cjoint

Publicité

Priorité au Logiciel Libre! Je soutiens l'April.

Publicité

Priorité au Logiciel Libre! Je soutiens l'April.

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2014.11.22.166 - Nicolas Coolman (22/11/2014)
~ Lancé par paul Fossaert (24/11/2014 12:04:18)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Not Found


---\\ Navigateurs Internet
MSIE: Internet Explorer v8.0.6001.18702
GCIE: Google Chrome v39.0.2171.65 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK

---\\ Logiciels de protection du système
Malwarebytes Anti-Malware version 2.0.3.1025

---\\ Logiciels d'optimisation du système
CCleaner v4.19

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels

---\\ Informations sur le système
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3033 MB (78% free)
System Restore: Activé (Enable)
System drive C: has 26 GB (34%) free of 75 GB

---\\ Mode de connexion au système
~ Computer Name: PAUL-4929AEFA5B
~ User Name: paul Fossaert
~ All Users Names: SUPPORT_388945a0, paul Fossaert, HelpAssistant, ASPNET, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\paul Fossaert\Application Data\ZHP\
~ %AppData% : C:\Documents and Settings\paul Fossaert\Application Data\
~ %Desktop% : C:\Documents and Settings\paul Fossaert\Bureau\
~ %Favorites% : C:\Documents and Settings\paul Fossaert\Favoris\
~ %LocalAppData% : C:\Documents and Settings\paul Fossaert\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\paul Fossaert\Menu Démarrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enumération des unités disques
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 26 Go of 75 Go)
D: Hard drive, Flash drive, Thumb drive (Free 161 Go of 298 Go)
E: Hard drive, Flash drive, Thumb drive (Free 136 Go of 466 Go)
F: CD-ROM drive (Not Inserted)
G: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
~ Security Center: 38 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.13/04/2008 - 19:34:04.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.E1948B1F45A176FB4A0251446A5AE86D] - (.Microsoft Corporation - Internet Extensions for Win32.) (.06/03/2014 - 18:58:52.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.13/04/2008 - 19:34:30.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 11:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 12:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 11:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.13/04/2008 - 18:57:40.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 09:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.13/04/2008 - 19:00:54.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 11:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 11:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 12:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 12:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.13/04/2008 - 19:09:42.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 11:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.13/04/2008 - 18:57:36.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.13/04/2008 - 18:56:06.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/6
~ Mes musiques (My Musics) : 2/3
Mes Videos (My Videos) : 3/3 (Modified)
~ Mes Favoris (My Favorites) : 1/8
~ Mes Documents (My Documents) : 2/210
~ Mon Bureau (My Desktop) : 1/56670
~ Menu demarrer (Programs) : 1/28
~ Hidden Files: Scanned in 01mn 13s



---\\ Processus lancés
[MD5.E3F7EC811923F3F1A77B185F22638E5E] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.248]
[MD5.D25195B0A2075862E988B85161DF07FD] - (.AVAST Software - avast! firewall service.) -- C:\Program Files\AVAST Software\Avast\afwServ.exe [104416] [PID.524]
[MD5.FFB8CB731D62EC434A552680E0F8EC1A] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600] [PID.1608]
[MD5.D87E0BF2E8BB7E5C49E79F32F8FEAFC4] - (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe [4826904] [PID.1688]
[MD5.6D8A2EE4244630B290A837E79C0F37A1] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160] [PID.1212]
[MD5.09D4503CBB6ADB3A54E7C7A75090B728] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504] [PID.1956]
[MD5.F89773DFA9B8C95A3AC2AF1E7D99E483] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe [7229752] [PID.2500]
[MD5.A8BC9DC41C096725E77959F444AF9F07] - (.Microsoft Corporation - Microsoft Management Console.) -- C:\WINDOWS\system32\mmc.exe [1415680] [PID.2908]
[MD5.B7E8BDCC53AD05EA8D2F7D54B4B537D5] - (.Microsoft Corporation - Couche Sink de stockage amovible.) -- C:\WINDOWS\system32\rsmsink.exe [24576] [PID.2760]
[MD5.EF3642EC81461FD5997767507FEE39C6] - (.Microsoft Corp. - Logical Disk Manager component.) -- C:\WINDOWS\system32\dmremote.exe [15872] [PID.3176]
[MD5.EAD2B8AAEB16E538106D295CD7BD7A48] - (.Microsoft Corp., Veritas Software - Processus du service Gestionnaire de disque.) -- C:\WINDOWS\System32\dmadmin.exe [225280] [PID.1264]
[MD5.1F6EFF2536C8F773AEB53309FE52F5B8] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8130560] [PID.3140]
~ Processes Running: Scanned in 00mn 02s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Documents and Settings\paul Fossaert\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 0 Legitimates Filtered in 00mn 01s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (20)
~ Hosts File: Scanned in 00mn 00s



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} . (.Pas de propriétaire - AcroIEHelper Module.) -- C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
~ BHO: 6 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe =>.Piriform Ltd
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-1757981266-1606980848-725345543-1003\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1757981266-1606980848-725345543-1003\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe =>.Piriform Ltd
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Clé orpheline
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{ACCD5B31-4A07-44BD-B224-330CD3D7488C}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{ACCD5B31-4A07-44BD-B224-330CD3D7488C}: NameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{ACCD5B31-4A07-44BD-B224-330CD3D7488C}: NameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\system32\igfxdev.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notifications Windows Genuine Advantage.) -- C:\WINDOWS\system32\WgaLogon.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
O39 - APT: - (..) -- C:\WINDOWS\Tasks\Notification de fin de service de Microsoft Windows XP - à la connexion.job [238]
O39 - APT: - (..) -- C:\WINDOWS\Tasks\Notification de fin de service de Microsoft Windows XP -mensuellement.job [232]
~ Scheduled Task: 11 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Caere Corp]
[HKCU\Software\Clubic]
[HKLM\Software\Caere Corp]
~ Key Software: 176 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 13/11/2014 - 15:30:51 - [] ----D C:\Program Files\Caere
O43 - CFD: 13/11/2014 - 15:31:56 - [] ----D C:\Program Files\Fichiers communs\Caere
O43 - CFD: 20/11/2014 - 12:44:03 - [] ----D C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Free FreeCell Solitaire
O43 - CFD: 13/11/2014 - 09:42:33 - [] R---D C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Jeux
~ Program Folder: 138 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.2CE7B1EEB99C14032C0E2201B004F80E] - 13/11/2014 - 09:41:21 ---A- . (...) -- C:\WINDOWS\system32\wmimgmt.msc [63488]
O44 - LFC:[MD5.CDD932EDCB756FB5F7CE5E2F090BA838] - 13/11/2014 - 09:41:31 ---A- . (...) -- C:\WINDOWS\system32\msdtcprf.h [768]
O44 - LFC:[MD5.FDA18F513403E67CAE9BF0D2DD948B28] - 13/11/2014 - 09:41:31 ---A- . (...) -- C:\WINDOWS\system32\msdtcprf.ini [3914]
O44 - LFC:[MD5.4A547D74B435E78418BE06406250C1D3] - 13/11/2014 - 09:41:32 ---A- . (...) -- C:\WINDOWS\system32\tslabels.h [3286]
O44 - LFC:[MD5.F9A14C7B36E10052A1B0F071BC3C1C65] - 13/11/2014 - 09:41:32 ---A- . (...) -- C:\WINDOWS\system32\tslabels.ini [27768]
O44 - LFC:[MD5.9F27B27C8405FEAF7DFC4DA3751DEF22] - 13/11/2014 - 09:41:33 ---A- . (...) -- C:\WINDOWS\system32\usrlogon.cmd [1263]
O44 - LFC:[MD5.405E1EF8E3C88E9BCD2853382BB12430] - 13/11/2014 - 09:41:35 ---A- . (...) -- C:\WINDOWS\system32\bopomofo.uce [22984]
O44 - LFC:[MD5.4FDED87068052EEB9B72A97FDBC141DB] - 13/11/2014 - 09:41:35 ---A- . (...) -- C:\WINDOWS\system32\gb2312.uce [24006]
O44 - LFC:[MD5.038F6AD6CEE43585D814CDBC7CDFD3EC] - 13/11/2014 - 09:41:35 ---A- . (...) -- C:\WINDOWS\system32\ideograf.uce [60458]
O44 - LFC:[MD5.7C0C25F4BA1084C4ABBEEA2C74194C5F] - 13/11/2014 - 09:41:35 ---A- . (...) -- C:\WINDOWS\system32\kanji_1.uce [6948]
O44 - LFC:[MD5.529BBD63519BBD654EF328454019693F] - 13/11/2014 - 09:41:35 ---A- . (...) -- C:\WINDOWS\system32\kanji_2.uce [8484]
O44 - LFC:[MD5.7A7A04370A6030B9B0E8178DAD4A6E41] - 13/11/2014 - 09:41:35 ---A- . (...) -- C:\WINDOWS\system32\korean.uce [12876]
O44 - LFC:[MD5.39F43DBCE366B2561DF073B4C0839299] - 13/11/2014 - 09:41:36 ---A- . (...) -- C:\WINDOWS\Bulles de savon.bmp [65978]
O44 - LFC:[MD5.DAC71A10A6A71CB6E3F427AE3283734B] - 13/11/2014 - 09:41:36 ---A- . (...) -- C:\WINDOWS\Rosace bleue 16.bmp [1272]
O44 - LFC:[MD5.73D70ED3EC3BBFD8FD35DF431C38F374] - 13/11/2014 - 09:41:36 ---A- . (...) -- C:\WINDOWS\Tasse à café.bmp [17062]
O44 - LFC:[MD5.8CA32E9D986FA76F60EFBCFCD9D80A58] - 13/11/2014 - 09:41:36 ---A- . (...) -- C:\WINDOWS\system32\shiftjis.uce [16740]
O44 - LFC:[MD5.30F5568679A54042F99CA9EC1102EBCD] - 13/11/2014 - 09:41:36 ---A- . (...) -- C:\WINDOWS\system32\subrange.uce [93702]
O44 - LFC:[MD5.1AC5E83598D4F2143B59A2D893C3279A] - 13/11/2014 - 09:41:37 ---A- . (...) -- C:\WINDOWS\Granit vert.bmp [26582]
O44 - LFC:[MD5.203EF178BF8B0A8EC34E27E4DEDB6349] - 13/11/2014 - 09:41:37 ---A- . (...) -- C:\WINDOWS\Jour de pêche.bmp [17336]
O44 - LFC:[MD5.EB3BFC14E41FBAA41B4FD4489AA82D39] - 13/11/2014 - 09:41:37 ---A- . (...) -- C:\WINDOWS\Mur de Santa Fe.bmp [65832]
O44 - LFC:[MD5.3A8B85AB7B415BF3F8AFE285DFE0CE29] - 13/11/2014 - 09:41:37 ---A- . (...) -- C:\WINDOWS\Plume.bmp [16730]
O44 - LFC:[MD5.927A66BD587E31CB12D3AB25381658DC] - 13/11/2014 - 09:41:37 ---A- . (...) -- C:\WINDOWS\Rhododendron.bmp [17362]
O44 - LFC:[MD5.5B4AC407E566076BB726BA91E067D313] - 13/11/2014 - 09:41:37 ---A- . (...) -- C:\WINDOWS\Rivière Sumida.bmp [26680]
O44 - LFC:[MD5.280920B6773C74C3649A934257112BE1] - 13/11/2014 - 09:41:37 ---A- . (...) -- C:\WINDOWS\Vent de prairie.bmp [65954]
O44 - LFC:[MD5.5290EA6951F4724259F423B12C8E1393] - 13/11/2014 - 09:41:37 ---A- . (...) -- C:\WINDOWS\Zapotec.bmp [9522]
O44 - LFC:[MD5.487403459F0B2F1A3ADEEF02496BD80E] - 13/11/2014 - 09:42:21 ---A- . (...) -- C:\WINDOWS\vb.ini [36]
O44 - LFC:[MD5.6C2F0BA210C2B53EF07653ABAC6C2490] - 13/11/2014 - 09:42:21 ---A- . (...) -- C:\WINDOWS\vbaddin.ini [37]
O44 - LFC:[MD5.797C8A5F6F131FE2AAB8FCF9D3EA81A0] - 13/11/2014 - 09:42:32 ---A- . (...) -- C:\WINDOWS\system32\emptyregdb.dat [21892]
O44 - LFC:[MD5.81051BCC2CF1BEDF378224B0A93E2877] - 13/11/2014 - 09:43:45 ---A- . (...) -- C:\WINDOWS\desktop.ini [2]
O44 - LFC:[MD5.81051BCC2CF1BEDF378224B0A93E2877] - 13/11/2014 - 09:43:45 ---A- . (...) -- C:\WINDOWS\system32\desktop.ini [2]
O44 - LFC:[MD5.8FBEC4D51D39DB985490F7C049AF488E] - 13/11/2014 - 09:43:45 -SH-- . (...) -- C:\WINDOWS\winnt.bmp [49102]
O44 - LFC:[MD5.8FBEC4D51D39DB985490F7C049AF488E] - 13/11/2014 - 09:43:45 -SH-- . (...) -- C:\WINDOWS\winnt256.bmp [49102]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 13/11/2014 - 09:44:36 R-HA- . (...) -- C:\WINDOWS\WindowsShell.Manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 13/11/2014 - 09:44:36 R-HA- . (...) -- C:\WINDOWS\system32\cdplayer.exe.manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 13/11/2014 - 09:44:36 R-HA- . (...) -- C:\WINDOWS\system32\ncpa.cpl.manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 13/11/2014 - 09:44:36 R-HA- . (...) -- C:\WINDOWS\system32\nwc.cpl.manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 13/11/2014 - 09:44:36 R-HA- . (...) -- C:\WINDOWS\system32\sapi.cpl.manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 13/11/2014 - 09:44:36 R-HA- . (...) -- C:\WINDOWS\system32\wuaucpl.cpl.manifest [749]
O44 - LFC:[MD5.5D76C3FB736514E1D7C88791E7322784] - 13/11/2014 - 09:44:40 R-HA- . (...) -- C:\WINDOWS\system32\WindowsLogon.manifest [488]
O44 - LFC:[MD5.5D76C3FB736514E1D7C88791E7322784] - 13/11/2014 - 09:44:40 R-HA- . (...) -- C:\WINDOWS\system32\logonui.exe.manifest [488]
O44 - LFC:[MD5.2B9C717D21A1331BA3731886E3EE87BB] - 13/11/2014 - 09:45:36 ---A- . (...) -- C:\WINDOWS\ODBCINST.INI [4205]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 13/11/2014 - 09:45:49 ---A- . (...) -- C:\CONFIG.SYS [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 13/11/2014 - 09:45:49 ---A- . (...) -- C:\WINDOWS\control.ini [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 13/11/2014 - 09:45:49 RSHA- . (...) -- C:\IO.SYS [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 13/11/2014 - 09:45:49 RSHA- . (...) -- C:\MSDOS.SYS [0]
O44 - LFC:[MD5.E2252E9DA2BAE1C7D75128F5CF1151CD] - 13/11/2014 - 09:48:05 ---A- . (...) -- C:\WINDOWS\system32\$winnt$.inf [261]
O44 - LFC:[MD5.1AFE022D83EC11A782FE07667D04A2DF] - 13/11/2014 - 09:49:03 ---A- . (...) -- C:\WINDOWS\REGLOCS.OLD [8192]
O44 - LFC:[MD5.C757AA29F4AC578EB75CBA3F846983CC] - 13/11/2014 - 10:01:11 ---A- . (...) -- C:\WINDOWS\system32\wpa.bak [13008]
O44 - LFC:[MD5.6A714E92C31CC703F292299C6E5BF1EB] - 13/11/2014 - 10:09:41 R---- . (...) -- C:\WINDOWS\USetup.iss [553]
O44 - LFC:[MD5.751D328935553CF6858116DF87714F02] - 13/11/2014 - 10:09:42 ---A- . (...) -- C:\RHDSetup.log [1635]
O44 - LFC:[MD5.1BCDDB8D7794D4566B4DE738AF7EAAF4] - 13/11/2014 - 10:09:42 ---A- . (...) -- C:\realtek.log [206]
O44 - LFC:[MD5.093C86CD529A3932C9E58C3387DA4AAC] - 13/11/2014 - 10:12:44 R--A- . (...) -- C:\WINDOWS\system32\igcompkrng500.bin [417344]
O44 - LFC:[MD5.08D728924759C8285C2FFFCDC4ECC747] - 13/11/2014 - 10:12:44 R--A- . (...) -- C:\WINDOWS\system32\igkrng500.bin [982192]
O44 - LFC:[MD5.7DEF9DFBDE081CAC48105CFCEC4F385C] - 13/11/2014 - 10:12:44 R--A- . (...) -- C:\WINDOWS\system32\igxpxk32.vp [2096]
O44 - LFC:[MD5.FAB7C55F761B594792A3EF47A52B8AA5] - 13/11/2014 - 10:12:44 R--A- . (...) -- C:\WINDOWS\system32\igxpxs32.vp [32416]
O44 - LFC:[MD5.E1DA8D937199F8DF13DBB749D4E1127D] - 13/11/2014 - 10:13:41 ---A- . (...) -- C:\lan.log [197]
O44 - LFC:[MD5.6D0634CEBBFF7F428DD816706F5AA1FB] - 13/11/2014 - 10:16:51 ---A- . (...) -- C:\WINDOWS\system32\BuzzingBee.wav [146650]
O44 - LFC:[MD5.E2FA75ADE398C9A44815B11CC141105C] - 13/11/2014 - 10:16:51 ---A- . (...) -- C:\WINDOWS\system32\LoopyMusic.wav [940794]
O44 - LFC:[MD5.65654138BEFB8EC071837208654BBAAA] - 13/11/2014 - 10:28:39 R--A- . (...) -- C:\WINDOWS\SET3.tmp [1013912]
O44 - LFC:[MD5.A05885328D67957A4C7E44BC16ABE38A] - 13/11/2014 - 10:28:40 R--A- . (...) -- C:\WINDOWS\SET4.tmp [1086058]
O44 - LFC:[MD5.A21736545A3FC39B3F9965DC71B7001A] - 13/11/2014 - 10:28:43 R--A- . (...) -- C:\WINDOWS\SET8.tmp [14043]
O44 - LFC:[MD5.395DA8612C76E69AE5C27343CDA4AC03] - 13/11/2014 - 10:28:47 R--A- . (...) -- C:\WINDOWS\SET29.tmp [14573]
O44 - LFC:[MD5.486E0B1BC94C346E5C352C295388C803] - 13/11/2014 - 10:28:56 ----- . (...) -- C:\WINDOWS\system32\CONFIG.TMP [3072]
O44 - LFC:[MD5.F08DBD8C48A168818A3DFC28929EE6B5] - 13/11/2014 - 10:28:56 ---A- . (...) -- C:\WINDOWS\system32\AUTOEXEC.NT [1896]
O44 - LFC:[MD5.6CB26848BCDAA361B6EE21264FB362C3] - 13/11/2014 - 10:29:00 ---A- . (...) -- C:\WINDOWS\system32\c_20127.nls [66082]
O44 - LFC:[MD5.6F8A509550FE8C92D07EE0143BF29BA1] - 13/11/2014 - 10:29:01 ---A- . (...) -- C:\WINDOWS\system32\c_10010.nls [66082]
O44 - LFC:[MD5.D2CA471D36A69D17F82D5C1B64FAEE39] - 13/11/2014 - 10:29:01 ---A- . (...) -- C:\WINDOWS\system32\c_10029.nls [66082]
O44 - LFC:[MD5.9CA501D2A8E6909C5B2E8C9274682BF1] - 13/11/2014 - 10:29:01 ---A- . (...) -- C:\WINDOWS\system32\c_10082.nls [66082]
O44 - LFC:[MD5.21E928C8E6ED8EEAB0D1AAEE82ACDD76] - 13/11/2014 - 10:29:01 ---A- . (...) -- C:\WINDOWS\system32\c_852.nls [66594]
O44 - LFC:[MD5.5D038EEABA8EA438F6B5ABD5E91BC851] - 13/11/2014 - 10:29:04 ---A- . (...) -- C:\WINDOWS\system32\C_28594.NLS [66082]
O44 - LFC:[MD5.3E969213F35127D83DAB48FF1283E8E4] - 13/11/2014 - 10:29:04 ---A- . (...) -- C:\WINDOWS\system32\c_855.nls [66594]
O44 - LFC:[MD5.5CD475CA7B87844DE1E0483B536F9AAE] - 13/11/2014 - 10:29:04 ---A- . (...) -- C:\WINDOWS\system32\c_866.nls [66594]
O44 - LFC:[MD5.B537ACFAB9E70F0EF48DB696A08ADC81] - 13/11/2014 - 10:29:06 ---A- . (...) -- C:\WINDOWS\system32\C_28597.NLS [66082]
O44 - LFC:[MD5.0A206B5CACD3CA70D2044DA691304765] - 13/11/2014 - 10:29:06 ---A- . (...) -- C:\WINDOWS\system32\c_10006.nls [66082]
O44 - LFC:[MD5.BAC7072B365F9648CA318154BA7E03EC] - 13/11/2014 - 10:29:06 ---A- . (...) -- C:\WINDOWS\system32\c_737.nls [66594]
O44 - LFC:[MD5.780C444EB16B65E6DE96F794A732DA12] - 13/11/2014 - 10:29:06 ---A- . (...) -- C:\WINDOWS\system32\c_869.nls [66594]
O44 - LFC:[MD5.8BE0D77A873730B4EB1DAB7C6622CD46] - 13/11/2014 - 10:29:06 ---A- . (...) -- C:\WINDOWS\system32\c_875.nls [66082]
O44 - LFC:[MD5.E22D1B9AC7854C0A654E4C4232074E49] - 13/11/2014 - 10:29:08 ---A- . (...) -- C:\WINDOWS\system32\C_28595.NLS [66082]
O44 - LFC:[MD5.AF4A866226BD04ACF06135088D75BB63] - 13/11/2014 - 10:29:08 ---A- . (...) -- C:\WINDOWS\system32\c_10007.nls [66082]
O44 - LFC:[MD5.314E85390BEBDAE5D1E11DB2D8CBC6E9] - 13/11/2014 - 10:29:08 ---A- . (...) -- C:\WINDOWS\system32\c_10017.nls [66082]
O44 - LFC:[MD5.EFFDFF60A38CF648811BBCDD722ECF5E] - 13/11/2014 - 10:29:11 ---A- . (...) -- C:\WINDOWS\system32\c_10081.nls [66082]
O44 - LFC:[MD5.C37A21EE1ADFDC13FC707D97073148ED] - 13/11/2014 - 10:29:11 ---A- . (...) -- C:\WINDOWS\system32\c_28599.nls [66082]
O44 - LFC:[MD5.A8764750B22B528D85A691A52CB21856] - 13/11/2014 - 10:29:11 ---A- . (...) -- C:\WINDOWS\system32\c_857.nls [66594]
O44 - LFC:[MD5.35448F3A71EBBECF8E997FAD3A99327D] - 13/11/2014 - 10:29:13 ---A- . (...) -- C:\WINDOWS\system32\c_28603.nls [66082]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 13/11/2014 - 10:32:17 ----- . (...) -- C:\WINDOWS\Sti_Trace.log [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 13/11/2014 - 10:38:12 ---A- . (...) -- C:\WINDOWS\system32\h323log.txt [0]
O44 - LFC:[MD5.9D23DE88C3B18BA87CD4587177CA6CEA] - 13/11/2014 - 11:34:53 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswHwid.sys [24184]
O44 - LFC:[MD5.B542E1BBB193304986A2782E96919D3C] - 13/11/2014 - 13:12:07 ---A- . (...) -- C:\WINDOWS\system32\DLLAV32.lib [14182]
O44 - LFC:[MD5.1F552EC27C24A82850A568107E376E7A] - 13/11/2014 - 13:12:07 ---A- . (...) -- C:\WINDOWS\system32\mgxcdr.txt [27807]
O44 - LFC:[MD5.143E8397FADA79F10389711B08A5BA43] - 13/11/2014 - 13:12:08 ---A- . (...) -- C:\WINDOWS\system32\cpuinf32.dll [19968]
O44 - LFC:[MD5.85A96C1385DB136CF7BCF9FCA113C263] - 13/11/2014 - 13:19:17 ---A- . (...) -- C:\WINDOWS\mgxoschk.ini [6525]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 13/11/2014 - 13:22:50 ---A- . (...) -- C:\WINDOWS\audiocleanic.INI [0]
O44 - LFC:[MD5.A5B803D907F211D78FF9CA1F57A7B766] - 13/11/2014 - 15:27:44 R--A- . (...) -- C:\WINDOWS\system32\D125UFW.INI [8575]
O44 - LFC:[MD5.0E6480F21F875127F4FCE086307712AC] - 13/11/2014 - 15:27:44 R--A- . (...) -- C:\WINDOWS\system32\D125UFWB.PLG [393225]
O44 - LFC:[MD5.DE0E7ECDCBD9004F45E68D6386455156] - 13/11/2014 - 15:27:44 R--A- . (...) -- C:\WINDOWS\system32\D125UFWF.PLG [393225]
O44 - LFC:[MD5.2D818D6242375A29578B379E7E421C17] - 13/11/2014 - 15:27:45 R--A- . (...) -- C:\WINDOWS\system32\D125UFW1.PLG [393225]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 13/11/2014 - 15:31:17 ---A- . (...) -- C:\WINDOWS\OP70.INI [0]
O44 - LFC:[MD5.512D15C2E7191C31F0961894E787B1E1] - 13/11/2014 - 15:33:05 ---A- . (...) -- C:\WINDOWS\maxlink.ini [572]
O44 - LFC:[MD5.1B2C7EFB196140F81412A308E7F507FA] - 13/11/2014 - 15:34:22 ---A- . (...) -- C:\WINDOWS\Ps_setup.ini [21]
O44 - LFC:[MD5.0970CF77F620C52D94481567BDE3A4CF] - 13/11/2014 - 15:34:30 ---A- . (...) -- C:\WINDOWS\phbase.ini [21]
O44 - LFC:[MD5.02E47058A69C5C9D37D2BEA01B932DCA] - 13/11/2014 - 15:35:47 ---A- . (.CISRA - opapi11.) -- C:\WINDOWS\system32\opapi11.dll [2641973]
O44 - LFC:[MD5.F038FF172AF59D2C35A5B9C7D5FFC4E4] - 13/11/2014 - 15:35:48 ---A- . (...) -- C:\WINDOWS\system32\openpage.msg [74665]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 13/11/2014 - 15:35:59 ---A- . (...) -- C:\WINDOWS\OPPRIN~1.INI [0]
O44 - LFC:[MD5.DC801056C6EB1FE72DFDAA96FBABAF13] - 13/11/2014 - 17:31:21 ---A- . (...) -- C:\WINDOWS\000001_.tmp [19528]
O44 - LFC:[MD5.905CB655E93D39C97E078A3C4C884F31] - 13/11/2014 - 17:34:28 ----- . (...) -- C:\WINDOWS\system32\Drivers\netwlan5.img [67866]
O44 - LFC:[MD5.3194C32E8A2403073B812183355E25C6] - 13/11/2014 - 17:34:29 ----- . (...) -- C:\WINDOWS\system32\Drivers\cxthsfs2.cty [129045]
O44 - LFC:[MD5.8E59F9BE251C8AE32A1CEB068B3F96B1] - 13/11/2014 - 17:34:30 ----- . (...) -- C:\WINDOWS\system32\Drivers\ativmc20.cod [64352]
O44 - LFC:[MD5.8737F6F4C8EC1E2A9EA5516F1B3AE1AD] - 13/11/2014 - 18:03:26 ---A- . (...) -- C:\WINDOWS\002979_.tmp [19569]
O44 - LFC:[MD5.7794C3221F670DE270586A2CF6E68383] - 13/11/2014 - 18:04:33 RSHA- . (...) -- C:\ntldr [252240]
O44 - LFC:[MD5.A48F913169FC5EBECBD08E3A23522854] - 13/11/2014 - 19:03:59 ---A- . (...) -- C:\WINDOWS\system32\spupdwxp.log [269]
O44 - LFC:[MD5.92ABAED3DA68C219FD9294B040F2FE56] - 13/11/2014 - 19:24:08 ---A- . (...) -- C:\WINDOWS\WMPrfAra.prx [25269]
O44 - LFC:[MD5.FE544B08959FF8351A98F48E3453E443] - 13/11/2014 - 19:24:08 ---A- . (...) -- C:\WINDOWS\WMPrfCHS.prx [83]
O44 - LFC:[MD5.A4909BE23BFBE91419E0A4E4B4136EC0] - 13/11/2014 - 19:24:08 ---A- . (...) -- C:\WINDOWS\WMPrfCHT.prx [77]
O44 - LFC:[MD5.E87DC8255DF49FDD4EB161B7C1C81763] - 13/11/2014 - 19:24:08 ---A- . (...) -- C:\WINDOWS\WMPrfDeu.prx [17025]
O44 - LFC:[MD5.CDFEF8281078FF343F7AC07FC8E65EB7] - 13/11/2014 - 19:24:08 ---A- . (...) -- C:\WINDOWS\wmprfcsy.prx [18878]
O44 - LFC:[MD5.B9F4C041C73BB20D559C54D686F30DBA] - 13/11/2014 - 19:24:08 ---A- . (...) -- C:\WINDOWS\wmprfdan.prx [15903]
O44 - LFC:[MD5.9C7AB8A74E30BDFBE8F76811DD4511D1] - 13/11/2014 - 19:24:08 ---A- . (...) -- C:\WINDOWS\wmprfell.prx [27807]
O44 - LFC:[MD5.1D5CA5158421C22D3E1D9F34D1E9D53A] - 13/11/2014 - 19:24:08 ---A- . (...) -- C:\WINDOWS\wmprfesp.prx [17953]
O44 - LFC:[MD5.9E6D28760C64AA6F6DEA17E4B3935690] - 13/11/2014 - 19:24:08 ---A- . (...) -- C:\WINDOWS\wmprffin.prx [16265]
O44 - LFC:[MD5.B3EE9219D989CCC02E9278BC87725F48] - 13/11/2014 - 19:24:09 ---A- . (...) -- C:\WINDOWS\WMPrfJpn.prx [20704]
O44 - LFC:[MD5.7C65F27EC26F317B5D93E55262CF13CC] - 13/11/2014 - 19:24:09 ---A- . (...) -- C:\WINDOWS\WMPrfKor.prx [17903]
O44 - LFC:[MD5.36063D627D51B2F7AB91A4F52E5F9D22] - 13/11/2014 - 19:24:09 ---A- . (...) -- C:\WINDOWS\wmprfheb.prx [20481]
O44 - LFC:[MD5.99D8D86DEF6AD7819EED193EF168C8B5] - 13/11/2014 - 19:24:09 ---A- . (...) -- C:\WINDOWS\wmprfhun.prx [19751]
O44 - LFC:[MD5.02CC40196F8535E064CA17AA6F8AC1E3] - 13/11/2014 - 19:24:09 ---A- . (...) -- C:\WINDOWS\wmprfita.prx [17830]
O44 - LFC:[MD5.4D57E2EE1EEEC6225000B069C5474D90] - 13/11/2014 - 19:24:09 ---A- . (...) -- C:\WINDOWS\wmprfnld.prx [16398]
O44 - LFC:[MD5.F14A321B59CD5C74FDE5E66165808FD8] - 13/11/2014 - 19:24:09 ---A- . (...) -- C:\WINDOWS\wmprfnor.prx [16446]
O44 - LFC:[MD5.79C8322F5A02EEFAB35873EF9E0A6FE1] - 13/11/2014 - 19:24:09 ---A- . (...) -- C:\WINDOWS\wmprfplk.prx [18536]
O44 - LFC:[MD5.0E2F2ECE6274C02B162ED8E25E9398FC] - 13/11/2014 - 19:24:09 ---A- . (...) -- C:\WINDOWS\wmprfptb.prx [17199]
O44 - LFC:[MD5.34387E3CF0243089741CF258C059A511] - 13/11/2014 - 19:24:09 ---A- . (...) -- C:\WINDOWS\wmprfptg.prx [18422]
O44 - LFC:[MD5.D787DCFA04D904E10EC80B905552B7E6] - 13/11/2014 - 19:24:09 ---A- . (...) -- C:\WINDOWS\wmprfrus.prx [635]
O44 - LFC:[MD5.93FFC65C93A3C5DDB8961A9520D7DB0A] - 13/11/2014 - 19:24:09 ---A- . (...) -- C:\WINDOWS\wmprfsky.prx [20055]
O44 - LFC:[MD5.6EB0DF98E157B0B20607BFA7707895CE] - 13/11/2014 - 19:24:09 ---A- . (...) -- C:\WINDOWS\wmprfslv.prx [16814]
O44 - LFC:[MD5.31D611D512A13E6FD240BC4D83FA8AA1] - 13/11/2014 - 19:24:09 ---A- . (...) -- C:\WINDOWS\wmprfsve.prx [17019]
O44 - LFC:[MD5.4FF0777C602AB073C8A2384180733A5E] - 13/11/2014 - 19:24:09 ---A- . (...) -- C:\WINDOWS\wmprftrk.prx [16822]
O44 - LFC:[MD5.B35605615A25C2C1C99DE182800CCC83] - 13/11/2014 - 19:26:11 ---A- . (...) -- C:\AUTOEXEC.BAT [95]
O44 - LFC:[MD5.330A8642DCAEB99F5C5C46B02131B76E] - 13/11/2014 - 19:26:11 ---A- . (...) -- C:\WINDOWS\system32\ma32.dll [27648]
O44 - LFC:[MD5.FFFA14F5BC164E6D371BAE97F26E3083] - 13/11/2014 - 19:26:11 ---A- . (...) -- C:\WINDOWS\system32\masd32.dll [57856]
O44 - LFC:[MD5.4D479B6F1473712E16D9103F6DD5361E] - 13/11/2014 - 19:26:11 ---A- . (...) -- C:\WINDOWS\system32\mase32.dll [138752]
O44 - LFC:[MD5.FC405D5E105C111740B0B9F893973F2D] - 13/11/2014 - 19:26:11 ---A- . (.Pas de propriétaire - MACD32 DLL.) -- C:\WINDOWS\system32\macd32.dll [196096]
O44 - LFC:[MD5.5D3CC67ABB8812F050008D98574607D0] - 13/11/2014 - 19:26:11 ---A- . (.Pas de propriétaire - MAMC32 DLL.) -- C:\WINDOWS\system32\mamc32.dll [136192]
O44 - LFC:[MD5.DC17DD0189B0C36D863B4DD0A036C10F] - 13/11/2014 - 19:29:54 ---A- . (...) -- C:\WINDOWS\WMSysPr9.prx [316640]
O44 - LFC:[MD5.F4560AE7EE0FCECBCBDE5988AD4F395D] - 13/11/2014 - 20:31:23 ---A- . (...) -- C:\WINDOWS\MovingPicture.ini [17]
O44 - LFC:[MD5.082B6AD428AD33214D93BD348DF2AF8E] - 14/11/2014 - 05:33:56 ---A- . (...) -- C:\WINDOWS\mozregistry.dat [376]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 14/11/2014 - 06:45:51 ---A- . (...) -- C:\temp.html [0]
O44 - LFC:[MD5.673182C24E0BBE296A1AD5B5E1FCDD95] - 14/11/2014 - 10:13:16 ---A- . (...) -- C:\adorage-protocol.txt [1969681]
O44 - LFC:[MD5.6A765834CF68723B9738AB8FE8CBE599] - 14/11/2014 - 14:40:05 ---A- . (...) -- C:\WINDOWS\system32\MsiExec.exe.log [358]
O44 - LFC:[MD5.82F0763A22A41CB9A4B2348F4B0740A4] - 15/11/2014 - 09:12:19 ---A- . (...) -- C:\Classeur anniversaire.xlsx [10554]
O44 - LFC:[MD5.A795BDFC6CE68BF49ED8E1DCB00C76D7] - 18/11/2014 - 20:27:53 ---A- . (...) -- C:\CES.xml [5486]
O44 - LFC:[MD5.070E481833EA565C9C9C3440D4097288] - 19/11/2014 - 07:14:52 ---A- . (...) -- C:\mbam du 19 nov.txt [6974]
O44 - LFC:[MD5.25EAD7A0C2155C3BBBFAF46662DCE404] - 19/11/2014 - 19:38:03 ---A- . (...) -- C:\WINDOWS\system32\d3d9caps.dat [664]
O44 - LFC:[MD5.33A0F6A705E0A6BA0FA015199AD96630] - 20/11/2014 - 20:49:56 ---A- . (...) -- C:\mbam du 20 Nov.txt [21393]
O44 - LFC:[MD5.610ACF9599B1E9A26E8C462C10F355BA] - 20/11/2014 - 21:27:52 ---A- . (...) -- C:\WINDOWS\system32\TZLog.log [13382]
O44 - LFC:[MD5.C23877A312B18B804469F6E23F753B7A] - 21/11/2014 - 06:44:29 -SHA- . (...) -- C:\WINDOWS\system32\Thumbs.db [5120]
O44 - LFC:[MD5.6D6F4B1886E91EB37ABCCAD19C561EE0] - 23/11/2014 - 08:25:03 ---A- . (...) -- C:\WINDOWS\system32\amcompat.tlb [16832]
O44 - LFC:[MD5.A32B14BE5EDAE794FCE1A9E970827509] - 23/11/2014 - 08:25:03 ---A- . (...) -- C:\WINDOWS\system32\nscompat.tlb [23392]
O44 - LFC:[MD5.C9DD76D0EF94637C77FF8CA5E0FB0684] - 24/11/2014 - 07:14:21 ---A- . (...) -- C:\WINDOWS\system.ini [227]
O44 - LFC:[MD5.CC463C4105086E0E52A657F64AD7EAE3] - 24/11/2014 - 07:14:21 ---A- . (...) -- C:\WINDOWS\win.ini [598]
O44 - LFC:[MD5.F6F9AF3B716C6E71BBAC2CF37BA1A61F] - 24/11/2014 - 11:49:57 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.4881EE8A3F41FD2F31F76E1BD012D180] - 24/11/2014 - 11:49:57 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
~ Files: 764 Legitimates Filtered in 00mn 50s



---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s



---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\FAHConsole [Key] . (.Nico Mak Computing - File Association Helper.) -- C:\Program Files\File Association Helper\FAHConsole.exe
~ SMSR Keys: 12 Legitimates Filtered in 00mn 01s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "LegalNoticeCaption"=1
~ MWPS: 6 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:13/11/2014 - 11:34:53 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswHwid.sys [24184] =>.ALWIL Software
O58 - SDL:13/11/2014 - 11:41:58 ---A- . (.ALWIL Software - avast! Filtering NDIS driver.) -- C:\WINDOWS\system32\Drivers\aswNdis.sys [12112]
O58 - SDL:13/11/2014 - 11:34:53 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:13/11/2014 - 11:34:53 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswVmm.sys [206248] =>.ALWIL Software
O58 - SDL:02/03/2006 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:13/04/2008 - 09:36:06 ----- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:07/01/2005 - 17:07:16 ----- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Function Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\Hdaudio.sys [145920]
O58 - SDL:03/08/2004 - 22:41:40 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\mtlmnt5.sys [126686]
O58 - SDL:03/08/2004 - 22:41:38 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\mtlstrm.sys [1309184]
O58 - SDL:03/08/2004 - 22:29:38 ----- . (.Matrox Graphics Inc. - Matrox Parhelia Miniport Driver.) -- C:\WINDOWS\system32\Drivers\mtxparhm.sys [452736]
O58 - SDL:03/08/2004 - 22:41:40 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\ntmtlfax.sys [180360]
O58 - SDL:02/03/2006 - 13:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:03/08/2004 - 22:41:40 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\recagent.sys [13776]
O58 - SDL:03/08/2004 - 22:41:42 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slnt7554.sys [129535]
O58 - SDL:03/08/2004 - 22:41:44 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slntamr.sys [404990]
O58 - SDL:03/08/2004 - 22:41:46 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slnthal.sys [95424]
O58 - SDL:03/08/2004 - 22:41:46 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slwdmsup.sys [13240]
O58 - SDL:02/03/2006 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:02/03/2006 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
O58 - SDL:02/03/2006 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:02/03/2006 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4912]
O58 - SDL:02/03/2006 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:02/03/2006 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:02/03/2006 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27916]
O58 - SDL:02/03/2006 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:02/03/2006 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:02/03/2006 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:02/03/2006 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:02/03/2006 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [34000]
O58 - SDL:02/03/2006 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:02/03/2006 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:02/03/2006 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:02/03/2006 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 96 Legitimates Filtered in 00mn 07s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 19/11/2014 - 12:07:09 ---A- . (...) -- C:\Documents and Settings\paul Fossaert\Local Settings\Application Data\Google\Chrome\User Data\EVWhitelist\4\_platform_specific\all\ev_hashes_whitelist.bin [713907]
O61 - LFC: 20/11/2014 - 12:07:15 ---A- . (...) -- C:\Documents and Settings\paul Fossaert\Mes documents\Downloads\freecellcol.exe [2664960]
O61 - LFC: 21/11/2014 - 12:07:12 ---A- . (...) -- C:\Documents and Settings\paul Fossaert\Mes documents\Downloads\adwcleaner_4.101.exe [2140160]
O61 - LFC: 21/11/2014 - 12:07:13 ---A- . (...) -- C:\Documents and Settings\paul Fossaert\Mes documents\Downloads\ccleaner_4-19-48_fr_14492.exe [752384]
O61 - LFC: 23/11/2014 - 12:07:54 ---A- . (...) -- C:\Documents and Settings\paul Fossaert\Mes documents\Downloads\vlc-media-player_2-1-5_fr_10829_32 (1).exe [24743106]
~ 2015 Fichiers temporaires (Temporary files)
~ 1 Fichiers cookies (Cookies files)
~ Files: 24 Legitimates Filtered in 00mn 52s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 13/11/2014 - C:\WINDOWS\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
~ Legacy: 121 Legitimates Filtered in 00mn 02s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 10 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - () - http://search.live.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche de clés de registre CLSID (O101)
[HKCR\CLSID\{BCB7B0A0-94D3-11d4-9064-00C04F78ACF9}] (Notation Class) =>Hijacker.Proxy
~ BCK: 3933 Legitimates Filtered in 00mn 05s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 17/11/2005 1527900 | (FirebirdServerMAGIXInstance) . (.MAGIX®.) - C:\MAGIX\Common\Database\bin\fbserver.exe
SS - | Auto 13/11/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 13/11/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 13/11/2014 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Auto 03/04/2014 315008 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SR - | Auto 13/11/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 13/11/2014 104416 | (avast! Firewall) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\afwServ.exe
SR - | Demand 13/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SR - | Auto 01/10/2014 1871160 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 01/10/2014 968504 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
~ Services: Scanned in 00mn 07s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by paul Fossaert at 24/11/2014 12:13:00
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
1 ntkrnlpa!IofCallDriver[0x804EF200] >> \Device\Harddisk0\DR0[0x8AA4FAB8]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 13 Legitimates Filtered in 00mn 02s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by paul Fossaert at 24/11/2014 12:13:02
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : 13026 - (22/11/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 1

[HKCR\CLSID\{BCB7B0A0-94D3-11d4-9064-00C04F78ACF9}] (Notation Class) =>Hijacker.Proxy^
~ Additionnel Scan: 262382 Items scanned in 00mn 17s



---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects de navigateur (O2)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer Toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ http://nicolascoolman.fr/o50-image-file-execution-options-zhpdiag/ =>.Image File Execution Options (IFEO) (O50)
~ AMI: 5 Legitimates Filtered in 00mn 00s



---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.fr/hijacker-proxy =>Hijacker.Proxy
~ MSI: 1 link(s) detected in 00mn 00s



~ 1500 Legitimates filtered by white list
End of the scan (597 lines in 09mn 02s)(0)

Publicité

Soutenons La Quadrature du Net ! Soutenons La Quadrature du Net !

Signaler le contenu de ce document

Publicité

Soutenons La Quadrature du Net !