ines
Participant
Nombre d'articles : 12

troisième
[attachment=]~ Rapport de ZHPDiag v2013.10.20.55 – Nicolas Coolman (20/10/2013)
~ Lancé par serge (20/10/2013 16:48:21)
~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
~ Forums gratuits d’Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Not Found

—\ Navigateurs Internet
MSIE: Internet Explorer v8.0.6001.18702 (Defaut)
MFIE: Mozilla Firefox 24.0

—\ Informations sur les produits Windows
~ Langage: Français
Windows XP Home Edition Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO

—\ Logiciels de protection du système
Avira Free Antivirus v13.0.0.4042
Malwarebytes Anti-Malware version 1.75.0.1300

—\ Logiciels d’optimisation du système
CCleaner v4.06 =>Piriform Ltd

—\ Logiciels de partage PeerToPeer
eMule

—\ Surveillance de Logiciels
Adobe Flash Player 11 ActiveX

—\ Informations sur le système
~ Processor: x86 Family 6 Model 15 Stepping 11, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3327 MB (75% free)
System Restore: Activé (Enable)
System drive C: has 38 GB (76%) free of 49 GB

—\ Mode de connexion au système
~ Computer Name: MAURICETTE
~ User Name: serge
~ All Users Names: SUPPORT_388945a0, serge, HelpAssistant, Administrateur,
~ Unselected Option: None
Logged in as Administrator

—\ Variables d’environnement
~ System Unit : C:
~ %AppZHP% : C:Documents and SettingssergeApplication DataZHP
~ %AppData% : C:Documents and SettingssergeApplication Data
~ %Desktop% : C:Documents and SettingssergeBureau
~ %Favorites% : C:Documents and SettingssergeFavoris
~ %LocalAppData% : C:Documents and SettingssergeLocal SettingsApplication Data
~ %StartMenu% : C:Documents and SettingssergeMenu Démarrer
~ %Windir% : C:WINDOWS
~ %System% : C:WINDOWSsystem32

—\ Enumération des unités disques
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 38 Go of 49 Go)
D: Hard drive, Flash drive, Thumb drive (Free 183 Go of 184 Go)
E: Hard drive, Flash drive, Thumb drive (Free 77 Go of 176 Go)
F: Hard drive, Flash drive, Thumb drive (Free 290 Go of 290 Go)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
J: CD-ROM drive (Not Inserted)
K: Floppy drive, Flash card reader, USB Key (Not Inserted)
O: Hard drive, Flash drive, Thumb drive (Free 367 Go of 466 Go)

—\ Etat du Centre de Sécurité Windows
~ Security Center: 42 Legitimates Filtered in 00mn 00s

—\ Recherche particulière de fichiers génériques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] – (.Microsoft Corporation – Explorateur Windows.) (.13/04/2008 – 18:34:04.) — C:WINDOWSExplorer.exe [1037824]
[MD5.F8DD21FC65131E064FBF11F01E4F4BFD] – (.Microsoft Corporation – Internet Extensions for Win32.) (.23/09/2013 – 19:23:33.) — C:WINDOWSsystem32wininet.dll [920064]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] – (.Microsoft Corporation – Application d’ouverture de session Windows NT.) (.13/04/2008 – 18:34:30.) — C:WINDOWSsystem32Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.17/08/2011 – 14:49:54.) — C:WINDOWSsystem32DriversAFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] – (.Microsoft Corporation – IDE/ATAPI Port Driver.) (.13/04/2008 – 10:40:32.) — C:WINDOWSsystem32Driversatapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] – (.Microsoft Corporation – CD-ROM File System Driver.) (.13/04/2008 – 11:14:22.) — C:WINDOWSsystem32DriversCdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.13/04/2008 – 10:40:48.) — C:WINDOWSsystem32DriversCdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] – (.Microsoft Corporation – Pilote de cryptographie FIPS.) (.13/04/2008 – 17:57:40.) — C:WINDOWSsystem32DriversFips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] – (.Windows (R) Server 2003 DDK provider – High Definition Audio Bus Driver v1.0a.) (.13/04/2008 – 08:36:06.) — C:WINDOWSsystem32DriversHDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] – (.Microsoft Corporation – Pilote de port i8042.) (.13/04/2008 – 18:00:54.) — C:WINDOWSsystem32Driversi8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] – (.Microsoft Corporation – IMAPI Kernel Driver.) (.13/04/2008 – 10:41:00.) — C:WINDOWSsystem32DriversImapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] – (.Microsoft Corporation – IP Network Address Translator.) (.13/04/2008 – 10:57:16.) — C:WINDOWSsystem32DriversIpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] – (.Microsoft Corporation – IPSec Driver.) (.13/04/2008 – 11:19:44.) — C:WINDOWSsystem32DriversIPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.15/07/2011 – 14:29:31.) — C:WINDOWSsystem32DriversMRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] – (.Microsoft Corporation – MBT Transport driver.) (.13/04/2008 – 11:21:02.) — C:WINDOWSsystem32DriversnetBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] – (.Microsoft Corporation – NT File System Driver.) (.13/04/2008 – 11:15:54.) — C:WINDOWSsystem32Driversntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] – (.Microsoft Corporation – Pilote de port parallèle.) (.13/04/2008 – 18:09:42.) — C:WINDOWSsystem32DriversParport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.13/04/2008 – 11:19:44.) — C:WINDOWSsystem32DriversRasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] – (.Microsoft Corporation – Microsoft RDP Device redirector.) (.13/04/2008 – 10:32:52.) — C:WINDOWSsystem32Driversrdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] – (.Microsoft Corporation – Pilote de filtre audio Livre rouge.) (.13/04/2008 – 17:57:36.) — C:WINDOWSsystem32Driversredbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.13/04/2008 – 17:56:06.) — C:WINDOWSsystem32Driversvolsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 00s

—\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/2
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 0/0
~ Mes Favoris (My Favorites) : 1/6
~ Mes Documents (My Documents) : 1/12
~ Mon Bureau (My Desktop) : 0/1113
~ Menu demarrer (Programs) : 1/25
~ Hidden Files: Scanned in 00mn 01s

—\ Processus lancés
[MD5.A29F2E883730A91965CE8BB6981D5B37] – (.ATI Technologies Inc. – ATI External Event Utility EXE Module.) — C:WINDOWSsystem32Ati2evxx.exe [581632] [PID.1024]
[MD5.8769E2D1072B62AB071F166F03B3E3DC] – (.Avira Operations GmbH & Co. KG – Avira Scheduler.) — C:Program FilesAviraAntiVir Desktopsched.exe [84024] [PID.1660]
[MD5.E681281D9BFC9D45D3B72532717E5880] – (.Advanced Micro Devices Inc. – Catalyst Control Center: Monitoring program.) — C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.exe [49152] [PID.136]
[MD5.D658AB1B55127D18DCFBCAC8CAAEA522] – (.Hewlett-Packard – hpwuSchd Application.) — C:Program FilesHpHP Software UpdateHPWuSchd2.exe [49208] [PID.148]
[MD5.013A269E7AF8B01FF20B384FEEBFFDA5] – (.Realtek Semiconductor Corp. – Realtek HD Audio Control Panel.) — C:WINDOWSRTHDCPL.exe [16862720] [PID.156]
[MD5.35B236D0A5973CC913990B7E86FF266B] – (…) — C:Program FilesASUSSix EngineSixEngine.exe [5964800] [PID.164]
[MD5.DB3F7F19F942D3CE4E1A0E8D9FF541FB] – (.Avira Operations GmbH & Co. KG – Avira System Tray Tool.) — C:Program FilesAviraAntiVir Desktopavgnt.exe [347192] [PID.172]
[MD5.25CA1677AAA3CDC99CD4FCF940886F3C] – (.ATI Technologies Inc. – Catalyst Control Centre: Host application.) — C:Program FilesATI TechnologiesATI.ACECore-Staticccc.exe [49152] [PID.808]
[MD5.AD1D13E6326E0B8DA2A7BE13B39A8FE0] – (.Avira Operations GmbH & Co. KG – Avira On-Access Service.) — C:Program FilesAviraAntiVir Desktopavguard.exe [108088] [PID.1184]
[MD5.65085456FD9A74D7F1A999520C299ECB] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program FilesMalwarebytes’ Anti-Malwarembamscheduler.exe [418376] [PID.1280]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program FilesMalwarebytes’ Anti-Malwarembamservice.exe [701512] [PID.1816]
[MD5.D1D5DAB39DCB4BE0359943738D87409B] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program FilesMalwarebytes’ Anti-Malwarembamgui.exe [532040] [PID.2440]
[MD5.2E0B0A051FFAA86E358465BB0880D453] – (.Microsoft Corporation – Windows Update.) — C:WINDOWSsystem32wuauclt.exe [53784] [PID.2696]
[MD5.F30BF9FC4275156F2AE96FCDF1ED5EE4] – (.Avira Operations GmbH & Co. KG – Avira Shadow Copy Service.) — C:Program FilesAviraAntiVir Desktopavshadow.exe [76856] [PID.3288]
[MD5.B60DDDD2D63CE41CB8C487FCFBB6419E] – (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe [638816] [PID.2080]
[MD5.DD425C93255671A5FE81A95E686C03D7] – (.Nicolas Coolman – ZHPDiag.) — C:Program FilesZHPDiagZHPDiag.exe [8111104] [PID.1680]
~ Processes Running: Scanned in 00mn 01s

—\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultprefs.js
~ Firefox Browser: 4 Legitimates Filtered in 00mn 00s

—\ Internet Explorer, Proxy Management (R5)
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyHttp1.1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
R5 – HKLMSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
R5 – HKLMSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyHttp1.1 = 1
~ Proxy management: Scanned in 00mn 00s

—\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
F2 – REG:system.ini: USERINIT=C:WINDOWSsystem32Userinit.exe,
F2 – REG:system.ini: Shell=C:WINDOWSexplorer.exe
F2 – REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL “sysdm.cpl”
~ Keys: Scanned in 00mn 00s

—\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20

—\ Internet Explorer Toolbars (O3)
O3 – ToolbarWebBrowser: (no name) – [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Clé orpheline
O3 – ToolbarWebBrowser: (no name) – [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Clé orpheline
O3 – ToolbarWebBrowser: (no name) – [HKCU]{41564952-412D-5637-00A7-7A786E7484D7} Clé orpheline
~ Toolbar: Scanned in 00mn 00s

—\ Autres liens utilisateurs (O4)
O4 – GSProgram [AllUsers]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
O4 – GSProgram [AllUsers]: MSN.lnk . (.Microsoft Corporation – Win32 Cabinet Self-Extractor.) — C:Program FilesMSNMSNCoreFilesInstallmsnsusii.exe =>.Microsoft Corporation
O4 – GSProgram [AllUsers]: Windows Messenger.lnk . (.Microsoft Corporation – Windows Messenger.) — C:Program FilesMessengermsmsgs.exe
O4 – GSProgram [serge]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
O4 – GSProgram [serge]: Lecteur Windows Media.lnk . (.Microsoft Corporation – Lecteur Windows Media.) — C:Program FilesWindows Media Playerwmplayer.exe =>.Microsoft Corporation
O4 – GSProgram [Administrateur]: Lecteur Windows Media.lnk . (.Microsoft Corporation – Lecteur Windows Media.) — C:Program FilesWindows Media Playerwmplayer.exe =>.Microsoft Corporation
~ Global Startup: 11 Legitimates Filtered in 00mn 00s

—\ Applications lancées au démarrage du sytème (O4)
O4 – HKLM..Run: [StartCCC] . (.Advanced Micro Devices, Inc. – Catalyst® Control Center Launcher.) — C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe =>.Advanced Micro Devices, Inc
O4 – HKLM..Run: [HP Software Update] . (.Hewlett-Packard – hpwuSchd Application.) — C:Program FilesHpHP Software UpdateHPWuSchd2.exe =>.Hewlett-Packard Co
O4 – HKLM..Run: [RTHDCPL] . (.Realtek Semiconductor Corp. – Realtek HD Audio Control Panel.) — C:WINDOWSRTHDCPL.exe =>.Realtek Semiconductor Corp
O4 – HKLM..Run: [Alcmtr] . (.Realtek Semiconductor Corp. – Realtek Azalia Audio – Event Monitor.) — C:WINDOWSALCMTR.exe
O4 – HKLM..Run: [Six Engine] . (…) — C:Program FilesASUSSix EngineSixEngine.exe
O4 – HKLM..Run: [avgnt] . (.Avira Operations GmbH & Co. KG – Avira System Tray Tool.) — C:Program FilesAviraAntiVir Desktopavgnt.exe
O4 – HKCU..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32ctfmon.exe
O4 – HKUSS-1-5-18..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32CTFMON.exe
O4 – HKUSS-1-5-19..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32CTFMON.exe
O4 – HKUSS-1-5-20..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32CTFMON.exe
O4 – HKUSS-1-5-21-1060284298-515967899-839522115-1004..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32ctfmon.exe
~ Application: Scanned in 00mn 00s

—\ Boutons situés sur la barre d’outils principale d’Internet Explorer (O9)
O9 – Extra button: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} — Clé orpheline
O9 – Extra button: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation – Windows Messenger.) — C:Program FilesMessengermsmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s

—\ Modification Domaine/Adresses DNS (O17)
O17 – HKLMSystemCCSServicesTcpip..{8A90DE1D-E118-4A1B-8C70-86212A98DAF4}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCS1ServicesTcpip..{8A90DE1D-E118-4A1B-8C70-86212A98DAF4}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCS3ServicesTcpip..{8A90DE1D-E118-4A1B-8C70-86212A98DAF4}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s

—\ Protocole additionnel (O18)
O18 – Handler: wia – {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation – WIA Scripting Layer.) — C:WINDOWSsystem32wiascr.dll
O18 – Filter: text/webviewhtml – {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation – DLL commune du shell Windows.) — C:WINDOWSsystem32SHELL32.dll
~ Protocole Additionnel: Scanned in 00mn 00s

—\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 – Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. – ATI External Event Utility DLL Module.) — C:WINDOWSsystem32Ati2evxx.dll
O20 – Winlogon Notify: crypt32chain . (.Microsoft Corporation – Crypto API32.) — C:WINDOWSsystem32crypt32.dll
O20 – Winlogon Notify: cryptnet . (.Microsoft Corporation – Crypto Network Related API.) — C:WINDOWSsystem32cryptnet.dll
O20 – Winlogon Notify: cscdll . (.Microsoft Corporation – Agent réseau hors connexion.) — C:WINDOWSsystem32cscdll.dll
O20 – Winlogon Notify: dimsntfy . (.Microsoft Corporation – DIMS Notification Handler.) — C:WINDOWSsystem32dimsntfy.dll
O20 – Winlogon Notify: ScCertProp . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
O20 – Winlogon Notify: Schedule . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
O20 – Winlogon Notify: sclgntfy . (.Microsoft Corporation – DLL secondaire de notification de service d.) — C:WINDOWSsystem32sclgntfy.dll
O20 – Winlogon Notify: SensLogn . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32WlNotify.dll
O20 – Winlogon Notify: termsrv . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
O20 – Winlogon Notify: wlballoon . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
~ Winlogon: Scanned in 00mn 00s

—\ Liste des services NT non Microsoft et non désactivés (O23)
O23 – Service: (MBAMService) . (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) – C:Program FilesMalwarebytes’ Anti-Malwarembamservice.exe
~ Services: 6 Legitimates Filtered in 00mn 04s

—\ Enumération Active Desktop & MHTML Editor (O24)
O24 – Desktop General: BackupWallPaper – .(…) – C:Documents and SettingssergeLocal SettingsApplication DataMicrosoftWallpaper1.bmp
O24 – Desktop General: WallPaper – .(…) – C:Documents and SettingssergeLocal SettingsApplication DataMicrosoftWallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s

—\ Tâches planifiées en automatique (O39)
O39 – APT:Automatic Planified Task – C:WINDOWSTasksAllyrics-16-codedownloader.job [1236] =>Adware.AddLyrics
O39 – APT:Automatic Planified Task – C:WINDOWSTasksAllyrics-16-enabler.job [1136] =>Adware.AddLyrics
O39 – APT:Automatic Planified Task – C:WINDOWSTasksAllyrics-16-updater.job [1330] =>Adware.AddLyrics
O39 – APT:Automatic Planified Task – C:WINDOWSTasksAt1.job [460]
O39 – APT:Automatic Planified Task – C:WINDOWSTasksAt2.job [460]
O39 – APT:Automatic Planified Task – C:WINDOWSTasksAt3.job [460]
O39 – APT:Automatic Planified Task – C:WINDOWSTasksAt4.job [460]
~ Scheduled Task: 8 Legitimates Filtered in 00mn 00s

—\ Logiciels installés (O42)
O42 – Logiciel: Bubble Shooter v1.0 – (.Nowstat.com.) [HKLM] — {6BB5561C-207B-4D74-9038-FF6FA338F998}_is1
~ Logic: 59 Legitimates Filtered in 00mn 00s

—\ HKCU & HKLM Software Keys
[HKCUSoftwareWEDLMNGR] =>PUP.weDownloadManager
~ Key Software: 121 Legitimates Filtered in 00mn 00s

—\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 – CFD: 18/10/2013 – 07:40:28 – [0,934] —-D C:Program FilesBSHOOTER.com
O43 – CFD: 18/10/2013 – 11:08:07 – [1,102] —-D C:Program FilesNowstat.com
O43 – CFD: 16/10/2013 – 21:24:48 – [0] —-D C:Documents and SettingsAll UsersApplication DataAPN
O43 – CFD: 18/10/2013 – 07:40:29 – [0,001] —-D C:Documents and SettingssergeApplication DataBSHOOTER.com
~ Program Folder: 86 Legitimates Filtered in 00mn 04s

—\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 – LFC:[MD5.2CE7B1EEB99C14032C0E2201B004F80E] – 16/10/2013 – 13:41:27 —A- . (…) — C:WINDOWSsystem32wmimgmt.msc [63488]
O44 – LFC:[MD5.CDD932EDCB756FB5F7CE5E2F090BA838] – 16/10/2013 – 13:41:31 —A- . (…) — C:WINDOWSsystem32msdtcprf.h [768]
O44 – LFC:[MD5.FDA18F513403E67CAE9BF0D2DD948B28] – 16/10/2013 – 13:41:31 —A- . (…) — C:WINDOWSsystem32msdtcprf.ini [3914]
O44 – LFC:[MD5.4A547D74B435E78418BE06406250C1D3] – 16/10/2013 – 13:41:32 —A- . (…) — C:WINDOWSsystem32tslabels.h [3286]
O44 – LFC:[MD5.F9A14C7B36E10052A1B0F071BC3C1C65] – 16/10/2013 – 13:41:32 —A- . (…) — C:WINDOWSsystem32tslabels.ini [27768]
O44 – LFC:[MD5.9F27B27C8405FEAF7DFC4DA3751DEF22] – 16/10/2013 – 13:41:32 —A- . (…) — C:WINDOWSsystem32usrlogon.cmd [1263]
O44 – LFC:[MD5.405E1EF8E3C88E9BCD2853382BB12430] – 16/10/2013 – 13:41:33 —A- . (…) — C:WINDOWSsystem32bopomofo.uce [22984]
O44 – LFC:[MD5.39F43DBCE366B2561DF073B4C0839299] – 16/10/2013 – 13:41:34 —A- . (…) — C:WINDOWSBulles de savon.bmp [65978]
O44 – LFC:[MD5.DAC71A10A6A71CB6E3F427AE3283734B] – 16/10/2013 – 13:41:34 —A- . (…) — C:WINDOWSRosace bleue 16.bmp [1272]
O44 – LFC:[MD5.73D70ED3EC3BBFD8FD35DF431C38F374] – 16/10/2013 – 13:41:34 —A- . (…) — C:WINDOWSTasse à café.bmp [17062]
O44 – LFC:[MD5.4FDED87068052EEB9B72A97FDBC141DB] – 16/10/2013 – 13:41:34 —A- . (…) — C:WINDOWSsystem32gb2312.uce [24006]
O44 – LFC:[MD5.038F6AD6CEE43585D814CDBC7CDFD3EC] – 16/10/2013 – 13:41:34 —A- . (…) — C:WINDOWSsystem32ideograf.uce [60458]
O44 – LFC:[MD5.7C0C25F4BA1084C4ABBEEA2C74194C5F] – 16/10/2013 – 13:41:34 —A- . (…) — C:WINDOWSsystem32kanji_1.uce [6948]
O44 – LFC:[MD5.529BBD63519BBD654EF328454019693F] – 16/10/2013 – 13:41:34 —A- . (…) — C:WINDOWSsystem32kanji_2.uce [8484]
O44 – LFC:[MD5.7A7A04370A6030B9B0E8178DAD4A6E41] – 16/10/2013 – 13:41:34 —A- . (…) — C:WINDOWSsystem32korean.uce [12876]
O44 – LFC:[MD5.8CA32E9D986FA76F60EFBCFCD9D80A58] – 16/10/2013 – 13:41:34 —A- . (…) — C:WINDOWSsystem32shiftjis.uce [16740]
O44 – LFC:[MD5.30F5568679A54042F99CA9EC1102EBCD] – 16/10/2013 – 13:41:34 —A- . (…) — C:WINDOWSsystem32subrange.uce [93702]
O44 – LFC:[MD5.1AC5E83598D4F2143B59A2D893C3279A] – 16/10/2013 – 13:41:35 —A- . (…) — C:WINDOWSGranit vert.bmp [26582]
O44 – LFC:[MD5.203EF178BF8B0A8EC34E27E4DEDB6349] – 16/10/2013 – 13:41:35 —A- . (…) — C:WINDOWSJour de pêche.bmp [17336]
O44 – LFC:[MD5.EB3BFC14E41FBAA41B4FD4489AA82D39] – 16/10/2013 – 13:41:35 —A- . (…) — C:WINDOWSMur de Santa Fe.bmp [65832]
O44 – LFC:[MD5.3A8B85AB7B415BF3F8AFE285DFE0CE29] – 16/10/2013 – 13:41:35 —A- . (…) — C:WINDOWSPlume.bmp [16730]
O44 – LFC:[MD5.927A66BD587E31CB12D3AB25381658DC] – 16/10/2013 – 13:41:35 —A- . (…) — C:WINDOWSRhododendron.bmp [17362]
O44 – LFC:[MD5.5B4AC407E566076BB726BA91E067D313] – 16/10/2013 – 13:41:35 —A- . (…) — C:WINDOWSRivière Sumida.bmp [26680]
O44 – LFC:[MD5.280920B6773C74C3649A934257112BE1] – 16/10/2013 – 13:41:35 —A- . (…) — C:WINDOWSVent de prairie.bmp [65954]
O44 – LFC:[MD5.5290EA6951F4724259F423B12C8E1393] – 16/10/2013 – 13:41:35 —A- . (…) — C:WINDOWSZapotec.bmp [9522]
O44 – LFC:[MD5.487403459F0B2F1A3ADEEF02496BD80E] – 16/10/2013 – 13:42:15 —A- . (…) — C:WINDOWSvb.ini [36]
O44 – LFC:[MD5.6C2F0BA210C2B53EF07653ABAC6C2490] – 16/10/2013 – 13:42:15 —A- . (…) — C:WINDOWSvbaddin.ini [37]
O44 – LFC:[MD5.81051BCC2CF1BEDF378224B0A93E2877] – 16/10/2013 – 13:43:21 —A- . (…) — C:WINDOWSdesktop.ini [2]
O44 – LFC:[MD5.81051BCC2CF1BEDF378224B0A93E2877] – 16/10/2013 – 13:43:21 —A- . (…) — C:WINDOWSsystem32desktop.ini [2]
O44 – LFC:[MD5.CE45BE933AA8CF23B3469FE761C27A32] – 16/10/2013 – 13:43:21 -SH– . (…) — C:WINDOWSwinnt.bmp [49102]
O44 – LFC:[MD5.CE45BE933AA8CF23B3469FE761C27A32] – 16/10/2013 – 13:43:21 -SH– . (…) — C:WINDOWSwinnt256.bmp [49102]
O44 – LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] – 16/10/2013 – 13:44:36


. (…) — C:AUTOEXEC.BAT [0]
O44 – LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] – 16/10/2013 – 13:44:36


. (…) — C:CONFIG.SYS [0]
O44 – LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] – 16/10/2013 – 13:44:36


. (…) — C:IO.SYS [0]
O44 – LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] – 16/10/2013 – 13:44:36


. (…) — C:MSDOS.SYS [0]
O44 – LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] – 16/10/2013 – 13:44:36 —A- . (…) — C:WINDOWScontrol.ini [0]
O44 – LFC:[MD5.AD05ECA6822949899B39996C9C0DF593] – 16/10/2013 – 14:03:21 R–A- . (…) — C:WINDOWSsystem32atiicdxx.dat [176216]
O44 – LFC:[MD5.31B434EDEC919137787CABF10E76266B] – 16/10/2013 – 14:03:21 R–A- . (…) — C:WINDOWSsystem32ativvaxx.dat [3107788]
O44 – LFC:[MD5.31B434EDEC919137787CABF10E76266B] – 16/10/2013 – 14:03:25 R–A- . (…) — C:WINDOWSsystem32ativva5x.dat [3107788]
O44 – LFC:[MD5.C23E3A4C7004D634A5C2E02841B3E3D4] – 16/10/2013 – 14:03:26 R–A- . (…) — C:WINDOWSsystem32ativva6x.dat [887724]
O44 – LFC:[MD5.84086D3595E62266A72CE6B19E9BF569] – 16/10/2013 – 14:03:28 R–A- . (…) — C:WINDOWSsystem32atifglpf.xml [7167]
O44 – LFC:[MD5.23848BA090CF6FD1130C27901C0FD1C7] – 16/10/2013 – 14:03:30 R–A- . (…) — C:WINDOWSatiogl.xml [14696]
O44 – LFC:[MD5.292CE38F68F98FC74FFCB3A7D39B1356] – 16/10/2013 – 14:03:32 —A- . (.Pas de propriétaire – ATI Smart.) — C:WINDOWSsystem32ati2sgag.exe [593920]
O44 – LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] – 16/10/2013 – 14:10:31 —A- . (…) — C:WINDOWSativpsrm.bin [0]
O44 – LFC:[MD5.19166026A93206F9C6A8CD3A1F010AE4] – 16/10/2013 – 14:15:57 —A- . (…) — C:WINDOWSsystem32DriversASUSHWIO.SYS [10296]
O44 – LFC:[MD5.D48659BB24C48345D926ECB45C1EBDF5] – 16/10/2013 – 14:16:08 R–A- . (.Pas de propriétaire – ATK0110 ACPI Utility.) — C:WINDOWSsystem32DriversASACPI.sys [5810]
O44 – LFC:[MD5.43C3571EADA5BC1EDEAD7CA22AD66F30] – 16/10/2013 – 14:33:18 R—- . (…) — C:WINDOWSsystem32ChCfg.exe [49152]
O44 – LFC:[MD5.C34AFC859EF56561A36969FC8BC4E59F] – 16/10/2013 – 14:33:21


. (…) — C:WINDOWSUSetup.iss [636]
O44 – LFC:[MD5.6D0634CEBBFF7F428DD816706F5AA1FB] – 16/10/2013 – 14:36:38 —A- . (…) — C:WINDOWSsystem32BuzzingBee.wav [146650]
O44 – LFC:[MD5.E2FA75ADE398C9A44815B11CC141105C] – 16/10/2013 – 14:36:38 —A- . (…) — C:WINDOWSsystem32LoopyMusic.wav [940794]
O44 – LFC:[MD5.ADAA34740E9F6AFF94CC75D5CF8ED7E2] – 16/10/2013 – 14:40:11 —A- . (…) — C:WINDOWSsystem32DriversAsInsHelp32.sys [10216]
O44 – LFC:[MD5.EDAA17CE771C696655B6585F7CAD2100] – 16/10/2013 – 14:40:11 —A- . (…) — C:WINDOWSsystem32DriversAsInsHelp64.sys [11832]
O44 – LFC:[MD5.2B4E66FAC6503494A2C6F32BB6AB3826] – 16/10/2013 – 14:40:13 R–A- . (…) — C:WINDOWSsystem32DriversAsIO.sys [12400]
O44 – LFC:[MD5.212F87EE837B4E35E43A93BBFC44E7A7] – 16/10/2013 – 14:40:13 R–A- . (.Pas de propriétaire – AsIO DLL.) — C:WINDOWSsystem32AsIO.dll [24576]
O44 – LFC:[MD5.F08DBD8C48A168818A3DFC28929EE6B5] – 16/10/2013 – 15:33:23 —A- . (…) — C:WINDOWSsystem32AUTOEXEC.NT [1896]
O44 – LFC:[MD5.486E0B1BC94C346E5C352C295388C803] – 16/10/2013 – 15:33:23 —A- . (…) — C:WINDOWSsystem32CONFIG.TMP [3072]
O44 – LFC:[MD5.6CB26848BCDAA361B6EE21264FB362C3] – 16/10/2013 – 15:33:28 —A- . (…) — C:WINDOWSsystem32c_20127.nls [66082]
O44 – LFC:[MD5.5D038EEABA8EA438F6B5ABD5E91BC851] – 16/10/2013 – 15:33:34 —A- . (…) — C:WINDOWSsystem32C_28594.NLS [66082]
O44 – LFC:[MD5.B537ACFAB9E70F0EF48DB696A08ADC81] – 16/10/2013 – 15:33:37 —A- . (…) — C:WINDOWSsystem32C_28597.NLS [66082]
O44 – LFC:[MD5.E22D1B9AC7854C0A654E4C4232074E49] – 16/10/2013 – 15:33:41 —A- . (…) — C:WINDOWSsystem32C_28595.NLS [66082]
O44 – LFC:[MD5.C37A21EE1ADFDC13FC707D97073148ED] – 16/10/2013 – 15:33:45 —A- . (…) — C:WINDOWSsystem32c_28599.nls [66082]
O44 – LFC:[MD5.35448F3A71EBBECF8E997FAD3A99327D] – 16/10/2013 – 15:33:48 —A- . (…) — C:WINDOWSsystem32c_28603.nls [66082]
O44 – LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] – 16/10/2013 – 15:36:13


. (…) — C:WINDOWSSti_Trace.log [0]
O44 – LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] – 16/10/2013 – 15:39:58 —A- . (…) — C:WINDOWSsystem32h323log.txt [0]
O44 – LFC:[MD5.E6976980F6A8AF277850580F9E883334] – 16/10/2013 – 16:22:26 —A- . (…) — C:WINDOWSsystem32wpa.bak [13688]
O44 – LFC:[MD5.F69E47705350A9A147B7561DCCD3AD64] – 16/10/2013 – 18:17:15 —A- . (…) — C:WINDOWSsystem32emptyregdb.dat [23016]
O44 – LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] – 16/10/2013 – 18:17:32 R-HA- . (…) — C:WINDOWSWindowsShell.Manifest [749]
O44 – LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] – 16/10/2013 – 18:17:32 R-HA- . (…) — C:WINDOWSsystem32cdplayer.exe.manifest [749]
O44 – LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] – 16/10/2013 – 18:17:32 R-HA- . (…) — C:WINDOWSsystem32ncpa.cpl.manifest [749]
O44 – LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] – 16/10/2013 – 18:17:32 R-HA- . (…) — C:WINDOWSsystem32nwc.cpl.manifest [749]
O44 – LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] – 16/10/2013 – 18:17:32 R-HA- . (…) — C:WINDOWSsystem32sapi.cpl.manifest [749]
O44 – LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] – 16/10/2013 – 18:17:32 R-HA- . (…) — C:WINDOWSsystem32wuaucpl.cpl.manifest [749]
O44 – LFC:[MD5.5D76C3FB736514E1D7C88791E7322784] – 16/10/2013 – 18:17:36 R-HA- . (…) — C:WINDOWSsystem32WindowsLogon.manifest [488]
O44 – LFC:[MD5.5D76C3FB736514E1D7C88791E7322784] – 16/10/2013 – 18:17:36 R-HA- . (…) — C:WINDOWSsystem32logonui.exe.manifest [488]
O44 – LFC:[MD5.2B9C717D21A1331BA3731886E3EE87BB] – 16/10/2013 – 18:18:05 —A- . (…) — C:WINDOWSODBCINST.INI [4205]
O44 – LFC:[MD5.6D6F4B1886E91EB37ABCCAD19C561EE0] – 16/10/2013 – 18:18:15 —A- . (…) — C:WINDOWSsystem32amcompat.tlb [16832]
O44 – LFC:[MD5.A32B14BE5EDAE794FCE1A9E970827509] – 16/10/2013 – 18:18:15 —A- . (…) — C:WINDOWSsystem32nscompat.tlb [23392]
O44 – LFC:[MD5.9F22340864280CAEF375BB43B5E9C799] – 16/10/2013 – 18:19:58 —A- . (…) — C:WINDOWSsystem32$winnt$.inf [288]
O44 – LFC:[MD5.7794C3221F670DE270586A2CF6E68383] – 16/10/2013 – 18:51:56


. (…) — C:ntldr [252240]
O44 – LFC:[MD5.8E59F9BE251C8AE32A1CEB068B3F96B1] – 16/10/2013 – 18:52:04


. (…) — C:WINDOWSsystem32Driversativmc20.cod [64352]
O44 – LFC:[MD5.3194C32E8A2403073B812183355E25C6] – 16/10/2013 – 18:52:04


. (…) — C:WINDOWSsystem32Driverscxthsfs2.cty [129045]
O44 – LFC:[MD5.905CB655E93D39C97E078A3C4C884F31] – 16/10/2013 – 18:52:04


. (…) — C:WINDOWSsystem32Driversnetwlan5.img [67866]
O44 – LFC:[MD5.A408398F783A9DBFEB0C7B76F5DBF901] – 16/10/2013 – 18:58:53 —A- . (…) — C:WINDOWSsystem32spupdwxp.log [259]
O44 – LFC:[MD5.DC17DD0189B0C36D863B4DD0A036C10F] – 16/10/2013 – 18:59:12 —A- . (…) — C:WINDOWSWMSysPr9.prx [316640]
O44 – LFC:[MD5.DDB9B5C1CE074274D74B8A7910C97208] – 16/10/2013 – 19:01:58 —A- . (…) — C:WINDOWSsystem32msdvbnp.ax [52224]
O44 – LFC:[MD5.5319BF20F48884E594F84097A600424B] – 16/10/2013 – 19:01:58 —A- . (…) — C:WINDOWSsystem32psisdecd.dll [354816]
O44 – LFC:[MD5.E93D7D262A33D14AEF13398AB83FE08B] – 16/10/2013 – 19:01:58 —A- . (…) — C:WINDOWSsystem32psisrndr.ax [30208]
O44 – LFC:[MD5.40C03F83C21D3D8F2634EF7879755773] – 16/10/2013 – 19:22:03


. (…) — C:RHDSetup.log [573]
O44 – LFC:[MD5.2907011680E6EFEC615CD8873A897F12] – 16/10/2013 – 19:25:48 —A- . (…) — C:WINDOWSAscd_tmp.ini [38073]
O44 – LFC:[MD5.70509087597627A322EA5882512958EC] – 16/10/2013 – 19:30:19 —A- . (…) — C:WINDOWSsetup.iss [670]
O44 – LFC:[MD5.32A1C6071532FB086A1F705F20BBE727] – 16/10/2013 – 19:30:34 —A- . (…) — C:WINDOWSAscd_log.ini [38464]
O44 – LFC:[MD5.7017E85C07D36E624D78232433B1A724] – 17/10/2013 – 06:21:00 —A- . (…) — C:WINDOWSsystem32TZLog.log [6144]
O44 – LFC:[MD5.9C1DAF23C0CD86BCCC5B5FA0F630AB03] – 17/10/2013 – 06:48:30 —A- . (…) — C:WINDOWSsystem32lvcoinst.log [2497]
O44 – LFC:[MD5.C9DD76D0EF94637C77FF8CA5E0FB0684] – 17/10/2013 – 07:28:07 —A- . (…) — C:WINDOWSsystem.ini [227]
O44 – LFC:[MD5.5B8F9069273361E81D610962C7901BD6] – 17/10/2013 – 07:28:07 —A- . (…) — C:WINDOWSwin.ini [477]
O44 – LFC:[MD5.69302A2BF605522B06CE7D7928434998] – 19/10/2013 – 12:06:22


. (…) — C:RstAssociations.txt [669]
O44 – LFC:[MD5.A50E10B5380F277C90CF0FBA4341678E] – 20/10/2013 – 08:31:25


. (…) — C:UsbFix [Clean 2] MAURICETTE.txt [4428]
O44 – LFC:[MD5.388A9F58C76174D4CC7022D0C050D01A] – 20/10/2013 – 14:59:01 —A- . (…) — C:WINDOWSntbtlog.txt [179326]
O44 – LFC:[MD5.CD8F3C8A9E405BDB35A7CD49279DA093] – 20/10/2013 – 15:05:05


. (…) — C:UsbFix [Scan 1] MAURICETTE.txt [2807]
O44 – LFC:[MD5.FA5E9BA6438D641B6EB4047615B3A232] – 20/10/2013 – 15:11:21 —A- . (…) — C:UsbFix [Clean 1] MAURICETTE.txt [5331]
O44 – LFC:[MD5.9BD5156B98D5B3823CEC04FCAEC7F1E4] – 20/10/2013 – 15:34:49 —A- . (…) — C:UsbFix [Scan 2] MAURICETTE.txt [4558]
O44 – LFC:[MD5.DAA64C767C30EDEB7F5E0BDFAE6CE2EC] – 20/10/2013 – 15:44:55 —A- . (…) — C:WINDOWSsystem32ativvaxx.cap [54376]
O44 – LFC:[MD5.DD86E6B8628A07F253A1E04228609E47] – 20/10/2013 – 15:45:18 —A- . (…) — C:WINDOWSwiadebug.log [159]
O44 – LFC:[MD5.95DD4D20614213001A323D5D7A029305] – 20/10/2013 – 15:45:18 —A- . (…) — C:WINDOWSwiaservc.log [50]
~ Files: 470 Legitimates Filtered in 00mn 52s

—\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 – LFCP:[MD5.53943FD0D53082D794A232E8849EB736] – 18/10/2013 – 15:19:50 —A- – C:WINDOWSPrefetchCREXTP8H.EXE-1674F5B6.pf
O45 – LFCP:[MD5.8D13446A66750D109F6637DF44EB15E1] – 18/10/2013 – 15:36:38 —A- – C:WINDOWSPrefetch8HSRCHMN.EXE-119C4D72.pf
O45 – LFCP:[MD5.DCCD3CCBCE13EF191EAE0CCA2668DE26] – 18/10/2013 – 18:52:16 —A- – C:WINDOWSPrefetchINS50.TMP-27D3581E.pf
O45 – LFCP:[MD5.86C57A7E2C8CBDF200C8EFD628E02795] – 18/10/2013 – 18:52:17 —A- – C:WINDOWSPrefetchBUBBLESHOOTER.EXE-10615A56.pf
O45 – LFCP:[MD5.54DD9F41BEBE0D857F730C6A83A4C2AC] – 19/10/2013 – 12:06:07 —A- – C:WINDOWSPrefetchRSTASSOCIATIONS[1].SCR-3A5A704A.pf
O45 – LFCP:[MD5.B2BD4AD4F61D226AD1E5BA3659510D2E] – 19/10/2013 – 12:31:00 —A- – C:WINDOWSPrefetchWEDOWNLOAD MANAGER-CODEDOWNLO-0A55EBB7.pf =>PUP.weDownloadManager
O45 – LFCP:[MD5.E4474629974B433E51C62D038F457711] – 19/10/2013 – 12:31:00 —A- – C:WINDOWSPrefetchWEDOWNLOAD MANAGER-ENABLER.EX-120BAD7B.pf =>PUP.weDownloadManager
O45 – LFCP:[MD5.AA0F9C5962D5E5E7B895B24F2E785AD5] – 19/10/2013 – 12:31:01 —A- – C:WINDOWSPrefetchWEDOWNLOAD MANAGER-UPDATER.EX-07FBE0BE.pf =>PUP.weDownloadManager
O45 – LFCP:[MD5.F9676D3CB71FC15CE8D32DC57295892D] – 19/10/2013 – 13:55:27 —A- – C:WINDOWSPrefetchTESTDISK_WIN.EXE-05467CD9.pf
O45 – LFCP:[MD5.C32418489A96C5F61C0F468266DEB7EC] – 19/10/2013 – 16:13:00 —A- – C:WINDOWSPrefetchDUUQUCRASHHANDLER.EXE-30FB2A3D.pf =>Toolbar.DeltaSearch
O45 – LFCP:[MD5.FDD485D00B924EC295FEFE674344FF60] – 19/10/2013 – 16:26:24 —A- – C:WINDOWSPrefetchNSH11.EXE-13DC7AE2.pf
O45 – LFCP:[MD5.852701B68E91C97997643431846D96C1] – 19/10/2013 – 16:26:39 —A- – C:WINDOWSPrefetchCLTMNGSVC.EXE-147F4578.pf
O45 – LFCP:[MD5.C81FF7EE250D00BE66B5931CE199DF6E] – 19/10/2013 – 16:26:39 —A- – C:WINDOWSPrefetchSPRUNNER.EXE-0FC6701B.pf
O45 – LFCP:[MD5.0A42B8784AED55C09BA54B64CAB13FF7] – 19/10/2013 – 16:27:06 —A- – C:WINDOWSPrefetchUTILS.EXE-3105085B.pf
O45 – LFCP:[MD5.2628B1DFB7793B12957C22EE972C9D2C] – 19/10/2013 – 16:27:10 —A- – C:WINDOWSPrefetchWEDOWNLOAD MANAGER-ENABLER.EX-1248A1AC.pf =>PUP.weDownloadManager
O45 – LFCP:[MD5.8D9B097028A5C8A659A1F917CD56E609] – 19/10/2013 – 16:57:36 —A- – C:WINDOWSPrefetchSIXENGINE.EXE-2D5C0F37.pf
O45 – LFCP:[MD5.072EE8F2AE7AA62E5BCB9C6BB6C57C60] – 20/10/2013 – 00:38:52 —A- – C:WINDOWSPrefetchBUBBLE SHOOTER V1.0.EXE-0288F0BA.pf
O45 – LFCP:[MD5.C53496D2C0AB35645AE72154B93FDF68] – 20/10/2013 – 06:35:01 —A- – C:WINDOWSPrefetchOPEN-CONFIG[1].EXE-2242C86C.pf
O45 – LFCP:[MD5.F980B62E20AFB2E224C3F332E2C57E0C] – 20/10/2013 – 09:52:16 —A- – C:WINDOWSPrefetchSHANGHAI_DYNASTY.EXE-0A9EB5D2.pf
O45 – LFCP:[MD5.CCB7D3CA1B546C3D14568F8109846CFD] – 20/10/2013 – 15:30:22 —A- – C:WINDOWSPrefetchGO.EXE-39722D3E.pf
O45 – LFCP:[MD5.F184BBA0072D0C537E0084CCEAC6122E] – 20/10/2013 – 15:37:36 —A- – C:WINDOWSPrefetchSIGCHECK.COM-3573C390.pf
~ Prefetcher: 125 Legitimates Filtered in 00mn 00s

—\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 – SEH:ShellExecuteHooks – URL Exec Hook – {AEB6717E-7E19-11d0-97EE-00C04FD91972} – shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s

—\ Export de clé d’application autorisée (O47)
O47 – AAKE:Key Export SP – “C:Documents and SettingssergeLocal SettingsTemporary Internet FilesContent.IE507XON4Vpjjoint_uploader[1].exe” [Enabled] .(…) — C:Documents and SettingssergeLocal SettingsTemporary Internet FilesContent.IE507XON4Vpjjoint_uploader[1].exe (.not file.)
~ Keys Export: 7 Legitimates Filtered in 00mn 00s

—\ Image File Execution Options (IFEO) (O50)
O50 – IFEO:Image File Execution Options – Your Image File Name Here without a path – ntsd -d
~ IFEO: Scanned in 00mn 00s

—\ Liste des pilotes du système (SDL) (O58)
O58 – SDL:[MD5.D48659BB24C48345D926ECB45C1EBDF5] – 13/08/2004 – 11:56:20 R–A- . (.Pas de propriétaire – ATK0110 ACPI Utility.) — C:WINDOWSsystem32DriversASACPI.sys [5810]
O58 – SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] – 05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ansi.sys [9037]
~ Drivers: 5 Legitimates Filtered in 00mn 00s

—\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 – LFC: 17/10/2013 – 16:49:42 —A- . (…) — C:Documents and SettingssergeApplication DataMicrosoftInternet ExplorerQuick LaunchMozilla Firefox (2).lnk [724]
O61 – LFC: 17/10/2013 – 16:49:42 —A- . (…) — C:Documents and SettingssergeApplication DataMicrosoftInternet ExplorerQuick LaunchMozilla Firefox.lnk [742]
O61 – LFC: 17/10/2013 – 16:49:42 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxCrash ReportsInstallTime20130910160258 [10]
O61 – LFC: 17/10/2013 – 16:49:42 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultaddons.sqlite [524288]
O61 – LFC: 17/10/2013 – 16:49:42 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultblocklist.xml [81365]
O61 – LFC: 17/10/2013 – 16:49:42 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultbookmarkbackupsbookmarks-2013-10-17.json [3197]
O61 – LFC: 17/10/2013 – 16:49:42 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultcontent-prefs.sqlite [229376]
O61 – LFC: 17/10/2013 – 16:49:42 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultformhistory.sqlite [196608]
O61 – LFC: 17/10/2013 – 16:49:42 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaulthealthreport.sqlite [1146880]
O61 – LFC: 17/10/2013 – 16:49:42 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultindexedDBchrome.metadata [0]
O61 – LFC: 17/10/2013 – 16:49:42 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultindexedDBchromeidb2588645841ssegtnti.sqlite [524288]
O61 – LFC: 17/10/2013 – 16:49:42 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultmimeTypes.rdf [3772]
O61 – LFC: 17/10/2013 – 16:49:42 -S-A- . (…) — C:Documents and SettingssergeApplication DataMicrosoftCryptoRSAS-1-5-21-1060284298-515967899-839522115-1004d8558b504e8dac7fdb78814eb7e88dcf_9b94b40f-e7dd-45c5-a95c-344c85121b00 [46]
O61 – LFC: 17/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultpermissions.sqlite [65536]
O61 – LFC: 17/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultprefs.js.bak [6069]
O61 – LFC: 17/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultprefs.js.new [6071]
O61 – LFC: 17/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultsecmod.db [16384]
O61 – LFC: 17/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultsignons.sqlite [327680]
O61 – LFC: 17/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaulttimes.json [29]
O61 – LFC: 17/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeBureaunettoyeursAvira Control Center.lnk [1707]
O61 – LFC: 17/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeBureaunettoyeursAvira Free Antivirus 2013 – Le blog de jaime.over-blog.fr.url [317]
O61 – LFC: 17/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeBureaunettoyeursZHPDiag.lnk [1523] =>.Nicolas Coolman
O61 – LFC: 17/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeBureaunettoyeursZHPFix.lnk [1628] =>.Nicolas Coolman
O61 – LFC: 17/10/2013 – 16:49:53 —A- . (…) — C:Documents and SettingssergeBureauutilitairesVLC media player.lnk [719] =>.VideoLAN
O61 – LFC: 17/10/2013 – 16:49:56 —A- . (…) — C:Documents and SettingssergeFavorisSites Web MicrosoftMicrosoft Store.url [134]
O61 – LFC: 17/10/2013 – 16:49:56 —A- . (…) — C:Documents and SettingssergeFavorisSites Web MicrosoftSite Internet Explorer sur Microsoft.com.url [133]
O61 – LFC: 17/10/2013 – 16:49:56 —A- . (…) — C:Documents and SettingssergeLocal SettingsApplication DataMicrosoftInternet Explorerbrndlog.txt [6525]
O61 – LFC: 17/10/2013 – 16:50:03 —A- . (…) — C:Documents and SettingssergeMes documentscc_20131017_092109.reg [12084]
O61 – LFC: 17/10/2013 – 16:50:03 —A- . (…) — C:Documents and SettingssergeMes documentscc_20131017_092126.reg [288]
O61 – LFC: 18/10/2013 – 16:49:39 —A- . (…) — C:Documents and SettingssergeApplication DataFunnyGamessite.ico [24870]
O61 – LFC: 18/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeBureaujeuxBubble Shooter.lnk [823]
O61 – LFC: 18/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeBureaujeuxShanghai Dynasty.lnk [1901]
O61 – LFC: 18/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeBureaujeuxSpider Solitaire.lnk [1496]
O61 – LFC: 18/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeBureauutilitairesFoxit Reader.lnk [791]
O61 – LFC: 18/10/2013 – 16:49:56 —A- . (…) — C:Documents and SettingssergeFavorisBubble Shooter.url [4523]
O61 – LFC: 18/10/2013 – 16:49:56 —A- . (…) — C:Documents and SettingssergeFavorisPC Astuces Aide Informatique.url [3768]
O61 – LFC: 18/10/2013 – 16:49:56 —A- . (…) — C:Documents and SettingssergeLocal SettingsApplication DataGDIPFONTCACHEV1.DAT [18128]
O61 – LFC: 18/10/2013 – 16:49:56 —A- . (…) — C:Documents and SettingssergeLocal SettingsApplication DataMicrosoftHelpCtrHelpSessionHistory.dat [8728]
O61 – LFC: 18/10/2013 – 16:49:56 —A- . (…) — C:Documents and SettingssergeLocal SettingsApplication DataMicrosoftInternet Explorerframeiconcache.dat [7010]
O61 – LFC: 18/10/2013 – 16:49:57 —A- . (…) — C:Documents and SettingssergeLocal SettingsApplication DataMicrosoftInternet ExplorerServicessearch_{26125700-00FB-4911-A1AE-6654F9E72460}.ico [1150]
O61 – LFC: 18/10/2013 – 16:49:57 —A- . (…) — C:Documents and SettingssergeLocal SettingsApplication DataMicrosoftInternet ExplorerServicessearch_{BD3873E9-FC9B-41E3-ADAF-9C7CC26DF3A5}.ico [5430]
O61 – LFC: 18/10/2013 – 16:50:03 —A- . (…) — C:Documents and SettingssergeMenu DémarrerProgrammesFunnyGamesFunnyGames.lnk [1452]
O61 – LFC: 18/10/2013 – 16:50:03 —A- . (…) — C:Documents and SettingssergeMenu DémarrerProgrammesFunnyGamesShanghai Dynasty.lnk [1917]
O61 – LFC: 18/10/2013 – 16:50:03 —A- . (…) — C:Documents and SettingssergeMes documentscc_20131018_175958.reg [1774]
O61 – LFC: 18/10/2013 – 16:50:03 —A- . (…) — C:Documents and SettingssergeReport.html [137]
O61 – LFC: 18/10/2013 – 16:50:03 —A- . (…) — C:Documents and SettingssergeSendTodisque D.lnk [275]
O61 – LFC: 18/10/2013 – 16:50:03 —A- . (…) — C:Documents and SettingssergeSendTodisque E.lnk [275]
O61 – LFC: 18/10/2013 – 16:50:03 —A- . (…) — C:Documents and SettingssergeSendTodisque F.lnk [129]
O61 – LFC: 18/10/2013 – 16:50:03 —A- . (…) — C:Documents and SettingssergeSendTodisque ext H.lnk [129]
O61 – LFC: 18/10/2013 – 16:50:03 —A- . (…) — C:Documents and SettingssergeSendTograveur J.lnk [145]
O61 – LFC: 19/10/2013 – 16:49:42 —A- . (…) — C:Documents and SettingssergeApplication DataMicrosoftWindowsThemesCustom.theme [8234]
O61 – LFC: 19/10/2013 – 16:49:42 -SHA- . (…) — C:Documents and SettingssergeApplication DataMicrosoftInternet ExplorerDesktop.htt [2698]
O61 – LFC: 19/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeApplication Datavlcml.xspf [304]
O61 – LFC: 19/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeApplication Datavlcvlcrc [83997]
O61 – LFC: 19/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeBureauutilitairestestdisk-6.14.wintestdisk-6.1463cygwin [1534]
O61 – LFC: 19/10/2013 – 16:49:44 —A- . (…) — C:Documents and SettingssergeBureauutilitairestestdisk-6.14.wintestdisk-6.14caméscopePRG005MOV00A.MOD [13959168]
O61 – LFC: 19/10/2013 – 16:49:44 —A- . (…) — C:Documents and SettingssergeBureauutilitairestestdisk-6.14.wintestdisk-6.14pluginsBartPEGet_Files.cmd [5096]
O61 – LFC: 19/10/2013 – 16:49:44 —A- . (…) — C:Documents and SettingssergeBureauutilitairestestdisk-6.14.wintestdisk-6.14pluginsBartPEHelp.htm [3201]
O61 – LFC: 19/10/2013 – 16:49:44 —A- . (…) — C:Documents and SettingssergeBureauutilitairestestdisk-6.14.wintestdisk-6.14pluginsBartPERESET.cmd [103]
O61 – LFC: 19/10/2013 – 16:49:44 —A- . (…) — C:Documents and SettingssergeBureauutilitairestestdisk-6.14.wintestdisk-6.14pluginsBartPEReadMe.txt [759]
O61 – LFC: 19/10/2013 – 16:49:44 —A- . (…) — C:Documents and SettingssergeBureauutilitairestestdisk-6.14.wintestdisk-6.14pluginsBartPESCRIPTSStart_INF.dat [559]
O61 – LFC: 19/10/2013 – 16:49:44 —A- . (…) — C:Documents and SettingssergeBureauutilitairestestdisk-6.14.wintestdisk-6.14pluginsBartPESCRIPTSStaticINF.dat [1259]
O61 – LFC: 19/10/2013 – 16:49:44 —A- . (…) — C:Documents and SettingssergeBureauutilitairestestdisk-6.14.wintestdisk-6.14pluginsBartPEstart.inf [559]
O61 – LFC: 19/10/2013 – 16:49:44 —A- . (…) — C:Documents and SettingssergeBureauutilitairestestdisk-6.14.wintestdisk-6.14pluginsBartPEtestdisk_nu2menu.xml [607]
O61 – LFC: 19/10/2013 – 16:49:44 —A- . (…) — C:Documents and SettingssergeBureauutilitairestestdisk-6.14.wintestdisk-6.14pluginsWinBuilderHelp.htm [3062]
O61 – LFC: 19/10/2013 – 16:49:44 —A- . (…) — C:Documents and SettingssergeBureauutilitairestestdisk-6.14.wintestdisk-6.14pluginsWinBuilderReadMe.txt [812]
O61 – LFC: 19/10/2013 – 16:49:44 —A- . (…) — C:Documents and SettingssergeBureauutilitairestestdisk-6.14.wintestdisk-6.14pluginsWinBuilderTestDisk.script [4887]
O61 – LFC: 19/10/2013 – 16:49:57 —A- . (…) — C:Documents and SettingssergeLocal SettingsApplication DataMicrosoftInternet Explorertabiconcache.dat [7328]
O61 – LFC: 19/10/2013 – 16:49:57 —A- . (…) — C:Documents and SettingssergeLocal SettingsApplication DataMicrosoftWallpaper1.bmp [17842230]
O61 – LFC: 19/10/2013 – 16:50:02 —A- . (…) — C:Documents and SettingssergeMenu DémarrerProgrammesAccessoiresBloc-notes.lnk [1519] =>.Microsoft Corporation
O61 – LFC: 19/10/2013 – 16:50:03 —A- . (…) — C:Documents and SettingssergeMes documentsfichier.reg [86]
O61 – LFC: 20/10/2013 – 16:49:42 —A- . (…) — C:Documents and SettingssergeApplication DataMicrosoftInternet ExplorerUserDataRKUVDNU8YL[1].xml [98]
O61 – LFC: 20/10/2013 – 16:49:42 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultbookmarkbackupsbookmarks-2013-10-20.json [3197]
O61 – LFC: 20/10/2013 – 16:49:42 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultcert8.db [98304]
O61 – LFC: 20/10/2013 – 16:49:42 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultcookies.sqlite [524288]
O61 – LFC: 20/10/2013 – 16:49:42 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultdownloads.sqlite [98304]
O61 – LFC: 20/10/2013 – 16:49:42 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultextensions.sqlite [458752]
O61 – LFC: 20/10/2013 – 16:49:42 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultkey3.db [16384]
O61 – LFC: 20/10/2013 – 16:49:42 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultlocalstore.rdf [3294]
O61 – LFC: 20/10/2013 – 16:49:42 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultparent.lock [0]
O61 – LFC: 20/10/2013 – 16:49:42 -SHA- . (…) — C:Documents and SettingssergeApplication DataMicrosoftInternet ExplorerUserDataindex.dat [32768]
O61 – LFC: 20/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultplaces.sqlite [10485760]
O61 – LFC: 20/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultpluginreg.dat [4429]
O61 – LFC: 20/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultprefs.js [7110]
O61 – LFC: 20/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultsearch.json [12858]
O61 – LFC: 20/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultsessionstore.bak [158613]
O61 – LFC: 20/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultsessionstore.js [162648]
O61 – LFC: 20/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaulturlclassifierkey3.txt [154]
O61 – LFC: 20/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultwebappswebapps.json [2]
O61 – LFC: 20/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultwebappsstore.sqlite [131072]
O61 – LFC: 20/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeApplication DataZHPLog.txt [66470] =>.Nicolas Coolman
O61 – LFC: 20/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeApplication DataZHPTestsZHPDiag.txt [3190] =>.Nicolas Coolman
O61 – LFC: 20/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeBureauSosVirus Forum Gratuit.lnk [1761]
O61 – LFC: 20/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeBureauUsbFix Faire un Don.lnk [1777]
O61 – LFC: 20/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeBureaunettoyeursMalekal’s forum • Open-config Programmes utiles.url [2700]
O61 – LFC: 20/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeBureaunettoyeursSosVirus Forum Gratuit.lnk [1761]
O61 – LFC: 20/10/2013 – 16:49:43 —A- . (…) — C:Documents and SettingssergeBureaunettoyeursUsbFix – Télécharger UsbFix (Gratuit).url [186]
O61 – LFC: 20/10/2013 – 16:49:53 —A- . (…) — C:Documents and SettingssergeBureauZHPDiag.lnk [1523] =>.Nicolas Coolman
O61 – LFC: 20/10/2013 – 16:49:53 —A- . (…) — C:Documents and SettingssergeBureauZHPFix.lnk [1628] =>.Nicolas Coolman
O61 – LFC: 20/10/2013 – 16:49:56 -SHA- . (…) — C:Documents and SettingssergeIETldCacheindex.dat [262144]
O61 – LFC: 20/10/2013 – 16:50:00 —A- . (…) — C:Documents and SettingssergeLocal SettingsApplication DataMozillaFirefoxProfilesp8d2c7fm.defaultstartupCachestartupCache.4.little [1204230]
O61 – LFC: 20/10/2013 – 16:50:01 —A- . (…) — C:Documents and SettingssergeLocal SettingsApplication DataMozillaFirefoxProfilesp8d2c7fm.default_CACHE_CLEAN_ [1]
O61 – LFC: 20/10/2013 – 16:50:03 —A- . (…) — C:Documents and SettingssergeMes documentsUsbFix [Scan 2] MAURICETTE.txt [4558]
O61 – LFC: 20/10/2013 – 16:50:03 —A- . (…) — C:Documents and SettingssergeMes documentscc_20131016_210743.reg [2214]
O61 – LFC: 20/10/2013 – 16:50:03 —A- . (…) — C:Documents and SettingssergeRecentAdwCleaner.lnk [393]
O61 – LFC: 20/10/2013 – 16:50:03 —A- . (…) — C:Documents and SettingssergeRecentAdwCleaner[S1].txt.lnk [566]
O61 – LFC: 20/10/2013 – 16:50:03 —A- . (…) — C:Documents and SettingssergeRecentDisque local (C).lnk [293]
O61 – LFC: 20/10/2013 – 16:50:03 —A- . (…) — C:Documents and SettingssergeRecentUsbFix [Clean 2] MAURICETTE.txt.lnk [528]
O61 – LFC: 20/10/2013 – 16:50:03 —A- . (…) — C:Documents and SettingssergeRecentUsbFix [Scan 2] MAURICETTE.txt.lnk [657]
O61 – LFC: 20/10/2013 – 16:50:03 -SHA- . (…) — C:Documents and SettingssergePrivacIEindex.dat [2260992]
~ 28 Fichiers temporaires (Temporary files)
~ 259 Fichiers cookies (Cookies files)
~ Files: 712 Legitimates Filtered in 00mn 23s

—\ Liste des outils de désinfection (LATC) (O63)
O63 – Logiciel: UsbFix By El Desaparecido – (.El Desaparecido – http://www.usbfix.net.) [HKLM] — Usbfix
O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

—\ Associations Shell Spawning (O67)
O67 – Shell Spawning: [HKLM..cplopenCommand] (…) — shell32.dll
O67 – Shell Spawning: [HKCR..cplopenCommand] (…) — shell32.dll
~ FASS Keys: 16 Legitimates Filtered in 00mn 00s

—\ Menu de démarrage Internet (SMI) (O68)
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
~ Keys: Scanned in 00mn 00s

—\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
O69 – SBI: SearchScopes [HKCU] {26125700-00FB-4911-A1AE-6654F9E72460} [DefaultScope] – (Jmalaya LiveTV Customized Web Search) – http://search.conduit.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {BD3873E9-FC9B-41E3-ADAF-9C7CC26DF3A5} – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
~ Keys: Scanned in 00mn 00s

—\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS – | Demand 20/10/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:WINDOWSsystem32MacromedFlashFlashPlayerUpdateService.exe
SR – | Auto 17/10/2013 84024 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) – C:Program FilesAviraAntiVir Desktopsched.exe
SR – | Auto 17/10/2013 108088 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) – C:Program FilesAviraAntiVir Desktopavguard.exe
SR – | Auto 11/09/2008 581632 | (Ati HotKey Poller) . (.ATI Technologies Inc..) – C:WINDOWSsystem32Ati2evxx.exe
SS – | Auto 10/09/2008 593920 | (ATI Smart) . (…) – C:WINDOWSsystem32ati2sgag.exe
SS – | Demand 13/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) – C:WINDOWSsystem32dmadmin.exe
SR – | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program FilesMalwarebytes’ Anti-Malwarembamscheduler.exe
SR – | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program FilesMalwarebytes’ Anti-Malwarembamservice.exe
SS – | Demand 11/09/2013 118680 | (MozillaMaintenance) . (.Mozilla Foundation.) – C:Program FilesMozilla Maintenance Servicemaintenanceservice.exe
~ Services: Scanned in 00mn 04s

—\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net” onclick=”window.open(this.href);return false;
Run by serge at 20/10/2013 16:50:30

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
1 ntkrnlpa!IofCallDriver[0x804EF200] >> DeviceHarddisk0DR0[0x8A6AEAB8]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 13 Legitimates Filtered in 00mn 02s

—\ Recherche d’infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
Run by serge at 20/10/2013 16:50:32

********* Dump file Name *********
C:PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s

—\ Scan Additionnel (O88)
Database Version : 12960 – (20/10/2013)
Clés trouvées (Keys found) : 6
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 4

[HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{CD1A63BA-A08C-431B-9A34-F240AADC728D}] =>Adware.MyWebSearch
[HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{CD1A63BA-A08C-431B-9A34-F240AADC728D}] =>Adware.MyWebSearch
[HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{A4C2FB10-84C3-44EB-9F9E-860FA1D9A797}] =>Adware.Allin1Convert
[HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{A4C2FB10-84C3-44EB-9F9E-860FA1D9A797}] =>Adware.Allin1Convert
[HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d}] =>Adware.Allin1Convert
[HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d}] =>Adware.Allin1Convert
C:WINDOWSTasksAllyrics-16-codedownloader.job =>Adware.AddLyrics^
C:WINDOWSTasksAllyrics-16-enabler.job =>Adware.AddLyrics^
C:WINDOWSTasksAllyrics-16-updater.job =>Adware.AddLyrics^
[HKCUSoftwareWEDLMNGR] =>PUP.weDownloadManager^
~ Additionnel Scan: 109147 Items scanned in 00mn 10s

—\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/26601058-adware-addlyrics” onclick=”window.open(this.href);return false; =>Adware.AddLyrics
~ http://nicolascoolman.webs.com/apps/blog/show/32930303-pup-wedownloadmanager” onclick=”window.open(this.href);return false; =>PUP.weDownloadManager
~ http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch” onclick=”window.open(this.href);return false; =>Toolbar.DeltaSearch
~ http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch” onclick=”window.open(this.href);return false; =>Adware.MyWebSearch
~ http://nicolascoolman.webs.com/apps/blog/show/30478407-adware-allin1convert” onclick=”window.open(this.href);return false; =>Adware.Allin1Convert
~ MSI: 5 link(s) detected in 00mn 10s

~ 1997 Legitimates filtered by white list
End of the scan (670 lines in 02mn 21s)(0)
[/attachment]