Il y a actuellement 266 visiteurs
Mardi 05 Novembre 2024
accueilactualitésdossierscomparer les prixtélécharger gratuitement vos logicielsoffres d'emploiforum informatique
Connexion
Créer un compte

VIRUS W2/ MALWARE! GEMINI

Un ordinateur qui ralentit, des écrans publicitaires qui apparaissent, des applications qui refusent de démarrer ou encore votre navigateur qui s'obstine à ouvrir une page douteuse sont autant d'éléments qui indiquent que l'intégrité de votre ordinateur est menacée par un virus. Vous trouverez dans ce forum quelques conseils et logiciels pour surfer tranquillement.
Règles du forum
Pour afficher un rapport d'analyse ou un rapport d'infection (HijackThis, OTL, AdwCleaner etc...)‎, veuillez utiliser le système de fichiers joints interne au forum. Seuls les formats les .txt et .log de moins de 1Mo sont acceptés. Pour obtenir de l'aide pour insérer vos fichiers joints, veuillez consulter ce tutoriel

VIRUS W2/ MALWARE! GEMINI

Message le 30 Sep 2011 18:54

bONJOURS,

Après avoir constaté que je ne pouvais plus telecharger via megaupload par exemple car mon adresse ip etait piraté, j'ai fait analysé mon pc par un autre anti virus que l'habituel et voici le rapport:

(dsl je suis nul et je ne comprend pas la regle du forum pour afficher un rapport d'analyse, je l'ai juste copier/ coller)

4 programme(s) malveillant(s) détecté(s)
[Suspicious:W32/Malware!Gemini (virus)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{A7E215E8-4314-4521-92C8-4F10038826DE}\RP609\A0112283.EXE (Non nettoyé & Envoyé)

Suspicious:W32/Malware!Gemini (virus)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{A7E215E8-4314-4521-92C8-4F10038826DE}\RP609\A0112279.EXE (Non nettoyé & Envoyé)

Suspicious:W32/Malware!Gemini (virus)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{A7E215E8-4314-4521-92C8-4F10038826DE}\RP609\A0112281.EXE (Non nettoyé & Envoyé)

Suspicious:W32/Malware!Gemini (virus)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{A7E215E8-4314-4521-92C8-4F10038826DE}\RP609\A0112285.EXE (Non nettoyé & Envoyé)]
Sophie.d
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 17
Inscription: 30 Sep 2011 17:12
 


Re: VIRUS W2/ MALWARE! GEMINI

Message le 30 Sep 2011 22:39

Bonsoir , :)

Télécharge puis installe :

Image Image par Marcin Kleczynski

*** Met-le à jour(très important ) , puis coche, "Exécuter un examen complet"

*** Si une infection est trouvée, coche la case à coté et valide avec l’Onglet Supprimer la sélection

*** Après la suppression , l'outil va surement te demander de redémarrer l'ordinateur -->accepte<--

*** il est conseillé de désactivé Tea-Timer si tu as Spybot-S&D juste le temps du scan.

Voici comment faire: Lancez Spybot-S&D, passez en Mode avancé via le Menu Mode (en haut) ? cliquez sur Oui--> choisissez Outils dans la barre de navigation sur la gauche -->Résident et là vous pouvez décocher les cases situées devant les deux outils.


Poste le rapport final.

Ps:Au cas ou tu n'a pas le rapport suite à une erreur de manipulation ; relance Malwarebytes puis rends toi dans l'onglet "rapports/Logs" selectionne le dernier puis Copier/Coller dans ta réponse ;)

Puis :::

Image Télécharge >> OTL <<sur ton bureau.

* Fait un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "rapport minimal " soit cochée.

* Coches les case situées devant "Tous les utilisateurs", " Recherche LOP" et "Recherche Purity".

* Copier et colle le contenue de cette citation dans la partie inférieure d'OTL "personnalisation"

%temp%\smtmp\1\*.* /s
%temp%\smtmp\2\*.* /s
%temp%\smtmp\4\*.* /s
nslookup http://www.google.fr /c
SAVEMBR:0
NetSvcs
%systemroot%\system32\drivers\*.sys /lockedfiles
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
netsvcs
/md5start
dwm.exe
taskhost.exe
taskeng.exe
wscntfy.exe
ctfmon.exe
rdpclip.exe
volsnap.sys
sptd.sys
explorer.exe
userinit.exe
winlogon.exe
wininit.exe
tcpip.sys
Sfloppy.sys
Changer.sys
cdrom.sys
disk.sys
ndis.sys
usbscan.sys
usbprint.sys
tdtcp.sys
tdpipe.sys
swmidi.sys
splitter.sys
rdpwd.sys
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
RASACD.SYS
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles


* Cliques sur l'icône "Analyse" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( réduit dans la barre des taches).
* Copie et colle les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL

Bonne soirée ! ;)
Avatar de l'utilisateur
Del-crosseur
Expert(e)
Expert(e)
 
Messages: 1833
Inscription: 08 Juin 2009 06:46
Localisation: Nord-(59)
 

Re: VIRUS W2/ MALWARE! GEMINI

Message le 01 Oct 2011 21:25

C'est tout bon!!! merci beaucoup, j'ai suivi tes instructions a la lettre et j'ai fini par en venir à bout!!!!

mon ordi est clean et si je veux telecharger via megaupload ce marche!! (ce qui etait mon pb de départ!!!)


merci beaucoup!!!!
Sophie.d
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 17
Inscription: 30 Sep 2011 17:12
 

Re: VIRUS W2/ MALWARE! GEMINI

Message le 01 Oct 2011 21:31

Bonsoir , :)

lol , Grâce à Malwarebytes je suppose ?
Pourrais-je avoir tout de même le rapport de suppression ?
Ainsi que les rapports d'OTL ?

Merci & bonne soirée ! ;)
Avatar de l'utilisateur
Del-crosseur
Expert(e)
Expert(e)
 
Messages: 1833
Inscription: 08 Juin 2009 06:46
Localisation: Nord-(59)
 

Re: VIRUS W2/ MALWARE! GEMINI

Message le 03 Oct 2011 08:37

Bonjours,

déjà,je désespère, le virus est revenu, je ne comprend pas pendant, pendant plusieurs heures il ne ramait plus et j'ai pu accéder a megaupload (je n'ai pas télécharger juste vérifier que le fichier pouvait s'enregistrer).je crois que j'ai criais victoire trop vite :oops:

Bref hier dans l'aprem je constate que mon ordi rame de nouveau....

Voici le rapport malware qui était sorti:

Malwarebytes' Anti-Malware 1.51.2.1300
http://www.malwarebytes.org

Version de la base de données: 7837

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

01/10/2011 00:38:12
mbam-log-2011-10-01 (00-38-12).txt

Type d'examen: Examen complet (C:\|D:\|E:\|F:\|G:\|)
Elément(s) analysé(s): 269419
Temps écoulé: 40 minute(s), 14 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{BB4C402F-882A-4526-8C08-51278EA437C1} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{C5F43BEF-CE2F-46D8-AFE6-A647BACD1F09} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{C5F43BEF-CE2F-AFE6-46D8-A647BACD1F09} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{BB4C402F-882A-4526-8C08-51278EA437C1} (Spyware.OnlineGames) -> Value: {BB4C402F-882A-4526-8C08-51278EA437C1} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{C5F43BEF-CE2F-46D8-AFE6-A647BACD1F09} (Spyware.OnlineGames) -> Value: {C5F43BEF-CE2F-46D8-AFE6-A647BACD1F09} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{C5F43BEF-CE2F-46D8-AFE6-A647BACD1F09} (Spyware.OnlineGames) -> Value: {C5F43BEF-CE2F-46D8-AFE6-A647BACD1F09} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{BB4C402F-882A-4526-8C08-51278EA437C1} (Spyware.OnlineGames) -> Value: {BB4C402F-882A-4526-8C08-51278EA437C1} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Spyware.OnlineGames) -> Value: cdoosoft -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\WINDOWS\AhnRpta.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\WINDOWS\expiorer.exe (Trojan.Rundis) -> Quarantined and deleted successfully.





Maintenant pour OTL, en fait il m'étais impossible d'ouvrir le fichier OTL.EXE parce que "je suppose" qu'il ne s'enregistre pas sur le bureau (la fenetre qui s'ouvre ne me propose pas de choix en fait)
du coup j'ai utilisé TFC mais je pense que c'est pas pareil, bref

Me voila donc revenu au point de départ, et meme pire car lorsque je fais une analyse anti virus il ne trouve rien, et l'analysE supplémentaire que je fais via le net (sfr je suis sur cle 3G) bug a chaque fois maintenant.

Merci d'essayer de m'expliquer comment resoudre le probleme d' OTL (faut il que je demarre le pc en mode sans echec??)
pour le faire fonctionner et faire correctement les choses comme tu me les a demandé

meri
Sophie.d
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 17
Inscription: 30 Sep 2011 17:12
 

Re: VIRUS W2/ MALWARE! GEMINI

Message le 03 Oct 2011 09:36

Bonjour , :)

OTL.exe est il bien téléchargé ?
Avez-vous regarder dans vos telechargements ?

Bonne journée ;-)
Avatar de l'utilisateur
Del-crosseur
Expert(e)
Expert(e)
 
Messages: 1833
Inscription: 08 Juin 2009 06:46
Localisation: Nord-(59)
 

Re: VIRUS W2/ MALWARE! GEMINI

Message le 03 Oct 2011 12:46

Bonjours,

pour OTL,je suppose qu'il a y eu un problème lors du téléchargement mais j'ai essayé plusieurs liens différents et à chaque fois que je clique sur OTL.EXE une fenêtre s' ouvre et m'indique qu' OTL a rencontre un problème et doit fermer...
Sophie.d
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 17
Inscription: 30 Sep 2011 17:12
 

Re: VIRUS W2/ MALWARE! GEMINI

Message le 03 Oct 2011 18:52

Bonsoir , :)

On va laisser OTL sur le coté en attendant puis utiliser un autre logiciel de Diagnostique...

Image Télécharge ZHPDiag par Nicolas Coolman et sauvegarde-le sur le Bureau.

• Laisse toi guider lors de l'installation, le programme se lancera automatiquement à la fin.
/!\Utilisateur de Vista et Seven : Clique droit sur le logo de ZHPdiag, « exécuter en tant qu'Administrateur »/!\
• Cliquer sur l'icône représentant une loupeLancer le diagnostic »)
• Enregistrer le rapport sur le Bureau à l'aide de l'icône représentant une disquette
• Héberger le rapport ZHPDiag.txt sur un site tel que cijoint.fr, puis copier/coller dans ta prochaine réponse

Bonne soirée ! ;)
Avatar de l'utilisateur
Del-crosseur
Expert(e)
Expert(e)
 
Messages: 1833
Inscription: 08 Juin 2009 06:46
Localisation: Nord-(59)
 

Re: VIRUS W2/ MALWARE! GEMINI

Message le 04 Oct 2011 16:11

Bonjours,
voici le rapport de zebhelp:

[Rapport de ZHPDiag v1.28.1350 par Nicolas Coolman, Update du 20/09/2011
Run by Perso at 04/10/2011 16:48:24
Web site : http://www.premiumorange.com/zeb-help-p ... pdiag.html


---\\ Web Browser
MSIE: Internet Explorer v7.0.5730.13
MFIE: Mozilla Firefox 6.0.2 v6.0.2 (Defaut)

---\\ Windows Product Information
Windows XP Professional Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO

---\\ System Information
~ Processor: x86 Family 6 Model 15 Stepping 6, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1023 MB (33% free)
System Restore: Activé (Enable)
System drive C: has 42 GB (65%) free of 65 GB

---\\ Logged in mode
~ Computer Name: NOM-F147A67A90A
~ User Name: Perso
~ All Users Names: SUPPORT_388945a0, Perso, HelpAssistant, ASPNET, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O82
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Documents and Settings\Perso\Application Data\
~ %Desktop% : C:\Documents and Settings\Perso\Bureau\
~ %Favorites% : C:\Documents and Settings\Perso\Favoris\
~ %LocalAppData% : C:\Documents and Settings\Perso\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\Perso\Menu Démarrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 42 Go of 65 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 12 Go of 43 Go)
E:\ CD-ROM drive (Not Inserted)
F:\ CD-ROM drive (Free 0 Go of 0 Go)
G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SYSTEM\CurrentControlSet\Services] wscsvc : OK
~ Scan Security Center in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.04/10/2011 - 18:34:04.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.93AD0B78C7357A05F50E594EC7C22300] - (....) (.04/10/2011 - 18:34:22.) -- C:\WINDOWS\system32\rundll32.exe [33792]
[MD5.1ED4120974B73A40863CD8D2221C162F] - (.Microsoft Corporation - Internet Extensions for Win32.) (.04/10/2011 - 19:39:20.) -- C:\WINDOWS\system32\wininet.dll [832512]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.04/10/2011 - 18:34:30.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.04/10/2011 - 10:40:32.) -- C:\WINDOWS\system32\drivers\atapi.sys [96512]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.04/10/2011 - 11:15:54.) -- C:\WINDOWS\system32\drivers\ntfs.sys [574976]
~ Scan Generic Processes in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 96/1636
~ Mes musiques (My Musics) : 89/899
~ Mes Videos (My Videos) : 3/141
~ Mes Favoris (My Favorites) : 2/96
~ Mes Documents (My Documents) : 514/4249
~ Mon Bureau (My Desktop) : 0/2
~ Menu demarrer (Programs) : 6/31
~ Scan Hidden Files in 00mn 11s



---\\ Processus lancés
[MD5.CFCE43B70CA0CC4DCC8ADB62B792B173] - (.Microsoft Corporation - Antimalware Service Executable.) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [11736] [PID.]
[MD5.96A55CC44A967A5F9761E25B1F03BB02] - (.Intel Corporation - Intel(R) PROSet/Wireless Event Log.) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [114753] [PID.]
[MD5.FEBC1C664C0F99CDCB0BC122F69E4A92] - (.Intel Corporation - Wireless Management Service.) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [540745] [PID.]
[MD5.20F6F19FE9E753F2780DC2FA083AD597] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe [37664] [PID.]
[MD5.7890120428B321FD358BA59E3E3A8C51] - (.Pas de propriétaire - HControl.) -- C:\WINDOWS\ATK0100\HControl.exe [106496] [PID.332]
[MD5.6699ECE24FE4B3F752A66C66A602EE86] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe [192776] [PID.]
[MD5.C307053F0ADF3A93C608F5D7EE9D8C9E] - (.Pas de propriétaire - ATKOSD.) -- C:\WINDOWS\ATK0100\ATKOSD.exe [2170880] [PID.308]
[MD5.1C87705CCB2F60172B0FC86B5D82F00D] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [387944] [PID.]
[MD5.68E01EF8CBDEB51B9843C2292075E0F2] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.EXE [14850560] [PID.672]
[MD5.EFC3319E5BC0FD6A992840E8EBD98BA3] - (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [761945] [PID.1408]
[MD5.026DA2AB097171C02EAC7AB3EE22D269] - (.Microsoft Corporation - Media Center Receiver Service.) -- C:\WINDOWS\eHome\ehRecvr.exe [237568] [PID.]
[MD5.5419D37517E5AA8037A22BBFF44B46F9] - (.Pas de propriétaire - Wireless Console 2.) -- C:\Program Files\Wireless Console 2\wcourier.exe [987136] [PID.1332]
[MD5.8F396853BB7BD7FE341AF40C01DFEDFE] - (.Intel Corporation - ZeroCfgSvc MFC Application.) -- C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [667718] [PID.1612]
[MD5.980EEEA91776357518892C5544768E2B] - (.Microsoft Corporation - Service de planification Media Center.) -- C:\WINDOWS\eHome\ehSched.exe [103424] [PID.]
[MD5.B2C7424892DDC8A53B3F13AECA268BD2] - (.Intel Corporation - Intel Framework MFC Application.) -- C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [602182] [PID.1732]
[MD5.89435B5BB17CBF9C136858E8B1D8F293] - (.Intel Corporation - Ease Of Use Wizard Application.) -- C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe [569413] [PID.1796]
[MD5.805A9762437BB73AF000D7E124837E9F] - (.Pas de propriétaire - ALU MFC Application.) -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe [180224] [PID.1792]
[MD5.C637FC4638A96165256B28D38DE7B953] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208] [PID.1968]
[MD5.B81932FD5CAC023A687DE8C01A01BE50] - (.Belkin - Belkin Wireless Client Utility.) -- C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe [1654784] [PID.2164]
[MD5.09417134F248DFCEEA15C72BCC87F592] - (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) -- C:\Program Files\Java\jre6\bin\jqs.exe [153376] [PID.]
[MD5.5E4C9C25D603AE46DEDCBD9674F86E21] - (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jusched.exe [149280] [PID.2304]
[MD5.5D7E7AED485D47A767B7C034D040B493] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 82.93.) -- C:\WINDOWS\system32\nvsvc32.exe [143426] [PID.]
[MD5.879D74337173A6D630D3D06184D354C1] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [421736] [PID.2660]
[MD5.0211B3F72FFEE03A7598A4A54A13708E] - (.AVG Technologies CZ, s.r.o. - AVG Tray Monitor.) -- C:\Program Files\AVG\AVG2012\avgtray.exe [2401120] [PID.]
[MD5.5E9847165E4FE202ADA891DD6EE2FA24] - (.Intel Corporation - Intel(R) PROSet/Wireless Registry Service.) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [217164] [PID.]
[MD5.BB57D34EF70E3B5A9304ABD3A9AFA63F] - (...) -- C:\Program Files\cacaoweb\cacaoweb.exe [399088] [PID.3120]
[MD5.7BB625CFE318AD06770218625FBDAE6C] - (...) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [49152] [PID.3264]
[MD5.4543367E50BD35E7D1269D42841B156E] - (.Hewlett-Packard Development Company, L.P. - HP Digital Imaging Monitor.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [288472] [PID.3284]
[MD5.79E3329E541B00A3FA34F03569F4886D] - (.AVG Technologies CZ, s.r.o. - AVG Online Shield Service.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe [1220960] [PID.]
[MD5.125258216BB5BFE6E9A626B85FA44111] - (.AVG Technologies CZ, s.r.o. - AVG E-mail Scanner.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe [973152] [PID.]
[MD5.1F2F6F2D30D103CCCF30B592CACD4190] - (.Wacom Technology, Corp. - WacomService.) -- C:\WINDOWS\system32\Tablet.exe [1189424] [PID.]
[MD5.50CDE90D20FC697919C9516D7FD0FDCA] - (.Wacom Technology, Corp. - TABUSERW.) -- C:\WINDOWS\system32\WTablet\TabUserW.exe [132656] [PID.4040]
[MD5.6EAD3146A0894F5EB9AD02542B1C7DE5] - (.AVG Technologies CZ, s.r.o. - AVG Identity Protection Service.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [5265248] [PID.]
[MD5.88029974B1C9995CFA3BD9560BBA2EEF] - (.Hewlett-Packard Development Company, L.P. - HP CUE Status.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe [239320] [PID.124]
[MD5.0DAD93BB0FECF5016AE3C06CBB0A873B] - (.Microsoft Corporation - COM Surrogate.) -- C:\WINDOWS\system32\dllhost.exe [5120] [PID.]
[MD5.F62C69376A95795FE7CDB1C778EDACA4] - (.Apple Inc. - iPodService Module (32-bit).) -- C:\Program Files\iPod\bin\iPodService.exe [821096] [PID.]
[MD5.27B4B481074F625EDC26219DCC6FFE52] - (.Intel Corporation - Intel 802.1x Server.) -- C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe [397381] [PID.4708]
[MD5.34D25C8A88A44FF2DAD0C0FA6C46E219] - (.SFR - SFR.DashBoard.Service.) -- C:\Program Files\SFR\Gestionnaire de Connexion\SFR.DashBoard.Service.exe [21424] [PID.]
[MD5.A53AD1FEA0573F810CEAAA2D5091F993] - (.SFR - Gestionnaire de connexion.) -- C:\Program Files\SFR\Gestionnaire de Connexion\SFR_Gestionnaire_connexion.exe [712624] [PID.4644]
[MD5.B89CB10DAA6B058F6EEAF4A2F489CFBF] - (.Nicolas Coolman - Analyseur de rapports sécurité.) -- C:\Program Files\ZebHelpProcess\ZHP2.exe [2924032] [PID.5700]
[MD5.63346640E170B63970C093F720065DAB] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [924632] [PID.5940]
[MD5.7653CD0E8F2C0052185673B574DB699E] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [16856] [PID.3476]
[MD5.B26A2F3CD6459548DB6891D138080876] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZebHelpProcess\ZHPDiag.exe [2121216] [PID.2692]
~ Scan Processes Running in 00mn 09s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Documents and Settings\Perso\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] None
G0 - GCSP: Preference [User Data\Default][HomePage] http://www.google.fr
~ Scan Google Browser in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Documents and Settings\Perso\Application Data\Mozilla\Firefox\Profiles\15376gwa.default\prefs.js
C:\Documents and Settings\Perso\Application Data\Mozilla\Firefox\Profiles\15376gwa.default\user.js (.not file.)
M3 - MFPP: Plugins - [Perso] -- C:\Program Files\Mozilla FireFox\searchplugins\amazon-france.xml
M3 - MFPP: Plugins - [Perso] -- C:\Program Files\Mozilla FireFox\searchplugins\bing.xml
M3 - MFPP: Plugins - [Perso] -- C:\Program Files\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml
M3 - MFPP: Plugins - [Perso] -- C:\Program Files\Mozilla FireFox\searchplugins\eBay-france.xml
M3 - MFPP: Plugins - [Perso] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml
M3 - MFPP: Plugins - [Perso] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-fr.xml
M3 - MFPP: Plugins - [Perso] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-france.xml
M0 - MFSP: prefs.js [Perso - 15376gwa.default] http://www.google.fr
M2 - MFEP: prefs.js [Perso - 15376gwa.default\cacaoweb@cacaoweb.org] [] cacaoweb v1.0.18 (.http://www.cacaoweb.org/.)
P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - np-mswmp.) -- C:\Program Files\Mozilla Firefox\Plugins\np-mswmp.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin2.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin3.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin4.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin5.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin6.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin7.dll
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
P2 - FPN: [HKLM] [@Apple.com/iTunes,version=1.0] - (...) -- C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.60531.0.) -- c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
P2 - FPN: [HKLM] [@SonyCreativeSoftware.com/Media Go,version=1.0] - (.Sony Creative Software Inc - Media Go plug-in for Mozilla browsers.) -- c:\Program Files\Sony\Media Go\npmediago.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
~ Scan Firefox Browser in 00mn 01s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com
R0 - HKUS\S-1-5-21-4090097553-4253339517-4190338119-1005\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://ie.search.msn.com
R1 - HKUS\S-1-5-21-4090097553-4253339517-4190338119-1005\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (7.00.6000.17099 (vista_gdr.110617-1500)) -- C:\WINDOWS\system32\ieframe.dll
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2
~ Scan IE Browser in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Scan Proxy management in 00mn 00s



---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Scan Keys in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Scan Hosts File in 00mn 00s



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} . (.AVG Technologies CZ, s.r.o. - Safe Search for Internet Explorer.) -- C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} Clé orpheline
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} Clé orpheline
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} . (.Skype Technologies S.A. - Click to Call with Skype for Internet Explo.) -- C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} . (.Sun Microsystems, Inc. - Java(TM) Quick Starter binary.) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
~ Scan BHO in 00mn 04s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} . (...) -- (.not file.)
O3 - Toolbar: (no name) - {1E796980-9CC5-11D1-A83F-00C04FC99D61} . (...) -- (.not file.)
~ Scan Toolbar in 00mn 00s



---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [HControl] . (.Pas de propriétaire - HControl.) -- C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll
O4 - HKLM\..\Run: [nwiz] . (...) -- C:\WINDOWS\system32\nwiz.exe
O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe
O4 - HKLM\..\Run: [Alcmtr] . (.Realtek Semiconductor Corp. - Realtek Azalia Audio - Event Monitor.) -- C:\WINDOWS\ALCMTR.exe
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Wireless Console 2] . (.Pas de propriétaire - Wireless Console 2.) -- C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [IntelZeroConfig] . (.Intel Corporation - ZeroCfgSvc MFC Application.) -- C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] . (.Intel Corporation - Intel Framework MFC Application.) -- C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
O4 - HKLM\..\Run: [EOUApp] . (.Intel Corporation - Ease Of Use Wizard Application.) -- C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [ASUS Live Update] . (.Pas de propriétaire - ALU MFC Application.) -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [ABLKSR] . (.ASYSTeK Computer INC. - ABLKSR.) -- C:\WINDOWS\ABLKSR\ABLKSR.exe
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [CanalPlayerHelper] C:\Program Files\Lecteur CANALPLAY\CanalPlayerHelper.exe (.not file.)
O4 - HKLM\..\Run: [F5D7050v3] . (.Belkin - Belkin Wireless Client Utility.) -- C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [OoPDFSettingsv6.exe] C:\System Volume Information\_restore{A7E215E8-4314-4521-92C8-4F10038826DE}\RP609\OoPDFSettingsv6.exe (.not file.)
O4 - HKLM\..\Run: [AVG_TRAY] . (.AVG Technologies CZ, s.r.o. - AVG Tray Monitor.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cacaoweb] . (...) -- C:\Program Files\cacaoweb\cacaoweb.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] . (.Microsoft Corporation - Watson Subscriber for SENS Network Notifica.) -- c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] . (.Microsoft Corporation - Watson Subscriber for SENS Network Notifica.) -- c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-4090097553-4253339517-4190338119-1005\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-4090097553-4253339517-4190338119-1005\..\Run: [cacaoweb] . (...) -- C:\Program Files\cacaoweb\cacaoweb.exe
~ Scan Application in 00mn 01s



---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Windows Movie Maker.lnk . (.Microsoft Corporation.) -- C:\Program Files\Movie Maker\moviemk.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Media Center.lnk . (.Microsoft Corporation.) -- C:\WINDOWS\ehome\ehshell.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Lanceur de tâches Microsoft Works.lnk . (.Microsoft® Corporation.) -- C:\Program Files\Microsoft Works\MSWorks.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Audacity.lnk . (...) -- C:\Program Files\Audacity\audacity.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Enregistrement OCR I.R.I.S..lnk . (.I.R.I.S. SA.) -- C:\Program Files\HP\Digital Imaging\DocProc\regipe.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Adobe Photoshop 7.0.lnk . (.Adobe Systems, Incorporated.) -- C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Adobe ImageReady 7.0.lnk . (.Adobe Systems Incorporated.) -- C:\Program Files\Adobe\Photoshop 7.0\ImageReady.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Adobe Reader 9.lnk . (...) -- C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-A91000000001}\SC_Reader.ico
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Microsoft Office PowerPoint Viewer 2003.lnk . (.Microsoft Corporation.) -- C:\Program Files\Microsoft Office\PowerPoint Viewer\PPTVIEW.EXE
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Microsoft Security Essentials.lnk . (.Microsoft Corporation.) -- C:\Program Files\Microsoft Security Client\msseces.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Apple Software Update.lnk . (...) -- C:\WINDOWS\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe
O4 - Global Startup: C:\Documents And Settings\Perso\Menu Démarrer\Programmes\Outlook Express.lnk . (.Microsoft Corporation.) -- C:\Program Files\Outlook Express\msimn.exe
O4 - Global Startup: C:\Documents And Settings\Perso\Menu Démarrer\Programmes\Assistance à distance.lnk . (.Microsoft Corporation.) -- C:\WINDOWS\system32\rcimlby.exe
O4 - Global Startup: C:\Documents And Settings\Perso\Menu Démarrer\Programmes\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Documents And Settings\Perso\Menu Démarrer\Programmes\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe
~ Scan Global Startup in 00mn 04s



---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: Google Sidewiki... - (.not file.) - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll
~ Scan IE Menu Contextuel in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
~ Scan IE Extra Buttons in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Apple Inc. - Bonjour Namespace Provider.) -- C:\Program Files\Bonjour\mdnsNSP.dll
~ Scan Winsock in 00mn 00s



---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKCU\...\Domains] *.canalplay.com
O15 - Trusted Zone: [HKCU\...\Domains\www] *.canalplay.com
O15 - Trusted Zone: [HKCU\...\Domains] *.canalplusactive.com
O15 - Trusted Zone: [HKCU\...\Domains\www] *.canalplusactive.com
O15 - Trusted Zone: [HKLM\...\Domains] *.canalplay.com
O15 - Trusted Zone: [HKLM\...\Domains\www] *.canalplay.com
O15 - Trusted Zone: [HKLM\...\Domains] *.canalplusactive.com
O15 - Trusted Zone: [HKLM\...\Domains\www] *.canalplusactive.com
~ Scan IE Zone Confiance in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: Microsoft XML Parser for Java - (Microsoft XML Parser for Java) - (.not file.) - C:\WINDOWS\Java\classes\xmldso.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.fnacphoto.com/ECTelechargeme ... oader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8400646500
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/fl ... rashim.cab
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - https://as.photoprintit.de/ips-opdata/l ... oader4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
~ Scan Objets ActiveX in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{19E2A298-527D-4D6A-8EE5-46863CE5116A}: NameServer = 172.20.2.39 172.20.2.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB81D18F-2BBC-4256-A41A-2027C62E35B0}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{19E2A298-527D-4D6A-8EE5-46863CE5116A}: NameServer = 172.20.2.39 172.20.2.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{DB81D18F-2BBC-4256-A41A-2027C62E35B0}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS2\Services\Tcpip\..\{DB81D18F-2BBC-4256-A41A-2027C62E35B0}: DhcpNameServer = 212.27.40.240 212.27.40.241
~ Scan Domain in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\WINDOWS\system32\mshtml.dll
O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\WINDOWS\system32\msvidctl.dll
O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\WINDOWS\system32\itss.dll
O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\WINDOWS\system32\mshtml.dll
O18 - Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} . (.AVG Technologies CZ, s.r.o. - Safe Search pluggable protocol.) -- C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\WINDOWS\system32\mshtml.dll
O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API.) -- C:\WINDOWS\system32\inetcomm.dll
O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\WINDOWS\system32\itss.dll
O18 - Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\WINDOWS\system32\mshtml.dll
O18 - Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} . (.Skype Technologies S.A. - Click to Call with Skype for Internet Explo.) -- C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\WINDOWS\system32\mshtml.dll
O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\WINDOWS\system32\msvidctl.dll
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\WINDOWS\system32\mshtml.dll
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\system32\mscoree.dll
O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\system32\mscoree.dll
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\system32\mscoree.dll
O18 - Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
~ Scan Protocole Additionnel in 00mn 01s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\System32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Scan Winlogon in 00mn 00s



---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objet du service d'environnement Systray.) -- C:\WINDOWS\system32\stobject.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} . (.Microsoft Corporation - Windows Portable Device Shell Service Objec.) -- C:\WINDOWS\system32\WPDShServiceObj.dll
~ Scan SSODL in 00mn 00s



---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll
~ Scan STS/SSO in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Apple Mobile Device (Apple Mobile Device) . (.Apple Inc. - MobileDeviceService.) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o. - AVG Identity Protection Service.) - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) . (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) . (.Apple Inc. - Bonjour Service.) - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) . (.Intel Corporation - Intel(R) PROSet/Wireless Event Log.) - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c98c608a6f3424) (gupdate1c98c608a6f3424) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) . (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 82.93.) - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 (Pml Driver HPZ12) . (.HP - PML Driver.) - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) . (.Intel Corporation - Intel(R) PROSet/Wireless Registry Service.) - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) . (.Intel Corporation - Wireless Management Service.) - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: (SFR.DashBoard.Service) . (.SFR - SFR.DashBoard.Service.) - C:\Program Files\SFR\Gestionnaire de Connexion\SFR.DashBoard.Service.exe
O23 - Service: TabletService (TabletService) . (.Wacom Technology, Corp. - WacomService.) - C:\WINDOWS\system32\Tablet.exe
~ Scan Services in 00mn 00s



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) - (.not file.)
~ Scan Desktop Component in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\MpIdleTask.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-4090097553-4253339517-4190338119-1005.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-4090097553-4253339517-4190338119-1005.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\MP Scheduled Scan.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[MD5.00000000000000000000000000000000] [APT] [RealUpgradeScheduledTaskS-1-5-21-4090097553-4253339517-4190338119-1005] (...) -- C:\Program Files\Real\RealUpgrade\realupgrade.exe (.not file.)
[MD5.626A24ED1228580B9518C01930936DF9] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe
[MD5.626A24ED1228580B9518C01930936DF9] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe
[MD5.00000000000000000000000000000000] [APT] [RealUpgradeLogonTaskS-1-5-21-4090097553-4253339517-4190338119-1005] (...) -- C:\Program Files\Real\RealUpgrade\realupgrade.exe (.not file.)
[MD5.34EBD4FF6A24D86BB4716D6AFCC1A89B] [APT] [AppleSoftwareUpdate] (.Apple Inc..) -- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
~ Scan Scheduled Task in 00mn 01s



---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\WINDOWS\system32\drivers\afd.sys
O41 - Driver: (Avgldx86) . (.AVG Technologies CZ, s.r.o. - AVG AVI Loader Driver.) - C:\WINDOWS\system32\DRIVERS\avgldx86.sys
O41 - Driver: (Avgmfx86) . (.AVG Technologies CZ, s.r.o. - AVG Resident Shield Minifilter Driver.) - C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
O41 - Driver: (Avgtdix) . (.AVG Technologies CZ, s.r.o. - AVG Network connection watcher.) - C:\WINDOWS\system32\DRIVERS\avgtdix.sys
O41 - Driver: (bdftdif) . (.BitDefender SRL - BitDefender Firewall TDI Filter Driver.) - C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys
O41 - Driver: (Cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\WINDOWS\system32\DRIVERS\cdrom.sys
O41 - Driver: (i8042prt) . (.Microsoft Corporation - Pilote de port i8042.) - C:\WINDOWS\system32\DRIVERS\i8042prt.sys
O41 - Driver: (Imapi) . (.Microsoft Corporation - IMAPI Kernel Driver.) - C:\WINDOWS\system32\DRIVERS\imapi.sys
O41 - Driver: (intelppm) . (.Microsoft Corporation - Pilote de périphérique processeur.) - C:\WINDOWS\system32\DRIVERS\intelppm.sys
O41 - Driver: (IPSec) . (.Microsoft Corporation - IPSec Driver.) - C:\WINDOWS\system32\DRIVERS\ipsec.sys
O41 - Driver: (Kbdclass) . (.Microsoft Corporation - Pilote de la classe Clavier.) - C:\WINDOWS\system32\DRIVERS\kbdclass.sys
O41 - Driver: (Mouclass) . (.Microsoft Corporation - Pilote de la classe Souris.) - C:\WINDOWS\system32\DRIVERS\mouclass.sys
O41 - Driver: (MpFilter) . (.Microsoft Corporation - Microsoft antimalware file system filter dr.) - C:\WINDOWS\system32\DRIVERS\MpFilter.sys
O41 - Driver: (MpKsl45b55d88) . (.Microsoft Corporation - KSLDriver.) - c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{00232073-4672-4A91-8393-3613026422C3}\MpKsl45b55d88.sys
O41 - Driver: (MRxSmb) . (.Microsoft Corporation - Windows NT SMB Minirdr.) - C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\WINDOWS\system32\DRIVERS\netbios.sys
O41 - Driver: (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\WINDOWS\system32\DRIVERS\netbt.sys
O41 - Driver: (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\WINDOWS\system32\DRIVERS\rasacd.sys
O41 - Driver: (Rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\WINDOWS\system32\DRIVERS\rdbss.sys
O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
O41 - Driver: (redbook) . (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) - C:\WINDOWS\system32\DRIVERS\redbook.sys
O41 - Driver: (Tcpip) . (.Microsoft Corporation - TCP/IP Protocol Driver.) - C:\WINDOWS\system32\DRIVERS\tcpip.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\WINDOWS\system32\DRIVERS\termdd.sys
O41 - Driver: Carte vidéo VGA. (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\WINDOWS\system32\drivers\vga.sys
~ Scan Drivers in 00mn 01s



---\\ Logiciels installés (O42)
O42 - Logiciel: ASUS Live Update - (.Pas de propriétaire.) [HKLM] -- {E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}
O42 - Logiciel: ASUSDVD - (.ASUSTek Corporation.) [HKLM] -- {6811CAA0-BF12-11D4-9EA1-0050BAE317E1}
O42 - Logiciel: ATK0100 ACPI UTILITY - (.Pas de propriétaire.) [HKLM] -- HControl
O42 - Logiciel: AVG 2012 - (.AVG Technologies.) [HKLM] -- AVG
O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Photoshop 7.0 - (.Adobe Systems, Inc..) [HKLM] -- Adobe Photoshop 7.0
O42 - Logiciel: Asus ChkMail - (.Pas de propriétaire.) [HKLM] -- Asus ChkMail
O42 - Logiciel: Asus_A_Series_ScreenSaver - (.Pas de propriétaire.) [HKLM] -- Asus_A_Series_ScreenSaver
O42 - Logiciel: Audacity 1.2.6 - (.Pas de propriétaire.) [HKLM] -- Audacity_is1
O42 - Logiciel: Belkin 54Mbps Wireless Network Adapter - (.Belkin.) [HKLM] -- {F3759A9F-7AFA-4FB4-8DF1-53F26B979DEE}
O42 - Logiciel: DSC Driver - (.Pas de propriétaire.) [HKLM] -- {3FE748C3-5576-4A95-ACE7-60FD99DE9985}
O42 - Logiciel: Gestionnaire de Connexion SFR 3.2 - (.SFR.) [HKLM] -- {FC48747D-095F-4CF6-B54E-37D4F4738A15}_is1
O42 - Logiciel: HP Customer Participation Program 7.0 - (.HP.) [HKLM] -- HPExtendedCapabilities
O42 - Logiciel: HP Document Viewer 7.0 - (.HP.) [HKLM] -- HP Document Viewer
O42 - Logiciel: HP Imaging Device Functions 7.0 - (.HP.) [HKLM] -- HP Imaging Device Functions
O42 - Logiciel: HP Photosmart Premier Software 6.5 - (.HP.) [HKLM] -- HP Photo & Imaging
O42 - Logiciel: HP Photosmart, Officejet and Deskjet 7.0.A - (.HP.) [HKLM] -- {BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}
O42 - Logiciel: HP Solution Center 7.0 - (.HP.) [HKLM] -- HP Solution Center & Imaging Support Tools
O42 - Logiciel: High Definition Audio - KB888111 - (.Microsoft Corporation.) [HKLM] -- KB888111WXPSP2
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484
O42 - Logiciel: Hotfix for Windows Media Format 11 SDK (KB929399) - (.Microsoft Corporation.) [HKLM] -- KB929399
O42 - Logiciel: Hotfix for Windows Media Player 10 (KB903157) - (.Microsoft Corporation.) [HKLM] -- KB903157
O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) - (.Microsoft Corporation.) [HKLM] -- KB954550-v5
O42 - Logiciel: Hotfix for Windows XP (KB976002-v5) - (.Microsoft Corporation.) [HKLM] -- KB976002-v5
O42 - Logiciel: ISSENDIS WebUpdate v6 - (.ISSENDIS ....) [HKLM] -- ISSENDIS WebUpdate v6_is1
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite_Wave3
O42 - Logiciel: Lecteur CANALPLAY 2.5 - (.Canal+ Distribution.) [HKLM] -- {E9E37358-E3E1-47BA-9E21-375EF3616BC9}
O42 - Logiciel: Lecteur Windows Media 11 - (.Pas de propriétaire.) [HKLM] -- Windows Media Player
O42 - Logiciel: Logiciel Intel(R) PROSet/Wireless - (.Intel Corporation.) [HKLM] -- ProInst
O42 - Logiciel: Macromedia Shockwave Player - (.Pas de propriétaire.) [HKLM] -- Macromedia Shockwave Player
O42 - Logiciel: Malwarebytes' Anti-Malware version 1.51.2.1300 - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: Microsoft .NET Framework 1.0 Hotfix (KB953295) - (.Microsoft Corporation.) [HKLM] -- KB953295
O42 - Logiciel: Microsoft .NET Framework 1.0 Hotfix (KB979904) - (.Microsoft Corporation.) [HKLM] -- KB979904
O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Pas de propriétaire.) [HKLM] -- Microsoft .NET Framework 1.1 (1033)
O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB2416447) - (.Pas de propriétaire.) [HKLM] -- M2416447
O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB979906) - (.Pas de propriétaire.) [HKLM] -- M979906
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1
O42 - Logiciel: Microsoft Compression Client Pack 1.0 for Windows XP - (.Microsoft Corporation.) [HKLM] -- MSCompPackV1
O42 - Logiciel: Microsoft Internationalized Domain Names Mitigation APIs - (.Microsoft Corporation.) [HKLM] -- IDNMitigationAPIs
O42 - Logiciel: Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 - (.Microsoft Corporation.) [HKLM] -- Wdf01005
O42 - Logiciel: Microsoft National Language Support Downlevel APIs - (.Microsoft Corporation.) [HKLM] -- NLSDownlevelMapping
O42 - Logiciel: Microsoft Security Essentials - (.Microsoft Corporation.) [HKLM] -- Microsoft Security Client
O42 - Logiciel: Microsoft User-Mode Driver Framework Feature Pack 1.0 - (.Microsoft Corporation.) [HKLM] -- Wudf01000
O42 - Logiciel: Mozilla Firefox 6.0.2 (x86 fr) - (.Mozilla.) [HKLM] -- Mozilla Firefox 6.0.2 (x86 fr)
O42 - Logiciel: NVIDIA Drivers - (.Pas de propriétaire.) [HKLM] -- NVIDIA Drivers
O42 - Logiciel: OCR Software by I.R.I.S 7.0 - (.HP.) [HKLM] -- HPOCR
O42 - Logiciel: OFFICE One 150 Modèles de documents - (.OFFICE one ....) [HKLM] -- OFFICE One 150 Modèles de documents_is1
O42 - Logiciel: OFFICE One 450 Fonts - (.ISSENDIS.) [HKLM] -- OFFICE One 450 Fonts_is1
O42 - Logiciel: OFFICE One 6.5 - (.ISSENDIS..) [HKLM] -- OFFICE One 6.5
O42 - Logiciel: OFFICE One 6.5 Bureautique désinstallation complète 6.5 - (.ISSENDIS.) [HKLM] -- OFFICE One 6.5 Bureautique désinstallation complète 6.5
O42 - Logiciel: OFFICE One Clock 6.5 - (.ISSENDIS.) [HKLM] -- OFFICE One Clock 6.5
O42 - Logiciel: OFFICE One Coffre Fort v6 - (.OFFICE one ....) [HKLM] -- OFFICE One Coffre Fort v6_is1
O42 - Logiciel: OFFICE One Color Picker 6.5 - (.ISSENDIS.) [HKLM] -- OFFICE One Color Picker 6.5
O42 - Logiciel: OFFICE One Comptes Bancaires v6 - (.OFFICE one ....) [HKLM] -- OFFICE One Comptes Bancaires v6_is1
O42 - Logiciel: OFFICE One Games PHARAOS' CURSE - (.OFFICE One.) [HKLM] -- PHARAOS' CURSE 1
O42 - Logiciel: OFFICE One Games WATER IN FIRE 2 - (.OFFICE One.) [HKLM] -- WATER IN FIRE 2 1
O42 - Logiciel: OFFICE One Guide 6.5 - (.ISSENDIS.) [HKLM] -- OFFICE One Guide 6.5
O42 - Logiciel: OFFICE One Notes 6.5 - (.ISSENDIS.) [HKLM] -- OFFICE One Notes 6.5
O42 - Logiciel: OFFICE One PDF Manager 6.5 - (.ISSENDIS.) [HKLM] -- OFFICE One PDF Manager 6.5
O42 - Logiciel: OFFICE One Zip v6 - (.ISSENDIS.) [HKLM] -- OFFICE One Zip v6_is1
O42 - Logiciel: REALTEK PCIE NIC Driver - (.REALTEK Semiconductor Corp..) [HKLM] -- {17E2F183-BAC4-4D01-BD7A-59F781E17EFA}
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
O42 - Logiciel: Security Update for CAPICOM (KB931906) - (.Microsoft Corporation.) [HKLM] -- KB931906
O42 - Logiciel: Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB2416473
O42 - Logiciel: Synaptics Pointing Device Driver - (.Synaptics.) [HKLM] -- SynTPDeinstKey
O42 - Logiciel: Tablette - (.Wacom Technology Corp..) [HKLM] -- Tablet Driver
O42 - Logiciel: USB2.0 1.3M Web Cam - (.Pas de propriétaire.) [HKLM] -- {A87869D7-B133-498C-A347-D9BE109FF6C8}
O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707
O42 - Logiciel: VLC media player 1.0.3 - (.VideoLAN Team.) [HKLM] -- VLC media player
O42 - Logiciel: WinFlash - (.Pas de propriétaire.) [HKLM] -- {DE10AB76-4756-4913-BE25-55D1C1051F9A}
O42 - Logiciel: Windows Genuine Advantage Validation Tool (KB892130) - (.Microsoft Corporation.) [HKLM] -- KB892130
O42 - Logiciel: Windows Internet Explorer 7 - (.Microsoft Corporation.) [HKLM] -- ie7
O42 - Logiciel: Windows Media Format 11 runtime - (.Microsoft Corporation.) [HKLM] -- WMFDist11
O42 - Logiciel: Windows Media Format 11 runtime - (.Pas de propriétaire.) [HKLM] -- Windows Media Format Runtime
O42 - Logiciel: Windows Media Player 11 - (.Microsoft Corporation.) [HKLM] -- wmp11
O42 - Logiciel: Windows XP Media Center Edition 2005 KB2502898 - (.Microsoft Corporation.) [HKLM] -- KB2502898
O42 - Logiciel: Windows XP Media Center Edition 2005 KB895198 - (.Microsoft Corporation.) [HKLM] -- KB895198
O42 - Logiciel: Windows XP Media Center Edition 2005 KB895678 - (.Microsoft Corporation.) [HKLM] -- KB895678
O42 - Logiciel: Windows XP Media Center Edition 2005 KB908250 - (.Microsoft Corporation.) [HKLM] -- KB908250
O42 - Logiciel: Windows XP Media Center Edition 2005 KB912067 - (.Microsoft Corporation.) [HKLM] -- KB912067
O42 - Logiciel: Windows XP Media Center Edition 2005 KB919803 - (.Microsoft Corporation.) [HKLM] -- KB919803
O42 - Logiciel: Windows XP Media Center Edition 2005 KB973768 - (.Microsoft Corporation.) [HKLM] -- KB973768
O42 - Logiciel: Windows XP Service Pack 3 - (.Microsoft Corporation.) [HKLM] -- Windows XP Service
O42 - Logiciel: Windows XP Édition Media Center 2005 Belgium Tuning Table - (.Microsoft Corporation.) [HKLM] -- BelgiumTuningTable
O42 - Logiciel: Windows XP Édition Media Center 2005 KB888316 - (.Microsoft Corporation.) [HKLM] -- KB888316
O42 - Logiciel: Windows XP Édition Media Center 2005 KB890629 - (.Microsoft Corporation.) [HKLM] -- KB890629
O42 - Logiciel: Wireless Console 2 - (.ATK.) [HKLM] -- {83F73CB1-7705-49D1-9852-84D839CA2A45}
O42 - Logiciel: ZebHelpProcess 2.51 - (.Nicolas Coolman.) [HKLM] -- Zeb Help Process_is1

---\\ HKCU & HKLM Software Keys
[HKCU\Software\Adobe]
[HKCU\Software\Ahead]
[HKCU\Software\Apple Computer, Inc.]
[HKCU\Software\Apple Inc.]
[HKCU\Software\Audacity]
[HKCU\Software\Aurigma]
[HKCU\Software\Auslogics]
[HKCU\Software\Avg]
[HKCU\Software\Belkin]
[HKCU\Software\BitDefender]
[HKCU\Software\BlazeVideo]
[HKCU\Software\CDDB]
[HKCU\Software\Canal+ Active]
[HKCU\Software\Classes.crx]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\Cyberlink]
[HKCU\Software\ESET]
[HKCU\Software\F-Secure]
[HKCU\Software\Fnac_FR]
[HKCU\Software\Genesis Digital Innovations]
[HKCU\Software\Google]
[HKCU\Software\HP]
[HKCU\Software\Hewlett-Packard]
[HKCU\Software\HookNetwork]
[HKCU\Software\IADirectShow]
[HKCU\Software\IM Providers]
[HKCU\Software\Intel]
[HKCU\Software\Iris]
[HKCU\Software\Issendis]
[HKCU\Software\JavaSoft]
[HKCU\Software\Lake]
[HKCU\Software\Local AppWizard-Generated Applications]
[HKCU\Software\Macromedia]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Mozilla]
[HKCU\Software\NVIDIA Corporation]
[HKCU\Software\Netscape]
[HKCU\Software\OFFICE One v6]
[HKCU\Software\OFFICE One]
[HKCU\Software\Policies]
[HKCU\Software\RealNetworks]
[HKCU\Software\Realtek]
[HKCU\Software\RegisteredApplications]
[HKCU\Software\SFR]
[HKCU\Software\Samsung]
[HKCU\Software\Serif]
[HKCU\Software\Skype]
[HKCU\Software\Sony Corporation]
[HKCU\Software\Sun Microsystems]
[HKCU\Software\Synaptics]
[HKCU\Software\VB and VBA Program Settings]
[HKCU\Software\YahooPartnerToolbar]
[HKCU\Software\cacaoweb]
[HKCU\Software\keyhole.com]
[HKLM\Software\781]
[HKLM\Software\ASUS]
[HKLM\Software\ATK0100]
[HKLM\Software\Adobe]
[HKLM\Software\Apple Computer, Inc.]
[HKLM\Software\Apple Inc.]
[HKLM\Software\Belkin]
[HKLM\Software\BitDefender]
[HKLM\Software\Borland]
[HKLM\Software\BrowserChoice]
[HKLM\Software\C07ft5Y]
[HKLM\Software\CDDB]
[HKLM\Software\Canal+ Active]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\CyberLink]
[HKLM\Software\Eset]
[HKLM\Software\Fnac_FR]
[HKLM\Software\Fujifilm]
[HKLM\Software\GEAR Software]
[HKLM\Software\Gemplus]
[HKLM\Software\Google]
[HKLM\Software\Guangbo]
[HKLM\Software\HP]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\HighCriteria]
[HKLM\Software\ICE]
[HKLM\Software\Imagine IT Limited]
[HKLM\Software\InstallShield]
[HKLM\Software\InstalledOptions]
[HKLM\Software\Intel]
[HKLM\Software\InterActual Technologies]
[HKLM\Software\Issendis]
[HKLM\Software\JavaSoft]
[HKLM\Software\LEAD Technologies, Inc.]
[HKLM\Software\Lake]
[HKLM\Software\LanSetup]
[HKLM\Software\Licenses]
[HKLM\Software\LightScribe]
[HKLM\Software\MCCI]
[HKLM\Software\MDC]
[HKLM\Software\Macromedia]
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\Micro Application]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\NVIDIA Corporation]
[HKLM\Software\Nero]
[HKLM\Software\ODBC]
[HKLM\Software\OFFICE One]
[HKLM\Software\OldTimer Tools]
[HKLM\Software\Policies]
[HKLM\Software\Program Groups]
[HKLM\Software\RealNetworks]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\Runscanner.net]
[HKLM\Software\SFR]
[HKLM\Software\Schlumberger]
[HKLM\Software\Serif]
[HKLM\Software\Set8168]
[HKLM\Software\Skype]
[HKLM\Software\Sonic]
[HKLM\Software\Sony Corporation]
[HKLM\Software\Sony Creative Software]
[HKLM\Software\Synaptics]
[HKLM\Software\TG Byte Software]
[HKLM\Software\Toshiba]
[HKLM\Software\VideoLAN]
[HKLM\Software\Wacom]
[HKLM\Software\Windows 3.1 Migration Status]
[HKLM\Software\Xing Technology Corp.]
[HKLM\Software\ffffffff]
[HKLM\Software\mozilla.org]
[HKLM\Software\optimidata]
~ Scan Softwares in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 22/10/2008 - 16:44:06 - [434898999] ----D- C:\Program Files\Fichiers communs
O43 - CFD: 22/10/2008 - 16:47:48 - [3942655] ----D- C:\Program Files\Windows NT
O43 - CFD: 22/10/2008 - 16:47:48 - [19278399] ----D- C:\Program Files\MSN
O43 - CFD: 22/10/2008 - 16:47:58 - [8745735] ----D- C:\Program Files\MSN Gaming Zone
O43 - CFD: 22/10/2008 - 16:47:58 - [2152579] ----D- C:\Program Files\Messenger
O43 - CFD: 22/10/2008 - 16:48:12 - [10949041] ----D- C:\Program Files\Movie Maker
O43 - CFD: 22/10/2008 - 16:48:18 - [41055406] ----D- C:\Program Files\Windows Plus
O43 - CFD: 22/10/2008 - 16:48:24 - [9600055] ----D- C:\Program Files\Windows Media Player
O43 - CFD: 22/10/2008 - 16:48:50 - [0] ----D- C:\Program Files\ComPlus Applications
O43 - CFD: 22/10/2008 - 16:50:16 - [3428115] ----D- C:\Program Files\Internet Explorer
O43 - CFD: 22/10/2008 - 16:50:18 - [4379321] ----D- C:\Program Files\Outlook Express
O43 - CFD: 22/10/2008 - 16:50:20 - [3285523] ----D- C:\Program Files\NetMeeting
O43 - CFD: 22/10/2008 - 16:50:44 - [929] ----D- C:\Program Files\Services en ligne
O43 - CFD: 22/10/2008 - 16:50:48 - [0] --H-D- C:\Program Files\WindowsUpdate
O43 - CFD: 22/10/2008 - 16:53:02 - [0] ----D- C:\Program Files\microsoft frontpage
O43 - CFD: 22/10/2008 - 16:53:02 - [0] ----D- C:\Program Files\xerox
O43 - CFD: 22/10/2008 - 17:15:18 - [26958134] ----D- C:\Program Files\Intel
O43 - CFD: 22/10/2008 - 17:18:10 - [0] --H-D- C:\Program Files\Uninstall Information
O43 - CFD: 22/10/2008 - 17:30:00 - [22281774] --H-D- C:\Program Files\InstallShield Installation Information
O43 - CFD: 22/10/2008 - 17:30:00 - [41355414] ----D- C:\Program Files\Realtek
O43 - CFD: 22/10/2008 - 17:32:14 - [26880611] ----D- C:\Program Files\Synaptics
O43 - CFD: 22/10/2008 - 17:33:18 - [1339904] ----D- C:\Program Files\Wireless Console 2
O43 - CFD: 22/10/2008 - 17:37:16 - [1877521] ----D- C:\Program Files\ASUS
O43 - CFD: 22/10/2008 - 17:40:58 - [24463251] ----D- C:\Program Files\Toshiba
O43 - CFD: 22/10/2008 - 17:43:42 - [426465978] ----D- C:\Program Files\Adobe
O43 - CFD: 22/10/2008 - 18:19:28 - [0] ----D- C:\Program Files\Ahead
O43 - CFD: 22/10/2008 - 18:23:24 - [36428513] ----D- C:\Program Files\ASUSTek
O43 - CFD: 22/10/2008 - 18:23:28 - [61440] ----D- C:\Program Files\CyberLink
O43 - CFD: 22/10/2008 - 18:25:38 - [150370858] ----D- C:\Program Files\Microsoft Works
O43 - CFD: 22/10/2008 - 18:27:42 - [4225378] ----D- C:\Program Files\Microsoft Office
O43 - CFD: 22/10/2008 - 18:32:42 - [160107002] ---AD- C:\Program Files\OFFICE One6.5
O43 - CFD: 23/10/2008 - 15:41:14 - [0] ----D- C:\Program Files\MSXML 4.0
O43 - CFD: 24/10/2008 - 16:30:38 - [8853486] ----D- C:\Program Files\Audacity
O43 - CFD: 24/10/2008 - 19:26:12 - [30055151] ----D- C:\Program Files\MSN Messenger
O43 - CFD: 24/10/2008 - 19:40:24 - [32675408] ----D- C:\Program Files\Ciel
O43 - CFD: 24/10/2008 - 19:42:54 - [550359] ----D- C:\Program Files\ISSENDIS
O43 - CFD: 24/10/2008 - 19:43:50 - [23389722] ----D- C:\Program Files\OFFICE One GAMES v1
O43 - CFD: 24/10/2008 - 21:51:04 - [20383488] ----D- C:\Program Files\Google
O43 - CFD: 26/10/2008 - 15:46:22 - [302631617] ----D- C:\Program Files\HP
O43 - CFD: 27/10/2008 - 20:54:32 - [1731312] ----D- C:\Program Files\Hewlett-Packard
O43 - CFD: 31/10/2008 - 22:18:50 - [10207874] ----D- C:\Program Files\Tablet
O43 - CFD: 21/06/2009 - 20:29:26 - [11177528] ----D- C:\Program Files\Lecteur CANALPLAY
O43 - CFD: 08/09/2009 - 20:06:50 - [7149099] ----D- C:\Program Files\Belkin
O43 - CFD: 20/09/2009 - 15:22:26 - [9751] ----D- C:\Program Files\Fnac
O43 - CFD: 26/09/2009 - 13:34:54 - [84902319] ----D- C:\Program Files\Windows Live
O43 - CFD: 26/09/2009 - 13:35:20 - [245112] ----D- C:\Program Files\Windows Live SkyDrive
O43 - CFD: 26/09/2009 - 13:35:38 - [226432] ----D- C:\Program Files\Microsoft
O43 - CFD: 26/09/2009 - 13:41:08 - [38411899] ----D- C:\Program Files\Microsoft Silverlight
O43 - CFD: 01/11/2009 - 17:10:42 - [81115920] ----D- C:\Program Files\Java
O43 - CFD: 01/11/2009 - 17:39:12 - [744960] ----D- C:\Program Files\Micro Application
O43 - CFD: 16/11/2009 - 19:51:58 - [3581070] ----D- C:\Program Files\Windows Media Connect 2
O43 - CFD: 20/11/2009 - 11:09:28 - [0] ----D- C:\Program Files\Real
O43 - CFD: 20/11/2009 - 18:08:00 - [75156207] ----D- C:\Program Files\VideoLAN
O43 - CFD: 10/02/2010 - 12:41:10 - [97962649] ----D- C:\Program Files\Sony Setup
O43 - CFD: 10/02/2010 - 12:46:06 - [97440172] ----D- C:\Program Files\Sony
O43 - CFD: 28/03/2010 - 11:01:00 - [800662] ----D- C:\Program Files\Microsoft CAPICOM 2.1.0.2
O43 - CFD: 29/03/2010 - 08:03:14 - [36400897] ----D- C:\Program Files\Reference Assemblies
O43 - CFD: 29/03/2010 - 08:03:24 - [25757] ----D- C:\Program Files\MSBuild
O43 - CFD: 29/03/2010 - 08:44:04 - [37210423] ----D- C:\Program Files\Mozilla Firefox
O43 - CFD: 17/09/2011 - 13:27:46 - [41407232] ----D- C:\Program Files\SFR
O43 - CFD: 17/09/2011 - 16:02:02 - [18407068] ----D- C:\Program Files\Microsoft Security Client
O43 - CFD: 19/09/2011 - 21:31:32 - [399088] ----D- C:\Program Files\cacaoweb
O43 - CFD: 21/09/2011 - 18:40:50 - [30964520] R---D- C:\Program Files\Skype
O43 - CFD: 25/09/2011 - 20:23:48 - [2428606] ----D- C:\Program Files\Apple Software Update
O43 - CFD: 28/09/2011 - 20:34:24 - [611139] ----D- C:\Program Files\Bonjour
O43 - CFD: 28/09/2011 - 20:37:48 - [75697179] ----D- C:\Program Files\QuickTime
O43 - CFD: 28/09/2011 - 20:38:46 - [124246827] ----D- C:\Program Files\iTunes
O43 - CFD: 28/09/2011 - 20:38:48 - [1868883] ----D- C:\Program Files\iPod
O43 - CFD: 30/09/2011 - 23:47:30 - [7003934] ----D- C:\Program Files\Malwarebytes' Anti-Malware
O43 - CFD: 01/10/2011 - 11:00:06 - [126656180] ----D- C:\Program Files\ESET
O43 - CFD: 03/10/2011 - 19:15:56 - [112446394] ----D- C:\Program Files\AVG
O43 - CFD: 03/10/2011 - 20:25:02 - [0] ----D- C:\Program Files\MALWAREBYTES ANTI-MALWARE
O43 - CFD: 04/10/2011 - 15:57:12 - [119622611] ----D- C:\Program Files\ZebHelpProcess
O43 - CFD: 22/10/2008 - 16:44:06 - [52379109] ----D- C:\Program Files\Fichiers Communs\Microsoft Shared
O43 - CFD: 22/10/2008 - 16:44:06 - [3787229] ----D- C:\Program Files\Fichiers Communs\SpeechEngines
O43 - CFD: 22/10/2008 - 16:44:06 - [0] ----D- C:\Program Files\Fichiers Communs\ODBC
O43 - CFD: 22/10/2008 - 16:50:16 - [6811317] ----D- C:\Program Files\Fichiers Communs\System
O43 - CFD: 22/10/2008 - 16:50:26 - [284160] ----D- C:\Program Files\Fichiers Communs\MSSoap
O43 - CFD: 22/10/2008 - 16:50:28 - [8106] ----D- C:\Program Files\Fichiers Communs\Services
O43 - CFD: 22/10/2008 - 17:23:44 - [11151256] ----D- C:\Program Files\Fichiers Communs\InstallShield
O43 - CFD: 22/10/2008 - 17:43:48 - [55145555] ----D- C:\Program Files\Fichiers Communs\Adobe
O43 - CFD: 22/10/2008 - 18:21:56 - [4928892] ----D- C:\Program Files\Fichiers Communs\LightScribe
O43 - CFD: 22/10/2008 - 18:22:16 - [2386862] ----D- C:\Program Files\Fichiers Communs\Nero
O43 - CFD: 23/10/2008 - 16:01:10 - [89300218] ----D- C:\Program Files\Fichiers Communs\BitDefender
O43 - CFD: 24/10/2008 - 17:54:58 - [101725976] ----D- C:\Program Files\Fichiers Communs\Apple
O43 - CFD: 24/10/2008 - 19:40:18 - [5382222] ----D- C:\Program Files\Fichiers Communs\Ciel
O43 - CFD: 24/10/2008 - 19:41:08 - [7675822] ----D- C:\Program Files\Fichiers Communs\Borland Shared
O43 - CFD: 27/10/2008 - 20:54:06 - [457237] ----D- C:\Program Files\Fichiers Communs\Hewlett-Packard
O43 - CFD: 27/10/2008 - 20:57:20 - [5557190] ----D- C:\Program Files\Fichiers Communs\HP
O43 - CFD: 27/10/2008 - 20:59:46 - [208896] ----D- C:\Program Files\Fichiers Communs\Sonic Shared
O43 - CFD: 16/09/2009 - 15:55:58 - [85907256] ----D- C:\Program Files\Fichiers Communs\Windows Live
O43 - CFD: 13/11/2009 - 13:54:48 - [329728] ----D- C:\Program Files\Fichiers Communs\Micro Application Shared
O43 - CFD: 20/11/2009 - 11:09:24 - [1130496] ----D- C:\Program Files\Fichiers Communs\Real
O43 - CFD: 10/02/2010 - 12:47:04 - [341472] ----D- C:\Program Files\Fichiers Communs\Sony Shared
O43 - CFD: 22/10/2008 - 17:25:48 - [0] ----D- C:\Documents and Settings\Perso\Application Data\Symantec
O43 - CFD: 22/10/2008 - 17:35:54 - [35171] ----D- C:\Documents and Settings\Perso\Application Data\Intel
O43 - CFD: 22/10/2008 - 17:37:58 - [62966] ----D- C:\Documents and Settings\Perso\Application Data\Macromedia
O43 - CFD: 22/10/2008 - 16:52:50 - [0] ----D- C:\Documents and Settings\Perso\Application Data\Identities
O43 - CFD: 22/10/2008 - 16:43:40 - [2967963] -S--D- C:\Documents and Settings\Perso\Application Data\Microsoft
O43 - CFD: 22/10/2008 - 19:07:34 - [16998634] ----D- C:\Documents and Settings\Perso\Application Data\Adobe
O43 - CFD: 24/10/2008 - 17:57:30 - [399793] ----D- C:\Documents and Settings\Perso\Application Data\Apple Computer
O43 - CFD: 24/10/2008 - 19:08:48 - [0] ----D- C:\Documents and Settings\Perso\Application Data\AdobeUM
O43 - CFD: 24/10/2008 - 19:38:10 - [1169138] ----D- C:\Documents and Settings\Perso\Application Data\OFFICE One v6
O43 - CFD: 24/10/2008 - 20:11:04 - [12558551] ----D- C:\Documents and Settings\Perso\Application Data\Mozilla
O43 - CFD: 24/10/2008 - 21:54:48 - [33609] ----D- C:\Documents and Settings\Perso\Application Data\Google
O43 - CFD: 27/10/2008 - 18:32:30 - [3434350] ----D- C:\Documents and Settings\Perso\Application Data\Skype
O43 - CFD: 27/10/2008 - 18:33:48 - [37216] ----D- C:\Documents and Settings\Perso\Application Data\skypePM
O43 - CFD: 27/10/2008 - 21:04:10 - [40348] ----D- C:\Documents and Settings\Perso\Application Data\HP
O43 - CFD: 30/10/2008 - 17:11:32 - [0] ----D- C:\Documents and Settings\Perso\Application Data\U3
O43 - CFD: 31/10/2008 - 22:19:40 - [340] ----D- C:\Documents and Settings\Perso\Application Data\WTablet
O43 - CFD: 16/11/2008 - 15:09:36 - [1204] ----D- C:\Documents and Settings\Perso\Application Data\Ambient Design
O43 - CFD: 24/01/2009 - 11:15:00 - [53] ----D- C:\Documents and Settings\Perso\Application Data\BitDefender
O43 - CFD: 30/01/2009 - 16:18:56 - [13220] ----D- C:\Documents and Settings\Perso\Application Data\Malwarebytes
O43 - CFD: 12/04/2009 - 18:56:18 - [8704] ----D- C:\Documents and Settings\Perso\Application Data\Template
O43 - CFD: 21/05/2009 - 18:55:38 - [165] ----D- C:\Documents and Settings\Perso\Application Data\gtk-2.0
O43 - CFD: 28/06/2009 - 21:05:54 - [51712] ----D- C:\Documents and Settings\Perso\Application Data\CyberLink
O43 - CFD: 08/09/2009 - 20:06:16 - [0] ----D- C:\Documents and Settings\Perso\Application Data\InstallShield
O43 - CFD: 01/11/2009 - 17:09:12 - [186569] ----D- C:\Documents and Settings\Perso\Application Data\Sun
O43 - CFD: 01/11/2009 - 17:43:52 - [5453960] ----D- C:\Documents and Settings\Perso\Application Data\Serif
O43 - CFD: 20/11/2009 - 11:09:18 - [353731] ----D- C:\Documents and Settings\Perso\Application Data\Real
O43 - CFD: 20/11/2009 - 18:10:02 - [1058446] ----D- C:\Documents and Settings\Perso\Application Data\vlc
O43 - CFD: 20/11/2009 - 18:10:22 - [903] ----D- C:\Documents and Settings\Perso\Application Data\dvdcss
O43 - CFD: 10/02/2010 - 12:41:20 - [117946764] ----D- C:\Documents and Settings\Perso\Application Data\Sony
O43 - CFD: 10/02/2010 - 12:41:20 - [0] ----D- C:\Documents and Settings\Perso\Application Data\Sony Setup
O43 - CFD: 13/02/2010 - 11:42:28 - [327] ----D- C:\Documents and Settings\Perso\Application Data\MSNInstaller
O43 - CFD: 19/09/2011 - 21:31:38 - [65] ----D- C:\Documents and Settings\Perso\Application Data\cacaoweb
O43 - CFD: 22/09/2011 - 12:00:20 - [559] ----D- C:\Documents and Settings\Perso\Application Data\HpUpdate
O43 - CFD: 30/09/2011 - 21:03:38 - [0] ----D- C:\Documents and Settings\Perso\Application Data\f-secure
O43 - CFD: 03/10/2011 - 19:18:38 - [405] ----D- C:\Documents and Settings\Perso\Application Data\AVG2012
O43 - CFD: 22/10/2008 - 16:58:26 - [54100] ----D- C:\Documents and Settings\Perso\Local Settings\Application Data\ApplicationHistory
O43 - CFD: 22/10/2008 - 16:52:24 - [645012535] ----D- C:\Documents and Settings\Perso\Local Settings\Application Data\Microsoft
O43 - CFD: 22/10/2008 - 19:07:34 - [174341719] ----D- C:\Documents and Settings\Perso\Local Settings\Application Data\Adobe
O43 - CFD: 24/10/2008 - 17:54:32 - [45542399] ----D- C:\Documents and Settings\Perso\Local Settings\Application Data\Apple Computer
O43 - CFD: 24/10/2008 - 17:55:40 - [0] ----D- C:\Documents and Settings\Perso\Local Settings\Application Data\Apple
O43 - CFD: 24/10/2008 - 21:54:48 - [150629899] ----D- C:\Documents and Settings\Perso\Local Settings\Application Data\Google
O43 - CFD: 27/10/2008 - 22:25:54 - [79527151] ----D- C:\Documents and Settings\Perso\Local Settings\Application Data\HP
O43 - CFD: 27/10/2008 - 22:26:10 - [1205] ----D- C:\Documents and Settings\Perso\Local Settings\Application Data\IsolatedStorage
O43 - CFD: 06/11/2008 - 21:00:02 - [309460] ----D- C:\Documents and Settings\Perso\Local Settings\Application Data\Identities
O43 - CFD: 30/01/2009 - 17:32:30 - [188416] ----D- C:\Documents and Settings\Perso\Local Settings\Application Data\Runscanner.net
O43 - CFD: 07/05/2009 - 17:43:20 - [0] ----D- C:\Documents and Settings\Perso\Local Settings\Application Data\Help
O43 - CFD: 29/06/2009 - 18:45:10 - [0] ----D- C:\Documents and Settings\Perso\Local Settings\Application Data\WMTools Downloaded Files
O43 - CFD: 25/10/2009 - 16:52:46 - [0] ----D- C:\Documents and Settings\Perso\Local Settings\Application Data\Temp
O43 - CFD: 13/11/2009 - 14:13:18 - [0] ----D- C:\Documents and Settings\Perso\Local Settings\Application Data\Micro Application
O43 - CFD: 10/02/2010 - 12:46:14 - [7871488] ----D- C:\Documents and Settings\Perso\Local Settings\Application Data\Downloaded Installations
O43 - CFD: 10/02/2010 - 12:48:38 - [187938] ----D- C:\Documents and Settings\Perso\Local Settings\Application Data\Sony
O43 - CFD: 14/03/2010 - 10:11:06 - [0] ----D- C:\Documents and Settings\Perso\Local Settings\Application Data\Real
O43 - CFD: 29/03/2010 - 08:44:10 - [49818806] ----D- C:\Documents and Settings\Perso\Local Settings\Application Data\Mozilla
O43 - CFD: 30/03/2010 - 14:25:48 - [0] ----D- C:\Documents and Settings\Perso\Local Settings\Application Data\PCHealth
O43 - CFD: 17/09/2011 - 13:28:02 - [233118] ----D- C:\Documents and Settings\Perso\Local Settings\Application Data\SFR
~ Scan Program Folder in 00mn 31s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.7419056D0280B39037BE3E181A44FD6E] - 04/10/2011 - 15:07:24 ---A- . (...) -- C:\PDOXUSRS.NET [13030]
O44 - LFC:[MD5.444BF80EDFB52D5C039C75F1C34DF588] - 04/10/2011 - 14:04:08 ---A- . (...) -- C:\WINDOWS\ModemLog_SFR 3G Modem ALCATEL.txt [16612]
O44 - LFC:[MD5.CB1B6500ADC5A6C339C02AACBCCC2F7D] - 04/10/2011 - 13:59:50 ---A- . (...) -- C:\WINDOWS\WindowsUpdate.log [2003140]
O44 - LFC:[MD5.9E9232D6457C331A62BF00E28D46DE6C] - 04/10/2011 - 13:50:58 ---A- . (...) -- C:\WINDOWS\setupapi.log [621561]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 04/10/2011 - 13:50:50 ---A- . (...) -- C:\WINDOWS\0.log [0]
O44 - LFC:[MD5.BD8A99C809D173B30490B44684C02145] - 04/10/2011 - 13:50:26 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.DE21F22373AFDF57E351FBE9B9777FC5] - 04/10/2011 - 13:48:58 -S-A- . (...) -- C:\WINDOWS\bootstat.dat [2048]
O44 - LFC:[MD5.3951DC489C0F90AC8304141E88DC8581] - 04/10/2011 - 08:35:44 ---A- . (...) -- C:\WINDOWS\SchedLgU.Txt [32404]
O44 - LFC:[MD5.53D03C2B65A7067A0100437C05A90FDD] - 04/10/2011 - 08:35:40 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.A0DE52F14D0F103EAA55D2C9BC2A2F46] - 01/10/2011 - 13:49:42 ---A- . (...) -- C:\WINDOWS\ie8_main.log [132685]
O44 - LFC:[MD5.69A6268D7F81E53D568AB4E7E991CAF3] - 30/09/2011 - 22:47:28 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbam.sys [22216]
O44 - LFC:[MD5.6F1ED1265467F4B0B1B8D719A62DCEA5] - 30/09/2011 - 17:02:12 ---A- . (...) -- C:\WINDOWS\system32\d3d9caps.dat [664]
O44 - LFC:[MD5.71350EF4BD157B94DB19AF8D57991D77] - 20/09/2011 - 21:37:16 ---A- . (...) -- C:\WINDOWS\KB2616676-v2.log [11606]
O44 - LFC:[MD5.6C4BF434B102DA75580CE11D2073AB15] - 20/09/2011 - 21:37:16 ---A- . (...) -- C:\WINDOWS\MedCtrOC.log [217928]
O44 - LFC:[MD5.250B68E7DBE2EE32D5724A4917B855A7] - 20/09/2011 - 21:37:16 ---A- . (...) -- C:\WINDOWS\ehOCGen.log [65397]
O44 - LFC:[MD5.F3E9D6BC8D1FF08E5FEC36414FD8BAD3] - 20/09/2011 - 21:37:14 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [1151152]
O44 - LFC:[MD5.6366C64C3914799ACE734383E138656E] - 20/09/2011 - 21:37:14 ---A- . (...) -- C:\WINDOWS\comsetup.log [393635]
O44 - LFC:[MD5.16123CED53E966B68EC238BD7211D60C] - 20/09/2011 - 21:37:14 ---A- . (...) -- C:\WINDOWS\iis6.log [1300274]
O44 - LFC:[MD5.D56D00AF18F5969CABBFE58AA3C7C409] - 20/09/2011 - 21:37:14 ---A- . (...) -- C:\WINDOWS\imsins.log [1374]
O44 - LFC:[MD5.B767AFD168C653643935CE0D12AEA415] - 20/09/2011 - 21:37:14 ---A- . (...) -- C:\WINDOWS\msgsocm.log [58067]
O44 - LFC:[MD5.B8F3782D2F5E2537C5FF2E7A912BCE04] - 20/09/2011 - 21:37:14 ---A- . (...) -- C:\WINDOWS\netfxocm.log [215979]
O44 - LFC:[MD5.370DF8BB76ADB7BFD6E762540EED7A84] - 20/09/2011 - 21:37:14 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [237401]
O44 - LFC:[MD5.A76EFFAA5DA284F0038E079F6C72369F] - 20/09/2011 - 21:37:14 ---A- . (...) -- C:\WINDOWS\ocgen.log [567841]
O44 - LFC:[MD5.E6D5F4D085BB62EDCB14B09DE671B647] - 20/09/2011 - 21:37:14 ---A- . (...) -- C:\WINDOWS\ocmsn.log [63908]
O44 - LFC:[MD5.99F2D5B8599E6B98C23B04732BCCC677] - 20/09/2011 - 21:37:14 ---A- . (...) -- C:\WINDOWS\plusoc.log [133420]
O44 - LFC:[MD5.96CFDBA08EB8059790C2479426089213] - 20/09/2011 - 21:37:14 ---A- . (...) -- C:\WINDOWS\tabletoc.log [58674]
O44 - LFC:[MD5.A98B02D12AB6B22D9D6F6A6C2C292FB9] - 20/09/2011 - 21:37:14 ---A- . (...) -- C:\WINDOWS\tsoc.log [534293]
O44 - LFC:[MD5.6BB9539B761FE0AA1101314F2ABACFB5] - 20/09/2011 - 21:37:12 ---A- . (...) -- C:\WINDOWS\msmqinst.log [368182]
O44 - LFC:[MD5.49173859F3A8F26190397645B025EA09] - 19/09/2011 - 12:04:30 ---A- . (...) -- C:\WINDOWS\KB2544521-IE7.log [17086]
O44 - LFC:[MD5.18B686EF408E6DFF84C33F6CAF1D22CD] - 19/09/2011 - 12:04:30 ---A- . (...) -- C:\WINDOWS\imsins.BAK [1374]
O44 - LFC:[MD5.E185BDA84E5F03F4E1D8DCA30E209277] - 19/09/2011 - 12:04:20 ---A- . (...) -- C:\WINDOWS\epplauncher.mif [1912]
O44 - LFC:[MD5.D4403A16BFA1308B75F70D4E4F9D01DA] - 19/09/2011 - 12:02:16 ---A- . (...) -- C:\WINDOWS\KB2559049-IE7.log [89968]
O44 - LFC:[MD5.3F12CAC370BC5D68A52EC193AB845AAF] - 19/09/2011 - 12:02:08 ---A- . (...) -- C:\WINDOWS\updspapi.log [293335]
O44 - LFC:[MD5.CB4255B88BF69B4C6663C8EB07448DF0] - 19/09/2011 - 12:01:46 ---A- . (...) -- C:\WINDOWS\KB2510581.log [13730]
O44 - LFC:[MD5.18E0FCBC455C4C59A9E871E7D49F2B63] - 19/09/2011 - 11:46:18 ---A- . (...) -- C:\WINDOWS\KB2467659.log [6571]
O44 - LFC:[MD5.62FC39B0A3293CE60FD00507BF02B267] - 19/09/2011 - 11:46:10 ---A- . (...) -- C:\WINDOWS\KB971961.log [7137]
O44 - LFC:[MD5.E3C3D90BE086DFCB14209BB2B86BCB45] - 18/09/2011 - 08:40:06 ---A- . (...) -- C:\WINDOWS\medblker.Log [3911]
O44 - LFC:[MD5.796418A06AA3D8E94B2DD53F19DB0421] - 18/09/2011 - 08:40:06 ---A- . (...) -- C:\WINDOWS\spupdsvc.log [114543]
O44 - LFC:[MD5.EFD15016046770204FD4450F5C008DCF] - 18/09/2011 - 08:38:54 ---A- . (...) -- C:\WINDOWS\system32\FNTCACHE.DAT [588592]
O44 - LFC:[MD5.2F82A3F7F66FC10F53AA946C4835F0E8] - 18/09/2011 - 08:24:34 ---A- . (...) -- C:\WINDOWS\KB2570791.log [140780]
O44 - LFC:[MD5.5F14B62B50FBB72C236E3FAD0D0CC3F6] - 18/09/2011 - 08:24:34 ---A- . (...) -- C:\WINDOWS\system32\TZLog.log [218998]
O44 - LFC:[MD5.D50BC4826331FA51B61A6DEB8C859AF1] - 18/09/2011 - 08:23:52 ---A- . (...) -- C:\WINDOWS\system32\PerfStringBackup.INI [1076352]
O44 - LFC:[MD5.9D2695EA209BFD75D3C8F3604E8313D0] - 18/09/2011 - 08:23:52 ---A- . (...) -- C:\WINDOWS\system32\perfc009.dat [71060]
O44 - LFC:[MD5.11A9E6899DE052B080B1E1AC25D9F314] - 18/09/2011 - 08:23:52 ---A- . (...) -- C:\WINDOWS\system32\perfc00C.dat [84526]
O44 - LFC:[MD5.E868D96A6EDE82662A5E5F8CA816ACBA] - 18/09/2011 - 08:23:52 ---A- . (...) -- C:\WINDOWS\system32\perfh009.dat [441124]
O44 - LFC:[MD5.46CE7BDD2388EB59877D93714F88B64D] - 18/09/2011 - 08:23:52 ---A- . (...) -- C:\WINDOWS\system32\perfh00C.dat [510324]
O44 - LFC:[MD5.DBFEE62D284986EB616603FFEE7A91C5] - 18/09/2011 - 08:17:50 ---A- . (...) -- C:\WINDOWS\KB2387149.log [141933]
O44 - LFC:[MD5.1C6C035E8AD6B090742460EF84C7B60F] - 18/09/2011 - 08:17:40 ---A- . (...) -- C:\WINDOWS\KB2567680.log [151465]
O44 - LFC:[MD5.89D155EC3084C5FAB8DB7F4218F514A3] - 18/09/2011 - 08:17:34 ---A- . (...) -- C:\WINDOWS\KB2478971.log [150881]
O44 - LFC:[MD5.450E830ABC31483CC0382EC437C982BB] - 18/09/2011 - 08:17:28 ---A- . (...) -- C:\WINDOWS\KB2616676.log [150348]
O44 - LFC:[MD5.A76F028A14ED19F1B21CABEF8A6A00F1] - 18/09/2011 - 08:17:20 ---A- . (...) -- C:\WINDOWS\KB2345886.log [149922]
O44 - LFC:[MD5.E36B3A6D2D892C471073C77F013AACB9] - 18/09/2011 - 08:17:14 ---A- . (...) -- C:\WINDOWS\KB2536276-v2.log [140999]
O44 - LFC:[MD5.40814D013B0E366BECBF60EAE35541F9] - 18/09/2011 - 08:17:08 ---A- . (...) -- C:\WINDOWS\KB2296011.log [138246]
O44 - LFC:[MD5.AC626D4EBDE9718B591368C7D388E9C2] - 18/09/2011 - 08:17:02 ---A- . (...) -- C:\WINDOWS\KB2115168.log [148712]
O44 - LFC:[MD5.8789F8EC851A1D76C8F967FF8D5E5F1F] - 18/09/2011 - 08:16:58 ---A- . (...) -- C:\WINDOWS\KB975558.log [139433]
O44 - LFC:[MD5.1CA88BC6C1E80C8AB5F18A0333D473AA] - 18/09/2011 - 08:16:42 ---A- . (...) -- C:\WINDOWS\KB2378111.log [138736]
O44 - LFC:[MD5.9B5F617A4D5AE6301C05C57B3EDFC90A] - 18/09/2011 - 08:16:42 ---A- . (...) -- C:\WINDOWS\wmsetup.log [51036]
O44 - LFC:[MD5.173131977E327330EE9F308A84242B64] - 18/09/2011 - 08:16:30 ---A- . (...) -- C:\WINDOWS\KB2443105.log [148782]
O44 - LFC:[MD5.F110A490913A15CECEDE9F44C77B969F] - 18/09/2011 - 08:16:24 ---A- . (...) -- C:\WINDOWS\KB2229593.log [140397]
O44 - LFC:[MD5.B0C27189AACC2B1C90B1B55B7118C67E] - 18/09/2011 - 08:16:20 ---A- . (...) -- C:\WINDOWS\KB2481109.log [150422]
O44 - LFC:[MD5.3DB322FFDD1357B44535A6D69656CE34] - 18/09/2011 - 08:16:12 ---A- . (...) -- C:\WINDOWS\KB2485663.log [142180]
O44 - LFC:[MD5.844792CFCC05A8D86DFB514BC7DFFBBB] - 18/09/2011 - 08:13:12 ---A- . (...) -- C:\WINDOWS\KB2440591.log [140832]
O44 - LFC:[MD5.0A8427328B6BBD97DC9F9A6B1E36E84F] - 18/09/2011 - 08:13:06 ---A- . (...) -- C:\WINDOWS\KB982132.log [148925]
O44 - LFC:[MD5.8A0B3ECC86F4D9963EF359C1B215B14D] - 18/09/2011 - 08:11:56 ---A- . (...) -- C:\WINDOWS\KB2507938.log [35659]
O44 - LFC:[MD5.29B58D02E5AA3543FD1CF3E43C6E2029] - 18/09/2011 - 08:11:48 ---A- . (...) -- C:\WINDOWS\KB2476490.log [34264]
O44 - LFC:[MD5.03940F51BE61E5FF16CBEFFFBCC315E7] - 18/09/2011 - 08:11:42 ---A- . (...) -- C:\WINDOWS\KB2503665.log [26248]
O44 - LFC:[MD5.7E232DB1E9372D50D39652EF8E84BF97] - 18/09/2011 - 08:11:36 ---A- . (...) -- C:\WINDOWS\KB2347290.log [34063]
O44 - LFC:[MD5.F11CDD7FA215DDAF6183764F15EC71B2] - 18/09/2011 - 08:11:30 ---A- . (...) -- C:\WINDOWS\KB2483185.log [34504]
O44 - LFC:[MD5.A18E7741D7C26A02190CC7CAE28C603B] - 18/09/2011 - 08:11:14 ---A- . (...) -- C:\WINDOWS\KB2079403.log [34221]
O44 - LFC:[MD5.1EF9098FF9A7DA24477357F6355CAC54] - 18/09/2011 - 08:07:08 ---A- . (...) -- C:\WINDOWS\KB979687.log [33083]
O44 - LFC:[MD5.F67A8EA26BC73064C7A956F1A5DF8281] - 18/09/2011 - 08:06:58 ---A- . (...) -- C:\WINDOWS\KB2570222.log [24195]
O44 - LFC:[MD5.513646FBD72330B75474AB73F4D3A575] - 18/09/2011 - 08:06:52 ---A- . (...) -- C:\WINDOWS\KB2535512.log [24187]
O44 - LFC:[MD5.6CAF4F6412277CC89F39412C55ED58DD] - 18/09/2011 - 08:06:44 ---A- . (...) -- C:\WINDOWS\KB2412687.log [21697]
O44 - LFC:[MD5.120B5BB2BDCAA1C1A008D2A47177F64E] - 18/09/2011 - 08:03:24 ---A- . (...) -- C:\WINDOWS\KB2570947.log [23875]
O44 - LFC:[MD5.9B202367055CA8A3D4EBEAE402AE541C] - 18/09/2011 - 08:03:18 ---A- . (...) -- C:\WINDOWS\KB2508272.log [23663]
O44 - LFC:[MD5.6F4F459843D29C46B95E5DE1D24F766A] - 18/09/2011 - 08:03:14 ---A- . (...) -- C:\WINDOWS\KB980436.log [31294]
O44 - LFC:[MD5.E4D9D4590F087BAF7037924FDB5F959E] - 18/09/2011 - 08:03:04 ---A- . (...) -- C:\WINDOWS\KB981322.log [31585]
O44 - LFC:[MD5.DEA86A377D4F5AFC8E1B0D6B06D6E1B6] - 18/09/2011 - 08:02:56 ---A- . (...) -- C:\WINDOWS\KB2502898.log [24604]
O44 - LFC:[MD5.D76969252177C0808B692D662A5FBA6A] - 18/09/2011 - 08:02:10 ---A- . (...) -- C:\WINDOWS\KB2507618.log [30637]
O44 - LFC:[MD5.48A43B65179E43DCE10C6BF41C040BD2] - 18/09/2011 - 08:02:02 ---A- . (...) -- C:\WINDOWS\KB2419632.log [31354]
O44 - LFC:[MD5.21E264C60A62A6F95C30698C8732C630] - 18/09/2011 - 08:01:34 ---A- . (...) -- C:\WINDOWS\KB2508429.log [24165]
O44 - LFC:[MD5.79EC9EB5EB565361959270020B8FFC1D] - 18/09/2011 - 08:01:24 ---A- . (...) -- C:\WINDOWS\KB971029.log [23454]
O44 - LFC:[MD5.ECE0C6DEDC75F4212298158A5113B389] - 18/09/2011 - 08:01:08 ---A- . (...) -- C:\WINDOWS\KB2506212.log [22493]
O44 - LFC:[MD5.0C93E8946FEC28078E1F2835277CAEB9] - 18/09/2011 - 08:00:58 ---A- . (...) -- C:\WINDOWS\KB981997.log [14773]
O44 - LFC:[MD5.1B778C5DC43FBB78A35A0F3F618272EF] - 18/09/2011 - 07:59:50 ---A- . (...) -- C:\WINDOWS\KB2544893.log [14188]
O44 - LFC:[MD5.F23A1742766BA1C7DC7AB82647AC3FF8] - 18/09/2011 - 07:57:20 ---A- . (...) -- C:\WINDOWS\KB2509553.log [21524]
O44 - LFC:[MD5.A0C873632C929E5F0A4E578CBE3D22DE] - 18/09/2011 - 07:57:08 ---A- . (...) -- C:\WINDOWS\KB982665.log [18372]
O44 - LFC:[MD5.6A1872E01DD9847379A18DF4C791993C] - 18/09/2011 - 07:57:02 ---A- . (...) -- C:\WINDOWS\KB2541763.log [18810]
O44 - LFC:[MD5.935E548E85D708BD6A5E3082F70AF6EA] - 18/09/2011 - 07:56:56 ---A- . (...) -- C:\WINDOWS\KB2555917.log [18897]
O44 - LFC:[MD5.7316A28886C34FE508E9181DD3B5D684] - 18/09/2011 - 07:56:50 ---A- . (...) -- C:\WINDOWS\KB2478960.log [17778]
O44 - LFC:[MD5.40390E6B8DA8D1031E8900AF6B9F35A7] - 18/09/2011 - 07:56:44 ---A- . (...) -- C:\WINDOWS\KB2393802.log [13179]
O44 - LFC:[MD5.82AB4FFF19A633370AC6FD617B52B09D] - 18/09/2011 - 07:56:28 ---A- . (...) -- C:\WINDOWS\KB2566454.log [11131]
O44 - LFC:[MD5.C8118F838BF479B12265EC219DB41D19] - 18/09/2011 - 07:56:24 ---A- . (...) -- C:\WINDOWS\KB2562937.log [10591]
O44 - LFC:[MD5.81A28808215099A318AFF8FAB6CD71F1] - 18/09/2011 - 07:56:18 ---A- . (...) -- C:\WINDOWS\KB2423089.log [10792]
O44 - LFC:[MD5.C1063B99E2DE8F26DF56A4338D70002A] - 18/09/2011 - 07:56:12 ---A- . (...) -- C:\WINDOWS\KB2360937.log [11515]
O44 - LFC:[MD5.ADFB41C5D1E95889C6D7B15F601E1043] - 17/09/2011 - 15:35:18 ---A- . (...) -- C:\WINDOWS\ie8Uninst.log [53220]
O44 - LFC:[MD5.B412A5393E9BF796D97B12E0BDD1E12A] - 17/09/2011 - 15:19:26 ---A- . (.Adobe Systems Incorporated - Adobe Flash Player Control Panel Applet.) -- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl [404640]
O44 - LFC:[MD5.23EE745655FC9786F829C5A847937CD2] - 17/09/2011 - 15:15:20 ---A- . (...) -- C:\WINDOWS\ModemLog_Motorola SM56 Data Fax Modem.txt [4490]
O44 - LFC:[MD5.119AB8740BACB9F1108F4DD02294569D] - 17/09/2011 - 12:27:59 ---A- . (.TCT International Mobile Ltd - USB/Serial Device Driver.) -- C:\WINDOWS\system32\drivers\jrdusbser.sys [105344]
O44 - LFC:[MD5.6C19D17F23B22B3DA0432B7317ECF098] - 17/09/2011 - 09:49:22 ---A- . (...) -- C:\WINDOWS\system32\wpa.dbl [1158]
~ Scan Files in 02mn 20s



---\\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe
O47 - AAKE:Key Export SP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O47 - AAKE:Key Export SP - "C:\Program Files\MSN Messenger\livecall.exe" [Enabled] .(.Microsoft Corporation - Windows Live Call.) -- C:\Program Files\MSN Messenger\livecall.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Messenger\msmsgs.exe" [Enabled] .(.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" [Enabled] .(.Microsoft Corporation - Windows Live Sync.) -- C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Real\RealPlayer\realplay.exe" [Enabled] .(...) -- C:\Program Files\Real\RealPlayer\realplay.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" [Enabled] .(.Microsoft Corporation - Windows Live Call.) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [Enabled] .(.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O47 - AAKE:Key Export SP - "C:\Program Files\cacaoweb\cacaoweb.exe" [Enabled] .(...) -- C:\Program Files\cacaoweb\cacaoweb.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Skype\Phone\Skype.exe" [Enabled] .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O47 - AAKE:Key Export SP - "C:\Program Files\iTunes\iTunes.exe" [Enabled] .(.Apple Inc. - iTunes.) -- C:\Program Files\iTunes\iTunes.exe
O47 - AAKE:Key Export SP - "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" [Disabled] .(.Hewlett-Packard - HP Scanjet Copier Utility.) -- C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe
O47 - AAKE:Key Export SP - "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" [Disabled] .(.Hewlett-Packard Development Company, L.P. - Embedded Web Server Link application.) -- C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe
O47 - AAKE:Key Export SP - "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" [Disabled] .(.Hewlett-Packard Development Company, L.P. - HP AiO Fax Manager.) -- C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe
O47 - AAKE:Key Export SP - "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" [Disabled] .(.Hewlett-Packard Development Company, L.P. - HP OfficeJet SendFax Interface.) -- C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe
O47 - AAKE:Key Export SP - "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" [Disabled] .(.Hewlett-Packard Development Company, L.P. - HP All-in-One Launcher Utility.) -- C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
O47 - AAKE:Key Export SP - "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" [Disabled] .(.Hewlett-Packard Development Company, L.P. - Version Test application.) -- C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe
O47 - AAKE:Key Export SP - "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" [Disabled] .(...) -- C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe
O47 - AAKE:Key Export SP - "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" [Disabled] .(.Hewlett-Packard - HP CUE-Scanning Flow Component.) -- C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
O47 - AAKE:Key Export SP - "C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" [Disabled] .(.Hewlett-Packard Development Company, L.P. - HP Network Device Rediscovery Service.) -- C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
O47 - AAKE:Key Export SP - "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" [Disabled] .(.Hewlett-Packard - QHouston.) -- C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe
O47 - AAKE:Key Export SP - "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" [Disabled] .(.Pas de propriétaire - hpqscnvw.) -- C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe
O47 - AAKE:Key Export SP - "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" [Disabled] .(.Hewlett-Packard Development Company, L.P. - HP CUE Status.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
O47 - AAKE:Key Export SP - "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" [Disabled] .(.Hewlett-Packard Development Company, L.P. - HP Digital Imaging Monitor.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O47 - AAKE:Key Export SP - "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" [Disabled] .(.Hewlett-Packard Development Company, L.P. - HP Fax Setup Wizard.) -- C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Bonjour\mDNSResponder.exe" [Disabled] .(.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Fichiers communs\Apple\Apple Application Support\WebKit2WebProcess.exe" [Disabled] .(.Apple Inc..) -- C:\Program Files\Fichiers communs\Apple\Apple Application Support\WebKit2WebProcess.exe
O47 - AAKE:Key Export SP - "C:\Program Files\AVG\AVG2012\avgnsx.exe" [Enabled] .(.AVG Technologies CZ, s.r.o. - AVG Online Shield Service.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
O47 - AAKE:Key Export SP - "C:\Program Files\AVG\AVG2012\avgdiagex.exe" [Enabled] .(.AVG Technologies CZ, s.r.o. - AVG Diagnostics Utility.) -- C:\Program Files\AVG\AVG2012\avgdiagex.exe
O47 - AAKE:Key Export SP - "C:\Program Files\AVG\AVG2012\avgmfapx.exe" [Enabled] .(.AVG Technologies CZ, s.r.o. - AVG Installer Application.) -- C:\Program Files\AVG\AVG2012\avgmfapx.exe
O47 - AAKE:Key Export SP - "C:\Program Files\AVG\AVG2012\avgemcx.exe" [Enabled] .(.AVG Technologies CZ, s.r.o. - AVG E-mail Scanner.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe
O47 - AAKE:Key Export DP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O47 - AAKE:Key Export DP - "C:\Program Files\MSN Messenger\livecall.exe" [Enabled] .(.Microsoft Corporation - Windows Live Call.) -- C:\Program Files\MSN Messenger\livecall.exe
O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" [Enabled] .(.Microsoft Corporation - Windows Live Sync.) -- C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" [Enabled] .(.Microsoft Corporation - Windows Live Call.) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe
O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [Enabled] .(.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
~ Scan Keys in 00mn 11s



---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmboot.sys . (.Microsoft Corp., Veritas Software - Pilote de démarrage du gestionnaire de disque NT.) -- C:\WINDOWS\system32\Drivers\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmio.sys . (.Microsoft Corp., Veritas Software - Pilote E/S du Gestionnaire de disques NT.) -- C:\WINDOWS\system32\Drivers\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmload.sys . (.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) -- C:\WINDOWS\system32\Drivers\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (...) -- C:\WINDOWS\system32\Drivers\sermouse.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sr.sys . (.Microsoft Corporation - Pilote de filtre de système de fichiers pour la restauration du système.) -- C:\WINDOWS\system32\Drivers\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\WINDOWS\system32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\WINDOWS\system32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmboot.sys . (.Microsoft Corp., Veritas Software - Pilote de démarrage du gestionnaire de disque NT.) -- C:\WINDOWS\system32\Drivers\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmio.sys . (.Microsoft Corp., Veritas Software - Pilote E/S du Gestionnaire de disques NT.) -- C:\WINDOWS\system32\Drivers\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmload.sys . (.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) -- C:\WINDOWS\system32\Drivers\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ip6fw.sys . (.Microsoft Corporation - IPv6 Windows Firewall Driver.) -- C:\WINDOWS\system32\Drivers\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\WINDOWS\system32\Drivers\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpcdd.sys . (.Microsoft Corporation - RDP Miniport.) -- C:\WINDOWS\system32\Drivers\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpdd.sys . (...) -- C:\WINDOWS\system32\Drivers\rdpdd.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpwd.sys . (.Microsoft Corporation - RDP Terminal Stack Driver (US/Canada Only, Not for Export).) -- C:\WINDOWS\system32\Drivers\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (...) -- C:\WINDOWS\system32\Drivers\sermouse.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sr.sys . (.Microsoft Corporation - Pilote de filtre de système de fichiers pour la restauration du système.) -- C:\WINDOWS\system32\Drivers\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdpipe.sys . (.Microsoft Corporation - Named Pipe Transport Driver.) -- C:\WINDOWS\system32\Drivers\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdtcp.sys . (.Microsoft Corporation - TCP Transport Driver.) -- C:\WINDOWS\system32\Drivers\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\WINDOWS\system32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\WINDOWS\system32\Drivers\vgasave.sys (.not file.)
~ Scan CSB in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - (no data)
~ Scan IFEO in 00mn 00s



---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{041065fe-eee1-11dd-a742-001302e25b31}\AutoRun\command - Clé orpheline
O51 - MPSK:{230450e4-5a50-11de-a862-001302e25b31}\AutoRun\command - Clé orpheline
O51 - MPSK:{38869230-78e9-11de-a8bb-001302e25b31}\AutoRun\command. (...) -- F:\LaunchU3.exe (.not file.)
O51 - MPSK:{47da8544-a69d-11dd-a64a-001302e25b31}\AutoRun\command. (...) -- F:\LaunchU3.exe (.not file.)
~ Scan Keys in 00mn 00s



---\\ Trojan Driver Search Data (HKLM) (O52)
O52 - TDSD: \Drivers32\"msacm.trspch"="tssoft32.acm" . (.DSP GROUP, INC. - Codec audio TrueSpeech(TM) DSP Group pour MSACM V3.50.) -- C:\WINDOWS\system32\tssoft32.acm
O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\WINDOWS\system32\iccvid.dll
O52 - TDSD: \Drivers32\"vidc.iv31"="ir32_32.dll" . (...) -- C:\WINDOWS\system32\ir32_32.dll
O52 - TDSD: \Drivers32\"vidc.iv32"="ir32_32.dll" . (...) -- C:\WINDOWS\system32\ir32_32.dll
O52 - TDSD: \Drivers32\"vidc.iv41"="ir41_32.ax" . (.Intel Corporation - Intel Indeo® Video 4.5.) -- C:\WINDOWS\system32\ir41_32.ax
O52 - TDSD: \Drivers32\"msacm.sl_anet"="sl_anet.acm" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\system32\sl_anet.acm
O52 - TDSD: \Drivers32\"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax
O52 - TDSD: \Drivers32\"vidc.iv50"="ir50_32.dll" . (.Intel Corporation - Intel Indeo® video 5.10.) -- C:\WINDOWS\system32\ir50_32.dll
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm
O52 - TDSD: \Drivers32\"vidc.LEAD"="LCODCCMP.DLL" . (...) -- (.not file.)
O52 - TDSD: \drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\system32\sl_anet.acm
O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\iac25_32.ax"="Indeo® audio software" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax
O52 - TDSD: \drivers.desc\"ir50_32.dll"="Indeo® video 5.10" . (...) -- (.not file.)
O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm
O52 - TDSD: \drivers.desc\"LCODCCMP.DLL"="LEAD MCMP/MJPEG Codec (VFW)" . (...) -- (.not file.)
~ Scan Keys in 00mn 00s



---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\BitDefender Antiphishing Helper [Key] . (...) -- C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\ehTray [Key] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\WINDOWS\ehome\ehtray.exe
O53 - SMSR:HKLM\...\startupreg\NeroFilterCheck [Key] . (...) -- C:\WINDOWS\system32\NeroCheck.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\OoPDFSettingsv6.exe [Key] . (.ISSENDIS - OFFICE One PDF Manager v6.) -- C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe
O53 - SMSR:HKLM\...\startupreg\QuickTime Task [Key] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\qttask.exe
O53 - SMSR:HKLM\...\startupreg\swg [Key] . (...) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (.not file.)
~ Scan SMSR Keys in 00mn 04s



---\\ Microsoft Control Security Providers (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll
~ Scan Keys in 00mn 00s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
~ Scan Keys in 00mn 00s



---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "HonorAutoRunSetting"=1
~ Scan Keys in 00mn 00s



---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 04/10/2011 - 19:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\drivers\ptilink.sys [17792]
O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 04/10/2011 - 19:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\drivers\cinemst2.sys [262528]
O58 - SDL:[MD5.9624293E55AD405415862B504CA95B73] - 04/10/2011 - 19:00:00 ---A- . (.Compaq Computer Corporation - Compaq PA-1 Player Driver.) -- C:\WINDOWS\system32\drivers\cpqdap01.sys [11776]
O58 - SDL:[MD5.BE984D604D91C217355CDD3737AAD25D] - 04/10/2011 - 19:00:00 ---A- . (.S3/Diamond Multimedia Systems - NikeDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\nikedrv.sys [12032]
O58 - SDL:[MD5.A56FE08EC7473E8580A390BB1081CDD7] - 04/10/2011 - 19:00:00 ---A- . (.S3/Diamond Multimedia Systems - Rio8Drv.sys Usb Driver.) -- C:\WINDOWS\system32\drivers\rio8drv.sys [12032]
O58 - SDL:[MD5.0A854DF84C77A0BE205BFEAB2AE4F0EC] - 04/10/2011 - 19:00:00 ---A- . (.S3/Diamond Multimedia Systems - RioDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\riodrv.sys [12032]
O58 - SDL:[MD5.D74A8EC75305F1D3CFDE7C7FC1BD62A9] - 04/10/2011 - 19:00:00 ---A- . (.Toshiba Corporation - WDM Toshiba Tecra Video Capture Driver.) -- C:\WINDOWS\system32\drivers\tsbvcap.sys [21376]
O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 04/10/2011 - 19:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\drivers\vdmindvd.sys [58112]
O58 - SDL:[MD5.69A6268D7F81E53D568AB4E7E991CAF3] - 04/10/2011 - 16:00:50 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbam.sys [22216]
O58 - SDL:[MD5.2C1D0DC3BF44C2D01C02795DAC592A09] - 04/10/2011 - 16:16:52 ---A- . (...) -- C:\WINDOWS\system32\drivers\MMIOPORT.SYS [7424]
O58 - SDL:[MD5.E333010A50BF603ACC350F6019E9CE02] - 04/10/2011 - 07:07:48 ---A- . (.Pas de propriétaire - ATK0100 ACPI Utility.) -- C:\WINDOWS\system32\drivers\ATKACPI.sys [5632]
O58 - SDL:[MD5.8182FF89C65E4D38B2DE4BB0FB18564E] - 04/10/2011 - 12:17:00 ---A- . (.GEAR Software Inc. - CD DVD Filter.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys [26600]
O58 - SDL:[MD5.7AC43C38CA8FD7ED0B0A4466F753E06E] - 04/10/2011 - 01:04:40 ---A- . (.HP - 1284.4<->Usb Datalink Driver (Windows 2000).) -- C:\WINDOWS\system32\drivers\HPZius12.sys [21568]
O58 - SDL:[MD5.30CA91E657CEDE2F95359D6EF186F650] - 04/10/2011 - 01:04:40 R--A- . (.HP - IEEE-1284.4-1999 Driver (Windows 2000).) -- C:\WINDOWS\system32\drivers\HPZid412.sys [49664]
O58 - SDL:[MD5.EFD31AFA752AA7C7BBB57BCBE2B01C78] - 04/10/2011 - 01:04:40 R--A- . (.HP - IEEE-1284.4-1999 Print Class Driver.) -- C:\WINDOWS\system32\drivers\HPZipr12.sys [16496]
O58 - SDL:[MD5.2C41CD49D82D5FD85C72D57B6CA25471] - 04/10/2011 - 02:00:00 ---A- . (.Sonic Solutions - CDRAL Place Holder Driver (see PxHelp).) -- C:\WINDOWS\system32\drivers\cdralw2k.sys [2560]
O58 - SDL:[MD5.BF79E659C506674C0497CC9C61F1A165] - 04/10/2011 - 02:00:00 ---A- . (.Sonic Solutions - CDR4 CD and DVD Place Holder Driver (see PxHelp).) -- C:\WINDOWS\system32\drivers\cdr4_xp.sys [2432]
O58 - SDL:[MD5.73E6F16A1F187D71FB26AF308551E54A] - 04/10/2011 - 18:30:12 ---A- . (.Wacom Technology - Virtual Hid Device.) -- C:\WINDOWS\system32\drivers\wacomvhid.sys [12848]
O58 - SDL:[MD5.427A8BC96F16C40DF81C2D2F4EDD32DD] - 04/10/2011 - 19:12:36 ---A- . (.Wacom Technology - Wacom Mouse Filter Driver.) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys [11312]
O58 - SDL:[MD5.4415D656190316940F06A3BE017F030A] - 04/10/2011 - 07:12:28 R---- . (.FotoNation Inc. - Audio Port Driver for Digital Camera.) -- C:\WINDOWS\system32\drivers\CoachAud.sys [10592]
O58 - SDL:[MD5.73F3D7E9882F4BE94854BE7D09F3A967] - 04/10/2011 - 07:12:28 R--A- . (.FotoNation Inc. - USB Class Driver for Digital Camera.) -- C:\WINDOWS\system32\drivers\CoachUsb.sys [49248]
O58 - SDL:[MD5.7AEFE82C02D4933CEE4B7CB78C409845] - 04/10/2011 - 07:12:28 R--A- . (.FotoNation Inc. - Video Capture Minidriver for Digital Camera.) -- C:\WINDOWS\system32\drivers\CoachVid.sys [45344]
O58 - SDL:[MD5.4F153709D0691C6DE8C9A4C5E813907C] - 04/10/2011 - 03:06:40 ---A- . (.Ralink Technology, Corp. - Ralink 802.11 USB Wireless Adapter Driver.) -- C:\WINDOWS\system32\drivers\rt73.sys [451968]
O58 - SDL:[MD5.C1CA131F4E3ED63D6BC89A35FFAD4CDA] - 04/10/2011 - 12:01:28 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\WINDOWS\system32\drivers\usbaapl.sys [32000]
O58 - SDL:[MD5.119AB8740BACB9F1108F4DD02294569D] - 04/10/2011 - 15:27:44 ---A- . (.TCT International Mobile Ltd - USB/Serial Device Driver.) -- C:\WINDOWS\system32\drivers\jrdusbser.sys [105344]
O58 - SDL:[MD5.306521935042FC0A6988D528643619B3] - 04/10/2011 - 15:05:00 ---A- . (...) -- C:\WINDOWS\system32\drivers\StarOpen.sys [5632]
O58 - SDL:[MD5.4DEF59FF7D09B9CE59739102B49FD526] - 04/10/2011 - 00:13:42 ---A- . (.AVG Technologies CZ, s.r.o. - AVG Anti-Rootkit Driver.) -- C:\WINDOWS\system32\drivers\avgrkx86.sys [32464]
O58 - SDL:[MD5.F4DBBC8D3C5338693DA23C59A50F8ABC] - 04/10/2011 - 00:13:46 ---A- . (.AVG Technologies CZ, s.r.o. - AVG AVI Loader Driver.) -- C:\WINDOWS\system32\drivers\avgldx86.sys [229840]
O58 - SDL:[MD5.1C77EF67F196466ADC9924CB288AFE87] - 04/10/2011 - 05:08:58 ---A- . (.AVG Technologies CZ, s.r.o. - AVG Resident Shield Minifilter Driver.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys [40016]
O58 - SDL:[MD5.A6D562B612216D8D02A35EBEB92366BD] - 04/10/2011 - 00:14:38 ---A- . (.AVG Technologies CZ, s.r.o. - AVG Network connection watcher.) -- C:\WINDOWS\system32\drivers\avgtdix.sys [295248]
O58 - SDL:[MD5.69578BC9D43D614C6B3455DB4AF19762] - 04/10/2011 - 00:14:28 ---A- . (.AVG Technologies CZ, s.r.o. - IDS Application Activity Monitor Helper Driver..) -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys [23120]
O58 - SDL:[MD5.07EBA0C11FA1D73B82ECC3255DDFE34D] - 04/10/2011 - 00:14:30 ---A- . (.AVG Technologies CZ, s.r.o. - IDS Application Activity Monitor Loader Driver..) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys [16720]
O58 - SDL:[MD5.6DF528406AA22201F392B9B19121CD6F] - 04/10/2011 - 00:14:28 ---A- . (.AVG Technologies CZ, s.r.o. - IDS Application Activity Monitor Filter Driver..) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys [24272]
O58 - SDL:[MD5.4FA401B33C1B50C816486F6951244A14] - 04/10/2011 - 00:14:26 ---A- . (.AVG Technologies CZ, s.r.o. - IDS Application Activity Monitor Driver..) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys [134608]
O58 - SDL:[MD5.723F13C0EDE32339338DAC8ECAEB9979] - 04/10/2011 - 07:51:00 ---A- . (.NVIDIA Corporation - NVIDIA Compatible Windows 2000 Miniport Driver, Version 82.93.) -- C:\WINDOWS\system32\drivers\nv4_mini.sys [3600512]
O58 - SDL:[MD5.4B322F8C7B7AF523D1C145C22EEF4713] - 04/10/2011 - 22:20:52 ---A- . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function Driver.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys [3959808]
O58 - SDL:[MD5.D6E1B1BD04FAD422AF17FC4B810CB9AF] - 04/10/2011 - 00:08:16 ---A- . (.Realtek Semiconductor Corporation - Realtek 10/100/1000 NDIS 5.1 Driver.) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys [78976]
O58 - SDL:[MD5.1BDBA2D2D402415A78A4BA766DFE0F7B] - 04/10/2011 - 18:00:30 ---A- . (.REDC - RICOH MS Driver.) -- C:\WINDOWS\system32\drivers\rimsptsk.sys [51328]
O58 - SDL:[MD5.ACE2CE73D7B04EAC48FB80482E05E770] - 04/10/2011 - 11:14:34 ---A- . (.REDC - RICOH SD/MMC Driver.) -- C:\WINDOWS\system32\drivers\risdptsk.sys [27904]
O58 - SDL:[MD5.9C29E8E9C1C48E9C8BC38F031DF4720F] - 04/10/2011 - 22:13:08 ---A- . (.Synaptics, Inc. - Synaptics Touchpad Driver.) -- C:\WINDOWS\system32\drivers\SynTP.sys [191936]
O58 - SDL:[MD5.C79918A5BD269035F3A34D157401B9DF] - 04/10/2011 - 02:17:24 ---A- . (.Intel® Corporation - Intel® Wireless LAN Driver.) -- C:\WINDOWS\system32\drivers\w39n51.sys [1429632]
O58 - SDL:[MD5.431A1871E820B1B354C46953CFAC470C] - 04/10/2011 - 09:26:36 ---A- . (.Syntek America Inc. - Syntek Universal Serial Bus 2.0 Video Mini Driver.) -- C:\WINDOWS\system32\drivers\SynMini.sys [720470]
O58 - SDL:[MD5.669445096293825BAC5D5857F713F1DB] - 04/10/2011 - 09:26:18 ---A- . (.Syntek America Inc. - Syntek Universal Serial Bus 2.0 Video Driver.) -- C:\WINDOWS\system32\drivers\SynCamd.sys [226688]
O58 - SDL:[MD5.694DEC642A2F4F0F3AAD551DF33406C0] - 04/10/2011 - 09:26:08 ---A- . (.Syntek America Inc. - Syntek Filter Pins Driver.) -- C:\WINDOWS\system32\drivers\SynPin.sys [644424]
O58 - SDL:[MD5.6B987529B8FFECD3A5B691E3CB7D15CA] - 04/10/2011 - 18:23:54 ---A- . (.Syntek America Inc. - Syntek USB 2.0 Video Pipeline Driver.) -- C:\WINDOWS\system32\drivers\SynPipe.sys [10479606]
O58 - SDL:[MD5.743788EABE046205B3EF8BB5C9D1BA47] - 04/10/2011 - 16:21:42 ---A- . (.Syntek America Inc. - Syntek Color Conversion and Scaler Driver.) -- C:\WINDOWS\system32\drivers\SynSam.sys [15796]
O58 - SDL:[MD5.5C139675C92F9254B0AC08FC53840321] - 04/10/2011 - 09:26:14 ---A- . (.Syntek America Inc. - Syntek Universal Serial Bus 2.0 Still Image Driver.) -- C:\WINDOWS\system32\drivers\SynScan.sys [8278]
O58 - SDL:[MD5.73ED6B5CAC92F23F4610667B8EB8E8D6] - 04/10/2011 - 12:04:08 ---A- . (.Intel Corporation - Intel WLAN Packet Driver.) -- C:\WINDOWS\system32\drivers\s24trans.sys [13568]
O58 - SDL:[MD5.2F7F3E8DA380325866E566F5D5EC23D5] - 04/10/2011 - 19:07:02 ---A- . (.Meetinghouse Data Communications - IEEE 802.1X Protocol Driver.) -- C:\WINDOWS\system32\drivers\AegisP.sys [20747]
O58 - SDL:[MD5.306E19413EADB0CA8842D5381A0354FC] - 04/10/2011 - 11:52:30 ---A- . (.TOSHIBA Corporation - Toshiba SD-IO Transport Driver.) -- C:\WINDOWS\system32\drivers\tostrans.sys [16320]
O58 - SDL:[MD5.C582B7716F0BE7E65505365F4F941587] - 04/10/2011 - 17:35:28 ---A- . (.TOSHIBA CORPORATION - Bluetooth USB Miniport Driver.) -- C:\WINDOWS\system32\drivers\tosrfusb.sys [39808]
O58 - SDL:[MD5.0D86D15CAFF2B3203C785D604EC7C942] - 04/10/2011 - 14:09:52 ---A- . (.TOSHIBA Corporation - Bluetooth Audio Driver (WDM).) -- C:\WINDOWS\system32\drivers\tosrfsnd.sys [52864]
O58 - SDL:[MD5.87031831486F7ED4EAFEF27125BB56C8] - 04/10/2011 - 20:53:22 ---A- . (.TOSHIBA Corporation - Bluetooth(TM) TOSHIBA PC-Card Driver.) -- C:\WINDOWS\system32\drivers\tosrfpcc.sys [160672]
O58 - SDL:[MD5.C52FD27B9ADF3A1F22CB90E6BCF9B0CB] - 04/10/2011 - 12:42:42 ---A- . (.TOSHIBA Corporation. - Bluetooth BNEP Driver.) -- C:\WINDOWS\system32\drivers\tosrfnds.sys [18612]
O58 - SDL:[MD5.AE5B75C86574A1BD0A093A9159F829F9] - 04/10/2011 - 15:24:20 ---A- . (.TOSHIBA Corporation. - Bluetooth LAN Emulation Driver.) -- C:\WINDOWS\system32\drivers\tosrflan.sys [25420]
O58 - SDL:[MD5.5DBF390AAB62DD0D4D43A9278614E001] - 04/10/2011 - 16:33:34 ---A- . (.TOSHIBA Corporation. - Bluetooth HID Driver from TOSHIBA.) -- C:\WINDOWS\system32\drivers\tosrfhid.sys [62848]
O58 - SDL:[MD5.CC069342EE0EAE55B32A0AE99CF6185C] - 04/10/2011 - 13:47:10 ---A- . (.TOSHIBA Corporation - TOSHIBA Bluetooth EC Driver.) -- C:\WINDOWS\system32\drivers\tosrfec.sys [9344]
O58 - SDL:[MD5.E362D54FD394999C4178936396664E57] - 04/10/2011 - 17:58:56 ---A- . (.TOSHIBA Corporation. - Toshiba Bluetooth HID mini port driver.) -- C:\WINDOWS\system32\drivers\toshidpt.sys [3712]
O58 - SDL:[MD5.5BA1CA3B3CDDB1DDC67DF473F05D1EC2] - 04/10/2011 - 15:45:08 ---A- . (.TOSHIBA Corporation - Bluetooth RFCOMM Driver.) -- C:\WINDOWS\system32\drivers\tosrfcom.sys [64896]
O58 - SDL:[MD5.33498B8F0B2CA549C2B7FFC1B3C0F1BC] - 04/10/2011 - 16:07:24 ---A- . (.TOSHIBA Corporation - Bluetooth RFBNEP Driver.) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys [37632]
O58 - SDL:[MD5.0EC5206059D97A8DC785BE73FB457EC7] - 04/10/2011 - 22:16:08 ---A- . (.TOSHIBA CORPORATION - Bluetooth RF Bus Driver.) -- C:\WINDOWS\system32\drivers\tosrfbd.sys [108928]
O58 - SDL:[MD5.D626E0AF9232D8799D3A449530F3C220] - 04/10/2011 - 12:37:36 ---A- . (.TOSHIBA Corporation - TOSHIBA Bluetooth Port Emulation Driver.) -- C:\WINDOWS\system32\drivers\tosporte.sys [47104]
O58 - SDL:[MD5.142B91503C45C1A05A355414E13A51D1] - 04/10/2011 - 15:27:30 ---A- . (.TOSHIBA Corporation - SD Bluetooth Transport Driver.) -- C:\WINDOWS\system32\drivers\tosdbt.sys [48640]
O58 - SDL:[MD5.78E9819E076B909541BD4A37F8F0668B] - 04/10/2011 - 20:52:00 ---A- . (.TOSHIBA Corporation - TOSHIBA SD Bluetooth Card #2 Driver.) -- C:\WINDOWS\system32\drivers\tosbtsd2.sys [21120]
O58 - SDL:[MD5.9ABBEF89DAA6D6FDBBCC12A35F2C8799] - 04/10/2011 - 15:55:28 ---A- . (.ZyDAS Technology Corporation - ZD1211 802.11b+g USB LAN Driver.) -- C:\WINDOWS\system32\drivers\ZD1211U.sys [237568]
O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 04/10/2011 - 08:39:16 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\WINDOWS\system32\drivers\secdrv.sys [20480]
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 04/10/2011 - 19:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 04/10/2011 - 19:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] - 04/10/2011 - 19:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4912]
O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 04/10/2011 - 19:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 04/10/2011 - 19:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27916]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 04/10/2011 - 19:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 04/10/2011 - 19:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 04/10/2011 - 19:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 04/10/2011 - 19:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 04/10/2011 - 19:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:[MD5.CAAA108FD7BF71989946B39704323455] - 04/10/2011 - 19:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [34000]
O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 04/10/2011 - 19:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 04/10/2011 - 19:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 04/10/2011 - 19:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 04/10/2011 - 19:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Scan Drivers in 00mn 02s



---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 08/09/2009 - C:\WINDOWS\system32\DRIVERS\AegisP.sys - AEGIS Protocol (IEEE 802.1x) v3.4.10.0(AegisP) .(.Meetinghouse Data Communications - IEEE 802.1X Protocol Driver.) - LEGACY_AEGISP
O64 - Services: CurCS - 01/09/2011 - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe - AVGIDSAgent(AVGIDSAgent) .(.AVG Technologies CZ, s.r.o. - AVG Identity Protection Service.) - LEGACY_AVGIDSAGENT
O64 - Services: CurCS - 11/07/2011 - C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.sys - AVGIDSDriver(AVGIDSDriver) .(.AVG Technologies CZ, s.r.o. - IDS Application Activity Monitor Driver..) - LEGACY_AVGIDSDRIVER
O64 - Services: CurCS - 11/07/2011 - C:\WINDOWS\system32\DRIVERS\AVGIDSEH.sys - AVGIDSEH(AVGIDSEH) .(.AVG Technologies CZ, s.r.o. - IDS Application Activity Monitor Helper Dri.) - LEGACY_AVGIDSEH
O64 - Services: CurCS - 11/07/2011 - C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.sys - AVGIDSFilter(AVGIDSFilter) .(.AVG Technologies CZ, s.r.o. - IDS Application Activity Monitor Filter Dri.) - LEGACY_AVGIDSFILTER
O64 - Services: CurCS - 11/07/2011 - C:\WINDOWS\system32\DRIVERS\AVGIDSShim.sys - AVGIDSShim(AVGIDSShim) .(.AVG Technologies CZ, s.r.o. - IDS Application Activity Monitor Loader Dri.) - LEGACY_AVGIDSSHIM
O64 - Services: CurCS - 11/07/2011 - C:\WINDOWS\system32\DRIVERS\avgldx86.sys - AVG AVI Loader Driver(Avgldx86) .(.AVG Technologies CZ, s.r.o. - AVG AVI Loader Driver.) - LEGACY_AVGLDX86
O64 - Services: CurCS - 08/08/2011 - C:\WINDOWS\system32\DRIVERS\avgmfx86.sys - AVG Mini-Filter Resident Anti-Virus Shield(Avgmfx86) .(.AVG Technologies CZ, s.r.o. - AVG Resident Shield Minifilter Driver.) - LEGACY_AVGMFX86
O64 - Services: CurCS - 11/07/2011 - C:\WINDOWS\system32\DRIVERS\avgrkx86.sys - AVG Anti-Rootkit Driver(Avgrkx86) .(.AVG Technologies CZ, s.r.o. - AVG Anti-Rootkit Driver.) - LEGACY_AVGRKX86
O64 - Services: CurCS - 11/07/2011 - C:\WINDOWS\system32\DRIVERS\avgtdix.sys - AVG Free8 Network Redirector(AvgTdiX) .(.AVG Technologies CZ, s.r.o. - AVG Network connection watcher.) - LEGACY_AVGTDIX
O64 - Services: CurCS - 02/08/2011 - C:\Program Files\AVG\AVG2012\avgwdsvc.exe - AVG WatchDog(avgwd) .(.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) - LEGACY_AVGWD
O64 - Services: CurCS - ??/??/???? - C:\WINDOWS\system32\drivers\bdfsfltr.sys (.not file.) - bdfsfltr (bdfsfltr) .(...) - LEGACY_BDFSFLTR
O64 - Services: CurCS - 25/01/2008 - C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys - bdftdif(bdftdif) .(.BitDefender SRL - BitDefender Firewall TDI Filter Driver.) - LEGACY_BDFTDIF
O64 - Services: CurCS - ??/??/???? - C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys (.not file.) - BDSelfPr (BDSelfPr) .(...) - LEGACY_BDSELFPR
O64 - Services: CurCS - 13/04/2008 - C:\WINDOWS\system32\drivers\dmboot.sys - dmboot(dmboot) .(.Microsoft Corp., Veritas Software - Pilote de démarrage du gestionnaire de disq.) - LEGACY_DMBOOT
O64 - Services: CurCS - 24/03/2006 - C:\WINDOWS\system32\drivers\dmload.sys - dmload(dmload) .(.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) - LEGACY_DMLOAD
O64 - Services: CurCS - 14/04/2006 - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe - Intel(R) PROSet/Wireless Event Log(EvtEng) .(.Intel Corporation - Intel(R) PROSet/Wireless Event Log.) - LEGACY_EVTENG
O64 - Services: CurCS - 11/02/2009 - C:\Program Files\Google\Update\GoogleUpdate.exe - Google Update Service (gupdate1c98c608a6f3424)(gupdate1c98c608a6f3424) .(.Google Inc. - Programme d'installation de Google.) - LEGACY_GUPDATE1C98C608A6F3424
O64 - Services: CurCS - 01/11/2009 - C:\Program Files\Java\jre6\bin\jqs.exe - Java Quick Starter(JavaQuickStarterService) .(.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) - LEGACY_JAVAQUICKSTARTERSERVICE
O64 - Services: CurCS - 24/04/2006 - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe - LightScribeService Direct Disc Labeling Service(LightScribeService) .(.Hewlett-Packard Company - Pas de description.) - LEGACY_LIGHTSCRIBESERVICE
O64 - Services: CurCS - ??/??/???? - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe (.not file.) - BitDefender Desktop Update Service (LIVESRV) .(...) - LEGACY_LIVESRV
O64 - Services: CurCS - 21/11/2005 - C:\WINDOWS\system32\nvsvc32.exe - NVIDIA Display Driver Service(NVSvc) .(.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 82.93.) - LEGACY_NVSVC
O64 - Services: CurCS - 14/04/2006 - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe - Intel(R) PROSet/Wireless Registry Service(RegSrvc) .(.Intel Corporation - Intel(R) PROSet/Wireless Registry Service.) - LEGACY_REGSRVC
O64 - Services: CurCS - 14/04/2006 - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe - Intel(R) PROSet/Wireless Service(S24EventMonitor) .(.Intel Corporation - Wireless Management Service.) - LEGACY_S24EVENTMONITOR
O64 - Services: CurCS - 14/04/2006 - C:\WINDOWS\system32\DRIVERS\s24trans.sys - Transport RLAN(s24trans) .(.Intel Corporation - Intel WLAN Packet Driver.) - LEGACY_S24TRANS
O64 - Services: CurCS - 07/02/2011 - C:\Program Files\SFR\Gestionnaire de Connexion\SFR.DashBoard.Service.exe - SFR.DashBoard.Service(SFR.DashBoard.Service) .(.SFR - SFR.DashBoard.Service.) - LEGACY_SFR.DASHBOARD.SERVICE
O64 - Services: CurCS - 31/03/2007 - C:\WINDOWS\system32\Tablet.exe - TabletService(TabletService) .(.Wacom Technology, Corp. - WacomService.) - LEGACY_TABLETSERVICE
O64 - Services: CurCS - ??/??/???? - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe (.not file.) - BitDefender Virus Shield (VSSERV) .(...) - LEGACY_VSSERV
O64 - Services: CurCS - 27/11/2007 - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe - BitDefender Communicator(XCOMM) .(.BitDefender - BitDefender Communicator Server.) - LEGACY_XCOMM
~ Scan Services in 00mn 04s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (. - .) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\shell32.dll
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- "%1" %*
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\WINDOWS\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\WINDOWS\regedit.exe
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\shell32.dll
O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- "%1" %*
O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\WINDOWS\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\WINDOWS\regedit.exe
~ Scan Keys in 00mn 00s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Scan Keys in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {716772FE-0B73-4949-BE72-54AFBFFE7915} - (Yahoo! Search) - http://fr.search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {8ACBEE82-1EE4-4F62-8BA1-F96A07CC2073} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {9D5BD211-422C-4164-9298-BB4186A30F31} [DefaultScope] - (Bing) - http://www.bing.com
~ Scan Keys in 00mn 00s



---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.DDDDF4A567662396829BEEB2AB0E3F40] [SPRF][26/11/2009] (...) -- C:\Documents and Settings\Perso\Application Data\mdbu.bin [52549]
[MD5.BB57D34EF70E3B5A9304ABD3A9AFA63F] [SPRF][04/10/2011] (...) -- C:\Documents and Settings\Perso\Bureau\cacaoweb.exe [399088]
[MD5.ACDAC7BCA77AAFA4EEE5889884410E66] [SPRF][04/10/2011] (.Nicolas Coolman - Zeb Help Process.) -- C:\Documents and Settings\Perso\Bureau\ZHP 2.51.exe [13795985]
[MD5.DE2EB468A14E00F9A99326C6C9C07075] [SPRF][02/02/2009] (.Adobe Systems Incorporated - Adobe® Flash® Player ActiveX Installer.) -- C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe [1914440]
~ Scan Files in 00mn 17s



---\\ Scan Additionnel (O88)
Database Version : 8700 - (20/09/2011)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 0

[HKCU\Software\cacaoweb] =>PUP.CacaoWeb
C:\Program Files\cacaoweb =>PUP.CacaoWeb
C:\Documents and Settings\Perso\Application Data\cacaoweb =>PUP.CacaoWeb
~ Scan Additionnel in 00mn 23s



---\\ Recherche détournement de DNS routeur (O89)
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Serveur : UnKnown
Address: 172.20.2.39
Nom : www.l.google.com
Addresses: 209.85.227.104, 209.85.227.105, 209.85.227.106, 209.85.227.147
209.85.227.99, 209.85.227.103
Aliases: www.google.fr, www.google.com
~ Scan DNS in 00mn 16s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 04/10/2011 37664 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 04/10/2011 5265248 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
SR - | Auto 04/10/2011 192776 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
SR - | Auto 04/10/2011 387944 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SS - | Demand 04/10/2011 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\System32\dmadmin.exe
SR - | Auto 04/10/2011 114753 | (EvtEng) . (.Intel Corporation.) - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
SS - | Auto 04/10/2011 133104 | (gupdate1c98c608a6f3424) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 04/10/2011 133104 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SR - | Demand 04/10/2011 821096 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 04/10/2011 153376 | (JavaQuickStarterService) . (.Sun Microsystems, Inc..) - C:\Program Files\Java\jre6\bin\jqs.exe
SS - | Disabled 04/10/2011 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
SS - | Disabled 0 | (LIVESRV) . (...) - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
SR - | Auto 04/10/2011 143426 | (NVSvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvsvc32.exe
SS - | Auto 04/10/2011 69632 | (Pml Driver HPZ12) . (.HP.) - C:\WINDOWS\system32\HPZipm12.exe
SR - | Auto 04/10/2011 217164 | (RegSrvc) . (.Intel Corporation.) - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
SR - | Auto 04/10/2011 540745 | (S24EventMonitor) . (.Intel Corporation.) - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
SS - | Demand 04/10/2011 444288 | (Service CANALPLAY) . (.Canal+ Distribution.) - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
SR - | Auto 04/10/2011 21424 | (SFR.DashBoard.Service) . (.SFR.) - C:\Program Files\SFR\Gestionnaire de Connexion\SFR.DashBoard.Service.exe
SR - | Auto 04/10/2011 1189424 | (TabletService) . (.Wacom Technology, Corp..) - C:\WINDOWS\system32\Tablet.exe
SS - | Disabled 0 | (VSSERV) . (...) - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
SS - | Disabled 04/10/2011 86016 | (XCOMM) . (.BitDefender.) - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
~ Scan Services in 00mn 17s



---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Perso at 04/10/2011 16:53:25

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x86CDAAB8]
3 CLASSPNP[0xF767BFD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000088[0x86D47030]
5 ACPI[0xF74F1620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Ide\IdeDeviceP0T0L0-4[0x86CDFD98]
kernel: MBR read successfully
user & kernel MBR OK
~ Scan MBR in 00mn 19s



End of the scan (1359 lines in 05mn 03s)(0)]

je voulais aussi savoir si l'on pouvais avoir deux anti virus en meme temps?? comme AVG et microsoft security essential,
si non, lequel est le mieux?

MERCI
Sophie.d
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 17
Inscription: 30 Sep 2011 17:12
 

Re: VIRUS W2/ MALWARE! GEMINI

Message le 04 Oct 2011 17:21

Bonjour , :)

note: ZHPFix peut être activé soit à partir de ZHPDiag en cliquant sur l'icône Image
soit à partir du raccourci sur le Bureau Image
Il se lance par double clic sous Xp, par clic droit et "exécuter en tant qu'administrateur" sous Vista et Seven.
/!\Fermer toutes applications en cours/!\

  • Lance ZHPFix en fonction de ton système d'exploitation.
  • Copie/colle toutes les lignes en Bleu que tu vois ici:



    [MD5.BB57D34EF70E3B5A9304ABD3A9AFA63F] - (...) -- C:\Program Files\cacaoweb\cacaoweb.exe [399088] [PID.3120]
    M2 - MFEP: prefs.js [Perso - 15376gwa.default\cacaoweb@cacaoweb.org] [] cacaoweb v1.0.18 (.http://www.cacaoweb.org/.)
    O4 - HKCU\..\Run: [cacaoweb] . (...) -- C:\Program Files\cacaoweb\cacaoweb.exe
    O4 - HKUS\S-1-5-21-4090097553-4253339517-4190338119-1005\..\Run: [cacaoweb] . (...) -- C:\Program Files\cacaoweb\cacaoweb.exe
    [HKCU\Software\cacaoweb]
    O43 - CFD: 19/09/2011 - 21:31:32 - [399088] ----D- C:\Program Files\cacaoweb
    O43 - CFD: 19/09/2011 - 21:31:38 - [65] ----D- C:\Documents and Settings\Perso\Application Data\cacaoweb
    O47 - AAKE:Key Export SP - "C:\Program Files\cacaoweb\cacaoweb.exe" [Enabled] .(...) -- C:\Program Files\cacaoweb\cacaoweb.exe
    C:\Program Files\cacaoweb
    C:\Documents and Settings\Perso\Application Data\cacaoweb
    C:\Documents and Settings\Perso\Application Data\Mozilla\Firefox\Profiles\15376gwa.default\user.js (.not file.)
    O51 - MPSK:{041065fe-eee1-11dd-a742-001302e25b31}\AutoRun\command - Clé orpheline
    O51 - MPSK:{230450e4-5a50-11de-a862-001302e25b31}\AutoRun\command - Clé orpheline
    O3 - Toolbar: (no name) - {1E796980-9CC5-11D1-A83F-00C04FC99D61} . (...) -- (.not file.)
    O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} . (...) -- (.not file.)

    FirewallRaz
    EmptyFlash
    Emptytemp


    (Ctrl+A pour tout sélectionner, Ctrl+C pour copier) ou avec la souris tout sélectionner, clic droit =>copier
  • Clique sur l'icône représentant la lettre Image (« coller les lignes Helper »)
    les lignes se placent dans la fenêtre de ZHPFix => tu ne dois voir que celles-là
  • Valide par "OK"
  • Clique sur « Tous », puis sur « Nettoyer » Ne touche pas au pc pendants la suppression(Risque de plantage) Le temps varie en fonctions des lignes à supprimer
  • Héberge le sur cijoint.fr et poste moi le lien fourni

Puis :::

Nous allons effectuer un Scan avec NOD32

*** Scan en ligne -> Image

_->Cliquez sur le bouton Image

_->Accepter les conditions d’utilisation, pour cela, cochez la case « Oui, j’accepte les termes du contrat de licence »
_->Cliquez ensuite sur le bouton Start
_->Acceptez l’installation de l’ActiveX NOD32
_->Le téléchargement des définitions virales s’effectuent, cela peut prendre du temps selon la vitesse de connexion.
_->Cocher la case "Supprimer les menaces détectées"
_->Clique sur le bouton Démarrer pour lancer le scan
_->Le scan du PC se lance, les menaces détectées apparaissent dans la liste en dessous de la barre de progression.
_->Laissez l’analyse s’effectuer entièrement
_->Cliquer sur le bouton « liste des menaces » permettant d’exporter la liste dans un fichier texte
_->Enregistrer celui-ci sur votre bureau par exemple

Poste moi le rapport ;)

Bonne soirée !
Avatar de l'utilisateur
Del-crosseur
Expert(e)
Expert(e)
 
Messages: 1833
Inscription: 08 Juin 2009 06:46
Localisation: Nord-(59)
 

Re: VIRUS W2/ MALWARE! GEMINI

Message le 04 Oct 2011 18:25

Bonjours, déja le lien pour le rapport ZHPFix:

http://www.cijoint.fr/cjlink.php?file=c ... QYHhm5.txt
Sophie.d
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 17
Inscription: 30 Sep 2011 17:12
 

Re: VIRUS W2/ MALWARE! GEMINI

Message le 04 Oct 2011 18:35

Bonsoir , :)

Je vois que tu as plusieurs antivirus sur ton Ordinateur , en avoir 2,3 .. Ne sert strictement à rien !
Garde juste AVG ;)

J'attends le rapport NOD32 !
Avatar de l'utilisateur
Del-crosseur
Expert(e)
Expert(e)
 
Messages: 1833
Inscription: 08 Juin 2009 06:46
Localisation: Nord-(59)
 

Re: VIRUS W2/ MALWARE! GEMINI

Message le 04 Oct 2011 19:37

Sophie.d a écrit:Bonjours, déja le lien pour le rapport ZHPFix:

http://www.cijoint.fr/cjlink.php?file=c ... QYHhm5.txt


Pour ESET, je n'ai pas vu de rapport, une fois l analyse terminée une fenetre s'est ouverte c'etait les "additional information"

comment puis je le recupurer???

MERCI BEAUCOUP

BONNE SOIREE
Sophie.d
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 17
Inscription: 30 Sep 2011 17:12
 

Re: VIRUS W2/ MALWARE! GEMINI

Message le 08 Oct 2011 10:23

Bonjour , :)

Désolé de ma réponse tardive...
Nod32 a t'il trouvé des infection ? Tempi pour le rapport :/

Comment se comporte le pc à présent ?

1-Refaite un Scan avec votre Antivirus
2-Pouvez-vous refaire un ZHPDiag svp...

Bonne journée ! ;)
Avatar de l'utilisateur
Del-crosseur
Expert(e)
Expert(e)
 
Messages: 1833
Inscription: 08 Juin 2009 06:46
Localisation: Nord-(59)
 

Re: VIRUS W2/ MALWARE! GEMINI

Message le 12 Oct 2011 11:46

Bonjours, dsl moi aussi pour la lenteur de la réponse,
en fait après un nettoyage ZHP explorer.exe a planté, je n'avais plus rien sur l'ecran au moment du démarrage, je viens seulement de restaurer le système.
J'ai refais une analyse AVG et il n'a détecté aucun virus, mais meme si je n'ai plus de virus, je ne peux toujours pas telecharger via megaupload ou fileserves car ils me disent que j'ai dépassé la limite de télécharger..!!!!
je vais refaire un ZHPdiag comme prévu
Sophie.d
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 17
Inscription: 30 Sep 2011 17:12
 

Suivante


Sujets similaires

Message [Réglé] choix anti virus
bonjour a tous, je viens de changer mon pc et j'aimerai vos avis sur le choix de l anti virus.
Réponses: 8

Message HELP je pense avoir un virus
Bonsoir,Première fois que ce genre de chose m'arrive, j'ai d'abord été hackée sur Instagram, pensant que ca s'arrêterait làEnsuite ca a été au tour de STEAM malgré le steam guard ( identification à 2 facteurs) puis Linkedin !! Je n'ai eu aucune alerte de connexion, que ce soit par sms ou email !! J' ...
Réponses: 12

Message Aide suite à une analyse FRST contre un virus vbc.exe
Bonjour tout le monde, J'ai récemment constaté que j'étais infecté par un virus lié à vbc.exe, ce qui entraîne une utilisation du CPU allant jusqu'à 30% voire 40%. J'ai donc effectué mes analyses FRST et voici les rapports obtenus : - FRST.txt: https://pjjoint.malekal.com/files.php?id=FRST_20240315_ ...
Réponses: 3

Message [Réglé] Petite vérification virus
Salut Heravles ,Merci et bonne année a toi également et aussi a toute ta famille.Oui désolé j'ai pas fais attention quand j'ai téléchargé le logiciel alors que je sais très bien qu'il fallait le faire sur le bureau. Je ferais plus attention la prochaine fois.Nickel si mon Pc et pas infecté.Je t'envo ...
Réponses: 5

Message 22h2 bogues tpm et centre de sécurité: virus?
Salut,J'ai refait iso et formaté override le disque. Un reset électrique du PC.Je suis sur W11 PRO 64 v22621.525 (même bogue sur la première iso 22h2 fournie par Microsoft en 22621.382).WU est désactivé avant connexion a internet via gpedit.msc.J'ai installé à neuf en compte local. J'installe sans i ...
Réponses: 17

Message anti virus gratuit
Bonjour,Avez-vous un anti virus nettoyeur gratuit en français a me conseiller pour mon j3 2016 samsung.Cordialement.
Réponses: 3

Message Des VIRUS (encore ?)
Bonjour Bernard,merci pour ton aide, j'ai donc supprimé les logiciels adobe que j'avais cracké,voici les nouvelles analyses:Addition : https://cjoint.com/c/LKduLSQQmLnFRST : https://cjoint.com/c/LKduNhgM1vnShortcut : https://cjoint.com/c/LKduNycdWwnCordialement
Réponses: 7


Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 16 invités


.: Nous contacter :: Flux RSS :: Données personnelles :.