Publicité
Publicité
Format du document : text/plain
Prévisualisation
Rapport de ZHPDiag v2013.4.7.45 par Nicolas Coolman, Update du 07/04/2013
Run by marc at 08/04/2013 16:21:26
State : Version � jour.
High Elevated Privileges : OK
UAC : Not Found
---\\ Web Browser
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox 20.0 v20.0 (Defaut)
---\\ Windows Product Information
~ Langage: Fran�ais
Windows XP Professional Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK
---\\ System Information
~ Processor: x86 Family 15 Model 3 Stepping 4, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2047 MB (72% free)
System Restore: Activ� (Enable)
System drive C: has 22 GB (39%) free of 55 GB
---\\ Logged in mode
~ Computer Name: MARCGRON
~ User Name: marc
~ All Users Names: SUPPORT_fddfa904, SUPPORT_388945a0, marc, Josette, HelpAssistant, ASPNET, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Documents and Settings\marc\Application Data\
~ %Desktop% : C:\Documents and Settings\marc\Bureau\
~ %Favorites% : C:\Documents and Settings\marc\Favoris\
~ %LocalAppData% : C:\Documents and Settings\marc\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\marc\Menu D�marrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 22 Go of 55 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 1 Go of 5 Go)
E:\ CD-ROM drive (Not Inserted)
F:\ CD-ROM drive (Not Inserted)
I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
J:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
K:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
L:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
M:\ Hard drive, Flash drive, Thumb drive (Free 14 Go of 41 Go)
N:\ Hard drive, Flash drive, Thumb drive (Free 64 Go of 86 Go)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: Scanned in 00mn 00s
---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.13/04/2008 - 18:34:04.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.FCDD66EE148885E900285ADE8417E40B] - (.Microsoft Corporation - Internet Extensions for Win32.) (.05/02/2013 - 20:56:42.) -- C:\WINDOWS\system32\wininet.dll [916480]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.13/04/2008 - 18:34:30.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.CDFE4411A69C224BD1D11B2DA92DAC51] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.03/08/2004 - 22:59:44.) -- C:\WINDOWS\system32\Drivers\atapi.sys [95360]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 11:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.4B0A100EAF5C49EF3CCA8C641431EACC] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.02/05/2008 - 11:49:39.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.13/04/2008 - 17:57:40.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 08:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.D1EFCBD693B5BA21314D06368C471070] - (.Microsoft Corporation - Pilote de port i8042.) (.19/08/2004 - 15:56:40.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54400]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 10:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 10:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 11:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 11:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 11:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parall�le.) (.13/04/2008 - 18:09:42.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 11:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 10:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.13/04/2008 - 17:57:36.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.13/04/2008 - 17:56:06.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 3/16149
~ Mes musiques (My Musics) : 1/535
~ Mes Videos (My Videos) : 3/17
~ Mes Favoris (My Favorites) : 1/12
~ Mes Documents (My Documents) : 2/21760
~ Mon Bureau (My Desktop) : 0/55
~ Menu demarrer (Programs) : 1/42
~ Hidden Files: Scanned in 00mn 32s
---\\ Processus lanc�s
[MD5.110C6DC36EA9F5DA664A584756B1B297] - (.G Data Software AG - G Data AntiVirus Scan Server.) -- C:\Program Files\Fichiers communs\G DATA\GDScan\GDScan.exe [470008] [PID.1452]
[MD5.6BBEF99B9A4DA3568ECCF32FCB10C6FE] - (.G Data Software AG - G Data Filesystem Monitor Service.) -- C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe [1584112] [PID.1472]
[MD5.5F61C4B246354183DB05AC81E4B86B8B] - (.Acronis - Acronis Scheduler 2.) -- C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe [764536] [PID.1916]
[MD5.AF44F7E027037628F1FAC3C13CDE73E6] - (.Acronis - File Level CDP Manager Service.) -- C:\Program Files\Fichiers communs\Acronis\CDP\afcdpsrv.exe [3246040] [PID.1964]
[MD5.A33C07F7527FC4CBC664C3137EB7D744] - (.AVerMedia - AVerRemote MFC Application.) -- C:\Program Files\Fichiers communs\AVerMedia\Service\AVerRemote.exe [344064] [PID.2000]
[MD5.9AEBB2D487D9BF4C0F354899D842EDD0] - (.Pas de propri�taire - ScheduleService Module.) -- C:\Program Files\Fichiers communs\AVerMedia\Service\AVerScheduleService.exe [389120] [PID.2024]
[MD5.C48176DA44D0298A7075D3C5CF8C3D8D] - (...) -- C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe [1542680] [PID.300]
[MD5.29DA2D5958B352022A1BB5CE6FDB427C] - (...) -- C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe [468472] [PID.352]
[MD5.3C8B6609712F4FF78E521F6DCFC4032B] - (.Creative Technology Ltd - Creative Service for CDROM Access.) -- C:\WINDOWS\System32\CTSvcCDA.exe [44032] [PID.472]
[MD5.999DB5F88C8E145CCA9D471E33227143] - (.Oracle Corporation - Java(TM) Quick Starter Service.) -- C:\Program Files\Java\jre7\bin\jqs.exe [170912] [PID.628]
[MD5.13D3959230D35235B51EDC1F8564635D] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [270336] [PID.1008]
[MD5.472A00D2183C9E5EDB3E076272741812] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 169.2.) -- C:\WINDOWS\system32\nvsvc32.exe [155716] [PID.1336]
[MD5.0DDFF93BD797569ACFD0134C66ED698B] - (.TuneUp Software - TuneUp Utilities Service.) -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1724192] [PID.1888]
[MD5.325FB38C323C63C7F57885B4DFB1B91E] - (.Windows (R) Codename Longhorn DDK provider - User Profile Hive Cleanup Service.) -- C:\Program Files\UPHClean\uphclean.exe [399872] [PID.2152]
[MD5.581176F60885AEF8F78C6E38DCC3CDF9] - (.Microsoft Corporation - WMDM PMSP Service.) -- C:\WINDOWS\System32\MsPMSPSv.exe [53520] [PID.2200]
[MD5.EB4D63C618555024DAC54F619859AD92] - (.G Data Software AG - G Data Persoonlijke Firewall.) -- C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe [1899816] [PID.2828]
[MD5.52ACCCCA861285166734F19B252B44B5] - (.TuneUp Software - TuneUp Utilities.) -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe [1926944] [PID.3680]
[MD5.2B820A0401F34ACF33A7CDAB06FA13AB] - (.Hewlett-Packard - HPHmon05.) -- C:\WINDOWS\System32\hphmon05.exe [483328] [PID.3304]
[MD5.C4C523E78774E05D06EFE3E10017CF6D] - (.Hewlett-Packard Company - PS2 EXE.) -- C:\WINDOWS\system32\ps2.exe [81920] [PID.3768]
[MD5.439231898C6FDC13996AE3D733D00FBA] - (.Creative Technology Ltd - CtHelper Application.) -- C:\WINDOWS\system32\CTHELPER.exe [24576] [PID.3776]
[MD5.06A1ECB63DF139EC639E084D4AB3C9D7] - (.Hewlett-Packard Company - hpsysdrv.) -- C:\windows\system\hpsysdrv.exe [52736] [PID.3820]
[MD5.230EA041666125B6812FE3FF964B2DF3] - (.Agere Systems - SoftModem Messaging Applet.) -- C:\WINDOWS\AGRSMMSG.exe [88209] [PID.2424]
[MD5.3E1BA5802473C94C47D63D1750D40E5D] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\WINDOWS\ehome\ehtray.exe [50176] [PID.3940]
[MD5.3C961CECCB16B8FFCFB884D4EAC5E6D4] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\WINDOWS\ehome\ehmsas.exe [47104] [PID.2636]
[MD5.B386987854E926A9808EB57CA6432B30] - (.G Data Software AG - G Data Security Software.) -- C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe [995352] [PID.336]
[MD5.64D8130561103132AA131BE7CD247CAD] - (.G Data Software AG - G Data Personal Firewall.) -- C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1470968] [PID.3484]
[MD5.255E405D801CF01247390F38F92D8042] - (...) -- C:\Program Files\Unlocker\UnlockerAssistant.exe [17408] [PID.3512]
[MD5.12916E0642E92561C98B18A2A2D01B14] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [252848] [PID.2568]
[MD5.1EDC9B85FBFDFE569BDB4A013F8D1242] - (.Gadwin Systems, Inc - Gadwin PrintScreen.) -- C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe [1842384] [PID.2436]
[MD5.A97F4E47E5198F1CAA90DBD59F3EFF10] - (.route-101.net - Pas de description.) -- C:\Program Files\IPsO_4\IPsO.exe [372736] [PID.1684]
[MD5.40D284168E70423B8FBE16C36D5B9B13] - (.Renier Crause - PopTray E-Mail Notifier.) -- C:\Program Files\PopTray\PopTray.exe [1666048] [PID.2064]
[MD5.605664E657464F558F51C84A0F93029F] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [6558208] [PID.1924]
[MD5.AB0A7CA90D9E3D6A193905DC1715DED0] - (.Microsoft Corporation - Windows User Mode Driver Manager.) -- C:\WINDOWS\system32\wdfmgr.exe [38912] [PID.2100]
[MD5.5E9A6658A2A69AE7EB195113B7A2E7A9] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.2868]
~ Processes Running: Scanned in 00mn 02s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\prefs.js
P2 - FPN: [HKLM] [@canon.com/EPPEX] - (.CANON INC. - CANON iMAGE GATEWAY Album Plugin Utility Module.) -- C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.dll
~ Firefox Browser: 17 Legitimates Scanned in 00mn 00s
---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = http://www.google.com
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 11.0.02.) (No version) -- (.not file.)
~ IE Browser: Scanned in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 1
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: G Data BankGuard - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} . (.G Data Software AG - G Data Security Software G Data Bankguard B.) -- C:\Program Files\Fichiers communs\G DATA\AVKProxy\BanksafeBHO.dll
~ BHO: 3 Legitimates Scanned in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Vue HP - [HKLM]{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} . (.Hewlett-Packard Company - hp view toolbar.) -- c:\program files\hp\digital imaging\bin\hpdtlk02.dll
O3 - Toolbar: Canon Easy-WebPrint EX - [HKLM]{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} . (.CANON INC. - Easy-WebPrint EX.) -- C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Run: [HPHmon05] . (.Hewlett-Packard - HPHmon05.) -- C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] . (.Pas de propri�taire - Recguard Application.) -- C:\WINDOWS\SMINST\RECGUARD.exe
O4 - HKLM\..\Run: [PS2] . (.Hewlett-Packard Company - PS2 EXE.) -- C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [CTHelper] . (.Creative Technology Ltd - CtHelper Application.) -- C:\WINDOWS\system32\CTHELPER.exe
O4 - HKLM\..\Run: [hpsysdrv] . (.Hewlett-Packard Company - hpsysdrv.) -- c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AGRSMMSG] . (.Agere Systems - SoftModem Messaging Applet.) -- C:\WINDOWS\AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD05] . (.Hewlett-Packard - HPHupd05.) -- c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [ehTray] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [G Data AntiVirus Tray Application] . (.G Data Software AG - G Data Security Software.) -- C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe
O4 - HKLM\..\Run: [GDFirewallTray] . (.G Data Software AG - G Data Personal Firewall.) -- C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
O4 - HKLM\..\Run: [UnlockerAssistant] . (...) -- C:\Program Files\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [KernelFaultCheck] Cl� orpheline
O4 - HKLM\..\Run: [Microsoft Works Update Detection] . (.Microsoft� Corporation - D�tection Microsoft� Works Update.) -- C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [KeyScrambler] . (.QFX Software Corporation - KeyScrambler.) -- C:\Program Files\KeyScrambler\keyscrambler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen] . (.Gadwin Systems, Inc - Gadwin PrintScreen.) -- C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] . (.Creative Technology Ltd - mididef.) -- C:\WINDOWS\MIDIDEF.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [StartMS] . (.Creative Technology Ltd - StartMS.) -- C:\Program Files\Creative\Shared Files\Media Sniffer\StartMS.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [CMSRegOW.exe] . (.Creative Technology Ltd - CMSRegOW.) -- C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [adaware] . (.Microsoft Corporation - Outil de Registre de la console.) -- C:\WINDOWS\system32\reg.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [adaware_XP] . (.Microsoft Corporation - Outil de Registre de la console.) -- C:\WINDOWS\system32\reg.exe
O4 - HKUS\S-1-5-21-2400442452-2798416894-4265972067-1015\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-2400442452-2798416894-4265972067-1015\..\Run: [Gadwin PrintScreen] . (.Gadwin Systems, Inc - Gadwin PrintScreen.) -- C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Programs: Adobe Reader XI.lnk . (...) -- C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-AB0000000001}\SC_Reader.ico
O4 - GS\Programs: Apple Software Update.lnk . (...) -- C:\WINDOWS\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe
O4 - GS\Programs: Enregistrement OCR I.R.I.S..lnk . (.I.R.I.S. SA - Registration Wizard for Readiris 5.0.) -- C:\Program Files\HP\Digital Imaging\DocProc\regipe.exe
O4 - GS\Programs: Lanceur de t�ches Microsoft Works.lnk . (.Microsoft� Corporation - Microsoft� Works.) -- C:\Program Files\Microsoft Works\msworks.exe
O4 - GS\Programs: Microsoft Access.lnk . (...) -- C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\accicons.exe
O4 - GS\Programs: Microsoft Excel.lnk . (...) -- C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\xlicons.exe
O4 - GS\Programs: Microsoft FrontPage.lnk . (...) -- C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\misc.exe
O4 - GS\Programs: Microsoft Outlook.lnk . (...) -- C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\outicon.exe
O4 - GS\Programs: Microsoft Picture It! Photo Premium 9.lnk . (.Microsoft Corporation - Picture It! 9.) -- C:\Program Files\Microsoft Picture It! 9\pi.exe
O4 - GS\Programs: Microsoft PowerPoint.lnk . (...) -- C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\pptico.exe
O4 - GS\Programs: Microsoft Word.lnk . (...) -- C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\wordicon.exe
O4 - GS\Programs: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Programs: MSN Explorer.lnk . (.Microsoft Corporation - msn.) -- C:\Program Files\MSN\MSNCoreFiles\msn6.exe
O4 - GS\Programs: TuneUp Utilities 2013.lnk . (.TuneUp Software - TuneUp Utilities - Startoberfl�che.) -- C:\Program Files\TuneUp Utilities 2013\Integrator.exe
O4 - GS\Programs: Assistance � distance.lnk . (.Microsoft Corporation - Assistance � distance Microsoft.) -- C:\WINDOWS\system32\rcimlby.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Programs: Lecteur Windows Media.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\Programs: Outlook Express.lnk . (.Microsoft Corporation - Outlook Express.) -- C:\Program Files\Outlook Express\msimn.exe
O4 - GS\Programs: Visue processeur.lnk . (.Microsoft Corporation - Gestionnaire des t�ches de Windows.) -- C:\WINDOWS\system32\taskmgr.exe
O4 - GS\Programs: Windows Install Clean Up.lnk . (...) -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
~ Global Startup: Scanned in 00mn 01s
---\\ Winsock hijacker (Layered Service Provider) (O10)
~ Winsock: 4 Legitimates Scanned in 00mn 00s
---\\ Piratage de l'Option 'R�tablir les param�tres Web' (O14)
O14 - IERESET.INF: START_PAGE_URL=START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
~ IE Param�tres WEB: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} ((no name)) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} ((no name)) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} ((no name)) - http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} ((no name)) - http://www.photoweb.fr/telechargement/Photoweb_Uploader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} ((no name)) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} ((no name)) - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} ((no name)) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} ((no name)) - http://office.microsoft.com/officeupdate/content/opuc3.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} ((no name)) - http://www.photoweb.fr/telechargement/telechargement-photoweb.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} ((no name)) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1356110670765
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} ((no name)) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ((no name)) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342348436156
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} ((no name)) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ((no name)) - http://charon777.free.fr/plugins/hardwaredetection.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} ((no name)) - http://www.tele2mail.com/static/apps/utils/AccountHelper.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ((no name)) - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} ((no name)) - http://www2.bellapix.com/UploadLaboParAurigma/ImageUploader3.cab
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} ((no name)) - http://office.microsoft.com/officeupdate/content/opuc4.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} ((no name)) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} ((no name)) - http://www.bellapix.com/XUpload.ocx
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{5ABC57A8-96DD-496F-8636-589B863A121F}: NameServer = 208.67.222.222,208.67.222.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{5ABC57A8-96DD-496F-8636-589B863A121F}: NameServer = 208.67.222.222,208.67.222.220
O17 - HKLM\System\CS3\Services\Tcpip\..\{5ABC57A8-96DD-496F-8636-589B863A121F}: NameServer = 208.67.222.222,208.67.222.220
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\System32\wiascr.dll
O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent r�seau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxsrvc Module.) -- C:\WINDOWS\system32\igfxsrvc.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notifications Windows Genuine Advantage.) -- C:\WINDOWS\system32\WgaLogon.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Cl� de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
~ SSODL: 4 Legitimates Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated - Adobe� Flash� Player Update Service 11.6 r6.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVerRemote (AVerRemote) . (.AVerMedia - AVerRemote MFC Application.) - C:\Program Files\Fichiers communs\AVerMedia\Service\AVerRemote.exe
O23 - Service: AVerScheduleService (AVerScheduleService) . (.Pas de propri�taire - ScheduleService Module.) - C:\Program Files\Fichiers communs\AVerMedia\Service\AVerScheduleService.exe
O23 - Service: G Data AntiVirus Proxy (AVKProxy) . (...) - C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: Planificateur G Data (AVKService) . (...) - C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
O23 - Service: Gardien du syst�me de fichiers G�Data (AVKWCtl) . (.G Data Software AG - G Data Filesystem Monitor Service.) - C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe
O23 - Service: Creative Service for CDROM Access (Creative Service for CDROM Access) . (.Creative Technology Ltd - Creative Service for CDROM Access.) - C:\WINDOWS\System32\CTSvcCDA.exe
O23 - Service: User Profile Hive Cleanup (UPHClean) . (.Windows (R) Codename Longhorn DDK provider - User Profile Hive Cleanup Service.) - C:\Program Files\UPHClean\uphclean.exe
~ Services: 13 Legitimates Scanned in 00mn 24s
---\\ Enum�ration Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\marc\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\marc\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
~ Desktop Component: 1 Legitimates Scanned in 00mn 00s
---\\ BootExecute (O34)
~ BEX: 1 Legitimates Scanned in 00mn 00s
---\\ T�ches planifi�es en automatique (O39)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Connexion facile � Internet.job [290]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\rbmonitor.job [282]
[MD5.2DC4314926B2D0A140970348728F7E59] [APT] [Connexion facile � Internet] (.Hewlett-Packard.) -- C:\Program Files\Easy Internet signup\HPSdpApp.exe [811090]
[MD5.F8AF3814F1796F977E954FC002889C7A] [APT] [rbmonitor] (.Uniblue Systems Limited.) -- C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe [26016]
~ Scheduled Task: 15 Legitimates Scanned in 00mn 01s
---\\ Composants install�s (ActiveSetup Installed Components) (O40)
~ Active Setup: 23 Legitimates Scanned in 00mn 01s
---\\ Pilotes lanc�s au d�marrage (O41)
O41 - Driver: (GDMnIcpt) . (.G Data Software AG - Filesystem MiniInterceptor (Mini Filter).) - C:\WINDOWS\system32\drivers\MiniIcpt.sys
O41 - Driver: (GRD) . (.G Data Software - G Data Rootkit Detector Driver.) - C:\WINDOWS\system32\drivers\GRD.sys
O41 - Driver: (HookCentre) . (.G Data Software AG - Security Hook.) - C:\WINDOWS\system32\drivers\HookCentre.sys
~ Drivers: 78 Legitimates Scanned in 00mn 03s
---\\ Logiciels install�s (O42)
O42 - Logiciel: AM-DeadLink 4.6 - (.www.aignes.com.) [HKLM] -- aignesamdeadlink_is1
O42 - Logiciel: AVerTV - (.AVerMedia Technologies, Inc..) [HKLM] -- InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}
O42 - Logiciel: Adobe Flash Player 11 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 11 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Reader XI (11.0.02) - Fran�ais - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-AB0000000001}
O42 - Logiciel: DVRMSToolbox - (.BabgVant & Durrant.) [HKLM] -- {1A124A8E-1B4A-40BA-93F5-DB075FABE19A}
O42 - Logiciel: GEAR 32bit Driver Installer - (.GEAR Software, Inc..) [HKLM] -- {E89B484C-B913-49A0-959B-89E836001658}
O42 - Logiciel: Gadwin PrintScreen - (.Gadwin Systems, Inc..) [HKLM] -- Gadwin PrintScreen
O42 - Logiciel: Java 7 Update 17 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83217017FF}
O42 - Logiciel: KBD - (...) [HKLM] -- KBD
O42 - Logiciel: Orb - (.Orb Networks.) [HKLM] -- Orb
O42 - Logiciel: Orb Runtime libraries - (.Orb Networks, Inc..) [HKLM] -- {2133CB3F-F891-4081-8681-FEE2B2419FF4}
O42 - Logiciel: PopTray 3.20 - (.Renier Crause.) [HKLM] -- PopTray
O42 - Logiciel: Power IEv3 - (.Technicland informatique.) [HKLM] -- {AF7C627C-F354-4FF1-8450-398C806B436E}
O42 - Logiciel: ScanToWeb - (...) [HKLM] -- {EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}
~ Logic: 156 Legitimates Scanned in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\NetAnalyse]
[HKLM\Software\Acrobat Reader]
[HKLM\Software\CBS Interactive]
[HKLM\Software\DVRMSToolbox]
[HKLM\Software\EHELP]
[HKLM\Software\GKochaniak]
[HKLM\Software\Globespan]
[HKLM\Software\HookCentre]
[HKLM\Software\Infix PDF]
[HKLM\Software\KCSoftware]
[HKLM\Software\Ping_Tester]
[HKLM\Software\SystemInfoBapmv6530]
~ Key Software: 252 Legitimates Scanned in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 29/09/2012 - 19:03:02 - [2,428] ----D C:\Program Files\AM-DeadLink
O43 - CFD: 13/05/2012 - 17:58:52 - [98,395] ----D C:\Program Files\Direct x 10
O43 - CFD: 05/01/2008 - 12:32:13 - [39,861] ----D C:\Program Files\DVRMSToolbox
O43 - CFD: 03/10/2006 - 11:02:05 - [12,713] ----D C:\Program Files\Executive Software
O43 - CFD: 30/03/2009 - 18:21:46 - [0,740] ----D C:\Program Files\FDF
O43 - CFD: 05/04/2013 - 18:11:45 - [4,470] ----D C:\Program Files\GUMBC.tmp
O43 - CFD: 24/12/2009 - 17:50:21 - [0] ----D C:\Program Files\HardwareDetection
O43 - CFD: 08/04/2013 - 16:22:45 - [5,082] ----D C:\Program Files\IPsO_4
O43 - CFD: 01/01/2004 - 11:32:24 - [0,014] ----D C:\Program Files\Jeux
O43 - CFD: 31/03/2010 - 18:01:08 - [0,069] ----D C:\Program Files\NKProds
O43 - CFD: 17/02/2013 - 17:34:46 - [2,879] ----D C:\Program Files\PopTray
O43 - CFD: 28/04/2009 - 17:55:16 - [4,932] ----D C:\Program Files\Power IE
O43 - CFD: 04/10/2004 - 12:12:57 - [29,568] ----D C:\Program Files\RecordNow!
O43 - CFD: 28/04/2006 - 17:04:23 - [0,120] ----D C:\Program Files\Weather Watcher
O43 - CFD: 31/08/2005 - 11:45:32 - [0,070] ----D C:\Program Files\WinASPI
O43 - CFD: 25/11/2007 - 18:03:08 - [0] ----D C:\Program Files\Fichiers communs\element5 Shared
O43 - CFD: 07/04/2013 - 18:07:36 - [0,475] ----D C:\Documents and Settings\marc\Application Data\Allmyapps
O43 - CFD: 24/02/2013 - 12:28:24 - [0,160] ----D C:\Documents and Settings\marc\Application Data\C3601B61-7C2A-46B5-BE03-29B77F41FD9F
O43 - CFD: 01/01/2004 - 10:09:34 - [8,875] ----D C:\Documents and Settings\marc\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
O43 - CFD: 16/02/2013 - 17:58:12 - [0,003] ----D C:\Documents and Settings\marc\Menu D�marrer\Programmes\IPsO
O43 - CFD: 17/02/2013 - 17:34:47 - [0,003] ----D C:\Documents and Settings\marc\Menu D�marrer\Programmes\PopTray
O43 - CFD: 05/04/2013 - 18:10:59 - [0,001] ----D C:\Documents and Settings\marc\Menu D�marrer\Programmes\Sawbuck
~ Program Folder: 191 Legitimates Scanned in 00mn 36s
---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.F5DE35F1B773EA419FB7793DBF171E01] - 08/04/2013 - 11:54:55 ---A- . (...) -- C:\WINDOWS\system32\BMXBkpCtrlState-{00000002-00000000-0000000B-00001102-00000004-20051102}.rfx [29952]
O44 - LFC:[MD5.F5DE35F1B773EA419FB7793DBF171E01] - 08/04/2013 - 11:54:55 ---A- . (...) -- C:\WINDOWS\system32\BMXCtrlState-{00000002-00000000-0000000B-00001102-00000004-20051102}.rfx [29952]
O44 - LFC:[MD5.443BA7D86BCBCF35A8F3B8D9355EFE31] - 08/04/2013 - 11:54:55 ---A- . (...) -- C:\WINDOWS\system32\BMXState-{00000002-00000000-0000000B-00001102-00000004-20051102}.rfx [30888]
O44 - LFC:[MD5.443BA7D86BCBCF35A8F3B8D9355EFE31] - 08/04/2013 - 11:54:55 ---A- . (...) -- C:\WINDOWS\system32\BMXStateBkp-{00000002-00000000-0000000B-00001102-00000004-20051102}.rfx [30888]
O44 - LFC:[MD5.7DCB9ADB541020360953094B2CB4F300] - 08/04/2013 - 11:54:55 ---A- . (...) -- C:\WINDOWS\system32\DVCState-{00000002-00000000-0000000B-00001102-00000004-20051102}.dat [384]
O44 - LFC:[MD5.7DCB9ADB541020360953094B2CB4F300] - 08/04/2013 - 11:54:55 ---A- . (...) -- C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-0000000B-00001102-00000004-20051102}.dat [384]
O44 - LFC:[MD5.89E7F65AB8D6A6EB193EF57C30840F8D] - 08/04/2013 - 11:54:55 ---A- . (...) -- C:\WINDOWS\system32\settings.sfm [1080]
O44 - LFC:[MD5.89E7F65AB8D6A6EB193EF57C30840F8D] - 08/04/2013 - 11:54:55 ---A- . (...) -- C:\WINDOWS\system32\settingsbkup.sfm [1080]
O44 - LFC:[MD5.06EC71C638667ADFB5F2C48AF039D7B3] - 08/04/2013 - 11:54:52 ---A- . (...) -- C:\WINDOWS\{00000002-00000000-0000000B-00001102-00000004-20051102}.CDF [4932268]
O44 - LFC:[MD5.59CEBE2FB01D897F982BE915B7976D94] - 08/04/2013 - 11:54:50 ---A- . (...) -- C:\WINDOWS\wiadebug.log [561]
O44 - LFC:[MD5.8468E186794CAFAD6AFF4E73E7228C10] - 08/04/2013 - 10:34:07 ---A- . (...) -- C:\WINDOWS\system32\nmp.map [53768]
O44 - LFC:[MD5.06066F28A565431B1487945425419419] - 08/04/2013 - 10:34:07 ---A- . (...) -- C:\WINDOWS\system32\sig.bin [1034977]
O44 - LFC:[MD5.A796825263369218437E13DD616DBD36] - 08/04/2013 - 10:29:57 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.AC280F7EE7BFB4B5E8380CD48139A376] - 07/04/2013 - 17:12:56 ---A- . (...) -- C:\AdwCleaner[S8].txt [1885]
O44 - LFC:[MD5.086F365ED4A09F3A6519C06D91E29BA0] - 07/04/2013 - 17:11:22 ---A- . (...) -- C:\AdwCleaner[R8].txt [1785]
O44 - LFC:[MD5.10A6CF1843F8830B60DCA87792FD3DF6] - 04/04/2013 - 19:00:00 ---A- . (.Pas de propri�taire - ffdshow VFW.) -- C:\WINDOWS\system32\ff_vfw.dll [112640]
O44 - LFC:[MD5.39181EABB0E4CA1E8B7BF7B3C3A1DEFE] - 31/03/2013 - 19:01:53 ---A- . (...) -- C:\Auth.prof [40]
O44 - LFC:[MD5.7E57C9B6A2E2E1D3216BBA505860E002] - 01/04/2013 - 10:45:15 --HA- . (...) -- C:\WINDOWS\system32\default_user_class.dat.LOG [1024]
O44 - LFC:[MD5.FA425C74CE2EB719B2A77A7A2ADDAE32] - 01/04/2013 - 10:06:35 ---A- . (.Pas de propri�taire - Lagarith.) -- C:\WINDOWS\system32\lagarith.dll [216064]
O44 - LFC:[MD5.22722B4E887BB95AB071542DE5A42C80] - 01/04/2013 - 10:06:35 ---A- . (.http://www.mp3dev.org/ - Lame MP3 codec engine.) -- C:\WINDOWS\system32\lameACM.acm [839680]
O44 - LFC:[MD5.006C6378513685ACDFFA84A5ECB86F76] - 01/04/2013 - 10:06:32 ---A- . (.fccHandler - AC-3 ACM Codec.) -- C:\WINDOWS\system32\ac3acm.acm [151552]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 30/03/2013 - 09:53:19 ----- . (...) -- C:\WINDOWS\Sti_Trace.log [0]
O44 - LFC:[MD5.FBE5C2BDED0E85F6F0E68D1D6F2521DF] - 17/03/2013 - 17:21:30 ---A- . (.x264vfw project - x264vfw - H.264/MPEG-4 AVC codec.) -- C:\WINDOWS\system32\x264vfw.dll [3649536]
O44 - LFC:[MD5.671FEF5266B8AA14C0B69B38C24BD8BD] - 21/05/2012 - 22:48:30 ---A- . (...) -- C:\WINDOWS\system32\lame_acm.xml [415]
O44 - LFC:[MD5.56552C7C36B6237704CE3BA9DF49FECF] - 24/06/2011 - 15:44:30 ---A- . (...) -- C:\WINDOWS\system32\xvidvfw.dll [243200]
O44 - LFC:[MD5.C26B7B8CA40C627B9DE399F9F8FACC69] - 24/06/2011 - 15:28:22 ---A- . (...) -- C:\WINDOWS\system32\xvidcore.dll [650752]
O44 - LFC:[MD5.DED4C49C39D6CEFC00FDA0C4D7D59407] - 22/06/2011 - 15:14:00 ---A- . (...) -- C:\WINDOWS\system32\ff_vfw.dll.manifest [714]
~ Files: 49 Legitimates Scanned in 00mn 54s
---\\ Derniers fichiers cr��s dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.1BC8E4E463E6E92D66E89FE31B283E5F] - 07/04/2013 - 09:54:52 ---A- - C:\WINDOWS\Prefetch\PROGRAMDEACTIVATOR.EXE-30E3757D.pf
O45 - LFCP:[MD5.897720CF21B44D167FFB0D8EC340734A] - 07/04/2013 - 09:56:42 ---A- - C:\WINDOWS\Prefetch\SUMO.EXE-0C8FAC84.pf
O45 - LFCP:[MD5.0E00532F35DBA45EE4AA95FE1CD4D494] - 07/04/2013 - 10:34:09 ---A- - C:\WINDOWS\Prefetch\NS21.TMP-1601D28C.pf
O45 - LFCP:[MD5.C442A1272B26DC1F8F82D3CB7E3AAE34] - 07/04/2013 - 10:34:09 ---A- - C:\WINDOWS\Prefetch\NS24.TMP-23C2C16F.pf
O45 - LFCP:[MD5.1E17F4E502CA12FA4597F77496BDA47D] - 07/04/2013 - 16:51:54 ---A- - C:\WINDOWS\Prefetch\K-LITE_CODEC_PACK_985_MEGA.EX-1E59B665.pf
O45 - LFCP:[MD5.49A09673C8D0A04EC2D3771982173E0F] - 07/04/2013 - 16:51:55 ---A- - C:\WINDOWS\Prefetch\K-LITE_CODEC_PACK_985_MEGA.TM-2FBCD9D6.pf
O45 - LFCP:[MD5.7BBC9EADCCE209DD134E9EA2A04EED50] - 07/04/2013 - 16:51:58 ---A- - C:\WINDOWS\Prefetch\_IU14D2N.TMP-06B48FF9.pf
O45 - LFCP:[MD5.D7976B8BC709C0D4597F509154C027E0] - 07/04/2013 - 16:53:31 ---A- - C:\WINDOWS\Prefetch\CODECTWEAKTOOL.EXE-025B4564.pf
O45 - LFCP:[MD5.756D0E954461E761B0C38B0614170A61] - 07/04/2013 - 16:55:00 ---A- - C:\WINDOWS\Prefetch\MEDIA_PLAYER_CLASSIC_HOME_CIN-0E75BDD1.pf
O45 - LFCP:[MD5.B22ED9CD62C2C8257B02FA4BAC3F4A4F] - 07/04/2013 - 16:55:01 ---A- - C:\WINDOWS\Prefetch\MEDIA_PLAYER_CLASSIC_HOME_CIN-0118D9D1.pf
O45 - LFCP:[MD5.2CB1479E36FEB829CCE6E550E4292F37] - 07/04/2013 - 16:56:04 ---A- - C:\WINDOWS\Prefetch\MPC-HC.EXE-39E7C0DE.pf
O45 - LFCP:[MD5.542A1FFDA137D3B74E752FDFC3CDADC9] - 07/04/2013 - 16:57:14 ---A- - C:\WINDOWS\Prefetch\RECUVA_1.46.919_FR_31279.EXE-22BB4D21.pf
O45 - LFCP:[MD5.0317FFF274F17C5BE21917A365F909B5] - 07/04/2013 - 16:57:31 ---A- - C:\WINDOWS\Prefetch\NS1A.TMP-235A0BDB.pf
O45 - LFCP:[MD5.5DBCD831E6C95A045F67D7E7286F1DF2] - 07/04/2013 - 16:57:57 ---A- - C:\WINDOWS\Prefetch\RECUVA.EXE-29EDF697.pf
O45 - LFCP:[MD5.B4E8CF9399E03DE881CA37F351CE3C13] - 07/04/2013 - 17:01:19 ---A- - C:\WINDOWS\Prefetch\SPEEDYFOX 2.0.3.65.EXE-0F1B2465.pf
O45 - LFCP:[MD5.61494CA0C588BAF9C61880D76494E286] - 07/04/2013 - 17:02:14 ---A- - C:\WINDOWS\Prefetch\DESKTOPOK 2.41.EXE-089A1D3D.pf
O45 - LFCP:[MD5.82994AE981308390EA4A286DDC10247E] - 07/04/2013 - 17:04:49 ---A- - C:\WINDOWS\Prefetch\CHROME_INSTALLER-26.0.1410.43-0AC10282.pf
O45 - LFCP:[MD5.C7B452E7E26EA49BFCF1230931F4248E] - 07/04/2013 - 17:05:10 ---A- - C:\WINDOWS\Prefetch\26.0.1410.43_CHROME_INSTALLER-085B8DB2.pf
O45 - LFCP:[MD5.F1586A0C96E5AECA50091356DD2E71F2] - 07/04/2013 - 17:06:33 ---A- - C:\WINDOWS\Prefetch\ALLMYAPPS.EXE-0C497FC7.pf
O45 - LFCP:[MD5.286754978319C0841CD96431E7B7423C] - 07/04/2013 - 17:06:34 ---A- - C:\WINDOWS\Prefetch\CRASHSENDER1301.EXE-0848C4B4.pf
O45 - LFCP:[MD5.0685640F2D94E95B318ECAB8590875CD] - 07/04/2013 - 17:22:34 ---A- - C:\WINDOWS\Prefetch\GDFIREWALLTRAY.EXE-2FF190E5.pf
O45 - LFCP:[MD5.0593ECAC6E9BA5BD3FE4A05D1E243B2F] - 07/04/2013 - 18:29:45 ---A- - C:\WINDOWS\Prefetch\IPSO.EXE-3B142144.pf
O45 - LFCP:[MD5.42BDECF4BD42F614D6F0252A68C4C3BF] - 07/04/2013 - 18:29:45 ---A- - C:\WINDOWS\Prefetch\KEYSCRAMBLER.EXE-3A8036D6.pf
O45 - LFCP:[MD5.28CA0C865BA8C5DC0A3CFFC02E5BEC4E] - 07/04/2013 - 18:29:45 ---A- - C:\WINDOWS\Prefetch\MSPMSPSV.EXE-13D52AC2.pf
O45 - LFCP:[MD5.38CC378C0761C86D36C9F96A82ABF69A] - 07/04/2013 - 18:29:45 ---A- - C:\WINDOWS\Prefetch\POPTRAY.EXE-385BD482.pf
O45 - LFCP:[MD5.7E1FE2A0FDE8EC5F24F1506D4862E445] - 07/04/2013 - 18:29:45 ---A- - C:\WINDOWS\Prefetch\TUNEUPUTILITIESSERVICE32.EXE-1CDBC610.pf
O45 - LFCP:[MD5.E7647660152D5E6DD0213EE4E93483BE] - 07/04/2013 - 18:29:45 ---A- - C:\WINDOWS\Prefetch\UPHCLEAN.EXE-38E40E8B.pf
O45 - LFCP:[MD5.0A12C1FDA46B9EACD76B41A1D272361B] - 07/04/2013 - 18:29:57 ---A- - C:\WINDOWS\Prefetch\GDFWADMIN.EXE-18B5800C.pf
O45 - LFCP:[MD5.11A256B429237D835585A5137C91DB5F] - 07/04/2013 - 21:15:25 ---A- - C:\WINDOWS\Prefetch\SHUTDOWN.EXE-00AD91B0.pf
O45 - LFCP:[MD5.1125744419919AE65171406E4A283287] - 08/04/2013 - 10:30:51 ---A- - C:\WINDOWS\Prefetch\GDFWSVC.EXE-0773CEA0.pf
O45 - LFCP:[MD5.1AEF48360ADB3D0318813D6A70A59322] - 08/04/2013 - 10:32:22 ---A- - C:\WINDOWS\Prefetch\INITIALIZE.EXE-2316EC09.pf
O45 - LFCP:[MD5.443DC38B583801162C4112E20FF3D817] - 08/04/2013 - 10:32:29 ---A- - C:\WINDOWS\Prefetch\TUNEUPUTILITIESAPP32.EXE-22C48212.pf
O45 - LFCP:[MD5.E253737ABEDC842CB2E4436962459EC5] - 08/04/2013 - 10:32:32 ---A- - C:\WINDOWS\Prefetch\RECGUARD.EXE-16078673.pf
O45 - LFCP:[MD5.813BEB6B3AEBEBBBB442B3390762480D] - 08/04/2013 - 10:32:42 ---A- - C:\WINDOWS\Prefetch\AGRSMMSG.EXE-071EDC2A.pf
O45 - LFCP:[MD5.6E0B334FFD531DFEB6E8363EE1D68F8B] - 08/04/2013 - 10:32:42 ---A- - C:\WINDOWS\Prefetch\HPHMON05.EXE-1C7A07AD.pf
O45 - LFCP:[MD5.4552426CEDDA796AC57C5DBD41116359] - 08/04/2013 - 10:32:42 ---A- - C:\WINDOWS\Prefetch\PS2.EXE-23667557.pf
O45 - LFCP:[MD5.6C7B2432BF50180B57B0F850D8258DB4] - 08/04/2013 - 10:32:43 ---A- - C:\WINDOWS\Prefetch\AVKTRAY.EXE-23286FF0.pf
O45 - LFCP:[MD5.96398E7E5038D1C7FE8441B33E655902] - 08/04/2013 - 11:46:45 ---A- - C:\WINDOWS\Prefetch\CNMSEAD.EXE-084FB023.pf
O45 - LFCP:[MD5.5F50736357AA965D3F7F3AF298675E60] - 08/04/2013 - 14:51:42 ---A- - C:\WINDOWS\Prefetch\AVK.EXE-3025CFD9.pf
O45 - LFCP:[MD5.7E310CE6764FC6A30E341AA01D6C5034] - 08/04/2013 - 15:18:17 ---A- - C:\WINDOWS\Prefetch\WKDSTORE.EXE-23505CEE.pf
~ Prefetcher: 130 Legitimates Scanned in 00mn 03s
---\\ Op�rations et fonctions au d�marrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Export de cl� d'application autoris�e (O47)
O47 - AAKE:Key Export SP - "C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" [Enabled] .(.IVT Corporation..) -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Orb Networks\Orb\bin\Orb.exe" [Enabled] .(.Orb Networks, Inc..) -- C:\Program Files\Orb Networks\Orb\bin\Orb.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" [Enabled] .(.Orb Networks.) -- C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe" [Enabled] .(.Orb Networks.) -- C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Orb Networks\Orb\bin\xmltv.exe" [Enabled] .(.XMLTV Project http://www.xmltv.org.) -- C:\Program Files\Orb Networks\Orb\bin\xmltv.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe" [Enabled] .(.Orb Networks.) -- C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe
O47 - AAKE:Key Export SP - "C:\Program Files\ma-config.com\maconfservice.exe" [Enabled] .(...) -- C:\Program Files\ma-config.com\maconfservice.exe (.not file.)
~ Keys Export: 13 Legitimates Scanned in 00mn 00s
---\\ D�ni du service (Local Security Authority) (O48)
~ LSA: 6 Legitimates Scanned in 00mn 00s
---\\ Contr�le du Safe Boot (CSB) (O49)
~ CBS: 21 Legitimates Scanned in 00mn 01s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s
---\\ Trojan Driver Search Data (HKLM) (O52)
O52 - TDSD: \Drivers32\"vidc.LEAD"="LCODCCMP.DLL" . (.LEAD Technologies, Inc. - LEAD MCMP/MJPEG Codec.) -- C:\WINDOWS\system32\LCODCCMP.dll
O52 - TDSD: \drivers.desc\"LCODCCMP.DLL"="LEAD MCMP/MJPEG Codec (VFW)" . (.LEAD Technologies, Inc. - LEAD MCMP/MJPEG Codec.) -- C:\WINDOWS\system32\LCODCCMP.dll
~ TDSD: 24 Legitimates Scanned in 00mn 03s
---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\Adobe Reader Synchronizer [Key] . (...) -- C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Allmyapps [Key] . (...) -- C:\Documents and Settings\Administrateur\Application Data\Allmyapps\Allmyapps.exe
O53 - SMSR:HKLM\...\startupreg\Allmyapps Update [Key] . (...) -- C:\Documents and Settings\Administrateur\Application Data\Allmyapps\AllmyappsUpdater.exe
O53 - SMSR:HKLM\...\startupreg\NeroCheck [Key] . (.Ahead Software Gmbh - NeroCheck.) -- C:\WINDOWS\system32\NeroCheck.exe
O53 - SMSR:HKLM\...\startupreg\OSSelectorReinstall [Key] . (...) -- C:\Program Files\Fichiers communs\Acronis\Acronis Disk Director\oss_reinstall.exe
O53 - SMSR:HKLM\...\startupreg\TrueImageMonitor.exe [Key] . (...) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O53 - SMSR:HKLM\...\startupreg\UpdateManager [Key] . (.Sonic Solutions - Sonic Update Manager.) -- c:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
~ SMSR Keys: 28 Legitimates Scanned in 00mn 01s
---\\ Microsoft Control Security Providers (O54)
~ MSCP: 6 Legitimates Scanned in 00mn 00s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
~ MWPS: 7 Legitimates Scanned in 00mn 00s
---\\ Microsoft Windows Policies Explorer (O56)
~ MWPE Keys: 6 Legitimates Scanned in 00mn 00s
---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.53696AD8FFC5FAC51949A525FF65A689] - 24/02/2013 - 11:28:24 ---A- . (.Acronis - File Level CDP Kernel Helper.) -- C:\WINDOWS\system32\Drivers\afcdp.sys [167968]
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 12/02/2004 - 02:39:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
~ Drivers: Scanned in 00mn 00s
---\\ Derniers fichiers modifi�s ou cr�es (Utilisateur) (O61)
O61 - LFC: 05/04/2013 - 11:30:48 ---A- C:\Documents and Settings\marc\Application Data\G-Force Prefs (WindowsMediaPlayer).txt [191]
O61 - LFC: 05/04/2013 - 11:31:06 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\History Index 2013-04 [417792]
O61 - LFC: 05/04/2013 - 11:31:06 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\History Index 2013-04-journal [16384]
O61 - LFC: 05/04/2013 - 11:31:07 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Cache\f_0002bc [178948]
O61 - LFC: 05/04/2013 - 11:31:09 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Top Sites [28672]
O61 - LFC: 05/04/2013 - 11:31:09 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Top Sites-journal [16384]
O61 - LFC: 05/04/2013 - 11:31:10 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Cache\f_0002bd [21417]
O61 - LFC: 05/04/2013 - 11:31:10 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Session Storage\000286.sst [146]
O61 - LFC: 05/04/2013 - 11:35:21 ---A- C:\Documents and Settings\marc\Application Data\Microsoft\Media Player\006D3120.wpl [192]
O61 - LFC: 05/04/2013 - 11:35:30 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Session Storage\000288.sst [187144]
O61 - LFC: 05/04/2013 - 11:38:00 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extension State\LOG.old [267]
O61 - LFC: 05/04/2013 - 11:38:04 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\File System\Origins\LOG.old [148]
O61 - LFC: 05/04/2013 - 11:38:05 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Session Storage\000291.sst [187158]
O61 - LFC: 05/04/2013 - 11:38:06 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Bookmarks.bak [207705]
O61 - LFC: 05/04/2013 - 11:38:06 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Cache\f_0002c0 [27841]
O61 - LFC: 05/04/2013 - 11:38:07 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Cache\f_0002c1 [21417]
O61 - LFC: 05/04/2013 - 11:38:08 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\File System\000\p\Paths\LOG.old [148]
O61 - LFC: 05/04/2013 - 11:38:08 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Session Storage\LOG.old [272]
O61 - LFC: 05/04/2013 - 11:38:13 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Last Tabs [1374]
O61 - LFC: 05/04/2013 - 11:38:14 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Last Session [3151]
O61 - LFC: 05/04/2013 - 11:38:16 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extension State\CURRENT [16]
O61 - LFC: 05/04/2013 - 11:38:16 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extension State\MANIFEST-000227 [543]
O61 - LFC: 05/04/2013 - 11:38:18 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extension State\LOG [267]
O61 - LFC: 05/04/2013 - 11:38:18 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Login Data [16384]
O61 - LFC: 05/04/2013 - 11:38:18 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Login Data-journal [8736]
O61 - LFC: 05/04/2013 - 11:38:18 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Web Data [83968]
O61 - LFC: 05/04/2013 - 11:38:18 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Web Data-journal [16384]
O61 - LFC: 05/04/2013 - 11:38:19 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Bookmarks [207705]
O61 - LFC: 05/04/2013 - 11:38:19 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Cache\f_0002c2 [27766]
O61 - LFC: 05/04/2013 - 11:38:19 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\File System\000\p\Paths\CURRENT [16]
O61 - LFC: 05/04/2013 - 11:38:19 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\File System\000\p\Paths\MANIFEST-000167 [88]
O61 - LFC: 05/04/2013 - 11:38:19 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\File System\Origins\CURRENT [16]
O61 - LFC: 05/04/2013 - 11:38:19 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\File System\Origins\MANIFEST-000177 [142]
O61 - LFC: 05/04/2013 - 11:38:21 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Local Storage\chrome-extension_mfidmkgnfgnkihnjeklbekckimkipmoe_0.localstorage [3072]
O61 - LFC: 05/04/2013 - 11:38:21 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Local Storage\chrome-extension_mfidmkgnfgnkihnjeklbekckimkipmoe_0.localstorage-journal [3608]
O61 - LFC: 05/04/2013 - 11:38:22 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Session Storage\000294.sst [374113]
O61 - LFC: 05/04/2013 - 11:38:22 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Session Storage\CURRENT [16]
O61 - LFC: 05/04/2013 - 11:38:22 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Session Storage\MANIFEST-000293 [252]
O61 - LFC: 05/04/2013 - 11:38:24 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\File System\000\p\Paths\LOG [148]
O61 - LFC: 05/04/2013 - 11:38:24 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Session Storage\LOG [272]
O61 - LFC: 05/04/2013 - 11:38:26 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\File System\Origins\LOG [148]
O61 - LFC: 05/04/2013 - 11:38:27 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Favicons [604160]
O61 - LFC: 05/04/2013 - 11:38:27 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Favicons-journal [16384]
O61 - LFC: 05/04/2013 - 11:38:27 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Managed Mode Settings [8]
O61 - LFC: 05/04/2013 - 11:38:36 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\databases\chrome-extension_epanfjkfahimkgomnigadpkobaefekcd_0\1 [114688]
O61 - LFC: 05/04/2013 - 11:38:37 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Local Storage\chrome-extension_epanfjkfahimkgomnigadpkobaefekcd_0.localstorage [5120]
O61 - LFC: 05/04/2013 - 11:38:37 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Local Storage\chrome-extension_epanfjkfahimkgomnigadpkobaefekcd_0.localstorage-journal [5672]
O61 - LFC: 05/04/2013 - 11:38:49 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Cookies [32768]
O61 - LFC: 05/04/2013 - 11:38:49 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Cookies-journal [16384]
O61 - LFC: 05/04/2013 - 11:38:49 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\QuotaManager [19456]
O61 - LFC: 05/04/2013 - 11:38:49 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\QuotaManager-journal [8768]
O61 - LFC: 05/04/2013 - 11:38:55 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Local State [23156]
O61 - LFC: 05/04/2013 - 11:38:55 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Current Tabs [1374]
O61 - LFC: 05/04/2013 - 11:38:55 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Sync Data\SyncData.sqlite3 [2318336]
O61 - LFC: 05/04/2013 - 11:38:56 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Cache\data_0 [229376]
O61 - LFC: 05/04/2013 - 11:38:56 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Cache\data_1 [4726784]
O61 - LFC: 05/04/2013 - 11:38:56 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Cache\data_2 [8396800]
O61 - LFC: 05/04/2013 - 11:38:56 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Current Session [1910]
O61 - LFC: 05/04/2013 - 11:38:56 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\History [364544]
O61 - LFC: 05/04/2013 - 11:38:56 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\History Provider Cache [23294]
O61 - LFC: 05/04/2013 - 11:38:56 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\History-journal [16384]
O61 - LFC: 05/04/2013 - 11:38:56 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Preferences [116201]
O61 - LFC: 05/04/2013 - 11:38:56 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Sync Data\SyncData.sqlite3-journal [16384]
O61 - LFC: 05/04/2013 - 11:38:56 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\chrome_shutdown_ms.txt [5]
O61 - LFC: 05/04/2013 - 15:44:42 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\bookmarkbackups\bookmarks-2013-04-05.json [162517]
O61 - LFC: 05/04/2013 - 15:47:51 ---A- C:\Documents and Settings\marc\Recent\Erreur 7.doc.lnk [482]
O61 - LFC: 05/04/2013 - 15:53:20 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\adblockplus-rules.json [365283]
O61 - LFC: 05/04/2013 - 15:56:05 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\mimeTypes.rdf [4430]
O61 - LFC: 05/04/2013 - 15:56:09 ---A- C:\Documents and Settings\marc\Recent\Patch_FR_Tweak_UI_v2.10.0.5.zip.lnk [617]
O61 - LFC: 05/04/2013 - 15:56:09 ---A- C:\Documents and Settings\marc\Recent\TweakUI.lnk [549]
O61 - LFC: 05/04/2013 - 16:36:07 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [117153]
O61 - LFC: 05/04/2013 - 16:49:14 ---A- C:\Documents and Settings\marc\Recent\MARC.lnk [349]
O61 - LFC: 05/04/2013 - 16:49:14 ---A- C:\Documents and Settings\marc\Recent\echec google earth.jpg.lnk [512]
O61 - LFC: 05/04/2013 - 17:10:59 ---A- C:\Documents and Settings\marc\Menu D�marrer\Programmes\Sawbuck\Sawbuck.lnk [830]
O61 - LFC: 05/04/2013 - 17:10:59 ---A- C:\Documents and Settings\marc\Menu D�marrer\Programmes\Sawbuck\Uninstall Sawbuck.lnk [551]
O61 - LFC: 05/04/2013 - 17:11:00 R--A- C:\Documents and Settings\marc\Application Data\Microsoft\Installer\{459BFE07-FCF3-4274-AC8B-8E8DDA7214BA}\icon.ico [96583]
O61 - LFC: 05/04/2013 - 17:13:18 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\pluginreg.dat [10091]
O61 - LFC: 05/04/2013 - 17:28:13 ---A- C:\Documents and Settings\marc\Recent\D�pannage installation.doc.lnk [825]
O61 - LFC: 05/04/2013 - 17:28:13 ---A- C:\Documents and Settings\marc\Recent\Google Chrome.lnk [568]
O61 - LFC: 05/04/2013 - 17:46:07 ---A- C:\Documents and Settings\marc\Recent\Google earth.lnk [565]
O61 - LFC: 05/04/2013 - 17:46:07 ---A- C:\Documents and Settings\marc\Recent\d�pannage avec Sawbuck.doc.lnk [820]
O61 - LFC: 05/04/2013 - 17:48:03 ---A- C:\Documents and Settings\marc\Recent\CODES.pdf.lnk [306]
O61 - LFC: 06/04/2013 - 09:31:59 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\bookmarkbackups\bookmarks-2013-04-06.json [162517]
O61 - LFC: 06/04/2013 - 10:12:41 ---A- C:\Documents and Settings\marc\Bureau\OTL\R�installation Chrome et Earth.doc [20480]
O61 - LFC: 06/04/2013 - 10:43:04 ---A- C:\Documents and Settings\marc\Recent\R�installation Chrome et Earth.doc.lnk [481]
O61 - LFC: 06/04/2013 - 13:55:27 ---A- C:\Documents and Settings\marc\Recent\COMPTES DIVERS.doc.lnk [735]
O61 - LFC: 06/04/2013 - 13:55:27 ---A- C:\Documents and Settings\marc\Recent\Divers.lnk [542]
O61 - LFC: 06/04/2013 - 13:55:28 ---A- C:\Documents and Settings\marc\Application Data\Microsoft\�preuve\CUSTOM.DIC [51]
O61 - LFC: 06/04/2013 - 14:00:38 ---A- C:\Documents and Settings\marc\Recent\Ann�e 2013.lnk [556]
O61 - LFC: 06/04/2013 - 14:00:38 ---A- C:\Documents and Settings\marc\Recent\Compte PEA la Poste 2013.xls.lnk [787]
O61 - LFC: 06/04/2013 - 14:07:03 ---A- C:\Documents and Settings\marc\Bureau\OTL\OTL.exe [602112]
O61 - LFC: 06/04/2013 - 17:33:58 ---A- C:\Documents and Settings\marc\Bureau\OTL\OTL.doc [147456]
O61 - LFC: 06/04/2013 - 17:34:02 ---A- C:\Documents and Settings\marc\Recent\OTL.doc.lnk [394]
O61 - LFC: 06/04/2013 - 18:45:36 ---A- C:\Documents and Settings\marc\Application Data\Microsoft\Windows\Themes\Custom.theme [7806]
O61 - LFC: 06/04/2013 - 18:46:19 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Microsoft\Wallpaper1.bmp [2090034]
O61 - LFC: 06/04/2013 - 18:46:19 -SHA- C:\Documents and Settings\marc\Application Data\Microsoft\Internet Explorer\Desktop.htt [2696]
O61 - LFC: 07/04/2013 - 03:25:27 ---A- C:\Documents and Settings\marc\Bureau\OTL\Capture image OTL avant interruption.jpg [81768]
O61 - LFC: 07/04/2013 - 03:26:57 ---A- C:\Documents and Settings\marc\Recent\Capture N� 2.jpg.lnk [351]
O61 - LFC: 07/04/2013 - 09:15:34 ---A- C:\Documents and Settings\marc\Recent\Capture N� 1.jpg.lnk [427]
O61 - LFC: 07/04/2013 - 09:39:42 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\bookmarkbackups\bookmarks-2013-04-07.json [162816]
O61 - LFC: 07/04/2013 - 09:41:17 ---A- C:\Documents and Settings\marc\Bureau\OTL\Arr�t OTL.doc [20992]
O61 - LFC: 07/04/2013 - 09:45:49 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\blocklist.xml [58746]
O61 - LFC: 07/04/2013 - 09:53:25 ---A- C:\Documents and Settings\marc\Recent\Arr�t OTL.doc.lnk [691]
O61 - LFC: 07/04/2013 - 09:57:37 ---A- C:\Documents and Settings\marc\Application Data\KC Softwares\SUMo\reg.sumo [11260]
O61 - LFC: 07/04/2013 - 09:57:58 ---A- C:\Documents and Settings\marc\Application Data\KC Softwares\SUMo\db.bak [6713]
O61 - LFC: 07/04/2013 - 09:58:28 ---A- C:\Documents and Settings\marc\Application Data\KC Softwares\SUMo\SUMo.cache [5332]
O61 - LFC: 07/04/2013 - 09:59:36 ---A- C:\Documents and Settings\marc\Recent\sumo1.jpg.lnk [306]
O61 - LFC: 07/04/2013 - 10:00:03 ---A- C:\Documents and Settings\marc\Recent\sumo2.jpg.lnk [306]
O61 - LFC: 07/04/2013 - 10:00:05 ---A- C:\Documents and Settings\marc\Application Data\KC Softwares\SUMo\db.sumo [6713]
O61 - LFC: 07/04/2013 - 10:21:01 ---A- C:\Documents and Settings\marc\Recent\Adresse t�l�chargement Sumo.doc.lnk [1058]
O61 - LFC: 07/04/2013 - 10:21:01 ---A- C:\Documents and Settings\marc\Recent\sumo.lnk [734]
O61 - LFC: 07/04/2013 - 10:34:09 ---A- C:\Documents and Settings\marc\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [753]
O61 - LFC: 07/04/2013 - 10:34:14 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Crash Reports\InstallTime20130326150557 [10]
O61 - LFC: 07/04/2013 - 10:34:25 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\addons.sqlite [524288]
O61 - LFC: 07/04/2013 - 10:34:27 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\extensions.sqlite [557056]
O61 - LFC: 07/04/2013 - 10:34:30 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\search.json [10826]
O61 - LFC: 07/04/2013 - 10:38:39 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\permissions.sqlite [65536]
O61 - LFC: 07/04/2013 - 10:38:39 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\webappsstore.sqlite [196608]
O61 - LFC: 07/04/2013 - 16:12:59 ---A- C:\Documents and Settings\marc\Bureau\Roguekiller\RogueKiller.exe [816128]
O61 - LFC: 07/04/2013 - 16:13:09 ---A- C:\Documents and Settings\marc\Recent\Echec Chrome et Earth.lnk [451]
O61 - LFC: 07/04/2013 - 16:17:46 ---A- C:\Documents and Settings\marc\Bureau\Roguekiller\RKreport[1]_S_07042013_171707.txt [1639]
O61 - LFC: 07/04/2013 - 16:22:09 ---A- C:\Documents and Settings\marc\Bureau\RK_Quarantine\NewStartPanel_{20D04FE0-0.reg [408]
O61 - LFC: 07/04/2013 - 16:22:09 ---A- C:\Documents and Settings\marc\Bureau\RK_Quarantine\System_DisableReg0.reg [324]
O61 - LFC: 07/04/2013 - 16:22:49 ---A- C:\Documents and Settings\marc\Bureau\RK_Quarantine\AllmyappsUpdater.exe.vir [247800]
O61 - LFC: 07/04/2013 - 16:23:23 ---A- C:\Documents and Settings\marc\Bureau\Roguekiller\RKreport[3]_D_07042013_172249.txt [1723]
O61 - LFC: 07/04/2013 - 16:25:35 ---A- C:\Documents and Settings\marc\Recent\RKreport[2]_S_07042013_172128.txt.lnk [591]
O61 - LFC: 07/04/2013 - 16:44:45 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\signons.sqlite [327680]
O61 - LFC: 07/04/2013 - 16:50:05 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\formhistory.sqlite [196608]
O61 - LFC: 07/04/2013 - 16:56:10 ---A- C:\Documents and Settings\marc\Application Data\Media Player Classic\default.mpcpl [16]
O61 - LFC: 07/04/2013 - 17:01:19 ---A- C:\Documents and Settings\marc\Application Data\CrystalIdea Software\SpeedyFox\preferences.xml [232]
O61 - LFC: 07/04/2013 - 17:01:37 ---A- C:\Documents and Settings\marc\Bureau\speedyfox 2.0.3.65.lnk [833]
O61 - LFC: 07/04/2013 - 17:06:48 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\1664.png [4744]
O61 - LFC: 07/04/2013 - 17:06:48 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\1675.png [3432]
O61 - LFC: 07/04/2013 - 17:06:48 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\1924.png [5069]
O61 - LFC: 07/04/2013 - 17:06:48 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\518.png [3041]
O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\1389.png [2315]
O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\1395.png [5642]
O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\1403.png [6732]
O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\1485.png [5980]
O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\17630.png [2328]
O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\228.png [5665]
O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\2317.png [682]
O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\348.png [1836]
O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\396.png [7400]
O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\436.png [2979]
O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\452.png [5123]
O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\562.png [2142]
O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\580.png [9036]
O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\582.png [6487]
O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\589.png [4822]
O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\602.png [6407]
O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\609.png [8179]
O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\617.png [5658]
O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\622.png [3349]
O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\684.png [7152]
O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\6889.png [2206]
O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\711.png [4431]
O61 - LFC: 07/04/2013 - 17:08:20 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\ama.db [18432]
O61 - LFC: 07/04/2013 - 17:08:50 ---A- C:\Documents and Settings\marc\Bureau\RK_Quarantine\Eula.txt [3769]
O61 - LFC: 07/04/2013 - 17:09:51 ---A- C:\Documents and Settings\marc\Bureau\RK_Quarantine\PhysicalDrive0_User.dat [512]
O61 - LFC: 07/04/2013 - 17:09:51 ---A- C:\Documents and Settings\marc\Bureau\RK_Quarantine\QuarantineReport.txt [790]
O61 - LFC: 07/04/2013 - 18:34:45 ---A- C:\Documents and Settings\marc\Recent\RKreport[1]_S_07042013_171707.txt.lnk [721]
O61 - LFC: 07/04/2013 - 18:41:25 ---A- C:\Documents and Settings\marc\Recent\RKreport[3]_D_07042013_172249.txt.lnk [721]
O61 - LFC: 07/04/2013 - 18:44:38 ---A- C:\Documents and Settings\marc\Bureau\Roguekiller\RogueKiller.doc [137216]
O61 - LFC: 07/04/2013 - 18:44:45 ---A- C:\Documents and Settings\marc\Recent\RogueKiller.doc.lnk [631]
O61 - LFC: 07/04/2013 - 18:44:45 ---A- C:\Documents and Settings\marc\Recent\Roguekiller.lnk [401]
O61 - LFC: 07/04/2013 - 21:00:43 ---A- C:\Documents and Settings\marc\Bureau\MB\mbam-log-2013-04-07 (19-47-07).txt [2138]
O61 - LFC: 07/04/2013 - 21:14:03 ---A- C:\Documents and Settings\marc\Recent\mbam-log-2013-04-07 (19-47-07).txt.lnk [657]
O61 - LFC: 07/04/2013 - 21:15:12 ---A- C:\Documents and Settings\marc\Bureau\MB\lien rapport.doc [19968]
O61 - LFC: 07/04/2013 - 21:15:14 ---A- C:\Documents and Settings\marc\Recent\lien rapport.doc.lnk [567]
O61 - LFC: 08/04/2013 - 10:32:36 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\kstemp [0]
O61 - LFC: 08/04/2013 - 10:32:36 --HA- C:\Documents and Settings\marc\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [1024]
O61 - LFC: 08/04/2013 - 11:42:58 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\bookmarkbackups\bookmarks-2013-04-08.json [162948]
O61 - LFC: 08/04/2013 - 11:44:02 ---A- C:\Documents and Settings\marc\Bureau\Microsoft Word.lnk [2559]
O61 - LFC: 08/04/2013 - 11:46:25 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\cookies.sqlite [524288]
O61 - LFC: 08/04/2013 - 11:46:25 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\sessionstore.bak [1523]
O61 - LFC: 08/04/2013 - 11:46:25 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\sessionstore.js [1523]
O61 - LFC: 08/04/2013 - 11:48:01 ---A- C:\Documents and Settings\marc\Bureau\ZHPDiaz\ZhpDiaz.doc [41984]
O61 - LFC: 08/04/2013 - 11:50:00 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\downloads.sqlite [98304]
O61 - LFC: 08/04/2013 - 11:50:01 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\content-prefs.sqlite [229376]
O61 - LFC: 08/04/2013 - 11:50:01 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\places.sqlite [10485760]
O61 - LFC: 08/04/2013 - 11:52:19 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\parent.lock [0]
O61 - LFC: 08/04/2013 - 11:52:19 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\webapps\webapps.json [2]
O61 - LFC: 08/04/2013 - 11:52:22 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\ImTranslator\profile.imt [483]
O61 - LFC: 08/04/2013 - 11:52:23 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\adblockplus\elemhide.css [1544138]
O61 - LFC: 08/04/2013 - 11:52:25 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\urlclassifierkey3.txt [154]
O61 - LFC: 08/04/2013 - 11:52:33 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\cert8.db [98304]
O61 - LFC: 08/04/2013 - 11:52:33 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\key3.db [16384]
O61 - LFC: 08/04/2013 - 11:52:33 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\localstore.rdf [3252]
O61 - LFC: 08/04/2013 - 11:52:33 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\prefs.js [46281]
O61 - LFC: 08/04/2013 - 11:52:33 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\_CACHE_CLEAN_ [1]
O61 - LFC: 08/04/2013 - 11:52:34 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\startupCache\startupCache.4.little [53910]
O61 - LFC: 08/04/2013 - 11:52:36 ---A- C:\Documents and Settings\marc\Recent\ZHPDiaz.lnk [379]
O61 - LFC: 08/04/2013 - 11:52:36 ---A- C:\Documents and Settings\marc\Recent\ZhpDiaz.doc.lnk [579]
O61 - LFC: 08/04/2013 - 11:53:16 ---A- C:\Documents and Settings\marc\Bureau\MB\MBRCheck.lnk [684]
O61 - LFC: 08/04/2013 - 15:03:21 ---A- C:\Documents and Settings\marc\Recent\Personnels �picerie - pr�sences � conserver dans bureau .xls.lnk [717]
O61 - LFC: 08/04/2013 - 15:03:22 ---A- C:\Documents and Settings\marc\Application Data\Microsoft\Excel\Excel10.xlb [16945]
O61 - LFC: 08/04/2013 - 15:03:22 ---A- C:\Documents and Settings\marc\Recent\Majolane.lnk [422]
O61 - LFC: 08/04/2013 - 15:18:08 ---A- C:\Documents and Settings\marc\Application Data\wklnhst.dat [6334]
O61 - LFC: 08/04/2013 - 15:18:16 ---A- C:\Documents and Settings\marc\Recent\A4 vertical partag� en 10 H.doc.lnk [714]
O61 - LFC: 08/04/2013 - 15:18:16 ---A- C:\Documents and Settings\marc\Recent\Formats.lnk [490]
O61 - LFC: 08/04/2013 - 15:18:17 ---A- C:\Documents and Settings\marc\Application Data\Microsoft\Mod�les\Normal.dot [53248]
O61 - LFC: 08/04/2013 - 15:19:01 ---A- C:\Documents and Settings\marc\Bureau\MB\MBRCheck_04.08.13_16.18.48.txt [9847]
O61 - LFC: 08/04/2013 - 15:19:35 ---A- C:\Documents and Settings\marc\Recent\MB.lnk [350]
O61 - LFC: 08/04/2013 - 15:19:35 ---A- C:\Documents and Settings\marc\Recent\MBRCheck_04.08.13_16.18.48.txt.lnk [637]
O61 - LFC: 08/04/2013 - 15:20:43 -SHA- C:\Documents and Settings\marc\IETldCache\index.dat [262144]
~ 17 Fichiers temporaires (Temporary files)
~ 6 Fichiers cookies (Cookies files)
~ Files: 780 Legitimates Scanned in 01mn 30s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 08/04/2009 - C:\Program Files\Fichiers communs\AVerMedia\Service\AVerRemote.exe (AVerRemote) .(.AVerMedia - AVerRemote MFC Application.) - LEGACY_AVERREMOTE
O64 - Services: CurCS - 09/10/2009 - C:\Program Files\Fichiers communs\AVerMedia\Service\AVerScheduleService.exe (AVerScheduleService) .(.Pas de propri�taire - ScheduleService Module.) - LEGACY_AVERSCHEDULESERVICE
O64 - Services: CurCS - 23/08/2012 - Pas de propri�taire (AVKProxy) .(...) - LEGACY_AVKPROXY
O64 - Services: CurCS - 27/01/2012 - Pas de propri�taire (AVKService) .(...) - LEGACY_AVKSERVICE
O64 - Services: CurCS - 30/08/2012 - C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe (AVKWCtl) .(.G Data Software AG - G Data Filesystem Monitor Service.) - LEGACY_AVKWCTL
O64 - Services: CurCS - 21/11/2006 - C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys (BTNetFilter) .(.IVT Corporation. - Bluetooth Network Filter Driver.) - LEGACY_BTNETFILTER
O64 - Services: CurCS - 13/04/2008 - C:\WINDOWS\system32\dllhost.exe (COMSysApp) .(.Microsoft Corporation - COM Surrogate.) - LEGACY_COMSYSAPP
O64 - Services: CurCS - 11/05/2010 - C:\WINDOWS\system32\drivers\cpuz133_x32.sys (cpuz133) .(.Windows (R) Win 7 DDK provider - CPUID Driver.) - LEGACY_CPUZ133
O64 - Services: CurCS - 18/11/2007 - Pas de propri�taire (DVRMSFileWatcherService) .(...) - LEGACY_DVRMSFILEWATCHERSERVICE
O64 - Services: CurCS - 18/10/2012 - C:\WINDOWS\system32\drivers\GDBehave.sys (GDBehave) .(.G Data Software AG - Behavior Blocker.) - LEGACY_GDBEHAVE
O64 - Services: CurCS - 04/06/2012 - C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe (GDFwSvc) .(.G Data Software AG - G Data Persoonlijke Firewall.) - LEGACY_GDFWSVC
O64 - Services: CurCS - 18/10/2012 - C:\WINDOWS\system32\drivers\MiniIcpt.sys (GDMnIcpt) .(.G Data Software AG - Filesystem MiniInterceptor (Mini Filter).) - LEGACY_GDMNICPT
O64 - Services: CurCS - 19/07/2012 - C:\WINDOWS\system32\drivers\GDNdisIc.sys (GDNdisIc) .(.G Data Software AG - NDIS packet redirector.) - LEGACY_GDNDISIC
O64 - Services: CurCS - 29/03/2012 - C:\Program Files\Fichiers communs\G DATA\GDScan\GDScan.exe (GDScan) .(.G Data Software AG - G Data AntiVirus Scan Server.) - LEGACY_GDSCAN
O64 - Services: CurCS - 18/10/2012 - C:\WINDOWS\system32\drivers\GDTdiIcpt.sys (GDTdiInterceptor) .(.G Data Software AG - Pas de description.) - LEGACY_GDTDIINTERCEPTOR
O64 - Services: CurCS - 07/09/2012 - C:\WINDOWS\system32\drivers\GRD.sys (GRD) .(.G Data Software - G Data Rootkit Detector Driver.) - LEGACY_GRD
O64 - Services: CurCS - 19/07/2012 - C:\WINDOWS\system32\drivers\HookCentre.sys (HookCentre) .(.G Data Software AG - Security Hook.) - LEGACY_HOOKCENTRE
O64 - Services: CurCS - 13/04/2008 - C:\WINDOWS\system32\svchost.exe (LanmanWorkstation) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_LANMANWORKSTATION
O64 - Services: CurCS - 13/04/2008 - C:\WINDOWS\system32\lsass.exe (SamSs) .(.Microsoft Corporation - LSA Shell (Export Version).) - LEGACY_SAMSS
O64 - Services: CurCS - 13/09/2010 - C:\Program Files\UPHClean\uphclean.exe (UPHClean) .(.Windows (R) Codename Longhorn DDK provider - User Profile Hive Cleanup Service.) - LEGACY_UPHCLEAN
O64 - Services: CurCS - 02/07/2003 - C:\WINDOWS\system32\DRIVERS\viaagp1.sys (viaagp1) .(.VIA Technologies, Inc. - VIA NT AGP Filter.) - LEGACY_VIAAGP1
~ Legacy: 217 Legitimates Scanned in 00mn 08s
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> <>[HKCU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.cpl> <>[HKCU\..\cplopen\Command] (.Not Key.)
O67 - Shell Spawning: <.cmd> <>[HKCU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.com> <>[HKCU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.evt> <>[HKCU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKCU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.html> <>[HKCU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.js> <>[HKCU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.reg> <>[HKCU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 27 Legitimates Scanned in 00mn 00s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - msn.) -- C:\Program Files\MSN\MSNCoreFiles\MSN6.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: prefs.js [marc - riqdwsaj.default] user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - http://www.bing.com
~ Keys: Scanned in 00mn 00s
---\\ Crack & Keygen Files (O82)
M:\Mes documents\Logiciels divers\Gros logiciels\Adobe PhotosShop 6\keygen.exe
~ Files: Scanned in 01mn 50s
---\\ Recherche des services d�marr�s par Svchost (O83)
O83 - Search Svchost Services: UxTuneUp (UxTuneUp) . (.TuneUp Software - TuneUp Theme Extension.) -- C:\WINDOWS\system32\uxtuneup.dll [29984]
~ Services: 42 Legitimates Scanned in 00mn 02s
---\\ Recherche particuliere � la racine de certains dossiers (O84)
[MD5.8E78B5BAC8B243841B95C38E580874C7] [SPRF][01/01/2004] (...) -- C:\Documents and Settings\marc\Local Settings\Application Data\fusioncache.dat [137]
[MD5.98A469B4A9768C269B2ABDFE988E372E] [SPRF][08/04/2013] (...) -- C:\Documents and Settings\marc\Application Data\wklnhst.dat [6334]
[MD5.88783EB39D8EF000CDA3413C789C4E21] [SPRF][14/02/2008] (...) -- C:\Program Files\settings.dat [15397]
[MD5.DEC05CA77EEE03C050B8AECC638BA3DB] [SPRF][31/07/2006] (.TechCity Solutions - AccountHelper.) -- C:\WINDOWS\Downloaded Program Files\Account.dll [51200]
[MD5.24E140813B633E9C989070D9F88C764C] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\catalog.dat [2390]
[MD5.32015EEDC621A7E6DF9A2E9D20394A90] [SPRF][28/09/2005] (.Symantec Corporation - Symantec Engine Common Object Model Server.) -- C:\WINDOWS\Downloaded Program Files\ecmsvr32.dll [288376]
[MD5.C8FEBEA460AAD5C1B6817F9676E03F78] [SPRF][27/10/2004] (.Symantec Corporation - LiveSubscribe Components.) -- C:\WINDOWS\Downloaded Program Files\LSSupCtl.dll [111752]
[MD5.71C5958AE5485645FFB9E9CC628868CA] [SPRF][28/09/2005] (.Symantec Corporation - AV Engine.) -- C:\WINDOWS\Downloaded Program Files\naveng32.dll [124536]
[MD5.1CAC99CEC62F86B678EC3881710D841C] [SPRF][28/09/2005] (.Symantec Corporation - AV Engine.) -- C:\WINDOWS\Downloaded Program Files\navex32a.dll [706168]
[MD5.6622AE6028BC93B0F60DE0BDE02A94EA] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\scrauth.dat [96752]
[MD5.181B0724CB825F0C6945C8D9017B01AA] [SPRF][14/11/2005] (.Pas de propri�taire - SymAData Module.) -- C:\WINDOWS\Downloaded Program Files\SymAData.dll [161384]
[MD5.ED3B0F1BA60554B9D2E5AE1B02AD9306] [SPRF][29/03/2007] (.Husdawg, LLC - System Requirements Lab.) -- C:\WINDOWS\Downloaded Program Files\sysreqlab2.dll [206384]
[MD5.F5A31803E5E6ECD1D30626F54C989E7B] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\tcdefs.dat [12811]
[MD5.49273F10AC7E1027F971E35C44740E2D] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\tcscan7.dat [750376]
[MD5.D56C70F1664AD306C6F617D0171748C0] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\tcscan8.dat [188908]
[MD5.5E35E64D586D158A57321DAD8380529A] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\tcscan9.dat [414268]
[MD5.8C17D4046D09E3AAE7316A603D1806CD] [SPRF][17/06/2005] (.SupportSoft, Inc. - tgctlsi Module.) -- C:\WINDOWS\Downloaded Program Files\tgctlsi.dll [1069056]
[MD5.47EA24991C9184C8186E5447BE22F364] [SPRF][17/06/2005] (.SupportSoft, Inc. - tgctlsr Module.) -- C:\WINDOWS\Downloaded Program Files\tgctlsr.dll [413696]
[MD5.59366DD141E6B459A7D71FB5C5EF8059] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\tinf.dat [453]
[MD5.F482930D99D74BCD79CB09F2E88BB7F7] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\tinfidx.dat [148]
[MD5.7E14DE819C30824C31908D858819DC14] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\tinfl.dat [1957]
[MD5.80C020623CDE0D98F1F7BA0B1924D8BA] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\tscan1.dat [44577]
[MD5.6A32D3E0354A89B2C61B5ACD117368D9] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\tscan1hd.dat [1237]
[MD5.5E5F18E9A090499430B4C6DF21EE114D] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\virscan1.dat [962489]
[MD5.627E5A4E1CA93AE9E26A679C50F3BC52] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\virscan2.dat [559594]
[MD5.381A2E63008F530033DE8D2CED798EE7] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\virscan3.dat [145244]
[MD5.78BDD6D65D24DC8EF5E1EDFA5FAC32CF] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\virscan4.dat [320067]
[MD5.0F3F6826BB11D46C86984A137FFD2C9C] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\virscan5.dat [1429761]
[MD5.783FA9A328E4252292077A00D782E68A] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\virscan6.dat [385582]
[MD5.C609D9F530EA10726E9DE6EBD172090C] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\virscan7.dat [2582178]
[MD5.58A861798F551DFA8EAB322ED1128512] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\virscan8.dat [1409203]
[MD5.9513990891D87558E9BD79A9D25AF93F] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\virscan9.dat [2703645]
[MD5.DF2B69539A13B5976470903F68877809] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\virscant.dat [32]
[MD5.036FFD3B67756C6A55F978DDA79CA065] [SPRF][30/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\vscanmsx.dat [2072]
[MD5.2EA09C8B4B4669C516433AE31982E259] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\zdone.dat [224]
~ Files: Scanned in 00mn 02s
---\\ Scan Additionnel (O88)
Database Version : v2.11492 - (07/04/2013)
Cl�s trouv�es (Keys found) : 18
Valeurs trouv�es (Values found) : 0
Dossiers trouv�s (Folders found) : 0
Fichiers trouv�s (Files found) : 0
[HKLM\Software\Classes\CLSID\{35b8892d-c3fb-4d88-990d-31db2ebd72bd}] =>Adware.RecordNRip
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}] =>Toolbar.Agent
[HKLM\Software\Classes\Installer\Features\4340C4778499EED41AE496DC3D613EC6] =>PUP.SweetIM
[HKLM\Software\Classes\Installer\Products\4340C4778499EED41AE496DC3D613EC6] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4340C4778499EED41AE496DC3D613EC6] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E] =>PUP.SweetIM
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536] =>PUP.SweetIM^
~ Additionnel: Scanned in 00mn 39s
---\\ Product Upgrade Codes (O90)
O90 - PUC: "160231E2A87C4D848A99D1319B1D98AF" . (.Memories Disc Creator 2.0.) -- c:\WINDOWS\Installer\{2E132061-C78A-48D4-A899-1D13B9D189FA}\HewlettPackard_0002ICON.exe
O90 - PUC: "4340C4778499EED41AE496DC3D613EC6" . (.Internet Explorer Toolbar 4.6 by SweetPacks.) -- C:\WINDOWS\Installer\{774C0434-9948-4DEE-A14E-69CDD316E36C}\ARPPRODUCTICON.exe =>PUP.SweetIM
O90 - PUC: "8ADCFC17CDDA68B408CCEC4C9ABFB21B" . (.User Profile Hive Cleanup Service.) -- C:\WINDOWS\Installer\{71CFCDA8-ADDC-4B86-80CC-CEC4A9FB2BB1}\_6FEFF9B68218417F98F549.exe
O90 - PUC: "D2E701689BFDCB6499DE70AEACEE9032" . (.G Data InternetSecurity 2013.) -- C:\WINDOWS\Installer\{86107E2D-DFB9-46BC-99ED-07EACAEE0923}\ARPPRODUCTICON.exe
O90 - PUC: "F6E1B82EAA0E8224BA98BDA4C0984D62" . (.AVerTV.) -- C:\WINDOWS\Installer\{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}\ARPPRODUCTICON.exe
~ Update Products: 96 Legitimates Scanned in 00mn 00s
---\\ MyComputer Name Space (O92)
O92 - MNS: Dossiers Web - {BDEADF00-C265-11D0-BCED-00A0C90AB50F}
~ MNS: 1 Legitimates Scanned in 00mn 00s
---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 28/01/2011 764536 | (AcrSch2Svc) . (.Acronis.) - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
SS - | Auto 14/03/2013 253656 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 24/02/2013 3246040 | (afcdpsrv) . (.Acronis.) - C:\Program Files\Fichiers communs\Acronis\CDP\afcdpsrv.exe
SS - | Disabled 09/07/2009 144712 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
SR - | Auto 08/04/2009 344064 | (AVerRemote) . (.AVerMedia.) - C:\Program Files\Fichiers communs\AVerMedia\Service\AVerRemote.exe
SR - | Auto 389120 | (AVerScheduleService) . (...) - C:\Program Files\Fichiers communs\AVerMedia\Service\AVerScheduleService.exe
SR - | Auto 1542680 | (AVKProxy) . (...) - C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
SR - | Auto 468472 | (AVKService) . (...) - C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
SR - | Auto 30/08/2012 1584112 | (AVKWCtl) . (.G Data Software AG.) - C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe
SR - | Auto 13/12/1999 44032 | (Creative Service for CDROM Access) . (.Creative Technology Ltd.) - C:\WINDOWS\System32\CTSvcCDA.exe
SS - | Demand 13/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Disabled 20480 | (DVRMSFileWatcherService) . (...) - c:\program files\dvrmstoolbox\dvrmsfilewatcherservice.exe
SR - | Demand 04/06/2012 1899816 | (GDFwSvc) . (.G Data Software AG.) - C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe
SR - | Demand 29/03/2012 470008 | (GDScan) . (.G Data Software AG.) - C:\Program Files\Fichiers communs\G DATA\GDScan\GDScan.exe
SS - | Auto 23/07/2009 133104 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 24/02/2005 73728 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
SR - | Auto 14/03/2013 170912 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe
SS - | Disabled 27/03/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 05/12/2007 155716 | (NVSvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvsvc32.exe
SS - | Demand 29/10/2004 86016 | (rpcapd) . (.NetGroup - Politecnico di Torino.) - C:\Program Files\WinPcap\rpcapd.exe
SR - | Auto 31/01/2013 1724192 | (TuneUp.UtilitiesSvc) . (.TuneUp Software.) - C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
SR - | Auto 13/09/2010 399872 | (UPHClean) . (.Windows (R) Codename Longhorn DDK provider.) - C:\Program Files\UPHClean\uphclean.exe
SR - | Auto 13/04/2008 14336 | C:\WINDOWS\system32\uxtuneup.dll (UxTuneUp) . (.TuneUp Software.) - C:\WINDOWS\system32\svchost.exe
~ Services: Scanned in 00mn 04s
---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
~ MBR: 1 Legitimates Scanned in 00mn 02s
---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by marc at 08/04/2013 16:29:16
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 16s
~ 2056 Legitimates filtered by white list
End of the scan (1018 lines in 07mn 49s)(1)
Run by marc at 08/04/2013 16:21:26
State : Version � jour.
High Elevated Privileges : OK
UAC : Not Found
---\\ Web Browser
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox 20.0 v20.0 (Defaut)
---\\ Windows Product Information
~ Langage: Fran�ais
Windows XP Professional Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK
---\\ System Information
~ Processor: x86 Family 15 Model 3 Stepping 4, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2047 MB (72% free)
System Restore: Activ� (Enable)
System drive C: has 22 GB (39%) free of 55 GB
---\\ Logged in mode
~ Computer Name: MARCGRON
~ User Name: marc
~ All Users Names: SUPPORT_fddfa904, SUPPORT_388945a0, marc, Josette, HelpAssistant, ASPNET, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Documents and Settings\marc\Application Data\
~ %Desktop% : C:\Documents and Settings\marc\Bureau\
~ %Favorites% : C:\Documents and Settings\marc\Favoris\
~ %LocalAppData% : C:\Documents and Settings\marc\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\marc\Menu D�marrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 22 Go of 55 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 1 Go of 5 Go)
E:\ CD-ROM drive (Not Inserted)
F:\ CD-ROM drive (Not Inserted)
I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
J:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
K:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
L:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
M:\ Hard drive, Flash drive, Thumb drive (Free 14 Go of 41 Go)
N:\ Hard drive, Flash drive, Thumb drive (Free 64 Go of 86 Go)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: Scanned in 00mn 00s
---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.13/04/2008 - 18:34:04.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.FCDD66EE148885E900285ADE8417E40B] - (.Microsoft Corporation - Internet Extensions for Win32.) (.05/02/2013 - 20:56:42.) -- C:\WINDOWS\system32\wininet.dll [916480]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.13/04/2008 - 18:34:30.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.CDFE4411A69C224BD1D11B2DA92DAC51] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.03/08/2004 - 22:59:44.) -- C:\WINDOWS\system32\Drivers\atapi.sys [95360]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 11:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.4B0A100EAF5C49EF3CCA8C641431EACC] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.02/05/2008 - 11:49:39.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.13/04/2008 - 17:57:40.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 08:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.D1EFCBD693B5BA21314D06368C471070] - (.Microsoft Corporation - Pilote de port i8042.) (.19/08/2004 - 15:56:40.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54400]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 10:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 10:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 11:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 11:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 11:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parall�le.) (.13/04/2008 - 18:09:42.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 11:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 10:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.13/04/2008 - 17:57:36.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.13/04/2008 - 17:56:06.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 3/16149
~ Mes musiques (My Musics) : 1/535
~ Mes Videos (My Videos) : 3/17
~ Mes Favoris (My Favorites) : 1/12
~ Mes Documents (My Documents) : 2/21760
~ Mon Bureau (My Desktop) : 0/55
~ Menu demarrer (Programs) : 1/42
~ Hidden Files: Scanned in 00mn 32s
---\\ Processus lanc�s
[MD5.110C6DC36EA9F5DA664A584756B1B297] - (.G Data Software AG - G Data AntiVirus Scan Server.) -- C:\Program Files\Fichiers communs\G DATA\GDScan\GDScan.exe [470008] [PID.1452]
[MD5.6BBEF99B9A4DA3568ECCF32FCB10C6FE] - (.G Data Software AG - G Data Filesystem Monitor Service.) -- C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe [1584112] [PID.1472]
[MD5.5F61C4B246354183DB05AC81E4B86B8B] - (.Acronis - Acronis Scheduler 2.) -- C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe [764536] [PID.1916]
[MD5.AF44F7E027037628F1FAC3C13CDE73E6] - (.Acronis - File Level CDP Manager Service.) -- C:\Program Files\Fichiers communs\Acronis\CDP\afcdpsrv.exe [3246040] [PID.1964]
[MD5.A33C07F7527FC4CBC664C3137EB7D744] - (.AVerMedia - AVerRemote MFC Application.) -- C:\Program Files\Fichiers communs\AVerMedia\Service\AVerRemote.exe [344064] [PID.2000]
[MD5.9AEBB2D487D9BF4C0F354899D842EDD0] - (.Pas de propri�taire - ScheduleService Module.) -- C:\Program Files\Fichiers communs\AVerMedia\Service\AVerScheduleService.exe [389120] [PID.2024]
[MD5.C48176DA44D0298A7075D3C5CF8C3D8D] - (...) -- C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe [1542680] [PID.300]
[MD5.29DA2D5958B352022A1BB5CE6FDB427C] - (...) -- C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe [468472] [PID.352]
[MD5.3C8B6609712F4FF78E521F6DCFC4032B] - (.Creative Technology Ltd - Creative Service for CDROM Access.) -- C:\WINDOWS\System32\CTSvcCDA.exe [44032] [PID.472]
[MD5.999DB5F88C8E145CCA9D471E33227143] - (.Oracle Corporation - Java(TM) Quick Starter Service.) -- C:\Program Files\Java\jre7\bin\jqs.exe [170912] [PID.628]
[MD5.13D3959230D35235B51EDC1F8564635D] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [270336] [PID.1008]
[MD5.472A00D2183C9E5EDB3E076272741812] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 169.2.) -- C:\WINDOWS\system32\nvsvc32.exe [155716] [PID.1336]
[MD5.0DDFF93BD797569ACFD0134C66ED698B] - (.TuneUp Software - TuneUp Utilities Service.) -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1724192] [PID.1888]
[MD5.325FB38C323C63C7F57885B4DFB1B91E] - (.Windows (R) Codename Longhorn DDK provider - User Profile Hive Cleanup Service.) -- C:\Program Files\UPHClean\uphclean.exe [399872] [PID.2152]
[MD5.581176F60885AEF8F78C6E38DCC3CDF9] - (.Microsoft Corporation - WMDM PMSP Service.) -- C:\WINDOWS\System32\MsPMSPSv.exe [53520] [PID.2200]
[MD5.EB4D63C618555024DAC54F619859AD92] - (.G Data Software AG - G Data Persoonlijke Firewall.) -- C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe [1899816] [PID.2828]
[MD5.52ACCCCA861285166734F19B252B44B5] - (.TuneUp Software - TuneUp Utilities.) -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe [1926944] [PID.3680]
[MD5.2B820A0401F34ACF33A7CDAB06FA13AB] - (.Hewlett-Packard - HPHmon05.) -- C:\WINDOWS\System32\hphmon05.exe [483328] [PID.3304]
[MD5.C4C523E78774E05D06EFE3E10017CF6D] - (.Hewlett-Packard Company - PS2 EXE.) -- C:\WINDOWS\system32\ps2.exe [81920] [PID.3768]
[MD5.439231898C6FDC13996AE3D733D00FBA] - (.Creative Technology Ltd - CtHelper Application.) -- C:\WINDOWS\system32\CTHELPER.exe [24576] [PID.3776]
[MD5.06A1ECB63DF139EC639E084D4AB3C9D7] - (.Hewlett-Packard Company - hpsysdrv.) -- C:\windows\system\hpsysdrv.exe [52736] [PID.3820]
[MD5.230EA041666125B6812FE3FF964B2DF3] - (.Agere Systems - SoftModem Messaging Applet.) -- C:\WINDOWS\AGRSMMSG.exe [88209] [PID.2424]
[MD5.3E1BA5802473C94C47D63D1750D40E5D] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\WINDOWS\ehome\ehtray.exe [50176] [PID.3940]
[MD5.3C961CECCB16B8FFCFB884D4EAC5E6D4] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\WINDOWS\ehome\ehmsas.exe [47104] [PID.2636]
[MD5.B386987854E926A9808EB57CA6432B30] - (.G Data Software AG - G Data Security Software.) -- C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe [995352] [PID.336]
[MD5.64D8130561103132AA131BE7CD247CAD] - (.G Data Software AG - G Data Personal Firewall.) -- C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1470968] [PID.3484]
[MD5.255E405D801CF01247390F38F92D8042] - (...) -- C:\Program Files\Unlocker\UnlockerAssistant.exe [17408] [PID.3512]
[MD5.12916E0642E92561C98B18A2A2D01B14] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [252848] [PID.2568]
[MD5.1EDC9B85FBFDFE569BDB4A013F8D1242] - (.Gadwin Systems, Inc - Gadwin PrintScreen.) -- C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe [1842384] [PID.2436]
[MD5.A97F4E47E5198F1CAA90DBD59F3EFF10] - (.route-101.net - Pas de description.) -- C:\Program Files\IPsO_4\IPsO.exe [372736] [PID.1684]
[MD5.40D284168E70423B8FBE16C36D5B9B13] - (.Renier Crause - PopTray E-Mail Notifier.) -- C:\Program Files\PopTray\PopTray.exe [1666048] [PID.2064]
[MD5.605664E657464F558F51C84A0F93029F] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [6558208] [PID.1924]
[MD5.AB0A7CA90D9E3D6A193905DC1715DED0] - (.Microsoft Corporation - Windows User Mode Driver Manager.) -- C:\WINDOWS\system32\wdfmgr.exe [38912] [PID.2100]
[MD5.5E9A6658A2A69AE7EB195113B7A2E7A9] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.2868]
~ Processes Running: Scanned in 00mn 02s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\prefs.js
P2 - FPN: [HKLM] [@canon.com/EPPEX] - (.CANON INC. - CANON iMAGE GATEWAY Album Plugin Utility Module.) -- C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.dll
~ Firefox Browser: 17 Legitimates Scanned in 00mn 00s
---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = http://www.google.com
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 11.0.02.) (No version) -- (.not file.)
~ IE Browser: Scanned in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 1
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: G Data BankGuard - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} . (.G Data Software AG - G Data Security Software G Data Bankguard B.) -- C:\Program Files\Fichiers communs\G DATA\AVKProxy\BanksafeBHO.dll
~ BHO: 3 Legitimates Scanned in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Vue HP - [HKLM]{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} . (.Hewlett-Packard Company - hp view toolbar.) -- c:\program files\hp\digital imaging\bin\hpdtlk02.dll
O3 - Toolbar: Canon Easy-WebPrint EX - [HKLM]{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} . (.CANON INC. - Easy-WebPrint EX.) -- C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Run: [HPHmon05] . (.Hewlett-Packard - HPHmon05.) -- C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] . (.Pas de propri�taire - Recguard Application.) -- C:\WINDOWS\SMINST\RECGUARD.exe
O4 - HKLM\..\Run: [PS2] . (.Hewlett-Packard Company - PS2 EXE.) -- C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [CTHelper] . (.Creative Technology Ltd - CtHelper Application.) -- C:\WINDOWS\system32\CTHELPER.exe
O4 - HKLM\..\Run: [hpsysdrv] . (.Hewlett-Packard Company - hpsysdrv.) -- c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AGRSMMSG] . (.Agere Systems - SoftModem Messaging Applet.) -- C:\WINDOWS\AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD05] . (.Hewlett-Packard - HPHupd05.) -- c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [ehTray] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [G Data AntiVirus Tray Application] . (.G Data Software AG - G Data Security Software.) -- C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe
O4 - HKLM\..\Run: [GDFirewallTray] . (.G Data Software AG - G Data Personal Firewall.) -- C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
O4 - HKLM\..\Run: [UnlockerAssistant] . (...) -- C:\Program Files\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [KernelFaultCheck] Cl� orpheline
O4 - HKLM\..\Run: [Microsoft Works Update Detection] . (.Microsoft� Corporation - D�tection Microsoft� Works Update.) -- C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [KeyScrambler] . (.QFX Software Corporation - KeyScrambler.) -- C:\Program Files\KeyScrambler\keyscrambler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen] . (.Gadwin Systems, Inc - Gadwin PrintScreen.) -- C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] . (.Creative Technology Ltd - mididef.) -- C:\WINDOWS\MIDIDEF.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [StartMS] . (.Creative Technology Ltd - StartMS.) -- C:\Program Files\Creative\Shared Files\Media Sniffer\StartMS.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [CMSRegOW.exe] . (.Creative Technology Ltd - CMSRegOW.) -- C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [adaware] . (.Microsoft Corporation - Outil de Registre de la console.) -- C:\WINDOWS\system32\reg.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [adaware_XP] . (.Microsoft Corporation - Outil de Registre de la console.) -- C:\WINDOWS\system32\reg.exe
O4 - HKUS\S-1-5-21-2400442452-2798416894-4265972067-1015\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-2400442452-2798416894-4265972067-1015\..\Run: [Gadwin PrintScreen] . (.Gadwin Systems, Inc - Gadwin PrintScreen.) -- C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Programs: Adobe Reader XI.lnk . (...) -- C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-AB0000000001}\SC_Reader.ico
O4 - GS\Programs: Apple Software Update.lnk . (...) -- C:\WINDOWS\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe
O4 - GS\Programs: Enregistrement OCR I.R.I.S..lnk . (.I.R.I.S. SA - Registration Wizard for Readiris 5.0.) -- C:\Program Files\HP\Digital Imaging\DocProc\regipe.exe
O4 - GS\Programs: Lanceur de t�ches Microsoft Works.lnk . (.Microsoft� Corporation - Microsoft� Works.) -- C:\Program Files\Microsoft Works\msworks.exe
O4 - GS\Programs: Microsoft Access.lnk . (...) -- C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\accicons.exe
O4 - GS\Programs: Microsoft Excel.lnk . (...) -- C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\xlicons.exe
O4 - GS\Programs: Microsoft FrontPage.lnk . (...) -- C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\misc.exe
O4 - GS\Programs: Microsoft Outlook.lnk . (...) -- C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\outicon.exe
O4 - GS\Programs: Microsoft Picture It! Photo Premium 9.lnk . (.Microsoft Corporation - Picture It! 9.) -- C:\Program Files\Microsoft Picture It! 9\pi.exe
O4 - GS\Programs: Microsoft PowerPoint.lnk . (...) -- C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\pptico.exe
O4 - GS\Programs: Microsoft Word.lnk . (...) -- C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\wordicon.exe
O4 - GS\Programs: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Programs: MSN Explorer.lnk . (.Microsoft Corporation - msn.) -- C:\Program Files\MSN\MSNCoreFiles\msn6.exe
O4 - GS\Programs: TuneUp Utilities 2013.lnk . (.TuneUp Software - TuneUp Utilities - Startoberfl�che.) -- C:\Program Files\TuneUp Utilities 2013\Integrator.exe
O4 - GS\Programs: Assistance � distance.lnk . (.Microsoft Corporation - Assistance � distance Microsoft.) -- C:\WINDOWS\system32\rcimlby.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Programs: Lecteur Windows Media.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\Programs: Outlook Express.lnk . (.Microsoft Corporation - Outlook Express.) -- C:\Program Files\Outlook Express\msimn.exe
O4 - GS\Programs: Visue processeur.lnk . (.Microsoft Corporation - Gestionnaire des t�ches de Windows.) -- C:\WINDOWS\system32\taskmgr.exe
O4 - GS\Programs: Windows Install Clean Up.lnk . (...) -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
~ Global Startup: Scanned in 00mn 01s
---\\ Winsock hijacker (Layered Service Provider) (O10)
~ Winsock: 4 Legitimates Scanned in 00mn 00s
---\\ Piratage de l'Option 'R�tablir les param�tres Web' (O14)
O14 - IERESET.INF: START_PAGE_URL=START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
~ IE Param�tres WEB: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} ((no name)) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} ((no name)) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} ((no name)) - http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} ((no name)) - http://www.photoweb.fr/telechargement/Photoweb_Uploader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} ((no name)) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} ((no name)) - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} ((no name)) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} ((no name)) - http://office.microsoft.com/officeupdate/content/opuc3.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} ((no name)) - http://www.photoweb.fr/telechargement/telechargement-photoweb.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} ((no name)) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1356110670765
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} ((no name)) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ((no name)) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342348436156
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} ((no name)) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ((no name)) - http://charon777.free.fr/plugins/hardwaredetection.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} ((no name)) - http://www.tele2mail.com/static/apps/utils/AccountHelper.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ((no name)) - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} ((no name)) - http://www2.bellapix.com/UploadLaboParAurigma/ImageUploader3.cab
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} ((no name)) - http://office.microsoft.com/officeupdate/content/opuc4.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} ((no name)) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} ((no name)) - http://www.bellapix.com/XUpload.ocx
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{5ABC57A8-96DD-496F-8636-589B863A121F}: NameServer = 208.67.222.222,208.67.222.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{5ABC57A8-96DD-496F-8636-589B863A121F}: NameServer = 208.67.222.222,208.67.222.220
O17 - HKLM\System\CS3\Services\Tcpip\..\{5ABC57A8-96DD-496F-8636-589B863A121F}: NameServer = 208.67.222.222,208.67.222.220
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\System32\wiascr.dll
O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent r�seau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxsrvc Module.) -- C:\WINDOWS\system32\igfxsrvc.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notifications Windows Genuine Advantage.) -- C:\WINDOWS\system32\WgaLogon.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Cl� de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
~ SSODL: 4 Legitimates Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated - Adobe� Flash� Player Update Service 11.6 r6.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVerRemote (AVerRemote) . (.AVerMedia - AVerRemote MFC Application.) - C:\Program Files\Fichiers communs\AVerMedia\Service\AVerRemote.exe
O23 - Service: AVerScheduleService (AVerScheduleService) . (.Pas de propri�taire - ScheduleService Module.) - C:\Program Files\Fichiers communs\AVerMedia\Service\AVerScheduleService.exe
O23 - Service: G Data AntiVirus Proxy (AVKProxy) . (...) - C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: Planificateur G Data (AVKService) . (...) - C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
O23 - Service: Gardien du syst�me de fichiers G�Data (AVKWCtl) . (.G Data Software AG - G Data Filesystem Monitor Service.) - C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe
O23 - Service: Creative Service for CDROM Access (Creative Service for CDROM Access) . (.Creative Technology Ltd - Creative Service for CDROM Access.) - C:\WINDOWS\System32\CTSvcCDA.exe
O23 - Service: User Profile Hive Cleanup (UPHClean) . (.Windows (R) Codename Longhorn DDK provider - User Profile Hive Cleanup Service.) - C:\Program Files\UPHClean\uphclean.exe
~ Services: 13 Legitimates Scanned in 00mn 24s
---\\ Enum�ration Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\marc\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\marc\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
~ Desktop Component: 1 Legitimates Scanned in 00mn 00s
---\\ BootExecute (O34)
~ BEX: 1 Legitimates Scanned in 00mn 00s
---\\ T�ches planifi�es en automatique (O39)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Connexion facile � Internet.job [290]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\rbmonitor.job [282]
[MD5.2DC4314926B2D0A140970348728F7E59] [APT] [Connexion facile � Internet] (.Hewlett-Packard.) -- C:\Program Files\Easy Internet signup\HPSdpApp.exe [811090]
[MD5.F8AF3814F1796F977E954FC002889C7A] [APT] [rbmonitor] (.Uniblue Systems Limited.) -- C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe [26016]
~ Scheduled Task: 15 Legitimates Scanned in 00mn 01s
---\\ Composants install�s (ActiveSetup Installed Components) (O40)
~ Active Setup: 23 Legitimates Scanned in 00mn 01s
---\\ Pilotes lanc�s au d�marrage (O41)
O41 - Driver: (GDMnIcpt) . (.G Data Software AG - Filesystem MiniInterceptor (Mini Filter).) - C:\WINDOWS\system32\drivers\MiniIcpt.sys
O41 - Driver: (GRD) . (.G Data Software - G Data Rootkit Detector Driver.) - C:\WINDOWS\system32\drivers\GRD.sys
O41 - Driver: (HookCentre) . (.G Data Software AG - Security Hook.) - C:\WINDOWS\system32\drivers\HookCentre.sys
~ Drivers: 78 Legitimates Scanned in 00mn 03s
---\\ Logiciels install�s (O42)
O42 - Logiciel: AM-DeadLink 4.6 - (.www.aignes.com.) [HKLM] -- aignesamdeadlink_is1
O42 - Logiciel: AVerTV - (.AVerMedia Technologies, Inc..) [HKLM] -- InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}
O42 - Logiciel: Adobe Flash Player 11 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 11 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Reader XI (11.0.02) - Fran�ais - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-AB0000000001}
O42 - Logiciel: DVRMSToolbox - (.BabgVant & Durrant.) [HKLM] -- {1A124A8E-1B4A-40BA-93F5-DB075FABE19A}
O42 - Logiciel: GEAR 32bit Driver Installer - (.GEAR Software, Inc..) [HKLM] -- {E89B484C-B913-49A0-959B-89E836001658}
O42 - Logiciel: Gadwin PrintScreen - (.Gadwin Systems, Inc..) [HKLM] -- Gadwin PrintScreen
O42 - Logiciel: Java 7 Update 17 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83217017FF}
O42 - Logiciel: KBD - (...) [HKLM] -- KBD
O42 - Logiciel: Orb - (.Orb Networks.) [HKLM] -- Orb
O42 - Logiciel: Orb Runtime libraries - (.Orb Networks, Inc..) [HKLM] -- {2133CB3F-F891-4081-8681-FEE2B2419FF4}
O42 - Logiciel: PopTray 3.20 - (.Renier Crause.) [HKLM] -- PopTray
O42 - Logiciel: Power IEv3 - (.Technicland informatique.) [HKLM] -- {AF7C627C-F354-4FF1-8450-398C806B436E}
O42 - Logiciel: ScanToWeb - (...) [HKLM] -- {EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}
~ Logic: 156 Legitimates Scanned in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\NetAnalyse]
[HKLM\Software\Acrobat Reader]
[HKLM\Software\CBS Interactive]
[HKLM\Software\DVRMSToolbox]
[HKLM\Software\EHELP]
[HKLM\Software\GKochaniak]
[HKLM\Software\Globespan]
[HKLM\Software\HookCentre]
[HKLM\Software\Infix PDF]
[HKLM\Software\KCSoftware]
[HKLM\Software\Ping_Tester]
[HKLM\Software\SystemInfoBapmv6530]
~ Key Software: 252 Legitimates Scanned in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 29/09/2012 - 19:03:02 - [2,428] ----D C:\Program Files\AM-DeadLink
O43 - CFD: 13/05/2012 - 17:58:52 - [98,395] ----D C:\Program Files\Direct x 10
O43 - CFD: 05/01/2008 - 12:32:13 - [39,861] ----D C:\Program Files\DVRMSToolbox
O43 - CFD: 03/10/2006 - 11:02:05 - [12,713] ----D C:\Program Files\Executive Software
O43 - CFD: 30/03/2009 - 18:21:46 - [0,740] ----D C:\Program Files\FDF
O43 - CFD: 05/04/2013 - 18:11:45 - [4,470] ----D C:\Program Files\GUMBC.tmp
O43 - CFD: 24/12/2009 - 17:50:21 - [0] ----D C:\Program Files\HardwareDetection
O43 - CFD: 08/04/2013 - 16:22:45 - [5,082] ----D C:\Program Files\IPsO_4
O43 - CFD: 01/01/2004 - 11:32:24 - [0,014] ----D C:\Program Files\Jeux
O43 - CFD: 31/03/2010 - 18:01:08 - [0,069] ----D C:\Program Files\NKProds
O43 - CFD: 17/02/2013 - 17:34:46 - [2,879] ----D C:\Program Files\PopTray
O43 - CFD: 28/04/2009 - 17:55:16 - [4,932] ----D C:\Program Files\Power IE
O43 - CFD: 04/10/2004 - 12:12:57 - [29,568] ----D C:\Program Files\RecordNow!
O43 - CFD: 28/04/2006 - 17:04:23 - [0,120] ----D C:\Program Files\Weather Watcher
O43 - CFD: 31/08/2005 - 11:45:32 - [0,070] ----D C:\Program Files\WinASPI
O43 - CFD: 25/11/2007 - 18:03:08 - [0] ----D C:\Program Files\Fichiers communs\element5 Shared
O43 - CFD: 07/04/2013 - 18:07:36 - [0,475] ----D C:\Documents and Settings\marc\Application Data\Allmyapps
O43 - CFD: 24/02/2013 - 12:28:24 - [0,160] ----D C:\Documents and Settings\marc\Application Data\C3601B61-7C2A-46B5-BE03-29B77F41FD9F
O43 - CFD: 01/01/2004 - 10:09:34 - [8,875] ----D C:\Documents and Settings\marc\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
O43 - CFD: 16/02/2013 - 17:58:12 - [0,003] ----D C:\Documents and Settings\marc\Menu D�marrer\Programmes\IPsO
O43 - CFD: 17/02/2013 - 17:34:47 - [0,003] ----D C:\Documents and Settings\marc\Menu D�marrer\Programmes\PopTray
O43 - CFD: 05/04/2013 - 18:10:59 - [0,001] ----D C:\Documents and Settings\marc\Menu D�marrer\Programmes\Sawbuck
~ Program Folder: 191 Legitimates Scanned in 00mn 36s
---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.F5DE35F1B773EA419FB7793DBF171E01] - 08/04/2013 - 11:54:55 ---A- . (...) -- C:\WINDOWS\system32\BMXBkpCtrlState-{00000002-00000000-0000000B-00001102-00000004-20051102}.rfx [29952]
O44 - LFC:[MD5.F5DE35F1B773EA419FB7793DBF171E01] - 08/04/2013 - 11:54:55 ---A- . (...) -- C:\WINDOWS\system32\BMXCtrlState-{00000002-00000000-0000000B-00001102-00000004-20051102}.rfx [29952]
O44 - LFC:[MD5.443BA7D86BCBCF35A8F3B8D9355EFE31] - 08/04/2013 - 11:54:55 ---A- . (...) -- C:\WINDOWS\system32\BMXState-{00000002-00000000-0000000B-00001102-00000004-20051102}.rfx [30888]
O44 - LFC:[MD5.443BA7D86BCBCF35A8F3B8D9355EFE31] - 08/04/2013 - 11:54:55 ---A- . (...) -- C:\WINDOWS\system32\BMXStateBkp-{00000002-00000000-0000000B-00001102-00000004-20051102}.rfx [30888]
O44 - LFC:[MD5.7DCB9ADB541020360953094B2CB4F300] - 08/04/2013 - 11:54:55 ---A- . (...) -- C:\WINDOWS\system32\DVCState-{00000002-00000000-0000000B-00001102-00000004-20051102}.dat [384]
O44 - LFC:[MD5.7DCB9ADB541020360953094B2CB4F300] - 08/04/2013 - 11:54:55 ---A- . (...) -- C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-0000000B-00001102-00000004-20051102}.dat [384]
O44 - LFC:[MD5.89E7F65AB8D6A6EB193EF57C30840F8D] - 08/04/2013 - 11:54:55 ---A- . (...) -- C:\WINDOWS\system32\settings.sfm [1080]
O44 - LFC:[MD5.89E7F65AB8D6A6EB193EF57C30840F8D] - 08/04/2013 - 11:54:55 ---A- . (...) -- C:\WINDOWS\system32\settingsbkup.sfm [1080]
O44 - LFC:[MD5.06EC71C638667ADFB5F2C48AF039D7B3] - 08/04/2013 - 11:54:52 ---A- . (...) -- C:\WINDOWS\{00000002-00000000-0000000B-00001102-00000004-20051102}.CDF [4932268]
O44 - LFC:[MD5.59CEBE2FB01D897F982BE915B7976D94] - 08/04/2013 - 11:54:50 ---A- . (...) -- C:\WINDOWS\wiadebug.log [561]
O44 - LFC:[MD5.8468E186794CAFAD6AFF4E73E7228C10] - 08/04/2013 - 10:34:07 ---A- . (...) -- C:\WINDOWS\system32\nmp.map [53768]
O44 - LFC:[MD5.06066F28A565431B1487945425419419] - 08/04/2013 - 10:34:07 ---A- . (...) -- C:\WINDOWS\system32\sig.bin [1034977]
O44 - LFC:[MD5.A796825263369218437E13DD616DBD36] - 08/04/2013 - 10:29:57 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.AC280F7EE7BFB4B5E8380CD48139A376] - 07/04/2013 - 17:12:56 ---A- . (...) -- C:\AdwCleaner[S8].txt [1885]
O44 - LFC:[MD5.086F365ED4A09F3A6519C06D91E29BA0] - 07/04/2013 - 17:11:22 ---A- . (...) -- C:\AdwCleaner[R8].txt [1785]
O44 - LFC:[MD5.10A6CF1843F8830B60DCA87792FD3DF6] - 04/04/2013 - 19:00:00 ---A- . (.Pas de propri�taire - ffdshow VFW.) -- C:\WINDOWS\system32\ff_vfw.dll [112640]
O44 - LFC:[MD5.39181EABB0E4CA1E8B7BF7B3C3A1DEFE] - 31/03/2013 - 19:01:53 ---A- . (...) -- C:\Auth.prof [40]
O44 - LFC:[MD5.7E57C9B6A2E2E1D3216BBA505860E002] - 01/04/2013 - 10:45:15 --HA- . (...) -- C:\WINDOWS\system32\default_user_class.dat.LOG [1024]
O44 - LFC:[MD5.FA425C74CE2EB719B2A77A7A2ADDAE32] - 01/04/2013 - 10:06:35 ---A- . (.Pas de propri�taire - Lagarith.) -- C:\WINDOWS\system32\lagarith.dll [216064]
O44 - LFC:[MD5.22722B4E887BB95AB071542DE5A42C80] - 01/04/2013 - 10:06:35 ---A- . (.http://www.mp3dev.org/ - Lame MP3 codec engine.) -- C:\WINDOWS\system32\lameACM.acm [839680]
O44 - LFC:[MD5.006C6378513685ACDFFA84A5ECB86F76] - 01/04/2013 - 10:06:32 ---A- . (.fccHandler - AC-3 ACM Codec.) -- C:\WINDOWS\system32\ac3acm.acm [151552]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 30/03/2013 - 09:53:19 ----- . (...) -- C:\WINDOWS\Sti_Trace.log [0]
O44 - LFC:[MD5.FBE5C2BDED0E85F6F0E68D1D6F2521DF] - 17/03/2013 - 17:21:30 ---A- . (.x264vfw project - x264vfw - H.264/MPEG-4 AVC codec.) -- C:\WINDOWS\system32\x264vfw.dll [3649536]
O44 - LFC:[MD5.671FEF5266B8AA14C0B69B38C24BD8BD] - 21/05/2012 - 22:48:30 ---A- . (...) -- C:\WINDOWS\system32\lame_acm.xml [415]
O44 - LFC:[MD5.56552C7C36B6237704CE3BA9DF49FECF] - 24/06/2011 - 15:44:30 ---A- . (...) -- C:\WINDOWS\system32\xvidvfw.dll [243200]
O44 - LFC:[MD5.C26B7B8CA40C627B9DE399F9F8FACC69] - 24/06/2011 - 15:28:22 ---A- . (...) -- C:\WINDOWS\system32\xvidcore.dll [650752]
O44 - LFC:[MD5.DED4C49C39D6CEFC00FDA0C4D7D59407] - 22/06/2011 - 15:14:00 ---A- . (...) -- C:\WINDOWS\system32\ff_vfw.dll.manifest [714]
~ Files: 49 Legitimates Scanned in 00mn 54s
---\\ Derniers fichiers cr��s dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.1BC8E4E463E6E92D66E89FE31B283E5F] - 07/04/2013 - 09:54:52 ---A- - C:\WINDOWS\Prefetch\PROGRAMDEACTIVATOR.EXE-30E3757D.pf
O45 - LFCP:[MD5.897720CF21B44D167FFB0D8EC340734A] - 07/04/2013 - 09:56:42 ---A- - C:\WINDOWS\Prefetch\SUMO.EXE-0C8FAC84.pf
O45 - LFCP:[MD5.0E00532F35DBA45EE4AA95FE1CD4D494] - 07/04/2013 - 10:34:09 ---A- - C:\WINDOWS\Prefetch\NS21.TMP-1601D28C.pf
O45 - LFCP:[MD5.C442A1272B26DC1F8F82D3CB7E3AAE34] - 07/04/2013 - 10:34:09 ---A- - C:\WINDOWS\Prefetch\NS24.TMP-23C2C16F.pf
O45 - LFCP:[MD5.1E17F4E502CA12FA4597F77496BDA47D] - 07/04/2013 - 16:51:54 ---A- - C:\WINDOWS\Prefetch\K-LITE_CODEC_PACK_985_MEGA.EX-1E59B665.pf
O45 - LFCP:[MD5.49A09673C8D0A04EC2D3771982173E0F] - 07/04/2013 - 16:51:55 ---A- - C:\WINDOWS\Prefetch\K-LITE_CODEC_PACK_985_MEGA.TM-2FBCD9D6.pf
O45 - LFCP:[MD5.7BBC9EADCCE209DD134E9EA2A04EED50] - 07/04/2013 - 16:51:58 ---A- - C:\WINDOWS\Prefetch\_IU14D2N.TMP-06B48FF9.pf
O45 - LFCP:[MD5.D7976B8BC709C0D4597F509154C027E0] - 07/04/2013 - 16:53:31 ---A- - C:\WINDOWS\Prefetch\CODECTWEAKTOOL.EXE-025B4564.pf
O45 - LFCP:[MD5.756D0E954461E761B0C38B0614170A61] - 07/04/2013 - 16:55:00 ---A- - C:\WINDOWS\Prefetch\MEDIA_PLAYER_CLASSIC_HOME_CIN-0E75BDD1.pf
O45 - LFCP:[MD5.B22ED9CD62C2C8257B02FA4BAC3F4A4F] - 07/04/2013 - 16:55:01 ---A- - C:\WINDOWS\Prefetch\MEDIA_PLAYER_CLASSIC_HOME_CIN-0118D9D1.pf
O45 - LFCP:[MD5.2CB1479E36FEB829CCE6E550E4292F37] - 07/04/2013 - 16:56:04 ---A- - C:\WINDOWS\Prefetch\MPC-HC.EXE-39E7C0DE.pf
O45 - LFCP:[MD5.542A1FFDA137D3B74E752FDFC3CDADC9] - 07/04/2013 - 16:57:14 ---A- - C:\WINDOWS\Prefetch\RECUVA_1.46.919_FR_31279.EXE-22BB4D21.pf
O45 - LFCP:[MD5.0317FFF274F17C5BE21917A365F909B5] - 07/04/2013 - 16:57:31 ---A- - C:\WINDOWS\Prefetch\NS1A.TMP-235A0BDB.pf
O45 - LFCP:[MD5.5DBCD831E6C95A045F67D7E7286F1DF2] - 07/04/2013 - 16:57:57 ---A- - C:\WINDOWS\Prefetch\RECUVA.EXE-29EDF697.pf
O45 - LFCP:[MD5.B4E8CF9399E03DE881CA37F351CE3C13] - 07/04/2013 - 17:01:19 ---A- - C:\WINDOWS\Prefetch\SPEEDYFOX 2.0.3.65.EXE-0F1B2465.pf
O45 - LFCP:[MD5.61494CA0C588BAF9C61880D76494E286] - 07/04/2013 - 17:02:14 ---A- - C:\WINDOWS\Prefetch\DESKTOPOK 2.41.EXE-089A1D3D.pf
O45 - LFCP:[MD5.82994AE981308390EA4A286DDC10247E] - 07/04/2013 - 17:04:49 ---A- - C:\WINDOWS\Prefetch\CHROME_INSTALLER-26.0.1410.43-0AC10282.pf
O45 - LFCP:[MD5.C7B452E7E26EA49BFCF1230931F4248E] - 07/04/2013 - 17:05:10 ---A- - C:\WINDOWS\Prefetch\26.0.1410.43_CHROME_INSTALLER-085B8DB2.pf
O45 - LFCP:[MD5.F1586A0C96E5AECA50091356DD2E71F2] - 07/04/2013 - 17:06:33 ---A- - C:\WINDOWS\Prefetch\ALLMYAPPS.EXE-0C497FC7.pf
O45 - LFCP:[MD5.286754978319C0841CD96431E7B7423C] - 07/04/2013 - 17:06:34 ---A- - C:\WINDOWS\Prefetch\CRASHSENDER1301.EXE-0848C4B4.pf
O45 - LFCP:[MD5.0685640F2D94E95B318ECAB8590875CD] - 07/04/2013 - 17:22:34 ---A- - C:\WINDOWS\Prefetch\GDFIREWALLTRAY.EXE-2FF190E5.pf
O45 - LFCP:[MD5.0593ECAC6E9BA5BD3FE4A05D1E243B2F] - 07/04/2013 - 18:29:45 ---A- - C:\WINDOWS\Prefetch\IPSO.EXE-3B142144.pf
O45 - LFCP:[MD5.42BDECF4BD42F614D6F0252A68C4C3BF] - 07/04/2013 - 18:29:45 ---A- - C:\WINDOWS\Prefetch\KEYSCRAMBLER.EXE-3A8036D6.pf
O45 - LFCP:[MD5.28CA0C865BA8C5DC0A3CFFC02E5BEC4E] - 07/04/2013 - 18:29:45 ---A- - C:\WINDOWS\Prefetch\MSPMSPSV.EXE-13D52AC2.pf
O45 - LFCP:[MD5.38CC378C0761C86D36C9F96A82ABF69A] - 07/04/2013 - 18:29:45 ---A- - C:\WINDOWS\Prefetch\POPTRAY.EXE-385BD482.pf
O45 - LFCP:[MD5.7E1FE2A0FDE8EC5F24F1506D4862E445] - 07/04/2013 - 18:29:45 ---A- - C:\WINDOWS\Prefetch\TUNEUPUTILITIESSERVICE32.EXE-1CDBC610.pf
O45 - LFCP:[MD5.E7647660152D5E6DD0213EE4E93483BE] - 07/04/2013 - 18:29:45 ---A- - C:\WINDOWS\Prefetch\UPHCLEAN.EXE-38E40E8B.pf
O45 - LFCP:[MD5.0A12C1FDA46B9EACD76B41A1D272361B] - 07/04/2013 - 18:29:57 ---A- - C:\WINDOWS\Prefetch\GDFWADMIN.EXE-18B5800C.pf
O45 - LFCP:[MD5.11A256B429237D835585A5137C91DB5F] - 07/04/2013 - 21:15:25 ---A- - C:\WINDOWS\Prefetch\SHUTDOWN.EXE-00AD91B0.pf
O45 - LFCP:[MD5.1125744419919AE65171406E4A283287] - 08/04/2013 - 10:30:51 ---A- - C:\WINDOWS\Prefetch\GDFWSVC.EXE-0773CEA0.pf
O45 - LFCP:[MD5.1AEF48360ADB3D0318813D6A70A59322] - 08/04/2013 - 10:32:22 ---A- - C:\WINDOWS\Prefetch\INITIALIZE.EXE-2316EC09.pf
O45 - LFCP:[MD5.443DC38B583801162C4112E20FF3D817] - 08/04/2013 - 10:32:29 ---A- - C:\WINDOWS\Prefetch\TUNEUPUTILITIESAPP32.EXE-22C48212.pf
O45 - LFCP:[MD5.E253737ABEDC842CB2E4436962459EC5] - 08/04/2013 - 10:32:32 ---A- - C:\WINDOWS\Prefetch\RECGUARD.EXE-16078673.pf
O45 - LFCP:[MD5.813BEB6B3AEBEBBBB442B3390762480D] - 08/04/2013 - 10:32:42 ---A- - C:\WINDOWS\Prefetch\AGRSMMSG.EXE-071EDC2A.pf
O45 - LFCP:[MD5.6E0B334FFD531DFEB6E8363EE1D68F8B] - 08/04/2013 - 10:32:42 ---A- - C:\WINDOWS\Prefetch\HPHMON05.EXE-1C7A07AD.pf
O45 - LFCP:[MD5.4552426CEDDA796AC57C5DBD41116359] - 08/04/2013 - 10:32:42 ---A- - C:\WINDOWS\Prefetch\PS2.EXE-23667557.pf
O45 - LFCP:[MD5.6C7B2432BF50180B57B0F850D8258DB4] - 08/04/2013 - 10:32:43 ---A- - C:\WINDOWS\Prefetch\AVKTRAY.EXE-23286FF0.pf
O45 - LFCP:[MD5.96398E7E5038D1C7FE8441B33E655902] - 08/04/2013 - 11:46:45 ---A- - C:\WINDOWS\Prefetch\CNMSEAD.EXE-084FB023.pf
O45 - LFCP:[MD5.5F50736357AA965D3F7F3AF298675E60] - 08/04/2013 - 14:51:42 ---A- - C:\WINDOWS\Prefetch\AVK.EXE-3025CFD9.pf
O45 - LFCP:[MD5.7E310CE6764FC6A30E341AA01D6C5034] - 08/04/2013 - 15:18:17 ---A- - C:\WINDOWS\Prefetch\WKDSTORE.EXE-23505CEE.pf
~ Prefetcher: 130 Legitimates Scanned in 00mn 03s
---\\ Op�rations et fonctions au d�marrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Export de cl� d'application autoris�e (O47)
O47 - AAKE:Key Export SP - "C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" [Enabled] .(.IVT Corporation..) -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Orb Networks\Orb\bin\Orb.exe" [Enabled] .(.Orb Networks, Inc..) -- C:\Program Files\Orb Networks\Orb\bin\Orb.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" [Enabled] .(.Orb Networks.) -- C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe" [Enabled] .(.Orb Networks.) -- C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Orb Networks\Orb\bin\xmltv.exe" [Enabled] .(.XMLTV Project http://www.xmltv.org.) -- C:\Program Files\Orb Networks\Orb\bin\xmltv.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe" [Enabled] .(.Orb Networks.) -- C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe
O47 - AAKE:Key Export SP - "C:\Program Files\ma-config.com\maconfservice.exe" [Enabled] .(...) -- C:\Program Files\ma-config.com\maconfservice.exe (.not file.)
~ Keys Export: 13 Legitimates Scanned in 00mn 00s
---\\ D�ni du service (Local Security Authority) (O48)
~ LSA: 6 Legitimates Scanned in 00mn 00s
---\\ Contr�le du Safe Boot (CSB) (O49)
~ CBS: 21 Legitimates Scanned in 00mn 01s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s
---\\ Trojan Driver Search Data (HKLM) (O52)
O52 - TDSD: \Drivers32\"vidc.LEAD"="LCODCCMP.DLL" . (.LEAD Technologies, Inc. - LEAD MCMP/MJPEG Codec.) -- C:\WINDOWS\system32\LCODCCMP.dll
O52 - TDSD: \drivers.desc\"LCODCCMP.DLL"="LEAD MCMP/MJPEG Codec (VFW)" . (.LEAD Technologies, Inc. - LEAD MCMP/MJPEG Codec.) -- C:\WINDOWS\system32\LCODCCMP.dll
~ TDSD: 24 Legitimates Scanned in 00mn 03s
---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\Adobe Reader Synchronizer [Key] . (...) -- C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Allmyapps [Key] . (...) -- C:\Documents and Settings\Administrateur\Application Data\Allmyapps\Allmyapps.exe
O53 - SMSR:HKLM\...\startupreg\Allmyapps Update [Key] . (...) -- C:\Documents and Settings\Administrateur\Application Data\Allmyapps\AllmyappsUpdater.exe
O53 - SMSR:HKLM\...\startupreg\NeroCheck [Key] . (.Ahead Software Gmbh - NeroCheck.) -- C:\WINDOWS\system32\NeroCheck.exe
O53 - SMSR:HKLM\...\startupreg\OSSelectorReinstall [Key] . (...) -- C:\Program Files\Fichiers communs\Acronis\Acronis Disk Director\oss_reinstall.exe
O53 - SMSR:HKLM\...\startupreg\TrueImageMonitor.exe [Key] . (...) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O53 - SMSR:HKLM\...\startupreg\UpdateManager [Key] . (.Sonic Solutions - Sonic Update Manager.) -- c:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
~ SMSR Keys: 28 Legitimates Scanned in 00mn 01s
---\\ Microsoft Control Security Providers (O54)
~ MSCP: 6 Legitimates Scanned in 00mn 00s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
~ MWPS: 7 Legitimates Scanned in 00mn 00s
---\\ Microsoft Windows Policies Explorer (O56)
~ MWPE Keys: 6 Legitimates Scanned in 00mn 00s
---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.53696AD8FFC5FAC51949A525FF65A689] - 24/02/2013 - 11:28:24 ---A- . (.Acronis - File Level CDP Kernel Helper.) -- C:\WINDOWS\system32\Drivers\afcdp.sys [167968]
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 12/02/2004 - 02:39:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
~ Drivers: Scanned in 00mn 00s
---\\ Derniers fichiers modifi�s ou cr�es (Utilisateur) (O61)
O61 - LFC: 05/04/2013 - 11:30:48 ---A- C:\Documents and Settings\marc\Application Data\G-Force Prefs (WindowsMediaPlayer).txt [191]
O61 - LFC: 05/04/2013 - 11:31:06 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\History Index 2013-04 [417792]
O61 - LFC: 05/04/2013 - 11:31:06 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\History Index 2013-04-journal [16384]
O61 - LFC: 05/04/2013 - 11:31:07 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Cache\f_0002bc [178948]
O61 - LFC: 05/04/2013 - 11:31:09 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Top Sites [28672]
O61 - LFC: 05/04/2013 - 11:31:09 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Top Sites-journal [16384]
O61 - LFC: 05/04/2013 - 11:31:10 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Cache\f_0002bd [21417]
O61 - LFC: 05/04/2013 - 11:31:10 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Session Storage\000286.sst [146]
O61 - LFC: 05/04/2013 - 11:35:21 ---A- C:\Documents and Settings\marc\Application Data\Microsoft\Media Player\006D3120.wpl [192]
O61 - LFC: 05/04/2013 - 11:35:30 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Session Storage\000288.sst [187144]
O61 - LFC: 05/04/2013 - 11:38:00 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extension State\LOG.old [267]
O61 - LFC: 05/04/2013 - 11:38:04 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\File System\Origins\LOG.old [148]
O61 - LFC: 05/04/2013 - 11:38:05 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Session Storage\000291.sst [187158]
O61 - LFC: 05/04/2013 - 11:38:06 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Bookmarks.bak [207705]
O61 - LFC: 05/04/2013 - 11:38:06 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Cache\f_0002c0 [27841]
O61 - LFC: 05/04/2013 - 11:38:07 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Cache\f_0002c1 [21417]
O61 - LFC: 05/04/2013 - 11:38:08 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\File System\000\p\Paths\LOG.old [148]
O61 - LFC: 05/04/2013 - 11:38:08 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Session Storage\LOG.old [272]
O61 - LFC: 05/04/2013 - 11:38:13 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Last Tabs [1374]
O61 - LFC: 05/04/2013 - 11:38:14 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Last Session [3151]
O61 - LFC: 05/04/2013 - 11:38:16 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extension State\CURRENT [16]
O61 - LFC: 05/04/2013 - 11:38:16 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extension State\MANIFEST-000227 [543]
O61 - LFC: 05/04/2013 - 11:38:18 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extension State\LOG [267]
O61 - LFC: 05/04/2013 - 11:38:18 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Login Data [16384]
O61 - LFC: 05/04/2013 - 11:38:18 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Login Data-journal [8736]
O61 - LFC: 05/04/2013 - 11:38:18 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Web Data [83968]
O61 - LFC: 05/04/2013 - 11:38:18 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Web Data-journal [16384]
O61 - LFC: 05/04/2013 - 11:38:19 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Bookmarks [207705]
O61 - LFC: 05/04/2013 - 11:38:19 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Cache\f_0002c2 [27766]
O61 - LFC: 05/04/2013 - 11:38:19 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\File System\000\p\Paths\CURRENT [16]
O61 - LFC: 05/04/2013 - 11:38:19 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\File System\000\p\Paths\MANIFEST-000167 [88]
O61 - LFC: 05/04/2013 - 11:38:19 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\File System\Origins\CURRENT [16]
O61 - LFC: 05/04/2013 - 11:38:19 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\File System\Origins\MANIFEST-000177 [142]
O61 - LFC: 05/04/2013 - 11:38:21 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Local Storage\chrome-extension_mfidmkgnfgnkihnjeklbekckimkipmoe_0.localstorage [3072]
O61 - LFC: 05/04/2013 - 11:38:21 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Local Storage\chrome-extension_mfidmkgnfgnkihnjeklbekckimkipmoe_0.localstorage-journal [3608]
O61 - LFC: 05/04/2013 - 11:38:22 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Session Storage\000294.sst [374113]
O61 - LFC: 05/04/2013 - 11:38:22 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Session Storage\CURRENT [16]
O61 - LFC: 05/04/2013 - 11:38:22 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Session Storage\MANIFEST-000293 [252]
O61 - LFC: 05/04/2013 - 11:38:24 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\File System\000\p\Paths\LOG [148]
O61 - LFC: 05/04/2013 - 11:38:24 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Session Storage\LOG [272]
O61 - LFC: 05/04/2013 - 11:38:26 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\File System\Origins\LOG [148]
O61 - LFC: 05/04/2013 - 11:38:27 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Favicons [604160]
O61 - LFC: 05/04/2013 - 11:38:27 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Favicons-journal [16384]
O61 - LFC: 05/04/2013 - 11:38:27 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Managed Mode Settings [8]
O61 - LFC: 05/04/2013 - 11:38:36 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\databases\chrome-extension_epanfjkfahimkgomnigadpkobaefekcd_0\1 [114688]
O61 - LFC: 05/04/2013 - 11:38:37 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Local Storage\chrome-extension_epanfjkfahimkgomnigadpkobaefekcd_0.localstorage [5120]
O61 - LFC: 05/04/2013 - 11:38:37 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Local Storage\chrome-extension_epanfjkfahimkgomnigadpkobaefekcd_0.localstorage-journal [5672]
O61 - LFC: 05/04/2013 - 11:38:49 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Cookies [32768]
O61 - LFC: 05/04/2013 - 11:38:49 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Cookies-journal [16384]
O61 - LFC: 05/04/2013 - 11:38:49 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\QuotaManager [19456]
O61 - LFC: 05/04/2013 - 11:38:49 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\QuotaManager-journal [8768]
O61 - LFC: 05/04/2013 - 11:38:55 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Local State [23156]
O61 - LFC: 05/04/2013 - 11:38:55 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Current Tabs [1374]
O61 - LFC: 05/04/2013 - 11:38:55 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Sync Data\SyncData.sqlite3 [2318336]
O61 - LFC: 05/04/2013 - 11:38:56 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Cache\data_0 [229376]
O61 - LFC: 05/04/2013 - 11:38:56 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Cache\data_1 [4726784]
O61 - LFC: 05/04/2013 - 11:38:56 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Cache\data_2 [8396800]
O61 - LFC: 05/04/2013 - 11:38:56 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Current Session [1910]
O61 - LFC: 05/04/2013 - 11:38:56 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\History [364544]
O61 - LFC: 05/04/2013 - 11:38:56 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\History Provider Cache [23294]
O61 - LFC: 05/04/2013 - 11:38:56 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\History-journal [16384]
O61 - LFC: 05/04/2013 - 11:38:56 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Preferences [116201]
O61 - LFC: 05/04/2013 - 11:38:56 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Sync Data\SyncData.sqlite3-journal [16384]
O61 - LFC: 05/04/2013 - 11:38:56 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Google\Chrome\User Data\chrome_shutdown_ms.txt [5]
O61 - LFC: 05/04/2013 - 15:44:42 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\bookmarkbackups\bookmarks-2013-04-05.json [162517]
O61 - LFC: 05/04/2013 - 15:47:51 ---A- C:\Documents and Settings\marc\Recent\Erreur 7.doc.lnk [482]
O61 - LFC: 05/04/2013 - 15:53:20 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\adblockplus-rules.json [365283]
O61 - LFC: 05/04/2013 - 15:56:05 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\mimeTypes.rdf [4430]
O61 - LFC: 05/04/2013 - 15:56:09 ---A- C:\Documents and Settings\marc\Recent\Patch_FR_Tweak_UI_v2.10.0.5.zip.lnk [617]
O61 - LFC: 05/04/2013 - 15:56:09 ---A- C:\Documents and Settings\marc\Recent\TweakUI.lnk [549]
O61 - LFC: 05/04/2013 - 16:36:07 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [117153]
O61 - LFC: 05/04/2013 - 16:49:14 ---A- C:\Documents and Settings\marc\Recent\MARC.lnk [349]
O61 - LFC: 05/04/2013 - 16:49:14 ---A- C:\Documents and Settings\marc\Recent\echec google earth.jpg.lnk [512]
O61 - LFC: 05/04/2013 - 17:10:59 ---A- C:\Documents and Settings\marc\Menu D�marrer\Programmes\Sawbuck\Sawbuck.lnk [830]
O61 - LFC: 05/04/2013 - 17:10:59 ---A- C:\Documents and Settings\marc\Menu D�marrer\Programmes\Sawbuck\Uninstall Sawbuck.lnk [551]
O61 - LFC: 05/04/2013 - 17:11:00 R--A- C:\Documents and Settings\marc\Application Data\Microsoft\Installer\{459BFE07-FCF3-4274-AC8B-8E8DDA7214BA}\icon.ico [96583]
O61 - LFC: 05/04/2013 - 17:13:18 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\pluginreg.dat [10091]
O61 - LFC: 05/04/2013 - 17:28:13 ---A- C:\Documents and Settings\marc\Recent\D�pannage installation.doc.lnk [825]
O61 - LFC: 05/04/2013 - 17:28:13 ---A- C:\Documents and Settings\marc\Recent\Google Chrome.lnk [568]
O61 - LFC: 05/04/2013 - 17:46:07 ---A- C:\Documents and Settings\marc\Recent\Google earth.lnk [565]
O61 - LFC: 05/04/2013 - 17:46:07 ---A- C:\Documents and Settings\marc\Recent\d�pannage avec Sawbuck.doc.lnk [820]
O61 - LFC: 05/04/2013 - 17:48:03 ---A- C:\Documents and Settings\marc\Recent\CODES.pdf.lnk [306]
O61 - LFC: 06/04/2013 - 09:31:59 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\bookmarkbackups\bookmarks-2013-04-06.json [162517]
O61 - LFC: 06/04/2013 - 10:12:41 ---A- C:\Documents and Settings\marc\Bureau\OTL\R�installation Chrome et Earth.doc [20480]
O61 - LFC: 06/04/2013 - 10:43:04 ---A- C:\Documents and Settings\marc\Recent\R�installation Chrome et Earth.doc.lnk [481]
O61 - LFC: 06/04/2013 - 13:55:27 ---A- C:\Documents and Settings\marc\Recent\COMPTES DIVERS.doc.lnk [735]
O61 - LFC: 06/04/2013 - 13:55:27 ---A- C:\Documents and Settings\marc\Recent\Divers.lnk [542]
O61 - LFC: 06/04/2013 - 13:55:28 ---A- C:\Documents and Settings\marc\Application Data\Microsoft\�preuve\CUSTOM.DIC [51]
O61 - LFC: 06/04/2013 - 14:00:38 ---A- C:\Documents and Settings\marc\Recent\Ann�e 2013.lnk [556]
O61 - LFC: 06/04/2013 - 14:00:38 ---A- C:\Documents and Settings\marc\Recent\Compte PEA la Poste 2013.xls.lnk [787]
O61 - LFC: 06/04/2013 - 14:07:03 ---A- C:\Documents and Settings\marc\Bureau\OTL\OTL.exe [602112]
O61 - LFC: 06/04/2013 - 17:33:58 ---A- C:\Documents and Settings\marc\Bureau\OTL\OTL.doc [147456]
O61 - LFC: 06/04/2013 - 17:34:02 ---A- C:\Documents and Settings\marc\Recent\OTL.doc.lnk [394]
O61 - LFC: 06/04/2013 - 18:45:36 ---A- C:\Documents and Settings\marc\Application Data\Microsoft\Windows\Themes\Custom.theme [7806]
O61 - LFC: 06/04/2013 - 18:46:19 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Microsoft\Wallpaper1.bmp [2090034]
O61 - LFC: 06/04/2013 - 18:46:19 -SHA- C:\Documents and Settings\marc\Application Data\Microsoft\Internet Explorer\Desktop.htt [2696]
O61 - LFC: 07/04/2013 - 03:25:27 ---A- C:\Documents and Settings\marc\Bureau\OTL\Capture image OTL avant interruption.jpg [81768]
O61 - LFC: 07/04/2013 - 03:26:57 ---A- C:\Documents and Settings\marc\Recent\Capture N� 2.jpg.lnk [351]
O61 - LFC: 07/04/2013 - 09:15:34 ---A- C:\Documents and Settings\marc\Recent\Capture N� 1.jpg.lnk [427]
O61 - LFC: 07/04/2013 - 09:39:42 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\bookmarkbackups\bookmarks-2013-04-07.json [162816]
O61 - LFC: 07/04/2013 - 09:41:17 ---A- C:\Documents and Settings\marc\Bureau\OTL\Arr�t OTL.doc [20992]
O61 - LFC: 07/04/2013 - 09:45:49 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\blocklist.xml [58746]
O61 - LFC: 07/04/2013 - 09:53:25 ---A- C:\Documents and Settings\marc\Recent\Arr�t OTL.doc.lnk [691]
O61 - LFC: 07/04/2013 - 09:57:37 ---A- C:\Documents and Settings\marc\Application Data\KC Softwares\SUMo\reg.sumo [11260]
O61 - LFC: 07/04/2013 - 09:57:58 ---A- C:\Documents and Settings\marc\Application Data\KC Softwares\SUMo\db.bak [6713]
O61 - LFC: 07/04/2013 - 09:58:28 ---A- C:\Documents and Settings\marc\Application Data\KC Softwares\SUMo\SUMo.cache [5332]
O61 - LFC: 07/04/2013 - 09:59:36 ---A- C:\Documents and Settings\marc\Recent\sumo1.jpg.lnk [306]
O61 - LFC: 07/04/2013 - 10:00:03 ---A- C:\Documents and Settings\marc\Recent\sumo2.jpg.lnk [306]
O61 - LFC: 07/04/2013 - 10:00:05 ---A- C:\Documents and Settings\marc\Application Data\KC Softwares\SUMo\db.sumo [6713]
O61 - LFC: 07/04/2013 - 10:21:01 ---A- C:\Documents and Settings\marc\Recent\Adresse t�l�chargement Sumo.doc.lnk [1058]
O61 - LFC: 07/04/2013 - 10:21:01 ---A- C:\Documents and Settings\marc\Recent\sumo.lnk [734]
O61 - LFC: 07/04/2013 - 10:34:09 ---A- C:\Documents and Settings\marc\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [753]
O61 - LFC: 07/04/2013 - 10:34:14 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Crash Reports\InstallTime20130326150557 [10]
O61 - LFC: 07/04/2013 - 10:34:25 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\addons.sqlite [524288]
O61 - LFC: 07/04/2013 - 10:34:27 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\extensions.sqlite [557056]
O61 - LFC: 07/04/2013 - 10:34:30 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\search.json [10826]
O61 - LFC: 07/04/2013 - 10:38:39 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\permissions.sqlite [65536]
O61 - LFC: 07/04/2013 - 10:38:39 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\webappsstore.sqlite [196608]
O61 - LFC: 07/04/2013 - 16:12:59 ---A- C:\Documents and Settings\marc\Bureau\Roguekiller\RogueKiller.exe [816128]
O61 - LFC: 07/04/2013 - 16:13:09 ---A- C:\Documents and Settings\marc\Recent\Echec Chrome et Earth.lnk [451]
O61 - LFC: 07/04/2013 - 16:17:46 ---A- C:\Documents and Settings\marc\Bureau\Roguekiller\RKreport[1]_S_07042013_171707.txt [1639]
O61 - LFC: 07/04/2013 - 16:22:09 ---A- C:\Documents and Settings\marc\Bureau\RK_Quarantine\NewStartPanel_{20D04FE0-0.reg [408]
O61 - LFC: 07/04/2013 - 16:22:09 ---A- C:\Documents and Settings\marc\Bureau\RK_Quarantine\System_DisableReg0.reg [324]
O61 - LFC: 07/04/2013 - 16:22:49 ---A- C:\Documents and Settings\marc\Bureau\RK_Quarantine\AllmyappsUpdater.exe.vir [247800]
O61 - LFC: 07/04/2013 - 16:23:23 ---A- C:\Documents and Settings\marc\Bureau\Roguekiller\RKreport[3]_D_07042013_172249.txt [1723]
O61 - LFC: 07/04/2013 - 16:25:35 ---A- C:\Documents and Settings\marc\Recent\RKreport[2]_S_07042013_172128.txt.lnk [591]
O61 - LFC: 07/04/2013 - 16:44:45 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\signons.sqlite [327680]
O61 - LFC: 07/04/2013 - 16:50:05 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\formhistory.sqlite [196608]
O61 - LFC: 07/04/2013 - 16:56:10 ---A- C:\Documents and Settings\marc\Application Data\Media Player Classic\default.mpcpl [16]
O61 - LFC: 07/04/2013 - 17:01:19 ---A- C:\Documents and Settings\marc\Application Data\CrystalIdea Software\SpeedyFox\preferences.xml [232]
O61 - LFC: 07/04/2013 - 17:01:37 ---A- C:\Documents and Settings\marc\Bureau\speedyfox 2.0.3.65.lnk [833]
O61 - LFC: 07/04/2013 - 17:06:48 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\1664.png [4744]
O61 - LFC: 07/04/2013 - 17:06:48 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\1675.png [3432]
O61 - LFC: 07/04/2013 - 17:06:48 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\1924.png [5069]
O61 - LFC: 07/04/2013 - 17:06:48 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\518.png [3041]
O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\1389.png [2315]
O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\1395.png [5642]
O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\1403.png [6732]
O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\1485.png [5980]
O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\17630.png [2328]
O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\228.png [5665]
O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\2317.png [682]
O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\348.png [1836]
O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\396.png [7400]
O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\436.png [2979]
O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\452.png [5123]
O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\562.png [2142]
O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\580.png [9036]
O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\582.png [6487]
O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\589.png [4822]
O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\602.png [6407]
O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\609.png [8179]
O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\617.png [5658]
O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\622.png [3349]
O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\684.png [7152]
O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\6889.png [2206]
O61 - LFC: 07/04/2013 - 17:06:49 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\icons\711.png [4431]
O61 - LFC: 07/04/2013 - 17:08:20 ---A- C:\Documents and Settings\marc\Application Data\Allmyapps\ama.db [18432]
O61 - LFC: 07/04/2013 - 17:08:50 ---A- C:\Documents and Settings\marc\Bureau\RK_Quarantine\Eula.txt [3769]
O61 - LFC: 07/04/2013 - 17:09:51 ---A- C:\Documents and Settings\marc\Bureau\RK_Quarantine\PhysicalDrive0_User.dat [512]
O61 - LFC: 07/04/2013 - 17:09:51 ---A- C:\Documents and Settings\marc\Bureau\RK_Quarantine\QuarantineReport.txt [790]
O61 - LFC: 07/04/2013 - 18:34:45 ---A- C:\Documents and Settings\marc\Recent\RKreport[1]_S_07042013_171707.txt.lnk [721]
O61 - LFC: 07/04/2013 - 18:41:25 ---A- C:\Documents and Settings\marc\Recent\RKreport[3]_D_07042013_172249.txt.lnk [721]
O61 - LFC: 07/04/2013 - 18:44:38 ---A- C:\Documents and Settings\marc\Bureau\Roguekiller\RogueKiller.doc [137216]
O61 - LFC: 07/04/2013 - 18:44:45 ---A- C:\Documents and Settings\marc\Recent\RogueKiller.doc.lnk [631]
O61 - LFC: 07/04/2013 - 18:44:45 ---A- C:\Documents and Settings\marc\Recent\Roguekiller.lnk [401]
O61 - LFC: 07/04/2013 - 21:00:43 ---A- C:\Documents and Settings\marc\Bureau\MB\mbam-log-2013-04-07 (19-47-07).txt [2138]
O61 - LFC: 07/04/2013 - 21:14:03 ---A- C:\Documents and Settings\marc\Recent\mbam-log-2013-04-07 (19-47-07).txt.lnk [657]
O61 - LFC: 07/04/2013 - 21:15:12 ---A- C:\Documents and Settings\marc\Bureau\MB\lien rapport.doc [19968]
O61 - LFC: 07/04/2013 - 21:15:14 ---A- C:\Documents and Settings\marc\Recent\lien rapport.doc.lnk [567]
O61 - LFC: 08/04/2013 - 10:32:36 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\kstemp [0]
O61 - LFC: 08/04/2013 - 10:32:36 --HA- C:\Documents and Settings\marc\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [1024]
O61 - LFC: 08/04/2013 - 11:42:58 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\bookmarkbackups\bookmarks-2013-04-08.json [162948]
O61 - LFC: 08/04/2013 - 11:44:02 ---A- C:\Documents and Settings\marc\Bureau\Microsoft Word.lnk [2559]
O61 - LFC: 08/04/2013 - 11:46:25 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\cookies.sqlite [524288]
O61 - LFC: 08/04/2013 - 11:46:25 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\sessionstore.bak [1523]
O61 - LFC: 08/04/2013 - 11:46:25 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\sessionstore.js [1523]
O61 - LFC: 08/04/2013 - 11:48:01 ---A- C:\Documents and Settings\marc\Bureau\ZHPDiaz\ZhpDiaz.doc [41984]
O61 - LFC: 08/04/2013 - 11:50:00 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\downloads.sqlite [98304]
O61 - LFC: 08/04/2013 - 11:50:01 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\content-prefs.sqlite [229376]
O61 - LFC: 08/04/2013 - 11:50:01 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\places.sqlite [10485760]
O61 - LFC: 08/04/2013 - 11:52:19 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\parent.lock [0]
O61 - LFC: 08/04/2013 - 11:52:19 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\webapps\webapps.json [2]
O61 - LFC: 08/04/2013 - 11:52:22 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\ImTranslator\profile.imt [483]
O61 - LFC: 08/04/2013 - 11:52:23 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\adblockplus\elemhide.css [1544138]
O61 - LFC: 08/04/2013 - 11:52:25 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\urlclassifierkey3.txt [154]
O61 - LFC: 08/04/2013 - 11:52:33 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\cert8.db [98304]
O61 - LFC: 08/04/2013 - 11:52:33 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\key3.db [16384]
O61 - LFC: 08/04/2013 - 11:52:33 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\localstore.rdf [3252]
O61 - LFC: 08/04/2013 - 11:52:33 ---A- C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\prefs.js [46281]
O61 - LFC: 08/04/2013 - 11:52:33 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\_CACHE_CLEAN_ [1]
O61 - LFC: 08/04/2013 - 11:52:34 ---A- C:\Documents and Settings\marc\Local Settings\Application Data\Mozilla\Firefox\Profiles\riqdwsaj.default\startupCache\startupCache.4.little [53910]
O61 - LFC: 08/04/2013 - 11:52:36 ---A- C:\Documents and Settings\marc\Recent\ZHPDiaz.lnk [379]
O61 - LFC: 08/04/2013 - 11:52:36 ---A- C:\Documents and Settings\marc\Recent\ZhpDiaz.doc.lnk [579]
O61 - LFC: 08/04/2013 - 11:53:16 ---A- C:\Documents and Settings\marc\Bureau\MB\MBRCheck.lnk [684]
O61 - LFC: 08/04/2013 - 15:03:21 ---A- C:\Documents and Settings\marc\Recent\Personnels �picerie - pr�sences � conserver dans bureau .xls.lnk [717]
O61 - LFC: 08/04/2013 - 15:03:22 ---A- C:\Documents and Settings\marc\Application Data\Microsoft\Excel\Excel10.xlb [16945]
O61 - LFC: 08/04/2013 - 15:03:22 ---A- C:\Documents and Settings\marc\Recent\Majolane.lnk [422]
O61 - LFC: 08/04/2013 - 15:18:08 ---A- C:\Documents and Settings\marc\Application Data\wklnhst.dat [6334]
O61 - LFC: 08/04/2013 - 15:18:16 ---A- C:\Documents and Settings\marc\Recent\A4 vertical partag� en 10 H.doc.lnk [714]
O61 - LFC: 08/04/2013 - 15:18:16 ---A- C:\Documents and Settings\marc\Recent\Formats.lnk [490]
O61 - LFC: 08/04/2013 - 15:18:17 ---A- C:\Documents and Settings\marc\Application Data\Microsoft\Mod�les\Normal.dot [53248]
O61 - LFC: 08/04/2013 - 15:19:01 ---A- C:\Documents and Settings\marc\Bureau\MB\MBRCheck_04.08.13_16.18.48.txt [9847]
O61 - LFC: 08/04/2013 - 15:19:35 ---A- C:\Documents and Settings\marc\Recent\MB.lnk [350]
O61 - LFC: 08/04/2013 - 15:19:35 ---A- C:\Documents and Settings\marc\Recent\MBRCheck_04.08.13_16.18.48.txt.lnk [637]
O61 - LFC: 08/04/2013 - 15:20:43 -SHA- C:\Documents and Settings\marc\IETldCache\index.dat [262144]
~ 17 Fichiers temporaires (Temporary files)
~ 6 Fichiers cookies (Cookies files)
~ Files: 780 Legitimates Scanned in 01mn 30s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 08/04/2009 - C:\Program Files\Fichiers communs\AVerMedia\Service\AVerRemote.exe (AVerRemote) .(.AVerMedia - AVerRemote MFC Application.) - LEGACY_AVERREMOTE
O64 - Services: CurCS - 09/10/2009 - C:\Program Files\Fichiers communs\AVerMedia\Service\AVerScheduleService.exe (AVerScheduleService) .(.Pas de propri�taire - ScheduleService Module.) - LEGACY_AVERSCHEDULESERVICE
O64 - Services: CurCS - 23/08/2012 - Pas de propri�taire (AVKProxy) .(...) - LEGACY_AVKPROXY
O64 - Services: CurCS - 27/01/2012 - Pas de propri�taire (AVKService) .(...) - LEGACY_AVKSERVICE
O64 - Services: CurCS - 30/08/2012 - C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe (AVKWCtl) .(.G Data Software AG - G Data Filesystem Monitor Service.) - LEGACY_AVKWCTL
O64 - Services: CurCS - 21/11/2006 - C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys (BTNetFilter) .(.IVT Corporation. - Bluetooth Network Filter Driver.) - LEGACY_BTNETFILTER
O64 - Services: CurCS - 13/04/2008 - C:\WINDOWS\system32\dllhost.exe (COMSysApp) .(.Microsoft Corporation - COM Surrogate.) - LEGACY_COMSYSAPP
O64 - Services: CurCS - 11/05/2010 - C:\WINDOWS\system32\drivers\cpuz133_x32.sys (cpuz133) .(.Windows (R) Win 7 DDK provider - CPUID Driver.) - LEGACY_CPUZ133
O64 - Services: CurCS - 18/11/2007 - Pas de propri�taire (DVRMSFileWatcherService) .(...) - LEGACY_DVRMSFILEWATCHERSERVICE
O64 - Services: CurCS - 18/10/2012 - C:\WINDOWS\system32\drivers\GDBehave.sys (GDBehave) .(.G Data Software AG - Behavior Blocker.) - LEGACY_GDBEHAVE
O64 - Services: CurCS - 04/06/2012 - C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe (GDFwSvc) .(.G Data Software AG - G Data Persoonlijke Firewall.) - LEGACY_GDFWSVC
O64 - Services: CurCS - 18/10/2012 - C:\WINDOWS\system32\drivers\MiniIcpt.sys (GDMnIcpt) .(.G Data Software AG - Filesystem MiniInterceptor (Mini Filter).) - LEGACY_GDMNICPT
O64 - Services: CurCS - 19/07/2012 - C:\WINDOWS\system32\drivers\GDNdisIc.sys (GDNdisIc) .(.G Data Software AG - NDIS packet redirector.) - LEGACY_GDNDISIC
O64 - Services: CurCS - 29/03/2012 - C:\Program Files\Fichiers communs\G DATA\GDScan\GDScan.exe (GDScan) .(.G Data Software AG - G Data AntiVirus Scan Server.) - LEGACY_GDSCAN
O64 - Services: CurCS - 18/10/2012 - C:\WINDOWS\system32\drivers\GDTdiIcpt.sys (GDTdiInterceptor) .(.G Data Software AG - Pas de description.) - LEGACY_GDTDIINTERCEPTOR
O64 - Services: CurCS - 07/09/2012 - C:\WINDOWS\system32\drivers\GRD.sys (GRD) .(.G Data Software - G Data Rootkit Detector Driver.) - LEGACY_GRD
O64 - Services: CurCS - 19/07/2012 - C:\WINDOWS\system32\drivers\HookCentre.sys (HookCentre) .(.G Data Software AG - Security Hook.) - LEGACY_HOOKCENTRE
O64 - Services: CurCS - 13/04/2008 - C:\WINDOWS\system32\svchost.exe (LanmanWorkstation) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_LANMANWORKSTATION
O64 - Services: CurCS - 13/04/2008 - C:\WINDOWS\system32\lsass.exe (SamSs) .(.Microsoft Corporation - LSA Shell (Export Version).) - LEGACY_SAMSS
O64 - Services: CurCS - 13/09/2010 - C:\Program Files\UPHClean\uphclean.exe (UPHClean) .(.Windows (R) Codename Longhorn DDK provider - User Profile Hive Cleanup Service.) - LEGACY_UPHCLEAN
O64 - Services: CurCS - 02/07/2003 - C:\WINDOWS\system32\DRIVERS\viaagp1.sys (viaagp1) .(.VIA Technologies, Inc. - VIA NT AGP Filter.) - LEGACY_VIAAGP1
~ Legacy: 217 Legitimates Scanned in 00mn 08s
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> <>[HKCU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.cpl> <>[HKCU\..\cplopen\Command] (.Not Key.)
O67 - Shell Spawning: <.cmd> <>[HKCU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.com> <>[HKCU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.evt> <>[HKCU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKCU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.html> <>[HKCU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.js> <>[HKCU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.reg> <>[HKCU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 27 Legitimates Scanned in 00mn 00s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: prefs.js [marc - riqdwsaj.default] user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - http://www.bing.com
~ Keys: Scanned in 00mn 00s
---\\ Crack & Keygen Files (O82)
M:\Mes documents\Logiciels divers\Gros logiciels\Adobe PhotosShop 6\keygen.exe
~ Files: Scanned in 01mn 50s
---\\ Recherche des services d�marr�s par Svchost (O83)
O83 - Search Svchost Services: UxTuneUp (UxTuneUp) . (.TuneUp Software - TuneUp Theme Extension.) -- C:\WINDOWS\system32\uxtuneup.dll [29984]
~ Services: 42 Legitimates Scanned in 00mn 02s
---\\ Recherche particuliere � la racine de certains dossiers (O84)
[MD5.8E78B5BAC8B243841B95C38E580874C7] [SPRF][01/01/2004] (...) -- C:\Documents and Settings\marc\Local Settings\Application Data\fusioncache.dat [137]
[MD5.98A469B4A9768C269B2ABDFE988E372E] [SPRF][08/04/2013] (...) -- C:\Documents and Settings\marc\Application Data\wklnhst.dat [6334]
[MD5.88783EB39D8EF000CDA3413C789C4E21] [SPRF][14/02/2008] (...) -- C:\Program Files\settings.dat [15397]
[MD5.DEC05CA77EEE03C050B8AECC638BA3DB] [SPRF][31/07/2006] (.TechCity Solutions - AccountHelper.) -- C:\WINDOWS\Downloaded Program Files\Account.dll [51200]
[MD5.24E140813B633E9C989070D9F88C764C] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\catalog.dat [2390]
[MD5.32015EEDC621A7E6DF9A2E9D20394A90] [SPRF][28/09/2005] (.Symantec Corporation - Symantec Engine Common Object Model Server.) -- C:\WINDOWS\Downloaded Program Files\ecmsvr32.dll [288376]
[MD5.C8FEBEA460AAD5C1B6817F9676E03F78] [SPRF][27/10/2004] (.Symantec Corporation - LiveSubscribe Components.) -- C:\WINDOWS\Downloaded Program Files\LSSupCtl.dll [111752]
[MD5.71C5958AE5485645FFB9E9CC628868CA] [SPRF][28/09/2005] (.Symantec Corporation - AV Engine.) -- C:\WINDOWS\Downloaded Program Files\naveng32.dll [124536]
[MD5.1CAC99CEC62F86B678EC3881710D841C] [SPRF][28/09/2005] (.Symantec Corporation - AV Engine.) -- C:\WINDOWS\Downloaded Program Files\navex32a.dll [706168]
[MD5.6622AE6028BC93B0F60DE0BDE02A94EA] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\scrauth.dat [96752]
[MD5.181B0724CB825F0C6945C8D9017B01AA] [SPRF][14/11/2005] (.Pas de propri�taire - SymAData Module.) -- C:\WINDOWS\Downloaded Program Files\SymAData.dll [161384]
[MD5.ED3B0F1BA60554B9D2E5AE1B02AD9306] [SPRF][29/03/2007] (.Husdawg, LLC - System Requirements Lab.) -- C:\WINDOWS\Downloaded Program Files\sysreqlab2.dll [206384]
[MD5.F5A31803E5E6ECD1D30626F54C989E7B] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\tcdefs.dat [12811]
[MD5.49273F10AC7E1027F971E35C44740E2D] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\tcscan7.dat [750376]
[MD5.D56C70F1664AD306C6F617D0171748C0] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\tcscan8.dat [188908]
[MD5.5E35E64D586D158A57321DAD8380529A] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\tcscan9.dat [414268]
[MD5.8C17D4046D09E3AAE7316A603D1806CD] [SPRF][17/06/2005] (.SupportSoft, Inc. - tgctlsi Module.) -- C:\WINDOWS\Downloaded Program Files\tgctlsi.dll [1069056]
[MD5.47EA24991C9184C8186E5447BE22F364] [SPRF][17/06/2005] (.SupportSoft, Inc. - tgctlsr Module.) -- C:\WINDOWS\Downloaded Program Files\tgctlsr.dll [413696]
[MD5.59366DD141E6B459A7D71FB5C5EF8059] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\tinf.dat [453]
[MD5.F482930D99D74BCD79CB09F2E88BB7F7] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\tinfidx.dat [148]
[MD5.7E14DE819C30824C31908D858819DC14] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\tinfl.dat [1957]
[MD5.80C020623CDE0D98F1F7BA0B1924D8BA] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\tscan1.dat [44577]
[MD5.6A32D3E0354A89B2C61B5ACD117368D9] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\tscan1hd.dat [1237]
[MD5.5E5F18E9A090499430B4C6DF21EE114D] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\virscan1.dat [962489]
[MD5.627E5A4E1CA93AE9E26A679C50F3BC52] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\virscan2.dat [559594]
[MD5.381A2E63008F530033DE8D2CED798EE7] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\virscan3.dat [145244]
[MD5.78BDD6D65D24DC8EF5E1EDFA5FAC32CF] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\virscan4.dat [320067]
[MD5.0F3F6826BB11D46C86984A137FFD2C9C] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\virscan5.dat [1429761]
[MD5.783FA9A328E4252292077A00D782E68A] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\virscan6.dat [385582]
[MD5.C609D9F530EA10726E9DE6EBD172090C] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\virscan7.dat [2582178]
[MD5.58A861798F551DFA8EAB322ED1128512] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\virscan8.dat [1409203]
[MD5.9513990891D87558E9BD79A9D25AF93F] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\virscan9.dat [2703645]
[MD5.DF2B69539A13B5976470903F68877809] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\virscant.dat [32]
[MD5.036FFD3B67756C6A55F978DDA79CA065] [SPRF][30/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\vscanmsx.dat [2072]
[MD5.2EA09C8B4B4669C516433AE31982E259] [SPRF][28/09/2005] (...) -- C:\WINDOWS\Downloaded Program Files\zdone.dat [224]
~ Files: Scanned in 00mn 02s
---\\ Scan Additionnel (O88)
Database Version : v2.11492 - (07/04/2013)
Cl�s trouv�es (Keys found) : 18
Valeurs trouv�es (Values found) : 0
Dossiers trouv�s (Folders found) : 0
Fichiers trouv�s (Files found) : 0
[HKLM\Software\Classes\CLSID\{35b8892d-c3fb-4d88-990d-31db2ebd72bd}] =>Adware.RecordNRip
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}] =>Toolbar.Agent
[HKLM\Software\Classes\Installer\Features\4340C4778499EED41AE496DC3D613EC6] =>PUP.SweetIM
[HKLM\Software\Classes\Installer\Products\4340C4778499EED41AE496DC3D613EC6] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4340C4778499EED41AE496DC3D613EC6] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E] =>PUP.SweetIM
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536] =>PUP.SweetIM^
~ Additionnel: Scanned in 00mn 39s
---\\ Product Upgrade Codes (O90)
O90 - PUC: "160231E2A87C4D848A99D1319B1D98AF" . (.Memories Disc Creator 2.0.) -- c:\WINDOWS\Installer\{2E132061-C78A-48D4-A899-1D13B9D189FA}\HewlettPackard_0002ICON.exe
O90 - PUC: "4340C4778499EED41AE496DC3D613EC6" . (.Internet Explorer Toolbar 4.6 by SweetPacks.) -- C:\WINDOWS\Installer\{774C0434-9948-4DEE-A14E-69CDD316E36C}\ARPPRODUCTICON.exe =>PUP.SweetIM
O90 - PUC: "8ADCFC17CDDA68B408CCEC4C9ABFB21B" . (.User Profile Hive Cleanup Service.) -- C:\WINDOWS\Installer\{71CFCDA8-ADDC-4B86-80CC-CEC4A9FB2BB1}\_6FEFF9B68218417F98F549.exe
O90 - PUC: "D2E701689BFDCB6499DE70AEACEE9032" . (.G Data InternetSecurity 2013.) -- C:\WINDOWS\Installer\{86107E2D-DFB9-46BC-99ED-07EACAEE0923}\ARPPRODUCTICON.exe
O90 - PUC: "F6E1B82EAA0E8224BA98BDA4C0984D62" . (.AVerTV.) -- C:\WINDOWS\Installer\{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}\ARPPRODUCTICON.exe
~ Update Products: 96 Legitimates Scanned in 00mn 00s
---\\ MyComputer Name Space (O92)
O92 - MNS: Dossiers Web - {BDEADF00-C265-11D0-BCED-00A0C90AB50F}
~ MNS: 1 Legitimates Scanned in 00mn 00s
---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 28/01/2011 764536 | (AcrSch2Svc) . (.Acronis.) - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
SS - | Auto 14/03/2013 253656 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 24/02/2013 3246040 | (afcdpsrv) . (.Acronis.) - C:\Program Files\Fichiers communs\Acronis\CDP\afcdpsrv.exe
SS - | Disabled 09/07/2009 144712 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
SR - | Auto 08/04/2009 344064 | (AVerRemote) . (.AVerMedia.) - C:\Program Files\Fichiers communs\AVerMedia\Service\AVerRemote.exe
SR - | Auto 389120 | (AVerScheduleService) . (...) - C:\Program Files\Fichiers communs\AVerMedia\Service\AVerScheduleService.exe
SR - | Auto 1542680 | (AVKProxy) . (...) - C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
SR - | Auto 468472 | (AVKService) . (...) - C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
SR - | Auto 30/08/2012 1584112 | (AVKWCtl) . (.G Data Software AG.) - C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe
SR - | Auto 13/12/1999 44032 | (Creative Service for CDROM Access) . (.Creative Technology Ltd.) - C:\WINDOWS\System32\CTSvcCDA.exe
SS - | Demand 13/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Disabled 20480 | (DVRMSFileWatcherService) . (...) - c:\program files\dvrmstoolbox\dvrmsfilewatcherservice.exe
SR - | Demand 04/06/2012 1899816 | (GDFwSvc) . (.G Data Software AG.) - C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe
SR - | Demand 29/03/2012 470008 | (GDScan) . (.G Data Software AG.) - C:\Program Files\Fichiers communs\G DATA\GDScan\GDScan.exe
SS - | Auto 23/07/2009 133104 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 24/02/2005 73728 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
SR - | Auto 14/03/2013 170912 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe
SS - | Disabled 27/03/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 05/12/2007 155716 | (NVSvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvsvc32.exe
SS - | Demand 29/10/2004 86016 | (rpcapd) . (.NetGroup - Politecnico di Torino.) - C:\Program Files\WinPcap\rpcapd.exe
SR - | Auto 31/01/2013 1724192 | (TuneUp.UtilitiesSvc) . (.TuneUp Software.) - C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
SR - | Auto 13/09/2010 399872 | (UPHClean) . (.Windows (R) Codename Longhorn DDK provider.) - C:\Program Files\UPHClean\uphclean.exe
SR - | Auto 13/04/2008 14336 | C:\WINDOWS\system32\uxtuneup.dll (UxTuneUp) . (.TuneUp Software.) - C:\WINDOWS\system32\svchost.exe
~ Services: Scanned in 00mn 04s
---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
~ MBR: 1 Legitimates Scanned in 00mn 02s
---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by marc at 08/04/2013 16:29:16
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 16s
~ 2056 Legitimates filtered by white list
End of the scan (1018 lines in 07mn 49s)(1)