Format du document : text/plain
Rapport de ZHPDiag v2013.4.3.12 par Nicolas Coolman, Update du 03/04/2013
Run by georges at 05/04/2013 09:32:33
State : Nouvelle version disponible
High Elevated Privileges : OK
UAC : Not Found
---\\ Web Browser
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox 19.0.2 v19.0.2 (Defaut)
---\\ Windows Product Information
~ Langage: Fran�ais
Windows XP Professional Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO
---\\ System Information
~ Processor: x86 Family 6 Model 6 Stepping 2, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1023 MB (47% free)
System Restore: Activ� (Enable)
System drive C: has 6 GB (43%) free of 15 GB
---\\ Logged in mode
~ Computer Name: GEORGES-42F7196
~ User Name: georges
~ All Users Names: SUPPORT_388945a0, HelpAssistant, georges, ASPNET, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Documents and Settings\georges\Application Data\
~ %Desktop% : C:\Documents and Settings\georges\Bureau\
~ %Favorites% : C:\Documents and Settings\georges\Favoris\
~ %LocalAppData% : C:\Documents and Settings\georges\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\georges\Menu D�marrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 6 Go of 15 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 17 Go of 21 Go)
E:\ CD-ROM drive (Not Inserted)
F:\ CD-ROM drive (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Free 7 Go of 7 Go)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Security Center: Scanned in 00mn 00s
---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.13/04/2008 - 18:34:04.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.FCDD66EE148885E900285ADE8417E40B] - (.Microsoft Corporation - Internet Extensions for Win32.) (.05/02/2013 - 19:56:42.) -- C:\WINDOWS\system32\wininet.dll [916480]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.13/04/2008 - 18:34:30.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 10:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 11:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 10:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.13/04/2008 - 17:57:40.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 08:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.13/04/2008 - 18:00:54.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 10:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 10:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 11:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:32.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 11:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 11:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parall�le.) (.13/04/2008 - 18:09:42.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 11:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 10:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.13/04/2008 - 17:57:36.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.13/04/2008 - 17:56:06.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 2/73
Mes musiques (My Musics) : 2/2 (Modified)
Mes Videos (My Videos) : 2/2 (Modified)
~ Mes Favoris (My Favorites) : 1/9
~ Mes Documents (My Documents) : 1/79
~ Mon Bureau (My Desktop) : 0/8
~ Menu demarrer (Programs) : 1/45
~ Hidden Files: Scanned in 00mn 00s
---\\ Processus lanc�s
[MD5.B4837FE56D76B2E9EA90E5365CF6A2BE] - (.Avira GmbH - Antivirus Scheduler.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [136360] [PID.1648]
[MD5.C983E62B6FB74457D173BA93F66F6068] - (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [281768] [PID.1924]
[MD5.DF5A3016052755C910A206058B4A1729] - (.Avira GmbH - Antivirus On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [269480] [PID.1980]
[MD5.999DB5F88C8E145CCA9D471E33227143] - (.Oracle Corporation - Java(TM) Quick Starter Service.) -- C:\Program Files\Java\jre7\bin\jqs.exe [170912] [PID.172]
[MD5.0FEBE37DB6650FAA5965C00545009D1D] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 93.71.) -- C:\WINDOWS\system32\nvsvc32.exe [159810] [PID.276]
[MD5.8C91BD35AE9AA8B628EEC5E637BB1D0F] - (.Avira GmbH - AntiVir shadow copy service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [76968] [PID.1596]
[MD5.BF2F2717C13A4BD4FD73F2788534E86B] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [917400] [PID.2444]
[MD5.339DFA98DDDA7DDF735CE21C82E6F1DD] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [824232] [PID.3016]
[MD5.C35DA74B42B017D19CBB02863DCAC6E7] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [6440960] [PID.2356]
~ Processes Running: Scanned in 00mn 01s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\1cfw40a2.default-1364231546734\prefs.js
C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr(2).default\prefs.js
C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\prefs.js
M3 - MFPP: Plugins - [georges] -- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\searchplugins\googlefrweb.xml
M3 - MFPP: Plugins - [georges] -- C:\Program Files\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml
M0 - MFSP: prefs.js [georges - 55yaddkr.default]
M2 - MFEP: prefs.js [georges - 55yaddkr.default\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}] [dwhelper] DownloadHelper v4.9.14 (.Michel Gutierrez.)
P2 - FPN: [HKLM] [] - (...) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
P2 - FPN: [HKLM] [] - (.Adobe Systems, Inc. - Adobe Shockwave for Director Netscape plug-in, version 12.0.) -- C:\WINDOWS\system32\Adobe\Director\np32dsw_1200112.dll
P2 - FPN: [HKLM] [,version=10.17.2] - (.Oracle Corporation - NPRuntime Script Plug-in Library for Java(TM) Deploy.) -- C:\WINDOWS\system32\npDeployJava1.dll
P2 - FPN: [HKLM] [,version=10.17.2] - (.Oracle Corporation - Next Generation Java Plug-in 10.17.2 for Mozilla browsers.) -- C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
P2 - FPN: [HKLM] [,version=2.0.3] - (.VideoLAN - VLC media player Web Plugin 2.0.2.) -- C:\Program Files\VideoLAN\VLC\npvlc.dll
P2 - FPN: [HKLM] [Adobe Reader] - (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 11.0.02.) -- C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
~ Firefox Browser: Scanned in 00mn 00s
---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 11.0.02.) (No version) -- (.not file.)
~ IE Browser: Scanned in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\Userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 23
---\\ Browser Helper Objects de navigateur (O2)
~ BHO: 3 Legitimates Scanned in 00mn 00s
---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Run: [avgnt] . (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Programs: Assistance � distance.lnk . (.Microsoft Corporation - Assistance � distance Microsoft.) -- C:\WINDOWS\system32\rcimlby.exe
O4 - GS\Programs: Outlook Express.lnk . (.Microsoft Corporation - Outlook Express.) -- C:\Program Files\Outlook Express\msimn.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Programs: Lecteur Windows Media.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe
~ Global Startup: Scanned in 00mn 00s
---\\ Boutons situ�s sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Cl� orpheline
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Winsock hijacker (Layered Service Provider) (O10)
~ Winsock: 3 Legitimates Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C39FC85-5814-48E7-B633-7A98AB72771D}: DhcpNameServer =
O17 - HKLM\System\CS1\Services\Tcpip\..\{3C39FC85-5814-48E7-B633-7A98AB72771D}: DhcpNameServer =
O17 - HKLM\System\CS3\Services\Tcpip\..\{3C39FC85-5814-48E7-B633-7A98AB72771D}: DhcpNameServer =
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent r�seau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Cl� de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
~ SSODL: 4 Legitimates Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: NVIDIA Display Driver Service (NVSvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 93.71.) - C:\WINDOWS\system32\nvsvc32.exe
~ Services: 4 Legitimates Scanned in 00mn 06s
---\\ Enum�ration Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\georges\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\georges\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
~ Desktop Component: 1 Legitimates Scanned in 00mn 00s
---\\ BootExecute (O34)
~ BEX: 1 Legitimates Scanned in 00mn 00s
---\\ T�ches planifi�es en automatique (O39)
~ IE Control Panel: 2 Legitimates Scanned in 00mn 00s
---\\ Composants install�s (ActiveSetup Installed Components) (O40)
~ Active Setup: 20 Legitimates Scanned in 00mn 00s
---\\ Pilotes lanc�s au d�marrage (O41)
~ Drivers: 66 Legitimates Scanned in 00mn 00s
---\\ Logiciels install�s (O42)
O42 - Logiciel: Adobe Flash Player 11 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 11 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Reader XI (11.0.02) - Fran�ais - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-AB0000000001}
O42 - Logiciel: Avira AntiVir Personal - Free Antivirus - (.Avira GmbH.) [HKLM] -- Avira AntiVir Desktop
O42 - Logiciel: Java 7 Update 17 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83217017FF}
O42 - Logiciel: NvMixer - (...) [HKLM] -- {D7A6C517-11F2-419F-B5BB-27772B939698}
O42 - Logiciel: Spybot - Search & Destroy - (.Safer Networking Limited.) [HKLM] -- {B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1
O42 - Logiciel: �Torrent - (.BitTorrent Inc..) [HKLM] -- uTorrent
~ Logic: 49 Legitimates Scanned in 00mn 00s
---\\ HKCU & HKLM Software Keys
~ Key Software: 115 Legitimates Scanned in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 29/08/2012 - 10:27:24 - [54,568] ----D C:\Program Files\Spybot - Search & Destroy
O43 - CFD: 29/08/2012 - 10:59:28 - [0,764] ----D C:\Program Files\uTorrent
O43 - CFD: 31/08/2012 - 16:37:26 - [1,521] ----D C:\Program Files\TimeAdjuster
O43 - CFD: 29/08/2012 - 10:58:38 - [1,899] ----D C:\Documents and Settings\georges\Application Data\uTorrent
O43 - CFD: 31/08/2012 - 16:37:28 - [0,012] ----D C:\Documents and Settings\georges\Menu D�marrer\Programmes\TimeAdjuster
~ Program Folder: 81 Legitimates Scanned in 00mn 02s
---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.7F68521BA79A7D30216F6E2AAC717662] - 05/04/2013 - 06:39:46 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.846B48B93D641D83793B6F240B195E9B] - 05/04/2013 - 06:39:44 ---A- . (...) -- C:\WINDOWS\system32\nvapps.xml [88566]
O44 - LFC:[MD5.497E17C519CE95EAA864C7F095C9A92F] - 05/04/2013 - 05:44:24 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.5866F5AC5FA90002CC1275789B715A60] - 02/04/2013 - 10:47:58 ---A- . (...) -- C:\WINDOWS\NeroDigital.ini [116]
~ Files: 26 Legitimates Scanned in 01mn 30s
---\\ Derniers fichiers cr��s dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.824F30AEF788F3AC8DDC413B15C48BBD] - 04/04/2013 - 06:53:16 ---A- - C:\WINDOWS\Prefetch\
O45 - LFCP:[MD5.46DB065972C1C4174AA9CDE127C05888] - 04/04/2013 - 06:56:24 ---A- - C:\WINDOWS\Prefetch\
O45 - LFCP:[MD5.E082F527560258FD55E55DA13710666E] - 04/04/2013 - 11:00:48 ---A- - C:\WINDOWS\Prefetch\
O45 - LFCP:[MD5.DD75CD7495A3686E9B05247DF16DDA84] - 04/04/2013 - 19:12:24 ---A- - C:\WINDOWS\Prefetch\
O45 - LFCP:[MD5.6B704C476B5624526BE0D9340D2D67B3] - 04/04/2013 - 22:07:10 ---A- - C:\WINDOWS\Prefetch\
O45 - LFCP:[MD5.137F842F1E38405610FEEEF474934DBF] - 04/04/2013 - 23:06:44 ---A- - C:\WINDOWS\Prefetch\
O45 - LFCP:[MD5.929550B8727B7E7B102D4DA04EF022FD] - 05/04/2013 - 07:09:28 ---A- - C:\WINDOWS\Prefetch\
~ Prefetcher: 67 Legitimates Scanned in 00mn 00s
---\\ Op�rations et fonctions au d�marrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Export de cl� d'application autoris�e (O47)
O47 - AAKE:Key Export SP - "C:\Program Files\uTorrent\uTorrent.exe" [Enabled] .(.BitTorrent Inc..) -- C:\Program Files\uTorrent\uTorrent.exe
O47 - AAKE:Key Export SP - "C:\Program Files\\maconfservice.exe" [Enabled] .(...) -- C:\Program Files\\maconfservice.exe (.not file.)
~ Keys Export: 7 Legitimates Scanned in 00mn 01s
---\\ D�ni du service (Local Security Authority) (O48)
~ LSA: 6 Legitimates Scanned in 00mn 00s
---\\ Contr�le du Safe Boot (CSB) (O49)
~ CBS: 21 Legitimates Scanned in 00mn 00s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s
---\\ Trojan Driver Search Data (HKLM) (O52)
~ TDSD: 12 Legitimates Scanned in 00mn 00s
---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\CTFMON.EXE [Key] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O53 - SMSR:HKLM\...\startupreg\FlashPlayerUpdate [Key] . (...) -- C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_5_502_149_Plugin.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\NeroFilterCheck [Key] . (.Ahead Software Gmbh - NeroCheck.) -- C:\WINDOWS\system32\NeroCheck.exe
O53 - SMSR:HKLM\...\startupreg\NVMixerTray [Key] . (.NVIDIA Corporation - NVIDIA nForce Mixer Tray Application.) -- C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
O53 - SMSR:HKLM\...\startupreg\nwiz [Key] . (...) -- C:\WINDOWS\system32\nwiz.exe
~ SMSR Keys: 10 Legitimates Scanned in 00mn 00s
---\\ Microsoft Control Security Providers (O54)
~ MSCP: 6 Legitimates Scanned in 00mn 00s
---\\ Microsoft Windows Policies System (O55)
~ MWPS: 5 Legitimates Scanned in 00mn 00s
---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveAutoRun"=3
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveAutoRun"=3
~ MWPE Keys: 4 Legitimates Scanned in 00mn 00s
---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 06/09/2002 - 23:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 06/09/2002 - 23:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
~ Drivers: Scanned in 00mn 00s
---\\ Derniers fichiers modifi�s ou cr�es (Utilisateur) (O61)
O61 - LFC: 02/04/2013 - 00:45:32 -S-A- C:\Documents and Settings\georges\Application Data\Microsoft\Crypto\RSA\S-1-5-21-602162358-484763869-682003330-1003\35f4a87f38d38294bd81b4a4fe3fe7a9_c618d82d-ab18-45f0-9a7b-71110769a3d1 [1305]
O61 - LFC: 02/04/2013 - 00:45:48 -S-A- C:\Documents and Settings\georges\Application Data\Microsoft\Crypto\RSA\S-1-5-21-602162358-484763869-682003330-1003\76b7e4a330a0efb2a9df2ed5fedd9201_c618d82d-ab18-45f0-9a7b-71110769a3d1 [1305]
O61 - LFC: 02/04/2013 - 00:47:44 -S-A- C:\Documents and Settings\georges\Application Data\Microsoft\Crypto\RSA\S-1-5-21-602162358-484763869-682003330-1003\2c24335c35f67fa9fe1beedc2486ac50_c618d82d-ab18-45f0-9a7b-71110769a3d1 [1305]
O61 - LFC: 02/04/2013 - 00:47:54 -S-A- C:\Documents and Settings\georges\Application Data\Microsoft\Crypto\RSA\S-1-5-21-602162358-484763869-682003330-1003\b467fece6ce3ab160806205bef72cb7a_c618d82d-ab18-45f0-9a7b-71110769a3d1 [1305]
O61 - LFC: 02/04/2013 - 08:50:58 ---A- C:\Documents and Settings\georges\Application Data\Microsoft\Media Player\03B3C69D.wpl [154]
O61 - LFC: 02/04/2013 - 10:49:50 ---A- C:\Documents and Settings\georges\Local Settings\Application Data\Microsoft\Movie Maker\MEDIATAB0.DAT [8704]
O61 - LFC: 02/04/2013 - 11:06:06 ---A- C:\Documents and Settings\georges\Application Data\Microsoft\Windows\Themes\Custom.theme [8137]
O61 - LFC: 02/04/2013 - 23:18:10 -S-A- C:\Documents and Settings\georges\Application Data\Microsoft\Crypto\RSA\S-1-5-21-602162358-484763869-682003330-1003\6b10b15a27ced532d39c7b191dc6a5bb_c618d82d-ab18-45f0-9a7b-71110769a3d1 [1305]
O61 - LFC: 02/04/2013 - 23:33:08 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\bookmarkbackups\bookmarks-2013-04-03.json [21289]
O61 - LFC: 03/04/2013 - 19:23:58 ---A- C:\Documents and Settings\georges\Application Data\dvdcss\CACHEDIR.TAG [203]
O61 - LFC: 03/04/2013 - 21:29:22 -S-A- C:\Documents and Settings\georges\Application Data\Microsoft\Crypto\RSA\S-1-5-21-602162358-484763869-682003330-1003\86da4b0483db1143fc07644c2ed5fbdd_c618d82d-ab18-45f0-9a7b-71110769a3d1 [1305]
O61 - LFC: 03/04/2013 - 23:55:26 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\bookmarkbackups\bookmarks-2013-04-04.json [21289]
O61 - LFC: 04/04/2013 - 05:36:34 -S-A- C:\Documents and Settings\georges\Application Data\Microsoft\Crypto\RSA\S-1-5-21-602162358-484763869-682003330-1003\fc851e10b4c8bf2b34d8a35e07c32fd5_c618d82d-ab18-45f0-9a7b-71110769a3d1 [1305]
O61 - LFC: 04/04/2013 - 06:53:58 ---A- C:\Documents and Settings\georges\UserData\index.dat [32768]
O61 - LFC: 04/04/2013 - 06:53:58 -SHA- C:\Documents and Settings\georges\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\index.dat [32768]
O61 - LFC: 04/04/2013 - 06:54:00 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\1cfw40a2.default-1364231546734\places.sqlite [10485760]
O61 - LFC: 04/04/2013 - 06:54:00 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr(2).default\places.sqlite [10485760]
O61 - LFC: 04/04/2013 - 07:00:38 ---A- C:\Documents and Settings\georges\Bureau\scan.lnk [2451]
O61 - LFC: 04/04/2013 - 07:12:00 ---A- C:\Documents and Settings\georges\Recent\ZHPDiag.txt.lnk [381]
O61 - LFC: 04/04/2013 - 07:21:58 ---A- C:\Documents and Settings\georges\Local Settings\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\startupCache\startupCache.4.little [1690492]
O61 - LFC: 04/04/2013 - 08:49:38 ---A- C:\Documents and Settings\georges\Recent\Californication.S06E03.avi.lnk [368]
O61 - LFC: 04/04/2013 - 09:18:28 ---A- C:\Documents and Settings\georges\Recent\Californication.S06E04.avi.lnk [368]
O61 - LFC: 04/04/2013 - 10:20:58 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\mimeTypes.rdf [32232]
O61 - LFC: 04/04/2013 - 10:21:00 -S-A- C:\Documents and Settings\georges\Application Data\Microsoft\Crypto\RSA\S-1-5-21-602162358-484763869-682003330-1003\b5e0ef03ae238db2719732353c75ec01_c618d82d-ab18-45f0-9a7b-71110769a3d1 [1305]
O61 - LFC: 04/04/2013 - 10:21:04 ---A- C:\Documents and Settings\georges\Application Data\uTorrent\dlimagecache\11BE992F09EDBD864815F0130D4082E29BCDFA61 [141956]
O61 - LFC: 04/04/2013 - 11:40:48 ---A- C:\Documents and Settings\georges\Recent\Mes images.lnk [375]
O61 - LFC: 04/04/2013 - 11:40:48 ---A- C:\Documents and Settings\georges\Recent\bon.txt.lnk [577]
O61 - LFC: 04/04/2013 - 11:42:40 ---A- C:\Documents and Settings\georges\Recent\Californication.S06E05.avi.lnk [368]
O61 - LFC: 04/04/2013 - 12:11:00 ---A- C:\Documents and Settings\georges\Recent\Californication.S06E06.avi.lnk [368]
O61 - LFC: 04/04/2013 - 13:32:06 ---A- C:\Documents and Settings\georges\Recent\Californication.S06E07.avi.lnk [368]
O61 - LFC: 04/04/2013 - 13:59:50 ---A- C:\Documents and Settings\georges\Recent\Californication.S06E08.avi.lnk [368]
O61 - LFC: 04/04/2013 - 14:33:52 ---A- C:\Documents and Settings\georges\Application Data\uTorrent\dlimagecache\7C8945DA1B01DEA87CEA3DEAE371D7FEEFE460C0 [3211]
O61 - LFC: 04/04/2013 - 14:34:02 ---A- C:\Documents and Settings\georges\Application Data\uTorrent\dht.dat.old [4404]
O61 - LFC: 04/04/2013 - 14:34:02 ---A- C:\Documents and Settings\georges\Application Data\uTorrent\rss.dat.old [99]
O61 - LFC: 04/04/2013 - 14:49:22 ---A- C:\Documents and Settings\georges\Recent\Californication.S06E09.avi.lnk [368]
O61 - LFC: 04/04/2013 - 15:18:02 ---A- C:\Documents and Settings\georges\Recent\Californication.S06E10.avi.lnk [368]
O61 - LFC: 04/04/2013 - 15:46:48 ---A- C:\Documents and Settings\georges\Recent\Californication.S06E11.avi.lnk [368]
O61 - LFC: 04/04/2013 - 16:15:36 ---A- C:\Documents and Settings\georges\Recent\Lecteur CD.lnk [198]
O61 - LFC: 04/04/2013 - 16:15:36 ---A- C:\Documents and Settings\georges\Recent\californication.S06E12.avi.lnk [368]
O61 - LFC: 04/04/2013 - 17:00:28 ---A- C:\Documents and Settings\georges\Recent\TELE.m3u.lnk [364]
O61 - LFC: 04/04/2013 - 18:24:04 ---A- C:\Documents and Settings\georges\Application Data\vlc\ml.xspf [304]
O61 - LFC: 04/04/2013 - 18:24:04 ---A- C:\Documents and Settings\georges\Application Data\vlc\vlcrc [80077]
O61 - LFC: 04/04/2013 - 18:24:12 ---A- C:\Documents and Settings\georges\Recent\Scans.lnk [449]
O61 - LFC: 04/04/2013 - 18:24:12 ---A- C:\Documents and Settings\georges\Recent\booklet 1.jpg.lnk [605]
O61 - LFC: 04/04/2013 - 18:36:28 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\1cfw40a2.default-1364231546734\prefs.js [2614]
O61 - LFC: 04/04/2013 - 18:36:28 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr(2).default\prefs.js [2587]
O61 - LFC: 04/04/2013 - 18:41:52 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\blocklist.xml [58746]
O61 - LFC: 04/04/2013 - 18:42:12 ---A- C:\Documents and Settings\georges\Recent\Anubis - 230503 (2009).lnk [389]
O61 - LFC: 04/04/2013 - 18:42:12 ---A- C:\Documents and Settings\georges\Recent\Anubis - 230503.flac.lnk [554]
O61 - LFC: 04/04/2013 - 19:12:16 -S-A- C:\Documents and Settings\georges\Application Data\Microsoft\Crypto\RSA\S-1-5-21-602162358-484763869-682003330-1003\aa68583709dfa29dcf9c66906a7f04e3_c618d82d-ab18-45f0-9a7b-71110769a3d1 [1305]
O61 - LFC: 04/04/2013 - 19:15:54 ---A- C:\Documents and Settings\georges\Recent\ [562]
O61 - LFC: 04/04/2013 - 19:15:56 ---A- C:\Documents and Settings\georges\Recent\Cast.Away.2000.DVDRip.XviD-ViEW.lnk [438]
O61 - LFC: 04/04/2013 - 19:30:50 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\downloads.sqlite [98304]
O61 - LFC: 04/04/2013 - 19:30:50 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\signons.sqlite [327680]
O61 - LFC: 04/04/2013 - 19:30:52 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\addons.sqlite [524288]
O61 - LFC: 04/04/2013 - 19:30:52 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\content-prefs.sqlite [229376]
O61 - LFC: 04/04/2013 - 19:30:52 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\permissions.sqlite [1769472]
O61 - LFC: 04/04/2013 - 22:06:58 ---A- C:\Documents and Settings\georges\Recent\ZHPFixReport.txt.lnk [408]
O61 - LFC: 04/04/2013 - 23:06:46 ---A- C:\Documents and Settings\georges\Recent\Track01.cda.lnk [326]
O61 - LFC: 04/04/2013 - 23:10:02 ---A- C:\Documents and Settings\georges\Recent\Track02.cda.lnk [326]
O61 - LFC: 04/04/2013 - 23:16:04 ---A- C:\Documents and Settings\georges\Recent\Track03.cda.lnk [326]
O61 - LFC: 04/04/2013 - 23:26:22 ---A- C:\Documents and Settings\georges\Recent\Track04.cda.lnk [326]
O61 - LFC: 04/04/2013 - 23:34:12 ---A- C:\Documents and Settings\georges\Recent\Track05.cda.lnk [326]
O61 - LFC: 04/04/2013 - 23:42:14 ---A- C:\Documents and Settings\georges\Recent\Track06.cda.lnk [326]
O61 - LFC: 04/04/2013 - 23:50:42 ---A- C:\Documents and Settings\georges\Recent\Track07.cda.lnk [326]
O61 - LFC: 04/04/2013 - 23:57:28 ---A- C:\Documents and Settings\georges\Recent\Track08.cda.lnk [326]
O61 - LFC: 05/04/2013 - 00:00:00 ---A- C:\Documents and Settings\georges\Application Data\uTorrent\settings.dat.old [122483]
O61 - LFC: 05/04/2013 - 00:05:50 ---A- C:\Documents and Settings\georges\Recent\Lecteur CD (2).lnk [203]
O61 - LFC: 05/04/2013 - 00:05:50 ---A- C:\Documents and Settings\georges\Recent\Track09.cda.lnk [326]
O61 - LFC: 05/04/2013 - 00:08:34 ---A- C:\Documents and Settings\georges\Application Data\uTorrent\dht_feed.dat.old [2]
O61 - LFC: 05/04/2013 - 00:09:48 ---A- C:\Documents and Settings\georges\Application Data\uTorrent\resume.dat.old [13224]
O61 - LFC: 05/04/2013 - 00:10:48 ---A- C:\Documents and Settings\georges\Application Data\Media Player Classic\default.mpcpl [349]
O61 - LFC: 05/04/2013 - 00:10:56 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\bookmarkbackups\bookmarks-2013-04-05.json [20882]
O61 - LFC: 05/04/2013 - 00:11:14 ---A- C:\Documents and Settings\georges\Application Data\uTorrent\dht.dat [4170]
O61 - LFC: 05/04/2013 - 00:11:14 ---A- C:\Documents and Settings\georges\Application Data\uTorrent\dht_feed.dat [2]
O61 - LFC: 05/04/2013 - 00:11:14 ---A- C:\Documents and Settings\georges\Application Data\uTorrent\resume.dat [13198]
O61 - LFC: 05/04/2013 - 00:11:14 ---A- C:\Documents and Settings\georges\Application Data\uTorrent\rss.dat [99]
O61 - LFC: 05/04/2013 - 00:11:14 ---A- C:\Documents and Settings\georges\Application Data\uTorrent\settings.dat [122483]
O61 - LFC: 05/04/2013 - 06:47:20 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\localstore.rdf [15343]
O61 - LFC: 05/04/2013 - 06:54:00 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\cert8.db [180224]
O61 - LFC: 05/04/2013 - 06:54:00 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\cookies.sqlite [1048576]
O61 - LFC: 05/04/2013 - 06:54:00 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\dh-media-lists.rdf [520]
O61 - LFC: 05/04/2013 - 06:54:00 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\dh-smart-names.rdf [61516]
O61 - LFC: 05/04/2013 - 06:54:00 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\key3.db [16384]
O61 - LFC: 05/04/2013 - 06:54:00 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\sessionstore.bak [170052]
O61 - LFC: 05/04/2013 - 08:24:44 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\cookies.sqlite-shm [32768]
O61 - LFC: 05/04/2013 - 08:24:44 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\cookies.sqlite-wal [590288]
O61 - LFC: 05/04/2013 - 08:24:44 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\places.sqlite-shm [32768]
O61 - LFC: 05/04/2013 - 08:24:44 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\webapps\webapps.json [2]
O61 - LFC: 05/04/2013 - 08:24:48 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\urlclassifierkey3.txt [154]
O61 - LFC: 05/04/2013 - 08:25:16 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\prefs.js [8202]
O61 - LFC: 05/04/2013 - 08:28:04 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\formhistory.sqlite [196608]
O61 - LFC: 05/04/2013 - 08:28:28 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\webappsstore.sqlite [851968]
O61 - LFC: 05/04/2013 - 08:30:34 -SHA- C:\Documents and Settings\georges\IETldCache\index.dat [262144]
O61 - LFC: 05/04/2013 - 08:30:56 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\places.sqlite [10485760]
O61 - LFC: 05/04/2013 - 08:30:56 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\places.sqlite-wal [426328]
O61 - LFC: 05/04/2013 - 08:32:20 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\sessionstore.js [353013]
~ 2 Fichiers cookies (Cookies files)
~ Files: 130 Legitimates Scanned in 00mn 42s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7}
~ ADS: Scanned in 00mn 00s
---\\ Liste des services Legacy (O64)
~ Legacy: 112 Legitimates Scanned in 00mn 00s
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> [HKLM\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\shell32.dll
O67 - Shell Spawning: <.cmd> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.exe> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.js> [HKLM\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\WINDOWS\system32\WScript.exe
O67 - Shell Spawning: <.reg> [HKLM\..\open\Command] (.Microsoft Corporation - �diteur du Registre.) -- C:\WINDOWS\regedit.exe
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.bat> [HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> [HKCR\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\shell32.dll
O67 - Shell Spawning: <.cmd> [HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> [HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.exe> [HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> [HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.js> [HKCR\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\WINDOWS\system32\WScript.exe
O67 - Shell Spawning: <.reg> [HKCR\..\open\Command] (.Microsoft Corporation - �diteur du Registre.) -- C:\WINDOWS\regedit.exe
~ Keys: Scanned in 00mn 00s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) -
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) -
~ Keys: Scanned in 00mn 00s
---\\ Recherche des services d�marr�s par Svchost (O83)
~ Services: 40 Legitimates Scanned in 00mn 01s
---\\ Recherche particuliere � la racine de certains dossiers (O84)
[MD5.3BDA066522997F22134E488ECC6A6CB0] [SPRF][29/08/2012] (.NVIDIA Corporation - Pas de description.) -- C:\Documents and Settings\georges\Bureau\nForce_5.10_WinXP2K_WHQL_international.exe [32064469]
~ Files: Scanned in 00mn 01s
---\\ Scan Additionnel (O88)
Database Version : v2.11376 - (03/04/2013)
Cl�s trouv�es (Keys found) : 1
Valeurs trouv�es (Values found) : 0
Dossiers trouv�s (Folders found) : 0
Fichiers trouv�s (Files found) : 0
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
~ Additionnel: Scanned in 00mn 15s
---\\ Product Upgrade Codes (O90)
~ Update Products: 12 Legitimates Scanned in 00mn 00s
---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 13/03/2013 253656 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 21/04/2011 136360 | (AntiVirSchedulerService) . (.Avira GmbH.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SR - | Auto 21/07/2011 269480 | (AntiVirService) . (.Avira GmbH.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SS - | Demand 13/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SR - | Auto 10/03/2013 170912 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe
SS - | Demand 08/03/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 22/10/2006 159810 | (NVSvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvsvc32.exe
~ Services: Scanned in 00mn 00s
---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer,
Run by georges at 05/04/2013 09:35:58
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
1 nt!IofCallDriver[0x804E37D5] >> \Device\Harddisk0\DR0[0x8675CAB8]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 13 Legitimates Scanned in 00mn 02s
---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by georges at 05/04/2013 09:36:01
********* Dump file Name *********
~ MBR: Scanned in 00mn 04s
End of the scan (610 lines in 03mn 27s)(0)