cedric
Participant
Nombre d'articles : 10

bonjour ! merci enc~ Rapport de ZHPDiag v2013.8.24.35 – Nicolas Coolman (24/08/2013)
~ Lancé par Bretagne (27/08/2013 18:35:21)
~ Adresse du Site Web http://nicolascoolman.webs.com » onclick= »window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version : Problème connexion internet
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Not Found

—\ Navigateurs Internet
MSIE: Internet Explorer v8.0.6001.18702 (Defaut)
MFIE: Mozilla Firefox 23.0.1
GCIE: Google Chrome v23.0.1271.97

—\ Informations sur les produits Windows
~ Langage: Français
Windows XP Home Edition Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO

—\ Logiciels de protection du système
Avira Free Antivirus v13.0.0.3885
Malwarebytes Anti-Malware version 1.75.0.1300

—\ Logiciels d’optimisation du système
CCleaner v4.00 =>Piriform Ltd

—\ Logiciels de partage PeerToPeer

—\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader XI

—\ Informations sur le système
~ Processor: x86 Family 6 Model 28 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1013 MB (36% free)
System Restore: Activé (Enable)
System drive C: has 26 GB (38%) free of 70 GB

—\ Mode de connexion au système
~ Computer Name: MJKB
~ User Name: Bretagne
~ All Users Names: SUPPORT_388945a0, HelpAssistant, Bretagne, Administrateur,
~ Unselected Option: None
Logged in as Administrator

—\ Variables d’environnement
~ System Unit : C:
~ %AppData% : C:Documents and SettingsBretagneApplication Data
~ %Desktop% : C:Documents and SettingsBretagneBureau
~ %Favorites% : C:Documents and SettingsBretagneFavoris
~ %LocalAppData% : C:Documents and SettingsBretagneLocal SettingsApplication Data
~ %StartMenu% : C:Documents and SettingsBretagneMenu Démarrer
~ %Windir% : C:WINDOWS
~ %System% : C:WINDOWSsystem32

—\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 26 Go of 70 Go)
D: Hard drive, Flash drive, Thumb drive (Free 30 Go of 70 Go)

—\ Etat du Centre de Sécurité Windows
~ Security Center: 30 Legitimates Filtered in 00mn 00s

—\ Recherche particulière de fichiers génériques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] – (.Microsoft Corporation – Explorateur Windows.) (.14/04/2008 – 13:00:00.) — C:WINDOWSExplorer.exe [1037824]
[MD5.E1948293F7CBC38987270432935D8D05] – (.Microsoft Corporation – Internet Extensions for Win32.) (.26/07/2013 – 03:47:15.) — C:WINDOWSsystem32wininet.dll [920064]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] – (.Microsoft Corporation – Application d’ouverture de session Windows NT.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.17/08/2011 – 14:49:54.) — C:WINDOWSsystem32DriversAFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] – (.Microsoft Corporation – IDE/ATAPI Port Driver.) (.13/04/2008 – 10:40:32.) — C:WINDOWSsystem32Driversatapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversCdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversCdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] – (.Microsoft Corporation – Pilote de cryptographie FIPS.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversFips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] – (.Windows (R) Server 2003 DDK provider – High Definition Audio Bus Driver v1.0a.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversHDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] – (.Microsoft Corporation – Pilote de port i8042.) (.13/04/2008 – 18:00:54.) — C:WINDOWSsystem32Driversi8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] – (.Microsoft Corporation – IMAPI Kernel Driver.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversImapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] – (.Microsoft Corporation – IP Network Address Translator.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversIpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] – (.Microsoft Corporation – IPSec Driver.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversIPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.15/07/2011 – 14:29:31.) — C:WINDOWSsystem32DriversMRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] – (.Microsoft Corporation – MBT Transport driver.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversnetBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] – (.Microsoft Corporation – NT File System Driver.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32Driversntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversParport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversRasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] – (.Microsoft Corporation – Microsoft RDP Device redirector.) (.13/04/2008 – 10:32:52.) — C:WINDOWSsystem32Driversrdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] – (.Microsoft Corporation – Pilote de filtre audio Livre rouge.) (.13/04/2008 – 17:57:36.) — C:WINDOWSsystem32Driversredbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32Driversvolsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 03s

—\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/123
~ Mes musiques (My Musics) : 1/10
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/13
~ Mes Documents (My Documents) : 1/200
~ Mon Bureau (My Desktop) : 0/1811
~ Menu demarrer (Programs) : 1/32
~ Hidden Files: Scanned in 00mn 04s

—\ Processus lancés au démarrage du système
[MD5.99387251353598C939592FAF40DF8AA9] – (.Avira Operations GmbH & Co. KG – Avira Scheduler.) — C:Program FilesAviraAntiVir Desktopsched.exe [84024] [PID.1612]
[MD5.8F0DE4FEF8201E306F9938B0905AC96A] – (.Google Inc. – Programme d’installation de Google.) — C:Program FilesGoogleUpdateGoogleUpdate.exe [135664] [PID.1888]
[MD5.167F9E5AF87B57763DAAA27D3144C2A0] – (.SEC – Samsung Recovery Solution 4.) — C:Program FilesSamsungSamsung Recovery Solution 4WCScheduler.exe [2201192] [PID.332]
[MD5.B508C9139D26AF2A91BF728279BF858C] – (.ELAN Microelectronics Corp. – ETD Control Center Helper.) — C:Program FilesElantechETDCtrlHelper.exe [1599880] [PID.356]
[MD5.4631FF0EE2964CCDC646AF807CB778F5] – (.Avira Operations GmbH & Co. KG – Avira System Tray Tool.) — C:Program FilesAviraAntiVir Desktopavgnt.exe [345144] [PID.604]
[MD5.DFC5DCAB25683ECC60073E085B84FE58] – (.Samsung Electronics Co., Ltd. – Easy Display Manager.) — C:Program FilesSamsungEasy Display Managerdmhkcore.exe [847360] [PID.1004]
[MD5.CE42DFE915F78246364D464902E47360] – (.Apple Inc. – iTunesHelper.) — C:Program FilesiTunesiTunesHelper.exe [152392] [PID.1184]
[MD5.10760383AA50CCFC7DB9B5AB0D326AAF] – (.SAMSUNG Electronics – SSCKbdHk.) — C:Program FilesSamsungSamsung Support CenterSSCKbdHk.exe [1749504] [PID.1276]
[MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] – (.Google Inc. – GoogleToolbarNotifier.) — C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe [39408] [PID.1304]
[MD5.F44431CFD96428206039D3556311BF1B] – (.Skype Technologies S.A. – Skype.) — C:Program FilesSkypePhoneSkype.exe [19876968] [PID.1312]
[MD5.978294640062C57482BF2B65A342C266] – (.Microsoft Corporation – SQL Server Service Manager.) — C:Program FilesMicrosoft SQL Server80ToolsBinnsqlmangr.exe [69632] [PID.1424]
[MD5.83166BFFA8C4BBAC4413F47C865CC8EE] – (.Microsoft Corporation – Outil de notification de cadeaux MSN.) — C:Documents and SettingsBretagneApplication DataMicrosoftOutil de notification de cadeaux MSNmsnotif.exe [183096] [PID.1432]
[MD5.8491FDA93507F2F27FFBA11372764086] – (.Avira Operations GmbH & Co. KG – Avira On-Access Service.) — C:Program FilesAviraAntiVir Desktopavguard.exe [108088] [PID.2108]
[MD5.4FE5C6D40664AE07BE5105874357D2ED] – (.Apple Inc. – MobileDeviceService.) — C:Program FilesFichiers communsAppleMobile Device SupportAppleMobileDeviceService.exe [57008] [PID.2156]
[MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] – (.Apple Inc. – Bonjour Service.) — C:Program FilesBonjourmDNSResponder.exe [390504] [PID.2188]
[MD5.65085456FD9A74D7F1A999520C299ECB] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program FilesMalwarebytes’ Anti-Malwarembamscheduler.exe [418376] [PID.2404]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program FilesMalwarebytes’ Anti-Malwarembamservice.exe [701512] [PID.2652]
[MD5.7CE50C9E49ECEED8B6418446358126D9] – (.Microsoft Corporation – Machine Debug Manager.) — C:Program FilesFichiers communsMicrosoft SharedVS7Debugmdm.exe [270336] [PID.2808]
[MD5.C06719A652E32D5B65CC25C45D44A0D3] – (.Microsoft Corporation – SQL Server Windows NT.) — C:Program FilesMicrosoft SQL ServerMSSQLBinnsqlservr.exe [7442493] [PID.2848]
[MD5.D1D5DAB39DCB4BE0359943738D87409B] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program FilesMalwarebytes’ Anti-Malwarembamgui.exe [532040] [PID.2864]
[MD5.7CB15A15DBB2E1DF973A0A799C76DCC8] – (.SRS Labs, Inc. – Service to handle post-installation details.) — C:Program FilesSRS LabsSRS WOW XT and TSXTSRS_PostInstaller.exe [66792] [PID.2976]
[MD5.D8B8B5A8FE57CF4F307A540D9A153C23] – (.Apple Inc. – iPodService Module (32-bit).) — C:Program FilesiPodbiniPodService.exe [553288] [PID.2724]
[MD5.2E0B0A051FFAA86E358465BB0880D453] – (.Microsoft Corporation – Windows Update.) — C:WINDOWSsystem32wuauclt.exe [53784] [PID.1932]
[MD5.B60DDDD2D63CE41CB8C487FCFBB6419E] – (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet ExplorerIEXPLORE.exe [638816] [PID.1532]
[MD5.11821BB2822BFDF2C8654A157A829C2F] – (.Nicolas Coolman – ZHPDiag.) — C:Program FilesZHPDiagZHPDiag.exe [7836672] [PID.2604]
[MD5.5E9A6658A2A69AE7EB195113B7A2E7A9] – (.Microsoft Corporation – Application Layer Gateway Service.) — C:WINDOWSSystem32alg.exe [44544] [PID.2284]
~ Processes Running: Scanned in 00mn 10s

—\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleChromeUser DataDefaultPreferences
G2 – GCE: Preference [User DataDefault] [hlddcjcfgdjclmkhhddocoendieiooag] Lyrics Plus v.1.125 (Activé) =>Adware.AddLyrics
G2 – GCE: Preference [User DataDefault] [ihkeoookbpemkdccdccdmacnidhooohk] Supreme Savings v.1.23.51 (Activé) =>PUP.RewardsArcade
G2 – GCE: Preference [User DataDefault] [mmiopbgcekanlhpjkonogoljpfmhpkhf] LyricsPal v.1.114 (Activé) =>Adware.AddLyrics
G2 – GCE: Preference [User DataDefault] [nohfdhapjjlndfgjnmdlcabloeembdkj] Delta Toolbar v.1.0 (Activé) =>Toolbar.DeltaSearch
G2 – GCE: Preference [User DataDefault] [pxpohikckhbcljgombipcdoinkaedlfa] Smart Display v.1.5 (Activé) =>Spyware.SmartDisplay
~ Google Browser: 10 Legitimates Filtered in 00mn 10s

—\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultprefs.js
M3 – MFPP: Plugins – [Bretagne] — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultsearchpluginswiseconvert-15-customized-web-search.xml =>Toolbar.Conduit
M3 – MFPP: Plugins – [Bretagne] — C:Program FilesMozilla FireFoxsearchpluginsbabylon.xml =>Toolbar.Babylon
M2 – MFEP: prefs.js [Bretagne – o0k85q7f.defaultcrossriderapp19962@crossrider.com] [] Supreme Savings v (..) =>PUP.RewardsArcade
~ Firefox Browser: 14 Legitimates Filtered in 00mn 02s

—\ Internet Explorer, Proxy Management (R5)
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

—\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
F2 – REG:system.ini: USERINIT=C:WINDOWSsystem32Userinit.exe,
F2 – REG:system.ini: Shell=C:WINDOWSexplorer.exe
F2 – REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL « sysdm.cpl »
~ Keys: Scanned in 00mn 00s

—\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20

—\ Internet Explorer Toolbars (O3)
O3 – Toolbar: Google Toolbar – [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. – Google Toolbar.) — C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll =>Toolbar.Google
O3 – ToolbarWebBrowser: (no name) – [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s

—\ Applications démarrées par registre & par dossier (O4)
O4 – HKLM..Run: [RTHDCPL] . (.Realtek Semiconductor Corp. – Realtek HD Audio Control Panel.) — C:WINDOWSRTHDCPL.exe
O4 – HKLM..Run: [IgfxTray] . (.Intel Corporation – igfxTray Module.) — C:WINDOWSsystem32igfxtray.exe
O4 – HKLM..Run: [HotKeysCmds] . (.Intel Corporation – hkcmd Module.) — C:WINDOWSsystem32hkcmd.exe
O4 – HKLM..Run: [Persistence] . (.Intel Corporation – persistence Module.) — C:WINDOWSsystem32igfxpers.exe
O4 – HKLM..Run: [ETDWare] . (.ELAN Microelectronics Corp. – ETD Control Center.) — C:Program FilesElantechETDCtrl.exe
O4 – HKLM..Run: [BatteryManager] . (.Pas de propriétaire – BatteryManager MFC.) — C:Program FilesSamsungSamsung Battery ManagerBatteryManager.exe
O4 – HKLM..Run: [EasySpeedUpManager] . (.Samsung Electronics Co., Ltd. – EasySpeedUpManager.) — C:Program FilesSAMSUNGEasySpeedUpManagerEasySpeedUpManager.exe
O4 – HKLM..Run: [EasySpeedUpManager2] . (.Samsung Electronics – Easy SpeedUp Manager II.) — C:Program FilesSAMSUNGEasySpeedUpManagerEasySpeedUpManager2.exe
O4 – HKLM..Run: [SUPBackground] . (…) — C:Program FilesSamsungSamsung Update PlusSUPBackground.exe
O4 – HKLM..Run: [DMHotKey] . (.SAMSUNG Electronics – Loader of Easy Display Manager – Display Co.) — C:Program FilesSamsungEasy Display ManagerDMLoader.exe
O4 – HKLM..Run: [SamsungWInClon] Clé orpheline
O4 – HKLM..Run: [UCam_Menu] . (.CyberLink Corp. – MUI StartMenu Application.) — C:Program FilesCyberLinkYouCamMUITransferMUIStartMenu.exe
O4 – HKLM..Run: [APSDaemon] . (.Apple Inc. – Apple Push.) — C:Program FilesFichiers communsAppleApple Application SupportAPSDaemon.exe
O4 – HKLM..Run: [avgnt] . (.Avira Operations GmbH & Co. KG – Avira System Tray Tool.) — C:Program FilesAviraAntiVir Desktopavgnt.exe
O4 – HKLM..Run: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program FilesFichiers communsAdobeARM1.0AdobeARM.exe
O4 – HKLM..Run: [QuickTime Task] . (.Apple Inc. – QuickTime Task.) — C:Program FilesQuickTimeqttask.exe
O4 – HKLM..Run: [iTunesHelper] . (.Apple Inc. – iTunesHelper.) — C:Program FilesiTunesiTunesHelper.exe
O4 – HKCU..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32ctfmon.exe
O4 – HKCU..Run: [BatteryLifeExtender] . (.Samsung Electronics. Co. Ltd. – Battery Life Extender.) — C:Program FilesSamsungBatteryLifeExtenderBatteryLifeExtender.exe
O4 – HKCU..Run: [SSCKbdHk] . (.SAMSUNG Electronics – SSCKbdHk.) — C:Program FilesSamsungSamsung Support CenterSSCKbdHk.exe
O4 – HKCU..Run: [swg] . (.Google Inc. – GoogleToolbarNotifier.) — C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 – HKCU..Run: [Skype] . (.Skype Technologies S.A. – Skype.) — C:Program FilesSkypePhoneSkype.exe
O4 – HKUSS-1-5-18..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32CTFMON.exe
O4 – HKUSS-1-5-19..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32CTFMON.exe
O4 – HKUSS-1-5-20..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32CTFMON.exe
O4 – HKUSS-1-5-18..RunOnce: [FlashPlayerUpdate] C:WINDOWSsystem32MacromedFlashFlashUtil32_11_7_700_224_ActiveX.exe (.not file.)
O4 – HKUSS-1-5-21-532639649-2019491048-2505128532-1005..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32ctfmon.exe
O4 – HKUSS-1-5-21-532639649-2019491048-2505128532-1005..Run: [BatteryLifeExtender] . (.Samsung Electronics. Co. Ltd. – Battery Life Extender.) — C:Program FilesSamsungBatteryLifeExtenderBatteryLifeExtender.exe
O4 – HKUSS-1-5-21-532639649-2019491048-2505128532-1005..Run: [SSCKbdHk] . (.SAMSUNG Electronics – SSCKbdHk.) — C:Program FilesSamsungSamsung Support CenterSSCKbdHk.exe
O4 – HKUSS-1-5-21-532639649-2019491048-2505128532-1005..Run: [swg] . (.Google Inc. – GoogleToolbarNotifier.) — C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 – HKUSS-1-5-21-532639649-2019491048-2505128532-1005..Run: [Skype] . (.Skype Technologies S.A. – Skype.) — C:Program FilesSkypePhoneSkype.exe
~ Application: Scanned in 00mn 04s

—\ Autres liens utilisateurs (O4)
O4 – GSPrograms: Adobe Reader XI.lnk . (…) — C:WINDOWSInstaller{AC76BA86-7AD7-1036-7B44-AB0000000001}SC_Reader.ico
O4 – GSPrograms: Apple Software Update.lnk . (…) — C:WINDOWSInstaller{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}AppleSoftwareUpdateIco.exe
O4 – GSPrograms: Lanceur de tâches Microsoft Works.lnk . (.Microsoft® Corporation – Microsoft® Works.) — C:Program FilesMicrosoft WorksMSWorks.exe
O4 – GSPrograms: Microsoft Access.lnk . (…) — C:WINDOWSInstaller{9028040C-6000-11D3-8CFE-0050048383C9}accicons.exe
O4 – GSPrograms: Microsoft Excel.lnk . (…) — C:WINDOWSInstaller{9012040C-6000-11D3-8CFE-0050048383C9}xlicons.exe
O4 – GSPrograms: Microsoft FrontPage.lnk . (…) — C:WINDOWSInstaller{9028040C-6000-11D3-8CFE-0050048383C9}misc.exe
O4 – GSPrograms: Microsoft Outlook.lnk . (…) — C:WINDOWSInstaller{9012040C-6000-11D3-8CFE-0050048383C9}outicon.exe
O4 – GSPrograms: Microsoft PowerPoint.lnk . (…) — C:WINDOWSInstaller{9012040C-6000-11D3-8CFE-0050048383C9}pptico.exe
O4 – GSPrograms: Microsoft Word.lnk . (…) — C:WINDOWSInstaller{9012040C-6000-11D3-8CFE-0050048383C9}wordicon.exe
O4 – GSPrograms: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
O4 – GSPrograms: Windows Movie Maker.lnk . (.Microsoft Corporation – Windows Movie Maker.) — C:Program FilesMovie Makermoviemk.exe
O4 – GSPrograms: Assistance à distance.lnk . (.Microsoft Corporation – Assistance à distance Microsoft.) — C:WINDOWSsystem32rcimlby.exe
O4 – GSPrograms: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
O4 – GSPrograms: Lecteur Windows Media.lnk . (.Microsoft Corporation – Lecteur Windows Media.) — C:Program FilesWindows Media Playerwmplayer.exe
O4 – GSPrograms: Outlook Express.lnk . (.Microsoft Corporation – Outlook Express.) — C:Program FilesOutlook Expressmsimn.exe
~ Global Startup: Scanned in 00mn 04s

—\ Boutons situés sur la barre d’outils principale d’Internet Explorer (O9)
O9 – Extra button: &Ajout Direct dans Windows Live Writer – {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation – Windows Live Writer Blog This Extension.) — C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 – Extra button: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} — Clé orpheline
O9 – Extra button: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation – Windows Messenger.) — C:Program FilesMessengermsmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s

—\ Piratage de l’Option ‘Rétablir les paramètres Web’ (O14)
O14 – IERESET.INF: START_PAGE_URL=START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
~ IE Paramètres WEB: Scanned in 00mn 00s

—\ Objets ActiveX (Downloaded Program Files)(O16)
O16 – DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) – http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab » onclick= »window.open(this.href);return false;
~ Objets ActiveX: Scanned in 00mn 00s

—\ Modification Domaine/Adresses DNS (O17)
O17 – HKLMSystemCCSServicesTcpip..{541B8E00-9C0A-4023-884F-588C17673CE9}: DhcpNameServer = 192.168.1.254
O17 – HKLMSystemCS1ServicesTcpip..{541B8E00-9C0A-4023-884F-588C17673CE9}: DhcpNameServer = 192.168.1.254
O17 – HKLMSystemCS3ServicesTcpip..{541B8E00-9C0A-4023-884F-588C17673CE9}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.254
~ Domain: Scanned in 00mn 00s

—\ Titr_HJT34=Protocole additionnel (O18)
O18 – Handler: wlmailhtml – {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation – Windows Live Mail.) — C:Program FilesWindows LiveMailmailcomm.dll
O18 – Filter: text/webviewhtml – {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation – DLL commune du shell Windows.) — C:WINDOWSsystem32SHELL32.dll
~ Protocole Additionnel: Scanned in 00mn 00s

—\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 – Winlogon Notify: crypt32chain . (.Microsoft Corporation – Crypto API32.) — C:WINDOWSsystem32crypt32.dll
O20 – Winlogon Notify: cryptnet . (.Microsoft Corporation – Crypto Network Related API.) — C:WINDOWSsystem32cryptnet.dll
O20 – Winlogon Notify: cscdll . (.Microsoft Corporation – Agent réseau hors connexion.) — C:WINDOWSsystem32cscdll.dll
O20 – Winlogon Notify: dimsntfy . (.Microsoft Corporation – DIMS Notification Handler.) — C:WINDOWSsystem32dimsntfy.dll
O20 – Winlogon Notify: igfxcui . (.Intel Corporation – igfxdev Module.) — C:WINDOWSsystem32igfxdev.dll
O20 – Winlogon Notify: ScCertProp . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
O20 – Winlogon Notify: Schedule . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
O20 – Winlogon Notify: sclgntfy . (.Microsoft Corporation – DLL secondaire de notification de service d.) — C:WINDOWSsystem32sclgntfy.dll
O20 – Winlogon Notify: SensLogn . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32WlNotify.dll
O20 – Winlogon Notify: termsrv . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
O20 – Winlogon Notify: wlballoon . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
~ Winlogon: Scanned in 00mn 00s

—\ Liste des services NT non Microsoft et non désactivés (O23)
O23 – Service: (MBAMService) . (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) – C:Program FilesMalwarebytes’ Anti-Malwarembamservice.exe
O23 – Service: SRS WOWXT/TSXT Service (SRS_WOWXT_Service) . (.SRS Labs, Inc. – Service to handle post-installation details.) – C:Program FilesSRS LabsSRS WOW XT and TSXTSRS_PostInstaller.exe
~ Services: 9 Legitimates Filtered in 00mn 12s

—\ Enumération Active Desktop & MHTML Editor (O24)
O24 – Desktop Component 0: (no name) – file:file:///C:/DOCUME~1/Bretagne/LOCALS~1/Temp/msohtml1/01/clip_image002.gif
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s

—\ Tâches planifiées en automatique (O39)
O39 – APT:Automatic Planified Task – C:WINDOWSTasksGoforFilesUpdate.job [282] =>P2P.GoforFiles
O39 – APT:Automatic Planified Task – C:WINDOWSTasksLyrics Plus Update.job [366] =>Adware.AddLyrics
~ Scheduled Task: 6 Legitimates Filtered in 00mn 00s

—\ Logiciels installés (O42)
O42 – Logiciel: Boxore Client – (.Boxore OU.) [HKLM] — {CA2B24FD-EE10-42B9-B049-AA80268E7E21} =>Adware.Boxore
O42 – Logiciel: Lyrics Plus – (.Plus Add-on Software.) [HKLM] — {b6f4d32a-8066-470a-b12e-14cf2675282d} =>Adware.AddLyrics
O42 – Logiciel: Lyrics-Pal – (.LyricsPal Soft. LTD.) [HKLM] — {42974caa-fd59-4421-ad43-cf5e6a6bbd56} =>Adware.AddLyrics
~ Logic: 88 Legitimates Filtered in 00mn 01s

—\ HKCU & HKLM Software Keys
[HKLMSoftwareASKINSTALLER]
[HKLMSoftwareWLAN]
~ Key Software: 138 Legitimates Filtered in 00mn 01s

—\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 – CFD: 29/01/2011 – 00:00:58 – [6,162] —-D C:Program FilesIEAK
O43 – CFD: 23/04/2013 – 13:17:07 – [0,062] —-D C:Program Filesmixiedj
O43 – CFD: 07/11/2010 – 14:58:58 – [18,762] —-D C:Program FilesORKTools
O43 – CFD: 16/08/2013 – 18:46:52 – [0,169] —-D C:Documents and SettingsAll UsersApplication DataBoxUpdChk
O43 – CFD: 22/06/2010 – 20:36:24 – [0,002] —-D C:Documents and SettingsAll UsersApplication DataWLAN
O43 – CFD: 10/06/2012 – 20:19:16 – [0,003] —-D C:Documents and SettingsAll UsersApplication DataXWare
O43 – CFD: 10/06/2012 – 20:19:16 – [0,003] —-D C:Documents and SettingsBretagneApplication DataXWare
O43 – CFD: 25/04/2013 – 00:52:31 – [0,201] —-D C:Documents and SettingsBretagneLocal SettingsApplication DataUpdater19962 =>PUP.CrossRider
~ Program Folder: 148 Legitimates Filtered in 00mn 29s

—\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 – LFC:[MD5.5C9C2D4C37033ACCC02537813145BC8B] – 27/08/2013 – 01:09:40 —A- . (…) — C:WINDOWSwiadebug.log [157]
O44 – LFC:[MD5.0B0831019A236A4374C4FD09BBC11A1F] – 27/08/2013 – 01:09:24 —A- . (…) — C:WINDOWSwiaservc.log [50]
O44 – LFC:[MD5.020B8DCE0BA439C08CF0250E0CF63839] – 22/08/2013 – 18:42:44 —A- . (…) — C:WINDOWSFaxSetup.log [17808]
O44 – LFC:[MD5.C8F109970F5CFA6A689DDB593BBFC02F] – 22/08/2013 – 18:42:44 —A- . (…) — C:WINDOWScomsetup.log [6245]
O44 – LFC:[MD5.AEA2986D266F531C85F37A09854499FD] – 22/08/2013 – 18:42:44 —A- . (…) — C:WINDOWSiis6.log [1960]
O44 – LFC:[MD5.6730A7F08728B3431EC147701D47103F] – 22/08/2013 – 18:42:44 —A- . (…) — C:WINDOWSimsins.log [4566]
O44 – LFC:[MD5.41934423ABF980D38AA9C0A34C95C819] – 22/08/2013 – 18:42:44 —A- . (…) — C:WINDOWSmsgsocm.log [1356]
O44 – LFC:[MD5.BEC9D232793E30CF95F60E340CAFD9C8] – 22/08/2013 – 18:42:44 —A- . (…) — C:WINDOWSntdtcsetup.log [4909]
O44 – LFC:[MD5.8D51B5CCDC25B32532785385F279EF65] – 22/08/2013 – 18:42:44 —A- . (…) — C:WINDOWSocgen.log [19604]
O44 – LFC:[MD5.EAAF5A9230E3EF40665A1FE647BF1F91] – 22/08/2013 – 18:42:44 —A- . (…) — C:WINDOWSocmsn.log [1771]
O44 – LFC:[MD5.2A3F78C2D6C450B9EB590406A4818690] – 22/08/2013 – 18:42:44 —A- . (…) — C:WINDOWStsoc.log [10238]
O44 – LFC:[MD5.896C6B3C1F7A0BD4FC6170EADA330685] – 22/08/2013 – 18:39:56 —A- . (…) — C:WINDOWSimsins.BAK [1917]
O44 – LFC:[MD5.937777DBF9D14CA516322D64B030A497] – 16/08/2013 – 02:10:06 —A- . (…) — C:WINDOWSsystem32TZLog.log [23712]
~ Files: 31 Legitimates Filtered in 01mn 14s

—\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 – LFCP:[MD5.D251FF0A85573CC832AAAFDF52BA1366] – 20/08/2013 – 22:36:58 —A- – C:WINDOWSPrefetchSSFLWBOX.SCR-00C6F4BF.pf
O45 – LFCP:[MD5.8AA95728A7C2A5B34312AED525031601] – 23/08/2013 – 01:04:41 —A- – C:WINDOWSPrefetchGO.EXE-2DCC3FAB.pf
O45 – LFCP:[MD5.1ED4A59650EFF110647C8CC4C7A0C54E] – 23/08/2013 – 21:03:01 —A- – C:WINDOWSPrefetchBOXORE.EXE-2493A27E.pf =>Adware.Boxore
O45 – LFCP:[MD5.4432395CA35830AC23B2FE3495BA3E92] – 25/08/2013 – 19:06:17 —A- – C:WINDOWSPrefetchSUPREME SAVINGS-BG.EXE-36D71DB8.pf =>PUP.RewardsArcade
O45 – LFCP:[MD5.A508515EC45775307AB1C419DE477E5B] – 26/08/2013 – 11:37:16 —A- – C:WINDOWSPrefetchSUPREME SAVINGS.EXE-023257F5.pf =>PUP.RewardsArcade
O45 – LFCP:[MD5.9481E75CB06930331E001712BC2A7CB7] – 26/08/2013 – 11:39:00 —A- – C:WINDOWSPrefetchSOFTWARECRASHHANDLER.EXE-0425ECA6.pf
O45 – LFCP:[MD5.F8C7A66B2D2A298967C8343C1FE5033E] – 26/08/2013 – 12:35:04 —A- – C:WINDOWSPrefetchLRCSPLS.EXE-18B9133F.pf
O45 – LFCP:[MD5.D902AEA64786C42DA5FF58B0AEEBD694] – 26/08/2013 – 12:35:16 —A- – C:WINDOWSPrefetchBATTERYMANAGER.EXE-1658E718.pf
O45 – LFCP:[MD5.F6ED459CF7D49E7EC460B48DC8E61F4F] – 26/08/2013 – 12:35:21 —A- – C:WINDOWSPrefetchEASYSPEEDUPMANAGER2.EXE-363852B6.pf
O45 – LFCP:[MD5.DA74447FACF8DC07AA89DC76E60265EF] – 26/08/2013 – 12:35:22 —A- – C:WINDOWSPrefetchSUPBACKGROUND.EXE-32DA3BFE.pf
O45 – LFCP:[MD5.A4DAE50F7713862277A68714B7640B1C] – 26/08/2013 – 12:35:23 —A- – C:WINDOWSPrefetchLYRICSPLS.EXE-06E48AB4.pf =>Adware.AddLyrics
O45 – LFCP:[MD5.755520E716E07A05EE36D9DF7F30501D] – 26/08/2013 – 12:35:28 —A- – C:WINDOWSPrefetchDMLOADER.EXE-126D6CC1.pf
O45 – LFCP:[MD5.E12AC658050CBCECF735DE38821F5732] – 26/08/2013 – 12:35:38 —A- – C:WINDOWSPrefetchDMHKCORE.EXE-2FDBB09D.pf
O45 – LFCP:[MD5.23C4D043450BFB31FB6D9BD62765A5C3] – 26/08/2013 – 12:35:49 —A- – C:WINDOWSPrefetchBATTERYLIFEEXTENDER.EXE-24D86617.pf
O45 – LFCP:[MD5.0DF892C85FCBC5178B42F7B2969B054C] – 26/08/2013 – 12:36:05 —A- – C:WINDOWSPrefetchUPDATER19962.EXE-2D2C866D.pf
O45 – LFCP:[MD5.95DF40A29E3D7798E9A4B0275BC0EC24] – 26/08/2013 – 12:36:11 —A- – C:WINDOWSPrefetchSQLMANGR.EXE-19670CF9.pf
O45 – LFCP:[MD5.02C9DF6F06C7C155C53CF21A80436B61] – 26/08/2013 – 12:36:12 —A- – C:WINDOWSPrefetchMSNOTIF.EXE-2CBCBEF4.pf
O45 – LFCP:[MD5.1F6DA1A96B835664DED860928B433F30] – 26/08/2013 – 13:29:05 —A- – C:WINDOWSPrefetchLYRICSPAL_1060-8101_V122.EXE-0E2A197A.pf =>Adware.AddLyrics
O45 – LFCP:[MD5.E9F59BAF53E771AA59DDF22AD18F2D30] – 26/08/2013 – 13:29:14 —A- – C:WINDOWSPrefetchLYRICS.EXE-0DB3C90C.pf =>Adware.AddLyrics
O45 – LFCP:[MD5.93A6238700337CC8DFE67BE85355189B] – 26/08/2013 – 13:29:17 —A- – C:WINDOWSPrefetchAPPSHAT-DISTRIBUTION.EXE-0479C4BD.pf
O45 – LFCP:[MD5.EBD6711B2A2A98ACC22FAE63968C5007] – 26/08/2013 – 13:29:17 —A- – C:WINDOWSPrefetchNS11.TMP-22531237.pf
O45 – LFCP:[MD5.87A013BF720734215BB1DCDEBBBCC397] – 26/08/2013 – 13:29:22 —A- – C:WINDOWSPrefetchMINIBAR.EXE-0B9EBD16.pf
O45 – LFCP:[MD5.F9F62185B0A6B89EE637FEFF9FD8BC2F] – 26/08/2013 – 21:53:00 —A- – C:WINDOWSPrefetchSRS_POSTINSTALLER.EXE-07ACEA63.pf
~ Prefetcher: 129 Legitimates Filtered in 00mn 02s

—\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 – SEH:ShellExecuteHooks – URL Exec Hook – {AEB6717E-7E19-11d0-97EE-00C04FD91972} – shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s

—\ Export de clé d’application autorisée (O47)
O47 – AAKE:Key Export SP – « C:Program FilesGoforFilesgoforfilesdl.exe » [Enabled] .(…) — C:Program FilesGoforFilesgoforfilesdl.exe (.not file.) =>P2P.GoforFiles
O47 – AAKE:Key Export SP – « C:Program FilesGoforFilesGoforFiles.exe » [Enabled] .(…) — C:Program FilesGoforFilesGoforFiles.exe (.not file.) =>P2P.GoforFiles
O47 – AAKE:Key Export SP – « C:UsbFixGo.exe » [Enabled] .(.Pas de propriétaire.) — C:UsbFixGo.exe
~ Keys Export: 14 Legitimates Filtered in 00mn 03s

—\ Image File Execution Options (IFEO) (O50)
O50 – IFEO:Image File Execution Options – Your Image File Name Here without a path – ntsd -d
~ IFEO: Scanned in 00mn 00s

—\ Liste des pilotes du système (SDL) (O58)
O58 – SDL:[MD5.267FC636801EDC5AB28E14036349E3BE] – 18/11/2009 – 15:16:00 —A- . (.Creative – Creative WDM 3D Audio Driver.) — C:WINDOWSsystem32DriversAmbfilt.sys [1691480]
O58 – SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] – 14/04/2008 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ansi.sys [9037]
~ Drivers: 5 Legitimates Filtered in 00mn 00s

—\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 – LFC: 25/08/2013 – 20:02:48 -SHA- . (…) — C:Documents and SettingsBretagneApplication DataMicrosoftInternet ExplorerUserDataindex.dat [32768]
O61 – LFC: 26/08/2013 – 12:20:20 —A- . (…) — C:Documents and SettingsBretagneRecentMBAM-log-2013-08-26 (13-18-57).lnk [619]
O61 – LFC: 26/08/2013 – 13:07:00 —A- . (…) — C:Documents and SettingsBretagneBureauadwcleaner.exe [994642]
O61 – LFC: 26/08/2013 – 13:27:53 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleToolbarmetrics_3723752548.xml [9271]
O61 – LFC: 26/08/2013 – 13:29:07 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication Dataavgchromeavgp [78261]
O61 – LFC: 26/08/2013 – 14:28:30 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleChromeUser DataLocal State [24417]
O61 – LFC: 26/08/2013 – 14:29:25 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleToolbarmetrics_16900701131.xml [4080]
O61 – LFC: 26/08/2013 – 14:29:25 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataMicrosoftInternet Explorerframeiconcache.dat [7492]
O61 – LFC: 26/08/2013 – 15:12:50 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleToolbarmetrics_7913243153.xml [8019]
O61 – LFC: 26/08/2013 – 15:12:55 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleToolbarmetrics_7929303826.xml [8695]
O61 – LFC: 26/08/2013 – 15:14:54 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleChromeUser DataDefaultCookies [25600]
O61 – LFC: 26/08/2013 – 15:48:53 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleToolbarmetrics_15648585209.xml [6258]
O61 – LFC: 26/08/2013 – 15:51:28 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleToolbarmetrics_16201793910.xml [6590]
O61 – LFC: 26/08/2013 – 15:53:49 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleToolbarmetrics_16703706965.xml [6363]
O61 – LFC: 26/08/2013 – 15:55:10 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleToolbarmetrics_16992118486.xml [7576]
O61 – LFC: 26/08/2013 – 15:55:50 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleToolbarmetrics_17136839246.xml [10180]
O61 – LFC: 26/08/2013 – 15:55:54 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleToolbarmetrics_17150870296.xml [8228]
O61 – LFC: 26/08/2013 – 17:37:01 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultInvalidprefs.js [7155]
O61 – LFC: 26/08/2013 – 17:37:13 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleChromeUser DataDefaultpreferences [78261]
O61 – LFC: 26/08/2013 – 19:00:11 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxCrash ReportsInstallTime20130814063812 [10]
O61 – LFC: 26/08/2013 – 19:00:11 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultparent.lock [0]
O61 – LFC: 26/08/2013 – 19:00:22 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultpluginreg.dat [9106]
O61 – LFC: 26/08/2013 – 19:00:27 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultextensions.sqlite [458752]
O61 – LFC: 26/08/2013 – 19:00:29 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataMozillaFirefoxMozilla Firefoxactive-update.xml [57]
O61 – LFC: 26/08/2013 – 19:00:29 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataMozillaFirefoxMozilla Firefoxupdates.xml [5965]
O61 – LFC: 26/08/2013 – 19:00:30 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultwebappswebapps.json [2]
O61 – LFC: 26/08/2013 – 19:00:40 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultsearch.json [12924]
O61 – LFC: 26/08/2013 – 19:00:50 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaulturlclassifierkey3.txt [154]
O61 – LFC: 26/08/2013 – 19:00:51 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultdownloads.sqlite [98304]
O61 – LFC: 26/08/2013 – 19:01:35 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultformhistory.sqlite [196608]
O61 – LFC: 26/08/2013 – 19:01:51 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataMozillaFirefoxProfileso0k85q7f.defaultstartupCachestartupCache.4.little [1388167]
O61 – LFC: 26/08/2013 – 19:02:02 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaulthealthreportstate.json [89]
O61 – LFC: 26/08/2013 – 19:06:48 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultplaces.sqlite [10485760]
O61 – LFC: 26/08/2013 – 19:08:35 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultaddons.sqlite [524288]
O61 – LFC: 26/08/2013 – 19:10:32 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultblocklist.xml [76870]
O61 – LFC: 26/08/2013 – 19:21:18 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultdh-media-lists.rdf [520]
O61 – LFC: 26/08/2013 – 19:21:18 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultdh-smart-names.rdf [60185]
O61 – LFC: 26/08/2013 – 19:21:18 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultsessionstore.js [111439]
O61 – LFC: 26/08/2013 – 19:21:19 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultbookmarkbackupsbookmarks-2013-08-26.json [5716]
O61 – LFC: 26/08/2013 – 19:21:19 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaulthealthreport.sqlite [1146880]
O61 – LFC: 26/08/2013 – 19:21:20 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultcert8.db [114688]
O61 – LFC: 26/08/2013 – 19:21:20 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultcookies.sqlite [1048576]
O61 – LFC: 26/08/2013 – 19:21:20 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultkey3.db [16384]
O61 – LFC: 26/08/2013 – 19:21:20 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultlocalstore.rdf [8962]
O61 – LFC: 26/08/2013 – 19:21:20 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultpermissions.sqlite [65536]
O61 – LFC: 26/08/2013 – 19:21:20 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultprefs.js [327086]
O61 – LFC: 26/08/2013 – 19:21:20 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultwebappsstore.sqlite [294912]
O61 – LFC: 26/08/2013 – 19:21:20 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataMozillaFirefoxProfileso0k85q7f.default_CACHE_CLEAN_ [1]
O61 – LFC: 26/08/2013 – 19:51:48 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleToolbarmetrics_28344452028.xml [15042]
O61 – LFC: 26/08/2013 – 21:56:44 —A- . (…) — C:Documents and SettingsBretagneRecentIMG_0342.lnk [576]
O61 – LFC: 26/08/2013 – 21:56:44 —A- . (…) — C:Documents and SettingsBretagneRecentkinshasa.lnk [435]
O61 – LFC: 26/08/2013 – 22:05:09 —A- . (…) — C:Documents and SettingsBretagneRecentP1040112.lnk [626]
O61 – LFC: 26/08/2013 – 22:41:24 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleToolbarmetrics_10804311252.xml [5296]
O61 – LFC: 26/08/2013 – 22:45:58 —A- . (…) — C:Documents and SettingsBretagneRecentP1040588.lnk [611]
O61 – LFC: 27/08/2013 – 01:08:07 -SHA- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataMicrosoftCredentialsS-1-5-21-532639649-2019491048-2505128532-1005Credentials [370]
O61 – LFC: 27/08/2013 – 01:09:20 -SHA- . (…) — C:Documents and SettingsBretagneApplication DataMicrosoftInternet ExplorerDesktop.htt [2794]
O61 – LFC: 27/08/2013 – 17:25:50 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleToolbar DNS datadata [67711]
O61 – LFC: 27/08/2013 – 17:30:09 -SHA- . (…) — C:Documents and SettingsBretagneIETldCacheindex.dat [262144]
O61 – LFC: 27/08/2013 – 17:30:09 -SHA- . (…) — C:Documents and SettingsBretagnePrivacIEindex.dat [16187392]
~ 15 Fichiers temporaires (Temporary files)
~ 208 Fichiers cookies (Cookies files)
~ Files: 745 Legitimates Filtered in 03mn 23s

—\ Liste des outils de désinfection (LATC) (O63)
O63 – Logiciel: UsbFix By El Desaparecido – (.El Desaparecido – SosVirus.net.) [HKLM] — Usbfix
O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1
~ ADS: Scanned in 00mn 00s

—\ Liste les services legacy du registre (LALS) (O64)
O64 – Services: CurCS – 27/10/2005 – Pas de propriétaire (DOSMEMIO) .(…) – LEGACY_DOSMEMIO
O64 – Services: CurCS – 06/08/2009 – C:Program FilesSRS LabsSRS WOW XT and TSXTSRS_PostInstaller.exe (SRS_WOWXT_Service) .(.SRS Labs, Inc. – Service to handle post-installation details.) – LEGACY_SRS_WOWXT_SERVICE
~ Legacy: 144 Legitimates Filtered in 00mn 04s

—\ Menu de démarrage Internet (SMI) (O68)
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
~ Keys: Scanned in 00mn 00s