Bytes  JMP 003901F8 
    .text           C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe[3484] USER32.dll!UnhookWinEvent                            7E3B18AC 5 Bytes  JMP 003903FC 
    .text           C:\Program Files\Mozilla Firefox\firefox.exe[3500] ntdll.dll!LdrLoadDll                                                                    7C9263A3 5 Bytes  JMP 0123B52A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text           C:\Program Files\Mozilla Firefox\firefox.exe[3500] ntdll.dll!RtlDosSearchPath_U + 1D1                                                      7C9271AA 1 Byte  [62]
    .text           C:\Program Files\Mozilla Firefox\firefox.exe[3500] ntdll.dll!LdrUnloadDll                                                                  7C92736B 5 Bytes  JMP 001503FC 
    .text           C:\Program Files\Mozilla Firefox\firefox.exe[3500] kernel32.dll!lstrlenW + 43                                                              7C809ADC 7 Bytes  JMP 014EB6F5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text           C:\Program Files\Mozilla Firefox\firefox.exe[3500] kernel32.dll!MapViewOfFileEx + 6A                                                       7C80B990 7 Bytes  JMP 014EB6D2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text           C:\Program Files\Mozilla Firefox\firefox.exe[3500] kernel32.dll!GetBinaryTypeW + 80                                                        7C868C2C 1 Byte  [62]
    .text           C:\Program Files\Mozilla Firefox\firefox.exe[3500] USER32.dll!SetWindowsHookExW                                                            7E3A820F 5 Bytes  JMP 002D0804 
    .text           C:\Program Files\Mozilla Firefox\firefox.exe[3500] USER32.dll!UnhookWindowsHookEx                                                          7E3AD5F3 5 Bytes  JMP 002D0A08 
    .text           C:\Program Files\Mozilla Firefox\firefox.exe[3500] USER32.dll!SetWindowsHookExA                                                            7E3B1211 5 Bytes  JMP 002D0600 
    .text           C:\Program Files\Mozilla Firefox\firefox.exe[3500] USER32.dll!SetWinEventHook                                                              7E3B17F7 5 Bytes  JMP 002D01F8 
    .text           C:\Program Files\Mozilla Firefox\firefox.exe[3500] USER32.dll!UnhookWinEvent                                                               7E3B18AC 5 Bytes  JMP 002D03FC 
    .text           C:\Program Files\Mozilla Firefox\firefox.exe[3500] GDI32.dll!SetDIBitsToDevice + 209                                                       77EF9E04 7 Bytes  JMP 014EB653 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text           C:\Program Files\Mozilla Firefox\firefox.exe[3500] ADVAPI32.dll!SetServiceObjectSecurity                                                   77E06D59 5 Bytes  JMP 02761014 
    .text           C:\Program Files\Mozilla Firefox\firefox.exe[3500] ADVAPI32.dll!ChangeServiceConfigA                                                       77E06E41 5 Bytes  JMP 02760804 
    .text           C:\Program Files\Mozilla Firefox\firefox.exe[3500] ADVAPI32.dll!ChangeServiceConfigW                                                       77E06FD9 5 Bytes  JMP 02760A08 
    .text           C:\Program Files\Mozilla Firefox\firefox.exe[3500] ADVAPI32.dll!ChangeServiceConfig2A                                                      77E070D9 5 Bytes  JMP 02760C0C 
    .text           C:\Program Files\Mozilla Firefox\firefox.exe[3500] ADVAPI32.dll!ChangeServiceConfig2W                                                      77E07161 5 Bytes  JMP 02760E10 
    .text           C:\Program Files\Mozilla Firefox\firefox.exe[3500] ADVAPI32.dll!CreateServiceA                                                             77E071E9 5 Bytes  JMP 027601F8 
    .text           C:\Program Files\Mozilla Firefox\firefox.exe[3500] ADVAPI32.dll!CreateServiceW                                                             77E07381 5 Bytes  JMP 027603FC 
    .text           C:\Program Files\Mozilla Firefox\firefox.exe[3500] ADVAPI32.dll!DeleteService                                                              77E07489 5 Bytes  JMP 02760600 
    .text           C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe[3576] ntdll.dll!LdrLoadDll                                                             7C9263A3 5 Bytes  JMP 001501F8 
    .text           C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe[3576] ntdll.dll!RtlDosSearchPath_U + 1D1                                               7C9271AA 1 Byte  [62]
    .text           C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe[3576] ntdll.dll!LdrUnloadDll                                                           7C92736B 5 Bytes  JMP 001503FC 
    .text           C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe[3576] kernel32.dll!GetBinaryTypeW + 80                                                 7C868C2C 1 Byte  [62]
    .text           C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe[3576] USER32.dll!SetWindowsHookExW                                                     7E3A820F 5 Bytes  JMP 00390804 
    .text           C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe[3576] USER32.dll!UnhookWindowsHookEx                                                   7E3AD5F3 5 Bytes  JMP 00390A08 
    .text           C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe[3576] USER32.dll!SetWindowsHookExA                                                     7E3B1211 5 Bytes  JMP 00390600 
    .text           C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe[3576] USER32.dll!SetWinEventHook                                                       7E3B17F7 5 Bytes  JMP 003901F8 
    .text           C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe[3576] USER32.dll!UnhookWinEvent                                                        7E3B18AC 5 Bytes  JMP 003903FC 
    .text           C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe[3576] ADVAPI32.dll!SetServiceObjectSecurity                                            77E06D59 5 Bytes  JMP 003A1014 
    .text           C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe[3576] ADVAPI32.dll!ChangeServiceConfigA                                                77E06E41 5 Bytes  JMP 003A0804 
    .text           C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe[3576] ADVAPI32.dll!ChangeServiceConfigW                                                77E06FD9 5 Bytes  JMP 003A0A08 
    .text           C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe[3576] ADVAPI32.dll!ChangeServiceConfig2A                                               77E070D9 5 Bytes  JMP 003A0C0C 
    .text           C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe[3576] ADVAPI32.dll!ChangeServiceConfig2W                                               77E07161 5 Bytes  JMP 003A0E10 
    .text           C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe[3576] ADVAPI32.dll!CreateServiceA                                                      77E071E9 5 Bytes  JMP 003A01F8 
    .text           C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe[3576] ADVAPI32.dll!CreateServiceW                                                      77E07381 5 Bytes  JMP 003A03FC 
    .text           C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe[3576] ADVAPI32.dll!DeleteService                                                       77E07489 5 Bytes  JMP 003A0600 
    .text           C:\Program Files\AVAST Software\Avast\avastUI.exe[3584] ntdll.dll!RtlDosSearchPath_U + 1D1                                                 7C9271AA 1 Byte  [62]
    .text           C:\Program Files\AVAST Software\Avast\avastUI.exe[3584] kernel32.dll!GetBinaryTypeW + 80                                                   7C868C2C 1 Byte  [62]
    .text           C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\OrangeStats.exe[3596] ntdll.dll!LdrLoadDll                   7C9263A3 5 Bytes  JMP 000501F8 
    .text           C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\OrangeStats.exe[3596] ntdll.dll!RtlDosSearchPath_U + 1D1     7C9271AA 1 Byte  [62]
    .text           C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\OrangeStats.exe[3596] ntdll.dll!LdrUnloadDll                 7C92736B 5 Bytes  JMP 000503FC 
    .text           C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\OrangeStats.exe[3596] kernel32.dll!GetBinaryTypeW + 80       7C868C2C 1 Byte  [62]
    .text           C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\OrangeStats.exe[3596] ADVAPI32.dll!SetServiceObjectSecurity  77E06D59 5 Bytes  JMP 003C1014 
    .text           C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\OrangeStats.exe[3596] ADVAPI32.dll!ChangeServiceConfigA      77E06E41 5 Bytes  JMP 003C0804 
    .text           C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\OrangeStats.exe[3596] ADVAPI32.dll!ChangeServiceConfigW      77E06FD9 5 Bytes  JMP 003C0A08 
    .text           C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\OrangeStats.exe[3596] ADVAPI32.dll!ChangeServiceConfig2A     77E070D9 5 Bytes  JMP 003C0C0C 
    .text           C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\OrangeStats.exe[3596] ADVAPI32.dll!ChangeServiceConfig2W     77E07161 5 Bytes  JMP 003C0E10 
    .text           C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\OrangeStats.exe[3596] ADVAPI32.dll!CreateServiceA            77E071E9 5 Bytes  JMP 003C01F8 
    .text           C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\OrangeStats.exe[3596] ADVAPI32.dll!CreateServiceW            77E07381 5 Bytes  JMP 003C03FC 
    .text           C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\OrangeStats.exe[3596] ADVAPI32.dll!DeleteService             77E07489 5 Bytes  JMP 003C0600 
    .text           C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\OrangeStats.exe[3596] USER32.dll!SetWindowsHookExW           7E3A820F 5 Bytes  JMP 003D0804 
    .text           C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\OrangeStats.exe[3596] USER32.dll!UnhookWindowsHookEx         7E3AD5F3 5 Bytes  JMP 003D0A08 
    .text           C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\OrangeStats.exe[3596] USER32.dll!SetWindowsHookExA           7E3B1211 5 Bytes  JMP 003D0600 
    .text           C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\OrangeStats.exe[3596] USER32.dll!SetWinEventHook             7E3B17F7 5 Bytes  JMP 003D01F8 
    .text           C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\OrangeStats.exe[3596] USER32.dll!UnhookWinEvent              7E3B18AC 5 Bytes  JMP 003D03FC 
    .text           C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\SmsNotifier.exe[3708] ntdll.dll!LdrLoadDll                   7C9263A3 5 Bytes  JMP 000501F8 
    .text           C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\SmsNotifier.exe[3708] ntdll.dll!RtlDosSearchPath_U + 1D1     7C9271AA 1 Byte  [62]
    .text           C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\SmsNotifier.exe[3708] ntdll.dll!LdrUnloadDll                 7C92736B 5 Bytes  JMP 000503FC 
    .text           C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\SmsNotifier.exe[3708] kernel32.dll!GetBinaryTypeW + 80       7C868C2C 1 Byte  [62]
    .text           C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\SmsNotifier.exe[3708] USER32.dll!SetWindowsHookExW           7E3A820F 5 Bytes  JMP 00290804 
    .text           C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\SmsNotifier.exe[3708] USER32.dll!UnhookWindowsHookEx         7E3AD5F3 5 Bytes  JMP 00290A08 
    .text           C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\SmsNotifier.exe[3708] USER32.dll!SetWindowsHookExA           7E3B1211 5 Bytes  JMP 00290600 
    .text           C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\SmsNotifier.exe[3708] USER32.dll!SetWinEventHook             7E3B17F7 5 Bytes  JMP 002901F8 
    .text           C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\SmsNotifier.exe[3708] USER32.dll!UnhookWinEvent              7E3B18AC 5 Bytes  JMP 002903FC 
    .text           C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\SmsNotifier.exe[3708] ADVAPI32.dll!SetServiceObjectSecurity  77E06D59 5 Bytes  JMP 002A1014 
    .text           C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\SmsNotifier.exe[3708] ADVAPI32.dll!ChangeServiceConfigA      77E06E41 5 Bytes  JMP 002A0804 
    .text           C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\SmsNotifier.exe[3708] ADVAPI32.dll!ChangeServiceConfigW      77E06FD9 5 Bytes  JMP 002A0A08 
    .text           C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\SmsNotifier.exe[3708] ADVAPI32.dll!ChangeServiceConfig2A     77E070D9 5 Bytes  JMP 002A0C0C 
    .text           C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\SmsNotifier.exe[3708] ADVAPI32.dll!ChangeServiceConfig2W     77E07161 5 Bytes  JMP 002A0E10 
    .text           C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\SmsNotifier.exe[3708] ADVAPI32.dll!CreateServiceA            77E071E9 5 Bytes  JMP 002A01F8 
    .text           C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\SmsNotifier.exe[3708] ADVAPI32.dll!CreateServiceW            77E07381 5 Bytes  JMP 002A03FC 
    .text           C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\SmsNotifier.exe[3708] ADVAPI32.dll!DeleteService             77E07489 5 Bytes  JMP 002A0600 
    .text           C:\WINDOWS\System32\svchost.exe[3716] ntdll.dll!LdrLoadDll                                                                                 7C9263A3 5 Bytes  JMP 000901F8 
    .text           C:\WINDOWS\System32\svchost.exe[3716] ntdll.dll!RtlDosSearchPath_U + 1D1                                                                   7C9271AA 1 Byte  [62]
    .text           C:\WINDOWS\System32\svchost.exe[3716] ntdll.dll!LdrUnloadDll                                                                               7C92736B 5 Bytes  JMP 000903FC 
    .text           C:\WINDOWS\System32\svchost.exe[3716] kernel32.dll!GetBinaryTypeW + 80                                                                     7C868C2C 1 Byte  [62]
    .text           C:\WINDOWS\System32\svchost.exe[3716] ADVAPI32.dll!SetServiceObjectSecurity                                                                77E06D59 5 Bytes  JMP 002B1014 
    .text           C:\WINDOWS\System32\svchost.exe[3716] ADVAPI32.dll!ChangeServiceConfigA                                                                    77E06E41 5 Bytes  JMP 002B0804 
    .text           C:\WINDOWS\System32\svchost.exe[3716] ADVAPI32.dll!ChangeServiceConfigW                                                                    77E06FD9 5 Bytes  JMP 002B0A08 
    .text           C:\WINDOWS\System32\svchost.exe[3716] ADVAPI32.dll!ChangeServiceConfig2A                                                                   77E070D9 5 Bytes  JMP 002B0C0C 
    .text           C:\WINDOWS\System32\svchost.exe[3716] ADVAPI32.dll!ChangeServiceConfig2W                                                                   77E07161 5 Bytes  JMP 002B0E10 
    .text           C:\WINDOWS\System32\svchost.exe[3716] ADVAPI32.dll!CreateServiceA                                                                          77E071E9 5 Bytes  JMP 002B01F8 
    .text           C:\WINDOWS\System32\svchost.exe[3716] ADVAPI32.dll!CreateServiceW                                                                          77E07381 5 Bytes  JMP 002B03FC 
    .text           C:\WINDOWS\System32\svchost.exe[3716] ADVAPI32.dll!DeleteService                                                                           77E07489 5 Bytes  JMP 002B0600 
    .text           C:\WINDOWS\System32\svchost.exe[3716] USER32.dll!SetWindowsHookExW                                                                         7E3A820F 5 Bytes  JMP 002C0804 
    .text           C:\WINDOWS\System32\svchost.exe[3716] USER32.dll!UnhookWindowsHookEx                                                                       7E3AD5F3 5 Bytes  JMP 002C0A08 
    .text           C:\WINDOWS\System32\svchost.exe[3716] USER32.dll!SetWindowsHookExA                                                                         7E3B1211 5 Bytes  JMP 002C0600 
    .text           C:\WINDOWS\System32\svchost.exe[3716] USER32.dll!SetWinEventHook                                                                           7E3B17F7 5 Bytes  JMP 002C01F8 
    .text           C:\WINDOWS\System32\svchost.exe[3716] USER32.dll!UnhookWinEvent                                                                            7E3B18AC 5 Bytes  JMP 002C03FC 
    .text           C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\HSSModule.exe[3796] ntdll.dll!LdrLoadDll                     7C9263A3 5 Bytes  JMP 000501F8 
    .text           C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\HSSModule.exe[3796] ntdll.dll!RtlDosSearchPath_U + 1D1       7C9271AA 1 Byte  [62]
    .text           C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\HSSModule.exe[3796] ntdll.dll!LdrUnloadDll                   7C92736B 5 Bytes  JMP 000503FC 
    .text           C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\HSSModule.exe[3796] kernel32.dll!GetBinaryTypeW + 80         7C868C2C 1 Byte  [62]
    .text           C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\HSSModule.exe[3796] USER32.dll!SetWindowsHookExW             7E3A820F 5 Bytes  JMP 00290804 
    .text           C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\HSSModule.exe[3796] USER32.dll!UnhookWindowsHookEx           7E3AD5F3 5 Bytes  JMP 00290A08 
    .text           C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\HSSModule.exe[3796] USER32.dll!SetWindowsHookExA             7E3B1211 5 Bytes  JMP 00290600 
    .text           C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\HSSModule.exe[3796] USER32.dll!SetWinEventHook               7E3B17F7 5 Bytes  JMP 002901F8 
    .text           C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\HSSModule.exe[3796] USER32.dll!UnhookWinEvent                7E3B18AC 5 Bytes  JMP 002903FC 
    .text           C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\HSSModule.exe[3796] ADVAPI32.dll!SetServiceObjectSecurity    77E06D59 5 Bytes  JMP 002A1014 
    .text           C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\HSSModule.exe[3796] ADVAPI32.dll!ChangeServiceConfigA        77E06E41 5 Bytes  JMP 002A0804 
    .text           C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\HSSModule.exe[3796] ADVAPI32.dll!ChangeServiceConfigW        77E06FD9 5 Bytes  JMP 002A0A08 
    .text           C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\HSSModule.exe[3796] ADVAPI32.dll!ChangeServiceConfig2A       77E070D9 5 Bytes  JMP 002A0C0C 
    .text           C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\HSSModule.exe[3796] ADVAPI32.dll!ChangeServiceConfig2W       77E07161 5 Bytes  JMP 002A0E10 
    .text           C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\HSSModule.exe[3796] ADVAPI32.dll!CreateServiceA              77E071E9 5 Bytes  JMP 002A01F8 
    .text           C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\HSSModule.exe[3796] ADVAPI32.dll!CreateServiceW              77E07381 5 Bytes  JMP 002A03FC 
    .text           C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\HSSModule.exe[3796] ADVAPI32.dll!DeleteService               77E07489 5 Bytes  JMP 002A0600 
    .text           C:\WINDOWS\system32\VTTimer.exe[3916] ntdll.dll!LdrLoadDll                                                                                 7C9263A3 5 Bytes  JMP 001401F8 
    .text           C:\WINDOWS\system32\VTTimer.exe[3916] ntdll.dll!RtlDosSearchPath_U + 1D1                                                                   7C9271AA 1 Byte  [62]
    .text           C:\WINDOWS\system32\VTTimer.exe[3916] ntdll.dll!LdrUnloadDll                                                                               7C92736B 5 Bytes  JMP 001403FC 
    .text           C:\WINDOWS\system32\VTTimer.exe[3916] kernel32.dll!GetBinaryTypeW + 80                                                                     7C868C2C 1 Byte  [62]
    .text           C:\WINDOWS\system32\VTTimer.exe[3916] ADVAPI32.dll!SetServiceObjectSecurity                                                                77E06D59 5 Bytes  JMP 00381014 
    .text           C:\WINDOWS\system32\VTTimer.exe[3916] ADVAPI32.dll!ChangeServiceConfigA                                                                    77E06E41 5 Bytes  JMP 00380804 
    .text           C:\WINDOWS\system32\VTTimer.exe[3916] ADVAPI32.dll!ChangeServiceConfigW                                                                    77E06FD9 5 Bytes  JMP 00380A08 
    .text           C:\WINDOWS\system32\VTTimer.exe[3916] ADVAPI32.dll!ChangeServiceConfig2A                                                                   77E070D9 5 Bytes  JMP 00380C0C 
    .text           C:\WINDOWS\system32\VTTimer.exe[3916] ADVAPI32.dll!ChangeServiceConfig2W                                                                   77E07161 5 Bytes  JMP 00380E10 
    .text           C:\WINDOWS\system32\VTTimer.exe[3916] ADVAPI32.dll!CreateServiceA                                                                          77E071E9 5 Bytes  JMP 003801F8 
    .text           C:\WINDOWS\system32\VTTimer.exe[3916] ADVAPI32.dll!CreateServiceW                                                                          77E07381 5 Bytes  JMP 003803FC 
    .text           C:\WINDOWS\system32\VTTimer.exe[3916] ADVAPI32.dll!DeleteService                                                                           77E07489 5 Bytes  JMP 00380600 
    .text           C:\WINDOWS\system32\VTTimer.exe[3916] USER32.dll!SetWindowsHookExW                                                                         7E3A820F 5 Bytes  JMP 00390804 
    .text           C:\WINDOWS\system32\VTTimer.exe[3916] USER32.dll!UnhookWindowsHookEx                                                                       7E3AD5F3 5 Bytes  JMP 00390A08 
    .text           C:\WINDOWS\system32\VTTimer.exe[3916] USER32.dll!SetWindowsHookExA                                                                         7E3B1211 5 Bytes  JMP 00390600 
    .text           C:\WINDOWS\system32\VTTimer.exe[3916] USER32.dll!SetWinEventHook                                                                           7E3B17F7 5 Bytes  JMP 003901F8 
    .text           C:\WINDOWS\system32\VTTimer.exe[3916] USER32.dll!UnhookWinEvent                                                                            7E3B18AC 5 Bytes  JMP 003903FC 
    .text           C:\WINDOWS\system32\VTtrayp.exe[3948] ntdll.dll!LdrLoadDll                                                                                 7C9263A3 5 Bytes  JMP 001501F8 
    .text           C:\WINDOWS\system32\VTtrayp.exe[3948] ntdll.dll!RtlDosSearchPath_U + 1D1                                                                   7C9271AA 1 Byte  [62]
    .text           C:\WINDOWS\system32\VTtrayp.exe[3948] ntdll.dll!LdrUnloadDll                                                                               7C92736B 5 Bytes  JMP 001503FC 
    .text           C:\WINDOWS\system32\VTtrayp.exe[3948] kernel32.dll!GetBinaryTypeW + 80                                                                     7C868C2C 1 Byte  [62]
    .text           C:\WINDOWS\system32\VTtrayp.exe[3948] USER32.dll!SetWindowsHookExW                                                                         7E3A820F 5 Bytes  JMP 00390804 
    .text           C:\WINDOWS\system32\VTtrayp.exe[3948] USER32.dll!UnhookWindowsHookEx                                                                       7E3AD5F3 5 Bytes  JMP 00390A08 
    .text           C:\WINDOWS\system32\VTtrayp.exe[3948] USER32.dll!SetWindowsHookExA                                                                         7E3B1211 5 Bytes  JMP 00390600 
    .text           C:\WINDOWS\system32\VTtrayp.exe[3948] USER32.dll!SetWinEventHook                                                                           7E3B17F7 5 Bytes  JMP 003901F8 
    .text           C:\WINDOWS\system32\VTtrayp.exe[3948] USER32.dll!UnhookWinEvent                                                                            7E3B18AC 5 Bytes  JMP 003903FC 
    .text           C:\WINDOWS\system32\VTtrayp.exe[3948] ADVAPI32.dll!SetServiceObjectSecurity                                                                77E06D59 5 Bytes  JMP 003A1014 
    .text           C:\WINDOWS\system32\VTtrayp.exe[3948] ADVAPI32.dll!ChangeServiceConfigA                                                                    77E06E41 5 Bytes  JMP 003A0804 
    .text           C:\WINDOWS\system32\VTtrayp.exe[3948] ADVAPI32.dll!ChangeServiceConfigW                                                                    77E06FD9 5 Bytes  JMP 003A0A08 
    .text           C:\WINDOWS\system32\VTtrayp.exe[3948] ADVAPI32.dll!ChangeServiceConfig2A                                                                   77E070D9 5 Bytes  JMP 003A0C0C 
    .text           C:\WINDOWS\system32\VTtrayp.exe[3948] ADVAPI32.dll!ChangeServiceConfig2W                                                                   77E07161 5 Bytes  JMP 003A0E10 
    .text           C:\WINDOWS\system32\VTtrayp.exe[3948] ADVAPI32.dll!CreateServiceA                                                                          77E071E9 5 Bytes  JMP 003A01F8 
    .text           C:\WINDOWS\system32\VTtrayp.exe[3948] ADVAPI32.dll!CreateServiceW                                                                          77E07381 5 Bytes  JMP 003A03FC 
    .text           C:\WINDOWS\system32\VTtrayp.exe[3948] ADVAPI32.dll!DeleteService                                                                           77E07489 5 Bytes  JMP 003A0600 
    .text           C:\WINDOWS\SOUNDMAN.EXE[3984] ntdll.dll!LdrLoadDll                                                                                         7C9263A3 5 Bytes  JMP 001401F8 
    .text           C:\WINDOWS\SOUNDMAN.EXE[3984] ntdll.dll!RtlDosSearchPath_U + 1D1                                                                           7C9271AA 1 Byte  [62]
    .text           C:\WINDOWS\SOUNDMAN.EXE[3984] ntdll.dll!LdrUnloadDll                                                                                       7C92736B 5 Bytes  JMP 001403FC 
    .text           C:\WINDOWS\SOUNDMAN.EXE[3984] kernel32.dll!GetBinaryTypeW + 80                                                                             7C868C2C 1 Byte  [62]
    .text           C:\WINDOWS\SOUNDMAN.EXE[3984] USER32.dll!SetWindowsHookExW                                                                                 7E3A820F 5 Bytes  JMP 00380804 
    .text           C:\WINDOWS\SOUNDMAN.EXE[3984] USER32.dll!UnhookWindowsHookEx                                                                               7E3AD5F3 5 Bytes  JMP 00380A08 
    .text           C:\WINDOWS\SOUNDMAN.EXE[3984] USER32.dll!SetWindowsHookExA                                                                                 7E3B1211 5 Bytes  JMP 00380600 
    .text           C:\WINDOWS\SOUNDMAN.EXE[3984] USER32.dll!SetWinEventHook                                                                                   7E3B17F7 5 Bytes  JMP 003801F8 
    .text           C:\WINDOWS\SOUNDMAN.EXE[3984] USER32.dll!UnhookWinEvent                                                                                    7E3B18AC 5 Bytes  JMP 003803FC 
    .text           C:\WINDOWS\SOUNDMAN.EXE[3984] ADVAPI32.dll!SetServiceObjectSecurity                                                                        77E06D59 5 Bytes  JMP 00391014 
    .text           C:\WINDOWS\SOUNDMAN.EXE[3984] ADVAPI32.dll!ChangeServiceConfigA                                                                            77E06E41 5 Bytes  JMP 00390804 
    .text           C:\WINDOWS\SOUNDMAN.EXE[3984] ADVAPI32.dll!ChangeServiceConfigW                                                                            77E06FD9 5 Bytes  JMP 00390A08 
    .text           C:\WINDOWS\SOUNDMAN.EXE[3984] ADVAPI32.dll!ChangeServiceConfig2A                                                                           77E070D9 5 Bytes  JMP 00390C0C 
    .text           C:\WINDOWS\SOUNDMAN.EXE[3984] ADVAPI32.dll!ChangeServiceConfig2W                                                                           77E07161 5 Bytes  JMP 00390E10 
    .text           C:\WINDOWS\SOUNDMAN.EXE[3984] ADVAPI32.dll!CreateServiceA                                                                                  77E071E9 5 Bytes  JMP 003901F8 
    .text           C:\WINDOWS\SOUNDMAN.EXE[3984] ADVAPI32.dll!CreateServiceW                                                                                  77E07381 5 Bytes  JMP 003903FC 
    .text           C:\WINDOWS\SOUNDMAN.EXE[3984] ADVAPI32.dll!DeleteService                                                                                   77E07489 5 Bytes  JMP 00390600 
    .text           C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[4036] ntdll.dll!LdrLoadDll                                                  7C9263A3 5 Bytes  JMP 001501F8 
    .text           C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[4036] ntdll.dll!RtlDosSearchPath_U + 1D1                                    7C9271AA 1 Byte  [62]
    .text           C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[4036] ntdll.dll!LdrUnloadDll                                                7C92736B 5 Bytes  JMP 001503FC 
    .text           C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[4036] kernel32.dll!GetBinaryTypeW + 80                                      7C868C2C 1 Byte  [62]
    .text           C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[4036] ADVAPI32.dll!SetServiceObjectSecurity                                 77E06D59 5 Bytes  JMP 003A1014 
    .text           C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[4036] ADVAPI32.dll!ChangeServiceConfigA                                     77E06E41 5 Bytes  JMP 003A0804 
    .text           C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[4036] ADVAPI32.dll!ChangeServiceConfigW                                     77E06FD9 5 Bytes  JMP 003A0A08 
    .text           C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[4036] ADVAPI32.dll!ChangeServiceConfig2A                                    77E070D9 5 Bytes  JMP 003A0C0C 
    .text           C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[4036] ADVAPI32.dll!ChangeServiceConfig2W                                    77E07161 5 Bytes  JMP 003A0E10 
    .text           C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[4036] ADVAPI32.dll!CreateServiceA                                           77E071E9 5 Bytes  JMP 003A01F8 
    .text           C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[4036] ADVAPI32.dll!CreateServiceW                                           77E07381 5 Bytes  JMP 003A03FC 
    .text           C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[4036] ADVAPI32.dll!DeleteService                                            77E07489 5 Bytes  JMP 003A0600 
    .text           C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[4036] USER32.dll!SetWindowsHookExW                                          7E3A820F 5 Bytes  JMP 003B0804 
    .text           C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[4036] USER32.dll!UnhookWindowsHookEx                                        7E3AD5F3 3 Bytes  JMP 003B0A08 
    .text           C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[4036] USER32.dll!UnhookWindowsHookEx + 4                                    7E3AD5F7 1 Byte  [82]
    .text           C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[4036] USER32.dll!SetWindowsHookExA                                          7E3B1211 5 Bytes  JMP 003B0600 
    .text           C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[4036] USER32.dll!SetWinEventHook                                            7E3B17F7 5 Bytes  JMP 003B01F8 
    .text           C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[4036] USER32.dll!UnhookWinEvent                                             7E3B18AC 5 Bytes  JMP 003B03FC 
    .text           C:\Program Files\iTunes\iTunesHelper.exe[4076] ntdll.dll!LdrLoadDll                                                                        7C9263A3 5 Bytes  JMP 001501F8 
    .text           C:\Program Files\iTunes\iTunesHelper.exe[4076] ntdll.dll!RtlDosSearchPath_U + 1D1                                                          7C9271AA 1 Byte  [62]
    .text           C:\Program Files\iTunes\iTunesHelper.exe[4076] ntdll.dll!LdrUnloadDll                                                                      7C92736B 5 Bytes  JMP 001503FC 
    .text           C:\Program Files\iTunes\iTunesHelper.exe[4076] kernel32.dll!GetBinaryTypeW + 80                                                            7C868C2C 1 Byte  [62]
    .text           C:\Program Files\iTunes\iTunesHelper.exe[4076] ADVAPI32.dll!SetServiceObjectSecurity                                                       77E06D59 5 Bytes  JMP 00391014 
    .text           C:\Program Files\iTunes\iTunesHelper.exe[4076] ADVAPI32.dll!ChangeServiceConfigA                                                           77E06E41 5 Bytes  JMP 00390804 
    .text           C:\Program Files\iTunes\iTunesHelper.exe[4076] ADVAPI32.dll!ChangeServiceConfigW                                                           77E06FD9 5 Bytes  JMP 00390A08 
    .text           C:\Program Files\iTunes\iTunesHelper.exe[4076] ADVAPI32.dll!ChangeServiceConfig2A                                                          77E070D9 5 Bytes  JMP 00390C0C 
    .text           C:\Program Files\iTunes\iTunesHelper.exe[4076] ADVAPI32.dll!ChangeServiceConfig2W                                                          77E07161 5 Bytes  JMP 00390E10 
    .text           C:\Program Files\iTunes\iTunesHelper.exe[4076] ADVAPI32.dll!CreateServiceA                                                                 77E071E9 5 Bytes  JMP 003901F8 
    .text           C:\Program Files\iTunes\iTunesHelper.exe[4076] ADVAPI32.dll!CreateServiceW                                                                 77E07381 5 Bytes  JMP 003903FC 
    .text           C:\Program Files\iTunes\iTunesHelper.exe[4076] ADVAPI32.dll!DeleteService                                                                  77E07489 5 Bytes  JMP 00390600 
    .text           C:\Program Files\iTunes\iTunesHelper.exe[4076] USER32.dll!SetWindowsHookExW                                                                7E3A820F 5 Bytes  JMP 003A0804 
    .text           C:\Program Files\iTunes\iTunesHelper.exe[4076] USER32.dll!UnhookWindowsHookEx                                                              7E3AD5F3 5 Bytes  JMP 003A0A08 
    .text           C:\Program Files\iTunes\iTunesHelper.exe[4076] USER32.dll!SetWindowsHookExA                                                                7E3B1211 5 Bytes  JMP 003A0600 
    .text           C:\Program Files\iTunes\iTunesHelper.exe[4076] USER32.dll!SetWinEventHook                                                                  7E3B17F7 5 Bytes  JMP 003A01F8 
    .text           C:\Program Files\iTunes\iTunesHelper.exe[4076] USER32.dll!UnhookWinEvent                                                                   7E3B18AC 5 Bytes  JMP 003A03FC 
    
    ---- Devices - GMER 1.0.15 ----
    
    Device          \FileSystem\Ntfs \Ntfs                                                                                                                     aswSP.SYS (avast! self protection module/AVAST Software)
    
    AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                                     aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
    AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                                                   aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                                  aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                                                  aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                                                aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    
    ---- EOF - GMER 1.0.15 ----
    2. MBR.exe


    Code:
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: ST500DM002-1BD142 rev.KC45 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 
    
    device: opened successfully
    user: MBR read successfully
    
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys xfilt.sys atapi.sys hal.dll videX32.sys PCIIDEX.SYS 
    C:\WINDOWS\system32\drivers\xfilt.sys VIA Technologies,Inc VIA filter driver
    C:\WINDOWS\system32\drivers\videX32.sys VIA Technologies, Inc. VIA PCI IDE MINI Driver
    kernel: MBR read successfully
    user & kernel MBR OK

  6. #6
    Einsteiger
    Registriert seit
    19.08.2012
    Beiträge
    18

    AW: Microsoft Internet Explorer funktioniert nicht

    4. Und hier noch das Ergebnis von TDSSKiller

    Code:
    13:37:16.0968 0308  TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
    13:37:17.0078 0308  ============================================================
    13:37:17.0078 0308  Current date / time: 2012/08/21 13:37:17.0078
    13:37:17.0078 0308  SystemInfo:
    13:37:17.0078 0308  
    13:37:17.0078 0308  OS Version: 5.1.2600 ServicePack: 3.0
    13:37:17.0078 0308  Product type: Workstation
    13:37:17.0078 0308  ComputerName: FABAS
    13:37:17.0078 0308  UserName: Vincent
    13:37:17.0078 0308  Windows directory: C:\WINDOWS
    13:37:17.0078 0308  System windows directory: C:\WINDOWS
    13:37:17.0078 0308  Processor architecture: Intel x86
    13:37:17.0078 0308  Number of processors: 2
    13:37:17.0078 0308  Page size: 0x1000
    13:37:17.0078 0308  Boot type: Normal boot
    13:37:17.0078 0308  ============================================================
    13:37:17.0703 0308  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    13:37:17.0703 0308  ============================================================
    13:37:17.0703 0308  \Device\Harddisk0\DR0:
    13:37:17.0703 0308  MBR partitions:
    13:37:17.0703 0308  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
    13:37:17.0703 0308  ============================================================
    13:37:17.0734 0308  C: <-> \Device\Harddisk0\DR0\Partition1
    13:37:17.0734 0308  ============================================================
    13:37:17.0734 0308  Initialize success
    13:37:17.0734 0308  ============================================================
    13:37:19.0875 1824  ============================================================
    13:37:19.0875 1824  Scan started
    13:37:19.0875 1824  Mode: Manual; 
    13:37:19.0875 1824  ============================================================
    13:37:21.0265 1824  ================ Scan system memory ========================
    13:37:21.0265 1824  System memory - ok
    13:37:21.0265 1824  ================ Scan services =============================
    13:37:23.0421 1824  [ 0B27AE82C113D3687024D18459440426 ] Aavmker4        C:\WINDOWS\system32\drivers\Aavmker4.sys
    13:37:23.0421 1824  Aavmker4 - ok
    13:37:23.0421 1824  Abiosdsk - ok
    13:37:23.0437 1824  abp480n5 - ok
    13:37:23.0484 1824  [ E5E6DBFC41EA8AAD005CB9A57A96B43B ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
    13:37:23.0484 1824  ACPI - ok
    13:37:23.0515 1824  [ E4ABC1212B70BB03D35E60681C447210 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
    13:37:23.0515 1824  ACPIEC - ok
    13:37:23.0593 1824  [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    13:37:23.0593 1824  AdobeFlashPlayerUpdateSvc - ok
    13:37:23.0609 1824  adpu160m - ok
    13:37:23.0640 1824  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
    13:37:23.0640 1824  aec - ok
    13:37:23.0656 1824  [ 322D0E36693D6E24A2398BEE62A268CD ] AFD             C:\WINDOWS\System32\drivers\afd.sys
    13:37:23.0671 1824  AFD - ok
    13:37:23.0671 1824  Aha154x - ok
    13:37:23.0687 1824  aic78u2 - ok
    13:37:23.0703 1824  aic78xx - ok
    13:37:23.0781 1824  [ 682F1077C269D12CAF6739DDDB44DF40 ] ALCXWDM         C:\WINDOWS\system32\drivers\ALCXWDM.SYS
    13:37:23.0875 1824  Suspicious file (Forged): C:\WINDOWS\system32\drivers\ALCXWDM.SYS. Real md5: 682F1077C269D12CAF6739DDDB44DF40, Fake md5: 9A0A8E525C50B732EA0F8F0B597A95F9
    13:37:23.0890 1824  ALCXWDM ( ForgedFile.Multi.Generic ) - warning
    13:37:23.0890 1824  ALCXWDM - detected ForgedFile.Multi.Generic (1)
    13:37:23.0937 1824  [ 758FDC60D41716EF889D849989B4B1CD ] Alerter         C:\WINDOWS\system32\alrsvc.dll
    13:37:23.0937 1824  Alerter - ok
    13:37:23.0968 1824  [ 5E9A6658A2A69AE7EB195113B7A2E7A9 ] ALG             C:\WINDOWS\System32\alg.exe
    13:37:23.0968 1824  ALG - ok
    13:37:23.0984 1824  AliIde - ok
    13:37:24.0000 1824  amsint - ok
    13:37:24.0109 1824  [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    13:37:24.0109 1824  Apple Mobile Device - ok
    13:37:24.0125 1824  AppMgmt - ok
    13:37:24.0140 1824  asc - ok
    13:37:24.0156 1824  asc3350p - ok
    13:37:24.0171 1824  asc3550 - ok
    13:37:24.0453 1824  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    13:37:24.0484 1824  aspnet_state - ok
    13:37:24.0531 1824  [ 1C1F3D6DDDC046C920C493A779649F66 ] aswFsBlk        C:\WINDOWS\system32\drivers\aswFsBlk.sys
    13:37:24.0531 1824  aswFsBlk - ok
    13:37:24.0546 1824  [ 9E912FE7B41650701EF2B227ACA440F3 ] aswMon2         C:\WINDOWS\system32\drivers\aswMon2.sys
    13:37:24.0546 1824  aswMon2 - ok
    13:37:24.0578 1824  [ 982E275D1C5801042FE94209FB0160FB ] aswRdr          C:\WINDOWS\system32\drivers\aswRdr.sys
    13:37:24.0578 1824  aswRdr - ok
    13:37:24.0625 1824  [ 73DBCF808E00580F2A47F93DD9B03876 ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
    13:37:24.0640 1824  aswSnx - ok
    13:37:24.0656 1824  [ 6CBD7D3A33F498D09C831CDD732DA2E0 ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
    13:37:24.0671 1824  aswSP - ok
    13:37:24.0703 1824  [ 7109A9AA551F37CD168C02368465957E ] aswTdi          C:\WINDOWS\system32\drivers\aswTdi.sys
    13:37:24.0703 1824  aswTdi - ok
    13:37:24.0750 1824  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    13:37:24.0765 1824  AsyncMac - ok
    13:37:24.0796 1824  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
    13:37:24.0796 1824  atapi - ok
    13:37:24.0812 1824  Atdisk - ok
    13:37:24.0843 1824  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    13:37:24.0859 1824  Atmarpc - ok
    13:37:24.0890 1824  [ B4005AEF7873144634765B570DAC466E ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
    13:37:24.0890 1824  AudioSrv - ok
    13:37:24.0906 1824  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
    13:37:24.0921 1824  audstub - ok
    13:37:25.0000 1824  [ 2F7C0F3E39C45E0127FB78B2F18A41F3 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    13:37:25.0015 1824  avast! Antivirus - ok
    13:37:25.0062 1824  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
    13:37:25.0062 1824  Beep - ok
    13:37:25.0109 1824  [ BAA0B6E647C1AD593E9BAE5CC31BCFFB ] BITS            C:\WINDOWS\system32\qmgr.dll
    13:37:25.0125 1824  BITS - ok
    13:37:25.0156 1824  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    13:37:25.0171 1824  Bonjour Service - ok
    13:37:25.0203 1824  [ 06B54A7B1EF7CB16BFD0E208D343FA71 ] Browser         C:\WINDOWS\System32\browser.dll
    13:37:25.0203 1824  Browser - ok
    13:37:25.0234 1824  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
    13:37:25.0250 1824  cbidf2k - ok
    13:37:25.0265 1824  cd20xrnt - ok
    13:37:25.0281 1824  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
    13:37:25.0281 1824  Cdaudio - ok
    13:37:25.0328 1824  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
    13:37:25.0328 1824  Cdfs - ok
    13:37:25.0343 1824  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
    13:37:25.0343 1824  Cdrom - ok
    13:37:25.0359 1824  Changer - ok
    13:37:25.0390 1824  [ 793EF38A5FD086C3C8E48A8A861562ED ] CiSvc           C:\WINDOWS\system32\cisvc.exe
    13:37:25.0390 1824  CiSvc - ok
    13:37:25.0437 1824  [ 8B30CBB0C07D49B2658FB190946B0E7E ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
    13:37:25.0437 1824  ClipSrv - ok
    13:37:25.0484 1824  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    13:37:25.0500 1824  clr_optimization_v2.0.50727_32 - ok
    13:37:25.0515 1824  CmdIde - ok
    13:37:25.0531 1824  COMSysApp - ok
    13:37:25.0562 1824  Cpqarray - ok
    13:37:25.0609 1824  [ 7A6D0B71035E123FDDA2156A25578AD3 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
    13:37:25.0609 1824  CryptSvc - ok
    13:37:25.0625 1824  dac2w2k - ok
    13:37:25.0640 1824  dac960nt - ok
    13:37:25.0718 1824  [ 3D65EB82E1FA6DB15A33E024C9E03CAB ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
    13:37:25.0718 1824  DcomLaunch - ok
    13:37:25.0765 1824  [ 318F535DC05551D96DEEB90B6D6904DE ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
    13:37:25.0781 1824  Dhcp - ok
    13:37:25.0828 1824  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
    13:37:25.0828 1824  Disk - ok
    13:37:25.0828 1824  dmadmin - ok
    13:37:25.0921 1824  [ F5DEADD42335FB33EDCA74ECB2F36CBA ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
    13:37:25.0937 1824  dmboot - ok
    13:37:26.0000 1824  [ 5A7C47C9B3F9FB92A66410A7509F0C71 ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
    13:37:26.0000 1824  dmio - ok
    13:37:26.0031 1824  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
    13:37:26.0046 1824  dmload - ok
    13:37:26.0062 1824  [ 6797C23D6B79935482D7F0E8CA5E5B67 ] dmserver        C:\WINDOWS\System32\dmserver.dll
    13:37:26.0078 1824  dmserver - ok
    13:37:26.0109 1824  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
    13:37:26.0109 1824  DMusic - ok
    13:37:26.0125 1824  [ 8A3CE3E2525E1A341FB25E4BDB648FA9 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
    13:37:26.0140 1824  Dnscache - ok
    13:37:26.0187 1824  [ 3FCF86F03D0302443C21CE6E5BBF7A25 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
    13:37:26.0187 1824  Dot3svc - ok
    13:37:26.0203 1824  dpti2o - ok
    13:37:26.0218 1824  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
    13:37:26.0218 1824  drmkaud - ok
    13:37:26.0265 1824  [ 8B5FC9087D2CAB110BC2ED5CC5E7B8AC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
    13:37:26.0265 1824  EapHost - ok
    13:37:26.0296 1824  [ 94F948CB12C4D35483F1E815DEB16C7B ] ERSvc           C:\WINDOWS\System32\ersvc.dll
    13:37:26.0312 1824  ERSvc - ok
    13:37:26.0359 1824  [ 54CB50058851D95E56EC70D09F70857F ] Eventlog        C:\WINDOWS\system32\services.exe
    13:37:26.0359 1824  Eventlog - ok
    13:37:26.0390 1824  [ 9FD4A0615BF3E9388A46EDF8774C7294 ] EventSystem     C:\WINDOWS\system32\es.dll
    13:37:26.0390 1824  EventSystem - ok
    13:37:26.0453 1824  [ A52794C010C6DF5B4BC70C4AB5E04088 ] ewusbnet        C:\WINDOWS\system32\DRIVERS\ewusbnet.sys
    13:37:26.0453 1824  ewusbnet - ok
    13:37:26.0468 1824  [ 57C171EA22F0A7F068FCB0CAEDD1E8E7 ] ew_hwusbdev     C:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys
    13:37:26.0484 1824  ew_hwusbdev - ok
    13:37:26.0500 1824  [ 61A973F60E94A551BA7B15F3460444FB ] ew_usbenumfilter C:\WINDOWS\system32\DRIVERS\ew_usbenumfilter.sys
    13:37:26.0500 1824  ew_usbenumfilter - ok
    13:37:26.0546 1824  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
    13:37:26.0546 1824  Fastfat - ok
    13:37:26.0578 1824  [ B9F20D71E5B6CE89A7A94B38351FDBDC ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    13:37:26.0578 1824  FastUserSwitchingCompatibility - ok
    13:37:26.0609 1824  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
    13:37:26.0609 1824  Fdc - ok
    13:37:26.0625 1824  FETNDIS - ok
    13:37:26.0671 1824  [ A583BC166495B07F704533754CE29CBD ] FETNDISB        C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
    13:37:26.0687 1824  FETNDISB - ok
    13:37:26.0703 1824  [ 31F923EB2170FC172C81ABDA0045D18C ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
    13:37:26.0703 1824  Fips - ok
    13:37:26.0750 1824  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    13:37:26.0765 1824  Flpydisk - ok
    13:37:26.0812 1824  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
    13:37:26.0812 1824  FltMgr - ok
    13:37:26.0859 1824  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    13:37:26.0875 1824  FontCache3.0.0.0 - ok
    13:37:26.0906 1824  [ C6EE3A87FE609D3E1DB9DBD072A248DE ] fssfltr         C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
    13:37:26.0921 1824  fssfltr - ok
    13:37:27.0015 1824  [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc          C:\Program Files\Windows Live\Family Safety\fsssvc.exe
    13:37:27.0015 1824  fsssvc - ok
    13:37:27.0078 1824  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
    13:37:27.0078 1824  Fs_Rec - ok
    13:37:27.0125 1824  [ A86859B77B908C18C2657F284AA29FE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    13:37:27.0140 1824  Ftdisk - ok
    13:37:27.0265 1824  [ C88862F45AC3B447DF50E814BE2F6A13 ] FTRTSVC         C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    13:37:27.0281 1824  FTRTSVC - ok
    13:37:27.0343 1824  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    13:37:27.0359 1824  GEARAspiWDM - ok
    13:37:27.0359 1824  GMSIPCI - ok
    13:37:27.0484 1824  [ 62766AE70A478BD9708EB37425AB604B ] GoogleDesktopManager C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    13:37:27.0515 1824  GoogleDesktopManager - ok
    13:37:27.0562 1824  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
    13:37:27.0578 1824  Gpc - ok
    13:37:27.0625 1824  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
    13:37:27.0625 1824  gupdate - ok
    13:37:27.0640 1824  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
    13:37:27.0640 1824  gupdatem - ok
    13:37:27.0703 1824  [ 408DDD80EEDE47175F6844817B90213E ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    13:37:27.0703 1824  gusvc - ok
    13:37:27.0781 1824  [ 1247F83B705AF0E796330442F7967CF8 ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    13:37:27.0781 1824  helpsvc - ok
    13:37:27.0796 1824  [ A3B9B4A68BC839CE5A264D5908092261 ] HidServ         C:\WINDOWS\System32\hidserv.dll
    13:37:27.0796 1824  HidServ - ok
    13:37:27.0828 1824  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
    13:37:27.0843 1824  HidUsb - ok
    13:37:27.0875 1824  [ 17B3C3D40CDBA40C2E331D28BE4DE27F ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
    13:37:27.0890 1824  hkmsvc - ok
    13:37:27.0906 1824  hpn - ok
    13:37:27.0937 1824  [ F6AACF5BCE2893E0C1754AFEB672E5C9 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
    13:37:27.0953 1824  HTTP - ok
    13:37:27.0984 1824  [ BD31CFACE38D1800ABDB43F4260AF0D5 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
    13:37:28.0015 1824  HTTPFilter - ok
    13:37:28.0046 1824  [ 1F40368DC40B17DE3FA0FBE8A9D82F9E ] hwdatacard      C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
    13:37:28.0062 1824  hwdatacard - ok
    13:37:28.0062 1824  i2omgmt - ok
    13:37:28.0093 1824  i2omp - ok
    13:37:28.0140 1824  [ A09BDC4ED10E3B2E0EC27BB94AF32516 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    13:37:28.0140 1824  i8042prt - ok
    13:37:28.0250 1824  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    13:37:28.0312 1824  idsvc - ok
    13:37:28.0406 1824  [ 51516252DBBFED36F70B341DBA263167 ] IJPLMSVC        C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    13:37:28.0406 1824  IJPLMSVC - ok
    13:37:28.0453 1824  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
    13:37:28.0453 1824  Imapi - ok
    13:37:28.0500 1824  [ C4221678BBAA55239C23632875759961 ] ImapiService    C:\WINDOWS\system32\imapi.exe
    13:37:28.0515 1824  ImapiService - ok
    13:37:28.0531 1824  ini910u - ok
    13:37:28.0546 1824  IntelIde - ok
    13:37:28.0609 1824  [ AD340800C35A42D4DE1641A37FEEA34C ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
    13:37:28.0609 1824  intelppm - ok
    13:37:28.0656 1824  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
    13:37:28.0671 1824  Ip6Fw - ok
    13:37:28.0703 1824  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    13:37:28.0703 1824  IpFilterDriver - ok
    13:37:28.0734 1824  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
    13:37:28.0734 1824  IpInIp - ok
    13:37:28.0765 1824  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
    13:37:28.0781 1824  IpNat - ok
    13:37:28.0828 1824  [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
    13:37:28.0843 1824  iPod Service - ok
    13:37:28.0859 1824  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
    13:37:28.0859 1824  IPSec - ok
    13:37:28.0906 1824  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
    13:37:28.0906 1824  IRENUM - ok
    13:37:28.0953 1824  [ 355836975A67B6554BCA60328CD6CB74 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
    13:37:28.0968 1824  isapnp - ok
    13:37:29.0046 1824  [ 9A337AE3DB478034A7839E753BBFF1AB ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
    13:37:29.0062 1824  JavaQuickStarterService - ok
    13:37:29.0078 1824  [ 16813155807C6881F4BFBF6657424659 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    13:37:29.0078 1824  Kbdclass - ok
    13:37:29.0140 1824  [ 94C59CB884BA010C063687C3A50DCE8E ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    13:37:29.0140 1824  kbdhid - ok
    13:37:29.0156 1824  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
    13:37:29.0171 1824  kmixer - ok
    13:37:29.0203 1824  [ 1705745D900DABF2D89F90EBADDC7517 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
    13:37:29.0203 1824  KSecDD - ok
    13:37:29.0234 1824  [ B206CEE1CB4876CC59E2C3721E6034E3 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
    13:37:29.0250 1824  lanmanserver - ok
    13:37:29.0296 1824  [ 1E407456DF47B04AF13264BECF3BC3F4 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    13:37:29.0296 1824  lanmanworkstation - ok
    13:37:29.0312 1824  lbrtfdc - ok
    13:37:29.0359 1824  [ 0F357C079AC529A844AB5B18E4EEF881 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
    13:37:29.0359 1824  LmHosts - ok
    13:37:29.0406 1824  [ E67A66A3781C1A483F0F8992664CBE0D ] Messenger       C:\WINDOWS\System32\msgsvc.dll
    13:37:29.0406 1824  Messenger - ok
    13:37:29.0453 1824  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
    13:37:29.0453 1824  mnmdd - ok
    13:37:29.0500 1824  [ D3A2870CD96CDA7BCFF3DC54F64087AD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
    13:37:29.0500 1824  mnmsrvc - ok
    13:37:29.0531 1824  [ 510ADE9327FE84C10254E1902697E25F ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
    13:37:29.0546 1824  Modem - ok
    13:37:29.0578 1824  [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA        C:\WINDOWS\system32\drivers\MODEMCSA.sys
    13:37:29.0593 1824  MODEMCSA - ok
    13:37:29.0625 1824  [ 027C01BD7EF3349AAEBC883D8A799EFB ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
    13:37:29.0640 1824  Mouclass - ok
    13:37:29.0687 1824  [ 124D6846040C79B9C997F78EF4B2A4E5 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
    13:37:29.0703 1824  mouhid - ok
    13:37:29.0750 1824  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
    13:37:29.0750 1824  MountMgr - ok
    13:37:29.0796 1824  [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    13:37:29.0796 1824  MozillaMaintenance - ok
    13:37:29.0812 1824  mraid35x - ok
    13:37:29.0859 1824  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    13:37:29.0859 1824  MRxDAV - ok
    13:37:29.0890 1824  [ 68755F0FF16070178B54674FE5B847B0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    13:37:29.0890 1824  MRxSmb - ok
    13:37:29.0921 1824  [ 8648D670AE0D95C95E7BBB5B80661796 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
    13:37:29.0937 1824  MSDTC - ok
    13:37:29.0968 1824  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
    13:37:29.0968 1824  Msfs - ok
    13:37:29.0984 1824  MSICPL - ok
    13:37:30.0000 1824  MSIServer - ok
    13:37:30.0015 1824  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
    13:37:30.0015 1824  MSKSSRV - ok
    13:37:30.0062 1824  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    13:37:30.0062 1824  MSPCLOCK - ok
    13:37:30.0109 1824  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
    13:37:30.0125 1824  MSPQM - ok
    13:37:30.0156 1824  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    13:37:30.0171 1824  mssmbios - ok
    13:37:30.0218 1824  [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
    13:37:30.0218 1824  Mup - ok
    13:37:30.0281 1824  [ 69E4FBBABAEEE1BFF422E091DA3171DA ] napagent        C:\WINDOWS\System32\qagentrt.dll
    13:37:30.0296 1824  napagent - ok
    13:37:30.0328 1824  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
    13:37:30.0328 1824  NDIS - ok
    13:37:30.0343 1824  [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    13:37:30.0343 1824  NdisTapi - ok
    13:37:30.0359 1824  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    13:37:30.0375 1824  Ndisuio - ok
    13:37:30.0390 1824  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    13:37:30.0390 1824  NdisWan - ok
    13:37:30.0406 1824  [ 6215023940CFD3702B46ABC304E1D45A ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
    13:37:30.0406 1824  NDProxy - ok
    13:37:30.0421 1824  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
    13:37:30.0421 1824  NetBIOS - ok
    13:37:30.0453 1824  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
    13:37:30.0453 1824  NetBT - ok
    13:37:30.0515 1824  [ 5C9B1D83755B36237B70F95DF3D46A52 ] NetDDE          C:\WINDOWS\system32\netdde.exe
    13:37:30.0531 1824  NetDDE - ok
    13:37:30.0531 1824  [ 5C9B1D83755B36237B70F95DF3D46A52 ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
    13:37:30.0546 1824  NetDDEdsdm - ok
    13:37:30.0578 1824  [ 91E6024D6D4DCDECDB36C43ECF9BBECB ] Netlogon        C:\WINDOWS\system32\lsass.exe
    13:37:30.0593 1824  Netlogon - ok
    13:37:30.0625 1824  [ BE0CB143FA427D93440DED18DB8C918B ] Netman          C:\WINDOWS\System32\netman.dll
    13:37:30.0625 1824  Netman - ok
    13:37:30.0671 1824  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    13:37:30.0671 1824  NetTcpPortSharing - ok
    13:37:30.0718 1824  [ 196CCC3FDD21665DCAA9F83FFC03B41A ] Nla             C:\WINDOWS\System32\mswsock.dll
    13:37:30.0718 1824  Nla - ok
    13:37:30.0765 1824  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
    13:37:30.0781 1824  Npfs - ok
    13:37:30.0781 1824  NTACCESS - ok
    13:37:30.0828 1824  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
    13:37:30.0843 1824  Ntfs - ok
    13:37:30.0843 1824  [ 91E6024D6D4DCDECDB36C43ECF9BBECB ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
    13:37:30.0859 1824  NtLmSsp - ok
    13:37:30.0906 1824  [ 037D92B3A7853A183FCAB77FB1D13D6C ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
    13:37:30.0921 1824  NtmsSvc - ok
    13:37:30.0968 1824  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
    13:37:30.0968 1824  Null - ok
    13:37:31.0015 1824  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    13:37:31.0015 1824  NwlnkFlt - ok
    13:37:31.0046 1824  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    13:37:31.0046 1824  NwlnkFwd - ok
    13:37:31.0062 1824  oirijshr77d94031 - ok
    13:37:31.0078 1824  oirijshr795b6c63 - ok
    13:37:31.0156 1824  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
    13:37:31.0171 1824  ose - ok
    13:37:31.0203 1824  [ 8FD0BDBEA875D06CCF6C945CA9ABAF75 ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
    13:37:31.0218 1824  Parport - ok
    13:37:31.0218 1824  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
    13:37:31.0234 1824  PartMgr - ok
    13:37:31.0250 1824  [ 9575C5630DB8FB804649A6959737154C ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
    13:37:31.0265 1824  ParVdm - ok
    13:37:31.0296 1824  [ B670C5D89F0726B7A2A7DFB4E968CDF8 ] PCAMPR5         C:\WINDOWS\system32\PCAMPR5.SYS
    13:37:31.0312 1824  PCAMPR5 - ok
    13:37:31.0328 1824  [ ECD2F9D67B06606064DAF6961A6D5EFE ] PCANDIS5        C:\WINDOWS\system32\PCANDIS5.SYS
    13:37:31.0359 1824  PCANDIS5 - ok
    13:37:31.0390 1824  [ 043410877BDA580C528F45165F7125BC ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
    13:37:31.0390 1824  PCI - ok
    13:37:31.0406 1824  PCIDump - ok
    13:37:31.0453 1824  [ F4BFDE7209C14A07AAA61E4D6AE69EAC ] PCIIde          C:\WINDOWS\system32\drivers\PCIIde.sys
    13:37:31.0453 1824  PCIIde - ok
    13:37:31.0515 1824  [ F0406CBC60BDB0394A0E17FFB04CDD3D ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
    13:37:31.0515 1824  Pcmcia - ok
    13:37:31.0546 1824  [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin        C:\WINDOWS\system32\Drivers\pcouffin.sys
    13:37:31.0562 1824  pcouffin - ok
    13:37:31.0578 1824  PDCOMP - ok
    13:37:31.0593 1824  PDFRAME - ok
    13:37:31.0609 1824  PDRELI - ok
    13:37:31.0625 1824  PDRFRAME - ok
    13:37:31.0640 1824  perc2 - ok
    13:37:31.0656 1824  perc2hib - ok
    13:37:31.0718 1824  [ 54CB50058851D95E56EC70D09F70857F ] PlugPlay        C:\WINDOWS\system32\services.exe
    13:37:31.0734 1824  PlugPlay - ok
    13:37:31.0750 1824  [ 91E6024D6D4DCDECDB36C43ECF9BBECB ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
    13:37:31.0750 1824  PolicyAgent - ok
    13:37:31.0796 1824  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
    13:37:31.0812 1824  PptpMiniport - ok
    13:37:31.0828 1824  [ 91E6024D6D4DCDECDB36C43ECF9BBECB ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    13:37:31.0828 1824  ProtectedStorage - ok
    13:37:31.0859 1824  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
    13:37:31.0859 1824  PSched - ok
    13:37:31.0890 1824  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
    13:37:31.0890 1824  Ptilink - ok
    13:37:31.0921 1824  [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
    13:37:31.0921 1824  PxHelp20 - ok
    13:37:31.0937 1824  ql1080 - ok
    13:37:31.0953 1824  Ql10wnt - ok
    13:37:31.0968 1824  ql12160 - ok
    13:37:31.0984 1824  ql1240 - ok
    13:37:32.0000 1824  ql1280 - ok
    13:37:32.0031 1824  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
    13:37:32.0046 1824  RasAcd - ok
    13:37:32.0109 1824  [ 78DA9CCDAC683EF5AA87D1C919F6D221 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
    13:37:32.0109 1824  RasAuto - ok
    13:37:32.0140 1824  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    13:37:32.0156 1824  Rasl2tp - ok
    13:37:32.0171 1824  [ 0A48DF90B4784F9B90A2671AF992C914 ] RasMan          C:\WINDOWS\System32\rasmans.dll
    13:37:32.0171 1824  RasMan - ok
    13:37:32.0187 1824  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    13:37:32.0187 1824  RasPppoe - ok
    13:37:32.0234 1824  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
    13:37:32.0234 1824  Raspti - ok
    13:37:32.0265 1824  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
    13:37:32.0265 1824  Rdbss - ok
    13:37:32.0312 1824  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    13:37:32.0312 1824  RDPCDD - ok
    13:37:32.0375 1824  [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
    13:37:32.0390 1824  RDPWD - ok
    13:37:32.0437 1824  [ 9F63D9C5B238ED1C375D417EFF3D5BE7 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
    13:37:32.0453 1824  RDSessMgr - ok
    13:37:32.0500 1824  [ D8EB2A7904DB6C916EB5361878DDCBAE ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
    13:37:32.0515 1824  redbook - ok
    13:37:32.0562 1824  [ 7DA370C31673C99497BD07068EE6E354 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
    13:37:32.0562 1824  RemoteAccess - ok
    13:37:32.0609 1824  [ 499C59A2584F6D4EA41E944DA571D993 ] RpcLocator      C:\WINDOWS\system32\locator.exe
    13:37:32.0609 1824  RpcLocator - ok
    13:37:32.0640 1824  [ 3D65EB82E1FA6DB15A33E024C9E03CAB ] RpcSs           C:\WINDOWS\system32\rpcss.dll
    13:37:32.0656 1824  RpcSs - ok
    13:37:32.0718 1824  [ 414964844F4793ACB868D057E8ED997E ] RSVP            C:\WINDOWS\system32\rsvp.exe
    13:37:32.0734 1824  RSVP - ok
    13:37:32.0765 1824  [ 91E6024D6D4DCDECDB36C43ECF9BBECB ] SamSs           C:\WINDOWS\system32\lsass.exe
    13:37:32.0765 1824  SamSs - ok
    13:37:32.0796 1824  [ 67949CC8A865296C1333C96A4E1A2D66 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
    13:37:32.0812 1824  SCardSvr - ok
    13:37:32.0859 1824  [ 55F5C5C1BE1A78E285033E432BA01597 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
    13:37:32.0875 1824  Schedule - ok
    13:37:32.0906 1824  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
    13:37:32.0921 1824  Secdrv - ok
    13:37:32.0953 1824  [ 5AC311C0AF2AF5EC221670BB8DC479D3 ] seclogon        C:\WINDOWS\System32\seclogon.dll
    13:37:32.0968 1824  seclogon - ok
    13:37:32.0984 1824  [ 3531366F38F453D08FE72E7B32DFE786 ] SENS            C:\WINDOWS\system32\sens.dll
    13:37:32.0984 1824  SENS - ok
    13:37:33.0000 1824  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
    13:37:33.0015 1824  serenum - ok
    13:37:33.0031 1824  [ 93D313C31F7AD9EA2B75F26075413C7C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
    13:37:33.0031 1824  Serial - ok
    13:37:33.0078 1824  SetupNTGLM7X - ok
    13:37:33.0109 1824  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
    13:37:33.0125 1824  Sfloppy - ok
    13:37:33.0140 1824  [ F4CE708A7D17A625DE6C0FD746D50E88 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
    13:37:33.0156 1824  SharedAccess - ok
    13:37:33.0171 1824  [ B9F20D71E5B6CE89A7A94B38351FDBDC ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    13:37:33.0187 1824  ShellHWDetection - ok
    13:37:33.0187 1824  Simbad - ok
    13:37:33.0250 1824  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
    13:37:33.0250 1824  SkypeUpdate - ok
    13:37:33.0281 1824  Sparrow - ok
    13:37:33.0328 1824  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
    13:37:33.0343 1824  splitter - ok
    13:37:33.0359 1824  [ 460E4CE148BD07218DA0B6A3D31885A9 ] Spooler         C:\WINDOWS\system32\spoolsv.exe
    13:37:33.0375 1824  Spooler - ok
    13:37:33.0390 1824  [ 39626E6DC1FB39434EC40C42722B660A ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
    13:37:33.0390 1824  sr - ok
    13:37:33.0421 1824  [ 6ED29124A1C83BD0CF6B26BD01CA6F6F ] srservice       C:\WINDOWS\system32\srsvc.dll
    13:37:33.0437 1824  srservice - ok
    13:37:33.0500 1824  [ 5252605079810904E31C332E241CD59B ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
    13:37:33.0546 1824  Srv - ok
    13:37:33.0546 1824  [ EA9E0DB8684CEF2FD3BADD671DF5A112 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
    13:37:33.0562 1824  SSDPSRV - ok
    13:37:33.0593 1824  [ D76B0E8A4ECAD1ADCC75FD14A7ACC54C ] stisvc          C:\WINDOWS\system32\wiaservc.dll
    13:37:33.0625 1824  stisvc - ok
    13:37:33.0640 1824  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
    13:37:33.0640 1824  swenum - ok
    13:37:33.0656 1824  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
    13:37:33.0656 1824  swmidi - ok
    13:37:33.0671 1824  SwPrv - ok
    13:37:33.0703 1824  symc810 - ok
    13:37:33.0718 1824  symc8xx - ok
    13:37:33.0734 1824  sym_hi - ok
    13:37:33.0750 1824  sym_u3 - ok
    13:37:33.0765 1824  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
    13:37:33.0765 1824  sysaudio - ok
    13:37:33.0828 1824  [ 0899061318A6B1D9596AABFC77F45E44 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
    13:37:33.0828 1824  SysmonLog - ok
    13:37:33.0890 1824  [ 8E5231171AD6595FF002E848CC54FCD7 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
    13:37:33.0906 1824  TapiSrv - ok
    13:37:33.0953 1824  [ 93EA8D04EC73A85DB02EB8805988F733 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
    13:37:33.0968 1824  Tcpip - ok
    13:37:34.0015 1824  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
    13:37:34.0015 1824  TDPIPE - ok
    13:37:34.0046 1824  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
    13:37:34.0046 1824  TDTCP - ok
    13:37:34.0078 1824  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
    13:37:34.0093 1824  TermDD - ok
    13:37:34.0125 1824  [ 710BC85A8C22626EE094439E3EA0D38C ] TermService     C:\WINDOWS\System32\termsrv.dll
    13:37:34.0140 1824  TermService - ok
    13:37:34.0187 1824  [ B9F20D71E5B6CE89A7A94B38351FDBDC ] Themes          C:\WINDOWS\System32\shsvcs.dll
    13:37:34.0187 1824  Themes - ok
    13:37:34.0203 1824  TosIde - ok
    13:37:34.0265 1824  [ E1A84A5067627407A53C2C4F8D8A1D2E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
    13:37:34.0265 1824  TrkWks - ok
    13:37:34.0328 1824  [ D85938F272D1BCF3DB3A31FC0A048928 ] uagp35          C:\WINDOWS\system32\DRIVERS\uagp35.sys
    13:37:34.0328 1824  uagp35 - ok
    13:37:34.0390 1824  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
    13:37:34.0406 1824  Udfs - ok
    13:37:34.0421 1824  ultra - ok
    13:37:34.0453 1824  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
    13:37:34.0453 1824  Update - ok
    13:37:34.0500 1824  [ BD8166A495B02308F364B36249475F22 ] upnphost        C:\WINDOWS\System32\upnphost.dll
    13:37:34.0515 1824  upnphost - ok
    13:37:34.0562 1824  [ 1EDC93D7BD731B5CA6248AE245099B60 ] UPS             C:\WINDOWS\System32\ups.exe
    13:37:34.0593 1824  UPS - ok
    13:37:34.0656 1824  [ 60A68A5EA173A97971EE9F1FF49EB2B3 ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
    13:37:34.0671 1824  USBAAPL - ok
    13:37:34.0703 1824  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    13:37:34.0718 1824  usbccgp - ok
    13:37:34.0750 1824  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
    13:37:34.0765 1824  usbehci - ok
    13:37:34.0781 1824  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
    13:37:34.0781 1824  usbhub - ok
    13:37:34.0812 1824  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
    13:37:34.0828 1824  usbprint - ok
    13:37:34.0843 1824  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
    13:37:34.0859 1824  usbscan - ok
    13:37:34.0890 1824  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    13:37:34.0906 1824  USBSTOR - ok
    13:37:34.0921 1824  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    13:37:34.0921 1824  usbuhci - ok
    13:37:34.0937 1824  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
    13:37:34.0937 1824  VgaSave - ok
    13:37:35.0000 1824  [ 012B67EAFBC92572228D00149CE7D079 ] viagfx          C:\WINDOWS\system32\DRIVERS\vtmini.sys
    13:37:35.0000 1824  viagfx - ok
    13:37:35.0015 1824  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde          C:\WINDOWS\system32\drivers\ViaIde.sys
    13:37:35.0015 1824  ViaIde - ok
    13:37:35.0062 1824  [ C8EE49FA76EB7C41A9CDDFE58151A74E ] videX32         C:\WINDOWS\system32\DRIVERS\videX32.sys
    13:37:35.0078 1824  videX32 - ok
    13:37:35.0125 1824  [ 46DE1126684369BACE4849E4FC8C43CA ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
    13:37:35.0125 1824  VolSnap - ok
    13:37:35.0203 1824  [ 5A4DA252B2C0550AB83D129C02CF6C19 ] VSS             C:\WINDOWS\System32\vssvc.exe
    13:37:35.0234 1824  VSS - ok
    13:37:35.0265 1824  [ C1F726EE0B043B074A68992BC4AEF8FD ] W32Time         C:\WINDOWS\system32\w32time.dll
    13:37:35.0281 1824  W32Time - ok
    13:37:35.0296 1824  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
    13:37:35.0296 1824  Wanarp - ok
    13:37:35.0312 1824  WDICA - ok
    13:37:35.0375 1824  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
    13:37:35.0375 1824  wdmaud - ok
    13:37:35.0406 1824  [ 714670E64FBE6D28D99871ED9A52A334 ] WebClient       C:\WINDOWS\System32\webclnt.dll
    13:37:35.0406 1824  WebClient - ok
    13:37:35.0500 1824  [ 5E9DEAE9980FF34BCD6DDE2E9E2BF911 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
    13:37:35.0500 1824  winmgmt - ok
    13:37:35.0578 1824  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
    13:37:35.0593 1824  WmdmPmSN - ok
    13:37:35.0640 1824  [ 4E8E8A58F56B25D0795F484E5EB7F898 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
    13:37:35.0640 1824  WmiApSrv - ok
    13:37:35.0718 1824  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
    13:37:35.0734 1824  WMPNetworkSvc - ok
    13:37:35.0750 1824  [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    13:37:35.0750 1824  WpdUsb - ok
    13:37:35.0796 1824  [ C1FD85DB4A80A98D60ECB7A828E77FE0 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
    13:37:35.0812 1824  wscsvc - ok
    13:37:35.0859 1824  [ 75D6C5C3D2C93B1F9931E5DFB693AE2A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
    13:37:35.0875 1824  wuauserv - ok
    13:37:35.0921 1824  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    13:37:35.0921 1824  WudfPf - ok
    13:37:35.0953 1824  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    13:37:35.0953 1824  WudfRd - ok
    13:37:35.0984 1824  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
    13:37:36.0015 1824  WudfSvc - ok
    13:37:36.0062 1824  [ C336E54EE0C291A02F004667DB1E66CB ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
    13:37:36.0078 1824  WZCSVC - ok
    13:37:36.0156 1824  [ FCBC27869092850CDB75139F3818653A ] xfilt           C:\WINDOWS\system32\DRIVERS\xfilt.sys
    13:37:36.0156 1824  xfilt - ok
    13:37:36.0187 1824  [ F92A87FDDA0C11C8604FBC2B864FA726 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
    13:37:36.0203 1824  xmlprov - ok
    13:37:36.0218 1824  ================ Scan global ===============================
    13:37:36.0265 1824  [ 61013AB2E38550619637AA6CC02383D4 ] C:\WINDOWS\system32\basesrv.dll
    13:37:36.0296 1824  [ 3174C4542C75652F498F026F6CB1ADB8 ] C:\WINDOWS\system32\winsrv.dll
    13:37:36.0328 1824  [ 3174C4542C75652F498F026F6CB1ADB8 ] C:\WINDOWS\system32\winsrv.dll
    13:37:36.0359 1824  [ 54CB50058851D95E56EC70D09F70857F ] C:\WINDOWS\system32\services.exe
    13:37:36.0375 1824  [Global] - ok
    13:37:36.0375 1824  ================ Scan MBR ==================================
    13:37:36.0390 1824  [ C99C3199CFAA4CBDCD91493F6D113A50 ] \Device\Harddisk0\DR0
    13:37:36.0750 1824  \Device\Harddisk0\DR0 - ok
    13:37:36.0750 1824  ================ Scan VBR ==================================
    13:37:36.0765 1824  [ F69DF6EE03EE31C8C13BC27606AE56B2 ] \Device\Harddisk0\DR0\Partition1
    13:37:36.0781 1824  \Device\Harddisk0\DR0\Partition1 - ok
    13:37:36.0781 1824  ============================================================
    13:37:36.0781 1824  Scan finished
    13:37:36.0781 1824  ============================================================
    13:37:36.0812 3260  Detected object count: 1
    13:37:36.0812 3260  Actual detected object count: 1
    13:37:57.0765 3260  C:\WINDOWS\system32\drivers\ALCXWDM.SYS - copied to quarantine
    13:37:57.0765 3260  HKLM\SYSTEM\ControlSet001\services\ALCXWDM - will be deleted on reboot
    13:37:57.0765 3260  HKLM\SYSTEM\ControlSet002\services\ALCXWDM - will be deleted on reboot
    13:37:57.0765 3260  HKLM\SYSTEM\ControlSet003\services\ALCXWDM - will be deleted on reboot
    13:37:57.0765 3260  HKLM\SYSTEM\ControlSet004\services\ALCXWDM - will be deleted on reboot
    13:37:57.0765 3260  HKLM\SYSTEM\ControlSet005\services\ALCXWDM - will be deleted on reboot
    13:37:57.0765 3260  HKLM\SYSTEM\ControlSet006\services\ALCXWDM - will be deleted on reboot
    13:37:57.0781 3260  C:\WINDOWS\system32\drivers\ALCXWDM.SYS - will be deleted on reboot
    13:37:57.0781 3260  ALCXWDM ( ForgedFile.Multi.Generic ) - User select action: Delete 
    13:38:05.0406 2860  Deinitialize success

  7. #7
    Moderator (global) Team-Mitglied Avatar von kira
    Registriert seit
    28.03.2006
    Ort
    Wien/Sprachen: Deutsch-Ungarisch
    Beiträge
    29.692

    AW: Microsoft Internet Explorer funktioniert nicht

    Systemreinigung und Prüfung:

    ► Wenn Du nun alle Schritte erledigt hast, melde dich mit die gewünschten Ergebnisse zurück!
    Nur bei Probleme stoppen und nachfragen

    1.
    Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis mit Rechtsklick als Administrator starten-> `Do a system scan only`--> Einträge auswählen-> Häckhen setzen-> "Fix checked"klicken->PC neu aufstarten) - fixe NUR Die von mir angegebenen Einträge!:
    HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen
    Code:
    O3 - Toolbar: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - (no file)
    2.
    Achtung wichtig!:
    Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
    (Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)



    Fixen mit OTL
    • Starte die OTL.exe.
    • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
    • Kopiere folgendes Skript (unverändert - also beginnend :OTL bis zur letzten Zeile [emptytemp] (ohne "code"!):
    Code:
    :OTL
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGIC_fr
    IE - HKCU\..\SearchScopes\{814C76CB-2623-43F4-AAD0-58A0E5190A20}: "URL" = http://r.orange.fr/r?ref=O_toolbar32_hook_openSearchIE&url=http%3A//rw.search.ke.voila.fr/RW/S/toolbar31_ie7?rdata={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
    FF - prefs.js..extensions.enabledItems: toolbar@alot.com:2.4.5000
    FF - prefs.js..keyword.URL: "http://r.orange.fr/r?ref=O_toolbar32_hook_syntaxError&url=http%3A//rws.search.ke.voila.fr/RW/A/O_toolbar31?errorigin=noturl&kw="
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    [2012/04/18 16:39:52 | 000,000,000 | ---D | M] (ALOT Toolbar) -- C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\a7iuqv3o.default\extensions\toolbar@alot.com
    [2012/02/20 10:35:35 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
    [2012/02/20 10:35:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/02/20 10:35:35 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
    [2012/02/20 10:35:35 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
    [2010/01/17 15:48:01 | 000,000,748 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MediaDICO-fr.xml
    [2012/02/20 10:35:35 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
    [2012/02/20 10:35:35 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml
    O3 - HKLM\..\Toolbar: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D3028143-6145-4318-99D3-3EDCE54A95A9} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/12/14 10:00:22 | 000,008,192 | ---- | M] (Microsoft) - E:\AutoOff.exe -- [ FAT32 ]
    O32 - AutoRun File - [2010/03/16 21:14:04 | 000,000,064 | ---- | M] () - E:\autorun.inf -- [ FAT32 ]
    O33 - MountPoints2\{56fa398e-1fff-11dd-9135-0019db85e0d8}\Shell - "" = AutoRun
    O33 - MountPoints2\{56fa398e-1fff-11dd-9135-0019db85e0d8}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
    O33 - MountPoints2\{65a0a460-484a-11de-9390-0019db85e0d8}\Shell\Auto\command - "" = RavMonE.exe e
    O33 - MountPoints2\{65a0a460-484a-11de-9390-0019db85e0d8}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e
    O33 - MountPoints2\{6745366c-7274-11e1-989b-0019db85e0d8}\Shell - "" = AutoRun
    O33 - MountPoints2\{6745366c-7274-11e1-989b-0019db85e0d8}\Shell\AutoRun\command - "" = E:\setup.exe -- [2012/04/17 21:22:36 | 002,539,496 | ---- | M] (LionSea SoftWare                                            )
    O33 - MountPoints2\{7b852879-74d9-11e1-989f-0019db85e0d8}\Shell - "" = AutoRun
    O33 - MountPoints2\{7b852879-74d9-11e1-989f-0019db85e0d8}\Shell\AutoRun\command - "" = E:\setup.exe -- [2012/04/17 21:22:36 | 002,539,496 | ---- | M] (LionSea SoftWare                                            )
    O33 - MountPoints2\{9fcd4e44-3204-11dc-8f54-0019db85e0d8}\Shell - "" = AutoRun
    O33 - MountPoints2\{9fcd4e44-3204-11dc-8f54-0019db85e0d8}\Shell\Auto\command - "" = E:\Cn911.exe
    O33 - MountPoints2\{9fcd4e44-3204-11dc-8f54-0019db85e0d8}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe
    O33 - MountPoints2\{c101fd05-d7fd-11e1-991b-0019db85e0d8}\Shell - "" = AutoRun
    O33 - MountPoints2\{c101fd05-d7fd-11e1-991b-0019db85e0d8}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
    O33 - MountPoints2\E\Shell - "" = AutoRun
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
    [2012/08/20 15:54:10 | 000,001,056 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/08/20 15:54:04 | 000,001,052 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
     @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [emptytemp]
    • und füge es hier ein:
    • Schließe alle Programme.
    • Klicke auf den Fix Button.
    • Klick auf .
    • OTL verlangt einen Neustart. Bitte zulassen.
    • Nach dem Neustart findest Du ein Textdokument.
      Kopiere den Inhalt hier in Code-Tags in Deinen Thread.


    3.
    Java aktualisieren- über Systemsteuerung-> Nach Update suchen...
    oder:
    Downloade nun die Offline-Version von Java "Empfohlen Version Java(TM) 7 Update 5 " von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen.

    4.
    Alle Programme/Fenster schließen
    Java-Cache leeren

    Start => Systemsteuerung => Java => Allgemein => Temporäre Internet-Dateien "Einstellungen" => Dateien löschen => Haken bei "Anwendungen und Applets" sowie bei "Verfolgungs- und Protokolldateien" setzen => OK
    -> Wie leere ich den Java-Cache?
    -> Java-Cache leeren
    -> Kurze Videoanleitung wie man unter Windows 7 und XP den JAVA Cache löschen kann.

    5.
    Java :
    Ältere Versionen falls noch existieren, deinstallieren
    ► Die alte Java-Versionen verbleiben auf dem PC...aus Sicherheitsgründen müssen entfernt werden,auch in Zukunft darauf achten!
    Code:
    Java(TM) 6 Update 3
    6.
    Alle Programme/Fenster schließen
    Öffne CCleaner - Anleitung CCleaner
    • "Cleaner"->"Analysieren"->Klick auf den Button "Start CCleaner"
    • "Registry""Fehler suchen"-> "Fehler beheben"->"Alle beheben"
    • Starte dein System neu auf


    7.
    Tipps - Der Internet Explorer von Microsoft gehört zur Grundausstattung unter Windows, somit wie alle andere installierte Software muss gepflegt werden! Auch bei Nicht-Verwendung!:
    ->Tipps zu Internet Explorer
    -> Standard Suchmaschine des Explorers ändern
    -> Ändern oder Auswählen eines Suchanbieters in Internet Explorer 7/8
    -> Wie kann ich den Cache im Internet Explorer leeren?

    8.
    Vorbereitung

    • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
    • Bitte während der Online-Scans deaktivieren:
      Anti-Virus-Programm und Firewall.
    • Internet Explorer starten => im Menü unter Extras => Internetoption => Datenschutz => den Haken bei "Popupblocker einschalten" entfernen und
    • unter dem Reiter "Sicherheit" => die Sicherheitsstufe ggfs. auf "Mittelhoch" herabsetzen.
      Nicht vergessen, sie hinterher wieder einzuschalten bzw. die Internetoptionen wie zuvor einzustellen..
    • Während der Online-Scans auf andere Online-Aktivitäten verzichten.
    • Du musst das Herunterladen und Installieren von ActiveX-Steuerelementen (Controls) zulassen.


    • .


    Den PC NUR online scannen und NICHT ein zweites Antivirenprogramm installieren!!!

    • Eset Online Scanner (NOD32)
      • Unterstützte Betriebssysteme: Microsoft Windows 7 - Vista - XP - 2000 - NT.
      • Anmerkung für Vista und Windows 7-User: Bitte den Browser unbedingt als Administrator starten.
      • Dein Anti-Virus-Programm während des Scans deaktivieren.
      • Button "ESET Online Scanner" drücken.
      • IE-User müssen das Installieren eines ActiveX Elements erlauben.
      • Einen Haken bei "YES, I accept the Terms of Use." machen und auf den Button "Start" drücken.
      • Einen Haken bei "Remove found threads" und "Scan archives" machen.
      • Start drücken.
      • Signaturen werden heruntergeladen.
      • Der Scan beginnt automatisch.
      • Wenn fertig, das Protokoll speichern und mir posten.
        -> List of found threats
        -> Export to text file
        -> Back
        -> Delete quarantäne files
      • Finish drücken.
      • Browser schließen.
      • Deinstallation nachdem das Protokoll mir gepostet hast: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
      • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


    9.
    erneut einen Scan mit OTL: - ältere Logdateien löschen!
    • Doppelklick auf die OTL.exe
    • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
    • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
    • Unter Extra Registry, wähle bitte Use SafeList
    • Mache Häckchen bei LOP- und Purity-Prüfung.
    • Klicke nun auf Run Scan links oben
    • Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und extra.txt
    • Poste die Logfiles in Code-Tags hier in den Thread.


    ► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
    Warnung!:
    Vorsicht bei Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einem Verschlüsselungs-Trojaner infiziert sein!
    Anhang nicht öffnen, in unserem Forum erst nachfragen!

    Bitte diese Warnung weitergeben, wo Du nur kannst!
    Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
    Bitte diese Warnung weitergeben, wo Du nur kannst!

  8. #8
    Einsteiger
    Registriert seit
    19.08.2012
    Beiträge
    18

    AW: Microsoft Internet Explorer funktioniert nicht

    Ok, habe die Toolbar mit HJT gefixt.

    Hier das Text nach dem OTL-Fix:
    Code:
    All processes killed
    ========== OTL ==========
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{814C76CB-2623-43F4-AAD0-58A0E5190A20}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{814C76CB-2623-43F4-AAD0-58A0E5190A20}\ not found.
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    Prefs.js: toolbar@alot.com:2.4.5000 removed from extensions.enabledItems
    Prefs.js: "http://r.orange.fr/r?ref=O_toolbar32_hook_syntaxError&url=http%3A//rws.search.ke.voila.fr/RW/A/O_toolbar31?errorigin=noturl&kw=" removed from keyword.URL
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
    C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
    File C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
    C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\a7iuqv3o.default\extensions\toolbar@alot.com\META-INF folder moved successfully.
    C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\a7iuqv3o.default\extensions\toolbar@alot.com\gen folder moved successfully.
    C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\a7iuqv3o.default\extensions\toolbar@alot.com\defaults\preferences folder moved successfully.
    C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\a7iuqv3o.default\extensions\toolbar@alot.com\defaults folder moved successfully.
    C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\a7iuqv3o.default\extensions\toolbar@alot.com\components folder moved successfully.
    C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\a7iuqv3o.default\extensions\toolbar@alot.com\chrome folder moved successfully.
    C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\a7iuqv3o.default\extensions\toolbar@alot.com folder moved successfully.
    C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml moved successfully.
    C:\Program Files\Mozilla Firefox\searchplugins\bing.xml moved successfully.
    C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml moved successfully.
    C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml moved successfully.
    C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml moved successfully.
    C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml moved successfully.
    C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D3028143-6145-4318-99D3-3EDCE54A95A9} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3028143-6145-4318-99D3-3EDCE54A95A9}\ not found.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
    File E:\AutoOff.exe not found.
    File E:\autorun.inf not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{56fa398e-1fff-11dd-9135-0019db85e0d8}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56fa398e-1fff-11dd-9135-0019db85e0d8}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{56fa398e-1fff-11dd-9135-0019db85e0d8}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56fa398e-1fff-11dd-9135-0019db85e0d8}\ not found.
    File E:\LaunchU3.exe -a not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65a0a460-484a-11de-9390-0019db85e0d8}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65a0a460-484a-11de-9390-0019db85e0d8}\ not found.
    File RavMonE.exe e not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65a0a460-484a-11de-9390-0019db85e0d8}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65a0a460-484a-11de-9390-0019db85e0d8}\ not found.
    File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6745366c-7274-11e1-989b-0019db85e0d8}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6745366c-7274-11e1-989b-0019db85e0d8}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6745366c-7274-11e1-989b-0019db85e0d8}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6745366c-7274-11e1-989b-0019db85e0d8}\ not found.
    File E:\setup.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b852879-74d9-11e1-989f-0019db85e0d8}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b852879-74d9-11e1-989f-0019db85e0d8}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b852879-74d9-11e1-989f-0019db85e0d8}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b852879-74d9-11e1-989f-0019db85e0d8}\ not found.
    File E:\setup.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9fcd4e44-3204-11dc-8f54-0019db85e0d8}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9fcd4e44-3204-11dc-8f54-0019db85e0d8}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9fcd4e44-3204-11dc-8f54-0019db85e0d8}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9fcd4e44-3204-11dc-8f54-0019db85e0d8}\ not found.
    File E:\Cn911.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9fcd4e44-3204-11dc-8f54-0019db85e0d8}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9fcd4e44-3204-11dc-8f54-0019db85e0d8}\ not found.
    File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c101fd05-d7fd-11e1-991b-0019db85e0d8}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c101fd05-d7fd-11e1-991b-0019db85e0d8}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c101fd05-d7fd-11e1-991b-0019db85e0d8}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c101fd05-d7fd-11e1-991b-0019db85e0d8}\ not found.
    File E:\LaunchU3.exe -a not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
    File E:\LaunchU3.exe -a not found.
    C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
    C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Configuration IP de Windows
    Cache de résolution DNS vidé.
    C:\Documents and Settings\Vincent\Bureau\cmd.bat deleted successfully.
    C:\Documents and Settings\Vincent\Bureau\cmd.txt deleted successfully.
    ========== COMMANDS ==========
     
    [EMPTYTEMP]
     
    User: All Users
     
    User: Constance
    ->Temp folder emptied: 85478350 bytes
    ->Temporary Internet Files folder emptied: 130895136 bytes
    ->Java cache emptied: 794944 bytes
    ->FireFox cache emptied: 60552882 bytes
    ->Flash cache emptied: 8468 bytes
     
    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 41 bytes
     
    User: Elodie
    ->Temp folder emptied: 324265668 bytes
    ->Temporary Internet Files folder emptied: 177527727 bytes
    ->Java cache emptied: 244248 bytes
    ->FireFox cache emptied: 90505642 bytes
    ->Google Chrome cache emptied: 9123076 bytes
    ->Flash cache emptied: 45077 bytes
     
    User: Invité
    ->Temp folder emptied: 32685928 bytes
    ->Temporary Internet Files folder emptied: 544806242 bytes
    ->Java cache emptied: 827855 bytes
    ->FireFox cache emptied: 82230687 bytes
    ->Google Chrome cache emptied: 226477503 bytes
    ->Flash cache emptied: 44533 bytes
     
    User: LocalService
    ->Temp folder emptied: 115616 bytes
    ->Temporary Internet Files folder emptied: 7190123 bytes
     
    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
     
    User: Vincent
    ->Temp folder emptied: 185405997 bytes
    ->Temporary Internet Files folder emptied: 8191933 bytes
    ->Java cache emptied: 1205313 bytes
    ->FireFox cache emptied: 175641794 bytes
    ->Google Chrome cache emptied: 1905008 bytes
    ->Flash cache emptied: 3097 bytes
     
    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 6851745 bytes
    %systemroot%\System32 .tmp files removed: 160018606 bytes
    %systemroot%\System32\dllcache .tmp files removed: 85026816 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 7126707 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 491327001 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 461395097 bytes
     
    Total Files Cleaned = 3*202,00 mb
     
     
    OTL by OldTimer - Version 3.2.58.1 log created on 08212012_230007
    
    Files\Folders moved on Reboot...
    File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
    
    PendingFileRenameOperations files...
    
    Registry entries deleted on Reboot...
    JavaCache ist geleert und die ältere Javaversion ist deinstalliert.

    eset hat eine Bedrohung gefunden und entfernt:

    Code:
    C:\Documents and Settings\Vincent\Mes documents\logiciels\Nero810_eval01net.exe	Win32/Toolbar.AskSBar application	cleaned by deleting - quarantined
    OTL:
    Code:
    OTL logfile created on: 22/08/2012 01:45:23 - Run 3
    OTL by OldTimer - Version 3.2.58.1     Folder = C:\Documents and Settings\Vincent\Bureau
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
     
    958,42 Mb Total Physical Memory | 475,50 Mb Available Physical Memory | 49,61% Memory free
    2,26 Gb Paging File | 1,81 Gb Available in Paging File | 80,26% Paging File free
    Paging file location(s): c:\pagefile.sys 1440 2880 [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 465,76 Gb Total Space | 375,80 Gb Free Space | 80,69% Space Free | Partition Type: NTFS
     
    Computer Name: FABAS | User Name: Vincent | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - C:\Documents and Settings\Vincent\Bureau\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
    PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
    PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    PRC - C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    PRC - C:\Programmes pour le PC\Update checker\FileHippo.com\UpdateChecker.exe (FileHippo.com)
    PRC - C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\OrangeStats.exe ()
    PRC - C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\HSSModule.exe ()
    PRC - C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\SmsNotifier.exe ()
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (France Telecom SA)
    PRC - C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
    PRC - C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe (Nuance Communications, Inc.)
    PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
    PRC - C:\WINDOWS\system32\VTTrayp.exe (S3 Graphics Co., Ltd.)
    PRC - C:\WINDOWS\system32\VTTimer.exe (S3 Graphics, Inc.)
     
     
    ========== Modules (No Company Name) ==========
     
    MOD - C:\Program Files\AVAST Software\Avast\defs\12082100\algo.dll ()
    MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\359fd69eb60e9844ffd497e92345178c\Microsoft.VisualBasic.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll ()
    MOD - C:\Program Files\Fichiers communs\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files\Fichiers communs\Apple\Apple Application Support\libxml2.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
    MOD - C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\OrangeStats.exe ()
    MOD - C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\HSSModule.exe ()
    MOD - C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\SmsNotifier.exe ()
    MOD - C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\ProxyDetection.dll ()
    MOD - C:\WINDOWS\system32\tsd32.dll ()
     
     
    ========== Win32 Services (SafeList) ==========
     
    SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
    SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
    SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    SRV - (Apple Mobile Device) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
    SRV - (FTRTSVC) -- C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (France Telecom SA)
    SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV - (WDICA) --  File not found
    DRV - (SetupNTGLM7X) -- D:\NTGLM7X.sys File not found
    DRV - (PDRFRAME) --  File not found
    DRV - (PDRELI) --  File not found
    DRV - (PDFRAME) --  File not found
    DRV - (PDCOMP) --  File not found
    DRV - (PCIDump) --  File not found
    DRV - (oirijshr795b6c63) -- C:\WINDOWS\system32\oirijshr795b6c63.sys File not found
    DRV - (oirijshr77d94031) -- C:\WINDOWS\system32\oirijshr77d94031.sys File not found
    DRV - (NTACCESS) -- D:\NTACCESS.sys File not found
    DRV - (MSICPL) -- D:\install4\MSICPL.sys File not found
    DRV - (lbrtfdc) --  File not found
    DRV - (i2omgmt) --  File not found
    DRV - (GMSIPCI) -- D:\INSTALL\GMSIPCI.SYS File not found
    DRV - (FETNDIS) -- system32\DRIVERS\fetnd5.sys File not found
    DRV - (Changer) --  File not found
    DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
    DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
    DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
    DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
    DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
    DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
    DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
    DRV - (ewusbnet) -- C:\WINDOWS\system32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
    DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
    DRV - (ew_hwusbdev) -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
    DRV - (ew_usbenumfilter) -- C:\WINDOWS\system32\drivers\ew_usbenumfilter.sys (Huawei Technologies Co., Ltd.)
    DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
    DRV - (PCANDIS5) -- C:\WINDOWS\system32\pcandis5.sys (Printing Communications Assoc., Inc. (PCAUSA))
    DRV - (xfilt) -- C:\WINDOWS\system32\drivers\xfilt.sys (VIA Technologies,Inc)
    DRV - (videX32) -- C:\WINDOWS\system32\drivers\videX32.sys (VIA Technologies, Inc.)
    DRV - (PCAMPR5) -- C:\WINDOWS\system32\pcampr5.sys (Printing Communications Assoc., Inc. (PCAUSA))
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = 
    IE - HKLM\..\SearchScopes,DefaultScope = 
     
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = 
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = 
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
    IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGIC_fr
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
    ========== FireFox ==========
     
    FF - prefs.js..browser.search.defaultenginename: "Google"
    FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.google.fr"
    FF - user.js - File not found
     
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Documents and Settings\Vincent\Mes documents\Picasa2\npPicasa2.dll File not found
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Documents and Settings\Vincent\Mes documents\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
     
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/10/15 15:41:25 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/08/15 16:59:26 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/19 20:36:26 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/19 20:40:54 | 000,000,000 | ---D | M]
     
    [2008/08/31 20:36:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vincent\Application Data\Mozilla\Extensions
    [2012/08/21 23:00:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\a7iuqv3o.default\extensions
    [2007/12/07 12:55:10 | 000,000,000 | ---D | M] (Metal Lion - Vista) -- C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\a7iuqv3o.default\extensions\{1AF3FC34-0725-4485-A939-6B40EB7CA96A}
    [2011/06/09 15:05:36 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\a7iuqv3o.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2009/02/06 21:07:39 | 000,000,000 | ---D | M] (Forecastbar Enhanced) -- C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\a7iuqv3o.default\extensions\{3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}
    [2012/05/21 10:29:43 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\a7iuqv3o.default\extensions\en-US@dictionaries.addons.mozilla.org
    [2009/02/04 15:19:03 | 000,000,000 | ---D | M] (Dictionnaire HunSpell en Français (réforme 1990)) -- C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\a7iuqv3o.default\extensions\fr@dictionaries.addons.mozilla.org
    [2009/02/04 15:19:03 | 000,000,000 | ---D | M] (Dictionnaire HunSpell en Français) -- C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\a7iuqv3o.default\extensions\fr-FR@dictionaries.addons.mozilla.org
    [2010/01/10 12:29:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\suite.User0\extensions
    [2010/07/03 17:59:47 | 000,001,137 | ---- | M] () -- C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\a7iuqv3o.default\searchplugins\orange.xml
    [2011/11/11 12:59:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/10/26 23:27:59 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012/07/19 12:02:46 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/08/19 20:23:13 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
     
    ========== Chrome  ==========
     
    CHR - homepage: http://www.google.com
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com
    CHR - Extension: Skype Click to Call = C:\Documents and Settings\Vincent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
     
    O1 HOSTS File: ([2008/02/03 16:23:14 | 000,224,387 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1       localhost
    O1 - Hosts: 127.0.0.1	007guard.com
    O1 - Hosts: 127.0.0.1	www.007guard.com
    O1 - Hosts: 127.0.0.1	008i.com
    O1 - Hosts: 127.0.0.1	008k.com
    O1 - Hosts: 127.0.0.1	www.008k.com
    O1 - Hosts: 127.0.0.1	00hq.com
    O1 - Hosts: 127.0.0.1	www.00hq.com
    O1 - Hosts: 127.0.0.1	010402.com
    O1 - Hosts: 127.0.0.1	032439.com
    O1 - Hosts: 127.0.0.1	www.032439.com
    O1 - Hosts: 127.0.0.1	1001-search.info
    O1 - Hosts: 127.0.0.1	www.1001-search.info
    O1 - Hosts: 127.0.0.1	100888290cs.com
    O1 - Hosts: 127.0.0.1	www.100888290cs.com
    O1 - Hosts: 127.0.0.1	100sexlinks.com
    O1 - Hosts: 127.0.0.1	www.100sexlinks.com
    O1 - Hosts: 127.0.0.1	10sek.com
    O1 - Hosts: 127.0.0.1	www.10sek.com
    O1 - Hosts: 127.0.0.1	123topsearch.com
    O1 - Hosts: 127.0.0.1	www.123topsearch.com
    O1 - Hosts: 127.0.0.1	132.com
    O1 - Hosts: 127.0.0.1	www.132.com
    O1 - Hosts: 127.0.0.1	136136.net
    O1 - Hosts: 127.0.0.1	www.136136.net
    O1 - Hosts: 7873 more lines...
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [Start_HSSModule] C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\HSSModule.exe ()
    O4 - HKLM..\Run: [Start_SMSNotifier] C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\SmsNotifier.exe ()
    O4 - HKLM..\Run: [Start_Statistics] C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\OrangeStats.exe ()
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
    O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTTrayp.exe (S3 Graphics Co., Ltd.)
    O4 - HKCU..\Run: [FileHippo.com] C:\Programmes pour le PC\Update checker\FileHippo.com\UpdateChecker.exe (FileHippo.com)
    O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    O4 - Startup: C:\Documents and Settings\Vincent\Menu Démarrer\Programmes\Démarrage\Barre d'Outils Olitec.lnk =  File not found
    O4 - Startup: C:\Documents and Settings\Vincent\Menu Démarrer\Programmes\Démarrage\Moniteur Fax-Voix.lnk =  File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: &Envoyer à OneNote - res://C:\PROGRA~1\MI1933~1\Office14\ONBttnIE.dll/105 File not found
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm File not found
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx File not found
    O8 - Extra context menu item: ajouter cette page à vos favoris Orange - C:\DOCUME~1\Vincent\LOCALS~1\Temp\cce40.html File not found
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office14\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?faf8de032e55463b9014127d42c39933 File not found
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?faf8de032e55463b9014127d42c39933 File not found
    O8 - Extra context menu item: traduire la page - C:\DOCUME~1\Vincent\LOCALS~1\Temp\cce3E.html File not found
    O8 - Extra context menu item: traduire le texte sélectionné - C:\DOCUME~1\Vincent\LOCALS~1\Temp\cce3F.html File not found
    O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll File not found
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Domains: mappy.com ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: orange.fr ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: voila.fr ([rw.search.ke] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: weborama.fr ([orange] http in Trusted sites)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab (MSN Photo Upload Tool)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A71C3778-88E0-4270-A926-2629FA2CED92}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A71C3778-88E0-4270-A926-2629FA2CED92}: NameServer = 80.10.246.1,81.253.149.10
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Fond d'écran.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Fond d'écran.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/06/25 12:47:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{b473a04e-b08d-11e0-9787-0019db85e0d8}\Shell\AutoRun\command - "" = E:\Menu.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (stera)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2012/08/21 23:49:34 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2012/08/21 23:41:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Vincent\Recent
    [2012/08/21 23:00:07 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012/08/21 13:37:57 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/08/21 13:33:56 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Vincent\Bureau\TDSSKiller.exe
    [2012/08/20 17:42:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
    [2012/08/20 11:51:40 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Vincent\Bureau\OTL.exe
    [2012/08/20 10:43:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincent\Application Data\Malwarebytes
    [2012/08/20 10:42:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2012/08/20 10:42:56 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2012/08/20 10:42:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/08/19 20:41:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincent\Menu Démarrer\Programmes\HiJackThis
    [2012/08/19 20:41:56 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2012/08/19 20:36:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\QuickTime
    [2012/08/19 20:34:54 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2012/08/19 20:24:01 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\xing shared
    [2012/08/19 20:23:26 | 000,198,864 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
    [2012/08/19 20:23:06 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
    [2012/08/19 20:23:06 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
    [2012/08/19 20:23:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\RealNetworks
    [2012/08/18 13:49:42 | 000,000,000 | ---D | C] -- C:\1c4635c3ae739366f51af23775
    [2012/08/18 13:46:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Google Earth
    [2012/08/18 13:35:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\iTunes
    [2012/08/18 13:29:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2012/08/18 13:29:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2012/08/18 13:29:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2012/08/18 13:27:28 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
    [2012/08/18 13:25:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
    [2012/08/18 13:24:22 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2012/08/18 13:09:46 | 000,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
    [2012/08/18 13:04:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincent\Mes documents\Google
    [2012/08/18 13:01:02 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Skype
    [2012/08/18 13:01:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Skype
    [2012/08/18 11:14:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincent\Menu Démarrer\Programmes\Revo Uninstaller
    [2012/08/18 11:14:38 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
    [2012/08/18 11:02:43 | 000,000,000 | ---D | C] -- C:\bc23e1cc69b7e9e6506cb086d6
    [2012/08/18 10:56:03 | 000,000,000 | ---D | C] -- C:\77aad79fdb21565822ca1c6024a3be04
    [2012/08/17 16:43:00 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Vincent\PrivacIE
    [2012/08/17 16:40:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\CCleaner
    [2012/08/17 16:40:44 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2012/08/16 11:38:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincent\Local Settings\Application Data\Sun
    [2012/08/16 11:32:50 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Vincent\IETldCache
    [2012/08/16 11:32:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincent\Menu Démarrer\Programmes\Accessories
    [2012/08/15 19:52:22 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
    [2012/08/15 19:52:22 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
    [2012/08/15 19:52:21 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
    [2012/08/15 19:48:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincent\Menu Démarrer\Programmes\WinRAR
    [2012/08/15 19:48:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WinRAR
    [2012/08/15 19:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
    [2012/08/15 19:46:33 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
    [2012/08/15 19:46:33 | 000,746,984 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
    [2012/08/15 19:46:33 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
    [2012/08/15 19:46:20 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
    [2012/08/15 19:46:20 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
    [2012/08/15 19:46:20 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
    [2012/08/07 13:46:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincent\Application Data\OpenOffice.org
    [2012/08/07 13:43:36 | 000,000,000 | ---D | C] -- C:\Programmes pour le PC
    [2012/08/07 13:36:41 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\OpenOffice.org 3.4
    [2012/08/07 13:29:27 | 000,000,000 | ---D | C] -- C:\Programmes d'ecrire
    [2012/08/02 16:06:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\CampBrain 5 Trial
    [2012/08/02 16:06:30 | 000,000,000 | ---D | C] -- C:\Program Files\CampBrain5 Trial
    [2012/08/02 16:06:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CampBrain5
    [2012/08/02 16:06:30 | 000,000,000 | ---D | C] -- C:\CampBrain Database
    [2012/08/02 16:01:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincent\Local Settings\Application Data\Downloaded Installations
    [2012/08/01 20:41:52 | 000,000,000 | ---D | C] -- C:\Campingsoftware
    [2012/07/26 19:28:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Screentime
    [2012/07/26 19:28:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincent\Local Settings\Application Data\Screentime
     
    ========== Files - Modified Within 30 Days ==========
     
    [2012/08/22 01:48:00 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2012/08/21 23:47:29 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{DB20F37A-8F04-45F3-8EE7-DDCE8D78B69C}.job
    [2012/08/21 23:44:33 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
    [2012/08/21 23:43:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/08/21 23:37:07 | 000,002,451 | ---- | M] () -- C:\Documents and Settings\Vincent\Bureau\HiJackThis.lnk
    [2012/08/21 13:55:36 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes Anti-Malware.lnk
    [2012/08/21 13:54:35 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Picasa 3.lnk
    [2012/08/21 13:53:17 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2012/08/21 13:53:17 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2012/08/21 13:27:56 | 000,089,088 | ---- | M] () -- C:\WINDOWS\System32\mbr.exe
    [2012/08/21 13:25:00 | 000,001,000 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
    [2012/08/20 18:55:22 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/08/20 17:42:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2012/08/20 17:33:26 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Vincent\Bureau\TDSSKiller.exe
    [2012/08/20 11:51:39 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vincent\Bureau\OTL.exe
    [2012/08/19 20:23:26 | 000,198,864 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
    [2012/08/19 20:23:06 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
    [2012/08/19 20:23:06 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
    [2012/08/19 20:23:04 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
    [2012/08/18 17:41:29 | 000,501,472 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
    [2012/08/18 17:41:29 | 000,433,328 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012/08/18 17:41:29 | 000,081,514 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
    [2012/08/18 17:41:29 | 000,068,284 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2012/08/18 17:31:19 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\Vincent\Application Data\Launch Internet Explorer Browser.lnk
    [2012/08/18 13:46:27 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Google*Earth.lnk
    [2012/08/18 13:09:31 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
    [2012/08/18 13:09:31 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
    [2012/08/18 13:06:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/08/18 11:14:39 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Vincent\Bureau\Revo Uninstaller.lnk
    [2012/08/17 16:40:50 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\CCleaner.lnk
    [2012/08/15 19:45:40 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
    [2012/08/15 19:45:30 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
    [2012/08/15 19:45:30 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
    [2012/08/15 19:45:29 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
    [2012/08/15 19:45:29 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
    [2012/08/15 19:45:26 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
    [2012/08/15 19:45:26 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
    [2012/08/15 19:23:51 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
    [2012/08/15 16:59:39 | 000,003,120 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2012/08/15 15:21:26 | 000,047,111 | ---- | M] () -- C:\Documents and Settings\Vincent\Bureau\planning réservation.odt
    [2012/08/07 23:13:49 | 000,017,819 | ---- | M] () -- C:\Documents and Settings\Vincent\Bureau\TOASTMARIAGEFRANCAIS.odt
    [2012/08/07 19:30:50 | 000,307,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/08/07 13:44:07 | 000,001,869 | ---- | M] () -- C:\Documents and Settings\Vincent\Bureau\Update Checker.lnk
    [2012/08/07 13:36:47 | 000,000,887 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\OpenOffice.org 3.4.lnk
    [2012/08/02 16:06:43 | 000,001,693 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\CampBrain 5 Trial.lnk
     
    ========== Files Created - No Company Name ==========
     
    [2012/08/21 13:54:35 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Picasa 3.lnk
    [2012/08/21 13:28:01 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\mbr.exe
    [2012/08/20 10:43:00 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes Anti-Malware.lnk
    [2012/08/19 20:41:57 | 000,002,451 | ---- | C] () -- C:\Documents and Settings\Vincent\Bureau\HiJackThis.lnk
    [2012/08/18 17:35:42 | 000,000,426 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{DB20F37A-8F04-45F3-8EE7-DDCE8D78B69C}.job
    [2012/08/18 17:31:19 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\Vincent\Application Data\Launch Internet Explorer Browser.lnk
    [2012/08/18 17:31:18 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Vincent\Menu Démarrer\Programmes\Internet Explorer.lnk
    [2012/08/18 13:46:27 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Google*Earth.lnk
    [2012/08/18 13:27:31 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2012/08/18 13:27:30 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Apple Software Update.lnk
    [2012/08/18 13:09:27 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Vincent\Menu Démarrer\Programmes\Windows Media Player.lnk
    [2012/08/18 12:09:31 | 001,207,126 | ---- | C] () -- C:\WINDOWS\System32\Spender.bmp
    [2012/08/18 12:09:31 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\GkSui18.EXE
    [2012/08/18 12:09:31 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\gksl_ger.dll
    [2012/08/18 12:09:31 | 000,000,970 | ---- | C] () -- C:\WINDOWS\System32\Spender.NTP
    [2012/08/18 11:14:39 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Vincent\Bureau\Revo Uninstaller.lnk
    [2012/08/17 16:40:50 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\CCleaner.lnk
    [2012/08/15 19:23:50 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
    [2012/08/15 16:59:36 | 000,000,316 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
    [2012/08/07 23:13:48 | 000,017,819 | ---- | C] () -- C:\Documents and Settings\Vincent\Bureau\TOASTMARIAGEFRANCAIS.odt
    [2012/08/07 13:44:07 | 000,001,875 | ---- | C] () -- C:\Documents and Settings\Vincent\Menu Démarrer\Programmes\Update Checker.lnk
    [2012/08/07 13:44:07 | 000,001,869 | ---- | C] () -- C:\Documents and Settings\Vincent\Bureau\Update Checker.lnk
    [2012/08/07 13:36:47 | 000,000,887 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\OpenOffice.org 3.4.lnk
    [2012/08/02 16:06:43 | 000,001,693 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\CampBrain 5 Trial.lnk
    [2012/02/15 03:43:30 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2011/07/19 21:37:37 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI
    [2011/04/21 12:36:45 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2011/04/19 16:32:28 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\StrStorage.dll
    [2008/02/26 15:02:45 | 000,038,400 | ---- | C] () -- C:\Documents and Settings\Vincent\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
     
    ========== LOP Check ==========
     
    [2011/08/30 10:27:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2012/08/02 16:06:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CampBrain5
    [2008/04/14 15:23:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
    [2010/02/07 13:58:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
    [2010/06/25 12:52:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
    [2010/06/23 15:28:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cegid
    [2012/03/23 13:32:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Orange
    [2008/04/14 15:27:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
    [2012/07/26 19:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Screentime
    [2012/03/23 13:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2009/06/13 14:55:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
    [2012/08/15 20:03:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2012/08/18 13:34:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/06/13 14:46:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2011/08/31 18:58:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincent\Application Data\Canon
    [2007/09/03 16:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincent\Application Data\CopyToDvd
    [2007/07/14 14:12:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincent\Application Data\Leadertech
    [2012/08/07 13:46:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincent\Application Data\OpenOffice.org
    [2008/04/14 15:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincent\Application Data\ScanSoft
    [2007/08/12 13:05:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincent\Application Data\Thunderbird
    [2012/07/11 16:33:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincent\Application Data\Vso
    [2009/06/13 15:02:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincent\Application Data\WindSolutions
    [2012/08/21 23:44:33 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job
    [2012/08/21 23:47:29 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{DB20F37A-8F04-45F3-8EE7-DDCE8D78B69C}.job
     
    ========== Purity Check ==========
     
     
    
    < End of report >
    Code:
    OTL Extras logfile created on: 22/08/2012 01:45:23 - Run 3
    OTL by OldTimer - Version 3.2.58.1     Folder = C:\Documents and Settings\Vincent\Bureau
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
     
    958,42 Mb Total Physical Memory | 475,50 Mb Available Physical Memory | 49,61% Memory free
    2,26 Gb Paging File | 1,81 Gb Available in Paging File | 80,26% Paging File free
    Paging file location(s): c:\pagefile.sys 1440 2880 [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 465,76 Gb Total Space | 375,80 Gb Free Space | 80,69% Space Free | Partition Type: NTFS
     
    Computer Name: FABAS | User Name: Vincent | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Extra Registry (SafeList) ==========
     
     
    ========== File Associations ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
     
    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found
     
    ========== Shell Spawning ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
    https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
     
    ========== Security Center Settings ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "UpdatesDisableNotify" = 0
    "FirstRunDisabled" = 1
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
     
    ========== System Restore Settings ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2
     
    ========== Firewall Settings ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
     
    ========== Authorized Applications List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
    "C:\Documents and Settings\Invité\Bureau\freezer v1.4 fr\freezer.exe" = C:\Documents and Settings\Invité\Bureau\freezer v1.4 fr\freezer.exe:*:Disabled:freezer -- ()
    "C:\Program Files\Inventel\Gateway\RGWRepair.exe" = C:\Program Files\Inventel\Gateway\RGWRepair.exe:*:Enabled:RGWRepair -- (Inventel)
    "C:\Program Files\Orange\Connexion Internet Orange\Connectivity\ConnectivityManager.exe" = C:\Program Files\Orange\Connexion Internet Orange\Connectivity\ConnectivityManager.exe:*:enabled:CSS -- (France Telecom SA)
    "C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Disabled:Google Earth -- (Google)
    "C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Disabled:VLC media player -- ()
    "C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Disabled:Google Earth -- (Google)
    "C:\Program Files\Fichiers communs\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Fichiers communs\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
     
     
    ========== HKEY_LOCAL_MACHINE Uninstall List ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0385C7DF-4461-48A0-902C-9B98283B1F7B}" = Cegid Business Line Premium
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
    "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
    "{1292B4A7-C072-413A-B1D0-A1BE7FB516B9}" = Google SketchUp 8
    "{133742BA-6F46-4D3E-85AF-78631D9AD8B8}" = Installation Windows Live
    "{1EE04769-91C4-4A06-92B7-FCAFE6BABDD9}" = Galerie de photos Windows Live
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
    "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83217006FF}" = Java 7 Update 6
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google*Earth
    "{2F90A789-DD1E-41CE-BFCA-BD78213BABC7}" = OpenOffice.org 3.4
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
    "{3C683090-85C1-4130-BAF7-031E281911A6}" = CampBrain 5.3 Trial Version
    "{416DFEDD-9F1B-4EFC-AF70-FCA891AE0251}" = Adobe InDesign CS
    "{445B183D-F4F1-45C8-B9DB-F11355CA657B}" = Windows Live Messenger
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{4634B21A-CC07-4396-890C-2B8168661FEA}" = Windows Live Writer
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
    "{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
    "{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
    "{76810709-A7D3-468D-9167-A1780C1E766C}" = Windows Live FolderShare
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{83DFACEB-59B2-4981-B50B-2432255F33A3}" = Cegid Business Line Documentation
    "{870F1750-BA89-11DA-A94D-0800200C9A66}_is1" = VSO CopyToDVD 4
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
    "{9011040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9AEE1212-3B26-41D0-8327-DBC8FDE045E2}" = Cegid Business Line Structure de référence
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9FF9FDF7-F84A-4F99-B4BB-066B6F95F33D}" = Windows Live Contrôle parental
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A476A77A-F849-4EF3-BDE8-F437669D7563}" = Cegid Business Line fichier de connexion
    "{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Edition Découverte 3.2
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{AC76BA86-7AD7-1036-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Français
    "{B3B487E7-6171-4376-9074-B28082CEB504}" = Windows Live Call
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}" = Assistant de connexion Windows Live
    "{D6038E8E-9025-481D-B4D2-E7CE05305BD3}" = Cegid Business Line
    "{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{EF106010-14E3-4F84-9962-4AC68AA0968B}" = Cegid Expert Run Time CBP
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
    "{FE19C975-AFC8-44A4-85FA-6DBAD247687D}" = Orange Clé 3G+
    "{ORAHSS}.UninstallSuite" = Orange - Logiciels Internet
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Photoshop 5.0" = Adobe Photoshop 5.0
    "Adobe® Photoshop® Album Edition Découverte 3.2" = Adobe® Photoshop® Album Edition Découverte 3.2
    "avast" = avast! Free Antivirus
    "CANONIJPLM100" = PIXMA Extended Survey Program
    "CanonMyPrinter" = Canon My Printer
    "CanonSolutionMenu" = Canon Utilities Solution Menu
    "CCleaner" = CCleaner
    "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
    "FileHippo.com" = FileHippo.com Update Checker
    "Google Desktop" = Google Desktop
    "Google Updater" = Outil de mise à jour Google
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
    "IrfanView" = IrfanView (remove only)
    "MailNotifier" = Notification Mail
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox 14.0.1 (x86 fr)" = Mozilla Firefox 14.0.1 (x86 fr)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MSNINST" = MSN
    "Picasa 3" = Picasa 3
    "RealPlayer 15.0" = RealPlayer
    "Revo Uninstaller" = Revo Uninstaller 1.94
    "VIA/S3G UniChrome Family Win2K/XP/Server2003 Display" = VIA/S3G Display Driver 6.14.10.0297
    "VLC media player" = VLC media player 2.0.3
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "WinLiveSuite_Wave3" = Installation Windows Live
    "WinRAR archiver" = WinRAR 4.20 (32-bit)
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
     
    ========== HKEY_CURRENT_USER Uninstall List ==========
     
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "CopyTrans Suite" = CopyTrans Suite désinstallation uniquement
     
    ========== Last 20 Event Log Errors ==========
     
    [ Antivirus Events ]
    Error - 19/07/2011 05:18:55 | Computer Name = FABAS | Source = avast! | ID = 33554522
    Description = 
     
    Error - 19/07/2011 05:18:55 | Computer Name = FABAS | Source = avast! | ID = 33554522
    Description = 
     
    Error - 28/07/2011 14:33:39 | Computer Name = FABAS | Source = avast! | ID = 33554522
    Description = 
     
    Error - 28/07/2011 14:33:39 | Computer Name = FABAS | Source = avast! | ID = 33554522
    Description = 
     
    Error - 28/07/2011 14:33:39 | Computer Name = FABAS | Source = avast! | ID = 33554522
    Description = 
     
    Error - 28/07/2011 14:33:45 | Computer Name = FABAS | Source = avast! | ID = 33554522
    Description = 
     
    Error - 02/08/2011 08:11:10 | Computer Name = FABAS | Source = avast! | ID = 33554522
    Description = 
     
    Error - 02/08/2011 08:11:11 | Computer Name = FABAS | Source = avast! | ID = 33554522
    Description = 
     
    Error - 26/08/2011 15:05:39 | Computer Name = FABAS | Source = avast! | ID = 33554522
    Description = 
     
    Error - 30/08/2011 04:28:41 | Computer Name = FABAS | Source = avast! | ID = 33554522
    Description = 
     
    [ Application Events ]
    Error - 19/08/2012 11:35:33 | Computer Name = FABAS | Source = crypt32 | ID = 131083
    Description = Échec de l'extraction de la liste racine tierce partie depuis le fichier
     CAB de mise à jour automatique à : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
     avec l'erreur : Un certificat requis n'est pas dans sa période de validité selon
     la vérification par rapport à l'horloge système en cours ou le tampon daté dans
     le fichier signé.  
     
    Error - 19/08/2012 11:35:33 | Computer Name = FABAS | Source = crypt32 | ID = 131080
    Description = Échec de la récupération de la mise à jour automatique du numéro de
     séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
     avec l'erreur : Cette connexion réseau n'existe pas.  
     
    Error - 19/08/2012 11:37:08 | Computer Name = FABAS | Source = crypt32 | ID = 131083
    Description = Échec de l'extraction de la liste racine tierce partie depuis le fichier
     CAB de mise à jour automatique à : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
     avec l'erreur : Un certificat requis n'est pas dans sa période de validité selon
     la vérification par rapport à l'horloge système en cours ou le tampon daté dans
     le fichier signé.  
     
    Error - 19/08/2012 11:37:09 | Computer Name = FABAS | Source = crypt32 | ID = 131080
    Description = Échec de la récupération de la mise à jour automatique du numéro de
     séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
     avec l'erreur : A connection with the server could not be established  
     
    Error - 19/08/2012 11:39:07 | Computer Name = FABAS | Source = crypt32 | ID = 131083
    Description = Échec de l'extraction de la liste racine tierce partie depuis le fichier
     CAB de mise à jour automatique à : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
     avec l'erreur : Un certificat requis n'est pas dans sa période de validité selon
     la vérification par rapport à l'horloge système en cours ou le tampon daté dans
     le fichier signé.  
     
    Error - 19/08/2012 11:39:08 | Computer Name = FABAS | Source = crypt32 | ID = 131080
    Description = Échec de la récupération de la mise à jour automatique du numéro de
     séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
     avec l'erreur : A connection with the server could not be established  
     
    Error - 19/08/2012 14:15:37 | Computer Name = FABAS | Source = crypt32 | ID = 131083
    Description = Échec de l'extraction de la liste racine tierce partie depuis le fichier
     CAB de mise à jour automatique à : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
     avec l'erreur : Un certificat requis n'est pas dans sa période de validité selon
     la vérification par rapport à l'horloge système en cours ou le tampon daté dans
     le fichier signé.  
     
    Error - 19/08/2012 14:15:38 | Computer Name = FABAS | Source = crypt32 | ID = 131080
    Description = Échec de la récupération de la mise à jour automatique du numéro de
     séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
     avec l'erreur : A connection with the server could not be established  
     
    Error - 19/08/2012 14:18:46 | Computer Name = FABAS | Source = crypt32 | ID = 131083
    Description = Échec de l'extraction de la liste racine tierce partie depuis le fichier
     CAB de mise à jour automatique à : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
     avec l'erreur : Un certificat requis n'est pas dans sa période de validité selon
     la vérification par rapport à l'horloge système en cours ou le tampon daté dans
     le fichier signé.  
     
    Error - 19/08/2012 14:18:47 | Computer Name = FABAS | Source = crypt32 | ID = 131080
    Description = Échec de la récupération de la mise à jour automatique du numéro de
     séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
     avec l'erreur : A connection with the server could not be established  
     
    [ System Events ]
    Error - 21/08/2012 16:51:19 | Computer Name = FABAS | Source = Service Control Manager | ID = 7000
    Description = Le service oirijshr795b6c63 n'a pas pu démarrer en raison de l'erreur*:
       %%2
     
    Error - 21/08/2012 17:00:08 | Computer Name = FABAS | Source = Service Control Manager | ID = 7034
    Description = Le service Service Bonjour s'est terminé de façon inattendue pour 
    la 1ème fois.
     
    Error - 21/08/2012 17:00:08 | Computer Name = FABAS | Source = Service Control Manager | ID = 7031
    Description = Le service Apple Mobile Device s'est terminé de manière inattendue.
     Ceci s'est produit 1 fois. L'action corrective suivante va être effectuée dans 
    60000 millisecondes*: Redémarrer le service.
     
    Error - 21/08/2012 17:00:08 | Computer Name = FABAS | Source = Service Control Manager | ID = 7034
    Description = Le service France Telecom Routing Table Service s'est terminé de façon
     inattendue pour la 1ème fois.
     
    Error - 21/08/2012 17:00:09 | Computer Name = FABAS | Source = Service Control Manager | ID = 7034
    Description = Le service Java Quick Starter s'est terminé de façon inattendue pour
     la 1ème fois.
     
    Error - 21/08/2012 17:00:10 | Computer Name = FABAS | Source = Service Control Manager | ID = 7034
    Description = Le service Service de l’iPod s'est terminé de façon inattendue pour
     la 1ème fois.
     
    Error - 21/08/2012 17:20:33 | Computer Name = FABAS | Source = Service Control Manager | ID = 7000
    Description = Le service oirijshr77d94031 n'a pas pu démarrer en raison de l'erreur*:
       %%2
     
    Error - 21/08/2012 17:20:33 | Computer Name = FABAS | Source = Service Control Manager | ID = 7000
    Description = Le service oirijshr795b6c63 n'a pas pu démarrer en raison de l'erreur*:
       %%2
     
    Error - 21/08/2012 17:44:11 | Computer Name = FABAS | Source = Service Control Manager | ID = 7000
    Description = Le service oirijshr77d94031 n'a pas pu démarrer en raison de l'erreur*:
       %%2
     
    Error - 21/08/2012 17:44:11 | Computer Name = FABAS | Source = Service Control Manager | ID = 7000
    Description = Le service oirijshr795b6c63 n'a pas pu démarrer en raison de l'erreur*:
       %%2
     
     
    < End of report >
    Leider ist das eingangs beschriebene Problem noch nicht gelöst. Der IE funktioniert immer noch nicht und die Internetoptionen lassen sich nicht öffnen.
    Geändert von Fortinbras (22.08.2012 um 01:08 Uhr)

  9. #9
    Moderator (global) Team-Mitglied Avatar von kira
    Registriert seit
    28.03.2006
    Ort
    Wien/Sprachen: Deutsch-Ungarisch
    Beiträge
    29.692

    AW: Microsoft Internet Explorer funktioniert nicht

    1.
    Achtung wichtig!:
    Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
    (Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)



    Fixen mit OTL
    • Starte die OTL.exe.
    • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
    • Kopiere folgendes Skript (unverändert - also beginnend :OTL bis zur letzten Zeile [emptytemp] (ohne "code"!):
    Code:
    :OTL
    IE - HKLM\..\SearchScopes,DefaultScope = 
    IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGIC_fr
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [emptytemp]
    • und füge es hier ein:
    • Schließe alle Programme.
    • Klicke auf den Fix Button.
    • Klick auf .
    • OTL verlangt einen Neustart. Bitte zulassen.
    • Nach dem Neustart findest Du ein Textdokument.
      Kopiere den Inhalt hier in Code-Tags in Deinen Thread.


    Zu Punkt 1.:-> http://www.hijackthis-forum.de/hijac...tml#post398389
    2.
    Wenn Die Proxy Dir nicht bekannt und nicht absichtlich eingestellt hast:
    Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis mit Rechtsklick als Administrator starten-> `Do a system scan only`--> Einträge auswählen-> Häckhen setzen-> "Fix checked"klicken->PC neu aufstarten) - fixe NUR Die von mir angegebenen Einträge!:
    HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen
    Code:
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:27811
    HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen

    3.
    Zu Punkt 2.:-> http://www.hijackthis-forum.de/hijac...tml#post398389
    mußt Du doch wissen, ob Dir bekant, oder Du zur Zone Vertrauenswürdige Sites absichtlich hinzugefügt?
    Code:
    O15 - Trusted Zone: http://*.mappy.com
    O15 - Trusted Zone: http://*.orange.fr
    O15 - Trusted Zone: http://rw.search.ke.voila.fr
    O15 - Trusted Zone: http://orange.weborama.fr
    Nämlich die hier zugefügten vollkommen zugriff auf deinen Rechner...

    Ansonsten entweder:
    Vertrauenswürdige Zone zurücksetzen

    Dieser Schritt ist optional. Du hast sehr viele Webseiten in die sog. "Vertrauenswürdige Zone" eingetragen. Dadurch haben diese Webseiten mehr oder weniger kompletten Zugang zu Deinem Rechner. Sie können alles tun, was sie möchten, ohne dass Du weiter gefragt wirst. Das könnten ausführbare Skripts sein, Installation von ActiveX-Elementen usw. Das ist keinesfalls empfehlenswert und sollte nur gemacht werden, wenn Du der Website 100% vertraust und es absolut notwendig ist, damit die Website funktioniert. Aus diesem Grund schlage vor, dass Du folgenden Schritt ausführst:

    Lade Trusted_Zonefix.zip herunter.
    • Auf den Desktop entpacken.
    • Alle anderen Anwendungen schließen, denn der PC wird automatisch neu gestartet.
    • Ordner Trusted_Zonefix öffnen,
    • Trusted_Zonefix.bat doppelklicken,
    • drücke die Taste 1 => Enter und
    • den Anweisungen auf dem Bildschirm folgen.


    oder:
    Alternativ kannst Du auch wie folgt die O15-Einträge mit HijackThis fixen:

    Einträge mit HijackThis fixen

    Bitte alle Anwendungen inkl. Browser schließen.
    Folgende Einträge mit HJT fixen (falls noch vorhanden):
    Starte HijackThis (bei Vista mit Rechtsklick als Adminstrator)
    Hijackthis solltest Du hier finden => C:\Programme\Trend Micro\HijackThis\<hijackthis> oder <Benutzername>.exe
    => Do a system scan only => mache vor folgenden Zeilen einen Haken klicke und dann "Fix checked":

    Code:
      
    O15 - Trusted Zone: http://*.mappy.com
    O15 - Trusted Zone: http://*.orange.fr
    O15 - Trusted Zone: http://rw.search.ke.voila.fr
    O15 - Trusted Zone: http://orange.weborama.fr
    Den Rechner neu starten.

    4.
    erneut einen Scan mit OTL: - ältere Logdateien löschen!
    • Doppelklick auf die OTL.exe
    • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
    • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
    • Unter Extra Registry, wähle bitte Use SafeList
    • Mache Häckchen bei LOP- und Purity-Prüfung.
    • Klicke nun auf Run Scan links oben
    • Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und extra.txt
    • Poste die Logfiles in Code-Tags hier in den Thread.


    5.
    poste erneut - nach der vorgenommenen Reinigungsaktion:
    TrendMicro™ HijackThis™ -Logfile - Keine offenen Fenster, solang bis HijackThis läuft!!
    ► Rechtsklick auf HijackThis-> "Als administrator ausführen" wählen...(Wista und WIN 7)

    ► damit ich weiß, welche Änderungen Du vorgenommen hast:
    Code:
     Berichte mir kurz über alle Umsetzungsschritte (zu jedem Punkt), die Du erledigt hast!
    Geändert von kira (22.08.2012 um 07:24 Uhr)
    Warnung!:
    Vorsicht bei Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einem Verschlüsselungs-Trojaner infiziert sein!
    Anhang nicht öffnen, in unserem Forum erst nachfragen!

    Bitte diese Warnung weitergeben, wo Du nur kannst!
    Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
    Bitte diese Warnung weitergeben, wo Du nur kannst!

  10. #10
    Einsteiger
    Registriert seit
    19.08.2012
    Beiträge
    18

    AW: Microsoft Internet Explorer funktioniert nicht

    Das Problem ist, dass es nicht mein Rechner ist. Der Besitzer ist mein Schwiegervater und er versteht nicht viel von PCs. Ich nehme an er weiss selbst nicht genau, ob er die Seiten zu den vertrauenswürdigen Seiten hinzugefügt hat. Orange ist jedenfalls der Internetanbieter hier. Daher kann man den wohl drin lassen. Das andere fixe ich mal.

    Hier das Ergebnis des OTLFixes
    Code:
    All processes killed
    ========== OTL ==========
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Configuration IP de Windows
    Cache de résolution DNS vidé.
    C:\Documents and Settings\Vincent\Bureau\cmd.bat deleted successfully.
    C:\Documents and Settings\Vincent\Bureau\cmd.txt deleted successfully.
    ========== COMMANDS ==========
     
    [EMPTYTEMP]
     
    User: All Users
     
    User: Constance
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes
     
    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes
     
    User: Elodie
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes
     
    User: Invité
    ->Temp folder emptied: 22881 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes
     
    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
     
    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
     
    User: Vincent
    ->Temp folder emptied: 276566 bytes
    ->Temporary Internet Files folder emptied: 7472771 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 52833817 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes
     
    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 22859362 bytes
    %systemroot%\System32\dllcache .tmp files removed: 12146688 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 32768 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 80768804 bytes
     
    Total Files Cleaned = 168,00 mb
     
     
    OTL by OldTimer - Version 3.2.58.1 log created on 08222012_110212
    
    Files\Folders moved on Reboot...
    File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
    
    PendingFileRenameOperations files...
    
    Registry entries deleted on Reboot...
    otlscans:
    Code:
    OTL logfile created on: 22/08/2012 12:28:47 - Run 4
    OTL by OldTimer - Version 3.2.58.1     Folder = C:\Documents and Settings\Vincent\Bureau
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
     
    958,42 Mb Total Physical Memory | 595,91 Mb Available Physical Memory | 62,18% Memory free
    2,26 Gb Paging File | 1,98 Gb Available in Paging File | 87,78% Paging File free
    Paging file location(s): c:\pagefile.sys 1440 2880 [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 465,76 Gb Total Space | 373,83 Gb Free Space | 80,26% Space Free | Partition Type: NTFS
     
    Computer Name: FABAS | User Name: Vincent | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - C:\Documents and Settings\Vincent\Bureau\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
    PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
    PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    PRC - C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    PRC - C:\Programmes pour le PC\Update checker\FileHippo.com\UpdateChecker.exe (FileHippo.com)
    PRC - C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\OrangeStats.exe ()
    PRC - C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\HSSModule.exe ()
    PRC - C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\SmsNotifier.exe ()
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (France Telecom SA)
    PRC - C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
    PRC - C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe (Nuance Communications, Inc.)
    PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
    PRC - C:\WINDOWS\system32\VTTrayp.exe (S3 Graphics Co., Ltd.)
    PRC - C:\WINDOWS\system32\VTTimer.exe (S3 Graphics, Inc.)
     
     
    ========== Modules (No Company Name) ==========
     
    MOD - C:\Program Files\AVAST Software\Avast\defs\12082100\algo.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\359fd69eb60e9844ffd497e92345178c\Microsoft.VisualBasic.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll ()
    MOD - C:\Program Files\Fichiers communs\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files\Fichiers communs\Apple\Apple Application Support\libxml2.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
    MOD - C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\OrangeStats.exe ()
    MOD - C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\HSSModule.exe ()
    MOD - C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\SmsNotifier.exe ()
    MOD - C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\ProxyDetection.dll ()
    MOD - C:\WINDOWS\system32\tsd32.dll ()
     
     
    ========== Win32 Services (SafeList) ==========
     
    SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
    SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
    SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    SRV - (Apple Mobile Device) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
    SRV - (FTRTSVC) -- C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (France Telecom SA)
    SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV - (WDICA) --  File not found
    DRV - (SetupNTGLM7X) -- D:\NTGLM7X.sys File not found
    DRV - (PDRFRAME) --  File not found
    DRV - (PDRELI) --  File not found
    DRV - (PDFRAME) --  File not found
    DRV - (PDCOMP) --  File not found
    DRV - (PCIDump) --  File not found
    DRV - (oirijshr795b6c63) -- C:\WINDOWS\system32\oirijshr795b6c63.sys File not found
    DRV - (oirijshr77d94031) -- C:\WINDOWS\system32\oirijshr77d94031.sys File not found
    DRV - (NTACCESS) -- D:\NTACCESS.sys File not found
    DRV - (MSICPL) -- D:\install4\MSICPL.sys File not found
    DRV - (lbrtfdc) --  File not found
    DRV - (i2omgmt) --  File not found
    DRV - (GMSIPCI) -- D:\INSTALL\GMSIPCI.SYS File not found
    DRV - (FETNDIS) -- system32\DRIVERS\fetnd5.sys File not found
    DRV - (Changer) --  File not found
    DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
    DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
    DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
    DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
    DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
    DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
    DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
    DRV - (ewusbnet) -- C:\WINDOWS\system32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
    DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
    DRV - (ew_hwusbdev) -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
    DRV - (ew_usbenumfilter) -- C:\WINDOWS\system32\drivers\ew_usbenumfilter.sys (Huawei Technologies Co., Ltd.)
    DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
    DRV - (PCANDIS5) -- C:\WINDOWS\system32\pcandis5.sys (Printing Communications Assoc., Inc. (PCAUSA))
    DRV - (xfilt) -- C:\WINDOWS\system32\drivers\xfilt.sys (VIA Technologies,Inc)
    DRV - (videX32) -- C:\WINDOWS\system32\drivers\videX32.sys (VIA Technologies, Inc.)
    DRV - (PCAMPR5) -- C:\WINDOWS\system32\pcampr5.sys (Printing Communications Assoc., Inc. (PCAUSA))
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = 
    IE - HKLM\..\SearchScopes,DefaultScope = 
     
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = 
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = 
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
    IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGIC_fr
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
    ========== FireFox ==========
     
    FF - prefs.js..browser.search.defaultenginename: "Google"
    FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.google.fr"
    FF - user.js - File not found
     
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Documents and Settings\Vincent\Mes documents\Picasa2\npPicasa2.dll File not found
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Documents and Settings\Vincent\Mes documents\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
     
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/10/15 15:41:25 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/08/15 16:59:26 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/19 20:36:26 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/19 20:40:54 | 000,000,000 | ---D | M]
     
    [2008/08/31 20:36:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vincent\Application Data\Mozilla\Extensions
    [2012/08/21 23:00:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\a7iuqv3o.default\extensions
    [2007/12/07 12:55:10 | 000,000,000 | ---D | M] (Metal Lion - Vista) -- C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\a7iuqv3o.default\extensions\{1AF3FC34-0725-4485-A939-6B40EB7CA96A}
    [2011/06/09 15:05:36 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\a7iuqv3o.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2009/02/06 21:07:39 | 000,000,000 | ---D | M] (Forecastbar Enhanced) -- C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\a7iuqv3o.default\extensions\{3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}
    [2012/05/21 10:29:43 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\a7iuqv3o.default\extensions\en-US@dictionaries.addons.mozilla.org
    [2009/02/04 15:19:03 | 000,000,000 | ---D | M] (Dictionnaire HunSpell en Français (réforme 1990)) -- C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\a7iuqv3o.default\extensions\fr@dictionaries.addons.mozilla.org
    [2009/02/04 15:19:03 | 000,000,000 | ---D | M] (Dictionnaire HunSpell en Français) -- C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\a7iuqv3o.default\extensions\fr-FR@dictionaries.addons.mozilla.org
    [2010/01/10 12:29:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\suite.User0\extensions
    [2010/07/03 17:59:47 | 000,001,137 | ---- | M] () -- C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\a7iuqv3o.default\searchplugins\orange.xml
    [2011/11/11 12:59:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/10/26 23:27:59 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012/07/19 12:02:46 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/08/19 20:23:13 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
     
    ========== Chrome  ==========
     
    CHR - homepage: http://www.google.com
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com
    CHR - Extension: Skype Click to Call = C:\Documents and Settings\Vincent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
     
    O1 HOSTS File: ([2008/02/03 16:23:14 | 000,224,387 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1       localhost
    O1 - Hosts: 127.0.0.1	007guard.com
    O1 - Hosts: 127.0.0.1	www.007guard.com
    O1 - Hosts: 127.0.0.1	008i.com
    O1 - Hosts: 127.0.0.1	008k.com
    O1 - Hosts: 127.0.0.1	www.008k.com
    O1 - Hosts: 127.0.0.1	00hq.com
    O1 - Hosts: 127.0.0.1	www.00hq.com
    O1 - Hosts: 127.0.0.1	010402.com
    O1 - Hosts: 127.0.0.1	032439.com
    O1 - Hosts: 127.0.0.1	www.032439.com
    O1 - Hosts: 127.0.0.1	1001-search.info
    O1 - Hosts: 127.0.0.1	www.1001-search.info
    O1 - Hosts: 127.0.0.1	100888290cs.com
    O1 - Hosts: 127.0.0.1	www.100888290cs.com
    O1 - Hosts: 127.0.0.1	100sexlinks.com
    O1 - Hosts: 127.0.0.1	www.100sexlinks.com
    O1 - Hosts: 127.0.0.1	10sek.com
    O1 - Hosts: 127.0.0.1	www.10sek.com
    O1 - Hosts: 127.0.0.1	123topsearch.com
    O1 - Hosts: 127.0.0.1	www.123topsearch.com
    O1 - Hosts: 127.0.0.1	132.com
    O1 - Hosts: 127.0.0.1	www.132.com
    O1 - Hosts: 127.0.0.1	136136.net
    O1 - Hosts: 127.0.0.1	www.136136.net
    O1 - Hosts: 7873 more lines...
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [Start_HSSModule] C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\HSSModule.exe ()
    O4 - HKLM..\Run: [Start_SMSNotifier] C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\SmsNotifier.exe ()
    O4 - HKLM..\Run: [Start_Statistics] C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\OrangeStats.exe ()
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
    O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTTrayp.exe (S3 Graphics Co., Ltd.)
    O4 - HKCU..\Run: [FileHippo.com] C:\Programmes pour le PC\Update checker\FileHippo.com\UpdateChecker.exe (FileHippo.com)
    O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    O4 - Startup: C:\Documents and Settings\Vincent\Menu Démarrer\Programmes\Démarrage\Barre d'Outils Olitec.lnk =  File not found
    O4 - Startup: C:\Documents and Settings\Vincent\Menu Démarrer\Programmes\Démarrage\Moniteur Fax-Voix.lnk =  File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: &Envoyer à OneNote - res://C:\PROGRA~1\MI1933~1\Office14\ONBttnIE.dll/105 File not found
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm File not found
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx File not found
    O8 - Extra context menu item: ajouter cette page à vos favoris Orange - C:\DOCUME~1\Vincent\LOCALS~1\Temp\cce40.html File not found
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office14\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?faf8de032e55463b9014127d42c39933 File not found
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?faf8de032e55463b9014127d42c39933 File not found
    O8 - Extra context menu item: traduire la page - C:\DOCUME~1\Vincent\LOCALS~1\Temp\cce3E.html File not found
    O8 - Extra context menu item: traduire le texte sélectionné - C:\DOCUME~1\Vincent\LOCALS~1\Temp\cce3F.html File not found
    O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll File not found
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab (MSN Photo Upload Tool)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1345594268500 (WUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A71C3778-88E0-4270-A926-2629FA2CED92}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A71C3778-88E0-4270-A926-2629FA2CED92}: NameServer = 80.10.246.1,81.253.149.10
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Fond d'écran.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Fond d'écran.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/06/25 12:47:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{b473a04e-b08d-11e0-9787-0019db85e0d8}\Shell\AutoRun\command - "" = E:\Menu.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (stera)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2012/08/22 10:58:47 | 000,272,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
    [2012/08/22 10:47:22 | 000,000,000 | ---D | C] -- C:\4fc5a0b49ac9a343dc0e71440c153228
    [2012/08/22 02:22:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
    [2012/08/22 02:15:42 | 002,000,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
    [2012/08/22 02:15:42 | 000,629,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
    [2012/08/22 02:15:41 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
    [2012/08/22 02:15:41 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
    [2012/08/22 02:15:34 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
    [2012/08/22 02:15:08 | 002,194,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
    [2012/08/22 02:15:08 | 002,150,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
    [2012/08/22 02:15:08 | 002,028,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
    [2012/08/22 02:15:07 | 002,071,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
    [2012/08/22 02:12:26 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
    [2012/08/21 23:41:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Vincent\Recent
    [2012/08/21 23:00:07 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012/08/21 13:37:57 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/08/21 13:33:56 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Vincent\Bureau\TDSSKiller.exe
    [2012/08/20 17:42:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
    [2012/08/20 11:51:40 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Vincent\Bureau\OTL.exe
    [2012/08/20 10:43:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincent\Application Data\Malwarebytes
    [2012/08/20 10:42:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2012/08/20 10:42:56 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2012/08/20 10:42:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/08/19 20:41:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincent\Menu Démarrer\Programmes\HiJackThis
    [2012/08/19 20:41:56 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2012/08/19 20:36:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\QuickTime
    [2012/08/19 20:34:54 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2012/08/19 20:24:01 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\xing shared
    [2012/08/19 20:23:26 | 000,198,864 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
    [2012/08/19 20:23:06 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
    [2012/08/19 20:23:06 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
    [2012/08/19 20:23:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\RealNetworks
    [2012/08/18 13:49:42 | 000,000,000 | ---D | C] -- C:\1c4635c3ae739366f51af23775
    [2012/08/18 13:46:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Google Earth
    [2012/08/18 13:35:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\iTunes
    [2012/08/18 13:29:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2012/08/18 13:29:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2012/08/18 13:29:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2012/08/18 13:27:28 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
    [2012/08/18 13:25:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
    [2012/08/18 13:24:22 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2012/08/18 13:09:46 | 000,018,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
    [2012/08/18 13:04:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincent\Mes documents\Google
    [2012/08/18 13:01:02 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Skype
    [2012/08/18 13:01:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Skype
    [2012/08/18 11:14:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincent\Menu Démarrer\Programmes\Revo Uninstaller
    [2012/08/18 11:14:38 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
    [2012/08/18 11:02:43 | 000,000,000 | ---D | C] -- C:\bc23e1cc69b7e9e6506cb086d6
    [2012/08/18 10:56:03 | 000,000,000 | ---D | C] -- C:\77aad79fdb21565822ca1c6024a3be04
    [2012/08/17 16:43:00 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Vincent\PrivacIE
    [2012/08/17 16:40:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\CCleaner
    [2012/08/17 16:40:44 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2012/08/16 11:38:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincent\Local Settings\Application Data\Sun
    [2012/08/16 11:32:50 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Vincent\IETldCache
    [2012/08/16 11:32:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincent\Menu Démarrer\Programmes\Accessories
    [2012/08/15 19:52:22 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
    [2012/08/15 19:52:22 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
    [2012/08/15 19:52:21 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
    [2012/08/15 19:48:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincent\Menu Démarrer\Programmes\WinRAR
    [2012/08/15 19:48:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WinRAR
    [2012/08/15 19:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
    [2012/08/15 19:46:33 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
    [2012/08/15 19:46:33 | 000,746,984 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
    [2012/08/15 19:46:33 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
    [2012/08/15 19:46:20 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
    [2012/08/15 19:46:20 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
    [2012/08/15 19:46:20 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
    [2012/08/07 13:46:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincent\Application Data\OpenOffice.org
    [2012/08/07 13:43:36 | 000,000,000 | ---D | C] -- C:\Programmes pour le PC
    [2012/08/07 13:36:41 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\OpenOffice.org 3.4
    [2012/08/07 13:29:27 | 000,000,000 | ---D | C] -- C:\Programmes d'ecrire
    [2012/08/02 16:06:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\CampBrain 5 Trial
    [2012/08/02 16:06:30 | 000,000,000 | ---D | C] -- C:\Program Files\CampBrain5 Trial
    [2012/08/02 16:06:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CampBrain5
    [2012/08/02 16:06:30 | 000,000,000 | ---D | C] -- C:\CampBrain Database
    [2012/08/02 16:01:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincent\Local Settings\Application Data\Downloaded Installations
    [2012/08/01 20:41:52 | 000,000,000 | ---D | C] -- C:\Campingsoftware
    [2012/07/26 19:28:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Screentime
    [2012/07/26 19:28:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincent\Local Settings\Application Data\Screentime
     
    ========== Files - Modified Within 30 Days ==========
     
    [2012/08/22 12:27:28 | 000,002,451 | ---- | M] () -- C:\Documents and Settings\Vincent\Bureau\HiJackThis.lnk
    [2012/08/22 12:25:52 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
    [2012/08/22 12:25:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/08/22 11:48:15 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2012/08/22 11:15:23 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2012/08/22 10:54:05 | 1005,076,480 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
    [2012/08/21 13:55:36 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes Anti-Malware.lnk
    [2012/08/21 13:54:35 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Picasa 3.lnk
    [2012/08/21 13:53:17 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2012/08/21 13:53:17 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2012/08/21 13:27:56 | 000,089,088 | ---- | M] () -- C:\WINDOWS\System32\mbr.exe
    [2012/08/21 13:25:00 | 000,001,000 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
    [2012/08/20 18:55:22 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/08/20 17:42:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2012/08/20 17:33:26 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Vincent\Bureau\TDSSKiller.exe
    [2012/08/20 11:51:39 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vincent\Bureau\OTL.exe
    [2012/08/19 20:23:26 | 000,198,864 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
    [2012/08/19 20:23:06 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
    [2012/08/19 20:23:06 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
    [2012/08/19 20:23:04 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
    [2012/08/18 17:41:29 | 000,501,472 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
    [2012/08/18 17:41:29 | 000,433,328 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012/08/18 17:41:29 | 000,081,514 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
    [2012/08/18 17:41:29 | 000,068,284 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2012/08/18 17:31:19 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\Vincent\Application Data\Launch Internet Explorer Browser.lnk
    [2012/08/18 13:46:27 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Google*Earth.lnk
    [2012/08/18 13:09:31 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
    [2012/08/18 13:09:31 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
    [2012/08/18 13:06:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/08/18 11:14:39 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Vincent\Bureau\Revo Uninstaller.lnk
    [2012/08/17 16:40:50 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\CCleaner.lnk
    [2012/08/15 19:45:40 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
    [2012/08/15 19:45:30 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
    [2012/08/15 19:45:30 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
    [2012/08/15 19:45:29 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
    [2012/08/15 19:45:29 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
    [2012/08/15 19:45:26 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
    [2012/08/15 19:45:26 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
    [2012/08/15 19:23:51 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
    [2012/08/15 16:59:39 | 000,003,120 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2012/08/15 15:21:26 | 000,047,111 | ---- | M] () -- C:\Documents and Settings\Vincent\Bureau\planning réservation.odt
    [2012/08/07 23:13:49 | 000,017,819 | ---- | M] () -- C:\Documents and Settings\Vincent\Bureau\TOASTMARIAGEFRANCAIS.odt
    [2012/08/07 19:30:50 | 000,307,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/08/07 13:44:07 | 000,001,869 | ---- | M] () -- C:\Documents and Settings\Vincent\Bureau\Update Checker.lnk
    [2012/08/07 13:36:47 | 000,000,887 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\OpenOffice.org 3.4.lnk
    [2012/08/02 16:06:43 | 000,001,693 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\CampBrain 5 Trial.lnk
     
    ========== Files Created - No Company Name ==========
     
    [2012/08/22 12:23:03 | 000,005,981 | ---- | C] () -- C:\Documents and Settings\Vincent\Bureau\Trusted_Zonefix.bat
    [2012/08/22 02:20:37 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
    [2012/08/21 13:54:35 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Picasa 3.lnk
    [2012/08/21 13:28:01 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\mbr.exe
    [2012/08/20 10:43:00 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes Anti-Malware.lnk
    [2012/08/19 20:41:57 | 000,002,451 | ---- | C] () -- C:\Documents and Settings\Vincent\Bureau\HiJackThis.lnk
    [2012/08/18 17:31:19 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\Vincent\Application Data\Launch Internet Explorer Browser.lnk
    [2012/08/18 17:31:18 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Vincent\Menu Démarrer\Programmes\Internet Explorer.lnk
    [2012/08/18 13:46:27 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Google*Earth.lnk
    [2012/08/18 13:27:31 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2012/08/18 13:27:30 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Apple Software Update.lnk
    [2012/08/18 13:09:27 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Vincent\Menu Démarrer\Programmes\Windows Media Player.lnk
    [2012/08/18 12:09:31 | 001,207,126 | ---- | C] () -- C:\WINDOWS\System32\Spender.bmp
    [2012/08/18 12:09:31 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\GkSui18.EXE
    [2012/08/18 12:09:31 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\gksl_ger.dll
    [2012/08/18 12:09:31 | 000,000,970 | ---- | C] () -- C:\WINDOWS\System32\Spender.NTP
    [2012/08/18 11:14:39 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Vincent\Bureau\Revo Uninstaller.lnk
    [2012/08/17 16:40:50 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\CCleaner.lnk
    [2012/08/15 19:23:50 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
    [2012/08/15 16:59:36 | 000,000,316 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
    [2012/08/07 23:13:48 | 000,017,819 | ---- | C] () -- C:\Documents and Settings\Vincent\Bureau\TOASTMARIAGEFRANCAIS.odt
    [2012/08/07 13:44:07 | 000,001,875 | ---- | C] () -- C:\Documents and Settings\Vincent\Menu Démarrer\Programmes\Update Checker.lnk
    [2012/08/07 13:44:07 | 000,001,869 | ---- | C] () -- C:\Documents and Settings\Vincent\Bureau\Update Checker.lnk
    [2012/08/07 13:36:47 | 000,000,887 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\OpenOffice.org 3.4.lnk
    [2012/08/02 16:06:43 | 000,001,693 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\CampBrain 5 Trial.lnk
    [2012/02/15 03:43:30 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2011/07/19 21:37:37 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI
    [2011/04/21 12:36:45 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2011/04/19 16:32:28 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\StrStorage.dll
    [2008/02/26 15:02:45 | 000,038,400 | ---- | C] () -- C:\Documents and Settings\Vincent\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
     
    ========== LOP Check ==========
     
    [2011/08/30 10:27:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2012/08/02 16:06:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CampBrain5
    [2008/04/14 15:23:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
    [2010/02/07 13:58:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
    [2010/06/25 12:52:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
    [2010/06/23 15:28:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cegid
    [2012/03/23 13:32:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Orange
    [2008/04/14 15:27:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
    [2012/07/26 19:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Screentime
    [2012/03/23 13:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2009/06/13 14:55:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
    [2012/08/15 20:03:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2012/08/18 13:34:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/06/13 14:46:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2011/08/31 18:58:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincent\Application Data\Canon
    [2007/09/03 16:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincent\Application Data\CopyToDvd
    [2007/07/14 14:12:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincent\Application Data\Leadertech
    [2012/08/07 13:46:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincent\Application Data\OpenOffice.org
    [2008/04/14 15:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincent\Application Data\ScanSoft
    [2007/08/12 13:05:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincent\Application Data\Thunderbird
    [2012/07/11 16:33:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincent\Application Data\Vso
    [2009/06/13 15:02:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincent\Application Data\WindSolutions
    [2012/08/22 12:25:52 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job
     
    ========== Purity Check ==========
     
     
    
    < End of report >
    Code:
    OTL Extras logfile created on: 22/08/2012 12:28:47 - Run 4
    OTL by OldTimer - Version 3.2.58.1     Folder = C:\Documents and Settings\Vincent\Bureau
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
     
    958,42 Mb Total Physical Memory | 595,91 Mb Available Physical Memory | 62,18% Memory free
    2,26 Gb Paging File | 1,98 Gb Available in Paging File | 87,78% Paging File free
    Paging file location(s): c:\pagefile.sys 1440 2880 [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 465,76 Gb Total Space | 373,83 Gb Free Space | 80,26% Space Free | Partition Type: NTFS
     
    Computer Name: FABAS | User Name: Vincent | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Extra Registry (SafeList) ==========
     
     
    ========== File Associations ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
     
    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found
     
    ========== Shell Spawning ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
    https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
     
    ========== Security Center Settings ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "UpdatesDisableNotify" = 0
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
     
    ========== System Restore Settings ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2
     
    ========== Firewall Settings ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
     
    ========== Authorized Applications List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
    "C:\Documents and Settings\Invité\Bureau\freezer v1.4 fr\freezer.exe" = C:\Documents and Settings\Invité\Bureau\freezer v1.4 fr\freezer.exe:*:Disabled:freezer -- ()
    "C:\Program Files\Inventel\Gateway\RGWRepair.exe" = C:\Program Files\Inventel\Gateway\RGWRepair.exe:*:Enabled:RGWRepair -- (Inventel)
    "C:\Program Files\Orange\Connexion Internet Orange\Connectivity\ConnectivityManager.exe" = C:\Program Files\Orange\Connexion Internet Orange\Connectivity\ConnectivityManager.exe:*:enabled:CSS -- (France Telecom SA)
    "C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Disabled:Google Earth -- (Google)
    "C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Disabled:VLC media player -- ()
    "C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Disabled:Google Earth -- (Google)
    "C:\Program Files\Fichiers communs\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Fichiers communs\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
     
     
    ========== HKEY_LOCAL_MACHINE Uninstall List ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0385C7DF-4461-48A0-902C-9B98283B1F7B}" = Cegid Business Line Premium
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
    "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
    "{1292B4A7-C072-413A-B1D0-A1BE7FB516B9}" = Google SketchUp 8
    "{133742BA-6F46-4D3E-85AF-78631D9AD8B8}" = Installation Windows Live
    "{1EE04769-91C4-4A06-92B7-FCAFE6BABDD9}" = Galerie de photos Windows Live
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
    "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83217006FF}" = Java 7 Update 6
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google*Earth
    "{2F90A789-DD1E-41CE-BFCA-BD78213BABC7}" = OpenOffice.org 3.4
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
    "{3C683090-85C1-4130-BAF7-031E281911A6}" = CampBrain 5.3 Trial Version
    "{416DFEDD-9F1B-4EFC-AF70-FCA891AE0251}" = Adobe InDesign CS
    "{445B183D-F4F1-45C8-B9DB-F11355CA657B}" = Windows Live Messenger
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{4634B21A-CC07-4396-890C-2B8168661FEA}" = Windows Live Writer
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
    "{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
    "{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
    "{76810709-A7D3-468D-9167-A1780C1E766C}" = Windows Live FolderShare
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{83DFACEB-59B2-4981-B50B-2432255F33A3}" = Cegid Business Line Documentation
    "{870F1750-BA89-11DA-A94D-0800200C9A66}_is1" = VSO CopyToDVD 4
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
    "{9011040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9AEE1212-3B26-41D0-8327-DBC8FDE045E2}" = Cegid Business Line Structure de référence
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9FF9FDF7-F84A-4F99-B4BB-066B6F95F33D}" = Windows Live Contrôle parental
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A476A77A-F849-4EF3-BDE8-F437669D7563}" = Cegid Business Line fichier de connexion
    "{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Edition Découverte 3.2
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{AC76BA86-7AD7-1036-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Français
    "{B3B487E7-6171-4376-9074-B28082CEB504}" = Windows Live Call
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}" = Assistant de connexion Windows Live
    "{D6038E8E-9025-481D-B4D2-E7CE05305BD3}" = Cegid Business Line
    "{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{EF106010-14E3-4F84-9962-4AC68AA0968B}" = Cegid Expert Run Time CBP
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
    "{FE19C975-AFC8-44A4-85FA-6DBAD247687D}" = Orange Clé 3G+
    "{ORAHSS}.UninstallSuite" = Orange - Logiciels Internet
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Photoshop 5.0" = Adobe Photoshop 5.0
    "Adobe® Photoshop® Album Edition Découverte 3.2" = Adobe® Photoshop® Album Edition Découverte 3.2
    "avast" = avast! Free Antivirus
    "CANONIJPLM100" = PIXMA Extended Survey Program
    "CanonMyPrinter" = Canon My Printer
    "CanonSolutionMenu" = Canon Utilities Solution Menu
    "CCleaner" = CCleaner
    "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
    "FileHippo.com" = FileHippo.com Update Checker
    "Google Desktop" = Google Desktop
    "Google Updater" = Outil de mise à jour Google
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
    "IrfanView" = IrfanView (remove only)
    "MailNotifier" = Notification Mail
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox 14.0.1 (x86 fr)" = Mozilla Firefox 14.0.1 (x86 fr)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MSNINST" = MSN
    "Picasa 3" = Picasa 3
    "RealPlayer 15.0" = RealPlayer
    "Revo Uninstaller" = Revo Uninstaller 1.94
    "VIA/S3G UniChrome Family Win2K/XP/Server2003 Display" = VIA/S3G Display Driver 6.14.10.0297
    "VLC media player" = VLC media player 2.0.3
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "WinLiveSuite_Wave3" = Installation Windows Live
    "WinRAR archiver" = WinRAR 4.20 (32-bit)
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
     
    ========== HKEY_CURRENT_USER Uninstall List ==========
     
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "CopyTrans Suite" = CopyTrans Suite désinstallation uniquement
     
    ========== Last 20 Event Log Errors ==========
     
    [ Antivirus Events ]
    Error - 19/07/2011 05:18:55 | Computer Name = FABAS | Source = avast! | ID = 33554522
    Description = 
     
    Error - 19/07/2011 05:18:55 | Computer Name = FABAS | Source = avast! | ID = 33554522
    Description = 
     
    Error - 28/07/2011 14:33:39 | Computer Name = FABAS | Source = avast! | ID = 33554522
    Description = 
     
    Error - 28/07/2011 14:33:39 | Computer Name = FABAS | Source = avast! | ID = 33554522
    Description = 
     
    Error - 28/07/2011 14:33:39 | Computer Name = FABAS | Source = avast! | ID = 33554522
    Description = 
     
    Error - 28/07/2011 14:33:45 | Computer Name = FABAS | Source = avast! | ID = 33554522
    Description = 
     
    Error - 02/08/2011 08:11:10 | Computer Name = FABAS | Source = avast! | ID = 33554522
    Description = 
     
    Error - 02/08/2011 08:11:11 | Computer Name = FABAS | Source = avast! | ID = 33554522
    Description = 
     
    Error - 26/08/2011 15:05:39 | Computer Name = FABAS | Source = avast! | ID = 33554522
    Description = 
     
    Error - 30/08/2011 04:28:41 | Computer Name = FABAS | Source = avast! | ID = 33554522
    Description = 
     
    [ Application Events ]
    Error - 19/08/2012 11:35:33 | Computer Name = FABAS | Source = crypt32 | ID = 131083
    Description = Échec de l'extraction de la liste racine tierce partie depuis le fichier
     CAB de mise à jour automatique à : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
     avec l'erreur : Un certificat requis n'est pas dans sa période de validité selon
     la vérification par rapport à l'horloge système en cours ou le tampon daté dans
     le fichier signé.  
     
    Error - 19/08/2012 11:35:33 | Computer Name = FABAS | Source = crypt32 | ID = 131080
    Description = Échec de la récupération de la mise à jour automatique du numéro de
     séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
     avec l'erreur : Cette connexion réseau n'existe pas.  
     
    Error - 19/08/2012 11:37:08 | Computer Name = FABAS | Source = crypt32 | ID = 131083
    Description = Échec de l'extraction de la liste racine tierce partie depuis le fichier
     CAB de mise à jour automatique à : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
     avec l'erreur : Un certificat requis n'est pas dans sa période de validité selon
     la vérification par rapport à l'horloge système en cours ou le tampon daté dans
     le fichier signé.  
     
    Error - 19/08/2012 11:37:09 | Computer Name = FABAS | Source = crypt32 | ID = 131080
    Description = Échec de la récupération de la mise à jour automatique du numéro de
     séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
     avec l'erreur : A connection with the server could not be established  
     
    Error - 19/08/2012 11:39:07 | Computer Name = FABAS | Source = crypt32 | ID = 131083
    Description = Échec de l'extraction de la liste racine tierce partie depuis le fichier
     CAB de mise à jour automatique à : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
     avec l'erreur : Un certificat requis n'est pas dans sa période de validité selon
     la vérification par rapport à l'horloge système en cours ou le tampon daté dans
     le fichier signé.  
     
    Error - 19/08/2012 11:39:08 | Computer Name = FABAS | Source = crypt32 | ID = 131080
    Description = Échec de la récupération de la mise à jour automatique du numéro de
     séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
     avec l'erreur : A connection with the server could not be established  
     
    Error - 19/08/2012 14:15:37 | Computer Name = FABAS | Source = crypt32 | ID = 131083
    Description = Échec de l'extraction de la liste racine tierce partie depuis le fichier
     CAB de mise à jour automatique à : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
     avec l'erreur : Un certificat requis n'est pas dans sa période de validité selon
     la vérification par rapport à l'horloge système en cours ou le tampon daté dans
     le fichier signé.  
     
    Error - 19/08/2012 14:15:38 | Computer Name = FABAS | Source = crypt32 | ID = 131080
    Description = Échec de la récupération de la mise à jour automatique du numéro de
     séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
     avec l'erreur : A connection with the server could not be established  
     
    Error - 19/08/2012 14:18:46 | Computer Name = FABAS | Source = crypt32 | ID = 131083
    Description = Échec de l'extraction de la liste racine tierce partie depuis le fichier
     CAB de mise à jour automatique à : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
     avec l'erreur : Un certificat requis n'est pas dans sa période de validité selon
     la vérification par rapport à l'horloge système en cours ou le tampon daté dans
     le fichier signé.  
     
    Error - 19/08/2012 14:18:47 | Computer Name = FABAS | Source = crypt32 | ID = 131080
    Description = Échec de la récupération de la mise à jour automatique du numéro de
     séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
     avec l'erreur : A connection with the server could not be established  
     
    [ System Events ]
    Error - 22/08/2012 05:02:15 | Computer Name = FABAS | Source = Service Control Manager | ID = 7031
    Description = Le service Apple Mobile Device s'est terminé de manière inattendue.
     Ceci s'est produit 1 fois. L'action corrective suivante va être effectuée dans 
    60000 millisecondes*: Redémarrer le service.
     
    Error - 22/08/2012 05:02:15 | Computer Name = FABAS | Source = Service Control Manager | ID = 7034
    Description = Le service Service Bonjour s'est terminé de façon inattendue pour 
    la 1ème fois.
     
    Error - 22/08/2012 05:02:15 | Computer Name = FABAS | Source = Service Control Manager | ID = 7034
    Description = Le service France Telecom Routing Table Service s'est terminé de façon
     inattendue pour la 1ème fois.
     
    Error - 22/08/2012 05:02:17 | Computer Name = FABAS | Source = Service Control Manager | ID = 7034
    Description = Le service Java Quick Starter s'est terminé de façon inattendue pour
     la 1ème fois.
     
    Error - 22/08/2012 05:02:20 | Computer Name = FABAS | Source = Service Control Manager | ID = 7034
    Description = Le service Service de l’iPod s'est terminé de façon inattendue pour
     la 1ème fois.
     
    Error - 22/08/2012 05:02:25 | Computer Name = FABAS | Source = Windows Update Agent | ID = 20
    Description = Échec de l'installation*: l'installation de la mise à jour suivante
     a échoué avec l'erreur 0x80070001*: Mise à jour de sécurité pour Windows XP (KB2698365).
     
    Error - 22/08/2012 05:21:11 | Computer Name = FABAS | Source = Service Control Manager | ID = 7000
    Description = Le service oirijshr77d94031 n'a pas pu démarrer en raison de l'erreur*:
       %%2
     
    Error - 22/08/2012 05:21:11 | Computer Name = FABAS | Source = Service Control Manager | ID = 7000
    Description = Le service oirijshr795b6c63 n'a pas pu démarrer en raison de l'erreur*:
       %%2
     
    Error - 22/08/2012 06:25:45 | Computer Name = FABAS | Source = Service Control Manager | ID = 7000
    Description = Le service oirijshr77d94031 n'a pas pu démarrer en raison de l'erreur*:
       %%2
     
    Error - 22/08/2012 06:25:45 | Computer Name = FABAS | Source = Service Control Manager | ID = 7000
    Description = Le service oirijshr795b6c63 n'a pas pu démarrer en raison de l'erreur*:
       %%2
     
     
    < End of report >
    Und hier das neue Logfile:

    Code:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:48:26, on 22/08/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
    C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\OrangeStats.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\SmsNotifier.exe
    C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\HSSModule.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Real\RealPlayer\update\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Programmes pour le PC\Update checker\FileHippo.com\UpdateChecker.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [Start_Statistics] C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\OrangeStats.exe
    O4 - HKLM\..\Run: [Start_SMSNotifier] C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\SmsNotifier.exe
    O4 - HKLM\..\Run: [Start_HSSModule] C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\HSSModule.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe"  -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [FileHippo.com] "C:\Programmes pour le PC\Update checker\FileHippo.com\UpdateChecker.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Barre d'Outils Olitec.lnk = C:\OLIFAXVX\TOOLBAR.EXE
    O4 - Startup: Moniteur Fax-Voix.lnk = C:\OLIFAXVX\MONITEUR.EXE
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: &Envoyer à OneNote - res://C:\PROGRA~1\MI1933~1\Office14\ONBttnIE.dll/105
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: ajouter cette page à vos favoris Orange - C:\DOCUME~1\Vincent\LOCALS~1\Temp\cce40.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?faf8de032e55463b9014127d42c39933
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?faf8de032e55463b9014127d42c39933
    O8 - Extra context menu item: traduire la page - C:\DOCUME~1\Vincent\LOCALS~1\Temp\cce3E.html
    O8 - Extra context menu item: traduire le texte sélectionné - C:\DOCUME~1\Vincent\LOCALS~1\Temp\cce3F.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A71C3778-88E0-4270-A926-2629FA2CED92}: NameServer = 80.10.246.1,81.253.149.10
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - Unknown owner - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Service Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
    O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
    O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
    
    --
    End of file - 12901 bytes
    Also der Internetexplorer läuft wieder


    Die Internetoptionen kann ich aber immer noch nicht öffnen. Weder im Browser, noch im Sicherheitscenter.
    Geändert von Fortinbras (25.08.2012 um 18:22 Uhr)

Seite 1 von 2 12 LetzteLetzte

Aktive Benutzer

Aktive Benutzer

Aktive Benutzer in diesem Thema: 1 (Registrierte Benutzer: 0, Gäste: 1)

Ähnliche Themen

  1. Svconr - Internet Explorer funktioniert nicht mehr
    Von Schmerenbeck im Forum Vista-Archiv
    Antworten: 5
    Letzter Beitrag: 23.05.2008, 14:59
  2. Internet Explorer funktioniert nicht mehr
    Von jensbolm im Forum Vista-Archiv
    Antworten: 40
    Letzter Beitrag: 16.01.2008, 09:09
  3. Internet Explorer funktioniert nicht
    Von lumana im Forum Archiv
    Antworten: 9
    Letzter Beitrag: 27.06.2007, 15:06
  4. Antworten: 5
    Letzter Beitrag: 19.05.2006, 00:04
  5. vv2.s13.topx... Internet Explorer funktioniert nicht
    Von Unregistriert im Forum Archiv
    Antworten: 1
    Letzter Beitrag: 17.01.2005, 21:29

Berechtigungen

  • Neue Themen erstellen: Nein
  • Themen beantworten: Nein
  • Anhänge hochladen: Nein
  • Beiträge bearbeiten: Nein
  •