Rapport de ZHPDiag v2013.4.16.93 par Nicolas Coolman, Update du 16/04/2013
Run by Administrateur at 17/04/2013 14:31:49
State : Version à jour.
WhiteList : Disable
High Elevated Privileges : OK
UAC : Activate by user


---\\ Web Browser
MSIE: Internet Explorer v10.0.9200.16540 (Defaut)
MFIE: Mozilla Firefox 20.0.1 v20.0.1

---\\ Windows Product Information
~ Langage: Français
Windows 7 Business Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, RETAIL channel
Windows ID Activation : OK
~ Windows Partial Key : 64DB9
Windows License : OK
~ Windows Remaining Initializations Number : 4
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System Protection
Windows Defender W7

---\\ System Optimizer
CCleaner v3.22

---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 7

---\\ System Information
~ Processor: AMD64 Family 16 Model 5 Stepping 2, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4095 MB (57% free)
System Restore: Activé (Enable)
System drive C: has 39 GB (17%) free of 223 GB

---\\ Logged in mode
~ Computer Name: POSTE-01
~ User Name: Administrateur
~ All Users Names: Utilisateur, Administrateur, 
~ Unselected Option: None
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\Administrateur\AppData\Roaming\
~ %Desktop% : C:\Users\Administrateur\Desktop\
~ %Favorites% : C:\Users\Administrateur\Favorites\
~ %LocalAppData% : C:\Users\Administrateur\AppData\Local\
~ %StartMenu% : C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 39 Go of 223 Go)
D:\ CD-ROM drive (Not Inserted)
E:\ Hard drive, Flash drive, Thumb drive (Free 6 Go of 10 Go)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime :  OK
~ Security Center:  Scanned in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.753C0848AE7872A3F59663078A517293] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.21/02/2013 - 11:15:07.) -- C:\Windows\System32\wininet.dll [2240512]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B8965FB53551B5455630A4B804D0791F] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.02/03/2013 - 07:04:53.) -- C:\Windows\system32\Drivers\ntfs.sys [1655656]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 12:06:41.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes Favoris (My Favorites) : 1/26
~ Mon Bureau (My Desktop) : 1/42
~ Menu demarrer (Programs) : 1/22
~ Hidden Files:  Scanned in 00mn 00s



---\\ Processus lancés
[MD5.B915C68B27BD4DB3B951433F36AFFE89] - (.Symantec Corporation - Symantec AntiVirus.) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe   [50544] [PID.3076]
[MD5.6469DCC4F1BBA064B4A555ACD2606566] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe   [2363392] [PID.4376]
[MD5.6CBEC289086EC51A263DA1413FF4208F] - (.Logitech Inc. - Logitech Webcam Software.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe   [165208] [PID.4180]
[MD5.187A956FB8F79DB449A28A0D08657EFF] - (.Symantec Corporation - Symantec User Session.) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe   [115560] [PID.552]
[MD5.A173F081B63A5320C673BA11583A4E96] - (.Pas de propriétaire - RegTool MFC Application.) -- C:\Program Files (x86)\Gemalto\Classic Client\BIN\RegTool.exe   [861696] [PID.5080]
[MD5.18BD24CFEF0B4683EA1084613B16F44D] - (.Nuance Communications, Inc. - PdfPro7Hook.exe.) -- C:\Program Files (x86)\Nuance\eCopy PDF Pro Office\PdfPro7Hook.exe   [1787752] [PID.3496]
[MD5.6C6BA2B63D0FF13BF4484EF83747BD03] - (.Brother Industries, Ltd. - BrnIPMon.) -- C:\Program Files (x86)\Brownie\Brnipmon.exe   [222512] [PID.3888]
[MD5.27F8BF031D9332C9C02AE8C1357185B3] - (...) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe   [168792] [PID.4752]
[MD5.723FCCFC592E5A022BD7FFC87B55AE91] - (...) -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe   [651096] [PID.2504]
[MD5.E4F6125ED5185F8FA37CC4F449B85526] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe   [770608] [PID.2132]
[MD5.DC79F4167BF4067CC0F2C72E4E6040B3] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe   [6808576] [PID.3464]
[MD5.67A95B9D129ED5399E7965CD09CF30E7] - (.Logitech Inc. - Logitech User mode UMVPF service.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe   [450848] [PID.416]
[MD5.27D036FB3D22CA8A6662FE960D1A937D] - (.Symantec Corporation - Symantec Service Framework.) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe   [108392] [PID.1420]
[MD5.C711ED965009BDCFF9AA62CEB6FF1AAD] - (.brother Industries Ltd - brsvc01a.) -- C:\Windows\SysWOW64\brsvc01a.exe   [57344] [PID.1640]
[MD5.D19C4EE2AC7C47B8F5F84FFF1A789D8A] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe   [63960] [PID.1856]
[MD5.F01964D14C12496F5297B8C2E16CEFA1] - (.brother Industries Ltd - brss01a.exe.) -- C:\Windows\SysWOW64\brss01a.exe   [45056] [PID.1896]
[MD5.9AB71BDB43A0376A21B8DE335557A2DC] - (.Gemalto - Classic Client SHM Service.) -- C:\Program Files (x86)\Gemalto\Classic Client\BIN\GslShmSrvc.exe   [69632] [PID.1060]
[MD5.0EE66BDF485C6828AA65C0EF5D591133] - (.Hewlett-Packard Company - LightScribe Service.) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe   [73728] [PID.1244]
[MD5.18234EC42C951403BF889A9754FF1835] - (.Logitech Inc. -  LVPrS64H Module..) -- C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe   [114008] [PID.1428]
[MD5.7D2633295EB6FF2B938185874884059D] - (.Nero AG - Nero BackItUp.) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe   [935208] [PID.1416]
[MD5.3F87885CB3767BFD27811B3CA3CC608D] - (.Nuance Communications, Inc. - PDFPROFILTSRV.EXE.) -- C:\Program Files (x86)\Nuance\eCopy PDF Pro Office\PDFProFiltSrv.exe   [135016] [PID.2148]
[MD5.388AE59FE75F1B959DFA0900923C61BB] - (.Skype Technologies S.A. - Skype C2C Service.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe   [3064000] [PID.2240]
[MD5.F9506327BB18C51ED720CB9E83BBAB66] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe   [239648] [PID.2340]
[MD5.B9B3B38A852F13D6F61ACB3994872EDA] - (.Symantec Corporation - Symantec AntiVirus.) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe   [1775344] [PID.2520]
~ Processes Running:  Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions  (P2,M0,M1,M2,M3)
M3 - MFPP: Plugins - [Administrateur] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\amazon-france.xml
M3 - MFPP: Plugins - [Administrateur] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\bing.xml
M3 - MFPP: Plugins - [Administrateur] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml
M3 - MFPP: Plugins - [Administrateur] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\eBay-france.xml
M3 - MFPP: Plugins - [Administrateur] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\google.xml
M3 - MFPP: Plugins - [Administrateur] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\wikipedia-fr.xml
M3 - MFPP: Plugins - [Administrateur] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\yahoo-france.xml
P2 - FPN:Firefox Plugin Navigator . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.4.) -- C:\Program Files (x86)\Mozilla Firefox\Plugins\nppdf32.dll
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 5.1.20125.0.) -- c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
P2 - FPN: [HKLM] [@microsoft.com/OfficeAuthz,version=14.0] - (.Microsoft Corporation - Office Authorization plug-in for NPAPI browsers.) -- C:\Program Files\Microsoft Office\Office14\NPAUTHZ.dll
~ Firefox Browser: 12 Scanned in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R3 - URLSearchHook: Microsoft Url Search Hook [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (10.00.9200.16521 (win8_gdr_soc_ie.130216-2100)) -- C:\Windows\SysWOW64\ieframe.dll
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1
R4 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1
~ IE Browser: 12 Scanned in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: AcroIEHelperStub [64Bits] - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: PlusIEEventHelper Class [64Bits] - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} . (.Zeon Corporation - PlusIEContextMenu.dll.) -- C:\Program Files (x86)\Nuance\eCopy PDF Pro Office\Bin\PlusIEContextMenu.dll
O2 - BHO: Groove GFS Browser Helper [64Bits] - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} . (.Microsoft Corporation - Microsoft SharePoint Workspace Extensions.) -- C:\Program Files (x86)\Microsoft Office 2010\Office14\GROOVEEX.dll
O2 - BHO: Java(tm) Plug-In SSV Helper [64Bits] - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO [64Bits] - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} . (.Skype Technologies S.A. - Skype Click to Call for Internet Explorer.) -- C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO [64Bits] - {B4F3A835-0E21-4959-BA22-42B3008E02FF} . (.Microsoft Corporation - Microsoft Office Document Cache Handler.) -- C:\Program Files (x86)\Microsoft Office 2010\Office14\URLREDIR.dll
O2 - BHO: ZeonIEEventHelper Class [64Bits] - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} . (.Zeon Corporation - ZeonIEFavClient.dll.) -- C:\Program Files (x86)\Nuance\eCopy PDF Pro Office\Bin\ZeonIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper [64Bits] - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
~ BHO: 8 Scanned in 00mn 00s



---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKCU\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe 
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe 
O4 - HKLM\..\Wow6432Node\Run: [HDAudDeck] . (.VIA - VIA HD Audio CPL.) -- C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe 
O4 - HKLM\..\Wow6432Node\Run: [LWS] . (.Logitech Inc. - Logitech Webcam Software.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe 
O4 - HKLM\..\Wow6432Node\Run: [ccApp] . (.Symantec Corporation - Symantec User Session.) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe 
O4 - HKLM\..\Wow6432Node\Run: [BrStsWnd] . (.brother - brstswnd.) -- C:\Program Files (x86)\Brownie\BrstsW64.exe 
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe 
O4 - HKLM\..\Wow6432Node\Run: [RegTool] . (.Pas de propriétaire - RegTool MFC Application.) -- C:\Program Files (x86)\Gemalto\Classic Client\BIN\RegTool.exe 
O4 - HKLM\..\Wow6432Node\Run: [PDFProHook] . (.Nuance Communications, Inc. - PdfPro7Hook.exe.) -- C:\Program Files (x86)\Nuance\eCopy PDF Pro Office\pdfpro7hook.exe 
O4 - HKLM\..\Wow6432Node\Run: [PdfProInboxMonitor] . (...) -- C:\Program Files (x86)\Nuance\eCopy PDF Pro Office\InboxMonitor.exe 
O4 - HKLM\..\Wow6432Node\Run: [InboxMonitor] . (...) -- C:\Program Files (x86)\Nuance\eCopy PDF Pro Office\InboxMonitor.exe 
O4 - HKLM\..\Wow6432Node\Run: [PDF7 Registry Controller] . (.Nuance Communications, Inc. - REGISTRYCONTROLLER.EXE.) -- C:\Program Files (x86)\Nuance\eCopy PDF Pro Office\RegistryController.exe 
O4 - HKLM\..\Wow6432Node\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files (x86)\Microsoft Office 2010\Office14\BCSSync.exe 
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe 
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe 
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe 
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe 
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe 
O4 - HKUS\S-1-5-21-2195496237-476440402-2604502530-500\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe 
O4 - HKUS\S-1-5-21-2195496237-476440402-2604502530-500\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe 
~ Application:  Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe 
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.)  -- C:\Windows\explorer.exe 
O4 - GS\Programs: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe 
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe 
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe 
O4 - GS\QuickLaunch: Nero StartSmart Essentials.lnk . (.Nero AG - Nero StartSmart 9 Application.)  -- C:\Program Files (x86)\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe 
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe 
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.)  -- C:\Windows\system32\eudcedit.exe 
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft  Windows Fax and Scan.)  -- C:\Windows\system32\WFS.exe 
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.)  -- C:\Program Files (x86)\Skype\Phone\Skype.exe 
O4 - GS\Desktop: 7-Zip File Manager.lnk . (...)  -- C:\Program Files (x86)\7-Zip\7zFM.exe (.not file.)
O4 - GS\Desktop: Documents.lnk . (...)  -- C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms 
O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.)  -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe 
O4 - GS\Desktop: DataSurfer Suite.lnk . (.DataSurfer - DataSurfer.)  -- C:\Program Files (x86)\GENEsys\DataSurfer Suite\Bin\DataSurfer.exe 
O4 - GS\Desktop: Désinstallation de DataSurfer Suite .lnk . (.Synactis - Synactis UnInstall.)  -- C:\Program Files (x86)\Common Files\Synactis\UnInstall.exe 
~ Global Startup:  Scanned in 00mn 00s



---\\ Invisibilité de l'icône d'options IE dans le panneau de Configuration (O5)
O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no
~ IE Control Panel: 1 Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~1\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~1\Office14\ONBTTN~1.dll (.not file.)
O9 - Extra button: Skype Click to Call [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons:  Scanned in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d’affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll
~ Winsock: 6 Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{A7532C6B-3BF4-4787-A085-84B05B3E3EEC}: DhcpNameServer = 10.37.2.1 10.37.2.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{A7532C6B-3BF4-4787-A085-84B05B3E3EEC}: DhcpDomain = Proarchives.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{A7532C6B-3BF4-4787-A085-84B05B3E3EEC}: DhcpNameServer = 10.37.2.1 10.37.2.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{A7532C6B-3BF4-4787-A085-84B05B3E3EEC}: DhcpDomain = Proarchives.local
O17 - HKLM\System\CS2\Services\Tcpip\..\{A7532C6B-3BF4-4787-A085-84B05B3E3EEC}: DhcpNameServer = 10.37.2.1 10.37.2.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{A7532C6B-3BF4-4787-A085-84B05B3E3EEC}: DhcpDomain = Proarchives.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Proarchives.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.37.2.1 10.37.2.3
~ Domain:  Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
~ SSODL: 1 Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service:  (AMD External Events Utility) . (.AMD - AMD External Events Service Module.) - C:\Windows\System32\atiesrxx.exe
O23 - Service: BrSplService (Brother XP spl Service) . (.brother Industries Ltd - brsvc01a.) - C:\Windows\SysWOW64\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) . (.Symantec Corporation - Symantec Service Framework.) - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) . (.Symantec Corporation - Symantec Service Framework.) - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ForceWare Intelligent Application Manage (ForceWare Intelligent Application Manager (IAM)) . (.Pas de propriétaire - app_filter Module.) - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: GSL Share Memory (GslShmSrvc) . (.Gemalto - Classic Client SHM Service.) - C:\Program Files (x86)\Gemalto\Classic Client\BIN\GslShmSrvc.exe
O23 - Service: LightScribeService Direct Disc Labeling  (LightScribeService) . (.Hewlett-Packard Company - LightScribe Service.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcS64) . (.Logitech Inc. -  LVPrcSrv Module..) - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Nero BackItUp Scheduler 4.0 (Nero BackItUp Scheduler 4.0) . (.Nero AG - Nero BackItUp.) - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: ForceWare IP service (nSvcIp) . (.Pas de propriétaire - NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 191.0.) - C:\Windows\system32\nvvsvc.exe
O23 - Service: PDFProFiltSrv (PDFProFiltSrv) . (.Nuance Communications, Inc. - PDFPROFILTSRV.EXE.) - C:\Program Files (x86)\Nuance\eCopy PDF Pro Office\PDFProFiltSrv.exe
O23 - Service: Skype C2C Service (Skype C2C Service) . (.Skype Technologies S.A. - Skype C2C Service.) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: Client de gestion Symantec  (SmcService) . (.Symantec Corporation - Symantec CMC Smc.) - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) . (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) . (.Symantec Corporation - Symantec AntiVirus.) - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service:  (UMVPFSrv) . (.Logitech Inc. - Logitech User mode UMVPF service.) - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: uvnc_service (uvnc_service) . (.UltraVNC - VNC server for X64/win32.) - C:\Program Files\UltraVNC\WinVNC.exe
~ Services: 20 Scanned in 00mn 04s



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) -  (.not file.)
~ Desktop Component: 1 Scanned in 00mn 00s



---\\ BootExecute (O34)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
~ BEX: 1 Scanned in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task  - C:\Windows\Tasks\Adobe Flash Player Updater.job   [1002]
[MD5.479901C99FA62D1C3261B7ACB1228DAD] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe   [256904]
[MD5.45C26D4AF94C4D2335B5960F1D9BCC7D] [APT] [CCleanerSkipUAC] (.Piriform Ltd.) -- C:\Program Files\CCleaner\CCleaner.exe   [3113312]
[MD5.926882F24FA982B60E9234CA47D3D8C9] [APT] [{069D4535-2DAD-4BE6-B973-BE928C6AECBC}] (...) -- C:\Windows\SysWOW64\BDEADMIN.cpl   [183808]
[MD5.00000000000000000000000000000000] [APT] [{1C42A632-0605-412B-ABC3-9F3277574B2B}] (...) -- D:\AUTORUN.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{1CD5AAD6-E876-42F5-8484-310DD61C5FCB}] (...) -- C:\Users\Administrateur\Downloads\jxpiinstall(5).exe (.not file.)   [0]
[MD5.497F27E279C0F921E2130BB89C1CB5CA] [APT] [{4A18648D-D04E-43E8-915A-172BFDF0DE81}] (.Skype Technologies S.A..) -- C:\Program Files (x86)\Skype\Phone\Skype.exe   [18705664]
~ Scheduled Task: 7 Scanned in 00mn 05s



---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Microsoft Windows Media Player [64Bits] - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Ressources du Lecteur Windows Media.) -- C:\Windows\System32\wmploc.dll
O40 - ASIC: Microsoft Windows Media Player 12.0 [64Bits] - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\Windows\SysWOW64\wmpdxm.dll
O40 - ASIC: Themes Setup [64Bits] - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation - API Windows Theme.) -- C:\Windows\System32\themeui.dll
O40 - ASIC: Internet Explorer [64Bits] - {2D46B6DC-2207-486B-B523-A557E6D54B47} . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe
O40 - ASIC: Microsoft Windows [64Bits] - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files (x86)\Windows Mail\WinMail.exe
O40 - ASIC: Browsing Enhancements [64Bits] - {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation - Extension Shell dossier FTP Microsoft Internet Explorer..) -- C:\Windows\System32\msieftp.dll
O40 - ASIC: Microsoft Windows Media Player [64Bits] - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Ressources du Lecteur Windows Media.) -- C:\Windows\System32\wmploc.dll
O40 - ASIC: Windows Desktop Update [64Bits] - {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll
O40 - ASIC: Web Platform Customizations [64Bits] - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe
O40 - ASIC: (no name) [64Bits] - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\system32\mscories.dll
~ Active Setup: 10 Scanned in 00mn 00s



---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: C:\Windows\System32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\System32\DRIVERS\blbdrive.sys
O41 - Driver:  (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\system32\drivers\cdrom.sys
O41 - Driver: C:\Windows\System32\cscsvc.dll (CSC) . (.Microsoft Corporation - Windows Client Side Caching Driver.) - C:\Windows\System32\drivers\csc.sys
O41 - Driver: C:\Windows\System32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys
O41 - Driver: C:\Windows\System32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\System32\drivers\discache.sys
O41 - Driver:  (eeCtrl) . (.Symantec Corporation - Symantec Eraser Control Driver.) - C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
O41 - Driver:  (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\system32\drivers\mssmbios.sys
O41 - Driver:  (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
O41 - Driver: C:\Windows\System32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver: C:\Windows\System32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\System32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\System32\DRIVERS\pacer.sys
O41 - Driver: C:\Windows\System32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: C:\Windows\System32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver: C:\Windows\System32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys
O41 - Driver: C:\Windows\System32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\System32\drivers\rdprefmp.sys
O41 - Driver:  (Serial) . (.Microsoft Corporation - Pilote de périphérique série.) - C:\Windows\System32\DRIVERS\serial.sys
O41 - Driver:  (SRTSP) . (.Symantec Corporation - Symantec AutoProtect.) - C:\Windows\System32\Drivers\SRTSP64.sys
O41 - Driver:  (SRTSPX) . (.Symantec Corporation - Symantec AutoProtect.) - C:\Windows\System32\Drivers\SRTSPX64.sys
O41 - Driver: C:\Windows\System32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys
O41 - Driver:  (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\system32\drivers\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver: C:\Windows\System32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys
O41 - Driver:  (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\System32\DRIVERS\wfplwf.sys
O41 - Driver:  (WPS) . (.Symantec Corporation - Symantec CMC Firewall WPS.) - C:\Windows\system32\drivers\wpsdrvnt.sys
~ Drivers: 75 Scanned in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: 7-Zip 4.65 (x64 edition) - (.Igor Pavlov.) [HKLM][64Bits] -- {23170F69-40C1-2702-0465-000001000000}
O42 - Logiciel: ATI AVIVO64 Codecs - (.ATI Technologies Inc..) [HKLM][64Bits] -- {B4CA5A58-2759-7FCF-4F19-952E05FBA493}
O42 - Logiciel: Adobe Flash Player 11 ActiveX - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 11 Plugin - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Reader X (10.1.4) - Français - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-7AD7-1036-7B44-AA1000000001}
O42 - Logiciel: Advertising Center - (.Nero AG.) [HKLM][64Bits] -- {B2EC4A38-B545-4A00-8214-13FE0E915E6D}
O42 - Logiciel: Brother HL-5350DN - (.Brother.) [HKLM][64Bits] -- {50EC3436-AEC2-4A1F-9BDD-8DA85FAE26DD}
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM][64Bits] -- CCleaner
O42 - Logiciel: CameraHelperMsi - (.Logitech.) [HKLM][64Bits] -- {15634701-BACE-4449-8B25-1567DA8C9FD3}
O42 - Logiciel: Catalyst Control Center - Branding - (.ATI.) [HKLM][64Bits] -- {A961C6FD-C583-45F6-A0A4-5E4376C29E41}
O42 - Logiciel: Classic Client 6.0 for 64 bits - (.Gemalto.) [HKLM][64Bits] -- {8D4DAF79-8A5A-4469-9AB6-FC8B411AD8F7}
O42 - Logiciel: Client Symantec Endpoint Protection - (.Symantec Corporation.) [HKLM][64Bits] -- {AAD74846-0637-4DAE-BF0C-7B66D3304F87}
O42 - Logiciel: EVERWIN-GX 2011 - (.EVERWIN.) [HKLM][64Bits] -- {0EA50B8C-3543-410F-83C7-CC2B23C31213}_is1
O42 - Logiciel: Free Video to MP3 Converter version 5.0.20.1031 - (.DVDVideoSoft Ltd..) [HKLM][64Bits] -- Free Video to MP3 Converter_is1
O42 - Logiciel: Java 7 Update 7 - (.Oracle.) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F83217007FF}
O42 - Logiciel: JavaFX 2.1.1 - (.Oracle Corporation.) [HKLM][64Bits] -- {1111706F-666A-4037-7777-211328764D10}
O42 - Logiciel: LWS Facebook - (.Logitech.) [HKLM][64Bits] -- {FF167195-9EE4-46C0-8CD7-FBA3457E88AB}
O42 - Logiciel: LWS Gallery - (.Logitech.) [HKLM][64Bits] -- {6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}
O42 - Logiciel: LWS Help_main - (.Logitech.) [HKLM][64Bits] -- {1651216E-E7AD-4250-92A1-FB8ED61391C9}
O42 - Logiciel: LWS Launcher - (.Logitech.) [HKLM][64Bits] -- {83C8FA3C-F4EA-46C4-8392-D3CE353738D6}
O42 - Logiciel: LWS Motion Detection - (.Logitech.) [HKLM][64Bits] -- {71E66D3F-A009-44AB-8784-75E2819BA4BA}
O42 - Logiciel: LWS Pictures And Video - (.Logitech.) [HKLM][64Bits] -- {08610298-29AE-445B-B37D-EFBE05802967}
O42 - Logiciel: LWS Video Mask Maker - (.Logitech.) [HKLM][64Bits] -- {EED027B7-0DB6-404B-8F45-6DFEE34A0441}
O42 - Logiciel: LWS VideoEffects - (.Logitech.) [HKLM][64Bits] -- {138A4072-9E64-46BD-B5F9-DB2BB395391F}
O42 - Logiciel: LWS WLM Plugin - (.Logitech.) [HKLM][64Bits] -- {9DAEA76B-E50F-4272-A595-0124E826553D}
O42 - Logiciel: LWS Webcam Software - (.Logitech.) [HKLM][64Bits] -- {8937D274-C281-42E4-8CDB-A0B2DF979189}
O42 - Logiciel: LWS YouTube Plugin - (.Logitech.) [HKLM][64Bits] -- {21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}
O42 - Logiciel: LifeFrame2 - (.ASUS.) [HKLM][64Bits] -- {1DBD1F12-ED93-49C0-A7CC-56CBDE488158}
O42 - Logiciel: LightScribe System Software - (.LightScribe.) [HKLM][64Bits] -- {10CCF16B-F1C9-4B24-9570-B4CCEE42392D}
O42 - Logiciel: LiveUpdate 3.3 (Symantec Corporation) - (.Symantec Corporation.) [HKLM][64Bits] -- LiveUpdate
O42 - Logiciel: Logitech Webcam Software - (.Logitech Inc..) [HKLM][64Bits] -- {D40EB009-0499-459c-A8AF-C9C110766215}
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM][64Bits] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM][64Bits] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM][64Bits] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: Mozilla Firefox 20.0.1 (x86 fr) - (.Mozilla.) [HKLM][64Bits] -- Mozilla Firefox 20.0.1 (x86 fr)
O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM][64Bits] -- MozillaMaintenanceService
O42 - Logiciel: NVIDIA Drivers - (.NVIDIA Corporation.) [HKLM][64Bits] -- NVIDIA Drivers
O42 - Logiciel: NVIDIA ForceWare Network Access Manager - (.NVIDIA Corporation.) [HKLM][64Bits] -- InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}
O42 - Logiciel: NVIDIA ForceWare Network Access Manager - (.NVIDIA Corporation.) [HKLM][64Bits] -- {7CFA46E3-CC2F-4355-82AE-6012DC3633FD}
O42 - Logiciel: NVIDIA PhysX - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B83FC356-B7C0-441F-8A4D-D71E088E7974}
O42 - Logiciel: NVIDIA Stereoscopic 3D Driver - (.NVIDIA Corporation.) [HKLM][64Bits] -- NVIDIAStereo
O42 - Logiciel: Nero 9 Essentials - (.Nero AG.) [HKLM][64Bits] -- {700553f3-92b0-48a2-9e23-f5f8ae198b0c}
O42 - Logiciel: Nero BurnRights - (.Nero AG.) [HKLM][64Bits] -- {7829DB6F-A066-4E40-8912-CB07887C20BB}
O42 - Logiciel: Nero BurnRights Help - (.Nero AG.) [HKLM][64Bits] -- {F6BDD7C5-89ED-4569-9318-469AA9732572}
O42 - Logiciel: Nero ControlCenter - (.Nero AG.) [HKLM][64Bits] -- {BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}
O42 - Logiciel: Nero ControlCenter - (.Nero AG.) [HKLM][64Bits] -- {F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}
O42 - Logiciel: Nero CoverDesigner - (.Nero AG.) [HKLM][64Bits] -- {62AC81F6-BDD3-4110-9D36-3E9EAAB40999}
O42 - Logiciel: Nero CoverDesigner Help - (.Nero AG.) [HKLM][64Bits] -- {CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}
O42 - Logiciel: Nero Disc Copy Gadget - (.Nero AG.) [HKLM][64Bits] -- {F1861F30-3419-44DB-B2A1-C274825698B3}
O42 - Logiciel: Nero Disc Copy Gadget Help - (.Nero AG.) [HKLM][64Bits] -- {60C731FB-C951-41CE-AD41-8E54C8594609}
O42 - Logiciel: Nero DiscSpeed - (.Nero AG.) [HKLM][64Bits] -- {869200DB-287A-4DC0-B02B-2B6787FBCD4C}
O42 - Logiciel: Nero DiscSpeed Help - (.Nero AG.) [HKLM][64Bits] -- {CC019E3F-59D2-4486-8D4B-878105B62A71}
O42 - Logiciel: Nero DriveSpeed - (.Nero AG.) [HKLM][64Bits] -- {33CF58F5-48D8-4575-83D6-96F574E4D83A}
O42 - Logiciel: Nero DriveSpeed Help - (.Nero AG.) [HKLM][64Bits] -- {E5C7D048-F9B4-4219-B323-8BDB01A2563D}
O42 - Logiciel: Nero Express Help - (.Nero AG.) [HKLM][64Bits] -- {83202942-84B3-4C50-8622-B8C0AA2D2885}
O42 - Logiciel: Nero InfoTool - (.Nero AG.) [HKLM][64Bits] -- {FBCDFD61-7DCF-4E71-9226-873BA0053139}
O42 - Logiciel: Nero InfoTool Help - (.Nero AG.) [HKLM][64Bits] -- {20400DBD-E6DB-45B8-9B6B-1DD7033818EC}
O42 - Logiciel: Nero Installer - (.Nero AG.) [HKLM][64Bits] -- {E8A80433-302B-4FF1-815D-FCC8EAC482FF}
O42 - Logiciel: Nero Online Upgrade - (.Nero AG.) [HKLM][64Bits] -- {C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}
O42 - Logiciel: Nero StartSmart - (.Nero AG.) [HKLM][64Bits] -- {7748AC8C-18E3-43BB-959B-088FAEA16FB2}
O42 - Logiciel: Nero StartSmart Help - (.Nero AG.) [HKLM][64Bits] -- {2348B586-C9AE-46CE-936C-A68E9426E214}
O42 - Logiciel: Nero StartSmart OEM - (.Nero AG.) [HKLM][64Bits] -- {4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}
O42 - Logiciel: NeroExpress - (.Nero AG.) [HKLM][64Bits] -- {595A3116-40BB-4E0F-A2E8-D7951DA56270}
O42 - Logiciel: PDFCreator - (.Frank Heindörfer, Philip Chinery.) [HKLM][64Bits] -- {0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}
O42 - Logiciel: PVSonyDll - (.NVIDIA Corporation.) [HKLM][64Bits] -- {3D3E663D-4E7E-4577-A560-7ECDDD45548A}
O42 - Logiciel: Security Update for CAPICOM (KB931906) - (.Microsoft Corporation.) [HKLM][64Bits] -- KB931906
O42 - Logiciel: Security Update for CAPICOM (KB931906) - (.Microsoft Corporation.) [HKLM][64Bits] -- {0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
O42 - Logiciel: Skype Click to Call - (.Skype Technologies S.A..) [HKLM][64Bits] -- {B6CF2967-C81E-40C0-9815-C05774FEF120}
O42 - Logiciel: Skype™ 6.1 - (.Skype Technologies S.A..) [HKLM][64Bits] -- {4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}
O42 - Logiciel: Suite Entreprise v2 - (.Banque Populaire.) [HKLM][64Bits] -- InstallShield_{2F555874-74A3-4767-A5AD-C01CE1876037}
O42 - Logiciel: Suite Entreprise v2 - (.Banque Populaire.) [HKLM][64Bits] -- {2F555874-74A3-4767-A5AD-C01CE1876037}
O42 - Logiciel: Synactis DataSurfer version 4.22 - (...) [HKLM][64Bits] -- Synactis_DataSurfer
O42 - Logiciel: UltraVNC 1.0.8.2 - (.1.0.8.2.) [HKLM][64Bits] -- Ultravnc2_is1
O42 - Logiciel: Utilitaires LAN-Fax - (...) [HKLM][64Bits] -- Utilitaires LAN-Fax
O42 - Logiciel: VIA Gestionnaire de périphériques de plate-forme - (.VIA Technologies, Inc..) [HKLM][64Bits] -- InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}
O42 - Logiciel: VLC media player 2.0.4 - (.VideoLAN.) [HKLM][64Bits] -- VLC media player
O42 - Logiciel: YouSendIt Express - (.YouSendIt.) [HKLM][64Bits] -- InstallShield_{8C8224B7-AA9B-4807-97CD-55899BAC83FE}
O42 - Logiciel: Youtube Downloader HD v. 2.9.5 - (.YoutubeDownloaderHD.com.) [HKLM][64Bits] -- Youtube Downloader HD_is1
O42 - Logiciel: eCopy PDF Pro Office - (.Nuance Communications, Inc..) [HKLM][64Bits] -- {D45C5591-A665-4055-8B89-7F615AE14F6C}
O42 - Logiciel: erLT - (.Logitech, Inc..) [HKLM][64Bits] -- {3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
O42 - Logiciel: neroxml - (.Nero AG.) [HKLM][64Bits] -- {56C049BE-79E9-4502-BEA7-9754A3E60F9B}
~ Logic: 123 Scanned in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\ATI]
[HKCU\Software\Adobe]
[HKCU\Software\AppDataLow]
[HKCU\Software\Brother]
[HKCU\Software\Classes]
[HKCU\Software\JavaSoft]
[HKCU\Software\LightScribe]
[HKCU\Software\Logishrd]
[HKCU\Software\Logitech]
[HKCU\Software\Macromedia]
[HKCU\Software\NVIDIA Corporation]
[HKCU\Software\Policies]
[HKCU\Software\ScanSoft]
[HKCU\Software\Skype]
[HKCU\Software\Symantec]
[HKCU\Software\Trolltech]
[HKCU\Software\Wow6432Node]
[HKCU\Software\ZebHelpProcess Helper]
[HKCU\Software\Zeon]
[HKLM\Software\7-Zip]
[HKLM\Software\AMD]
[HKLM\Software\ASUS]
[HKLM\Software\ATI Technologies]
[HKLM\Software\ATI]
[HKLM\Software\Audible]
[HKLM\Software\BrowserChoice]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\Gemplus]
[HKLM\Software\IM Providers]
[HKLM\Software\Intel]
[HKLM\Software\Logitech]
[HKLM\Software\Macromedia]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\NVIDIA Corporation]
[HKLM\Software\ODBC]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\QSound Labs, Inc.]
[HKLM\Software\RICOH]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\ScanSoft]
[HKLM\Software\Sonic]
[HKLM\Software\Symantec]
[HKLM\Software\WholeSecurity]
[HKLM\Software\Wow6432Node\AGEIA Technologies]
[HKLM\Software\Wow6432Node\ALWIL Software]
[HKLM\Software\Wow6432Node\ASUS]
[HKLM\Software\Wow6432Node\ATI Technologies]
[HKLM\Software\Wow6432Node\ATI]
[HKLM\Software\Wow6432Node\Adobe]
[HKLM\Software\Wow6432Node\Audible]
[HKLM\Software\Wow6432Node\Borland]
[HKLM\Software\Wow6432Node\Brother]
[HKLM\Software\Wow6432Node\Citrix]
[HKLM\Software\Wow6432Node\Classes]
[HKLM\Software\Wow6432Node\Clients]
[HKLM\Software\Wow6432Node\DVDVideoSoft]
[HKLM\Software\Wow6432Node\Everwin]
[HKLM\Software\Wow6432Node\Gemplus]
[HKLM\Software\Wow6432Node\Google]
[HKLM\Software\Wow6432Node\IM Providers]
[HKLM\Software\Wow6432Node\InstallShield]
[HKLM\Software\Wow6432Node\Intel]
[HKLM\Software\Wow6432Node\JavaSoft]
[HKLM\Software\Wow6432Node\JreMetrics]
[HKLM\Software\Wow6432Node\Licenses]
[HKLM\Software\Wow6432Node\LightScribe]
[HKLM\Software\Wow6432Node\Logitech]
[HKLM\Software\Wow6432Node\MFP Soft]
[HKLM\Software\Wow6432Node\Macromedia]
[HKLM\Software\Wow6432Node\MimarSinan]
[HKLM\Software\Wow6432Node\MozillaPlugins]
[HKLM\Software\Wow6432Node\Mozilla]
[HKLM\Software\Wow6432Node\NVIDIA Corporation]
[HKLM\Software\Wow6432Node\Nero]
[HKLM\Software\Wow6432Node\ODBC]
[HKLM\Software\Wow6432Node\Oracle]
[HKLM\Software\Wow6432Node\PDFCreator]
[HKLM\Software\Wow6432Node\Policies]
[HKLM\Software\Wow6432Node\RegisteredApplications]
[HKLM\Software\Wow6432Node\ScanSoft]
[HKLM\Software\Wow6432Node\Sensible Vision]
[HKLM\Software\Wow6432Node\Skype]
[HKLM\Software\Wow6432Node\SweetIM]  =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Symantec]
[HKLM\Software\Wow6432Node\Systweak]
[HKLM\Software\Wow6432Node\Uniblue]
[HKLM\Software\Wow6432Node\VIA Technologies, Inc]
[HKLM\Software\Wow6432Node\VideoLAN]
[HKLM\Software\Wow6432Node\Windows]
[HKLM\Software\Wow6432Node\ZEON]
[HKLM\Software\Wow6432Node\logishrd]
[HKLM\Software\Wow6432Node\mozilla.org]
[HKLM\Software\Wow6432Node]
[HKLM\Software\ZEON]
[HKLM\Software\brother]
~ Key Software: 142 Scanned in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 12/04/2013 - 17:44:12 - [113,305] ----D C:\Program Files (x86)\Adobe
O43 - CFD: 23/06/2010 - 20:13:57 - [117,546] ----D C:\Program Files (x86)\AGEIA Technologies
O43 - CFD: 13/09/2010 - 14:32:13 - [9,147] ----D C:\Program Files (x86)\ASUS
O43 - CFD: 23/03/2011 - 15:45:30 - [60,939] ----D C:\Program Files (x86)\ATI Technologies
O43 - CFD: 02/02/2011 - 17:16:31 - [8,609] ----D C:\Program Files (x86)\Brother
O43 - CFD: 02/02/2011 - 17:20:09 - [12,210] ----D C:\Program Files (x86)\Brownie
O43 - CFD: 12/04/2013 - 17:44:12 - [616,534] ----D C:\Program Files (x86)\Common Files
O43 - CFD: 02/11/2012 - 15:30:07 - [11,292] ----D C:\Program Files (x86)\DVDVideoSoft
O43 - CFD: 22/03/2012 - 11:00:01 - [27,655] ----D C:\Program Files (x86)\Gemalto
O43 - CFD: 29/01/2013 - 19:22:29 - [156,509] ----D C:\Program Files (x86)\GENEsys
O43 - CFD: 22/03/2012 - 11:08:31 - [18,851] --H-D C:\Program Files (x86)\InstallShield Installation Information
O43 - CFD: 11/04/2013 - 09:13:21 - [4,885] ----D C:\Program Files (x86)\Internet Explorer
O43 - CFD: 05/09/2012 - 14:30:35 - [120,983] ----D C:\Program Files (x86)\Java
O43 - CFD: 09/08/2010 - 17:11:52 - [78,410] ----D C:\Program Files (x86)\Logitech
O43 - CFD: 06/08/2012 - 16:58:34 - [38,002] ----D C:\Program Files (x86)\Microsoft Analysis Services
O43 - CFD: 10/08/2010 - 11:36:49 - [0,764] ----D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
O43 - CFD: 06/08/2012 - 16:43:40 - [7,962] ----D C:\Program Files (x86)\Microsoft Office
O43 - CFD: 06/08/2012 - 17:02:00 - [954,543] ----D C:\Program Files (x86)\Microsoft Office 2010
O43 - CFD: 15/03/2013 - 11:05:38 - [40,835] ----D C:\Program Files (x86)\Microsoft Silverlight
O43 - CFD: 06/08/2012 - 17:01:59 - [1,722] ----D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
O43 - CFD: 06/08/2012 - 17:01:59 - [0,757] ----D C:\Program Files (x86)\Microsoft Sync Framework
O43 - CFD: 06/08/2012 - 17:02:34 - [0,312] ----D C:\Program Files (x86)\Microsoft Synchronization Services
O43 - CFD: 06/08/2012 - 16:59:43 - [52,634] ----D C:\Program Files (x86)\Microsoft Visual Studio 8
O43 - CFD: 06/08/2012 - 17:01:59 - [7,789] ----D C:\Program Files (x86)\Microsoft.NET
O43 - CFD: 15/04/2013 - 15:42:36 - [51,364] ----D C:\Program Files (x86)\Mozilla Firefox
O43 - CFD: 17/04/2013 - 14:22:02 - [0,212] ----D C:\Program Files (x86)\Mozilla Maintenance Service
O43 - CFD: 06/08/2012 - 17:03:17 - [0,025] ----D C:\Program Files (x86)\MSBuild
O43 - CFD: 09/08/2010 - 15:35:24 - [0] ----D C:\Program Files (x86)\MSXML 4.0
O43 - CFD: 23/03/2011 - 15:48:48 - [0] ----D C:\Program Files (x86)\My Company Name
O43 - CFD: 24/06/2010 - 09:19:03 - [332,864] ----D C:\Program Files (x86)\Nero
O43 - CFD: 06/04/2012 - 10:08:16 - [669,680] ----D C:\Program Files (x86)\Nuance
O43 - CFD: 23/06/2010 - 20:13:06 - [36,069] ----D C:\Program Files (x86)\NVIDIA Corporation
O43 - CFD: 25/06/2012 - 09:33:54 - [33,205] ----D C:\Program Files (x86)\Oracle
O43 - CFD: 16/07/2012 - 11:13:20 - [32,685] ----D C:\Program Files (x86)\PDFCreator
O43 - CFD: 14/07/2009 - 07:32:38 - [37,357] ----D C:\Program Files (x86)\Reference Assemblies
O43 - CFD: 06/04/2012 - 10:42:18 - [0,241] ----D C:\Program Files (x86)\RegistryNuke 2012
O43 - CFD: 21/02/2013 - 09:55:54 - [47,308] R---D C:\Program Files (x86)\Skype
O43 - CFD: 16/08/2010 - 09:28:27 - [543,271] ----D C:\Program Files (x86)\Symantec
O43 - CFD: 14/07/2009 - 06:57:06 - [0] --H-D C:\Program Files (x86)\Uninstall Information
O43 - CFD: 23/06/2010 - 20:10:22 - [51,752] ----D C:\Program Files (x86)\VIA
O43 - CFD: 27/07/2011 - 12:38:26 - [94,080] ----D C:\Program Files (x86)\VideoLAN
O43 - CFD: 14/07/2009 - 17:24:08 - [0,500] ----D C:\Program Files (x86)\Windows Defender
O43 - CFD: 16/06/2011 - 16:19:28 - [5,895] ----D C:\Program Files (x86)\Windows Mail
O43 - CFD: 16/06/2011 - 16:19:27 - [4,791] ----D C:\Program Files (x86)\Windows Media Player
O43 - CFD: 14/07/2009 - 07:32:38 - [11,632] ----D C:\Program Files (x86)\Windows NT
O43 - CFD: 16/06/2011 - 16:19:27 - [4,213] ----D C:\Program Files (x86)\Windows Photo Viewer
O43 - CFD: 16/06/2011 - 16:19:27 - [0,181] ----D C:\Program Files (x86)\Windows Portable Devices
O43 - CFD: 16/06/2011 - 16:19:28 - [24,859] ----D C:\Program Files (x86)\Windows Sidebar
O43 - CFD: 06/05/2011 - 12:15:54 - [2,964] ----D C:\Program Files (x86)\YouSendIt
O43 - CFD: 02/11/2012 - 14:08:10 - [6,275] ----D C:\Program Files (x86)\Youtube Downloader HD
O43 - CFD: 17/04/2013 - 14:32:21 - [16,223] ----D C:\Program Files (x86)\ZHPDiag
O43 - CFD: 12/04/2013 - 17:44:22 - [3,722] ----D C:\Program Files (x86)\Common Files\Adobe
O43 - CFD: 13/08/2010 - 16:14:58 - [7,338] ----D C:\Program Files (x86)\Common Files\Borland Shared
O43 - CFD: 06/08/2012 - 17:02:32 - [0,095] ----D C:\Program Files (x86)\Common Files\DESIGNER
O43 - CFD: 02/11/2012 - 15:30:10 - [51,647] ----D C:\Program Files (x86)\Common Files\DVDVideoSoft
O43 - CFD: 02/02/2011 - 16:15:34 - [6,647] ----D C:\Program Files (x86)\Common Files\InstallShield
O43 - CFD: 05/09/2012 - 14:31:12 - [1,184] ----D C:\Program Files (x86)\Common Files\Java
O43 - CFD: 24/06/2010 - 09:15:38 - [36,055] ----D C:\Program Files (x86)\Common Files\LightScribe
O43 - CFD: 28/01/2013 - 16:45:54 - [34,815] ----D C:\Program Files (x86)\Common Files\logishrd
O43 - CFD: 09/08/2010 - 17:11:26 - [4,999] ----D C:\Program Files (x86)\Common Files\LWS
O43 - CFD: 15/03/2013 - 11:03:52 - [215,939] ----D C:\Program Files (x86)\Common Files\microsoft shared
O43 - CFD: 24/06/2010 - 09:21:32 - [139,050] ----D C:\Program Files (x86)\Common Files\Nero
O43 - CFD: 06/04/2012 - 10:08:28 - [5,437] ----D C:\Program Files (x86)\Common Files\ScanSoft Shared
O43 - CFD: 14/07/2009 - 05:20:08 - [0,003] ----D C:\Program Files (x86)\Common Files\Services
O43 - CFD: 21/02/2013 - 09:55:54 - [2,056] ----D C:\Program Files (x86)\Common Files\Skype
O43 - CFD: 14/07/2009 - 05:20:08 - [39,200] ----D C:\Program Files (x86)\Common Files\SpeechEngines
O43 - CFD: 30/11/2012 - 10:49:46 - [18,624] ----D C:\Program Files (x86)\Common Files\Symantec Shared
O43 - CFD: 20/03/2012 - 11:52:12 - [1,088] ----D C:\Program Files (x86)\Common Files\Synactis
O43 - CFD: 16/11/2012 - 20:29:58 - [16,086] ----D C:\Program Files (x86)\Common Files\System
O43 - CFD: 23/06/2010 - 20:13:53 - [32,550] ----D C:\Program Files (x86)\Common Files\Wise Installation Wizard
O43 - CFD: 15/04/2013 - 09:03:23 - [305,465] ----D C:\ProgramData\Adobe
O43 - CFD: 24/06/2010 - 09:30:43 - [0] ----D C:\ProgramData\Alwil Software
O43 - CFD: 14/07/2009 - 07:08:56 - [0] --H-D C:\ProgramData\Application Data
O43 - CFD: 13/09/2010 - 14:45:46 - [0] ----D C:\ProgramData\ASUS
O43 - CFD: 23/03/2011 - 15:51:53 - [0,000] ----D C:\ProgramData\ATI
O43 - CFD: 02/02/2011 - 17:16:38 - [0] ----D C:\ProgramData\Brother
O43 - CFD: 23/06/2010 - 19:53:08 - [0] --H-D C:\ProgramData\Bureau
O43 - CFD: 14/07/2009 - 07:08:56 - [0] --H-D C:\ProgramData\Desktop
O43 - CFD: 14/07/2009 - 07:08:56 - [0] --H-D C:\ProgramData\Documents
O43 - CFD: 23/06/2010 - 19:53:08 - [0] --H-D C:\ProgramData\Favoris
O43 - CFD: 14/07/2009 - 07:08:56 - [0] --H-D C:\ProgramData\Favorites
O43 - CFD: 06/04/2012 - 09:36:58 - [3,807] ----D C:\ProgramData\FLEXnet
O43 - CFD: 24/02/2012 - 10:18:16 - [0,004] ----D C:\ProgramData\LightScribe
O43 - CFD: 09/08/2010 - 17:16:57 - [0,000] ----D C:\ProgramData\LogiShrd
O43 - CFD: 09/08/2010 - 17:11:29 - [20,162] ----D C:\ProgramData\Logitech
O43 - CFD: 18/08/2010 - 10:07:38 - [0] ----D C:\ProgramData\McAfee
O43 - CFD: 23/06/2010 - 19:53:08 - [0] --H-D C:\ProgramData\Menu Démarrer
O43 - CFD: 06/08/2012 - 17:01:59 - [-1551,310] -S--D C:\ProgramData\Microsoft
O43 - CFD: 10/04/2013 - 20:01:36 - [0,085] ----D C:\ProgramData\Microsoft Help
O43 - CFD: 23/06/2010 - 19:53:08 - [0] --H-D C:\ProgramData\Modèles
O43 - CFD: 14/05/2012 - 15:00:29 - [0,035] ----D C:\ProgramData\Mozilla
O43 - CFD: 24/06/2010 - 09:17:25 - [11,409] ----D C:\ProgramData\Nero
O43 - CFD: 06/04/2012 - 10:11:21 - [0,182] ----D C:\ProgramData\Nuance
O43 - CFD: 17/04/2013 - 14:22:53 - [2,104] ----D C:\ProgramData\NVIDIA
O43 - CFD: 21/02/2013 - 09:56:20 - [123,111] ----D C:\ProgramData\Skype
O43 - CFD: 12/07/2011 - 18:51:01 - [6,193] ----D C:\ProgramData\Skype Extras
O43 - CFD: 14/07/2009 - 07:08:56 - [0] --H-D C:\ProgramData\Start Menu
O43 - CFD: 03/12/2010 - 18:46:53 - [0,000] ----D C:\ProgramData\Sun
O43 - CFD: 16/08/2010 - 09:29:51 - [1852,610] ----D C:\ProgramData\Symantec
O43 - CFD: 17/04/2013 - 14:32:39 - [0] ---AD C:\ProgramData\TEMP
O43 - CFD: 14/07/2009 - 07:08:56 - [0] --H-D C:\ProgramData\Templates
O43 - CFD: 06/04/2012 - 10:08:25 - [0,143] ----D C:\ProgramData\Zeon
O43 - CFD: 06/04/2012 - 10:50:04 - [0,010] ----D C:\ProgramData\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46}
O43 - CFD: 08/09/2010 - 15:09:23 - [0] ----D C:\Users\Administrateur\AppData\Roaming\Adobe
O43 - CFD: 12/10/2011 - 09:30:58 - [0] ----D C:\Users\Administrateur\AppData\Roaming\ATI
O43 - CFD: 08/09/2010 - 15:03:55 - [0] ----D C:\Users\Administrateur\AppData\Roaming\Identities
O43 - CFD: 08/09/2010 - 15:09:23 - [0,001] ----D C:\Users\Administrateur\AppData\Roaming\Macromedia
O43 - CFD: 14/07/2009 - 17:35:18 - [0] ----D C:\Users\Administrateur\AppData\Roaming\Media Center Programs
O43 - CFD: 08/09/2010 - 15:08:04 - [0,696] -S--D C:\Users\Administrateur\AppData\Roaming\Microsoft
O43 - CFD: 08/09/2010 - 15:24:01 - [1,754] ----D C:\Users\Administrateur\AppData\Roaming\Skype
O43 - CFD: 08/09/2010 - 15:15:23 - [0,010] ----D C:\Users\Administrateur\AppData\Roaming\skypePM
O43 - CFD: 17/04/2013 - 14:29:19 - [0,048] ----D C:\Users\Administrateur\AppData\Roaming\Zeon
O43 - CFD: 13/08/2010 - 16:06:05 - [0] ----D C:\Users\Administrateur\AppData\Local\Application Data
O43 - CFD: 12/10/2011 - 09:30:58 - [0,086] ----D C:\Users\Administrateur\AppData\Local\ATI
O43 - CFD: 13/08/2010 - 16:06:05 - [0] ----D C:\Users\Administrateur\AppData\Local\Historique
O43 - CFD: 08/09/2010 - 15:08:12 - [77,777] ----D C:\Users\Administrateur\AppData\Local\Microsoft
O43 - CFD: 10/08/2010 - 11:36:12 - [0] ----D C:\Users\Administrateur\AppData\Local\Microsoft Help
O43 - CFD: 08/09/2010 - 15:03:47 - [0,030] ----D C:\Users\Administrateur\AppData\Local\Symantec
O43 - CFD: 17/04/2013 - 14:29:55 - [0,229] ----D C:\Users\Administrateur\AppData\Local\Temp
O43 - CFD: 13/08/2010 - 16:06:05 - [0] ----D C:\Users\Administrateur\AppData\Local\Temporary Internet Files
O43 - CFD: 14/07/2009 - 06:54:32 - [0,014] R---D C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 17/04/2013 - 14:25:35 - [0,000] R---D C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 14/07/2009 - 06:49:38 - [0,001] R---D C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 17/04/2013 - 14:25:35 - [0,000] R---D C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
~ Program Folder: 124 Scanned in 00mn 19s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.0A6A22B6E5829DC682003DA115E947AD] - 17/04/2013 - 13:28:09 ---A- . (...) -- C:\Windows\WindowsUpdate.log   [1402602]
O44 - LFC:[MD5.C4DD1E3323C77A31B645A6FB3D675CDB] - 17/04/2013 - 13:25:53 ---A- . (...) -- C:\Windows\Brownie.ini   [901]
O44 - LFC:[MD5.649E6C9BE3634C7357F30F7047AE4B74] - 17/04/2013 - 13:25:37 ---A- . (...) -- C:\Windows\setupact.log   [465719]
O44 - LFC:[MD5.DA2A050B0295E67C8E27EA462DB651D9] - 17/04/2013 - 13:22:40 -S-A- . (...) -- C:\Windows\bootstat.dat   [67584]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 15/04/2013 - 08:01:51 ---A- . (...) -- C:\t15o.1   [0]
O44 - LFC:[MD5.B7AC8560C924BD2CD6502274CCE65059] - 15/04/2013 - 08:00:51 ---A- . (...) -- C:\Windows\PFRO.log   [13592]
O44 - LFC:[MD5.FA2063B8B94C1CC5361545E16355F573] - 12/04/2013 - 17:56:39 ---A- . (...) -- C:\Windows\SysNative\PerfStringBackup.INI   [1549936]
O44 - LFC:[MD5.CF1E0523BBE993EDC2224F6874488A89] - 12/04/2013 - 17:56:39 ---A- . (...) -- C:\Windows\SysNative\perfc009.dat   [106412]
O44 - LFC:[MD5.AF032443DD40B6FE7039A34E18849C01] - 12/04/2013 - 17:56:39 ---A- . (...) -- C:\Windows\SysNative\perfc00C.dat   [130770]
O44 - LFC:[MD5.E89DBDFC9DA8D645A6E0A64441E09C40] - 12/04/2013 - 17:56:39 ---A- . (...) -- C:\Windows\SysNative\perfh009.dat   [616032]
O44 - LFC:[MD5.577DC9107E580F28E1D19061B7F41361] - 12/04/2013 - 17:56:39 ---A- . (...) -- C:\Windows\SysNative\perfh00C.dat   [704464]
O44 - LFC:[MD5.FA2063B8B94C1CC5361545E16355F573] - 12/04/2013 - 17:56:39 RSHAD . (...) -- C:\Windows\System32\PerfStringBackup.INI   [1549936]
O44 - LFC:[MD5.CF1E0523BBE993EDC2224F6874488A89] - 12/04/2013 - 17:56:39 RSHAD . (...) -- C:\Windows\System32\perfc009.dat   [106412]
O44 - LFC:[MD5.AF032443DD40B6FE7039A34E18849C01] - 12/04/2013 - 17:56:39 RSHAD . (...) -- C:\Windows\System32\perfc00C.dat   [130770]
O44 - LFC:[MD5.E89DBDFC9DA8D645A6E0A64441E09C40] - 12/04/2013 - 17:56:39 RSHAD . (...) -- C:\Windows\System32\perfh009.dat   [616032]
O44 - LFC:[MD5.577DC9107E580F28E1D19061B7F41361] - 12/04/2013 - 17:56:39 RSHAD . (...) -- C:\Windows\System32\perfh00C.dat   [704464]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 12/04/2013 - 07:48:17 ---A- . (...) -- C:\t138.2   [0]
O44 - LFC:[MD5.C7E8FEAEFB82CCC65A1A23EAD73101BE] - 11/04/2013 - 08:15:46 ---A- . (...) -- C:\Windows\SysNative\FNTCACHE.DAT   [418472]
O44 - LFC:[MD5.C7E8FEAEFB82CCC65A1A23EAD73101BE] - 11/04/2013 - 08:15:46 RSHAD . (...) -- C:\Windows\System32\FNTCACHE.DAT   [418472]
O44 - LFC:[MD5.D5B800C7E730BDAFF36FE6FC64EB34A1] - 10/04/2013 - 19:02:07 ---A- . (.Microsoft Corporation - Outil de suppression de logiciels malveilla.) -- C:\Windows\SysNative\MRT.exe   [72702784]
O44 - LFC:[MD5.D5B800C7E730BDAFF36FE6FC64EB34A1] - 10/04/2013 - 19:02:07 RSHAD . (.Microsoft Corporation - Outil de suppression de logiciels malveilla.) -- C:\Windows\System32\MRT.exe   [72702784]
O44 - LFC:[MD5.E198851141465033273480C5EEAD5DE5] - 10/04/2013 - 19:00:03 ---A- . (.Microsoft Corporation - Microsoft® MSHTML Typelib.) -- C:\Windows\SysNative\mshtml.tlb   [2706432]
O44 - LFC:[MD5.E198851141465033273480C5EEAD5DE5] - 10/04/2013 - 19:00:03 ---A- . (.Microsoft Corporation - Microsoft® MSHTML Typelib.) -- C:\Windows\System32\mshtml.tlb   [2706432]
O44 - LFC:[MD5.1C3C4D34DCF354620B76B42620B4DFAD] - 10/04/2013 - 19:00:02 ---A- . (.Microsoft Corporation - Moteur de l’interface utilisateur d’Interne.) -- C:\Windows\SysNative\ieui.dll   [526336]
O44 - LFC:[MD5.1C3C4D34DCF354620B76B42620B4DFAD] - 10/04/2013 - 19:00:02 ---A- . (.Microsoft Corporation - Moteur de l’interface utilisateur d’Interne.) -- C:\Windows\System32\ieui.dll   [526336]
O44 - LFC:[MD5.82F604599DE379AA539EE2DF48399DC5] - 10/04/2013 - 19:00:01 ---A- . (.Microsoft Corporation - IOD Version Map.) -- C:\Windows\SysNative\iesetup.dll   [67072]
O44 - LFC:[MD5.82F604599DE379AA539EE2DF48399DC5] - 10/04/2013 - 19:00:01 ---A- . (.Microsoft Corporation - IOD Version Map.) -- C:\Windows\System32\iesetup.dll   [67072]
O44 - LFC:[MD5.F021824E70447D98DB6CCED4456A0891] - 10/04/2013 - 19:00:01 ---A- . (.Microsoft Corporation - Traitement de RunOnce complet avec interfac.) -- C:\Windows\SysNative\iernonce.dll   [39936]
O44 - LFC:[MD5.F021824E70447D98DB6CCED4456A0891] - 10/04/2013 - 19:00:01 ---A- . (.Microsoft Corporation - Traitement de RunOnce complet avec interfac.) -- C:\Windows\System32\iernonce.dll   [39936]
O44 - LFC:[MD5.A89103864B67CE1ED3BB5D48569D3D94] - 10/04/2013 - 19:00:01 ---A- . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Expl.) -- C:\Windows\SysNative\ie4uinit.exe   [51712]
O44 - LFC:[MD5.A89103864B67CE1ED3BB5D48569D3D94] - 10/04/2013 - 19:00:01 RSHAD . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Expl.) -- C:\Windows\System32\ie4uinit.exe   [51712]
O44 - LFC:[MD5.38BEBBC4CF9FE6566262F0037DF843BF] - 10/04/2013 - 19:00:00 ---A- . (.Microsoft Corporation - IE Sysprep Provider.) -- C:\Windows\SysNative\iesysprep.dll   [136704]
O44 - LFC:[MD5.38BEBBC4CF9FE6566262F0037DF843BF] - 10/04/2013 - 19:00:00 ---A- . (.Microsoft Corporation - IE Sysprep Provider.) -- C:\Windows\System32\iesysprep.dll   [136704]
O44 - LFC:[MD5.268E23EAEDF3FAF87A7A87F0257C9E87] - 10/04/2013 - 19:00:00 ---A- . (.Microsoft Corporation - Microsoft Feeds Manager.) -- C:\Windows\SysNative\msfeeds.dll   [603136]
O44 - LFC:[MD5.268E23EAEDF3FAF87A7A87F0257C9E87] - 10/04/2013 - 19:00:00 ---A- . (.Microsoft Corporation - Microsoft Feeds Manager.) -- C:\Windows\System32\msfeeds.dll   [603136]
O44 - LFC:[MD5.F03E5925B7E99800B8BFE1332556E1E2] - 10/04/2013 - 19:00:00 ---A- . (.Microsoft Corporation - Registers custom PKEYs for IE.) -- C:\Windows\SysNative\RegisterIEPKEYs.exe   [89600]
O44 - LFC:[MD5.F03E5925B7E99800B8BFE1332556E1E2] - 10/04/2013 - 19:00:00 ---A- . (.Microsoft Corporation - Registers custom PKEYs for IE.) -- C:\Windows\System32\RegisterIEPKEYs.exe   [89600]
O44 - LFC:[MD5.85F1FE2D5EDBFD26066F5ABB9504A69C] - 10/04/2013 - 19:00:00 ---A- . (.Microsoft Corporation - Run time utility for Internet Explorer.) -- C:\Windows\SysNative\iertutil.dll   [2647040]
O44 - LFC:[MD5.85F1FE2D5EDBFD26066F5ABB9504A69C] - 10/04/2013 - 19:00:00 ---A- . (.Microsoft Corporation - Run time utility for Internet Explorer.) -- C:\Windows\System32\iertutil.dll   [2647040]
O44 - LFC:[MD5.29812E9971077BE3F8B9DC225CF9D454] - 10/04/2013 - 18:59:58 ---A- . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\SysNative\urlmon.dll   [1365504]
O44 - LFC:[MD5.29812E9971077BE3F8B9DC225CF9D454] - 10/04/2013 - 18:59:58 ---A- . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll   [1365504]
O44 - LFC:[MD5.8C1EFE99D4C9462EF2E10E7140B44D4A] - 10/04/2013 - 18:59:58 ---A- . (.Microsoft Corporation - Microsoft (R) JScript.) -- C:\Windows\SysNative\jscript.dll   [855552]
O44 - LFC:[MD5.8C1EFE99D4C9462EF2E10E7140B44D4A] - 10/04/2013 - 18:59:58 ---A- . (.Microsoft Corporation - Microsoft (R) JScript.) -- C:\Windows\System32\jscript.dll   [855552]
O44 - LFC:[MD5.DE3C3B1B4FA5FBF1F17BCD3B3AE1ED15] - 10/04/2013 - 18:59:57 ---A- . (.Microsoft Corporation - Microsoft (R) JScript.) -- C:\Windows\SysNative\jscript9.dll   [3958784]
O44 - LFC:[MD5.DE3C3B1B4FA5FBF1F17BCD3B3AE1ED15] - 10/04/2013 - 18:59:57 ---A- . (.Microsoft Corporation - Microsoft (R) JScript.) -- C:\Windows\System32\jscript9.dll   [3958784]
O44 - LFC:[MD5.194125E7839D4902F2490A70049E8F78] - 10/04/2013 - 18:59:56 ---A- . (.Microsoft Corporation - JScript Proxy Auto-Configuration.) -- C:\Windows\SysNative\jsproxy.dll   [53248]
O44 - LFC:[MD5.194125E7839D4902F2490A70049E8F78] - 10/04/2013 - 18:59:56 ---A- . (.Microsoft Corporation - JScript Proxy Auto-Configuration.) -- C:\Windows\System32\jsproxy.dll   [53248]
O44 - LFC:[MD5.753C0848AE7872A3F59663078A517293] - 10/04/2013 - 18:59:55 ---A- . (.Microsoft Corporation - Extensions Internet pour Win32.) -- C:\Windows\SysNative\wininet.dll   [2240512]
O44 - LFC:[MD5.753C0848AE7872A3F59663078A517293] - 10/04/2013 - 18:59:55 ---A- . (.Microsoft Corporation - Extensions Internet pour Win32.) -- C:\Windows\System32\wininet.dll   [2240512]
O44 - LFC:[MD5.D744D5B8145C2303B19A288AF695E9AD] - 10/04/2013 - 18:59:54 ---A- . (.Microsoft Corporation - Navigateur Internet.) -- C:\Windows\SysNative\ieframe.dll   [15404544]
O44 - LFC:[MD5.D744D5B8145C2303B19A288AF695E9AD] - 10/04/2013 - 18:59:54 ---A- . (.Microsoft Corporation - Navigateur Internet.) -- C:\Windows\System32\ieframe.dll   [15404544]
O44 - LFC:[MD5.394ECD933CD66BADF97EA85A183B9E1E] - 10/04/2013 - 18:59:51 ---A- . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\SysNative\mshtml.dll   [19230208]
O44 - LFC:[MD5.394ECD933CD66BADF97EA85A183B9E1E] - 10/04/2013 - 18:59:51 ---A- . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll   [19230208]
O44 - LFC:[MD5.F4C640E85DB6450CB221E5224AA2AB51] - 10/04/2013 - 13:29:45 ---A- . (.Microsoft Corporation - Client ActiveX des services Bureau à distan.) -- C:\Windows\SysNative\mstscax.dll   [3717632]
O44 - LFC:[MD5.F4C640E85DB6450CB221E5224AA2AB51] - 10/04/2013 - 13:29:45 ---A- . (.Microsoft Corporation - Client ActiveX des services Bureau à distan.) -- C:\Windows\System32\mstscax.dll   [3717632]
O44 - LFC:[MD5.9F5C2F0CFEF95B4653E21443CDC0D587] - 10/04/2013 - 13:29:44 ---A- . (.Microsoft Corporation - Client avec accès à distance.) -- C:\Windows\SysNative\aaclient.dll   [158720]
O44 - LFC:[MD5.9F5C2F0CFEF95B4653E21443CDC0D587] - 10/04/2013 - 13:29:44 ---A- . (.Microsoft Corporation - Client avec accès à distance.) -- C:\Windows\System32\aaclient.dll   [158720]
O44 - LFC:[MD5.CE4157E4B1E5041D252EF38EB61E9F0C] - 10/04/2013 - 13:29:44 ---A- . (.Microsoft Corporation - Client de contrainte de quarantaine de la p.) -- C:\Windows\SysNative\tsgqec.dll   [44032]
O44 - LFC:[MD5.CE4157E4B1E5041D252EF38EB61E9F0C] - 10/04/2013 - 13:29:44 ---A- . (.Microsoft Corporation - Client de contrainte de quarantaine de la p.) -- C:\Windows\System32\tsgqec.dll   [44032]
O44 - LFC:[MD5.86F96630D28523F1C402C783F046DEF1] - 10/04/2013 - 13:29:22 ---A- . (.Microsoft Corporation - Pilote Win32 multi-utilisateurs.) -- C:\Windows\SysNative\win32k.sys   [3153408]
O44 - LFC:[MD5.86F96630D28523F1C402C783F046DEF1] - 10/04/2013 - 13:29:22 RSHAD . (.Microsoft Corporation - Pilote Win32 multi-utilisateurs.) -- C:\Windows\System32\win32k.sys   [3153408]
O44 - LFC:[MD5.B8965FB53551B5455630A4B804D0791F] - 10/04/2013 - 13:29:20 RSHAD . (.Microsoft Corporation - Pilote du système de fichiers NT.) -- C:\Windows\System32\Drivers\ntfs.sys   [1655656]
O44 - LFC:[MD5.8F6322049018354F45F05A2FD2D4E5E0] - 10/04/2013 - 13:29:18 RSHAD . (.Microsoft Corporation - BitLocker Drive Encryption Driver.) -- C:\Windows\System32\Drivers\fvevol.sys   [223752]
O44 - LFC:[MD5.AC3232ED772403D38D64C18CD5A66FBD] - 10/04/2013 - 13:29:12 ---A- . (.Microsoft Corporation - NT Kernel & System.) -- C:\Windows\SysNative\ntoskrnl.exe   [5550424]
O44 - LFC:[MD5.AC3232ED772403D38D64C18CD5A66FBD] - 10/04/2013 - 13:29:12 ---A- . (.Microsoft Corporation - NT Kernel & System.) -- C:\Windows\System32\ntoskrnl.exe   [5550424]
O44 - LFC:[MD5.F0371DE302FFFF8F086661611BE60848] - 10/04/2013 - 13:29:11 ---A- . (.Microsoft Corporation - Gestionnaire de sessions Windows.) -- C:\Windows\SysNative\smss.exe   [112640]
O44 - LFC:[MD5.CEC1EDF4022DC4DCA40384DCEC672B0E] - 10/04/2013 - 13:29:11 ---A- . (.Microsoft Corporation - Processus d'exécution client-serveur.) -- C:\Windows\SysNative\csrsrv.dll   [43520]
O44 - LFC:[MD5.F0371DE302FFFF8F086661611BE60848] - 10/04/2013 - 13:29:11 RSHAD . (.Microsoft Corporation - Gestionnaire de sessions Windows.) -- C:\Windows\System32\smss.exe   [112640]
O44 - LFC:[MD5.CEC1EDF4022DC4DCA40384DCEC672B0E] - 10/04/2013 - 13:29:11 RSHAD . (.Microsoft Corporation - Processus d'exécution client-serveur.) -- C:\Windows\System32\csrsrv.dll   [43520]
~ Files: 69 Scanned in 03mn 40s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.E809F029536EDDF91111745B00FAC192] - 11/04/2013 - 08:18:26 ---A- - C:\Windows\Prefetch\AgCx_SC4.db
O45 - LFCP:[MD5.D65BCB9F6C0A0583757F5D0A68425A00] - 11/04/2013 - 18:30:40 ---A- - C:\Windows\Prefetch\ACRORD32INFO.EXE-2847E455.pf
O45 - LFCP:[MD5.1EE6E60D220E35DF6FB29E76B051508C] - 12/04/2013 - 11:44:00 ---A- - C:\Windows\Prefetch\AITAGENT.EXE-DA3E7689.pf
O45 - LFCP:[MD5.06BD10F3C811A0C034C657FB813F8E38] - 12/04/2013 - 14:43:21 ---A- - C:\Windows\Prefetch\READER_SL.EXE-38C1D083.pf
O45 - LFCP:[MD5.9082C1D4AEF4D63CB9D0B7A1C3E90F6D] - 12/04/2013 - 14:49:53 ---A- - C:\Windows\Prefetch\SNDVOL.EXE-5D4CC7D6.pf
O45 - LFCP:[MD5.D34FCDCC9A3E10997B73F97C0D7680EC] - 12/04/2013 - 16:25:29 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-ECB71776.pf
O45 - LFCP:[MD5.22B5292142B81B0D14B754E785397A2C] - 12/04/2013 - 16:25:30 ---A- - C:\Windows\Prefetch\ACRORD32.EXE-D066635E.pf
O45 - LFCP:[MD5.2B3FF0F14C6272263BCF745F4BF1E99B] - 12/04/2013 - 16:30:27 ---A- - C:\Windows\Prefetch\MSI6307.TMP-AE899E6C.pf
O45 - LFCP:[MD5.F97799468C6AFEA5063BA9FCF296748E] - 12/04/2013 - 16:34:30 ---A- - C:\Windows\Prefetch\OSE.EXE-2B23CA4C.pf
O45 - LFCP:[MD5.48B46984A1916C5907FE6DCBA0593DAE] - 12/04/2013 - 16:37:45 ---A- - C:\Windows\Prefetch\CONSENT.EXE-531BD9EA.pf
O45 - LFCP:[MD5.03902A448AD905EFDB2D5FEC5365AA48] - 12/04/2013 - 16:37:45 ---A- - C:\Windows\Prefetch\INSTALL_READER10_FR_GTBD_CHRD-E56B5477.pf
O45 - LFCP:[MD5.955DB62849EBEA6148BF4D52A53D8911] - 12/04/2013 - 16:37:54 ---A- - C:\Windows\Prefetch\GDRCHECK.EXE-8E7C8BDA.pf
O45 - LFCP:[MD5.5617DBBFA456E84006136DA0CF5B1A5C] - 12/04/2013 - 16:37:54 ---A- - C:\Windows\Prefetch\GTBCHECK.EXE-D528FB5A.pf
O45 - LFCP:[MD5.0FEBCE34BCE80029071D602AD9062CF4] - 12/04/2013 - 16:37:55 ---A- - C:\Windows\Prefetch\GCCHECK.EXE-90121D43.pf
O45 - LFCP:[MD5.ABF38EC376D241A9C174A8594D1F531C] - 12/04/2013 - 16:37:55 ---A- - C:\Windows\Prefetch\INSTALL_READER10_FR_GTBD_CHRD-7A21A928.pf
O45 - LFCP:[MD5.FF03E93C4E72F844DEB527445FE85A9A] - 12/04/2013 - 16:43:57 ---A- - C:\Windows\Prefetch\ADBERDR1014_FR_FR.EXE-FCEBB133.pf
O45 - LFCP:[MD5.A7067A9B0C29177D17B507725F69F3F6] - 12/04/2013 - 16:44:12 ---A- - C:\Windows\Prefetch\MSIEXEC.EXE-A2D55CB6.pf
O45 - LFCP:[MD5.6D8DA79FCEFD8850AE83D4D388A7B4D6] - 12/04/2013 - 16:44:16 ---A- - C:\Windows\Prefetch\SETUP.EXE-F36EE0A2.pf
O45 - LFCP:[MD5.A8D581299C1C7CF7126DBA404F59D57D] - 12/04/2013 - 16:44:59 ---A- - C:\Windows\Prefetch\MSIEXEC.EXE-E09A077A.pf
O45 - LFCP:[MD5.2DF8CBEB7E42CDB5940472D23A81B255] - 12/04/2013 - 16:45:25 ---A- - C:\Windows\Prefetch\SEARCHINDEXER.EXE-4A6353B9.pf
O45 - LFCP:[MD5.FE856B30CBB3E6A4200384BA3D9017C1] - 12/04/2013 - 16:48:21 ---A- - C:\Windows\Prefetch\EULA.EXE-8E746284.pf
O45 - LFCP:[MD5.470BF153C8376D03FB85F2BBADBA88EE] - 12/04/2013 - 16:49:09 ---A- - C:\Windows\Prefetch\TASKMGR.EXE-5F5F473D.pf
O45 - LFCP:[MD5.88CC900A031E6638A6B30CF19A33B510] - 12/04/2013 - 16:49:27 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-1D66C9C3.pf
O45 - LFCP:[MD5.94207040AAE7BD8B844624D6ADD42FE8] - 12/04/2013 - 17:01:21 ---A- - C:\Windows\Prefetch\PREVHOST.EXE-C6FFC5B4.pf
O45 - LFCP:[MD5.6F524D9FF79503FD1EBA18901B47FB0A] - 12/04/2013 - 17:47:45 ---A- - C:\Windows\Prefetch\MSFEEDSSYNC.EXE-6E6FBDF4.pf
O45 - LFCP:[MD5.689C9D3DBF228029AAAA7C5C7AFDE7F5] - 12/04/2013 - 17:54:33 ---A- - C:\Windows\Prefetch\WUDFHOST.EXE-AFFEF87C.pf
O45 - LFCP:[MD5.C9C49DD7E9B55A0874C6B0F821A430C4] - 12/04/2013 - 18:03:42 ---A- - C:\Windows\Prefetch\WERFAULT.EXE-37549B7E.pf
O45 - LFCP:[MD5.2A465A84F3196F60633F2F0473B25F30] - 12/04/2013 - 18:10:41 ---A- - C:\Windows\Prefetch\EXCEL.EXE-4705337D.pf
O45 - LFCP:[MD5.ABC298EE1974DB31FA63DF4C63D13519] - 15/04/2013 - 08:03:00 ---A- - C:\Windows\Prefetch\JUSCHED.EXE-60F1FB86.pf
O45 - LFCP:[MD5.E0B026D4629B1709F77099605C4BBCE5] - 15/04/2013 - 08:06:59 ---A- - C:\Windows\Prefetch\OSPPSVC.EXE-E53D3CC0.pf
O45 - LFCP:[MD5.F5B3A9A3BDD6A1A133C2D8E674B9F84B] - 15/04/2013 - 08:14:53 ---A- - C:\Windows\Prefetch\UPDATE~1.EXE-AFC3546E.pf
O45 - LFCP:[MD5.727E8EBA4253BAD44A7AF03F224619A9] - 15/04/2013 - 08:15:19 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-02CC9EFF.pf
O45 - LFCP:[MD5.6DF182E0A34252FE94F244384C41E470] - 15/04/2013 - 08:26:44 ---A- - C:\Windows\Prefetch\OUTLOOK.EXE-6205F241.pf
O45 - LFCP:[MD5.54BD6941B6430DCE85BCDCACA6B92307] - 15/04/2013 - 08:45:19 ---A- - C:\Windows\Prefetch\WSQMCONS.EXE-118B52B7.pf
O45 - LFCP:[MD5.3DA5A7B60667611F89703E901A6C3C99] - 15/04/2013 - 08:56:54 ---A- - C:\Windows\Prefetch\FLTLDR.EXE-8009809B.pf
O45 - LFCP:[MD5.8CF2A413FAD6FAEB9DEFC43F60C5FFC7] - 15/04/2013 - 09:44:13 ---A- - C:\Windows\Prefetch\PRINTISOLATIONHOST.EXE-E0CD10A9.pf
O45 - LFCP:[MD5.48841D5E1955D86971F9271B6D1A9B83] - 15/04/2013 - 10:16:12 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-3644570E.pf
O45 - LFCP:[MD5.2BA00EF27952CE298FF4780FF5F09399] - 15/04/2013 - 10:16:13 ---A- - C:\Windows\Prefetch\IELOWUTIL.EXE-903B8AC1.pf
O45 - LFCP:[MD5.F08F6EEFE51BEAD9870D879A85165443] - 15/04/2013 - 10:17:17 ---A- - C:\Windows\Prefetch\FLASHUTIL64_11_6_602_180_ACTI-95276914.pf
O45 - LFCP:[MD5.3A6A7C9740C90D24B0681A8679388DC4] - 15/04/2013 - 10:47:07 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-76936ED5.pf
O45 - LFCP:[MD5.4BF84E223EC6137AA2D59C0C4BDB87C8] - 15/04/2013 - 11:19:04 ---A- - C:\Windows\Prefetch\PDFATTACHHELPER.EXE-C036A80D.pf
O45 - LFCP:[MD5.4B109A4CFF1098723F559759B9E355FB] - 15/04/2013 - 12:31:30 ---A- - C:\Windows\Prefetch\Layout.ini
O45 - LFCP:[MD5.3E556B5152302268D827E2B3AD0AEBA2] - 15/04/2013 - 12:31:40 ---A- - C:\Windows\Prefetch\DEFRAG.EXE-588F90AD.pf
O45 - LFCP:[MD5.3F86B528AA24E2946C53F40A55F67E19] - 15/04/2013 - 12:31:40 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-7AC6742A.pf
O45 - LFCP:[MD5.F6DA7916199239B00224AAE3E060ABFF] - 15/04/2013 - 12:34:32 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-411A328D.pf
O45 - LFCP:[MD5.F88095996BA7D7E0DD3F56D626ED0B0A] - 15/04/2013 - 12:41:26 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-50F8B8EA.pf
O45 - LFCP:[MD5.29A3FEEF9B873822733483254322932D] - 15/04/2013 - 12:41:27 ---A- - C:\Windows\Prefetch\SDIAGNHOST.EXE-8D72177C.pf
O45 - LFCP:[MD5.72B4D7E3DD868FB6476AC963D3690F30] - 15/04/2013 - 12:41:34 ---A- - C:\Windows\Prefetch\CSC.EXE-BE9AC2DF.pf
O45 - LFCP:[MD5.9E73AD07637E3948F9F38B2E0049FD5D] - 15/04/2013 - 12:41:34 ---A- - C:\Windows\Prefetch\CVTRES.EXE-2B9D810D.pf
O45 - LFCP:[MD5.A33819396DF746D3707A2FB10B2C3382] - 15/04/2013 - 12:41:43 ---A- - C:\Windows\Prefetch\PING.EXE-7E94E73E.pf
O45 - LFCP:[MD5.C70996F91748FC747EF7DAEBF9BDB160] - 15/04/2013 - 12:41:43 ---A- - C:\Windows\Prefetch\W32TM.EXE-1101AF41.pf
O45 - LFCP:[MD5.1448E93472DB2CB2FF0BB5CCE3CCF3D5] - 15/04/2013 - 12:41:55 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-7CFEDEA3.pf
O45 - LFCP:[MD5.5680897189530FDC44CE6F0D5A8CFFBC] - 15/04/2013 - 12:41:55 ---A- - C:\Windows\Prefetch\VSSVC.EXE-B8AFC319.pf
O45 - LFCP:[MD5.BF432773A13C6901D5E8CB2D549F6EB7] - 15/04/2013 - 14:42:32 ---A- - C:\Windows\Prefetch\UPDATER.EXE-DFD1B550.pf
O45 - LFCP:[MD5.8E7A88EC1D9E012D792B4FD7F3227E31] - 15/04/2013 - 14:50:46 ---A- - C:\Windows\Prefetch\SPLWOW64.EXE-297C4568.pf
O45 - LFCP:[MD5.8A6A2FB77B5E7AE9473B77DC01AC3FB7] - 15/04/2013 - 14:59:44 ---A- - C:\Windows\Prefetch\EXCEL.EXE-73A10B20.pf
O45 - LFCP:[MD5.3DED9FD34061DF0308FFC9AC73C160C7] - 15/04/2013 - 15:23:55 ---A- - C:\Windows\Prefetch\WINWORD.EXE-2F703F65.pf
O45 - LFCP:[MD5.3D9AC4A36CBAE487AB5FAB3D524885ED] - 15/04/2013 - 16:06:45 ---A- - C:\Windows\Prefetch\WERFAULT.EXE-E69F695A.pf
O45 - LFCP:[MD5.C4736078DCB1068173C7C9E25B1B4931] - 15/04/2013 - 16:07:05 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-993BCEEC.pf
O45 - LFCP:[MD5.9399E175C4A10F79EEC9309171363C47] - 15/04/2013 - 16:07:05 ---A- - C:\Windows\Prefetch\WERMGR.EXE-0F2AC88C.pf
O45 - LFCP:[MD5.098DD8698B99C1AF190A41A7CD6EC6E2] - 15/04/2013 - 16:25:05 ---A- - C:\Windows\Prefetch\AGCP.EXE-A4E0630D.pf
O45 - LFCP:[MD5.DC5CDAB493E34A93AE349B099725C37E] - 15/04/2013 - 16:25:05 ---A- - C:\Windows\Prefetch\PLUGIN-CONTAINER.EXE-F1B02F03.pf
O45 - LFCP:[MD5.779DB3C140FDA75EC1D8759760EBEA4B] - 15/04/2013 - 16:26:40 ---A- - C:\Windows\Prefetch\FLASHPLAYERPLUGIN_11_7_700_16-C2170A70.pf
O45 - LFCP:[MD5.873E334BA5EFEDEF7B3E0E8BB6C67486] - 15/04/2013 - 16:31:26 ---A- - C:\Windows\Prefetch\POWERPNT.EXE-667F77CE.pf
O45 - LFCP:[MD5.D579B482526062A295E34C40634B04EA] - 15/04/2013 - 16:44:42 ---A- - C:\Windows\Prefetch\FIREFOX.EXE-18ACFCFF.pf
O45 - LFCP:[MD5.BD6FDE49E310940799E912E6966F1837] - 15/04/2013 - 16:44:48 ---A- - C:\Windows\Prefetch\MAINTENANCESERVICE.EXE-FA0B1B99.pf
O45 - LFCP:[MD5.DBBF8478DCD9C5C9D2D7D5AC61832B52] - 15/04/2013 - 16:44:48 ---A- - C:\Windows\Prefetch\UPDATER.EXE-4543B655.pf
O45 - LFCP:[MD5.779405E2A92E26AA8D0EBC9664D7C6F5] - 15/04/2013 - 16:44:51 ---A- - C:\Windows\Prefetch\MAINTENANCESERVICE_INSTALLER.-3957C9E5.pf
O45 - LFCP:[MD5.D290E41E370EC01B86956CC201156D90] - 15/04/2013 - 16:44:51 ---A- - C:\Windows\Prefetch\MAINTENANCESERVICE_TMP.EXE-4EB69639.pf
O45 - LFCP:[MD5.B3308BD2516E965BD0847C95B1A1C3E2] - 15/04/2013 - 16:44:52 ---A- - C:\Windows\Prefetch\HELPER.EXE-0A7740EE.pf
O45 - LFCP:[MD5.9864E4382DC288973125915668F823D8] - 15/04/2013 - 16:45:23 ---A- - C:\Windows\Prefetch\PREVHOST.EXE-4F1C4E0F.pf
O45 - LFCP:[MD5.1B22820C9C9239572420AB734BA6982A] - 15/04/2013 - 18:00:00 ---A- - C:\Windows\Prefetch\FLASHPLAYERUPDATESERVICE.EXE-216D9C35.pf
O45 - LFCP:[MD5.23AEC5E2E6247C94983AF6E73B246624] - 15/04/2013 - 18:00:10 ---A- - C:\Windows\Prefetch\TASKENG.EXE-48D4E289.pf
O45 - LFCP:[MD5.A92452603B0A903333D176C4D40C908A] - 15/04/2013 - 18:01:57 ---A- - C:\Windows\Prefetch\COH64.EXE-1344EB5A.pf
O45 - LFCP:[MD5.DD452743956CA99BDAB1979FF7540D36] - 15/04/2013 - 18:14:47 ---A- - C:\Windows\Prefetch\XDELTA3.EXE-3EA4ABAC.pf
O45 - LFCP:[MD5.9CD72E4E91B0C7A099468A613864F5BA] - 15/04/2013 - 18:15:20 ---A- - C:\Windows\Prefetch\SYMDELTA.EXE-D3D2DF14.pf
O45 - LFCP:[MD5.9CA42CA668D12058E2B63FCEAF5B30AE] - 15/04/2013 - 18:39:33 ---A- - C:\Windows\Prefetch\PREVHOST.EXE-9FD18033.pf
O45 - LFCP:[MD5.267926117BCFA4D5478E13B238C076AB] - 15/04/2013 - 18:39:38 ---A- - C:\Windows\Prefetch\ACRORD32.EXE-97743AA9.pf
O45 - LFCP:[MD5.12B7BB2A95C74DC329D87BB018A8E8DA] - 15/04/2013 - 18:43:08 ---A- - C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-2195496237-476440402-2604502530-1121.db
O45 - LFCP:[MD5.9B1A605793B53DC70FCB3B78539F8A43] - 15/04/2013 - 18:43:08 ---A- - C:\Windows\Prefetch\AgGlUAD_S-1-5-21-2195496237-476440402-2604502530-1121.db
O45 - LFCP:[MD5.9B1CFDA59A3D0202FE35CABCADCF1074] - 15/04/2013 - 18:48:12 ---A- - C:\Windows\Prefetch\AgGlFaultHistory.db
O45 - LFCP:[MD5.43BB1E17948AD6881EBA06C2957E344B] - 15/04/2013 - 18:48:12 ---A- - C:\Windows\Prefetch\AgGlGlobalHistory.db
O45 - LFCP:[MD5.7EB5153F097AF31522156F304418E5C3] - 15/04/2013 - 18:48:12 ---A- - C:\Windows\Prefetch\AgRobust.db
O45 - LFCP:[MD5.DB26474E5C769751AA4AEDE539888A20] - 15/04/2013 - 18:48:13 ---A- - C:\Windows\Prefetch\AgGlFgAppHistory.db
O45 - LFCP:[MD5.A588E6EA266FECD9948096E910D50885] - 15/04/2013 - 18:50:20 ---A- - C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-42E1CDC2.pf
O45 - LFCP:[MD5.37A05975B3D29E14368A4613D022999C] - 15/04/2013 - 18:51:14 ---A- - C:\Windows\Prefetch\AUDIODG.EXE-BDFD3029.pf
O45 - LFCP:[MD5.C2A37FD62BDAF2DE7CD196CD256BDBAD] - 15/04/2013 - 18:55:36 ---A- - C:\Windows\Prefetch\PfSvPerfStats.bin
O45 - LFCP:[MD5.538C11AF4416C87938D6DDF883128328] - 17/04/2013 - 13:24:39 ---A- - C:\Windows\Prefetch\ATIESRXX.EXE-B8FDA008.pf
O45 - LFCP:[MD5.19929B0F8F1910FD7D39FB9502324F4D] - 17/04/2013 - 13:24:39 ---A- - C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf
O45 - LFCP:[MD5.25C800B951A9A0194837CD2F2C9FB192] - 17/04/2013 - 13:24:39 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-5901D5E8.pf
O45 - LFCP:[MD5.925E74ABBC0C38A232C19F5E94E212F2] - 17/04/2013 - 13:24:39 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-CF79EE4C.pf
O45 - LFCP:[MD5.AC77D40875A51AC76D82894C12919269] - 17/04/2013 - 13:24:39 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-E1E0ACE0.pf
O45 - LFCP:[MD5.3EFC0A1D25A786F90425EE987A8FA9C6] - 17/04/2013 - 13:24:39 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-E2D039A7.pf
O45 - LFCP:[MD5.80E89B9CC2A1D5657837589724915BBB] - 17/04/2013 - 13:24:47 ---A- - C:\Windows\Prefetch\SMCGUI.EXE-D31A2BDD.pf
O45 - LFCP:[MD5.BB4BEC959F46B57653A4ADFD6B094958] - 17/04/2013 - 13:24:50 ---A- - C:\Windows\Prefetch\MSIEXEC.EXE-78727A3D.pf
O45 - LFCP:[MD5.07E47E93754F9CA5F6044977085035D9] - 17/04/2013 - 13:24:56 ---A- - C:\Windows\Prefetch\MSCORSVW.EXE-C3C515BD.pf
O45 - LFCP:[MD5.9CB9687D810083E6A290BBDA0ACDA0C8] - 17/04/2013 - 13:24:56 ---A- - C:\Windows\Prefetch\PROTECTIONUTILSURROGATE.EXE-59C967CA.pf
O45 - LFCP:[MD5.C62C2E625ADE068A7A6DE8AE7FFC82AD] - 17/04/2013 - 13:25:02 ---A- - C:\Windows\Prefetch\MSCORSVW.EXE-57D17DAF.pf
O45 - LFCP:[MD5.E61956D3432D9650D8386D1100BAB12F] - 17/04/2013 - 13:25:03 ---A- - C:\Windows\Prefetch\SMSS.EXE-E9C28FC6.pf
O45 - LFCP:[MD5.9D027B38359BE08EF9A2492A8A4F6307] - 17/04/2013 - 13:25:09 ---A- - C:\Windows\Prefetch\NVVSVC.EXE-0B2AA3F6.pf
O45 - LFCP:[MD5.80D088EB025906994616E8BCDDF0A892] - 17/04/2013 - 13:25:13 ---A- - C:\Windows\Prefetch\CSRSS.EXE-3FE41F7E.pf
O45 - LFCP:[MD5.B2F1CF0D559A48E5E08B7C5777AC6093] - 17/04/2013 - 13:25:17 ---A- - C:\Windows\Prefetch\WINLOGON.EXE-B020DC41.pf
O45 - LFCP:[MD5.C1D2E1FD5F41354DDCC37D16AA2A4C9D] - 17/04/2013 - 13:25:18 ---A- - C:\Windows\Prefetch\ATIECLXX.EXE-48B31DFA.pf
O45 - LFCP:[MD5.9617F7A2CC934551A7668880ACC75392] - 17/04/2013 - 13:25:18 ---A- - C:\Windows\Prefetch\LOGONUI.EXE-09140401.pf
O45 - LFCP:[MD5.823227AF1287E00DA10F6130E6B6CE04] - 17/04/2013 - 13:25:19 ---A- - C:\Windows\Prefetch\WINVNC.EXE-62F73B0A.pf
O45 - LFCP:[MD5.1D8FB8BCE1F3F65AAC8AF249C506477D] - 17/04/2013 - 13:25:20 ---A- - C:\Windows\Prefetch\SPPSVC.EXE-B0F8131B.pf
O45 - LFCP:[MD5.14DD8FA53BBBFA131C07300E387AD272] - 17/04/2013 - 13:25:25 ---A- - C:\Windows\Prefetch\WINMAIL.EXE-F551299C.pf
O45 - LFCP:[MD5.DDF8E5BE5162295BBA33E98B58836D91] - 17/04/2013 - 13:25:26 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-766398D2.pf
O45 - LFCP:[MD5.E3C2B5B53501E7FF8FE30F416DD56048] - 17/04/2013 - 13:25:31 ---A- - C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf
O45 - LFCP:[MD5.7D815FEE6642B0D95B7EC764B3A6C4D4] - 17/04/2013 - 13:25:31 ---A- - C:\Windows\Prefetch\TASKHOST.EXE-7238F31D.pf
O45 - LFCP:[MD5.7D7D5CBD96B8C421419A31E10FA30645] - 17/04/2013 - 13:25:33 ---A- - C:\Windows\Prefetch\CMD.EXE-4A81B364.pf
O45 - LFCP:[MD5.0793FF93214C6A968983473F5B82CB86] - 17/04/2013 - 13:25:34 ---A- - C:\Windows\Prefetch\UNREGMP2.EXE-2294B148.pf
O45 - LFCP:[MD5.538A191C0DE92571334DA5F4FC113EF3] - 17/04/2013 - 13:25:35 ---A- - C:\Windows\Prefetch\REGSVR32.EXE-8461DBEE.pf
O45 - LFCP:[MD5.BE7E381F050EE621ED7770B2FEF6AF70] - 17/04/2013 - 13:25:36 ---A- - C:\Windows\Prefetch\LVPRCSRV.EXE-A94CF8D0.pf
O45 - LFCP:[MD5.535C2DDF2F3A051C4323EC2BAFB0B762] - 17/04/2013 - 13:25:37 ---A- - C:\Windows\Prefetch\ADOBEARM.EXE-7105D3A2.pf
O45 - LFCP:[MD5.629B830CDB79B6B6FFCF59655740A264] - 17/04/2013 - 13:25:47 ---A- - C:\Windows\Prefetch\READER_SL.EXE-B1C62096.pf
O45 - LFCP:[MD5.E9FF19A995EE1E7F1876EF90A979F631] - 17/04/2013 - 13:26:09 ---A- - C:\Windows\Prefetch\IEXPLORE.EXE-908C99F8.pf
O45 - LFCP:[MD5.DE07C8AFAB22DF023E266112DC8CF68A] - 17/04/2013 - 13:26:42 ---A- - C:\Windows\Prefetch\CCC.EXE-B637C9BF.pf
O45 - LFCP:[MD5.4BEFE8F530F02C02F56435BE8542C474] - 17/04/2013 - 13:26:59 ---A- - C:\Windows\Prefetch\WMIADAP.EXE-F8DFDFA2.pf
O45 - LFCP:[MD5.E4117CD3BE9ADD6237E1A78808BEE35F] - 17/04/2013 - 13:27:07 ---A- - C:\Windows\Prefetch\IEXPLORE.EXE-4B6C9213.pf
O45 - LFCP:[MD5.A6ACA3E024D6297488AFBA2988EECD1D] - 17/04/2013 - 13:27:15 ---A- - C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-3CC531E5.pf
O45 - LFCP:[MD5.396C1F8D2A5404735E48292E485D08DE] - 17/04/2013 - 13:27:35 ---A- - C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf
O45 - LFCP:[MD5.69E16A550AB686EC18BCADEC634DB957] - 17/04/2013 - 13:27:45 ---A- - C:\Windows\Prefetch\LOGITECHUPDATE.EXE-305ABC69.pf
O45 - LFCP:[MD5.F47CA960D911C412A56114C3A1182859] - 17/04/2013 - 13:27:45 ---A- - C:\Windows\Prefetch\LULNCHR.EXE-5021BE3F.pf
O45 - LFCP:[MD5.74A00277A7D45F94FBB2E74C36671CE3] - 17/04/2013 - 13:28:01 ---A- - C:\Windows\Prefetch\WMIPRVSE.EXE-1628051C.pf
O45 - LFCP:[MD5.4D2CF2BEE846F2C7CA02309ECECDFFE6] - 17/04/2013 - 13:29:11 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-5E46FA0D.pf
O45 - LFCP:[MD5.FA368C9C72939EA1323D57947C7B8DB2] - 17/04/2013 - 13:31:31 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-A8DE6D5B.pf
O45 - LFCP:[MD5.CCDFE2AE700E99370AD9EFF407A1D021] - 17/04/2013 - 13:31:49 ---A- - C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf
O45 - LFCP:[MD5.5C4641CED76631402E3B9ACA66DEABA9] - 17/04/2013 - 13:32:00 ---A- - C:\Windows\Prefetch\WMIPRVSE.EXE-6768A320.pf
O45 - LFCP:[MD5.735004BF626FB714598520B9D74789DC] - 17/04/2013 - 13:32:23 ---A- - C:\Windows\Prefetch\CMD.EXE-AC113AA8.pf
O45 - LFCP:[MD5.0697DFFE0B3D94DE9F70B90AAF2CA154] - 17/04/2013 - 13:32:58 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-80F4A784.pf
O45 - LFCP:[MD5.E334B1B7E66933DAF25263D02AE426C0] - 17/04/2013 - 13:32:59 ---A- - C:\Windows\Prefetch\LUALL.EXE-8242ADA2.pf
O45 - LFCP:[MD5.62584362D7D219D3817FF79BA2FC4E1D] - 17/04/2013 - 13:33:01 ---A- - C:\Windows\Prefetch\LUCALLBACKPROXY.EXE-63631358.pf
O45 - LFCP:[MD5.17BCBE830BF0C5CF7A4AFD210B563F6C] - 17/04/2013 - 13:33:18 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-04E8593A.pf
O45 - LFCP:[MD5.727EA380A16F035FB4C2EC358414EC17] - 17/04/2013 - 13:33:47 ---A- - C:\Windows\Prefetch\DWHWIZRD.EXE-BF815084.pf
O45 - LFCP:[MD5.569E0F95C698A6AD54A87E3224FECA16] - 17/04/2013 - 13:35:04 ---A- - C:\Windows\Prefetch\SESCLU.EXE-D51D91C8.pf
O45 - LFCP:[MD5.05532CF0F7F97C08724012ABA5BF7375] - 17/04/2013 - 13:35:07 ---A- - C:\Windows\Prefetch\LUCOMS~1.EXE-E33507A4.pf
O45 - LFCP:[MD5.DB64CD66C87C013A1F21648729138588] - 17/04/2013 - 13:35:19 ---A- - C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-77482212.pf
~ Prefetcher: 138 Scanned in 00mn 08s



---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
~ ShellExecuteHooks:  Scanned in 00mn 00s



---\\ Déni du service (Local Security Authority) (O48)
O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Moteur du client de l’Éditeur de configuration de sécurité Windows.) -- C:\Windows\System32\scecli.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Package de sécurité Kerberos.) -- C:\Windows\System32\kerberos.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\Windows\System32\schannel.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\Windows\System32\wdigest.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Web Service Security Package.) -- C:\Windows\System32\tspkg.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pku2u Security Package.) -- C:\Windows\System32\pku2u.dll
~ LSA: 8 Scanned in 00mn 00s



---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\System32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Pilote d’extension du gestionnaire de volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\Drivers\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\System32\Drivers\nsiproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Encoder Miniport.) -- C:\Windows\System32\Drivers\rdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\System32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Pilote d’extension du gestionnaire de volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys
~ CSB: 13 Scanned in 00mn 00s



---\\ Trojan Driver Search Data (HKLM) (O52)
O52 - TDSD: \Drivers32\"vidc.i420"="lvcod64.dll" . (.Logitech Inc. - Video Codec.) -- C:\Windows\System32\lvcod64.dll
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
~ TDSD: 3 Scanned in 00mn 01s



---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\Adobe ARM  [Key] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O53 - SMSR:HKLM\...\startupreg\Adobe Reader Speed Launcher  [Key] . (...) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (.not file.)
~ SMSR Keys: 2 Scanned in 00mn 00s



---\\ Microsoft Control Security Providers (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll
~ MSCP: 2 Scanned in 00mn 00s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=5
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3
O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1
O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=0
O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Scanned in 00mn 00s



---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=145
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "ForceActiveDesktopOn"=0
~ MWPE Keys: 4 Scanned in 00mn 00s



---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys   [491088]
O58 - SDL:[MD5.19166026A93206F9C6A8CD3A1F010AE4] - 02/04/2009 - 13:30:14 ---A- . (...) -- C:\Windows\SysWOW64\drivers\ASUSHWIO.SYS   [10296]
~ Drivers:  Scanned in 00mn 00s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 17/04/2013 - 13:25:22 -SHA- C:\Users\Administrateur\AppData\Roaming\Microsoft\Protect\SYNCHIST   [76]
O61 - LFC: 17/04/2013 - 13:25:35 ---A- C:\Users\Administrateur\Links\Desktop.lnk   [500]
O61 - LFC: 17/04/2013 - 13:25:35 ---A- C:\Users\Administrateur\Links\Downloads.lnk   [971]
O61 - LFC: 17/04/2013 - 13:25:35 ---A- C:\Users\Administrateur\Links\RecentPlaces.lnk   [383]
O61 - LFC: 17/04/2013 - 13:25:37 -SHA- C:\Users\Administrateur\AppData\Roaming\Microsoft\Protect\S-1-5-21-2195496237-476440402-2604502530-500\Preferred   [24]
O61 - LFC: 17/04/2013 - 13:25:37 -SHA- C:\Users\Administrateur\AppData\Roaming\Microsoft\Protect\S-1-5-21-2195496237-476440402-2604502530-500\e0d9cd86-3293-4cb6-aad6-ad831dbb8174   [740]
O61 - LFC: 17/04/2013 - 13:26:36 ---A- C:\Users\Administrateur\AppData\Local\ATI\ACE\Manifest.Bin   [26869]
O61 - LFC: 17/04/2013 - 13:26:36 ---A- C:\Users\Administrateur\AppData\Local\ATI\ACE\Manifest.xml   [19492]
O61 - LFC: 17/04/2013 - 13:26:42 ---A- C:\Users\Administrateur\AppData\Local\ATI\ACE\Profiles.xml   [43764]
O61 - LFC: 17/04/2013 - 13:26:42 ---A- C:\Users\Administrateur\AppData\Local\GDIPFONTCACHEV1.DAT   [8224]
~ Files: 10 Scanned in 00mn 01s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS:  Scanned in 00mn 00s



---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 28/12/2011 - C:\Windows\system32\drivers\afd.sys (AFD)  .(.Microsoft Corporation - Ancillary Function Driver for WinSock.) - LEGACY_AFD
O64 - Services: CurCS - 11/12/2009 - C:\Windows\System32\DRIVERS\atipmdag.sys (amdkmdag)  .(.ATI Technologies Inc. - ATI Radeon Kernel Mode Driver.) - LEGACY_AMDKMDAG
O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\Drivers\Beep.sys (Beep)  .(.Microsoft Corporation - BEEP Driver.) - LEGACY_BEEP
O64 - Services: CurCS - 04/07/2012 - C:\Windows\system32\browser.dll (bowser)  .(.Microsoft Corporation - DLL du service Explorateur d’ordinateurs.) - LEGACY_BOWSER
O64 - Services: CurCS - 06/11/2006 - C:\Windows\system32\drivers\BrPar64a.sys (BrPar)  .(.Brother Industries Ltd. - Brother Parallel class Driver  AMD 64bit ed.) - LEGACY_BRPAR
O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\DRIVERS\cdfs.sys (cdfs)  .(.Microsoft Corporation - CD-ROM File System Driver.) - LEGACY_CDFS
O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\clfs.sys (CLFS)  .(.Microsoft Corporation - Common Log File System Driver.) - LEGACY_CLFS
O64 - Services: CurCS - 02/06/2012 - C:\Windows\System32\Drivers\cng.sys (CNG)  .(.Microsoft Corporation - Kernel Cryptography, Next Generation.) - LEGACY_CNG
O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\cscsvc.dll (CSC)  .(.Microsoft Corporation - DLL du service CSC.) - LEGACY_CSC
O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\drivers\dfsc.sys (DfsC)  .(.Microsoft Corporation - DFS Namespace Client Driver.) - LEGACY_DFSC
O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\drivers\discache.sys (discache)  .(.Microsoft Corporation - System Indexer/Cache Driver.) - LEGACY_DISCACHE
O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\drivers\dxgkrnl.sys (DXGKrnl)  .(.Microsoft Corporation - DirectX Graphics Kernel.) - LEGACY_DXGKRNL
O64 - Services: CurCS - 15/08/2012 - C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (eeCtrl)  .(.Symantec Corporation - Symantec Eraser Control Driver.) - LEGACY_EECTRL
O64 - Services: CurCS - 15/08/2012 - C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (EraserUtilRebootDrv)  .(.Symantec Corporation - Symantec Eraser Utility Driver.) - LEGACY_ERASERUTILREBOOTDRV
O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\Drivers\fastfat.sys (fastfat)  .(.Microsoft Corporation - Fast FAT File System Driver.) - LEGACY_FASTFAT
O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\drivers\fileinfo.sys (FileInfo)  .(.Microsoft Corporation - FileInfo Filter Driver.) - LEGACY_FILEINFO
O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\drivers\fltmgr.sys (FltMgr)  .(.Microsoft Corporation - Gestionnaire de filtres de système de fichi.) - LEGACY_FLTMGR
O64 - Services: CurCS - 24/01/2013 - C:\Windows\system32\drivers\fvevol.sys (fvevol)  .(.Microsoft Corporation - BitLocker Drive Encryption Driver.) - LEGACY_FVEVOL
O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\drivers\http.sys (HTTP)  .(.Microsoft Corporation - HTTP Pile du protocole.) - LEGACY_HTTP
O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\drivers\hwpolicy.sys (hwpolicy)  .(.Microsoft Corporation - Hardware Policy Driver.) - LEGACY_HWPOLICY
O64 - Services: CurCS - 02/06/2012 - C:\Windows\System32\Drivers\ksecdd.sys (KSecDD)  .(.Microsoft Corporation - Kernel Security Support Provider Interface.) - LEGACY_KSECDD
O64 - Services: CurCS - 02/06/2012 - C:\Windows\System32\Drivers\ksecpkg.sys (KSecPkg)  .(.Microsoft Corporation - Kernel Security Support Provider Interface.) - LEGACY_KSECPKG
O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\DRIVERS\lltdio.sys (lltdio)  .(.Microsoft Corporation - Link-Layer Topology Mapper I/O Driver.) - LEGACY_LLTDIO
O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\drivers\luafv.sys (luafv)  .(.Microsoft Corporation - Pilote de filtre de virtualisation de fichi.) - LEGACY_LUAFV
O64 - Services: CurCS - 07/05/2010 - Pas de propriétaire (LVPr2M64)  .(...) - LEGACY_LVPR2M64
O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\drivers\mountmgr.sys (mountmgr)  .(.Microsoft Corporation - Gestionnaire des points de montage.) - LEGACY_MOUNTMGR
O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\FirewallAPI.dll (mpsdrv)  .(.Microsoft Corporation - API du Pare-feu Windows.) - LEGACY_MPSDRV
O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\wkssvc.dll (mrxsmb)  .(.Microsoft Corporation - DLL du service Station de travail.) - LEGACY_MRXSMB
O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\wkssvc.dll (mrxsmb10)  .(.Microsoft Corporation - DLL du service Station de travail.) - LEGACY_MRXSMB10
O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\wkssvc.dll (mrxsmb20)  .(.Microsoft Corporation - DLL du service Station de travail.) - LEGACY_MRXSMB20
O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\drivers\msisadrv.sys (msisadrv)  .(.Microsoft Corporation - ISA Driver.) - LEGACY_MSISADRV
O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\drivers\mup.sys (Mup)  .(.Microsoft Corporation - Multiple UNC Provider Driver.) - LEGACY_MUP
O64 - Services: CurCS - 15/04/2013 - C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130416.032\ENG64.sys (NAVENG)  .(.Symantec Corporation - AV Engine.) - LEGACY_NAVENG
O64 - Services: CurCS - 15/04/2013 - C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130416.032\EX64.sys (NAVEX15)  .(.Symantec Corporation - AV Engine.) - LEGACY_NAVEX15
O64 - Services: CurCS - 22/08/2012 - C:\Windows\system32\drivers\ndis.sys (NDIS)  .(.Microsoft Corporation - Pilote NDIS 6.20.) - LEGACY_NDIS
O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\DRIVERS\netbios.sys (NetBIOS)  .(.Microsoft Corporation - NetBIOS interface driver.) - LEGACY_NETBIOS
O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\drivers\netbt.sys (NetBT)  .(.Microsoft Corporation - MBT Transport driver.) - LEGACY_NETBT
O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\drivers\nsiproxy.sys (nsiproxy)  .(.Microsoft Corporation - NSI Proxy.) - LEGACY_NSIPROXY
O64 - Services: CurCS - 11/03/2011 - C:\Windows\System32\drivers\nvstor.sys (nvstor)  .(.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) - LEGACY_NVSTOR
O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\drivers\pcw.sys (pcw)  .(.Microsoft Corporation - Performance Counters for Windows Driver.) - LEGACY_PCW
O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\drivers\peauth.sys (PEAUTH)  .(.Microsoft Corporation - Protected Environment Authentication and Au.) - LEGACY_PEAUTH
O64 - Services: CurCS - 20/11/2010 - C:\Windows\System32\drivers\pacer.sys (Psched)  .(.Microsoft Corporation - Planificateur de paquets QoS.) - LEGACY_PSCHED
O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\wkssvc.dll (rdbss)  .(.Microsoft Corporation - DLL du service Station de travail.) - LEGACY_RDBSS
O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\DRIVERS\RDPCDD.sys (RDPCDD)  .(.Microsoft Corporation - RDP Miniport.) - LEGACY_RDPCDD
O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\drivers\RDPENCDD.sys (RDPENCDD)  .(.Microsoft Corporation - RDP Encoder Miniport.) - LEGACY_RDPENCDD
O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\drivers\RdpRefMp.sys (RDPREFMP)  .(.Microsoft Corporation - RDP Reflector Driver Miniport.) - LEGACY_RDPREFMP
O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\DRIVERS\rspndr.sys (rspndr)  .(.Microsoft Corporation - Link-Layer Topology Responder Driver for ND.) - LEGACY_RSPNDR
O64 - Services: CurCS - 10/06/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv)  .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\Drivers\spldr.sys (spldr)  .(.Microsoft Corporation - loader for security processor.) - LEGACY_SPLDR
O64 - Services: CurCS - 16/08/2010 - C:\Windows\System32\Drivers\SRTSP64.sys (SRTSP)  .(.Symantec Corporation - Symantec AutoProtect.) - LEGACY_SRTSP
O64 - Services: CurCS - 16/08/2010 - C:\Windows\System32\Drivers\SRTSPX64.sys (SRTSPX)  .(.Symantec Corporation - Symantec AutoProtect.) - LEGACY_SRTSPX
O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\srvsvc.dll (srv)  .(.Microsoft Corporation - DLL du service Serveur.) - LEGACY_SRV
O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\srvsvc.dll (srv2)  .(.Microsoft Corporation - DLL du service Serveur.) - LEGACY_SRV2
O64 - Services: CurCS - 29/04/2011 - C:\Windows\System32\DRIVERS\srvnet.sys (srvnet)  .(.Microsoft Corporation - Server Network driver.) - LEGACY_SRVNET
O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\vmstorfltres.dll (storflt)  .(.Microsoft Corporation - Fichier DLL de ressources du filtre de stoc.) - LEGACY_STORFLT
O64 - Services: CurCS - 16/08/2010 - C:\Windows\system32\Drivers\SYMEVENT64x86.sys (SymEvent)  .(.Symantec Corporation - Symantec Event Library.) - LEGACY_SYMEVENT
O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\tcpipcfg.dll (Tcpip)  .(.Microsoft Corporation - Objets de configuration du réseau.) - LEGACY_TCPIP
O64 - Services: CurCS - 03/10/2012 - C:\Windows\System32\drivers\tcpipreg.sys (tcpipreg)  .(.Microsoft Corporation - TCP/IP Registry Compatibility Driver.) - LEGACY_TCPIPREG
O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\tcpipcfg.dll (tdx)  .(.Microsoft Corporation - Objets de configuration du réseau.) - LEGACY_TDX
O64 - Services: CurCS - 20/11/2010 - C:\Windows\System32\DRIVERS\udfs.sys (udfs)  .(.Microsoft Corporation - UDF File System Driver.) - LEGACY_UDFS
O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\drivers\vga.sys (VgaSave)  .(.Microsoft Corporation - VGA/Super VGA Video Driver.) - LEGACY_VGASAVE
O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\vmbusres.dll (vmbus)  .(.Microsoft Corporation - Fichier DLL de ressources de bus VMBus.) - LEGACY_VMBUS
O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\drivers\volmgrx.sys (volmgrx)  .(.Microsoft Corporation - Pilote d’extension du gestionnaire de volum.) - LEGACY_VOLMGRX
O64 - Services: CurCS - 20/11/2010 - C:\Windows\System32\drivers\volsnap.sys (volsnap)  .(.Microsoft Corporation - Pilote de cliché instantané du volume.) - LEGACY_VOLSNAP
O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\rascfg.dll (Wanarpv6)  .(.Microsoft Corporation - Objets de configuration RAS.) - LEGACY_WANARPV6
O64 - Services: CurCS - 26/07/2012 - C:\Windows\System32\drivers\Wdf01000.sys (Wdf01000)  .(.Microsoft Corporation - Runtime de l’infrastructure de pilotes en m.) - LEGACY_WDF01000
O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\DRIVERS\wfplwf.sys (WfpLwf)  .(.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - LEGACY_WFPLWF
O64 - Services: CurCS - 16/08/2010 - C:\Windows\system32\drivers\wpsdrvnt.sys (WPS)  .(.Symantec Corporation - Symantec CMC Firewall WPS.) - LEGACY_WPS
O64 - Services: CurCS - 14/11/2012 - C:\Windows\system32\drivers\WpsHelper.sys (WpsHelper)  .(.Symantec Corporation - Symantec Intrusion Detection - WpsHelper.) - LEGACY_WPSHELPER
O64 - Services: CurCS - 26/07/2012 - C:\Windows\System32\drivers\WudfPf.sys (WudfPf)  .(.Microsoft Corporation - Windows Driver Foundation - User-mode Drive.) - LEGACY_WUDFPF
~ Legacy: 88 Scanned in 00mn 02s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d’événements.) -- C:\Windows\System32\eventvwr.exe
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> <evtfile>[HKCR\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d’événements.) -- C:\Windows\System32\eventvwr.exe
O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <htmlfile>[HKCR\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
~ FASS Keys: 18 Scanned in 00mn 00s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {B3A9E5BF-1B19-4215-BF6A-526C28708481} [DefaultScope] - (Google) - http://www.google.fr
~ Keys:  Scanned in 00mn 00s



---\\ Crack & Keygen Files (O82)
C:\Users\yvanz\Desktop\Dropbox\.dropbox.cache\2013-01-14\keygen (deleted 1bd26bda222a26069886eab8085bf42f).exe
C:\Users\yvanz\Desktop\Dropbox\Mes Documents YZ\PROGRAMMES\CloneDVD[1][1].v2.8.9.2.Cracked\CloneDVD.v2.8.9.2.Cracked\SlySoft.CloneDVD.v2.8.9.2.Cracked.PROPER.READNFO-BiNARiES\SetupCloneDVD2.exe
C:\Users\yvanz\Desktop\Dropbox\Mes Documents YZ\PROGRAMMES\CloneDVD[1][1].v2.8.9.2.Cracked\CloneDVD.v2.8.9.2.Cracked.rar
C:\Users\yvanz\Desktop\Mes Documents Yvanz (U)\PROGRAMMES\CloneDVD[1][1].v2.8.9.2.Cracked\(Nicolas-Nightmare) [22] - CloneDVD.v2.8.9.2.Cracked.rar yEnc (123) (by Yenc@power-post.org (Yenc-PP-A&A-FR)).txt
C:\Users\yvanz\Desktop\Mes Documents Yvanz (U)\PROGRAMMES\CloneDVD[1][1].v2.8.9.2.Cracked\CloneDVD.v2.8.9.2.Cracked\SlySoft.CloneDVD.v2.8.9.2.Cracked.PROPER.READNFO-BiNARiES\Patch\SLYSOF~1.EXE
C:\Users\yvanz\Desktop\Mes Documents Yvanz (U)\PROGRAMMES\CloneDVD[1][1].v2.8.9.2.Cracked\CloneDVD.v2.8.9.2.Cracked\SlySoft.CloneDVD.v2.8.9.2.Cracked.PROPER.READNFO-BiNARiES\SetupCloneDVD2.exe
C:\Users\yvanz\Desktop\Mes Documents Yvanz (U)\PROGRAMMES\CloneDVD[1][1].v2.8.9.2.Cracked\CloneDVD.v2.8.9.2.Cracked.rar
C:\Users\yvanz\Desktop\Dropbox\.dropbox.cache\2013-01-14\keygen (deleted 1bd26bda222a26069886eab8085bf42f).exe
C:\Users\yvanz\Desktop\Dropbox\Mes Documents YZ\PROGRAMMES\CloneDVD[1][1].v2.8.9.2.Cracked\CloneDVD.v2.8.9.2.Cracked\SlySoft.CloneDVD.v2.8.9.2.Cracked.PROPER.READNFO-BiNARiES\SetupCloneDVD2.exe
C:\Users\yvanz\Desktop\Dropbox\Mes Documents YZ\PROGRAMMES\CloneDVD[1][1].v2.8.9.2.Cracked\CloneDVD.v2.8.9.2.Cracked.rar
C:\Users\yvanz\Desktop\Mes Documents Yvanz (U)\PROGRAMMES\CloneDVD[1][1].v2.8.9.2.Cracked\(Nicolas-Nightmare) [22] - CloneDVD.v2.8.9.2.Cracked.rar yEnc (123) (by Yenc@power-post.org (Yenc-PP-A&A-FR)).txt
C:\Users\yvanz\Desktop\Mes Documents Yvanz (U)\PROGRAMMES\CloneDVD[1][1].v2.8.9.2.Cracked\CloneDVD.v2.8.9.2.Cracked\SlySoft.CloneDVD.v2.8.9.2.Cracked.PROPER.READNFO-BiNARiES\Patch\SLYSOF~1.EXE
C:\Users\yvanz\Desktop\Mes Documents Yvanz (U)\PROGRAMMES\CloneDVD[1][1].v2.8.9.2.Cracked\CloneDVD.v2.8.9.2.Cracked\SlySoft.CloneDVD.v2.8.9.2.Cracked.PROPER.READNFO-BiNARiES\SetupCloneDVD2.exe
C:\Users\yvanz\Desktop\Mes Documents Yvanz (U)\PROGRAMMES\CloneDVD[1][1].v2.8.9.2.Cracked\CloneDVD.v2.8.9.2.Cracked.rar
~ Files:  Scanned in 03mn 53s



---\\ Recherche des services démarrés par Svchost (O83)
O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Service Expérience d’application.) -- C:\Windows\System32\aelupsvc.dll   [72192]
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Service de propagation de certificats de cartes à puce Microsoft.) -- C:\Windows\System32\certprop.dll   [80384]
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Service de propagation de certificats de cartes à puce Microsoft.) -- C:\Windows\System32\certprop.dll   [80384]
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - DLL du service Serveur.) -- C:\Windows\System32\srvsvc.dll   [236032]
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Client de stratégie de groupe.) -- C:\Windows\System32\gpsvc.dll   [777728]
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - Extension IKE.) -- C:\Windows\System32\ikeext.dll   [853504]
O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Service Audio Windows.) -- C:\Windows\System32\Audiosrv.dll   [679424]
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Gestionnaire de numérotation automatique d’accès distant.) -- C:\Windows\System32\rasauto.dll   [99328]
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Gestionnaire de connexions d’accès distant.) -- C:\Windows\System32\rasmans.dll   [344064]
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Gestionnaire d’interface dynamique.) -- C:\Windows\System32\mprdim.dll   [97792]
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - Service de notification d’événements système (SENS).) -- C:\Windows\System32\sens.dll   [64512]
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Composants de l’application d’assistance à Microsoft NAT.) -- C:\Windows\System32\ipnathlp.dll   [359424]
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Serveur de téléphonie Microsoft® Windows(TM).) -- C:\Windows\System32\tapisrv.dll   [316928]
O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Gestionnaire des connexions distantes du serveur hôte de session Burea.) -- C:\Windows\System32\termsrv.dll   [680960]
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Agent de mise à jour automatique Windows Update.) -- C:\Windows\System32\wuaueng.dll   [2428952]
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Service de transfert intelligent en arrière-plan.) -- C:\Windows\System32\qmgr.dll   [849920]
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Dll des services Windows Shell.) -- C:\Windows\System32\shsvcs.dll   [370688]
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service offrant une connectivité IPv6 sur un réseau IPv4..) -- C:\Windows\System32\iphlpsvc.dll   [569344]
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - DLL de service d’ouverture de session secondaire.) -- C:\Windows\system32\seclogon.dll   [30720]
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Service Informations d’application.) -- C:\Windows\System32\appinfo.dll   [70656]
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - Service de découverte iSCSI.) -- C:\Windows\System32\iscsiexe.dll   [156672]
O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Service Planificateur de classes multimédias.) -- C:\Windows\System32\mmcss.dll   [67584]
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\System32\wbem\WMIsvc.dll   [242688]
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Service Configuration des services Bureau à distance.) -- C:\Windows\System32\sessenv.dll   [121856]
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - DLL du service Explorateur d’ordinateurs.) -- C:\Windows\System32\browser.dll   [136704]
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Service EAPHost Microsoft.) -- C:\Windows\System32\eapsvc.dll   [111104]
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Service du Planificateur de tâches.) -- C:\Windows\System32\schedsvc.dll   [1110016]
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Service Gestion des clés.) -- C:\Windows\System32\kmsvc.dll   [90624]
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Rapports et solutions aux problèmes.) -- C:\Windows\System32\wercplsupport.dll   [84480]
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\System32\profsvc.dll   [209920]
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - DLL du service des thèmes Windows Shell.) -- C:\Windows\System32\themeservice.dll   [44544]
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - Service BDE.) -- C:\Windows\System32\bdesvc.dll   [100864]
O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Service Installation de logiciels.) -- C:\Windows\System32\appmgmts.dll   [193536]
~ Services: 33 Scanned in 00mn 00s



---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.B88FC4BD8674DE4C314844864D0D4166] [SPRF][17/04/2013] (.Nicolas Coolman - ZHPDiag.) -- C:\Users\Administrateur\Desktop\ZHPDiag2.exe   [5574753]
[MD5.0CD613576E66287D222E4691BE7C8AB6] [SPRF][27/07/2010] (.Adobe Systems, Inc. - Adobe® Flash® Player Installer/Uninstaller 10.1 r82.) -- C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe   [2826192]
~ Files:  Scanned in 00mn 00s



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "SNMPTRAP-In-UDP" | In - Public - P17 - FALSE | .(.Microsoft Corporation - Interruption SNMP.) -- C:\Windows\system32\snmptrap.exe
O87 - FAEL: "SNMPTRAP-In-UDP-NoScope" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Interruption SNMP.) -- C:\Windows\system32\snmptrap.exe
O87 - FAEL: "WMP-In-UDP" | In - None - P17 - FALSE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
O87 - FAEL: "WMP-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
O87 - FAEL: "WMP-Out-TCP" | Out - None - P6 - FALSE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
O87 - FAEL: "WMPNSS-QWave-In-UDP-NoScope" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WMPNSS-QWave-Out-UDP-NoScope" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WMPNSS-QWave-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WMPNSS-QWave-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WMPNSS-WMP-In-UDP-NoScope" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
O87 - FAEL: "WMPNSS-WMP-Out-UDP-NoScope" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
O87 - FAEL: "WMPNSS-WMP-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
O87 - FAEL: "WMPNSS-In-UDP-NoScope" |In - Domain - P17 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)
O87 - FAEL: "WMPNSS-Out-UDP-NoScope" |Out - Domain - P17 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)
O87 - FAEL: "WMPNSS-In-TCP-NoScope" |In - Domain - P6 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)
O87 - FAEL: "WMPNSS-Out-TCP-NoScope" |Out - Domain - P6 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)
O87 - FAEL: "WMPNSS-QWave-In-UDP" | In - Public - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WMPNSS-QWave-Out-UDP" | Out - Public - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WMPNSS-QWave-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WMPNSS-QWave-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WMPNSS-SSDPSrv-In-UDP" | In - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WMPNSS-SSDPSrv-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WMPNSS-WMP-In-UDP" | In - Public - P17 - FALSE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
O87 - FAEL: "WMPNSS-WMP-Out-UDP" | Out - Public - P17 - FALSE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
O87 - FAEL: "WMPNSS-WMP-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
O87 - FAEL: "WMPNSS-In-UDP" |In - Public - P17 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)
O87 - FAEL: "WMPNSS-Out-UDP" |Out - Public - P17 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)
O87 - FAEL: "WMPNSS-In-TCP" |In - Public - P6 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)
O87 - FAEL: "WMPNSS-Out-TCP" |Out - Public - P6 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)
O87 - FAEL: "WMPNSS-UPnP-Out-TCP" | Out - None - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-In" | In - Private - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-Out" | Out - Private - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-In" | In - Private - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-Out" | Out - Private - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "PNRPMNRS-PNRP-In-UDP" | In - None - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "PNRPMNRS-PNRP-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "PNRPMNRS-SSDPSrv-In-UDP" | In - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "PNRPMNRS-SSDPSrv-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RVM-VDS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Service de disque virtuel.) -- C:\Windows\system32\vds.exe
O87 - FAEL: "RVM-VDSLDR-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Virtual Disk Service Loader.) -- C:\Windows\system32\vdsldr.exe
O87 - FAEL: "RVM-RPCSS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RVM-VDS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Service de disque virtuel.) -- C:\Windows\system32\vds.exe
O87 - FAEL: "RVM-VDSLDR-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Virtual Disk Service Loader.) -- C:\Windows\system32\vdsldr.exe
O87 - FAEL: "RVM-RPCSS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "Collab-P2PHost-In-TCP" | In - None - P6 - TRUE | .(.Microsoft Corporation - Voisinage immédiat.) -- C:\Windows\system32\p2phost.exe
O87 - FAEL: "Collab-P2PHost-Out-TCP" | Out - None - P6 - FALSE | .(.Microsoft Corporation - Voisinage immédiat.) -- C:\Windows\system32\p2phost.exe
O87 - FAEL: "Collab-P2PHost-WSD-In-UDP" | In - None - P17 - FALSE | .(.Microsoft Corporation - Voisinage immédiat.) -- C:\Windows\system32\p2phost.exe
O87 - FAEL: "Collab-P2PHost-WSD-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Voisinage immédiat.) -- C:\Windows\system32\p2phost.exe
O87 - FAEL: "Collab-PNRP-In-UDP" | In - None - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "Collab-PNRP-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "Collab-PNRP-SSDPSrv-In-UDP" | In - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "Collab-PNRP-SSDPSrv-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "FPS-SpoolSvc-In-TCP-NoScope" | In - Domain - P6 - TRUE | .(.Microsoft Corporation - Application sous-système spouleur.) -- C:\Windows\system32\spoolsv.exe
O87 - FAEL: "FPS-SpoolSvc-In-TCP" | In - Private - P6 - FALSE | .(.Microsoft Corporation - Application sous-système spouleur.) -- C:\Windows\system32\spoolsv.exe
O87 - FAEL: "FPS-LLMNR-In-UDP" | In - Private - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "FPS-LLMNR-Out-UDP" | Out - Private - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "CoreNet-DHCP-In" | In - None - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "CoreNet-DHCP-Out" | Out - None - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "CoreNet-DHCPV6-In" | In - None - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "CoreNet-DHCPV6-Out" | Out - None - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "CoreNet-Teredo-In" | In - None - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "CoreNet-Teredo-Out" | Out - None - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "CoreNet-IPHTTPS-Out" | Out - None - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "CoreNet-GP-Out-TCP" | Out - Domain - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "CoreNet-DNS-Out-UDP" | Out - None - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "CoreNet-GP-LSASS-Out-TCP" | Out - Domain - P6 - TRUE | .(.Microsoft Corporation - Local Security Authority Process.) -- C:\Windows\system32\lsass.exe
O87 - FAEL: "PerfLogsAlerts-PLASrv-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Performance Logs and Alerts DCOM Server.) -- C:\Windows\system32\plasrv.exe
O87 - FAEL: "PerfLogsAlerts-DCOM-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "PerfLogsAlerts-PLASrv-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Performance Logs and Alerts DCOM Server.) -- C:\Windows\system32\plasrv.exe
O87 - FAEL: "PerfLogsAlerts-DCOM-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "MsiScsi-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "MsiScsi-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "MsiScsi-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "MsiScsi-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WMI-RPCSS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WMI-WINMGMT-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WMI-WINMGMT-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WMI-ASYNC-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) -- C:\Windows\system32\wbem\unsecapp.exe
O87 - FAEL: "WMI-RPCSS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WMI-WINMGMT-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WMI-WINMGMT-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WMI-ASYNC-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) -- C:\Windows\system32\wbem\unsecapp.exe
O87 - FAEL: "NETDIS-SSDPSrv-In-UDP-Active" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "NETDIS-SSDPSrv-Out-UDP-Active" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "NETDIS-UPnP-Out-TCP-Active" | Out - Private - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "NETDIS-FDPHOST-In-UDP-Active" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "NETDIS-FDPHOST-Out-UDP-Active" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "NETDIS-LLMNR-In-UDP-Active" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "NETDIS-LLMNR-Out-UDP-Active" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "NETDIS-FDRESPUB-WSD-In-UDP-Active" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "NETDIS-FDRESPUB-WSD-Out-UDP-Active" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "NETDIS-SSDPSrv-In-UDP" | In - Public - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "NETDIS-SSDPSrv-Out-UDP" | Out - Public - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "NETDIS-UPnP-Out-TCP" | Out - Public - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "NETDIS-FDPHOST-In-UDP" | In - Public - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "NETDIS-FDPHOST-Out-UDP" | Out - Public - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "NETDIS-LLMNR-In-UDP" | In - Public - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "NETDIS-LLMNR-Out-UDP" | Out - Public - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "NETDIS-FDRESPUB-WSD-In-UDP" | In - Public - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "NETDIS-FDRESPUB-WSD-Out-UDP" | Out - Public - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteSvcAdmin-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Applications Services et Contrôleur.) -- C:\Windows\system32\services.exe
O87 - FAEL: "RemoteSvcAdmin-RPCSS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteSvcAdmin-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Applications Services et Contrôleur.) -- C:\Windows\system32\services.exe
O87 - FAEL: "RemoteSvcAdmin-RPCSS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteTask-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteTask-RPCSS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteTask-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteTask-RPCSS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "MSDTC-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Service Microsoft Distributed Transaction Coordinator.) -- C:\Windows\system32\msdtc.exe
O87 - FAEL: "MSDTC-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Service Microsoft Distributed Transaction Coordinator.) -- C:\Windows\system32\msdtc.exe
O87 - FAEL: "MSDTC-KTMRM-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "MSDTC-RPCSS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "MSDTC-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Service Microsoft Distributed Transaction Coordinator.) -- C:\Windows\system32\msdtc.exe
O87 - FAEL: "MSDTC-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Service Microsoft Distributed Transaction Coordinator.) -- C:\Windows\system32\msdtc.exe
O87 - FAEL: "MSDTC-KTMRM-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "MSDTC-RPCSS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteEventLogSvc-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteEventLogSvc-RPCSS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteEventLogSvc-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteEventLogSvc-RPCSS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteFwAdmin-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteFwAdmin-RPCSS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteFwAdmin-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteFwAdmin-RPCSS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteAssistance-In-TCP-EdgeScope" | In - Public - P6 - TRUE | .(.Microsoft Corporation - Assistance à distance Windows.) -- C:\Windows\system32\msra.exe
O87 - FAEL: "RemoteAssistance-Out-TCP" | Out - Public - P6 - TRUE | .(.Microsoft Corporation - Assistance à distance Windows.) -- C:\Windows\system32\msra.exe
O87 - FAEL: "RemoteAssistance-PnrpSvc-UDP-In-EdgeScope" | In - Public - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteAssistance-PnrpSvc-UDP-OUT" | Out - Public - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteAssistance-RAServer-In-TCP-NoScope-Active" | In - Domain - P6 - TRUE | .(.Microsoft Corporation - Serveur COM d’assistance à distance Windows.) -- C:\Windows\system32\raserver.exe
O87 - FAEL: "RemoteAssistance-RAServer-Out-TCP-NoScope-Active" | Out - Domain - P6 - TRUE | .(.Microsoft Corporation - Serveur COM d’assistance à distance Windows.) -- C:\Windows\system32\raserver.exe
O87 - FAEL: "RemoteAssistance-DCOM-In-TCP-NoScope-Active" | In - Domain - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteAssistance-In-TCP-EdgeScope-Active" | In - Domain - P6 - TRUE | .(.Microsoft Corporation - Assistance à distance Windows.) -- C:\Windows\system32\msra.exe
O87 - FAEL: "RemoteAssistance-Out-TCP-Active" | Out - Domain - P6 - TRUE | .(.Microsoft Corporation - Assistance à distance Windows.) -- C:\Windows\system32\msra.exe
O87 - FAEL: "RemoteAssistance-SSDPSrv-In-UDP-Active" | In - Domain - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteAssistance-SSDPSrv-Out-UDP-Active" | Out - Domain - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteAssistance-SSDPSrv-In-TCP-Active" | In - Domain - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteAssistance-SSDPSrv-Out-TCP-Active" | Out - Domain - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteAssistance-PnrpSvc-UDP-In-EdgeScope-Active" | In - Domain - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteAssistance-PnrpSvc-UDP-OUT-Active" | Out - Domain - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WPDMTP-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes.) -- C:\Windows\system32\wudfhost.exe
O87 - FAEL: "WPDMTP-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes.) -- C:\Windows\system32\wudfhost.exe
O87 - FAEL: "WPDMTP-SSDPSrv-In-UDP" | In - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WPDMTP-SSDPSrv-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WPDMTP-UPnPHost-Out-TCP" | Out - None - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WPDMTP-UPnP-Out-TCP" | Out - None - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "Microsoft-Windows-PeerDist-WSD-In" | In - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "Microsoft-Windows-PeerDist-WSD-Out" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "MCX-SSDPSrv-In-UDP" | In - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "MCX-SSDPSrv-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "MCX-In-TCP" | In - None - P6 - FALSE | .(.Microsoft Corporation - Windows Media Center.) -- C:\Windows\ehome\ehshell.exe
O87 - FAEL: "MCX-Out-TCP" | Out - None - P6 - FALSE | .(.Microsoft Corporation - Windows Media Center.) -- C:\Windows\ehome\ehshell.exe
O87 - FAEL: "MCX-QWave-In-UDP" | In - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "MCX-QWave-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "MCX-QWave-In-TCP" | In - None - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "MCX-QWave-Out-TCP" | Out - None - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "MCX-In-UDP" | In - None - P17 - FALSE | .(.Microsoft Corporation - Windows Media Center.) -- C:\Windows\ehome\ehshell.exe
O87 - FAEL: "MCX-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Windows Media Center.) -- C:\Windows\ehome\ehshell.exe
O87 - FAEL: "MCX-MCX2SVC-Out-TCP" | Out - None - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "MCX-Prov-Out-TCP" | Out - None - P6 - FALSE | .(.Microsoft Corporation - MCX2 Provisioning library.) -- C:\Windows\ehome\mcx2prov.exe
O87 - FAEL: "MCX-PlayTo-Out-TCP" | Out - None - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "MCX-McrMgr-Out-TCP" | Out - None - P6 - FALSE | .(.Microsoft Corporation - Media Center Extender Manager.) -- C:\Windows\ehome\mcrmgr.exe
O87 - FAEL: "MCX-PlayTo-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "MCX-FDPHost-Out-TCP" | Out - None - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "NetPres-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Connect to a Network Projector.) -- C:\Windows\system32\netproj.exe
O87 - FAEL: "NetPres-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Connect to a Network Projector.) -- C:\Windows\system32\netproj.exe
O87 - FAEL: "NetPres-WSD-In-UDP" | In - None - P17 - FALSE | .(.Microsoft Corporation - Connect to a Network Projector.) -- C:\Windows\system32\netproj.exe
O87 - FAEL: "NetPres-WSD-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Connect to a Network Projector.) -- C:\Windows\system32\netproj.exe
O87 - FAEL: "NetPres-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Connect to a Network Projector.) -- C:\Windows\system32\netproj.exe
O87 - FAEL: "NetPres-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Connect to a Network Projector.) -- C:\Windows\system32\netproj.exe
O87 - FAEL: "SPPSVC-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Service de la plateforme de protection logicielle Microsoft.) -- C:\Windows\system32\sppsvc.exe
O87 - FAEL: "SPPSVC-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Service de la plateforme de protection logicielle Microsoft.) -- C:\Windows\system32\sppsvc.exe
O87 - FAEL: "{C87814DE-75E2-4FAB-99AB-1200FC683732}" | In - None - P6 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
O87 - FAEL: "{49C589E9-A1FF-43A0-9F7A-98ABA9B012E8}" | Out - Domain - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "{C2B4C170-23B3-447E-8F2B-E20433E0430A}" | In - Domain - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "{5557BD2E-EFAE-4B16-9240-3729D81A8FD6}" | Out - Domain - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "{7E543CE2-30AC-4E6F-8F08-00927E4A763F}" | In - Domain - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "{D092924E-5DF2-44CE-9605-6082452FCE64}" | Out - Domain - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "{FB78D8F9-07A0-4604-940E-6CEAF7F598C6}" | In - Domain - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "{141AAC27-A047-4637-9679-1FF37F772F23}" | Out - Domain - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "{7B236331-ED1E-4CCB-85E0-B4B8CCE4AE4B}" | Out - Domain - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "{E54A64CB-9B16-4F7B-AE26-9474B8669D77}" | In - Domain - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "{A4BB63AD-9EC2-4604-888C-B758E7DDE6E1}" | Out - Domain - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "{6295FC76-B044-47EB-B258-E74F85D6A08D}" | In - Domain - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "{A4C488A3-C6C2-42B3-B28F-38CC0C47EA8F}" | In - Domain - P6 - TRUE | .(.Symantec Corporation - Symantec CMC Smc.) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
O87 - FAEL: "{D2FDFA25-C388-4F93-BC55-DB042A2E5C94}" | In - Domain - P17 - TRUE | .(.Symantec Corporation - Symantec CMC Smc.) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
O87 - FAEL: "{A6779746-3AC8-4AB5-BB89-185992CE0C7F}" | In - Domain - P6 - TRUE | .(.Symantec Corporation - Symantec Network Access Control.) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.exe
O87 - FAEL: "{B357B637-AFC9-4109-A603-15F9277C7CB2}" | In - Domain - P17 - TRUE | .(.Symantec Corporation - Symantec Network Access Control.) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.exe
O87 - FAEL: "{AF147B47-5132-48E1-86E2-086F647FDB9E}" | In - Domain - P6 - TRUE | .(.Symantec Corporation - Symantec User Session.) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
O87 - FAEL: "{0E14EC25-3CB9-4357-BA7A-26856A30ED20}" | In - Domain - P17 - TRUE | .(.Symantec Corporation - Symantec User Session.) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
O87 - FAEL: "{923AC55A-F481-419C-AB1D-D91889258416}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
O87 - FAEL: "{9E460802-92CA-407E-BB11-011A48FFC005}" | In - Domain - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "{FC66348B-948F-490D-B66B-A2C08B8D6DB5}" | In - Domain - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "{C0405DBD-848B-4A1E-8C31-CABD5E87421D}" | Out - Public - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "{5FA35AA5-D26F-4BCD-8F9D-925C7002042F}" | In - Public - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "{6BB0DA68-0E62-4C9A-B846-38C038BC0D28}" | In - Public - P6 - TRUE | .(.Microsoft Corporation - Application sous-système spouleur.) -- C:\Windows\system32\spoolsv.exe
O87 - FAEL: "RemoteDesktop-UserMode-In-TCP" | In - None - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "{8CC8BC2D-82A4-4354-AEC4-A2247DD44854}" | In - Domain - P6 - TRUE | .(.Microsoft Corporation - Microsoft SharePoint Workspace.) -- C:\Program Files (x86)\Microsoft Office 2010\Office14\GROOVE.exe
O87 - FAEL: "{05405B00-D359-4E9F-88E3-5E9168FFE3AF}" | In - Domain - P17 - TRUE | .(.Microsoft Corporation - Microsoft SharePoint Workspace.) -- C:\Program Files (x86)\Microsoft Office 2010\Office14\GROOVE.exe
O87 - FAEL: "{75C1FECD-6EDD-4D12-B1B7-5FE9517646FF}" | In - Domain - P6 - TRUE | .(.Microsoft Corporation - Microsoft OneNote.) -- C:\Program Files (x86)\Microsoft Office 2010\Office14\ONENOTE.exe
O87 - FAEL: "{0402E4D7-F474-46D9-ACCE-258449224585}" | In - Domain - P17 - TRUE | .(.Microsoft Corporation - Microsoft OneNote.) -- C:\Program Files (x86)\Microsoft Office 2010\Office14\ONENOTE.exe
O87 - FAEL: "{3BBD189E-22CD-4F88-BE5E-B9DBA84EC26E}" | In - Domain - P17 - TRUE | .(.Microsoft Corporation - Microsoft Outlook.) -- C:\Program Files (x86)\Microsoft Office 2010\Office14\outlook.exe
O87 - FAEL: "{B9A8031D-0E4F-465D-8A3E-F7A56B573B34}" | In - Domain - P6 - TRUE | .(.Microsoft Corporation - Installateur Windows®.) -- C:\Windows\SysWOW64\msiexec.exe
O87 - FAEL: "{28658B72-1AC1-4FA8-8393-7FB7F6924337}" | In - Domain - P17 - TRUE | .(.Microsoft Corporation - Installateur Windows®.) -- C:\Windows\SysWOW64\msiexec.exe
O87 - FAEL: "{7EAA67B7-7000-47BE-870C-144BCECB136C}" |In - Domain - P6 - TRUE | .(...) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.)  =>PUP.SweetIM
O87 - FAEL: "{6D60D423-1A23-42D8-9D1A-0809B4161FF5}" |In - Domain - P17 - TRUE | .(...) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.)  =>PUP.SweetIM
O87 - FAEL: "{2912DBE7-CFFA-43A1-B4C1-0F44DD1D9D9B}" | In - Domain - P6 - TRUE | .(.Dropbox, Inc. - Dropbox.) -- C:\Users\yvanz\AppData\Roaming\Dropbox\bin\Dropbox.exe
O87 - FAEL: "{50344BCE-021B-450D-9C92-EB976788BF58}" | In - Domain - P17 - TRUE | .(.Dropbox, Inc. - Dropbox.) -- C:\Users\yvanz\AppData\Roaming\Dropbox\bin\Dropbox.exe
~ Firewall: 207 Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : v2.11560 - (16/04/2013)
Clés trouvées (Keys found) : 13
Valeurs trouvées (Values found) : 0
Dossiers trouvés  (Folders found) : 0
Fichiers trouvés  (Files found) : 0

[HKLM\Software\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}]   =>Adware.AskSBAR
[HKLM\Software\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}]   =>Toolbar.Skype
[HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}]   =>Toolbar.Skype
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}]   =>Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]   =>Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]   =>Toolbar.Skype
[HKLM\Software\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]   =>Toolbar.Skype
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]   =>Toolbar.Skype
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]   =>Toolbar.Skype
[HKLM\Software\Wow6432Node\SweetIM]   =>PUP.SweetIM
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]   =>Toolbar.Bing
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]   =>Toolbar.Bing
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]   =>Toolbar.Bing
~ Additionnel:  Scanned in 00mn 10s



---\\ Product Upgrade Codes (O90)
O90 - PUC: "1955C54D566A5504B898F716A51EF4C6" . (.eCopy PDF Pro Office.) -- C:\Windows\Installer\{D45C5591-A665-4055-8B89-7F615AE14F6C}\ARPPRODUCTICON.exe
O90 - PUC: "21F1DBD139DE0C947ACC65BCED841885" . (.LifeFrame2.) -- C:\Windows\Installer\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}\_6FEFF9B68218417F98F549.exe
O90 - PUC: "28C52CBBE8EF43A9709B1F2878E944DC" . (.Catalyst Control Center Localization All.) -- C:\Windows\Installer\{BBC25C82-FE8E-9A34-07B9-F182879E44CD}\ARPPRODUCTICON.exe
O90 - PUC: "349DB9C8710267E79D54FD20FD19D969" . (.Catalyst Control Center Core Implementation.) -- C:\Windows\Installer\{8C9BD943-2017-7E76-D945-DF02DF919D96}\ARPPRODUCTICON.exe
O90 - PUC: "3E64AFC7F2CC553428EA0621CD6333DF" . (.NVIDIA ForceWare Network Access Manager.) -- C:\Windows\Installer\{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}\ARPPRODUCTICON.exe
O90 - PUC: "478555F23A4776745ADA0CC11E780673" . (.Suite Entreprise v2.) -- C:\Windows\Installer\{2F555874-74A3-4767-A5AD-C01CE1876037}\ARPPRODUCTICON.exe
O90 - PUC: "528F497B6ABBBB4C974CCC56C71A03AA" . (.Catalyst Control Center Graphics Previews Vista.) -- C:\Windows\Installer\{B794F825-BBA6-C4BB-79C4-CC657CA130AA}\ARPPRODUCTICON.exe
O90 - PUC: "62D1BF45F8BCC7B2B12243A41A98F61E" . (.Catalyst Control Center Graphics Full Existing.) -- C:\Windows\Installer\{54FB1D26-CB8F-2B7C-1B22-344AA1896FE1}\ARPPRODUCTICON.exe
O90 - PUC: "64847DAA7360EAD4FBC0B7663D03F478" . (.Client Symantec Endpoint Protection.) -- C:\Windows\Installer\{AAD74846-0637-4DAE-BF0C-7B66D3304F87}\ARPPRODUCTICON.exe
O90 - PUC: "68AB67CA7DA76301B744AA0100000010" . (.Adobe Reader X (10.1.4) - Français.) -- C:\Windows\Installer\{AC76BA86-7AD7-1036-7B44-AA1000000001}\SC_Reader.ico
O90 - PUC: "7692FC6BE18C0C0489510C7547EF1F02" . (.Skype Click to Call.) -- C:\Windows\Installer\{B6CF2967-C81E-40C0-9815-C05774FEF120}\IconUninstallIco
O90 - PUC: "7B4228C8B9AA708479DC5598B9CA38EF" . (.YouSendIt Express.) -- C:\Windows\Installer\{8C8224B7-AA9B-4807-97CD-55899BAC83FE}\ARPPRODUCTICON.exe
O90 - PUC: "7D40C8B42E74B0BA5B3756988363DA01" . (.ccc-core-static.) -- C:\Windows\Installer\{4B8C04D7-47E2-AB0B-B573-65893836AD10}\ARPPRODUCTICON.exe
O90 - PUC: "85A5AC4B9572FCF7F49159E250BF4A39" . (.ATI AVIVO64 Codecs.) -- C:\Windows\Installer\{B4CA5A58-2759-7FCF-4F19-952E05FBA493}\ARPPRODUCTICON.exe
O90 - PUC: "915681EC43D95AB3C4BAC843751DF856" . (.Catalyst Control Center Graphics Full New.) -- C:\Windows\Installer\{CE186519-9D34-3BA5-4CAB-8C3457D18F65}\ARPPRODUCTICON.exe
O90 - PUC: "97FAD4D8A5A89644A96BCFB814A18D7F" . (.Classic Client 6.0 for 64 bits.) -- C:\Windows\Installer\{8D4DAF79-8A5A-4469-9AB6-FC8B411AD8F7}\ARPPRODUCTICON.exe
O90 - PUC: "9F2FDFE0D6387BE43AD230B83D1FBFA2" . (.Security Update for CAPICOM (KB931906).) -- C:\Windows\Installer\{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}\folder.ico
O90 - PUC: "B61FCC019C1F42B459074BCCEE2493D2" . (.LightScribe System Software.) -- C:\Windows\Installer\{10CCF16B-F1C9-4B24-9570-B4CCEE42392D}\ARPPRODUCTICON.exe
O90 - PUC: "B8D5DAF22E65D4C18EE4DE61C2234D5C" . (.Catalyst Control Center Graphics Light.) -- C:\Windows\Installer\{2FAD5D8B-56E2-1C4D-E84E-ED162C32D4C5}\ARPPRODUCTICON.exe
O90 - PUC: "D043B4370C3DA4282EA6BB7BE8211AA6" . (.ATI Catalyst Install Manager.) -- C:\Windows\Installer\{734B340D-D3C0-824A-E26A-BBB78E12A16A}\ARPPRODUCTICON.exe
O90 - PUC: "D366E3D3E7E477545A06E7DCDD5445A8" . (.PVSonyDll.) -- C:\Windows\Installer\{3D3E663D-4E7E-4577-A560-7ECDDD45548A}\ARPPRODUCTICON.exe
O90 - PUC: "D7314F9862C648A4DB8BE2A5B47BE100" . (.Microsoft Silverlight.) -- c:\Windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ARPIcon
O90 - PUC: "DD7870663B8676E40937A466DDA71D39" . (.ASUS VGA Driver.) -- C:\Windows\Installer\{660787DD-68B3-4E67-9073-4A66DD7AD193}\ARPPRODUCTICON.exe
O90 - PUC: "DF6C169A385C6F540A4AE534672CE914" . (.Catalyst Control Center - Branding.) -- C:\Windows\Installer\{A961C6FD-C583-45F6-A0A4-5E4376C29E41}\ARPPRODUCTICON.exe
O90 - PUC: "E7FF67E4ABEA78C47B88DC745E24B5D9" . (.Skype™ 6.1.) -- C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
O90 - PUC: "F44BAC9188F21BCB78C3A0AA042EEC17" . (.ccc-utility64.) -- C:\Windows\Installer\{19CAB44F-2F88-BCB1-873C-0AAA40E2CE71}\ARPPRODUCTICON.exe
O90 - PUC: "F6071111A6667304777712318267D401" . (.JavaFX 2.1.1.) -- C:\Windows\Installer\{1111706F-666A-4037-7777-211328764D10}\javaIcon.ico
~ Update Products: 103 Scanned in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 27/07/2012 63960 |  (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 12/04/2013 256904 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 11/12/2009 202752 |  (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 13/06/2004 57344 |  (Brother XP spl Service) . (.brother Industries Ltd.) - C:\Windows\SysWOW64\brsvc01a.exe
SR - | Auto 16/08/2010 108392 |  (ccEvtMgr) . (.Symantec Corporation.) - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
SR - | Auto 16/08/2010 108392 |  (ccSetMgr) . (.Symantec Corporation.) - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
SR - | Auto  626208 |  (ForceWare Intelligent Application Manager (IAM)) . (...) - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
SR - | Auto 26/02/2009 69632 |  (GslShmSrvc) . (.Gemalto.) - C:\Program Files (x86)\Gemalto\Classic Client\BIN\GslShmSrvc.exe
SS - | Demand 04/04/2005 69632 |  (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SR - | Auto 16/10/2009 73728 |  (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SS - | Demand 18/08/2009 3093880 | C:\Program Files (x86)\Symantec\LIVEUP~1\LUCOMS~1.exe (LiveUpdate) . (.Symantec Corporation.) - C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.exe
SR - | Auto 07/05/2010 197976 |  (LVPrcS64) . (.Logitech Inc..) - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
SS - | Demand 15/04/2013 115608 |  (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 06/11/2009 935208 |  (Nero BackItUp Scheduler 4.0) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
SR - | Auto  206880 |  (nSvcIp) . (...) - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
SR - | Auto 27/09/2009 383592 |  (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 09/09/2011 135016 |  (PDFProFiltSrv) . (.Nuance Communications, Inc..) - C:\Program Files (x86)\Nuance\eCopy PDF Pro Office\PDFProFiltSrv.exe
SR - | Auto 02/10/2012 3064000 |  (Skype C2C Service) . (.Skype Technologies S.A..) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
SS - | Auto 08/01/2013 161536 |  (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 16/08/2010 3144696 |  (SmcService) . (.Symantec Corporation.) - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
SS - | Demand 16/08/2010 414536 |  (SNAC) . (.Symantec Corporation.) - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.exe
SR - | Auto 14/07/2009 239648 |  (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 16/08/2010 1775344 |  (Symantec AntiVirus) . (.Symantec Corporation.) - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
SR - | Auto 18/01/2012 450848 |  (UMVPFSrv) . (.Logitech Inc..) - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
SR - | Auto 06/12/2009 1793976 |  (uvnc_service) . (.UltraVNC.) - C:\Program Files\UltraVNC\WinVNC.exe
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Demand  0 |  (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services:  Scanned in 00mn 02s



---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Administrateur at 17/04/2013 14:41:14

device: opened successfully
user: error reading MBR 

Disk trace:
error: Read  Descripteur non valide
kernel: error reading MBR 
~ MBR: 9 Scanned in 00mn 02s



---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Administrateur at 17/04/2013 14:41:16

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR:  Scanned in 00mn 04s



End of the scan (1562 lines in 09mn 26s)(14)