~ Rapport de ZHPDiag v2014.11.19.165 - Nicolas Coolman (19/11/2014) ~ Lancé par paul Fossaert (21/11/2014 08:45:14) ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ Adresse du Forum http://forum.nicolascoolman.fr ~ Traduit par Nicolas Coolman ~ Etat de la version : Version à jour. ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Not Found ---\\ Navigateurs Internet MSIE: Internet Explorer v8.0.6001.18702 GCIE: Google Chrome v38.0.2125.122 (Defaut) ---\\ Informations sur les produits Windows ~ Langage: Français Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600) Windows Automatic Updates : OK Windows Genuine Advantage : OK ---\\ Logiciels de protection du système Malwarebytes Anti-Malware version 2.0.3.1025 ---\\ Logiciels d'optimisation du système ---\\ Logiciels de partage PeerToPeer ---\\ Surveillance de Logiciels ---\\ Informations sur le système ~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 3033 MB (67% free) System Restore: Activé (Enable) System drive C: has 11 GB (15%) free of 75 GB ---\\ Mode de connexion au système ~ Computer Name: PAUL-4929AEFA5B ~ User Name: paul Fossaert ~ All Users Names: SUPPORT_388945a0, paul Fossaert, HelpAssistant, ASPNET, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Documents and Settings\paul Fossaert\Application Data\ZHP\ ~ %AppData% : C:\Documents and Settings\paul Fossaert\Application Data\ ~ %Desktop% : C:\Documents and Settings\paul Fossaert\Bureau\ ~ %Favorites% : C:\Documents and Settings\paul Fossaert\Favoris\ ~ %LocalAppData% : C:\Documents and Settings\paul Fossaert\Local Settings\Application Data\ ~ %StartMenu% : C:\Documents and Settings\paul Fossaert\Menu Démarrer\ ~ %Windir% : C:\WINDOWS\ ~ %System% : C:\WINDOWS\system32\ ---\\ Enumération des unités disques A: Floppy drive, Flash card reader, USB Key (Not Inserted) C: Hard drive, Flash drive, Thumb drive (Free 11 Go of 75 Go) D: Hard drive, Flash drive, Thumb drive (Free 158 Go of 298 Go) E: Hard drive, Flash drive, Thumb drive (Free 146 Go of 466 Go) F: CD-ROM drive (Not Inserted) G: CD-ROM drive (Not Inserted) ---\\ Etat du Centre de Sécurité Windows ~ Security Center: 38 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.13/04/2008 - 19:34:04.) -- C:\WINDOWS\Explorer.exe [1037824] [MD5.6CE32F7778061CCC5814D5E0F282D369] - (.Microsoft Corporation - Internet Extensions for Win32.) (.08/03/2009 - 04:34:58.) -- C:\WINDOWS\system32\wininet.dll [914944] [MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.13/04/2008 - 19:34:30.) -- C:\WINDOWS\system32\Winlogon.exe [512000] [MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496] [MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 11:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512] [MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 12:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744] [MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 11:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976] [MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.13/04/2008 - 18:57:40.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672] [MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 09:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384] [MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.13/04/2008 - 19:00:54.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144] [MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 11:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112] [MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 11:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832] [MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264] [MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320] [MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 12:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816] [MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 12:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976] [MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.13/04/2008 - 19:09:42.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384] [MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328] [MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 11:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224] [MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.13/04/2008 - 18:57:36.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752] [MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.13/04/2008 - 18:56:06.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 2/6 ~ Mes musiques (My Musics) : 2/3 Mes Videos (My Videos) : 2/2 (Modified) ~ Mes Favoris (My Favorites) : 1/8 ~ Mes Documents (My Documents) : 2/145 ~ Mon Bureau (My Desktop) : 0/56667 ~ Menu demarrer (Programs) : 1/29 ~ Hidden Files: Scanned in 01mn 07s ---\\ Processus lancés [MD5.E3F7EC811923F3F1A77B185F22638E5E] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.196] [MD5.D25195B0A2075862E988B85161DF07FD] - (.AVAST Software - avast! firewall service.) -- C:\Program Files\AVAST Software\Avast\afwServ.exe [104416] [PID.540] [MD5.6D8A2EE4244630B290A837E79C0F37A1] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160] [PID.1836] [MD5.3637C634C47643680170A7A03074BDC2] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe [18077696] [PID.552] [MD5.11D1ECF3257258DF1D6D2DF424C2D92B] - (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe [134656] [PID.584] [MD5.651335DF54C9D07DAEE5D34A976EB401] - (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe [166912] [PID.636] [MD5.27DC0F903C1556C28ED444372E811092] - (.Intel Corporation - igfxsrvc Module.) -- C:\WINDOWS\system32\igfxsrvc.exe [243712] [PID.388] [MD5.38E9341BAF93C9125BB338DCE840E1F8] - (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe [134656] [PID.708] [MD5.FFB8CB731D62EC434A552680E0F8EC1A] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600] [PID.872] [MD5.A0B51570300FD5BC5F7BC4F6838428CD] - (.Caere Corporation - OCR Aware (32-bit).) -- C:\Program Files\Caere\OmniPagePro90\opware32.exe [44032] [PID.1008] [MD5.3146161FDD10943C81E49ACF3E2ACBE9] - (.Microsoft Corporation - NTVDM.EXE.) -- C:\WINDOWS\system32\ntvdm.exe [421888] [PID.1032] [MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408] [PID.2192] [MD5.607455F564017D25F61436D64D3CFE2A] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [30526056] [PID.2212] [MD5.6253B084FACCE6065D13703F700B2EA1] - (.Nico Mak Computing - File Association Helper.) -- C:\Program Files\File Association Helper\FAHWindow.exe [261808] [PID.2480] [MD5.09D4503CBB6ADB3A54E7C7A75090B728] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504] [PID.2584] [MD5.F89773DFA9B8C95A3AC2AF1E7D99E483] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe [7229752] [PID.3076] [MD5.966FE904599B9A0F80EA498851180829] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [854344] [PID.2128] [MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\WINDOWS\system32\wuauclt.exe [53784] [PID.3704] [MD5.8180FF8E683B8A997746143F6286B668] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8129536] [PID.1096] [MD5.1E07C5CC30B90546805B8C4ACD4432FD] - (.AVAST Software - avast! Antivirus Installer.) -- C:\Program Files\AVAST Software\Avast\setup\instup.exe [204904] [PID.0] ~ Processes Running: Scanned in 00mn 07s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Documents and Settings\paul Fossaert\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences ---\\ Liste des dossiers d'extension Google Chrome ~ Google Lines Browser: 0 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hôte est sain (The hosts file is clean) (20) ~ Hosts File: Scanned in 00mn 00s ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} . (.Pas de propriétaire - AcroIEHelper Module.) -- C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ~ BHO: 6 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Clé orpheline O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Clé orpheline O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\\ Applications lancées au démarrage du système (O4) O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe =>.Realtek Semiconductor Corp O4 - HKLM\..\Run: [Alcmtr] . (.Realtek Semiconductor Corp. - Realtek Azalia Audio - Event Monitor.) -- C:\WINDOWS\ALCMTR.exe O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe O4 - HKLM\..\Run: [OmniPage] . (.Caere Corporation - OCR Aware (32-bit).) -- C:\Program Files\Caere\OmniPagePro90\opware32.exe =>.ScanSoft, Inc O4 - HKLM\..\Run: [FAHConsole] . (.Nico Mak Computing - File Association Helper.) -- C:\Program Files\File Association Helper\FAHConsole.exe O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A. O4 - HKCU\..\Run: [LaunchList] . (.Pinnacle Systems - Launchlist2 application.) -- C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-21-1757981266-1606980848-725345543-1003\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-1757981266-1606980848-725345543-1003\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-21-1757981266-1606980848-725345543-1003\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A. O4 - HKUS\S-1-5-21-1757981266-1606980848-725345543-1003\..\Run: [LaunchList] . (.Pinnacle Systems - Launchlist2 application.) -- C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe ~ Application: Scanned in 00mn 01s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Clé orpheline O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{ACCD5B31-4A07-44BD-B224-330CD3D7488C}: NameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{3B8FC641-DB44-4F41-AEC3-561F17518D02}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{ACCD5B31-4A07-44BD-B224-330CD3D7488C}: NameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{3B8FC641-DB44-4F41-AEC3-561F17518D02}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{ACCD5B31-4A07-44BD-B224-330CD3D7488C}: NameServer = 192.168.1.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{3B8FC641-DB44-4F41-AEC3-561F17518D02}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\system32\igfxdev.dll O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notifications Windows Genuine Advantage.) -- C:\WINDOWS\system32\WgaLogon.dll O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Tâches planifiées en automatique (O39) O39 - APT: - (..) -- C:\WINDOWS\Tasks\Notification de fin de service de Microsoft Windows XP - à la connexion.job [238] O39 - APT: - (..) -- C:\WINDOWS\Tasks\Notification de fin de service de Microsoft Windows XP -mensuellement.job [232] ~ Scheduled Task: 11 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\Caere Corp] [HKLM\Software\Caere Corp] ~ Key Software: 155 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 13/11/2014 - 15:30:51 - [] ----D C:\Program Files\Caere O43 - CFD: 13/11/2014 - 15:31:56 - [] ----D C:\Program Files\Fichiers communs\Caere O43 - CFD: 20/11/2014 - 12:44:03 - [] ----D C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Free FreeCell Solitaire O43 - CFD: 13/11/2014 - 09:42:33 - [] R---D C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Jeux ~ Program Folder: 134 Legitimates Filtered in 00mn 00s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.2CE7B1EEB99C14032C0E2201B004F80E] - 13/11/2014 - 09:41:21 ---A- . (...) -- C:\WINDOWS\system32\wmimgmt.msc [63488] O44 - LFC:[MD5.CDD932EDCB756FB5F7CE5E2F090BA838] - 13/11/2014 - 09:41:31 ---A- . (...) -- C:\WINDOWS\system32\msdtcprf.h [768] O44 - LFC:[MD5.FDA18F513403E67CAE9BF0D2DD948B28] - 13/11/2014 - 09:41:31 ---A- . (...) -- C:\WINDOWS\system32\msdtcprf.ini [3914] O44 - LFC:[MD5.4A547D74B435E78418BE06406250C1D3] - 13/11/2014 - 09:41:32 ---A- . (...) -- C:\WINDOWS\system32\tslabels.h [3286] O44 - LFC:[MD5.F9A14C7B36E10052A1B0F071BC3C1C65] - 13/11/2014 - 09:41:32 ---A- . (...) -- C:\WINDOWS\system32\tslabels.ini [27768] O44 - LFC:[MD5.9F27B27C8405FEAF7DFC4DA3751DEF22] - 13/11/2014 - 09:41:33 ---A- . (...) -- C:\WINDOWS\system32\usrlogon.cmd [1263] O44 - LFC:[MD5.405E1EF8E3C88E9BCD2853382BB12430] - 13/11/2014 - 09:41:35 ---A- . (...) -- C:\WINDOWS\system32\bopomofo.uce [22984] O44 - LFC:[MD5.4FDED87068052EEB9B72A97FDBC141DB] - 13/11/2014 - 09:41:35 ---A- . (...) -- C:\WINDOWS\system32\gb2312.uce [24006] O44 - LFC:[MD5.038F6AD6CEE43585D814CDBC7CDFD3EC] - 13/11/2014 - 09:41:35 ---A- . (...) -- C:\WINDOWS\system32\ideograf.uce [60458] O44 - LFC:[MD5.7C0C25F4BA1084C4ABBEEA2C74194C5F] - 13/11/2014 - 09:41:35 ---A- . (...) -- C:\WINDOWS\system32\kanji_1.uce [6948] O44 - LFC:[MD5.529BBD63519BBD654EF328454019693F] - 13/11/2014 - 09:41:35 ---A- . (...) -- C:\WINDOWS\system32\kanji_2.uce [8484] O44 - LFC:[MD5.7A7A04370A6030B9B0E8178DAD4A6E41] - 13/11/2014 - 09:41:35 ---A- . (...) -- C:\WINDOWS\system32\korean.uce [12876] O44 - LFC:[MD5.39F43DBCE366B2561DF073B4C0839299] - 13/11/2014 - 09:41:36 ---A- . (...) -- C:\WINDOWS\Bulles de savon.bmp [65978] O44 - LFC:[MD5.DAC71A10A6A71CB6E3F427AE3283734B] - 13/11/2014 - 09:41:36 ---A- . (...) -- C:\WINDOWS\Rosace bleue 16.bmp [1272] O44 - LFC:[MD5.73D70ED3EC3BBFD8FD35DF431C38F374] - 13/11/2014 - 09:41:36 ---A- . (...) -- C:\WINDOWS\Tasse à café.bmp [17062] O44 - LFC:[MD5.8CA32E9D986FA76F60EFBCFCD9D80A58] - 13/11/2014 - 09:41:36 ---A- . (...) -- C:\WINDOWS\system32\shiftjis.uce [16740] O44 - LFC:[MD5.30F5568679A54042F99CA9EC1102EBCD] - 13/11/2014 - 09:41:36 ---A- . (...) -- C:\WINDOWS\system32\subrange.uce [93702] O44 - LFC:[MD5.1AC5E83598D4F2143B59A2D893C3279A] - 13/11/2014 - 09:41:37 ---A- . (...) -- C:\WINDOWS\Granit vert.bmp [26582] O44 - LFC:[MD5.203EF178BF8B0A8EC34E27E4DEDB6349] - 13/11/2014 - 09:41:37 ---A- . (...) -- C:\WINDOWS\Jour de pêche.bmp [17336] O44 - LFC:[MD5.EB3BFC14E41FBAA41B4FD4489AA82D39] - 13/11/2014 - 09:41:37 ---A- . (...) -- C:\WINDOWS\Mur de Santa Fe.bmp [65832] O44 - LFC:[MD5.3A8B85AB7B415BF3F8AFE285DFE0CE29] - 13/11/2014 - 09:41:37 ---A- . (...) -- C:\WINDOWS\Plume.bmp [16730] O44 - LFC:[MD5.927A66BD587E31CB12D3AB25381658DC] - 13/11/2014 - 09:41:37 ---A- . (...) -- C:\WINDOWS\Rhododendron.bmp [17362] O44 - LFC:[MD5.5B4AC407E566076BB726BA91E067D313] - 13/11/2014 - 09:41:37 ---A- . (...) -- C:\WINDOWS\Rivière Sumida.bmp [26680] O44 - LFC:[MD5.280920B6773C74C3649A934257112BE1] - 13/11/2014 - 09:41:37 ---A- . (...) -- C:\WINDOWS\Vent de prairie.bmp [65954] O44 - LFC:[MD5.5290EA6951F4724259F423B12C8E1393] - 13/11/2014 - 09:41:37 ---A- . (...) -- C:\WINDOWS\Zapotec.bmp [9522] O44 - LFC:[MD5.487403459F0B2F1A3ADEEF02496BD80E] - 13/11/2014 - 09:42:21 ---A- . (...) -- C:\WINDOWS\vb.ini [36] O44 - LFC:[MD5.6C2F0BA210C2B53EF07653ABAC6C2490] - 13/11/2014 - 09:42:21 ---A- . (...) -- C:\WINDOWS\vbaddin.ini [37] O44 - LFC:[MD5.797C8A5F6F131FE2AAB8FCF9D3EA81A0] - 13/11/2014 - 09:42:32 ---A- . (...) -- C:\WINDOWS\system32\emptyregdb.dat [21892] O44 - LFC:[MD5.81051BCC2CF1BEDF378224B0A93E2877] - 13/11/2014 - 09:43:45 ---A- . (...) -- C:\WINDOWS\desktop.ini [2] O44 - LFC:[MD5.81051BCC2CF1BEDF378224B0A93E2877] - 13/11/2014 - 09:43:45 ---A- . (...) -- C:\WINDOWS\system32\desktop.ini [2] O44 - LFC:[MD5.8FBEC4D51D39DB985490F7C049AF488E] - 13/11/2014 - 09:43:45 -SH-- . (...) -- C:\WINDOWS\winnt.bmp [49102] O44 - LFC:[MD5.8FBEC4D51D39DB985490F7C049AF488E] - 13/11/2014 - 09:43:45 -SH-- . (...) -- C:\WINDOWS\winnt256.bmp [49102] O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 13/11/2014 - 09:44:36 R-HA- . (...) -- C:\WINDOWS\WindowsShell.Manifest [749] O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 13/11/2014 - 09:44:36 R-HA- . (...) -- C:\WINDOWS\system32\cdplayer.exe.manifest [749] O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 13/11/2014 - 09:44:36 R-HA- . (...) -- C:\WINDOWS\system32\ncpa.cpl.manifest [749] O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 13/11/2014 - 09:44:36 R-HA- . (...) -- C:\WINDOWS\system32\nwc.cpl.manifest [749] O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 13/11/2014 - 09:44:36 R-HA- . (...) -- C:\WINDOWS\system32\sapi.cpl.manifest [749] O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 13/11/2014 - 09:44:36 R-HA- . (...) -- C:\WINDOWS\system32\wuaucpl.cpl.manifest [749] O44 - LFC:[MD5.5D76C3FB736514E1D7C88791E7322784] - 13/11/2014 - 09:44:40 R-HA- . (...) -- C:\WINDOWS\system32\WindowsLogon.manifest [488] O44 - LFC:[MD5.5D76C3FB736514E1D7C88791E7322784] - 13/11/2014 - 09:44:40 R-HA- . (...) -- C:\WINDOWS\system32\logonui.exe.manifest [488] O44 - LFC:[MD5.2B9C717D21A1331BA3731886E3EE87BB] - 13/11/2014 - 09:45:36 ---A- . (...) -- C:\WINDOWS\ODBCINST.INI [4205] O44 - LFC:[MD5.6D6F4B1886E91EB37ABCCAD19C561EE0] - 13/11/2014 - 09:45:46 ---A- . (...) -- C:\WINDOWS\system32\amcompat.tlb [16832] O44 - LFC:[MD5.A32B14BE5EDAE794FCE1A9E970827509] - 13/11/2014 - 09:45:46 ---A- . (...) -- C:\WINDOWS\system32\nscompat.tlb [23392] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 13/11/2014 - 09:45:49 ---A- . (...) -- C:\CONFIG.SYS [0] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 13/11/2014 - 09:45:49 ---A- . (...) -- C:\WINDOWS\control.ini [0] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 13/11/2014 - 09:45:49 RSHA- . (...) -- C:\IO.SYS [0] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 13/11/2014 - 09:45:49 RSHA- . (...) -- C:\MSDOS.SYS [0] O44 - LFC:[MD5.E2252E9DA2BAE1C7D75128F5CF1151CD] - 13/11/2014 - 09:48:05 ---A- . (...) -- C:\WINDOWS\system32\$winnt$.inf [261] O44 - LFC:[MD5.1AFE022D83EC11A782FE07667D04A2DF] - 13/11/2014 - 09:49:03 ---A- . (...) -- C:\WINDOWS\REGLOCS.OLD [8192] O44 - LFC:[MD5.C757AA29F4AC578EB75CBA3F846983CC] - 13/11/2014 - 10:01:11 ---A- . (...) -- C:\WINDOWS\system32\wpa.bak [13008] O44 - LFC:[MD5.6A714E92C31CC703F292299C6E5BF1EB] - 13/11/2014 - 10:09:41 R---- . (...) -- C:\WINDOWS\USetup.iss [553] O44 - LFC:[MD5.751D328935553CF6858116DF87714F02] - 13/11/2014 - 10:09:42 ---A- . (...) -- C:\RHDSetup.log [1635] O44 - LFC:[MD5.1BCDDB8D7794D4566B4DE738AF7EAAF4] - 13/11/2014 - 10:09:42 ---A- . (...) -- C:\realtek.log [206] O44 - LFC:[MD5.093C86CD529A3932C9E58C3387DA4AAC] - 13/11/2014 - 10:12:44 R--A- . (...) -- C:\WINDOWS\system32\igcompkrng500.bin [417344] O44 - LFC:[MD5.08D728924759C8285C2FFFCDC4ECC747] - 13/11/2014 - 10:12:44 R--A- . (...) -- C:\WINDOWS\system32\igkrng500.bin [982192] O44 - LFC:[MD5.7DEF9DFBDE081CAC48105CFCEC4F385C] - 13/11/2014 - 10:12:44 R--A- . (...) -- C:\WINDOWS\system32\igxpxk32.vp [2096] O44 - LFC:[MD5.FAB7C55F761B594792A3EF47A52B8AA5] - 13/11/2014 - 10:12:44 R--A- . (...) -- C:\WINDOWS\system32\igxpxs32.vp [32416] O44 - LFC:[MD5.E1DA8D937199F8DF13DBB749D4E1127D] - 13/11/2014 - 10:13:41 ---A- . (...) -- C:\lan.log [197] O44 - LFC:[MD5.6D0634CEBBFF7F428DD816706F5AA1FB] - 13/11/2014 - 10:16:51 ---A- . (...) -- C:\WINDOWS\system32\BuzzingBee.wav [146650] O44 - LFC:[MD5.E2FA75ADE398C9A44815B11CC141105C] - 13/11/2014 - 10:16:51 ---A- . (...) -- C:\WINDOWS\system32\LoopyMusic.wav [940794] O44 - LFC:[MD5.65654138BEFB8EC071837208654BBAAA] - 13/11/2014 - 10:28:39 R--A- . (...) -- C:\WINDOWS\SET3.tmp [1013912] O44 - LFC:[MD5.A05885328D67957A4C7E44BC16ABE38A] - 13/11/2014 - 10:28:40 R--A- . (...) -- C:\WINDOWS\SET4.tmp [1086058] O44 - LFC:[MD5.A21736545A3FC39B3F9965DC71B7001A] - 13/11/2014 - 10:28:43 R--A- . (...) -- C:\WINDOWS\SET8.tmp [14043] O44 - LFC:[MD5.395DA8612C76E69AE5C27343CDA4AC03] - 13/11/2014 - 10:28:47 R--A- . (...) -- C:\WINDOWS\SET29.tmp [14573] O44 - LFC:[MD5.486E0B1BC94C346E5C352C295388C803] - 13/11/2014 - 10:28:56 ----- . (...) -- C:\WINDOWS\system32\CONFIG.TMP [3072] O44 - LFC:[MD5.F08DBD8C48A168818A3DFC28929EE6B5] - 13/11/2014 - 10:28:56 ---A- . (...) -- C:\WINDOWS\system32\AUTOEXEC.NT [1896] O44 - LFC:[MD5.6CB26848BCDAA361B6EE21264FB362C3] - 13/11/2014 - 10:29:00 ---A- . (...) -- C:\WINDOWS\system32\c_20127.nls [66082] O44 - LFC:[MD5.6F8A509550FE8C92D07EE0143BF29BA1] - 13/11/2014 - 10:29:01 ---A- . (...) -- C:\WINDOWS\system32\c_10010.nls [66082] O44 - LFC:[MD5.D2CA471D36A69D17F82D5C1B64FAEE39] - 13/11/2014 - 10:29:01 ---A- . (...) -- C:\WINDOWS\system32\c_10029.nls [66082] O44 - LFC:[MD5.9CA501D2A8E6909C5B2E8C9274682BF1] - 13/11/2014 - 10:29:01 ---A- . (...) -- C:\WINDOWS\system32\c_10082.nls [66082] O44 - LFC:[MD5.21E928C8E6ED8EEAB0D1AAEE82ACDD76] - 13/11/2014 - 10:29:01 ---A- . (...) -- C:\WINDOWS\system32\c_852.nls [66594] O44 - LFC:[MD5.5D038EEABA8EA438F6B5ABD5E91BC851] - 13/11/2014 - 10:29:04 ---A- . (...) -- C:\WINDOWS\system32\C_28594.NLS [66082] O44 - LFC:[MD5.3E969213F35127D83DAB48FF1283E8E4] - 13/11/2014 - 10:29:04 ---A- . (...) -- C:\WINDOWS\system32\c_855.nls [66594] O44 - LFC:[MD5.5CD475CA7B87844DE1E0483B536F9AAE] - 13/11/2014 - 10:29:04 ---A- . (...) -- C:\WINDOWS\system32\c_866.nls [66594] O44 - LFC:[MD5.B537ACFAB9E70F0EF48DB696A08ADC81] - 13/11/2014 - 10:29:06 ---A- . (...) -- C:\WINDOWS\system32\C_28597.NLS [66082] O44 - LFC:[MD5.0A206B5CACD3CA70D2044DA691304765] - 13/11/2014 - 10:29:06 ---A- . (...) -- C:\WINDOWS\system32\c_10006.nls [66082] O44 - LFC:[MD5.BAC7072B365F9648CA318154BA7E03EC] - 13/11/2014 - 10:29:06 ---A- . (...) -- C:\WINDOWS\system32\c_737.nls [66594] O44 - LFC:[MD5.780C444EB16B65E6DE96F794A732DA12] - 13/11/2014 - 10:29:06 ---A- . (...) -- C:\WINDOWS\system32\c_869.nls [66594] O44 - LFC:[MD5.8BE0D77A873730B4EB1DAB7C6622CD46] - 13/11/2014 - 10:29:06 ---A- . (...) -- C:\WINDOWS\system32\c_875.nls [66082] O44 - LFC:[MD5.E22D1B9AC7854C0A654E4C4232074E49] - 13/11/2014 - 10:29:08 ---A- . (...) -- C:\WINDOWS\system32\C_28595.NLS [66082] O44 - LFC:[MD5.AF4A866226BD04ACF06135088D75BB63] - 13/11/2014 - 10:29:08 ---A- . (...) -- C:\WINDOWS\system32\c_10007.nls [66082] O44 - LFC:[MD5.314E85390BEBDAE5D1E11DB2D8CBC6E9] - 13/11/2014 - 10:29:08 ---A- . (...) -- C:\WINDOWS\system32\c_10017.nls [66082] O44 - LFC:[MD5.EFFDFF60A38CF648811BBCDD722ECF5E] - 13/11/2014 - 10:29:11 ---A- . (...) -- C:\WINDOWS\system32\c_10081.nls [66082] O44 - LFC:[MD5.C37A21EE1ADFDC13FC707D97073148ED] - 13/11/2014 - 10:29:11 ---A- . (...) -- C:\WINDOWS\system32\c_28599.nls [66082] O44 - LFC:[MD5.A8764750B22B528D85A691A52CB21856] - 13/11/2014 - 10:29:11 ---A- . (...) -- C:\WINDOWS\system32\c_857.nls [66594] O44 - LFC:[MD5.35448F3A71EBBECF8E997FAD3A99327D] - 13/11/2014 - 10:29:13 ---A- . (...) -- C:\WINDOWS\system32\c_28603.nls [66082] O44 - LFC:[MD5.8020D6B21AA906320C849A157992C82B] - 13/11/2014 - 10:29:14 ---A- . (...) -- C:\WINDOWS\regopt.log [1470] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 13/11/2014 - 10:32:17 ---A- . (...) -- C:\WINDOWS\Sti_Trace.log [0] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 13/11/2014 - 10:38:12 ---A- . (...) -- C:\WINDOWS\system32\h323log.txt [0] O44 - LFC:[MD5.9D23DE88C3B18BA87CD4587177CA6CEA] - 13/11/2014 - 11:34:53 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswHwid.sys [24184] O44 - LFC:[MD5.B542E1BBB193304986A2782E96919D3C] - 13/11/2014 - 13:12:07 ---A- . (...) -- C:\WINDOWS\system32\DLLAV32.lib [14182] O44 - LFC:[MD5.1F552EC27C24A82850A568107E376E7A] - 13/11/2014 - 13:12:07 ---A- . (...) -- C:\WINDOWS\system32\mgxcdr.txt [27807] O44 - LFC:[MD5.143E8397FADA79F10389711B08A5BA43] - 13/11/2014 - 13:12:08 ---A- . (...) -- C:\WINDOWS\system32\cpuinf32.dll [19968] O44 - LFC:[MD5.85A96C1385DB136CF7BCF9FCA113C263] - 13/11/2014 - 13:19:17 ---A- . (...) -- C:\WINDOWS\mgxoschk.ini [6525] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 13/11/2014 - 13:22:50 ---A- . (...) -- C:\WINDOWS\audiocleanic.INI [0] O44 - LFC:[MD5.A5B803D907F211D78FF9CA1F57A7B766] - 13/11/2014 - 15:27:44 R--A- . (...) -- C:\WINDOWS\system32\D125UFW.INI [8575] O44 - LFC:[MD5.0E6480F21F875127F4FCE086307712AC] - 13/11/2014 - 15:27:44 R--A- . (...) -- C:\WINDOWS\system32\D125UFWB.PLG [393225] O44 - LFC:[MD5.DE0E7ECDCBD9004F45E68D6386455156] - 13/11/2014 - 15:27:44 R--A- . (...) -- C:\WINDOWS\system32\D125UFWF.PLG [393225] O44 - LFC:[MD5.2D818D6242375A29578B379E7E421C17] - 13/11/2014 - 15:27:45 R--A- . (...) -- C:\WINDOWS\system32\D125UFW1.PLG [393225] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 13/11/2014 - 15:31:17 ---A- . (...) -- C:\WINDOWS\OP70.INI [0] O44 - LFC:[MD5.512D15C2E7191C31F0961894E787B1E1] - 13/11/2014 - 15:33:05 ---A- . (...) -- C:\WINDOWS\maxlink.ini [572] O44 - LFC:[MD5.1B2C7EFB196140F81412A308E7F507FA] - 13/11/2014 - 15:34:22 ---A- . (...) -- C:\WINDOWS\Ps_setup.ini [21] O44 - LFC:[MD5.0970CF77F620C52D94481567BDE3A4CF] - 13/11/2014 - 15:34:30 ---A- . (...) -- C:\WINDOWS\phbase.ini [21] O44 - LFC:[MD5.02E47058A69C5C9D37D2BEA01B932DCA] - 13/11/2014 - 15:35:47 ---A- . (.CISRA - opapi11.) -- C:\WINDOWS\system32\opapi11.dll [2641973] O44 - LFC:[MD5.F038FF172AF59D2C35A5B9C7D5FFC4E4] - 13/11/2014 - 15:35:48 ---A- . (...) -- C:\WINDOWS\system32\openpage.msg [74665] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 13/11/2014 - 15:35:59 ---A- . (...) -- C:\WINDOWS\OPPRIN~1.INI [0] O44 - LFC:[MD5.DC801056C6EB1FE72DFDAA96FBABAF13] - 13/11/2014 - 17:31:21 ---A- . (...) -- C:\WINDOWS\000001_.tmp [19528] O44 - LFC:[MD5.905CB655E93D39C97E078A3C4C884F31] - 13/11/2014 - 17:34:28 ----- . (...) -- C:\WINDOWS\system32\Drivers\netwlan5.img [67866] O44 - LFC:[MD5.3194C32E8A2403073B812183355E25C6] - 13/11/2014 - 17:34:29 ----- . (...) -- C:\WINDOWS\system32\Drivers\cxthsfs2.cty [129045] O44 - LFC:[MD5.8E59F9BE251C8AE32A1CEB068B3F96B1] - 13/11/2014 - 17:34:30 ----- . (...) -- C:\WINDOWS\system32\Drivers\ativmc20.cod [64352] O44 - LFC:[MD5.8737F6F4C8EC1E2A9EA5516F1B3AE1AD] - 13/11/2014 - 18:03:26 ---A- . (...) -- C:\WINDOWS\002979_.tmp [19569] O44 - LFC:[MD5.7794C3221F670DE270586A2CF6E68383] - 13/11/2014 - 18:04:33 RSHA- . (...) -- C:\ntldr [252240] O44 - LFC:[MD5.6770A4BAE909774379EBBD97EFEA1CB2] - 13/11/2014 - 18:11:36 ---A- . (...) -- C:\WINDOWS\sessmgr.setup.log [1540] O44 - LFC:[MD5.684005457334EC379771CA64610FAE08] - 13/11/2014 - 18:11:50 ---A- . (...) -- C:\WINDOWS\cmsetacl.log [546] O44 - LFC:[MD5.213A4B4616FF9B2A5EDE0C8463130076] - 13/11/2014 - 18:57:30 ---A- . (...) -- C:\WINDOWS\svcpack.log [667731] O44 - LFC:[MD5.6A5A25FD6D9701B7C634F522FBA30979] - 13/11/2014 - 19:02:30 ---A- . (...) -- C:\WINDOWS\setuplog.txt [922822] O44 - LFC:[MD5.A48F913169FC5EBECBD08E3A23522854] - 13/11/2014 - 19:03:59 ---A- . (...) -- C:\WINDOWS\system32\spupdwxp.log [269] O44 - LFC:[MD5.15234FDC860F81AB24C25203F0D68E83] - 13/11/2014 - 19:04:00 ---A- . (...) -- C:\WINDOWS\spupdsvc.log.1.log [463] O44 - LFC:[MD5.21752C985E38383F7B47B392B36BCD47] - 13/11/2014 - 19:04:02 ---A- . (...) -- C:\WINDOWS\OEWABLog.txt [1178] O44 - LFC:[MD5.EE30874DA4782EF1A5DA92D570DB4594] - 13/11/2014 - 19:04:13 ---A- . (...) -- C:\WINDOWS\DtcInstall.log [585] O44 - LFC:[MD5.83529B546ED6669850462B064C073075] - 13/11/2014 - 19:20:41 ---A- . (...) -- C:\WINDOWS\Install_Studio11.log [37] O44 - LFC:[MD5.92ABAED3DA68C219FD9294B040F2FE56] - 13/11/2014 - 19:24:08 ---A- . (...) -- C:\WINDOWS\WMPrfAra.prx [25269] O44 - LFC:[MD5.FE544B08959FF8351A98F48E3453E443] - 13/11/2014 - 19:24:08 ---A- . (...) -- C:\WINDOWS\WMPrfCHS.prx [83] O44 - LFC:[MD5.A4909BE23BFBE91419E0A4E4B4136EC0] - 13/11/2014 - 19:24:08 ---A- . (...) -- C:\WINDOWS\WMPrfCHT.prx [77] O44 - LFC:[MD5.E87DC8255DF49FDD4EB161B7C1C81763] - 13/11/2014 - 19:24:08 ---A- . (...) -- C:\WINDOWS\WMPrfDeu.prx [17025] O44 - LFC:[MD5.CDFEF8281078FF343F7AC07FC8E65EB7] - 13/11/2014 - 19:24:08 ---A- . (...) -- C:\WINDOWS\wmprfcsy.prx [18878] O44 - LFC:[MD5.B9F4C041C73BB20D559C54D686F30DBA] - 13/11/2014 - 19:24:08 ---A- . (...) -- C:\WINDOWS\wmprfdan.prx [15903] O44 - LFC:[MD5.9C7AB8A74E30BDFBE8F76811DD4511D1] - 13/11/2014 - 19:24:08 ---A- . (...) -- C:\WINDOWS\wmprfell.prx [27807] O44 - LFC:[MD5.1D5CA5158421C22D3E1D9F34D1E9D53A] - 13/11/2014 - 19:24:08 ---A- . (...) -- C:\WINDOWS\wmprfesp.prx [17953] O44 - LFC:[MD5.9E6D28760C64AA6F6DEA17E4B3935690] - 13/11/2014 - 19:24:08 ---A- . (...) -- C:\WINDOWS\wmprffin.prx [16265] O44 - LFC:[MD5.B3EE9219D989CCC02E9278BC87725F48] - 13/11/2014 - 19:24:09 ---A- . (...) -- C:\WINDOWS\WMPrfJpn.prx [20704] O44 - LFC:[MD5.7C65F27EC26F317B5D93E55262CF13CC] - 13/11/2014 - 19:24:09 ---A- . (...) -- C:\WINDOWS\WMPrfKor.prx [17903] O44 - LFC:[MD5.36063D627D51B2F7AB91A4F52E5F9D22] - 13/11/2014 - 19:24:09 ---A- . (...) -- C:\WINDOWS\wmprfheb.prx [20481] O44 - LFC:[MD5.99D8D86DEF6AD7819EED193EF168C8B5] - 13/11/2014 - 19:24:09 ---A- . (...) -- C:\WINDOWS\wmprfhun.prx [19751] O44 - LFC:[MD5.02CC40196F8535E064CA17AA6F8AC1E3] - 13/11/2014 - 19:24:09 ---A- . (...) -- C:\WINDOWS\wmprfita.prx [17830] O44 - LFC:[MD5.4D57E2EE1EEEC6225000B069C5474D90] - 13/11/2014 - 19:24:09 ---A- . (...) -- C:\WINDOWS\wmprfnld.prx [16398] O44 - LFC:[MD5.F14A321B59CD5C74FDE5E66165808FD8] - 13/11/2014 - 19:24:09 ---A- . (...) -- C:\WINDOWS\wmprfnor.prx [16446] O44 - LFC:[MD5.79C8322F5A02EEFAB35873EF9E0A6FE1] - 13/11/2014 - 19:24:09 ---A- . (...) -- C:\WINDOWS\wmprfplk.prx [18536] O44 - LFC:[MD5.0E2F2ECE6274C02B162ED8E25E9398FC] - 13/11/2014 - 19:24:09 ---A- . (...) -- C:\WINDOWS\wmprfptb.prx [17199] O44 - LFC:[MD5.34387E3CF0243089741CF258C059A511] - 13/11/2014 - 19:24:09 ---A- . (...) -- C:\WINDOWS\wmprfptg.prx [18422] O44 - LFC:[MD5.D787DCFA04D904E10EC80B905552B7E6] - 13/11/2014 - 19:24:09 ---A- . (...) -- C:\WINDOWS\wmprfrus.prx [635] O44 - LFC:[MD5.93FFC65C93A3C5DDB8961A9520D7DB0A] - 13/11/2014 - 19:24:09 ---A- . (...) -- C:\WINDOWS\wmprfsky.prx [20055] O44 - LFC:[MD5.6EB0DF98E157B0B20607BFA7707895CE] - 13/11/2014 - 19:24:09 ---A- . (...) -- C:\WINDOWS\wmprfslv.prx [16814] O44 - LFC:[MD5.31D611D512A13E6FD240BC4D83FA8AA1] - 13/11/2014 - 19:24:09 ---A- . (...) -- C:\WINDOWS\wmprfsve.prx [17019] O44 - LFC:[MD5.4FF0777C602AB073C8A2384180733A5E] - 13/11/2014 - 19:24:09 ---A- . (...) -- C:\WINDOWS\wmprftrk.prx [16822] O44 - LFC:[MD5.B35605615A25C2C1C99DE182800CCC83] - 13/11/2014 - 19:26:11 ---A- . (...) -- C:\AUTOEXEC.BAT [95] O44 - LFC:[MD5.330A8642DCAEB99F5C5C46B02131B76E] - 13/11/2014 - 19:26:11 ---A- . (...) -- C:\WINDOWS\system32\ma32.dll [27648] O44 - LFC:[MD5.FFFA14F5BC164E6D371BAE97F26E3083] - 13/11/2014 - 19:26:11 ---A- . (...) -- C:\WINDOWS\system32\masd32.dll [57856] O44 - LFC:[MD5.4D479B6F1473712E16D9103F6DD5361E] - 13/11/2014 - 19:26:11 ---A- . (...) -- C:\WINDOWS\system32\mase32.dll [138752] O44 - LFC:[MD5.FC405D5E105C111740B0B9F893973F2D] - 13/11/2014 - 19:26:11 ---A- . (.Pas de propriétaire - MACD32 DLL.) -- C:\WINDOWS\system32\macd32.dll [196096] O44 - LFC:[MD5.5D3CC67ABB8812F050008D98574607D0] - 13/11/2014 - 19:26:11 ---A- . (.Pas de propriétaire - MAMC32 DLL.) -- C:\WINDOWS\system32\mamc32.dll [136192] O44 - LFC:[MD5.DC17DD0189B0C36D863B4DD0A036C10F] - 13/11/2014 - 19:29:54 ---A- . (...) -- C:\WINDOWS\WMSysPr9.prx [316640] O44 - LFC:[MD5.F4560AE7EE0FCECBCBDE5988AD4F395D] - 13/11/2014 - 20:31:23 ---A- . (...) -- C:\WINDOWS\MovingPicture.ini [17] O44 - LFC:[MD5.389B62942A2ABA2DE90E4D12BD2AE3AA] - 13/11/2014 - 20:49:23 ---A- . (...) -- C:\WINDOWS\COM+.log [1546] O44 - LFC:[MD5.082B6AD428AD33214D93BD348DF2AF8E] - 14/11/2014 - 05:33:56 ---A- . (...) -- C:\WINDOWS\mozregistry.dat [376] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 14/11/2014 - 06:45:51 ---A- . (...) -- C:\temp.html [0] O44 - LFC:[MD5.2110A99C99B23F336F7D2ABCFD09D2B1] - 14/11/2014 - 09:36:06 ---A- . (...) -- C:\WINDOWS\Studio11_BonusDVD.log [63] O44 - LFC:[MD5.673182C24E0BBE296A1AD5B5E1FCDD95] - 14/11/2014 - 10:13:16 ---A- . (...) -- C:\adorage-protocol.txt [1969681] O44 - LFC:[MD5.34B4F5784914BD4FFEAD2837202C40BC] - 14/11/2014 - 14:34:35 ---A- . (...) -- C:\WINDOWS\DirectX.log [26677] O44 - LFC:[MD5.6A765834CF68723B9738AB8FE8CBE599] - 14/11/2014 - 14:40:05 ---A- . (...) -- C:\WINDOWS\system32\MsiExec.exe.log [358] O44 - LFC:[MD5.C9DD76D0EF94637C77FF8CA5E0FB0684] - 15/11/2014 - 08:49:51 ---A- . (...) -- C:\WINDOWS\system.ini [227] O44 - LFC:[MD5.82F0763A22A41CB9A4B2348F4B0740A4] - 15/11/2014 - 09:12:19 ---A- . (...) -- C:\Classeur anniversaire.xlsx [10554] O44 - LFC:[MD5.E746A2F1074D649426DCBBD70139BC15] - 15/11/2014 - 19:12:01 ---A- . (...) -- C:\WINDOWS\win.ini [568] O44 - LFC:[MD5.FD614A0869A6D6A589AE6B89502AB8EE] - 17/11/2014 - 09:00:24 ---A- . (...) -- C:\WINDOWS\WMFDist11.log [29734] O44 - LFC:[MD5.D4070ABC89A6EAC759415F15D60BC27B] - 17/11/2014 - 09:00:53 ---A- . (...) -- C:\WINDOWS\Wudf01000Inst.log [11747] O44 - LFC:[MD5.A795BDFC6CE68BF49ED8E1DCB00C76D7] - 18/11/2014 - 20:27:53 ---A- . (...) -- C:\CES.xml [5486] O44 - LFC:[MD5.070E481833EA565C9C9C3440D4097288] - 19/11/2014 - 07:14:52 ---A- . (...) -- C:\mbam du 19 nov.txt [6974] O44 - LFC:[MD5.25EAD7A0C2155C3BBBFAF46662DCE404] - 19/11/2014 - 19:38:03 ---A- . (...) -- C:\WINDOWS\system32\d3d9caps.dat [664] O44 - LFC:[MD5.9AD8749C1DBE7849FE4608EF912A0E04] - 20/11/2014 - 12:49:47 ---A- . (...) -- C:\WINDOWS\ntbtlog.txt [811976] O44 - LFC:[MD5.4E0A1EB8AF4FBE95517324D5DAB7A05A] - 20/11/2014 - 12:53:18 ---A- . (...) -- C:\WINDOWS\ie8.log [133330] O44 - LFC:[MD5.A0D75884B64C566E667A73DF2EC76E3E] - 20/11/2014 - 12:54:37 ---A- . (...) -- C:\WINDOWS\ie8_main.log [110366] O44 - LFC:[MD5.33A0F6A705E0A6BA0FA015199AD96630] - 20/11/2014 - 20:49:56 ---A- . (...) -- C:\mbam du 20 Nov.txt [21393] O44 - LFC:[MD5.4594EB3C6DC9DD81C355BAA755ABA872] - 20/11/2014 - 20:59:48 ---A- . (...) -- C:\WINDOWS\msxml4-KB973688-enu.LOG [309348] O44 - LFC:[MD5.4273B0AF80F60BD50F42CA1201901802] - 20/11/2014 - 21:00:44 ---A- . (...) -- C:\WINDOWS\msxml4-KB954430-enu.LOG [303856] O44 - LFC:[MD5.610ACF9599B1E9A26E8C462C10F355BA] - 20/11/2014 - 21:27:52 ---A- . (...) -- C:\WINDOWS\system32\TZLog.log [13382] O44 - LFC:[MD5.C967AB5E72DF22D02AACECB4E7C21BDC] - 20/11/2014 - 21:31:37 ---A- . (...) -- C:\WINDOWS\wmsetup.log [41890] O44 - LFC:[MD5.EFFC90C127FBA3198ED21D5B5E042507] - 20/11/2014 - 21:37:39 ---A- . (...) -- C:\WINDOWS\imsins.BAK [1393] O44 - LFC:[MD5.1677F3962A634463DC111C11737ED62E] - 20/11/2014 - 21:37:44 ---A- . (...) -- C:\WINDOWS\updspapi.log [215659] O44 - LFC:[MD5.B3DDEB6556D608EFE8B71C96C5B04928] - 20/11/2014 - 21:37:45 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [1749490] O44 - LFC:[MD5.D8D5D4827F2A6A6BBD4CEF722CF57DDF] - 20/11/2014 - 21:37:45 ---A- . (...) -- C:\WINDOWS\MedCtrOC.log [124837] O44 - LFC:[MD5.976D6BEAA1978BDCBFDF1CE2C275338E] - 20/11/2014 - 21:37:45 ---A- . (...) -- C:\WINDOWS\msgsocm.log [86832] O44 - LFC:[MD5.7557BDEA83ED9C96DCD470EFF67D1693] - 20/11/2014 - 21:37:45 ---A- . (...) -- C:\WINDOWS\msmqinst.log [551904] O44 - LFC:[MD5.2684261DB32FCBF3DEB83042A2980B87] - 20/11/2014 - 21:37:45 ---A- . (...) -- C:\WINDOWS\netfxocm.log [307296] O44 - LFC:[MD5.1F0DC3FF4B325A5BC09DD19E1B812E1D] - 20/11/2014 - 21:37:45 ---A- . (...) -- C:\WINDOWS\ocgen.log [848097] O44 - LFC:[MD5.026B6024BEF9023B4A9A42C566D58C5E] - 20/11/2014 - 21:37:46 ---A- . (...) -- C:\WINDOWS\comsetup.log [593363] O44 - LFC:[MD5.827B3DDDCB4DA09B4D43FC5A4BCDE0B9] - 20/11/2014 - 21:37:46 ---A- . (...) -- C:\WINDOWS\iis6.log [1936523] O44 - LFC:[MD5.0DC697A3C792BEEC3F1CFED85112B628] - 20/11/2014 - 21:37:46 ---A- . (...) -- C:\WINDOWS\imsins.log [1393] O44 - LFC:[MD5.977D469239E38C4DE8AA9D8B34E258F4] - 20/11/2014 - 21:37:46 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [357005] O44 - LFC:[MD5.D8442BD23F1D6F94F0A40B73FA601225] - 20/11/2014 - 21:37:46 ---A- . (...) -- C:\WINDOWS\ocmsn.log [96933] O44 - LFC:[MD5.16113BAB62977E97C4724B1E489FEEB1] - 20/11/2014 - 21:37:46 ---A- . (...) -- C:\WINDOWS\tabletoc.log [89308] O44 - LFC:[MD5.E24128BDA2AC2B6D287E8F578870BC66] - 20/11/2014 - 21:37:46 ---A- . (...) -- C:\WINDOWS\tsoc.log [803492] O44 - LFC:[MD5.8A0907BB4531F96CCBF8184A948B44A1] - 21/11/2014 - 06:18:46 ---A- . (...) -- C:\WINDOWS\WgaNotify.log [14497] O44 - LFC:[MD5.F0CCB2766147E0B50DBEB0DBDFA04BE0] - 21/11/2014 - 06:18:46 ---A- . (...) -- C:\WINDOWS\spupdsvc.log [123095] O44 - LFC:[MD5.C23877A312B18B804469F6E23F753B7A] - 21/11/2014 - 06:44:29 -SHA- . (...) -- C:\WINDOWS\system32\Thumbs.db [5120] O44 - LFC:[MD5.A6C56D2083A878E5E2D86C14B1418C7A] - 21/11/2014 - 08:31:58 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159] O44 - LFC:[MD5.D546ACCB473681D923AAECB6A29919B7] - 21/11/2014 - 08:31:59 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50] ~ Files: 945 Legitimates Filtered in 01mn 26s ---\\ Opérations et fonctions au démarrage de Windows Explorer (O46) O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll ~ ShellExecuteHooks: Scanned in 00mn 00s ---\\ Image File Execution Options (IFEO) (O50) O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d ~ IFEO: Scanned in 00mn 00s ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "LegalNoticeCaption"=1 ~ MWPS: 6 Legitimates Filtered in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:13/11/2014 - 11:34:53 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswHwid.sys [24184] =>.ALWIL Software O58 - SDL:13/11/2014 - 11:41:58 ---A- . (.ALWIL Software - avast! Filtering NDIS driver.) -- C:\WINDOWS\system32\Drivers\aswNdis.sys [12112] O58 - SDL:13/11/2014 - 11:34:53 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software O58 - SDL:13/11/2014 - 11:34:53 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswVmm.sys [206248] =>.ALWIL Software O58 - SDL:02/03/2006 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528] O58 - SDL:13/04/2008 - 09:36:06 ----- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384] O58 - SDL:07/01/2005 - 17:07:16 ----- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Function Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\Hdaudio.sys [145920] O58 - SDL:03/08/2004 - 22:41:40 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\mtlmnt5.sys [126686] O58 - SDL:03/08/2004 - 22:41:38 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\mtlstrm.sys [1309184] O58 - SDL:03/08/2004 - 22:29:38 ----- . (.Matrox Graphics Inc. - Matrox Parhelia Miniport Driver.) -- C:\WINDOWS\system32\Drivers\mtxparhm.sys [452736] O58 - SDL:03/08/2004 - 22:41:40 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\ntmtlfax.sys [180360] O58 - SDL:02/03/2006 - 13:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792] O58 - SDL:03/08/2004 - 22:41:40 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\recagent.sys [13776] O58 - SDL:03/08/2004 - 22:41:42 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slnt7554.sys [129535] O58 - SDL:03/08/2004 - 22:41:44 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slntamr.sys [404990] O58 - SDL:03/08/2004 - 22:41:46 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slnthal.sys [95424] O58 - SDL:03/08/2004 - 22:41:46 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slwdmsup.sys [13240] O58 - SDL:02/03/2006 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112] O58 - SDL:02/03/2006 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037] O58 - SDL:02/03/2006 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097] O58 - SDL:02/03/2006 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4912] O58 - SDL:02/03/2006 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809] O58 - SDL:02/03/2006 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537] O58 - SDL:02/03/2006 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27916] O58 - SDL:02/03/2006 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146] O58 - SDL:02/03/2006 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370] O58 - SDL:02/03/2006 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274] O58 - SDL:02/03/2006 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146] O58 - SDL:02/03/2006 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [34000] O58 - SDL:02/03/2006 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560] O58 - SDL:02/03/2006 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648] O58 - SDL:02/03/2006 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424] O58 - SDL:02/03/2006 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560] ~ Drivers: 96 Legitimates Filtered in 00mn 08s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 14/11/2014 - 08:49:02 ---A- . (...) -- C:\Documents and Settings\paul Fossaert\Mes documents\Downloads\DC10plusHardwareInstall (1).exe [3431560] O61 - LFC: 14/11/2014 - 08:49:03 ---A- . (...) -- C:\Documents and Settings\paul Fossaert\Mes documents\Downloads\DC10plusHardwareInstall (2).exe [3431560] O61 - LFC: 14/11/2014 - 08:49:03 ---A- . (...) -- C:\Documents and Settings\paul Fossaert\Mes documents\Downloads\DC10plusHardwareInstall (3).exe [3431560] O61 - LFC: 15/11/2014 - 08:49:39 ---A- . (...) -- C:\Documents and Settings\paul Fossaert\Mes documents\Downloads\vlc-2.1.0-win32.exe [802288] O61 - LFC: 15/11/2014 - 08:49:41 ---A- . (...) -- C:\Documents and Settings\paul Fossaert\Mes documents\Downloads\vlc-media-player_2-1-5_fr_10829_32.exe [24743106] O61 - LFC: 19/11/2014 - 08:48:43 ---A- . (...) -- C:\Documents and Settings\paul Fossaert\Local Settings\Application Data\Google\Chrome\User Data\EVWhitelist\4\_platform_specific\all\ev_hashes_whitelist.bin [713907] O61 - LFC: 20/11/2014 - 08:49:04 ---A- . (...) -- C:\Documents and Settings\paul Fossaert\Mes documents\Downloads\freecellcol.exe [2664960] O61 - LFC: 21/11/2014 - 08:48:54 ---A- . (...) -- C:\Documents and Settings\paul Fossaert\Mes documents\Downloads\adwcleaner_4.101.exe [2140160] ~ 2781 Fichiers temporaires (Temporary files) ~ 90 Fichiers cookies (Cookies files) ~ Files: 56 Legitimates Filtered in 01mn 05s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Liste les services legacy du registre (LALS) (O64) O64 - Services: CurCS - 13/11/2014 - C:\WINDOWS\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID ~ Legacy: 118 Legitimates Filtered in 00mn 02s ---\\ Associations Shell Spawning (O67) O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.) ~ FASS Keys: 10 Legitimates Filtered in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - () - http://search.live.com O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - http://www.google.com ~ Keys: Scanned in 00mn 00s ---\\ Recherche de clés de registre CLSID (O101) [HKCR\CLSID\{BCB7B0A0-94D3-11d4-9064-00C04F78ACF9}] (Notation Class) =>Hijacker.Proxy ~ BCK: 3858 Legitimates Filtered in 00mn 05s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 13/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe SS - | Demand 17/11/2005 1527900 | (FirebirdServerMAGIXInstance) . (.MAGIX®.) - C:\MAGIX\Common\Database\bin\fbserver.exe SS - | Auto 13/11/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 13/11/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 13/11/2014 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe SS - | Auto 03/04/2014 315008 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe SR - | Auto 13/11/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe SR - | Auto 13/11/2014 104416 | (avast! Firewall) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\afwServ.exe SR - | Auto 01/10/2014 1871160 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe SR - | Auto 01/10/2014 968504 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe ~ Services: Scanned in 00mn 07s ---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Run by paul Fossaert at 21/11/2014 08:54:48 device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 1 ntkrnlpa!IofCallDriver[0x804EF200] >> \Device\Harddisk0\DR0[0x8AABD030] kernel: MBR read successfully user & kernel MBR OK ~ MBR: 13 Legitimates Filtered in 00mn 02s ---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by paul Fossaert at 21/11/2014 08:54:50 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 04s ---\\ Scan Additionnel (O88) Database Version : 13026 - (19/11/2014) Clés trouvées (Keys found) : 0 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 0 Fichiers trouvés (Files found) : 1 [HKCR\CLSID\{BCB7B0A0-94D3-11d4-9064-00C04F78ACF9}] (Notation Class) =>Hijacker.Proxy^ ~ Additionnel Scan: 256994 Items scanned in 00mn 17s ---\\ Informations complémentaires sur les modules ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5) ~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects de navigateur (O2) ~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer Toolbars (O3) ~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4) ~ http://nicolascoolman.fr/o50-image-file-execution-options-zhpdiag/ =>.Image File Execution Options (IFEO) (O50) ~ AMI: 5 Legitimates Filtered in 00mn 00s ---\\ Récapitulatif des détections trouvées sur votre station http://nicolascoolman.fr/hijacker-proxy =>Hijacker.Proxy ~ MSI: 1 link(s) detected in 00mn 00s ~ 1679 Legitimates filtered by white list End of the scan (652 lines in 09mn 54s)(0)