Rapport de ZHPDiag v2013.4.7.45 par Nicolas Coolman, Update du 07/04/2013 Run by marc at 08/04/2013 16:21:26 State : Version à jour. High Elevated Privileges : OK UAC : Not Found ---\\ Web Browser MSIE: Internet Explorer v8.0.6001.18702 MFIE: Mozilla Firefox 20.0 v20.0 (Defaut) ---\\ Windows Product Information ~ Langage: Français Windows XP Professional Service Pack 3 (Build 2600) Windows Automatic Updates : OK Windows Genuine Advantage : OK ---\\ System Information ~ Processor: x86 Family 15 Model 3 Stepping 4, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 2047 MB (72% free) System Restore: Activé (Enable) System drive C: has 22 GB (39%) free of 55 GB ---\\ Logged in mode ~ Computer Name: MARCGRON ~ User Name: marc ~ All Users Names: SUPPORT_fddfa904, SUPPORT_388945a0, marc, Josette, HelpAssistant, ASPNET, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Documents and Settings\marc\Application Data\ ~ %Desktop% : C:\Documents and Settings\marc\Bureau\ ~ %Favorites% : C:\Documents and Settings\marc\Favoris\ ~ %LocalAppData% : C:\Documents and Settings\marc\Local Settings\Application Data\ ~ %StartMenu% : C:\Documents and Settings\marc\Menu Démarrer\ ~ %Windir% : C:\WINDOWS\ ~ %System% : C:\WINDOWS\system32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 22 Go of 55 Go) D:\ Hard drive, Flash drive, Thumb drive (Free 1 Go of 5 Go) E:\ CD-ROM drive (Not Inserted) F:\ CD-ROM drive (Not Inserted) I:\ Floppy drive, Flash card reader, USB Key (Not Inserted) J:\ Floppy drive, Flash card reader, USB Key (Not Inserted) K:\ Floppy drive, Flash card reader, USB Key (Not Inserted) L:\ Floppy drive, Flash card reader, USB Key (Not Inserted) M:\ Hard drive, Flash drive, Thumb drive (Free 14 Go of 41 Go) N:\ Hard drive, Flash drive, Thumb drive (Free 64 Go of 86 Go) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date ~ Security Center: Scanned in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.13/04/2008 - 18:34:04.) -- C:\WINDOWS\Explorer.exe [1037824] [MD5.FCDD66EE148885E900285ADE8417E40B] - (.Microsoft Corporation - Internet Extensions for Win32.) (.05/02/2013 - 20:56:42.) -- C:\WINDOWS\system32\wininet.dll [916480] [MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.13/04/2008 - 18:34:30.) -- C:\WINDOWS\system32\Winlogon.exe [512000] [MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496] [MD5.CDFE4411A69C224BD1D11B2DA92DAC51] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.03/08/2004 - 22:59:44.) -- C:\WINDOWS\system32\Drivers\atapi.sys [95360] [MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 11:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744] [MD5.4B0A100EAF5C49EF3CCA8C641431EACC] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.02/05/2008 - 11:49:39.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976] [MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.13/04/2008 - 17:57:40.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672] [MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 08:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384] [MD5.D1EFCBD693B5BA21314D06368C471070] - (.Microsoft Corporation - Pilote de port i8042.) (.19/08/2004 - 15:56:40.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54400] [MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 10:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112] [MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 10:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832] [MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 11:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264] [MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320] [MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 11:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816] [MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 11:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976] [MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.13/04/2008 - 18:09:42.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384] [MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 11:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328] [MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 10:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224] [MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.13/04/2008 - 17:57:36.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752] [MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.13/04/2008 - 17:56:06.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 3/16149 ~ Mes musiques (My Musics) : 1/535 ~ Mes Videos (My Videos) : 3/17 ~ Mes Favoris (My Favorites) : 1/12 ~ Mes Documents (My Documents) : 2/21760 ~ Mon Bureau (My Desktop) : 0/55 ~ Menu demarrer (Programs) : 1/42 ~ Hidden Files: Scanned in 00mn 32s ---\\ Processus lancés [MD5.110C6DC36EA9F5DA664A584756B1B297] - (.G Data Software AG - G Data AntiVirus Scan Server.) -- C:\Program Files\Fichiers communs\G DATA\GDScan\GDScan.exe [470008] [PID.1452] [MD5.6BBEF99B9A4DA3568ECCF32FCB10C6FE] - (.G Data Software AG - G Data Filesystem Monitor Service.) -- C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe [1584112] [PID.1472] [MD5.5F61C4B246354183DB05AC81E4B86B8B] - (.Acronis - Acronis Scheduler 2.) -- C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe [764536] [PID.1916] [MD5.AF44F7E027037628F1FAC3C13CDE73E6] - (.Acronis - File Level CDP Manager Service.) -- C:\Program Files\Fichiers communs\Acronis\CDP\afcdpsrv.exe [3246040] [PID.1964] [MD5.A33C07F7527FC4CBC664C3137EB7D744] - (.AVerMedia - AVerRemote MFC Application.) -- C:\Program Files\Fichiers communs\AVerMedia\Service\AVerRemote.exe [344064] [PID.2000] [MD5.9AEBB2D487D9BF4C0F354899D842EDD0] - (.Pas de propriétaire - ScheduleService Module.) -- C:\Program Files\Fichiers communs\AVerMedia\Service\AVerScheduleService.exe [389120] [PID.2024] [MD5.C48176DA44D0298A7075D3C5CF8C3D8D] - (...) -- C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe [1542680] [PID.300] [MD5.29DA2D5958B352022A1BB5CE6FDB427C] - (...) -- C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe [468472] [PID.352] [MD5.3C8B6609712F4FF78E521F6DCFC4032B] - (.Creative Technology Ltd - Creative Service for CDROM Access.) -- C:\WINDOWS\System32\CTSvcCDA.exe [44032] [PID.472] [MD5.999DB5F88C8E145CCA9D471E33227143] - (.Oracle Corporation - Java(TM) Quick Starter Service.) -- C:\Program Files\Java\jre7\bin\jqs.exe [170912] [PID.628] [MD5.13D3959230D35235B51EDC1F8564635D] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [270336] [PID.1008] [MD5.472A00D2183C9E5EDB3E076272741812] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 169.2.) -- C:\WINDOWS\system32\nvsvc32.exe [155716] [PID.1336] [MD5.0DDFF93BD797569ACFD0134C66ED698B] - (.TuneUp Software - TuneUp Utilities Service.) -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1724192] [PID.1888] [MD5.325FB38C323C63C7F57885B4DFB1B91E] - (.Windows (R) Codename Longhorn DDK provider - User Profile Hive Cleanup Service.) -- C:\Program Files\UPHClean\uphclean.exe [399872] [PID.2152] [MD5.581176F60885AEF8F78C6E38DCC3CDF9] - (.Microsoft Corporation - WMDM PMSP Service.) -- C:\WINDOWS\System32\MsPMSPSv.exe [53520] [PID.2200] [MD5.EB4D63C618555024DAC54F619859AD92] - (.G Data Software AG - G Data Persoonlijke Firewall.) -- C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe [1899816] [PID.2828] [MD5.52ACCCCA861285166734F19B252B44B5] - (.TuneUp Software - TuneUp Utilities.) -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe [1926944] [PID.3680] [MD5.2B820A0401F34ACF33A7CDAB06FA13AB] - (.Hewlett-Packard - HPHmon05.) -- C:\WINDOWS\System32\hphmon05.exe [483328] [PID.3304] [MD5.C4C523E78774E05D06EFE3E10017CF6D] - (.Hewlett-Packard Company - PS2 EXE.) -- C:\WINDOWS\system32\ps2.exe [81920] [PID.3768] [MD5.439231898C6FDC13996AE3D733D00FBA] - (.Creative Technology Ltd - CtHelper Application.) -- C:\WINDOWS\system32\CTHELPER.exe [24576] [PID.3776] [MD5.06A1ECB63DF139EC639E084D4AB3C9D7] - (.Hewlett-Packard Company - hpsysdrv.) -- C:\windows\system\hpsysdrv.exe [52736] [PID.3820] [MD5.230EA041666125B6812FE3FF964B2DF3] - (.Agere Systems - SoftModem Messaging Applet.) -- C:\WINDOWS\AGRSMMSG.exe [88209] [PID.2424] [MD5.3E1BA5802473C94C47D63D1750D40E5D] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\WINDOWS\ehome\ehtray.exe [50176] [PID.3940] [MD5.3C961CECCB16B8FFCFB884D4EAC5E6D4] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\WINDOWS\ehome\ehmsas.exe [47104] [PID.2636] [MD5.B386987854E926A9808EB57CA6432B30] - (.G Data Software AG - G Data Security Software.) -- C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe [995352] [PID.336] [MD5.64D8130561103132AA131BE7CD247CAD] - (.G Data Software AG - G Data Personal Firewall.) -- C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1470968] [PID.3484] [MD5.255E405D801CF01247390F38F92D8042] - (...) -- C:\Program Files\Unlocker\UnlockerAssistant.exe [17408] [PID.3512] [MD5.12916E0642E92561C98B18A2A2D01B14] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [252848] [PID.2568] [MD5.1EDC9B85FBFDFE569BDB4A013F8D1242] - (.Gadwin Systems, Inc - Gadwin PrintScreen.) -- C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe [1842384] [PID.2436] [MD5.A97F4E47E5198F1CAA90DBD59F3EFF10] - (.route-101.net - Pas de description.) -- C:\Program Files\IPsO_4\IPsO.exe [372736] [PID.1684] [MD5.40D284168E70423B8FBE16C36D5B9B13] - (.Renier Crause - PopTray E-Mail Notifier.) -- C:\Program Files\PopTray\PopTray.exe [1666048] [PID.2064] [MD5.605664E657464F558F51C84A0F93029F] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [6558208] [PID.1924] [MD5.AB0A7CA90D9E3D6A193905DC1715DED0] - (.Microsoft Corporation - Windows User Mode Driver Manager.) -- C:\WINDOWS\system32\wdfmgr.exe [38912] [PID.2100] [MD5.5E9A6658A2A69AE7EB195113B7A2E7A9] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.2868] ~ Processes Running: Scanned in 00mn 02s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\prefs.js P2 - FPN: [HKLM] [@canon.com/EPPEX] - (.CANON INC. - CANON iMAGE GATEWAY Album Plugin Utility Module.) -- C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.dll ~ Firefox Browser: 17 Legitimates Scanned in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = http://www.google.com R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 11.0.02.) (No version) -- (.not file.) ~ IE Browser: Scanned in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ Keys: Scanned in 00mn 00s ---\\ Redirection du fichier Hosts (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 1 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: G Data BankGuard - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} . (.G Data Software AG - G Data Security Software G Data Bankguard B.) -- C:\Program Files\Fichiers communs\G DATA\AVKProxy\BanksafeBHO.dll ~ BHO: 3 Legitimates Scanned in 00mn 00s ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: Vue HP - [HKLM]{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} . (.Hewlett-Packard Company - hp view toolbar.) -- c:\program files\hp\digital imaging\bin\hpdtlk02.dll O3 - Toolbar: Canon Easy-WebPrint EX - [HKLM]{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} . (.CANON INC. - Easy-WebPrint EX.) -- C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll ~ Toolbar: Scanned in 00mn 00s ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [HPHmon05] . (.Hewlett-Packard - HPHmon05.) -- C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [Recguard] . (.Pas de propriétaire - Recguard Application.) -- C:\WINDOWS\SMINST\RECGUARD.exe O4 - HKLM\..\Run: [PS2] . (.Hewlett-Packard Company - PS2 EXE.) -- C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [CTHelper] . (.Creative Technology Ltd - CtHelper Application.) -- C:\WINDOWS\system32\CTHELPER.exe O4 - HKLM\..\Run: [hpsysdrv] . (.Hewlett-Packard Company - hpsysdrv.) -- c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [AGRSMMSG] . (.Agere Systems - SoftModem Messaging Applet.) -- C:\WINDOWS\AGRSMMSG.exe O4 - HKLM\..\Run: [HPHUPD05] . (.Hewlett-Packard - HPHupd05.) -- c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [ehTray] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe O4 - HKLM\..\Run: [G Data AntiVirus Tray Application] . (.G Data Software AG - G Data Security Software.) -- C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe O4 - HKLM\..\Run: [GDFirewallTray] . (.G Data Software AG - G Data Personal Firewall.) -- C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe O4 - HKLM\..\Run: [UnlockerAssistant] . (...) -- C:\Program Files\Unlocker\UnlockerAssistant.exe O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe O4 - HKLM\..\Run: [KernelFaultCheck] Clé orpheline O4 - HKLM\..\Run: [Microsoft Works Update Detection] . (.Microsoft® Corporation - Détection Microsoft® Works Update.) -- C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [KeyScrambler] . (.QFX Software Corporation - KeyScrambler.) -- C:\Program Files\KeyScrambler\keyscrambler.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Gadwin PrintScreen] . (.Gadwin Systems, Inc - Gadwin PrintScreen.) -- C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] . (.Creative Technology Ltd - mididef.) -- C:\WINDOWS\MIDIDEF.exe O4 - HKUS\S-1-5-18\..\RunOnce: [StartMS] . (.Creative Technology Ltd - StartMS.) -- C:\Program Files\Creative\Shared Files\Media Sniffer\StartMS.exe O4 - HKUS\S-1-5-18\..\RunOnce: [CMSRegOW.exe] . (.Creative Technology Ltd - CMSRegOW.) -- C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe O4 - HKUS\S-1-5-18\..\RunOnce: [adaware] . (.Microsoft Corporation - Outil de Registre de la console.) -- C:\WINDOWS\system32\reg.exe O4 - HKUS\S-1-5-18\..\RunOnce: [adaware_XP] . (.Microsoft Corporation - Outil de Registre de la console.) -- C:\WINDOWS\system32\reg.exe O4 - HKUS\S-1-5-21-2400442452-2798416894-4265972067-1015\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-2400442452-2798416894-4265972067-1015\..\Run: [Gadwin PrintScreen] . (.Gadwin Systems, Inc - Gadwin PrintScreen.) -- C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe ~ Application: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Programs: Adobe Reader XI.lnk . (...) -- C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-AB0000000001}\SC_Reader.ico O4 - GS\Programs: Apple Software Update.lnk . (...) -- C:\WINDOWS\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe O4 - GS\Programs: Enregistrement OCR I.R.I.S..lnk . (.I.R.I.S. SA - Registration Wizard for Readiris 5.0.) -- C:\Program Files\HP\Digital Imaging\DocProc\regipe.exe O4 - GS\Programs: Lanceur de tâches Microsoft Works.lnk . (.Microsoft® Corporation - Microsoft® Works.) -- C:\Program Files\Microsoft Works\msworks.exe O4 - GS\Programs: Microsoft Access.lnk . (...) -- C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\accicons.exe O4 - GS\Programs: Microsoft Excel.lnk . (...) -- C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\xlicons.exe O4 - GS\Programs: Microsoft FrontPage.lnk . (...) -- C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\misc.exe O4 - GS\Programs: Microsoft Outlook.lnk . (...) -- C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\outicon.exe O4 - GS\Programs: Microsoft Picture It! Photo Premium 9.lnk . (.Microsoft Corporation - Picture It! 9.) -- C:\Program Files\Microsoft Picture It! 9\pi.exe O4 - GS\Programs: Microsoft PowerPoint.lnk . (...) -- C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\pptico.exe O4 - GS\Programs: Microsoft Word.lnk . (...) -- C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\wordicon.exe O4 - GS\Programs: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O4 - GS\Programs: MSN Explorer.lnk . (.Microsoft Corporation - msn.) -- C:\Program Files\MSN\MSNCoreFiles\msn6.exe O4 - GS\Programs: TuneUp Utilities 2013.lnk . (.TuneUp Software - TuneUp Utilities - Startoberfläche.) -- C:\Program Files\TuneUp Utilities 2013\Integrator.exe O4 - GS\Programs: Assistance à distance.lnk . (.Microsoft Corporation - Assistance à distance Microsoft.) -- C:\WINDOWS\system32\rcimlby.exe O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Programs: Lecteur Windows Media.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe O4 - GS\Programs: Outlook Express.lnk . (.Microsoft Corporation - Outlook Express.) -- C:\Program Files\Outlook Express\msimn.exe O4 - GS\Programs: Visue processeur.lnk . (.Microsoft Corporation - Gestionnaire des tâches de Windows.) -- C:\WINDOWS\system32\taskmgr.exe O4 - GS\Programs: Windows Install Clean Up.lnk . (...) -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe ~ Global Startup: Scanned in 00mn 01s ---\\ Winsock hijacker (Layered Service Provider) (O10) ~ Winsock: 4 Legitimates Scanned in 00mn 00s ---\\ Piratage de l'Option 'Rétablir les paramètres Web' (O14) O14 - IERESET.INF: START_PAGE_URL=START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ~ IE Paramètres WEB: Scanned in 00mn 00s ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} ((no name)) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} ((no name)) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} ((no name)) - http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} ((no name)) - http://www.photoweb.fr/telechargement/Photoweb_Uploader.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} ((no name)) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} ((no name)) - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} ((no name)) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} ((no name)) - http://office.microsoft.com/officeupdate/content/opuc3.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} ((no name)) - http://www.photoweb.fr/telechargement/telechargement-photoweb.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} ((no name)) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1356110670765 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} ((no name)) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ((no name)) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342348436156 O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} ((no name)) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ((no name)) - http://charon777.free.fr/plugins/hardwaredetection.cab O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} ((no name)) - http://www.tele2mail.com/static/apps/utils/AccountHelper.cab O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ((no name)) - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} ((no name)) - http://www2.bellapix.com/UploadLaboParAurigma/ImageUploader3.cab O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} ((no name)) - http://office.microsoft.com/officeupdate/content/opuc4.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} ((no name)) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} ((no name)) - http://www.bellapix.com/XUpload.ocx ~ Objets ActiveX: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{5ABC57A8-96DD-496F-8636-589B863A121F}: NameServer = 208.67.222.222,208.67.222.220 O17 - HKLM\System\CS1\Services\Tcpip\..\{5ABC57A8-96DD-496F-8636-589B863A121F}: NameServer = 208.67.222.222,208.67.222.220 O17 - HKLM\System\CS3\Services\Tcpip\..\{5ABC57A8-96DD-496F-8636-589B863A121F}: NameServer = 208.67.222.222,208.67.222.220 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\System32\wiascr.dll O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxsrvc Module.) -- C:\WINDOWS\system32\igfxsrvc.dll O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notifications Windows Genuine Advantage.) -- C:\WINDOWS\system32\WgaLogon.dll O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21) ~ SSODL: 4 Legitimates Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated - Adobe® Flash® Player Update Service 11.6 r6.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AVerRemote (AVerRemote) . (.AVerMedia - AVerRemote MFC Application.) - C:\Program Files\Fichiers communs\AVerMedia\Service\AVerRemote.exe O23 - Service: AVerScheduleService (AVerScheduleService) . (.Pas de propriétaire - ScheduleService Module.) - C:\Program Files\Fichiers communs\AVerMedia\Service\AVerScheduleService.exe O23 - Service: G Data AntiVirus Proxy (AVKProxy) . (...) - C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe O23 - Service: Planificateur G Data (AVKService) . (...) - C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe O23 - Service: Gardien du système de fichiers G Data (AVKWCtl) . (.G Data Software AG - G Data Filesystem Monitor Service.) - C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe O23 - Service: Creative Service for CDROM Access (Creative Service for CDROM Access) . (.Creative Technology Ltd - Creative Service for CDROM Access.) - C:\WINDOWS\System32\CTSvcCDA.exe O23 - Service: User Profile Hive Cleanup (UPHClean) . (.Windows (R) Codename Longhorn DDK provider - User Profile Hive Cleanup Service.) - C:\Program Files\UPHClean\uphclean.exe ~ Services: 13 Legitimates Scanned in 00mn 24s ---\\ Enumération Active Desktop & MHTML Editor (O24) O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\marc\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\marc\Local Settings\Application Data\Microsoft\Wallpaper1.bmp ~ Desktop Component: 1 Legitimates Scanned in 00mn 00s ---\\ BootExecute (O34) ~ BEX: 1 Legitimates Scanned in 00mn 00s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Connexion facile à Internet.job [290] O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\rbmonitor.job [282] [MD5.2DC4314926B2D0A140970348728F7E59] [APT] [Connexion facile … Internet] (.Hewlett-Packard.) -- C:\Program Files\Easy Internet signup\HPSdpApp.exe [811090] [MD5.F8AF3814F1796F977E954FC002889C7A] [APT] [rbmonitor] (.Uniblue Systems Limited.) -- C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe [26016] ~ Scheduled Task: 15 Legitimates Scanned in 00mn 01s ---\\ Composants installés (ActiveSetup Installed Components) (O40) ~ Active Setup: 23 Legitimates Scanned in 00mn 01s ---\\ Pilotes lancés au démarrage (O41) O41 - Driver: (GDMnIcpt) . (.G Data Software AG - Filesystem MiniInterceptor (Mini Filter).) - C:\WINDOWS\system32\drivers\MiniIcpt.sys O41 - Driver: (GRD) . (.G Data Software - G Data Rootkit Detector Driver.) - C:\WINDOWS\system32\drivers\GRD.sys O41 - Driver: (HookCentre) . (.G Data Software AG - Security Hook.) - C:\WINDOWS\system32\drivers\HookCentre.sys ~ Drivers: 78 Legitimates Scanned in 00mn 03s ---\\ Logiciels installés (O42) O42 - Logiciel: AM-DeadLink 4.6 - (.www.aignes.com.) [HKLM] -- aignesamdeadlink_is1 O42 - Logiciel: AVerTV - (.AVerMedia Technologies, Inc..) [HKLM] -- InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426} O42 - Logiciel: Adobe Flash Player 11 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX O42 - Logiciel: Adobe Flash Player 11 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin O42 - Logiciel: Adobe Reader XI (11.0.02) - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-AB0000000001} O42 - Logiciel: DVRMSToolbox - (.BabgVant & Durrant.) [HKLM] -- {1A124A8E-1B4A-40BA-93F5-DB075FABE19A} O42 - Logiciel: GEAR 32bit Driver Installer - (.GEAR Software, Inc..) [HKLM] -- {E89B484C-B913-49A0-959B-89E836001658} O42 - Logiciel: Gadwin PrintScreen - (.Gadwin Systems, Inc..) [HKLM] -- Gadwin PrintScreen O42 - Logiciel: Java 7 Update 17 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83217017FF} O42 - Logiciel: KBD - (...) [HKLM] -- KBD O42 - Logiciel: Orb - (.Orb Networks.) [HKLM] -- Orb O42 - Logiciel: Orb Runtime libraries - (.Orb Networks, Inc..) [HKLM] -- {2133CB3F-F891-4081-8681-FEE2B2419FF4} O42 - Logiciel: PopTray 3.20 - (.Renier Crause.) [HKLM] -- PopTray O42 - Logiciel: Power IEv3 - (.Technicland informatique.) [HKLM] -- {AF7C627C-F354-4FF1-8450-398C806B436E} O42 - Logiciel: ScanToWeb - (...) [HKLM] -- {EBAE381B-60A6-4863-AA9F-FCAB755BC9E5} ~ Logic: 156 Legitimates Scanned in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\NetAnalyse] [HKLM\Software\Acrobat Reader] [HKLM\Software\CBS Interactive] [HKLM\Software\DVRMSToolbox] [HKLM\Software\EHELP] [HKLM\Software\GKochaniak] [HKLM\Software\Globespan] [HKLM\Software\HookCentre] [HKLM\Software\Infix PDF] [HKLM\Software\KCSoftware] [HKLM\Software\Ping_Tester] [HKLM\Software\SystemInfoBapmv6530] ~ Key Software: 252 Legitimates Scanned in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 29/09/2012 - 19:03:02 - [2,428] ----D C:\Program Files\AM-DeadLink O43 - CFD: 13/05/2012 - 17:58:52 - [98,395] ----D C:\Program Files\Direct x 10 O43 - CFD: 05/01/2008 - 12:32:13 - [39,861] ----D C:\Program Files\DVRMSToolbox O43 - CFD: 03/10/2006 - 11:02:05 - [12,713] ----D C:\Program Files\Executive Software O43 - CFD: 30/03/2009 - 18:21:46 - [0,740] ----D C:\Program Files\FDF O43 - CFD: 05/04/2013 - 18:11:45 - [4,470] ----D C:\Program Files\GUMBC.tmp O43 - CFD: 24/12/2009 - 17:50:21 - [0] ----D C:\Program Files\HardwareDetection O43 - CFD: 08/04/2013 - 16:22:45 - [5,082] ----D C:\Program Files\IPsO_4 O43 - CFD: 01/01/2004 - 11:32:24 - [0,014] ----D C:\Program Files\Jeux O43 - CFD: 31/03/2010 - 18:01:08 - [0,069] ----D C:\Program Files\NKProds O43 - CFD: 17/02/2013 - 17:34:46 - [2,879] ----D C:\Program Files\PopTray O43 - CFD: 28/04/2009 - 17:55:16 - [4,932] ----D C:\Program Files\Power IE O43 - CFD: 04/10/2004 - 12:12:57 - [29,568] ----D C:\Program Files\RecordNow! O43 - CFD: 28/04/2006 - 17:04:23 - [0,120] ----D C:\Program Files\Weather Watcher O43 - CFD: 31/08/2005 - 11:45:32 - [0,070] ----D C:\Program Files\WinASPI O43 - CFD: 25/11/2007 - 18:03:08 - [0] ----D C:\Program Files\Fichiers communs\element5 Shared O43 - CFD: 07/04/2013 - 18:07:36 - [0,475] ----D C:\Documents and Settings\marc\Application Data\Allmyapps O43 - CFD: 24/02/2013 - 12:28:24 - [0,160] ----D C:\Documents and Settings\marc\Application Data\C3601B61-7C2A-46B5-BE03-29B77F41FD9F O43 - CFD: 01/01/2004 - 10:09:34 - [8,875] ----D C:\Documents and Settings\marc\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030} O43 - CFD: 16/02/2013 - 17:58:12 - [0,003] ----D C:\Documents and Settings\marc\Menu Démarrer\Programmes\IPsO O43 - CFD: 17/02/2013 - 17:34:47 - [0,003] ----D C:\Documents and Settings\marc\Menu Démarrer\Programmes\PopTray O43 - CFD: 05/04/2013 - 18:10:59 - [0,001] ----D C:\Documents and Settings\marc\Menu Démarrer\Programmes\Sawbuck ~ Program Folder: 191 Legitimates Scanned in 00mn 36s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.F5DE35F1B773EA419FB7793DBF171E01] - 08/04/2013 - 11:54:55 ---A- . (...) -- C:\WINDOWS\system32\BMXBkpCtrlState-{00000002-00000000-0000000B-00001102-00000004-20051102}.rfx [29952] O44 - LFC:[MD5.F5DE35F1B773EA419FB7793DBF171E01] - 08/04/2013 - 11:54:55 ---A- . (...) -- C:\WINDOWS\system32\BMXCtrlState-{00000002-00000000-0000000B-00001102-00000004-20051102}.rfx [29952] O44 - LFC:[MD5.443BA7D86BCBCF35A8F3B8D9355EFE31] - 08/04/2013 - 11:54:55 ---A- . (...) -- C:\WINDOWS\system32\BMXState-{00000002-00000000-0000000B-00001102-00000004-20051102}.rfx [30888] O44 - LFC:[MD5.443BA7D86BCBCF35A8F3B8D9355EFE31] - 08/04/2013 - 11:54:55 ---A- . (...) -- C:\WINDOWS\system32\BMXStateBkp-{00000002-00000000-0000000B-00001102-00000004-20051102}.rfx [30888] O44 - LFC:[MD5.7DCB9ADB541020360953094B2CB4F300] - 08/04/2013 - 11:54:55 ---A- . (...) -- C:\WINDOWS\system32\DVCState-{00000002-00000000-0000000B-00001102-00000004-20051102}.dat [384] O44 - LFC:[MD5.7DCB9ADB541020360953094B2CB4F300] - 08/04/2013 - 11:54:55 ---A- . (...) -- C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-0000000B-00001102-00000004-20051102}.dat [384] O44 - LFC:[MD5.89E7F65AB8D6A6EB193EF57C30840F8D] - 08/04/2013 - 11:54:55 ---A- . (...) -- C:\WINDOWS\system32\settings.sfm [1080] O44 - LFC:[MD5.89E7F65AB8D6A6EB193EF57C30840F8D] - 08/04/2013 - 11:54:55 ---A- . (...) -- C:\WINDOWS\system32\settingsbkup.sfm [1080] O44 - LFC:[MD5.06EC71C638667ADFB5F2C48AF039D7B3] - 08/04/2013 - 11:54:52 ---A- . (...) -- C:\WINDOWS\{00000002-00000000-0000000B-00001102-00000004-20051102}.CDF [4932268] O44 - LFC:[MD5.59CEBE2FB01D897F982BE915B7976D94] - 08/04/2013 - 11:54:50 ---A- . (...) -- C:\WINDOWS\wiadebug.log [561] O44 - LFC:[MD5.8468E186794CAFAD6AFF4E73E7228C10] - 08/04/2013 - 10:34:07 ---A- . (...) -- C:\WINDOWS\system32\nmp.map [53768] O44 - LFC:[MD5.06066F28A565431B1487945425419419] - 08/04/2013 - 10:34:07 ---A- . (...) -- C:\WINDOWS\system32\sig.bin [1034977] O44 - LFC:[MD5.A796825263369218437E13DD616DBD36] - 08/04/2013 - 10:29:57 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50] O44 - LFC:[MD5.AC280F7EE7BFB4B5E8380CD48139A376] - 07/04/2013 - 17:12:56 ---A- . (...) -- C:\AdwCleaner[S8].txt [1885] O44 - LFC:[MD5.086F365ED4A09F3A6519C06D91E29BA0] - 07/04/2013 - 17:11:22 ---A- . (...) -- C:\AdwCleaner[R8].txt [1785] O44 - LFC:[MD5.10A6CF1843F8830B60DCA87792FD3DF6] - 04/04/2013 - 19:00:00 ---A- . (.Pas de propriétaire - ffdshow VFW.) -- C:\WINDOWS\system32\ff_vfw.dll [112640] O44 - LFC:[MD5.39181EABB0E4CA1E8B7BF7B3C3A1DEFE] - 31/03/2013 - 19:01:53 ---A- . (...) -- C:\Auth.prof [40] O44 - LFC:[MD5.7E57C9B6A2E2E1D3216BBA505860E002] - 01/04/2013 - 10:45:15 --HA- . (...) -- C:\WINDOWS\system32\default_user_class.dat.LOG [1024] O44 - LFC:[MD5.FA425C74CE2EB719B2A77A7A2ADDAE32] - 01/04/2013 - 10:06:35 ---A- . (.Pas de propriétaire - Lagarith.) -- C:\WINDOWS\system32\lagarith.dll [216064] O44 - LFC:[MD5.22722B4E887BB95AB071542DE5A42C80] - 01/04/2013 - 10:06:35 ---A- . (.http://www.mp3dev.org/ - Lame MP3 codec engine.) -- C:\WINDOWS\system32\lameACM.acm [839680] O44 - LFC:[MD5.006C6378513685ACDFFA84A5ECB86F76] - 01/04/2013 - 10:06:32 ---A- . (.fccHandler - AC-3 ACM Codec.) -- C:\WINDOWS\system32\ac3acm.acm [151552] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 30/03/2013 - 09:53:19 ----- . (...) -- C:\WINDOWS\Sti_Trace.log [0] O44 - LFC:[MD5.FBE5C2BDED0E85F6F0E68D1D6F2521DF] - 17/03/2013 - 17:21:30 ---A- . (.x264vfw project - x264vfw - H.264/MPEG-4 AVC codec.) -- C:\WINDOWS\system32\x264vfw.dll [3649536] O44 - LFC:[MD5.671FEF5266B8AA14C0B69B38C24BD8BD] - 21/05/2012 - 22:48:30 ---A- . (...) -- C:\WINDOWS\system32\lame_acm.xml [415] O44 - LFC:[MD5.56552C7C36B6237704CE3BA9DF49FECF] - 24/06/2011 - 15:44:30 ---A- . (...) -- C:\WINDOWS\system32\xvidvfw.dll [243200] O44 - LFC:[MD5.C26B7B8CA40C627B9DE399F9F8FACC69] - 24/06/2011 - 15:28:22 ---A- . (...) -- C:\WINDOWS\system32\xvidcore.dll [650752] O44 - LFC:[MD5.DED4C49C39D6CEFC00FDA0C4D7D59407] - 22/06/2011 - 15:14:00 ---A- . (...) -- C:\WINDOWS\system32\ff_vfw.dll.manifest [714] ~ Files: 49 Legitimates Scanned in 00mn 54s ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.1BC8E4E463E6E92D66E89FE31B283E5F] - 07/04/2013 - 09:54:52 ---A- - C:\WINDOWS\Prefetch\PROGRAMDEACTIVATOR.EXE-30E3757D.pf O45 - LFCP:[MD5.897720CF21B44D167FFB0D8EC340734A] - 07/04/2013 - 09:56:42 ---A- - C:\WINDOWS\Prefetch\SUMO.EXE-0C8FAC84.pf O45 - LFCP:[MD5.0E00532F35DBA45EE4AA95FE1CD4D494] - 07/04/2013 - 10:34:09 ---A- - C:\WINDOWS\Prefetch\NS21.TMP-1601D28C.pf O45 - LFCP:[MD5.C442A1272B26DC1F8F82D3CB7E3AAE34] - 07/04/2013 - 10:34:09 ---A- - C:\WINDOWS\Prefetch\NS24.TMP-23C2C16F.pf O45 - LFCP:[MD5.1E17F4E502CA12FA4597F77496BDA47D] - 07/04/2013 - 16:51:54 ---A- - C:\WINDOWS\Prefetch\K-LITE_CODEC_PACK_985_MEGA.EX-1E59B665.pf O45 - LFCP:[MD5.49A09673C8D0A04EC2D3771982173E0F] - 07/04/2013 - 16:51:55 ---A- - C:\WINDOWS\Prefetch\K-LITE_CODEC_PACK_985_MEGA.TM-2FBCD9D6.pf O45 - LFCP:[MD5.7BBC9EADCCE209DD134E9EA2A04EED50] - 07/04/2013 - 16:51:58 ---A- - C:\WINDOWS\Prefetch\_IU14D2N.TMP-06B48FF9.pf O45 - LFCP:[MD5.D7976B8BC709C0D4597F509154C027E0] - 07/04/2013 - 16:53:31 ---A- - C:\WINDOWS\Prefetch\CODECTWEAKTOOL.EXE-025B4564.pf O45 - LFCP:[MD5.756D0E954461E761B0C38B0614170A61] - 07/04/2013 - 16:55:00 ---A- - C:\WINDOWS\Prefetch\MEDIA_PLAYER_CLASSIC_HOME_CIN-0E75BDD1.pf O45 - LFCP:[MD5.B22ED9CD62C2C8257B02FA4BAC3F4A4F] - 07/04/2013 - 16:55:01 ---A- - C:\WINDOWS\Prefetch\MEDIA_PLAYER_CLASSIC_HOME_CIN-0118D9D1.pf O45 - LFCP:[MD5.2CB1479E36FEB829CCE6E550E4292F37] - 07/04/2013 - 16:56:04 ---A- - C:\WINDOWS\Prefetch\MPC-HC.EXE-39E7C0DE.pf O45 - LFCP:[MD5.542A1FFDA137D3B74E752FDFC3CDADC9] - 07/04/2013 - 16:57:14 ---A- - C:\WINDOWS\Prefetch\RECUVA_1.46.919_FR_31279.EXE-22BB4D21.pf O45 - LFCP:[MD5.0317FFF274F17C5BE21917A365F909B5] - 07/04/2013 - 16:57:31 ---A- - C:\WINDOWS\Prefetch\NS1A.TMP-235A0BDB.pf O45 - LFCP:[MD5.5DBCD831E6C95A045F67D7E7286F1DF2] - 07/04/2013 - 16:57:57 ---A- - C:\WINDOWS\Prefetch\RECUVA.EXE-29EDF697.pf O45 - LFCP:[MD5.B4E8CF9399E03DE881CA37F351CE3C13] - 07/04/2013 - 17:01:19 ---A- - C:\WINDOWS\Prefetch\SPEEDYFOX 2.0.3.65.EXE-0F1B2465.pf O45 - LFCP:[MD5.61494CA0C588BAF9C61880D76494E286] - 07/04/2013 - 17:02:14 ---A- - C:\WINDOWS\Prefetch\DESKTOPOK 2.41.EXE-089A1D3D.pf O45 - LFCP:[MD5.82994AE981308390EA4A286DDC10247E] - 07/04/2013 - 17:04:49 ---A- - C:\WINDOWS\Prefetch\CHROME_INSTALLER-26.0.1410.43-0AC10282.pf O45 - LFCP:[MD5.C7B452E7E26EA49BFCF1230931F4248E] - 07/04/2013 - 17:05:10 ---A- - C:\WINDOWS\Prefetch\26.0.1410.43_CHROME_INSTALLER-085B8DB2.pf O45 - LFCP:[MD5.F1586A0C96E5AECA50091356DD2E71F2] - 07/04/2013 - 17:06:33 ---A- - C:\WINDOWS\Prefetch\ALLMYAPPS.EXE-0C497FC7.pf O45 - LFCP:[MD5.286754978319C0841CD96431E7B7423C] - 07/04/2013 - 17:06:34 ---A- - C:\WINDOWS\Prefetch\CRASHSENDER1301.EXE-0848C4B4.pf O45 - LFCP:[MD5.0685640F2D94E95B318ECAB8590875CD] - 07/04/2013 - 17:22:34 ---A- - C:\WINDOWS\Prefetch\GDFIREWALLTRAY.EXE-2FF190E5.pf O45 - LFCP:[MD5.0593ECAC6E9BA5BD3FE4A05D1E243B2F] - 07/04/2013 - 18:29:45 ---A- - C:\WINDOWS\Prefetch\IPSO.EXE-3B142144.pf O45 - LFCP:[MD5.42BDECF4BD42F614D6F0252A68C4C3BF] - 07/04/2013 - 18:29:45 ---A- - C:\WINDOWS\Prefetch\KEYSCRAMBLER.EXE-3A8036D6.pf O45 - LFCP:[MD5.28CA0C865BA8C5DC0A3CFFC02E5BEC4E] - 07/04/2013 - 18:29:45 ---A- - C:\WINDOWS\Prefetch\MSPMSPSV.EXE-13D52AC2.pf O45 - LFCP:[MD5.38CC378C0761C86D36C9F96A82ABF69A] - 07/04/2013 - 18:29:45 ---A- - C:\WINDOWS\Prefetch\POPTRAY.EXE-385BD482.pf O45 - LFCP:[MD5.7E1FE2A0FDE8EC5F24F1506D4862E445] - 07/04/2013 - 18:29:45 ---A- - C:\WINDOWS\Prefetch\TUNEUPUTILITIESSERVICE32.EXE-1CDBC610.pf O45 - LFCP:[MD5.E7647660152D5E6DD0213EE4E93483BE] - 07/04/2013 - 18:29:45 ---A- - C:\WINDOWS\Prefetch\UPHCLEAN.EXE-38E40E8B.pf O45 - LFCP:[MD5.0A12C1FDA46B9EACD76B41A1D272361B] - 07/04/2013 - 18:29:57 ---A- - C:\WINDOWS\Prefetch\GDFWADMIN.EXE-18B5800C.pf O45 - LFCP:[MD5.11A256B429237D835585A5137C91DB5F] - 07/04/2013 - 21:15:25 ---A- - C:\WINDOWS\Prefetch\SHUTDOWN.EXE-00AD91B0.pf O45 - LFCP:[MD5.1125744419919AE65171406E4A283287] - 08/04/2013 - 10:30:51 ---A- - C:\WINDOWS\Prefetch\GDFWSVC.EXE-0773CEA0.pf O45 - LFCP:[MD5.1AEF48360ADB3D0318813D6A70A59322] - 08/04/2013 - 10:32:22 ---A- - C:\WINDOWS\Prefetch\INITIALIZE.EXE-2316EC09.pf O45 - LFCP:[MD5.443DC38B583801162C4112E20FF3D817] - 08/04/2013 - 10:32:29 ---A- - C:\WINDOWS\Prefetch\TUNEUPUTILITIESAPP32.EXE-22C48212.pf O45 - LFCP:[MD5.E253737ABEDC842CB2E4436962459EC5] - 08/04/2013 - 10:32:32 ---A- - C:\WINDOWS\Prefetch\RECGUARD.EXE-16078673.pf O45 - LFCP:[MD5.813BEB6B3AEBEBBBB442B3390762480D] - 08/04/2013 - 10:32:42 ---A- - C:\WINDOWS\Prefetch\AGRSMMSG.EXE-071EDC2A.pf O45 - LFCP:[MD5.6E0B334FFD531DFEB6E8363EE1D68F8B] - 08/04/2013 - 10:32:42 ---A- - C:\WINDOWS\Prefetch\HPHMON05.EXE-1C7A07AD.pf O45 - LFCP:[MD5.4552426CEDDA796AC57C5DBD41116359] - 08/04/2013 - 10:32:42 ---A- - C:\WINDOWS\Prefetch\PS2.EXE-23667557.pf O45 - LFCP:[MD5.6C7B2432BF50180B57B0F850D8258DB4] - 08/04/2013 - 10:32:43 ---A- - C:\WINDOWS\Prefetch\AVKTRAY.EXE-23286FF0.pf O45 - LFCP:[MD5.96398E7E5038D1C7FE8441B33E655902] - 08/04/2013 - 11:46:45 ---A- - C:\WINDOWS\Prefetch\CNMSEAD.EXE-084FB023.pf O45 - LFCP:[MD5.5F50736357AA965D3F7F3AF298675E60] - 08/04/2013 - 14:51:42 ---A- - C:\WINDOWS\Prefetch\AVK.EXE-3025CFD9.pf O45 - LFCP:[MD5.7E310CE6764FC6A30E341AA01D6C5034] - 08/04/2013 - 15:18:17 ---A- - C:\WINDOWS\Prefetch\WKDSTORE.EXE-23505CEE.pf ~ Prefetcher: 130 Legitimates Scanned in 00mn 03s ---\\ Opérations et fonctions au démarrage de Windows Explorer (O46) O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll ~ ShellExecuteHooks: Scanned in 00mn 00s ---\\ Export de clé d'application autorisée (O47) O47 - AAKE:Key Export SP - "C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" [Enabled] .(.IVT Corporation..) -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe O47 - AAKE:Key Export SP - "C:\Program Files\Orb Networks\Orb\bin\Orb.exe" [Enabled] .(.Orb Networks, Inc..) -- C:\Program Files\Orb Networks\Orb\bin\Orb.exe O47 - AAKE:Key Export SP - "C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" [Enabled] .(.Orb Networks.) -- C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe O47 - AAKE:Key Export SP - "C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe" [Enabled] .(.Orb Networks.) -- C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe O47 - AAKE:Key Export SP - "C:\Program Files\Orb Networks\Orb\bin\xmltv.exe" [Enabled] .(.XMLTV Project http://www.xmltv.org.) -- C:\Program Files\Orb Networks\Orb\bin\xmltv.exe O47 - AAKE:Key Export SP - "C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe" [Enabled] .(.Orb Networks.) -- C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe O47 - AAKE:Key Export SP - "C:\Program Files\ma-config.com\maconfservice.exe" [Enabled] .(...) -- C:\Program Files\ma-config.com\maconfservice.exe (.not file.) ~ Keys Export: 13 Legitimates Scanned in 00mn 00s ---\\ Déni du service (Local Security Authority) (O48) ~ LSA: 6 Legitimates Scanned in 00mn 00s ---\\ Contrôle du Safe Boot (CSB) (O49) ~ CBS: 21 Legitimates Scanned in 00mn 01s ---\\ Image File Execution Options (IFEO) (O50) O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d ~ IFEO: Scanned in 00mn 00s ---\\ Trojan Driver Search Data (HKLM) (O52) O52 - TDSD: \Drivers32\"vidc.LEAD"="LCODCCMP.DLL" . (.LEAD Technologies, Inc. - LEAD MCMP/MJPEG Codec.) -- C:\WINDOWS\system32\LCODCCMP.dll O52 - TDSD: \drivers.desc\"LCODCCMP.DLL"="LEAD MCMP/MJPEG Codec (VFW)" . (.LEAD Technologies, Inc. - LEAD MCMP/MJPEG Codec.) -- C:\WINDOWS\system32\LCODCCMP.dll ~ TDSD: 24 Legitimates Scanned in 00mn 03s ---\\ ShareTools MSconfig StartupReg (O53) O53 - SMSR:HKLM\...\startupreg\Adobe Reader Synchronizer [Key] . (...) -- C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\Allmyapps [Key] . (...) -- C:\Documents and Settings\Administrateur\Application Data\Allmyapps\Allmyapps.exe O53 - SMSR:HKLM\...\startupreg\Allmyapps Update [Key] . (...) -- C:\Documents and Settings\Administrateur\Application Data\Allmyapps\AllmyappsUpdater.exe O53 - SMSR:HKLM\...\startupreg\NeroCheck [Key] . (.Ahead Software Gmbh - NeroCheck.) -- C:\WINDOWS\system32\NeroCheck.exe O53 - SMSR:HKLM\...\startupreg\OSSelectorReinstall [Key] . (...) -- C:\Program Files\Fichiers communs\Acronis\Acronis Disk Director\oss_reinstall.exe O53 - SMSR:HKLM\...\startupreg\TrueImageMonitor.exe [Key] . (...) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe O53 - SMSR:HKLM\...\startupreg\UpdateManager [Key] . (.Sonic Solutions - Sonic Update Manager.) -- c:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe ~ SMSR Keys: 28 Legitimates Scanned in 00mn 01s ---\\ Microsoft Control Security Providers (O54) ~ MSCP: 6 Legitimates Scanned in 00mn 00s ---\\ Microsoft Windows Policies System (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1 ~ MWPS: 7 Legitimates Scanned in 00mn 00s ---\\ Microsoft Windows Policies Explorer (O56) ~ MWPE Keys: 6 Legitimates Scanned in 00mn 00s ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.53696AD8FFC5FAC51949A525FF65A689] - 24/02/2013 - 11:28:24 ---A- . (.Acronis - File Level CDP Kernel Helper.) -- C:\WINDOWS\system32\Drivers\afcdp.sys [167968] O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 12/02/2004 - 02:39:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037] ~ Drivers: Scanned in 00mn 00s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 05/04/2013 - 11:30:48 ---A- C:\Documents and Settings\marc\Application Data\G-Force Prefs (WindowsMediaPlayer).txt [191] O61 - LFC: 05/04/2013 - 11:31:06 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\History Index 2013-04 [417792] O61 - LFC: 05/04/2013 - 11:31:06 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\History Index 2013-04-journal [16384] O61 - LFC: 05/04/2013 - 11:31:07 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Cache\f_0002bc [178948] O61 - LFC: 05/04/2013 - 11:31:09 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Top Sites [28672] O61 - LFC: 05/04/2013 - 11:31:09 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Top Sites-journal [16384] O61 - LFC: 05/04/2013 - 11:31:10 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Cache\f_0002bd [21417] O61 - LFC: 05/04/2013 - 11:31:10 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Session Storage\000286.sst [146] O61 - LFC: 05/04/2013 - 11:35:21 ---A- C:\Documents and Settings\marc\Application Data\Microsoft\Media Player\006D3120.wpl [192] O61 - LFC: 05/04/2013 - 11:35:30 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Session Storage\000288.sst [187144] O61 - LFC: 05/04/2013 - 11:38:00 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extension State\LOG.old [267] O61 - LFC: 05/04/2013 - 11:38:04 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\File System\Origins\LOG.old [148] O61 - LFC: 05/04/2013 - 11:38:05 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Session Storage\000291.sst [187158] O61 - LFC: 05/04/2013 - 11:38:06 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Bookmarks.bak [207705] O61 - LFC: 05/04/2013 - 11:38:06 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Cache\f_0002c0 [27841] O61 - LFC: 05/04/2013 - 11:38:07 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Cache\f_0002c1 [21417] O61 - LFC: 05/04/2013 - 11:38:08 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\File System\000\p\Paths\LOG.old [148] O61 - LFC: 05/04/2013 - 11:38:08 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Session Storage\LOG.old [272] O61 - LFC: 05/04/2013 - 11:38:13 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Last Tabs [1374] O61 - LFC: 05/04/2013 - 11:38:14 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Last Session [3151] O61 - LFC: 05/04/2013 - 11:38:16 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extension State\CURRENT [16] O61 - LFC: 05/04/2013 - 11:38:16 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extension State\MANIFEST-000227 [543] O61 - LFC: 05/04/2013 - 11:38:18 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extension State\LOG [267] O61 - LFC: 05/04/2013 - 11:38:18 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Login Data [16384] O61 - LFC: 05/04/2013 - 11:38:18 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Login Data-journal [8736] O61 - LFC: 05/04/2013 - 11:38:18 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Web Data [83968] O61 - LFC: 05/04/2013 - 11:38:18 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Web Data-journal [16384] O61 - LFC: 05/04/2013 - 11:38:19 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Bookmarks [207705] O61 - LFC: 05/04/2013 - 11:38:19 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Cache\f_0002c2 [27766] O61 - LFC: 05/04/2013 - 11:38:19 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\File System\000\p\Paths\CURRENT [16] O61 - LFC: 05/04/2013 - 11:38:19 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\File System\000\p\Paths\MANIFEST-000167 [88] O61 - LFC: 05/04/2013 - 11:38:19 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\File System\Origins\CURRENT [16] O61 - LFC: 05/04/2013 - 11:38:19 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\File System\Origins\MANIFEST-000177 [142] O61 - LFC: 05/04/2013 - 11:38:21 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Local Storage\chrome-extension_mfidmkgnfgnkihnjeklbekckimkipmoe_0.localstorage [3072] O61 - LFC: 05/04/2013 - 11:38:21 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Local Storage\chrome-extension_mfidmkgnfgnkihnjeklbekckimkipmoe_0.localstorage-journal [3608] O61 - LFC: 05/04/2013 - 11:38:22 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Session Storage\000294.sst [374113] O61 - LFC: 05/04/2013 - 11:38:22 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Session Storage\CURRENT [16] O61 - LFC: 05/04/2013 - 11:38:22 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Session Storage\MANIFEST-000293 [252] O61 - LFC: 05/04/2013 - 11:38:24 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\File System\000\p\Paths\LOG [148] O61 - LFC: 05/04/2013 - 11:38:24 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Session Storage\LOG [272] O61 - LFC: 05/04/2013 - 11:38:26 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\File System\Origins\LOG [148] O61 - LFC: 05/04/2013 - 11:38:27 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Favicons [604160] O61 - LFC: 05/04/2013 - 11:38:27 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Favicons-journal [16384] O61 - LFC: 05/04/2013 - 11:38:27 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Managed Mode Settings [8] O61 - LFC: 05/04/2013 - 11:38:36 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\databases\chrome-extension_epanfjkfahimkgomnigadpkobaefekcd_0\1 [114688] O61 - LFC: 05/04/2013 - 11:38:37 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Local Storage\chrome-extension_epanfjkfahimkgomnigadpkobaefekcd_0.localstorage [5120] O61 - LFC: 05/04/2013 - 11:38:37 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Local Storage\chrome-extension_epanfjkfahimkgomnigadpkobaefekcd_0.localstorage-journal [5672] O61 - LFC: 05/04/2013 - 11:38:49 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Cookies [32768] O61 - LFC: 05/04/2013 - 11:38:49 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Cookies-journal [16384] O61 - LFC: 05/04/2013 - 11:38:49 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\QuotaManager [19456] O61 - LFC: 05/04/2013 - 11:38:49 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\QuotaManager-journal [8768] O61 - LFC: 05/04/2013 - 11:38:55 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Local State [23156] O61 - LFC: 05/04/2013 - 11:38:55 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Current Tabs [1374] O61 - LFC: 05/04/2013 - 11:38:55 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Sync Data\SyncData.sqlite3 [2318336] O61 - LFC: 05/04/2013 - 11:38:56 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Cache\data_0 [229376] O61 - LFC: 05/04/2013 - 11:38:56 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Cache\data_1 [4726784] O61 - LFC: 05/04/2013 - 11:38:56 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Cache\data_2 [8396800] O61 - LFC: 05/04/2013 - 11:38:56 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Current Session [1910] O61 - LFC: 05/04/2013 - 11:38:56 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\History [364544] O61 - LFC: 05/04/2013 - 11:38:56 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\History Provider Cache [23294] O61 - LFC: 05/04/2013 - 11:38:56 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\History-journal [16384] O61 - LFC: 05/04/2013 - 11:38:56 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Preferences [116201] O61 - LFC: 05/04/2013 - 11:38:56 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Sync Data\SyncData.sqlite3-journal [16384] O61 - LFC: 05/04/2013 - 11:38:56 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\chrome_shutdown_ms.txt [5] O61 - LFC: 05/04/2013 - 15:44:42 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\bookmarkbackups\bookmarks-2013-04-05.json [162517] O61 - LFC: 05/04/2013 - 15:47:51 ---A- C:\Documents and Settings\marc\Recent\Erreur 7.doc.lnk [482] O61 - LFC: 05/04/2013 - 15:53:20 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\adblockplus-rules.json [365283] O61 - LFC: 05/04/2013 - 15:56:05 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\mimeTypes.rdf [4430] O61 - LFC: 05/04/2013 - 15:56:09 ---A- C:\Documents and Settings\marc\Recent\Patch_FR_Tweak_UI_v2.10.0.5.zip.lnk [617] O61 - LFC: 05/04/2013 - 15:56:09 ---A- C:\Documents and Settings\marc\Recent\TweakUI.lnk [549] O61 - LFC: 05/04/2013 - 16:36:07 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [117153] O61 - LFC: 05/04/2013 - 16:49:14 ---A- C:\Documents and Settings\marc\Recent\MARC.lnk [349] O61 - LFC: 05/04/2013 - 16:49:14 ---A- C:\Documents and Settings\marc\Recent\echec google earth.jpg.lnk [512] O61 - LFC: 05/04/2013 - 17:10:59 ---A- C:\Documents and Settings\marc\Menu Démarrer\Programmes\Sawbuck\Sawbuck.lnk [830] O61 - LFC: 05/04/2013 - 17:10:59 ---A- C:\Documents and Settings\marc\Menu Démarrer\Programmes\Sawbuck\Uninstall Sawbuck.lnk [551] O61 - LFC: 05/04/2013 - 17:11:00 R--A- C:\Documents and Settings\marc\Application Data\Microsoft\Installer\{459BFE07-FCF3-4274-AC8B-8E8DDA7214BA}\icon.ico [96583] O61 - LFC: 05/04/2013 - 17:13:18 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\pluginreg.dat [10091] O61 - LFC: 05/04/2013 - 17:28:13 ---A- C:\Documents and Settings\marc\Recent\Dépannage installation.doc.lnk [825] O61 - LFC: 05/04/2013 - 17:28:13 ---A- C:\Documents and Settings\marc\Recent\Google Chrome.lnk [568] O61 - LFC: 05/04/2013 - 17:46:07 ---A- C:\Documents and Settings\marc\Recent\Google earth.lnk [565] O61 - LFC: 05/04/2013 - 17:46:07 ---A- C:\Documents and Settings\marc\Recent\dépannage avec Sawbuck.doc.lnk [820] O61 - LFC: 05/04/2013 - 17:48:03 ---A- C:\Documents and Settings\marc\Recent\CODES.pdf.lnk [306] O61 - LFC: 06/04/2013 - 09:31:59 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\bookmarkbackups\bookmarks-2013-04-06.json [162517] O61 - LFC: 06/04/2013 - 10:12:41 ---A- C:\Documents and Settings\marc\Bureau\OTL\Réinstallation Chrome et Earth.doc [20480] O61 - LFC: 06/04/2013 - 10:43:04 ---A- C:\Documents and Settings\marc\Recent\Réinstallation Chrome et Earth.doc.lnk [481] O61 - LFC: 06/04/2013 - 13:55:27 ---A- C:\Documents and Settings\marc\Recent\COMPTES DIVERS.doc.lnk [735] O61 - LFC: 06/04/2013 - 13:55:27 ---A- C:\Documents and Settings\marc\Recent\Divers.lnk [542] O61 - LFC: 06/04/2013 - 13:55:28 ---A- C:\Documents and Settings\marc\Application Data\Microsoft\Épreuve\CUSTOM.DIC [51] O61 - LFC: 06/04/2013 - 14:00:38 ---A- C:\Documents and Settings\marc\Recent\Année 2013.lnk [556] O61 - LFC: 06/04/2013 - 14:00:38 ---A- C:\Documents and Settings\marc\Recent\Compte PEA la Poste 2013.xls.lnk [787] O61 - LFC: 06/04/2013 - 14:07:03 ---A- C:\Documents and Settings\marc\Bureau\OTL\OTL.exe [602112] O61 - LFC: 06/04/2013 - 17:33:58 ---A- C:\Documents and Settings\marc\Bureau\OTL\OTL.doc [147456] O61 - LFC: 06/04/2013 - 17:34:02 ---A- C:\Documents and Settings\marc\Recent\OTL.doc.lnk [394] O61 - LFC: 06/04/2013 - 18:45:36 ---A- C:\Documents and Settings\marc\Application Data\Microsoft\Windows\Themes\Custom.theme [7806] O61 - LFC: 06/04/2013 - 18:46:19 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Microsoft\Wallpaper1.bmp [2090034] O61 - LFC: 06/04/2013 - 18:46:19 -SHA- C:\Documents and Settings\marc\Application Data\Microsoft\Internet Explorer\Desktop.htt [2696] O61 - LFC: 07/04/2013 - 03:25:27 ---A- C:\Documents and Settings\marc\Bureau\OTL\Capture image OTL avant interruption.jpg [81768] O61 - LFC: 07/04/2013 - 03:26:57 ---A- C:\Documents and Settings\marc\Recent\Capture N° 2.jpg.lnk [351] O61 - LFC: 07/04/2013 - 09:15:34 ---A- C:\Documents and Settings\marc\Recent\Capture N° 1.jpg.lnk [427] O61 - LFC: 07/04/2013 - 09:39:42 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\bookmarkbackups\bookmarks-2013-04-07.json [162816] O61 - LFC: 07/04/2013 - 09:41:17 ---A- C:\Documents and Settings\marc\Bureau\OTL\Arrêt OTL.doc [20992] O61 - LFC: 07/04/2013 - 09:45:49 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\blocklist.xml [58746] O61 - LFC: 07/04/2013 - 09:53:25 ---A- C:\Documents and Settings\marc\Recent\Arrêt OTL.doc.lnk [691] O61 - LFC: 07/04/2013 - 09:57:37 ---A- C:\Documents and Settings\marc\Application Data\KC Softwares\SUMo\reg.sumo [11260] O61 - LFC: 07/04/2013 - 09:57:58 ---A- C:\Documents and Settings\marc\Application Data\KC Softwares\SUMo\db.bak [6713] O61 - LFC: 07/04/2013 - 09:58:28 ---A- C:\Documents and Settings\marc\Application Data\KC Softwares\SUMo\SUMo.cache [5332] O61 - LFC: 07/04/2013 - 09:59:36 ---A- C:\Documents and Settings\marc\Recent\sumo1.jpg.lnk [306] O61 - LFC: 07/04/2013 - 10:00:03 ---A- C:\Documents and Settings\marc\Recent\sumo2.jpg.lnk [306] O61 - LFC: 07/04/2013 - 10:00:05 ---A- C:\Documents and Settings\marc\Application Data\KC Softwares\SUMo\db.sumo [6713] O61 - LFC: 07/04/2013 - 10:21:01 ---A- C:\Documents and Settings\marc\Recent\Adresse téléchargement Sumo.doc.lnk [1058] O61 - LFC: 07/04/2013 - 10:21:01 ---A- C:\Documents and Settings\marc\Recent\sumo.lnk [734] O61 - LFC: 07/04/2013 - 10:34:09 ---A- C:\Documents and Settings\marc\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [753] O61 - LFC: 07/04/2013 - 10:34:14 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Crash Reports\InstallTime20130326150557 [10] O61 - LFC: 07/04/2013 - 10:34:25 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\addons.sqlite [524288] O61 - LFC: 07/04/2013 - 10:34:27 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\extensions.sqlite [557056] O61 - LFC: 07/04/2013 - 10:34:30 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\search.json [10826] O61 - LFC: 07/04/2013 - 10:38:39 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\permissions.sqlite [65536] O61 - LFC: 07/04/2013 - 10:38:39 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\webappsstore.sqlite [196608] O61 - LFC: 07/04/2013 - 16:12:59 ---A- C:\Documents and Settings\marc\Bureau\Roguekiller\RogueKiller.exe [816128] O61 - LFC: 07/04/2013 - 16:13:09 ---A- C:\Documents and Settings\marc\Recent\Echec Chrome et Earth.lnk [451] O61 - LFC: 07/04/2013 - 16:17:46 ---A- C:\Documents and Settings\marc\Bureau\Roguekiller\RKreport[1]_S_07042013_171707.txt [1639] O61 - LFC: 07/04/2013 - 16:22:09 ---A- C:\Documents and Settings\marc\Bureau\RK_Quarantine\NewStartPanel_{20D04FE0-0.reg [408] O61 - LFC: 07/04/2013 - 16:22:09 ---A- C:\Documents and Settings\marc\Bureau\RK_Quarantine\System_DisableReg0.reg [324] O61 - LFC: 07/04/2013 - 16:22:49 ---A- C:\Documents and Settings\marc\Bureau\RK_Quarantine\AllmyappsUpdater.exe.vir [247800] O61 - LFC: 07/04/2013 - 16:23:23 ---A- C:\Documents and Settings\marc\Bureau\Roguekiller\RKreport[3]_D_07042013_172249.txt [1723] O61 - LFC: 07/04/2013 - 16:25:35 ---A- C:\Documents and Settings\marc\Recent\RKreport[2]_S_07042013_172128.txt.lnk [591] O61 - LFC: 07/04/2013 - 16:44:45 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\signons.sqlite [327680] O61 - LFC: 07/04/2013 - 16:50:05 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\formhistory.sqlite [196608] O61 - LFC: 07/04/2013 - 16:56:10 ---A- C:\Documents and Settings\marc\Application Data\Media Player Classic\default.mpcpl [16] O61 - LFC: 07/04/2013 - 17:01:19 ---A- C:\Documents and Settings\marc\Application Data\CrystalIdea Software\SpeedyFox\preferences.xml [232] O61 - LFC: 07/04/2013 - 17:01:37 ---A- C:\Documents and Settings\marc\Bureau\speedyfox 2.0.3.65.lnk [833] O61 - LFC: 07/04/2013 - 17:06:48 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\1664.png [4744] O61 - LFC: 07/04/2013 - 17:06:48 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\1675.png [3432] O61 - LFC: 07/04/2013 - 17:06:48 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\1924.png [5069] O61 - LFC: 07/04/2013 - 17:06:48 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\518.png [3041] O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\1389.png [2315] O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\1395.png [5642] O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\1403.png [6732] O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\1485.png [5980] O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\17630.png [2328] O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\228.png [5665] O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\2317.png [682] O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\348.png [1836] O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\396.png [7400] O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\436.png [2979] O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\452.png [5123] O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\562.png [2142] O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\580.png [9036] O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\582.png [6487] O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\589.png [4822] O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\602.png [6407] O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\609.png [8179] O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\617.png [5658] O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\622.png [3349] O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\684.png [7152] O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\6889.png [2206] O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\711.png [4431] O61 - LFC: 07/04/2013 - 17:08:20 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\ama.db [18432] O61 - LFC: 07/04/2013 - 17:08:50 ---A- C:\Documents and Settings\marc\Bureau\RK_Quarantine\Eula.txt [3769] O61 - LFC: 07/04/2013 - 17:09:51 ---A- C:\Documents and Settings\marc\Bureau\RK_Quarantine\PhysicalDrive0_User.dat [512] O61 - LFC: 07/04/2013 - 17:09:51 ---A- C:\Documents and Settings\marc\Bureau\RK_Quarantine\QuarantineReport.txt [790] O61 - LFC: 07/04/2013 - 18:34:45 ---A- C:\Documents and Settings\marc\Recent\RKreport[1]_S_07042013_171707.txt.lnk [721] O61 - LFC: 07/04/2013 - 18:41:25 ---A- C:\Documents and Settings\marc\Recent\RKreport[3]_D_07042013_172249.txt.lnk [721] O61 - LFC: 07/04/2013 - 18:44:38 ---A- C:\Documents and Settings\marc\Bureau\Roguekiller\RogueKiller.doc [137216] O61 - LFC: 07/04/2013 - 18:44:45 ---A- C:\Documents and Settings\marc\Recent\RogueKiller.doc.lnk [631] O61 - LFC: 07/04/2013 - 18:44:45 ---A- C:\Documents and Settings\marc\Recent\Roguekiller.lnk [401] O61 - LFC: 07/04/2013 - 21:00:43 ---A- C:\Documents and Settings\marc\Bureau\MB\mbam-log-2013-04-07 (19-47-07).txt [2138] O61 - LFC: 07/04/2013 - 21:14:03 ---A- C:\Documents and Settings\marc\Recent\mbam-log-2013-04-07 (19-47-07).txt.lnk [657] O61 - LFC: 07/04/2013 - 21:15:12 ---A- C:\Documents and Settings\marc\Bureau\MB\lien rapport.doc [19968] O61 - LFC: 07/04/2013 - 21:15:14 ---A- C:\Documents and Settings\marc\Recent\lien rapport.doc.lnk [567] O61 - LFC: 08/04/2013 - 10:32:36 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\kstemp [0] O61 - LFC: 08/04/2013 - 10:32:36 --HA- C:\Documents and Settings\marc\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [1024] O61 - LFC: 08/04/2013 - 11:42:58 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\bookmarkbackups\bookmarks-2013-04-08.json [162948] O61 - LFC: 08/04/2013 - 11:44:02 ---A- C:\Documents and Settings\marc\Bureau\Microsoft Word.lnk [2559] O61 - LFC: 08/04/2013 - 11:46:25 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\cookies.sqlite [524288] O61 - LFC: 08/04/2013 - 11:46:25 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\sessionstore.bak [1523] O61 - LFC: 08/04/2013 - 11:46:25 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\sessionstore.js [1523] O61 - LFC: 08/04/2013 - 11:48:01 ---A- C:\Documents and Settings\marc\Bureau\ZHPDiaz\ZhpDiaz.doc [41984] O61 - LFC: 08/04/2013 - 11:50:00 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\downloads.sqlite [98304] O61 - LFC: 08/04/2013 - 11:50:01 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\content-prefs.sqlite [229376] O61 - LFC: 08/04/2013 - 11:50:01 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\places.sqlite [10485760] O61 - LFC: 08/04/2013 - 11:52:19 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\parent.lock [0] O61 - LFC: 08/04/2013 - 11:52:19 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\webapps\webapps.json [2] O61 - LFC: 08/04/2013 - 11:52:22 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\ImTranslator\profile.imt [483] O61 - LFC: 08/04/2013 - 11:52:23 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\adblockplus\elemhide.css [1544138] O61 - LFC: 08/04/2013 - 11:52:25 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\urlclassifierkey3.txt [154] O61 - LFC: 08/04/2013 - 11:52:33 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\cert8.db [98304] O61 - LFC: 08/04/2013 - 11:52:33 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\key3.db [16384] O61 - LFC: 08/04/2013 - 11:52:33 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\localstore.rdf [3252] O61 - LFC: 08/04/2013 - 11:52:33 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\prefs.js [46281] O61 - LFC: 08/04/2013 - 11:52:33 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\_CACHE_CLEAN_ [1] O61 - LFC: 08/04/2013 - 11:52:34 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\startupCache\startupCache.4.little [53910] O61 - LFC: 08/04/2013 - 11:52:36 ---A- C:\Documents and Settings\marc\Recent\ZHPDiaz.lnk [379] O61 - LFC: 08/04/2013 - 11:52:36 ---A- C:\Documents and Settings\marc\Recent\ZhpDiaz.doc.lnk [579] O61 - LFC: 08/04/2013 - 11:53:16 ---A- C:\Documents and Settings\marc\Bureau\MB\MBRCheck.lnk [684] O61 - LFC: 08/04/2013 - 15:03:21 ---A- C:\Documents and Settings\marc\Recent\Personnels épicerie - présences à conserver dans bureau .xls.lnk [717] O61 - LFC: 08/04/2013 - 15:03:22 ---A- C:\Documents and Settings\marc\Application Data\Microsoft\Excel\Excel10.xlb [16945] O61 - LFC: 08/04/2013 - 15:03:22 ---A- C:\Documents and Settings\marc\Recent\Majolane.lnk [422] O61 - LFC: 08/04/2013 - 15:18:08 ---A- C:\Documents and Settings\marc\Application Data\wklnhst.dat [6334] O61 - LFC: 08/04/2013 - 15:18:16 ---A- C:\Documents and Settings\marc\Recent\A4 vertical partagé en 10 H.doc.lnk [714] O61 - LFC: 08/04/2013 - 15:18:16 ---A- C:\Documents and Settings\marc\Recent\Formats.lnk [490] O61 - LFC: 08/04/2013 - 15:18:17 ---A- C:\Documents and Settings\marc\Application Data\Microsoft\Modèles\Normal.dot [53248] O61 - LFC: 08/04/2013 - 15:19:01 ---A- C:\Documents and Settings\marc\Bureau\MB\MBRCheck_04.08.13_16.18.48.txt [9847] O61 - LFC: 08/04/2013 - 15:19:35 ---A- C:\Documents and Settings\marc\Recent\MB.lnk [350] O61 - LFC: 08/04/2013 - 15:19:35 ---A- C:\Documents and Settings\marc\Recent\MBRCheck_04.08.13_16.18.48.txt.lnk [637] O61 - LFC: 08/04/2013 - 15:20:43 -SHA- C:\Documents and Settings\marc\IETldCache\index.dat [262144] ~ 17 Fichiers temporaires (Temporary files) ~ 6 Fichiers cookies (Cookies files) ~ Files: 780 Legitimates Scanned in 01mn 30s ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ ADS: Scanned in 00mn 00s ---\\ Liste des services Legacy (O64) O64 - Services: CurCS - 08/04/2009 - C:\Program Files\Fichiers communs\AVerMedia\Service\AVerRemote.exe (AVerRemote) .(.AVerMedia - AVerRemote MFC Application.) - LEGACY_AVERREMOTE O64 - Services: CurCS - 09/10/2009 - C:\Program Files\Fichiers communs\AVerMedia\Service\AVerScheduleService.exe (AVerScheduleService) .(.Pas de propriétaire - ScheduleService Module.) - LEGACY_AVERSCHEDULESERVICE O64 - Services: CurCS - 23/08/2012 - Pas de propriétaire (AVKProxy) .(...) - LEGACY_AVKPROXY O64 - Services: CurCS - 27/01/2012 - Pas de propriétaire (AVKService) .(...) - LEGACY_AVKSERVICE O64 - Services: CurCS - 30/08/2012 - C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe (AVKWCtl) .(.G Data Software AG - G Data Filesystem Monitor Service.) - LEGACY_AVKWCTL O64 - Services: CurCS - 21/11/2006 - C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys (BTNetFilter) .(.IVT Corporation. - Bluetooth Network Filter Driver.) - LEGACY_BTNETFILTER O64 - Services: CurCS - 13/04/2008 - C:\WINDOWS\system32\dllhost.exe (COMSysApp) .(.Microsoft Corporation - COM Surrogate.) - LEGACY_COMSYSAPP O64 - Services: CurCS - 11/05/2010 - C:\WINDOWS\system32\drivers\cpuz133_x32.sys (cpuz133) .(.Windows (R) Win 7 DDK provider - CPUID Driver.) - LEGACY_CPUZ133 O64 - Services: CurCS - 18/11/2007 - Pas de propriétaire (DVRMSFileWatcherService) .(...) - LEGACY_DVRMSFILEWATCHERSERVICE O64 - Services: CurCS - 18/10/2012 - C:\WINDOWS\system32\drivers\GDBehave.sys (GDBehave) .(.G Data Software AG - Behavior Blocker.) - LEGACY_GDBEHAVE O64 - Services: CurCS - 04/06/2012 - C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe (GDFwSvc) .(.G Data Software AG - G Data Persoonlijke Firewall.) - LEGACY_GDFWSVC O64 - Services: CurCS - 18/10/2012 - C:\WINDOWS\system32\drivers\MiniIcpt.sys (GDMnIcpt) .(.G Data Software AG - Filesystem MiniInterceptor (Mini Filter).) - LEGACY_GDMNICPT O64 - Services: CurCS - 19/07/2012 - C:\WINDOWS\system32\drivers\GDNdisIc.sys (GDNdisIc) .(.G Data Software AG - NDIS packet redirector.) - LEGACY_GDNDISIC O64 - Services: CurCS - 29/03/2012 - C:\Program Files\Fichiers communs\G DATA\GDScan\GDScan.exe (GDScan) .(.G Data Software AG - G Data AntiVirus Scan Server.) - LEGACY_GDSCAN O64 - Services: CurCS - 18/10/2012 - C:\WINDOWS\system32\drivers\GDTdiIcpt.sys (GDTdiInterceptor) .(.G Data Software AG - Pas de description.) - LEGACY_GDTDIINTERCEPTOR O64 - Services: CurCS - 07/09/2012 - C:\WINDOWS\system32\drivers\GRD.sys (GRD) .(.G Data Software - G Data Rootkit Detector Driver.) - LEGACY_GRD O64 - Services: CurCS - 19/07/2012 - C:\WINDOWS\system32\drivers\HookCentre.sys (HookCentre) .(.G Data Software AG - Security Hook.) - LEGACY_HOOKCENTRE O64 - Services: CurCS - 13/04/2008 - C:\WINDOWS\system32\svchost.exe (LanmanWorkstation) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_LANMANWORKSTATION O64 - Services: CurCS - 13/04/2008 - C:\WINDOWS\system32\lsass.exe (SamSs) .(.Microsoft Corporation - LSA Shell (Export Version).) - LEGACY_SAMSS O64 - Services: CurCS - 13/09/2010 - C:\Program Files\UPHClean\uphclean.exe (UPHClean) .(.Windows (R) Codename Longhorn DDK provider - User Profile Hive Cleanup Service.) - LEGACY_UPHCLEAN O64 - Services: CurCS - 02/07/2003 - C:\WINDOWS\system32\DRIVERS\viaagp1.sys (viaagp1) .(.VIA Technologies, Inc. - VIA NT AGP Filter.) - LEGACY_VIAAGP1 ~ Legacy: 217 Legitimates Scanned in 00mn 08s ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.bat> <>[HKCU\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.cpl> <>[HKCU\..\cplopen\Command] (.Not Key.) O67 - Shell Spawning: <.cmd> <>[HKCU\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.com> <>[HKCU\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.evt> <>[HKCU\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.exe> <>[HKCU\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.html> <>[HKCU\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.js> <>[HKCU\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.reg> <>[HKCU\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.) ~ FASS Keys: 27 Legitimates Scanned in 00mn 00s ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - msn.) -- C:\Program Files\MSN\MSNCoreFiles\MSN6.exe ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (O69) O69 - SBI: prefs.js [marc - riqdwsaj.default] user_pref("weboftrust.search.ask.display", "Ask.com Web Search"); O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - http://www.bing.com ~ Keys: Scanned in 00mn 00s ---\\ Crack & Keygen Files (O82) M:\Mes documents\Logiciels divers\Gros logiciels\Adobe PhotosShop 6\keygen.exe ~ Files: Scanned in 01mn 50s ---\\ Recherche des services démarrés par Svchost (O83) O83 - Search Svchost Services: UxTuneUp (UxTuneUp) . (.TuneUp Software - TuneUp Theme Extension.) -- C:\WINDOWS\system32\uxtuneup.dll [29984] ~ Services: 42 Legitimates Scanned in 00mn 02s ---\\ Recherche particuliere à la racine de certains dossiers (O84) [MD5.8E78B5BAC8B243841B95C38E580874C7] [SPRF][01/01/2004] (...) -- C:\Documents and Settings\marc\Local Settings\Application Data\fusioncache.dat [137] [MD5.98A469B4A9768C269B2ABDFE988E372E] [SPRF][08/04/2013] (...) -- C:\Documents and Settings\marc\Application Data\wklnhst.dat [6334] [MD5.88783EB39D8EF000CDA3413C789C4E21] [SPRF][14/02/2008] (...) -- C:\Program Files\settings.dat [15397] [MD5.DEC05CA77EEE03C050B8AECC638BA3DB] [SPRF][31/07/2006] (.TechCity Solutions - AccountHelper.) -- C:\WINDOWS\Downloaded Program Files\Account.dll [51200] [MD5.24E140813B633E9C989070D9F88C764C] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\catalog.dat [2390] [MD5.32015EEDC621A7E6DF9A2E9D20394A90] [SPRF][28/09/2005] (.Symantec Corporation - Symantec Engine Common Object Model Server.) -- C:\WINDOWS\Downloaded Program Files\ecmsvr32.dll [288376] [MD5.C8FEBEA460AAD5C1B6817F9676E03F78] [SPRF][27/10/2004] (.Symantec Corporation - LiveSubscribe Components.) -- C:\WINDOWS\Downloaded Program Files\LSSupCtl.dll [111752] [MD5.71C5958AE5485645FFB9E9CC628868CA] [SPRF][28/09/2005] (.Symantec Corporation - AV Engine.) -- C:\WINDOWS\Downloaded Program Files\naveng32.dll [124536] [MD5.1CAC99CEC62F86B678EC3881710D841C] [SPRF][28/09/2005] (.Symantec Corporation - AV Engine.) -- C:\WINDOWS\Downloaded Program Files\navex32a.dll [706168] [MD5.6622AE6028BC93B0F60DE0BDE02A94EA] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\scrauth.dat [96752] [MD5.181B0724CB825F0C6945C8D9017B01AA] [SPRF][14/11/2005] (.Pas de propriétaire - SymAData Module.) -- C:\WINDOWS\Downloaded Program Files\SymAData.dll [161384] [MD5.ED3B0F1BA60554B9D2E5AE1B02AD9306] [SPRF][29/03/2007] (.Husdawg, LLC - System Requirements Lab.) -- C:\WINDOWS\Downloaded Program Files\sysreqlab2.dll [206384] [MD5.F5A31803E5E6ECD1D30626F54C989E7B] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\tcdefs.dat [12811] [MD5.49273F10AC7E1027F971E35C44740E2D] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\tcscan7.dat [750376] [MD5.D56C70F1664AD306C6F617D0171748C0] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\tcscan8.dat [188908] [MD5.5E35E64D586D158A57321DAD8380529A] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\tcscan9.dat [414268] [MD5.8C17D4046D09E3AAE7316A603D1806CD] [SPRF][17/06/2005] (.SupportSoft, Inc. - tgctlsi Module.) -- C:\WINDOWS\Downloaded Program Files\tgctlsi.dll [1069056] [MD5.47EA24991C9184C8186E5447BE22F364] [SPRF][17/06/2005] (.SupportSoft, Inc. - tgctlsr Module.) -- C:\WINDOWS\Downloaded Program Files\tgctlsr.dll [413696] [MD5.59366DD141E6B459A7D71FB5C5EF8059] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\tinf.dat [453] [MD5.F482930D99D74BCD79CB09F2E88BB7F7] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\tinfidx.dat [148] [MD5.7E14DE819C30824C31908D858819DC14] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\tinfl.dat [1957] [MD5.80C020623CDE0D98F1F7BA0B1924D8BA] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\tscan1.dat [44577] [MD5.6A32D3E0354A89B2C61B5ACD117368D9] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\tscan1hd.dat [1237] [MD5.5E5F18E9A090499430B4C6DF21EE114D] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\virscan1.dat [962489] [MD5.627E5A4E1CA93AE9E26A679C50F3BC52] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\virscan2.dat [559594] [MD5.381A2E63008F530033DE8D2CED798EE7] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\virscan3.dat [145244] [MD5.78BDD6D65D24DC8EF5E1EDFA5FAC32CF] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\virscan4.dat [320067] [MD5.0F3F6826BB11D46C86984A137FFD2C9C] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\virscan5.dat [1429761] [MD5.783FA9A328E4252292077A00D782E68A] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\virscan6.dat [385582] [MD5.C609D9F530EA10726E9DE6EBD172090C] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\virscan7.dat [2582178] [MD5.58A861798F551DFA8EAB322ED1128512] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\virscan8.dat [1409203] [MD5.9513990891D87558E9BD79A9D25AF93F] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\virscan9.dat [2703645] [MD5.DF2B69539A13B5976470903F68877809] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\virscant.dat [32] [MD5.036FFD3B67756C6A55F978DDA79CA065] [SPRF][30/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\vscanmsx.dat [2072] [MD5.2EA09C8B4B4669C516433AE31982E259] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\zdone.dat [224] ~ Files: Scanned in 00mn 02s ---\\ Scan Additionnel (O88) Database Version : v2.11492 - (07/04/2013) Clés trouvées (Keys found) : 18 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 0 Fichiers trouvés (Files found) : 0 [HKLM\Software\Classes\CLSID\{35b8892d-c3fb-4d88-990d-31db2ebd72bd}] =>Adware.RecordNRip [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}] =>Toolbar.Agent [HKLM\Software\Classes\Installer\Features\4340C4778499EED41AE496DC3D613EC6] =>PUP.SweetIM [HKLM\Software\Classes\Installer\Products\4340C4778499EED41AE496DC3D613EC6] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4340C4778499EED41AE496DC3D613EC6] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E] =>PUP.SweetIM [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9] =>PUP.Dealio [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24] =>PUP.Dealio [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607] =>PUP.Dealio [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F] =>PUP.Dealio [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21] =>PUP.Dealio [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF] =>PUP.Dealio [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536] =>PUP.SweetIM^ ~ Additionnel: Scanned in 00mn 39s ---\\ Product Upgrade Codes (O90) O90 - PUC: "160231E2A87C4D848A99D1319B1D98AF" . (.Memories Disc Creator 2.0.) -- c:\WINDOWS\Installer\{2E132061-C78A-48D4-A899-1D13B9D189FA}\HewlettPackard_0002ICON.exe O90 - PUC: "4340C4778499EED41AE496DC3D613EC6" . (.Internet Explorer Toolbar 4.6 by SweetPacks.) -- C:\WINDOWS\Installer\{774C0434-9948-4DEE-A14E-69CDD316E36C}\ARPPRODUCTICON.exe =>PUP.SweetIM O90 - PUC: "8ADCFC17CDDA68B408CCEC4C9ABFB21B" . (.User Profile Hive Cleanup Service.) -- C:\WINDOWS\Installer\{71CFCDA8-ADDC-4B86-80CC-CEC4A9FB2BB1}\_6FEFF9B68218417F98F549.exe O90 - PUC: "D2E701689BFDCB6499DE70AEACEE9032" . (.G Data InternetSecurity 2013.) -- C:\WINDOWS\Installer\{86107E2D-DFB9-46BC-99ED-07EACAEE0923}\ARPPRODUCTICON.exe O90 - PUC: "F6E1B82EAA0E8224BA98BDA4C0984D62" . (.AVerTV.) -- C:\WINDOWS\Installer\{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}\ARPPRODUCTICON.exe ~ Update Products: 96 Legitimates Scanned in 00mn 00s ---\\ MyComputer Name Space (O92) O92 - MNS: Dossiers Web - {BDEADF00-C265-11D0-BCED-00A0C90AB50F} ~ MNS: 1 Legitimates Scanned in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SR - | Auto 28/01/2011 764536 | (AcrSch2Svc) . (.Acronis.) - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe SS - | Auto 14/03/2013 253656 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe SR - | Auto 24/02/2013 3246040 | (afcdpsrv) . (.Acronis.) - C:\Program Files\Fichiers communs\Acronis\CDP\afcdpsrv.exe SS - | Disabled 09/07/2009 144712 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe SR - | Auto 08/04/2009 344064 | (AVerRemote) . (.AVerMedia.) - C:\Program Files\Fichiers communs\AVerMedia\Service\AVerRemote.exe SR - | Auto 389120 | (AVerScheduleService) . (...) - C:\Program Files\Fichiers communs\AVerMedia\Service\AVerScheduleService.exe SR - | Auto 1542680 | (AVKProxy) . (...) - C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe SR - | Auto 468472 | (AVKService) . (...) - C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe SR - | Auto 30/08/2012 1584112 | (AVKWCtl) . (.G Data Software AG.) - C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe SR - | Auto 13/12/1999 44032 | (Creative Service for CDROM Access) . (.Creative Technology Ltd.) - C:\WINDOWS\System32\CTSvcCDA.exe SS - | Demand 13/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe SS - | Disabled 20480 | (DVRMSFileWatcherService) . (...) - c:\program files\dvrmstoolbox\dvrmsfilewatcherservice.exe SR - | Demand 04/06/2012 1899816 | (GDFwSvc) . (.G Data Software AG.) - C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe SR - | Demand 29/03/2012 470008 | (GDScan) . (.G Data Software AG.) - C:\Program Files\Fichiers communs\G DATA\GDScan\GDScan.exe SS - | Auto 23/07/2009 133104 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 24/02/2005 73728 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe SR - | Auto 14/03/2013 170912 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe SS - | Disabled 27/03/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe SR - | Auto 05/12/2007 155716 | (NVSvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvsvc32.exe SS - | Demand 29/10/2004 86016 | (rpcapd) . (.NetGroup - Politecnico di Torino.) - C:\Program Files\WinPcap\rpcapd.exe SR - | Auto 31/01/2013 1724192 | (TuneUp.UtilitiesSvc) . (.TuneUp Software.) - C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe SR - | Auto 13/09/2010 399872 | (UPHClean) . (.Windows (R) Codename Longhorn DDK provider.) - C:\Program Files\UPHClean\uphclean.exe SR - | Auto 13/04/2008 14336 | C:\WINDOWS\system32\uxtuneup.dll (UxTuneUp) . (.TuneUp Software.) - C:\WINDOWS\system32\svchost.exe ~ Services: Scanned in 00mn 04s ---\\ Recherche Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net ~ MBR: 1 Legitimates Scanned in 00mn 02s ---\\ Recherche Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by marc at 08/04/2013 16:29:16 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 16s ~ 2056 Legitimates filtered by white list End of the scan (1018 lines in 07mn 49s)(1)