cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2013.10.28.74 - Nicolas Coolman (28/10/2013)
~ Lanc� par Georges (30/10/2013 14:32:00)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance � la d�sinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activ�e par le programme
~ El�vation des Privil�ges : OK
~ User Account Control (UAC): Not Found


---\\ Navigateurs Internet
MSIE: Internet Explorer v7.0.5730.13
MFIE: Mozilla Firefox 24.0 (Defaut)
GCIE: Google Chrome v30.0.1599.101

---\\ Informations sur les produits Windows
~ Langage: Fran�ais
Windows XP Professional Service Pack 3 (Build 2600)
Key Management Service client information : KO
Windows Automatic Updates : OK
Windows Genuine Advantage : OK

---\\ Logiciels de protection du syst�me
Avira Free Antivirus v13.0.0.4042
Malwarebytes Anti-Malware version 1.75.0.1300

---\\ Logiciels d'optimisation du syst�me
CCleaner v4.04 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Java 7 Update 45

---\\ Informations sur le syst�me
~ Processor: x86 Family 6 Model 10 Stepping 0, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1279 MB (27% free)
System Restore: Activ� (Enable)
System drive C: has 24 GB (20%) free of 114 GB

---\\ Mode de connexion au syst�me
~ Computer Name: PC-SOLER
~ User Name: Georges
~ All Users Names: SUPPORT_388945a0, HelpAssistant, Georges, ASPNET, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\Georges\Application Data\ZHP\
~ %AppData% : C:\Documents and Settings\Georges\Application Data\
~ %Desktop% : C:\Documents and Settings\Georges\Bureau\
~ %Favorites% : C:\Documents and Settings\Georges\Favoris\
~ %LocalAppData% : C:\Documents and Settings\Georges\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\Georges\Menu D�marrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enum�ration des unit�s disques
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 24 Go of 114 Go)
E: Hard drive, Flash drive, Thumb drive (Free 6 Go of 114 Go)
F: Hard drive, Flash drive, Thumb drive (Free 27 Go of 76 Go)
G: CD-ROM drive (Not Inserted)
I: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de S�curit� Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 42 Legitimates Filtered in 00mn 00s



---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 - 03:34:03.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.418FE72D859EA3320F89612A969015C9] - (.Microsoft Corporation - Internet Extensions for Win32.) (.23/09/2013 - 18:34:51.) -- C:\WINDOWS\system32\wininet.dll [841216]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14/04/2008 - 03:34:28.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 19:40:30.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 20:14:21.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 19:40:46.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.14/04/2008 - 02:57:38.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 17:36:05.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.14/04/2008 - 03:00:52.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 19:40:58.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 19:57:15.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 20:19:42.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 20:21:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 20:15:53.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parall�le.) (.14/04/2008 - 03:09:40.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 20:19:43.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 19:32:51.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.14/04/2008 - 02:57:34.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.14/04/2008 - 02:56:04.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 01s



---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 2/105
~ Mes musiques (My Musics) : 1/634
~ Mes Videos (My Videos) : 2/4
~ Mes Favoris (My Favorites) : 1/10
~ Mes Documents (My Documents) : 2/4513
~ Mon Bureau (My Desktop) : 1/9942
~ Menu demarrer (Programs) : 1/42
~ Hidden Files: Scanned in 00mn 32s



---\\ Processus lanc�s
[MD5.8769E2D1072B62AB071F166F03B3E3DC] - (.Avira Operations GmbH & Co. KG - Avira Scheduler.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024] [PID.1988]
[MD5.93AD0B78C7357A05F50E594EC7C22300] - (...) -- ystem32\RunDll32.exe [0] [PID.440]
[MD5.0E34B7BB1FCF22BCC1E394D16F9E992B] - (.Microsoft Corporation - GrooveMonitor Utility.) -- E:\Program Files\Office12\GrooveMonitor.exe [30040] [PID.456]
[MD5.D9A2B9B7B892A98CFCAA76163C72D2CF] - (.pdfconverter.com - Print Dispatcher.) -- C:\Program Files\pdfconverter.com\PDF Converter Elite\3.0\pcSONPrnDisp.exe [335872] [PID.480]
[MD5.DB3F7F19F942D3CE4E1A0E8D9FF541FB] - (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192] [PID.544]
[MD5.CE42DFE915F78246364D464902E47360] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [152392] [PID.564]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [254336] [PID.572]
[MD5.8A6ECE22270BD9D4CFD4553E26B5C69A] - (.ScanSoft, Inc. - OCR Aware.) -- F:\Program Files\OpwareSE4.exe [75304] [PID.620]
[MD5.3B78ACCCAA5132638E7CF419F4A965C7] - (.CANON INC. - Canon Solution Menu EX.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.exe [1185112] [PID.636]
[MD5.50F85FE43AF859330CC9515353EF300C] - (.CANON INC. - Canon My Printer.) -- C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2516296] [PID.648]
[MD5.AD1D13E6326E0B8DA2A7BE13B39A8FE0] - (.Avira Operations GmbH & Co. KG - Avira On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088] [PID.1248]
[MD5.4FE5C6D40664AE07BE5105874357D2ED] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe [57008] [PID.1300]
[MD5.CF7B0E597C1F34E528285495721DEEE9] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler.exe [237960] [PID.1380]
[MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [390504] [PID.1432]
[MD5.AD5DF6F4FBBC798636EDC66BFEC7D0DE] - (.Pas de propri�taire - Inkjet Printer/Scanner/Fax Extended Survey.) -- C:\Program Files\Canon\IJPLM\IJPLMSVC.exe [116104] [PID.804]
[MD5.80A79264302910C7C24BA7E44267EFEF] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Program Files\Java\jre7\bin\jqs.exe [182696] [PID.1620]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.2064]
[MD5.223724F0710351F501E3DA4E1FFB7059] - (.GoldenFrog - VyprVPN.) -- C:\Program Files\VyprVPN\VyprVPN.exe [364704] [PID.2216]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.2336]
[MD5.934833B3CD462A6F8A96F64D024C8B20] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 175.1.) -- C:\WINDOWS\system32\nvsvc32.exe [159812] [PID.2376]
[MD5.021C8FCF52ECDE3797520127B726982B] - (...) -- C:\Program Files\Dump Truck\python\python.exe [26624] [PID.2396]
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2400]
[MD5.753D254205E0A62100A050BD8B458D06] - (.Skype Technologies S.A. - Skype C2C Service.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000] [PID.2448]
[MD5.0765EE4A7A0D6609BF91CA2E4700E885] - (.TomTom - Windows Service for TomTom HOME.) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [93072] [PID.2688]
[MD5.FE5D33917C5265EC9322299733D63A12] - (.DT Soft Ltd - DAEMON Tools Shell Extensions Helper.) -- C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe [2671936] [PID.2720]
[MD5.F30BF9FC4275156F2AE96FCDF1ED5EE4] - (.Avira Operations GmbH & Co. KG - Avira Shadow Copy Service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [76856] [PID.688]
[MD5.B0DA0907A0747DD73E0D2B1F6BA06D7F] - (.GoldenFrog - GoldenFrog.DumpTruck.) -- C:\Program Files\Dump Truck\GoldenFrog.DumpTruck.exe [1324448] [PID.3712]
[MD5.D8B8B5A8FE57CF4F307A540D9A153C23] - (.Apple Inc. - iPodService Module (32-bit).) -- C:\Program Files\iPod\bin\iPodService.exe [553288] [PID.756]
[MD5.A9182CE59CFC56F9C1DDE8B3C0AE8378] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [274840] [PID.3308]
[MD5.12FD4EF8F2CBBF98E0A5CED88258DDF3] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [17816] [PID.2444]
[MD5.3B605772669BDFD6DC266B9320E87B45] - (.Nicolas Coolman - ZHPDiag.) -- C:\Documents and Settings\Georges\Bureau\ZHPDiag\ZHPDiag.exe [8143872] [PID.1608]
[MD5.4F72DC543625748F0A7C293561CF0492] - (.Nicolas Coolman - ZHPFix.) -- C:\Documents and Settings\Georges\Bureau\ZHPDiag\ZHPFix\ZHPFix.exe [3008512] [PID.596]
~ Processes Running: Scanned in 00mn 05s



---\\ Google Chrome, D�marrage,Recherche,Extensions (G0,G1,G2)
C:\Documents and Settings\Georges\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 1 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Documents and Settings\Georges\Application Data\Mozilla\Firefox\Profiles\zuevwgzy.default-1382612695906\prefs.js
P2 - FPN: [HKLM] [adobe.com/AdobeAAMDetect] - (...) -- C:\Program Files\Fichiers communs\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (.not file.)
~ Firefox Browser: 17 Legitimates Filtered in 00mn 02s



---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Tracker Software Products Ltd. - PDF-XChange Viewer Netscape Gecko Plugin.) (No version) -- (.not file.)
R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} . (.Tracker Software Products Ltd. - PDF-XChange Viewer Netscape Gecko Plugin.) (No version) -- (.not file.)
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 0
~ IE Browser: 11 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 22



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} Cl� orpheline
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} . (.Shareaza Development Team - Shareaza Web Download Hook.) -- C:\Program Files\Shareaza\RazaWebHook32.dll
~ BHO: 18 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Canon Easy-WebPrint EX - [HKLM]{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} . (.CANON INC. - Easy-WebPrint EX.) -- C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Cl� orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Cl� orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{4A1C6093-14F9-44D7-860E-5D265CFCA9D9} Cl� orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} Cl� orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Program [AllUsers]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [AllUsers]: MSN.lnk . (.Microsoft Corporation - Win32 Cabinet Self-Extractor.) -- C:\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe =>.Microsoft Corporation
O4 - GS\Program [AllUsers]: Photo Story 3 for Windows.lnk . (.Microsoft Corp. - Photo Story 3 for Windows.) -- F:\Program Files\PhotoStory3.exe
O4 - GS\Program [AllUsers]: SyncToy 2.1.lnk . (...) -- C:\WINDOWS\Installer\{A066194B-DC8F-449A-8E0F-B57BDD3A2072}\_6FEFF9B68218417F98F549.exe
O4 - GS\Program [AllUsers]: Windows Messenger.lnk . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - GS\Program [Georges]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [Georges]: Lecteur Windows Media.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
~ Global Startup: 23 Legitimates Filtered in 00mn 06s



---\\ Applications lanc�es au d�marrage du syt�me (O4)
O4 - GS\Program [AllUsers]: Adobe Gamma Loader.lnk . (...) -- C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (.not file.)
O4 - GS\Program [Georges]: Adobe Gamma.lnk . (...) -- C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (.not file.)
O4 - GS\Program [Georges]: VyprVPN.lnk . (.GoldenFrog - VyprVPN.) -- C:\Program Files\VyprVPN\VyprVPN.exe
O4 - HKLM\..\Run: [Cmaudio] Cl� orpheline
O4 - HKLM\..\Run: [SSBkgdUpdate] . (.Nuance Communications, Inc. - SSBkgdUpdate.) -- C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
O4 - HKLM\..\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- E:\Program Files\Office12\GrooveMonitor.exe
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [PDF Converter Elite Print Dispatcher] . (.pdfconverter.com - Print Dispatcher.) -- C:\Program Files\pdfconverter.com\PDF Converter Elite\3.0\pcSONPrnDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll =>.NVIDIA Corporation
O4 - HKLM\..\Run: [nwiz] . (...) -- C:\WINDOWS\system32\nwiz.exe
O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\WINDOWS\system32\NvMcTray.dll
O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [RoxioEngineUtility] . (.Roxio - Roxio Engine Compatibility.) -- C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe
O4 - HKLM\..\Run: [OpwareSE4] . (.ScanSoft, Inc. - OCR Aware.) -- F:\Program Files\OpwareSE4.exe =>.ScanSoft, Inc
O4 - HKLM\..\Run: [CanonMyPrinter] . (.CANON INC. - Canon My Printer.) -- C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] . (.DT Soft Ltd - DAEMON Tools Pro Agent.) -- C:\Program Files\DAEMON Tools Pro\DTAgent.exe
O4 - HKCU\..\Run: [AdobeBridge] Cl� orpheline
O4 - HKCU\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [Dump Truck] . (.Data Foundry - RunDumpTruck.) -- C:\Program Files\Dump Truck\DumpTruck.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-343818398-1563985344-839522115-1003\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-343818398-1563985344-839522115-1003\..\Run: [DAEMON Tools Pro Agent] . (.DT Soft Ltd - DAEMON Tools Pro Agent.) -- C:\Program Files\DAEMON Tools Pro\DTAgent.exe
O4 - HKUS\S-1-5-21-343818398-1563985344-839522115-1003\..\Run: [AdobeBridge] Cl� orpheline
O4 - HKUS\S-1-5-21-343818398-1563985344-839522115-1003\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - HKUS\S-1-5-21-343818398-1563985344-839522115-1003\..\Run: [Dump Truck] . (.Data Foundry - RunDumpTruck.) -- C:\Program Files\Dump Truck\DumpTruck.exe
~ Application: Scanned in 00mn 02s



---\\ Boutons situ�s sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer � OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- E:\PROGRA~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- E:\Program Files\Office12\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Cl� orpheline
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4DBF013-EDC2-42FD-8B9A-06268643EEC5}: NameServer = 138.199.67.53 138.199.67.54
O17 - HKLM\System\CCS\Services\Tcpip\..\{80B872B3-5EB6-4BC2-9AA5-6681F0DB576A}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{C4DBF013-EDC2-42FD-8B9A-06268643EEC5}: NameServer = 138.199.67.53 138.199.67.54
O17 - HKLM\System\CS1\Services\Tcpip\..\{80B872B3-5EB6-4BC2-9AA5-6681F0DB576A}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS3\Services\Tcpip\..\{80B872B3-5EB6-4BC2-9AA5-6681F0DB576A}: DhcpNameServer = 212.27.40.240 212.27.40.241
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent r�seau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notifications Windows Genuine Advantage.) -- C:\WINDOWS\system32\WgaLogon.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: KMService (KMService) . (...) - C:\WINDOWS\system32\srvany.exe =>Hijacker.Office
O23 - Service: NVIDIA Display Driver Service (NVSvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 175.1.) - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TomTomHOMEService (TomTomHOMEService) . (.TomTom - Windows Service for TomTom HOME.) - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
~ Services: 14 Legitimates Filtered in 00mn 13s



---\\ Enum�ration Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\Georges\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Logiciels install�s (O42)
O42 - Logiciel: ContinueToSave - (...) [HKLM] -- {18A45548-C341-4945-ABAE-8B63C34777BE} =>PUP.OfferWare
O42 - Logiciel: MP3 AddIn - (.TopByteLabs Ltd..) [HKLM] -- {D19E4F5B-C6E8-4DC2-BAEA-99E4E661675E}
O42 - Logiciel: PDF-Tools 4 - (.Tracker Software Products Ltd.) [HKLM] -- {14EC807A-F88E-4FCF-8013-CB909F930E88}_is1
O42 - Logiciel: PeugeotAlertZone - (.NAVTEQ North America, LLC.) [HKLM] -- com.navteq.ce.peugeotalertzone
O42 - Logiciel: PeugeotAlertZone - (.NAVTEQ North America, LLC.) [HKLM] -- {CA42D572-65D4-3FD5-C807-B2433CB5E210}
O42 - Logiciel: Shareaza 2.6.0.0 - (.Shareaza Development Team.) [HKLM] -- Shareaza_is1
~ Logic: 154 Legitimates Filtered in 00mn 02s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Lime PRO]
[HKCU\Software\Nimbuzz]
[HKCU\Software\Shareaza]
[HKCU\Software\TopByteLabs]
[HKCU\Software\business-inkjet]
[HKLM\Software\1307]
[HKLM\Software\PS]
[HKLM\Software\Shareaza]
~ Key Software: 265 Legitimates Filtered in 00mn 02s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 04/04/2013 - 17:20:13 - [2,614] ----D C:\Program Files\FSCapture73
O43 - CFD: 21/04/2012 - 16:15:46 - [22,807] ----D C:\Program Files\ImageResizerPortable
O43 - CFD: 04/08/2013 - 15:01:58 - [4,919] ----D C:\Program Files\Lime PRO
O43 - CFD: 29/01/2012 - 00:25:21 - [1,347] ----D C:\Program Files\PeugeotAlertZone
O43 - CFD: 05/05/2013 - 13:34:36 - [18,375] ----D C:\Program Files\Pro Imaging Powertoys
O43 - CFD: 06/05/2013 - 11:14:34 - [24,845] ----D C:\Program Files\Shareaza
O43 - CFD: 12/09/2012 - 08:15:57 - [1,273] ----D C:\Program Files\TopByteLabs
O43 - CFD: 02/05/2013 - 09:04:32 - [3,644] ----D C:\Documents and Settings\All Users\Application Data\InstallMate
O43 - CFD: 29/03/2011 - 14:39:27 - [0,007] ----D C:\Documents and Settings\Georges\Application Data\couk.psyked.ImageSizer.33AC44770D6DA0D343B94BC05C14D0B14C15D157.1
O43 - CFD: 31/03/2012 - 23:38:31 - [0] ----D C:\Documents and Settings\Georges\Application Data\Picturenaut
O43 - CFD: 06/05/2013 - 11:14:49 - [0,360] ----D C:\Documents and Settings\Georges\Application Data\Shareaza
O43 - CFD: 07/12/2012 - 21:26:57 - [0] ----D C:\Documents and Settings\Georges\Application Data\Wezeaz
O43 - CFD: 08/12/2012 - 09:41:15 - [0] ----D C:\Documents and Settings\Georges\Application Data\Ybse
O43 - CFD: 21/10/2013 - 16:55:11 - [0] ----D C:\Documents and Settings\Georges\Local Settings\Application Data\AppsHat Mobile Apps =>Adware.MegaSearch
O43 - CFD: 08/06/2013 - 17:47:42 - [0,004] ----D C:\Documents and Settings\Georges\Local Settings\Application Data\Lime PRO
O43 - CFD: 06/05/2013 - 11:14:49 - [0] ----D C:\Documents and Settings\Georges\Local Settings\Application Data\Shareaza
O43 - CFD: 24/10/2013 - 15:17:28 - [0,003] ----D C:\Documents and Settings\Georges\Menu D�marrer\Programmes\AppsHat =>Adware.MegaSearch
~ Program Folder: 258 Legitimates Filtered in 00mn 49s



---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.5EF6DF21B4A50F873E445E25AE0B279D] - 19/10/2013 - 15:49:43 ---A- . (...) -- C:\WINDOWS\system32\???6 [101983560]
O44 - LFC:[MD5.17CC39DAF36B271367A8E8115F170F62] - 22/10/2013 - 21:16:08 ---A- . (...) -- C:\WINDOWS\system32\???6 [102488124]
O44 - LFC:[MD5.452B1A427DB92EDAE481EC790ADC7C48] - 24/10/2013 - 08:58:49 ---A- . (...) -- C:\WINDOWS\system32\jupdate-1.7.0_45-b18.log [4828]
O44 - LFC:[MD5.E22E8107A9DB0C116A95655662F2BEE0] - 24/10/2013 - 15:53:05 ---A- . (...) -- C:\DelFix.txt [2024]
O44 - LFC:[MD5.39B42B120A76D71518F9F4E3081E5794] - 26/10/2013 - 18:26:26 ---A- . (...) -- C:\PhysicalMBR.bin [512]
O44 - LFC:[MD5.6BA4CECD913170E302DD6959B9663144] - 27/10/2013 - 07:32:58 ---A- . (...) -- C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT [119080]
O44 - LFC:[MD5.C9DD76D0EF94637C77FF8CA5E0FB0684] - 29/10/2013 - 08:17:24 ---A- . (...) -- C:\WINDOWS\system.ini [227]
O44 - LFC:[MD5.47FB80F9BE19EA3332E28ED4A4374D9A] - 29/10/2013 - 08:17:24 ---A- . (...) -- C:\WINDOWS\win.ini [787]
O44 - LFC:[MD5.DDDC1C4041016E9CF22A49816D9DBFB1] - 29/10/2013 - 13:34:53 ---A- . (...) -- C:\WINDOWS\system32\???6 [103932228]
O44 - LFC:[MD5.52AA23CAC38023250F2C85B6DEF9B8F5] - 30/10/2013 - 08:07:55 ---A- . (...) -- C:\WINDOWS\system32\nvapps.xml [182038]
O44 - LFC:[MD5.C7B406C49AF42FA964CDBBA063BC3A87] - 30/10/2013 - 08:08:25 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.33D9A631BBCF495A377B8ACD6D366B31] - 30/10/2013 - 11:27:05 ---A- . (...) -- C:\WINDOWS\wiadebug.log [405]
~ Files: 32 Legitimates Filtered in 03mn 08s



---\\ Derniers fichiers cr��s dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.A0277838F3F0D412492AABC6D1A0F36E] - 28/10/2013 - 19:36:26 ---A- - C:\WINDOWS\Prefetch\ADOBE PHOTOSHOP CS4.EXE-1812E9A3.pf
O45 - LFCP:[MD5.BFD0D56F5862AF6D201D02F9258AA3C2] - 29/10/2013 - 09:46:57 ---A- - C:\WINDOWS\Prefetch\_IU14D2N.TMP-29BDAD4F.pf
O45 - LFCP:[MD5.023F10B8943BBC5ACCAA8751014F7DEC] - 29/10/2013 - 09:53:44 ---A- - C:\WINDOWS\Prefetch\SRVANY.EXE-0C867EC1.pf
O45 - LFCP:[MD5.53EEDD9C6F786772A2DCE1281888E9C0] - 29/10/2013 - 23:21:29 ---A- - C:\WINDOWS\Prefetch\PCSONPRNDISP.EXE-08001ACB.pf
O45 - LFCP:[MD5.6B9CAE7FB52DB7083085738D0596247D] - 29/10/2013 - 23:21:44 ---A- - C:\WINDOWS\Prefetch\ENGUTIL.EXE-2E33CF6A.pf
O45 - LFCP:[MD5.2B3E4CD5E847F996F21E3BAF9E731F0B] - 29/10/2013 - 23:21:54 ---A- - C:\WINDOWS\Prefetch\OPWARESE4.EXE-2C6E4F63.pf
O45 - LFCP:[MD5.8D4535F40AC496D390811C71C1F46D45] - 29/10/2013 - 23:22:42 ---A- - C:\WINDOWS\Prefetch\DUMPTRUCK.EXE-015C99E2.pf
O45 - LFCP:[MD5.8569BDA9AD33F9E0E9803ACDC4D6266A] - 29/10/2013 - 23:23:24 ---A- - C:\WINDOWS\Prefetch\VYPRVPN.EXE-3549A8DC.pf
O45 - LFCP:[MD5.13D728B1C852444B6BBA5C07F051078C] - 30/10/2013 - 08:13:21 ---A- - C:\WINDOWS\Prefetch\GOLDENFROG.DUMPTRUCK.EXE-03CE154F.pf
O45 - LFCP:[MD5.58A46057D6E7B670D0CA6291231191F9] - 30/10/2013 - 11:15:34 ---A- - C:\WINDOWS\Prefetch\CNMSEAD.EXE-27BADA08.pf
~ Prefetcher: 120 Legitimates Filtered in 00mn 01s



---\\ Op�rations et fonctions au d�marrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\Program Files\Office12\GrooveShellExtensions.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Export de cl� d'application autoris�e (O47)
O47 - AAKE:Key Export SP - "C:\Program Files\Tango\Tango.exe" [Enabled] .(...) -- C:\Program Files\Tango\Tango.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\Shareaza\Shareaza.exe" [Enabled] .(.Shareaza Development Team.) -- C:\Program Files\Shareaza\Shareaza.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Lime PRO\LimePro.exe" [Enabled] .(...) -- C:\Program Files\Lime PRO\LimePro.exe (.not file.)
O47 - AAKE:Key Export DP - "C:\Program Files\ATOMI\ActivePresenter\ActivePresenter.exe" [Enabled] .(...) -- C:\Program Files\ATOMI\ActivePresenter\ActivePresenter.exe (.not file.)
~ Keys Export: 16 Legitimates Filtered in 00mn 11s



---\\ Cl� de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{a0f8ca84-8ba9-11e1-a47b-000b6ab497b3}\AutoRun\command. (...) -- I:\SETUP.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Liste des pilotes du syst�me (SDL) (O58)
O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 07/09/2002 - 01:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 07/09/2002 - 01:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
~ Drivers: 5 Legitimates Filtered in 00mn 03s



---\\ Derniers fichiers modifi�s ou cr�es (Utilisateur) (O61)
O61 - LFC: 27/10/2013 - 14:42:38 ---A- . (...) -- C:\Documents and Settings\Georges\Application Data\Mozilla\Firefox\Profiles\zuevwgzy.default-1382612695906\bookmarkbackups\bookmarks-2013-10-27.json [645993]
O61 - LFC: 27/10/2013 - 14:42:39 ---A- . (...) -- C:\Documents and Settings\Georges\Application Data\Mozilla\Firefox\Profiles\zuevwgzy.default-1382612695906\extensions.sqlite [458752]
O61 - LFC: 27/10/2013 - 14:42:39 ---A- . (...) -- C:\Documents and Settings\Georges\Application Data\Mozilla\Firefox\Profiles\zuevwgzy.default-1382612695906\extensions.sqlite-journal [393824]
O61 - LFC: 27/10/2013 - 14:42:40 ---A- . (...) -- C:\Documents and Settings\Georges\Application Data\Mozilla\Firefox\Profiles\zuevwgzy.default-1382612695906\pluginreg.dat [6989]
O61 - LFC: 27/10/2013 - 14:42:41 ---A- . (...) -- C:\Documents and Settings\Georges\Application Data\Shareaza\Data\Discovery.dat [7426]
O61 - LFC: 27/10/2013 - 14:42:41 ---A- . (...) -- C:\Documents and Settings\Georges\Application Data\Shareaza\Data\DownloadGroups.dat [2478]
O61 - LFC: 27/10/2013 - 14:42:41 ---A- . (...) -- C:\Documents and Settings\Georges\Application Data\Shareaza\Data\HostCache.dat [1748]
O61 - LFC: 27/10/2013 - 14:42:41 ---A- . (...) -- C:\Documents and Settings\Georges\Application Data\Shareaza\Data\Library1.dat [6372]
O61 - LFC: 27/10/2013 - 14:42:41 ---A- . (...) -- C:\Documents and Settings\Georges\Application Data\Shareaza\Data\Searches.dat [226920]
O61 - LFC: 27/10/2013 - 14:42:41 ---A- . (...) -- C:\Documents and Settings\Georges\Application Data\Shareaza\Data\Security.dat [17976]
O61 - LFC: 27/10/2013 - 14:42:41 ---A- . (...) -- C:\Documents and Settings\Georges\Application Data\Shareaza\Data\Shareaza.db3 [9216]
O61 - LFC: 27/10/2013 - 14:42:41 ---A- . (...) -- C:\Documents and Settings\Georges\Application Data\Shareaza\Data\UploadQueues.dat [746]
O61 - LFC: 27/10/2013 - 14:56:36 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\10272013_074123.lnk [648]
O61 - LFC: 27/10/2013 - 14:56:41 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\MovedFiles.lnk [460]
O61 - LFC: 27/10/2013 - 14:56:41 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\OTL.lnk [453]
O61 - LFC: 28/10/2013 - 14:42:38 ---A- . (...) -- C:\Documents and Settings\Georges\Application Data\Mozilla\Firefox\Profiles\zuevwgzy.default-1382612695906\bookmarkbackups\bookmarks-2013-10-28.json [645636]
O61 - LFC: 28/10/2013 - 14:44:29 -SHA- . (...) -- C:\Documents and Settings\Georges\Bureau\CLUB PHOTO\Clich�s exo\pano manuel\pano tuto\Thumbs.db [118784]
O61 - LFC: 28/10/2013 - 14:44:30 ---A- . (...) -- C:\Documents and Settings\Georges\Bureau\CLUB PHOTO\Clich�s exo\pano manuel\Technic manuelle pour un panoramique.ppsx [5331396]
O61 - LFC: 28/10/2013 - 14:44:30 ---A- . (.SOLER.) -- C:\Documents and Settings\Georges\Bureau\CLUB PHOTO\Clich�s exo\pano manuel\Technic manuelle pour un panoramique.pps [5442048]
O61 - LFC: 28/10/2013 - 14:44:30 ---A- . (.SOLER.) -- C:\Documents and Settings\Georges\Bureau\CLUB PHOTO\Clich�s exo\pano manuel\Technic manuelle pour un panoramique.ppt [2613248]
O61 - LFC: 28/10/2013 - 14:44:38 -SHA- . (...) -- C:\Documents and Settings\Georges\Bureau\CLUB PHOTO\Formations\Thumbs.db [24576]
O61 - LFC: 28/10/2013 - 14:44:38 -SHA- . (...) -- C:\Documents and Settings\Georges\Bureau\CLUB PHOTO\HDR\Thumbs.db [23552]
O61 - LFC: 28/10/2013 - 14:45:10 -SHA- . (...) -- C:\Documents and Settings\Georges\Bureau\CLUB PHOTO\Lecture publications\Thumbs.db [11264]
O61 - LFC: 28/10/2013 - 14:45:13 -SHA- . (...) -- C:\Documents and Settings\Georges\Bureau\CLUB PHOTO\R�unions 2013 2014\Thumbs.db [5120]
O61 - LFC: 28/10/2013 - 14:45:13 -SHA- . (...) -- C:\Documents and Settings\Georges\Bureau\CLUB PHOTO\Thumbs.db [65536]
O61 - LFC: 28/10/2013 - 14:45:38 ---A- . (...) -- C:\Documents and Settings\Georges\Bureau\Frou Frou\horizon fait son cin�ma.txt [550]
O61 - LFC: 28/10/2013 - 14:45:38 -SHA- . (...) -- C:\Documents and Settings\Georges\Bureau\Frou Frou\Thumbs.db [166400]
O61 - LFC: 28/10/2013 - 14:45:46 ---A- . (...) -- C:\Documents and Settings\Georges\Bureau\GPnet rembst aller.pdf [28685]
O61 - LFC: 28/10/2013 - 14:45:46 ---A- . (...) -- C:\Documents and Settings\Georges\Bureau\GPnet rembst retour.pdf [28860]
O61 - LFC: 28/10/2013 - 14:45:50 -SHA- . (...) -- C:\Documents and Settings\Georges\Bureau\Photo 2013\chrysanthemes\Thumbs.db [8192]
O61 - LFC: 28/10/2013 - 14:46:37 -SHA- . (...) -- C:\Documents and Settings\Georges\Bureau\Photo 2013\CORSE\Thumbs.db [2332160]
O61 - LFC: 28/10/2013 - 14:46:44 -SHA- . (...) -- C:\Documents and Settings\Georges\Bureau\Photo 2013\ELA\Thumbs.db [326656]
O61 - LFC: 28/10/2013 - 14:46:44 -SHA- . (...) -- C:\Documents and Settings\Georges\Bureau\Photo 2013\FROU FROU\Thumbs.db [111104]
O61 - LFC: 28/10/2013 - 14:46:44 -SHA- . (...) -- C:\Documents and Settings\Georges\Bureau\Photo 2013\Thumbs.db [17920]
O61 - LFC: 28/10/2013 - 14:47:09 ---A- . (...) -- C:\Documents and Settings\Georges\Bureau\Photoshop CS4 PortableKTC\Photoshop CS4 Fr by KTC.exe.lnk [649]
O61 - LFC: 28/10/2013 - 14:48:30 -SHA- . (...) -- C:\Documents and Settings\Georges\Bureau\Thumbs.db [734724]
O61 - LFC: 28/10/2013 - 14:56:36 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\02-10-affiche enghien les bains copie.lnk [752]
O61 - LFC: 28/10/2013 - 14:56:36 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\1.lnk [557]
O61 - LFC: 28/10/2013 - 14:56:36 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\16.lnk [564]
O61 - LFC: 28/10/2013 - 14:56:36 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\25 octobre 2013 lettre motivation CHAMPILAND.lnk [601]
O61 - LFC: 28/10/2013 - 14:56:36 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\6b.lnk [564]
O61 - LFC: 28/10/2013 - 14:56:36 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\7b.lnk [468]
O61 - LFC: 28/10/2013 - 14:56:37 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\8.lnk [557]
O61 - LFC: 28/10/2013 - 14:56:37 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\ADDRetCodesecret (2).lnk [499]
O61 - LFC: 28/10/2013 - 14:56:37 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\ADDRetCodesecret.lnk [499]
O61 - LFC: 28/10/2013 - 14:56:37 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\affiche enghien les bains_2.lnk [742]
O61 - LFC: 28/10/2013 - 14:56:37 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\affiche-enghien-les-bains-bnf.lnk [712]
O61 - LFC: 28/10/2013 - 14:56:37 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\affiche-enghien-les-bains_1.lnk [818]
O61 - LFC: 28/10/2013 - 14:56:38 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\CV Sophie Soler - Acheteur.lnk [615]
O61 - LFC: 28/10/2013 - 14:56:38 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\GPnet rembst aller.lnk [448]
O61 - LFC: 28/10/2013 - 14:56:38 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\GPnet rembst retour.lnk [453]
O61 - LFC: 28/10/2013 - 14:56:38 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\horizon fait son cin�ma.lnk [505]
O61 - LFC: 28/10/2013 - 14:56:39 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\indien BZH.lnk [715]
O61 - LFC: 28/10/2013 - 14:56:41 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\Mes aides financi�res L.lnk [434]
O61 - LFC: 28/10/2013 - 14:56:41 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\P1010110_1.lnk [564]
O61 - LFC: 28/10/2013 - 14:56:41 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\Photo 2013.lnk [388]
O61 - LFC: 28/10/2013 - 14:56:41 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\Photos 2011.lnk [427]
O61 - LFC: 28/10/2013 - 14:56:41 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\pano tuto.lnk [383]
O61 - LFC: 28/10/2013 - 14:56:42 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\Technic manuelle pour un panoramique (2).lnk [1007]
O61 - LFC: 28/10/2013 - 14:56:42 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\Technic manuelle pour un panoramique.lnk [1007]
O61 - LFC: 28/10/2013 - 14:56:42 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\theatre sarah bernardh.lnk [793]
O61 - LFC: 28/10/2013 - 14:56:42 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\tuto masque de fusion.lnk [895]
O61 - LFC: 28/10/2013 - 14:56:43 ---A- . (...) -- C:\Documents and Settings\Georges\UserData\NKQ53EN3\oWindowsUpdate[1].xml [28]
O61 - LFC: 28/10/2013 - 14:56:43 ---A- . (...) -- C:\Documents and Settings\Georges\UserData\index.dat [32768]
O61 - LFC: 29/10/2013 - 14:42:39 ---A- . (...) -- C:\Documents and Settings\Georges\Application Data\Mozilla\Firefox\Profiles\zuevwgzy.default-1382612695906\bookmarkbackups\bookmarks-2013-10-29.json [645636]
O61 - LFC: 29/10/2013 - 14:42:39 ---A- . (...) -- C:\Documents and Settings\Georges\Application Data\Mozilla\Firefox\Profiles\zuevwgzy.default-1382612695906\content-prefs.sqlite [229376]
O61 - LFC: 29/10/2013 - 14:42:40 ---A- . (...) -- C:\Documents and Settings\Georges\Application Data\Mozilla\Firefox\Profiles\zuevwgzy.default-1382612695906\signons.sqlite [69632]
O61 - LFC: 29/10/2013 - 14:49:06 ---A- . (...) -- C:\Documents and Settings\Georges\Local Settings\Application Data\GoldenFrog\Dump Truck\DumpTruck.log.2 [26214252]
O61 - LFC: 29/10/2013 - 14:49:08 ---A- . (...) -- C:\Documents and Settings\Georges\Local Settings\Application Data\GoldenFrog\Dump Truck\DumpTruck.log.3 [26214287]
O61 - LFC: 29/10/2013 - 14:49:08 ---A- . (...) -- C:\Documents and Settings\Georges\Local Settings\Application Data\GoldenFrog\Dump Truck\lockfile.txt [32]
O61 - LFC: 29/10/2013 - 14:56:36 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\17 octobre 2013 lettre motivation POPLIDAYS.lnk [598]
O61 - LFC: 29/10/2013 - 14:56:37 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\Assistant poplidays.lnk [395]
O61 - LFC: 29/10/2013 - 14:56:37 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\Brigitte 2.lnk [494]
O61 - LFC: 29/10/2013 - 14:56:37 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\alerte 28oct13 11h30.lnk [544]
O61 - LFC: 29/10/2013 - 14:56:37 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\art_nouveau_ornaments_by_esstera.lnk [524]
O61 - LFC: 29/10/2013 - 14:56:37 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\avst warning.lnk [504]
O61 - LFC: 29/10/2013 - 14:56:37 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\chez brigitte.lnk [509]
O61 - LFC: 29/10/2013 - 14:56:38 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\CV Sophie Soler 4R.lnk [531]
O61 - LFC: 29/10/2013 - 14:56:38 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\CV.lnk [370]
O61 - LFC: 29/10/2013 - 14:56:38 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\de_b2.lnk [349]
O61 - LFC: 29/10/2013 - 14:56:38 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\frou9.lnk [439]
O61 - LFC: 29/10/2013 - 14:56:40 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\Location de vacances.lnk [321]
O61 - LFC: 29/10/2013 - 14:56:40 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\mbam-log-2013-10-29 (19-22-00).lnk [520]
O61 - LFC: 29/10/2013 - 14:56:41 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\Monsieur Sirodot.lnk [519]
O61 - LFC: 29/10/2013 - 14:56:41 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\Pour Carlos.lnk [352]
O61 - LFC: 29/10/2013 - 14:56:41 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\merciere2797027970-8epub.lnk [503]
O61 - LFC: 29/10/2013 - 14:56:41 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\offres postul�es.lnk [350]
O61 - LFC: 29/10/2013 - 14:56:42 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\SOPHIE USB (D).lnk [189]
O61 - LFC: 29/10/2013 - 14:56:42 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\SOPHIE.lnk [253]
O61 - LFC: 29/10/2013 - 14:56:42 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\torrent.lnk [323]
O61 - LFC: 29/10/2013 - 14:56:42 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\unins000.lnk [574]
O61 - LFC: 30/10/2013 - 14:42:34 -SHA- . (...) -- C:\Documents and Settings\Georges\Application Data\Microsoft\Internet Explorer\Desktop.htt [2128]
O61 - LFC: 30/10/2013 - 14:42:36 ---A- . (...) -- C:\Documents and Settings\Georges\Application Data\Microsoft\Windows\Themes\Custom.theme [8095]
O61 - LFC: 30/10/2013 - 14:42:37 ---A- . (...) -- C:\Documents and Settings\Georges\Application Data\Mozilla\Firefox\Profiles\zuevwgzy.default-1382612695906\addons.sqlite [524288]
O61 - LFC: 30/10/2013 - 14:42:37 ---A- . (...) -- C:\Documents and Settings\Georges\Application Data\Mozilla\Firefox\Profiles\zuevwgzy.default-1382612695906\blocklist.xml [81840]
O61 - LFC: 30/10/2013 - 14:42:39 ---A- . (...) -- C:\Documents and Settings\Georges\Application Data\Mozilla\Firefox\Profiles\zuevwgzy.default-1382612695906\bookmarkbackups\bookmarks-2013-10-30.json [645636]
O61 - LFC: 30/10/2013 - 14:42:39 ---A- . (...) -- C:\Documents and Settings\Georges\Application Data\Mozilla\Firefox\Profiles\zuevwgzy.default-1382612695906\cert8.db [131072]
O61 - LFC: 30/10/2013 - 14:42:39 ---A- . (...) -- C:\Documents and Settings\Georges\Application Data\Mozilla\Firefox\Profiles\zuevwgzy.default-1382612695906\cert_override.txt [544]
O61 - LFC: 30/10/2013 - 14:42:39 ---A- . (...) -- C:\Documents and Settings\Georges\Application Data\Mozilla\Firefox\Profiles\zuevwgzy.default-1382612695906\cookies.sqlite [2097152]
O61 - LFC: 30/10/2013 - 14:42:39 ---A- . (...) -- C:\Documents and Settings\Georges\Application Data\Mozilla\Firefox\Profiles\zuevwgzy.default-1382612695906\cookies.sqlite-shm [32768]
O61 - LFC: 30/10/2013 - 14:42:39 ---A- . (...) -- C:\Documents and Settings\Georges\Application Data\Mozilla\Firefox\Profiles\zuevwgzy.default-1382612695906\cookies.sqlite-wal [721456]
O61 - LFC: 30/10/2013 - 14:42:39 ---A- . (...) -- C:\Documents and Settings\Georges\Application Data\Mozilla\Firefox\Profiles\zuevwgzy.default-1382612695906\downloads.sqlite [98304]
O61 - LFC: 30/10/2013 - 14:42:39 ---A- . (...) -- C:\Documents and Settings\Georges\Application Data\Mozilla\Firefox\Profiles\zuevwgzy.default-1382612695906\formhistory.sqlite [240640]
O61 - LFC: 30/10/2013 - 14:42:39 ---A- . (...) -- C:\Documents and Settings\Georges\Application Data\Mozilla\Firefox\Profiles\zuevwgzy.default-1382612695906\healthreport\state.json [123]
O61 - LFC: 30/10/2013 - 14:42:40 ---A- . (...) -- C:\Documents and Settings\Georges\Application Data\Mozilla\Firefox\Profiles\zuevwgzy.default-1382612695906\healthreport.sqlite [1146880]
O61 - LFC: 30/10/2013 - 14:42:40 ---A- . (...) -- C:\Documents and Settings\Georges\Application Data\Mozilla\Firefox\Profiles\zuevwgzy.default-1382612695906\healthreport.sqlite-shm [32768]
O61 - LFC: 30/10/2013 - 14:42:40 ---A- . (...) -- C:\Documents and Settings\Georges\Application Data\Mozilla\Firefox\Profiles\zuevwgzy.default-1382612695906\healthreport.sqlite-wal [0]
O61 - LFC: 30/10/2013 - 14:42:40 ---A- . (...) -- C:\Documents and Settings\Georges\Application Data\Mozilla\Firefox\Profiles\zuevwgzy.default-1382612695906\key3.db [16384]
O61 - LFC: 30/10/2013 - 14:42:40 ---A- . (...) -- C:\Documents and Settings\Georges\Application Data\Mozilla\Firefox\Profiles\zuevwgzy.default-1382612695906\localstore.rdf [4598]
O61 - LFC: 30/10/2013 - 14:42:40 ---A- . (...) -- C:\Documents and Settings\Georges\Application Data\Mozilla\Firefox\Profiles\zuevwgzy.default-1382612695906\permissions.sqlite [65536]
O61 - LFC: 30/10/2013 - 14:42:40 ---A- . (...) -- C:\Documents and Settings\Georges\Application Data\Mozilla\Firefox\Profiles\zuevwgzy.default-1382612695906\places.sqlite [10485760]
O61 - LFC: 30/10/2013 - 14:42:40 ---A- . (...) -- C:\Documents and Settings\Georges\Application Data\Mozilla\Firefox\Profiles\zuevwgzy.default-1382612695906\places.sqlite-shm [32768]
O61 - LFC: 30/10/2013 - 14:42:40 ---A- . (...) -- C:\Documents and Settings\Georges\Application Data\Mozilla\Firefox\Profiles\zuevwgzy.default-1382612695906\places.sqlite-wal [449112]
O61 - LFC: 30/10/2013 - 14:42:40 ---A- . (...) -- C:\Documents and Settings\Georges\Application Data\Mozilla\Firefox\Profiles\zuevwgzy.default-1382612695906\prefs.js [12955]
O61 - LFC: 30/10/2013 - 14:42:40 ---A- . (...) -- C:\Documents and Settings\Georges\Application Data\Mozilla\Firefox\Profiles\zuevwgzy.default-1382612695906\sessionstore.bak [8782]
O61 - LFC: 30/10/2013 - 14:42:40 ---A- . (...) -- C:\Documents and Settings\Georges\Application Data\Mozilla\Firefox\Profiles\zuevwgzy.default-1382612695906\sessionstore.js [27257]
O61 - LFC: 30/10/2013 - 14:42:40 ---A- . (...) -- C:\Documents and Settings\Georges\Application Data\Mozilla\Firefox\Profiles\zuevwgzy.default-1382612695906\urlclassifierkey3.txt [154]
O61 - LFC: 30/10/2013 - 14:42:40 ---A- . (...) -- C:\Documents and Settings\Georges\Application Data\Mozilla\Firefox\Profiles\zuevwgzy.default-1382612695906\webapps\webapps.json [2]
O61 - LFC: 30/10/2013 - 14:42:40 ---A- . (...) -- C:\Documents and Settings\Georges\Application Data\Mozilla\Firefox\Profiles\zuevwgzy.default-1382612695906\webappsstore.sqlite [131072]
O61 - LFC: 30/10/2013 - 14:42:40 ---A- . (...) -- C:\Documents and Settings\Georges\Application Data\Mozilla\Firefox\Profiles\zuevwgzy.default-1382612695906\webappsstore.sqlite-shm [32768]
O61 - LFC: 30/10/2013 - 14:42:40 ---A- . (...) -- C:\Documents and Settings\Georges\Application Data\Mozilla\Firefox\Profiles\zuevwgzy.default-1382612695906\webappsstore.sqlite-wal [524704]
O61 - LFC: 30/10/2013 - 14:43:10 ---A- . (...) -- C:\Documents and Settings\Georges\Application Data\ZHP\Log.txt [45511] =>.Nicolas Coolman
O61 - LFC: 30/10/2013 - 14:43:10 ---A- . (...) -- C:\Documents and Settings\Georges\Application Data\ZHP\TestsZHPDiag.txt [3366] =>.Nicolas Coolman
O61 - LFC: 30/10/2013 - 14:43:10 ---A- . (...) -- C:\Documents and Settings\Georges\Application Data\ZHP\ZHPDiag.txt [67136] =>.Nicolas Coolman
O61 - LFC: 30/10/2013 - 14:44:30 -SHA- . (...) -- C:\Documents and Settings\Georges\Bureau\CLUB PHOTO\Clich�s exo\pano manuel\Thumbs.db [22016]
O61 - LFC: 30/10/2013 - 14:48:44 ---A- . (...) -- C:\Documents and Settings\Georges\Bureau\ZHPDiag 30102013.txt [67136] =>.Nicolas Coolman
O61 - LFC: 30/10/2013 - 14:48:44 ---A- . (...) -- C:\Documents and Settings\Georges\Bureau\ZHPDiag\ZHPDiag.txt [67136] =>.Nicolas Coolman
O61 - LFC: 30/10/2013 - 14:48:44 ---A- . (...) -- C:\Documents and Settings\Georges\Bureau\ZHPDiag\ZHPScan.txt [130] =>.Nicolas Coolman
O61 - LFC: 30/10/2013 - 14:48:44 ---A- . (...) -- C:\Documents and Settings\Georges\Bureau\ZHPDiag\unins000.dat [4910] =>.Nicolas Coolman
O61 - LFC: 30/10/2013 - 14:48:44 ---A- . (...) -- C:\Documents and Settings\Georges\Bureau\ZHPDiag\unins000.exe [694736] =>.Nicolas Coolman
O61 - LFC: 30/10/2013 - 14:49:06 ---A- . (...) -- C:\Documents and Settings\Georges\Local Settings\Application Data\GoldenFrog\Dump Truck\DumpTruck.log.1 [26214289]
O61 - LFC: 30/10/2013 - 14:49:09 ---A- . (...) -- C:\Documents and Settings\Georges\Local Settings\Application Data\GoldenFrog\VyprVPN\VyprVpnConnectionDetail.dat [979]
O61 - LFC: 30/10/2013 - 14:55:17 ---A- . (...) -- C:\Documents and Settings\Georges\Local Settings\Application Data\Mozilla\Firefox\Profiles\zuevwgzy.default-1382612695906\safebrowsing\goog-malware-shavar.cache [12]
O61 - LFC: 30/10/2013 - 14:55:17 ---A- . (...) -- C:\Documents and Settings\Georges\Local Settings\Application Data\Mozilla\Firefox\Profiles\zuevwgzy.default-1382612695906\safebrowsing\goog-malware-shavar.pset [617164]
O61 - LFC: 30/10/2013 - 14:55:18 ---A- . (...) -- C:\Documents and Settings\Georges\Local Settings\Application Data\Mozilla\Firefox\Profiles\zuevwgzy.default-1382612695906\safebrowsing\goog-malware-shavar.sbstore [1605702]
O61 - LFC: 30/10/2013 - 14:55:18 ---A- . (...) -- C:\Documents and Settings\Georges\Local Settings\Application Data\Mozilla\Firefox\Profiles\zuevwgzy.default-1382612695906\safebrowsing\goog-phish-shavar.cache [12]
O61 - LFC: 30/10/2013 - 14:55:18 ---A- . (...) -- C:\Documents and Settings\Georges\Local Settings\Application Data\Mozilla\Firefox\Profiles\zuevwgzy.default-1382612695906\safebrowsing\goog-phish-shavar.pset [836658]
O61 - LFC: 30/10/2013 - 14:55:18 ---A- . (...) -- C:\Documents and Settings\Georges\Local Settings\Application Data\Mozilla\Firefox\Profiles\zuevwgzy.default-1382612695906\safebrowsing\goog-phish-shavar.sbstore [634119]
O61 - LFC: 30/10/2013 - 14:55:18 ---A- . (...) -- C:\Documents and Settings\Georges\Local Settings\Application Data\Mozilla\Firefox\Profiles\zuevwgzy.default-1382612695906\safebrowsing\test-malware-simple.cache [44]
O61 - LFC: 30/10/2013 - 14:55:18 ---A- . (...) -- C:\Documents and Settings\Georges\Local Settings\Application Data\Mozilla\Firefox\Profiles\zuevwgzy.default-1382612695906\safebrowsing\test-malware-simple.pset [16]
O61 - LFC: 30/10/2013 - 14:55:18 ---A- . (...) -- C:\Documents and Settings\Georges\Local Settings\Application Data\Mozilla\Firefox\Profiles\zuevwgzy.default-1382612695906\safebrowsing\test-malware-simple.sbstore [232]
O61 - LFC: 30/10/2013 - 14:55:18 ---A- . (...) -- C:\Documents and Settings\Georges\Local Settings\Application Data\Mozilla\Firefox\Profiles\zuevwgzy.default-1382612695906\safebrowsing\test-phish-simple.cache [44]
O61 - LFC: 30/10/2013 - 14:55:18 ---A- . (...) -- C:\Documents and Settings\Georges\Local Settings\Application Data\Mozilla\Firefox\Profiles\zuevwgzy.default-1382612695906\safebrowsing\test-phish-simple.pset [16]
O61 - LFC: 30/10/2013 - 14:55:18 ---A- . (...) -- C:\Documents and Settings\Georges\Local Settings\Application Data\Mozilla\Firefox\Profiles\zuevwgzy.default-1382612695906\safebrowsing\test-phish-simple.sbstore [232]
O61 - LFC: 30/10/2013 - 14:55:18 ---A- . (...) -- C:\Documents and Settings\Georges\Local Settings\Application Data\Mozilla\Firefox\Profiles\zuevwgzy.default-1382612695906\startupCache\startupCache.4.little [1290526]
O61 - LFC: 30/10/2013 - 14:55:19 ---A- . (...) -- C:\Documents and Settings\Georges\Local Settings\Application Data\Mozilla\Firefox\Profiles\zuevwgzy.default-1382612695906\_CACHE_CLEAN_ [1]
O61 - LFC: 30/10/2013 - 14:56:37 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\AdwCleaner[26oct13].lnk [539]
O61 - LFC: 30/10/2013 - 14:56:37 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\Bonjour Mme Blanchet.lnk [425]
O61 - LFC: 30/10/2013 - 14:56:37 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\CLUB PHOTO.lnk [388]
O61 - LFC: 30/10/2013 - 14:56:37 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\alerte 30oct13 14h00.lnk [460]
O61 - LFC: 30/10/2013 - 14:56:38 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\CS4 CS6.lnk [479]
O61 - LFC: 30/10/2013 - 14:56:38 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\Fiche saisie.lnk [496]
O61 - LFC: 30/10/2013 - 14:56:40 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\lettre r�glement.lnk [704]
O61 - LFC: 30/10/2013 - 14:56:40 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\mbr.lnk [553]
O61 - LFC: 30/10/2013 - 14:56:41 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\Pr�sentation 2DM.lnk [647]
O61 - LFC: 30/10/2013 - 14:56:41 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\pano manuel.lnk [600]
O61 - LFC: 30/10/2013 - 14:56:41 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\peintures exr�rieures.lnk [479]
O61 - LFC: 30/10/2013 - 14:56:41 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\projet 4(1).lnk [622]
O61 - LFC: 30/10/2013 - 14:56:42 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\Technic manuelle pour un panoramique (3).lnk [1012]
O61 - LFC: 30/10/2013 - 14:56:42 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\ZHPDiag (2).lnk [371] =>.Nicolas Coolman
O61 - LFC: 30/10/2013 - 14:56:42 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\ZHPDiag 30102013.lnk [524] =>.Nicolas Coolman
O61 - LFC: 30/10/2013 - 14:56:42 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\ZHPDiag.lnk [577] =>.Nicolas Coolman
O61 - LFC: 30/10/2013 - 14:56:42 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\ZHPScan.lnk [577] =>.Nicolas Coolman
O61 - LFC: 30/10/2013 - 14:56:42 ---A- . (...) -- C:\Documents and Settings\Georges\Recent\soso carlos.lnk [270]
~ 5 Fichiers temporaires (Temporary files)
~ 30 Fichiers cookies (Cookies files)
~ Files: 7258 Legitimates Filtered in 19mn 02s



---\\ Liste des outils de d�sinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
O63 - Logiciel: OTL - (.OldTimer.)
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 08/10/2013 - C:\Program Files\Java\jre7\bin\jqs.exe (JavaQuickStarterService) .(.Oracle Corporation - Java Quick Starter Service.) - LEGACY_JAVAQUICKSTARTERSERVICE
~ Legacy: 153 Legitimates Filtered in 00mn 05s



---\\ Menu de d�marrage Internet (SMI) (O68)
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://www.bing.com
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://search.live.com
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://search.live.com
~ Keys: Scanned in 00mn 00s



---\\ Enum�re les fichiers Crack & Keygen (CKF) (O82)
E:\download\torrent\PDF.Converter.Elite.v3.0.9.WinAll.Incl.Keygen.rar
~ Files: Scanned in 02mn 25s



---\\ Enum�re les service demarr�s par Svchost (SSS) (O83)
O83 - Search Svchost Services: ezGOSvc (ezGOSvc) . (...) -- C:\WINDOWS\system32\ezGOSvc.dll [73600]
~ Services: 42 Legitimates Filtered in 00mn 02s



---\\ Recherche particuli�re � la racine du syst�me (SPRF) (O84)
[MD5.8E12A255EA67BF3D063347E21C4B8B92] [SPRF][05/05/2013] (...) -- C:\Documents and Settings\Georges\Local Settings\Application Data\fusioncache.dat [130]
[MD5.6751276A1CF4B64BD0918139805BC93D] [SPRF][21/04/2000] (...) -- C:\Documents and Settings\Georges\Bureau\Morbak.exe [1179648]
[MD5.F9F5BA4390F1F0DD21B7C935C0E322B0] [SPRF][18/03/2013] (...) -- C:\Documents and Settings\Georges\Bureau\vidange memoire cache.bat [64]
[MD5.0D83748AE2E5684682201DFBBE92F0FB] [SPRF][20/09/2013] (...) -- C:\Program Files\setup.exe [475136]
~ Files: 8 Legitimates Filtered in 00mn 04s



---\\ Enum�re les codes produits des logiciels (PUC) (O90)
O90 - PUC: "86DA14F42F9826243AC2F2070BF1ECE9" . (.Photo Story 3 for Windows.) -- C:\WINDOWS\Installer\{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}\PhotoStory3_ICON
O90 - PUC: "EBD9F446BDECFA54CA8B2E66297BF426" . (.Easy CD & DVD Creator 6.) -- C:\WINDOWS\Installer\{644F9DBE-CEDB-45AF-ACB8-E26692B74F62}\KK.exe
~ Update Products: 78 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.A574A17D423D63A0F4C71BB39E19BABD] [WIS][29/01/2012] (.NAVTEQ North America, LLC - peugeotalertzone.air.) -- C:\Windows\Installer\3876c46.msi [25600]
[MD5.6E6F7B92373A535F537F2C81A3A04A27] [WIS][05/01/2011] (.Spigot, Inc. - Widgi Toolbar.) -- C:\Windows\Installer\603c34.msi [1015296] =>PUP.Dealio
~ WIS: 81 Legitimates Filtered in 00mn 11s



---\\ Etat g�n�ral des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 09/10/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 10/09/2013 84024 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SR - | Auto 10/09/2013 108088 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 21/12/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SS - | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Auto 13/01/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 13/01/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 03/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
SR - | Auto 05/04/2010 116104 | (IJPLMSVC) . (...) - C:\Program Files\Canon\IJPLM\IJPLMSVC.exe
SR - | Demand 16/08/2013 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 08/10/2013 182696 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe
SS - | Auto 18/04/2003 8192 | (KMService) . (...) - C:\WINDOWS\system32\srvany.exe =>Hijacker.Office
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Demand 01/10/2013 118680 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 03/05/2008 159812 | (NVSvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvsvc32.exe
SS - | Demand 08/12/2010 628736 | (ServiceLayer) . (.Nokia.) - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
SR - | Auto 13/08/2012 3064000 | (Skype C2C Service) . (.Skype Technologies S.A..) - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
SS - | Auto 13/07/2012 160944 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SR - | Auto 22/03/2013 93072 | (TomTomHOMEService) . (.TomTom.) - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
~ Services: Scanned in 00mn 14s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Georges at 30/10/2013 14:59:44

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS
1 nt!IofCallDriver[0x804E3735] >> \Device\Harddisk0\DR0[0x8A0EEAB8]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 13 Legitimates Filtered in 00mn 02s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Georges at 30/10/2013 14:59:46

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : 12960 - (28/10/2013)
Cl�s trouv�es (Keys found) : 13
Valeurs trouv�es (Values found) : 0
Dossiers trouv�s (Folders found) : 3
Fichiers trouv�s (Files found) : 1

[HKLM\SYSTEM\CurrentControlSet\Services\KMService] =>Hijacker.Office^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{18A45548-C341-4945-ABAE-8B63C34777BE}] =>PUP.OfferWare^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B1BFDF6B-3C03-46fe-B5D7-BABB0063D8E0}] =>PUP.Dealio
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A65E491F-A436-4952-B49A-B24ED99A0F67}] =>Toolbar.TomsGuide
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A65E491F-A436-4952-B49A-B24ED99A0F67}] =>Toolbar.TomsGuide
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536] =>PUP.SweetIM^
C:\Documents and Settings\Georges\Local Settings\Application Data\AppsHat Mobile Apps =>Adware.MegaSearch^
C:\Documents and Settings\Georges\Menu D�marrer\Programmes\AppsHat =>Adware.MegaSearch^
C:\Documents and Settings\All Users\Application Data\InstallMate =>PUP.Tarma
C:\Windows\Installer\603c34.msi =>PUP.Dealio^
~ Additionnel Scan: 302807 Items scanned in 00mn 37s



---\\ R�capitulatif des d�tections trouv�es sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/29626487-hijacker-office =>Hijacker.Office
~ http://nicolascoolman.webs.com/apps/blog/show/27332348-pup-offerware =>PUP.Offerware
~ http://nicolascoolman.webs.com/apps/blog/show/26919368-adware-megasearch =>Adware.MegaSearch
~ http://nicolascoolman.webs.com/apps/blog/show/27443462-pup-dealio =>PUP.Dealio
~ http://nicolascoolman.webs.com/apps/blog/show/30898245-toolbar-skype =>Toolbar.Skype
~ http://nicolascoolman.webs.com/apps/blog/show/30268689-toolbar-yahoo =>Toolbar.Yahoo
~ http://nicolascoolman.webs.com/apps/blog/show/30923720-toolbar-tomsguide =>Toolbar.Tarma
~ http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim =>PUP.SweetIM
~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma
~ MSI: 9 link(s) detected in 00mn 38s



~ 8533 Legitimates filtered by white list
End of the scan (763 lines in 28mn 25s)(1)

Publicité


Signaler le contenu de ce document

Publicité