~ Rapport de ZHPDiag v2014.1.10.8 - Nicolas Coolman  (10/01/2014)
~ Lancé par Christelle (11/01/2014 13:49:17)
~ Adresse du Site Web  http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version : 
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16476
GCIE: Google Chrome v31.0.1650.63 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 8.1 Pro with Media Center, 64-bit  (Build 9600)
Windows Server License Manager Script : OK
~ ion : Windows(R) Operating System, VOLUME_KMSCLIENT channel
Windows ID Activation : OK
~ Windows Partial Key : J8D3P
Windows License : OK
~ Windows Remaining Initializations Number : 999
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
avast! Free Antivirus v9.0.2011
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W8

---\\ Logiciels d'optimisation du système
CCleaner v4.07 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Reader XI
Java 7 Update 45

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4063 MB (66% free)
System Restore: Activé (Enable)
System drive C: has 168 GB (83%) free of 200 GB

---\\ Mode de connexion au système
~ Computer Name: PC_CHRIS
~ User Name: Christelle
~ All Users Names: Mcx1-PC_CHRIS, HomeGroupUser$, Christophe, Christelle, Administrateur, 
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : E:\Users\Christelle\AppData\Roaming\ZHP\
~ %AppData% : E:\Users\Christelle\AppData\Roaming\
~ %Desktop% : E:\Users\Christelle\Desktop\
~ %Favorites% : E:\Users\Christelle\Favorites\
~ %LocalAppData% : E:\Users\Christelle\AppData\Local\
~ %StartMenu% : E:\Users\Christelle\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 168 Go of 200 Go)
D: Hard drive, Flash drive, Thumb drive (Free 657 Go of 932 Go)
E: Hard drive, Flash drive, Thumb drive (Free 144 Go of 731 Go)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
K: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.63DC38C3E4564B2405D562855643ABA2] - (.Microsoft Corporation - Explorateur Windows.) (.14/11/2013 - 08:37:35.) -- C:\Windows\Explorer.exe [2328872]
[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Application de démarrage de Windows.) (.22/08/2013 - 10:58:29.) -- C:\Windows\System32\Wininit.exe [144384]
[MD5.9B6678DB9C6A232C5A84D2FDFFF8B0E1] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.26/12/2013 - 19:33:39.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.7C94FDA3809015B8F2208D2E1C221F17] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.22/08/2013 - 10:55:08.) -- C:\Windows\System32\Winlogon.exe [564736]
[MD5.2F18065618E39AA2E656EE737B71E791] - (.Microsoft Corporation - Bibliothèque de licences.) (.22/08/2013 - 11:39:40.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.239268BAB58EAE9A3FF4E08334C00451] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\AFD.sys [567296]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 13:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 12:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 09:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.5DB26D7E0216D0BF364A81D3829AD7B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.22/08/2013 - 12:38:00.) -- C:\Windows\system32\Drivers\DfsC.sys [134656]
[MD5.03909BDBFF0DCACCABF2B2D4ADEE44DC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.22/08/2013 - 12:38:38.) -- C:\Windows\system32\Drivers\HDAudBus.sys [78336]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Pilote de port i8042.) (.22/08/2013 - 12:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.E23D32BAF152FBE35F18C6A2AB8EF271] - (.Microsoft Corporation - IP Network Address Translator.) (.14/11/2013 - 08:30:57.) -- C:\Windows\system32\Drivers\IpNat.sys [141824]
[MD5.6129EDB793A4255B1E2FB41773AC9D9A] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.14/11/2013 - 08:30:55.) -- C:\Windows\system32\Drivers\MRxSmb.sys [404992]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 12:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.4412D565C0278C401575E11072C7DCE3] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.22/08/2013 - 14:25:41.) -- C:\Windows\system32\Drivers\ntfs.sys [2011488]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Pilote de port parallèle.) (.22/08/2013 - 12:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 12:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.14/11/2013 - 08:15:31.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.9F9CE33B50611A1C61A46B8911E0B30B] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.22/08/2013 - 13:39:15.) -- C:\Windows\system32\Drivers\volsnap.sys [312160]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/2045
~ Mes musiques (My Musics) : 1/4
~ Mes Videos (My Videos) : 2/6
~ Mes Favoris (My Favorites) : 1/1258
~ Mes Documents (My Documents) : 1/49966
~ Mon Bureau (My Desktop) : 2/130219
~ Menu demarrer (Programs) : 1/66
~ Hidden Files:  Scanned in 00mn 02s



---\\ Processus lancés
[MD5.AB3E01FCB728D10C3FB34294FF0A28FD] - (...) -- C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe   [1406776] [PID.1916]
[MD5.8C9231025FAF86B78906B6C847531FFB] - (.ASUSTeK Computer Inc. - ASUS Routine Controller.) -- C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe   [2935424] [PID.1972]
[MD5.127CD00925C1A2B759765C5B9600DE30] - (.Yahoo! Inc. - Yahoo! Messenger.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe   [6595928] [PID.4624]
[MD5.F0CD0135AA26F5FE550524B03BF03AA2] - (.Conceptworld Corporation - Quick Notes Plus v5.0.) -- C:\Program Files (x86)\Conceptworld\QNPlus\QNPlus.exe   [692224] [PID.4668]
[MD5.2D75851551D18878FADC21E166DEA3FA] - (.ASUSTek Computer Inc. - AiChargerAP MFC Application.) -- C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe   [547984] [PID.2332]
[MD5.AFEBF9E0B223FF04709F747C172D3540] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe   [3764024] [PID.3864]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe   [254336] [PID.4352]
[MD5.3F188126510FA73A469F42DE42252937] - (.ASUSTeK Computer Inc. - AI Suite II.) -- C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe   [1504640] [PID.5220]
[MD5.1886DA4ADB90A186E52674FC3A8AFE98] - (.ASUSTeK Computer Inc. - AlertHelper.) -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe   [1112704] [PID.5340]
[MD5.29A4611EE6F24AF1EB4014088A1911C6] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe   [8323072] [PID.5704]
[MD5.376A9B411BF8B77D5BF84B24D0C7DACD] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe   [863184] [PID.1648]
~ Processes Running:  Scanned in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
~ IE Browser: 10 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: avast! Online Security - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
~ Toolbar:  Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Program [Public]: Desktop.lnk - Clé orpheline
O4 - GS\TaskBar [Christophe]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe 
O4 - GS\Program [Christophe]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe 
O4 - GS\QuickLaunch [Christelle]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe 
O4 - GS\QuickLaunch [Christelle]: Yahoo! Messenger.lnk . (.Yahoo! Inc. - Yahoo! Messenger.)  -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe 
O4 - GS\TaskBar [Christelle]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe 
O4 - GS\Program [Christelle]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe 
O4 - GS\Desktop [Christelle]: FMS.lnk . (...)  -- C:\Program Files (x86)\FMS\FMS.exe
~ Global Startup: 36 Legitimates Filtered in 00mn 00s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - HKLM\..\Run: [Windows Mobile-based device management] . (.Microsoft Corporation - Gestionnaire pour appareils Windows Mobile.) -- C:\Windows\WindowsMobile\wmdcBase.exe 
O4 - HKLM\..\Run: [Windows Mobile Device Center] . (.Microsoft Corporation - Gestionnaire pour appareils Windows Mobile.) -- C:\Windows\WindowsMobile\wmdc.exe 
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe  =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [RtHDVBg_DTS] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe 
O4 - HKCU\..\Run: [Messenger (Yahoo!)] . (.Yahoo! Inc. - Yahoo! Messenger.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe 
O4 - HKCU\..\Run: [QNPlus] . (.Conceptworld Corporation - Quick Notes Plus v5.0.) -- C:\Program Files (x86)\Conceptworld\QNPlus\QNPlus.exe 
O4 - HKCU\..\Run: [EPSON SX425W (Epson Stylus SX425W)] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIGCE.exe  =>.Epson Seiko Corporation
O4 - HKCU\..\Run: [OfficeSyncProcess] . (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.exe 
O4 - HKLM\..\Wow6432Node\Run: [ASUS Ai Charger] . (.ASUSTek Computer Inc. - AiChargerAP MFC Application.) -- C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe 
O4 - HKLM\..\Wow6432Node\Run: [JMB36X IDE Setup] . (...) -- C:\Windows\RaidTool\xInsIDE.exe 
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe  =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe 
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe  =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe  =>.Oracle Corporation
O4 - HKUS\S-1-5-21-4093687878-2768148881-3400071801-1053\..\Run: [Messenger (Yahoo!)] . (.Yahoo! Inc. - Yahoo! Messenger.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe 
O4 - HKUS\S-1-5-21-4093687878-2768148881-3400071801-1053\..\Run: [QNPlus] . (.Conceptworld Corporation - Quick Notes Plus v5.0.) -- C:\Program Files (x86)\Conceptworld\QNPlus\QNPlus.exe 
O4 - HKUS\S-1-5-21-4093687878-2768148881-3400071801-1053\..\Run: [EPSON SX425W (Epson Stylus SX425W)] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIGCE.exe  =>.Epson Seiko Corporation
O4 - HKUS\S-1-5-21-4093687878-2768148881-3400071801-1053\..\Run: [OfficeSyncProcess] . (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.exe 
~ Application:  Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBttnIE.dll  =>.Microsoft Corporation
O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBTTN~1.dll  =>.Microsoft Corporation
~ IE Extra Buttons:  Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D87A5C4-4399-43E7-9CC6-12A36ECFBDA7}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{6D87A5C4-4399-43E7-9CC6-12A36ECFBDA7}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain:  Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll  =>.Microsoft Corporation
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: DTSAudioService (DTSAudioService) . (.DTS - DTS Audio Service.) - C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe

~ Services: 15 Legitimates Filtered in 00mn 11s



---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [Ad-Aware Update (Daily 1)] (...) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [Ad-Aware Update (Daily 2)] (...) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [Ad-Aware Update (Daily 3)] (...) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [Ad-Aware Update (Daily 4)] (...) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe (.not file.)   [0]
[MD5.D4F602B1F775B5827932D3C5B04A3FD2] [APT] [AutoKMS] (...) -- C:\Windows\AutoKMS\AutoKMS.exe   [3372032]  =>Trojan.Keygen

[MD5.AB3E01FCB728D10C3FB34294FF0A28FD] [APT] [Easy Update] (...) -- C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe   [1406776]
~ Scheduled Task: 36 Legitimates Filtered in 00mn 02s



---\\ Logiciels installés (O42)
O42 - Logiciel: Cortona3D Viewer - (.ParallelGraphics.) [HKLM][64Bits] -- {C06CE867-0019-4BDD-88C3-CD96F79FCDC7}

~ Logic: 25 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\49082InstEnd]
[HKCU\Software\Conceptworld]
[HKLM\Software\Wow6432Node\supTab]
[HKLM\Software\mamverifier]
~ Key Software: 215 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 09/04/2013 - 23:57:29 - [3,281] ----D C:\Program Files (x86)\Conceptworld
O43 - CFD: 09/01/2014 - 17:27:30 - [0,489] ----D C:\Program Files (x86)\SupTab
O43 - CFD: 09/01/2014 - 17:28:39 - [0] ----D E:\ProgramData\IePluginService
O43 - CFD: 10/01/2014 - 21:18:27 - [0,003] ----D E:\Users\Christelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
~ Program Folder: 112 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.86154F3A156FA2A5429C2940C69F426F] - 09/01/2014 - 17:23:24 ---A- . (.microOLAP Technologies LTD - PSSDK Driver Protocol v4.1 64bit.) -- C:\Windows\System32\Drivers\pssdk41.sys   [51776]
O44 - LFC:[MD5.4ECC791539F23982411864037D1AC8FC] - 11/01/2014 - 12:38:22 ---A- . (.Windows (R) Win 7 DDK provider - BulkUsb Driver.) -- C:\Windows\System32\Drivers\AthDfu.sys.bak   [55336]
O44 - LFC:[MD5.C1ABB0F7E3BEA48A0417BDF6FF14AB21] - 11/01/2014 - 12:38:24 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2  Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys.bak   [17624]
O44 - LFC:[MD5.86154F3A156FA2A5429C2940C69F426F] - 11/01/2014 - 12:38:42 ---A- . (.microOLAP Technologies LTD - PSSDK Driver Protocol v4.1 64bit.) -- C:\Windows\System32\Drivers\pssdk41.sys.bak   [51776]
O44 - LFC:[MD5.366DEA74BBA65B362BCCFC6FC2ADFD8B] - 11/01/2014 - 12:38:48 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Wind.) -- C:\Windows\System32\Drivers\stexstor.sys.bak   [31072]
O44 - LFC:[MD5.57EEE167FE391B848B7E65D024AD331D] - 27/12/2013 - 14:28:44 ---A- . (...) -- C:\Windows\PE_Rom.dll   [877248]
O44 - LFC:[MD5.BAB384027ACEA447F36B9D3ABE2E7F90] - 27/12/2013 - 23:12:01 ---A- . (...) -- C:\Windows\System32\lvcoinst.log   [3539]
O44 - LFC:[MD5.F2CF417EF502555B139EDCD9FEBF9CD3] - 29/12/2013 - 22:21:09 ---A- . (...) -- C:\Windows\System32\AcpiServiceVnA64.dll   [109848]
O44 - LFC:[MD5.2D0895BED270D1A8CADD981A5BFC0AE5] - 29/12/2013 - 22:21:09 ---A- . (...) -- C:\Windows\System32\audioLibVc.dll   [605496]
O44 - LFC:[MD5.C8C7EAD8098EA7468D651F3459657240] - 29/12/2013 - 22:21:12 ---A- . (...) -- C:\Windows\System32\Drivers\RTAIODAT.DAT   [681905]
O44 - LFC:[MD5.1EF2A77F3F4951CC25EEEA882376A769] - 29/12/2013 - 22:21:14 ---A- . (...) -- C:\Windows\System32\Drivers\rtvienna.dat   [5681192]
~ Files: 330 Legitimates Filtered in 00mn 22s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.B312602624152EA31B037173AF47E670] - 04/01/2014 - 23:37:31 ---A- - C:\Windows\Prefetch\PfPre_79fa7343.db
O45 - LFCP:[MD5.F284AA33383B3555915896A445CC86DB] - 06/01/2014 - 13:03:53 ---A- - C:\Windows\Prefetch\SOFTONICDOWNLOADER_POUR_LOGIT-B164A9D3.pf  =>Toolbar.Conduit
O45 - LFCP:[MD5.99E50C0F2233731C1F61565FBED64F1A] - 06/01/2014 - 13:37:40 ---A- - C:\Windows\Prefetch\QNPLUS.EXE-36153B1F.pf
O45 - LFCP:[MD5.4E5F6EB581DF4D18E31EC97A05218050] - 06/01/2014 - 21:19:10 ---A- - C:\Windows\Prefetch\CAMERA.EXE-3F66BD68.pf
O45 - LFCP:[MD5.D3D299453FFF00356295FCE63DC83AD6] - 07/01/2014 - 03:57:09 ---A- - C:\Windows\Prefetch\ECBL-CNCE.EXE-13BF457C.pf
O45 - LFCP:[MD5.B8A3B1DDE2A29290AA190938508435C4] - 07/01/2014 - 04:24:22 ---A- - C:\Windows\Prefetch\MSOUC.EXE-92D28AEC.pf
O45 - LFCP:[MD5.FF553D31C632814920D68027DF847822] - 09/01/2014 - 17:23:33 ---A- - C:\Windows\Prefetch\KAIENGINE.EXE-40DA8377.pf
O45 - LFCP:[MD5.7B6B83CD34C29684D9D9E73934654CF5] - 09/01/2014 - 20:42:15 ---A- - C:\Windows\Prefetch\UNINSTALL.BROWSERSAFEGUARD.EX-D99689ED.pf  =>PUP.BrowserSafeguard
O45 - LFCP:[MD5.F78D50711B2B08F7062E72EF639FC2BE] - 09/01/2014 - 20:44:03 ---A- - C:\Windows\Prefetch\FMS2ALPHA85.EXE-3630B043.pf
O45 - LFCP:[MD5.E03D697FAE0C139EB24EDAD941206686] - 09/01/2014 - 21:59:56 ---A- - C:\Windows\Prefetch\FMS.EXE-36409C45.pf
O45 - LFCP:[MD5.D30BEB2E1D25B0F6AC23BAFB6D3566AC] - 09/01/2014 - 23:19:40 ---A- - C:\Windows\Prefetch\TOOLBAR-REMOVER.EXE-944B277C.pf
O45 - LFCP:[MD5.DE2F82C825BF8DD4C3D1C3234D899D6E] - 10/01/2014 - 01:36:21 ---A- - C:\Windows\Prefetch\SOFTONICDOWNLOADER_POUR_SOFTO-AAB4A9BD.pf  =>Toolbar.Conduit
O45 - LFCP:[MD5.931E6080E67F3DD0E2730B025602CE23] - 10/01/2014 - 23:10:49 ---A- - C:\Windows\Prefetch\BITTORRENT.EXE-422FE7FF.pf  =>P2P.BitTorrent
O45 - LFCP:[MD5.8E728161BE1DDD9087EC36FA7FAC5D78] - 10/01/2014 - 23:16:06 ---A- - C:\Windows\Prefetch\AD-AWARE_PRO.EXE-33751E53.pf
O45 - LFCP:[MD5.5BD3E367CCC4B926CADE465CB47EFAB4] - 10/01/2014 - 23:16:26 ---A- - C:\Windows\Prefetch\AD-AWAREAE_TRIAL.EXE-7A09A94A.pf
O45 - LFCP:[MD5.9B6B751F108B95C1E98EC76C4BE153AC] - 10/01/2014 - 23:18:06 ---A- - C:\Windows\Prefetch\LAVALICENSE.EXE-03430826.pf
O45 - LFCP:[MD5.413B676DE4F47AC901D72E0EFAC05592] - 10/01/2014 - 23:18:25 ---A- - C:\Windows\Prefetch\LAVALICENSE.DLL CRACKED.EXE-818303D9.pf
O45 - LFCP:[MD5.F0341BFF17438669CC12F094D1944195] - 10/01/2014 - 23:18:45 ---A- - C:\Windows\Prefetch\LAVALICENSE.DLL CRACKED.EXE-79B6945A.pf
O45 - LFCP:[MD5.1D6D9BCFE668EF582B17026096B37D17] - 10/01/2014 - 23:58:13 ---A- - C:\Windows\Prefetch\THREATWORK.EXE-B9FC8D0E.pf
O45 - LFCP:[MD5.BAFEC3CE5F7E1F34E0E9F7F74C539079] - 11/01/2014 - 00:15:25 ---A- - C:\Windows\Prefetch\IEUNATT.EXE-94DA8E02.pf
O45 - LFCP:[MD5.0C6F929A7B98DFAF96BD3C4A1E2D44A5] - 11/01/2014 - 09:54:22 ---A- - C:\Windows\Prefetch\WMDC.EXE-2F7EF2B4.pf
O45 - LFCP:[MD5.6CC9D37F7D6C74B2D59D1DAD5834558C] - 11/01/2014 - 10:04:25 ---A- - C:\Windows\Prefetch\WMPDMC.EXE-D2D81BA0.pf
O45 - LFCP:[MD5.41A535B012E53AF9441953ADAFE655B7] - 11/01/2014 - 10:05:59 ---A- - C:\Windows\Prefetch\AD-AWAREADMIN.EXE-BD669D86.pf
O45 - LFCP:[MD5.350E3CC1AA582B031ACFF787382800E4] - 11/01/2014 - 10:06:03 ---A- - C:\Windows\Prefetch\AD-AWAREAE_TRIAL.EXE-126BC54C.pf
O45 - LFCP:[MD5.EE206A259AF618C951CB68389526C2FC] - 11/01/2014 - 11:27:02 ---A- - C:\Windows\Prefetch\dynreservedpri.db
O45 - LFCP:[MD5.F5D87078C23FAC493FC400550E571258] - 11/01/2014 - 11:49:58 ---A- - C:\Windows\Prefetch\SERVICE_KMS.EXE-4250D27B.pf
O45 - LFCP:[MD5.E3DBE120626D832FFE676ECBBE6722F0] - 11/01/2014 - 11:49:58 ---A- - C:\Windows\Prefetch\WMDCBASE.EXE-5A6FB763.pf
O45 - LFCP:[MD5.59B0F7B84D41BF59C50B6444DF844CA0] - 11/01/2014 - 13:01:52 ---A- - C:\Windows\Prefetch\PfPre_79f75bcf.db
O45 - LFCP:[MD5.5F88B7FD3EEA736C7A63510444136B09] - 11/01/2014 - 13:04:09 ---A- - C:\Windows\Prefetch\AAHMSVC.EXE-89CF9282.pf
O45 - LFCP:[MD5.770E047D930E0518CF52029CD8529C0E] - 11/01/2014 - 13:04:09 ---A- - C:\Windows\Prefetch\ASSYSCTRLSERVICE.EXE-EA65155C.pf
O45 - LFCP:[MD5.9B7430D57787662921BBCD911A199C96] - 11/01/2014 - 13:04:09 ---A- - C:\Windows\Prefetch\DTSAUDIOSERVICE64.EXE-1B94DF99.pf
O45 - LFCP:[MD5.3CF0322ED10FE519CBF2C640DF0FFE62] - 11/01/2014 - 13:04:16 ---A- - C:\Windows\Prefetch\XINSIDE.EXE-E3BB7FE0.pf
O45 - LFCP:[MD5.A2A31416CE542283886225A96CCEEE4B] - 11/01/2014 - 13:04:26 ---A- - C:\Windows\Prefetch\AICHARGERAP.EXE-6D8AEDCE.pf
O45 - LFCP:[MD5.4DC41AF5FECD367FCD07A36EEC79A7F9] - 11/01/2014 - 13:04:50 ---A- - C:\Windows\Prefetch\ATKEXCOMSVC.EXE-41FF8574.pf
O45 - LFCP:[MD5.2AD905C4D0AD7AFC29BD87773F7381E8] - 11/01/2014 - 13:06:27 ---A- - C:\Windows\Prefetch\WSHOST.EXE-3BD2AA25.pf
O45 - LFCP:[MD5.34DD65D2BA6A26BCBABC1A6CE2C7FD09] - 11/01/2014 - 13:32:59 ---A- - C:\Windows\Prefetch\WGET.DAT-DE72012E.pf
O45 - LFCP:[MD5.898C3A9A4A5836A59455926EC3D4AC0C] - 11/01/2014 - 13:33:06 ---A- - C:\Windows\Prefetch\JRT.EXE-7647F3AC.pf
O45 - LFCP:[MD5.7F232B7FB472B7C52F5F607301069356] - 11/01/2014 - 13:34:58 ---A- - C:\Windows\Prefetch\FIND.EXE-9AADDA11.pf
O45 - LFCP:[MD5.259860D20C1286C41B29FD7B004AAD4A] - 11/01/2014 - 13:35:00 ---A- - C:\Windows\Prefetch\FC.EXE-F6221E79.pf
O45 - LFCP:[MD5.8FB51B5B2F6526984FD0443418E1562D] - 11/01/2014 - 13:35:55 ---A- - C:\Windows\Prefetch\CUT.DAT-A831D89F.pf
O45 - LFCP:[MD5.B18ACCC7375B5E6F3DEEAF341C0B2E90] - 11/01/2014 - 13:36:12 ---A- - C:\Windows\Prefetch\SHORTCUT.DAT-56AD6A0F.pf
O45 - LFCP:[MD5.7011EAC1154484D731D5F9740659E7BE] - 11/01/2014 - 13:36:13 ---A- - C:\Windows\Prefetch\NIRCMD.DAT-CEB9DFF4.pf
O45 - LFCP:[MD5.BF26E7A37F7E75C25580017FD5F902BE] - 26/12/2013 - 20:25:34 ---A- - C:\Windows\Prefetch\PfPre_79f9ad66.db
O45 - LFCP:[MD5.CB2BEF87C4F3A34A05B3302B8A5DFBB4] - 26/12/2013 - 22:00:29 ---A- - C:\Windows\Prefetch\YAHOOM~1.EXE-3C1E041D.pf
O45 - LFCP:[MD5.0741E2CF56556095D7AE88A5AE5CBB77] - 26/12/2013 - 22:55:35 ---A- - C:\Windows\Prefetch\BITTORRENT.EXE-572B7ED5.pf  =>P2P.BitTorrent
O45 - LFCP:[MD5.8FDBB9BD6F324AF5F2BFA2BDD0EDBBDB] - 27/12/2013 - 23:45:35 ---A- - C:\Windows\Prefetch\WSRESET.EXE-B9AC6F61.pf
O45 - LFCP:[MD5.06E142D5689120F990EE8FA378B12A42] - 28/12/2013 - 14:29:39 ---A- - C:\Windows\Prefetch\SYSTEMSETTINGS.EXE-6069CEA4.pf
O45 - LFCP:[MD5.3CC1F78C45BE9FC4595D2915E61D3418] - 28/12/2013 - 15:10:05 ---A- - C:\Windows\Prefetch\PfPre_7a9d785f.db
O45 - LFCP:[MD5.1DE3183B45B94D6961696ED46FE89CEC] - 29/12/2013 - 22:20:57 ---A- - C:\Windows\Prefetch\64BIT_WIN7_WIN8_WIN81_R273.EX-08943EF5.pf
O45 - LFCP:[MD5.BA366250F7983FA5F8A8ECF8D6741610] - 30/12/2013 - 00:51:42 ---A- - C:\Windows\Prefetch\ABGX360.EXE-BA3AF143.pf
O45 - LFCP:[MD5.3008B718B20CFFB6E6FDFDF7137F0BBE] - 30/12/2013 - 01:33:46 ---A- - C:\Windows\Prefetch\XBOXDVDMENU.EXE-F3942D71.pf
~ Prefetcher: 268 Legitimates Filtered in 00mn 01s



---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
~ ShellExecuteHooks:  Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 8 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] - 03/11/2013 - 19:51:48 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys   [65776]
O58 - SDL:[MD5.2E83D2621E87C493AB45DC6655BA77D4] - 28/06/2013 - 02:03:05 ---A- . (...) -- C:\Windows\System32\Drivers\aswSnx.sys.sum   [175]
O58 - SDL:[MD5.A5F29AC2F0ADE8B995B49D7350CE3AC0] - 28/06/2013 - 02:03:05 ---A- . (...) -- C:\Windows\System32\Drivers\aswSP.sys.sum   [175]
O58 - SDL:[MD5.90399625F341AB76BA4B85A5E860EB1F] - 26/12/2013 - 14:59:57 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys   [207904]
O58 - SDL:[MD5.E86C64478D9A90D62255FE9EB0150C6E] - 28/06/2013 - 02:03:05 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys.sum   [175]
O58 - SDL:[MD5.4ECC791539F23982411864037D1AC8FC] - 22/08/2012 - 00:12:20 ---A- . (.Windows (R) Win 7 DDK provider - BulkUsb Driver.) -- C:\Windows\System32\Drivers\AthDfu.sys   [55336]
O58 - SDL:[MD5.4ECC791539F23982411864037D1AC8FC] - 11/01/2014 - 12:38:22 ---A- . (.Windows (R) Win 7 DDK provider - BulkUsb Driver.) -- C:\Windows\System32\Drivers\AthDfu.sys.bak   [55336]
O58 - SDL:[MD5.C1ABB0F7E3BEA48A0417BDF6FF14AB21] - 13/08/2013 - 00:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2  Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys   [17624]
O58 - SDL:[MD5.C1ABB0F7E3BEA48A0417BDF6FF14AB21] - 11/01/2014 - 12:38:24 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2  Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys.bak   [17624]
O58 - SDL:[MD5.86154F3A156FA2A5429C2940C69F426F] - 09/01/2014 - 17:23:24 ---A- . (.microOLAP Technologies LTD - PSSDK Driver Protocol v4.1 64bit.) -- C:\Windows\System32\Drivers\pssdk41.sys   [51776]
O58 - SDL:[MD5.86154F3A156FA2A5429C2940C69F426F] - 11/01/2014 - 12:38:42 ---A- . (.microOLAP Technologies LTD - PSSDK Driver Protocol v4.1 64bit.) -- C:\Windows\System32\Drivers\pssdk41.sys.bak   [51776]
O58 - SDL:[MD5.955FFE2B1D74A9E0E3E0E558E6A17F3B] - 28/10/2013 - 01:12:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys   [107288]
O58 - SDL:[MD5.955FFE2B1D74A9E0E3E0E558E6A17F3B] - 11/01/2014 - 12:38:47 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys.bak   [107288]
O58 - SDL:[MD5.BB94A5E2CEE5FD83BA5A72A37AECADDF] - 28/10/2013 - 01:12:12 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys   [204568]
O58 - SDL:[MD5.BB94A5E2CEE5FD83BA5A72A37AECADDF] - 11/01/2014 - 12:38:48 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys.bak   [204568]
O58 - SDL:[MD5.366DEA74BBA65B362BCCFC6FC2ADFD8B] - 22/08/2013 - 13:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys   [31072]
O58 - SDL:[MD5.366DEA74BBA65B362BCCFC6FC2ADFD8B] - 11/01/2014 - 12:38:48 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys.bak   [31072]
O58 - SDL:[MD5.ADAA34740E9F6AFF94CC75D5CF8ED7E2] - 04/01/2008 - 13:34:42 ---A- . (...) -- C:\Windows\SysWOW64\drivers\AsInsHelp32.sys   [10216]
O58 - SDL:[MD5.EDAA17CE771C696655B6585F7CAD2100] - 04/01/2008 - 13:34:48 ---A- . (...) -- C:\Windows\SysWOW64\drivers\AsInsHelp64.sys   [11832]
O58 - SDL:[MD5.798DE15F187C1F013095BBBEB6FB6197] - 22/08/2012 - 17:54:10 ---A- . (...) -- C:\Windows\SysWOW64\drivers\AsIO.sys   [15232]
O58 - SDL:[MD5.1392B92179B07B672720763D9B1028A5] - 15/01/2013 - 10:52:28 ---A- . (...) -- C:\Windows\SysWOW64\drivers\AsUpIO.sys   [14464]
~ Drivers: 19 Legitimates Filtered in 00mn 01s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 08/01/2014 - 13:50:07 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\fr-FR-3-0.bdic   [1074744]
O61 - LFC: 08/01/2014 - 13:50:09 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.376\_platform_specific\win_x86\widevinecdm.dll   [6940304]
O61 - LFC: 08/01/2014 - 13:50:09 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.376\manifest.fingerprint   [66]
O61 - LFC: 08/01/2014 - 13:50:09 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.376\manifest.json   [848]
O61 - LFC: 08/01/2014 - 13:51:28 -SHA- . (...) -- E:\Users\Christelle\Downloads\Homeland.S03.PROPER.VOSTFR.720p.HDTV.x264-ATeam\Homeland.S03E01.VOSTFR.720p.HDTV.x264-ATeam\Thumbs.db   [17920]
O61 - LFC: 08/01/2014 - 13:51:37 -SHA- . (...) -- E:\Users\Christelle\Downloads\The.Victoria.Secret.Fashion.Show.2013.720p.HDTV.x264-2HD [PublicHD]\Thumbs.db   [29696]
O61 - LFC: 09/01/2014 - 13:50:07 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\First Run   [0]
O61 - LFC: 09/01/2014 - 13:50:15 ---A- . (...) -- E:\Users\Christelle\AppData\Roaming\XLink Kai\kaiUserConfig.txt   [1657]
O61 - LFC: 10/01/2014 - 13:50:07 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\databases\Databases.db   [7168]
O61 - LFC: 10/01/2014 - 13:50:09 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Google Profile.ico   [181623]
O61 - LFC: 10/01/2014 - 13:50:09 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\QuotaManager   [13312]
O61 - LFC: 10/01/2014 - 13:50:09 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\README   [180]
O61 - LFC: 10/01/2014 - 13:50:09 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\User StyleSheets\Custom.css   [0]
O61 - LFC: 10/01/2014 - 13:50:13 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Resmon.ResmonCfg   [7604]
O61 - LFC: 10/01/2014 - 13:50:15 R--A- . (...) -- E:\Users\Christelle\AppData\Roaming\Microsoft\Installer\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}\GPUploader.exe   [71894]
O61 - LFC: 10/01/2014 - 13:50:33 ---A- . (...) -- E:\Users\Christelle\Documents\ah_boulot\LFPZ\PLANNING et CONGES\TDS fevrier2014.pdf   [183818]
O61 - LFC: 10/01/2014 - 13:50:45 -SHA- . (...) -- E:\Users\Christelle\Documents\ah_MAISON etc\Musique\Black Eyed Peas - [Deluxe Edition] E.N.D [Cov+CD] [Bubanee]\CD 1\Thumbs.db   [160256]
O61 - LFC: 10/01/2014 - 13:50:45 -SHA- . (...) -- E:\Users\Christelle\Documents\ah_MAISON etc\Musique\Carly Rae Jepsen - Kiss (Deluxe ed)\Thumbs.db   [119808]
O61 - LFC: 10/01/2014 - 13:50:45 -SHA- . (...) -- E:\Users\Christelle\Documents\ah_MAISON etc\Musique\compil Avril 2013\Thumbs.db   [947200]
O61 - LFC: 10/01/2014 - 13:50:46 -SHA- . (...) -- E:\Users\Christelle\Documents\ah_MAISON etc\Musique\compil été 2009\Thumbs.db   [237568]
O61 - LFC: 10/01/2014 - 13:50:47 -SHA- . (...) -- E:\Users\Christelle\Documents\ah_MAISON etc\Musique\En Francais\Thumbs.db   [132608]
O61 - LFC: 10/01/2014 - 13:50:47 -SHA- . (...) -- E:\Users\Christelle\Documents\ah_MAISON etc\Musique\Fun Radio Party Fun 2013 - FLAC\CD 2\Thumbs.db   [25088]
O61 - LFC: 10/01/2014 - 13:50:48 -SHA- . (...) -- E:\Users\Christelle\Documents\ah_MAISON etc\Musique\Fun Summer Dance 2013 Maxx\CD 1\Thumbs.db   [159232]
O61 - LFC: 10/01/2014 - 13:50:48 -SHA- . (...) -- E:\Users\Christelle\Documents\ah_MAISON etc\Musique\Fun Summer Dance 2013 Maxx\CD 2\Thumbs.db   [213504]
O61 - LFC: 10/01/2014 - 13:50:48 -SHA- . (...) -- E:\Users\Christelle\Documents\ah_MAISON etc\Musique\Jessie J- Who You Are(2011)MP3 Nlt-release\Thumbs.db   [48640]
O61 - LFC: 10/01/2014 - 13:50:48 -SHA- . (...) -- E:\Users\Christelle\Documents\ah_MAISON etc\Musique\Jessie J- Who You Are(2011)MP3 Nlt-release\cd\Thumbs.db   [313856]
O61 - LFC: 10/01/2014 - 13:50:49 -SHA- . (...) -- E:\Users\Christelle\Documents\ah_MAISON etc\Musique\Lady Gaga - Artpop 2013 Maxx\Thumbs.db   [340992]
O61 - LFC: 10/01/2014 - 13:50:50 -SHA- . (...) -- E:\Users\Christelle\Documents\ah_MAISON etc\Musique\Les 40 Tubes Les Plus Joues En Club - Avril 2013 Maxx\Hors Classement\Thumbs.db   [58880]
O61 - LFC: 10/01/2014 - 13:50:54 -SHA- . (...) -- E:\Users\Christelle\Documents\ah_MAISON etc\Musique\Owl City - The Midsummer Station\Thumbs.db   [44544]
O61 - LFC: 10/01/2014 - 13:50:55 -SHA- . (...) -- E:\Users\Christelle\Documents\ah_MAISON etc\Musique\Playlist 1\Thumbs.db   [278528]
O61 - LFC: 10/01/2014 - 13:50:55 -SHA- . (...) -- E:\Users\Christelle\Documents\ah_MAISON etc\Musique\Playlist 2 CD2\Thumbs.db   [303616]
O61 - LFC: 10/01/2014 - 13:50:55 -SHA- . (...) -- E:\Users\Christelle\Documents\ah_MAISON etc\Musique\Rod Stewart\Thumbs.db   [50688]
O61 - LFC: 10/01/2014 - 13:50:55 -SHA- . (...) -- E:\Users\Christelle\Documents\ah_MAISON etc\Musique\Tropical Family 2013\Thumbs.db   [257536]
O61 - LFC: 10/01/2014 - 13:50:56 -SHA- . (...) -- E:\Users\Christelle\Documents\ah_MAISON etc\Musique\été 2013\Thumbs.db   [534016]
O61 - LFC: 10/01/2014 - 13:50:57 -SHA- . (...) -- E:\Users\Christelle\Documents\ah_photos SVG\205-FIAC Octobre 2013\Thumbs.db   [563200]
O61 - LFC: 10/01/2014 - 13:51:02 ---A- . (...) -- E:\Users\Christelle\Documents\My Notes\Desktop.qxml   [66470]
O61 - LFC: 10/01/2014 - 13:51:02 ---A- . (...) -- E:\Users\Christelle\Documents\My Notes\Trash.qxml   [9952]
O61 - LFC: 10/01/2014 - 13:51:02 ---A- . (...) -- E:\Users\Christelle\Downloads\Ad-Aware Pro v8.1.4+Crack [ kk ]\Ad-Aware Pro v8.1.4+Crack [ kk ].rar   [80172866]
O61 - LFC: 10/01/2014 - 13:51:27 ---A- . (...) -- E:\Users\Christelle\Downloads\CCleaner Professional + Business Edition v4.07.4369 Multilingual Incl Crack - [MUMBAI]\Crack\Business Editon\CCleaner.dat   [88] =>Piriform Ltd
O61 - LFC: 10/01/2014 - 13:51:27 ---A- . (...) -- E:\Users\Christelle\Downloads\CCleaner Professional + Business Edition v4.07.4369 Multilingual Incl Crack - [MUMBAI]\Crack\Business Editon\branding.dll   [22336] =>Piriform Ltd
O61 - LFC: 10/01/2014 - 13:51:27 ---A- . (...) -- E:\Users\Christelle\Downloads\CCleaner Professional + Business Edition v4.07.4369 Multilingual Incl Crack - [MUMBAI]\Crack\Professional Edition\CCleaner.dat   [88] =>Piriform Ltd
O61 - LFC: 10/01/2014 - 13:51:27 ---A- . (...) -- E:\Users\Christelle\Downloads\CCleaner Professional + Business Edition v4.07.4369 Multilingual Incl Crack - [MUMBAI]\Crack\Professional Edition\branding.dll   [20288] =>Piriform Ltd
O61 - LFC: 10/01/2014 - 13:51:27 ---A- . (...) -- E:\Users\Christelle\Downloads\CCleaner Professional + Business Edition v4.07.4369 Multilingual Incl Crack - [MUMBAI]\Readme.txt   [391] =>Piriform Ltd
O61 - LFC: 11/01/2014 - 13:50:07 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists   [267309]
O61 - LFC: 11/01/2014 - 13:50:07 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Local State   [52498]
O61 - LFC: 11/01/2014 - 13:50:07 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Archived History   [57344]
O61 - LFC: 11/01/2014 - 13:50:07 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Archived History-journal   [512]
O61 - LFC: 11/01/2014 - 13:50:07 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Bookmarks   [70178]
O61 - LFC: 11/01/2014 - 13:50:07 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Bookmarks.bak   [70178]
O61 - LFC: 11/01/2014 - 13:50:07 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Cookies   [81920]
O61 - LFC: 11/01/2014 - 13:50:07 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Cookies-journal   [16384]
O61 - LFC: 11/01/2014 - 13:50:07 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Current Tabs   [8]
O61 - LFC: 11/01/2014 - 13:50:07 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extension Rules\000038.ldb   [414]
O61 - LFC: 11/01/2014 - 13:50:07 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extension Rules\000046.ldb   [207]
O61 - LFC: 11/01/2014 - 13:50:07 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extension Rules\CURRENT   [16]
O61 - LFC: 11/01/2014 - 13:50:07 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extension Rules\LOG   [145]
O61 - LFC: 11/01/2014 - 13:50:07 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extension Rules\LOG.old   [145]
O61 - LFC: 11/01/2014 - 13:50:07 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extension State\CURRENT   [16]
O61 - LFC: 11/01/2014 - 13:50:07 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extension State\LOG   [0]
O61 - LFC: 11/01/2014 - 13:50:07 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extension State\LOG.old   [142]
O61 - LFC: 11/01/2014 - 13:50:07 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extension State\MANIFEST-000008   [50]  =>.Google Inc
O61 - LFC: 11/01/2014 - 13:50:08 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_1\ct.js   [1582]
O61 - LFC: 11/01/2014 - 13:50:08 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_1\manifest.json   [758]
O61 - LFC: 11/01/2014 - 13:50:08 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_1\popup.html   [1166]
O61 - LFC: 11/01/2014 - 13:50:08 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_1\popup.js   [882]
O61 - LFC: 11/01/2014 - 13:50:09 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Favicons   [219136]
O61 - LFC: 11/01/2014 - 13:50:09 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Favicons-journal   [16384]
O61 - LFC: 11/01/2014 - 13:50:09 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\History   [225280]
O61 - LFC: 11/01/2014 - 13:50:09 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\History Provider Cache   [106387]
O61 - LFC: 11/01/2014 - 13:50:09 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\History-journal   [16384]
O61 - LFC: 11/01/2014 - 13:50:09 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Last Session   [133235]
O61 - LFC: 11/01/2014 - 13:50:09 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Last Tabs   [16352]
O61 - LFC: 11/01/2014 - 13:50:09 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Local Extension Settings\elchiiiejkobdbblfejjkbphbddgmljf\000005.ldb   [134]
O61 - LFC: 11/01/2014 - 13:50:09 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Local Extension Settings\elchiiiejkobdbblfejjkbphbddgmljf\CURRENT   [16]
O61 - LFC: 11/01/2014 - 13:50:09 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Local Extension Settings\elchiiiejkobdbblfejjkbphbddgmljf\LOG   [0]
O61 - LFC: 11/01/2014 - 13:50:09 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Local Extension Settings\elchiiiejkobdbblfejjkbphbddgmljf\LOG.old   [145]
O61 - LFC: 11/01/2014 - 13:50:09 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Local Extension Settings\elchiiiejkobdbblfejjkbphbddgmljf\MANIFEST-000015   [105]
O61 - LFC: 11/01/2014 - 13:50:09 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\chrome-extension_elchiiiejkobdbblfejjkbphbddgmljf_0.localstorage-journal   [4640]
O61 - LFC: 11/01/2014 - 13:50:09 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_googleads.g.doubleclick.net_0.localstorage   [3072]
O61 - LFC: 11/01/2014 - 13:50:09 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_googleads.g.doubleclick.net_0.localstorage-journal   [512]
O61 - LFC: 11/01/2014 - 13:50:09 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_chrome.google.com_0.localstorage   [3072]
O61 - LFC: 11/01/2014 - 13:50:09 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_chrome.google.com_0.localstorage-journal   [3608]
O61 - LFC: 11/01/2014 - 13:50:09 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_plus.google.com_0.localstorage   [3072]
O61 - LFC: 11/01/2014 - 13:50:09 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_plus.google.com_0.localstorage-journal   [3608]
O61 - LFC: 11/01/2014 - 13:50:09 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_www.google.fr_0.localstorage   [3072]
O61 - LFC: 11/01/2014 - 13:50:09 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_www.google.fr_0.localstorage-journal   [3608]
O61 - LFC: 11/01/2014 - 13:50:09 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Login Data   [12288]
O61 - LFC: 11/01/2014 - 13:50:09 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Network Action Predictor   [139264]
O61 - LFC: 11/01/2014 - 13:50:09 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Network Action Predictor-journal   [16384]
O61 - LFC: 11/01/2014 - 13:50:09 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Origin Bound Certs   [18432]
O61 - LFC: 11/01/2014 - 13:50:09 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Origin Bound Certs-journal   [12896]
O61 - LFC: 11/01/2014 - 13:50:09 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences   [62609]
O61 - LFC: 11/01/2014 - 13:50:09 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Session Storage\000081.ldb   [75661]
O61 - LFC: 11/01/2014 - 13:50:09 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Session Storage\000083.ldb   [10761]
O61 - LFC: 11/01/2014 - 13:50:09 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Session Storage\000086.ldb   [10629]
O61 - LFC: 11/01/2014 - 13:50:09 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Session Storage\CURRENT   [16]
O61 - LFC: 11/01/2014 - 13:50:09 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Session Storage\LOG   [266]
O61 - LFC: 11/01/2014 - 13:50:09 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Session Storage\LOG.old   [266]
O61 - LFC: 11/01/2014 - 13:50:09 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Session Storage\MANIFEST-000085   [197]  =>.Google Inc
O61 - LFC: 11/01/2014 - 13:50:09 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Shortcuts   [12288]
O61 - LFC: 11/01/2014 - 13:50:09 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Shortcuts-journal   [12824]
O61 - LFC: 11/01/2014 - 13:50:09 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_0   [8192]
O61 - LFC: 11/01/2014 - 13:50:09 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1   [270336]
O61 - LFC: 11/01/2014 - 13:50:09 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_2   [8192]
O61 - LFC: 11/01/2014 - 13:50:09 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_3   [8192]
O61 - LFC: 11/01/2014 - 13:50:09 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\index   [262512]
O61 - LFC: 11/01/2014 - 13:50:09 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Sync Data\SyncData.sqlite3   [622592]
O61 - LFC: 11/01/2014 - 13:50:09 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Sync Data\SyncData.sqlite3-journal   [16384]
O61 - LFC: 11/01/2014 - 13:50:09 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Top Sites   [20480]
O61 - LFC: 11/01/2014 - 13:50:09 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Top Sites-journal   [12824]
O61 - LFC: 11/01/2014 - 13:50:09 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\TransportSecurity   [1924]
O61 - LFC: 11/01/2014 - 13:50:09 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Visited Links   [131072]
O61 - LFC: 11/01/2014 - 13:50:09 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\_crx_gfdkimpbcpahaombhbimeihdjnejgicl\Feedback.ico   [163799]
O61 - LFC: 11/01/2014 - 13:50:09 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\_crx_gfdkimpbcpahaombhbimeihdjnejgicl\Feedback.ico.md5   [16]
O61 - LFC: 11/01/2014 - 13:50:09 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data   [73728]
O61 - LFC: 11/01/2014 - 13:50:09 ---A- . (...) -- E:\Users\Christelle\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data-journal   [12848]
O61 - LFC: 11/01/2014 - 13:50:16 ---A- . (...) -- E:\Users\Christelle\AppData\Roaming\ZHP\Log.txt   [58920]  =>.Nicolas Coolman
O61 - LFC: 11/01/2014 - 13:50:16 ---A- . (...) -- E:\Users\Christelle\AppData\Roaming\ZHP\TestsZHPDiag.txt   [2918]  =>.Nicolas Coolman
O61 - LFC: 11/01/2014 - 13:50:16 ---A- . (...) -- E:\Users\Christelle\AppData\Roaming\ZHP\ZHPADSReport.txt   [631]  =>.Nicolas Coolman
O61 - LFC: 11/01/2014 - 13:50:16 ---A- . (...) -- E:\Users\Christelle\AppData\Roaming\ZHP\ZHPDiag.txt   [62794]  =>.Nicolas Coolman
O61 - LFC: 11/01/2014 - 13:50:39 -SHA- . (...) -- E:\Users\Christelle\Documents\ah_MAISON etc\8-SANTE SPORTS REGIMES FITNESS\VIDEOS FITNESS\FITNESS\TA_Dance_Aerobics\Thumbs.db   [39424]
O61 - LFC: 11/01/2014 - 13:50:46 -SHA- . (...) -- E:\Users\Christelle\Documents\ah_MAISON etc\Musique\Compil Janvier 2014\Thumbs.db   [225280]
O61 - LFC: 11/01/2014 - 13:50:48 -SHA- . (...) -- E:\Users\Christelle\Documents\ah_MAISON etc\Musique\gaga selection\Thumbs.db   [258048]
O61 - LFC: 11/01/2014 - 13:50:51 -SHA- . (...) -- E:\Users\Christelle\Documents\ah_MAISON etc\Musique\Musique 80 selection\Thumbs.db   [29696]
O61 - LFC: 11/01/2014 - 13:50:53 -SHA- . (...) -- E:\Users\Christelle\Documents\ah_MAISON etc\Musique\Musique tropical selection\Thumbs.db   [69632]
O61 - LFC: 11/01/2014 - 13:50:55 -SHA- . (...) -- E:\Users\Christelle\Documents\ah_MAISON etc\Musique\Playlist 3 2013\Thumbs.db   [225792]
O61 - LFC: 11/01/2014 - 13:50:58 -SHA- . (...) -- E:\Users\Christelle\Documents\ah_photos SVG\Photos SAUVEGARDE\181-expo Kusama Pompidou déc2011\Thumbs.db   [26112]
O61 - LFC: 11/01/2014 - 13:51:00 -SHA- . (...) -- E:\Users\Christelle\Documents\ah_photos SVG\Photos SAUVEGARDE\copies photos VACANCES PARIS Mai 2009\181-expo Kusama Pompidou déc2011\Thumbs.db   [26112]
O61 - LFC: 11/01/2014 - 13:51:02 ---A- . (...) -- E:\Users\Christelle\Downloads\adwcleaner.exe   [1233962]
O61 - LFC: 11/01/2014 - 13:51:34 ---A- . (...) -- E:\Users\Christelle\Downloads\RogueKillerX64.exe   [4406784]
~ 51 Fichiers temporaires (Temporary files)
~ Files: 820 Legitimates Filtered in 01mn 34s



---\\ Fichiers Alternate Data Stream (ADS) (O62)
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\AsIO.dll:Zone.Identifier
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\SglW32.dll:Zone.Identifier
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\Drivers\AsInsHelp32.sys:Zone.Identifier
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\Drivers\AsInsHelp64.sys:Zone.Identifier
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\Drivers\AsIO.sys:Zone.Identifier
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\Drivers\AsUpIO.sys:Zone.Identifier
~ ADS:  Scanned in 00mn 00s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
~ ADS:  Scanned in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.F0A5B44B9B8A23E2F2950B346B5C7718] [SPRF][23/12/2013] (...) -- E:\Users\Christelle\AppData\Local\Temp\Quarantine.exe   [360051]
~ Files: 2 Legitimates Filtered in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)

O87 - FAEL: "{72065031-1BF3-4F91-B949-0DE7443A32EA}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe (.not file.)
O87 - FAEL: "{204A6AA5-9247-4962-B215-AE31E13E695F}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\WDExpress.exe (.not file.)
~ Firewall: 356 Legitimates Filtered in 00mn 00s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "768EC60C9100DDB4883CDC697FF9DC7C" . (.Cortona3D Viewer.) -- C:\Windows\Installer\{C06CE867-0019-4BDD-88C3-CD96F79FCDC7}\controlPanelIcon.exe
~ Update Products: 75 Legitimates Filtered in 00mn 00s



---\\ Enumère les données de la clé NameSpace (MNS) (O92)
O92 - MNS:  - {1CF1260C-4DD0-4ebb-811F-33C572699FDE}
O92 - MNS:  - {374DE290-123F-4565-9164-39C4925E467B}
O92 - MNS:  - {3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}
O92 - MNS:  - {A0953C92-50DC-43bf-BE83-3742FED03C9C}
O92 - MNS:  - {A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}
O92 - MNS:  - {B4BFCC3A-DB2C-424C-B029-7FE99A87C641}
~ MNS: 6 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.39988793C0BE26963F7C8228E7F04E23] [WIS][06/01/2014] (.Google - Google+ Auto Backup.) -- C:\Windows\Installer\4376d45.msi   [3088384]
[MD5.62C12128CCFB851F26B74EE5485A4A8E] [WIS][07/05/2010] (.ParallelGraphics - Cortona3D Viewer.) -- C:\Windows\Installer\46c040.msi   [4759040]
~ WIS: 77 Legitimates Filtered in 00mn 03s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 10/04/2013 116648 |  (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 10/04/2013 116648 |  (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 09/05/2011 136120 |  (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Auto 04/04/2013 701512 |  (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Demand 22/08/2013 37768 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Auto 22/08/2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 11/05/2013 65640 |  (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 13/12/2013 239616 |  (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 15/12/2013 920736 |  (asComSvc) . (...) - C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
SR - | Auto 15/12/2013 951936 |  (asHmComSvc) . (.ASUSTeK Computer Inc..) - C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
SR - | Auto 15/12/2013 149120 |  (AsSysCtrlService) . (.ASUSTeK Computer Inc..) - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
SR - | Auto 25/06/2013 208384 |  (AtherosSvc) . (.Atheros Commnucations.) - C:\Windows\System32\AdminService.exe
SR - | Auto 26/12/2013 50344 |  (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 31/05/2011 210024 |  (DTSAudioService) . (.DTS.) - C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
SR - | Auto 14/09/2009 166400 |  (EPSON_EB_RPCV4_04) . (.SEIKO EPSON CORPORATION.) - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.exe
SR - | Auto 14/09/2009 128512 |  (EPSON_PM_RPCV4_04) . (.SEIKO EPSON CORPORATION.) - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.exe
SR - | Auto 31/07/2012 170824 |  (Intel(R) PROSet Monitoring Service) . (.Intel Corporation.) - C:\Windows\system32\IProsetMonitor.exe
SR - | Auto 04/04/2013 418376 |  (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Demand 10/07/1658 0 |  (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Auto 10/07/1658 0 |  (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe  =>.Microsoft Corporation

~ Services:  Scanned in 00mn 04s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by Christelle at 11/01/2014 13:51:54
~ OS 64 not supported by MBR tool

~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Christelle at 11/01/2014 13:51:56

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR:  Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 13019 - (10/01/2014)
Clés trouvées (Keys found) : 4
Valeurs trouvées (Values found) : 0
Dossiers trouvés  (Folders found) : 1
Fichiers trouvés  (Files found) : 2

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375]   =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5]   =>PUP.Tarma
C:\Windows\AutoKMS\AutoKMS.exe   =>Trojan.Keygen^
~ Additionnel Scan: 218923 Items scanned in 00mn 11s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/27232411-hijacker-proxy    =>Hijacker.Proxy

~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit   =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/32799788-pup-browsersafeguard   =>PUP.BrowserSafeguard
~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma   =>PUP.Tarma
~ MSI: 5 link(s) detected in 00mn 11s



~ 2445 Legitimates filtered by white list
End of the scan (684 lines in 02mn 51s)(0)