cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Rapport de ZHPDiag v2013.4.9.51 par Nicolas Coolman, Update du 09/04/2013
Run by Bureau at 09/04/2013 18:38:32
State :
High Elevated Privileges : OK
UAC : Not Found


---\\ Web Browser
MSIE: Internet Explorer v8.0.6001.18702 (Defaut)
MFIE: Mozilla Firefox 15.0.1 v15.0.1
GCIE: Google Chrome v26.0.1410.43

---\\ Windows Product Information
~ Langage: Fran�ais
Windows XP Professional Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK

---\\ Protection
Antivirus : avast! Free Antivirus v7.0.1466.0

---\\ System Information
~ Processor: x86 Family 16 Model 2 Stepping 3, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3071 MB (61% free)
System Restore: Activ� (Enable)
System drive C: has 92 GB (61%) free of 149 GB

---\\ Logged in mode
~ Computer Name: PROPRIET-2BB9ED
~ User Name: Bureau
~ All Users Names: UpdatusUser, SUPPORT_388945a0, HelpAssistant, Bureau, ASPNET, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Documents and Settings\Bureau\Application Data\
~ %Desktop% : C:\Documents and Settings\Bureau\Bureau\
~ %Favorites% : C:\Documents and Settings\Bureau\Favoris\
~ %LocalAppData% : C:\Documents and Settings\Bureau\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\Bureau\Menu D�marrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ DOS/Devices
A:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
C:\ Hard drive, Flash drive, Thumb drive (Free 92 Go of 149 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 61 Go of 149 Go)
F:\ CD-ROM drive (Not Inserted)
G:\ CD-ROM drive (Not Inserted)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Security Center: Scanned in 00mn 00s



---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.13/04/2008 - 18:34:04.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.FCDD66EE148885E900285ADE8417E40B] - (.Microsoft Corporation - Internet Extensions for Win32.) (.05/02/2013 - 20:56:42.) -- C:\WINDOWS\system32\wininet.dll [916480]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.13/04/2008 - 18:34:30.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 11:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 11:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 10:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.13/04/2008 - 17:57:40.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 08:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.13/04/2008 - 18:00:54.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 10:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 10:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 11:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.FB2FCCC70F7174C7BF64F48E96D3ADF4] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:35.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [457856]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 11:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 11:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parall�le.) (.13/04/2008 - 18:09:42.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 11:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 10:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.13/04/2008 - 17:57:36.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.13/04/2008 - 17:56:06.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 2/6655
~ Mes musiques (My Musics) : 8/548
~ Mes Videos (My Videos) : 1/20
~ Mes Favoris (My Favorites) : 0/74
~ Mes Documents (My Documents) : 2/10161
~ Mon Bureau (My Desktop) : 0/129
~ Menu demarrer (Programs) : 1/104
~ Hidden Files: Scanned in 00mn 11s



---\\ Processus lanc�s
[MD5.A9FF9831AB2BFFB1CCF849BDA19D06FD] - (.IObit - Advanced SystemCare Service.) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe [528192] [PID.1864]
[MD5.04AC21E821F259845BD7367CEE057290] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808] [PID.1380]
[MD5.927754ABF077AEB5504BE4E0F2C60C1B] - (.Logitech Inc. - Logitech User mode UMVPF service.) -- C:\Program Files\Fichiers communs\logishrd\LVMVFM\UMVPFSrv.exe [450848] [PID.1816]
[MD5.CD64CE62BE47DF0E9A459FD9002221FE] - (...) -- C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe [77824] [PID.1196]
[MD5.7A834424537E13AA5F2D964C9D9FA991] - (.Emsi Software GmbH - Emsisoft Anti-Malware Service.) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe [1935656] [PID.456]
[MD5.2C41AE09BB51EA074069135F183DAA9C] - (.Acronis - Acronis Scheduler 2.) -- C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe [660576] [PID.1084]
[MD5.829E254AE20147EC9D3C54A5991D298E] - (...) -- C:\WINDOWS\system32\afasrv32.exe [65536] [PID.1420]
[MD5.1CC3E547FE3DEC8272780F24F3059519] - (...) -- C:\Program Files\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [1518504] [PID.1500]
[MD5.8549D4B927C6AE13A118296F2251CC51] - (.APN LLC. - APN Updater.) -- C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [169096] [PID.2156]
[MD5.8FFCFE3351F51E19B856A2347E19B850] - (.Logitech Inc. - Logitech Webcam Software.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336] [PID.2724]
[MD5.12CDB5DC7774298223099D6E41ED5CE7] - (.SEIKO EPSON CORPORATION - EPSON Printer Status Agent.) -- C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe [94208] [PID.2812]
[MD5.BAD0D303EF0A519409C625738F3E10A3] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe [4282728] [PID.2864]
[MD5.E774F875819DEE4A312A921A88F779FE] - (.Microsoft Corporation - IPoint.exe.) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe [1821576] [PID.3180]
[MD5.CFE4BD7C25A750D71A5BD2390953BEB6] - (.Microsoft Corporation - IType.exe.) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe [1313640] [PID.3188]
[MD5.999DB5F88C8E145CCA9D471E33227143] - (.Oracle Corporation - Java(TM) Quick Starter Service.) -- C:\Program Files\Java\jre7\bin\jqs.exe [170912] [PID.2432]
[MD5.258CACA1DAADE43978E2ECC9BDC94E1C] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [73728] [PID.2908]
[MD5.1B959A0614D575D0AB3B09095F0A8B83] - (.Microsoft Corporation - SQL Server Windows NT.) -- C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe [9158656] [PID.3088]
[MD5.E6FF299C72B5E8A4303A41662D6CF2D7] - (...) -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe [265240] [PID.3736]
[MD5.934BB0D23A25C8C136570800A5A149B6] - (.Nero AG - NeroUpdate.) -- C:\Program Files\Nero\Update\NASvc.exe [687400] [PID.948]
[MD5.12916E0642E92561C98B18A2A2D01B14] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [252848] [PID.2284]
[MD5.87E3D12D74A86D75659FA808E4886D53] - (.Alcor Micro, Corp. - Drive Monitor.) -- C:\WINDOWS\system32\DrvMon.exe [53248] [PID.3696]
[MD5.B90E093E7A7250906F1054418B5339C0] - (.Nero AG - Nero BackItUp.) -- C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe [935208] [PID.3944]
[MD5.902054D6B4292329F9594FFF24EE02DB] - (...) -- C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe [680984] [PID.4076]
[MD5.6B665BDA473E2888A036D0BA5663B5A5] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 306.2.) -- C:\WINDOWS\system32\nvsvc32.exe [164200] [PID.2408]
[MD5.DA345DE3B450E9E1691E7B9956D8FFC3] - (...) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [90112] [PID.3220]
[MD5.85A5DB9C8DEFDDE941EC121ADB5B3175] - (.DT Soft Ltd - DAEMON Tools Shell Extensions Helper.) -- C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe [2744960] [PID.1488]
[MD5.478D9A1E760F9089DE19925616689F0D] - (.Pinnacle Systems - Media Server Host.) -- C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe [49152] [PID.3556]
[MD5.A6A7AD767BF5141665F5C675F671B3E1] - (.Protexis Inc. - PsiService PsiService.) -- C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe [185632] [PID.3112]
[MD5.800E8F1DC5F6A200B6DFCA2B3C21365E] - (...) -- C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe [493200] [PID.3828]
[MD5.BF2F2717C13A4BD4FD73F2788534E86B] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [917400] [PID.1252]
[MD5.AA6844A5127ED4B20DF6D313467B929D] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [17304] [PID.2488]
[MD5.B93499B1D1058C86C1A60C026C334971] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [6581760] [PID.3668]
[MD5.5E9A6658A2A69AE7EB195113B7A2E7A9] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.2776]
~ Processes Running: Scanned in 00mn 02s



---\\ Google Chrome, D�marrage,Recherche,Extensions (G0,G1,G2)
C:\Documents and Settings\Bureau\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default] http://www.delta-search.com =>Toolbar.DeltaSearch
~ Google Browser: Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\prefs.js
C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\user.js
M3 - MFPP: Plugins - [Bureau] -- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\searchplugins\delta.xml
M3 - MFPP: Plugins - [Bureau] -- C:\Program Files\Mozilla FireFox\searchplugins\babylon.xml =>Toolbar.Babylon
M0 - MFSP: prefs.js [Bureau - ag7l5sqo.default-1360951228890] http://www.delta-search.com =>Toolbar.DeltaSearch
M2 - MFEP: prefs.js [Bureau - ag7l5sqo.default-1360951228890\217e8200-a3b3-43df-b951-8ec01d483d7f@b98c6809-1f3f-41a1-bb1c-692cf84781e9.com] [] Services x86 v (.Corporate Inc.)
M2 - MFEP: prefs.js [Bureau - ag7l5sqo.default-1360951228890\addon@freecorder.com] [] Freecorder v7.0.0.13 (.freecorder.com.)
M2 - MFEP: prefs.js [Bureau - ag7l5sqo.default-1360951228890\ascsurfingprotection@iobit.com] [] Advanced SystemCare Surfing Protection v1.0 (.IObit.)
M2 - MFEP: prefs.js [Bureau - ag7l5sqo.default-1360951228890\ffxtlbr@delta.com] [] Delta Toolbar v1.5.0 (.delta-search.com.) =>Toolbar.DeltaSearch
P2 - FPN:Firefox Plugin Navigator . (.BitComet - BitCometAgent v1.27 for Firefox.) -- C:\Program Files\Mozilla Firefox\Plugins\npBitCometAgent.dll
P2 - FPN:Firefox Plugin Navigator . (.Zylom - Zylom Plugin.) -- C:\Program Files\Mozilla Firefox\Plugins\npzylomgamesplayer.dll
P2 - FPN: [HKLM] [@zylom.com/ZylomGamesPlayer] - (.Zylom - Zylom Plugin.) -- C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
~ Firefox Browser: 43 Legitimates Scanned in 00mn 01s



---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-search.com =>Toolbar.DeltaSearch
R0 - HKCU\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = http://www.delta-search.com =>Toolbar.DeltaSearch
R3 - URLSearchHook: SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.6.) (No version) -- (.not file.)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.6.) (No version) -- (.not file.)
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2
~ IE Browser: 10 Legitimates Scanned in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 4



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: CrossriderApp0027096 - {11111111-1111-1111-1111-110211701196} . (.Corporate Inc - Services x86 BHO.) -- C:\Program Files\Services x86\Services x86.dll =>PUP.CrossRider
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} . (...) -- C:\Documents and Settings\Bureau\Local Settings\Application Data\CT1060933\ldrtbFree.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} . (.BitComet - BitCometBHO.) -- C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
O2 - BHO: Ask Toolbar BHO - {57334934-2D47-006A-76A7-7A786E7484D7} . (...) -- "C:\Program Files\AskPartnerNetwork\Toolbar\W3I4-G\Passport.dll" (.not file.) =>Toolbar.Ask
O2 - BHO: Freecorder extension - {B15BBE59-42F5-4206-B3F0-BE98F5DC4B93} . (.Applian Technologies Inc. - ScriptHost.) -- C:\Program Files\Freecorder extension\ScriptHost.dll
O2 - BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} . (.Delta-search.com - Pas de description.) -- C:\Program Files\Delta\delta\1.8.10.0\bh\delta.dll =>Toolbar.DeltaSearch
~ BHO: 16 Legitimates Scanned in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: WOT - [HKLM]{71576546-354D-41c9-AAE8-31F2EC22BF0D} . (...) -- C:\Program Files\WOT\WOT.dll
O3 - Toolbar: avast! WebRep - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Freecorder Toolbar - [HKLM]{1392b8d2-5c05-419f-a8f6-b9f15a596612} . (...) -- C:\Documents and Settings\Bureau\Local Settings\Application Data\CT1060933\ldrtbFree.dll
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Ask Toolbar - [HKLM]{57334934-2D47-006A-76A7-7A786E7484D7} . (.APN LLC. - Passport.) -- C:\Program Files\AskPartnerNetwork\Toolbar\W3I4-G\Passport.dll =>Toolbar.Ask
O3 - Toolbar: Delta Toolbar - [HKLM]{82E1477C-B154-48D3-9891-33D83C26BCD3} . (.Delta-search.com - Pas de description.) -- C:\Program Files\Delta\delta\1.8.10.0\deltaTlbr.dll =>Toolbar.DeltaSearch
~ Toolbar: Scanned in 00mn 00s



---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Run: [LWS] . (.Logitech Inc. - Logitech Webcam Software.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Run: [nwiz] . (...) -- C:\Program Files\NVIDIA Corporation\nview\nwiz.exe
O4 - HKLM\..\Run: [IntelliPoint] . (.Microsoft Corporation - IPoint.exe.) -- c:\Program Files\Microsoft IntelliPoint\ipoint.exe
O4 - HKLM\..\Run: [itype] . (.Microsoft Corporation - IType.exe.) -- c:\Program Files\Microsoft IntelliType Pro\itype.exe
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
O4 - HKCU\..\Run: [DrvMon.exe] . (.Alcor Micro, Corp. - Drive Monitor.) -- C:\WINDOWS\system32\DrvMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-725345543-1844823847-839522115-1003\..\Run: [DrvMon.exe] . (.Alcor Micro, Corp. - Drive Monitor.) -- C:\WINDOWS\system32\DrvMon.exe
O4 - HKUS\S-1-5-21-725345543-1844823847-839522115-1003\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
~ Application: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Programs: Acrobat.com.lnk . (...) -- C:\Program Files\Adobe\Acrobat.com\Acrobat.com.exe
O4 - GS\Programs: Adobe Photoshop Album 2.0.lnk . (.Adobe Systems Incorporated - Adobe Photoshop Album 2.0.) -- C:\Photo\Photoshop\Apps\PhotoshopAlbum.exe
O4 - GS\Programs: Adobe Reader X.lnk . (...) -- C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-AA1000000001}\SC_Reader.ico
O4 - GS\Programs: Apple Software Update.lnk . (...) -- C:\WINDOWS\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe
O4 - GS\Programs: CometBird.lnk . (.CometNetwork - CometBird.) -- C:\Program Files\CometBird\cometbird.exe
O4 - GS\Programs: MioTransfer.lnk . (...) -- D:\MIO\MioTransfer.exe
O4 - GS\Programs: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Programs: MSN.lnk . (.Microsoft Corporation - msn.) -- C:\Program Files\MSN\MSNCoreFiles\msn.exe
O4 - GS\Programs: Objectif Tarot.lnk . (...) -- C:\Program Files\Objectif Tarot\Objectif Tarot.exe
O4 - GS\Programs: OfferBox.lnk . (.Aedge Performance BCN SL - OfferBox.) -- C:\Program Files\OfferBox\OfferBox.exe =>PUP.OfferBox
O4 - GS\Programs: Windows Movie Maker.lnk . (.Microsoft Corporation - Windows Movie Maker.) -- C:\Program Files\Movie Maker\moviemk.exe
O4 - GS\Programs: Windows Search.lnk . (.Microsoft Corporation - Windows Search System Tray.) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - GS\Programs: WordBiz.lnk . (...) -- C:\Program Files\WordBiz\WordBiz.exe
O4 - GS\Programs: Assistance � distance.lnk . (.Microsoft Corporation - Assistance � distance Microsoft.) -- C:\WINDOWS\system32\rcimlby.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Programs: Jouer (EasyBits GO).lnk . (.EasyBits Software AS - Game Organizer.) -- C:\Documents and Settings\All Users\Application Data\Easybits GO\EasyBitsGO.exe
O4 - GS\Programs: Outlook Express.lnk . (.Microsoft Corporation - Outlook Express.) -- C:\Program Files\Outlook Express\msimn.exe
O4 - GS\Programs: Secunia PSI.lnk . (.Secunia - Secunia PSI.) -- C:\Program Files\Secunia\PSI\psi.exe
O4 - GS\Programs: Webplayer.lnk . (...) -- C:\Documents and Settings\Bureau\Application Data\Microsoft\Installer\{9937E55B-6331-4804-93EF-77E992F204BD}\_3F7CDAE07E1639C4AEA7A8.exe
O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\Programs: Lecteur Windows Media.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
~ Global Startup: Scanned in 00mn 01s



---\\ Boutons situ�s sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} . (.BitComet - BitCometBHO.) -- C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Cl� orpheline
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
~ Winsock: 3 Legitimates Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} ((no name)) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} ((no name)) - http://www.myheritage.fr/Genoogle/Components/ActiveX/SearchEngineQuery.dll
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ((no name)) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_4_6_0_1.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ((no name)) - http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{62CD5898-7AFC-4D39-832A-08641674003F}: NameServer = 178.33.41.181,46.4.70.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{7DDE2034-E523-4032-B1C8-48D178D3B6DA}: NameServer = 178.33.41.181,46.4.70.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{922284C2-001D-4F25-9F01-FA07EAC406AF}: NameServer = 178.33.41.181,46.4.70.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{7DDE2034-E523-4032-B1C8-48D178D3B6DA}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} . (...) -- C:\Program Files\WOT\WOT.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent r�seau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notifications Windows Genuine Advantage.) -- C:\WINDOWS\system32\WgaLogon.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll =>Toolbar.Babylon
~ AppInit DLL: Scanned in 00mn 00s



---\\ Cl� de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
~ SSODL: 5 Legitimates Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) . (.Emsi Software GmbH - Emsisoft Anti-Malware Service.) - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
O23 - Service: Afa Card Reader Service (AfaService) . (...) - C:\WINDOWS\system32\afasrv32.exe
O23 - Service: Ashampoo HDD Control 2 Service (AHDDC2) . (...) - C:\Program Files\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
O23 - Service: Service de mise � jour Ask (APNMCP) . (.APN LLC. - APN Updater.) - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
O23 - Service: BOCore (BOCore) . (...) - C:\Utilitaires\BOClean\BOCORE.exe (.not file.)
O23 - Service: BrowserProtect (BrowserProtect) . (...) - C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe =>Toolbar.Babylon
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) . (.SEIKO EPSON CORPORATION - EPSON Printer Status Agent.) - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: OfferBox update service (OfferBox update service) . (.Aedge Performance BCN SL - OfferBox.) - C:\Program Files\OfferBox\OfferBoxUpdateService.exe =>PUP.OfferBox
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) . (...) - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: PC Speed Up Service (PCSUService) . (...) - C:\Program Files\Accelerer PC\PCSUService.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) . (.Pinnacle Systems - Media Server Host.) - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) . (.Protexis Inc. - PsiService PsiService.) - C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) . (...) - C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: USBDLM (USBDLM) . (...) - C:\Program Files\USBDLM\USBDLM.exe (.not file.)
~ Services: 25 Legitimates Scanned in 00mn 15s



---\\ Enum�ration Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\Bureau\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\Bureau\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
~ Desktop Component: 1 Legitimates Scanned in 00mn 00s



---\\ BootExecute (O34)
~ BEX: 1 Legitimates Scanned in 00mn 00s



---\\ T�ches planifi�es en automatique (O39)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\ASC6_PerformanceMonitor.job [270]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\BrowserProtect.job [292] =>Toolbar.Babylon
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IType_exe.job [302]
~ Scheduled Task: 16 Legitimates Scanned in 00mn 00s



---\\ Composants install�s (ActiveSetup Installed Components) (O40)
~ Active Setup: 24 Legitimates Scanned in 00mn 00s



---\\ Pilotes lanc�s au d�marrage (O41)
O41 - Driver: (a2injectiondriver) . (.Emsi Software GmbH - Emsisoft Anti-Malware Behavior Blocker.) - C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys
O41 - Driver: (a2util) . (.Emsi Software GmbH - a-squared Malware-IDS utility driver.) - C:\Program Files\Emsisoft Anti-Malware\a2util32.sys
O41 - Driver: (AvgArCln) . (.GRISOFT, s.r.o. - AVG7 Clean Driver.) - C:\WINDOWS\system32\DRIVERS\AvgArCln.sys
O41 - Driver: (ElRawDisk) . (.EldoS Corporation - RawDisk Driver. Allows write access to raw.) - C:\WINDOWS\system32\drivers\elrawdsk32bit.sys
O41 - Driver: (PCLEPCI) . (.Pinnacle Systems GmbH - PCLEPCI.) - C:\WINDOWS\system32\drivers\pclepci.sys
O41 - Driver: (rvsmon) . (.CJSC Returnil Software - Returnil Monitoring Core.) - C:\WINDOWS\system32\DRIVERS\rvsmon.sys
O41 - Driver: (rvsmonn) . (.CJSC Returnil Software - Returnil Network Monitoring.) - C:\WINDOWS\system32\DRIVERS\rvsmonn1.sys
O41 - Driver: (SAVRKBootTasks) . (.Sophos Plc - Sophos boot tasks for Windows 2000.) - C:\WINDOWS\system32\SAVRKBootTasks.sys
~ Drivers: 32 Legitimates Scanned in 00mn 00s



---\\ Logiciels install�s (O42)
O42 - Logiciel: AVG Anti-Rootkit Free - (.GRISOFT.) [HKLM] -- AVGantiRootkit
O42 - Logiciel: Ad-aware 6 Professional - (.Lavasoft Sweden.) [HKLM] -- Ad-aware 6 Professional
O42 - Logiciel: Adobe Flash Player 11 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 11 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Reader X (10.1.6) - Fran�ais - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-AA1000000001}
O42 - Logiciel: Alt CDA to MP3 Converter 7.3 - (.Nesoft Inc..) [HKLM] -- Alt CDA to MP3 Converter 7.3_is1
O42 - Logiciel: Ask Toolbar - (.Ask Partner Network.) [HKLM] -- {57334934-2D47-006A-76A7-A758B70B0801} =>Toolbar.Ask
O42 - Logiciel: BitComet 1.29 - (.CometNetwork.) [HKLM] -- BitComet
O42 - Logiciel: Boxore Client - (.Boxore OU.) [HKLM] -- {497BCFDD-F589-448D-A1C3-78D1B1809CCC} =>Adware.Boxore
O42 - Logiciel: BrowserProtect - (.Bit89 Inc.) [HKLM] -- {15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} =>Toolbar.Babylon
O42 - Logiciel: Business Card Printery 3 - (...) [HKLM] -- Business Card Printery 3
O42 - Logiciel: CA eTrust PestPatrol - (.Nom de votre soci�t�.) [HKLM] -- {39586F4F-758D-4A92-A5DF-33E9DB9C09D9}
O42 - Logiciel: Carom3D - (...) [HKLM] -- Carom3D
O42 - Logiciel: CertifiedToolbar 2.1 - (.CertifiedToolbar.) [HKLM] -- {b0439fd3-8f96-400d-9515-eb8122ee1f21}_is1
O42 - Logiciel: CometBird 6.0.2 (x86 en-US) - (.CometNetwork.) [HKLM] -- CometBird 6.0.2 (x86 en-US)
O42 - Logiciel: Convertisseur ASCII - (...) [HKLM] -- ST6UNST #1
O42 - Logiciel: CpuBooster v3.8.2. - (.TforTech Company, Inc..) [HKLM] -- {FCB50360-6136-40C8-BF4A-84B9322C1D42}_is1
O42 - Logiciel: DATABACK DriveUtility 6.2 - (.DATABACK.) [HKLM] -- DATABACK DriveUtility 6.2_is1
O42 - Logiciel: DVD de bonus Studio 10 - (...) [HKLM] -- {6A012D9C-2E2E-405A-B87C-E909F5297C3F}
O42 - Logiciel: DVD43 v4.3.1 - (...) [HKLM] -- DVD43_is1
O42 - Logiciel: Delta Chrome Toolbar - (.Visual Tools.) [HKLM] -- Delta Chrome Toolbar
O42 - Logiciel: Delta toolbar - (.Delta.) [HKLM] -- delta
O42 - Logiciel: Dictionnaire Freelang (liste de mots) - (.Freelang.) [HKLM] -- {14B380D6-8205-4F9D-81D8-515235929F2A}_is1
O42 - Logiciel: Dictionnaire Freelang 3.74 beta - (.Freelang.) [HKLM] -- {F53C4192-71DE-4B21-BE03-D6F8CBB5A238}_is1
O42 - Logiciel: FAST Defrag Freeware 2.3 - (.AMS.) [HKLM] -- FAST Defrag Freeware_is1
O42 - Logiciel: Facemoods - (.Secure Digital Services.) [HKLM] -- {D0198889-7766-424B-AB81-F16F8EDDFEF4} =>Adware.Facemoods
O42 - Logiciel: Find My Credit Card v2.3 - (.Smart PC Solutions.) [HKLM] -- Find My Credit Card_is1
O42 - Logiciel: Freecorder Toolbar - (.Freecorder.) [HKCU] -- CT1060933
O42 - Logiciel: GO!Suite - (.Oti.) [HKLM] -- {096FE185-BF9B-4DF1-92E5-B370E9FD4840}
O42 - Logiciel: GRWU 1.1.0.8 - (.RuntimeWare.com.) [HKLM] -- GRWU_is1
O42 - Logiciel: IP Privacy 3.5 - (.Privacy-Pro.) [HKLM] -- IP Privacy_is1
O42 - Logiciel: Java 7 Update 17 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83217017FF}
O42 - Logiciel: Kill Process 5.0.0.5 (d�sinstaller seulement) - (...) [HKLM] -- Kill Process
O42 - Logiciel: Language Pack for Ad-aware 6 - (.Lavasoft Sweden.) [HKLM] -- Language Pack for Ad-aware 6
O42 - Logiciel: MioTransfer - (...) [HKLM] -- {2F6DA398-707F-4D52-AE6A-7E812D1662D6}
O42 - Logiciel: Objectif Tarot 4 - (.Daniel Bonniot.) [HKLM] -- {078A8C00-412A-45C2-8A44-49DD736D3318}_is1
O42 - Logiciel: PIXresizer 2.0.0 - (.Bluefive software.) [HKLM] -- PIXresizer_is1
O42 - Logiciel: PcCloneEX - (...) [HKLM] -- PcCloneEX
O42 - Logiciel: PenWes [5836] - (...) [HKLM] -- Penwes
O42 - Logiciel: Pharaon - (...) [HKLM] -- Pharaon
O42 - Logiciel: PopUp Killer - (...) [HKLM] -- Product_Name
O42 - Logiciel: Process Liquidator - (.12Bytes.) [HKLM] -- {7F3BF5FA-6BD7-4E26-8FEA-C87DD9F7F723}_is1
O42 - Logiciel: Prolific Backup - (.Prolific Technology Inc..) [HKLM] -- {D88A7919-C81E-4F6A-8B77-D1B2E42EE0CD}
O42 - Logiciel: Proxomitron v4.5 - (...) [HKLM] -- Proxomitron v4.5
O42 - Logiciel: Returnil Virtual System 2010 - (.CJSC Returnil Software.) [HKLM] -- {8D154382-D968-4C79-A51D-5BE79C2E0100}
O42 - Logiciel: SavRestaure - (...) [HKLM] -- SavRestaure
O42 - Logiciel: ScanToWeb - (...) [HKLM] -- {EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}
O42 - Logiciel: Sentinel 2.0 - (.Runtimeware.) [HKLM] -- Sentinel_is1
O42 - Logiciel: Services x86 - (.Corporate Inc.) [HKLM] -- Services x86
O42 - Logiciel: Sophos Anti-Rootkit 1.5.0 - (.Sophos Plc.) [HKLM] -- Sophos-AntiRootkit
O42 - Logiciel: Spybot - Search & Destroy - (.Safer Networking Limited.) [HKLM] -- {B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1
O42 - Logiciel: USB Video Camera - (. .) [HKLM] -- {8527C3D5-BA1D-46E9-88D2-AF25544311A3}
O42 - Logiciel: USB drive letter manager - (.Uwe Sieber.) [HKLM] -- {C256573D-B3CE-4256-BEA2-217C8B211DD5}
O42 - Logiciel: USIM Editor 1.0.28.0 - (...) [HKLM] -- Card Reader Driver and USIM Editor Program_is1
O42 - Logiciel: Ultimate IP Changer version 1.1 - (.Olcinium.) [HKLM] -- {4A4472E1-2A39-432D-9455-82AE293CA601}_is1
O42 - Logiciel: Webplayer - (.Kreapixel.) [HKLM] -- {9937E55B-6331-4804-93EF-77E992F204BD} =>Adware.SocialSkinz
O42 - Logiciel: WordBiz version 1.8 - (.Internet Scrabble Club.) [HKLM] -- Internet Scrabble Club_is1
O42 - Logiciel: ZipGenius 6 (6.0.3.1130) - (.M.Dev Software.) [HKLM] -- {EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1
O42 - Logiciel: allsearch - (.allsearch.) [HKLM] -- allsearch
O42 - Logiciel: avast! Free Antivirus v7.0.1466.0 - (.AVAST Software.) [HKLM] -- avast
~ Logic: 390 Legitimates Scanned in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\536d9dab23abe47]
[HKCU\Software\ACP]
[HKCU\Software\AMS]
[HKCU\Software\AlcorMicro]
[HKCU\Software\AppDataLow\Software\ecouter-la-radio]
[HKCU\Software\AskPartnerNetwork]
[HKCU\Software\Astase]
[HKCU\Software\AvantClick]
[HKCU\Software\BabylonToolbar] =>Toolbar.Babylon
[HKCU\Software\BitComet]
[HKCU\Software\BlueFive]
[HKCU\Software\BusinessCards]
[HKCU\Software\CertifiedToolbar]
[HKCU\Software\ComputerAssociates]
[HKCU\Software\Cr_Installer]
[HKCU\Software\Crossrider] =>PUP.CrossRider
[HKCU\Software\DVC150]
[HKCU\Software\DVD43]
[HKCU\Software\DVDx]
[HKCU\Software\DataMngr] =>PUP.Datamngr
[HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr
[HKCU\Software\Delta]
[HKCU\Software\EMCO Malware Destroyer]
[HKCU\Software\Ease123]
[HKCU\Software\FilerexUpdateChecker]
[HKCU\Software\Freecorder extension]
[HKCU\Software\Gr]
[HKCU\Software\IEPro]
[HKCU\Software\InstalledBrowserExtensions]
[HKCU\Software\Kristian Koeltzsch]
[HKCU\Software\M.Dev Software]
[HKCU\Software\NecroSystems]
[HKCU\Software\OfferBox] =>PUP.OfferBox
[HKCU\Software\Prolific]
[HKCU\Software\RG]
[HKCU\Software\Rising]
[HKCU\Software\Services x86]
[HKCU\Software\Smart PC Solutions]
[HKCU\Software\SmartBar] =>Hijacker.SmartBar
[HKCU\Software\Thirdi Productions]
[HKCU\Software\delta LTD]
[HKCU\Software\ecouter-la-radio]
[HKLM\Software\536d9dab23abe47]
[HKLM\Software\APN]
[HKLM\Software\Acorn]
[HKLM\Software\AskPartnerNetwork]
[HKLM\Software\Astase]
[HKLM\Software\Babylon] =>Toolbar.Babylon
[HKLM\Software\CometNetwork]
[HKLM\Software\ComputerAssociates]
[HKLM\Software\DVC150]
[HKLM\Software\DataMngr] =>PUP.Datamngr
[HKLM\Software\Delta]
[HKLM\Software\GO!Suite]
[HKLM\Software\IPAnonymizer]
[HKLM\Software\IPHider]
[HKLM\Software\IPPrivacy]
[HKLM\Software\InstallIQ]
[HKLM\Software\M.Dev Software]
[HKLM\Software\MediaCenterPaths]
[HKLM\Software\Mio Technology]
[HKLM\Software\Mitac]
[HKLM\Software\MovieBox USB]
[HKLM\Software\NEOACT]
[HKLM\Software\Nevron]
[HKLM\Software\Oti]
[HKLM\Software\Panicware]
[HKLM\Software\Returnil]
[HKLM\Software\Rising]
[HKLM\Software\SCDWinsysMedia]
[HKLM\Software\Terragame]
[HKLM\Software\UCRDef]
[HKLM\Software\USBDCam]
[HKLM\Software\WinMPG]
[HKLM\Software\babylontoolbar] =>Toolbar.Babylon
[HKLM\Software\iWin]
[HKLM\Software\mera]
~ Key Software: 517 Legitimates Scanned in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 29/11/2012 - 14:40:14 - [0,066] ----D C:\Program Files\AlcorMicro
O43 - CFD: 29/11/2012 - 14:29:56 - [5,747] ----D C:\Program Files\AlcorMicroData
O43 - CFD: 25/07/2010 - 10:42:10 - [15,758] ----D C:\Program Files\Alt CDA to MP3 Converter
O43 - CFD: 06/04/2013 - 16:01:01 - [0] ----D C:\Program Files\Ask.com
O43 - CFD: 06/04/2013 - 16:00:56 - [3,371] ----D C:\Program Files\AskPartnerNetwork
O43 - CFD: 08/10/2010 - 11:51:14 - [25,680] ----D C:\Program Files\BitComet
O43 - CFD: 27/05/2012 - 23:54:18 - [46,741] ----D C:\Program Files\CometBird
O43 - CFD: 01/05/2011 - 14:49:20 - [0,067] ----D C:\Program Files\Convertisseur ASCII
O43 - CFD: 17/03/2012 - 18:30:32 - [6,224] ----D C:\Program Files\CpuBooster
O43 - CFD: 05/12/2012 - 17:41:22 - [5,439] ----D C:\Program Files\DATABACK DriveUtility
O43 - CFD: 07/04/2013 - 17:09:39 - [2,768] ----D C:\Program Files\Delta
O43 - CFD: 13/11/2009 - 11:24:42 - [8,603] ----D C:\Program Files\DesignPro
O43 - CFD: 10/12/2012 - 12:57:55 - [0,056] ----D C:\Program Files\DriverPack Solution Lite 12.3
O43 - CFD: 19/06/2011 - 19:26:14 - [1,459] ----D C:\Program Files\dvd43
O43 - CFD: 11/02/2013 - 10:36:28 - [3,618] ----D C:\Program Files\Freecorder extension
O43 - CFD: 29/11/2012 - 14:31:52 - [44,023] ----D C:\Program Files\GO!Suite
O43 - CFD: 12/01/2009 - 10:42:00 - [0,002] ----D C:\Program Files\IEPro
O43 - CFD: 10/03/2012 - 00:47:20 - [4,833] ----D C:\Program Files\IP Privacy
O43 - CFD: 12/08/2010 - 18:17:38 - [119,899] ----D C:\Program Files\iWin.com Games
O43 - CFD: 27/01/2009 - 19:26:09 - [10,766] ----D C:\Program Files\Mio Technology
O43 - CFD: 13/03/2010 - 18:06:40 - [1,703] ----D C:\Program Files\Objectif Tarot
O43 - CFD: 06/04/2013 - 16:02:51 - [9,224] ----D C:\Program Files\OfferBox =>PUP.OfferBox
O43 - CFD: 10/12/2012 - 12:57:54 - [0,013] ----D C:\Program Files\PC Speed Up Extension
O43 - CFD: 29/11/2012 - 14:34:29 - [13,046] ----D C:\Program Files\PcCloneEX
O43 - CFD: 09/11/2008 - 17:35:07 - [1,889] ----D C:\Program Files\PIXresizer
O43 - CFD: 23/01/2010 - 11:24:09 - [0,004] ----D C:\Program Files\Primedius
O43 - CFD: 26/03/2009 - 20:20:13 - [1,531] ----D C:\Program Files\Proxomitron Naoko v4.5
O43 - CFD: 29/01/2010 - 21:41:43 - [10,588] ----D C:\Program Files\Returnil
O43 - CFD: 10/10/2010 - 10:36:01 - [3,999] ----D C:\Program Files\Runtimeware.com
O43 - CFD: 07/04/2013 - 17:08:47 - [7,675] ----D C:\Program Files\Services x86
O43 - CFD: 23/09/2011 - 16:26:40 - [2,751] ----D C:\Program Files\Sophos
O43 - CFD: 09/10/2009 - 22:42:55 - [79,331] ----D C:\Program Files\Spybot - Search & Destroy
O43 - CFD: 23/01/2010 - 11:27:17 - [0] ----D C:\Program Files\Stealther
O43 - CFD: 12/12/2012 - 10:03:37 - [0,901] ----D C:\Program Files\Ultimate IP Changer
O43 - CFD: 05/04/2013 - 18:21:06 - [0,258] ----D C:\Program Files\USBDLM
O43 - CFD: 29/11/2012 - 14:33:03 - [23,850] ----D C:\Program Files\USIM Editor
O43 - CFD: 28/09/2012 - 15:39:41 - [1,940] ----D C:\Program Files\Vidalia Bundle
O43 - CFD: 11/02/2013 - 09:32:07 - [0,494] ----D C:\Program Files\WebPlayer
O43 - CFD: 22/12/2008 - 19:30:00 - [2,104] ----D C:\Program Files\WordBiz
O43 - CFD: 04/10/2008 - 17:52:21 - [18,222] ----D C:\Program Files\ZipGenius 6
O43 - CFD: 07/04/2013 - 17:09:40 - [1,942] ----D C:\Documents and Settings\Bureau\Application Data\BabSolution =>Hijacker.BabSolution
O43 - CFD: 07/04/2013 - 17:09:17 - [0,019] ----D C:\Documents and Settings\Bureau\Application Data\Babylon =>Toolbar.Babylon
O43 - CFD: 02/03/2013 - 17:56:39 - [0,475] ----D C:\Documents and Settings\Bureau\Application Data\BitComet
O43 - CFD: 31/03/2012 - 17:24:51 - [0] ----D C:\Documents and Settings\Bureau\Application Data\Boost Windows
O43 - CFD: 08/10/2010 - 11:53:01 - [11,405] ----D C:\Documents and Settings\Bureau\Application Data\CometNetwork
O43 - CFD: 07/04/2013 - 17:10:08 - [0,259] ----D C:\Documents and Settings\Bureau\Application Data\Delta
O43 - CFD: 06/04/2013 - 16:11:45 - [0,053] ----D C:\Documents and Settings\Bureau\Application Data\Freecorder 7 Video
O43 - CFD: 15/01/2009 - 11:32:37 - [0,000] ----D C:\Documents and Settings\Bureau\Application Data\FreshDiagnose
O43 - CFD: 08/11/2008 - 09:52:29 - [0,008] ----D C:\Documents and Settings\Bureau\Application Data\IEPro
O43 - CFD: 09/11/2008 - 20:16:18 - [0,004] ----D C:\Documents and Settings\Bureau\Application Data\MiniDm
O43 - CFD: 13/03/2010 - 18:06:43 - [0,000] ----D C:\Documents and Settings\Bureau\Application Data\Objectif Tarot
O43 - CFD: 06/04/2013 - 16:03:12 - [0,452] ----D C:\Documents and Settings\Bureau\Application Data\OfferBox =>PUP.OfferBox
O43 - CFD: 22/09/2012 - 08:33:09 - [0] ----D C:\Documents and Settings\Bureau\Application Data\Password Generator Professional
O43 - CFD: 29/01/2010 - 21:42:08 - [0,000] ----D C:\Documents and Settings\Bureau\Application Data\Returnil
O43 - CFD: 28/09/2012 - 15:39:41 - [8,262] ----D C:\Documents and Settings\Bureau\Application Data\Tor
O43 - CFD: 28/09/2012 - 10:31:33 - [0,067] ----D C:\Documents and Settings\Bureau\Application Data\Vidalia
O43 - CFD: 29/06/2012 - 18:19:02 - [0] ----D C:\Documents and Settings\Bureau\Application Data\wtxpcom
O43 - CFD: 04/10/2008 - 17:52:36 - [0,102] ----D C:\Documents and Settings\Bureau\Application Data\ZipGenius
O43 - CFD: 06/04/2013 - 16:01:12 - [0] ----D C:\Documents and Settings\Bureau\Local Settings\Application Data\AskPartnerNetwork
O43 - CFD: 08/10/2010 - 11:53:01 - [2,424] ----D C:\Documents and Settings\Bureau\Local Settings\Application Data\CometNetwork
O43 - CFD: 14/12/2012 - 14:41:29 - [13,057] ----D C:\Documents and Settings\Bureau\Local Settings\Application Data\CT1060933
O43 - CFD: 06/04/2013 - 16:12:28 - [0] ----D C:\Documents and Settings\Bureau\Local Settings\Application Data\Freecorder 7 Video
O43 - CFD: 04/10/2008 - 18:19:17 - [7,977] ----D C:\Documents and Settings\Bureau\Local Settings\Application Data\JPEG Cam
O43 - CFD: 10/12/2012 - 11:49:33 - [0,038] ----D C:\Documents and Settings\Bureau\Local Settings\Application Data\PC Speed Up Extension
O43 - CFD: 23/02/2009 - 14:21:46 - [0] ----D C:\Documents and Settings\Bureau\Local Settings\Application Data\Room Arranger
O43 - CFD: 04/04/2012 - 14:30:05 - [0] ----D C:\Documents and Settings\Bureau\Local Settings\Application Data\Software
O43 - CFD: 28/09/2012 - 15:39:43 - [0,002] ----D C:\Documents and Settings\Bureau\Local Settings\Application Data\tuto4pc_fr_4 =>PUP.Eorezo
O43 - CFD: 18/12/2009 - 23:15:02 - [0,018] ----D C:\Documents and Settings\Bureau\Local Settings\Application Data\TVEnhance
O43 - CFD: 10/02/2013 - 22:41:36 - [0,197] ----D C:\Documents and Settings\Bureau\Local Settings\Application Data\Updater21810
O43 - CFD: 07/04/2013 - 17:09:57 - [0,001] ----D C:\Documents and Settings\Bureau\Menu D�marrer\Programmes\BrowserProtect =>Toolbar.Babylon
O43 - CFD: 03/04/2011 - 14:16:31 - [0,001] ----D C:\Documents and Settings\Bureau\Menu D�marrer\Programmes\Carom3D
O43 - CFD: 07/04/2013 - 19:00:05 - [0] ----D C:\Documents and Settings\Bureau\Menu D�marrer\Programmes\Hasbro Interactive
O43 - CFD: 18/12/2009 - 23:45:44 - [0,002] ----D C:\Documents and Settings\Bureau\Menu D�marrer\Programmes\Moovida =>Adware.SPointer
O43 - CFD: 16/03/2011 - 11:30:19 - [0,001] ----D C:\Documents and Settings\Bureau\Menu D�marrer\Programmes\Passware
O43 - CFD: 26/03/2009 - 20:20:02 - [0,002] ----D C:\Documents and Settings\Bureau\Menu D�marrer\Programmes\Proxomitron v4.5
O43 - CFD: 12/06/2011 - 13:27:02 - [0,001] ----D C:\Documents and Settings\Bureau\Menu D�marrer\Programmes\WinASPI
~ Program Folder: 355 Legitimates Scanned in 01mn 40s



---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.9C3AA47938405ADF266EC94DD3DCD383] - 09/04/2013 - 17:20:15 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.28B8D013792C7A43CA10D415D590820C] - 09/04/2013 - 17:20:15 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.3D59A64C9355D53E8992341E363F91A3] - 07/04/2013 - 16:33:45 ---A- . (...) -- C:\RstHosts.txt [681]
O44 - LFC:[MD5.BEC8A163A7A3AC714B82097270551F50] - 06/04/2013 - 16:27:10 ---A- . (...) -- C:\WINDOWS\system32\package.lst [19]
O44 - LFC:[MD5.3C0311459866C5078715AB14358322D3] - 03/04/2013 - 18:40:07 ---A- . (...) -- C:\PhysicalMBR.bin [512]
O44 - LFC:[MD5.4B12684ABCD23C36F2D7B69A00B811B3] - 02/04/2013 - 20:41:08 ---A- . (...) -- C:\AdwCleaner[S1].txt [76004]
O44 - LFC:[MD5.93C19E13190C0E901649942A63515665] - 29/03/2013 - 19:02:44 ---A- . (...) -- C:\WINDOWS\ntbtlog.txt [190754]
O44 - LFC:[MD5.08049A652C67997839FB6312DD4DCCEF] - 26/03/2013 - 19:03:54 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [12366]
O44 - LFC:[MD5.CA89A0154983B998AEEE918CB667869C] - 26/03/2013 - 19:03:54 ---A- . (...) -- C:\WINDOWS\MedCtrOC.log [850]
O44 - LFC:[MD5.7376850548762AA282B61EF888218D04] - 26/03/2013 - 19:03:54 ---A- . (...) -- C:\WINDOWS\comsetup.log [4062]
O44 - LFC:[MD5.5F235FF709E9BB8DF17A65BDD8387DFB] - 26/03/2013 - 19:03:54 ---A- . (...) -- C:\WINDOWS\iis6.log [13282]
O44 - LFC:[MD5.9434D9F3D0D8E1B24A95679C4CF4F33D] - 26/03/2013 - 19:03:54 ---A- . (...) -- C:\WINDOWS\imsins.log [1374]
O44 - LFC:[MD5.472B2946531194FBD764C73E21CA7C4F] - 26/03/2013 - 19:03:54 ---A- . (...) -- C:\WINDOWS\msgsocm.log [606]
O44 - LFC:[MD5.44FC1E0C19E46F10C9FDAFAC4DC9AD34] - 26/03/2013 - 19:03:54 ---A- . (...) -- C:\WINDOWS\netfxocm.log [2166]
O44 - LFC:[MD5.4DB7C8789DC61447EA5550D365171050] - 26/03/2013 - 19:03:54 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [2458]
O44 - LFC:[MD5.197B0C8058BF085E0BC1A06017C79036] - 26/03/2013 - 19:03:54 ---A- . (...) -- C:\WINDOWS\ocgen.log [5912]
O44 - LFC:[MD5.C3DDD4B431F550CCC45620791B977EB1] - 26/03/2013 - 19:03:54 ---A- . (...) -- C:\WINDOWS\ocmsn.log [684]
O44 - LFC:[MD5.4A24B7207598182D31EFE9BB676836C8] - 26/03/2013 - 19:03:54 ---A- . (...) -- C:\WINDOWS\tabletoc.log [622]
O44 - LFC:[MD5.D79E81DAC966E5CA5A8CE79585C3F682] - 26/03/2013 - 19:03:54 ---A- . (...) -- C:\WINDOWS\tsoc.log [5642]
O44 - LFC:[MD5.AFB712C88AE90C0535CCFB1AE5979FAF] - 26/03/2013 - 19:03:53 ---A- . (...) -- C:\WINDOWS\msmqinst.log [3790]
O44 - LFC:[MD5.2E768617F7E382B40AE9B813BCB877BC] - 26/03/2013 - 19:03:43 ---A- . (...) -- C:\WINDOWS\updspapi.log [4526]
O44 - LFC:[MD5.1B14BF96116B608B457D328586D47C2B] - 26/03/2013 - 19:03:22 ---A- . (...) -- C:\WINDOWS\imsins.BAK [1374]
O44 - LFC:[MD5.F15F78D95B41F6F1C646C73E46E75C4F] - 13/03/2013 - 21:52:48 ---A- . (.SafeApp Software, LLC - Computer Up-dater License Manager.) -- C:\WINDOWS\system32\ComputerUpdaterLM.ocx [421888]
O44 - LFC:[MD5.1A88CF526A1928929E45CC484E5140E8] - 13/03/2013 - 21:52:48 ---A- . (.SafeApp Software, LLC - Computer Up-dater Update Component.) -- C:\WINDOWS\system32\CUUpdateComponent.ocx [69632]
O44 - LFC:[MD5.5E5B6B69F9E18A12CA28FE57D23E45D2] - 13/03/2013 - 21:52:48 ---A- . (.SafeApp Software, LLC - SafeAppRichList.) -- C:\WINDOWS\system32\SafeAppRichList.ocx [131072]
~ Files: 51 Legitimates Scanned in 00mn 17s



---\\ Derniers fichiers cr��s dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.5505B223C24B853C4A482DEC3AFCDCD3] - 02/04/2013 - 20:37:01 ---A- - C:\WINDOWS\Prefetch\UPDATETASK.EXE-154F922C.pf
O45 - LFCP:[MD5.69BEC5439A6CC79906E4F347B2ACB619] - 06/04/2013 - 14:58:26 ---A- - C:\WINDOWS\Prefetch\BACKGROUNDHOST.EXE-00AABE3E.pf
O45 - LFCP:[MD5.88A21CC372B96957CC92A4415DB79C3A] - 06/04/2013 - 14:58:27 ---A- - C:\WINDOWS\Prefetch\FREECORDER.IE.EXE-2B710A61.pf
O45 - LFCP:[MD5.426BF47A2AE30CDA17EE8775B4E14C5D] - 06/04/2013 - 14:58:45 ---A- - C:\WINDOWS\Prefetch\FCCORE.EXE-0AE8DA7E.pf
O45 - LFCP:[MD5.84ACF22265F8C0A16EB2DF0D0FAB4495] - 06/04/2013 - 14:59:19 ---A- - C:\WINDOWS\Prefetch\FCMEDIAP.EXE-245BF78E.pf
O45 - LFCP:[MD5.4981FC1642BA490477E34B9207822C69] - 06/04/2013 - 14:59:19 ---A- - C:\WINDOWS\Prefetch\FCSCREENP.EXE-05966CDB.pf
O45 - LFCP:[MD5.79D94D43E1D9D7621AEB23D5E8A7F671] - 06/04/2013 - 15:00:02 ---A- - C:\WINDOWS\Prefetch\APNSETUP.V6.EXE-0F354162.pf
O45 - LFCP:[MD5.23B0353545ED8ABCF61D4A8333A95168] - 06/04/2013 - 15:00:03 ---A- - C:\WINDOWS\Prefetch\APPLIANFLV[1].EXE-045AED94.pf
O45 - LFCP:[MD5.D4069CF73A0F3D6B88CC4E59CB2ADEC7] - 06/04/2013 - 15:00:56 ---A- - C:\WINDOWS\Prefetch\APNSETUP.V6.EXE-2458FCD1.pf
O45 - LFCP:[MD5.34D99C1A0E5D28E57C4C6BD654A703E5] - 06/04/2013 - 15:01:10 ---A- - C:\WINDOWS\Prefetch\TBNOTIFIER.EXE-2CFF45A3.pf
O45 - LFCP:[MD5.D8D450B768463B920757DC59B9DFD510] - 06/04/2013 - 15:02:15 ---A- - C:\WINDOWS\Prefetch\COMPUTERUPDATERSETUPFZ.EXE-0B79F6BB.pf
O45 - LFCP:[MD5.030B8412A23AB41FB653929AC69C13BF] - 06/04/2013 - 15:02:16 ---A- - C:\WINDOWS\Prefetch\SMART_PC_CLEANER.TMP-1E415B4D.pf
O45 - LFCP:[MD5.736944A61C42FB77E680F8B375D5B9A9] - 06/04/2013 - 15:02:20 ---A- - C:\WINDOWS\Prefetch\SMART_PC_CLEANER.EXE-264C2239.pf
O45 - LFCP:[MD5.5F8842C4ADBE7D00E732542B38BBEFBF] - 06/04/2013 - 15:02:35 ---A- - C:\WINDOWS\Prefetch\SYMINSTALLSTUB.EXE-03A2FE45.pf
O45 - LFCP:[MD5.96916136B5BC2E0F2DEEF9FCB4EA1E99] - 06/04/2013 - 15:02:37 ---A- - C:\WINDOWS\Prefetch\OFFERBOXSETUP_20111019.EXE-19A57699.pf =>PUP.OfferBox
O45 - LFCP:[MD5.C38D9DF15BCC4240211488AC045A0E9B] - 06/04/2013 - 15:02:48 ---A- - C:\WINDOWS\Prefetch\FLV PLAYER 3.1.1.2 SILENT.EXE-2CF5CE1B.pf
O45 - LFCP:[MD5.7AF84B4DE93E5190323B099E90C24868] - 06/04/2013 - 15:02:50 ---A- - C:\WINDOWS\Prefetch\OB.EXE-1844C40D.pf
O45 - LFCP:[MD5.A0D4F78D97CDC783224E217183D06A69] - 06/04/2013 - 15:03:01 ---A- - C:\WINDOWS\Prefetch\OFFERBOX.EXE-231422E0.pf =>PUP.OfferBox
O45 - LFCP:[MD5.E6245876076A93A970A1E20008D5FCCC] - 06/04/2013 - 15:03:01 ---A- - C:\WINDOWS\Prefetch\OFFERBOXHTTPPROXY.EXE-07CB840E.pf =>PUP.OfferBox
O45 - LFCP:[MD5.72BF429AEFCD79360DCBE5617FA0BADE] - 06/04/2013 - 15:03:28 ---A- - C:\WINDOWS\Prefetch\CACHE-GEN.EXE-0312508B.pf
O45 - LFCP:[MD5.4D9A5F932D46328DA9A1D89742D6738F] - 06/04/2013 - 15:03:31 ---A- - C:\WINDOWS\Prefetch\NS99.TMP-30346C4C.pf
O45 - LFCP:[MD5.DB90BBE8C4DD6388FB7A7090FA8EB55D] - 06/04/2013 - 15:13:42 ---A- - C:\WINDOWS\Prefetch\UNLOCKER.EXE-23122D54.pf
O45 - LFCP:[MD5.34ABC09DE841FA537FE39ED0B6A4BE45] - 06/04/2013 - 15:15:06 ---A- - C:\WINDOWS\Prefetch\SERVICELOCATOR.EXE-16236344.pf
O45 - LFCP:[MD5.46DA554620DDA1E79FBC3D248190875E] - 06/04/2013 - 15:15:06 ---A- - C:\WINDOWS\Prefetch\TOOLBAR.EXE-30242997.pf
O45 - LFCP:[MD5.599FE2E029B3EE35C405D3E58193BE76] - 06/04/2013 - 15:19:52 ---A- - C:\WINDOWS\Prefetch\FCAUDIOP.EXE-02BADA19.pf
O45 - LFCP:[MD5.5F3005FD876C2481BB0E2CBEBAB8CD35] - 06/04/2013 - 15:22:45 ---A- - C:\WINDOWS\Prefetch\AVSUPDATEMANAGER.EXE-32B7E019.pf
O45 - LFCP:[MD5.144188B09755DAB576114A7F7D170014] - 06/04/2013 - 15:22:53 ---A- - C:\WINDOWS\Prefetch\AVSAUDIORECORDER.EXE-2E46A32D.pf
O45 - LFCP:[MD5.EE682F68C18AC092240AE43314756BFA] - 06/04/2013 - 15:23:04 ---A- - C:\WINDOWS\Prefetch\AVSAUDIOEDITOR.EXE-0333F910.pf
O45 - LFCP:[MD5.D0B0DE2E96EE38C5E94773CFEBB2757A] - 06/04/2013 - 15:46:38 ---A- - C:\WINDOWS\Prefetch\FCTUBEP.EXE-1AFFEFCF.pf
O45 - LFCP:[MD5.CE8A3673DED01E3EACE7650CD0040972] - 06/04/2013 - 15:46:43 ---A- - C:\WINDOWS\Prefetch\FCVIDEOP.EXE-015C1943.pf
O45 - LFCP:[MD5.EDA0F58AAC24FF1F234421803E774146] - 06/04/2013 - 16:04:35 ---A- - C:\WINDOWS\Prefetch\COMPUTERUP-DATER.EXE-1AC6ECCF.pf
O45 - LFCP:[MD5.4BE80D137D7982870BCD30FF3F0A85FF] - 06/04/2013 - 16:04:57 ---A- - C:\WINDOWS\Prefetch\ADVISORLETTERS.EXE-16D4DC31.pf
O45 - LFCP:[MD5.E1F749EBE1BAC9178FC33111479BF652] - 06/04/2013 - 16:09:24 ---A- - C:\WINDOWS\Prefetch\UNINST.EXE-0497C827.pf
O45 - LFCP:[MD5.EB921D3CC6CC503C6A336A387A9D0F5C] - 06/04/2013 - 16:09:40 ---A- - C:\WINDOWS\Prefetch\STARTER.EXE-1C134304.pf
O45 - LFCP:[MD5.2E6FAC8DB01363C0FC6918ACBC0A22CA] - 06/04/2013 - 16:09:43 ---A- - C:\WINDOWS\Prefetch\COMPUTERUP-DATERSERVICE.EXE-3A08FF19.pf
O45 - LFCP:[MD5.8B0786D18E1E7B5FE630AF62EEDE4E93] - 06/04/2013 - 16:09:45 ---A- - C:\WINDOWS\Prefetch\COMPUTERUP-DATERUNINSTALLER.E-3683CBC8.pf
O45 - LFCP:[MD5.5A9DF5E0A2488446F29392E6E826667C] - 06/04/2013 - 16:12:01 ---A- - C:\WINDOWS\Prefetch\INSTWRAP.EXE-364E4C2C.pf
O45 - LFCP:[MD5.70C7B88A1D63E28FCCAB574FC2E7125E] - 06/04/2013 - 16:12:12 ---A- - C:\WINDOWS\Prefetch\SYMBOS.EXE-0D4B8A10.pf
O45 - LFCP:[MD5.EF2F92DDA6D465C212D607C9139AE0B4] - 06/04/2013 - 16:12:13 ---A- - C:\WINDOWS\Prefetch\NSS.EXE-2A1CC5E1.pf
O45 - LFCP:[MD5.A2B421388A8CB13A964D7337BF90AE38] - 06/04/2013 - 16:12:16 ---A- - C:\WINDOWS\Prefetch\INSTSTUB.EXE-04E4CC32.pf
O45 - LFCP:[MD5.C2601A00BADBB2479729EE0120B1CD75] - 06/04/2013 - 16:12:20 ---A- - C:\WINDOWS\Prefetch\{397E31AA-0D78-4649-A01C-339D-39C9959A.pf
O45 - LFCP:[MD5.0A512DF2C8150F024DA9222595507633] - 06/04/2013 - 16:27:14 ---A- - C:\WINDOWS\Prefetch\WORDBIZ.EXE-0F1BAC1C.pf
O45 - LFCP:[MD5.08B8A7A45975EEAB1203E03D8F030683] - 08/04/2013 - 12:23:02 ---A- - C:\WINDOWS\Prefetch\ITYPE.EXE-00E71BC7.pf
O45 - LFCP:[MD5.3D3176DCFAB9164208804513DCC2621E] - 08/04/2013 - 13:52:52 ---A- - C:\WINDOWS\Prefetch\_IU14D2N.TMP-13C55DB9.pf
O45 - LFCP:[MD5.8BDF0BCE0513284CA605AE5A1713EAB6] - 08/04/2013 - 13:56:03 ---A- - C:\WINDOWS\Prefetch\SCRABBLEPRO.EXE-17437622.pf
O45 - LFCP:[MD5.C3A0BC78E8306790FA5D7155A0B3FF0A] - 09/04/2013 - 17:17:19 ---A- - C:\WINDOWS\Prefetch\ASCSERVICE.EXE-31508EF2.pf
O45 - LFCP:[MD5.647F0F86C6F02B1EAF4A8E0A7C493740] - 09/04/2013 - 17:17:19 ---A- - C:\WINDOWS\Prefetch\SERVICES.EXE-2F433351.pf
O45 - LFCP:[MD5.4FF3126B37822A09F93B93976E6B4A21] - 09/04/2013 - 17:17:41 ---A- - C:\WINDOWS\Prefetch\EEBSVC.EXE-1DC60FD0.pf
O45 - LFCP:[MD5.D8CE922EC219596DB9D5D134130253CC] - 09/04/2013 - 17:18:02 ---A- - C:\WINDOWS\Prefetch\A2SERVICE.EXE-1FA759FF.pf
O45 - LFCP:[MD5.B495A4CB7E95CEDB7457901A1CB8585F] - 09/04/2013 - 17:18:06 ---A- - C:\WINDOWS\Prefetch\APNMCP.EXE-350D2EF4.pf
O45 - LFCP:[MD5.9BDD41A486D8731038441C7551794057] - 09/04/2013 - 17:18:06 ---A- - C:\WINDOWS\Prefetch\SCHEDUL2.EXE-04C548B3.pf
O45 - LFCP:[MD5.4D697193F26C1EEF2AFEA9FDA38F9CFE] - 09/04/2013 - 17:18:30 ---A- - C:\WINDOWS\Prefetch\LWS.EXE-22282C9A.pf
O45 - LFCP:[MD5.5FA9C2E6CDABAC06618B426FFE9830AC] - 09/04/2013 - 17:18:32 ---A- - C:\WINDOWS\Prefetch\SAGENT2.EXE-2CFC549C.pf
O45 - LFCP:[MD5.E1D3341DD34A326326F409718A3C80BD] - 09/04/2013 - 17:19:04 ---A- - C:\WINDOWS\Prefetch\SQLSERVR.EXE-12F63EFF.pf
O45 - LFCP:[MD5.F6C32064A3BFCE4D9CDAA66AD89C4B6E] - 09/04/2013 - 17:19:48 ---A- - C:\WINDOWS\Prefetch\NBSERVICE.EXE-03973CF1.pf
O45 - LFCP:[MD5.86A1A0CDD5F2CF2C96AEA58E8788737F] - 09/04/2013 - 17:19:59 ---A- - C:\WINDOWS\Prefetch\OFFERBOXUPDATESERVICE.EXE-13C16835.pf =>PUP.OfferBox
O45 - LFCP:[MD5.3EBD5F82A43201218AA62A96CFD39068] - 09/04/2013 - 17:20:04 ---A- - C:\WINDOWS\Prefetch\PMSHOST.EXE-1D4AC9E6.pf
O45 - LFCP:[MD5.FAEE63A14681C998D70E5BF1AFE79FD1] - 09/04/2013 - 17:41:02 ---A- - C:\WINDOWS\Prefetch\ADM.EXE-2C658B8A.pf
~ Prefetcher: 130 Legitimates Scanned in 00mn 01s



---\\ Op�rations et fonctions au d�marrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Export de cl� d'application autoris�e (O47)
O47 - AAKE:Key Export SP - "C:\Program Files\Moovida\moovida.exe" [Enabled] .(...) -- C:\Program Files\Moovida\moovida.exe (.not file.) =>Adware.SPointer
O47 - AAKE:Key Export SP - "C:\Program Files\Sony\Media Go\MediaGo.exe" [Enabled] .(.Sony Creative Software Inc..) -- C:\Program Files\Sony\Media Go\MediaGo.exe
O47 - AAKE:Key Export SP - "C:\Program Files\BitComet\BitComet.exe" [Enabled] .(.www.BitComet.com.) -- C:\Program Files\BitComet\BitComet.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Veetle\Player\VeetleNet.exe" [Enabled] .(.Pas de propri�taire.) -- C:\Program Files\Veetle\Player\VeetleNet.exe
O47 - AAKE:Key Export SP - "C:\Program Files\IP Privacy\IP Privacy.exe" [Enabled] .(.Privacy-Pro.) -- C:\Program Files\IP Privacy\IP Privacy.exe
O47 - AAKE:Key Export SP - "C:\Program Files\1ClickDownload\1ClickDownloader.exe" [Disabled] .(...) -- C:\Program Files\1ClickDownload\1ClickDownloader.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\Ashampoo\Ashampoo UnInstaller 4\Uninstaller.exe" [Enabled] .(.ashampoo GmbH & Co. KG.) -- C:\Program Files\Ashampoo\Ashampoo UnInstaller 4\Uninstaller.exe
O47 - AAKE:Key Export SP - "C:\Program Files\scrabbleproB1.1\scrabblepro.exe" [Enabled] .(..) -- C:\Program Files\scrabbleproB1.1\scrabblepro.exe
O47 - AAKE:Key Export SP - "C:\Program Files\scrabbleproB1.0.8\scrabblepro.exe" [Enabled] .(.Scrabblepro.) -- C:\Program Files\scrabbleproB1.0.8\scrabblepro.exe
O47 - AAKE:Key Export SP - "C:\Utilitaires\FrozenWay 1.5.5\FrozenWay 1.5.5\FrozenWay 1.5.5\FrozenWay.exe" [Disabled] .(.Pas de propri�taire.) -- C:\Utilitaires\FrozenWay 1.5.5\FrozenWay 1.5.5\FrozenWay 1.5.5\FrozenWay.exe
O47 - AAKE:Key Export DP - "C:\Program Files\Veetle\Player\VeetleNet.exe" [Enabled] .(.Pas de propri�taire.) -- C:\Program Files\Veetle\Player\VeetleNet.exe
~ Keys Export: 29 Legitimates Scanned in 00mn 00s



---\\ D�ni du service (Local Security Authority) (O48)
O48 - LSA:Local Security Authority Authentication Packages . (.Acronis - Acronis Relogon Authentication Package.) -- C:\WINDOWS\system32\relog_ap.dll
~ LSA: 7 Legitimates Scanned in 00mn 00s



---\\ Contr�le du Safe Boot (CSB) (O49)
~ CBS: 23 Legitimates Scanned in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s



---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{5525d6fe-5d68-11de-a569-001fc6c0e5c3}\AutoRun\command. (...) -- H:\setup_vmc_lite.exe (.not file.)
O51 - MPSK:{98933c59-5e3a-11de-a56b-001fc6c0e5c3}\AutoRun\command. (...) -- G:\setup_vmc_lite.exe (.not file.)
O51 - MPSK:{98933c5b-5e3a-11de-a56b-001fc6c0e5c3}\AutoRun\command. (...) -- G:\setup_vmc_lite.exe (.not file.)
O51 - MPSK:{d307c848-b064-11df-a0dc-001fc6c0e5c3}\AutoRun\command. (...) -- E:\Startme.exe (.not file.)
O51 - MPSK:{fd5e3660-57e9-11de-a567-001fc6c0e5c3}\AutoRun\command. (...) -- G:\setup_vmc_lite.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Trojan Driver Search Data (HKLM) (O52)
O52 - TDSD: \Drivers32\"msacm.scg726"="scg726.acm" . (.SHARP Corporation - SHARP G.726 ACM Audio Decoder.) -- C:\WINDOWS\system32\scg726.acm
O52 - TDSD: \Drivers32\"vidc.xvid"="xvid.dll" . (...) -- C:\WINDOWS\system32\xvid.dll
O52 - TDSD: \Drivers32\"VIDC.MJPG"="Pvmjpg30.dll" . (.Pegasus Imaging Corporation - PICVideo M-JPEG 3 codec.) -- C:\WINDOWS\system32\Pvmjpg30.dll
O52 - TDSD: \Drivers32\"msacm.alf2cd"="alf2cd.acm" . (.NCT Company - NCT ALF2CD Audio CODEC.) -- C:\WINDOWS\system32\alf2cd.acm
O52 - TDSD: \Drivers32\"vidc.dvsd"="mcdvd_32.dll" . (.MainConcept - MainConcept DV Codec.) -- C:\WINDOWS\system32\mcdvd_32.dll
O52 - TDSD: \drivers.desc\"xvid.dll"="XviD codec (Neodivx Version)" . (...) -- C:\WINDOWS\system32\xvid.dll
O52 - TDSD: \drivers.desc\"pvmjpg30.dll"="PICVideo 3 M-JPEG VfW Codec" . (.Pegasus Imaging Corporation - PICVideo M-JPEG 3 codec.) -- C:\WINDOWS\system32\pvmjpg30.dll
O52 - TDSD: \drivers.desc\"alf2cd.acm"="alf2cd.acm" . (.NCT Company - NCT ALF2CD Audio CODEC.) -- C:\WINDOWS\system32\alf2cd.acm
O52 - TDSD: \drivers.desc\"mcdvd_32.dll"="mcdvd_32.dll" . (.MainConcept - MainConcept DV Codec.) -- C:\WINDOWS\system32\mcdvd_32.dll
~ TDSD: 29 Legitimates Scanned in 00mn 00s



---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\Acronis Scheduler2 Service [Key] . (.Acronis - Acronis Scheduler Helper.) -- C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
O53 - SMSR:HKLM\...\startupreg\AcronisTimounterMonitor [Key] . (.Acronis - Monitor for Acronis True Image Backup Archi.) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O53 - SMSR:HKLM\...\startupreg\adm_tray.exe [Key] . (.Acronis - ADM System Tray Application.) -- C:\Program Files\Acronis\DriveMonitor\adm_tray.exe
O53 - SMSR:HKLM\...\startupreg\ApnTBMon [Key] . (.APN - Ask Toolbar Notifier.) -- C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe =>Toolbar.Ask
O53 - SMSR:HKLM\...\startupreg\Ashampoo Core Tuner 2 [Key] . (...) -- C:\Program Files\Ashampoo\Ashampoo Core Tuner 2\ACT2.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Ashampoo HDD-Control 2 Guard [Key] . (.Ashampoo Development GmbH & Co. KG - Ashampoo HDDControl Guard.) -- C:\Program Files\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Guard.exe
O53 - SMSR:HKLM\...\startupreg\CloneCDTray [Key] . (.SlySoft, Inc. - CloneCD Tray.) -- C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
O53 - SMSR:HKLM\...\startupreg\Computer Updater [Key] . (...) -- C:\Program Files\Computer Updater\ComputerUp-dater.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\dvd43 [Key] . (...) -- C:\Program Files\dvd43\dvd43_tray.exe
O53 - SMSR:HKLM\...\startupreg\eTrustPPAP [Key] . (.Computer Associates - eTrust PestPatrol background protection app.) -- C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
O53 - SMSR:HKLM\...\startupreg\FileREX Update Checker [Key] . (...) -- C:\DOCUME~1\Bureau\LOCALS~1\Temp\ZGTemp\rar\Application Files\FileREX_2_0_0_0\FileREX.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Freecorder FLV Service [Key] . (.Applian Technologies, Inc. - FLV Service for Freecorder.) -- C:\Program Files\Freecorder\FLVSrvc.exe
O53 - SMSR:HKLM\...\startupreg\OMEA [Key] . (.Ours Technology Inc. - Oti Motherboard Embedded Agent.) -- C:\Program Files\GO!Suite\Deployment\Functions\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\OMEA.exe
O53 - SMSR:HKLM\...\startupreg\PCSpeedUp [Key] . (...) -- C:\Program Files\Accelerer PC\PCSpeedUp.lnk
O53 - SMSR:HKLM\...\startupreg\PopUpKiller [Key] . (.xFX JumpStart - Pas de description.) -- C:\Utilitaires\PopUp Killer\PopUpKiller.exe
O53 - SMSR:HKLM\...\startupreg\Prolific_OneButton [Key] . (.Prolific Technology Inc. - One Button Launch Application for PL2x7x.) -- C:\Program Files\Prolific Technology Inc.\Prolific Backup\OneBtn.exe
O53 - SMSR:HKLM\...\startupreg\RUSB3MON [Key] . (.Renesas Electronics Corporation - USB 3.0 Monitor.) -- C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
O53 - SMSR:HKLM\...\startupreg\Service Planificateur2 Acronis [Key] . (.Acronis - Acronis Scheduler Helper.) -- C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
O53 - SMSR:HKLM\...\startupreg\SlimDrivers [Key] . (.SlimWare Utilities, Inc. - SlimDrivers.) -- C:\Program Files\SlimDrivers\SlimDrivers.exe
O53 - SMSR:HKLM\...\startupreg\Smart PC Cleaner [Key] . (...) -- C:\Program Files\Smart PC Cleaner\SPCLauncher.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\SuperCopier2.exe [Key] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe
O53 - SMSR:HKLM\...\startupreg\TrueImageMonitor.exe [Key] . (.Acronis - Acronis True Image Monitor.) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O53 - SMSR:HKLM\...\startupreg\UIWatcher [Key] . (.ashampoo GmbH & Co. KG - ashampoo UnInstaller Watcher.) -- C:\Program Files\Ashampoo\Ashampoo UnInstaller 4\UIWatcher.exe
O53 - SMSR:HKLM\...\startupreg\USBestCR [Key] . (.Pas de propri�taire - IconCS card reader Application.) -- C:\Program Files\USIM Editor\iconcs1347578.exe
O53 - SMSR:HKLM\...\startupreg\VirtualDrive [Key] . (...) -- C:\Program Files\FarStone\VDPBS\VDP\vdtask.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\WahOO [Key] . (.Kow Media - WahOO.) -- C:\Documents and Settings\Bureau\Local Settings\Application Data\WahOO\WahOO.exe
~ SMSR Keys: 48 Legitimates Scanned in 00mn 02s



---\\ Microsoft Control Security Providers (O54)
~ MSCP: 3 Legitimates Scanned in 00mn 00s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "verbosestatus"=0
~ MWPS: 6 Legitimates Scanned in 00mn 00s



---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoViewOnDrive"=0
~ MWPE Keys: 8 Legitimates Scanned in 00mn 00s



---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.0352A73CD6B1782EA3ED7A03A8268F55] - 21/08/2012 - 11:13:13 ---A- . (.AVAST Software - avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP.) -- C:\WINDOWS\system32\Drivers\aavmker4.sys [25256]
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
~ Drivers: Scanned in 00mn 00s



---\\ Derniers fichiers modifi�s ou cr�es (Utilisateur) (O61)
O61 - LFC: 06/04/2013 - 11:54:57 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll [18432]
O61 - LFC: 06/04/2013 - 12:02:28 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\bookmarkbackups\bookmarks-2013-04-06.json [3407]
O61 - LFC: 06/04/2013 - 12:14:25 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\thumbnails\4566a52590b1e825e22f8895d1921471.png [8527]
O61 - LFC: 06/04/2013 - 13:10:04 ---A- C:\Documents and Settings\Bureau\Recent\RKreport[1]_S_06042013_140450.lnk [541]
O61 - LFC: 06/04/2013 - 13:10:04 ---A- C:\Documents and Settings\Bureau\Recent\autres.lnk [377]
O61 - LFC: 06/04/2013 - 15:01:01 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\prefs.js.bak [5441]
O61 - LFC: 06/04/2013 - 15:01:06 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\extensions\toolbar_W3I4-G@apn.ask.com.xpi [438844]
O61 - LFC: 06/04/2013 - 15:01:06 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\prefs.js.new [5652]
O61 - LFC: 06/04/2013 - 15:01:16 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\AskPartnerNetwork\Toolbar\W3I4-G\APNStorage.stg [0]
O61 - LFC: 06/04/2013 - 15:02:03 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{DAE8C445-9C3E-4313-A23A-6530E23B81A9}.ico [1150]
O61 - LFC: 06/04/2013 - 15:02:56 ---A- C:\Documents and Settings\Bureau\Application Data\OfferBox\http_app.offerbox.com\profile.sxe [4969] =>PUP.OfferBox
O61 - LFC: 06/04/2013 - 15:02:56 ---A- C:\Documents and Settings\Bureau\Application Data\OfferBox\http_app.offerbox.com\update.sxe [1207] =>PUP.OfferBox
O61 - LFC: 06/04/2013 - 15:02:56 ---A- C:\Documents and Settings\Bureau\Application Data\OfferBox\http_app.offerbox.com\update.xml [412] =>PUP.OfferBox
O61 - LFC: 06/04/2013 - 15:02:57 ---A- C:\Documents and Settings\Bureau\Application Data\OfferBox\http_app.offerbox.com\country.sxe [434780] =>PUP.OfferBox
O61 - LFC: 06/04/2013 - 15:03:20 ---A- C:\Documents and Settings\Bureau\Application Data\OfferBox\http_app.offerbox.com\extracountry.sxe [2061] =>PUP.OfferBox
O61 - LFC: 06/04/2013 - 15:04:33 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Microsoft\Internet Explorer\frameiconcache.dat [7976]
O61 - LFC: 06/04/2013 - 15:05:13 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\pluginreg.dat [18921]
O61 - LFC: 06/04/2013 - 15:06:59 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\FLVService\YouTube.bin [3158625]
O61 - LFC: 06/04/2013 - 15:08:43 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Jaksta_Technologies_Pty_L\fcaudiop.exe_StrongName_trcokj1ymnuk5jj2upvplr22excaoenx\5.0.0.48\user.config [2333]
O61 - LFC: 06/04/2013 - 15:10:37 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\FLVService\YouTube(2).bin [3158625]
O61 - LFC: 06/04/2013 - 15:12:30 ---A- C:\Documents and Settings\Bureau\Recent\Audio.lnk [453]
O61 - LFC: 06/04/2013 - 15:14:56 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\CT1060933\LoggerConfig.xml [1289]
O61 - LFC: 06/04/2013 - 15:16:28 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\FLVService\YouTube(3).bin [3158625]
O61 - LFC: 06/04/2013 - 15:23:11 ---A- C:\Documents and Settings\Bureau\Application Data\AVS4YOU\AVSAudioEditor\AEEffect_presets.xml [43284]
O61 - LFC: 06/04/2013 - 15:23:40 ---A- C:\Documents and Settings\Bureau\Recent\Francky Vincent - Fruit de la passion - YouTube (2).lnk [787]
O61 - LFC: 06/04/2013 - 15:27:54 ---A- C:\Documents and Settings\Bureau\Recent\Francky Vincent - Fruit de la passion - YouTube.lnk [811]
O61 - LFC: 06/04/2013 - 15:34:38 ---A- C:\Documents and Settings\Bureau\Application Data\vlc\ml.xspf [304]
O61 - LFC: 06/04/2013 - 15:35:05 ---A- C:\Documents and Settings\Bureau\Recent\Converted.lnk [469]
O61 - LFC: 06/04/2013 - 15:35:05 ---A- C:\Documents and Settings\Bureau\Recent\Francky Vincent - Fruit de la passion - YouTube (1).lnk [823]
O61 - LFC: 06/04/2013 - 15:35:33 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\FLVService\YouTube(4).bin [3158625]
O61 - LFC: 06/04/2013 - 15:46:38 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Jaksta_Technologies_Pty_L\fctubep.exe_Url_mddhybykknqckapiqox3xaseysplelqu\5.0.0.48\user.config [850]
O61 - LFC: 06/04/2013 - 15:48:24 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Jaksta_Technologies_Pty_L\fcvideop.exe_StrongName_jkhunzr53fq30jehtiyeatz1sogsrgkj\5.0.0.48\user.config [5185]
O61 - LFC: 06/04/2013 - 15:49:19 ---A- C:\Documents and Settings\Bureau\Recent\Hymne Corse Dio Vi Salvi Regina - YouTube.lnk [769]
O61 - LFC: 06/04/2013 - 15:49:19 ---A- C:\Documents and Settings\Bureau\Recent\Video.lnk [453]
O61 - LFC: 06/04/2013 - 15:58:55 ---A- C:\Documents and Settings\Bureau\Application Data\AVS4YOU\AVSAudioEditor\RecentFiles.txt [589]
O61 - LFC: 06/04/2013 - 15:59:05 ---A- C:\Documents and Settings\Bureau\Application Data\OfferBox\http_app.offerbox.com\history.db [27648] =>PUP.OfferBox
O61 - LFC: 06/04/2013 - 16:34:41 ---A- C:\Documents and Settings\Bureau\Bureau\RK_Quarantine\NewStartPanel_{20D04FE0-0.reg [408]
O61 - LFC: 06/04/2013 - 16:55:47 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Crash Reports\LastCrash [10]
O61 - LFC: 07/04/2013 - 10:30:24 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\bookmarkbackups\bookmarks-2013-04-07.json [3407]
O61 - LFC: 07/04/2013 - 10:36:29 ---A- C:\Documents and Settings\Bureau\Bureau\RK_Quarantine\Eula.txt [3769]
O61 - LFC: 07/04/2013 - 10:42:36 ---A- C:\Documents and Settings\Bureau\Bureau\RK_Quarantine\Internet Settings_ProxyServe0.reg [312]
O61 - LFC: 07/04/2013 - 10:50:04 ---A- C:\Documents and Settings\Bureau\Bureau\RK_Quarantine\PhysicalDrive0_User.dat [512]
O61 - LFC: 07/04/2013 - 10:50:04 ---A- C:\Documents and Settings\Bureau\Bureau\RK_Quarantine\PhysicalDrive1_User.dat [512]
O61 - LFC: 07/04/2013 - 10:50:04 ---A- C:\Documents and Settings\Bureau\Bureau\RK_Quarantine\QuarantineReport.txt [558]
O61 - LFC: 07/04/2013 - 10:50:16 ---A- C:\Documents and Settings\Bureau\Recent\RKreport[4]_S_07042013_115004.lnk [592]
O61 - LFC: 07/04/2013 - 11:04:46 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Microsoft\Internet Explorer\tabiconcache.dat [17258]
O61 - LFC: 07/04/2013 - 16:03:53 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\webappsstore.sqlite [360448]
O61 - LFC: 07/04/2013 - 16:06:23 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\thumbnails\07c153ec0f9ce5708a912448f3676788.png [22533]
O61 - LFC: 07/04/2013 - 16:08:33 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\Databases.db [7168]
O61 - LFC: 07/04/2013 - 16:09:18 ---A- C:\Documents and Settings\Bureau\Menu D�marrer\Programmes\Webplayer.lnk [1978]
O61 - LFC: 07/04/2013 - 16:09:19 R--A- C:\Documents and Settings\Bureau\Application Data\Microsoft\Installer\{9937E55B-6331-4804-93EF-77E992F204BD}\_3F7CDAE07E1639C4AEA7A8.exe [230547]
O61 - LFC: 07/04/2013 - 16:09:19 R--A- C:\Documents and Settings\Bureau\Application Data\Microsoft\Installer\{9937E55B-6331-4804-93EF-77E992F204BD}\_481820CA410C366184E158.exe [230547]
O61 - LFC: 07/04/2013 - 16:09:22 ---A- C:\Documents and Settings\Bureau\Bureau\Webplayer.lnk [2323]
O61 - LFC: 07/04/2013 - 16:09:52 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\bProtector_prefs.js [16396]
O61 - LFC: 07/04/2013 - 16:09:52 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Google\Chrome\User Data\Default\bProtector Web Data [83968]
O61 - LFC: 07/04/2013 - 16:09:54 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\bProtector_extensions.sqlite [458752]
O61 - LFC: 07/04/2013 - 16:09:55 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0\background.html [95]
O61 - LFC: 07/04/2013 - 16:09:55 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0\background.js [1827]
O61 - LFC: 07/04/2013 - 16:09:55 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0\manifest.json [571]
O61 - LFC: 07/04/2013 - 16:09:55 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0\spext.dll [72704]
O61 - LFC: 07/04/2013 - 16:09:57 ---A- C:\Documents and Settings\Bureau\Menu D�marrer\Programmes\BrowserProtect\Uninstall BrowserProtect.lnk [1424] =>Toolbar.Babylon
O61 - LFC: 07/04/2013 - 16:18:15 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.23.36_0\crossriderManifest.json [476] =>PUP.CrossRider
O61 - LFC: 07/04/2013 - 16:18:15 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\chrome-extension_cnmdgidklhhnmppphpohildcefnaaflp_0\5 [7168]
O61 - LFC: 07/04/2013 - 16:18:49 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies [10240]
O61 - LFC: 07/04/2013 - 16:18:59 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [12526]
O61 - LFC: 07/04/2013 - 16:18:59 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data [83968]
O61 - LFC: 07/04/2013 - 16:18:59 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Google\Chrome\User Data\Default\bProtectorPreferences [14106]
O61 - LFC: 07/04/2013 - 16:19:01 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage [3072]
O61 - LFC: 07/04/2013 - 16:19:14 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\searchplugins\delta.xml [1294]
O61 - LFC: 07/04/2013 - 16:19:14 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\user.js [984]
O61 - LFC: 07/04/2013 - 16:19:19 ---A- C:\Documents and Settings\Bureau\Application Data\Babylon\log_file.txt [19518] =>Toolbar.Babylon
O61 - LFC: 07/04/2013 - 17:48:10 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\thumbnails\c0e4733ded36f823dfaf44cbce5a09f6.png [53820]
O61 - LFC: 08/04/2013 - 06:44:11 ---A- C:\Documents and Settings\Bureau\Recent\roguekiller_1.lnk [633]
O61 - LFC: 08/04/2013 - 06:44:12 ---A- C:\Documents and Settings\Bureau\Recent\forum s�curit�.lnk [405]
O61 - LFC: 08/04/2013 - 06:44:18 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\bookmarkbackups\bookmarks-2013-04-08.json [3407]
O61 - LFC: 08/04/2013 - 07:18:20 ---A- C:\Documents and Settings\Bureau\Recent\DSC00850 (1632 x 1224).lnk [755]
O61 - LFC: 08/04/2013 - 07:18:20 ---A- C:\Documents and Settings\Bureau\Recent\Media Go.lnk [490]
O61 - LFC: 08/04/2013 - 07:19:52 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\content-prefs.sqlite [229376]
O61 - LFC: 08/04/2013 - 13:01:25 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\extensions.sqlite [458752]
O61 - LFC: 08/04/2013 - 13:15:13 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\thumbnails\bbb6c8a316ae45fc0d3bd1d0f59bba74.png [79292]
O61 - LFC: 08/04/2013 - 13:19:39 -SHA- C:\Documents and Settings\Bureau\PrivacIE\index.dat [16187392]
O61 - LFC: 08/04/2013 - 13:54:21 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\startupCache\startupCache.4.little [1581097]
O61 - LFC: 09/04/2013 - 17:17:13 -SHA- C:\Documents and Settings\Bureau\Application Data\Microsoft\Credentials\S-1-5-21-725345543-1844823847-839522115-1003\Credentials [812]
O61 - LFC: 09/04/2013 - 17:24:01 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\thumbnails\a016aae29c24a1867e6b7952bfcadf7e.png [25065]
O61 - LFC: 09/04/2013 - 17:24:55 ---A- C:\Documents and Settings\Bureau\Application Data\OfferBox\config.xml [2616] =>PUP.OfferBox
O61 - LFC: 09/04/2013 - 17:26:48 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\safebrowsing\goog-malware-shavar.sbstore [1634832]
O61 - LFC: 09/04/2013 - 17:26:49 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\safebrowsing\goog-malware-shavar.cache [12]
O61 - LFC: 09/04/2013 - 17:26:49 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\safebrowsing\goog-malware-shavar.pset [837698]
O61 - LFC: 09/04/2013 - 17:31:18 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\addons.sqlite [524288]
O61 - LFC: 09/04/2013 - 17:32:45 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\bookmarkbackups\bookmarks-2013-04-09.json [3407]
O61 - LFC: 09/04/2013 - 17:32:45 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\sessionstore.bak [8995]
O61 - LFC: 09/04/2013 - 17:32:49 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\parent.lock [0]
O61 - LFC: 09/04/2013 - 17:32:50 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\webapps\webapps.json [2]
O61 - LFC: 09/04/2013 - 17:32:51 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\search.json [17222]
O61 - LFC: 09/04/2013 - 17:32:53 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\urlclassifierkey3.txt [154]
O61 - LFC: 09/04/2013 - 17:32:53 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\safebrowsing\test-malware-simple.sbstore [232]
O61 - LFC: 09/04/2013 - 17:32:54 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\safebrowsing\test-malware-simple.cache [44]
O61 - LFC: 09/04/2013 - 17:32:54 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\safebrowsing\test-malware-simple.pset [16]
O61 - LFC: 09/04/2013 - 17:32:54 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\safebrowsing\test-phish-simple.cache [44]
O61 - LFC: 09/04/2013 - 17:32:54 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\safebrowsing\test-phish-simple.pset [16]
O61 - LFC: 09/04/2013 - 17:32:54 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\safebrowsing\test-phish-simple.sbstore [232]
O61 - LFC: 09/04/2013 - 17:33:02 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\formhistory.sqlite [294912]
O61 - LFC: 09/04/2013 - 17:34:39 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\thumbnails\835d6e2f8f0b4e8439b69b8a85701cba.png [39742]
O61 - LFC: 09/04/2013 - 17:34:39 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\thumbnails\ceb0971599272d9df79be4f0f937b368.png [39742]
O61 - LFC: 09/04/2013 - 17:34:51 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\blocklist.xml [58746]
O61 - LFC: 09/04/2013 - 17:35:07 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\thumbnails\f71820c946bbd4b8f983ecc7e64577ca.png [51293]
O61 - LFC: 09/04/2013 - 17:36:08 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\downloads.sqlite [98304]
O61 - LFC: 09/04/2013 - 17:36:50 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\thumbnails\9d7f6e23bfbdb4b68f639e6e01c1857e.png [15618]
O61 - LFC: 09/04/2013 - 17:36:50 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\thumbnails\ab9e3dc4e10e5726a37d0de82985b926.png [15618]
O61 - LFC: 09/04/2013 - 17:36:51 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\thumbnails\24c49b63f9f3f90fa20fedc189f91bfe.png [33252]
O61 - LFC: 09/04/2013 - 17:37:08 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\safebrowsing\goog-phish-shavar.cache [12]
O61 - LFC: 09/04/2013 - 17:37:08 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\safebrowsing\goog-phish-shavar.pset [643912]
O61 - LFC: 09/04/2013 - 17:37:08 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\safebrowsing\goog-phish-shavar.sbstore [559939]
O61 - LFC: 09/04/2013 - 17:39:55 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\sessionstore.js [171361]
O61 - LFC: 09/04/2013 - 17:39:56 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\cert8.db [131072]
O61 - LFC: 09/04/2013 - 17:39:56 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\cookies.sqlite [2097152]
O61 - LFC: 09/04/2013 - 17:39:56 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\key3.db [16384]
O61 - LFC: 09/04/2013 - 17:39:56 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\localstore.rdf [2338]
O61 - LFC: 09/04/2013 - 17:39:56 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\places.sqlite [10485760]
O61 - LFC: 09/04/2013 - 17:39:56 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\prefs.js [832270]
O61 - LFC: 09/04/2013 - 17:39:56 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\_CACHE_CLEAN_ [1]
O61 - LFC: 09/04/2013 - 17:39:57 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\permissions.sqlite [1867776]
O61 - LFC: 09/04/2013 - 17:41:35 -SHA- C:\Documents and Settings\Bureau\IETldCache\index.dat [262144]
~ 75 Fichiers temporaires (Temporary files)
~ 22 Fichiers cookies (Cookies files)
~ Files: 960 Legitimates Scanned in 01mn 54s



---\\ Alternate Data Stream File (O62)
O62 - ADS:Alternate Data Stream File - C:\WINDOWS\system32\Drivers\tap0901.sys:Zone.Identifier
~ ADS: Scanned in 00mn 01s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: UsbFix By El Desaparecido - (.El Desaparecido - SosVirus.org.) [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s



---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 25/08/2010 - C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys (a2acc) .(.Emsi Software GmbH - Emsisoft Anti-Malware File Guard.) - LEGACY_A2ACC
O64 - Services: CurCS - 25/08/2010 - C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys (a2injectiondriver) .(.Emsi Software GmbH - Emsisoft Anti-Malware Behavior Blocker.) - LEGACY_A2INJECTIONDRIVER
O64 - Services: CurCS - 05/05/2010 - C:\Program Files\Emsisoft Anti-Malware\a2util32.sys (a2util) .(.Emsi Software GmbH - a-squared Malware-IDS utility driver.) - LEGACY_A2UTIL
O64 - Services: CurCS - 13/08/2010 - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe (AcrSch2Svc) .(.Acronis - Acronis Scheduler 2.) - LEGACY_ACRSCH2SVC
O64 - Services: CurCS - 25/02/2013 - C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe (AdvancedSystemCareService6) .(.IObit - Advanced SystemCare Service.) - LEGACY_ADVANCEDSYSTEMCARESERVICE6
O64 - Services: CurCS - 29/11/2012 - Pas de propri�taire (AfaService) .(...) - LEGACY_AFASERVICE
O64 - Services: CurCS - 30/07/2012 - Pas de propri�taire (AHDDC2) .(...) - LEGACY_AHDDC2
O64 - Services: CurCS - 03/04/2013 - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe (APNMCP) .(.APN LLC. - APN Updater.) - LEGACY_APNMCP
O64 - Services: CurCS - 10/09/1999 - C:\WINDOWS\system32\DRIVERS\ASPI32.sys (ASPI) .(.Adaptec - ASPI for WIN32 Kernel Driver.) - LEGACY_ASPI
O64 - Services: CurCS - ??\??\???? - Pas de propri�taire (AVFSFilter) .(...) - LEGACY_AVFSFILTER
O64 - Services: CurCS - 18/01/2007 - C:\WINDOWS\system32\DRIVERS\AvgArCln.sys (AvgArCln) .(.GRISOFT, s.r.o. - AVG7 Clean Driver.) - LEGACY_AVGARCLN
O64 - Services: CurCS - 31/01/2007 - C:\WINDOWS\system32\DRIVERS\avgarkt.sys (AVG Anti-Rootkit) .(.GRISOFT, s.r.o. - AVG Anti-Rootkit Driver.) - LEGACY_AVG_ANTI-ROOTKIT
O64 - Services: CurCS - ??\??\???? - Pas de propri�taire (BOCDRIVE) .(...) - LEGACY_BOCDRIVE
O64 - Services: CurCS - ??\??\???? - Pas de propri�taire (BOCore) .(...) - LEGACY_BOCORE
O64 - Services: CurCS - ??\??\???? - Pas de propri�taire (BVCSPBIRU) .(...) - LEGACY_BVCSPBIRU
O64 - Services: CurCS - 24/08/2009 - C:\Program Files\Ashampoo\Ashampoo HDD Control 2\DfSdkS.exe (DfSdkS) .(.mst software GmbH, Germany - mst Defrag SDK Service.) - LEGACY_DFSDKS
O64 - Services: CurCS - 01/11/2008 - Pas de propri�taire (dkjhirkhjopo) .(...) - LEGACY_DKJHIRKHJOPO
O64 - Services: CurCS - ??\??\???? - Pas de propri�taire (EAGEAVP) .(...) - LEGACY_EAGEAVP
O64 - Services: CurCS - 26/07/2008 - C:\WINDOWS\system32\drivers\elrawdsk32bit.sys (ElRawDisk) .(.EldoS Corporation - RawDisk Driver. Allows write access to raw.) - LEGACY_ELRAWDISK
O64 - Services: CurCS - 29/01/2002 - Pas de propri�taire (EpsonBidirectionalService) .(...) - LEGACY_EPSONBIDIRECTIONALSERVICE
O64 - Services: CurCS - 17/07/2002 - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe (EPSONStatusAgent2) .(.SEIKO EPSON CORPORATION - EPSON Printer Status Agent.) - LEGACY_EPSONSTATUSAGENT2
O64 - Services: CurCS - ??\??\???? - Pas de propri�taire (FQEOH) .(...) - LEGACY_FQEOH
O64 - Services: CurCS - 02/03/2007 - C:\WINDOWS\system32\DRIVERS\fvxscsi.sys (FVXSCSI) .(.FarStone Inc. - FarStone SCSI Miniport.) - LEGACY_FVXSCSI
O64 - Services: CurCS - ??\??\???? - Pas de propri�taire (IB) .(...) - LEGACY_IB
O64 - Services: CurCS - 06/03/2013 - C:\Program Files\Java\jre7\bin\jqs.exe (JavaQuickStarterService) .(.Oracle Corporation - Java(TM) Quick Starter Service.) - LEGACY_JAVAQUICKSTARTERSERVICE
O64 - Services: CurCS - ??\??\???? - Pas de propri�taire (LOW) .(...) - LEGACY_LOW
O64 - Services: CurCS - ??\??\???? - Pas de propri�taire (MEMSWEEP2) .(...) - LEGACY_MEMSWEEP2
O64 - Services: CurCS - 17/04/2009 - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe (Nero BackItUp Scheduler 4.0) .(.Nero AG - Nero BackItUp.) - LEGACY_NERO_BACKITUP_SCHEDULER_4.0
O64 - Services: CurCS - 15/12/2012 - C:\Program Files\OfferBox\OfferBoxUpdateService.exe (OfferBox update service) .(.Aedge Performance BCN SL - OfferBox.) - LEGACY_OFFERBOX_UPDATE_SERVICE =>PUP.OfferBox
O64 - Services: CurCS - 30/04/2009 - Pas de propri�taire (OMSI download service) .(...) - LEGACY_OMSI_DOWNLOAD_SERVICE
O64 - Services: CurCS - 09/02/2005 - C:\WINDOWS\system32\drivers\pclepci.sys (PCLEPCI) .(.Pinnacle Systems GmbH - PCLEPCI.) - LEGACY_PCLEPCI
O64 - Services: CurCS - 20/07/2011 - Pas de propri�taire (PCSUService) .(...) - LEGACY_PCSUSERVICE
O64 - Services: CurCS - 19/01/2006 - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe (PinnacleSys.MediaServer) .(.Pinnacle Systems - Media Server Host.) - LEGACY_PINNACLESYS.MEDIASERVER
O64 - Services: CurCS - 24/07/2007 - C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe (PSI_SVC_2) .(.Protexis Inc. - PsiService PsiService.) - LEGACY_PSI_SVC_2
O64 - Services: CurCS - 13/01/2010 - C:\WINDOWS\system32\DRIVERS\rvsmon.sys (rvsmon) .(.CJSC Returnil Software - Returnil Monitoring Core.) - LEGACY_RVSMON
O64 - Services: CurCS - 22/01/2010 - C:\WINDOWS\system32\Returnil\RVS3\rvsmon.exe (RVSMONBL) .(.CJSC Returnil Software - Returnil Virtual System Core Service.) - LEGACY_RVSMONBL
O64 - Services: CurCS - 13/01/2010 - C:\WINDOWS\system32\DRIVERS\rvsmonf.sys (rvsmonf) .(.CJSC Returnil Software - Returnil File Monitoring.) - LEGACY_RVSMONF
O64 - Services: CurCS - 13/01/2010 - C:\WINDOWS\system32\DRIVERS\rvsmonn1.sys (rvsmonn) .(.CJSC Returnil Software - Returnil Network Monitoring.) - LEGACY_RVSMONN
O64 - Services: CurCS - 29/01/2010 - C:\WINDOWS\system32\Drivers\RVsystem.sys (RVSystem) .(.CJSC Returnil Software - Returnil Virtualization Engine.) - LEGACY_RVSYSTEM
O64 - Services: CurCS - ??\??\???? - Pas de propri�taire (RXANXWYEV) .(...) - LEGACY_RXANXWYEV
O64 - Services: CurCS - 18/06/2009 - C:\WINDOWS\system32\SAVRKBootTasks.sys (SAVRKBootTasks) .(.Sophos Plc - Sophos boot tasks for Windows 2000.) - LEGACY_SAVRKBOOTTASKS
O64 - Services: CurCS - 13/07/2001 - Pas de propri�taire (SBKUPNT) .(...) - LEGACY_SBKUPNT
O64 - Services: CurCS - 08/10/2007 - Pas de propri�taire (TryAndDecideService) .(...) - LEGACY_TRYANDDECIDESERVICE
O64 - Services: CurCS - 19/08/2011 - C:\Program Files\Fichiers communs\logishrd\LVMVFM\UMVPFSrv.exe (UMVPFSrv) .(.Logitech Inc. - Logitech User mode UMVPF service.) - LEGACY_UMVPFSRV
O64 - Services: CurCS - ??\??\???? - Pas de propri�taire (USBDLM) .(...) - LEGACY_USBDLM
O64 - Services: CurCS - ??\??\???? - Pas de propri�taire (VG) .(...) - LEGACY_VG
O64 - Services: CurCS - ??\??\???? - Pas de propri�taire (vToolbarUpdater12.2.6) .(...) - LEGACY_VTOOLBARUPDATER12.2.6
O64 - Services: CurCS - 13/04/2008 - C:\WINDOWS\system32\svchost.exe (WZCSVC) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_WZCSVC
~ Legacy: 227 Legitimates Scanned in 00mn 01s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 17 Legitimates Scanned in 00mn 00s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.CometNetwork - CometBird.) -- C:\Program Files\CometBird\cometbird.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - msn.) -- C:\Program Files\MSN\MSNCoreFiles\MSN.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: prefs.js [Bureau - ag7l5sqo.default-1360951228890] user_pref("extensions.crossrider.bic", "13de50c0a4d417c968ad94f6f26e32fb"); =>PUP.CrossRider
O69 - SBI: prefs.js [Bureau - ag7l5sqo.default-1360951228890] user_pref("extensions.delta.admin", false);
O69 - SBI: prefs.js [Bureau - ag7l5sqo.default-1360951228890] user_pref("extensions.delta.aflt", "babsst srcExt=def");
O69 - SBI: prefs.js [Bureau - ag7l5sqo.default-1360951228890] user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
O69 - SBI: prefs.js [Bureau - ag7l5sqo.default-1360951228890] user_pref("extensions.delta.autoRvrt", "false");
O69 - SBI: prefs.js [Bureau - ag7l5sqo.default-1360951228890] user_pref("extensions.delta.bbDpng", "9");
O69 - SBI: prefs.js [Bureau - ag7l5sqo.default-1360951228890] user_pref("extensions.delta.cntry", "FR");
O69 - SBI: prefs.js [Bureau - ag7l5sqo.default-1360951228890] user_pref("extensions.delta.dfltLng", "en");
O69 - SBI: prefs.js [Bureau - ag7l5sqo.default-1360951228890] user_pref("extensions.delta.excTlbr", false);
O69 - SBI: prefs.js [Bureau - ag7l5sqo.default-1360951228890] user_pref("extensions.delta.hdrMd5", "A6588B48F92D3BF987876B940E29BC35");
O69 - SBI: prefs.js [Bureau - ag7l5sqo.default-1360951228890] user_pref("extensions.delta.id", "807366b6000000000000001fc6c0e5c3");
O69 - SBI: prefs.js [Bureau - ag7l5sqo.default-1360951228890] user_pref("extensions.delta.instlDay", "15802");
O69 - SBI: prefs.js [Bureau - ag7l5sqo.default-1360951228890] user_pref("extensions.delta.instlRef", "sst");
O69 - SBI: prefs.js [Bureau - ag7l5sqo.default-1360951228890] user_pref("extensions.delta.lastVrsnTs", "1.8.10.017:19:08");
O69 - SBI: prefs.js [Bureau - ag7l5sqo.default-1360951228890] user_pref("extensions.delta.newTab", false);
O69 - SBI: prefs.js [Bureau - ag7l5sqo.default-1360951228890] user_pref("extensions.delta.prdct", "delta");
O69 - SBI: prefs.js [Bureau - ag7l5sqo.default-1360951228890] user_pref("extensions.delta.prtnrId", "delta");
O69 - SBI: prefs.js [Bureau - ag7l5sqo.default-1360951228890] user_pref("extensions.delta.rvrt", "false");
O69 - SBI: prefs.js [Bureau - ag7l5sqo.default-1360951228890] user_pref("extensions.delta.sg", "azb");
O69 - SBI: prefs.js [Bureau - ag7l5sqo.default-1360951228890] user_pref("extensions.delta.smplGrp", "azb");
O69 - SBI: prefs.js [Bureau - ag7l5sqo.default-1360951228890] user_pref("extensions.delta.tlbrId", "base");
O69 - SBI: prefs.js [Bureau - ag7l5sqo.default-1360951228890] user_pref("extensions.delta.tlbrSrchUrl", "");
O69 - SBI: prefs.js [Bureau - ag7l5sqo.default-1360951228890] user_pref("extensions.delta.vrsn", "1.8.10.0");
O69 - SBI: prefs.js [Bureau - ag7l5sqo.default-1360951228890] user_pref("extensions.delta.vrsnTs", "1.8.10.017:19:08");
O69 - SBI: prefs.js [Bureau - ag7l5sqo.default-1360951228890] user_pref("extensions.delta.vrsni", "1.8.10.0");
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Delta Search) - http://www.delta-search.com =>Toolbar.DeltaSearch
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {DAE8C445-9C3E-4313-A23A-6530E23B81A9} [DefaultScope] - (Ask Search) - http://asksearch.ask.com
O69 - SBI: SearchScopes [HKCR] {afdbddaa-5d3f-42ee-b79c-185a7020515b} - (Web Search) - http://search.certified-toolbar.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche des services d�marr�s par Svchost (O83)
O83 - Search Svchost Services: ezGOSvc (ezGOSvc) . (...) -- C:\WINDOWS\system32\ezGOSvc.dll [73600]
~ Services: 41 Legitimates Scanned in 00mn 00s



---\\ Recherche particuliere � la racine de certains dossiers (O84)
[MD5.BADFED2AB252A4047E41454C789C4E44] [SPRF][27/12/2009] (...) -- C:\Documents and Settings\All Users\Application Data\9BBE0A4CF5.sys [88]
[MD5.CBF470B77B2DB2F25C56E05CE391F18A] [SPRF][28/08/2010] (.Avanquest Software - IElevator Class Container.) -- C:\Documents and Settings\All Users\Application Data\hpeDA.dll [148736]
[MD5.C3CABF08701421F3CF8C9C6112EAE9BF] [SPRF][27/12/2009] (...) -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys [2828]
[MD5.8CE7705CB43B03BB7970B04087C7758F] [SPRF][30/06/2006] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\WINDOWS\Downloaded Program Files\dwusplay.dll [29616]
[MD5.01E2ECA759056F23C73A035FDABB2D6D] [SPRF][30/06/2006] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\WINDOWS\Downloaded Program Files\dwusplay.exe [201648]
[MD5.DD3975246D8928C04549B31B6B49434F] [SPRF][24/03/2008] (.Adobe Systems Incorporated - Adobe� Flash� Player ActiveX Installer.) -- C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe [1527056]
[MD5.A54F3D88767BB8C7DC18D8263385DED2] [SPRF][16/05/2007] (.Macrovision Corporation - Macrovision Software Manager Web Agent.) -- C:\WINDOWS\Downloaded Program Files\isusweb.dll [483328]
~ Files: Scanned in 00mn 00s



---\\ Scan Additionnel (O88)
Database Version : v2.11496 - (09/04/2013)
Cl�s trouv�es (Keys found) : 143
Valeurs trouv�es (Values found) : 1
Dossiers trouv�s (Folders found) : 9
Fichiers trouv�s (Files found) : 3

[HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon
[HKLM\Software\Classes\CLSID\{0EE02110-967B-4256-ACA6-BC8AC7CB7E61}] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0EE02110-967B-4256-ACA6-BC8AC7CB7E61}] =>Toolbar.Agent
[HKCU\Software\delta LTD] =>Toolbar.DeltaSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1392B8D2-5C05-419F-A8F6-B9F15A596612}] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1392B8D2-5C05-419F-A8F6-B9F15A596612}] =>Toolbar.Conduit
[HKLM\Software\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392B8D2-5C05-419F-A8F6-B9F15A596612}] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] =>Toolbar.Conduit
[HKLM\Software\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] =>Toolbar.Conduit
[HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon
[HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon
[HKLM\Software\Classes\TypeLib\{4f7d1b07-6203-41f0-947b-a29cc9ecd9b0}] =>Adware.BHO
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F1C03FD-025E-4786-AF80-C2EF5C979115}] =>Toolbar.Deenero
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5F1C03FD-025E-4786-AF80-C2EF5C979115}] =>Toolbar.Deenero
[HKLM\Software\Classes\Interface\{8216BD4A-4DC2-4DCE-9AFF-C86C5ACC6757}] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Classes\TypeLib\{8ABB9FA2-0740-4AD9-8F54-1192254B3CF4}] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Services x86] =>PUP.CrossRider
[HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>Toolbar.Babylon
[HKCU\{C5C31551-23FC-4895-B1C7-E209163DECA5}] =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{D4D390BE-98E6-4633-AD1B-B18B54BE5E76}] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon
[HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\escort.dll] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\escortapp.dll] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\escorteng.dll] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\esrv.EXE] =>Toolbar.Babylon
[HKLM\Software\Classes\escort.escortIEPane] =>PUP.Funmoods
[HKLM\Software\Classes\escort.escortIEPane.1] =>PUP.Funmoods
[HKLM\Software\Classes\OfferBoxUI.TheBoxCtrl] =>PUP.OfferBox
[HKLM\Software\Classes\OfferBoxUI.TheBoxCtrl.1] =>PUP.OfferBox
[HKLM\Software\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph] =>PUP.SpecialSavings
[HKLM\Software\APN] =>Toolbar.Ask
[HKCU\Software\BabylonToolbar] =>Toolbar.Babylon
[HKLM\Software\BabylonToolbar] =>Toolbar.Babylon
[HKCU\Software\Cr_Installer] =>Adware.VidSaver
[HKCU\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\iwin] =>Adware.BHO
[HKCU\Software\OfferBox] =>PUP.OfferBox
[HKLM\Software\OfferBox] =>PUP.OfferBox
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Smart PC Cleaner] =>Rogue.Multiple
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}] =>Toolbar.Babylon
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{b0439fd3-8f96-400d-9515-eb8122ee1f21}_is1] =>Toolbar.Agent
[HKCU\Software\Services x86] =>PUP.CrossRider
[HKLM\Software\Services x86] =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\OfferBox] =>PUP.OfferBox
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Penwes] =>PUP.Penwes
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings] =>PUP.BProtector
[HKLM\Software\InstallIQ] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\DD88652BF1EEEB64B992F3561AF84F13] =>PUP.OfferBox
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\09540C6B8D1C56740B0E1E1861657AE0] =>Toolbar.Kiwee
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15333F6466A3A1646B590E204B1C8794] =>Toolbar.Kiwee
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1B812BD0725DF36459D5BA985C9193C4] =>Toolbar.Kiwee
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2514EB7147619DA498D025C07B3421DD] =>Toolbar.Kiwee
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5FEF7DA1D0B6BAF4BA3AE8699FE83E55] =>PUP.OfferBox
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\73962F57F2FA32C43A431C9C05459330] =>PUP.OfferBox
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B63FC54A3B9D36449AD536B3C29D2A97] =>PUP.OfferBox
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C512D8DDA7F6553429ACE05EC3197DAB] =>PUP.OfferBox
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8D24CD0A6EC784AA4C95D1CE0898C8] =>Toolbar.Kiwee
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E3B47C0B22C8D004B86CB646D46C357E] =>Toolbar.Kiwee
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}] =>PUP.Funmoods
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}] =>PUP.Funmoods
[HKLM\Software\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}] =>PUP.Funmoods
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0] =>PUP.SweetIM
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}] =>PUP.BProtector
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\delta.deltaappCore] =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltaappCore.1] =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltadskBnd] =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltadskBnd.1] =>PUP.Funmoods
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9937E55B-6331-4804-93EF-77E992F204BD}] =>Adware.SocialSkinz
[HKLM\Software\Classes\AppID\ESRV.EXE] =>Adware.Facemoods
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Freecorder extension] =>Toolbar.Freecorder
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}] =>Riskware.Movly
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}] =>Riskware.Movly
[HKLM\Software\Classes\CLSID\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}] =>Riskware.Movly
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}] =>Riskware.Movly
[HKLM\Software\Classes\ScriptHost.Tool.1] =>Toolbar.Agent
[HKLM\Software\Classes\ScriptHost.Tool] =>Toolbar.Agent
[HKLM\Software\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}] =>Toolbar.Freecorder
[HKLM\Software\Classes\AppID\AddonsFramework.DLL] =>Toolbar.Freecorder
[HKLM\Software\Classes\AppID\ButtonSite.DLL] =>Toolbar.Freecorder
[HKLM\Software\Classes\AppID\RegistryHelper.DLL] =>Toolbar.Freecorder
[HKLM\Software\Classes\AppID\ScriptHost.DLL] =>Toolbar.Freecorder
[HKLM\Software\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}] =>Toolbar.Freecorder
[HKLM\Software\Classes\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}] =>Toolbar.Freecorder
[HKLM\Software\Classes\AppID\{544C2426-48FD-4C40-AE3B-31257FF334D0}] =>Toolbar.Freecorder
[HKLM\Software\Classes\AppID\{562B9317-C08A-444A-9482-62080DD851AE}] =>Toolbar.Freecorder
[HKLM\Software\Classes\CLSID\{1917AB4C-E2E9-42ae-A51E-B5750F160BFB}] =>Toolbar.Freecorder
[HKLM\Software\Classes\CLSID\{6C65F1F0-8088-414B-828C-813207ADE75A}] =>Toolbar.Freecorder
[HKLM\Software\Classes\CLSID\{A4341726-E922-47bb-86A6-23F4F4F67342}] =>Toolbar.Freecorder
[HKLM\Software\Classes\CLSID\{C9B4F046-2A8C-46BD-B1A1-CF0EAE5EA521}] =>Toolbar.Freecorder
[HKLM\Software\Classes\CLSID\{DCA1528D-A3C0-4A9F-AA6E-DCE643F91495}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}] =>Toolbar.Freecorder
[HKLM\Software\Classes\CLSID\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{B887CA3B-D82B-4A01-AD29-E97444D01CE6}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}] =>Toolbar.Freecorder
[HKLM\Software\Classes\CrossriderApp0027096.BHO] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0027096.BHO.1] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0027096.Sandbox] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0027096.Sandbox.1] =>PUP.CrossRider
[HKLM\Software\Classes\delta.deltaHlpr] =>toolbar.DeltaSearch
[HKLM\Software\Classes\delta.deltaHlpr.1] =>toolbar.DeltaSearch
[HKLM\Software\Classes\esrv.deltaESrvc] =>toolbar.DeltaSearch
[HKLM\Software\Classes\esrv.deltaESrvc.1] =>toolbar.DeltaSearch
[HKLM\Software\Classes\AppID\escort.DLL] =>PUP.Funmoods
[HKLM\Software\Classes\AppID\escortApp.DLL] =>PUP.Funmoods
[HKLM\Software\Classes\AppID\escortEng.DLL] =>PUP.Funmoods
[HKLM\Software\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
[HKCU\Software\Mozilla\Firefox\Extensions]:{0F827075-B026-42F3-885D-98981EE7B1AE} =>Toolbar.Babylon
C:\Program Files\Ask.com =>Toolbar.AskBar
C:\Program Files\OfferBox =>PUP.OfferBox
C:\Program Files\Services x86 =>PUP.CrossRider
C:\Documents and Settings\Bureau\Application Data\Babylon =>Toolbar.Babylon
C:\Documents and Settings\Bureau\Application Data\OfferBox =>PUP.OfferBox
C:\Documents and Settings\Bureau\Application Data\BabSolution =>Hijacker.BabSolution
C:\Documents and Settings\Bureau\Local Settings\Application Data\Software =>Adware.Boxore
C:\Documents and Settings\Bureau\Local Settings\Application Data\\Updater21810 =>PUP.CrossRider^
C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\Extensions\ffxtlbr@delta.com =>PUP.Funmoods
C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\bprotector_extensions.sqlite =>PUP.BProtector
C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\bprotector_prefs.js =>PUP.BProtector
C:\Documents and Settings\Bureau\Bureau\eBay.lnk =>Toolbar.eBay
~ Additionnel: Scanned in 00mn 23s



---\\ Product Upgrade Codes (O90)
O90 - PUC: "283451D8869D97C45AD1B57EC9E21000" . (.Returnil Virtual System 2010.) -- C:\WINDOWS\Installer\{8D154382-D968-4C79-A51D-5BE79C2E0100}\ArpIcon.ico
O90 - PUC: "4394337574D2A600677A7A857BB08010" . (.Ask Toolbar.) -- C:\WINDOWS\Installer\{57334934-2D47-006A-76A7-A758B70B0801}\ToolbarIcon.exe =>Toolbar.Ask
O90 - PUC: "8DD9566B7A0042A4BBBF1C6F89E2D566" . (.PlayStation(R)Network Downloader.) -- C:\WINDOWS\Installer\{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}\ARPPRODUCTICON.exe
O90 - PUC: "9888910D6677B424BA181FF6E8DDEF4F" . (.Facemoods.) -- C:\WINDOWS\Installer\{D0198889-7766-424B-AB81-F16F8EDDFEF4}\ARPPRODUCTICON.exe =>Adware.Facemoods
O90 - PUC: "AE4F430E762F1DD48BBE7C2B08D50004" . (.MioMap v3 Updater for Mio C320 C520.) -- C:\WINDOWS\Installer\{E034F4EA-F267-4DD1-B8EB-C7B2805D0040}\_294823.exe
O90 - PUC: "D2C3F77ACC0592A41ABFE110B84ECD2A" . (.DiscAPI (Studio 10).) -- C:\WINDOWS\Installer\{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}\ARPPRODUCTICON.exe
O90 - PUC: "D375652CEC3B6524EB2A12C7B812D15D" . (.USB drive letter manager.) -- C:\WINDOWS\Installer\{C256573D-B3CE-4256-BEA2-217C8B211DD5}\VRTE8.exe
~ Update Products: 138 Legitimates Scanned in 00mn 00s



---\\ Random Export Key (O91)
[HKCU\Software\536d9dab23abe47] =>Toolbar.Babylon^
[HKCU\Software\536d9dab23abe47]:GUID="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKCU\Software\536d9dab23abe47]:version="2.6.1125.80"
[HKLM\Software\536d9dab23abe47] =>Toolbar.Babylon^
[HKLM\Software\536d9dab23abe47]:GUID="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKLM\Software\536d9dab23abe47]:version="2.6.1125.80"
~ Export Key Software: Scanned in 00mn 00s



---\\ MyComputer Name Space (O92)
~ IE Control Panel: 1 Legitimates Scanned in 00mn 00s



---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 28/07/2010 1935656 | (a2AntiMalware) . (.Emsi Software GmbH.) - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
SR - | Auto 13/08/2010 660576 | (AcrSch2Svc) . (.Acronis.) - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
SS - | Demand 26/03/2013 253656 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 25/02/2013 528192 | (AdvancedSystemCareService6) . (.IObit.) - C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
SR - | Auto 65536 | (AfaService) . (...) - C:\WINDOWS\system32\afasrv32.exe
SR - | Auto 1518504 | (AHDDC2) . (...) - C:\Program Files\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
SR - | Auto 03/04/2013 169096 | (APNMCP) . (.APN LLC..) - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
SR - | Auto 21/08/2012 44808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SS - | Auto 0 | (BOCore) . (...) - C:\Utilitaires\BOClean\BOCORE.exe
SS - | Auto 2569168 | (BrowserProtect) . (...) - C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe =>Toolbar.Babylon
SS - | Demand 0 | (BVCSPBIRU) . (...) - C:\DOCUME~1\Bureau\LOCALS~1\Temp\BVCSPBIRU.exe
SS - | Demand 24/08/2009 406016 | (DfSdkS) . (.mst software GmbH, Germany.) - C:\Program Files\Ashampoo\Ashampoo HDD Control 2\DfSdkS.exe
SS - | Demand 13/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Demand 0 | (EAGEAVP) . (...) - C:\DOCUME~1\Bureau\LOCALS~1\Temp\EAGEAVP.exe
SR - | Auto 77824 | (EpsonBidirectionalService) . (...) - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
SR - | Auto 17/07/2002 94208 | (EPSONStatusAgent2) . (.SEIKO EPSON CORPORATION.) - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
SS - | Demand 0 | (FQEOH) . (...) - C:\DOCUME~1\Bureau\LOCALS~1\Temp\FQEOH.exe
SS - | Auto 08/10/2010 135664 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 08/10/2010 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 30/09/2012 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 0 | (IB) . (...) - C:\DOCUME~1\Bureau\LOCALS~1\Temp\IB.exe
SR - | Auto 06/03/2013 170912 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe
SR - | Auto 15/11/2005 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
SS - | Demand 0 | (LOW) . (...) - C:\DOCUME~1\Bureau\LOCALS~1\Temp\LOW.exe
SS - | Demand 12/09/2010 251248 | (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\maconfservice.exe
SS - | Demand 0 | (MEMSWEEP2) . (...) - C:\WINDOWS\system32\13.tmp
SS - | Demand 08/03/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 25/11/2011 687400 | (NAUpdate) . (.Nero AG.) - C:\Program Files\Nero\Update\NASvc.exe
SR - | Auto 17/04/2009 935208 | (Nero BackItUp Scheduler 4.0) . (.Nero AG.) - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
SR - | Auto 30/08/2012 164200 | (NVSvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvsvc32.exe
SS - | Auto 01/01/2000 1258856 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SS - | Auto 15/12/2012 336856 | (OfferBox update service) . (.Aedge Performance BCN SL.) - C:\Program Files\OfferBox\OfferBoxUpdateService.exe =>PUP.OfferBox
SR - | Auto 90112 | (OMSI download service) . (...) - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
SS - | Auto 206336 | (PCSUService) . (...) - C:\Program Files\Accelerer PC\PCSUService.exe
SR - | Auto 19/01/2006 49152 | (PinnacleSys.MediaServer) . (.Pinnacle Systems.) - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
SR - | Auto 24/07/2007 185632 | (PSI_SVC_2) . (.Protexis Inc..) - C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
SS - | Demand 22/01/2010 1246560 | (RVSMONBL) . (.CJSC Returnil Software.) - C:\WINDOWS\system32\Returnil\RVS3\rvsmon.exe
SS - | Demand 0 | (RXANXWYEV) . (...) - C:\DOCUME~1\Bureau\LOCALS~1\Temp\RXANXWYEV.exe
SS - | Auto 0 | (Skype C2C Service) . (...) - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
SS - | Auto 28/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SR - | Auto 493200 | (TryAndDecideService) . (...) - C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
SR - | Auto 19/08/2011 450848 | (UMVPFSrv) . (.Logitech Inc..) - C:\Program Files\Fichiers communs\logishrd\LVMVFM\UMVPFSrv.exe
SS - | Auto 0 | (USBDLM) . (...) - C:\Program Files\USBDLM\USBDLM.exe
SS - | Demand 0 | (VG) . (...) - C:\DOCUME~1\Bureau\LOCALS~1\Temp\VG.exe
SS - | Disabled 0 | (vToolbarUpdater12.2.6) . (...) - C:\Program Files\Fichiers communs\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe =>Toolbar.AVGSearch
~ Services: Scanned in 00mn 00s



---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Bureau at 09/04/2013 18:45:51

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys amdide.sys PCIIDEX.SYS
C:\WINDOWS\system32\drivers\sfsync02.sys Protection Technology StarForce Protection System
C:\WINDOWS\system32\drivers\amdide.sys Advanced Micro Devices AMD PCI SATA/IDE Bus Driver
1 ntkrnlpa!IofCallDriver[0x804EF1F0] >> \Device\Harddisk0\DR0[0x8BB5EAB8]
kernel: MBR read successfully
user != kernel MBR !!!
sectors 312581748 (+3): user != kernel
~ MBR: 16 Legitimates Scanned in 00mn 02s



---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Bureau at 09/04/2013 18:45:53

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s



~ 2772 Legitimates filtered by white list
End of the scan (1380 lines in 07mn 20s)(0)

Publicité


Signaler le contenu de ce document

Publicité