cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2013.8.26.36 - Nicolas Coolman (26/08/2013)
~ Lanc� par ROUCOU (27/08/2013 14:40:17)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activ�e par le programme
~ El�vation des Privil�ges : OK
~ User Account Control (UAC): Not Found


---\\ Navigateurs Internet
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox 23.0.1 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Fran�ais
Windows XP Home Edition Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK

---\\ Logiciels de protection du syst�me
Avira Free Antivirus v13.0.0.3885
Malwarebytes Anti-Malware version 1.75.0.1300

---\\ Logiciels d'optimisation du syst�me
CCleaner v4.04 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin

---\\ Informations sur le syst�me
~ Processor: x86 Family 6 Model 8 Stepping 1, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 767 MB (47% free)
System Restore: D�sactiv� (Disabled)
System drive C: has 24 GB (61%) free of 39 GB

---\\ Mode de connexion au syst�me
~ Computer Name: JEAN-LUC
~ User Name: ROUCOU
~ All Users Names: SUPPORT_388945a0, ROUCOU, HelpAssistant, ASPNET, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppData% : C:\Documents and Settings\ROUCOU\Application Data\
~ %Desktop% : C:\Documents and Settings\ROUCOU\Bureau\
~ %Favorites% : C:\Documents and Settings\ROUCOU\Favoris\
~ %LocalAppData% : C:\Documents and Settings\ROUCOU\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\ROUCOU\Menu D�marrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enum�ration des unit�s disques
C:\ Hard drive, Flash drive, Thumb drive (Free 24 Go of 39 Go)
D:\ CD-ROM drive (Not Inserted)
E:\ Hard drive, Flash drive, Thumb drive (Free 6 Go of 28 Go)
G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
J:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
K:\ Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Etat du Centre de S�curit� Windows
~ Security Center: 26 Legitimates Filtered in 00mn 00s



---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.E1948293F7CBC38987270432935D8D05] - (.Microsoft Corporation - Internet Extensions for Win32.) (.26/07/2013 - 03:47:15.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.13/04/2008 - 19:00:54.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parall�le.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 10:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.13/04/2008 - 19:57:36.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 01s



---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 2/749
~ Mes musiques (My Musics) : 1/2
~ Mes Favoris (My Favorites) : 1/384
~ Mes Documents (My Documents) : 2/1817
~ Mon Bureau (My Desktop) : 0/106
~ Menu demarrer (Programs) : 1/50
~ Hidden Files: Scanned in 00mn 04s



---\\ Processus lanc�s au d�marrage du syst�me
[MD5.BFADBB0B68E566F6F46B856557A68EC1] - (.Lexmark International, Inc. - LexBce Service.) -- C:\WINDOWS\system32\LEXBCES.exe [307200] [PID.1172]
[MD5.B0360B57F7A0EADEEA84961197C721FF] - (.Lexmark International, Inc. - LEXPPS.EXE.) -- C:\WINDOWS\system32\LEXPPS.exe [174592] [PID.1248]
[MD5.99387251353598C939592FAF40DF8AA9] - (.Avira Operations GmbH & Co. KG - Avira Scheduler.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024] [PID.1316]
[MD5.15EB9148D68ED4AC3C3BDE6DF101070A] - (.Lexmark International, Inc. - Lexmark 3100 Series Button Manager.) -- C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe [106496] [PID.1668]
[MD5.A2A5A81E5B8783514BAE5296DC1A2FA5] - (...) -- C:\Program Files\Lexmark 3100 Series\lxbrksk.exe [282624] [PID.1676]
[MD5.4631FF0EE2964CCDC646AF807CB778F5] - (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345144] [PID.1684]
[MD5.B8E5B65D2C5C3256A6EAAF956A7A653C] - (...) -- C:\Utilitaires\Atomic Alarm Clock\AtomicAlarmClock.exe [1742848] [PID.1692]
[MD5.F41BC0CFDFA32101A01C9979F96BDACF] - (.CH-Software - PopMan.) -- C:\Program Files\PopMan\PopMan.exe [847872] [PID.1724]
[MD5.475B4833C17D6551F71D2943104DCC55] - (.Singer's Creations - Pas de description.) -- C:\Utilitaires\Weather Watcher\ww.exe [937984] [PID.1732]
[MD5.EC522E30D4CCB56D3DAB972169DBBFDB] - (.Lexmark International, Inc. - Lexmark 3100 Series Button Monitor.) -- C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe [53248] [PID.1740]
[MD5.CD4D418E6A19A286261172B09A5DFE81] - (...) -- C:\Program Files\Lexmark 3100 Series\lxbrcmon.exe [16384] [PID.1752]
[MD5.7AA42B6EE677EE292C1E74055D409750] - (.Logitech Inc. - Logitech Events Handler Application.) -- C:\Program Files\Logitech\MouseWare\system\em_exec.exe [38912] [PID.1760]
[MD5.EEC3EF7595D16C08B7621938A13DC9B5] - (.Pas de propri�taire - Firemin.) -- C:\Temp\firemin\Firemin.exe [591479] [PID.1792]
[MD5.539DC4006E3C1D7C3A00CD91CB7973B7] - (.TILER.com - FreeMeter Application.) -- C:\Program Files\FreeMeter\FreeMeter.exe [614400] [PID.1804]
[MD5.58FD3BEDE0AFE2371A669D43BE0AF5B4] - (.grenouille.com - Pas de description.) -- C:\Utilitaires\PyGrenouille\pygrenouille.exe [91648] [PID.1848]
[MD5.17773EDD4B9A2817E5FC703C11A4C1D5] - (.Acronis - Acronis Scheduler 2.) -- C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe [155648] [PID.1860]
[MD5.8A86F41B857DA166033B1795FE69BF37] - (.Almico Software (www.almico.com) - Pas de description.) -- C:\Program Files\SpeedFan\speedfan.exe [4683768] [PID.1872]
[MD5.8491FDA93507F2F27FFBA11372764086] - (.Avira Operations GmbH & Co. KG - Avira On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088] [PID.1924]
[MD5.325FB38C323C63C7F57885B4DFB1B91E] - (.Windows (R) Codename Longhorn DDK provider - User Profile Hive Cleanup Service.) -- C:\Program Files\UPHClean\uphclean.exe [399872] [PID.404]
[MD5.68C105908A54D734D2B154DB546F562E] - (.Avira Operations GmbH & Co. KG - Avira Shadow Copy Service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [76856] [PID.2692]
[MD5.B4CF3FB7E9B8EA69757541DCE6CA20ED] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [276376] [PID.3924]
[MD5.80A5A61530384C6A3614C745217919DE] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7837184] [PID.2104]
[MD5.5E9A6658A2A69AE7EB195113B7A2E7A9] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.2852]
~ Processes Running: Scanned in 00mn 02s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\prefs.js
P2 - FPN: [HKLM] [@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin] - (.Simon B�nzli - SumatraPDF Browser Plugin.) -- C:\Program Files\SumatraPDF\npPdfViewer.dll
P2 - FPN: [HKCU] [@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin] - (.Simon B�nzli - SumatraPDF Browser Plugin.) -- C:\Program Files\SumatraPDF\npPdfViewer.dll
~ Firefox Browser: 8 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://forum.pcastuces.com
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Simon B�nzli - SumatraPDF Browser Plugin.) (No version) -- (.not file.)
~ IE Browser: 12 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - [HKCU]{710EB7A1-45ED-11D0-924A-0020AFC7AC4D} Cl� orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Cl� orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Cl� orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} Cl� orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Run: [Logitech Utility] . (.Logitech Inc. - Logitech Launcher Application.) -- C:\WINDOWS\Logi_MwX.exe
O4 - HKLM\..\Run: [Lexmark 3100 Series] . (.Lexmark International, Inc. - Lexmark 3100 Series Button Manager.) -- C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
O4 - HKLM\..\Run: [LXBRKsk] . (...) -- C:\Program Files\Lexmark 3100 Series\lxbrksk.exe
O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
O4 - HKCU\..\Run: [SkinClock] . (...) -- C:\Utilitaires\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKCU\..\Run: [PopMan] . (.CH-Software - PopMan.) -- C:\Program Files\PopMan\PopMan.exe
O4 - HKCU\..\Run: [WeatherWatcher] . (.Singer's Creations - Pas de description.) -- C:\Utilitaires\Weather Watcher\ww.exe
O4 - HKUS\S-1-5-21-1275210071-1383384898-1801674531-1004\..\Run: [SkinClock] . (...) -- C:\Utilitaires\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKUS\S-1-5-21-1275210071-1383384898-1801674531-1004\..\Run: [PopMan] . (.CH-Software - PopMan.) -- C:\Program Files\PopMan\PopMan.exe
O4 - HKUS\S-1-5-21-1275210071-1383384898-1801674531-1004\..\Run: [WeatherWatcher] . (.Singer's Creations - Pas de description.) -- C:\Utilitaires\Weather Watcher\ww.exe
~ Application: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Programs: Glary Utilities 3.lnk . (.Glarysoft Ltd - Glary Utilities 3.) -- C:\Program Files\Glary Utilities 3\Integrator.exe
O4 - GS\Programs: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Programs: Mozilla Thunderbird.lnk . (.Mozilla Corporation - Thunderbird.) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
O4 - GS\Programs: Windows Movie Maker.lnk . (.Microsoft Corporation - Windows Movie Maker.) -- C:\Program Files\Movie Maker\moviemk.exe
O4 - GS\Programs: Assistance � distance.lnk . (.Microsoft Corporation - Assistance � distance Microsoft.) -- C:\WINDOWS\system32\rcimlby.exe
O4 - GS\Programs: Windows Install Clean Up.lnk . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
~ Global Startup: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{241C2B6B-0C53-4EFD-8D4C-7C25E7FA6156}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{241C2B6B-0C53-4EFD-8D4C-7C25E7FA6156}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{241C2B6B-0C53-4EFD-8D4C-7C25E7FA6156}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Titr_HJT34=Protocole additionnel (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. - ATI External Event Utility DLL Module.) -- C:\WINDOWS\system32\Ati2evxx.dll
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent r�seau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: LexBce Server (LexBceS) . (.Lexmark International, Inc. - LexBce Service.) - C:\WINDOWS\system32\LEXBCES.exe
O23 - Service: User Profile Hive Cleanup (UPHClean) . (.Windows (R) Codename Longhorn DDK provider - User Profile Hive Cleanup Service.) - C:\Program Files\UPHClean\uphclean.exe
~ Services: 6 Legitimates Filtered in 00mn 04s



---\\ Enum�ration Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\ROUCOU\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\ROUCOU\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Enum�re les donn�es de BootExecute (BEX) (O34)
O34 - HKLM BootExecute: (autocheck autochk * ) - File not found
~ BEX: 1 Legitimates Filtered in 00mn 00s



---\\ Pilotes lanc�s au d�marrage du syst�me (O41)
O41 - Driver: (BANTExt) . (...) - C:\WINDOWS\system32\Drivers\BANTExt.sys
~ Drivers: 69 Legitimates Filtered in 00mn 01s



---\\ Logiciels install�s (O42)
O42 - Logiciel: Atomic Alarm Clock 5.87 - (.Drive Software Company.) [HKLM] -- Atomic Alarm Clock_is1
O42 - Logiciel: BirdsEvolutionPro - (...) [HKCU] -- BIRDS EVOLUTION PRO
O42 - Logiciel: EnableDisable for Office version 3.7 - (.Topalt.com.) [HKLM] -- {664320A7-8522-47C2-B605-F33A30A2FA52}_is1
O42 - Logiciel: MV RegClean 5.9 Fran�ais - (...) [HKLM] -- MV RegClean 5.9 Fran�ais_is1
O42 - Logiciel: PasseMemo - (...) [HKCU] -- PASSEMEMO
O42 - Logiciel: Secu 4.0 - (.JSAL Software.) [HKLM] -- {85DA9BC7-C5F9-4CB1-84C2-8342995D2CD6}_is1
O42 - Logiciel: Statfoot32 - (.Cellard Software.) [HKLM] -- Statfoot32_is1
O42 - Logiciel: Suivi-Secu - (...) [HKCU] -- SUIVI-SECU
~ Logic: 101 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Agent_EXE]
[HKCU\Software\ClockSkin587]
[HKCU\Software\FreeMeter]
[HKCU\Software\KRKsoft]
[HKCU\Software\L.S.I.]
[HKCU\Software\La Source Informatique]
[HKCU\Software\OPSWAT]
[HKCU\Software\Praxisoft]
[HKCU\Software\WebConnect]
[HKCU\Software\mtsf.com]
[HKLM\Software\LXBRDataCaching]
[HKLM\Software\LXBRFormatShell]
~ Key Software: 241 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 19/08/2013 - 14:40:56 - [5,142] ----D C:\Program Files\Double Driver
O43 - CFD: 02/08/2012 - 13:51:36 - [1,674] ----D C:\Program Files\FreeMeter
O43 - CFD: 26/08/2013 - 19:00:04 - [1,920] ----D C:\Program Files\MV RegClean 5.9 Fran�ais
O43 - CFD: 24/04/2013 - 14:52:37 - [2,729] ----D C:\Program Files\Secu 4.0
O43 - CFD: 24/04/2013 - 14:48:40 - [37,500] ----D C:\Program Files\Suivi S�cu
O43 - CFD: 21/05/2012 - 13:38:17 - [0,001] ----D C:\Documents and Settings\All Users\Application Data\Suivi S�cu
O43 - CFD: 12/08/2012 - 15:20:25 - [0,001] ----D C:\Documents and Settings\ROUCOU\Application Data\#Hf
O43 - CFD: 21/05/2012 - 15:03:43 - [0,001] ----D C:\Documents and Settings\ROUCOU\Application Data\Topalt
O43 - CFD: 03/04/2013 - 11:25:07 - [0,008] ----D C:\Documents and Settings\ROUCOU\Local Settings\Application Data\hq
O43 - CFD: 10/08/2012 - 11:44:58 - [0,001] ----D C:\Documents and Settings\ROUCOU\Menu D�marrer\Programmes\FreeMeter
O43 - CFD: 23/05/2012 - 19:52:02 - [0,002] ----D C:\Documents and Settings\ROUCOU\Menu D�marrer\Programmes\TAROT PRO 99
~ Program Folder: 199 Legitimates Filtered in 00mn 18s



---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.492B9936F052B50B94ED2D04EA96DD2C] - 27/08/2013 - 12:22:43 ---A- . (...) -- C:\WINDOWS\LXBRCAH.ini [3206]
O44 - LFC:[MD5.593E0F853839633221683B466BE14F5E] - 27/08/2013 - 10:43:32 ---A- . (...) -- C:\WINDOWS\wiadebug.log [393]
O44 - LFC:[MD5.6157AD970D303855BEFB1315F0864CA9] - 27/08/2013 - 10:43:32 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.5A31060ED8A079FEE7B1A2FFED36998A] - 27/08/2013 - 10:35:18 ---A- . (...) -- C:\WINDOWS\lexstat.ini [420]
O44 - LFC:[MD5.F030E0B8D6E0D90BA293C4F0239F3DF6] - 27/08/2013 - 06:46:19 ---A- . (...) -- C:\WINDOWS\FLASHKSK.INI [22]
O44 - LFC:[MD5.C52449F930D2E139FBD661496EC6F2EA] - 26/08/2013 - 17:43:22 ---A- . (...) -- C:\DiskDefrag.log [75]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 26/08/2013 - 17:38:16 ----- . (...) -- C:\WINDOWS\Sti_Trace.log [0]
O44 - LFC:[MD5.097FB9C06BE7871E3C775F3B571A3BD4] - 26/08/2013 - 11:02:47 ---A- . (...) -- C:\WINDOWS\system32\STEC.PRO [96]
O44 - LFC:[MD5.BA2E4D79AD958B7DC076534CB2FE172C] - 20/08/2013 - 10:04:12 ---A- . (.Glarysoft Ltd - BootDefrag.exe.) -- C:\WINDOWS\system32\BootDefrag.exe [101664]
O44 - LFC:[MD5.76588E4D1FE66264B2FC87AD550CE052] - 16/08/2013 - 19:25:32 -SHA- . (...) -- C:\WINDOWS\Thumbs.db [8192]
O44 - LFC:[MD5.A6FC3FF982788AF0B06C4D4374A59FBC] - 14/08/2013 - 08:01:56 ---A- . (...) -- C:\WINDOWS\system32\TZLog.log [23762]
~ Files: 22 Legitimates Filtered in 01mn 47s



---\\ Derniers fichiers cr��s dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.0134775F71906CCADF86621EF52CDECA] - 26/08/2013 - 11:02:56 ---A- - C:\WINDOWS\Prefetch\STATFOOT.EXE-04F9B037.pf
O45 - LFCP:[MD5.1A0F5A4F21C637C6093DB139A63E7DAA] - 26/08/2013 - 13:04:30 ---A- - C:\WINDOWS\Prefetch\UNINSTAL.EXE-0D336191.pf
O45 - LFCP:[MD5.30138E12CFBCDB607DBCA58D7D96247E] - 26/08/2013 - 13:04:36 ---A- - C:\WINDOWS\Prefetch\A~NSISU_.EXE-23C0BB1E.pf
O45 - LFCP:[MD5.6F9E86A96B00A1F86A25CA4EE99B394E] - 26/08/2013 - 13:12:26 ---A- - C:\WINDOWS\Prefetch\SUMO_LITE.EXE-39207EA5.pf
O45 - LFCP:[MD5.98F4EB876EBE49240ACCA737E2475295] - 26/08/2013 - 13:12:26 ---A- - C:\WINDOWS\Prefetch\SUMO_LITE.TMP-383E12E6.pf
O45 - LFCP:[MD5.39E494926561AE4D8DB2B72D7226064A] - 26/08/2013 - 13:12:32 ---A- - C:\WINDOWS\Prefetch\SUMO.EXE-1DB885C7.pf
O45 - LFCP:[MD5.233E63ADF912F8B522D645E95D0A218D] - 26/08/2013 - 14:47:18 ---A- - C:\WINDOWS\Prefetch\ESSENTIALPIMPRO5.EXE-3B2ABBA7.pf
O45 - LFCP:[MD5.854032E453EA5C25A67BA00664AE9C89] - 26/08/2013 - 15:05:37 ---A- - C:\WINDOWS\Prefetch\WAJAM_VALIDATE.EXE-2CA312E2.pf =>Toolbar.Wajam
O45 - LFCP:[MD5.3141481B49F744EC37AAE3B81D171C8F] - 26/08/2013 - 15:06:27 ---A- - C:\WINDOWS\Prefetch\WEBCONNECT.EXE-12F01023.pf
O45 - LFCP:[MD5.108AD1DEE21A7ED35525C85CA28415D9] - 26/08/2013 - 15:07:14 ---A- - C:\WINDOWS\Prefetch\UPDATEWEBCONNECT.EXE-1E38E9F5.pf
O45 - LFCP:[MD5.95615686C3F77938BAB00559ED354DEC] - 26/08/2013 - 16:03:02 ---A- - C:\WINDOWS\Prefetch\_IU14D2N.TMP-2AC9B288.pf
O45 - LFCP:[MD5.D43413DA579CA3F70049034AA801D95C] - 26/08/2013 - 16:53:30 ---A- - C:\WINDOWS\Prefetch\REVO UNINSTALLER PRO 3.0.7 FI-38EE5F69.pf
O45 - LFCP:[MD5.024B8029F76142FC932DA1E40520BD15] - 26/08/2013 - 17:07:17 ---A- - C:\WINDOWS\Prefetch\ESSENTIALPIM.EXE-193AEC61.pf
O45 - LFCP:[MD5.E6B9C60AFF1DA08B95C7A60C5D936A32] - 26/08/2013 - 17:39:02 ---A- - C:\WINDOWS\Prefetch\REVOUNINPROSETUP3.0.5.EXE-36A6E309.pf
O45 - LFCP:[MD5.C9F7D35D74CBA2B6D22B02419F07037C] - 26/08/2013 - 17:39:03 ---A- - C:\WINDOWS\Prefetch\REVOUNINPROSETUP3.0.5.TMP-09E58690.pf
O45 - LFCP:[MD5.AC039679E70A1710C3691BE24CE96CD1] - 26/08/2013 - 17:42:52 ---A- - C:\WINDOWS\Prefetch\NSB.TMP-0360EDA2.pf
O45 - LFCP:[MD5.CBF6D851C1760055417831F446D58F54] - 26/08/2013 - 17:45:51 ---A- - C:\WINDOWS\Prefetch\STARTUPMANAGER.EXE-00CFCF92.pf
O45 - LFCP:[MD5.8B0E0B445B7C5A735E1567E87E3AA67C] - 26/08/2013 - 17:46:15 ---A- - C:\WINDOWS\Prefetch\MEMFILESSERVICE.EXE-2011CF56.pf
O45 - LFCP:[MD5.0EC6B8C3793684F4CE4E4D34C4F7A30C] - 26/08/2013 - 17:53:51 ---A- - C:\WINDOWS\Prefetch\MVREGCLEAN.EXE-1184873F.pf
O45 - LFCP:[MD5.CBF74D5C67AD0401124381748C2A95B2] - 27/08/2013 - 07:30:15 ---A- - C:\WINDOWS\Prefetch\SPYREMOVER.EXE-248ADF3C.pf
O45 - LFCP:[MD5.97AA4E896DF5C1E0BCC5A6B38C9B3E88] - 27/08/2013 - 07:30:44 ---A- - C:\WINDOWS\Prefetch\SYSINFO.EXE-1D54AE7B.pf
O45 - LFCP:[MD5.DF885567769EE7955E3C5BD1EEE1C8CA] - 27/08/2013 - 10:33:20 ---A- - C:\WINDOWS\Prefetch\LXBRPSWX.EXE-18E0922A.pf
O45 - LFCP:[MD5.ACD37E0202951D81F2C467055AFE50DF] - 27/08/2013 - 10:33:21 ---A- - C:\WINDOWS\Prefetch\LXBRJSWX.EXE-19E47842.pf
O45 - LFCP:[MD5.E3B92CEE53F43293E5830C45F415BC60] - 27/08/2013 - 10:45:59 ---A- - C:\WINDOWS\Prefetch\ESSENTIALPIM.EXE-12D318D3.pf
O45 - LFCP:[MD5.B39CB9DBDB70A6797786CCA5868D6E13] - 27/08/2013 - 11:24:08 ---A- - C:\WINDOWS\Prefetch\ESSENTIALPIM.EXE-2DBD2612.pf
O45 - LFCP:[MD5.4CD684C0A8D919E45154E26478673A23] - 27/08/2013 - 12:08:31 ---A- - C:\WINDOWS\Prefetch\ESSENTIALPIM.EXE-0D6FEFF1.pf
O45 - LFCP:[MD5.1FE8674026D4AD123CE3F9CE7F461AD5] - 27/08/2013 - 12:13:23 ---A- - C:\WINDOWS\Prefetch\EVERYTHING.EXE-0B65EEF8.pf
O45 - LFCP:[MD5.4D2E4DA03A74922607E771BDEC9F4DAD] - 27/08/2013 - 12:39:53 ---A- - C:\WINDOWS\Prefetch\GORGY-~1.SCR-10CF7537.pf
O45 - LFCP:[MD5.59613D05B3F63C0B128A05F80325A469] - 27/08/2013 - 13:19:57 ---A- - C:\WINDOWS\Prefetch\DL.EXE-00F0573C.pf
O45 - LFCP:[MD5.D45A30157480012F018DFA214C2540D5] - 27/08/2013 - 13:31:58 ---A- - C:\WINDOWS\Prefetch\NETSTAT.EXE-2B2B4428.pf
O45 - LFCP:[MD5.AC091C1975D7C33CFB5B402F59EE200C] - 27/08/2013 - 13:31:58 ---A- - C:\WINDOWS\Prefetch\TRAFIC.EXE-29707A58.pf
~ Prefetcher: 111 Legitimates Filtered in 00mn 01s



---\\ Op�rations et fonctions au d�marrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Export de cl� d'application autoris�e (O47)
O47 - AAKE:Key Export SP - "C:\Program Files\BSD Concept\Heredis 13\Heredis13.exe" [Enabled] .(.BSD Concept.) -- C:\Program Files\BSD Concept\Heredis 13\Heredis13.exe
O47 - AAKE:Key Export SP - "C:\DOCUME~1\ROUCOU\LOCALS~1\Temp\file.exe" [Enabled] .(...) -- C:\DOCUME~1\ROUCOU\LOCALS~1\Temp\file.exe (.not file.)
~ Keys Export: 9 Legitimates Filtered in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s



---\\ Cl� de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{5c79b406-a1c3-11e1-89b8-00115b8a11d7}\AutoRun\command - Cl� orpheline
O51 - MPSK:{db24f9a2-e17a-11e1-bba5-00115b8a11d7}\AutoRun\command - Cl� orpheline
~ Keys: Scanned in 00mn 00s



---\\ Enum�ration des cl�s de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du syst�me (SDL) (O58)
O58 - SDL:[MD5.87425709A251386064C99B684BF96F72] - 27/02/2013 - 11:22:51 ---A- . (.Avira Operations GmbH & Co. KG - Avira Minifilter Driver.) -- C:\WINDOWS\system32\Drivers\avgntflt.sys [84744]
O58 - SDL:[MD5.FE62E9711285DC2002DEF9B2BC2FB220] - 26/12/2011 - 14:34:30 ---A- . (...) -- C:\WINDOWS\system32\ampa.sys [10936]
~ Drivers: 5 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifi�s ou cr�es (Utilisateur) (O61)
O61 - LFC: 24/08/2013 - 07:09:52 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\bookmarkbackups\bookmarks-2013-08-24.json [193457]
O61 - LFC: 24/08/2013 - 17:59:24 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\sessionbackups\tabmix_sessions-2013-08-24.rdf [14409]
O61 - LFC: 24/08/2013 - 21:07:47 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Favoris\Liens\Sites sugg�r�s.url [86]
O61 - LFC: 25/08/2013 - 07:39:58 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Local Settings\Application Data\LastPass\6c5dcb7c8ab479a3e2f7ea52061de424d7dd2a272721bcb9f4f77881d37afe64_lpall.slps [133]
O61 - LFC: 25/08/2013 - 08:00:03 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\bookmarkbackups\bookmarks-2013-08-25.json [193457]
O61 - LFC: 25/08/2013 - 11:00:11 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\cert_override.txt [2903]
O61 - LFC: 25/08/2013 - 18:10:25 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\sessionbackups\tabmix_sessions-2013-08-25.rdf [11490]
O61 - LFC: 26/08/2013 - 11:02:37 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\bookmarkbackups\bookmarks-2013-08-26.json [193457]
O61 - LFC: 26/08/2013 - 13:12:28 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Bureau\Utilitaires\SUMo.lnk [1647]
O61 - LFC: 26/08/2013 - 13:13:32 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\KC Softwares\SUMo\reg.sumo [9804]
O61 - LFC: 26/08/2013 - 13:13:34 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\KC Softwares\SUMo\db.bak [3659]
O61 - LFC: 26/08/2013 - 13:14:07 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\KC Softwares\SUMo\SUMo.cache [3063]
O61 - LFC: 26/08/2013 - 13:18:15 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\KC Softwares\SUMo\db.sumo [3659]
O61 - LFC: 26/08/2013 - 14:14:54 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\healthreport\state.json [89]
O61 - LFC: 26/08/2013 - 14:39:30 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Mes documents\CD.XLS [99328]
O61 - LFC: 26/08/2013 - 14:39:53 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Voisinage r�seau\T�l�chargement sur Intel\target.lnk [702]
O61 - LFC: 26/08/2013 - 14:47:25 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Microsoft\Internet Explorer\Quick Launch\EssentialPIM Pro.lnk [784]
O61 - LFC: 26/08/2013 - 14:47:25 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Bureau\Bureautique\EssentialPIM Pro.lnk [766]
O61 - LFC: 26/08/2013 - 14:48:34 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\EssentialPIM Pro\TEST.backup_20130826_1548.epim [19579392]
O61 - LFC: 26/08/2013 - 16:45:12 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\addons.sqlite [524288]
O61 - LFC: 26/08/2013 - 16:51:48 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\healthreport.sqlite [1474560]
O61 - LFC: 26/08/2013 - 17:41:01 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\sessionbackups\tabmix_sessions-2013-08-26.rdf [11352]
O61 - LFC: 26/08/2013 - 17:43:22 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Bureau\System\Glary Utilities 3.lnk [763]
O61 - LFC: 26/08/2013 - 18:16:14 -SHA- . (...) -- C:\Documents and Settings\ROUCOU\PrivacIE\index.dat [917504]
O61 - LFC: 26/08/2013 - 18:16:23 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Favoris\Liens\Sites sugg�r�s (2).url [86]
O61 - LFC: 26/08/2013 - 18:18:15 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Voisinage r�seau\Sauvegarde sur Intel\target.lnk [602]
O61 - LFC: 27/08/2013 - 06:57:12 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Recent\Ech�ancier.lnk [570]
O61 - LFC: 27/08/2013 - 06:58:29 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\bookmarkbackups\bookmarks-2013-08-27.json [193457]
O61 - LFC: 27/08/2013 - 07:01:12 R--A- . (...) -- C:\Documents and Settings\ROUCOU\Mes documents\Money Sauvegarde.mbf [12492134]
O61 - LFC: 27/08/2013 - 07:01:16 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Mes documents\Money.mny [11272192]
O61 - LFC: 27/08/2013 - 07:01:24 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Mes documents\Ech�ancier.xls [89088]
O61 - LFC: 27/08/2013 - 10:39:33 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Recent\EssentialPIMPort5.lnk [624]
O61 - LFC: 27/08/2013 - 10:39:33 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Recent\T�l�chargement.lnk [465]
O61 - LFC: 27/08/2013 - 10:43:39 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Recent\DiskDefrag.lnk [433]
O61 - LFC: 27/08/2013 - 10:43:39 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Recent\JEAN-LUC (C).lnk [301]
O61 - LFC: 27/08/2013 - 11:25:48 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk [2547]
O61 - LFC: 27/08/2013 - 11:26:03 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Recent\Achat-Garantie.lnk [590]
O61 - LFC: 27/08/2013 - 11:27:16 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Mes documents\Achat-Garantie.xls [21504]
O61 - LFC: 27/08/2013 - 11:27:45 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Local Settings\Application Data\LastPass\6c5dcb7c8ab479a3e2f7ea52061de424d7dd2a272721bcb9f4f77881d37afe64_lt.cac [1005]
O61 - LFC: 27/08/2013 - 11:27:47 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\formhistory.sqlite [327680]
O61 - LFC: 27/08/2013 - 12:08:45 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\EssentialPIM Pro\TEST.EPIM [22335488]
O61 - LFC: 27/08/2013 - 12:18:47 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Recent\Essentialpim Pro 5.53.lnk [651]
O61 - LFC: 27/08/2013 - 12:18:47 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Recent\Essentialpim Pro Port 5.53.lnk [920]
O61 - LFC: 27/08/2013 - 12:24:41 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\sessionstore.js [4020]
O61 - LFC: 27/08/2013 - 12:24:44 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\bookmarks.html [449878]
O61 - LFC: 27/08/2013 - 12:24:45 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\cert8.db [393216]
O61 - LFC: 27/08/2013 - 12:24:45 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\key3.db [16384]
O61 - LFC: 27/08/2013 - 12:24:45 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\permissions.sqlite [65536]
O61 - LFC: 27/08/2013 - 12:53:53 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\places.sqlite-shm [32768]
O61 - LFC: 27/08/2013 - 12:53:55 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\webapps\webapps.json [2]
O61 - LFC: 27/08/2013 - 12:54:13 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\cookies.sqlite-shm [32768]
O61 - LFC: 27/08/2013 - 12:54:34 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\urlclassifierkey3.txt [154]
O61 - LFC: 27/08/2013 - 12:54:34 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\webappsstore.sqlite-shm [32768]
O61 - LFC: 27/08/2013 - 12:54:42 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Local Settings\Application Data\LastPass\6c5dcb7c8ab479a3e2f7ea52061de424d7dd2a272721bcb9f4f77881d37afe64_key.itr [1]
O61 - LFC: 27/08/2013 - 12:54:45 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\healthreport.sqlite-shm [32768]
O61 - LFC: 27/08/2013 - 12:54:45 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\healthreport.sqlite-wal [0]
O61 - LFC: 27/08/2013 - 12:55:04 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\prefs.js [104938]
O61 - LFC: 27/08/2013 - 12:58:09 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\cookies.sqlite-wal [623080]
O61 - LFC: 27/08/2013 - 13:00:05 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\webappsstore.sqlite [4554752]
O61 - LFC: 27/08/2013 - 13:00:10 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\webappsstore.sqlite-wal [557496]
O61 - LFC: 27/08/2013 - 13:16:11 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\PopMan\MailCache.dat [0]
O61 - LFC: 27/08/2013 - 13:31:04 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Recent\changes.lnk [809]
O61 - LFC: 27/08/2013 - 13:32:16 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Recent\AdwCleaner[S5].lnk [574]
O61 - LFC: 27/08/2013 - 13:32:45 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Recent\AdwCleaner[S3].lnk [574]
O61 - LFC: 27/08/2013 - 13:33:17 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Recent\AdwCleaner.lnk [401]
O61 - LFC: 27/08/2013 - 13:33:17 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Recent\AdwCleaner[S4].lnk [574]
O61 - LFC: 27/08/2013 - 13:36:38 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\blocklist.xml [77073]
O61 - LFC: 27/08/2013 - 13:38:13 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\pluginreg.dat [4589]
O61 - LFC: 27/08/2013 - 13:38:22 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\downloads.sqlite [98304]
O61 - LFC: 27/08/2013 - 13:38:26 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\localstore.rdf [24359]
O61 - LFC: 27/08/2013 - 13:38:30 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\session.rdf [8766]
O61 - LFC: 27/08/2013 - 13:39:23 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Local Settings\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\startupCache\startupCache.4.little [1487377]
O61 - LFC: 27/08/2013 - 13:39:41 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\cookies.sqlite [1048576]
O61 - LFC: 27/08/2013 - 13:39:42 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\forecastfox.sqlite [425984]
O61 - LFC: 27/08/2013 - 13:39:44 -SHA- . (...) -- C:\Documents and Settings\ROUCOU\IETldCache\index.dat [262144]
O61 - LFC: 27/08/2013 - 13:39:45 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\places.sqlite-wal [634512]
O61 - LFC: 27/08/2013 - 13:39:45 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Local Settings\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\_CACHE_CLEAN_ [1]
O61 - LFC: 27/08/2013 - 13:39:46 ---A- . (...) -- C:\Documents and Settings\ROUCOU\Application Data\Mozilla\Firefox\Profiles\66cuf3ug.default\places.sqlite [20971520]
~ 17 Fichiers temporaires (Temporary files)
~ 3 Fichiers cookies (Cookies files)
~ Files: 539 Legitimates Filtered in 01mn 31s



---\\ Liste des outils de d�sinfection (LATC) (O63)
O63 - Logiciel: SEAF By C_XX - (.C_XX.) [HKLM] -- SEAF
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 09/08/2011 - Pas de propri�taire (BANTExt) .(...) - LEGACY_BANTEXT
O64 - Services: CurCS - ??\??\???? - Pas de propri�taire (BootDefragDriver) .(...) - LEGACY_BOOTDEFRAGDRIVER
O64 - Services: CurCS - 13/09/2010 - C:\Program Files\UPHClean\uphclean.exe (UPHClean) .(.Windows (R) Codename Longhorn DDK provider - User Profile Hive Cleanup Service.) - LEGACY_UPHCLEAN
~ Legacy: 168 Legitimates Filtered in 00mn 02s



---\\ Menu de d�marrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {36104C1F-F0F5-43EA-902F-F6CB4416A565} [DefaultScope] - (Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche particuli�re � la racine du syst�me (SPRF) (O84)
[MD5.3E829A44FFA80E6359B636948C7E41D8] [SPRF][22/05/2012] (...) -- C:\Documents and Settings\ROUCOU\Local Settings\Application Data\fusioncache.dat [129]
[MD5.6B7FF65AE8E57E7EC7FB108667067D15] [SPRF][21/05/2012] (...) -- C:\Documents and Settings\ROUCOU\Application Data\Sys2662.Config.Repository.bin [22]
[MD5.7F50D522E51BF1B8003D7E3F7698D2EF] [SPRF][24/06/2012] (...) -- C:\Documents and Settings\ROUCOU\Application Data\Windows1569_SettingsRepository.bin [22]
~ Files: 3 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.474485C57E15CBE7D8867F89464613DF] [WIS][03/09/2012] (.LAventure - .) -- C:\Windows\Installer\169ba9c.msi [111616]
~ WIS: 42 Legitimates Filtered in 00mn 06s



---\\ Etat g�n�ral des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 06/08/2012 155648 | (AcrSch2Svc) . (.Acronis.) - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
SS - | Auto 12/07/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 05/07/2013 84024 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SR - | Auto 05/07/2013 108088 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SS - | Disabled 05/07/2013 589368 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.exe
SS - | Disabled 29/09/2004 405504 | (Ati HotKey Poller) . (.ATI Technologies Inc..) - C:\WINDOWS\system32\Ati2evxx.exe
SS - | Disabled 29/09/2004 516096 | (ATI Smart) . (...) - C:\WINDOWS\system32\ati2sgag.exe
SS - | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Disabled 09/05/2011 136120 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Auto 29/08/2003 307200 | (LexBceS) . (.Lexmark International, Inc..) - C:\WINDOWS\system32\LEXBCES.exe
SS - | Disabled 13/12/2004 49152 | (UleadBurningHelper) . (.Ulead Systems, Inc..) - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
SR - | Auto 13/09/2010 399872 | (UPHClean) . (.Windows (R) Codename Longhorn DDK provider.) - C:\Program Files\UPHClean\uphclean.exe
~ Services: Scanned in 00mn 07s



---\\ Recherche dinfection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by ROUCOU at 27/08/2013 14:45:28

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys videX32.sys PCIIDEX.SYS
C:\WINDOWS\system32\drivers\videX32.sys VIA Technologies, Inc. VIA PCI IDE MINI Driver
1 nt!IofCallDriver[0x804E3735] >> \Device\Harddisk0\DR0[0x82F3FAB8]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 14 Legitimates Filtered in 00mn 02s



---\\ Recherche dinfection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by ROUCOU at 27/08/2013 14:45:30

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : v2.12866 - (26/08/2013)
Cl�s trouv�es (Keys found) : 0
Valeurs trouv�es (Values found) : 0
Dossiers trouv�s (Folders found) : 0
Fichiers trouv�s (Files found) : 1

C:\WINDOWS\Prefetch\WAJAM_VALIDATE.EXE-2CA312E2.pf =>Toolbar.Wajam^
~ Additionnel Scan: 162009 Items scanned in 00mn 17s



---\\ R�capitulatif des d�tections trouv�es sur votre station
~ http://nicolascoolman.webs.com27379491-toolbar-wajam =>Toolbar.Wajam
~ MSI: 1 link(s) detected in 00mn 17s



~ 1611 Legitimates filtered by white list
End of the scan (604 lines in 05mn 30s)(0)

Publicité


Signaler le contenu de ce document

Publicité