~ Rapport de ZHPDiag v2013.9.6.15 - Nicolas Coolman  (07/09/2013)
~ Lancé par manu (08/09/2013 20:46:07)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 23.0.1 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista Home Basic Edition, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
Windows Automatic Updates : OK

---\\ Logiciels de protection du système
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Security Client v4.3.0215.0
McAfee Security Scan Plus v3.0.285.6

---\\ Logiciels d'optimisation du système
CCleaner v3.27  =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader XI

---\\ Informations sur le système
~ Processor: x86 Family 15 Model 6 Stepping 5, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Sans échec avec prise en charge du réseau (Fail-safe with network boot)
Total RAM: 446 MB (21% free)
System Restore: Activé (Enable)
System drive C: has 23 GB (20%) free of 113 GB

---\\ Mode de connexion au système
~ Computer Name: PC-DE-MANU
~ User Name: manu
~ All Users Names: matheomanon, manu, Administrateur, 
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppData% : C:\Users\manu\AppData\Roaming\
~ %Desktop% : C:\Users\manu\Desktop\
~ %Favorites% : C:\Users\manu\Favorites\
~ %LocalAppData% : C:\Users\manu\AppData\Local\
~ %StartMenu% : C:\Users\manu\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
A:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
C:\ Hard drive, Flash drive, Thumb drive (Free 23 Go of 113 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 77 Go of 113 Go)
E:\ CD-ROM drive (Not Inserted)
F:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
~ Security Center: 38 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.10/04/2009 - 22:27:38.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.18/01/2008 - 22:33:38.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.6839F14A2507D9273BD13565DD880377] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.28/08/2013 - 17:26:48.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.10/04/2009 - 22:28:14.) -- C:\Windows\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.10/04/2009 - 22:32:28.) -- C:\Windows\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.18/01/2008 - 20:28:04.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.10/04/2009 - 20:39:18.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.10/04/2009 - 20:42:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.18/01/2008 - 20:49:20.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.18/01/2008 - 20:56:30.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.10/04/2009 - 20:45:38.) -- C:\Windows\system32\Drivers\netBT.sys [185856]
[MD5.6A4A98CEE84CF9E99564510DDA4BAA47] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.10/04/2009 - 22:32:50.) -- C:\Windows\system32\Drivers\ntfs.sys [1083880]
[MD5.8A79FDF04A73428597E2CAF9D0D67850] - (.Microsoft Corporation - Pilote de port parallèle.) (.18/01/2008 - 20:49:34.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.18/01/2008 - 20:56:36.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.E8BD98D46F2ED77132BA927FCCB47D8B] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.02/11/2006 - 10:03:00.) -- C:\Windows\system32\Drivers\rdpdr.sys [242688]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.10/04/2009 - 20:45:24.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.10/04/2009 - 20:45:58.) -- C:\Windows\system32\Drivers\tdx.sys [72192]
[MD5.147281C01FCB1DF9252DE2A10D5E7093] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.10/04/2009 - 22:32:56.) -- C:\Windows\system32\Drivers\volsnap.sys [226280]
~ Generic Processes:  Scanned in 00mn 01s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/209
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 1/10
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 2/1738
~ Mon Bureau (My Desktop) : 1/174
~ Menu demarrer (Programs) : 1/33
~ Hidden Files:  Scanned in 00mn 06s



---\\ Processus lancés au démarrage du système
[MD5.57EC630DBD5F0713E77CB3540AB80A8E] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe   [757400] [PID.1420]
[MD5.DFB2902086DEC1469F13C2BA839BC6E1] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe   [7909376] [PID.2536]
[MD5.37F77AEBFF23A99D1BFB4F34CD2D07F2] - (.Microsoft Corporation - Antimalware Service Executable.) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe   [22208] [PID.840]
[MD5.5DAF7081A4BB112FA3F1915819330A3E] - (...) -- C:\Program Files\ZHPDiag\pv.exe   [61440] [PID.0]
~ Processes Running:  Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions  (P2,M0,M1,M2,M3)
C:\Users\manu\AppData\Roaming\Mozilla\Firefox\Profiles\7pckoe70.default\prefs.js (.not file.)
C:\Users\manu\AppData\Roaming\Mozilla\Firefox\Profiles\7pckoe70.default\user.js
C:\Users\manu\AppData\Roaming\Mozilla\Firefox\Profiles\8yu76qy6.default\prefs.js (.not file.)
C:\Users\manu\AppData\Roaming\Mozilla\Firefox\Profiles\bf7ty38l.default-1377691728710\prefs.js
C:\Users\manu\AppData\Roaming\Mozilla\Firefox\Profiles\sxyat32m.default-1369752823794\prefs.js (.not file.)
M3 - MFPP: Plugins - [manu] -- C:\Users\manu\AppData\Roaming\Mozilla\Firefox\Profiles\7pckoe70.default\searchplugins\babylon.xml  =>Toolbar.Babylon
M3 - MFPP: Plugins - [manu] -- C:\Program Files\Mozilla FireFox\searchplugins\babylon.xml  =>Toolbar.Babylon
~ Firefox Browser: 22 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys:  Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar:  Scanned in 00mn 00s



---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- C:\Program Files\Microsoft Security Client\msseces.exe 
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe (.not file.) 
O4 - HKCU\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe 
O4 - HKCU\..\Run: [Bubble Dock] C:\Users\manu\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe (.not file.)  =>Toolbar.BubbleDock
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe 
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter]  oobefldr.dll 
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe 
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter]  oobefldr.dll 
O4 - HKUS\S-1-5-21-2860283406-162596903-1030651526-1000\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe 
O4 - HKUS\S-1-5-21-2860283406-162596903-1030651526-1000\..\Run: [Bubble Dock] C:\Users\manu\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe (.not file.)  =>Toolbar.BubbleDock
~ Application:  Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Programs: McAfee Security Scan Plus.lnk . (.McAfee, Inc. - McAfee Security Scanner Scheduler.)  -- C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe 
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe 
O4 - GS\Programs: Unibet.fr.lnk . (.Playtech - Playtech Client Engine Application.)  -- C:\Poker\Unibet.fr\casino.exe 
O4 - GS\Programs: Windows Mail.lnk . (.Microsoft Corporation - Windows Mail.)  -- C:\Program Files\Windows Mail\WinMail.exe 
O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.)  -- C:\Program Files\Windows Media Player\wmplayer.exe 
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe 
O4 - GS\QuickLaunch: PhotoScape.lnk . (...)  -- C:\Program Files\PhotoScape\PhotoScape.exe
O4 - GS\QuickLaunch: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.)  -- C:\Program Files\Windows Media Player\wmplayer.exe 
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe 
O4 - GS\SendTo: Format Factory.lnk . (.Free Time - FormatFactory.)  -- C:\Program Files\FreeTime\FormatFactory\FormatFactory.exe 
O4 - GS\Desktop: CVitae V4.lnk . (...)  -- C:\Program Files\CVitaeV4\CVitae.exe
O4 - GS\Desktop: DivX Movies.lnk . (...)  -- C:\Users\manu\Videos\DivX Movies 
O4 - GS\Desktop: Format Factory.lnk . (.Free Time - FormatFactory.)  -- C:\Program Files\FreeTime\FormatFactory\FormatFactory.exe 
O4 - GS\Desktop: MediaCoder.lnk . (.Sinovation Inc. - MediaCoder.)  -- C:\Program Files\MediaCoder\mediacoder.exe 
O4 - GS\Desktop: PhotoFiltre 7.lnk . (.Antonio Da Cruz - PhotoFiltre.)  -- C:\Program Files\PhotoFiltre 7\PhotoFiltre7.exe 
O4 - GS\Desktop: PhotoScape.lnk . (...)  -- C:\Program Files\PhotoScape\PhotoScape.exe
O4 - GS\Desktop: RegCleaner.lnk . (...)  -- C:\Program Files\RegCleaner\RegCleanr.exe
O4 - GS\Desktop: Unibet.fr.lnk . (.Playtech - Playtech Client Engine Application.)  -- C:\Poker\Unibet.fr\casino.exe 
~ Global Startup:  Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
~ Objets ActiveX:  Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{605C4322-39D4-4486-A382-1FC237FDC64E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6703125-8999-440E-B713-B10B1F753A0C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{605C4322-39D4-4486-A382-1FC237FDC64E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{D6703125-8999-440E-B713-B10B1F753A0C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{605C4322-39D4-4486-A382-1FC237FDC64E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{D6703125-8999-440E-B713-B10B1F753A0C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain:  Scanned in 00mn 00s



---\\ Titr_HJT34=Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll  =>Hijacker.Eazel
~ AppInit DLL:  Scanned in 00mn 00s



---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO:  Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: BrowserProtect (BrowserProtect) . (...) - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe  =>Hijacker.Eazel
O23 - Service: Service Google Update (gupdate) (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe
~ Services: 3 Legitimates Filtered in 00mn 04s



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Windows\web\Wallpaper\img23.jpg
O24 - Desktop General: WallPaper - .(...) - C:\Windows\web\Wallpaper\img23.jpg
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task  - C:\Windows\Tasks\DSite.job   [282]
~ Scheduled Task: 4 Legitimates Filtered in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: BrowserProtect - (.Bit89 Inc.) [HKLM] -- {15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}  =>Hijacker.Eazel
O42 - Logiciel: Codec Pack Packages - (...) [HKCU] -- Codec Pack Packages
O42 - Logiciel: Codec Package Packages - (...) [HKCU] -- Codec Package Packages
~ Logic: 62 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\5f55d7d1b56ee513]
[HKCU\Software\APN PIP]
[HKCU\Software\BabylonToolbar]  =>Toolbar.Babylon
[HKCU\Software\Conduit]  =>Toolbar.Conduit
[HKCU\Software\DataMngr]  =>PUP.Datamngr
[HKCU\Software\DataMngr_Toolbar]  =>PUP.Datamngr
[HKCU\Software\DefaultPackStatus]
[HKCU\Software\InstallCore]  =>Adware.InstallCore
[HKCU\Software\PIP]
[HKCU\Software\Softonic]  =>Toolbar.Conduit
[HKCU\Software\WEDLMNGR]
[HKLM\Software\5f55d7d1b56ee513]
[HKLM\Software\Babylon]  =>Toolbar.Babylon
[HKLM\Software\Conduit]  =>Toolbar.Conduit
[HKLM\Software\DataMngr]  =>PUP.Datamngr
[HKLM\Software\PIP]
[HKLM\Software\Tarma Installer]  =>Toolbar.Tarma
~ Key Software: 168 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 22/05/2013 - 00:49:27 - [0] ----D C:\Program Files\GSMLOC
O43 - CFD: 16/02/2013 - 13:16:23 - [4,634] ----D C:\Program Files\GUM1A82.tmp
O43 - CFD: 02/05/2013 - 07:12:05 - [0,001] ----D C:\Program Files\Iminent  =>Adware.IMBooster
O43 - CFD: 26/11/2012 - 23:50:04 - [0] ----D C:\ProgramData\Babylon  =>Toolbar.Babylon
O43 - CFD: 05/12/2006 - 01:02:24 - [0,000] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 02/05/2013 - 08:27:05 - [8,769] ----D C:\ProgramData\BrowserProtect  =>Hijacker.Eazel
O43 - CFD: 02/05/2013 - 04:33:57 - [1,288] ----D C:\ProgramData\InstallMate
O43 - CFD: 02/05/2013 - 04:33:35 - [0] ----D C:\ProgramData\StarApp
O43 - CFD: 19/08/2013 - 16:07:16 - [0,829] ----D C:\ProgramData\Tarma Installer  =>Toolbar.Tarma
O43 - CFD: 12/02/2013 - 08:03:07 - [0] ----D C:\ProgramData\?L?L
O43 - CFD: 10/04/2013 - 11:38:39 - [0] ----D C:\ProgramData\?Œ?Œ
O43 - CFD: 02/05/2013 - 14:09:24 - [0] ----D C:\ProgramData\?(?(
O43 - CFD: 16/02/2013 - 13:31:39 - [0] ----D C:\ProgramData\?,?,
O43 - CFD: 02/05/2013 - 05:02:33 - [0] ----D C:\ProgramData\?-?-
O43 - CFD: 13/02/2013 - 06:56:22 - [0] ----D C:\ProgramData\?.?
O43 - CFD: 25/04/2013 - 15:45:07 - [0] ----D C:\ProgramData\?5?5
O43 - CFD: 24/04/2013 - 06:40:39 - [0] ----D C:\ProgramData\?7?7
O43 - CFD: 11/04/2013 - 16:28:27 - [0] ----D C:\ProgramData\?B?B
O43 - CFD: 11/05/2013 - 10:44:12 - [0] ----D C:\ProgramData\?C?C
O43 - CFD: 25/04/2013 - 08:13:44 - [0] ----D C:\ProgramData\?H?H
O43 - CFD: 23/04/2013 - 01:23:25 - [0] ----D C:\ProgramData\????
O43 - CFD: 19/02/2013 - 23:52:09 - [0] ----D C:\ProgramData\????
O43 - CFD: 12/04/2013 - 09:20:32 - [0] ----D C:\ProgramData\????
O43 - CFD: 13/02/2013 - 06:36:53 - [0] ----D C:\ProgramData\?­?­
O43 - CFD: 29/04/2013 - 10:01:45 - [0] ----D C:\ProgramData\?±?±
O43 - CFD: 10/05/2013 - 16:29:53 - [0] ----D C:\ProgramData\?À?À
O43 - CFD: 08/05/2013 - 03:12:40 - [0] ----D C:\ProgramData\?â?â
O43 - CFD: 18/02/2013 - 08:23:54 - [0] ----D C:\ProgramData\?í?í
O43 - CFD: 17/02/2013 - 21:32:35 - [0] ----D C:\ProgramData\?ð?ð
O43 - CFD: 02/05/2013 - 03:54:41 - [0] ----D C:\ProgramData\?ñ?ñ
O43 - CFD: 29/04/2013 - 10:16:37 - [0] ----D C:\ProgramData\?Ø?Ø
O43 - CFD: 03/05/2013 - 18:22:20 - [0] ----D C:\ProgramData\?Ý?Ý
O43 - CFD: 26/04/2013 - 16:07:58 - [0] ----D C:\ProgramData\?÷?÷
O43 - CFD: 10/04/2013 - 16:04:23 - [0] ----D C:\ProgramData\?e?e
O43 - CFD: 17/02/2013 - 12:20:57 - [0] ----D C:\ProgramData\?G?G
O43 - CFD: 19/02/2013 - 22:52:49 - [0] ----D C:\ProgramData\?g?g
O43 - CFD: 16/02/2013 - 19:01:59 - [0] ----D C:\ProgramData\?G?G
O43 - CFD: 02/05/2013 - 05:09:41 - [0] ----D C:\ProgramData\?h?h
O43 - CFD: 15/02/2013 - 07:55:33 - [0] ----D C:\ProgramData\?i?i
O43 - CFD: 06/05/2013 - 08:08:14 - [0] ----D C:\ProgramData\?I?I
O43 - CFD: 12/02/2013 - 19:43:20 - [0] ----D C:\ProgramData\?i?i
O43 - CFD: 19/02/2013 - 22:45:58 - [0] ----D C:\ProgramData\?I?I
O43 - CFD: 04/05/2013 - 03:11:11 - [0] ----D C:\ProgramData\?i?i
O43 - CFD: 14/02/2013 - 08:30:18 - [0] ----D C:\ProgramData\????
O43 - CFD: 05/05/2013 - 18:21:51 - [0] ----D C:\ProgramData\?j?j
O43 - CFD: 12/04/2013 - 08:07:33 - [0] ----D C:\ProgramData\????
O43 - CFD: 18/04/2013 - 07:50:48 - [0] ----D C:\ProgramData\?L?L
O43 - CFD: 11/04/2013 - 17:12:24 - [0] ----D C:\ProgramData\?L?L
O43 - CFD: 03/05/2013 - 22:18:27 - [0] ----D C:\ProgramData\?l?l
O43 - CFD: 02/05/2013 - 09:57:05 - [0] ----D C:\ProgramData\????
O43 - CFD: 20/04/2013 - 15:02:22 - [0] ----D C:\ProgramData\?l?l
O43 - CFD: 17/02/2013 - 15:52:25 - [0] ----D C:\ProgramData\?N?N
O43 - CFD: 17/04/2013 - 18:27:13 - [0] ----D C:\ProgramData\?n?n
O43 - CFD: 09/05/2013 - 09:56:27 - [0] ----D C:\ProgramData\????
O43 - CFD: 15/02/2013 - 19:03:27 - [0] ----D C:\ProgramData\?o?o
O43 - CFD: 16/04/2013 - 19:03:27 - [0] ----D C:\ProgramData\?o?o
O43 - CFD: 13/02/2013 - 07:22:45 - [0] ----D C:\ProgramData\?O?O
O43 - CFD: 13/04/2013 - 23:40:46 - [0] ----D C:\ProgramData\?œ?œ
O43 - CFD: 17/04/2013 - 15:57:28 - [0] ----D C:\ProgramData\?r?r
O43 - CFD: 18/02/2013 - 15:39:28 - [0] ----D C:\ProgramData\?R?R
O43 - CFD: 07/05/2013 - 02:22:24 - [0] ----D C:\ProgramData\?R?R
O43 - CFD: 21/04/2013 - 08:17:27 - [0] ----D C:\ProgramData\?S?S
O43 - CFD: 07/05/2013 - 07:13:20 - [0] ----D C:\ProgramData\?S?S
O43 - CFD: 18/02/2013 - 18:18:16 - [0] ----D C:\ProgramData\?Š?Š
O43 - CFD: 07/05/2013 - 12:21:05 - [0] ----D C:\ProgramData\?U?U
O43 - CFD: 25/04/2013 - 06:59:07 - [0] ----D C:\ProgramData\?w?w
O43 - CFD: 18/04/2013 - 21:02:16 - [0] ----D C:\ProgramData\?y?y
O43 - CFD: 19/02/2013 - 07:57:16 - [0] ----D C:\ProgramData\?ÿ?ÿ
O43 - CFD: 18/06/2013 - 01:39:54 - [0] ----D C:\ProgramData\? ?
O43 - CFD: 17/05/2013 - 06:39:25 - [0] ----D C:\ProgramData\?#?#
O43 - CFD: 12/06/2013 - 15:31:10 - [0] ----D C:\ProgramData\?&?&
O43 - CFD: 09/06/2013 - 00:11:37 - [0] ----D C:\ProgramData\?'?'
O43 - CFD: 11/08/2013 - 18:42:51 - [0] ----D C:\ProgramData\?)?)
O43 - CFD: 16/05/2013 - 16:04:02 - [0] ----D C:\ProgramData\?+?+
O43 - CFD: 12/05/2013 - 12:25:17 - [0] ----D C:\ProgramData\?,?,
O43 - CFD: 03/06/2013 - 07:49:02 - [0] ----D C:\ProgramData\?0?0
O43 - CFD: 09/07/2013 - 15:13:50 - [0] ----D C:\ProgramData\?2?2
O43 - CFD: 17/05/2013 - 16:03:16 - [0] ----D C:\ProgramData\?3?3
O43 - CFD: 22/05/2013 - 15:00:09 - [0] ----D C:\ProgramData\?5?5
O43 - CFD: 18/07/2013 - 22:53:06 - [0] ----D C:\ProgramData\?=?=
O43 - CFD: 29/05/2013 - 15:05:33 - [0] ----D C:\ProgramData\?B?B
O43 - CFD: 03/08/2013 - 15:34:57 - [0] ----D C:\ProgramData\?D?D
O43 - CFD: 12/08/2013 - 16:13:57 - [0] ----D C:\ProgramData\?E?E
O43 - CFD: 26/08/2013 - 23:06:08 - [0] ----D C:\ProgramData\?I?I
O43 - CFD: 10/08/2013 - 16:57:51 - [0] ----D C:\ProgramData\?s?s
O43 - CFD: 28/07/2013 - 07:15:20 - [0] ----D C:\ProgramData\?w?w
O43 - CFD: 26/07/2013 - 20:39:10 - [0] ----D C:\ProgramData\?y?y
O43 - CFD: 29/05/2013 - 17:40:41 - [0] ----D C:\ProgramData\?{?{
O43 - CFD: 03/06/2013 - 13:41:03 - [0] ----D C:\ProgramData\??
O43 - CFD: 07/07/2013 - 17:49:51 - [0] ----D C:\ProgramData\????
O43 - CFD: 21/05/2013 - 12:21:47 - [0] ----D C:\ProgramData\????
O43 - CFD: 01/06/2013 - 13:22:49 - [0] ----D C:\ProgramData\????
O43 - CFD: 01/08/2013 - 08:57:13 - [0] ----D C:\ProgramData\??
O43 - CFD: 02/06/2013 - 22:58:46 - [0] ----D C:\ProgramData\????
O43 - CFD: 19/06/2013 - 17:35:32 - [0] ----D C:\ProgramData\??
O43 - CFD: 10/07/2013 - 12:27:26 - [0] ----D C:\ProgramData\?¬?¬
O43 - CFD: 28/05/2013 - 06:57:19 - [0] ----D C:\ProgramData\?¯?¯
O43 - CFD: 13/06/2013 - 13:51:57 - [0] ----D C:\ProgramData\?·?·
O43 - CFD: 26/05/2013 - 14:33:50 - [0] ----D C:\ProgramData\?¹?¹
O43 - CFD: 08/07/2013 - 12:09:27 - [0] ----D C:\ProgramData\?Á?Á
O43 - CFD: 17/05/2013 - 18:55:50 - [0] ----D C:\ProgramData\?Â?Â
O43 - CFD: 28/05/2013 - 07:53:54 - [0] ----D C:\ProgramData\?Ã?Ã
O43 - CFD: 17/05/2013 - 14:09:58 - [0] ----D C:\ProgramData\?ä?ä
O43 - CFD: 21/05/2013 - 09:07:35 - [0] ----D C:\ProgramData\?æ?æ
O43 - CFD: 15/05/2013 - 01:57:01 - [0] ----D C:\ProgramData\?é?é
O43 - CFD: 31/07/2013 - 19:43:32 - [0] ----D C:\ProgramData\?Ë?Ë
O43 - CFD: 24/06/2013 - 09:40:19 - [0] ----D C:\ProgramData\?ì?ì
O43 - CFD: 20/05/2013 - 15:12:03 - [0] ----D C:\ProgramData\?Î?Î
O43 - CFD: 25/05/2013 - 13:05:40 - [0] ----D C:\ProgramData\?ñ?ñ
O43 - CFD: 28/05/2013 - 11:35:10 - [0] ----D C:\ProgramData\?ò?ò
O43 - CFD: 31/07/2013 - 19:59:05 - [0] ----D C:\ProgramData\?õ?õ
O43 - CFD: 22/05/2013 - 07:06:00 - [0] ----D C:\ProgramData\?Ú?Ú
O43 - CFD: 12/08/2013 - 13:30:46 - [0] ----D C:\ProgramData\?þ?þ
O43 - CFD: 08/06/2013 - 17:54:49 - [0] ----D C:\ProgramData\?a?a
O43 - CFD: 27/07/2013 - 20:46:05 - [0] ----D C:\ProgramData\?c?c
O43 - CFD: 21/05/2013 - 23:39:40 - [0] ----D C:\ProgramData\?d?d
O43 - CFD: 14/05/2013 - 09:36:03 - [0] ----D C:\ProgramData\?E?E
O43 - CFD: 19/05/2013 - 09:31:15 - [0] ----D C:\ProgramData\?E?E
O43 - CFD: 19/08/2013 - 16:15:35 - [0] ----D C:\ProgramData\?G?G
O43 - CFD: 14/05/2013 - 06:03:48 - [0] ----D C:\ProgramData\?h?h
O43 - CFD: 05/06/2013 - 19:39:51 - [0] ----D C:\ProgramData\?i?i
O43 - CFD: 12/06/2013 - 07:48:33 - [0] ----D C:\ProgramData\?i?i
O43 - CFD: 19/08/2013 - 07:30:28 - [0] ----D C:\ProgramData\?I?I
O43 - CFD: 15/05/2013 - 17:23:43 - [0] ----D C:\ProgramData\?I?I
O43 - CFD: 13/08/2013 - 08:18:40 - [0] ----D C:\ProgramData\?i?i
O43 - CFD: 04/06/2013 - 15:02:08 - [0] ----D C:\ProgramData\????
O43 - CFD: 20/08/2013 - 10:31:50 - [0] ----D C:\ProgramData\?J?J
O43 - CFD: 17/05/2013 - 10:45:58 - [0] ----D C:\ProgramData\?K?K
O43 - CFD: 18/05/2013 - 14:57:36 - [0] ----D C:\ProgramData\????
O43 - CFD: 26/05/2013 - 14:34:03 - [0] ----D C:\ProgramData\?l?l
O43 - CFD: 15/05/2013 - 07:03:11 - [0] ----D C:\ProgramData\?L?L
O43 - CFD: 27/05/2013 - 07:32:37 - [0] ----D C:\ProgramData\?l?l
O43 - CFD: 20/05/2013 - 09:06:03 - [0] ----D C:\ProgramData\????
O43 - CFD: 23/05/2013 - 05:29:59 - [0] ----D C:\ProgramData\?N?N
O43 - CFD: 18/05/2013 - 18:10:44 - [0] ----D C:\ProgramData\?N?N
O43 - CFD: 13/05/2013 - 11:50:49 - [0] ----D C:\ProgramData\?N?N
O43 - CFD: 26/05/2013 - 10:47:04 - [0] ----D C:\ProgramData\????
O43 - CFD: 24/05/2013 - 08:07:17 - [0] ----D C:\ProgramData\????
O43 - CFD: 17/05/2013 - 11:01:38 - [0] ----D C:\ProgramData\?o?o
O43 - CFD: 12/05/2013 - 10:35:05 - [0] ----D C:\ProgramData\?O?O
O43 - CFD: 18/05/2013 - 07:50:35 - [0] ----D C:\ProgramData\?O?O
O43 - CFD: 16/05/2013 - 17:13:05 - [0] ----D C:\ProgramData\?Œ?Œ
O43 - CFD: 19/05/2013 - 07:06:32 - [0] ----D C:\ProgramData\?r?r
O43 - CFD: 01/06/2013 - 09:45:10 - [0] ----D C:\ProgramData\?R?R
O43 - CFD: 15/05/2013 - 16:03:14 - [0] ----D C:\ProgramData\?R?R
O43 - CFD: 25/06/2013 - 14:15:47 - [0] ----D C:\ProgramData\?s?s
O43 - CFD: 13/05/2013 - 08:48:50 - [0] ----D C:\ProgramData\?S?S
O43 - CFD: 01/08/2013 - 19:40:04 - [0] ----D C:\ProgramData\?š?š
O43 - CFD: 30/05/2013 - 21:34:24 - [0] ----D C:\ProgramData\?T?T
O43 - CFD: 19/06/2013 - 09:08:20 - [0] ----D C:\ProgramData\?u?u
O43 - CFD: 21/08/2013 - 17:34:47 - [0] ----D C:\ProgramData\?U?U
O43 - CFD: 22/07/2013 - 08:10:52 - [0] ----D C:\ProgramData\?U?U
O43 - CFD: 18/05/2013 - 14:06:59 - [0] ----D C:\ProgramData\?U?U
O43 - CFD: 26/08/2013 - 23:40:51 - [0] ----D C:\ProgramData\?U?U
O43 - CFD: 26/08/2013 - 22:46:21 - [0] ----D C:\ProgramData\?U?U
O43 - CFD: 27/08/2013 - 01:39:29 - [0] ----D C:\ProgramData\?u?u
O43 - CFD: 25/08/2013 - 19:49:52 - [0] ----D C:\ProgramData\?a?a
O43 - CFD: 26/08/2013 - 17:31:36 - [0] ----D C:\ProgramData\????
O43 - CFD: 29/08/2013 - 21:27:31 - [0] ----D C:\ProgramData\?,?,
O43 - CFD: 28/08/2013 - 21:55:57 - [0] ----D C:\ProgramData\?-?-
O43 - CFD: 28/08/2013 - 19:06:19 - [0] ----D C:\ProgramData\?0?0
O43 - CFD: 28/08/2013 - 18:45:19 - [0] ----D C:\ProgramData\?7?7
O43 - CFD: 29/08/2013 - 21:14:49 - [0] ----D C:\ProgramData\?¤?¤
O43 - CFD: 29/08/2013 - 20:16:15 - [0] ----D C:\ProgramData\?ª?ª
O43 - CFD: 28/08/2013 - 10:38:46 - [0] ----D C:\ProgramData\?Ï?Ï
O43 - CFD: 28/08/2013 - 19:42:28 - [0] ----D C:\ProgramData\?c?c
O43 - CFD: 28/08/2013 - 09:30:58 - [0] ----D C:\ProgramData\?t?t
O43 - CFD: 30/08/2013 - 08:53:21 - [0] ----D C:\ProgramData\????
O43 - CFD: 28/08/2013 - 12:26:37 - [0] ----D C:\ProgramData\?z?z
O43 - CFD: 28/08/2013 - 13:25:45 - [0] ----D C:\ProgramData\?!?!
O43 - CFD: 29/08/2013 - 21:49:53 - [0] ----D C:\ProgramData\????
O43 - CFD: 08/09/2013 - 20:14:50 - [0] ----D C:\ProgramData\?U?U
O43 - CFD: 28/08/2013 - 11:21:54 - [0] ----D C:\ProgramData\????
O43 - CFD: 10/07/2013 - 08:05:47 - [0] ----D C:\ProgramData\?r?r
O43 - CFD: 11/08/2013 - 18:50:40 - [0] ----D C:\ProgramData\????
O43 - CFD: 24/05/2013 - 22:49:48 - [0] ----D C:\ProgramData\?c?c
O43 - CFD: 11/04/2013 - 07:57:09 - [0] ----D C:\ProgramData\????
O43 - CFD: 15/04/2013 - 09:15:06 - [0] ----D C:\ProgramData\?Æ?Æ
O43 - CFD: 02/05/2013 - 09:45:43 - [0,679] ----D C:\Users\manu\AppData\Roaming\BabSolution  =>Hijacker.BabSolution
O43 - CFD: 26/11/2012 - 23:50:00 - [0,043] ----D C:\Users\manu\AppData\Roaming\Babylon  =>Toolbar.Babylon
O43 - CFD: 08/09/2013 - 20:08:17 - [1,063] ----D C:\Users\manu\AppData\Roaming\Codec Pack Packages
O43 - CFD: 08/09/2013 - 20:08:17 - [1,063] ----D C:\Users\manu\AppData\Roaming\Codec Package Packages
O43 - CFD: 12/05/2013 - 12:19:16 - [0,090] ----D C:\Users\manu\AppData\Roaming\DealPly  =>PUP.DealPly
O43 - CFD: 05/05/2013 - 12:25:12 - [0,001] ----D C:\Users\manu\AppData\Roaming\fr.barrierepoker.air.D043989C8F5E91300BF71855036B28F854BB8613.1
O43 - CFD: 12/05/2013 - 11:21:22 - [5,866] ----D C:\Users\manu\AppData\Roaming\OpenCandy  =>Adware.OpenCandy
O43 - CFD: 04/08/2013 - 21:22:04 - [0] ----D C:\Users\manu\AppData\Roaming\wam
O43 - CFD: 20/06/2013 - 10:07:55 - [1,094] ----D C:\Users\manu\AppData\Roaming\wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1
O43 - CFD: 02/05/2013 - 09:45:43 - [0,001] ----D C:\Users\manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect  =>Hijacker.Eazel
~ Program Folder: 366 Legitimates Filtered in 00mn 20s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.72A3DADA66B81A60A862C5222B0768B9] - 08/09/2013 - 19:45:35 ---A- . (...) -- C:\Windows\ntbtlog.txt   [239704]
O44 - LFC:[MD5.11B0DBF7F38D2EB95482C107B132285F] - 08/09/2013 - 19:15:56 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0   [4128]
O44 - LFC:[MD5.11B0DBF7F38D2EB95482C107B132285F] - 08/09/2013 - 19:15:56 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0   [4128]
O44 - LFC:[MD5.ECD81B99477AB4A93D7838EB40B870D0] - 28/08/2013 - 17:27:06 ---A- . (...) -- C:\Windows\System32\icrav03.rat   [8798]
O44 - LFC:[MD5.6D21D0A95286DCD09E354B612F592EB7] - 28/08/2013 - 17:27:06 ---A- . (...) -- C:\Windows\System32\ticrf.rat   [1988]
O44 - LFC:[MD5.4B333D3CC96AE66BD754329FD2989EE2] - 28/08/2013 - 17:26:42 ---A- . (...) -- C:\Windows\System32\ieuinit.inf   [72822]
O44 - LFC:[MD5.16D06DC26B8BD160AD81EE271D9577D8] - 28/08/2013 - 14:24:31 ---A- . (...) -- C:\Windows\System32\onex.tmf   [392170]
O44 - LFC:[MD5.07400BC21119204892795F015052CDF4] - 28/08/2013 - 14:24:25 ---A- . (...) -- C:\Windows\System32\RacUR.xml   [9212]
O44 - LFC:[MD5.4C58B5E71FEEFD18BB7F537343C7219A] - 28/08/2013 - 14:24:24 ---A- . (...) -- C:\Windows\System32\RacUREx.xml   [153]
O44 - LFC:[MD5.AD4C3968CE1DB3A3A4632E1CDECA9555] - 28/08/2013 - 14:23:55 ---A- . (...) -- C:\Windows\System32\eaphost.tmf   [344698]
O44 - LFC:[MD5.358A03A7A47F0AD71E84306AC635A626] - 28/08/2013 - 14:23:50 ---A- . (.Pas de propriétaire - Programme d'authentification du périphériqu.) -- C:\Windows\System32\EhStorAuthn.dll   [117248]
O44 - LFC:[MD5.4DF0D81B2B19B87DBFF241619DCDDC31] - 28/08/2013 - 14:23:45 ---A- . (...) -- C:\Windows\System32\dot3.tmf   [442788]
O44 - LFC:[MD5.52CB0185C73E1BA86CC7F726F22523C3] - 28/08/2013 - 14:22:43 ---A- . (...) -- C:\Windows\System32\msjetoledb40.dll   [368640]
O44 - LFC:[MD5.A3EB38D309C5682BBA0E23732C5D4AF2] - 28/08/2013 - 14:21:58 ---A- . (...) -- C:\Windows\System32\WFP.TMF   [208966]
O44 - LFC:[MD5.E9E66706083BFE4B0070EE0A5E8D42DB] - 28/08/2013 - 14:21:26 ---A- . (...) -- C:\Windows\System32\StructuredQuerySchema.bin   [107612]
O44 - LFC:[MD5.BCDBB5CEA1E8AEA0FA353691EB003728] - 28/08/2013 - 14:21:15 ---A- . (...) -- C:\Windows\System32\slmgr.vbs   [92918]
O44 - LFC:[MD5.6F7C27002EA0F9496070A1150C977DEC] - 28/08/2013 - 14:21:13 ---A- . (...) -- C:\Windows\System32\spcinstrumentation.man   [9239]
O44 - LFC:[MD5.75DFEB04C0C978810720283C1B5CD7B1] - 28/08/2013 - 14:20:58 ---A- . (...) -- C:\Windows\System32\systemsf.ebd   [130008]
O44 - LFC:[MD5.D07E5384D2B4E71F7D49C9F334D69284] - 28/08/2013 - 11:09:06 ---A- . (...) -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin   [18904]
O44 - LFC:[MD5.C1B7AB03AC2F3C990A40BC2E18E02CF1] - 28/08/2013 - 11:08:57 ---A- . (...) -- C:\Windows\System32\korwbrkr.lex   [11967524]
O44 - LFC:[MD5.B2EDF82825D979928AE07CBE9C7A2160] - 28/08/2013 - 02:07:25 ---A- . (...) -- C:\Windows\System32\WsmTxt.xsl   [2426]
O44 - LFC:[MD5.F6D48AE1F578493D2E19DD644B153976] - 28/08/2013 - 02:07:25 ---A- . (...) -- C:\Windows\System32\winrm.vbs   [201184]
O44 - LFC:[MD5.3C436603213561E2E7DD3D4459DBB7D4] - 28/08/2013 - 02:07:24 ---A- . (...) -- C:\Windows\System32\wsmanconfig_schema.xml   [4675]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 25/08/2013 - 18:44:00 R-HA- . (...) -- C:\Windows\WindowsShell.Manifest   [749]
O44 - LFC:[MD5.699C6EC9BE2FCE4513201C1C1FC24050] - 25/08/2013 - 17:42:01 ---A- . (...) -- C:\Windows\SPInstall.etl   [131072]
O44 - LFC:[MD5.97AED7FC6C2B38F34CA1A3C10D2F5A60] - 25/08/2013 - 16:49:01 ---A- . (...) -- C:\Windows\System32\fsmgmt.msc   [144909]
O44 - LFC:[MD5.4599D028A0CA8B54555CF72345940B45] - 25/08/2013 - 16:48:57 ---A- . (...) -- C:\Windows\System32\gatherWiredInfo.vbs   [12198]
O44 - LFC:[MD5.47F22CAD4A16BB40153555D631546B94] - 25/08/2013 - 16:47:54 ---A- . (...) -- C:\Windows\System32\tcpmon.ini   [60124]
O44 - LFC:[MD5.338DB2D1C1FFFB05EB7F0F5F15112B5E] - 25/08/2013 - 15:51:37 ---A- . (...) -- C:\Windows\ocsetup_install_NetFx3.etl   [24576]
~ Files: 1487 Legitimates Filtered in 00mn 50s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{40067938-83eb-11db-b438-806e6f6e6963}\AutoRun\command. (...) -- E:\setup.exe (.not file.)
~ Keys:  Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.548CCBD8B48FDF7E2435AD6017920A7F] - 08/10/2012 - 19:53:56 ---A- . (.Wondershare - Wondershare Virtual Audio Device.) -- C:\Windows\System32\Drivers\Apowersoft_AudioDevice.sys   [26080]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS   [9029]
~ Drivers: 18 Legitimates Filtered in 00mn 00s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS:  Scanned in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - http://www.google.com
~ Keys:  Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.8C3D8DB3E846ABB0114BAB820A643FA0] [SPRF][26/05/2013] (...) -- C:\ProgramData\1369580949.bdinstall.bin   [98265]
[MD5.5D146CDD4376B57076F09C6FDE7E8F83] [SPRF][26/05/2013] (...) -- C:\ProgramData\1369582176.bdinstall.bin   [55796]
[MD5.DB744E946A8BCCF57A0FF8CD35BCD17A] [SPRF][08/09/2013] (...) -- C:\Users\manu\AppData\Local\d3d9caps.dat   [1356]
[MD5.0DAB3D8A519DD8DF791AB73F28B98440] [SPRF][10/02/2013] (...) -- C:\Users\manu\AppData\Roaming\BabMaint.exe   [119888]  =>Hijacker.BabSolution
[MD5.882FC90F027163E22331731A0EDDC51D] [SPRF][18/10/2012] (...) -- C:\Users\manu\Desktop\FFSetup300.exe   [53462995]
~ Files: 5 Legitimates Filtered in 00mn 01s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{6634610F-2D3E-4E06-92B1-F41D3C021991}E:\fscommand\updater.exe" |In - Private - P6 - TRUE | .(...) -- E:\fscommand\updater.exe (.not file.)
O87 - FAEL: "UDP Query User{AF232432-0D42-4DBE-97D4-7982D92DA797}E:\fscommand\updater.exe" |In - Private - P17 - TRUE | .(...) -- E:\fscommand\updater.exe (.not file.)
O87 - FAEL: "TCP Query User{CC38D9D4-6FA0-4AAF-895F-071151003DF4}C:\users\manu\documents\memup\livesuitpack_v1.07\livesuit.exe" |In - Private - P6 - TRUE | .(...) -- C:\users\manu\documents\memup\livesuitpack_v1.07\livesuit.exe (.not file.)
O87 - FAEL: "UDP Query User{DA2C646B-0FC6-4505-A4D5-E6B2F0FFE641}C:\users\manu\documents\memup\livesuitpack_v1.07\livesuit.exe" |In - Private - P17 - TRUE | .(...) -- C:\users\manu\documents\memup\livesuitpack_v1.07\livesuit.exe (.not file.)
O87 - FAEL: "{E4CBF5BD-8055-4976-8E2B-44DAD854ECFC}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\PANDORA.TV\PanService\PanProcess.exe (.not file.)
O87 - FAEL: "{12E92ADA-CE28-4BDA-A5C5-41D2D1A619B9}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\PANDORA.TV\PanService\PanProcess.exe (.not file.)
~ Firewall: 156 Legitimates Filtered in 00mn 00s



---\\ Export de clés de registre aléatoires (O91)
[HKCU\Software\5f55d7d1b56ee513\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKCU\Software\5f55d7d1b56ee513\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:version="2.6.1095.52"
[HKCU\Software\5f55d7d1b56ee513] =>Toolbar.Babylon^
[HKCU\Software\5f55d7d1b56ee513]:version="2.6.1095.52"
[HKLM\Software\5f55d7d1b56ee513]:version="2.6.1095.52"
~ Export Key Software:  Scanned in 00mn 00s



---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 11/05/2013 65640 |  (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 28/08/2013 257416 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 16/01/2013 2550224 |  (BrowserProtect) . (...) - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe  =>Hijacker.Eazel
SS - | Auto 09/12/2012 116648 |  (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 09/12/2012 116648 |  (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 14/08/2013 117656 |  (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 18/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Auto 18/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services:  Scanned in 00mn 05s



---\\ Scan Additionnel (O88)
Database Version : v2.12894 - (07/09/2013)
Clés trouvées (Keys found) : 20
Valeurs trouvées (Values found) : 1
Dossiers trouvés  (Folders found) : 16
Fichiers trouvés  (Files found) : 12

[HKLM\SYSTEM\CurrentControlSet\Services\BrowserProtect]   =>Hijacker.Eazel^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}]   =>Hijacker.Eazel^
[HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}]   =>Toolbar.AVGSearch
[HKLM\Software\Classes\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}]   =>Adware.Yontoo
[HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}]   =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}]   =>PUP.ToparcadeHits
[HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}]   =>Adware.CDNHelper
[HKLM\Software\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]   =>Toolbar.AVGSearch
[HKCU\Software\APN PIP]   =>Toolbar.Ask
[HKCU\Software\BabylonToolbar]   =>Toolbar.Babylon
[HKCU\Software\DataMngr]   =>Adware.Bandoo
[HKLM\Software\DataMngr]   =>Adware.Bandoo
[HKCU\Software\PIP]   =>Toolbar.Ask
[HKLM\Software\PIP]   =>Toolbar.Ask
[HKCU\Software\Softonic]   =>Toolbar.Conduit
[HKLM\Software\Tarma Installer]   =>Toolbar.Tarma
[HKLM\Software\Classes\Prod.cap]   =>Toolbar.Babylon
[HKCU\Software\InstallCore]   =>Adware.InstallCore
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings]   =>PUP.BProtector
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC]   =>Adware.Boxore^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:Bubble Dock   =>Toolbar.BubbleDock^
C:\Program Files\Iminent   =>Adware.IMBooster^
C:\ProgramData\Babylon   =>Toolbar.Babylon^
C:\ProgramData\BrowserProtect   =>Hijacker.Eazel^
C:\ProgramData\Tarma Installer   =>Toolbar.Tarma^
C:\Users\manu\AppData\Roaming\BabSolution   =>Hijacker.BabSolution^
C:\Users\manu\AppData\Roaming\Babylon   =>Toolbar.Babylon^
C:\Users\manu\AppData\Roaming\DealPly   =>PUP.DealPly^
C:\Users\manu\AppData\Roaming\OpenCandy   =>Adware.OpenCandy^
C:\Users\manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect   =>Hijacker.Eazel^
C:\Program Files\Software   =>Adware.Boxore
C:\Program Files\Gophoto.it   =>Spyware.GophotoIt
C:\ProgramData\InstallMate   =>Toolbar.Tarma
C:\ProgramData\Software   =>Adware.Boxore
C:\Users\manu\AppData\Local\Software   =>Adware.Boxore
C:\Users\manu\AppData\LocalLow\Conduit   =>Toolbar.Conduit
C:\Users\manu\AppData\LocalLow\searchquband   =>Adware.Bandoo
C:\Users\manu\AppData\Roaming\Mozilla\Firefox\Profiles\bf7ty38l.default-1377691728710\bprotector_extensions.sqlite   =>PUP.BProtector
C:\Users\manu\AppData\Roaming\Mozilla\Firefox\Profiles\7pckoe70.default\searchplugins\babylon.xml   =>Toolbar.Babylon^
C:\Program Files\Mozilla FireFox\searchplugins\babylon.xml   =>Toolbar.Babylon^
C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll   =>Hijacker.Eazel^
C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe   =>Hijacker.Eazel^
[HKCU\Software\Conduit]   =>Toolbar.Conduit^
[HKCU\Software\DataMngr_Toolbar]   =>PUP.Datamngr^
[HKLM\Software\Babylon]   =>Toolbar.Babylon^
[HKLM\Software\Conduit]   =>Toolbar.Conduit^
C:\Users\manu\AppData\Roaming\BabMaint.exe   =>Hijacker.BabSolution^
[HKCU\Software\5f55d7d1b56ee513]   =>Toolbar.Babylon^^
C:\Program Files\Internet Explorer\cr_addon.crx   =>Toolbar.Babylon
~ Additionnel Scan: 152241 Items scanned in 00mn 32s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon  =>Toolbar.Babylon
~ http://nicolascoolman.webs.com/apps/blog/show/31746142-toolbar-bubbledock   =>Toolbar.BubbleDock
~ http://nicolascoolman.webs.com/apps/blog/show/27161672-hijacker-eazel   =>Hijacker.Eazel
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit   =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/27583992-pup-datamngr   =>PUP.Datamngr
~ http://nicolascoolman.webs.com/apps/blog/show/29790567-adware-installcore   =>Adware.InstallCore
~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma   =>Toolbar.Tarma
~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster  =>Adware.IMBooster
~ http://nicolascoolman.webs.com/apps/blog/show/26678994-hijacker-babsolution   =>Hijacker.BabSolution
~ http://nicolascoolman.webs.com/apps/blog/show/28060597-pup-dealply   =>PUP.DealPly
~ http://nicolascoolman.webs.com/apps/blog/show/26770694-adware-opencandy   =>Adware.OpenCandy
~ http://nicolascoolman.webs.com/apps/blog/show/26811836-adware-yontoo   =>Adware.Yontoo
~ http://nicolascoolman.webs.com/apps/blog/show/30234464-pup-toparcadehits   =>PUP.ToparcadeHits
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask   =>Toolbar.Ask
~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo  =>Adware.Bandoo
~ http://nicolascoolman.webs.com/apps/blog/show/28133096-pup-bprotector   =>PUP.BProtector
~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore  =>Adware.Boxore
~ http://nicolascoolman.webs.com/apps/blog/show/27793524-spyware-gophotoit   =>Spyware.GophotoIt
~ MSI: 18 link(s) detected in 00mn 32s



~ 2564 Legitimates filtered by white list
End of the scan (686 lines in 02mn 23s)(0)