cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2013.10.24.63 - Nicolas Coolman (24/10/2013)
~ Lanc� par NIZAR (25/10/2013 14:22:56)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance � la d�sinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activ�e par le programme
~ El�vation des Privil�ges : OK
~ User Account Control (UAC): Not Found


---\\ Navigateurs Internet
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox 24.0 (Defaut)
GCIE: Google Chrome v30.0.1599.101

---\\ Informations sur les produits Windows
~ Langage: Fran�ais
Windows XP Professional Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK

---\\ Logiciels de protection du syst�me
avast! Free Antivirus v8.0.1497.0
Malwarebytes Anti-Malware version 1.75.0.1300

---\\ Logiciels d'optimisation du syst�me
CCleaner =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.5 - Fran�ais

---\\ Informations sur le syst�me
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2046 MB (56% free)
System Restore: Activ� (Enable)
System drive C: has 24 GB (48%) free of 49 GB

---\\ Mode de connexion au syst�me
~ Computer Name: NIZAR-242C62AF7
~ User Name: NIZAR
~ All Users Names: SUPPORT_388945a0, NIZAR, HelpAssistant, ASPNET, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\NIZAR\Application Data\ZHP\
~ %AppData% : C:\Documents and Settings\NIZAR\Application Data\
~ %Desktop% : C:\Documents and Settings\NIZAR\Bureau\
~ %Favorites% : C:\Documents and Settings\NIZAR\Favoris\
~ %LocalAppData% : C:\Documents and Settings\NIZAR\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\NIZAR\Menu D�marrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enum�ration des unit�s disques
C: Hard drive, Flash drive, Thumb drive (Free 24 Go of 49 Go)
D: Hard drive, Flash drive, Thumb drive (Free 49 Go of 49 Go)
E: Hard drive, Flash drive, Thumb drive (Free 134 Go of 135 Go)
F: CD-ROM drive (Not Inserted)
G: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de S�curit� Windows
~ Security Center: 44 Legitimates Filtered in 00mn 00s



---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 - 20:00:00.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.EA7AB3839BE1FFE067A8131F3547160D] - (.Microsoft Corporation - Internet Extensions for Win32.) (.08/08/2013 - 07:05:46.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14/04/2008 - 20:00:00.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.F6B7B1ECD7B41736BDB6FF4B092BCB79] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:41:46.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 10:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/04/2008 - 20:00:00.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/04/2008 - 20:00:00.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.14/04/2008 - 20:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.14/04/2008 - 20:00:00.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.13/04/2008 - 18:00:54.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.14/04/2008 - 20:00:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.14/04/2008 - 20:00:00.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.14/04/2008 - 20:00:00.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.FB2FCCC70F7174C7BF64F48E96D3ADF4] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:35.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [457856]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.14/04/2008 - 20:00:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.14/04/2008 - 20:00:00.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parall�le.) (.30/04/2010 - 03:30:42.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/04/2008 - 20:00:00.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 10:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.13/04/2008 - 18:57:36.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.14/04/2008 - 20:00:00.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 2/22
~ Mes musiques (My Musics) : 1/2
~ Mes Favoris (My Favorites) : 1/54
~ Mes Documents (My Documents) : 1/772
~ Mon Bureau (My Desktop) : 0/230
~ Menu demarrer (Programs) : 1/49
~ Hidden Files: Scanned in 00mn 02s



---\\ Processus lanc�s
[MD5.A10E4AE69C81B4EBF0096CF867133D6F] - (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) -- C:\WINDOWS\system32\Ati2evxx.exe [643072] [PID.1720]
[MD5.CFD6492787854E0AECD6BBA59717E9BA] - (.Intel(R) Corporation - Intel(R) Wireless Management Service.) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [882960] [PID.260]
[MD5.9330941C8F6DF417F6DBBE998DB6687E] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808] [PID.928]
[MD5.A3E3552E9E99E9A690A12A25973EF30A] - (.Atheros - ACS.) -- C:\WINDOWS\system32\acs.exe [364629] [PID.1084]
[MD5.39E435C90C9C4F780FA0ED05CA3C3A1B] - (.Agere Systems - Agere Soft Modem Call Progress Service.) -- C:\WINDOWS\system32\agrsmsvc.exe [9216] [PID.1136]
[MD5.830EC44BB7A1331EB69B682F0AC0CA51] - (.Intel(R) Corporation - Intel(R) PROSet/Wireless Event Log Service.) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe [866576] [PID.1164]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.1360]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.1948]
[MD5.9D84376931440F3679BEEF2A414FA493] - (.HP - PML Driver.) -- C:\WINDOWS\system32\HPZipm12.exe [69632] [PID.2040]
[MD5.9A6FA65DBF980A44CD3B26D63A15DC23] - (.Intel(R) Corporation - Intel(R) PROSet/Wireless Registry Service.) -- C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe [481552] [PID.220]
[MD5.2A99850C2A6EDD6C6602E822C716EDAF] - (.Skype Technologies S.A. - Skype C2C Service.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3048136] [PID.320]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\WINDOWS\system32\wuauclt.exe [53784] [PID.1888]
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2436]
[MD5.8FEB26F6EF2761C125555D31D788147A] - (.Atheros Communications, Inc. - Atheros Client Utility.) -- C:\Program Files\Atheros\ACU.exe [372825] [PID.3240]
[MD5.F2BA7E3DBDB540D617A721CBDD7C7AAC] - (.Intel(R) Corporation - Intel(R) PROSet/Wireless Zero Config Servic.) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [1407248] [PID.3256]
[MD5.360B47C7FBA6CAA88F69F775196A7121] - (.Intel(R) Corporation - Intel(R) PROSet/Wireless Framework.) -- C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe [1210640] [PID.3296]
[MD5.4F2B6D05AFC4F680DFC2392EDA749493] - (.Applian Technologies, Inc. - FLV Service for Freecorder.) -- C:\Program Files\Freecorder\FLVSrvc.exe [167936] [PID.3312] =>Riskware.Movly
[MD5.C59AF329C486FD196315D510A57637E7] - (.Logitech Inc. - Logitech Launcher Application.) -- C:\WINDOWS\Logi_MwX.exe [19968] [PID.3336]
[MD5.E6DEED311D830678E1A0B4889F3C2F0E] - (.UASSOFT.COM - DRIVER AUTORUN.) -- C:\Program Files\Multimedia Mouse Driver\V5\StartAutorun.exe [212992] [PID.688]
[MD5.E558CDE2913DAA077D4E25732D1AA176] - (.Hewlett-Packard Company - hpwuSchd.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152] [PID.3512]
[MD5.053B2F7FA7BB1BE106D21844FA4AAD39] - (.UASSOFT.COM - USB Keyboard And PS/2 Keyboard Driver.) -- C:\Program Files\Multimedia Mouse Driver\V5\KMConfig.exe [1470464] [PID.3556]
[MD5.BB1F9614D427716D0D9E9FEFC34CC9A4] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1434920] [PID.1228]
[MD5.CBC7D8E5416AD30CF16DC2FD4A6AA399] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968] [PID.3596]
[MD5.12401502481540DE194408F8CE71C5F3] - (.UASSOFT.COM - Keyboard And Mouse Processing.) -- C:\Program Files\Multimedia Mouse Driver\V5\KMProcess.exe [561152] [PID.2320]
[MD5.FDA92FDAFFEDBDD3741FDDF9D82C69DF] - (.Synaptics Incorporated - Toshiba Custom PlugIn Application.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe [210216] [PID.2340]
[MD5.F7A01E608EDEB9BA5AEA26D1040DA7B7] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe [20143688] [PID.3080]
[MD5.CAD76DEE2311C5FFF840A2EB7B058143] - (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [6158240] [PID.2152]
[MD5.7E4AD8220AF0B281274F9785DD53E25C] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [18642024] [PID.3476]
[MD5.C519CEC624CF9BCBA3059F32266C8FFF] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [258048] [PID.3604]
[MD5.31484C04CCB0D25EB69CF49FC8C38F47] - (.Uniblue Systems Limited - Uniblue PowerSuite.) -- C:\Program Files\Uniblue\PowerSuite\powersuite.exe [56160] [PID.3944]
[MD5.6B2B9B46D7DA5C67397412DEA6CF9A14] - (.Hewlett-Packard Co. - Pas de description.) -- C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe [425984] [PID.3872]
[MD5.B93FFCF1D42AE4613CDFF7450F7D4199] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8128512] [PID.1060]
~ Processes Running: Scanned in 00mn 02s



---\\ Google Chrome, D�marrage,Recherche,Extensions (G0,G1,G2)
C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 13 Legitimates Filtered in 00mn 22s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\prefs.js
~ Firefox Browser: 15 Legitimates Filtered in 00mn 03s



---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main,Start Page = http://allssearch.com =>Adware.SocialSkinz
~ IE Browser: 12 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: avast! WebRep - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Program [AllUsers]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [AllUsers]: Pidgin.lnk . (.The Pidgin developer community - Pidgin.) -- C:\Program Files\Pidgin\pidgin.exe
O4 - GS\Program [NIZAR]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe
~ Global Startup: 11 Legitimates Filtered in 00mn 00s



---\\ Applications lanc�es au d�marrage du syt�me (O4)
O4 - GS\Program [AllUsers]: D�marrage rapide du logiciel HP Image Zone.lnk . (.Hewlett-Packard Co. - HP Image Zone.) -- C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - GS\Program [AllUsers]: HP Digital Imaging Monitor.lnk . (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [ACU] . (.Atheros Communications, Inc. - Atheros Client Utility.) -- C:\Program Files\Atheros\ACU.exe
O4 - HKLM\..\Run: [IntelZeroConfig] . (.Intel(R) Corporation - Intel(R) PROSet/Wireless Zero Config Servic.) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] . (.Intel(R) Corporation - Intel(R) PROSet/Wireless Framework.) -- C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe
O4 - HKLM\..\Run: [Freecorder FLV Service] . (.Applian Technologies, Inc. - FLV Service for Freecorder.) -- C:\Program Files\Freecorder\FLVSrvc.exe =>Riskware.Movly
O4 - HKLM\..\Run: [Logitech Utility] . (.Logitech Inc. - Logitech Launcher Application.) -- C:\WINDOWS\Logi_MwX.exe
O4 - HKLM\..\Run: [KMConfig] . (.UASSOFT.COM - DRIVER AUTORUN.) -- C:\Program Files\Multimedia Mouse Driver\V5\StartAutorun.exe
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard Company - hpwuSchd.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [KernelFaultCheck] Cl� orpheline
O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSHIBA Online Product Information] . (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe =>.Toshiba Corporation
O4 - HKCU\..\Run: [PowerSuite] . (.Uniblue Systems Limited - Uniblue Launcher.) -- C:\Program Files\Uniblue\PowerSuite\Launcher.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] . (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe =>.Toshiba Corporation
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-1060284298-2000478354-1177238915-1003\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1060284298-2000478354-1177238915-1003\..\Run: [TOSHIBA Online Product Information] . (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe =>.Toshiba Corporation
O4 - HKUS\S-1-5-21-1060284298-2000478354-1177238915-1003\..\Run: [PowerSuite] . (.Uniblue Systems Limited - Uniblue Launcher.) -- C:\Program Files\Uniblue\PowerSuite\Launcher.exe
O4 - HKUS\S-1-5-21-1060284298-2000478354-1177238915-1003\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-1060284298-2000478354-1177238915-1003\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
~ Application: Scanned in 00mn 00s



---\\ Boutons situ�s sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer � OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Cl� orpheline
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 01s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} ((no name)) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ((no name)) - http://www.ma-config.com/plugins/MaConfig_5_1_4_1.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F488543-D9E5-4869-B0EC-2A4503D7541F}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{32A5298E-49EC-4765-84E8-301CAD3F0FE1}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F488543-D9E5-4869-B0EC-2A4503D7541F}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\..\{32A5298E-49EC-4765-84E8-301CAD3F0FE1}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F488543-D9E5-4869-B0EC-2A4503D7541F}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{32A5298E-49EC-4765-84E8-301CAD3F0FE1}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F488543-D9E5-4869-B0EC-2A4503D7541F}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{32A5298E-49EC-4765-84E8-301CAD3F0FE1}: DhcpDomain = lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{32A5298E-49EC-4765-84E8-301CAD3F0FE1}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{32A5298E-49EC-4765-84E8-301CAD3F0FE1}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. - ATI External Event Utility DLL Module.) -- C:\WINDOWS\system32\Ati2evxx.dll
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent r�seau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notifications Windows Genuine Advantage.) -- C:\WINDOWS\system32\WgaLogon.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: Intel(R) PROSet/Wireless Registry Servic (RegSrvc) . (.Intel(R) Corporation - Intel(R) PROSet/Wireless Registry Service.) - C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe
~ Services: 13 Legitimates Filtered in 00mn 29s



---\\ Enum�ration Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\WINDOWS\web\wallpaper\Colline verdoyante.bmp
O24 - Desktop General: WallPaper - .(...) - C:\WINDOWS\web\wallpaper\Colline verdoyante.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Composants install�s (ActiveSetup Installed Components) (O40)
O40 - ASIC: Installed Component - S-1-5-21-1060284298-2000478354-1177238915-1003 - >{X9B49E34-C7CC-11D0-8953-00A0C90347FF} -- Not Hexad�cimal CLSID
~ Active Setup: 21 Legitimates Filtered in 00mn 00s



---\\ Logiciels install�s (O42)
O42 - Logiciel: Multimedia Mouse Driver - (.Nom de votre soci�t�.) [HKLM] -- InstallShield_{A9495514-098A-4869-A464-C455857BC464}
~ Logic: 87 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 25/06/2012 - 11:07:58 - [6,302] ----D C:\Program Files\Multimedia Mouse Driver
O43 - CFD: 25/06/2012 - 17:46:32 - [6,416] ----D C:\Program Files\Resource Center
O43 - CFD: 15/04/2013 - 10:37:43 - [0,002] ----D C:\Documents and Settings\NIZAR\Menu D�marrer\Programmes\Jeux
O43 - CFD: 25/06/2012 - 11:08:00 - [0,003] ----D C:\Documents and Settings\NIZAR\Menu D�marrer\Programmes\Multimedia Mouse Driver
~ Program Folder: 159 Legitimates Filtered in 05mn 15s



---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.1F1854370ED389CDFECB7979691BF713] - 20/10/2013 - 19:07:55 ---A- . (...) -- C:\WINDOWS\wmsetup.log [808]
O44 - LFC:[MD5.A2F762B4ED9B9738EBB503E7BBB625BE] - 25/10/2013 - 14:13:49 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.E6103A08511437D982110482F21E3E75] - 25/10/2013 - 14:13:49 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
~ Files: 15 Legitimates Filtered in 00mn 07s



---\\ Derniers fichiers cr��s dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.3766773C577F25D9711975272E1F06E0] - 25/10/2013 - 10:42:49 ---A- - C:\WINDOWS\Prefetch\KMPROCESS.EXE-0015E811.pf
O45 - LFCP:[MD5.93760E43862F0727B70727F5D81B8E7C] - 25/10/2013 - 14:09:05 ---A- - C:\WINDOWS\Prefetch\_IU14D2N.TMP-23F5C677.pf
O45 - LFCP:[MD5.D1A0AD3C3D2C02100D767D9B35CD34B0] - 25/10/2013 - 14:14:51 ---A- - C:\WINDOWS\Prefetch\ACU.EXE-16EFBB5A.pf
O45 - LFCP:[MD5.EF6EC00A781B9BDD7423CC0E38FF7029] - 25/10/2013 - 14:14:51 ---A- - C:\WINDOWS\Prefetch\FLVSRVC.EXE-0B427F11.pf
O45 - LFCP:[MD5.5C2937B00CD44C4A8306A6365DC9FB60] - 25/10/2013 - 14:14:51 ---A- - C:\WINDOWS\Prefetch\IWRAP.EXE-082C3803.pf
O45 - LFCP:[MD5.27D525AE52EF138788DCA07CD600BD33] - 25/10/2013 - 14:14:51 ---A- - C:\WINDOWS\Prefetch\KMCONFIG.EXE-1DFBC3B8.pf
O45 - LFCP:[MD5.9C55D6D8E4A0DCC3095CA328580C2ACD] - 25/10/2013 - 14:14:51 ---A- - C:\WINDOWS\Prefetch\LOGI_MWX.EXE-1B741F45.pf
O45 - LFCP:[MD5.38EEA7833BB4767B59657B83247FC8DD] - 25/10/2013 - 14:14:51 ---A- - C:\WINDOWS\Prefetch\STARTAUTORUN.EXE-343856AD.pf
O45 - LFCP:[MD5.1A5918899B41508DF80B502A1830D376] - 25/10/2013 - 14:14:58 ---A- - C:\WINDOWS\Prefetch\ICRDCLL.EXE-23A46A26.pf
O45 - LFCP:[MD5.0CFC86736359BC976B7A6D8D0BDA3895] - 25/10/2013 - 14:15:34 ---A- - C:\WINDOWS\Prefetch\HPQTHB08.EXE-060DCF16.pf
O45 - LFCP:[MD5.7300E039FD913BF185C53FC98A3CFB60] - 25/10/2013 - 14:15:44 ---A- - C:\WINDOWS\Prefetch\POWERSUITE.EXE-1B9B2189.pf
O45 - LFCP:[MD5.FF32B633EF720FB1DE30490F01DD14A1] - 25/10/2013 - 14:16:14 ---A- - C:\WINDOWS\Prefetch\HPQGALRY.EXE-07140C25.pf
~ Prefetcher: 70 Legitimates Filtered in 00mn 00s



---\\ Export de cl� d'application autoris�e (O47)
O47 - AAKE:Key Export SP - "C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" [Enabled] .(.Google.) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
~ Keys Export: 11 Legitimates Filtered in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s



---\\ Cl� de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{ed733af2-033b-11e1-a85e-001b777d3f9a}\AutoRun\command. (...) -- G:\.\Setup.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Liste des pilotes du syst�me (SDL) (O58)
O58 - SDL:[MD5.FA72FA503F580C3C628DD8C7D7622E37] - 30/08/2013 - 08:48:12 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswRvrt.sys [49376]
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 14/04/2008 - 20:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
~ Drivers: 7 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifi�s ou cr�es (Utilisateur) (O61)
O61 - LFC: 22/10/2013 - 14:29:48 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\bookmarkbackups\bookmarks-2013-10-22.json [12039]
O61 - LFC: 22/10/2013 - 14:29:58 -SHA- . (...) -- C:\Documents and Settings\NIZAR\Bureau\mer zarzis\Thumbs.db [119808]
O61 - LFC: 22/10/2013 - 14:30:22 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.tribalistan.com_0.localstorage [3072]
O61 - LFC: 22/10/2013 - 14:30:22 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.tribalistan.com_0.localstorage-journal [3608]
O61 - LFC: 22/10/2013 - 14:30:22 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Network Action Predictor [52224]
O61 - LFC: 22/10/2013 - 14:30:22 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Network Action Predictor-journal [16384]
O61 - LFC: 22/10/2013 - 14:30:22 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Shortcuts [12288]
O61 - LFC: 22/10/2013 - 14:30:22 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Shortcuts-journal [12824]
O61 - LFC: 22/10/2013 - 14:30:25 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb [1134592]
O61 - LFC: 22/10/2013 - 14:30:25 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Microsoft\Media Player\lastplayed.wpl [467]
O61 - LFC: 23/10/2013 - 14:29:44 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Microsoft\.NET Framework Config\v1.0.5000.0\settings.xml [78]
O61 - LFC: 23/10/2013 - 14:29:48 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\bookmarkbackups\bookmarks-2013-10-23.json [12039]
O61 - LFC: 23/10/2013 - 14:29:57 ---A- . (.Whilokii.) -- C:\Documents and Settings\NIZAR\Application Data\ZHP\Quarantine\Whilokii.DIR\bin\plugins\Whilokii.FFUpdate.dll [399640] =>PUP.Whilokii
O61 - LFC: 23/10/2013 - 14:29:57 ---A- . (.Whilokii.) -- C:\Documents and Settings\NIZAR\Application Data\ZHP\Quarantine\Whilokii.DIR\bin\plugins\Whilokii.IEUpdate.dll [76568] =>PUP.Whilokii
O61 - LFC: 23/10/2013 - 14:30:21 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_support.google.com_0.localstorage [3072]
O61 - LFC: 23/10/2013 - 14:30:21 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_support.google.com_0.localstorage-journal [3608]
O61 - LFC: 23/10/2013 - 14:30:21 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_www.google.tn_0.localstorage [3072]
O61 - LFC: 23/10/2013 - 14:30:21 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_www.google.tn_0.localstorage-journal [3608]
O61 - LFC: 23/10/2013 - 14:30:22 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Origin Bound Certs [18432]
O61 - LFC: 23/10/2013 - 14:30:22 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Origin Bound Certs-journal [3608]
O61 - LFC: 24/10/2013 - 14:29:47 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Microsoft\Windows\Themes\Custom.theme [7646]
O61 - LFC: 24/10/2013 - 14:29:48 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\addons.sqlite [524288]
O61 - LFC: 24/10/2013 - 14:29:48 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\addons.sqlite-journal [295496]
O61 - LFC: 24/10/2013 - 14:29:48 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\blocklist.xml [81840]
O61 - LFC: 24/10/2013 - 14:29:48 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\bookmarkbackups\bookmarks-2013-10-24.json [12039]
O61 - LFC: 24/10/2013 - 14:29:48 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\content-prefs.sqlite [229376]
O61 - LFC: 24/10/2013 - 14:29:48 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\downloads.sqlite [98304]
O61 - LFC: 24/10/2013 - 14:29:48 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\extensions.sqlite [458752]
O61 - LFC: 24/10/2013 - 14:29:48 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\extensions.sqlite-journal [229944]
O61 - LFC: 24/10/2013 - 14:29:49 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\permissions.sqlite [1736704]
O61 - LFC: 24/10/2013 - 14:29:49 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\search-metadata.json [552]
O61 - LFC: 24/10/2013 - 14:29:49 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\search.json [11938]
O61 - LFC: 24/10/2013 - 14:29:49 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\signons.sqlite [327680]
O61 - LFC: 24/10/2013 - 14:29:55 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\ZHP\Quarantine\BitGuard.DIR\2.6.1694.246\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.settings [47132] =>PUP.BitGuard
O61 - LFC: 24/10/2013 - 14:29:55 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\ZHP\Quarantine\BitGuard.DIR\2.6.1694.246\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl [8081] =>PUP.BitGuard
O61 - LFC: 24/10/2013 - 14:29:55 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\ZHP\Quarantine\BitGuard.DIR\2.6.1694.246\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\dm [31009] =>PUP.BitGuard
O61 - LFC: 24/10/2013 - 14:29:55 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\ZHP\Quarantine\BitGuard.DIR\2.6.1694.246\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\00 [8] =>PUP.BitGuard
O61 - LFC: 24/10/2013 - 14:29:55 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\ZHP\Quarantine\BitGuard.DIR\2.6.1694.246\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\01 [8] =>PUP.BitGuard
O61 - LFC: 24/10/2013 - 14:29:55 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\ZHP\Quarantine\BitGuard.DIR\2.6.1694.246\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\02 [8] =>PUP.BitGuard
O61 - LFC: 24/10/2013 - 14:29:55 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\ZHP\Quarantine\BitGuard.DIR\2.6.1694.246\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\03 [8] =>PUP.BitGuard
O61 - LFC: 24/10/2013 - 14:29:55 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\ZHP\Quarantine\BitGuard.DIR\2.6.1694.246\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\10 [8] =>PUP.BitGuard
O61 - LFC: 24/10/2013 - 14:29:55 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\ZHP\Quarantine\BitGuard.DIR\2.6.1694.246\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\11 [8] =>PUP.BitGuard
O61 - LFC: 24/10/2013 - 14:29:55 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\ZHP\Quarantine\BitGuard.DIR\2.6.1694.246\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\12 [8] =>PUP.BitGuard
O61 - LFC: 24/10/2013 - 14:29:55 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\ZHP\Quarantine\BitGuard.DIR\2.6.1694.246\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\13 [8] =>PUP.BitGuard
O61 - LFC: 24/10/2013 - 14:29:55 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\ZHP\Quarantine\BitGuard.DIR\2.6.1694.246\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\20 [8] =>PUP.BitGuard
O61 - LFC: 24/10/2013 - 14:29:55 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\ZHP\Quarantine\BitGuard.DIR\2.6.1694.246\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\21 [8] =>PUP.BitGuard
O61 - LFC: 24/10/2013 - 14:29:55 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\ZHP\Quarantine\BitGuard.DIR\2.6.1694.246\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\22 [8] =>PUP.BitGuard
O61 - LFC: 24/10/2013 - 14:29:55 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\ZHP\Quarantine\BitGuard.DIR\2.6.1694.246\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\23 [8] =>PUP.BitGuard
O61 - LFC: 24/10/2013 - 14:29:55 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\ZHP\Quarantine\BitGuard.DIR\BitGuard\2.6.1694.246\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.settings [47132] =>PUP.BitGuard
O61 - LFC: 24/10/2013 - 14:29:55 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\ZHP\Quarantine\BitGuard.DIR\BitGuard\2.6.1694.246\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl [8081] =>PUP.BitGuard
O61 - LFC: 24/10/2013 - 14:29:55 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\ZHP\Quarantine\BitGuard.DIR\BitGuard\2.6.1694.246\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\dm [31009] =>PUP.BitGuard
O61 - LFC: 24/10/2013 - 14:29:55 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\ZHP\Quarantine\BitGuard.DIR\BitGuard\2.6.1694.246\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\00 [8] =>PUP.BitGuard
O61 - LFC: 24/10/2013 - 14:29:55 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\ZHP\Quarantine\BitGuard.DIR\BitGuard\2.6.1694.246\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\01 [8] =>PUP.BitGuard
O61 - LFC: 24/10/2013 - 14:29:55 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\ZHP\Quarantine\BitGuard.DIR\BitGuard\2.6.1694.246\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\02 [8] =>PUP.BitGuard
O61 - LFC: 24/10/2013 - 14:29:55 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\ZHP\Quarantine\BitGuard.DIR\BitGuard\2.6.1694.246\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\03 [8] =>PUP.BitGuard
O61 - LFC: 24/10/2013 - 14:29:55 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\ZHP\Quarantine\BitGuard.DIR\BitGuard\2.6.1694.246\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\10 [8] =>PUP.BitGuard
O61 - LFC: 24/10/2013 - 14:29:55 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\ZHP\Quarantine\BitGuard.DIR\BitGuard\2.6.1694.246\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\11 [8] =>PUP.BitGuard
O61 - LFC: 24/10/2013 - 14:29:55 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\ZHP\Quarantine\BitGuard.DIR\BitGuard\2.6.1694.246\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\12 [8] =>PUP.BitGuard
O61 - LFC: 24/10/2013 - 14:29:55 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\ZHP\Quarantine\BitGuard.DIR\BitGuard\2.6.1694.246\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\13 [8] =>PUP.BitGuard
O61 - LFC: 24/10/2013 - 14:29:55 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\ZHP\Quarantine\BitGuard.DIR\BitGuard\2.6.1694.246\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\20 [8] =>PUP.BitGuard
O61 - LFC: 24/10/2013 - 14:29:55 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\ZHP\Quarantine\BitGuard.DIR\BitGuard\2.6.1694.246\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\21 [8] =>PUP.BitGuard
O61 - LFC: 24/10/2013 - 14:29:55 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\ZHP\Quarantine\BitGuard.DIR\BitGuard\2.6.1694.246\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\22 [8] =>PUP.BitGuard
O61 - LFC: 24/10/2013 - 14:29:55 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\ZHP\Quarantine\BitGuard.DIR\BitGuard\2.6.1694.246\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\23 [8] =>PUP.BitGuard
O61 - LFC: 24/10/2013 - 14:29:57 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\ZHP\ZHPDiag.txt [86563] =>.Nicolas Coolman
O61 - LFC: 24/10/2013 - 14:29:57 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\ZHP\ZHPFixQuarantine.txt [3864] =>.Nicolas Coolman
O61 - LFC: 24/10/2013 - 14:29:57 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\ZHP\ZHPFix[R1].txt [5347] =>.Nicolas Coolman
O61 - LFC: 24/10/2013 - 14:29:57 ---A- . (...) -- C:\Documents and Settings\NIZAR\Bureau\AdwCleaner[S0].txt [14592]
O61 - LFC: 24/10/2013 - 14:29:57 ---A- . (...) -- C:\Documents and Settings\NIZAR\Bureau\lien.txt [120]
O61 - LFC: 24/10/2013 - 14:29:59 ---A- . (...) -- C:\Documents and Settings\NIZAR\Bureau\modem\octobre 2013\24 10 2013 �14H12.bmp [3072054]
O61 - LFC: 24/10/2013 - 14:30:02 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\avgchrome\avgp [132232]
O61 - LFC: 24/10/2013 - 14:30:20 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Last Tabs [445359]
O61 - LFC: 24/10/2013 - 14:30:20 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\iaimhpklononapfjngelgdokckfjekfc\CURRENT [16]
O61 - LFC: 24/10/2013 - 14:30:20 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\iaimhpklononapfjngelgdokckfjekfc\LOG [1175]
O61 - LFC: 24/10/2013 - 14:30:20 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\iaimhpklononapfjngelgdokckfjekfc\LOG.old [685]
O61 - LFC: 24/10/2013 - 14:30:20 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\iaimhpklononapfjngelgdokckfjekfc\MANIFEST-000126 [397]
O61 - LFC: 24/10/2013 - 14:30:20 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_iaimhpklononapfjngelgdokckfjekfc_0.localstorage [3072]
O61 - LFC: 24/10/2013 - 14:30:20 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_iaimhpklononapfjngelgdokckfjekfc_0.localstorage-journal [3608]
O61 - LFC: 24/10/2013 - 14:30:21 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_fr.nativekingdoms.com_0.localstorage [5120]
O61 - LFC: 24/10/2013 - 14:30:21 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_fr.nativekingdoms.com_0.localstorage-journal [3608]
O61 - LFC: 24/10/2013 - 14:30:21 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_khrane.monalliance.net_0.localstorage [3072]
O61 - LFC: 24/10/2013 - 14:30:21 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_khrane.monalliance.net_0.localstorage-journal [3608]
O61 - LFC: 24/10/2013 - 14:30:21 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_static.tanzuki.net_0.localstorage [2783232]
O61 - LFC: 24/10/2013 - 14:30:21 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_static.tanzuki.net_0.localstorage-journal [16384]
O61 - LFC: 24/10/2013 - 14:30:21 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_wac.edgecastcdn.net_0.localstorage [3072]
O61 - LFC: 24/10/2013 - 14:30:21 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_wac.edgecastcdn.net_0.localstorage-journal [3608]
O61 - LFC: 24/10/2013 - 14:30:21 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.lesroyaumes.com_0.localstorage [5120]
O61 - LFC: 24/10/2013 - 14:30:21 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_wac.edgecastcdn.net_0.localstorage [3072]
O61 - LFC: 24/10/2013 - 14:30:21 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_wac.edgecastcdn.net_0.localstorage-journal [3608]
O61 - LFC: 24/10/2013 - 14:30:22 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.lesroyaumes.com_0.localstorage-journal [3608]
O61 - LFC: 24/10/2013 - 14:30:22 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.royaumedulavabo.com_0.localstorage [3072]
O61 - LFC: 24/10/2013 - 14:30:22 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.royaumedulavabo.com_0.localstorage-journal [3608]
O61 - LFC: 24/10/2013 - 14:30:22 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Login Data [24576]
O61 - LFC: 24/10/2013 - 14:30:22 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Login Data-journal [8736]
O61 - LFC: 24/10/2013 - 14:30:22 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\TransportSecurity [325]
O61 - LFC: 24/10/2013 - 14:30:46 ---A- . (...) -- C:\Documents and Settings\NIZAR\Mes documents\T�l�chargements\D�sinfection\adwcleaner.exe [1060070]
O61 - LFC: 25/10/2013 - 14:29:47 -SHA- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Microsoft\Internet Explorer\UserData\index.dat [32768]
O61 - LFC: 25/10/2013 - 14:29:48 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\bookmarkbackups\bookmarks-2013-10-25.json [13190]
O61 - LFC: 25/10/2013 - 14:29:48 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\cert8.db [147456]
O61 - LFC: 25/10/2013 - 14:29:48 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\cookies.sqlite [1048576]
O61 - LFC: 25/10/2013 - 14:29:48 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\cookies.sqlite-shm [32768]
O61 - LFC: 25/10/2013 - 14:29:48 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\cookies.sqlite-wal [32824]
O61 - LFC: 25/10/2013 - 14:29:48 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\formhistory.sqlite [196608]
O61 - LFC: 25/10/2013 - 14:29:48 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\healthreport.sqlite [1146880]
O61 - LFC: 25/10/2013 - 14:29:48 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\healthreport.sqlite-shm [32768]
O61 - LFC: 25/10/2013 - 14:29:48 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\healthreport.sqlite-wal [0]
O61 - LFC: 25/10/2013 - 14:29:48 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\healthreport\state.json [123]
O61 - LFC: 25/10/2013 - 14:29:49 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\key3.db [16384]
O61 - LFC: 25/10/2013 - 14:29:49 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\localstore.rdf [8106]
O61 - LFC: 25/10/2013 - 14:29:49 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\places.sqlite [10485760]
O61 - LFC: 25/10/2013 - 14:29:49 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\places.sqlite-shm [32768]
O61 - LFC: 25/10/2013 - 14:29:49 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\places.sqlite-wal [0]
O61 - LFC: 25/10/2013 - 14:29:49 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\pluginreg.dat [6793]
O61 - LFC: 25/10/2013 - 14:29:49 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\prefs.js [11779]
O61 - LFC: 25/10/2013 - 14:29:49 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\sessionstore.bak [121637]
O61 - LFC: 25/10/2013 - 14:29:49 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\sessionstore.js [13651]
O61 - LFC: 25/10/2013 - 14:29:49 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\urlclassifierkey3.txt [154]
O61 - LFC: 25/10/2013 - 14:29:49 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\webapps\webapps.json [2]
O61 - LFC: 25/10/2013 - 14:29:49 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\webappsstore.sqlite [1638400]
O61 - LFC: 25/10/2013 - 14:29:49 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\webappsstore.sqlite-shm [32768]
O61 - LFC: 25/10/2013 - 14:29:49 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\webappsstore.sqlite-wal [0]
O61 - LFC: 25/10/2013 - 14:29:55 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\ZHP\Log.txt [60429] =>.Nicolas Coolman
O61 - LFC: 25/10/2013 - 14:29:57 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\ZHP\TestsZHPDiag.txt [3246] =>.Nicolas Coolman
O61 - LFC: 25/10/2013 - 14:30:00 ---A- . (...) -- C:\Documents and Settings\NIZAR\Bureau\SFTGC.exe [1064060]
O61 - LFC: 25/10/2013 - 14:30:00 ---A- . (...) -- C:\Documents and Settings\NIZAR\Bureau\ZHPDiag.lnk [1523] =>.Nicolas Coolman
O61 - LFC: 25/10/2013 - 14:30:00 ---A- . (...) -- C:\Documents and Settings\NIZAR\Bureau\ZHPFix.lnk [1628] =>.Nicolas Coolman
O61 - LFC: 25/10/2013 - 14:30:02 ---A- . (...) -- C:\Documents and Settings\NIZAR\Favoris\Royaume du Lavabo.url [602]
O61 - LFC: 25/10/2013 - 14:30:02 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.cf8dd223.ini.inuse [0]
O61 - LFC: 25/10/2013 - 14:30:02 -SHA- . (...) -- C:\Documents and Settings\NIZAR\IECompatCache\index.dat [360448]
O61 - LFC: 25/10/2013 - 14:30:02 -SHA- . (...) -- C:\Documents and Settings\NIZAR\IETldCache\index.dat [262144]
O61 - LFC: 25/10/2013 - 14:30:09 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Certificate Revocation Lists [260067]
O61 - LFC: 25/10/2013 - 14:30:09 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies [229376]
O61 - LFC: 25/10/2013 - 14:30:09 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies-journal [16384]
O61 - LFC: 25/10/2013 - 14:30:09 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Current Tabs [100459]
O61 - LFC: 25/10/2013 - 14:30:10 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\CURRENT [16]
O61 - LFC: 25/10/2013 - 14:30:10 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\LOG [148]
O61 - LFC: 25/10/2013 - 14:30:10 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\LOG.old [148]
O61 - LFC: 25/10/2013 - 14:30:10 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\CURRENT [16]
O61 - LFC: 25/10/2013 - 14:30:10 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\LOG [148]
O61 - LFC: 25/10/2013 - 14:30:10 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\LOG.old [148]
O61 - LFC: 25/10/2013 - 14:30:10 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\MANIFEST-000538 [720]
O61 - LFC: 25/10/2013 - 14:30:20 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Favicons [847872]
O61 - LFC: 25/10/2013 - 14:30:20 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Favicons-journal [16384]
O61 - LFC: 25/10/2013 - 14:30:20 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Google Profile.ico [181623]
O61 - LFC: 25/10/2013 - 14:30:20 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\History [1445888]
O61 - LFC: 25/10/2013 - 14:30:20 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\History Provider Cache [75702]
O61 - LFC: 25/10/2013 - 14:30:20 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\History-journal [16384]
O61 - LFC: 25/10/2013 - 14:30:20 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Last Session [529828]
O61 - LFC: 25/10/2013 - 14:30:21 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_www.google.com_0.localstorage [3072]
O61 - LFC: 25/10/2013 - 14:30:21 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_www.google.com_0.localstorage-journal [3608]
O61 - LFC: 25/10/2013 - 14:30:22 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Managed Mode Settings [8]
O61 - LFC: 25/10/2013 - 14:30:22 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [88933]
O61 - LFC: 25/10/2013 - 14:30:22 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\CURRENT [16]
O61 - LFC: 25/10/2013 - 14:30:22 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\LOG [271]
O61 - LFC: 25/10/2013 - 14:30:22 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\LOG.old [271]
O61 - LFC: 25/10/2013 - 14:30:22 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000683 [206]
O61 - LFC: 25/10/2013 - 14:30:22 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Top Sites [376832]
O61 - LFC: 25/10/2013 - 14:30:22 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Top Sites-journal [16384]
O61 - LFC: 25/10/2013 - 14:30:22 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Visited Links [131072]
O61 - LFC: 25/10/2013 - 14:30:22 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data [88064]
O61 - LFC: 25/10/2013 - 14:30:22 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data-journal [16384]
O61 - LFC: 25/10/2013 - 14:30:22 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Local State [52956]
O61 - LFC: 25/10/2013 - 14:30:22 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Bloom [10126896]
O61 - LFC: 25/10/2013 - 14:30:22 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Bloom Prefix Set [1505144]
O61 - LFC: 25/10/2013 - 14:30:22 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Cookies [6144]
O61 - LFC: 25/10/2013 - 14:30:22 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Cookies-journal [4640]
O61 - LFC: 25/10/2013 - 14:30:22 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Csd Whitelist [135236]
O61 - LFC: 25/10/2013 - 14:30:22 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Download [1005848]
O61 - LFC: 25/10/2013 - 14:30:22 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Download Whitelist [19548]
O61 - LFC: 25/10/2013 - 14:30:22 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Extension Blacklist [6624]
O61 - LFC: 25/10/2013 - 14:30:24 -SHA- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-1060284298-2000478354-1177238915-1003\Credentials [8010]
O61 - LFC: 25/10/2013 - 14:30:25 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Microsoft\Internet Explorer\frameiconcache.dat [7010]
O61 - LFC: 25/10/2013 - 14:30:33 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\startupCache\startupCache.4.little [1036740]
O61 - LFC: 25/10/2013 - 14:30:34 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\_CACHE_CLEAN_ [1]
O61 - LFC: 25/10/2013 - 14:30:46 ---A- . (...) -- C:\Documents and Settings\NIZAR\Recent\Logs.lnk [1005]
O61 - LFC: 25/10/2013 - 14:30:46 ---A- . (...) -- C:\Documents and Settings\NIZAR\Recent\MBAM-log-[1]2013-10-25 (10-36-20).lnk [1361]
O61 - LFC: 25/10/2013 - 14:30:46 ---A- . (...) -- C:\Documents and Settings\NIZAR\Recent\SFTGC.lnk [459]
O61 - LFC: 25/10/2013 - 14:30:46 ---A- . (...) -- C:\Documents and Settings\NIZAR\Recent\ZHPDiag.lnk [508] =>.Nicolas Coolman
O61 - LFC: 25/10/2013 - 14:30:46 ---A- . (...) -- C:\Documents and Settings\NIZAR\Recent\ZHPRootkit.lnk [683] =>.Nicolas Coolman
O61 - LFC: 25/10/2013 - 14:30:46 ---A- . (...) -- C:\Documents and Settings\NIZAR\Recent\ZHPScan.lnk [666] =>.Nicolas Coolman
O61 - LFC: 25/10/2013 - 14:30:46 ---A- . (...) -- C:\Documents and Settings\NIZAR\Recent\lien.lnk [454]
O61 - LFC: 25/10/2013 - 14:30:46 ---A- . (...) -- C:\Documents and Settings\NIZAR\Recent\mbam-log-2013-10-25 (09-55-57).lnk [588]
O61 - LFC: 25/10/2013 - 14:30:46 ---A- . (...) -- C:\Documents and Settings\NIZAR\Recent\mbr.lnk [642]
O61 - LFC: 25/10/2013 - 14:30:46 -SHA- . (...) -- C:\Documents and Settings\NIZAR\PrivacIE\index.dat [10289152]
~ 39 Fichiers temporaires (Temporary files)
~ 68 Fichiers cookies (Cookies files)
~ Files: 904 Legitimates Filtered in 01mn 06s



---\\ Liste des outils de d�sinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 19 Legitimates Filtered in 00mn 00s



---\\ Menu de d�marrage Internet (SMI) (O68)
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {4D691CBE-11F1-4642-855D-A887D1D3ABFB} [DefaultScope] - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - () - http://search.live.com
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {4D691CBE-11F1-4642-855D-A887D1D3ABFB} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {7B012DA0-BBC6-4F4D-A63F-80926C279592} - (Ask Search) - http://websearch.ask.com =>Toolbar.Ask
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - () - http://search.live.com
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {4D691CBE-11F1-4642-855D-A887D1D3ABFB} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {7B012DA0-BBC6-4F4D-A63F-80926C279592} - (Ask Search) - http://websearch.ask.com =>Toolbar.Ask
~ Keys: Scanned in 00mn 00s



---\\ Recherche particuli�re � la racine du syst�me (SPRF) (O84)
[MD5.6F95F7F1104F92E2A424373A17B97826] [SPRF][25/06/2012] (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\fusioncache.dat [128]
[MD5.2D58EDD287012EA9CDAEB98175B682A7] [SPRF][27/04/2013] (.Pas de propri�taire - AVAST Software Setup Engine.) -- C:\Documents and Settings\NIZAR\Bureau\avast_free_antivirus_setup.exe [115054456]
[MD5.30FADBA93E9430A63F19DA9935DE4369] [SPRF][14/02/2010] (.Gabest - Media Player Classic.) -- C:\Documents and Settings\NIZAR\Bureau\mplayerc.exe [4411392]
[MD5.666BD24BE5A29F1FF17D91CC280BD2EE] [SPRF][25/10/2013] (.Pas de propri�taire - Nettoyage des fichiers temporaires.) -- C:\Documents and Settings\NIZAR\Bureau\SFTGC.exe [1064060]
[MD5.11B9F1E66EE67F0C765C5895A99755DD] [SPRF][30/08/2011] (...) -- C:\Documents and Settings\NIZAR\Bureau\vlc-1.1.11-win32.exe [21073936]
~ Files: 10 Legitimates Filtered in 00mn 32s



---\\ Enum�re les codes produits des logiciels (PUC) (O90)
O90 - PUC: "4155949AA89096844A464C5558B74C46" . (.Multimedia Mouse Driver.) -- C:\WINDOWS\Installer\{A9495514-098A-4869-A464-C455857BC464}\ARPPRODUCTICON.exe
~ Update Products: 107 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.C394063653671DB2541ADEBA61A0ED49] [WIS][25/10/2013] (.Google - Google Talk Plugin Installer.) -- C:\Windows\Installer\baf9e.msi [455680]
[MD5.DAB180D0A6918208298D72093205D13D] [WIS][25/06/2012] (.UASSOFT - Multimedia Mouse Driver.) -- C:\Windows\Installer\c3e0ab.msi [217088]
~ WIS: 110 Legitimates Filtered in 00mn 08s



---\\ Etat g�n�ral des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 17/04/2007 364629 | (ACS) . (.Atheros.) - C:\WINDOWS\system32\acs.exe
SS - | Demand 19/10/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 06/04/2012 9216 | (AgereModemAudio) . (.Agere Systems.) - C:\WINDOWS\system32\agrsmsvc.exe
SR - | Auto 27/06/2011 643072 | (Ati HotKey Poller) . (.ATI Technologies Inc..) - C:\WINDOWS\system32\Ati2evxx.exe
SR - | Auto 30/08/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SS - | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SR - | Auto 06/04/2011 866576 | (EvtEng) . (.Intel(R) Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
SS - | Auto 27/11/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 27/11/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 08/08/2011 311928 | (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\maconfservice.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Demand 11/09/2013 118680 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 29/09/2004 69632 | (Pml Driver HPZ12) . (.HP.) - C:\WINDOWS\system32\HPZipm12.exe
SR - | Auto 06/04/2011 481552 | (RegSrvc) . (.Intel(R) Corporation.) - C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
SR - | Auto 06/04/2011 882960 | (S24EventMonitor) . (.Intel(R) Corporation.) - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
SR - | Auto 19/06/2012 3048136 | (Skype C2C Service) . (.Skype Technologies S.A..) - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
SS - | Auto 28/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 17/04/2012 30064 | (Uniblue.MaxiDiskSvc) . (...) - C:\Program Files\Uniblue\MaxiDisk\service.exe
~ Services: Scanned in 00mn 11s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by NIZAR at 25/10/2013 14:32:16

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : 12960 - (24/10/2013)
Cl�s trouv�es (Keys found) : 2
Valeurs trouv�es (Values found) : 1
Dossiers trouv�s (Folders found) : 0
Fichiers trouv�s (Files found) : 1

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ef79f67a-6ad7-4715-a0f8-932fca442023}] =>Toolbar.Conduit
[HKLM\Software\aMSN\OpenCandy] =>Adware.OpenCandy
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:Freecorder FLV Service =>Riskware.Movly^
C:\Program Files\Freecorder\FLVSrvc.exe =>Riskware.Movly^
~ Additionnel Scan: 207597 Items scanned in 01mn 02s



---\\ R�capitulatif des d�tections trouv�es sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/28801930-riskware-movly =>Riskware.Movly
~ http://nicolascoolman.webs.com/apps/blog/show/27480243-adware-socialskinz =>Adware.SocialSkinz
~ http://nicolascoolman.webs.com/apps/blog/show/33413667-pup-whilokii =>PUP.Whilokii
~ http://nicolascoolman.webs.com/apps/blog/show/32979753-pup-bitguard =>PUP.BitGuard
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/26770694-adware-opencandy =>Adware.OpenCandy
~ MSI: 7 link(s) detected in 01mn 02s



~ 1917 Legitimates filtered by white list
End of the scan (691 lines in 10mn 24s)(0)

Publicité


Signaler le contenu de ce document

Publicité