Forum-seven : Communauté francaise de Windows 7

salut

voici les symptomes :
pc portable
lenteur + rond de recherche qui s'affiche en permanence
je ne sais pas dire si c'est que la connexion internet ou tout le pc
je le sens un peu chaud dessous
utilisation de l'uc anormalement elevée + firefox 120 Meg pr un ou 2 onglets ouverts .....
test complet antiviR ok
AD-Remover aussi effectué
avant de fouiller + loin je joins le hijack (que je ne sais pas lire)

merci davance







Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:14:39, on 12/04/2011
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: setuprog Toolbar - {f4ef4468-9bbb-45a1-a2ce-f0c430a9a7e5} - C:\Program Files\Setuprog\prxtbSet0.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: setuprog - {f4ef4468-9bbb-45a1-a2ce-f0c430a9a7e5} - C:\Program Files\Setuprog\prxtbSet0.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: setuprog Toolbar - {f4ef4468-9bbb-45a1-a2ce-f0c430a9a7e5} - C:\Program Files\Setuprog\prxtbSet0.dll
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\M.......\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Envoyer à OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Afficher ou masquer l'HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.m...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

--
End of file - 5378 bytes

je rajoute le rapport ZHPDiag :

Rapport de ZHPDiag v1.28.1313 par Nicolas Coolman, Update du 05/08/2011
Run by .......at 07/08/2011 17:51:16
Web site : ZHPDiag Outil de diagnostic


---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 5.0 v
GCIE: Google Chrome v13.0.782.107 (Defaut)

---\\ Windows Product Information
Windows 7 Ultimate Edition, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : Absent (Not found)
Windows ID Activation : Inconnue (Unknown)
Windows Licence : Inconnue (Unknown)
Software Protection Service (Protection logicielle) : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System Information
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3067 MB (56% free)
System Restore: Activé (Enable)
System drive C: has 36 GB (63%) free of 56 GB

---\\ Logged in mode
~ Computer Name: -PC
~ User Name:
~ All Users Names: , Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O82
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\\AppData\Roaming\
~ %Desktop% : C:\Users\\Desktop\
~ %Favorites% : C:\Users\\Favorites\
~ %LocalAppData% : C:\Users\\AppData\Local\
~ %StartMenu% : C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\system32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 36 Go of 56 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 100 Go of 232 Go)
E:\ Hard drive, Flash drive, Thumb drive (Free 1 Go of 1 Go)
F:\ Hard drive, Flash drive, Thumb drive (Free 1 Go of 9 Go)
G:\ CD-ROM drive (Not Inserted)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] WarnOnHTTPSToHTTPRedirect: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SYSTEM\CurrentControlSet\Services] wscsvc : OK
~ Scan Security Center in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.28/04/2011 - 07:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (....) (.14/07/2009 - 03:14:31.) -- C:\Windows\system32\rundll32.exe [44544]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 03:14:45.) -- C:\Windows\system32\Wininit.exe [96256]
[MD5.A1236375B74EA63C75657D564890C436] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.16/03/2011 - 22:41:18.) -- C:\Windows\system32\wininet.dll [1126912]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.29/03/2011 - 14:17:54.) -- C:\Windows\system32\Winlogon.exe [286720]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 03:26:15.) -- C:\Windows\system32\drivers\atapi.sys [21584]
[MD5.81189C3D7763838E55C397759D49007A] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.28/04/2011 - 07:39:00.) -- C:\Windows\system32\drivers\ntfs.sys [1211264]
[MD5.D41D8CD98F00B204E9800998ECF8427E] - (....) (.29/03/2011 - 00:00:00.) -- C:\Windows\system32\sppcomapi.dll [193536]
[MD5.4A1DDEFCD5C41BFABF2AFE14AE5D91CF] - (....) (.27/04/2011 - 23:32:24.) -- C:\Windows\system32\fr-FR\user32.dll.mui [20480]
~ Scan Generic Processes in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/34
~ Mes Favoris (My Favorites) : 3/26
~ Mes Documents (My Documents) : 1/17
~ Mon Bureau (My Desktop) : 0/15
~ Menu demarrer (Programs) : 6/33
~ Scan Hidden Files in 00mn 00s



---\\ Processus lancés
[MD5.75B2B53A5A75087D48ADE7C1CEBC3687] - (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904]
[MD5.FE7CE849DB8C3986B2E721C6A3184FAA] - (. Hewlett-Packard Development Company, L.P. - Quick Launch Buttons.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe [287800]
[MD5.27BECC2AF4E3ABF31B1E8214A7EFDD9E] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512]
[MD5.9D5E8B45BD348DF0882C69EED0E83111] - (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [281768]
[MD5.2F0EAAF91FC7A5C70D1F4BE9B18A1CF5] - (.Microsoft Corporation - Pense-bête.) -- C:\Windows\System32\StikyNot.exe [354304]
[MD5.001B2CD2D45BC59575BA0F1A4A997682] - (. Hewlett-Packard Development Company, L.P. - Volume related element.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe [76856]
[MD5.9CCA0C387F6E6A1D5CFEF82992DC601C] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [103720]
[MD5.0DE3C7622EC33126579B1742260F08C2] - (.Pas de propriétaire - HpqToaster Module.) -- C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe [632888]
[MD5.CA6DB5CB169E09209D0BA380E398D87B] - (.Microsoft Corporation - Microsoft Outlook.) -- C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE [15889248]
[MD5.E8CF6556E37BAD500F763B1DEF8780BC] - (.Google Inc. - Google Chrome.) -- C:\Users\\AppData\Local\Google\Chrome\Application\chrome.exe [1017912]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- C:\Windows\system32\rundll32.exe [44544]
[MD5.12FDBDA5759C7A19F57799F91F9F97A4] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [664064]
~ Scan Processes Running in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] None
G2 - GCE: Preference [User Data\Default] [beffmlbcbemlhacdkgniohbbamiogdkh] View Theme (Aero) v.2.0 (Activé)
~ Scan Google Browser in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\lv6tf6wp.default\prefs.js
M3 - MFPP: Plugins - [] -- C:\Program Files\Mozilla FireFox\searchplugins\amazon-france.xml
M3 - MFPP: Plugins - [] -- C:\Program Files\Mozilla FireFox\searchplugins\bing.xml
M3 - MFPP: Plugins - [] -- C:\Program Files\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml
M3 - MFPP: Plugins - [] -- C:\Program Files\Mozilla FireFox\searchplugins\eBay-france.xml
M3 - MFPP: Plugins - [] -- C:\Program Files\Mozilla FireFox\searchplugins\fcmdSrch.xml
M3 - MFPP: Plugins - [] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml
M3 - MFPP: Plugins - [] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-fr.xml
M3 - MFPP: Plugins - [] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-france.xml
M0 - MFSP: prefs.js [- lv6tf6wp.default] Google
P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - np-mswmp.) -- C:\Program Files\Mozilla Firefox\Plugins\np-mswmp.dll
P2 - FPN:Firefox Plugin Navigator . (.Sun Microsystems, Inc. - NPRuntime Script Plug-in Library for Java™ Deploy.) -- C:\Program Files\Mozilla Firefox\Plugins\npdeployJava1.dll
P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - 2.0.0048.0.) -- C:\Program Files\Mozilla Firefox\Plugins\npOGAPlugin.dll
P2 - FPN:Firefox Plugin Navigator . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.0.) -- C:\Program Files\Mozilla Firefox\Plugins\nppdf32.dll
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\system32\Macromed\Flash\NPSWF32.dll
P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_26 for Mozilla browsers.) -- C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.60531.0.) -- C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
P2 - FPN: [HKLM] [@microsoft.com/OfficeAuthz,version=14.0] - (.Microsoft Corporation - Office Authorization plug-in for NPAPI browsers.) -- C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.dll
P2 - FPN: [HKLM] [@microsoft.com/SharePoint,version=14.0] - (.Microsoft Corporation - The plug-in allows you to open and edit files using Microsoft Office a.) -- C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.dll
P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=15.4.3502.0922] - (...) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (.not file.)
P2 - FPN: [HKLM] [Adobe Reader] - (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.0.) -- C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Users\\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll
P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Users\\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll
~ Scan Firefox Browser in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport
R0 - HKUS\S-1-5-21-2218891609-2992209685-1648886966-1000\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Microsoft Corporation
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Microsoft Corporation
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R3 - URLSearchHook: (no name) - {f4ef4468-9bbb-45a1-a2ce-f0c430a9a7e5} . (...) (No version) -- (.not file.)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)) -- C:\Windows\System32\ieframe.dll
R3 - URLSearchHook: (no name) - {f4ef4468-9bbb-45a1-a2ce-f0c430a9a7e5} . (...) (No version) -- (.not file.)
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1
~ Scan IE Browser in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Scan Proxy management in 00mn 00s



---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=C:\Windows\system32\SystemPropertiesPerformance.exe
~ Scan Keys in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Scan Hosts File in 00mn 00s



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} . (.Microsoft Corporation - Microsoft SharePoint Workspace Extensions.) -- C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} . (.Microsoft Corporation - Windows Live Messenger Companion Core.) -- C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} . (.Microsoft Corporation - Microsoft Office Document Cache Handler.) -- C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java™ Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll
~ Scan BHO in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - {f4ef4468-9bbb-45a1-a2ce-f0c430a9a7e5} . (...) -- (.not file.)
~ Scan Toolbar in 00mn 00s



---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [IAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] . (. Hewlett-Packard Development Company, L.P. - Quick Launch Buttons.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avgnt] . (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Pense-bête.) -- C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-21-2218891609-2992209685-1648886966-1000\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Pense-bête.) -- C:\Windows\System32\StikyNot.exe
O4 - HKUS\S-1-5-21-2218891609-2992209685-1648886966-1000\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
~ Scan Application in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\\Desktop\013 NetVision.lnk - Clé orpheline
O4 - Global Startup: C:\Users\\Desktop\Calculator.lnk . (.Microsoft Corporation.) -- C:\Windows\System32\calc.exe
O4 - Global Startup: C:\Users\\Desktop\FOREX.lnk . (...) -- D:\Document De Meir\Documents\FOREX
O4 - Global Startup: C:\Users\\Desktop\Ma musique.lnk . (...) -- D:\Document De Meir\Music
O4 - Global Startup: C:\Users\\Desktop\Maasser 1.xls.lnk . (...) -- D:\Document De Meir\Documents\Divers\Maasser 1.xls
O4 - Global Startup: C:\Users\\Desktop\MES DOCUMENTS.lnk . (...) -- D:\Document De Meir\Documents
O4 - Global Startup: C:\Users\\Desktop\Mes images.lnk . (...) -- D:\Document De Meir\Pictures
O4 - Global Startup: C:\Users\\Desktop\Mes vidéos.lnk . (...) -- D:\Document De Meir\Videos
O4 - Global Startup: C:\Users\\Desktop\OTSAR HAHOKHMA.lnk . (...) -- D:\Document De Meir\Documents\OTSAR HAHOKHMA
O4 - Global Startup: C:\Users\\Desktop\Rabbanith HALFER.lnk . (...) -- D:\Document De Meir\Documents\Hinoukh\Rabbanith HALFER
O4 - Global Startup: C:\Users\\Desktop\Rav Guershon CAHEN chlita.lnk . (...) -- D:\Document De Meir\Documents\Rav Guershon CAHEN chlita
O4 - Global Startup: C:\Users\\Desktop\Revo Uninstaller.lnk . (.VS Revo Group.) -- C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
O4 - Global Startup: C:\Users\\Desktop\úåøú àîú - 274.lnk . (...) -- C:\Program Files\úåøú àîú - 274\bh3.exe
O4 - Global Startup: C:\Users\\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk . (.Microsoft Corporation.) -- C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
O4 - Global Startup: C:\Users\\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Program Files\Mozilla Firefox\firefox.exe
~ Scan Global Startup in 00mn 00s



---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: &Envoyer à OneNote . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll
O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Excel.) -- C:\PROGRA~1\MICROS~2\Office14\EXCEL.exe
~ Scan IE Menu Contextuel in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} . (.Microsoft Corporation - Windows Live Messenger Companion core resources.) -- C:\Program Files\Windows Live\Companion\companion
O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll
O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\PROGRA~1\MICROS~2\Office14\ONBTTN~1.dll
~ Scan IE Extra Buttons in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d’affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Windows Sockets Helper DLL.) -- C:\Windows\system32\wshbth.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll
O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll
O10 - WLSP:\000000000008\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
O10 - WLSP:\000000000009\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
~ Scan Winsock in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.m...ash/swflash.cab
~ Scan Objets ActiveX in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA76E732-EAD9-42BA-85E8-B70B7E3AED3E}: NameServer = 212.143.212.143 194.90.1.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{21FFF372-3D56-465E-B9A5-D9AE0E3D30E1}: DhcpNameServer = 192.168.101.102 192.168.101.101
O17 - HKLM\System\CCS\Services\Tcpip\..\{500BD800-EAD5-42B8-B245-2B1C7ED6B50C}: DhcpNameServer = 10.100.102.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{CA76E732-EAD9-42BA-85E8-B70B7E3AED3E}: NameServer = 212.143.212.143 194.90.1.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{21FFF372-3D56-465E-B9A5-D9AE0E3D30E1}: DhcpNameServer = 192.168.101.102 192.168.101.101
O17 - HKLM\System\CS1\Services\Tcpip\..\{500BD800-EAD5-42B8-B245-2B1C7ED6B50C}: DhcpNameServer = 10.100.102.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{CA76E732-EAD9-42BA-85E8-B70B7E3AED3E}: NameServer = 212.143.212.143 194.90.1.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{21FFF372-3D56-465E-B9A5-D9AE0E3D30E1}: DhcpNameServer = 192.168.101.102 192.168.101.101
O17 - HKLM\System\CS2\Services\Tcpip\..\{500BD800-EAD5-42B8-B245-2B1C7ED6B50C}: DhcpNameServer = 10.100.102.1
~ Scan Domain in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll
O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\msvidctl.dll
O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll
O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll
O18 - Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files\Windows Live\Messenger\msgrapp.dll
O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll
O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\system32\inetcomm.dll
O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} . (.Microsoft Corporation - Microsoft® Help Data Services Module.) -- C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll
O18 - Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files\Windows Live\Messenger\msgrapp.dll
O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll
O18 - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} . (.Skype Technologies - Skype for COM API.) -- C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\msvidctl.dll
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\system32\mscoree.dll
O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\system32\mscoree.dll
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\system32\mscoree.dll
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
~ Scan Protocole Additionnel in 00mn 00s



---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
~ Scan SSODL in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: (AMD External Events Utility) . (.AMD - AMD External Events Service Module.) - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) . (.Avira GmbH - Antivirus Scheduler.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) . (.Avira GmbH - Antivirus On-Access Service.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Blue Coat K9 Web Protection (bckwfs) . (.Blue Coat Systems, Inc. - K9 Web Protection Filter.) - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
O23 - Service: Com4QLBEx (Com4QLBEx) . (.Hewlett-Packard Development Company, L.P. - Com for QLB application.) - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: HP Service (hpsrv) . (.Hewlett-Packard Company - HpService.) - C:\Windows\system32\Hpservice.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) . (.Intel Corporation - RAID Monitor.) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
~ Scan Services in 00mn 00s



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) - (.not file.)
~ Scan Desktop Component in 00mn 00s


---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2218891609-2992209685-1648886966-1000Core.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2218891609-2992209685-1648886966-1000UA.job
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskUserS-1-5-21-2218891609-2992209685-1648886966-1000Core] (.Google Inc..) -- C:\Users\\AppData\Local\Google\Update\GoogleUpdate.exe
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskUserS-1-5-21-2218891609-2992209685-1648886966-1000UA] (.Google Inc..) -- C:\Users\\AppData\Local\Google\Update\GoogleUpdate.exe
[MD5.00000000000000000000000000000000] [APT] [RunAsStdUser Task] (...) -- C:\Program Files\Nosibay\Widget LEquipe.fr\LWidget LEquipe.fr.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{D46B35A4-440C-4362-BB22-677C4191B7CB}] (...) -- C:\Program Files\Skype\Phone\Skype.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [First Boot] (...) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe (.not file.)
~ Scan Scheduled Task in 00mn 01s



---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: C:\Windows\system32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (avipbb) . (.Avira GmbH - Avira Driver for Security Enhancement.) - C:\Windows\system32\DRIVERS\avipbb.sys
O41 - Driver: (bckd) . (.Blue Coat Systems, Inc. - K9 Web Protection Driver.) - C:\Windows\system32\drivers\bckd.sys
O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\system32\DRIVERS\blbdrive.sys
O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\system32\drivers\cdrom.sys
O41 - Driver: C:\Windows\system32\cscsvc.dll (CSC) . (.Microsoft Corporation - Windows Client Side Caching Driver.) - C:\Windows\system32\drivers\csc.sys
O41 - Driver: C:\Windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\system32\Drivers\dfsc.sys
O41 - Driver: C:\Windows\system32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\system32\drivers\discache.sys
O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\system32\drivers\mssmbios.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\system32\DRIVERS\netbios.sys
O41 - Driver: C:\Windows\system32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\system32\DRIVERS\netbt.sys
O41 - Driver: C:\Windows\system32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\system32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\system32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\system32\DRIVERS\pacer.sys
O41 - Driver: C:\Windows\system32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\Windows\system32\DRIVERS\rdbss.sys
O41 - Driver: C:\Windows\system32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\system32\DRIVERS\RDPCDD.sys
O41 - Driver: C:\Windows\system32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\system32\drivers\rdpencdd.sys
O41 - Driver: C:\Windows\system32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\system32\drivers\rdprefmp.sys
O41 - Driver: (ssmdrv) . (.Avira GmbH - AVIRA SnapShot Driver.) - C:\Windows\system32\DRIVERS\ssmdrv.sys
O41 - Driver: C:\Windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\system32\DRIVERS\tdx.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\system32\drivers\termdd.sys
O41 - Driver: (VClone) . (. - .) - C:\Windows\system32\DRIVERS\VClone.sys (.not file.)
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver: (vwififlt) . (.Microsoft Corporation - Virtual WiFi Filter Driver.) - C:\Windows\system32\DRIVERS\vwififlt.sys
O41 - Driver: C:\Windows\system32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\system32\DRIVERS\wanarp.sys
O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\system32\DRIVERS\wfplwf.sys
~ Scan Drivers in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Avira AntiVir Personal - Free Antivirus - (.Avira GmbH.) [HKLM] -- Avira AntiVir Desktop
O42 - Logiciel: Blue Coat K9 Web Protection 4.2.123 - (.Blue Coat Systems, Inc..) [HKLM] -- Blue Coat K9 Web Protection
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner
O42 - Logiciel: Definition update for Microsoft Office 2010 (KB982726) - (.Microsoft.) [HKLM] -- {90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2FD3FD50-4D6B-433B-9AB8-83F04675DA44}
O42 - Logiciel: Defraggler - (.Piriform.) [HKLM] -- Defraggler
O42 - Logiciel: Easy CD-DA Extractor 12 - (.Poikosoft.) [HKLM] -- Easy CD-DA Extractor 12
O42 - Logiciel: FXCM Trading Station - (.Pas de propriétaire.) [HKCU] -- FXCM Trading Station
O42 - Logiciel: GoToMeeting 4.8.0.723 - (.CitrixOnline.) [HKCU] -- GoToMeeting
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKCU] -- Google Chrome
O42 - Logiciel: HD Tune 2.55 - (.EFD Software.) [HKLM] -- HD Tune_is1
O42 - Logiciel: HP Quick Launch Buttons - (.Hewlett-Packard.) [HKLM] -- {34D2AB40-150D-475D-AE32-BD23FB5EE355}
O42 - Logiciel: Intel® Matrix Storage Manager - (.Intel Corporation.) [HKLM] -- {9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}
O42 - Logiciel: Logiciel d'archivage WinRAR - (.Pas de propriétaire.) [HKLM] -- WinRAR archiver
O42 - Logiciel: Malwarebytes' Anti-Malware version 1.51.1.1800 - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile
O42 - Logiciel: Microsoft Office Professionnel Plus 2010 - (.Microsoft Corporation.) [HKLM] -- Office14.PROPLUS
O42 - Logiciel: Module linguistique Microsoft .NET Framework 4 Client Profile FRA - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile FRA Language Pack
O42 - Logiciel: Mozilla Firefox 5.0 (x86 fr) - (.Mozilla.) [HKLM] -- Mozilla Firefox 5.0 (x86 fr)
O42 - Logiciel: Revo Uninstaller 1.92 - (.VS Revo Group.) [HKLM] -- Revo Uninstaller
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2446708
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2478663
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2518870
O42 - Logiciel: Security Update for Microsoft Excel 2010 (KB2523021) - (.Microsoft.) [HKLM] -- {90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{AA9E4C48-857D-4558-A4F4-343CA7680277}
O42 - Logiciel: Security Update for Microsoft InfoPath 2010 (KB2510065) - (.Microsoft.) [HKLM] -- {90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3C6C6854-EB6B-455C-B0A6-9871F0538028}
O42 - Logiciel: Security Update for Microsoft Office 2010 (KB2289078) - (.Microsoft.) [HKLM] -- {90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{1D1A4F08-2F17-475B-BA72-476CE5992FEE}
O42 - Logiciel: Security Update for Microsoft Office 2010 (KB2289161) - (.Microsoft.) [HKLM] -- {90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F134C2C6-30B3-4169-A325-58482B4CE6FC}
O42 - Logiciel: Security Update for Microsoft PowerPoint 2010 (KB2519975) - (.Microsoft.) [HKLM] -- {90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{45D7C5CD-B967-44AF-9DAB-E5C8545558AD}
O42 - Logiciel: Security Update for Microsoft Publisher 2010 (KB2409055) - (.Microsoft.) [HKLM] -- {90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{C3C277D5-36E3-4B1A-926A-175B2BC019CF}
O42 - Logiciel: Security Update for Microsoft Word 2010 (KB2345000) - (.Microsoft.) [HKLM] -- {90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{A6D422EE-1196-45EE-B9AE-6B5B64975E8B}
O42 - Logiciel: Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2478663) - (.Microsoft Corporation.) [HKLM] -- {0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}.KB2478663
O42 - Logiciel: Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2518870) - (.Microsoft Corporation.) [HKLM] -- {0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}.KB2518870
O42 - Logiciel: Update for Microsoft Office 2010 (KB2202188) - (.Microsoft.) [HKLM] -- {90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{86B7A074-265D-420C-9E1E-7A920EF0ECA7}
O42 - Logiciel: Update for Microsoft Office 2010 (KB2413186) - (.Microsoft.) [HKLM] -- {90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{556146F7-74AE-4E0A-B64F-5B8B93469F61}
O42 - Logiciel: Update for Microsoft Office 2010 (KB2413186) - (.Microsoft.) [HKLM] -- {90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B5516874-E926-4BFD-B412-D0E70112F244}
O42 - Logiciel: Update for Microsoft Office 2010 (KB2413186) - (.Microsoft.) [HKLM] -- {90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{D6CE7280-6EE3-419A-8F47-DB111C040B1B}
O42 - Logiciel: Update for Microsoft Office 2010 (KB2494150) - (.Microsoft.) [HKLM] -- {90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}
O42 - Logiciel: Update for Microsoft Office 2010 (KB2523113) - (.Microsoft.) [HKLM] -- {90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{C0FF04BF-A05E-408B-81CA-B7FACDA508A3}
O42 - Logiciel: Update for Microsoft OneNote 2010 (KB2493983) - (.Microsoft.) [HKLM] -- {90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{309EEC22-83CE-4109-B019-BA9392FAA322}
O42 - Logiciel: Update for Microsoft Outlook Social Connector (KB2441641) - (.Microsoft.) [HKLM] -- {90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{A10DC2B7-6FDA-4C17-9DF0-6A834CAC4306}
O42 - Logiciel: Windows Live - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite
O42 - Logiciel: úåøú àîú - 274 - (.Pas de propriétaire.) [HKLM] -- úåøú àîú - 274

..... la suite :





---\\ HKCU & HKLM Software Keys
[HKCU\Software\ALWIL Software]
[HKCU\Software\Adobe]
[HKCU\Software\AppDataLow\Software\Microsoft]
[HKCU\Software\AppDataLow\Software\Monitored]
[HKCU\Software\AppDataLow\Software\Setuprog]
[HKCU\Software\AppDataLow\Software\settings]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow]
[HKCU\Software\Avira]
[HKCU\Software\BitDefender]
[HKCU\Software\Citrix]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\EasyBits]
[HKCU\Software\Google]
[HKCU\Software\Hewlett-Packard]
[HKCU\Software\IM Providers]
[HKCU\Software\JavaSoft]
[HKCU\Software\Macromedia]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\MetaQuotes Software]
[HKCU\Software\MimarSinan]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Mozilla]
[HKCU\Software\NCH Software]
[HKCU\Software\NCH Swift Sound]
[HKCU\Software\Netscape]
[HKCU\Software\ODBC]
[HKCU\Software\Piriform]
[HKCU\Software\Poikosoft]
[HKCU\Software\Policies]
[HKCU\Software\Skype]
[HKCU\Software\Synaptics]
[HKCU\Software\VSRevoGroup]
[HKCU\Software\WH SELFINVEST]
[HKCU\Software\WinRAR SFX]
[HKCU\Software\WinRAR]
[HKCU\Software\YahooPartnerToolbar]
[HKCU\Software\cacaoweb]
[HKCU\Software\yahooinstall]
[HKLM\Software\ALWIL Software]
[HKLM\Software\AMD]
[HKLM\Software\ATI Technologies]
[HKLM\Software\Adobe]
[HKLM\Software\Agere]
[HKLM\Software\Avira]
[HKLM\Software\Blue Coat Systems]
[HKLM\Software\CandleWorks]
[HKLM\Software\Caphyon]
[HKLM\Software\Citrix]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\Google]
[HKLM\Software\HPQLOG]
[HKLM\Software\HPQ]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\InstalledOptions]
[HKLM\Software\Intel]
[HKLM\Software\JavaSoft]
[HKLM\Software\JreMetrics]
[HKLM\Software\LSI]
[HKLM\Software\Licenses]
[HKLM\Software\Macromedia]
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\MimarSinan]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\ODBC]
[HKLM\Software\Piriform]
[HKLM\Software\Poikosoft]
[HKLM\Software\Policies]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\Setuprog]
[HKLM\Software\Siemens]
[HKLM\Software\Sonic]
[HKLM\Software\Synaptics]
[HKLM\Software\TrendMicro]
[HKLM\Software\Uniblue]
[HKLM\Software\Volatile]
[HKLM\Software\WinRAR]
[HKLM\Software\Windows]
[HKLM\Software\X-AVCSD]
[HKLM\Software\mozilla.org]
[HKLM\Software\tueagles]
~ Scan Softwares in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 21/06/2011 - 10:39:06 - [164206100] ----D- C:\Program Files\Adobe
O43 - CFD: 12/04/2011 - 01:23:28 - [137568206] ----D- C:\Program Files\Avira
O43 - CFD: 01/08/2011 - 09:26:16 - [28220761] ----D- C:\Program Files\Blue Coat K9 Web Protection
O43 - CFD: 21/06/2011 - 10:19:52 - [332288] ----D- C:\Program Files\CableConnect
O43 - CFD: 22/02/2011 - 12:01:20 - [40828882] ----D- C:\Program Files\Candleworks
O43 - CFD: 04/08/2011 - 10:56:08 - [4068448] ----D- C:\Program Files\CCleaner
O43 - CFD: 29/03/2011 - 22:18:46 - [19719460] ----D- C:\Program Files\Citrix
O43 - CFD: 01/08/2011 - 12:00:02 - [493628154] ----D- C:\Program Files\Common Files
O43 - CFD: 22/04/2011 - 13:39:22 - [4176624] ----D- C:\Program Files\Defraggler
O43 - CFD: 29/03/2011 - 02:26:58 - [83226644] ----D- C:\Program Files\DVD Maker
O43 - CFD: 17/03/2011 - 14:55:44 - [12148002] ----D- C:\Program Files\Easy CD-DA Extractor 12
O43 - CFD: 19/04/2011 - 22:49:58 - [0] ----D- C:\Program Files\Elaborate Bytes
O43 - CFD: 22/02/2011 - 12:08:26 - [0] -SH-D- C:\Program Files\Fichiers communs
O43 - CFD: 28/03/2011 - 19:42:48 - [1294055] ----D- C:\Program Files\HD Tune
O43 - CFD: 19/04/2011 - 22:45:00 - [33910700] ----D- C:\Program Files\Hewlett-Packard
O43 - CFD: 19/04/2011 - 22:42:36 - [52558910] ----D- C:\Program Files\HP
O43 - CFD: 29/03/2011 - 00:00:26 - [7816391] --H-D- C:\Program Files\InstallShield Installation Information
O43 - CFD: 28/03/2011 - 18:30:36 - [48648859] ----D- C:\Program Files\Intel
O43 - CFD: 15/06/2011 - 21:42:14 - [5175108] ----D- C:\Program Files\Internet Explorer
O43 - CFD: 15/06/2011 - 21:46:30 - [88550924] ----D- C:\Program Files\Java
O43 - CFD: 28/07/2011 - 15:39:10 - [7009806] ----D- C:\Program Files\Malwarebytes' Anti-Malware
O43 - CFD: 29/07/2011 - 01:15:18 - [0] ----D- C:\Program Files\Microsoft
O43 - CFD: 23/03/2011 - 23:45:08 - [39848379] ----D- C:\Program Files\Microsoft Analysis Services
O43 - CFD: 14/07/2009 - 12:01:22 - [147813426] ----D- C:\Program Files\Microsoft Games
O43 - CFD: 23/03/2011 - 23:49:14 - [990167592] ----D- C:\Program Files\Microsoft Office
O43 - CFD: 15/06/2011 - 21:43:20 - [38411899] ----D- C:\Program Files\Microsoft Silverlight
O43 - CFD: 10/05/2011 - 14:13:58 - [1805760] ----D- C:\Program Files\Microsoft SQL Server Compact Edition
O43 - CFD: 23/03/2011 - 23:49:14 - [793991] ----D- C:\Program Files\Microsoft Sync Framework
O43 - CFD: 23/03/2011 - 23:49:42 - [326800] ----D- C:\Program Files\Microsoft Synchronization Services
O43 - CFD: 23/03/2011 - 23:47:24 - [1378033] ----D- C:\Program Files\Microsoft Visual Studio 8
O43 - CFD: 23/03/2011 - 23:49:14 - [8167779] ----D- C:\Program Files\Microsoft.NET
O43 - CFD: 27/06/2011 - 14:05:20 - [35651008] ----D- C:\Program Files\Mozilla Firefox
O43 - CFD: 23/03/2011 - 23:50:12 - [26521] ----D- C:\Program Files\MSBuild
O43 - CFD: 29/07/2011 - 13:14:58 - [6395439] ----D- C:\Program Files\MSECache
O43 - CFD: 13/07/2011 - 23:08:52 - [0] ----D- C:\Program Files\MSXML 4.0
O43 - CFD: 14/07/2009 - 07:52:32 - [39159041] ----D- C:\Program Files\Reference Assemblies
O43 - CFD: 28/03/2011 - 18:54:44 - [165912] ----D- C:\Program Files\SCM Microsystems
O43 - CFD: 28/03/2011 - 18:55:20 - [28064873] ----D- C:\Program Files\Synaptics
O43 - CFD: 20/06/2011 - 21:55:58 - [3123] ----D- C:\Program Files\ToratEmetUserData
O43 - CFD: 11/04/2011 - 23:56:38 - [1197493] ----D- C:\Program Files\Trend Micro
O43 - CFD: 14/07/2009 - 07:53:24 - [0] --H-D- C:\Program Files\Uninstall Information
O43 - CFD: 22/02/2011 - 11:40:08 - [6812742] ----D- C:\Program Files\VS Revo Group
O43 - CFD: 29/03/2011 - 02:26:56 - [3050496] ----D- C:\Program Files\Windows Defender
O43 - CFD: 29/03/2011 - 02:26:58 - [7013496] ----D- C:\Program Files\Windows Journal
O43 - CFD: 28/07/2011 - 19:54:48 - [108086664] ----D- C:\Program Files\Windows Live
O43 - CFD: 29/03/2011 - 02:26:58 - [6181376] ----D- C:\Program Files\Windows Mail
O43 - CFD: 29/03/2011 - 02:26:58 - [6604034] ----D- C:\Program Files\Windows Media Player
O43 - CFD: 22/02/2011 - 12:08:26 - [12197556] ----D- C:\Program Files\Windows NT
O43 - CFD: 29/03/2011 - 02:26:58 - [4417800] ----D- C:\Program Files\Windows Photo Viewer
O43 - CFD: 29/03/2011 - 02:26:58 - [189952] ----D- C:\Program Files\Windows Portable Devices
O43 - CFD: 29/03/2011 - 02:26:58 - [6683807] ----D- C:\Program Files\Windows Sidebar
O43 - CFD: 22/02/2011 - 12:04:24 - [5253970] ----D- C:\Program Files\WinRAR
O43 - CFD: 07/08/2011 - 17:51:18 - [4002525] ----D- C:\Program Files\ZHPDiag
O43 - CFD: 20/06/2011 - 21:55:40 - [270728709] ----D- C:\Program Files\úåøú àîú - 274
O43 - CFD: 21/06/2011 - 10:39:12 - [3606170] ----D- C:\Program Files\Common Files\Adobe
O43 - CFD: 23/03/2011 - 23:49:40 - [99136] ----D- C:\Program Files\Common Files\DESIGNER
O43 - CFD: 29/03/2011 - 00:28:02 - [344576] ----D- C:\Program Files\Common Files\Hewlett-Packard
O43 - CFD: 29/03/2011 - 20:02:00 - [96932] ----D- C:\Program Files\Common Files\HP
O43 - CFD: 15/06/2011 - 21:46:48 - [1258951] ----D- C:\Program Files\Common Files\Java
O43 - CFD: 28/07/2011 - 19:49:36 - [251039930] ----D- C:\Program Files\Common Files\microsoft shared
O43 - CFD: 01/08/2011 - 12:00:02 - [901120] ----D- C:\Program Files\Common Files\Nosibay
O43 - CFD: 14/07/2009 - 05:37:06 - [2702] ----D- C:\Program Files\Common Files\Services
O43 - CFD: 06/04/2011 - 12:38:14 - [2254216] ----D- C:\Program Files\Common Files\Skype
O43 - CFD: 14/07/2009 - 05:37:06 - [41103783] ----D- C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 23/03/2011 - 23:45:48 - [14410601] ----D- C:\Program Files\Common Files\System
O43 - CFD: 14/04/2011 - 21:22:48 - [178510037] ----D- C:\Program Files\Common Files\Windows Live
O43 - CFD: 21/06/2011 - 10:39:08 - [479] ----D- C:\ProgramData\Adobe
O43 - CFD: 22/02/2011 - 11:15:24 - [2790253] ----D- C:\ProgramData\Alwil Software
O43 - CFD: 14/07/2009 - 07:53:56 - [0] -SH-D- C:\ProgramData\Application Data
O43 - CFD: 12/04/2011 - 01:23:28 - [814936421] ----D- C:\ProgramData\Avira
O43 - CFD: 08/05/2011 - 19:16:10 - [0] ----D- C:\ProgramData\Babylon
O43 - CFD: 22/02/2011 - 12:08:26 - [0] -SH-D- C:\ProgramData\Bureau
O43 - CFD: 14/07/2009 - 07:53:56 - [0] -SH-D- C:\ProgramData\Desktop
O43 - CFD: 14/07/2009 - 07:53:56 - [0] -SH-D- C:\ProgramData\Documents
O43 - CFD: 17/03/2011 - 14:55:42 - [14511] ----D- C:\ProgramData\Easy CD-DA Extractor
O43 - CFD: 22/02/2011 - 12:08:26 - [0] -SH-D- C:\ProgramData\Favoris
O43 - CFD: 14/07/2009 - 07:53:56 - [0] -SH-D- C:\ProgramData\Favorites
O43 - CFD: 28/03/2011 - 19:06:20 - [203595] ----D- C:\ProgramData\Hewlett-Packard
O43 - CFD: 29/03/2011 - 21:06:26 - [8515170] ----D- C:\ProgramData\HP
O43 - CFD: 28/03/2011 - 18:52:44 - [5343] ----D- C:\ProgramData\hpqLog
O43 - CFD: 11/04/2011 - 22:58:40 - [16582790] ----D- C:\ProgramData\Malwarebytes
O43 - CFD: 22/02/2011 - 12:08:26 - [0] -SH-D- C:\ProgramData\Menu Démarrer
O43 - CFD: 29/07/2011 - 01:15:18 - [191108459] -S--D- C:\ProgramData\Microsoft
O43 - CFD: 15/06/2011 - 21:24:18 - [63858] ----D- C:\ProgramData\Microsoft Help
O43 - CFD: 22/02/2011 - 12:08:26 - [0] -SH-D- C:\ProgramData\Modèles
O43 - CFD: 26/06/2011 - 22:08:34 - [0] ----D- C:\ProgramData\NCH Swift Sound
O43 - CFD: 22/05/2011 - 13:58:04 - [2304992] ----D- C:\ProgramData\Skype Extras
O43 - CFD: 14/07/2009 - 07:53:56 - [0] -SH-D- C:\ProgramData\Start Menu
O43 - CFD: 31/03/2011 - 20:03:38 - [189] ----D- C:\ProgramData\Sun
O43 - CFD: 17/03/2011 - 14:55:54 - [0] ----D- C:\ProgramData\TEMP
O43 - CFD: 14/07/2009 - 07:53:56 - [0] -SH-D- C:\ProgramData\Templates
O43 - CFD: 28/03/2011 - 18:34:32 - [0] ----D- C:\ProgramData\Uniblue
O43 - CFD: 29/03/2011 - 16:47:26 - [59] ----D- C:\ProgramData\WEBREG
O43 - CFD: 28/03/2011 - 18:43:54 - [20272988] ----D- C:\ProgramData\{657095DF-DBDB-4B17-8245-B38845C97069}
O43 - CFD: 13/04/2011 - 02:17:06 - [5534577] ----D- C:\Users\\AppData\Roaming\Adobe
O43 - CFD: 12/04/2011 - 01:26:32 - [0] ----D- C:\Users\\AppData\Roaming\Avira
O43 - CFD: 08/05/2011 - 19:16:10 - [1598] ----D- C:\Users\\AppData\Roaming\Babylon
O43 - CFD: 19/07/2011 - 01:35:04 - [398129] ----D- C:\Users\\AppData\Roaming\cacaoweb
O43 - CFD: 22/02/2011 - 14:15:26 - [51986332] ----D- C:\Users\\AppData\Roaming\FXTS2
O43 - CFD: 29/03/2011 - 00:41:26 - [2273] ----D- C:\Users\\AppData\Roaming\HP
O43 - CFD: 28/03/2011 - 18:56:40 - [130510] ----D- C:\Users\\AppData\Roaming\hpqLog
O43 - CFD: 22/02/2011 - 12:08:56 - [0] ----D- C:\Users\\AppData\Roaming\Identities
O43 - CFD: 22/02/2011 - 11:26:20 - [1787] ----D- C:\Users\\AppData\Roaming\Macromedia
O43 - CFD: 11/04/2011 - 22:58:46 - [5366] ----D- C:\Users\\AppData\Roaming\Malwarebytes
O43 - CFD: 14/07/2009 - 12:00:34 - [0] ----D- C:\Users\\AppData\Roaming\Media Center Programs
O43 - CFD: 29/07/2011 - 16:49:52 - [8632345] -S--D- C:\Users\\AppData\Roaming\Microsoft
O43 - CFD: 22/02/2011 - 11:20:06 - [14452033] ----D- C:\Users\\AppData\Roaming\Mozilla
O43 - CFD: 26/06/2011 - 22:09:48 - [5537806] ----D- C:\Users\\AppData\Roaming\NCH Software
O43 - CFD: 26/06/2011 - 22:08:02 - [0] ----D- C:\Users\\AppData\Roaming\NCH Swift Sound
O43 - CFD: 18/07/2011 - 18:25:42 - [49348] ----D- C:\Users\\AppData\Roaming\QuickScan
O43 - CFD: 22/05/2011 - 17:05:54 - [3375870] ----D- C:\Users\\AppData\Roaming\Skype
O43 - CFD: 22/05/2011 - 16:05:06 - [44272] ----D- C:\Users\\AppData\Roaming\skypePM
O43 - CFD: 29/07/2011 - 01:11:04 - [12546192] ----D- C:\Users\\AppData\Roaming\Thunderbird
O43 - CFD: 15/05/2011 - 20:12:20 - [295] ----D- C:\Users\\AppData\Roaming\Windows Live Writer
O43 - CFD: 22/02/2011 - 11:50:00 - [12] ----D- C:\Users\\AppData\Roaming\WinRAR
O43 - CFD: 13/04/2011 - 02:11:54 - [15233363] ----D- C:\Users\\AppData\Local\Adobe
O43 - CFD: 22/02/2011 - 12:08:42 - [0] -SH-D- C:\Users\\AppData\Local\Application Data
O43 - CFD: 08/05/2011 - 19:16:10 - [4809235] ----D- C:\Users\\AppData\Local\Babylon
O43 - CFD: 26/06/2011 - 15:18:52 - [2556568] ----D- C:\Users\\AppData\Local\Diagnostics
O43 - CFD: 17/03/2011 - 14:55:58 - [12448] ----D- C:\Users\\AppData\Local\Easy CD-DA Extractor
O43 - CFD: 26/06/2011 - 15:19:16 - [1357274] ----D- C:\Users\\AppData\Local\ElevatedDiagnostics
O43 - CFD: 31/03/2011 - 21:03:18 - [366280656] ----D- C:\Users\\AppData\Local\Google
O43 - CFD: 22/02/2011 - 12:08:42 - [0] -SH-D- C:\Users\\AppData\Local\Historique
O43 - CFD: 30/03/2011 - 02:08:22 - [16849] ----D- C:\Users\\AppData\Local\HP
O43 - CFD: 08/07/2011 - 10:11:44 - [328089420] ----D- C:\Users\\AppData\Local\Microsoft
O43 - CFD: 28/02/2011 - 09:31:50 - [145900] ----D- C:\Users\\AppData\Local\Microsoft Help
O43 - CFD: 22/02/2011 - 11:20:00 - [64338539] ----D- C:\Users\\AppData\Local\Mozilla
O43 - CFD: 22/02/2011 - 12:01:04 - [0] ----D- C:\Users\\AppData\Local\PackageAware
O43 - CFD: 07/08/2011 - 17:50:44 - [45816] ----D- C:\Users\\AppData\Local\Temp
O43 - CFD: 22/02/2011 - 12:08:42 - [0] -SH-D- C:\Users\\AppData\Local\Temporary Internet Files
O43 - CFD: 29/07/2011 - 01:11:04 - [7332393] ----D- C:\Users\\AppData\Local\Thunderbird
O43 - CFD: 28/07/2011 - 16:07:26 - [128963] ----D- C:\Users\\AppData\Local\VirtualStore
O43 - CFD: 27/06/2011 - 12:56:48 - [90112] ----D- C:\Users\\AppData\Local\Windows Live
O43 - CFD: 14/05/2011 - 23:14:36 - [372494] ----D- C:\Users\\AppData\Local\Windows Live Writer
O43 - CFD: 21/06/2011 - 20:31:56 - [0] ----D- C:\Users\\AppData\Local\{0096EF5B-334C-4ABC-92C6-95814A4D5E68}
O43 - CFD: 30/06/2011 - 09:59:58 - [0] ----D- C:\Users\\AppData\Local\{05D5674A-D2E3-4328-B3C2-4AB959991B8A}
O43 - CFD: 13/06/2011 - 08:37:54 - [0] ----D- C:\Users\\AppData\Local\{05FCFDAA-7413-484C-B9A5-524453940DED}
O43 - CFD: 26/07/2011 - 13:32:38 - [0] ----D- C:\Users\\AppData\Local\{06DED8F7-1AAB-40A1-A2AB-4FBE29F37A47}
O43 - CFD: 20/05/2011 - 10:00:14 - [0] ----D- C:\Users\\AppData\Local\{0833D8FD-2930-45EB-ACC3-7EA75CC67E7A}
O43 - CFD: 23/07/2011 - 22:01:00 - [0] ----D- C:\Users\\AppData\Local\{0C917759-492B-4E78-B7B2-A6A55960E881}
O43 - CFD: 03/07/2011 - 09:34:44 - [0] ----D- C:\Users\\AppData\Local\{16048C3B-42AE-4977-97C7-FC2A5DC6ACCA}
O43 - CFD: 07/06/2011 - 10:12:14 - [0] ----D- C:\Users\\AppData\Local\{17EF2116-ED88-4065-8C14-C53DAE205173}
O43 - CFD: 16/06/2011 - 08:43:22 - [0] ----D- C:\Users\\AppData\Local\{19EDBC59-67A6-42E8-A755-154C1127E605}
O43 - CFD: 29/05/2011 - 22:08:02 - [0] ----D- C:\Users\\AppData\Local\{1C3217AF-33EA-46DD-BA54-7386AA60561F}
O43 - CFD: 14/05/2011 - 21:14:56 - [0] ----D- C:\Users\\AppData\Local\{22251EC6-23E2-450F-B3DE-4AA6549B939B}
O43 - CFD: 23/07/2011 - 21:37:52 - [0] ----D- C:\Users\\AppData\Local\{23FB9C8F-1D3B-41B6-BDF1-F2F61FADF64E}
O43 - CFD: 12/06/2011 - 14:42:30 - [0] ----D- C:\Users\\AppData\Local\{24F1B9F5-0200-472B-9361-3B8020EE274A}
O43 - CFD: 13/07/2011 - 08:29:00 - [0] ----D- C:\Users\\AppData\Local\{2A319725-B1C6-4EB3-9D25-03A44CD474DD}
O43 - CFD: 15/06/2011 - 01:53:24 - [0] ----D- C:\Users\\AppData\Local\{2A50008C-4307-4700-ADDC-99C2FF3CB3AE}
O43 - CFD: 22/07/2011 - 13:44:12 - [0] ----D- C:\Users\\AppData\Local\{2C38B21F-BE66-4FC6-8EB0-C915361BBE51}
O43 - CFD: 17/05/2011 - 20:52:56 - [0] ----D- C:\Users\\AppData\Local\{2CE2407F-A247-4C49-9A14-ADDBE627C674}
O43 - CFD: 14/06/2011 - 13:52:58 - [0] ----D- C:\Users\\AppData\Local\{2DCC4F39-244B-4C9F-B759-2C49EE51FEBD}
O43 - CFD: 06/06/2011 - 08:31:26 - [0] ----D- C:\Users\\AppData\Local\{2F793120-4E7B-4AF9-9B0A-DFEA0D3E9B82}
O43 - CFD: 15/07/2011 - 10:26:42 - [0] ----D- C:\Users\\AppData\Local\{30EB2AFA-07FD-4892-AF44-E80374735ECB}
O43 - CFD: 16/05/2011 - 13:44:56 - [0] ----D- C:\Users\\AppData\Local\{320B2D22-8C33-4977-AA6B-46D23EEEC5F6}
O43 - CFD: 07/08/2011 - 11:46:00 - [0] ----D- C:\Users\\AppData\Local\{33D7A6A4-D7A6-44BC-B8EF-28A6FBF2AC08}
O43 - CFD: 03/07/2011 - 21:35:20 - [0] ----D- C:\Users\\AppData\Local\{3499B93D-F0F5-4327-9FA6-173BA4B3277A}
O43 - CFD: 26/05/2011 - 14:10:40 - [0] ----D- C:\Users\\AppData\Local\{34CB3550-D5CF-492E-8DD3-13AA2E2A8378}
O43 - CFD: 07/07/2011 - 14:00:58 - [0] ----D- C:\Users\\AppData\Local\{360C257E-6948-4C29-AB9E-0DB54D9DA4DA}
O43 - CFD: 03/06/2011 - 08:31:14 - [0] ----D- C:\Users\\AppData\Local\{39BFA4FF-E7CE-4ECC-BB10-EDD0581FF8ED}
O43 - CFD: 02/07/2011 - 21:34:18 - [0] ----D- C:\Users\\AppData\Local\{39F0F1CF-B9F7-48AF-AAAA-EA51EF849B94}
O43 - CFD: 25/06/2011 - 21:20:32 - [0] ----D- C:\Users\\AppData\Local\{3B645F76-8CC9-4063-B51A-34FF054D4523}
O43 - CFD: 11/07/2011 - 08:30:38 - [0] ----D- C:\Users\\AppData\Local\{3ED16CE9-F517-47CC-89CB-EF08CB1E1A39}
O43 - CFD: 13/06/2011 - 20:38:18 - [0] ----D- C:\Users\\AppData\Local\{416E5905-B02F-4C3E-A538-4CB2F9E07AA4}
O43 - CFD: 09/06/2011 - 22:00:48 - [0] ----D- C:\Users\\AppData\Local\{41F40757-C366-48B0-8BFC-FADB1EF73965}
O43 - CFD: 23/06/2011 - 14:03:22 - [0] ----D- C:\Users\\AppData\Local\{46B16055-8837-40B3-ADD3-FE43D29B6A5E}
O43 - CFD: 10/05/2011 - 14:24:58 - [0] ----D- C:\Users\\AppData\Local\{48269DC4-8F74-47F5-8BA4-35D271841016}
O43 - CFD: 16/07/2011 - 22:02:58 - [0] ----D- C:\Users\\AppData\Local\{4C14C3EE-0E92-47DF-A3E7-89651ED8AFB5}
O43 - CFD: 12/06/2011 - 13:49:08 - [0] ----D- C:\Users\\AppData\Local\{4E00B0BB-BD13-4D41-AB67-A3299E379612}
O43 - CFD: 06/06/2011 - 22:12:00 - [0] ----D- C:\Users\\AppData\Local\{515C3DA3-B6D2-4BC3-9ECD-5FF08D8E3CB5}
O43 - CFD: 16/06/2011 - 23:02:08 - [0] ----D- C:\Users\\AppData\Local\{547332C2-9753-4F3D-A70E-DBCC8800D9ED}
O43 - CFD: 19/06/2011 - 14:00:16 - [0] ----D- C:\Users\\AppData\Local\{54847C8F-DB36-41BC-915D-158300D34032}
O43 - CFD: 12/05/2011 - 21:36:04 - [0] ----D- C:\Users\\AppData\Local\{54BE5CB4-EB56-45E5-8F21-DD4616DFD0EA}
O43 - CFD: 24/06/2011 - 09:21:36 - [0] ----D- C:\Users\\AppData\Local\{55906C03-4492-40C8-961E-F56E42DE6515}
O43 - CFD: 21/07/2011 - 13:43:00 - [0] ----D- C:\Users\\AppData\Local\{55E8AD70-92F5-4217-8A5A-DAD0A485BAAA}
O43 - CFD: 13/07/2011 - 22:24:54 - [0] ----D- C:\Users\\AppData\Local\{5923C02A-66F8-4E51-A89D-4CB010D228F2}
O43 - CFD: 28/05/2011 - 21:14:46 - [0] ----D- C:\Users\\AppData\Local\{597E3E55-6DCB-48C3-9612-DA148405538A}
O43 - CFD: 08/07/2011 - 08:40:22 - [0] ----D- C:\Users\\AppData\Local\{5D86B564-CB8F-4BF0-A71C-25407807B0B4}
O43 - CFD: 20/06/2011 - 14:00:32 - [0] ----D- C:\Users\\AppData\Local\{5D8F8012-E105-49BD-9CC0-87919FE2A31B}
O43 - CFD: 17/05/2011 - 08:13:22 - [0] ----D- C:\Users\\AppData\Local\{5E05DD37-C633-40E7-AA09-9FD95B54AE8D}
O43 - CFD: 26/06/2011 - 22:13:04 - [0] ----D- C:\Users\\AppData\Local\{5E780016-1D0B-4E80-BCDE-D124D365CD1E}
O43 - CFD: 23/05/2011 - 12:00:56 - [0] ----D- C:\Users\\AppData\Local\{5F36DC54-3AE7-4DFB-B274-FADA767F3255}
O43 - CFD: 04/08/2011 - 15:26:34 - [0] ----D- C:\Users\\AppData\Local\{5F7D3B9D-5247-441D-ACE4-6DE8319F2CAA}
O43 - CFD: 09/07/2011 - 20:58:24 - [0] ----D- C:\Users\\AppData\Local\{60AF164C-6F03-4FA3-8639-7E2CA4946503}
O43 - CFD: 22/02/2011 - 12:01:22 - [13729114] --H-D- C:\Users\\AppData\Local\{60DD9664-2F44-43D6-B1CC-33BEBE6B5480}
O43 - CFD: 18/06/2011 - 21:27:46 - [0] ----D- C:\Users\\AppData\Local\{632D752D-752F-4B94-9898-8B6D3CE78ED9}
O43 - CFD: 28/07/2011 - 15:56:50 - [0] ----D- C:\Users\\AppData\Local\{64121457-24D0-4B65-957F-6DA964DFF03A}
O43 - CFD: 06/07/2011 - 08:24:18 - [0] ----D- C:\Users\\AppData\Local\{66774037-272B-4ED7-81EC-070B96EB9544}
O43 - CFD: 17/06/2011 - 11:02:32 - [0] ----D- C:\Users\\AppData\Local\{680E27B7-B0A5-4870-BB06-AECFB707A7A6}
O43 - CFD: 22/07/2011 - 01:43:36 - [0] ----D- C:\Users\\AppData\Local\{68E8F8B0-6FC5-4F2E-98E8-89E54C645B83}
O43 - CFD: 18/06/2011 - 21:30:30 - [0] ----D- C:\Users\\AppData\Local\{698B51FC-73D2-4A8C-B55B-10311DE834A4}
O43 - CFD: 14/07/2011 - 22:26:06 - [0] ----D- C:\Users\\AppData\Local\{6A6549A2-5D9A-4391-97BA-9F01AD8FFC0D}
O43 - CFD: 22/05/2011 - 22:08:18 - [0] ----D- C:\Users\\AppData\Local\{6C828817-538E-4376-90D9-2A1767C96CC7}
O43 - CFD: 21/05/2011 - 20:53:04 - [0] ----D- C:\Users\\AppData\Local\{6CF8D090-B579-4145-8A92-63203B838DAC}
O43 - CFD: 12/06/2011 - 11:03:18 - [0] ----D- C:\Users\\AppData\Local\{6ED94342-6960-465C-B8E2-1EC9D3CAF01A}
O43 - CFD: 18/06/2011 - 22:34:30 - [0] ----D- C:\Users\\AppData\Local\{7060BCD8-8A5B-4587-9D0B-294071FBFA4B}
O43 - CFD: 29/06/2011 - 21:59:18 - [0] ----D- C:\Users\\AppData\Local\{719CD799-6FBB-44F1-95B2-D3718B2BFAAF}
O43 - CFD: 14/05/2011 - 21:14:56 - [0] ----D- C:\Users\\AppData\Local\{7522093D-B8DF-4412-8D0A-B3F6AD5DD9F6}
O43 - CFD: 21/06/2011 - 08:31:18 - [0] ----D- C:\Users\\AppData\Local\{7723CE25-903F-42BE-8726-D127AF167E24}
O43 - CFD: 05/06/2011 - 14:43:48 - [0] ----D- C:\Users\\AppData\Local\{78CEE5A0-1BF5-43B2-A883-88D0A444CBD7}
O43 - CFD: 19/05/2011 - 18:59:28 - [0] ----D- C:\Users\\AppData\Local\{7BF2698F-B1DE-4977-BD9C-31CCDB8DAB22}
O43 - CFD: 17/07/2011 - 13:18:56 - [0] ----D- C:\Users\\AppData\Local\{7C858F1D-76E6-4CF5-ACE0-B038DD34230F}
O43 - CFD: 12/07/2011 - 14:24:18 - [0] ----D- C:\Users\\AppData\Local\{7E011476-E6B1-4406-B7E3-786AD37322FC}
O43 - CFD: 11/06/2011 - 21:03:00 - [0] ----D- C:\Users\\AppData\Local\{7E5841F0-6A79-4CAD-B7B1-2B0A2E075681}
O43 - CFD: 14/05/2011 - 22:04:50 - [0] ----D- C:\Users\\AppData\Local\{81A32782-015D-4F31-A3D1-9CB2056D7092}
O43 - CFD: 22/05/2011 - 09:16:30 - [0] ----D- C:\Users\\AppData\Local\{84E53A07-3283-4692-B8C8-6BCD411C5884}
O43 - CFD: 27/07/2011 - 13:39:12 - [0] ----D- C:\Users\\AppData\Local\{85837497-10DE-4C97-998C-86177389EBF8}
O43 - CFD: 01/06/2011 - 14:06:30 - [0] ----D- C:\Users\\AppData\Local\{86638D3C-0D0F-4818-93A0-52EC42AD1E9A}
O43 - CFD: 31/05/2011 - 21:29:08 - [0] ----D- C:\Users\\AppData\Local\{8810D6DD-6F95-4C5B-AE29-CD5F26B4178A}
O43 - CFD: 19/07/2011 - 01:49:16 - [0] ----D- C:\Users\\AppData\Local\{88AEA5C8-CAC8-44CA-95B0-85699E400CC0}
O43 - CFD: 11/05/2011 - 14:50:44 - [0] ----D- C:\Users\\AppData\Local\{8972BF03-C656-4648-B1E4-957444F942B3}
O43 - CFD: 11/07/2011 - 13:47:58 - [0] ----D- C:\Users\\AppData\Local\{8A377DE6-8E44-41A9-A666-97C4047250DE}
O43 - CFD: 12/06/2011 - 12:09:28 - [0] ----D- C:\Users\\AppData\Local\{8A38D634-DF13-4066-8579-2CD1471880C0}
O43 - CFD: 25/05/2011 - 09:27:56 - [0] ----D- C:\Users\\AppData\Local\{8B832FC8-8F39-419C-842B-7D786B00803F}
O43 - CFD: 09/06/2011 - 09:24:46 - [0] ----D- C:\Users\\AppData\Local\{8DC4B2BA-9D3D-457E-88B5-823732C8F04D}
O43 - CFD: 20/07/2011 - 07:54:46 - [0] ----D- C:\Users\\AppData\Local\{9148BD2A-7CF0-43DD-BEC8-46B3B68FFC65}
O43 - CFD: 29/06/2011 - 08:38:08 - [0] ----D- C:\Users\\AppData\Local\{91999723-EEB0-4693-AC77-782AB4919E00}
O43 - CFD: 30/05/2011 - 13:52:24 - [0] ----D- C:\Users\\AppData\Local\{92620371-FCBC-4EE0-BD4E-407DC1F874FF}
O43 - CFD: 18/07/2011 - 13:48:40 - [0] ----D- C:\Users\\AppData\Local\{9267CC7E-4EA1-43C6-B719-D16B4831D59C}
O43 - CFD: 24/07/2011 - 16:33:48 - [0] ----D- C:\Users\\AppData\Local\{9331C387-65CF-4F57-994D-B642722ABF01}
O43 - CFD: 25/05/2011 - 23:54:16 - [0] ----D- C:\Users\\AppData\Local\{93904B69-F0E0-49AD-903D-A88F8F23463B}
O43 - CFD: 14/05/2011 - 23:14:46 - [0] ----D- C:\Users\\AppData\Local\{946E1454-DDF6-4295-8124-08D0D42ADB2C}
O43 - CFD: 19/07/2011 - 13:49:52 - [0] ----D- C:\Users\\AppData\Local\{94D6A9F3-9C0B-429C-8F31-210B5B650D0F}
O43 - CFD: 28/05/2011 - 20:37:44 - [0] ----D- C:\Users\\AppData\Local\{96A7A0BE-2324-4478-947C-4DA5484D9529}
O43 - CFD: 30/06/2011 - 22:31:24 - [0] ----D- C:\Users\\AppData\Local\{9A2E9A3F-B82B-4547-BBF5-1620CA383BD9}
O43 - CFD: 22/06/2011 - 22:05:20 - [0] ----D- C:\Users\\AppData\Local\{9A6CB2C5-3C4E-4BEA-B241-55CC71F897DE}
O43 - CFD: 28/06/2011 - 00:30:38 - [0] ----D- C:\Users\\AppData\Local\{9FF288F8-CE31-4D1E-BF31-C5239321CE7A}
O43 - CFD: 19/05/2011 - 06:59:04 - [0] ----D- C:\Users\\AppData\Local\{A0C7191D-670B-4B58-8841-042C771692DC}
O43 - CFD: 16/07/2011 - 23:31:24 - [0] ----D- C:\Users\\AppData\Local\{A0E9EEAE-FAFE-4D97-A021-8ABE20982A45}
O43 - CFD: 27/05/2011 - 02:31:56 - [0] ----D- C:\Users\\AppData\Local\{A1AD6C96-0757-4E26-B8F3-1A6CA15F6D30}
O43 - CFD: 05/07/2011 - 13:36:08 - [0] ----D- C:\Users\\AppData\Local\{A33442AB-7EBA-4424-BD5A-527DFC260D3B}
O43 - CFD: 22/06/2011 - 08:49:50 - [0] ----D- C:\Users\\AppData\Local\{A4250426-15C0-446C-8695-A836C8615159}
O43 - CFD: 07/06/2011 - 14:37:10 - [0] ----D- C:\Users\\AppData\Local\{A788D04F-4980-4D83-9FE8-888EE8E0B1AD}
O43 - CFD: 26/05/2011 - 00:25:24 - [0] ----D- C:\Users\\AppData\Local\{AAE79C5D-2134-4CBC-BE15-2F3C17271D9E}
O43 - CFD: 27/05/2011 - 14:32:20 - [0] ----D- C:\Users\\AppData\Local\{AD373193-922A-4E06-B5E9-9AA7662201B4}
O43 - CFD: 02/06/2011 - 14:15:36 - [0] ----D- C:\Users\\AppData\Local\{BCF9B87A-7C81-430F-A17A-6C7FFD59F4DE}
O43 - CFD: 18/05/2011 - 13:49:20 - [0] ----D- C:\Users\\AppData\Local\{BD00329E-C45A-434A-8B55-357DF39EB589}
O43 - CFD: 04/07/2011 - 23:36:58 - [0] ----D- C:\Users\\AppData\Local\{C34E039D-0857-4C62-9650-1B748FCF9610}
O43 - CFD: 31/05/2011 - 08:52:02 - [0] ----D- C:\Users\\AppData\Local\{C3971C6E-6DC2-48A2-BBD8-B663EA53798D}
O43 - CFD: 04/07/2011 - 11:36:20 - [0] ----D- C:\Users\\AppData\Local\{C3FE5818-C730-4676-8937-2BF5F7C56456}
O43 - CFD: 12/05/2011 - 09:35:40 - [0] ----D- C:\Users\\AppData\Local\{C553400F-A52D-4951-ADDC-0279C8B335C6}
O43 - CFD: 26/06/2011 - 09:57:54 - [0] ----D- C:\Users\\AppData\Local\{C6FEF6B6-5D96-4911-A553-03833175CB5A}
O43 - CFD: 27/06/2011 - 12:30:00 - [0] ----D- C:\Users\\AppData\Local\{C70866EB-3EEB-4D65-B907-54A605A475AC}
O43 - CFD: 24/05/2011 - 13:56:42 - [0] ----D- C:\Users\\AppData\Local\{CA158EAE-8C23-4182-A04C-85C03AFEFAAB}
O43 - CFD: 25/06/2011 - 21:21:42 - [0] ----D- C:\Users\\AppData\Local\{CE6B5D25-03B1-453E-9C52-D8FCA9F2FB7C}
O43 - CFD: 18/06/2011 - 21:29:30 - [0] ----D- C:\Users\\AppData\Local\{D7527272-5B28-49C8-A2C8-8E4928D4C1A2}
O43 - CFD: 08/06/2011 - 20:51:46 - [0] ----D- C:\Users\\AppData\Local\{DB245E5F-FE04-4952-B501-E7B7D7337A40}
O43 - CFD: 04/08/2011 - 15:26:46 - [0] ----D- C:\Users\\AppData\Local\{E0FB63F2-EF4B-4C56-B864-92AC06C854B2}
O43 - CFD: 25/07/2011 - 13:24:24 - [0] ----D- C:\Users\\AppData\Local\{E1AB7B72-E164-4E8B-A9A7-697E2CEF3C61}
O43 - CFD: 10/06/2011 - 10:01:12 - [0] ----D- C:\Users\\AppData\Local\{E733D2DD-0DF5-4589-96CD-21A0D41F3323}
O43 - CFD: 04/06/2011 - 21:09:42 - [0] ----D- C:\Users\\AppData\Local\{E8533E58-5506-4D75-B85A-042C591F5A57}
O43 - CFD: 15/06/2011 - 13:53:50 - [0] ----D- C:\Users\\AppData\Local\{E9D2B3ED-5E01-4437-9B92-DBDA08EB67DE}
O43 - CFD: 06/07/2011 - 20:24:42 - [0] ----D- C:\Users\\AppData\Local\{EDAE0624-0466-4B18-A8F4-2AD2E5718840}
O43 - CFD: 10/07/2011 - 13:56:02 - [0] ----D- C:\Users\\AppData\Local\{EE4997BC-B2A0-4AE2-975C-F9A5A305CD6A}
O43 - CFD: 14/07/2011 - 10:25:30 - [0] ----D- C:\Users\\AppData\Local\{F03FF284-9FC3-43EE-831B-0C6836BEA670}
O43 - CFD: 28/07/2011 - 19:58:04 - [0] ----D- C:\Users\\AppData\Local\{F1C9B4CD-B1C3-4336-80A2-6ED917BC686E}
O43 - CFD: 28/05/2011 - 21:15:22 - [0] ----D- C:\Users\\AppData\Local\{F1E92FA6-32AA-4003-9E75-C0391AAF2143}
O43 - CFD: 29/05/2011 - 09:30:06 - [0] ----D- C:\Users\\AppData\Local\{F2BB2603-D409-4195-B67A-2789195DF6BC}
O43 - CFD: 28/06/2011 - 13:50:00 - [0] ----D- C:\Users\\AppData\Local\{F2FF8234-9284-4A5C-AFE5-1094C877EDD9}
O43 - CFD: 02/06/2011 - 02:06:54 - [0] ----D- C:\Users\\AppData\Local\{F3B65D35-6D68-4FD7-BCF5-C4D47D5FFEC5}
O43 - CFD: 20/07/2011 - 22:05:16 - [0] ----D- C:\Users\\AppData\Local\{F49F144A-2824-4883-9E5F-6D33F2D3F1F9}
O43 - CFD: 15/05/2011 - 14:25:26 - [0] ----D- C:\Users\\AppData\Local\{F7C06365-53F1-41E4-9BA6-6615BBCA1308}
O43 - CFD: 20/07/2011 - 07:53:56 - [0] ----D- C:\Users\\AppData\Local\{FCBD576E-122A-4072-99C5-E69FF191E001}
O43 - CFD: 01/07/2011 - 10:32:00 - [0] ----D- C:\Users\\AppData\Local\{FE81143E-B9DB-4FAE-9175-205D174A7F6C}
~ Scan Program Folder in 00mn 01s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.85A00EDC92196ECBE40862E51CF81E05] - 07/08/2011 - 16:02:29 ---A- . (...) -- C:\Windows\WindowsUpdate.log [1472638]
O44 - LFC:[MD5.D74E3C688AA4F552EB9F55CB8EA67170] - 07/08/2011 - 11:38:30 ---A- . (...) -- C:\Windows\setupact.log [56]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 07/08/2011 - 11:38:30 ---A- . (...) -- C:\Windows\setuperr.log [0]
O44 - LFC:[MD5.93288C2C9F9C5FF6A9427519743994AD] - 07/08/2011 - 11:38:29 -S-A- . (...) -- C:\Windows\bootstat.dat [67584]
O44 - LFC:[MD5.0B131D5552B5ECCA3F816E8E7809F133] - 03/08/2011 - 14:05:48 --HA- . (...) -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [14080]
O44 - LFC:[MD5.0B131D5552B5ECCA3F816E8E7809F133] - 03/08/2011 - 14:05:48 --HA- . (...) -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [14080]
O44 - LFC:[MD5.0F8A7A53F11C7BAD599EA5891AC55264] - 03/08/2011 - 13:17:34 ---A- . (...) -- C:\Windows\system32\PerfStringBackup.INI [1549700]
O44 - LFC:[MD5.3F6A26D4AC03663D8AF5B3970071BBCE] - 03/08/2011 - 13:17:34 ---A- . (...) -- C:\Windows\system32\perfc009.dat [106388]
O44 - LFC:[MD5.2738C7BB464C420FC65ECF94FBBC5087] - 03/08/2011 - 13:17:34 ---A- . (...) -- C:\Windows\system32\perfc00C.dat [130754]
O44 - LFC:[MD5.3A8D7207C36C9B4DE77459C9085B7E4E] - 03/08/2011 - 13:17:34 ---A- . (...) -- C:\Windows\system32\perfh009.dat [616008]
O44 - LFC:[MD5.6CE10DC4886657A0C8E0F28E26437A06] - 03/08/2011 - 13:17:34 ---A- . (...) -- C:\Windows\system32\perfh00C.dat [704480]
O44 - LFC:[MD5.3D2BF16FD44FA459C528552A5B1C8C28] - 31/07/2011 - 17:43:50 ---A- . (...) -- C:\Windows\Retafte.bmp [9522]
O44 - LFC:[MD5.A701BC7AFF242BECC7DC352FCB7A6DC2] - 13/07/2011 - 22:53:53 ---A- . (...) -- C:\Windows\system32\FNTCACHE.DAT [406456]
~ Scan Files in 00mn 16s



---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\system32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\system32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\system32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\system32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Pilote d’extension du gestionnaire de volumes.) -- C:\Windows\system32\Drivers\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\Wdf01000.sys . (.Microsoft Corporation - Runtime de l’infrastructure de pilotes en mode noyau.) -- C:\Windows\system32\Drivers\Wdf01000.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\system32\Drivers\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\system32\Drivers\nsiproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Encoder Miniport.) -- C:\Windows\system32\Drivers\rdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\system32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\system32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\system32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\system32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Pilote d’extension du gestionnaire de volumes.) -- C:\Windows\system32\Drivers\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\Wdf01000.sys . (.Microsoft Corporation - Runtime de l’infrastructure de pilotes en mode noyau.) -- C:\Windows\system32\Drivers\Wdf01000.sys
~ Scan CSB in 00mn 00s



---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{4f687330-3e5e-11e0-8160-00247e1a2cc7}\AutoRun\command. (...) -- H:\SETUP.exe (.not file.)
~ Scan Keys in 00mn 00s



---\\ Trojan Driver Search Data (HKLM) (O52)
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Codec Cinepak®.) -- C:\Windows\system32\iccvid.dll
O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \drivers.desc\"wdmaud.drv"="Pilote de fonction UAA 1.1 Microsoft pour High Definition Audio" . (...) -- (.not file.)
~ Scan Keys in 00mn 00s



---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\Adobe ARM [Key] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O53 - SMSR:HKLM\...\startupreg\Adobe Reader Speed Launcher [Key] . (...) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\BCSSync [Key] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe
O53 - SMSR:HKLM\...\startupreg\cacaoweb [Key] . (...) -- C:\Users\\AppData\Roaming\cacaoweb\cacaoweb.exe
O53 - SMSR:HKLM\...\startupreg\DriverScanner [Key] . (...) -- C:\Program Files\Uniblue\DriverScanner\launcher.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Google Update [Key] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\\AppData\Local\Google\Update\GoogleUpdate.exe
O53 - SMSR:HKLM\...\startupreg\msnmsgr [Key] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O53 - SMSR:HKLM\...\startupreg\RESTART_STICKY_NOTES [Key] . (.Microsoft Corporation - Pense-bête.) -- C:\Windows\System32\StikyNot.exe
O53 - SMSR:HKLM\...\startupreg\SunJavaUpdateSched [Key] . (.Sun Microsystems, Inc. - Java™ Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
O53 - SMSR:HKLM\...\startupreg\VirtualCloneDrive [Key] . (...) -- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (.not file.)
~ Scan SMSR Keys in 00mn 00s



---\\ Microsoft Control Security Providers (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll
~ Scan Keys in 00mn 00s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=5
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3
O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1
O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ Scan Keys in 00mn 00s



---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.CC1F1D3D70DC13C2C281488D347D4415] - 13/05/2011 - 17:57:20 ---A- . (.Hewlett-Packard Company - HP Accelerometer.) -- C:\Windows\system32\drivers\Accelerometer.sys [35896]
O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 11/06/2009 - 03:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\system32\drivers\adp94xx.sys [422976]
O58 - SDL:[MD5.0C676BC278D5B59FF5ABD57BBE9123F2] - 14/07/2009 - 03:26:17 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\system32\drivers\adpahci.sys [297552]
O58 - SDL:[MD5.7C7B5EE4B7B822EC85321FE23A27DB33] - 14/07/2009 - 03:26:15 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) -- C:\Windows\system32\drivers\adpu320.sys [146512]
O58 - SDL:[MD5.7E10E3BB9B258AD8A9300F91214D67B9] - 11/06/2009 - 00:13:48 ---A- . (.LSI Corp - SoftModem Device Driver.) -- C:\Windows\system32\drivers\AGRSM.sys [1035776]
O58 - SDL:[MD5.0D40BCF52EA90FC7DF2AEAB6503DEA44] - 14/07/2009 - 03:26:15 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\system32\drivers\aliide.sys [14400]
O58 - SDL:[MD5.D320BF87125326F996D4904FE24300FC] - 28/04/2011 - 07:38:37 ---A- . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\system32\drivers\amdsata.sys [80256]
O58 - SDL:[MD5.EA43AF0C423FF267355F74E7A53BDABA] - 11/06/2009 - 03:26:15 ---A- . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows fa.) -- C:\Windows\system32\drivers\amdsbs.sys [159312]
O58 - SDL:[MD5.46387FB17B086D16DEA267D5BE23A2F2] - 28/04/2011 - 07:38:37 ---A- . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\system32\drivers\amdxata.sys [22400]
O58 - SDL:[MD5.2932004F49677BD84DBC72EDB754FFB3] - 14/07/2009 - 03:26:15 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\system32\drivers\arc.sys [76368]
O58 - SDL:[MD5.5D6F36C46FD283AE1B57BD2E9FEB0BC7] - 14/07/2009 - 03:26:15 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\system32\drivers\arcsas.sys [86608]
O58 - SDL:[MD5.04F09923A393E4E0E8453A8F78361E73] - 18/08/2009 - 04:48:06 ---A- . (.ATI Technologies Inc. - ATI Radeon Kernel Mode Driver.) -- C:\Windows\system32\drivers\atikmdag.sys [4994560]
O58 - SDL:[MD5.47B879406246FFDCED59E18D331A0E7D] - 12/04/2011 - 13:38:47 ---A- . (.Avira GmbH - Avira Minifilter Driver.) -- C:\Windows\system32\drivers\avgntflt.sys [61960]
O58 - SDL:[MD5.5FEDEF54757B34FB611B9EC8FB399364] - 12/04/2011 - 15:11:12 ---A- . (.Avira GmbH - Avira Driver for Security Enhancement.) -- C:\Windows\system32\drivers\avipbb.sys [137656]
O58 - SDL:[MD5.BD8869EB9CDE6BBE4508D869929869EE] - 14/07/2009 - 00:02:49 ---A- . (.Broadcom Corporation - Pilote unifié NDIS6.x Broadcom NetXtreme Gigabit Ethernet..) -- C:\Windows\system32\drivers\b57nd60x.sys [229888]
O58 - SDL:[MD5.7CFD6D37ABA7006148ABBF4F629B2D2A] - 01/08/2011 - 23:41:02 ---A- . (.Blue Coat Systems, Inc. - K9 Web Protection Driver.) -- C:\Windows\system32\drivers\bckd.sys [86544]
O58 - SDL:[MD5.9F9ACC7F7CCDE8A15C282D3F88B43309] - 14/07/2009 - 00:53:28 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\system32\drivers\BrFiltLo.sys [13568]
O58 - SDL:[MD5.56801AD62213A41F6497F96DEE83755A] - 14/07/2009 - 00:53:28 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\system32\drivers\BrFiltUp.sys [5248]
O58 - SDL:[MD5.845B8CE732E67F3B4133164868C666EA] - 14/07/2009 - 02:57:25 ---A- . (.Brother Industries Ltd. - Pilote Brother Série I/F (WDM).) -- C:\Windows\system32\drivers\BrSerId.sys [272128]
O58 - SDL:[MD5.203F0B1E73ADADBBB7B7B1FABD901F6B] - 14/07/2009 - 00:53:32 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\system32\drivers\BrSerWdm.sys [62336]
O58 - SDL:[MD5.BD456606156BA17E60A04E18016AE54B] - 14/07/2009 - 00:53:33 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\system32\drivers\BrUsbMdm.sys [12160]
O58 - SDL:[MD5.AF72ED54503F717A43268B3CC5FAEC2E] - 14/07/2009 - 00:53:33 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\system32\drivers\BrUsbSer.sys [11904]
O58 - SDL:[MD5.1A231ABEC60FD316EC54C66715543CEC] - 11/06/2009 - 00:02:48 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\system32\drivers\bxvbdx.sys [430080]
O58 - SDL:[MD5.C537B1DB64D495B9B4717B4D6D9EDBF2] - 14/07/2009 - 03:26:21 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\cmdide.sys [15952]
O58 - SDL:[MD5.7DAD592A4D28092D584CFB4DEEF1373D] - 28/03/2011 - 08:38:54 ---A- . (.Hewlett-Packard Development Company, L.P. - HP Tablet PC Key Button HID Driver.) -- C:\Windows\system32\drivers\CPQBttn.sys [9344]
O58 - SDL:[MD5.8B30250D573A8F6B4BD23195160D8707] - 11/06/2009 - 03:20:28 ---A- . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) -- C:\Windows\system32\drivers\djsvs.sys [70720]
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 11/06/2009 - 03:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\system32\drivers\elxstor.sys [453712]
O58 - SDL:[MD5.024E1B5CAC09731E4D868E64DBFB4AB0] - 11/06/2009 - 00:02:48 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\system32\drivers\evbdx.sys [3100160]
O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 14/07/2009 - 00:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\system32\drivers\hcw85cir.sys [26624]
O58 - SDL:[MD5.4EF10B866C62ABBEAF7511CDD05A19BE] - 13/05/2011 - 17:57:42 ---A- . (.Hewlett-Packard Company - HP Disk Filter - SATA/RAID.) -- C:\Windows\system32\drivers\hpdskflt.sys [25656]
O58 - SDL:[MD5.1210960FF8928950D2A786895B0C424A] - 28/03/2011 - 07:46:54 ---A- . (.Hewlett-Packard Development Company, L.P. - HpqKbFiltr Keyboard Filter Driver.) -- C:\Windows\system32\drivers\HpqKbFiltr.sys [15872]
O58 - SDL:[MD5.295FDC419039090EB8B49FFDBB374549] - 14/07/2009 - 03:20:28 ---A- . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Driver.) -- C:\Windows\system32\drivers\HpSAMD.sys [67152]
O58 - SDL:[MD5.D9D3F168A2FD4C2380D98821A3FF3357] - 28/03/2011 - 13:34:12 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\Windows\system32\drivers\iaStor.sys [331288]
O58 - SDL:[MD5.5CD5F9A5444E6CDCB0AC89BD62D8B76E] - 28/04/2011 - 07:38:51 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\Windows\system32\drivers\iaStorV.sys [332160]
O58 - SDL:[MD5.4173FF5708F3236CF25195FECD742915] - 14/07/2009 - 03:20:36 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\system32\drivers\iirsp.sys [41040]
O58 - SDL:[MD5.EB119A53CCF2ACC000AC71B065B78FEF] - 14/07/2009 - 03:20:36 ---A- . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_fc.sys [95824]
O58 - SDL:[MD5.8ADE1C877256A22E49B75D1CC9161F9C] - 14/07/2009 - 03:20:37 ---A- . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas.sys [89168]
O58 - SDL:[MD5.DC9DC3D3DAA0E276FD2EC262E38B11E9] - 14/07/2009 - 03:20:36 ---A- . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas2.sys [54864]
O58 - SDL:[MD5.0A036C7D7CAB643A7F07135AC47E0524] - 14/07/2009 - 03:20:36 ---A- . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_scsi.sys [96848]
O58 - SDL:[MD5.ECA00EED9AB95489007B0EF84C7149DE] - 11/04/2011 - 18:52:42 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbam.sys [22712]
O58 - SDL:[MD5.B18225739ED9CAA83BA2DF966E9F43E8] - 28/07/2011 - 18:52:42 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbamswissarmy.sys [41272]
O58 - SDL:[MD5.0FFF5B045293002AB38EB1FD1FC2FB74] - 11/06/2009 - 03:20:36 ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows 7 for x86.) -- C:\Windows\system32\drivers\megasas.sys [30800]
O58 - SDL:[MD5.DCBAB2920C75F390CAF1D29F675D03D6] - 14/07/2009 - 03:20:36 ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\system32\drivers\MegaSR.sys [235584]
O58 - SDL:[MD5.5B2DFA9C5C02DDF2A113CC0F551B59DF] - 13/01/2010 - 17:36:40 ---A- . (.Intel Corporation - Intel® Wireless WiFi Link Driver.) -- C:\Windows\system32\drivers\NETw5s32.sys [6755840]
O58 - SDL:[MD5.58218EC6B61B1169CF54AAB0D00F5FE2] - 11/06/2009 - 00:02:51 ---A- . (.Intel Corporation - Intel® Wireless WiFi Link Driver.) -- C:\Windows\system32\drivers\netw5v32.sys [4231168]
O58 - SDL:[MD5.1D85C4B390B0EE09C7A46B91EFB2C097] - 14/07/2009 - 03:20:44 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\system32\drivers\nfrd960.sys [44624]
O58 - SDL:[MD5.B3E25EE28883877076E0E1FF877D02E0] - 28/04/2011 - 07:39:00 ---A- . (.NVIDIA Corporation - NVIDIA® nForce™ RAID Driver.) -- C:\Windows\system32\drivers\nvraid.sys [117120]
O58 - SDL:[MD5.4380E59A170D88C4F1022EFF6719A8A4] - 28/04/2011 - 07:39:00 ---A- . (.NVIDIA Corporation - NVIDIA® nForce™ Sata Performance Driver.) -- C:\Windows\system32\drivers\nvstor.sys [143744]
O58 - SDL:[MD5.AB95ECF1F6659A60DDC166D8315B0751] - 11/06/2009 - 03:19:04 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\system32\drivers\ql2300.sys [1383488]
O58 - SDL:[MD5.B4DD51DD25182244B86737DC51AF2270] - 14/07/2009 - 03:19:04 ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\system32\drivers\ql40xx.sys [106064]
O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 14/07/2009 - 22:50:20 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\system32\drivers\secdrv.sys [20480]
O58 - SDL:[MD5.A9F0486851BECB6DDA1D89D381E71055] - 11/06/2009 - 03:19:04 ---A- . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\system32\drivers\sisraid2.sys [40016]
O58 - SDL:[MD5.3727097B55738E2F554972C3BE5BC1AA] - 14/07/2009 - 03:19:04 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\system32\drivers\sisraid4.sys [77888]
O58 - SDL:[MD5.AE625E8A3608537E701CE45874A0842E] - 28/03/2011 - 09:44:48 ---A- . (.Pas de propriétaire - USBCAMD for Sonix UVC.) -- C:\Windows\system32\drivers\sncduvc.sys [34096]
O58 - SDL:[MD5.44EDD50D218EF1CF76FBF9B9FC58F79D] - 28/03/2011 - 09:45:34 ---A- . (.Pas de propriétaire - UVC Camera Streaming Driver.) -- C:\Windows\system32\drivers\snp2uvc.sys [1805872]
O58 - SDL:[MD5.A36EE93698802CD899F98BFD553D8185] - 12/04/2011 - 13:28:02 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\Windows\system32\drivers\ssmdrv.sys [28520]
O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 14/07/2009 - 03:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\system32\drivers\stexstor.sys [21072]
O58 - SDL:[MD5.1DE40024679CDE0E573465253519730E] - 28/03/2011 - 16:33:04 ---A- . (.Synaptics Incorporated - Synaptics Touchpad Driver.) -- C:\Windows\system32\drivers\SynTP.sys [213680]
O58 - SDL:[MD5.E43574F6A56A0EE11809B48C09E4FD3C] - 14/07/2009 - 03:19:10 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\viaide.sys [16976]
O58 - SDL:[MD5.9DFA0CC2F8855A04816729651175B631] - 11/06/2009 - 03:19:11 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\system32\drivers\vsmraid.sys [141904]
O58 - SDL:[MD5.B07C5B7EFDF936FF93D4F540938725BE] - 14/07/2009 - 00:02:53 ---A- . (.Marvell - Pilote Miniport pour contrôleur Ethernet Marvell Yukon..) -- C:\Windows\system32\drivers\yk62x86.sys [311296]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 14/07/2009 - 23:40:41 ---A- . (...) -- C:\Windows\system32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 14/07/2009 - 23:40:44 ---A- . (...) -- C:\Windows\system32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 14/07/2009 - 23:40:40 ---A- . (...) -- C:\Windows\system32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 14/07/2009 - 23:40:43 ---A- . (...) -- C:\Windows\system32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 14/07/2009 - 23:40:43 ---A- . (...) -- C:\Windows\system32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 14/07/2009 - 23:40:23 ---A- . (...) -- C:\Windows\system32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 14/07/2009 - 23:40:31 ---A- . (...) -- C:\Windows\system32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 14/07/2009 - 23:40:35 ---A- . (...) -- C:\Windows\system32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 14/07/2009 - 23:40:39 ---A- . (...) -- C:\Windows\system32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 14/07/2009 - 23:40:27 ---A- . (...) -- C:\Windows\system32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 14/07/2009 - 23:40:11 ---A- . (...) -- C:\Windows\system32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 14/07/2009 - 23:40:15 ---A- . (...) -- C:\Windows\system32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 14/07/2009 - 23:40:17 ---A- . (...) -- C:\Windows\system32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 14/07/2009 - 23:40:19 ---A- . (...) -- C:\Windows\system32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 14/07/2009 - 23:40:13 ---A- . (...) -- C:\Windows\system32\NTIO804.SYS [34672]
~ Scan Drivers in 00mn 06s


---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: HijackThis 2.0.2 - (.TrendMicro.) [HKLM] -- HijackThis
O63 - Logiciel: ZHPDiag 1.28 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
O63 - Logiciel: RSIT - (.random/random.)
~ Scan ADS in 00mn 00s



---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 04/03/2011 - C:\Windows\system32\DRIVERS\avgntflt.sys - No object(No service) .(.Avira GmbH - Avira Minifilter Driver.) - LEGACY_AVGNTFLT
O64 - Services: CurCS - 04/03/2011 - C:\Windows\system32\DRIVERS\avipbb.sys - No object(No service) .(.Avira GmbH - Avira Driver for Security Enhancement.) - LEGACY_AVIPBB
O64 - Services: CurCS - 10/06/2011 - C:\Windows\system32\drivers\bckd.sys - No object(No service) .(.Blue Coat Systems, Inc. - K9 Web Protection Driver.) - LEGACY_BCKD
O64 - Services: CurCS - 17/06/2010 - C:\Windows\system32\DRIVERS\ssmdrv.sys - No object(No service) .(.Avira GmbH - AVIRA SnapShot Driver.) - LEGACY_SSMDRV
~ Scan Services in 00mn 01s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (. - .) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (.Microsoft Corporation - Windows Control Panel.) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (.Microsoft Corporation - Windows Control Panel.) -- "%1" %*
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKLM\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\\AppData\Local\Google\Chrome\Application\chrome.exe
O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] (.Microsoft Corporation - Windows Control Panel.) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] (.Microsoft Corporation - Windows Control Panel.) -- "%1" %*
O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCR\..\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\\AppData\Local\Google\Chrome\Application\chrome.exe
O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
~ Scan Keys in 00mn 00s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Scan Keys in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} [DefaultScope] - (@ieframe.dll,-12512) - Bing
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - Bing
O69 - SBI: SearchScopes [HKCU] {0D7562AE-8EF6-416d-A838-AB665251703A} - (Facemoods Search) - Facemoods Search
~ Scan Keys in 00mn 00s



---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.5095D657B76B7F782A9F626273170A79] [SPRF][22/02/2011] (.Adobe Systems, Inc. - Adobe® Flash® Player Installer/Uninstaller 10.2 r152.) -- C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe [2871968]
~ Scan Files in 00mn 00s



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{835A79C7-035B-4FC4-8390-5DC6947389EA}C:\program files\java\jre6\bin\java.exe" | In - Public - P6 - TRUE | .(.Sun Microsystems, Inc. - Java™ Platform SE binary.) -- C:\program files\java\jre6\bin\java.exe
O87 - FAEL: "UDP Query User{56C84E47-F399-46F6-8841-CFB0A0C997B5}C:\program files\java\jre6\bin\java.exe" | In - Public - P17 - TRUE | .(.Sun Microsystems, Inc. - Java™ Platform SE binary.) -- C:\program files\java\jre6\bin\java.exe
O87 - FAEL: "TCP Query User{3120A575-D6F5-4C3C-A679-C4E609781123}C:\program files\java\jre6\bin\javaw.exe" | In - Public - P6 - TRUE | .(.Sun Microsystems, Inc. - Java™ Platform SE binary.) -- C:\program files\java\jre6\bin\javaw.exe
O87 - FAEL: "UDP Query User{B460F4BA-638F-42B8-8F9E-9FC226E3BF05}C:\program files\java\jre6\bin\javaw.exe" | In - Public - P17 - TRUE | .(.Sun Microsystems, Inc. - Java™ Platform SE binary.) -- C:\program files\java\jre6\bin\javaw.exe
O87 - FAEL: "TCP Query User{E4B8DC0F-AE0F-4F80-BEFC-551B87E7B5A4}C:\users\\appdata\local\google\chrome\application\chrome.exe" | In - Public - P6 - TRUE | .(.Google Inc..) -- C:\users\
\appdata\local\google\chrome\application\chrome.exe
O87 - FAEL: "UDP Query User{07758511-A874-4201-95EB-DD7265CD7C9F}C:\users\\appdata\local\google\chrome\application\chrome.exe" | In - Public - P17 - TRUE | .(.Google Inc..) -- C:\users\\appdata\local\google\chrome\application\chrome.exe
~ Scan Firewall in 00mn 01s



---\\ Scan Additionnel (O88)
Database Version : 8584 - (05/08/2011)
Clés trouvées (Keys found) : 4
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 6
Fichiers trouvés (Files found) : 0

[HKLM\Software\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}] =>Toolbar.Facemood
[HKLM\Software\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}] =>Toolbar.Facemood
[HKCU\Software\cacaoweb] =>PUP.CacaoWeb
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\cacaoweb] =>PUP.CacaoWeb
C:\Program Files\Common Files\Nosibay =>Adware.SPointer
C:\ProgramData\Babylon =>Toolbar.Babylon
C:\Users\\AppData\Roaming\Babylon =>Toolbar.Babylon
C:\Users\\AppData\Roaming\cacaoweb =>PUP.CacaoWeb
C:\Users\\AppData\Local\Babylon =>Toolbar.Babylon
~ Scan Additionnel in 00mn 08s



---\\ Recherche détournement de DNS routeur (O89)
Serveur : mp202.home
Address: 10.100.102.1
Nom : www.l.google.com
Addresses: 74.125.39.106
74.125.39.103
74.125.39.147
74.125.39.99
74.125.39.104
74.125.39.105
Aliases: www.google.fr
www.google.com
~ Scan DNS in 00mn 03s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 21/06/2011 64952 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 18/08/2009 176128 | (AMD External Events Utility) . (.AMD.) - C:\Windows\system32\atiesrxx.exe
SR - | Auto 12/04/2011 136360 | (AntiVirSchedulerService) . (.Avira GmbH.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SR - | Auto 12/04/2011 269480 | (AntiVirService) . (.Avira GmbH.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 01/08/2011 1575184 | (bckwfs) . (.Blue Coat Systems, Inc..) - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
SR - | Auto 28/03/2011 228408 | (Com4QLBEx) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
SR - | Demand 28/03/2011 229944 | (hpqwmiex) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
SR - | Auto 13/05/2011 26168 | (hpsrv) . (.Hewlett-Packard Company.) - C:\Windows\system32\Hpservice.exe
SR - | Auto 28/03/2011 354840 | (IAANTMON) . (.Intel Corporation.) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\system32\svchost.exe
~ Scan Services in 00mn 04s



---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover
~ Scan MBR in 00mn 06s



---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by at 07/08/2011 17:52:09

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ Scan MBR in 00mn 08s



End of the scan (1117 lines in 00mn 53s)(0)

Bonjour,

rabim a écrit :... firefox 120 Meg pr un ou 2 onglets ouverts .....

Il ne faut pas trop s'en étonner de la part de Firefox.

Serait-il possible de préciser quel est la série/modèle du portable HP utilisé histoire de situer le matériel

hp 6830s
c'est pas la premiere fois que ca m'arrive

j'oubliais : je soupconne mon debit de connexion d'etre insuffisant. officiellement c'est du 2Meg mais qd je teste sur le net je vois 500ko
mais bon je sais pas si c'est la cause ou la consequence d'un autre probleme

OK merci.

Juste deux remarques rapides à propos du log HJT.

Cette DLL est présumée liée à une barre d'outils:
R3 - URLSearchHook: setuprog Toolbar - {f4ef4468-9bbb-45a1-a2ce-f0c430a9a7e5} - C:\Program Files\Setuprog\prxtbSet0.dll
O2 - BHO: setuprog - {f4ef4468-9bbb-45a1-a2ce-f0c430a9a7e5} - C:\Program Files\Setuprog\prxtbSet0.dll
O3 - Toolbar: setuprog Toolbar - {f4ef4468-9bbb-45a1-a2ce-f0c430a9a7e5} - C:\Program Files\Setuprog\prxtbSet0.dll

Cette ligne est sans objet puisque reliée à rien:
O13 - Gopher Prefix


Pour le reste je cède la place aux helpers... car les procédures d'analyse demadent un diagnostic et des conseils précis...

merci a toi
ce qui veut dire que je peux les supprimer .... en attendant plus d'aide ?
je ne sais pas trop comment le faire et je ne pense pas avoir de toolbars (enfin en apparence)

Pour supprimer une ligne je crois qu'il y a un menu ou alors faut sélectionner à la souris

Sinon patientes jusqu'aux retours du soir.

ok merci j'attends