Rapport de ZHPDiag v2013.4.3.12 par Nicolas Coolman, Update du 03/04/2013
Run by georges at 05/04/2013 09:32:33
State : Nouvelle version disponible
High Elevated Privileges : OK
UAC : Not Found


---\\ Web Browser
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox 19.0.2 v19.0.2 (Defaut)

---\\ Windows Product Information
~ Langage: Français
Windows XP Professional Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO

---\\ System Information
~ Processor: x86 Family 6 Model 6 Stepping 2, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1023 MB (47% free)
System Restore: Activé (Enable)
System drive C: has 6 GB (43%) free of 15 GB

---\\ Logged in mode
~ Computer Name: GEORGES-42F7196
~ User Name: georges
~ All Users Names: SUPPORT_388945a0, HelpAssistant, georges, ASPNET, Administrateur, 
~ Unselected Option: None
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Documents and Settings\georges\Application Data\
~ %Desktop% : C:\Documents and Settings\georges\Bureau\
~ %Favorites% : C:\Documents and Settings\georges\Favoris\
~ %LocalAppData% : C:\Documents and Settings\georges\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\georges\Menu Démarrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 6 Go of 15 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 17 Go of 21 Go)
E:\ CD-ROM drive (Not Inserted)
F:\ CD-ROM drive (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Free 7 Go of 7 Go)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime :  OK
~ Security Center:  Scanned in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.13/04/2008 - 18:34:04.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.FCDD66EE148885E900285ADE8417E40B] - (.Microsoft Corporation - Internet Extensions for Win32.) (.05/02/2013 - 19:56:42.) -- C:\WINDOWS\system32\wininet.dll [916480]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.13/04/2008 - 18:34:30.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 10:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 11:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 10:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.13/04/2008 - 17:57:40.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 08:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.13/04/2008 - 18:00:54.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 10:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 10:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 11:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:32.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 11:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 11:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.13/04/2008 - 18:09:42.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 11:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 10:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.13/04/2008 - 17:57:36.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.13/04/2008 - 17:56:06.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/73
Mes musiques (My Musics) : 2/2   (Modified) 
Mes Videos (My Videos) : 2/2   (Modified) 
~ Mes Favoris (My Favorites) : 1/9
~ Mes Documents (My Documents) : 1/79
~ Mon Bureau (My Desktop) : 0/8
~ Menu demarrer (Programs) : 1/45
~ Hidden Files:  Scanned in 00mn 00s



---\\ Processus lancés
[MD5.B4837FE56D76B2E9EA90E5365CF6A2BE] - (.Avira GmbH - Antivirus Scheduler.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe   [136360] [PID.1648]
[MD5.C983E62B6FB74457D173BA93F66F6068] - (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe   [281768] [PID.1924]
[MD5.DF5A3016052755C910A206058B4A1729] - (.Avira GmbH - Antivirus On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe   [269480] [PID.1980]
[MD5.999DB5F88C8E145CCA9D471E33227143] - (.Oracle Corporation - Java(TM) Quick Starter Service.) -- C:\Program Files\Java\jre7\bin\jqs.exe   [170912] [PID.172]
[MD5.0FEBE37DB6650FAA5965C00545009D1D] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 93.71.) -- C:\WINDOWS\system32\nvsvc32.exe   [159810] [PID.276]
[MD5.8C91BD35AE9AA8B628EEC5E637BB1D0F] - (.Avira GmbH - AntiVir shadow copy service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe   [76968] [PID.1596]
[MD5.BF2F2717C13A4BD4FD73F2788534E86B] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe   [917400] [PID.2444]
[MD5.339DFA98DDDA7DDF735CE21C82E6F1DD] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe   [824232] [PID.3016]
[MD5.C35DA74B42B017D19CBB02863DCAC6E7] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe   [6440960] [PID.2356]
~ Processes Running:  Scanned in 00mn 01s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions  (P2,M0,M1,M2,M3)
C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\1cfw40a2.default-1364231546734\prefs.js
C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr(2).default\prefs.js
C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\prefs.js
M3 - MFPP: Plugins - [georges] -- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\searchplugins\googlefrweb.xml
M3 - MFPP: Plugins - [georges] -- C:\Program Files\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml
M0 - MFSP: prefs.js [georges - 55yaddkr.default] google.fr
M2 - MFEP: prefs.js [georges - 55yaddkr.default\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}] [dwhelper] DownloadHelper v4.9.14 (.Michel Gutierrez.)
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
P2 - FPN: [HKLM] [@adobe.com/ShockwavePlayer] - (.Adobe Systems, Inc. - Adobe Shockwave for Director Netscape plug-in, version 12.0.) -- C:\WINDOWS\system32\Adobe\Director\np32dsw_1200112.dll
P2 - FPN: [HKLM] [@java.com/DTPlugin,version=10.17.2] - (.Oracle Corporation - NPRuntime Script Plug-in Library for Java(TM) Deploy.) -- C:\WINDOWS\system32\npDeployJava1.dll
P2 - FPN: [HKLM] [@java.com/JavaPlugin,version=10.17.2] - (.Oracle Corporation - Next Generation Java Plug-in 10.17.2 for Mozilla browsers.) -- C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
P2 - FPN: [HKLM] [@videolan.org/vlc,version=2.0.3] - (.VideoLAN - VLC media player Web Plugin 2.0.2.) -- C:\Program Files\VideoLAN\VLC\npvlc.dll
P2 - FPN: [HKLM] [Adobe Reader] - (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 11.0.02.) -- C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
~ Firefox Browser:  Scanned in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 11.0.02.) (No version) -- (.not file.)
~ IE Browser:  Scanned in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\Userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys:  Scanned in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 23



---\\ Browser Helper Objects de navigateur (O2)
~ BHO: 3 Legitimates Scanned in 00mn 00s



---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [avgnt] . (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll 
~ Application:  Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Programs: Assistance à distance.lnk . (.Microsoft Corporation - Assistance à distance Microsoft.)  -- C:\WINDOWS\system32\rcimlby.exe 
O4 - GS\Programs: Outlook Express.lnk . (.Microsoft Corporation - Outlook Express.)  -- C:\Program Files\Outlook Express\msimn.exe 
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe 
O4 - GS\Programs: Lecteur Windows Media.lnk . (.Microsoft Corporation - Lecteur Windows Media.)  -- C:\Program Files\Windows Media Player\wmplayer.exe 
~ Global Startup:  Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Clé orpheline
~ IE Extra Buttons:  Scanned in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
~ Winsock: 3 Legitimates Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C39FC85-5814-48E7-B633-7A98AB72771D}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{3C39FC85-5814-48E7-B633-7A98AB72771D}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS3\Services\Tcpip\..\{3C39FC85-5814-48E7-B633-7A98AB72771D}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
~ Domain:  Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon:  Scanned in 00mn 00s



---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
~ SSODL: 4 Legitimates Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: NVIDIA Display Driver Service (NVSvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 93.71.) - C:\WINDOWS\system32\nvsvc32.exe
~ Services: 4 Legitimates Scanned in 00mn 06s



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\georges\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\georges\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
~ Desktop Component: 1 Legitimates Scanned in 00mn 00s



---\\ BootExecute (O34)
~ BEX: 1 Legitimates Scanned in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
~ IE Control Panel: 2 Legitimates Scanned in 00mn 00s



---\\ Composants installés (ActiveSetup Installed Components) (O40)
~ Active Setup: 20 Legitimates Scanned in 00mn 00s



---\\ Pilotes lancés au démarrage (O41)
~ Drivers: 66 Legitimates Scanned in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: Adobe Flash Player 11 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 11 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Reader XI (11.0.02) - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-AB0000000001}
O42 - Logiciel: Avira AntiVir Personal - Free Antivirus - (.Avira GmbH.) [HKLM] -- Avira AntiVir Desktop
O42 - Logiciel: Java 7 Update 17 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83217017FF}
O42 - Logiciel: NvMixer - (...) [HKLM] -- {D7A6C517-11F2-419F-B5BB-27772B939698}
O42 - Logiciel: Spybot - Search & Destroy - (.Safer Networking Limited.) [HKLM] -- {B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1
O42 - Logiciel: µTorrent - (.BitTorrent Inc..) [HKLM] -- uTorrent
~ Logic: 49 Legitimates Scanned in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\BitTorrent]
~ Key Software: 115 Legitimates Scanned in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 29/08/2012 - 10:27:24 - [54,568] ----D C:\Program Files\Spybot - Search & Destroy
O43 - CFD: 29/08/2012 - 10:59:28 - [0,764] ----D C:\Program Files\uTorrent
O43 - CFD: 31/08/2012 - 16:37:26 - [1,521] ----D C:\Program Files\TimeAdjuster
O43 - CFD: 29/08/2012 - 10:58:38 - [1,899] ----D C:\Documents and Settings\georges\Application Data\uTorrent
O43 - CFD: 31/08/2012 - 16:37:28 - [0,012] ----D C:\Documents and Settings\georges\Menu Démarrer\Programmes\TimeAdjuster
~ Program Folder: 81 Legitimates Scanned in 00mn 02s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.7F68521BA79A7D30216F6E2AAC717662] - 05/04/2013 - 06:39:46 ---A- . (...) -- C:\WINDOWS\wiadebug.log   [159]
O44 - LFC:[MD5.846B48B93D641D83793B6F240B195E9B] - 05/04/2013 - 06:39:44 ---A- . (...) -- C:\WINDOWS\system32\nvapps.xml   [88566]
O44 - LFC:[MD5.497E17C519CE95EAA864C7F095C9A92F] - 05/04/2013 - 05:44:24 ---A- . (...) -- C:\WINDOWS\wiaservc.log   [50]
O44 - LFC:[MD5.5866F5AC5FA90002CC1275789B715A60] - 02/04/2013 - 10:47:58 ---A- . (...) -- C:\WINDOWS\NeroDigital.ini   [116]
~ Files: 26 Legitimates Scanned in 01mn 30s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.824F30AEF788F3AC8DDC413B15C48BBD] - 04/04/2013 - 06:53:16 ---A- - C:\WINDOWS\Prefetch\NS74.TMP-1F23EEE8.pf
O45 - LFCP:[MD5.46DB065972C1C4174AA9CDE127C05888] - 04/04/2013 - 06:56:24 ---A- - C:\WINDOWS\Prefetch\REGCLEANR.EXE-03D19C9C.pf
O45 - LFCP:[MD5.E082F527560258FD55E55DA13710666E] - 04/04/2013 - 11:00:48 ---A- - C:\WINDOWS\Prefetch\MSDTC.EXE-1D9D8668.pf
O45 - LFCP:[MD5.DD75CD7495A3686E9B05247DF16DDA84] - 04/04/2013 - 19:12:24 ---A- - C:\WINDOWS\Prefetch\UTORRENT.EXE-01137797.pf
O45 - LFCP:[MD5.6B704C476B5624526BE0D9340D2D67B3] - 04/04/2013 - 22:07:10 ---A- - C:\WINDOWS\Prefetch\WORDPAD.EXE-32191081.pf
O45 - LFCP:[MD5.137F842F1E38405610FEEEF474934DBF] - 04/04/2013 - 23:06:44 ---A- - C:\WINDOWS\Prefetch\MPC-HC.EXE-30AE8C39.pf
O45 - LFCP:[MD5.929550B8727B7E7B102D4DA04EF022FD] - 05/04/2013 - 07:09:28 ---A- - C:\WINDOWS\Prefetch\DFRGFAT.EXE-22605FE5.pf
~ Prefetcher: 67 Legitimates Scanned in 00mn 00s



---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks:  Scanned in 00mn 00s



---\\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export SP - "C:\Program Files\uTorrent\uTorrent.exe" [Enabled] .(.BitTorrent Inc..) -- C:\Program Files\uTorrent\uTorrent.exe
O47 - AAKE:Key Export SP - "C:\Program Files\ma-config.com\maconfservice.exe" [Enabled] .(...) -- C:\Program Files\ma-config.com\maconfservice.exe (.not file.)
~ Keys Export: 7 Legitimates Scanned in 00mn 01s



---\\ Déni du service (Local Security Authority) (O48)
~ LSA: 6 Legitimates Scanned in 00mn 00s



---\\ Contrôle du Safe Boot (CSB) (O49)
~ CBS: 21 Legitimates Scanned in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO:  Scanned in 00mn 00s



---\\ Trojan Driver Search Data (HKLM) (O52)
~ TDSD: 12 Legitimates Scanned in 00mn 00s



---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\CTFMON.EXE  [Key] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O53 - SMSR:HKLM\...\startupreg\FlashPlayerUpdate  [Key] . (...) -- C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_5_502_149_Plugin.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\NeroFilterCheck  [Key] . (.Ahead Software Gmbh - NeroCheck.) -- C:\WINDOWS\system32\NeroCheck.exe
O53 - SMSR:HKLM\...\startupreg\NVMixerTray  [Key] . (.NVIDIA Corporation - NVIDIA nForce Mixer Tray Application.) -- C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
O53 - SMSR:HKLM\...\startupreg\nwiz  [Key] . (...) -- C:\WINDOWS\system32\nwiz.exe
~ SMSR Keys: 10 Legitimates Scanned in 00mn 00s



---\\ Microsoft Control Security Providers (O54)
~ MSCP: 6 Legitimates Scanned in 00mn 00s



---\\ Microsoft Windows Policies System (O55)
~ MWPS: 5 Legitimates Scanned in 00mn 00s



---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveAutoRun"=3
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveAutoRun"=3
~ MWPE Keys: 4 Legitimates Scanned in 00mn 00s



---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 06/09/2002 - 23:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys   [17792]
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 06/09/2002 - 23:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys   [9037]
~ Drivers:  Scanned in 00mn 00s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 02/04/2013 - 00:45:32 -S-A- C:\Documents and Settings\georges\Application Data\Microsoft\Crypto\RSA\S-1-5-21-602162358-484763869-682003330-1003\35f4a87f38d38294bd81b4a4fe3fe7a9_c618d82d-ab18-45f0-9a7b-71110769a3d1   [1305]
O61 - LFC: 02/04/2013 - 00:45:48 -S-A- C:\Documents and Settings\georges\Application Data\Microsoft\Crypto\RSA\S-1-5-21-602162358-484763869-682003330-1003\76b7e4a330a0efb2a9df2ed5fedd9201_c618d82d-ab18-45f0-9a7b-71110769a3d1   [1305]
O61 - LFC: 02/04/2013 - 00:47:44 -S-A- C:\Documents and Settings\georges\Application Data\Microsoft\Crypto\RSA\S-1-5-21-602162358-484763869-682003330-1003\2c24335c35f67fa9fe1beedc2486ac50_c618d82d-ab18-45f0-9a7b-71110769a3d1   [1305]
O61 - LFC: 02/04/2013 - 00:47:54 -S-A- C:\Documents and Settings\georges\Application Data\Microsoft\Crypto\RSA\S-1-5-21-602162358-484763869-682003330-1003\b467fece6ce3ab160806205bef72cb7a_c618d82d-ab18-45f0-9a7b-71110769a3d1   [1305]
O61 - LFC: 02/04/2013 - 08:50:58 ---A- C:\Documents and Settings\georges\Application Data\Microsoft\Media Player\03B3C69D.wpl   [154]
O61 - LFC: 02/04/2013 - 10:49:50 ---A- C:\Documents and Settings\georges\Local Settings\Application Data\Microsoft\Movie Maker\MEDIATAB0.DAT   [8704]
O61 - LFC: 02/04/2013 - 11:06:06 ---A- C:\Documents and Settings\georges\Application Data\Microsoft\Windows\Themes\Custom.theme   [8137]
O61 - LFC: 02/04/2013 - 23:18:10 -S-A- C:\Documents and Settings\georges\Application Data\Microsoft\Crypto\RSA\S-1-5-21-602162358-484763869-682003330-1003\6b10b15a27ced532d39c7b191dc6a5bb_c618d82d-ab18-45f0-9a7b-71110769a3d1   [1305]
O61 - LFC: 02/04/2013 - 23:33:08 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\bookmarkbackups\bookmarks-2013-04-03.json   [21289]
O61 - LFC: 03/04/2013 - 19:23:58 ---A- C:\Documents and Settings\georges\Application Data\dvdcss\CACHEDIR.TAG   [203]
O61 - LFC: 03/04/2013 - 21:29:22 -S-A- C:\Documents and Settings\georges\Application Data\Microsoft\Crypto\RSA\S-1-5-21-602162358-484763869-682003330-1003\86da4b0483db1143fc07644c2ed5fbdd_c618d82d-ab18-45f0-9a7b-71110769a3d1   [1305]
O61 - LFC: 03/04/2013 - 23:55:26 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\bookmarkbackups\bookmarks-2013-04-04.json   [21289]
O61 - LFC: 04/04/2013 - 05:36:34 -S-A- C:\Documents and Settings\georges\Application Data\Microsoft\Crypto\RSA\S-1-5-21-602162358-484763869-682003330-1003\fc851e10b4c8bf2b34d8a35e07c32fd5_c618d82d-ab18-45f0-9a7b-71110769a3d1   [1305]
O61 - LFC: 04/04/2013 - 06:53:58 ---A- C:\Documents and Settings\georges\UserData\index.dat   [32768]
O61 - LFC: 04/04/2013 - 06:53:58 -SHA- C:\Documents and Settings\georges\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\index.dat   [32768]
O61 - LFC: 04/04/2013 - 06:54:00 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\1cfw40a2.default-1364231546734\places.sqlite   [10485760]
O61 - LFC: 04/04/2013 - 06:54:00 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr(2).default\places.sqlite   [10485760]
O61 - LFC: 04/04/2013 - 07:00:38 ---A- C:\Documents and Settings\georges\Bureau\scan.lnk   [2451]
O61 - LFC: 04/04/2013 - 07:12:00 ---A- C:\Documents and Settings\georges\Recent\ZHPDiag.txt.lnk   [381]
O61 - LFC: 04/04/2013 - 07:21:58 ---A- C:\Documents and Settings\georges\Local Settings\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\startupCache\startupCache.4.little   [1690492]
O61 - LFC: 04/04/2013 - 08:49:38 ---A- C:\Documents and Settings\georges\Recent\Californication.S06E03.avi.lnk   [368]
O61 - LFC: 04/04/2013 - 09:18:28 ---A- C:\Documents and Settings\georges\Recent\Californication.S06E04.avi.lnk   [368]
O61 - LFC: 04/04/2013 - 10:20:58 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\mimeTypes.rdf   [32232]
O61 - LFC: 04/04/2013 - 10:21:00 -S-A- C:\Documents and Settings\georges\Application Data\Microsoft\Crypto\RSA\S-1-5-21-602162358-484763869-682003330-1003\b5e0ef03ae238db2719732353c75ec01_c618d82d-ab18-45f0-9a7b-71110769a3d1   [1305]
O61 - LFC: 04/04/2013 - 10:21:04 ---A- C:\Documents and Settings\georges\Application Data\uTorrent\dlimagecache\11BE992F09EDBD864815F0130D4082E29BCDFA61   [141956]
O61 - LFC: 04/04/2013 - 11:40:48 ---A- C:\Documents and Settings\georges\Recent\Mes images.lnk   [375]
O61 - LFC: 04/04/2013 - 11:40:48 ---A- C:\Documents and Settings\georges\Recent\bon.txt.lnk   [577]
O61 - LFC: 04/04/2013 - 11:42:40 ---A- C:\Documents and Settings\georges\Recent\Californication.S06E05.avi.lnk   [368]
O61 - LFC: 04/04/2013 - 12:11:00 ---A- C:\Documents and Settings\georges\Recent\Californication.S06E06.avi.lnk   [368]
O61 - LFC: 04/04/2013 - 13:32:06 ---A- C:\Documents and Settings\georges\Recent\Californication.S06E07.avi.lnk   [368]
O61 - LFC: 04/04/2013 - 13:59:50 ---A- C:\Documents and Settings\georges\Recent\Californication.S06E08.avi.lnk   [368]
O61 - LFC: 04/04/2013 - 14:33:52 ---A- C:\Documents and Settings\georges\Application Data\uTorrent\dlimagecache\7C8945DA1B01DEA87CEA3DEAE371D7FEEFE460C0   [3211]
O61 - LFC: 04/04/2013 - 14:34:02 ---A- C:\Documents and Settings\georges\Application Data\uTorrent\dht.dat.old   [4404]
O61 - LFC: 04/04/2013 - 14:34:02 ---A- C:\Documents and Settings\georges\Application Data\uTorrent\rss.dat.old   [99]
O61 - LFC: 04/04/2013 - 14:49:22 ---A- C:\Documents and Settings\georges\Recent\Californication.S06E09.avi.lnk   [368]
O61 - LFC: 04/04/2013 - 15:18:02 ---A- C:\Documents and Settings\georges\Recent\Californication.S06E10.avi.lnk   [368]
O61 - LFC: 04/04/2013 - 15:46:48 ---A- C:\Documents and Settings\georges\Recent\Californication.S06E11.avi.lnk   [368]
O61 - LFC: 04/04/2013 - 16:15:36 ---A- C:\Documents and Settings\georges\Recent\Lecteur CD.lnk   [198]
O61 - LFC: 04/04/2013 - 16:15:36 ---A- C:\Documents and Settings\georges\Recent\californication.S06E12.avi.lnk   [368]
O61 - LFC: 04/04/2013 - 17:00:28 ---A- C:\Documents and Settings\georges\Recent\TELE.m3u.lnk   [364]
O61 - LFC: 04/04/2013 - 18:24:04 ---A- C:\Documents and Settings\georges\Application Data\vlc\ml.xspf   [304]
O61 - LFC: 04/04/2013 - 18:24:04 ---A- C:\Documents and Settings\georges\Application Data\vlc\vlcrc   [80077]
O61 - LFC: 04/04/2013 - 18:24:12 ---A- C:\Documents and Settings\georges\Recent\Scans.lnk   [449]
O61 - LFC: 04/04/2013 - 18:24:12 ---A- C:\Documents and Settings\georges\Recent\booklet 1.jpg.lnk   [605]
O61 - LFC: 04/04/2013 - 18:36:28 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\1cfw40a2.default-1364231546734\prefs.js   [2614]
O61 - LFC: 04/04/2013 - 18:36:28 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr(2).default\prefs.js   [2587]
O61 - LFC: 04/04/2013 - 18:41:52 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\blocklist.xml   [58746]
O61 - LFC: 04/04/2013 - 18:42:12 ---A- C:\Documents and Settings\georges\Recent\Anubis - 230503 (2009).lnk   [389]
O61 - LFC: 04/04/2013 - 18:42:12 ---A- C:\Documents and Settings\georges\Recent\Anubis - 230503.flac.lnk   [554]
O61 - LFC: 04/04/2013 - 19:12:16 -S-A- C:\Documents and Settings\georges\Application Data\Microsoft\Crypto\RSA\S-1-5-21-602162358-484763869-682003330-1003\aa68583709dfa29dcf9c66906a7f04e3_c618d82d-ab18-45f0-9a7b-71110769a3d1   [1305]
O61 - LFC: 04/04/2013 - 19:15:54 ---A- C:\Documents and Settings\georges\Recent\cast-away-2000-dvdrip-xvid-ndrt-ultimhate.zip.lnk   [562]
O61 - LFC: 04/04/2013 - 19:15:56 ---A- C:\Documents and Settings\georges\Recent\Cast.Away.2000.DVDRip.XviD-ViEW.lnk   [438]
O61 - LFC: 04/04/2013 - 19:30:50 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\downloads.sqlite   [98304]
O61 - LFC: 04/04/2013 - 19:30:50 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\signons.sqlite   [327680]
O61 - LFC: 04/04/2013 - 19:30:52 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\addons.sqlite   [524288]
O61 - LFC: 04/04/2013 - 19:30:52 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\content-prefs.sqlite   [229376]
O61 - LFC: 04/04/2013 - 19:30:52 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\permissions.sqlite   [1769472]
O61 - LFC: 04/04/2013 - 22:06:58 ---A- C:\Documents and Settings\georges\Recent\ZHPFixReport.txt.lnk   [408]
O61 - LFC: 04/04/2013 - 23:06:46 ---A- C:\Documents and Settings\georges\Recent\Track01.cda.lnk   [326]
O61 - LFC: 04/04/2013 - 23:10:02 ---A- C:\Documents and Settings\georges\Recent\Track02.cda.lnk   [326]
O61 - LFC: 04/04/2013 - 23:16:04 ---A- C:\Documents and Settings\georges\Recent\Track03.cda.lnk   [326]
O61 - LFC: 04/04/2013 - 23:26:22 ---A- C:\Documents and Settings\georges\Recent\Track04.cda.lnk   [326]
O61 - LFC: 04/04/2013 - 23:34:12 ---A- C:\Documents and Settings\georges\Recent\Track05.cda.lnk   [326]
O61 - LFC: 04/04/2013 - 23:42:14 ---A- C:\Documents and Settings\georges\Recent\Track06.cda.lnk   [326]
O61 - LFC: 04/04/2013 - 23:50:42 ---A- C:\Documents and Settings\georges\Recent\Track07.cda.lnk   [326]
O61 - LFC: 04/04/2013 - 23:57:28 ---A- C:\Documents and Settings\georges\Recent\Track08.cda.lnk   [326]
O61 - LFC: 05/04/2013 - 00:00:00 ---A- C:\Documents and Settings\georges\Application Data\uTorrent\settings.dat.old   [122483]
O61 - LFC: 05/04/2013 - 00:05:50 ---A- C:\Documents and Settings\georges\Recent\Lecteur CD (2).lnk   [203]
O61 - LFC: 05/04/2013 - 00:05:50 ---A- C:\Documents and Settings\georges\Recent\Track09.cda.lnk   [326]
O61 - LFC: 05/04/2013 - 00:08:34 ---A- C:\Documents and Settings\georges\Application Data\uTorrent\dht_feed.dat.old   [2]
O61 - LFC: 05/04/2013 - 00:09:48 ---A- C:\Documents and Settings\georges\Application Data\uTorrent\resume.dat.old   [13224]
O61 - LFC: 05/04/2013 - 00:10:48 ---A- C:\Documents and Settings\georges\Application Data\Media Player Classic\default.mpcpl   [349]
O61 - LFC: 05/04/2013 - 00:10:56 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\bookmarkbackups\bookmarks-2013-04-05.json   [20882]
O61 - LFC: 05/04/2013 - 00:11:14 ---A- C:\Documents and Settings\georges\Application Data\uTorrent\dht.dat   [4170]
O61 - LFC: 05/04/2013 - 00:11:14 ---A- C:\Documents and Settings\georges\Application Data\uTorrent\dht_feed.dat   [2]
O61 - LFC: 05/04/2013 - 00:11:14 ---A- C:\Documents and Settings\georges\Application Data\uTorrent\resume.dat   [13198]
O61 - LFC: 05/04/2013 - 00:11:14 ---A- C:\Documents and Settings\georges\Application Data\uTorrent\rss.dat   [99]
O61 - LFC: 05/04/2013 - 00:11:14 ---A- C:\Documents and Settings\georges\Application Data\uTorrent\settings.dat   [122483]
O61 - LFC: 05/04/2013 - 06:47:20 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\localstore.rdf   [15343]
O61 - LFC: 05/04/2013 - 06:54:00 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\cert8.db   [180224]
O61 - LFC: 05/04/2013 - 06:54:00 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\cookies.sqlite   [1048576]
O61 - LFC: 05/04/2013 - 06:54:00 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\dh-media-lists.rdf   [520]
O61 - LFC: 05/04/2013 - 06:54:00 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\dh-smart-names.rdf   [61516]
O61 - LFC: 05/04/2013 - 06:54:00 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\key3.db   [16384]
O61 - LFC: 05/04/2013 - 06:54:00 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\sessionstore.bak   [170052]
O61 - LFC: 05/04/2013 - 08:24:44 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\cookies.sqlite-shm   [32768]
O61 - LFC: 05/04/2013 - 08:24:44 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\cookies.sqlite-wal   [590288]
O61 - LFC: 05/04/2013 - 08:24:44 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\places.sqlite-shm   [32768]
O61 - LFC: 05/04/2013 - 08:24:44 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\webapps\webapps.json   [2]
O61 - LFC: 05/04/2013 - 08:24:48 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\urlclassifierkey3.txt   [154]
O61 - LFC: 05/04/2013 - 08:25:16 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\prefs.js   [8202]
O61 - LFC: 05/04/2013 - 08:28:04 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\formhistory.sqlite   [196608]
O61 - LFC: 05/04/2013 - 08:28:28 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\webappsstore.sqlite   [851968]
O61 - LFC: 05/04/2013 - 08:30:34 -SHA- C:\Documents and Settings\georges\IETldCache\index.dat   [262144]
O61 - LFC: 05/04/2013 - 08:30:56 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\places.sqlite   [10485760]
O61 - LFC: 05/04/2013 - 08:30:56 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\places.sqlite-wal   [426328]
O61 - LFC: 05/04/2013 - 08:32:20 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\sessionstore.js   [353013]
~ 2 Fichiers cookies (Cookies files)
~ Files: 130 Legitimates Scanned in 00mn 42s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7}
~ ADS:  Scanned in 00mn 00s



---\\ Liste des services Legacy (O64)
~ Legacy: 112 Legitimates Scanned in 00mn 00s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\shell32.dll
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKLM\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\WINDOWS\system32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\WINDOWS\regedit.exe
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\shell32.dll
O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\WINDOWS\system32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\WINDOWS\regedit.exe
~ Keys:  Scanned in 00mn 00s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - http://search.live.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - http://www.bing.com
~ Keys:  Scanned in 00mn 00s



---\\ Recherche des services démarrés par Svchost (O83)
~ Services: 40 Legitimates Scanned in 00mn 01s



---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.3BDA066522997F22134E488ECC6A6CB0] [SPRF][29/08/2012] (.NVIDIA Corporation - Pas de description.) -- C:\Documents and Settings\georges\Bureau\nForce_5.10_WinXP2K_WHQL_international.exe   [32064469]
~ Files:  Scanned in 00mn 01s



---\\ Scan Additionnel (O88)
Database Version : v2.11376 - (03/04/2013)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 0
Dossiers trouvés  (Folders found) : 0
Fichiers trouvés  (Files found) : 0

[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]   =>Toolbar.Bing
~ Additionnel:  Scanned in 00mn 15s



---\\ Product Upgrade Codes (O90)
~ Update Products: 12 Legitimates Scanned in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 13/03/2013 253656 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 21/04/2011 136360 |  (AntiVirSchedulerService) . (.Avira GmbH.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SR - | Auto 21/07/2011 269480 |  (AntiVirService) . (.Avira GmbH.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SS - | Demand 13/04/2008 225280 |  (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SR - | Auto 10/03/2013 170912 |  (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe
SS - | Demand 08/03/2013 115608 |  (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 22/10/2006 159810 |  (NVSvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvsvc32.exe
~ Services:  Scanned in 00mn 00s



---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by georges at 05/04/2013 09:35:58

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 
1 nt!IofCallDriver[0x804E37D5] >> \Device\Harddisk0\DR0[0x8675CAB8]
kernel: MBR read successfully
user & kernel MBR OK 
~ MBR: 13 Legitimates Scanned in 00mn 02s



---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by georges at 05/04/2013 09:36:01

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR:  Scanned in 00mn 04s



End of the scan (610 lines in 03mn 27s)(0)