~ Rapport de ZHPDiag v2013.10.24.63 - Nicolas Coolman (24/10/2013) ~ Lancé par NIZAR (24/10/2013 20:30:58) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/ ~ Traduit par Nicolas Coolman ~ Etat de la version : ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Not Found ---\\ Navigateurs Internet MSIE: Internet Explorer v8.0.6001.18702 MFIE: Mozilla Firefox 24.0 (Defaut) GCIE: Google Chrome v30.0.1599.101 ---\\ Informations sur les produits Windows ~ Langage: Français Windows XP Professional Service Pack 3 (Build 2600) Windows Automatic Updates : OK Windows Genuine Advantage : OK ---\\ Logiciels de protection du système avast! Free Antivirus v8.0.1497.0 ---\\ Logiciels d'optimisation du système CCleaner =>Piriform Ltd ---\\ Logiciels de partage PeerToPeer ---\\ Surveillance de Logiciels Adobe Flash Player 11 Plugin Adobe Reader 9.5.5 - Français ---\\ Informations sur le système ~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 2046 MB (19% free) System Restore: Activé (Enable) System drive C: has 22 GB (45%) free of 49 GB ---\\ Mode de connexion au système ~ Computer Name: NIZAR-242C62AF7 ~ User Name: NIZAR ~ All Users Names: SUPPORT_388945a0, NIZAR, HelpAssistant, ASPNET, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Documents and Settings\NIZAR\Application Data\ZHP\ ~ %AppData% : C:\Documents and Settings\NIZAR\Application Data\ ~ %Desktop% : C:\Documents and Settings\NIZAR\Bureau\ ~ %Favorites% : C:\Documents and Settings\NIZAR\Favoris\ ~ %LocalAppData% : C:\Documents and Settings\NIZAR\Local Settings\Application Data\ ~ %StartMenu% : C:\Documents and Settings\NIZAR\Menu Démarrer\ ~ %Windir% : C:\WINDOWS\ ~ %System% : C:\WINDOWS\system32\ ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 22 Go of 49 Go) D: Hard drive, Flash drive, Thumb drive (Free 49 Go of 49 Go) E: Hard drive, Flash drive, Thumb drive (Free 134 Go of 135 Go) F: CD-ROM drive (Not Inserted) G: CD-ROM drive (Not Inserted) ---\\ Etat du Centre de Sécurité Windows ~ Security Center: 41 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 - 20:00:00.) -- C:\WINDOWS\Explorer.exe [1037824] [MD5.EA7AB3839BE1FFE067A8131F3547160D] - (.Microsoft Corporation - Internet Extensions for Win32.) (.08/08/2013 - 07:05:46.) -- C:\WINDOWS\system32\wininet.dll [920064] [MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14/04/2008 - 20:00:00.) -- C:\WINDOWS\system32\Winlogon.exe [512000] [MD5.F6B7B1ECD7B41736BDB6FF4B092BCB79] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:41:46.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496] [MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 10:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512] [MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/04/2008 - 20:00:00.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744] [MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/04/2008 - 20:00:00.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976] [MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.14/04/2008 - 20:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672] [MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.14/04/2008 - 20:00:00.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384] [MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.13/04/2008 - 18:00:54.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144] [MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.14/04/2008 - 20:00:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112] [MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.14/04/2008 - 20:00:00.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832] [MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.14/04/2008 - 20:00:00.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264] [MD5.FB2FCCC70F7174C7BF64F48E96D3ADF4] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:35.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [457856] [MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.14/04/2008 - 20:00:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816] [MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.14/04/2008 - 20:00:00.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976] [MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.30/04/2010 - 03:30:42.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384] [MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/04/2008 - 20:00:00.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328] [MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 10:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224] [MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.13/04/2008 - 18:57:36.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752] [MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/04/2008 - 20:00:00.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 2/22 ~ Mes musiques (My Musics) : 1/2 ~ Mes Favoris (My Favorites) : 1/54 ~ Mes Documents (My Documents) : 1/773 ~ Mon Bureau (My Desktop) : 0/226 ~ Menu demarrer (Programs) : 1/51 ~ Hidden Files: Scanned in 00mn 00s ---\\ Processus lancés [MD5.A10E4AE69C81B4EBF0096CF867133D6F] - (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) -- C:\WINDOWS\system32\Ati2evxx.exe [643072] [PID.1724] [MD5.CFD6492787854E0AECD6BBA59717E9BA] - (.Intel(R) Corporation - Intel(R) Wireless Management Service.) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [882960] [PID.320] [MD5.9330941C8F6DF417F6DBBE998DB6687E] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808] [PID.968] [MD5.A3E3552E9E99E9A690A12A25973EF30A] - (.Atheros - ACS.) -- C:\WINDOWS\system32\acs.exe [364629] [PID.1120] [MD5.39E435C90C9C4F780FA0ED05CA3C3A1B] - (.Agere Systems - Agere Soft Modem Call Progress Service.) -- C:\WINDOWS\system32\agrsmsvc.exe [9216] [PID.1180] [MD5.97A57AEA49E0EC9D17BDD96A3CEEBEBC] - (...) -- C:\Documents and Settings\All Users\Application Data\BitGuard\2.6.1694.246\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [3032032] [PID.1208] =>PUP.BitGuard [MD5.830EC44BB7A1331EB69B682F0AC0CA51] - (.Intel(R) Corporation - Intel(R) PROSet/Wireless Event Log Service.) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe [866576] [PID.1204] [MD5.9D84376931440F3679BEEF2A414FA493] - (.HP - PML Driver.) -- C:\WINDOWS\system32\HPZipm12.exe [69632] [PID.1764] [MD5.9A6FA65DBF980A44CD3B26D63A15DC23] - (.Intel(R) Corporation - Intel(R) PROSet/Wireless Registry Service.) -- C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe [481552] [PID.2012] [MD5.2A99850C2A6EDD6C6602E822C716EDAF] - (.Skype Technologies S.A. - Skype C2C Service.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3048136] [PID.612] [MD5.B1EC2CAA074A857BF98CA990E576BC2D] - (.Whilokii - Whilokii.) -- C:\Program Files\Whilokii\updateWhilokii.exe [65304] [PID.920] =>PUP.Whilokii [MD5.B1EC2CAA074A857BF98CA990E576BC2D] - (.Whilokii - Whilokii.) -- C:\Program Files\Whilokii\bin\utilWhilokii.exe [65304] [PID.2596] =>PUP.Whilokii [MD5.8FEB26F6EF2761C125555D31D788147A] - (.Atheros Communications, Inc. - Atheros Client Utility.) -- C:\Program Files\Atheros\ACU.exe [372825] [PID.3248] [MD5.F2BA7E3DBDB540D617A721CBDD7C7AAC] - (.Intel(R) Corporation - Intel(R) PROSet/Wireless Zero Config Servic.) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [1407248] [PID.3560] [MD5.360B47C7FBA6CAA88F69F775196A7121] - (.Intel(R) Corporation - Intel(R) PROSet/Wireless Framework.) -- C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe [1210640] [PID.3620] [MD5.4F2B6D05AFC4F680DFC2392EDA749493] - (.Applian Technologies, Inc. - FLV Service for Freecorder.) -- C:\Program Files\Freecorder\FLVSrvc.exe [167936] [PID.3640] =>Riskware.Movly [MD5.C59AF329C486FD196315D510A57637E7] - (.Logitech Inc. - Logitech Launcher Application.) -- C:\WINDOWS\Logi_MwX.exe [19968] [PID.3680] [MD5.E6DEED311D830678E1A0B4889F3C2F0E] - (.UASSOFT.COM - DRIVER AUTORUN.) -- C:\Program Files\Multimedia Mouse Driver\V5\StartAutorun.exe [212992] [PID.3728] [MD5.E558CDE2913DAA077D4E25732D1AA176] - (.Hewlett-Packard Company - hpwuSchd.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152] [PID.2904] [MD5.053B2F7FA7BB1BE106D21844FA4AAD39] - (.UASSOFT.COM - USB Keyboard And PS/2 Keyboard Driver.) -- C:\Program Files\Multimedia Mouse Driver\V5\KMConfig.exe [1470464] [PID.3864] [MD5.BB1F9614D427716D0D9E9FEFC34CC9A4] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1434920] [PID.3872] [MD5.CBC7D8E5416AD30CF16DC2FD4A6AA399] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968] [PID.3876] [MD5.FDA92FDAFFEDBDD3741FDDF9D82C69DF] - (.Synaptics Incorporated - Toshiba Custom PlugIn Application.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe [210216] [PID.2224] [MD5.12401502481540DE194408F8CE71C5F3] - (.UASSOFT.COM - Keyboard And Mouse Processing.) -- C:\Program Files\Multimedia Mouse Driver\V5\KMProcess.exe [561152] [PID.2200] [MD5.F7A01E608EDEB9BA5AEA26D1040DA7B7] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe [20143688] [PID.3484] [MD5.CAD76DEE2311C5FFF840A2EB7B058143] - (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [6158240] [PID.236] [MD5.31484C04CCB0D25EB69CF49FC8C38F47] - (.Uniblue Systems Limited - Uniblue PowerSuite.) -- C:\Program Files\Uniblue\PowerSuite\powersuite.exe [56160] [PID.3480] [MD5.97640B78CF9E7B87C7E562EFD89930FA] - (.BitTorrent, Inc. - BitTorrent.) -- C:\Program Files\BitTorrent\BitTorrent.exe [4992880] [PID.3704] =>P2P.BitTorrent [MD5.7E4AD8220AF0B281274F9785DD53E25C] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [18642024] [PID.3612] [MD5.C519CEC624CF9BCBA3059F32266C8FFF] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [258048] [PID.3224] [MD5.0C20CCF4FC1FB66CF0624A098CEF1A36] - (.Uniblue Systems Ltd - Uniblue SpeedUpMyPC.) -- C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe [56168] [PID.1176] =>Rogue.SpeedUpMyPC [MD5.6B2B9B46D7DA5C67397412DEA6CF9A14] - (.Hewlett-Packard Co. - Pas de description.) -- C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe [425984] [PID.864] [MD5.A9182CE59CFC56F9C1DDE8B3C0AE8378] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [274840] [PID.3716] [MD5.12FD4EF8F2CBBF98E0A5CED88258DDF3] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [17816] [PID.4664] [MD5.3E399A1328181C2A352472369DE2A93A] - (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\Application\chrome.exe [844752] [PID.4468] [MD5.146B9AED5109949EAD0E273E513EF363] - (.Uniblue Systems Limited - Uniblue MaxiDisk.) -- C:\Program Files\Uniblue\MaxiDisk\maxidisk.exe [56672] [PID.5772] [MD5.6125F6F2CFABE63D216C3FC9B4ECC482] - (...) -- C:\Program Files\Uniblue\MaxiDisk\service.exe [30064] [PID.612] [MD5.B93FFCF1D42AE4613CDFF7450F7D4199] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8128512] [PID.800] [MD5.FB6A2AD43B478FC9E306C32DF975DE50] - (.Microsoft Corporation - A tool to aid in developing services for Wi.) -- C:\WINDOWS\system32\sc.exe [35328] [PID.0] ~ Processes Running: Scanned in 00mn 35s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences G2 - GCE: Preference [User Data\Default] [iaimhpklononapfjngelgdokckfjekfc] Whilokii v.1.0.0 (Activé) =>PUP.Whilokii ~ Google Browser: 14 Legitimates Filtered in 00mn 23s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\prefs.js C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\user.js M3 - MFPP: Plugins - [NIZAR] -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\searchplugins\askcom.xml M3 - MFPP: Plugins - [NIZAR] -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\searchplugins\BrowserProtect.xml =>Hijacker.Eazel M3 - MFPP: Plugins - [NIZAR] -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\searchplugins\delta.xml =>Toolbar.DeltaSearch M3 - MFPP: Plugins - [NIZAR] -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\searchplugins\search-here.xml M0 - MFSP: prefs.js [NIZAR - usycz9ri.default] http://www.mysearchresults.com =>Adware.MyWebSearch M2 - MFEP: prefs.js [NIZAR - usycz9ri.default\addon@defaulttab.com] [] Default Tab v2.2.41 (..) =>Adware.Bandoo M2 - MFEP: prefs.js [NIZAR - usycz9ri.default\ffxtlbr@delta.com] [] Delta Toolbar v1.5.0 (..) =>Toolbar.DeltaSearch M2 - MFEP: prefs.js [NIZAR - usycz9ri.default\firefox@whilokii.net] [] Whilokii v1.0.0 (..) =>PUP.Whilokii ~ Firefox Browser: 23 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main,Start Page = http://allssearch.com =>Adware.SocialSkinz R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = http://www.delta-search.com =>Toolbar.DeltaSearch ~ IE Browser: 12 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 20 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: Whilokii - {204df522-9a96-4a72-abb0-60f7a216d6d2} . (.Whilokii - Whilokii.) -- C:\Program Files\Whilokii\Whilokiibho.dll =>PUP.Whilokii O2 - BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} . (.Delta-search.com - Pas de description.) -- C:\Program Files\Delta\delta\1.8.10.0\bh\delta.dll =>Toolbar.DeltaSearch O2 - BHO: (no name) - {ef79f67a-6ad7-4715-a0f8-932fca442023} Clé orpheline O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} Clé orpheline ~ BHO: 18 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: Delta Toolbar - [HKLM]{82E1477C-B154-48D3-9891-33D83C26BCD3} . (...) -- (.not file.) =>Toolbar.DeltaSearch O3 - Toolbar: avast! WebRep - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline O3 - Toolbar\WebBrowser: (no name) - [HKCU]{D4027C7F-154A-4066-A1AD-4243D8127440} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Program [AllUsers]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O4 - GS\Program [AllUsers]: Pidgin.lnk . (.The Pidgin developer community - Pidgin.) -- C:\Program Files\Pidgin\pidgin.exe O4 - GS\Program [NIZAR]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe O4 - GS\Program [NIZAR]: WebPlayerV2.lnk . (...) -- C:\Documents and Settings\NIZAR\Application Data\Microsoft\Installer\{77236F9C-987C-40EC-832B-5BD6181E4846}\_05C54B1BA48220C27C65AA.exe ~ Global Startup: 12 Legitimates Filtered in 00mn 00s ---\\ Applications lancées au démarrage du sytème (O4) O4 - GS\Program [AllUsers]: Démarrage rapide du logiciel HP Image Zone.lnk . (.Hewlett-Packard Co. - HP Image Zone.) -- C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - GS\Program [AllUsers]: HP Digital Imaging Monitor.lnk . (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe =>.Hewlett-Packard Co O4 - HKLM\..\Run: [ACU] . (.Atheros Communications, Inc. - Atheros Client Utility.) -- C:\Program Files\Atheros\ACU.exe O4 - HKLM\..\Run: [IntelZeroConfig] . (.Intel(R) Corporation - Intel(R) PROSet/Wireless Zero Config Servic.) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe O4 - HKLM\..\Run: [IntelWireless] . (.Intel(R) Corporation - Intel(R) PROSet/Wireless Framework.) -- C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe O4 - HKLM\..\Run: [Freecorder FLV Service] . (.Applian Technologies, Inc. - FLV Service for Freecorder.) -- C:\Program Files\Freecorder\FLVSrvc.exe =>Riskware.Movly O4 - HKLM\..\Run: [Logitech Utility] . (.Logitech Inc. - Logitech Launcher Application.) -- C:\WINDOWS\Logi_MwX.exe O4 - HKLM\..\Run: [KMConfig] . (.UASSOFT.COM - DRIVER AUTORUN.) -- C:\Program Files\Multimedia Mouse Driver\V5\StartAutorun.exe O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard Company - hpwuSchd.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe =>.Realtek Semiconductor Corp O4 - HKLM\..\Run: [KernelFaultCheck] Clé orpheline O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSHIBA Online Product Information] . (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe =>.Toshiba Corporation O4 - HKCU\..\Run: [PowerSuite] . (.Uniblue Systems Limited - Uniblue Launcher.) -- C:\Program Files\Uniblue\PowerSuite\Launcher.exe O4 - HKCU\..\Run: [BitTorrent] . (.BitTorrent, Inc. - BitTorrent.) -- C:\Program Files\BitTorrent\BitTorrent.exe =>P2P.BitTorrent O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A. O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] . (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe =>.Toshiba Corporation O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-21-1060284298-2000478354-1177238915-1003\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-1060284298-2000478354-1177238915-1003\..\Run: [TOSHIBA Online Product Information] . (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe =>.Toshiba Corporation O4 - HKUS\S-1-5-21-1060284298-2000478354-1177238915-1003\..\Run: [PowerSuite] . (.Uniblue Systems Limited - Uniblue Launcher.) -- C:\Program Files\Uniblue\PowerSuite\Launcher.exe O4 - HKUS\S-1-5-21-1060284298-2000478354-1177238915-1003\..\Run: [BitTorrent] . (.BitTorrent, Inc. - BitTorrent.) -- C:\Program Files\BitTorrent\BitTorrent.exe =>P2P.BitTorrent O4 - HKUS\S-1-5-21-1060284298-2000478354-1177238915-1003\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A. O4 - HKUS\S-1-5-21-1060284298-2000478354-1177238915-1003\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd ~ Application: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MI1933~1\Office12\ONBttnIE.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Clé orpheline O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} ((no name)) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ((no name)) - http://www.ma-config.com/plugins/MaConfig_5_1_4_1.cab ~ Objets ActiveX: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{0F488543-D9E5-4869-B0EC-2A4503D7541F}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\..\{32A5298E-49EC-4765-84E8-301CAD3F0FE1}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\..\{0F488543-D9E5-4869-B0EC-2A4503D7541F}: DhcpDomain = lan O17 - HKLM\System\CCS\Services\Tcpip\..\{32A5298E-49EC-4765-84E8-301CAD3F0FE1}: DhcpDomain = lan O17 - HKLM\System\CS1\Services\Tcpip\..\{0F488543-D9E5-4869-B0EC-2A4503D7541F}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CS1\Services\Tcpip\..\{32A5298E-49EC-4765-84E8-301CAD3F0FE1}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CS1\Services\Tcpip\..\{0F488543-D9E5-4869-B0EC-2A4503D7541F}: DhcpDomain = lan O17 - HKLM\System\CS1\Services\Tcpip\..\{32A5298E-49EC-4765-84E8-301CAD3F0FE1}: DhcpDomain = lan O17 - HKLM\System\CS2\Services\Tcpip\..\{32A5298E-49EC-4765-84E8-301CAD3F0FE1}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CS2\Services\Tcpip\..\{32A5298E-49EC-4765-84E8-301CAD3F0FE1}: DhcpDomain = lan O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. - ATI External Event Utility DLL Module.) -- C:\WINDOWS\system32\Ati2evxx.dll O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notifications Windows Genuine Advantage.) -- C:\WINDOWS\system32\WgaLogon.dll O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - AppInit_DLLs: . (...) - C:\Documents and Settings\All Users\Application Data\BitGuard\2.6.1694.246\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll =>PUP.BitGuard ~ AppInit DLL: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: BitGuard (BitGuard) . (...) - C:\Documents and Settings\All Users\Application Data\BitGuard\2.6.1694.246\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe =>PUP.BitGuard O23 - Service: Intel(R) PROSet/Wireless Registry Servic (RegSrvc) . (.Intel(R) Corporation - Intel(R) PROSet/Wireless Registry Service.) - C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Update Whilokii (Update Whilokii) . (.Whilokii - Whilokii.) - C:\Program Files\Whilokii\updateWhilokii.exe =>PUP.Whilokii O23 - Service: Util Whilokii (Util Whilokii) . (.Whilokii - Whilokii.) - C:\Program Files\Whilokii\bin\utilWhilokii.exe =>PUP.Whilokii ~ Services: 14 Legitimates Filtered in 00mn 06s ---\\ Enumération Active Desktop & MHTML Editor (O24) O24 - Desktop General: BackupWallPaper - .(...) - C:\WINDOWS\web\wallpaper\Colline verdoyante.bmp O24 - Desktop General: WallPaper - .(...) - C:\WINDOWS\web\wallpaper\Colline verdoyante.bmp ~ Desktop Component: 4 Legitimates Filtered in 00mn 00s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\BitGuard.job [280] =>PUP.BitGuard O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\SpeedUpMyPC.job [256] =>Rogue.SpeedUpMyPC ~ Scheduled Task: 19 Legitimates Filtered in 00mn 00s ---\\ Composants installés (ActiveSetup Installed Components) (O40) O40 - ASIC: Installed Component - S-1-5-21-1060284298-2000478354-1177238915-1003 - >{X9B49E34-C7CC-11D0-8953-00A0C90347FF} -- Not Hexadécimal CLSID ~ Active Setup: 21 Legitimates Filtered in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: BitGuard - (.MediaTechSoft Inc..) [HKLM] -- {15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} =>PUP.BitGuard O42 - Logiciel: Multimedia Mouse Driver - (.Nom de votre société.) [HKLM] -- InstallShield_{A9495514-098A-4869-A464-C455857BC464} O42 - Logiciel: WebPlayerV2 - (.Kreapixel.) [HKLM] -- {77236F9C-987C-40EC-832B-5BD6181E4846} =>Adware.SocialSkinz O42 - Logiciel: Whilokii 1.0.0 - (.Whilokii.) [HKLM] -- Whilokii =>PUP.Whilokii ~ Logic: 96 Legitimates Filtered in 00mn 01s ---\\ HKCU & HKLM Software Keys [HKCU\Software\5b6ded0e26eef12] [HKCU\Software\BI] [HKCU\Software\DataMngr] =>PUP.Datamngr [HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr [HKCU\Software\Default Tab] =>Adware.Bandoo [HKCU\Software\Delta] [HKCU\Software\InstallCore] =>Adware.InstallCore [HKCU\Software\Softonic] =>Toolbar.Conduit [HKCU\Software\Whilokii] =>PUP.Whilokii [HKLM\Software\5b6ded0e26eef12] [HKLM\Software\DataMngr] =>PUP.Datamngr [HKLM\Software\Delta] ~ Key Software: 191 Legitimates Filtered in 00mn 01s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 28/04/2013 - 08:06:34 - [0] ----D C:\Program Files\Ask.com O43 - CFD: 17/03/2013 - 11:54:57 - [1,480] ----D C:\Program Files\Delta O43 - CFD: 27/04/2013 - 20:46:50 - [4,594] ----D C:\Program Files\GUM106.tmp O43 - CFD: 27/11/2012 - 08:14:47 - [0] ----D C:\Program Files\GUM50.tmp O43 - CFD: 25/06/2012 - 11:07:58 - [6,302] ----D C:\Program Files\Multimedia Mouse Driver O43 - CFD: 25/06/2012 - 17:46:32 - [6,416] ----D C:\Program Files\Resource Center O43 - CFD: 14/10/2013 - 17:30:48 - [1,799] ----D C:\Program Files\Whilokii =>PUP.Whilokii O43 - CFD: 09/10/2013 - 07:06:22 - [8,445] ----D C:\Documents and Settings\All Users\Application Data\BitGuard =>PUP.BitGuard O43 - CFD: 17/03/2013 - 12:39:47 - [0,259] ----D C:\Documents and Settings\NIZAR\Application Data\Delta O43 - CFD: 25/02/2013 - 09:58:01 - [0,343] ----D C:\Documents and Settings\NIZAR\Local Settings\Application Data\APN O43 - CFD: 08/10/2013 - 20:51:04 - [0,001] ----D C:\Documents and Settings\NIZAR\Menu Démarrer\Programmes\BitGuard =>PUP.BitGuard O43 - CFD: 15/04/2013 - 10:37:43 - [0,002] ----D C:\Documents and Settings\NIZAR\Menu Démarrer\Programmes\Jeux O43 - CFD: 25/06/2012 - 11:08:00 - [0,003] ----D C:\Documents and Settings\NIZAR\Menu Démarrer\Programmes\Multimedia Mouse Driver ~ Program Folder: 171 Legitimates Filtered in 00mn 25s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.1F1854370ED389CDFECB7979691BF713] - 20/10/2013 - 19:07:55 ---A- . (...) -- C:\WINDOWS\wmsetup.log [808] O44 - LFC:[MD5.909A097CBD20B9ACE603E1A1B259F5B9] - 24/10/2013 - 07:12:43 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50] O44 - LFC:[MD5.602EB6ED1FC2444E7E915F47FBC142CE] - 24/10/2013 - 07:12:44 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159] ~ Files: 13 Legitimates Filtered in 00mn 08s ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.4FC5C59EBEC1157FBFE08BEDEBC53413] - 24/10/2013 - 07:13:38 ---A- - C:\WINDOWS\Prefetch\ACU.EXE-16EFBB5A.pf O45 - LFCP:[MD5.B81C31ABFC5E9AC7C0F55AEBF1100D25] - 24/10/2013 - 07:13:38 ---A- - C:\WINDOWS\Prefetch\FLVSRVC.EXE-0B427F11.pf O45 - LFCP:[MD5.65DA06872A8FC796727BCC869931AB06] - 24/10/2013 - 07:13:38 ---A- - C:\WINDOWS\Prefetch\KMCONFIG.EXE-1DFBC3B8.pf O45 - LFCP:[MD5.409CEF36A51D5915D7D535D688C5CF58] - 24/10/2013 - 07:13:38 ---A- - C:\WINDOWS\Prefetch\LOGI_MWX.EXE-1B741F45.pf O45 - LFCP:[MD5.606E519ABB9E150A4F87F41443B5FADB] - 24/10/2013 - 07:13:38 ---A- - C:\WINDOWS\Prefetch\STARTAUTORUN.EXE-343856AD.pf O45 - LFCP:[MD5.812347245749458924394357BC08C59D] - 24/10/2013 - 07:13:51 ---A- - C:\WINDOWS\Prefetch\IWRAP.EXE-082C3803.pf O45 - LFCP:[MD5.EFB34BAF98754A9D289F18A17626284E] - 24/10/2013 - 07:13:53 ---A- - C:\WINDOWS\Prefetch\KMPROCESS.EXE-0015E811.pf O45 - LFCP:[MD5.A9FB5DE4DD07B4A0DF76E87B16191990] - 24/10/2013 - 07:14:00 ---A- - C:\WINDOWS\Prefetch\ICRDCLL.EXE-23A46A26.pf O45 - LFCP:[MD5.84564D87C2CD9CED9AF7996FD539A586] - 24/10/2013 - 07:14:23 ---A- - C:\WINDOWS\Prefetch\POWERSUITE.EXE-1B9B2189.pf O45 - LFCP:[MD5.5C403CA2B0087C560A431C54F6FBB4A2] - 24/10/2013 - 07:14:29 ---A- - C:\WINDOWS\Prefetch\HPQTHB08.EXE-060DCF16.pf O45 - LFCP:[MD5.49334ED89599304F640455E682DBEFA2] - 24/10/2013 - 07:15:14 ---A- - C:\WINDOWS\Prefetch\HPQGALRY.EXE-07140C25.pf ~ Prefetcher: 60 Legitimates Filtered in 00mn 06s ---\\ Export de clé d'application autorisée (O47) O47 - AAKE:Key Export SP - "C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" [Enabled] .(.Google.) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe O47 - AAKE:Key Export SP - "C:\Program Files\aMSN\bin\wish.exe" [Enabled] .(...) -- C:\Program Files\aMSN\bin\wish.exe (.not file.) ~ Keys Export: 18 Legitimates Filtered in 00mn 00s ---\\ Image File Execution Options (IFEO) (O50) O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d ~ IFEO: Scanned in 00mn 00s ---\\ Clé de registre Shell MountPoints2 (MPKS) (O51) O51 - MPSK:{ed733af2-033b-11e1-a85e-001b777d3f9a}\AutoRun\command. (...) -- G:\.\Setup.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:[MD5.FA72FA503F580C3C628DD8C7D7622E37] - 30/08/2013 - 08:48:12 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswRvrt.sys [49376] O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 14/04/2008 - 20:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037] ~ Drivers: 5 Legitimates Filtered in 00mn 00s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 21/10/2013 - 20:33:15 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\bookmarkbackups\bookmarks-2013-10-21.json [12039] O61 - LFC: 21/10/2013 - 20:33:26 ---A- . (...) -- C:\Documents and Settings\NIZAR\Bureau\RR\argent letitti appt orléans 21 10 2013.txt [130] O61 - LFC: 21/10/2013 - 20:33:27 ---A- . (...) -- C:\Documents and Settings\NIZAR\Favoris\Comment télécharger et installer manuellement Java sur mon ordinateur Windows .url [293] O61 - LFC: 21/10/2013 - 20:33:27 ---A- . (...) -- C:\Documents and Settings\NIZAR\Favoris\NK\Khrane.url [1486] O61 - LFC: 21/10/2013 - 20:33:27 ---A- . (...) -- C:\Documents and Settings\NIZAR\Favoris\RR -NK\Royaume de Dufric.url [269] O61 - LFC: 21/10/2013 - 20:33:27 ---A- . (...) -- C:\Documents and Settings\NIZAR\Favoris\Télécharger le logiciel Java pour Windows.url [277] O61 - LFC: 21/10/2013 - 20:33:40 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\GPUCache\data_2 [1056768] O61 - LFC: 21/10/2013 - 20:33:40 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_kingradan.ki.funpic.de_0.localstorage [3072] O61 - LFC: 21/10/2013 - 20:33:40 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_kingradan.ki.funpic.de_0.localstorage-journal [3608] O61 - LFC: 21/10/2013 - 20:42:05 ---A- . (...) -- C:\Documents and Settings\NIZAR\Recent\argent letitti appt orléans 21 10 2013.lnk [665] O61 - LFC: 21/10/2013 - 20:42:06 ---A- . (...) -- C:\Documents and Settings\NIZAR\Recent\NK.lnk [340] O61 - LFC: 21/10/2013 - 20:42:06 ---A- . (...) -- C:\Documents and Settings\NIZAR\Recent\RR.lnk [340] O61 - LFC: 21/10/2013 - 20:42:06 ---A- . (...) -- C:\Documents and Settings\NIZAR\Recent\à rendre à zary 26 O9 2013;txt.lnk [649] O61 - LFC: 22/10/2013 - 20:33:15 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\bookmarkbackups\bookmarks-2013-10-22.json [12039] O61 - LFC: 22/10/2013 - 20:33:24 -SHA- . (...) -- C:\Documents and Settings\NIZAR\Bureau\mer zarzis\Thumbs.db [119808] O61 - LFC: 22/10/2013 - 20:33:41 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.tribalistan.com_0.localstorage [3072] O61 - LFC: 22/10/2013 - 20:33:41 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.tribalistan.com_0.localstorage-journal [3608] O61 - LFC: 22/10/2013 - 20:33:41 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Network Action Predictor [52224] O61 - LFC: 22/10/2013 - 20:33:41 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Network Action Predictor-journal [16384] O61 - LFC: 22/10/2013 - 20:33:41 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Shortcuts [12288] O61 - LFC: 22/10/2013 - 20:33:41 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Shortcuts-journal [12824] O61 - LFC: 22/10/2013 - 20:33:44 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb [1134592] O61 - LFC: 22/10/2013 - 20:33:44 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Microsoft\Media Player\lastplayed.wpl [467] O61 - LFC: 22/10/2013 - 20:42:06 ---A- . (...) -- C:\Documents and Settings\NIZAR\Recent\IMG_1487.lnk [601] O61 - LFC: 22/10/2013 - 20:42:06 ---A- . (...) -- C:\Documents and Settings\NIZAR\Recent\mer zarzis.lnk [386] O61 - LFC: 23/10/2013 - 20:33:12 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Microsoft\.NET Framework Config\v1.0.5000.0\settings.xml [78] O61 - LFC: 23/10/2013 - 20:33:15 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\bookmarkbackups\bookmarks-2013-10-23.json [12039] O61 - LFC: 23/10/2013 - 20:33:15 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\cert8.db [147456] O61 - LFC: 23/10/2013 - 20:33:16 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\key3.db [16384] O61 - LFC: 23/10/2013 - 20:33:16 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\permissions.sqlite [1736704] O61 - LFC: 23/10/2013 - 20:33:16 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\sessionstore.bak [16250] O61 - LFC: 23/10/2013 - 20:33:40 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_support.google.com_0.localstorage [3072] O61 - LFC: 23/10/2013 - 20:33:40 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_support.google.com_0.localstorage-journal [3608] O61 - LFC: 23/10/2013 - 20:33:40 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_www.google.tn_0.localstorage [3072] O61 - LFC: 23/10/2013 - 20:33:40 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_www.google.tn_0.localstorage-journal [3608] O61 - LFC: 23/10/2013 - 20:33:41 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Origin Bound Certs [18432] O61 - LFC: 23/10/2013 - 20:33:41 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Origin Bound Certs-journal [3608] O61 - LFC: 24/10/2013 - 20:33:14 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Microsoft\Windows\Themes\Custom.theme [7646] O61 - LFC: 24/10/2013 - 20:33:14 -SHA- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Microsoft\Internet Explorer\UserData\index.dat [32768] O61 - LFC: 24/10/2013 - 20:33:15 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\addons.sqlite [524288] O61 - LFC: 24/10/2013 - 20:33:15 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\addons.sqlite-journal [295496] O61 - LFC: 24/10/2013 - 20:33:15 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\blocklist.xml [81840] O61 - LFC: 24/10/2013 - 20:33:15 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\bookmarkbackups\bookmarks-2013-10-24.json [12039] O61 - LFC: 24/10/2013 - 20:33:15 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\cookies.sqlite [1048576] O61 - LFC: 24/10/2013 - 20:33:15 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\cookies.sqlite-shm [32768] O61 - LFC: 24/10/2013 - 20:33:15 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\cookies.sqlite-wal [590288] O61 - LFC: 24/10/2013 - 20:33:15 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\defaulttab.config [14234] =>Adware.Bandoo O61 - LFC: 24/10/2013 - 20:33:15 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\downloads.sqlite [98304] O61 - LFC: 24/10/2013 - 20:33:16 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\formhistory.sqlite [196608] O61 - LFC: 24/10/2013 - 20:33:16 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\healthreport.sqlite [1146880] O61 - LFC: 24/10/2013 - 20:33:16 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\healthreport.sqlite-shm [32768] O61 - LFC: 24/10/2013 - 20:33:16 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\healthreport.sqlite-wal [524704] O61 - LFC: 24/10/2013 - 20:33:16 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\healthreport\state.json [123] O61 - LFC: 24/10/2013 - 20:33:16 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\localstore.rdf [8109] O61 - LFC: 24/10/2013 - 20:33:16 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\places.sqlite [10485760] O61 - LFC: 24/10/2013 - 20:33:16 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\places.sqlite-shm [32768] O61 - LFC: 24/10/2013 - 20:33:16 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\places.sqlite-wal [295160] O61 - LFC: 24/10/2013 - 20:33:16 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\pluginreg.dat [6793] O61 - LFC: 24/10/2013 - 20:33:16 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\prefs.js [13789] O61 - LFC: 24/10/2013 - 20:33:16 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\search-metadata.json [553] O61 - LFC: 24/10/2013 - 20:33:16 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\search.json [22690] O61 - LFC: 24/10/2013 - 20:33:16 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\searchplugins\search-here.xml [1977] O61 - LFC: 24/10/2013 - 20:33:16 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\sessionstore.js [225019] O61 - LFC: 24/10/2013 - 20:33:17 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\signons.sqlite [327680] O61 - LFC: 24/10/2013 - 20:33:17 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\urlclassifierkey3.txt [154] O61 - LFC: 24/10/2013 - 20:33:17 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\webapps\webapps.json [2] O61 - LFC: 24/10/2013 - 20:33:17 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\webappsstore.sqlite [1638400] O61 - LFC: 24/10/2013 - 20:33:17 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\webappsstore.sqlite-shm [32768] O61 - LFC: 24/10/2013 - 20:33:17 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\webappsstore.sqlite-wal [1572864] O61 - LFC: 24/10/2013 - 20:33:23 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\ZHP\Log.txt [20092] =>.Nicolas Coolman O61 - LFC: 24/10/2013 - 20:33:23 ---A- . (...) -- C:\Documents and Settings\NIZAR\Application Data\ZHP\TestsZHPDiag.txt [3246] =>.Nicolas Coolman O61 - LFC: 24/10/2013 - 20:33:24 ---A- . (...) -- C:\Documents and Settings\NIZAR\Bureau\modem\octobre 2013\24 10 2013 à14H12.bmp [3072054] O61 - LFC: 24/10/2013 - 20:33:26 ---A- . (...) -- C:\Documents and Settings\NIZAR\Bureau\ZHPDiag.lnk [1523] =>.Nicolas Coolman O61 - LFC: 24/10/2013 - 20:33:26 ---A- . (...) -- C:\Documents and Settings\NIZAR\Bureau\ZHPFix.lnk [1628] =>.Nicolas Coolman O61 - LFC: 24/10/2013 - 20:33:27 ---A- . (...) -- C:\Documents and Settings\NIZAR\Favoris\Royaume du Lavabo.url [602] O61 - LFC: 24/10/2013 - 20:33:27 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.cf8dd223.ini.inuse [0] O61 - LFC: 24/10/2013 - 20:33:27 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\avgchrome\avgp [103045] O61 - LFC: 24/10/2013 - 20:33:27 -SHA- . (...) -- C:\Documents and Settings\NIZAR\IECompatCache\index.dat [360448] O61 - LFC: 24/10/2013 - 20:33:27 -SHA- . (...) -- C:\Documents and Settings\NIZAR\IETldCache\index.dat [262144] O61 - LFC: 24/10/2013 - 20:33:35 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Certificate Revocation Lists [259449] O61 - LFC: 24/10/2013 - 20:33:35 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies [229376] O61 - LFC: 24/10/2013 - 20:33:35 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies-journal [16384] O61 - LFC: 24/10/2013 - 20:33:35 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\CURRENT [16] O61 - LFC: 24/10/2013 - 20:33:35 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\LOG [148] O61 - LFC: 24/10/2013 - 20:33:35 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\LOG.old [148] O61 - LFC: 24/10/2013 - 20:33:36 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\CURRENT [16] O61 - LFC: 24/10/2013 - 20:33:36 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\LOG [148] O61 - LFC: 24/10/2013 - 20:33:36 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\LOG.old [148] O61 - LFC: 24/10/2013 - 20:33:36 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\MANIFEST-000529 [720] O61 - LFC: 24/10/2013 - 20:33:39 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Favicons [847872] O61 - LFC: 24/10/2013 - 20:33:39 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Favicons-journal [16384] O61 - LFC: 24/10/2013 - 20:33:40 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\GPUCache\data_0 [45056] O61 - LFC: 24/10/2013 - 20:33:40 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\GPUCache\data_1 [270336] O61 - LFC: 24/10/2013 - 20:33:40 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\History [1445888] O61 - LFC: 24/10/2013 - 20:33:40 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\History Provider Cache [67235] O61 - LFC: 24/10/2013 - 20:33:40 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\History-journal [16384] O61 - LFC: 24/10/2013 - 20:33:40 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Last Session [82236] O61 - LFC: 24/10/2013 - 20:33:40 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Last Tabs [44445] O61 - LFC: 24/10/2013 - 20:33:40 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\iaimhpklononapfjngelgdokckfjekfc\CURRENT [16] O61 - LFC: 24/10/2013 - 20:33:40 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\iaimhpklononapfjngelgdokckfjekfc\LOG [1175] O61 - LFC: 24/10/2013 - 20:33:40 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\iaimhpklononapfjngelgdokckfjekfc\LOG.old [685] O61 - LFC: 24/10/2013 - 20:33:40 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\iaimhpklononapfjngelgdokckfjekfc\MANIFEST-000126 [397] O61 - LFC: 24/10/2013 - 20:33:40 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_iaimhpklononapfjngelgdokckfjekfc_0.localstorage [3072] O61 - LFC: 24/10/2013 - 20:33:40 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_iaimhpklononapfjngelgdokckfjekfc_0.localstorage-journal [3608] O61 - LFC: 24/10/2013 - 20:33:40 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_bh.contextweb.com_0.localstorage [3072] O61 - LFC: 24/10/2013 - 20:33:40 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_bh.contextweb.com_0.localstorage-journal [3608] O61 - LFC: 24/10/2013 - 20:33:40 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_fr.nativekingdoms.com_0.localstorage [5120] O61 - LFC: 24/10/2013 - 20:33:40 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_fr.nativekingdoms.com_0.localstorage-journal [3608] O61 - LFC: 24/10/2013 - 20:33:40 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_khrane.monalliance.net_0.localstorage [3072] O61 - LFC: 24/10/2013 - 20:33:40 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_khrane.monalliance.net_0.localstorage-journal [3608] O61 - LFC: 24/10/2013 - 20:33:40 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_static.tanzuki.net_0.localstorage [2783232] O61 - LFC: 24/10/2013 - 20:33:40 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_wac.edgecastcdn.net_0.localstorage [3072] O61 - LFC: 24/10/2013 - 20:33:40 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_wac.edgecastcdn.net_0.localstorage-journal [3608] O61 - LFC: 24/10/2013 - 20:33:41 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_static.tanzuki.net_0.localstorage-journal [16384] O61 - LFC: 24/10/2013 - 20:33:41 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_wac.edgecastcdn.net_0.localstorage [3072] O61 - LFC: 24/10/2013 - 20:33:41 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_wac.edgecastcdn.net_0.localstorage-journal [3608] O61 - LFC: 24/10/2013 - 20:33:41 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.lesroyaumes.com_0.localstorage [5120] O61 - LFC: 24/10/2013 - 20:33:41 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.lesroyaumes.com_0.localstorage-journal [3608] O61 - LFC: 24/10/2013 - 20:33:41 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.royaumedulavabo.com_0.localstorage [3072] O61 - LFC: 24/10/2013 - 20:33:41 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.royaumedulavabo.com_0.localstorage-journal [3608] O61 - LFC: 24/10/2013 - 20:33:41 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Login Data [24576] O61 - LFC: 24/10/2013 - 20:33:41 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Login Data-journal [8736] O61 - LFC: 24/10/2013 - 20:33:41 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Managed Mode Settings [8] O61 - LFC: 24/10/2013 - 20:33:41 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [108302] O61 - LFC: 24/10/2013 - 20:33:41 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\CURRENT [16] O61 - LFC: 24/10/2013 - 20:33:41 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\LOG [271] O61 - LFC: 24/10/2013 - 20:33:41 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\LOG.old [271] O61 - LFC: 24/10/2013 - 20:33:41 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000670 [206] O61 - LFC: 24/10/2013 - 20:33:41 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Top Sites [376832] O61 - LFC: 24/10/2013 - 20:33:41 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Top Sites-journal [16384] O61 - LFC: 24/10/2013 - 20:33:41 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\TransportSecurity [325] O61 - LFC: 24/10/2013 - 20:33:41 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Visited Links [131072] O61 - LFC: 24/10/2013 - 20:33:41 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data [88064] O61 - LFC: 24/10/2013 - 20:33:41 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data-journal [16384] O61 - LFC: 24/10/2013 - 20:33:41 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Local State [53712] O61 - LFC: 24/10/2013 - 20:33:42 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Bloom [10133540] O61 - LFC: 24/10/2013 - 20:33:42 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Bloom Prefix Set [1509316] O61 - LFC: 24/10/2013 - 20:33:42 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Cookies [6144] O61 - LFC: 24/10/2013 - 20:33:42 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Cookies-journal [4640] O61 - LFC: 24/10/2013 - 20:33:42 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Csd Whitelist [135236] O61 - LFC: 24/10/2013 - 20:33:42 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Download [992504] O61 - LFC: 24/10/2013 - 20:33:42 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Download Whitelist [19548] O61 - LFC: 24/10/2013 - 20:33:42 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Extension Blacklist [6624] O61 - LFC: 24/10/2013 - 20:33:44 -SHA- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-1060284298-2000478354-1177238915-1003\Credentials [8010] O61 - LFC: 24/10/2013 - 20:41:38 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\_CACHE_CLEAN_ [1] O61 - LFC: 24/10/2013 - 20:41:38 ---A- . (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\startupCache\startupCache.4.little [170803] O61 - LFC: 24/10/2013 - 20:42:05 ---A- . (...) -- C:\Documents and Settings\NIZAR\Recent\24 10 2013 à14H12.lnk [778] O61 - LFC: 24/10/2013 - 20:42:05 -SHA- . (...) -- C:\Documents and Settings\NIZAR\PrivacIE\index.dat [10272768] O61 - LFC: 24/10/2013 - 20:42:06 ---A- . (...) -- C:\Documents and Settings\NIZAR\Recent\octobre 2013.lnk [472] ~ 19 Fichiers temporaires (Temporary files) ~ 17 Fichiers cookies (Cookies files) ~ Files: 10344 Legitimates Filtered in 08mn 57s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Liste les services legacy du registre (LALS) (O64) O64 - Services: CurCS - 08/10/2013 - C:\Documents and Settings\All Users\Application Data\BitGuard\2.6.1694.246\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe (BitGuard) .(...) - LEGACY_BITGUARD =>PUP.BitGuard O64 - Services: CurCS - 17/04/2012 - C:\Program Files\Uniblue\MaxiDisk\service.exe (Uniblue.MaxiDiskSvc) .(...) - LEGACY_UNIBLUE.MAXIDISKSVC O64 - Services: CurCS - 05/10/2013 - C:\Program Files\Whilokii\updateWhilokii.exe (Update Whilokii) .(.Whilokii - Whilokii.) - LEGACY_UPDATE_WHILOKII =>PUP.Whilokii O64 - Services: CurCS - 14/10/2013 - C:\Program Files\Whilokii\bin\utilWhilokii.exe (Util Whilokii) .(.Whilokii - Whilokii.) - LEGACY_UTIL_WHILOKII =>PUP.Whilokii ~ Legacy: 158 Legitimates Filtered in 00mn 02s ---\\ Associations Shell Spawning (O67) O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.) ~ FASS Keys: 19 Legitimates Filtered in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\searchplugins\askcom.xml O69 - SBI: prefs.js [NIZAR - usycz9ri.default] user_pref("avg.install.userHPSettings", "http://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=0009001B777D3F9A"); =>Toolbar.DeltaSearch O69 - SBI: prefs.js [NIZAR - usycz9ri.default] user_pref("avg.install.userSPSettings", "Delta Search"); O69 - SBI: prefs.js [NIZAR - usycz9ri.default] user_pref("extensions.delta.admin", false); O69 - SBI: prefs.js [NIZAR - usycz9ri.default] user_pref("extensions.delta.aflt", "babsst"); O69 - SBI: prefs.js [NIZAR - usycz9ri.default] user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); O69 - SBI: prefs.js [NIZAR - usycz9ri.default] user_pref("extensions.delta.autoRvrt", "false"); O69 - SBI: prefs.js [NIZAR - usycz9ri.default] user_pref("extensions.delta.dfltLng", "en"); O69 - SBI: prefs.js [NIZAR - usycz9ri.default] user_pref("extensions.delta.excTlbr", false); O69 - SBI: prefs.js [NIZAR - usycz9ri.default] user_pref("extensions.delta.id", "0009fb3c000000000000001b777d3f9a"); O69 - SBI: prefs.js [NIZAR - usycz9ri.default] user_pref("extensions.delta.instlDay", "15781"); O69 - SBI: prefs.js [NIZAR - usycz9ri.default] user_pref("extensions.delta.instlRef", "sst"); O69 - SBI: prefs.js [NIZAR - usycz9ri.default] user_pref("extensions.delta.newTab", false); O69 - SBI: prefs.js [NIZAR - usycz9ri.default] user_pref("extensions.delta.prdct", "delta"); O69 - SBI: prefs.js [NIZAR - usycz9ri.default] user_pref("extensions.delta.prtnrId", "delta"); O69 - SBI: prefs.js [NIZAR - usycz9ri.default] user_pref("extensions.delta.rvrt", "false"); O69 - SBI: prefs.js [NIZAR - usycz9ri.default] user_pref("extensions.delta.smplGrp", "none"); O69 - SBI: prefs.js [NIZAR - usycz9ri.default] user_pref("extensions.delta.tlbrId", "base"); O69 - SBI: prefs.js [NIZAR - usycz9ri.default] user_pref("extensions.delta.tlbrSrchUrl", ""); O69 - SBI: prefs.js [NIZAR - usycz9ri.default] user_pref("extensions.delta.vrsn", "1.8.10.0"); O69 - SBI: prefs.js [NIZAR - usycz9ri.default] user_pref("extensions.delta.vrsnTs", "1.8.10.011:54:58"); O69 - SBI: prefs.js [NIZAR - usycz9ri.default] user_pref("extensions.delta.vrsni", "1.8.10.0"); O69 - SBI: SearchScopes [HKCU] {4D691CBE-11F1-4642-855D-A887D1D3ABFB} [DefaultScope] - (Google) - http://www.google.com O69 - SBI: SearchScopes [HKUS\.DEFAULT] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - () - http://search.live.com O69 - SBI: SearchScopes [HKUS\.DEFAULT] {4D691CBE-11F1-4642-855D-A887D1D3ABFB} [DefaultScope] - (Google) - http://www.google.com O69 - SBI: SearchScopes [HKUS\.DEFAULT] {7B012DA0-BBC6-4F4D-A63F-80926C279592} - (Ask Search) - http://websearch.ask.com =>Toolbar.Ask O69 - SBI: SearchScopes [HKUS\S-1-5-18] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - () - http://search.live.com O69 - SBI: SearchScopes [HKUS\S-1-5-18] {4D691CBE-11F1-4642-855D-A887D1D3ABFB} [DefaultScope] - (Google) - http://www.google.com O69 - SBI: SearchScopes [HKUS\S-1-5-18] {7B012DA0-BBC6-4F4D-A63F-80926C279592} - (Ask Search) - http://websearch.ask.com =>Toolbar.Ask ~ Keys: Scanned in 00mn 00s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.6F95F7F1104F92E2A424373A17B97826] [SPRF][25/06/2012] (...) -- C:\Documents and Settings\NIZAR\Local Settings\Application Data\fusioncache.dat [128] [MD5.2D58EDD287012EA9CDAEB98175B682A7] [SPRF][27/04/2013] (.Pas de propriétaire - AVAST Software Setup Engine.) -- C:\Documents and Settings\NIZAR\Bureau\avast_free_antivirus_setup.exe [115054456] [MD5.30FADBA93E9430A63F19DA9935DE4369] [SPRF][14/02/2010] (.Gabest - Media Player Classic.) -- C:\Documents and Settings\NIZAR\Bureau\mplayerc.exe [4411392] [MD5.DF7A9EDAF26EE36695E367A4137DE985] [SPRF][04/04/2013] (.Softonic - Softonic Downloader.) -- C:\Documents and Settings\NIZAR\Bureau\SoftonicDownloader_pour_caesar IV.exe [393064] =>Toolbar.Conduit [MD5.11B9F1E66EE67F0C765C5895A99755DD] [SPRF][30/08/2011] (...) -- C:\Documents and Settings\NIZAR\Bureau\vlc-1.1.11-win32.exe [21073936] ~ Files: 7 Legitimates Filtered in 00mn 32s ---\\ Enumère les codes produits des logiciels (PUC) (O90) O90 - PUC: "4155949AA89096844A464C5558B74C46" . (.Multimedia Mouse Driver.) -- C:\WINDOWS\Installer\{A9495514-098A-4869-A464-C455857BC464}\ARPPRODUCTICON.exe ~ Update Products: 107 Legitimates Filtered in 00mn 00s ---\\ Export de clés de registre aléatoires (O91) [HKCU\Software\5b6ded0e26eef12\2.6.1673.238\upd]:="upd=1" [HKCU\Software\5b6ded0e26eef12\2.6.1694.246\upd]:="upd=" [HKCU\Software\5b6ded0e26eef12\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" [HKCU\Software\5b6ded0e26eef12\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:version="2.6.1095.52" [HKCU\Software\5b6ded0e26eef12\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" [HKCU\Software\5b6ded0e26eef12\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:version="2.6.1125.80" [HKCU\Software\5b6ded0e26eef12\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:dllName="BitGuard.dll" =>PUP.BitGuard [HKCU\Software\5b6ded0e26eef12\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:exeName="BitGuard.exe" =>PUP.BitGuard [HKCU\Software\5b6ded0e26eef12\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:folderName="BitGuard" =>PUP.BitGuard [HKCU\Software\5b6ded0e26eef12\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" [HKCU\Software\5b6ded0e26eef12\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:serviceName="BitGuard" =>PUP.BitGuard [HKCU\Software\5b6ded0e26eef12\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:version="2.6.1673.238" [HKCU\Software\5b6ded0e26eef12]:version="2.6.1694.246" [HKLM\Software\5b6ded0e26eef12]:version="2.6.1694.246" ~ Export Key Software: Scanned in 00mn 00s ---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS) [MD5.3A4339093CCC23AD590C94E2CD390B80] [WIS][27/09/2013] (.Google - Google Talk Plugin Installer.) -- C:\Windows\Installer\11c9119.msi [453632] [MD5.4F31498FC176FCCA5F038525B537C4D9] [WIS][18/08/2011] (.ATI - Catalyst Control Center.) -- C:\Windows\Installer\2d8eae.msi [1121792] [MD5.DAB180D0A6918208298D72093205D13D] [WIS][25/06/2012] (.UASSOFT - Multimedia Mouse Driver.) -- C:\Windows\Installer\c3e0ab.msi [217088] ~ WIS: 110 Legitimates Filtered in 00mn 22s ---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped) SR - | Auto 17/04/2007 364629 | (ACS) . (.Atheros.) - C:\WINDOWS\system32\acs.exe SS - | Demand 19/10/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe SR - | Auto 06/04/2012 9216 | (AgereModemAudio) . (.Agere Systems.) - C:\WINDOWS\system32\agrsmsvc.exe SR - | Auto 27/06/2011 643072 | (Ati HotKey Poller) . (.ATI Technologies Inc..) - C:\WINDOWS\system32\Ati2evxx.exe SR - | Auto 30/08/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe SR - | Auto 08/10/2013 3032032 | (BitGuard) . (...) - C:\Documents and Settings\All Users\Application Data\BitGuard\2.6.1694.246\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe =>PUP.BitGuard SS - | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe SR - | Auto 06/04/2011 866576 | (EvtEng) . (.Intel(R) Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe SS - | Auto 27/11/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 27/11/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 08/08/2011 311928 | (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\maconfservice.exe SS - | Demand 11/09/2013 118680 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe SR - | Auto 29/09/2004 69632 | (Pml Driver HPZ12) . (.HP.) - C:\WINDOWS\system32\HPZipm12.exe SR - | Auto 06/04/2011 481552 | (RegSrvc) . (.Intel(R) Corporation.) - C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe SR - | Auto 06/04/2011 882960 | (S24EventMonitor) . (.Intel(R) Corporation.) - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe SR - | Auto 19/06/2012 3048136 | (Skype C2C Service) . (.Skype Technologies S.A..) - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe SS - | Auto 28/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe SR - | Demand 17/04/2012 30064 | (Uniblue.MaxiDiskSvc) . (...) - C:\Program Files\Uniblue\MaxiDisk\service.exe SR - | Auto 05/10/2013 65304 | (Update Whilokii) . (.Whilokii.) - C:\Program Files\Whilokii\updateWhilokii.exe =>PUP.Whilokii SR - | Auto 14/10/2013 65304 | (Util Whilokii) . (.Whilokii.) - C:\Program Files\Whilokii\bin\utilWhilokii.exe =>PUP.Whilokii ~ Services: Scanned in 00mn 25s ---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by NIZAR at 24/10/2013 20:44:28 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 04s ---\\ Scan Additionnel (O88) Database Version : 12960 - (24/10/2013) Clés trouvées (Keys found) : 82 Valeurs trouvées (Values found) : 3 Dossiers trouvés (Folders found) : 10 Fichiers trouvés (Files found) : 16 [HKLM\Software\Google\Chrome\Extensions\iaimhpklononapfjngelgdokckfjekfc] =>PUP.Whilokii^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{204DF522-9A96-4A72-ABB0-60F7A216D6D2}] =>PUP.Whilokii^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch^ [HKLM\SYSTEM\CurrentControlSet\Services\BitGuard] =>PUP.BitGuard^ [HKLM\SYSTEM\CurrentControlSet\Services\Update Whilokii] =>PUP.Whilokii^ [HKLM\SYSTEM\CurrentControlSet\Services\Util Whilokii] =>PUP.Whilokii^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}] =>PUP.BitGuard^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{77236F9C-987C-40EC-832B-5BD6181E4846}] =>Adware.SocialSkinz^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Whilokii] =>PUP.Whilokii^ [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}] =>Toolbar.AskTBar [HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>Toolbar.Babylon [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon [HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}] =>Toolbar.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}] =>Toolbar.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype [HKLM\Software\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype [HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype [HKLM\Software\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype [HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>Toolbar.Babylon [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.Avira [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.Avira [HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon [HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ef79f67a-6ad7-4715-a0f8-932fca442023}] =>Toolbar.Conduit [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ef79f67a-6ad7-4715-a0f8-932fca442023}] =>Toolbar.Conduit [HKLM\Software\Classes\AppID\escort.dll] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\escortapp.dll] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\escorteng.dll] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\esrv.EXE] =>Toolbar.Babylon [HKLM\Software\Classes\escort.escortIEPane] =>PUP.Funmoods [HKLM\Software\Classes\escort.escortIEPane.1] =>PUP.Funmoods [HKCU\Software\DataMngr] =>Adware.Bandoo [HKLM\Software\DataMngr] =>Adware.Bandoo [HKCU\Software\default tab] =>Adware.IMBooster [HKCU\Software\Softonic] =>Toolbar.Conduit [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B24D9234-CFC5-46D2-95C5-0DE695A7895E}] =>Adware.Downware [HKLM\Software\Classes\CLSID\{B24D9234-CFC5-46D2-95C5-0DE695A7895E}] =>Adware.Downware [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B24D9234-CFC5-46D2-95C5-0DE695A7895E}] =>Adware.Downware [HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon [HKCU\Software\InstallCore] =>Adware.InstallCore [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings] =>PUP.BProtector [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo [HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}] =>PUP.Funmoods [HKLM\Software\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}] =>PUP.Funmoods [HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab] =>Adware.IMBooster [HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta] =>Toolbar.DeltaSearch [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller] =>Adware.MegaSearch [HKLM\Software\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\delta.deltaappCore] =>PUP.Funmoods [HKLM\Software\Classes\delta.deltaappCore.1] =>PUP.Funmoods [HKLM\Software\Classes\delta.deltadskBnd] =>PUP.Funmoods [HKLM\Software\Classes\delta.deltadskBnd.1] =>PUP.Funmoods [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1] =>Rogue.SpeedUpMyPC [HKCU\Software\BI] =>Adware.MegaSearch [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}] =>Toolbar.Yahoo [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}] =>Toolbar.Yahoo [HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}] =>Toolbar.Yahoo [HKLM\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}] =>Adware.BrowseFox [HKLM\Software\aMSN\OpenCandy] =>Adware.OpenCandy [HKLM\Software\Classes\delta.deltaHlpr] =>Toolbar.DeltaSearch [HKLM\Software\Classes\delta.deltaHlpr.1] =>Toolbar.DeltaSearch [HKLM\Software\Classes\esrv.deltaESrvc] =>Toolbar.DeltaSearch [HKLM\Software\Classes\esrv.deltaESrvc.1] =>Toolbar.DeltaSearch [HKLM\Software\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods [HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{82E1477C-B154-48D3-9891-33D83C26BCD3} =>Toolbar.DeltaSearch^ [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:Freecorder FLV Service =>Riskware.Movly^ [HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Toolbar.Avira C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\addon@defaulttab.com =>Adware.Bandoo^ C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\ffxtlbr@delta.com =>Toolbar.DeltaSearch^ C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\firefox@whilokii.net =>PUP.Whilokii^ C:\Program Files\Whilokii =>PUP.Whilokii^ C:\Documents and Settings\All Users\Application Data\BitGuard =>PUP.BitGuard^ C:\Documents and Settings\NIZAR\Menu Démarrer\Programmes\BitGuard =>PUP.BitGuard^ C:\Program Files\Ask.com =>Toolbar.AskBar C:\Documents and Settings\NIZAR\Application Data\WebPlayerBdd =>Adware.SocialSkinz C:\Documents and Settings\NIZAR\Local Settings\Application Data\Bundled software uninstaller =>Adware.MegaSearch C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\Extensions\ffxtlbr@delta.com =>PUP.Funmoods C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\bprotector_extensions.sqlite =>PUP.BProtector C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\bprotector_prefs.js =>PUP.BProtector C:\Documents and Settings\NIZAR\Application Data\Mozilla\Firefox\Profiles\usycz9ri.default\Extensions\addon@defaulttab.com.xpi =>Adware.Bandoo C:\Documents and Settings\All Users\Application Data\BitGuard\2.6.1694.246\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe =>PUP.BitGuard^ C:\Program Files\Whilokii\updateWhilokii.exe =>PUP.Whilokii^ C:\Program Files\Whilokii\bin\utilWhilokii.exe =>PUP.Whilokii^ C:\Program Files\Freecorder\FLVSrvc.exe =>Riskware.Movly^ C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe =>Rogue.SpeedUpMyPC^ C:\Documents and Settings\NIZAR\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iaimhpklononapfjngelgdokckfjekfc =>PUP.Whilokii^ C:\WINDOWS\Tasks\BitGuard.job =>PUP.BitGuard^ C:\WINDOWS\Tasks\SpeedUpMyPC.job =>Rogue.SpeedUpMyPC^ [HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr^ [HKCU\Software\Default Tab] =>Adware.Bandoo^ [HKCU\Software\Whilokii] =>PUP.Whilokii^ C:\Documents and Settings\NIZAR\Bureau\SoftonicDownloader_pour_caesar IV.exe =>Toolbar.Conduit^ [HKCU\Software\5b6ded0e26eef12\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:dllName="BitGuard.dll" =>PUP.BitGuard^ ~ Additionnel Scan: 208433 Items scanned in 01mn 17s ---\\ Récapitulatif des détections trouvées sur votre station ~ http://nicolascoolman.webs.com/apps/blog/show/32979753-pup-bitguard =>PUP.BitGuard ~ http://nicolascoolman.webs.com/apps/blog/show/33413667-pup-whilokii =>PUP.Whilokii ~ http://nicolascoolman.webs.com/apps/blog/show/28801930-riskware-movly =>Riskware.Movly ~ http://nicolascoolman.webs.com/apps/blog/show/33047509-rogue-speedupmypc =>Rogue.SpeedUpMyPC ~ http://nicolascoolman.webs.com/apps/blog/show/27161672-hijacker-eazel =>Hijacker.Eazel ~ http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch =>Toolbar.DeltaSearch ~ http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch =>Adware.MyWebSearch ~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo ~ http://nicolascoolman.webs.com/apps/blog/show/27480243-adware-socialskinz =>Adware.SocialSkinz ~ http://nicolascoolman.webs.com/apps/blog/show/27583992-pup-datamngr =>PUP.Datamngr ~ http://nicolascoolman.webs.com/apps/blog/show/29790567-adware-installcore =>Adware.InstallCore ~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit ~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask ~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>Toolbar.Babylon ~ http://nicolascoolman.webs.com/apps/blog/show/30898245-toolbar-skype =>Toolbar.Skype ~ http://nicolascoolman.webs.com/apps/blog/show/28419247-toolbar-avira =>Toolbar.Avira ~ http://nicolascoolman.webs.com/apps/blog/show/27630986-pup-funmoods =>PUP.Funmoods ~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster ~ http://nicolascoolman.webs.com/apps/blog/show/26690384-adware-downware =>Adware.Downware ~ http://nicolascoolman.webs.com/apps/blog/show/28133096-pup-bprotector =>PUP.BProtector ~ http://nicolascoolman.webs.com/apps/blog/show/30268689-toolbar-yahoo =>Toolbar.Yahoo ~ http://nicolascoolman.webs.com/apps/blog/show/26919368-adware-megasearch =>Adware.MegaSearch ~ http://nicolascoolman.webs.com/apps/blog/show/32363262-adware-browsefox =>Adware.BrowseFox ~ http://nicolascoolman.webs.com/apps/blog/show/26770694-adware-opencandy =>Adware.OpenCandy ~ MSI: 24 link(s) detected in 01mn 17s ~ 11397 Legitimates filtered by white list End of the scan (910 lines in 14mn 48s)(0)