Publicité
Publicité
Format du document : text/plain
Prévisualisation
~ Rapport de ZHPDiag v2013.9.6.15 - Nicolas Coolman (07/09/2013)
~ Lanc� par ROUCOU (07/09/2013 15:29:44)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Traduit par Nicolas Coolman
~ Etat de la version : Version � jour.
~ Liste blanche : Activ�e par le programme
~ El�vation des Privil�ges : OK
~ User Account Control (UAC): Not Found
---\\ Navigateurs Internet
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox 23.0.1 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Fran�ais
Windows XP Home Edition Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK
---\\ Logiciels de protection du syst�me
Avira Free Antivirus v13.0.0.3885
Malwarebytes Anti-Malware version 1.75.0.1300
---\\ Logiciels d'optimisation du syst�me
CCleaner v4.05 =>Piriform Ltd
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
---\\ Informations sur le syst�me
~ Processor: x86 Family 6 Model 8 Stepping 1, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 767 MB (54% free)
System Restore: D�sactiv� (Disabled)
System drive C: has 23 GB (58%) free of 39 GB
---\\ Mode de connexion au syst�me
~ Computer Name: JEAN-LUC
~ User Name: ROUCOU
~ All Users Names: SUPPORT_388945a0, ROUCOU, HelpAssistant, ASPNET, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppData% : C:\Documents and Settings\ROUCOU\Application Data\
~ %Desktop% : C:\Documents and Settings\ROUCOU\Bureau\
~ %Favorites% : C:\Documents and Settings\ROUCOU\Favoris\
~ %LocalAppData% : C:\Documents and Settings\ROUCOU\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\ROUCOU\Menu D�marrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\
---\\ Enum�ration des unit�s disques
C:\ Hard drive, Flash drive, Thumb drive (Free 23 Go of 39 Go)
D:\ CD-ROM drive (Not Inserted)
E:\ Hard drive, Flash drive, Thumb drive (Free 9 Go of 28 Go)
G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
J:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
K:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Etat du Centre de S�curit� Windows
~ Security Center: 26 Legitimates Filtered in 00mn 00s
---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.E1948293F7CBC38987270432935D8D05] - (.Microsoft Corporation - Internet Extensions for Win32.) (.26/07/2013 - 03:47:15.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.13/04/2008 - 19:00:54.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parall�le.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 10:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.13/04/2008 - 19:57:36.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 01s
---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 2/749
~ Mes musiques (My Musics) : 1/2
~ Mes Favoris (My Favorites) : 1/383
~ Mes Documents (My Documents) : 2/1832
~ Mon Bureau (My Desktop) : 0/105
~ Menu demarrer (Programs) : 1/51
~ Hidden Files: Scanned in 00mn 04s
---\\ Processus lanc�s au d�marrage du syst�me
[MD5.BFADBB0B68E566F6F46B856557A68EC1] - (.Lexmark International, Inc. - LexBce Service.) -- C:\WINDOWS\system32\LEXBCES.exe [307200] [PID.1184]
[MD5.B0360B57F7A0EADEEA84961197C721FF] - (.Lexmark International, Inc. - LEXPPS.EXE.) -- C:\WINDOWS\system32\LEXPPS.exe [174592] [PID.1240]
[MD5.99387251353598C939592FAF40DF8AA9] - (.Avira Operations GmbH & Co. KG - Avira Scheduler.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024] [PID.1328]
[MD5.15EB9148D68ED4AC3C3BDE6DF101070A] - (.Lexmark International, Inc. - Lexmark 3100 Series Button Manager.) -- C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe [106496] [PID.1608]
[MD5.A2A5A81E5B8783514BAE5296DC1A2FA5] - (...) -- C:\Program Files\Lexmark 3100 Series\lxbrksk.exe [282624] [PID.1636]
[MD5.4631FF0EE2964CCDC646AF807CB778F5] - (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345144] [PID.1660]
[MD5.B8E5B65D2C5C3256A6EAAF956A7A653C] - (...) -- C:\Utilitaires\Atomic Alarm Clock\AtomicAlarmClock.exe [1742848] [PID.1672]
[MD5.F41BC0CFDFA32101A01C9979F96BDACF] - (.CH-Software - PopMan.) -- C:\Program Files\PopMan\PopMan.exe [847872] [PID.1708]
[MD5.475B4833C17D6551F71D2943104DCC55] - (.Singer's Creations - Pas de description.) -- C:\Utilitaires\Weather Watcher\ww.exe [937984] [PID.1720]
[MD5.EC522E30D4CCB56D3DAB972169DBBFDB] - (.Lexmark International, Inc. - Lexmark 3100 Series Button Monitor.) -- C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe [53248] [PID.1732]
[MD5.CD4D418E6A19A286261172B09A5DFE81] - (...) -- C:\Program Files\Lexmark 3100 Series\lxbrcmon.exe [16384] [PID.1744]
[MD5.EEC3EF7595D16C08B7621938A13DC9B5] - (.Pas de propri�taire - Firemin.) -- C:\Temp\firemin\Firemin.exe [591479] [PID.1772]
[MD5.539DC4006E3C1D7C3A00CD91CB7973B7] - (.TILER.com - FreeMeter Application.) -- C:\Program Files\FreeMeter\FreeMeter.exe [614400] [PID.1784]
[MD5.58FD3BEDE0AFE2371A669D43BE0AF5B4] - (.grenouille.com - Pas de description.) -- C:\Utilitaires\PyGrenouille\pygrenouille.exe [91648] [PID.1792]
[MD5.8A86F41B857DA166033B1795FE69BF37] - (.Almico Software (www.almico.com) - Pas de description.) -- C:\Program Files\SpeedFan\speedfan.exe [4683768] [PID.1800]
[MD5.7AA42B6EE677EE292C1E74055D409750] - (.Logitech Inc. - Logitech Events Handler Application.) -- C:\Program Files\Logitech\MouseWare\system\em_exec.exe [38912] [PID.1852]
[MD5.17773EDD4B9A2817E5FC703C11A4C1D5] - (.Acronis - Acronis Scheduler 2.) -- C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe [155648] [PID.1960]
[MD5.8491FDA93507F2F27FFBA11372764086] - (.Avira Operations GmbH & Co. KG - Avira On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088] [PID.2016]
[MD5.325FB38C323C63C7F57885B4DFB1B91E] - (.Windows (R) Codename Longhorn DDK provider - User Profile Hive Cleanup Service.) -- C:\Program Files\UPHClean\uphclean.exe [399872] [PID.296]
[MD5.68C105908A54D734D2B154DB546F562E] - (.Avira Operations GmbH & Co. KG - Avira Shadow Copy Service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [76856] [PID.2568]
[MD5.DFB2902086DEC1469F13C2BA839BC6E1] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7909376] [PID.1008]
[MD5.5E9A6658A2A69AE7EB195113B7A2E7A9] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.2712]
~ Processes Running: Scanned in 00mn 02s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\prefs.js
P2 - FPN: [HKLM] [@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin] - (.Simon B?nzli - SumatraPDF Browser Plugin.) -- C:\Program Files\SumatraPDF\npPdfViewer.dll
P2 - FPN: [HKCU] [@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin] - (.Simon B?nzli - SumatraPDF Browser Plugin.) -- C:\Program Files\SumatraPDF\npPdfViewer.dll
~ Firefox Browser: 8 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://forum.pcastuces.com
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Simon B?nzli - SumatraPDF Browser Plugin.) (No version) -- (.not file.)
~ IE Browser: 12 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - [HKCU]{710EB7A1-45ED-11D0-924A-0020AFC7AC4D} Cl� orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Cl� orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Run: [Logitech Utility] . (.Logitech Inc. - Logitech Launcher Application.) -- C:\WINDOWS\Logi_MwX.exe
O4 - HKLM\..\Run: [Lexmark 3100 Series] . (.Lexmark International, Inc. - Lexmark 3100 Series Button Manager.) -- C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
O4 - HKLM\..\Run: [LXBRKsk] . (...) -- C:\Program Files\Lexmark 3100 Series\lxbrksk.exe
O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
O4 - HKCU\..\Run: [SkinClock] . (...) -- C:\Utilitaires\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKCU\..\Run: [PopMan] . (.CH-Software - PopMan.) -- C:\Program Files\PopMan\PopMan.exe
O4 - HKCU\..\Run: [WeatherWatcher] . (.Singer's Creations - Pas de description.) -- C:\Utilitaires\Weather Watcher\ww.exe
O4 - HKUS\S-1-5-21-1275210071-1383384898-1801674531-1004\..\Run: [SkinClock] . (...) -- C:\Utilitaires\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKUS\S-1-5-21-1275210071-1383384898-1801674531-1004\..\Run: [PopMan] . (.CH-Software - PopMan.) -- C:\Program Files\PopMan\PopMan.exe
O4 - HKUS\S-1-5-21-1275210071-1383384898-1801674531-1004\..\Run: [WeatherWatcher] . (.Singer's Creations - Pas de description.) -- C:\Utilitaires\Weather Watcher\ww.exe
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Programs: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Programs: Mozilla Thunderbird.lnk . (.Mozilla Corporation - Thunderbird.) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
O4 - GS\Programs: SumatraPDF.lnk . (.Krzysztof Kowalczyk - SumatraPDF.) -- C:\Program Files\SumatraPDF\SumatraPDF.exe
O4 - GS\Programs: Windows Movie Maker.lnk . (.Microsoft Corporation - Windows Movie Maker.) -- C:\Program Files\Movie Maker\moviemk.exe
O4 - GS\Programs: Assistance � distance.lnk . (.Microsoft Corporation - Assistance � distance Microsoft.) -- C:\WINDOWS\system32\rcimlby.exe
O4 - GS\Programs: Windows Install Clean Up.lnk . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
~ Global Startup: Scanned in 00mn 01s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{241C2B6B-0C53-4EFD-8D4C-7C25E7FA6156}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{241C2B6B-0C53-4EFD-8D4C-7C25E7FA6156}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{241C2B6B-0C53-4EFD-8D4C-7C25E7FA6156}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Titr_HJT34=Protocole additionnel (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. - ATI External Event Utility DLL Module.) -- C:\WINDOWS\system32\Ati2evxx.dll
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent r�seau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: LexBce Server (LexBceS) . (.Lexmark International, Inc. - LexBce Service.) - C:\WINDOWS\system32\LEXBCES.exe
O23 - Service: User Profile Hive Cleanup (UPHClean) . (.Windows (R) Codename Longhorn DDK provider - User Profile Hive Cleanup Service.) - C:\Program Files\UPHClean\uphclean.exe
~ Services: 6 Legitimates Filtered in 00mn 03s
---\\ Enum�ration Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\ROUCOU\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\ROUCOU\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s
---\\ Pilotes lanc�s au d�marrage du syst�me (O41)
O41 - Driver: (BANTExt) . (...) - C:\WINDOWS\system32\Drivers\BANTExt.sys
~ Drivers: 69 Legitimates Filtered in 00mn 00s
---\\ Logiciels install�s (O42)
O42 - Logiciel: Atomic Alarm Clock 5.87 - (.Drive Software Company.) [HKLM] -- Atomic Alarm Clock_is1
O42 - Logiciel: BirdsEvolutionPro - (...) [HKCU] -- BIRDS EVOLUTION PRO
O42 - Logiciel: EnableDisable for Office version 3.7 - (.Topalt.com.) [HKLM] -- {664320A7-8522-47C2-B605-F33A30A2FA52}_is1
O42 - Logiciel: MV RegClean 5.9 Fran�ais - (...) [HKLM] -- MV RegClean 5.9 Fran�ais_is1
O42 - Logiciel: PasseMemo - (...) [HKCU] -- PASSEMEMO
O42 - Logiciel: Secu 4.0 - (.JSAL Software.) [HKLM] -- {85DA9BC7-C5F9-4CB1-84C2-8342995D2CD6}_is1
O42 - Logiciel: Statfoot32 - (.Cellard Software.) [HKLM] -- Statfoot32_is1
O42 - Logiciel: Suivi-Secu - (...) [HKCU] -- SUIVI-SECU
~ Logic: 101 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Agent_EXE]
[HKCU\Software\ClockSkin587]
[HKCU\Software\FreeMeter]
[HKCU\Software\L.S.I.]
[HKCU\Software\OPSWAT]
[HKCU\Software\Praxisoft]
[HKCU\Software\mtsf.com]
[HKLM\Software\LXBRDataCaching]
[HKLM\Software\LXBRFormatShell]
~ Key Software: 242 Legitimates Filtered in 00mn 01s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 19/08/2013 - 14:40:56 - [5,142] ----D C:\Program Files\Double Driver
O43 - CFD: 02/08/2012 - 13:51:36 - [1,674] ----D C:\Program Files\FreeMeter
O43 - CFD: 05/09/2013 - 11:59:43 - [1,941] ----D C:\Program Files\MV RegClean 5.9 Fran�ais
O43 - CFD: 24/04/2013 - 14:52:37 - [2,729] ----D C:\Program Files\Secu 4.0
O43 - CFD: 24/04/2013 - 14:48:40 - [37,500] ----D C:\Program Files\Suivi S�cu
O43 - CFD: 21/05/2012 - 13:38:17 - [0,001] ----D C:\Documents and Settings\All Users\Application Data\Suivi S�cu
O43 - CFD: 27/07/2013 - 19:55:06 - [0] -SH-D C:\Documents and Settings\All Users\Application Data\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
O43 - CFD: 12/08/2012 - 15:20:25 - [0,001] ----D C:\Documents and Settings\ROUCOU\Application Data\#Hf
O43 - CFD: 21/05/2012 - 15:03:43 - [0,001] ----D C:\Documents and Settings\ROUCOU\Application Data\Topalt
O43 - CFD: 03/04/2013 - 11:25:07 - [0,008] ----D C:\Documents and Settings\ROUCOU\Local Settings\Application Data\hq
O43 - CFD: 10/08/2012 - 11:44:58 - [0,001] ----D C:\Documents and Settings\ROUCOU\Menu D�marrer\Programmes\FreeMeter
O43 - CFD: 23/05/2012 - 19:52:02 - [0,002] ----D C:\Documents and Settings\ROUCOU\Menu D�marrer\Programmes\TAROT PRO 99
~ Program Folder: 200 Legitimates Filtered in 00mn 16s
---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.920C91FEA27C6F10117BE8BAA8921120] - 07/09/2013 - 14:25:53 ---A- . (...) -- C:\WINDOWS\wiadebug.log [393]
O44 - LFC:[MD5.43070C9F9640DB7BEED2A00DE63A3700] - 07/09/2013 - 14:25:53 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.F030E0B8D6E0D90BA293C4F0239F3DF6] - 07/09/2013 - 14:23:44 ---A- . (...) -- C:\WINDOWS\FLASHKSK.INI [22]
O44 - LFC:[MD5.492B9936F052B50B94ED2D04EA96DD2C] - 07/09/2013 - 14:23:37 ---A- . (...) -- C:\WINDOWS\LXBRCAH.ini [3206]
O44 - LFC:[MD5.9C6A1ED5E6C31D91DE1158FEE9BCA654] - 07/09/2013 - 09:34:02 ---A- . (...) -- C:\WINDOWS\lexstat.ini [420]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 05/09/2013 - 10:59:59 ---A- . (...) -- C:\WINDOWS\Sti_Trace.log [0]
O44 - LFC:[MD5.E5853F83178520C918E0696F13474C19] - 02/09/2013 - 11:57:29 ---A- . (...) -- C:\WINDOWS\system32\STEC.PRO [96]
O44 - LFC:[MD5.96C85A2CA15607FD99FE66E38FEB9F07] - 01/09/2013 - 18:41:38 -SHA- . (...) -- C:\WINDOWS\Thumbs.db [8192]
~ Files: 13 Legitimates Filtered in 01mn 23s
---\\ Derniers fichiers cr��s dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.3AC8344FFEB953EA81F509307277C1D7] - 04/09/2013 - 14:12:37 ---A- - C:\WINDOWS\Prefetch\ADVANCED TOKENS MANAGER.EXE-3313C4A4.pf
O45 - LFCP:[MD5.254A61DE450712D9EF1AD6AEF0F9F25E] - 04/09/2013 - 14:41:06 ---A- - C:\WINDOWS\Prefetch\DIRECTORYLISTPRINTPRO.EXE-1823B831.pf
O45 - LFCP:[MD5.7DC0DF891337FB9AAEDFF011D37927CE] - 04/09/2013 - 14:42:31 ---A- - C:\WINDOWS\Prefetch\PHOTO-REDUCTEUR.EXE-2CE036CB.pf
O45 - LFCP:[MD5.7BC13B95DAF869E8A803592ECE754CB2] - 04/09/2013 - 14:42:31 ---A- - C:\WINDOWS\Prefetch\PHOTO-REDUCTEUR.TMP-1DB2F22D.pf
O45 - LFCP:[MD5.C50260B6A42F44C717BD1E5C7996E046] - 04/09/2013 - 14:49:40 ---A- - C:\WINDOWS\Prefetch\EVERYTHING.EXE-0B65EEF8.pf
O45 - LFCP:[MD5.D5E8F6C132C8ABA7F1907CF775A8C628] - 04/09/2013 - 16:19:12 ---A- - C:\WINDOWS\Prefetch\SNAGIT32.EXE-32FF2CF1.pf
O45 - LFCP:[MD5.371E993D7D464DB47608D179F338AA12] - 04/09/2013 - 16:19:21 ---A- - C:\WINDOWS\Prefetch\SNAGPRIV.EXE-2225E292.pf
O45 - LFCP:[MD5.483BC731693C225C6FAB1DF1593FE8D3] - 04/09/2013 - 16:27:29 ---A- - C:\WINDOWS\Prefetch\LXBRBMGR.EXE-3599B64B.pf
O45 - LFCP:[MD5.47454793006FA8869B5B7F5FECBD315B] - 04/09/2013 - 16:27:36 ---A- - C:\WINDOWS\Prefetch\LXBRAIOX.EXE-15FEEA52.pf
O45 - LFCP:[MD5.591B084CC172C45AEEA1F8BF087E0F83] - 04/09/2013 - 16:27:36 ---A- - C:\WINDOWS\Prefetch\RTDRVMON.EXE-09CBA037.pf
O45 - LFCP:[MD5.7C1F88F44908F768073E344792813886] - 04/09/2013 - 17:00:22 ---A- - C:\WINDOWS\Prefetch\RTMPDUMP.EXE-051BB7C0.pf
O45 - LFCP:[MD5.4D562E18296DB20F566A429CE03C20DF] - 04/09/2013 - 17:55:42 ---A- - C:\WINDOWS\Prefetch\JV16 POWERTOOLS 2012 2.1.0.11-20F2C505.pf
O45 - LFCP:[MD5.E407D3FAC493DB756028BA4B6862410E] - 05/09/2013 - 07:54:18 ---A- - C:\WINDOWS\Prefetch\PHOTO.EXE-31BCE028.pf
O45 - LFCP:[MD5.B155030B7A606656315E98F9E45EB13D] - 05/09/2013 - 08:04:10 ---A- - C:\WINDOWS\Prefetch\JV16PT.EXE-2E23EE72.pf
O45 - LFCP:[MD5.E4EEFCB0321F8BDBF8BF830E13E53143] - 05/09/2013 - 08:58:30 ---A- - C:\WINDOWS\Prefetch\JV16PT.EXE-0606A2A8.pf
O45 - LFCP:[MD5.2D770ADC9C917903013F85EDB419A305] - 05/09/2013 - 10:41:48 ---A- - C:\WINDOWS\Prefetch\LIFETRAY.EXE-36181759.pf
O45 - LFCP:[MD5.981EF1492DAEC640A47E5C9905435267] - 05/09/2013 - 10:56:52 ---A- - C:\WINDOWS\Prefetch\MVREGCLEAN.EXE-1184873F.pf
O45 - LFCP:[MD5.A334F77633861D5D8BCBE0A129DBFF59] - 05/09/2013 - 14:08:04 ---A- - C:\WINDOWS\Prefetch\DIRECTORYLISTPRINTPRO.EXE-2D22D70C.pf
O45 - LFCP:[MD5.0F450C1D65E47407E71E64D81081E3A0] - 05/09/2013 - 14:26:02 ---A- - C:\WINDOWS\Prefetch\DIRECTORYLISTPRINTPRO.EXE-2B3617D8.pf
O45 - LFCP:[MD5.00FE1F4E91948FEA96E1747C41F6FBEC] - 05/09/2013 - 14:27:23 ---A- - C:\WINDOWS\Prefetch\SUMO.EXE-1DB885C7.pf
O45 - LFCP:[MD5.AEEF029A34BE1B6BB5922DFBDC6AC8B8] - 05/09/2013 - 19:02:26 ---A- - C:\WINDOWS\Prefetch\LICENCE_LEGALE_GIVEAWAY_WINRA-1424AB65.pf
O45 - LFCP:[MD5.35D110154A851F1AE06D67B05B012CB4] - 06/09/2013 - 01:46:31 ---A- - C:\WINDOWS\Prefetch\STARTER.EXE-1EF74A33.pf
O45 - LFCP:[MD5.887935C282C25780732B25C5FA3C3B35] - 06/09/2013 - 01:48:33 ---A- - C:\WINDOWS\Prefetch\DIRECTORYLISTPRINTPRO.EXE-0C50A17A.pf
O45 - LFCP:[MD5.DDB220C9E38E536FA5CDC2D7FBCBCAF9] - 06/09/2013 - 09:03:38 ---A- - C:\WINDOWS\Prefetch\SHEXVIEW.EXE-04C77EDC.pf
O45 - LFCP:[MD5.5CD17FF470820166E6D411971D9BB802] - 06/09/2013 - 12:39:57 ---A- - C:\WINDOWS\Prefetch\DIRECTORYLISTPRINTPRO.EXE-2CDC3221.pf
O45 - LFCP:[MD5.D8C1D7C875E14DC64E2F235383DE1B3A] - 06/09/2013 - 20:01:25 ---A- - C:\WINDOWS\Prefetch\DRIVERGENIUS.EXE-30453135.pf
O45 - LFCP:[MD5.B63FBAF48D8549081E2FA0616F8CA0B1] - 06/09/2013 - 20:01:45 ---A- - C:\WINDOWS\Prefetch\DRVGENPRO.EXE-085E19A9.pf
O45 - LFCP:[MD5.D48166C660733E9CD4EF81864D1BCD0A] - 06/09/2013 - 20:01:46 ---A- - C:\WINDOWS\Prefetch\DRVGENPRO.TMP-3202BE25.pf
O45 - LFCP:[MD5.44F1EFAA0D9B375498892E78059139A5] - 06/09/2013 - 21:02:57 ---A- - C:\WINDOWS\Prefetch\DRIVERGENIUS.EXE-3B5636D8.pf
O45 - LFCP:[MD5.9DA9B8775BBF1AA4854BA56F84B4D7C3] - 06/09/2013 - 21:10:54 ---A- - C:\WINDOWS\Prefetch\_IU14D2N.TMP-2AC9B288.pf
O45 - LFCP:[MD5.8363D460EED7565E9C4B90B756F28DD6] - 06/09/2013 - 21:19:34 ---A- - C:\WINDOWS\Prefetch\ESSENTIALPIM.EXE-0D6FEFF1.pf
O45 - LFCP:[MD5.C74291AEDFC9B3B433B65460EBC1942E] - 07/09/2013 - 09:31:55 ---A- - C:\WINDOWS\Prefetch\LXBRJSWX.EXE-19E47842.pf
O45 - LFCP:[MD5.9EE655AF3A873A12EA24500F07FB6F50] - 07/09/2013 - 09:31:55 ---A- - C:\WINDOWS\Prefetch\LXBRPSWX.EXE-18E0922A.pf
O45 - LFCP:[MD5.F344246AA4A1720440499C33C5C8CA6B] - 07/09/2013 - 13:08:50 ---A- - C:\WINDOWS\Prefetch\GORGY-~1.SCR-10CF7537.pf
O45 - LFCP:[MD5.56AF8F31C2B1F42FBB488D55D77C8E4E] - 07/09/2013 - 14:02:57 ---A- - C:\WINDOWS\Prefetch\DIRECTORYLISTPRINTFR.EXE-0944A8A2.pf
O45 - LFCP:[MD5.88552EDBF90F49C9797F1235525EC207] - 07/09/2013 - 14:03:04 ---A- - C:\WINDOWS\Prefetch\WAJAM_VALIDATE.EXE-0CC59DF5.pf =>Toolbar.Wajam
O45 - LFCP:[MD5.59773A7245285D3810348A80879668AD] - 07/09/2013 - 14:04:45 ---A- - C:\WINDOWS\Prefetch\DIRECTORYLISTPRINTPRO.EXE-2334110E.pf
O45 - LFCP:[MD5.FB92378A1BCC111EFEDD976D436E0F25] - 07/09/2013 - 14:24:53 ---A- - C:\WINDOWS\Prefetch\NETSTAT.EXE-2B2B4428.pf
O45 - LFCP:[MD5.97310BCBEE135CDEFC0FFF952F4584F6] - 07/09/2013 - 14:24:53 ---A- - C:\WINDOWS\Prefetch\TRAFIC.EXE-29707A58.pf
O45 - LFCP:[MD5.FE99D1A24E7D37BAA7B92726C5639C31] - 07/09/2013 - 14:25:16 ---A- - C:\WINDOWS\Prefetch\DL.EXE-00F0573C.pf
~ Prefetcher: 117 Legitimates Filtered in 00mn 03s
---\\ Op�rations et fonctions au d�marrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Export de cl� d'application autoris�e (O47)
O47 - AAKE:Key Export SP - "C:\Program Files\BSD Concept\Heredis 13\Heredis13.exe" [Enabled] .(.BSD Concept.) -- C:\Program Files\BSD Concept\Heredis 13\Heredis13.exe
~ Keys Export: 8 Legitimates Filtered in 00mn 00s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s
---\\ Enum�ration des cl�s de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du syst�me (SDL) (O58)
O58 - SDL:[MD5.5D7BE7B19E827125E016325334E58FF1] - 09/08/2011 - 16:33:58 ---A- . (...) -- C:\WINDOWS\system32\Drivers\BANTExt.sys [3840]
O58 - SDL:[MD5.FE62E9711285DC2002DEF9B2BC2FB220] - 26/12/2011 - 14:34:30 ---A- . (...) -- C:\WINDOWS\system32\ampa.sys [10936]
~ Drivers: 5 Legitimates Filtered in 00mn 00s
---\\ Derniers fichiers modifi�s ou cr�es (Utilisateur) (O61)
O61 - LFC: 04/09/2013 - 11:11:18 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\sessionbackups\tabmix_sessions-2013-09-04.rdf [6983]
O61 - LFC: 04/09/2013 - 11:11:19 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\bookmarkbackups\bookmarks-2013-09-04.json [193457]
O61 - LFC: 04/09/2013 - 14:11:58 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\mimeTypes.rdf [16900]
O61 - LFC: 04/09/2013 - 14:48:57 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Emjysoft\Photo-reducteur\bdd\photo.mmo [225618]
O61 - LFC: 05/09/2013 - 01:17:32 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\bookmarkbackups\bookmarks-2013-09-05.json [193457]
O61 - LFC: 05/09/2013 - 07:54:09 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Emjysoft\Photo-reducteur\bdd\bddinfo.fic [1594]
O61 - LFC: 05/09/2013 - 07:54:09 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Emjysoft\Photo-reducteur\bdd\bddinfo.ndx [4338]
O61 - LFC: 05/09/2013 - 07:54:09 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Emjysoft\Photo-reducteur\bdd\photo.FIC [1922]
O61 - LFC: 05/09/2013 - 07:54:09 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Emjysoft\Photo-reducteur\bdd\photo.ndx [11568]
O61 - LFC: 05/09/2013 - 07:54:09 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Local Settings\Application Data\734bcd4ea0f862bf36b9fd8e59449a7f [129]
O61 - LFC: 05/09/2013 - 07:54:09 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Local Settings\Application Data\Emjysoft\DataSh\46621d82c15c84cb289bdd64cc124496 [129]
O61 - LFC: 05/09/2013 - 08:45:13 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Bureau\System\jv16 PowerTools 2013.lnk [1572]
O61 - LFC: 05/09/2013 - 08:45:28 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Menu D�marrer\Programmes\jv16 PowerTools 2013\Uninstall jv16 PowerTools 2013.lnk [1857]
O61 - LFC: 05/09/2013 - 08:45:28 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Menu D�marrer\Programmes\jv16 PowerTools 2013\jv16 PowerTools 2013.lnk [1584]
O61 - LFC: 05/09/2013 - 08:45:31 -SHA- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\System8638Conf Collection [22]
O61 - LFC: 05/09/2013 - 08:45:31 -SHA- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Win3944_ConfigDB.dlx [22]
O61 - LFC: 05/09/2013 - 10:24:46 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\sessionbackups\tabmix_sessions-2013-09-05.rdf [16711]
O61 - LFC: 05/09/2013 - 14:26:59 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Bureau\Utilitaires\DirectoryListPrint.lnk [800]
O61 - LFC: 05/09/2013 - 14:27:59 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\KC Softwares\SUMo\ignore.sumo [392]
O61 - LFC: 05/09/2013 - 14:28:24 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\KC Softwares\SUMo\reg.sumo [9905]
O61 - LFC: 05/09/2013 - 14:28:26 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\KC Softwares\SUMo\db.bak [3734]
O61 - LFC: 05/09/2013 - 14:28:40 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\KC Softwares\SUMo\SUMo.cache [3112]
O61 - LFC: 05/09/2013 - 14:28:57 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\KC Softwares\SUMo\db.sumo [3734]
O61 - LFC: 05/09/2013 - 14:56:58 ---A- . (.*.) -- C:\Documents and Settings\ROUCOU\Mes documents\Entretien Tassimo.xls [19456]
O61 - LFC: 05/09/2013 - 14:57:12 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Recent\Entretien Tassimo.lnk [605]
O61 - LFC: 05/09/2013 - 16:20:38 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Recent\Formation Progression Emplois du temps CP.lnk [530]
O61 - LFC: 05/09/2013 - 16:22:22 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Recent\CP.lnk [327]
O61 - LFC: 05/09/2013 - 16:22:22 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Recent\Test du niveau de conscience phonologique - CP - septembre 2012[1].lnk [602]
O61 - LFC: 05/09/2013 - 16:38:45 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Favoris\Liens\Sites sugg�r�s.url [86]
O61 - LFC: 05/09/2013 - 16:47:55 -SHA- . (...) -- C:\Documents and Settings\ROUCOU\PrivacIE\index.dat [966656]
O61 - LFC: 05/09/2013 - 17:54:58 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk [2593]
O61 - LFC: 06/09/2013 - 01:42:40 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\bookmarkbackups\bookmarks-2013-09-06.json [193457]
O61 - LFC: 06/09/2013 - 10:47:56 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Recent\Ech�ancier.lnk [570]
O61 - LFC: 06/09/2013 - 10:48:30 ---A- . (.ROUCOU.) -- C:\Documents and Settings\ROUCOU\Mes documents\Ech�ancier.xls [88064]
O61 - LFC: 06/09/2013 - 10:53:42 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\sessionbackups\tabmix_sessions-2013-09-06.rdf [10370]
O61 - LFC: 06/09/2013 - 12:38:19 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Recent\DirectoryListPrintProEN.lnk [654]
O61 - LFC: 06/09/2013 - 13:17:47 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk [2547]
O61 - LFC: 06/09/2013 - 13:17:57 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Recent\CD.lnk [524]
O61 - LFC: 06/09/2013 - 17:07:53 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\healthreport\state.json [89]
O61 - LFC: 06/09/2013 - 17:14:23 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\healthreport.sqlite [1507328]
O61 - LFC: 06/09/2013 - 18:28:31 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\blocklist.xml [77301]
O61 - LFC: 06/09/2013 - 19:26:08 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Recent\WR5.lnk [548]
O61 - LFC: 06/09/2013 - 19:39:01 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Recent\Driver_Genius_PRO_10.0.0.712.lnk [715]
O61 - LFC: 06/09/2013 - 19:39:59 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Recent\installation instructions.lnk [1367]
O61 - LFC: 06/09/2013 - 19:40:08 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Recent\Driver Genius PRO 10.0.0.712 + Crack-[Liberalisten].lnk [969]
O61 - LFC: 06/09/2013 - 19:40:08 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Recent\info.lnk [1258]
O61 - LFC: 06/09/2013 - 21:02:54 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Mes documents\DriverGenius\LiveUpdate.dat [97]
O61 - LFC: 06/09/2013 - 21:03:23 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Mes documents\DriverGenius\Update.dat [32]
O61 - LFC: 06/09/2013 - 21:04:05 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Voisinage r�seau\T�l�chargement sur Intel\target.lnk [702]
O61 - LFC: 06/09/2013 - 21:19:38 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\EssentialPIM Pro\TEST.backup_20130906_2219.epim [19898368]
O61 - LFC: 06/09/2013 - 21:20:24 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\EssentialPIM Pro\TEST.EPIM [22523904]
O61 - LFC: 07/09/2013 - 02:56:16 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\bookmarkbackups\bookmarks-2013-09-07.json [193457]
O61 - LFC: 07/09/2013 - 08:28:14 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Recent\Outils Compr�hension CP et Phono GS.lnk [624]
O61 - LFC: 07/09/2013 - 08:28:21 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Recent\Autonomie Phono.lnk [564]
O61 - LFC: 07/09/2013 - 08:28:21 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Recent\Programme lecture FICHIERS.lnk [454]
O61 - LFC: 07/09/2013 - 09:22:19 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Recent\~$cp2.lnk [434]
O61 - LFC: 07/09/2013 - 09:33:37 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Recent\cp 2013.lnk [447]
O61 - LFC: 07/09/2013 - 09:34:21 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Recent\cp ab.lnk [340]
O61 - LFC: 07/09/2013 - 09:34:21 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Recent\cp2.lnk [426]
O61 - LFC: 07/09/2013 - 10:37:34 R--A- . (...) -- C:\Documents and Settings\ROUCOU\Mes documents\Money Sauvegarde.mbf [12098822]
O61 - LFC: 07/09/2013 - 10:37:39 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Mes documents\Money.mny [11321344]
O61 - LFC: 07/09/2013 - 10:37:51 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\sessionbackups\tabmix_sessions-2013-09-07.rdf [11669]
O61 - LFC: 07/09/2013 - 11:56:33 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\webappsstore.sqlite [4554752]
O61 - LFC: 07/09/2013 - 12:45:29 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Local Settings\Application Data\LastPass\6c5dcb7c8ab479a3e2f7ea52061de424d7dd2a272721bcb9f4f77881d37afe64_lt.cac [1091]
O61 - LFC: 07/09/2013 - 12:51:02 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\formhistory.sqlite [327680]
O61 - LFC: 07/09/2013 - 14:02:10 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\addons.sqlite [524288]
O61 - LFC: 07/09/2013 - 14:02:15 R--A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\extensions\Noia4Options@ArisT2.xpi [88432]
O61 - LFC: 07/09/2013 - 14:02:15 R--A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\extensions\{faf13420-5e24-11e0-80e3-0800200c9a66}.xpi [1449144]
O61 - LFC: 07/09/2013 - 14:03:49 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\PopMan\MailCache.dat [0]
O61 - LFC: 07/09/2013 - 14:04:37 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Recent\DirectoryListPrintFR.lnk [639]
O61 - LFC: 07/09/2013 - 14:04:37 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Recent\T�l�chargement.lnk [465]
O61 - LFC: 07/09/2013 - 14:04:55 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\DirectoryListPrintPro\DirectoryListPrintPro.favorits [15]
O61 - LFC: 07/09/2013 - 14:04:55 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\DirectoryListPrintPro\DirectoryListPrintPro.prefs [1643]
O61 - LFC: 07/09/2013 - 14:05:38 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\parent.lock [0]
O61 - LFC: 07/09/2013 - 14:05:39 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\extensions.sqlite [524288]
O61 - LFC: 07/09/2013 - 14:05:40 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\pluginreg.dat [4592]
O61 - LFC: 07/09/2013 - 14:05:40 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\webapps\webapps.json [2]
O61 - LFC: 07/09/2013 - 14:05:48 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\forecastfox.sqlite [425984]
O61 - LFC: 07/09/2013 - 14:05:49 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\urlclassifierkey3.txt [154]
O61 - LFC: 07/09/2013 - 14:05:51 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Local Settings\Application Data\LastPass\6c5dcb7c8ab479a3e2f7ea52061de424d7dd2a272721bcb9f4f77881d37afe64_key.itr [1]
O61 - LFC: 07/09/2013 - 14:06:15 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\cookies.sqlite [1048576]
O61 - LFC: 07/09/2013 - 14:06:22 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\downloads.sqlite [98304]
O61 - LFC: 07/09/2013 - 14:06:22 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\session.rdf [8910]
O61 - LFC: 07/09/2013 - 14:06:23 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\sessionstore.js [1607]
O61 - LFC: 07/09/2013 - 14:06:24 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\bookmarks.html [430485]
O61 - LFC: 07/09/2013 - 14:06:25 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\cert8.db [393216]
O61 - LFC: 07/09/2013 - 14:06:25 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\key3.db [16384]
O61 - LFC: 07/09/2013 - 14:06:25 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\localstore.rdf [24322]
O61 - LFC: 07/09/2013 - 14:06:25 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\permissions.sqlite [65536]
O61 - LFC: 07/09/2013 - 14:06:25 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\places.sqlite [20971520]
O61 - LFC: 07/09/2013 - 14:06:25 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\prefs.js [104686]
O61 - LFC: 07/09/2013 - 14:06:25 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Local Settings\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\_CACHE_CLEAN_ [1]
O61 - LFC: 07/09/2013 - 14:06:25 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Local Settings\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\startupCache\startupCache.4.little [1305334]
O61 - LFC: 07/09/2013 - 14:27:03 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Recent\Logs.lnk [994]
O61 - LFC: 07/09/2013 - 14:27:03 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Recent\mbam-log-2013-09-07 (15-09-04).lnk [1409]
O61 - LFC: 07/09/2013 - 14:29:32 -SHA- . (...) -- C:\Documents and Settings\ROUCOU\IETldCache\index.dat [262144]
~ 20 Fichiers temporaires (Temporary files)
~ 50 Fichiers cookies (Cookies files)
~ Files: 684 Legitimates Filtered in 01mn 28s
---\\ Liste des outils de d�sinfection (LATC) (O63)
O63 - Logiciel: SEAF By C_XX - (.C_XX.) [HKLM] -- SEAF
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 09/08/2011 - Pas de propri�taire (BANTExt) .(...) - LEGACY_BANTEXT
O64 - Services: CurCS - 13/09/2010 - C:\Program Files\UPHClean\uphclean.exe (UPHClean) .(.Windows (R) Codename Longhorn DDK provider - User Profile Hive Cleanup Service.) - LEGACY_UPHCLEAN
~ Legacy: 169 Legitimates Filtered in 00mn 02s
---\\ Menu de d�marrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {36104C1F-F0F5-43EA-902F-F6CB4416A565} [DefaultScope] - (Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche particuli�re � la racine du syst�me (SPRF) (O84)
[MD5.3E829A44FFA80E6359B636948C7E41D8] [SPRF][22/05/2012] (...) -- C:\Documents and Settings\ROUCOU\Local Settings\Application Data\fusioncache.dat [129]
[MD5.6B7FF65AE8E57E7EC7FB108667067D15] [SPRF][21/05/2012] (...) -- C:\Documents and Settings\ROUCOU\Application Data\Sys2662.Config.Repository.bin [22]
[MD5.7F50D522E51BF1B8003D7E3F7698D2EF] [SPRF][24/06/2012] (...) -- C:\Documents and Settings\ROUCOU\Application Data\Windows1569_SettingsRepository.bin [22]
~ Files: 3 Legitimates Filtered in 00mn 00s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.A612C2BAEF7F3054CA89DC767BC523A1] [WIS][21/05/2012] (.TechSmith Corporation - SnagIt.) -- C:\Windows\Installer\1489d70.msi [1686528]
~ WIS: 42 Legitimates Filtered in 00mn 05s
---\\ Etat g�n�ral des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 06/08/2012 155648 | (AcrSch2Svc) . (.Acronis.) - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
SS - | Auto 12/07/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 05/07/2013 84024 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SR - | Auto 05/07/2013 108088 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SS - | Disabled 05/07/2013 589368 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.exe
SS - | Disabled 29/09/2004 405504 | (Ati HotKey Poller) . (.ATI Technologies Inc..) - C:\WINDOWS\system32\Ati2evxx.exe
SS - | Disabled 29/09/2004 516096 | (ATI Smart) . (...) - C:\WINDOWS\system32\ati2sgag.exe
SS - | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Disabled 09/05/2011 136120 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Auto 29/08/2003 307200 | (LexBceS) . (.Lexmark International, Inc..) - C:\WINDOWS\system32\LEXBCES.exe
SS - | Disabled 13/12/2004 49152 | (UleadBurningHelper) . (.Ulead Systems, Inc..) - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
SR - | Auto 13/09/2010 399872 | (UPHClean) . (.Windows (R) Codename Longhorn DDK provider.) - C:\Program Files\UPHClean\uphclean.exe
~ Services: Scanned in 00mn 06s
---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by ROUCOU at 07/09/2013 15:34:22
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys videX32.sys PCIIDEX.SYS
C:\WINDOWS\system32\drivers\videX32.sys VIA Technologies, Inc. VIA PCI IDE MINI Driver
1 nt!IofCallDriver[0x804E3735] >> \Device\Harddisk0\DR0[0x82F85AB8]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 14 Legitimates Filtered in 00mn 02s
---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by ROUCOU at 07/09/2013 15:34:24
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
---\\ Scan Additionnel (O88)
Database Version : v2.12894 - (07/09/2013)
Cl�s trouv�es (Keys found) : 0
Valeurs trouv�es (Values found) : 0
Dossiers trouv�s (Folders found) : 0
Fichiers trouv�s (Files found) : 1
C:\WINDOWS\Prefetch\WAJAM_VALIDATE.EXE-0CC59DF5.pf =>Toolbar.Wajam^
~ Additionnel Scan: 161110 Items scanned in 00mn 16s
---\\ R�capitulatif des d�tections trouv�es sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/27379491-toolbar-wajam =>Toolbar.Wajam
~ MSI: 1 link(s) detected in 00mn 16s
~ 1752 Legitimates filtered by white list
End of the scan (608 lines in 04mn 58s)(0)
~ Lanc� par ROUCOU (07/09/2013 15:29:44)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Traduit par Nicolas Coolman
~ Etat de la version : Version � jour.
~ Liste blanche : Activ�e par le programme
~ El�vation des Privil�ges : OK
~ User Account Control (UAC): Not Found
---\\ Navigateurs Internet
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox 23.0.1 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Fran�ais
Windows XP Home Edition Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK
---\\ Logiciels de protection du syst�me
Avira Free Antivirus v13.0.0.3885
Malwarebytes Anti-Malware version 1.75.0.1300
---\\ Logiciels d'optimisation du syst�me
CCleaner v4.05 =>Piriform Ltd
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
---\\ Informations sur le syst�me
~ Processor: x86 Family 6 Model 8 Stepping 1, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 767 MB (54% free)
System Restore: D�sactiv� (Disabled)
System drive C: has 23 GB (58%) free of 39 GB
---\\ Mode de connexion au syst�me
~ Computer Name: JEAN-LUC
~ User Name: ROUCOU
~ All Users Names: SUPPORT_388945a0, ROUCOU, HelpAssistant, ASPNET, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppData% : C:\Documents and Settings\ROUCOU\Application Data\
~ %Desktop% : C:\Documents and Settings\ROUCOU\Bureau\
~ %Favorites% : C:\Documents and Settings\ROUCOU\Favoris\
~ %LocalAppData% : C:\Documents and Settings\ROUCOU\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\ROUCOU\Menu D�marrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\
---\\ Enum�ration des unit�s disques
C:\ Hard drive, Flash drive, Thumb drive (Free 23 Go of 39 Go)
D:\ CD-ROM drive (Not Inserted)
E:\ Hard drive, Flash drive, Thumb drive (Free 9 Go of 28 Go)
G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
J:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
K:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Etat du Centre de S�curit� Windows
~ Security Center: 26 Legitimates Filtered in 00mn 00s
---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.E1948293F7CBC38987270432935D8D05] - (.Microsoft Corporation - Internet Extensions for Win32.) (.26/07/2013 - 03:47:15.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.13/04/2008 - 19:00:54.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parall�le.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 10:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.13/04/2008 - 19:57:36.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 01s
---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 2/749
~ Mes musiques (My Musics) : 1/2
~ Mes Favoris (My Favorites) : 1/383
~ Mes Documents (My Documents) : 2/1832
~ Mon Bureau (My Desktop) : 0/105
~ Menu demarrer (Programs) : 1/51
~ Hidden Files: Scanned in 00mn 04s
---\\ Processus lanc�s au d�marrage du syst�me
[MD5.BFADBB0B68E566F6F46B856557A68EC1] - (.Lexmark International, Inc. - LexBce Service.) -- C:\WINDOWS\system32\LEXBCES.exe [307200] [PID.1184]
[MD5.B0360B57F7A0EADEEA84961197C721FF] - (.Lexmark International, Inc. - LEXPPS.EXE.) -- C:\WINDOWS\system32\LEXPPS.exe [174592] [PID.1240]
[MD5.99387251353598C939592FAF40DF8AA9] - (.Avira Operations GmbH & Co. KG - Avira Scheduler.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024] [PID.1328]
[MD5.15EB9148D68ED4AC3C3BDE6DF101070A] - (.Lexmark International, Inc. - Lexmark 3100 Series Button Manager.) -- C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe [106496] [PID.1608]
[MD5.A2A5A81E5B8783514BAE5296DC1A2FA5] - (...) -- C:\Program Files\Lexmark 3100 Series\lxbrksk.exe [282624] [PID.1636]
[MD5.4631FF0EE2964CCDC646AF807CB778F5] - (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345144] [PID.1660]
[MD5.B8E5B65D2C5C3256A6EAAF956A7A653C] - (...) -- C:\Utilitaires\Atomic Alarm Clock\AtomicAlarmClock.exe [1742848] [PID.1672]
[MD5.F41BC0CFDFA32101A01C9979F96BDACF] - (.CH-Software - PopMan.) -- C:\Program Files\PopMan\PopMan.exe [847872] [PID.1708]
[MD5.475B4833C17D6551F71D2943104DCC55] - (.Singer's Creations - Pas de description.) -- C:\Utilitaires\Weather Watcher\ww.exe [937984] [PID.1720]
[MD5.EC522E30D4CCB56D3DAB972169DBBFDB] - (.Lexmark International, Inc. - Lexmark 3100 Series Button Monitor.) -- C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe [53248] [PID.1732]
[MD5.CD4D418E6A19A286261172B09A5DFE81] - (...) -- C:\Program Files\Lexmark 3100 Series\lxbrcmon.exe [16384] [PID.1744]
[MD5.EEC3EF7595D16C08B7621938A13DC9B5] - (.Pas de propri�taire - Firemin.) -- C:\Temp\firemin\Firemin.exe [591479] [PID.1772]
[MD5.539DC4006E3C1D7C3A00CD91CB7973B7] - (.TILER.com - FreeMeter Application.) -- C:\Program Files\FreeMeter\FreeMeter.exe [614400] [PID.1784]
[MD5.58FD3BEDE0AFE2371A669D43BE0AF5B4] - (.grenouille.com - Pas de description.) -- C:\Utilitaires\PyGrenouille\pygrenouille.exe [91648] [PID.1792]
[MD5.8A86F41B857DA166033B1795FE69BF37] - (.Almico Software (www.almico.com) - Pas de description.) -- C:\Program Files\SpeedFan\speedfan.exe [4683768] [PID.1800]
[MD5.7AA42B6EE677EE292C1E74055D409750] - (.Logitech Inc. - Logitech Events Handler Application.) -- C:\Program Files\Logitech\MouseWare\system\em_exec.exe [38912] [PID.1852]
[MD5.17773EDD4B9A2817E5FC703C11A4C1D5] - (.Acronis - Acronis Scheduler 2.) -- C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe [155648] [PID.1960]
[MD5.8491FDA93507F2F27FFBA11372764086] - (.Avira Operations GmbH & Co. KG - Avira On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088] [PID.2016]
[MD5.325FB38C323C63C7F57885B4DFB1B91E] - (.Windows (R) Codename Longhorn DDK provider - User Profile Hive Cleanup Service.) -- C:\Program Files\UPHClean\uphclean.exe [399872] [PID.296]
[MD5.68C105908A54D734D2B154DB546F562E] - (.Avira Operations GmbH & Co. KG - Avira Shadow Copy Service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [76856] [PID.2568]
[MD5.DFB2902086DEC1469F13C2BA839BC6E1] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7909376] [PID.1008]
[MD5.5E9A6658A2A69AE7EB195113B7A2E7A9] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.2712]
~ Processes Running: Scanned in 00mn 02s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\prefs.js
P2 - FPN: [HKLM] [@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin] - (.Simon B?nzli - SumatraPDF Browser Plugin.) -- C:\Program Files\SumatraPDF\npPdfViewer.dll
P2 - FPN: [HKCU] [@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin] - (.Simon B?nzli - SumatraPDF Browser Plugin.) -- C:\Program Files\SumatraPDF\npPdfViewer.dll
~ Firefox Browser: 8 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://forum.pcastuces.com
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Simon B?nzli - SumatraPDF Browser Plugin.) (No version) -- (.not file.)
~ IE Browser: 12 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - [HKCU]{710EB7A1-45ED-11D0-924A-0020AFC7AC4D} Cl� orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Cl� orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Run: [Logitech Utility] . (.Logitech Inc. - Logitech Launcher Application.) -- C:\WINDOWS\Logi_MwX.exe
O4 - HKLM\..\Run: [Lexmark 3100 Series] . (.Lexmark International, Inc. - Lexmark 3100 Series Button Manager.) -- C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
O4 - HKLM\..\Run: [LXBRKsk] . (...) -- C:\Program Files\Lexmark 3100 Series\lxbrksk.exe
O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
O4 - HKCU\..\Run: [SkinClock] . (...) -- C:\Utilitaires\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKCU\..\Run: [PopMan] . (.CH-Software - PopMan.) -- C:\Program Files\PopMan\PopMan.exe
O4 - HKCU\..\Run: [WeatherWatcher] . (.Singer's Creations - Pas de description.) -- C:\Utilitaires\Weather Watcher\ww.exe
O4 - HKUS\S-1-5-21-1275210071-1383384898-1801674531-1004\..\Run: [SkinClock] . (...) -- C:\Utilitaires\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKUS\S-1-5-21-1275210071-1383384898-1801674531-1004\..\Run: [PopMan] . (.CH-Software - PopMan.) -- C:\Program Files\PopMan\PopMan.exe
O4 - HKUS\S-1-5-21-1275210071-1383384898-1801674531-1004\..\Run: [WeatherWatcher] . (.Singer's Creations - Pas de description.) -- C:\Utilitaires\Weather Watcher\ww.exe
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Programs: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Programs: Mozilla Thunderbird.lnk . (.Mozilla Corporation - Thunderbird.) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
O4 - GS\Programs: SumatraPDF.lnk . (.Krzysztof Kowalczyk - SumatraPDF.) -- C:\Program Files\SumatraPDF\SumatraPDF.exe
O4 - GS\Programs: Windows Movie Maker.lnk . (.Microsoft Corporation - Windows Movie Maker.) -- C:\Program Files\Movie Maker\moviemk.exe
O4 - GS\Programs: Assistance � distance.lnk . (.Microsoft Corporation - Assistance � distance Microsoft.) -- C:\WINDOWS\system32\rcimlby.exe
O4 - GS\Programs: Windows Install Clean Up.lnk . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
~ Global Startup: Scanned in 00mn 01s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{241C2B6B-0C53-4EFD-8D4C-7C25E7FA6156}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{241C2B6B-0C53-4EFD-8D4C-7C25E7FA6156}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{241C2B6B-0C53-4EFD-8D4C-7C25E7FA6156}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Titr_HJT34=Protocole additionnel (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. - ATI External Event Utility DLL Module.) -- C:\WINDOWS\system32\Ati2evxx.dll
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent r�seau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: LexBce Server (LexBceS) . (.Lexmark International, Inc. - LexBce Service.) - C:\WINDOWS\system32\LEXBCES.exe
O23 - Service: User Profile Hive Cleanup (UPHClean) . (.Windows (R) Codename Longhorn DDK provider - User Profile Hive Cleanup Service.) - C:\Program Files\UPHClean\uphclean.exe
~ Services: 6 Legitimates Filtered in 00mn 03s
---\\ Enum�ration Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\ROUCOU\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\ROUCOU\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s
---\\ Pilotes lanc�s au d�marrage du syst�me (O41)
O41 - Driver: (BANTExt) . (...) - C:\WINDOWS\system32\Drivers\BANTExt.sys
~ Drivers: 69 Legitimates Filtered in 00mn 00s
---\\ Logiciels install�s (O42)
O42 - Logiciel: Atomic Alarm Clock 5.87 - (.Drive Software Company.) [HKLM] -- Atomic Alarm Clock_is1
O42 - Logiciel: BirdsEvolutionPro - (...) [HKCU] -- BIRDS EVOLUTION PRO
O42 - Logiciel: EnableDisable for Office version 3.7 - (.Topalt.com.) [HKLM] -- {664320A7-8522-47C2-B605-F33A30A2FA52}_is1
O42 - Logiciel: MV RegClean 5.9 Fran�ais - (...) [HKLM] -- MV RegClean 5.9 Fran�ais_is1
O42 - Logiciel: PasseMemo - (...) [HKCU] -- PASSEMEMO
O42 - Logiciel: Secu 4.0 - (.JSAL Software.) [HKLM] -- {85DA9BC7-C5F9-4CB1-84C2-8342995D2CD6}_is1
O42 - Logiciel: Statfoot32 - (.Cellard Software.) [HKLM] -- Statfoot32_is1
O42 - Logiciel: Suivi-Secu - (...) [HKCU] -- SUIVI-SECU
~ Logic: 101 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Agent_EXE]
[HKCU\Software\ClockSkin587]
[HKCU\Software\FreeMeter]
[HKCU\Software\L.S.I.]
[HKCU\Software\OPSWAT]
[HKCU\Software\Praxisoft]
[HKCU\Software\mtsf.com]
[HKLM\Software\LXBRDataCaching]
[HKLM\Software\LXBRFormatShell]
~ Key Software: 242 Legitimates Filtered in 00mn 01s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 19/08/2013 - 14:40:56 - [5,142] ----D C:\Program Files\Double Driver
O43 - CFD: 02/08/2012 - 13:51:36 - [1,674] ----D C:\Program Files\FreeMeter
O43 - CFD: 05/09/2013 - 11:59:43 - [1,941] ----D C:\Program Files\MV RegClean 5.9 Fran�ais
O43 - CFD: 24/04/2013 - 14:52:37 - [2,729] ----D C:\Program Files\Secu 4.0
O43 - CFD: 24/04/2013 - 14:48:40 - [37,500] ----D C:\Program Files\Suivi S�cu
O43 - CFD: 21/05/2012 - 13:38:17 - [0,001] ----D C:\Documents and Settings\All Users\Application Data\Suivi S�cu
O43 - CFD: 27/07/2013 - 19:55:06 - [0] -SH-D C:\Documents and Settings\All Users\Application Data\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
O43 - CFD: 12/08/2012 - 15:20:25 - [0,001] ----D C:\Documents and Settings\ROUCOU\Application Data\#Hf
O43 - CFD: 21/05/2012 - 15:03:43 - [0,001] ----D C:\Documents and Settings\ROUCOU\Application Data\Topalt
O43 - CFD: 03/04/2013 - 11:25:07 - [0,008] ----D C:\Documents and Settings\ROUCOU\Local Settings\Application Data\hq
O43 - CFD: 10/08/2012 - 11:44:58 - [0,001] ----D C:\Documents and Settings\ROUCOU\Menu D�marrer\Programmes\FreeMeter
O43 - CFD: 23/05/2012 - 19:52:02 - [0,002] ----D C:\Documents and Settings\ROUCOU\Menu D�marrer\Programmes\TAROT PRO 99
~ Program Folder: 200 Legitimates Filtered in 00mn 16s
---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.920C91FEA27C6F10117BE8BAA8921120] - 07/09/2013 - 14:25:53 ---A- . (...) -- C:\WINDOWS\wiadebug.log [393]
O44 - LFC:[MD5.43070C9F9640DB7BEED2A00DE63A3700] - 07/09/2013 - 14:25:53 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.F030E0B8D6E0D90BA293C4F0239F3DF6] - 07/09/2013 - 14:23:44 ---A- . (...) -- C:\WINDOWS\FLASHKSK.INI [22]
O44 - LFC:[MD5.492B9936F052B50B94ED2D04EA96DD2C] - 07/09/2013 - 14:23:37 ---A- . (...) -- C:\WINDOWS\LXBRCAH.ini [3206]
O44 - LFC:[MD5.9C6A1ED5E6C31D91DE1158FEE9BCA654] - 07/09/2013 - 09:34:02 ---A- . (...) -- C:\WINDOWS\lexstat.ini [420]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 05/09/2013 - 10:59:59 ---A- . (...) -- C:\WINDOWS\Sti_Trace.log [0]
O44 - LFC:[MD5.E5853F83178520C918E0696F13474C19] - 02/09/2013 - 11:57:29 ---A- . (...) -- C:\WINDOWS\system32\STEC.PRO [96]
O44 - LFC:[MD5.96C85A2CA15607FD99FE66E38FEB9F07] - 01/09/2013 - 18:41:38 -SHA- . (...) -- C:\WINDOWS\Thumbs.db [8192]
~ Files: 13 Legitimates Filtered in 01mn 23s
---\\ Derniers fichiers cr��s dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.3AC8344FFEB953EA81F509307277C1D7] - 04/09/2013 - 14:12:37 ---A- - C:\WINDOWS\Prefetch\ADVANCED TOKENS MANAGER.EXE-3313C4A4.pf
O45 - LFCP:[MD5.254A61DE450712D9EF1AD6AEF0F9F25E] - 04/09/2013 - 14:41:06 ---A- - C:\WINDOWS\Prefetch\DIRECTORYLISTPRINTPRO.EXE-1823B831.pf
O45 - LFCP:[MD5.7DC0DF891337FB9AAEDFF011D37927CE] - 04/09/2013 - 14:42:31 ---A- - C:\WINDOWS\Prefetch\PHOTO-REDUCTEUR.EXE-2CE036CB.pf
O45 - LFCP:[MD5.7BC13B95DAF869E8A803592ECE754CB2] - 04/09/2013 - 14:42:31 ---A- - C:\WINDOWS\Prefetch\PHOTO-REDUCTEUR.TMP-1DB2F22D.pf
O45 - LFCP:[MD5.C50260B6A42F44C717BD1E5C7996E046] - 04/09/2013 - 14:49:40 ---A- - C:\WINDOWS\Prefetch\EVERYTHING.EXE-0B65EEF8.pf
O45 - LFCP:[MD5.D5E8F6C132C8ABA7F1907CF775A8C628] - 04/09/2013 - 16:19:12 ---A- - C:\WINDOWS\Prefetch\SNAGIT32.EXE-32FF2CF1.pf
O45 - LFCP:[MD5.371E993D7D464DB47608D179F338AA12] - 04/09/2013 - 16:19:21 ---A- - C:\WINDOWS\Prefetch\SNAGPRIV.EXE-2225E292.pf
O45 - LFCP:[MD5.483BC731693C225C6FAB1DF1593FE8D3] - 04/09/2013 - 16:27:29 ---A- - C:\WINDOWS\Prefetch\LXBRBMGR.EXE-3599B64B.pf
O45 - LFCP:[MD5.47454793006FA8869B5B7F5FECBD315B] - 04/09/2013 - 16:27:36 ---A- - C:\WINDOWS\Prefetch\LXBRAIOX.EXE-15FEEA52.pf
O45 - LFCP:[MD5.591B084CC172C45AEEA1F8BF087E0F83] - 04/09/2013 - 16:27:36 ---A- - C:\WINDOWS\Prefetch\RTDRVMON.EXE-09CBA037.pf
O45 - LFCP:[MD5.7C1F88F44908F768073E344792813886] - 04/09/2013 - 17:00:22 ---A- - C:\WINDOWS\Prefetch\RTMPDUMP.EXE-051BB7C0.pf
O45 - LFCP:[MD5.4D562E18296DB20F566A429CE03C20DF] - 04/09/2013 - 17:55:42 ---A- - C:\WINDOWS\Prefetch\JV16 POWERTOOLS 2012 2.1.0.11-20F2C505.pf
O45 - LFCP:[MD5.E407D3FAC493DB756028BA4B6862410E] - 05/09/2013 - 07:54:18 ---A- - C:\WINDOWS\Prefetch\PHOTO.EXE-31BCE028.pf
O45 - LFCP:[MD5.B155030B7A606656315E98F9E45EB13D] - 05/09/2013 - 08:04:10 ---A- - C:\WINDOWS\Prefetch\JV16PT.EXE-2E23EE72.pf
O45 - LFCP:[MD5.E4EEFCB0321F8BDBF8BF830E13E53143] - 05/09/2013 - 08:58:30 ---A- - C:\WINDOWS\Prefetch\JV16PT.EXE-0606A2A8.pf
O45 - LFCP:[MD5.2D770ADC9C917903013F85EDB419A305] - 05/09/2013 - 10:41:48 ---A- - C:\WINDOWS\Prefetch\LIFETRAY.EXE-36181759.pf
O45 - LFCP:[MD5.981EF1492DAEC640A47E5C9905435267] - 05/09/2013 - 10:56:52 ---A- - C:\WINDOWS\Prefetch\MVREGCLEAN.EXE-1184873F.pf
O45 - LFCP:[MD5.A334F77633861D5D8BCBE0A129DBFF59] - 05/09/2013 - 14:08:04 ---A- - C:\WINDOWS\Prefetch\DIRECTORYLISTPRINTPRO.EXE-2D22D70C.pf
O45 - LFCP:[MD5.0F450C1D65E47407E71E64D81081E3A0] - 05/09/2013 - 14:26:02 ---A- - C:\WINDOWS\Prefetch\DIRECTORYLISTPRINTPRO.EXE-2B3617D8.pf
O45 - LFCP:[MD5.00FE1F4E91948FEA96E1747C41F6FBEC] - 05/09/2013 - 14:27:23 ---A- - C:\WINDOWS\Prefetch\SUMO.EXE-1DB885C7.pf
O45 - LFCP:[MD5.AEEF029A34BE1B6BB5922DFBDC6AC8B8] - 05/09/2013 - 19:02:26 ---A- - C:\WINDOWS\Prefetch\LICENCE_LEGALE_GIVEAWAY_WINRA-1424AB65.pf
O45 - LFCP:[MD5.35D110154A851F1AE06D67B05B012CB4] - 06/09/2013 - 01:46:31 ---A- - C:\WINDOWS\Prefetch\STARTER.EXE-1EF74A33.pf
O45 - LFCP:[MD5.887935C282C25780732B25C5FA3C3B35] - 06/09/2013 - 01:48:33 ---A- - C:\WINDOWS\Prefetch\DIRECTORYLISTPRINTPRO.EXE-0C50A17A.pf
O45 - LFCP:[MD5.DDB220C9E38E536FA5CDC2D7FBCBCAF9] - 06/09/2013 - 09:03:38 ---A- - C:\WINDOWS\Prefetch\SHEXVIEW.EXE-04C77EDC.pf
O45 - LFCP:[MD5.5CD17FF470820166E6D411971D9BB802] - 06/09/2013 - 12:39:57 ---A- - C:\WINDOWS\Prefetch\DIRECTORYLISTPRINTPRO.EXE-2CDC3221.pf
O45 - LFCP:[MD5.D8C1D7C875E14DC64E2F235383DE1B3A] - 06/09/2013 - 20:01:25 ---A- - C:\WINDOWS\Prefetch\DRIVERGENIUS.EXE-30453135.pf
O45 - LFCP:[MD5.B63FBAF48D8549081E2FA0616F8CA0B1] - 06/09/2013 - 20:01:45 ---A- - C:\WINDOWS\Prefetch\DRVGENPRO.EXE-085E19A9.pf
O45 - LFCP:[MD5.D48166C660733E9CD4EF81864D1BCD0A] - 06/09/2013 - 20:01:46 ---A- - C:\WINDOWS\Prefetch\DRVGENPRO.TMP-3202BE25.pf
O45 - LFCP:[MD5.44F1EFAA0D9B375498892E78059139A5] - 06/09/2013 - 21:02:57 ---A- - C:\WINDOWS\Prefetch\DRIVERGENIUS.EXE-3B5636D8.pf
O45 - LFCP:[MD5.9DA9B8775BBF1AA4854BA56F84B4D7C3] - 06/09/2013 - 21:10:54 ---A- - C:\WINDOWS\Prefetch\_IU14D2N.TMP-2AC9B288.pf
O45 - LFCP:[MD5.8363D460EED7565E9C4B90B756F28DD6] - 06/09/2013 - 21:19:34 ---A- - C:\WINDOWS\Prefetch\ESSENTIALPIM.EXE-0D6FEFF1.pf
O45 - LFCP:[MD5.C74291AEDFC9B3B433B65460EBC1942E] - 07/09/2013 - 09:31:55 ---A- - C:\WINDOWS\Prefetch\LXBRJSWX.EXE-19E47842.pf
O45 - LFCP:[MD5.9EE655AF3A873A12EA24500F07FB6F50] - 07/09/2013 - 09:31:55 ---A- - C:\WINDOWS\Prefetch\LXBRPSWX.EXE-18E0922A.pf
O45 - LFCP:[MD5.F344246AA4A1720440499C33C5C8CA6B] - 07/09/2013 - 13:08:50 ---A- - C:\WINDOWS\Prefetch\GORGY-~1.SCR-10CF7537.pf
O45 - LFCP:[MD5.56AF8F31C2B1F42FBB488D55D77C8E4E] - 07/09/2013 - 14:02:57 ---A- - C:\WINDOWS\Prefetch\DIRECTORYLISTPRINTFR.EXE-0944A8A2.pf
O45 - LFCP:[MD5.88552EDBF90F49C9797F1235525EC207] - 07/09/2013 - 14:03:04 ---A- - C:\WINDOWS\Prefetch\WAJAM_VALIDATE.EXE-0CC59DF5.pf =>Toolbar.Wajam
O45 - LFCP:[MD5.59773A7245285D3810348A80879668AD] - 07/09/2013 - 14:04:45 ---A- - C:\WINDOWS\Prefetch\DIRECTORYLISTPRINTPRO.EXE-2334110E.pf
O45 - LFCP:[MD5.FB92378A1BCC111EFEDD976D436E0F25] - 07/09/2013 - 14:24:53 ---A- - C:\WINDOWS\Prefetch\NETSTAT.EXE-2B2B4428.pf
O45 - LFCP:[MD5.97310BCBEE135CDEFC0FFF952F4584F6] - 07/09/2013 - 14:24:53 ---A- - C:\WINDOWS\Prefetch\TRAFIC.EXE-29707A58.pf
O45 - LFCP:[MD5.FE99D1A24E7D37BAA7B92726C5639C31] - 07/09/2013 - 14:25:16 ---A- - C:\WINDOWS\Prefetch\DL.EXE-00F0573C.pf
~ Prefetcher: 117 Legitimates Filtered in 00mn 03s
---\\ Op�rations et fonctions au d�marrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Export de cl� d'application autoris�e (O47)
O47 - AAKE:Key Export SP - "C:\Program Files\BSD Concept\Heredis 13\Heredis13.exe" [Enabled] .(.BSD Concept.) -- C:\Program Files\BSD Concept\Heredis 13\Heredis13.exe
~ Keys Export: 8 Legitimates Filtered in 00mn 00s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s
---\\ Enum�ration des cl�s de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du syst�me (SDL) (O58)
O58 - SDL:[MD5.5D7BE7B19E827125E016325334E58FF1] - 09/08/2011 - 16:33:58 ---A- . (...) -- C:\WINDOWS\system32\Drivers\BANTExt.sys [3840]
O58 - SDL:[MD5.FE62E9711285DC2002DEF9B2BC2FB220] - 26/12/2011 - 14:34:30 ---A- . (...) -- C:\WINDOWS\system32\ampa.sys [10936]
~ Drivers: 5 Legitimates Filtered in 00mn 00s
---\\ Derniers fichiers modifi�s ou cr�es (Utilisateur) (O61)
O61 - LFC: 04/09/2013 - 11:11:18 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\sessionbackups\tabmix_sessions-2013-09-04.rdf [6983]
O61 - LFC: 04/09/2013 - 11:11:19 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\bookmarkbackups\bookmarks-2013-09-04.json [193457]
O61 - LFC: 04/09/2013 - 14:11:58 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\mimeTypes.rdf [16900]
O61 - LFC: 04/09/2013 - 14:48:57 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Emjysoft\Photo-reducteur\bdd\photo.mmo [225618]
O61 - LFC: 05/09/2013 - 01:17:32 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\bookmarkbackups\bookmarks-2013-09-05.json [193457]
O61 - LFC: 05/09/2013 - 07:54:09 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Emjysoft\Photo-reducteur\bdd\bddinfo.fic [1594]
O61 - LFC: 05/09/2013 - 07:54:09 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Emjysoft\Photo-reducteur\bdd\bddinfo.ndx [4338]
O61 - LFC: 05/09/2013 - 07:54:09 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Emjysoft\Photo-reducteur\bdd\photo.FIC [1922]
O61 - LFC: 05/09/2013 - 07:54:09 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Emjysoft\Photo-reducteur\bdd\photo.ndx [11568]
O61 - LFC: 05/09/2013 - 07:54:09 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Local Settings\Application Data\734bcd4ea0f862bf36b9fd8e59449a7f [129]
O61 - LFC: 05/09/2013 - 07:54:09 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Local Settings\Application Data\Emjysoft\DataSh\46621d82c15c84cb289bdd64cc124496 [129]
O61 - LFC: 05/09/2013 - 08:45:13 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Bureau\System\jv16 PowerTools 2013.lnk [1572]
O61 - LFC: 05/09/2013 - 08:45:28 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Menu D�marrer\Programmes\jv16 PowerTools 2013\Uninstall jv16 PowerTools 2013.lnk [1857]
O61 - LFC: 05/09/2013 - 08:45:28 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Menu D�marrer\Programmes\jv16 PowerTools 2013\jv16 PowerTools 2013.lnk [1584]
O61 - LFC: 05/09/2013 - 08:45:31 -SHA- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\System8638Conf Collection [22]
O61 - LFC: 05/09/2013 - 08:45:31 -SHA- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Win3944_ConfigDB.dlx [22]
O61 - LFC: 05/09/2013 - 10:24:46 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\sessionbackups\tabmix_sessions-2013-09-05.rdf [16711]
O61 - LFC: 05/09/2013 - 14:26:59 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Bureau\Utilitaires\DirectoryListPrint.lnk [800]
O61 - LFC: 05/09/2013 - 14:27:59 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\KC Softwares\SUMo\ignore.sumo [392]
O61 - LFC: 05/09/2013 - 14:28:24 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\KC Softwares\SUMo\reg.sumo [9905]
O61 - LFC: 05/09/2013 - 14:28:26 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\KC Softwares\SUMo\db.bak [3734]
O61 - LFC: 05/09/2013 - 14:28:40 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\KC Softwares\SUMo\SUMo.cache [3112]
O61 - LFC: 05/09/2013 - 14:28:57 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\KC Softwares\SUMo\db.sumo [3734]
O61 - LFC: 05/09/2013 - 14:56:58 ---A- . (.*.) -- C:\Documents and Settings\ROUCOU\Mes documents\Entretien Tassimo.xls [19456]
O61 - LFC: 05/09/2013 - 14:57:12 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Recent\Entretien Tassimo.lnk [605]
O61 - LFC: 05/09/2013 - 16:20:38 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Recent\Formation Progression Emplois du temps CP.lnk [530]
O61 - LFC: 05/09/2013 - 16:22:22 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Recent\CP.lnk [327]
O61 - LFC: 05/09/2013 - 16:22:22 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Recent\Test du niveau de conscience phonologique - CP - septembre 2012[1].lnk [602]
O61 - LFC: 05/09/2013 - 16:38:45 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Favoris\Liens\Sites sugg�r�s.url [86]
O61 - LFC: 05/09/2013 - 16:47:55 -SHA- . (...) -- C:\Documents and Settings\ROUCOU\PrivacIE\index.dat [966656]
O61 - LFC: 05/09/2013 - 17:54:58 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk [2593]
O61 - LFC: 06/09/2013 - 01:42:40 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\bookmarkbackups\bookmarks-2013-09-06.json [193457]
O61 - LFC: 06/09/2013 - 10:47:56 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Recent\Ech�ancier.lnk [570]
O61 - LFC: 06/09/2013 - 10:48:30 ---A- . (.ROUCOU.) -- C:\Documents and Settings\ROUCOU\Mes documents\Ech�ancier.xls [88064]
O61 - LFC: 06/09/2013 - 10:53:42 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\sessionbackups\tabmix_sessions-2013-09-06.rdf [10370]
O61 - LFC: 06/09/2013 - 12:38:19 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Recent\DirectoryListPrintProEN.lnk [654]
O61 - LFC: 06/09/2013 - 13:17:47 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk [2547]
O61 - LFC: 06/09/2013 - 13:17:57 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Recent\CD.lnk [524]
O61 - LFC: 06/09/2013 - 17:07:53 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\healthreport\state.json [89]
O61 - LFC: 06/09/2013 - 17:14:23 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\healthreport.sqlite [1507328]
O61 - LFC: 06/09/2013 - 18:28:31 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\blocklist.xml [77301]
O61 - LFC: 06/09/2013 - 19:26:08 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Recent\WR5.lnk [548]
O61 - LFC: 06/09/2013 - 19:39:01 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Recent\Driver_Genius_PRO_10.0.0.712.lnk [715]
O61 - LFC: 06/09/2013 - 19:39:59 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Recent\installation instructions.lnk [1367]
O61 - LFC: 06/09/2013 - 19:40:08 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Recent\Driver Genius PRO 10.0.0.712 + Crack-[Liberalisten].lnk [969]
O61 - LFC: 06/09/2013 - 19:40:08 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Recent\info.lnk [1258]
O61 - LFC: 06/09/2013 - 21:02:54 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Mes documents\DriverGenius\LiveUpdate.dat [97]
O61 - LFC: 06/09/2013 - 21:03:23 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Mes documents\DriverGenius\Update.dat [32]
O61 - LFC: 06/09/2013 - 21:04:05 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Voisinage r�seau\T�l�chargement sur Intel\target.lnk [702]
O61 - LFC: 06/09/2013 - 21:19:38 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\EssentialPIM Pro\TEST.backup_20130906_2219.epim [19898368]
O61 - LFC: 06/09/2013 - 21:20:24 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\EssentialPIM Pro\TEST.EPIM [22523904]
O61 - LFC: 07/09/2013 - 02:56:16 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\bookmarkbackups\bookmarks-2013-09-07.json [193457]
O61 - LFC: 07/09/2013 - 08:28:14 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Recent\Outils Compr�hension CP et Phono GS.lnk [624]
O61 - LFC: 07/09/2013 - 08:28:21 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Recent\Autonomie Phono.lnk [564]
O61 - LFC: 07/09/2013 - 08:28:21 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Recent\Programme lecture FICHIERS.lnk [454]
O61 - LFC: 07/09/2013 - 09:22:19 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Recent\~$cp2.lnk [434]
O61 - LFC: 07/09/2013 - 09:33:37 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Recent\cp 2013.lnk [447]
O61 - LFC: 07/09/2013 - 09:34:21 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Recent\cp ab.lnk [340]
O61 - LFC: 07/09/2013 - 09:34:21 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Recent\cp2.lnk [426]
O61 - LFC: 07/09/2013 - 10:37:34 R--A- . (...) -- C:\Documents and Settings\ROUCOU\Mes documents\Money Sauvegarde.mbf [12098822]
O61 - LFC: 07/09/2013 - 10:37:39 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Mes documents\Money.mny [11321344]
O61 - LFC: 07/09/2013 - 10:37:51 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\sessionbackups\tabmix_sessions-2013-09-07.rdf [11669]
O61 - LFC: 07/09/2013 - 11:56:33 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\webappsstore.sqlite [4554752]
O61 - LFC: 07/09/2013 - 12:45:29 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Local Settings\Application Data\LastPass\6c5dcb7c8ab479a3e2f7ea52061de424d7dd2a272721bcb9f4f77881d37afe64_lt.cac [1091]
O61 - LFC: 07/09/2013 - 12:51:02 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\formhistory.sqlite [327680]
O61 - LFC: 07/09/2013 - 14:02:10 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\addons.sqlite [524288]
O61 - LFC: 07/09/2013 - 14:02:15 R--A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\extensions\Noia4Options@ArisT2.xpi [88432]
O61 - LFC: 07/09/2013 - 14:02:15 R--A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\extensions\{faf13420-5e24-11e0-80e3-0800200c9a66}.xpi [1449144]
O61 - LFC: 07/09/2013 - 14:03:49 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\PopMan\MailCache.dat [0]
O61 - LFC: 07/09/2013 - 14:04:37 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Recent\DirectoryListPrintFR.lnk [639]
O61 - LFC: 07/09/2013 - 14:04:37 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Recent\T�l�chargement.lnk [465]
O61 - LFC: 07/09/2013 - 14:04:55 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\DirectoryListPrintPro\DirectoryListPrintPro.favorits [15]
O61 - LFC: 07/09/2013 - 14:04:55 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\DirectoryListPrintPro\DirectoryListPrintPro.prefs [1643]
O61 - LFC: 07/09/2013 - 14:05:38 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\parent.lock [0]
O61 - LFC: 07/09/2013 - 14:05:39 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\extensions.sqlite [524288]
O61 - LFC: 07/09/2013 - 14:05:40 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\pluginreg.dat [4592]
O61 - LFC: 07/09/2013 - 14:05:40 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\webapps\webapps.json [2]
O61 - LFC: 07/09/2013 - 14:05:48 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\forecastfox.sqlite [425984]
O61 - LFC: 07/09/2013 - 14:05:49 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\urlclassifierkey3.txt [154]
O61 - LFC: 07/09/2013 - 14:05:51 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Local Settings\Application Data\LastPass\6c5dcb7c8ab479a3e2f7ea52061de424d7dd2a272721bcb9f4f77881d37afe64_key.itr [1]
O61 - LFC: 07/09/2013 - 14:06:15 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\cookies.sqlite [1048576]
O61 - LFC: 07/09/2013 - 14:06:22 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\downloads.sqlite [98304]
O61 - LFC: 07/09/2013 - 14:06:22 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\session.rdf [8910]
O61 - LFC: 07/09/2013 - 14:06:23 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\sessionstore.js [1607]
O61 - LFC: 07/09/2013 - 14:06:24 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\bookmarks.html [430485]
O61 - LFC: 07/09/2013 - 14:06:25 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\cert8.db [393216]
O61 - LFC: 07/09/2013 - 14:06:25 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\key3.db [16384]
O61 - LFC: 07/09/2013 - 14:06:25 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\localstore.rdf [24322]
O61 - LFC: 07/09/2013 - 14:06:25 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\permissions.sqlite [65536]
O61 - LFC: 07/09/2013 - 14:06:25 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\places.sqlite [20971520]
O61 - LFC: 07/09/2013 - 14:06:25 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\prefs.js [104686]
O61 - LFC: 07/09/2013 - 14:06:25 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Local Settings\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\_CACHE_CLEAN_ [1]
O61 - LFC: 07/09/2013 - 14:06:25 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Local Settings\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\startupCache\startupCache.4.little [1305334]
O61 - LFC: 07/09/2013 - 14:27:03 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Recent\Logs.lnk [994]
O61 - LFC: 07/09/2013 - 14:27:03 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Recent\mbam-log-2013-09-07 (15-09-04).lnk [1409]
O61 - LFC: 07/09/2013 - 14:29:32 -SHA- . (...) -- C:\Documents and Settings\ROUCOU\IETldCache\index.dat [262144]
~ 20 Fichiers temporaires (Temporary files)
~ 50 Fichiers cookies (Cookies files)
~ Files: 684 Legitimates Filtered in 01mn 28s
---\\ Liste des outils de d�sinfection (LATC) (O63)
O63 - Logiciel: SEAF By C_XX - (.C_XX.) [HKLM] -- SEAF
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 09/08/2011 - Pas de propri�taire (BANTExt) .(...) - LEGACY_BANTEXT
O64 - Services: CurCS - 13/09/2010 - C:\Program Files\UPHClean\uphclean.exe (UPHClean) .(.Windows (R) Codename Longhorn DDK provider - User Profile Hive Cleanup Service.) - LEGACY_UPHCLEAN
~ Legacy: 169 Legitimates Filtered in 00mn 02s
---\\ Menu de d�marrage Internet (SMI) (O68)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {36104C1F-F0F5-43EA-902F-F6CB4416A565} [DefaultScope] - (Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche particuli�re � la racine du syst�me (SPRF) (O84)
[MD5.3E829A44FFA80E6359B636948C7E41D8] [SPRF][22/05/2012] (...) -- C:\Documents and Settings\ROUCOU\Local Settings\Application Data\fusioncache.dat [129]
[MD5.6B7FF65AE8E57E7EC7FB108667067D15] [SPRF][21/05/2012] (...) -- C:\Documents and Settings\ROUCOU\Application Data\Sys2662.Config.Repository.bin [22]
[MD5.7F50D522E51BF1B8003D7E3F7698D2EF] [SPRF][24/06/2012] (...) -- C:\Documents and Settings\ROUCOU\Application Data\Windows1569_SettingsRepository.bin [22]
~ Files: 3 Legitimates Filtered in 00mn 00s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.A612C2BAEF7F3054CA89DC767BC523A1] [WIS][21/05/2012] (.TechSmith Corporation - SnagIt.) -- C:\Windows\Installer\1489d70.msi [1686528]
~ WIS: 42 Legitimates Filtered in 00mn 05s
---\\ Etat g�n�ral des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 06/08/2012 155648 | (AcrSch2Svc) . (.Acronis.) - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
SS - | Auto 12/07/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 05/07/2013 84024 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SR - | Auto 05/07/2013 108088 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SS - | Disabled 05/07/2013 589368 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.exe
SS - | Disabled 29/09/2004 405504 | (Ati HotKey Poller) . (.ATI Technologies Inc..) - C:\WINDOWS\system32\Ati2evxx.exe
SS - | Disabled 29/09/2004 516096 | (ATI Smart) . (...) - C:\WINDOWS\system32\ati2sgag.exe
SS - | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Disabled 09/05/2011 136120 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Auto 29/08/2003 307200 | (LexBceS) . (.Lexmark International, Inc..) - C:\WINDOWS\system32\LEXBCES.exe
SS - | Disabled 13/12/2004 49152 | (UleadBurningHelper) . (.Ulead Systems, Inc..) - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
SR - | Auto 13/09/2010 399872 | (UPHClean) . (.Windows (R) Codename Longhorn DDK provider.) - C:\Program Files\UPHClean\uphclean.exe
~ Services: Scanned in 00mn 06s
---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by ROUCOU at 07/09/2013 15:34:22
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys videX32.sys PCIIDEX.SYS
C:\WINDOWS\system32\drivers\videX32.sys VIA Technologies, Inc. VIA PCI IDE MINI Driver
1 nt!IofCallDriver[0x804E3735] >> \Device\Harddisk0\DR0[0x82F85AB8]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 14 Legitimates Filtered in 00mn 02s
---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by ROUCOU at 07/09/2013 15:34:24
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
---\\ Scan Additionnel (O88)
Database Version : v2.12894 - (07/09/2013)
Cl�s trouv�es (Keys found) : 0
Valeurs trouv�es (Values found) : 0
Dossiers trouv�s (Folders found) : 0
Fichiers trouv�s (Files found) : 1
C:\WINDOWS\Prefetch\WAJAM_VALIDATE.EXE-0CC59DF5.pf =>Toolbar.Wajam^
~ Additionnel Scan: 161110 Items scanned in 00mn 16s
---\\ R�capitulatif des d�tections trouv�es sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/27379491-toolbar-wajam =>Toolbar.Wajam
~ MSI: 1 link(s) detected in 00mn 16s
~ 1752 Legitimates filtered by white list
End of the scan (608 lines in 04mn 58s)(0)