~ Rapport de ZHPDiag v2013.10.15.37 - Nicolas Coolman  (2013-10-15)
~ Lancé par Martine (2013-10-15 16:57:10)
~ Adresse du Site Web  http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version : 
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program


---\\ Navigateurs Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 24.0 (Defaut)
GCIE: Google Chrome
OBIE: Safari v5.34.52.7

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
Windows Automatic Updates : OK

---\\ Logiciels de protection du système
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Security Client v2.1.1116.0

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 25

---\\ Informations sur le système
~ Processor: x86 Family 15 Model 107 Stepping 1, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3005 MB (55% free)
System Restore: Activé (Enable)
System drive C: has 34 GB (15%) free of 223 GB

---\\ Mode de connexion au système
~ Computer Name: PC-GRANTHAM-MAR
~ User Name: Martine
~ All Users Names: Rose-Marie, Martine, Juliette, Guy, Administrateur, 
~ Unselected Option: O45
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Martine\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Martine\AppData\Roaming\
~ %Desktop% : C:\Users\Martine\Desktop\
~ %Favorites% : C:\Users\Martine\Favorites\
~ %LocalAppData% : C:\Users\Martine\AppData\Local\
~ %StartMenu% : C:\Users\Martine\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 34 Go of 223 Go)
D: Hard drive, Flash drive, Thumb drive (Free 7 Go of 10 Go)
E: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Free 1 Go of 2 Go)
G: Floppy drive, Flash card reader, USB Key (Free 1 Go of 4 Go)



---\\ Etat du Centre de Sécurité Windows
~ Security Center: 38 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.2009-04-11 - 01:27:36.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.2008-01-19 - 02:33:37.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.02F98B5C0E397AD06124D84428CF8F1A] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.2011-11-03 - 17:39:47.) -- C:\Windows\System32\wininet.dll [1127424]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.2009-04-11 - 01:28:13.) -- C:\Windows\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.2011-04-21 - 08:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.9E7E85EC61D1C9C3171CC08427108863] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.2007-05-16 - 13:14:47.) -- C:\Windows\system32\Drivers\atapi.sys [21688]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.2008-01-19 - 00:28:02.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.2009-04-10 - 23:39:17.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.2011-04-14 - 09:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.2009-04-10 - 23:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.2008-01-19 - 00:49:18.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.2008-01-19 - 00:56:28.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.2011-04-29 - 08:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.2009-04-10 - 23:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856]
[MD5.6A4A98CEE84CF9E99564510DDA4BAA47] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.2009-04-11 - 01:32:49.) -- C:\Windows\system32\Drivers\ntfs.sys [1083880]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.2006-11-02 - 03:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.2008-01-19 - 00:56:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.0245418224CFA77BF4B41C2FE0622258] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.2007-05-16 - 13:14:10.) -- C:\Windows\system32\Drivers\rdpdr.sys [242688]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.2009-04-10 - 23:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.2009-04-10 - 23:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192]
[MD5.147281C01FCB1DF9252DE2A10D5E7093] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.2009-04-11 - 01:32:55.) -- C:\Windows\system32\Drivers\volsnap.sys [226280]
~ Generic Processes:  Scanned in 00mn 01s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/14500
~ Mes musiques (My Musics) : 9/1282
~ Mes Videos (My Videos) : 1/69
~ Mes Favoris (My Favorites) : 1/107
~ Mes Documents (My Documents) : 2/1632
~ Mon Bureau (My Desktop) : 10/5187
~ Menu demarrer (Programs) : 1/35
~ Hidden Files:  Scanned in 00mn 16s



---\\ Processus lancés
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe   [532040] [PID.3148]
[MD5.0D7BF641151539AE14889C2080C80592] - (.Dell - DellDevice Monitor.) -- C:\Program Files\Dell AIO Printer 946\DLCImon.exe   [435696] [PID.3292]
[MD5.62BB79160F86CD962F312C68C6239BFD] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe   [53472] [PID.3852]
[MD5.A9182CE59CFC56F9C1DDE8B3C0AE8378] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe   [274840] [PID.1076]
[MD5.72BE75AADEB890AE5BD8DEC30508F992] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe   [8091648] [PID.1268]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe   [69120] [PID.540]
[MD5.CFCE43B70CA0CC4DCC8ADB62B792B173] - (.Microsoft Corporation - Antimalware Service Executable.) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe   [11736] [PID.1016]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe   [3408896] [PID.1396]
[MD5.8F0DE4FEF8201E306F9938B0905AC96A] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files\Google\Update\GoogleUpdate.exe   [135664] [PID.1548]
[MD5.A4C7EB91404F4D9B2F08BF7667D5E163] - (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\system32\dlcicoms.exe   [537480] [PID.1684]
[MD5.AD52269897626D614B31E153F5C5D65C] - (.McAfee, Inc. - McAfee Process Validation Service.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe   [150856] [PID.1372]
[MD5.31E023681015C35EBFE1498B07813B87] - (.Microsoft Corporation - MsCamSvc.exe.) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe   [139120] [PID.2068]
[MD5.853CC832F4FE57C74AF51C0DC104AC14] - (.SafeApp Software, LLC - Registry Helper Service.) -- C:\Program Files\Registry Helper\RegistryHelperService.exe   [84328] [PID.2288]
[MD5.3F17534B8867854113DF2B45FFF3ACF5] - (.McAfee, Inc. - McAfee Core Firewall Service.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe   [160608] [PID.2480]
[MD5.A5CB074F34BBD89948E34A630D459C0C] - (.Microsoft Corporation - Microsoft Network Inspection System.) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe   [208944] [PID.2704]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe   [418376] [PID.3084]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe   [701512] [PID.3112]
~ Processes Running:  Scanned in 00mn 01s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Martine\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 0 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions  (P2,M0,M1,M2,M3)
C:\Users\Martine\AppData\Roaming\Mozilla\Firefox\Profiles\axv86c3u.default\prefs.js
M2 - MFEP: prefs.js [Martine - axv86c3u.default\9518042e-7ad6-4dac-b377-056e28d00c8f@f1cc0a13-4df1-4d66-938f-088db8838882.com] [] Solid Savings v (..) =>Adware.SolidSavings
M2 - MFEP: prefs.js [Martine - axv86c3u.default\crossriderapp19962@crossrider.com] [] Supreme Savings v (..) =>PUP.RewardsArcade
M2 - MFEP: prefs.js [Martine - axv86c3u.default\crossriderapp4479@crossrider.com] [] Giant Savings v (..) =>Adware.VidSaver
M2 - MFEP: prefs.js [Martine - axv86c3u.default\{3112ca9c-de6d-4884-a869-9855de68056c}] [] Google Toolbar for Firefox v3.0.20070525W (..) =>Toolbar.Google
~ Firefox Browser: 29 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys:  Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{04A8DD1A-4754-48FE-A703-99846646EF04} Clé orpheline
~ Toolbar:  Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Barbie(R) idesign(TM) Ultimate Stylist(TM).lnk . (.Macrovision Corporation - InstallShield.)  -- C:\Windows\Installer\{3EDF07A0-0362-4881-A772-ED4E66D3084A}\BarbieFashionCards_0CEDF579A685416B92F41EB19FC1936B.exe 
O4 - GS\Desktop [Public]: Conseiller de mise à niveau vers Windows 7.lnk . (.Microsoft Corporation - Windows 7 Upgrade Advisor.)  -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor\WindowsUpgradeAdvisor.exe 
O4 - GS\Desktop [Public]: Consommables pour l'imprimante Dell - Jet d'encre.lnk . (...)  -- C:\Windows\system32\spool\drivers\w32x86\3\dlcipswx.exe
O4 - GS\Desktop [Public]: Free YouTube to MP3 Converter.lnk . (.DVDVideoSoft Ltd. - FreeYouTubeToMP3Converter.)  -- C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe 
O4 - GS\Desktop [Public]: Jojo's Fashion Show.lnk . (...)  -- C:\Program Files\iWin Games\iWinGames.exe (.not file.) =>Adware.FunWebProducts)
O4 - GS\Desktop [Public]: MiniTool Partition Wizard Home Edition.lnk . (...)  -- C:\Program Files\MiniTool Partition Wizard Home Edition 8.1.1\loader.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.)  -- C:\Program Files\Mozilla Firefox\firefox.exe 
O4 - GS\Desktop [Public]: OpenOffice 4.0.0.lnk . (.Apache Software Foundation - OpenOffice 4.0.0.)  -- C:\Program Files\OpenOffice 4\program\soffice.exe 
O4 - GS\Desktop [Public]: Registry Helper.lnk . (.SafeApp Software, LLC - Registry Helper.)  -- C:\Program Files\Registry Helper\RegistryHelper.exe 
O4 - GS\Program [Public]: Conseiller de mise à niveau vers Windows 7.lnk . (.Microsoft Corporation - Windows 7 Upgrade Advisor.)  -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor\WindowsUpgradeAdvisor.exe 
O4 - GS\Program [Public]: IncrediMail.lnk . (.IncrediMail, Ltd. - IncrediMail Application.)  -- C:\Program Files\IncrediMail\Bin\IncMail.exe 
O4 - GS\Program [Public]: McAfee Virtual Technician.lnk . (.McAfee Inc. - McAfee Virtual Technician Application.)  -- C:\Program Files\McAfee\Supportability\MVT\MvtApp.exe 
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.)  -- C:\Program Files\Mozilla Firefox\firefox.exe 
O4 - GS\Program [Public]: Prezi Desktop.lnk . (...)  -- C:\Program Files\Prezi Desktop 4\Prezi Desktop.exe
O4 - GS\Program [Public]: Safari.lnk . (...)  -- C:\Windows\Installer\{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}\SafariIco.exe
O4 - GS\QuickLaunch [Rose-Marie]: Apple Safari.lnk . (...)  -- C:\Windows\Installer\{AFAC914D-9E83-4A89-8ABE-427521C82CCF}\SafariIco.exe
O4 - GS\QuickLaunch [Rose-Marie]: BearShare.lnk . (...)  -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe (.not file.) =>PUP.BearShare
O4 - GS\QuickLaunch [Rose-Marie]: Go to RealArcade.lnk . (...)  -- C:\Program Files\RealArcade\RealArcade.exe (.not file.)
O4 - GS\QuickLaunch [Rose-Marie]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe 
O4 - GS\Program [Rose-Marie]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe 
O4 - GS\SystemTools [Rose-Marie]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe 
O4 - GS\Desktop [Rose-Marie]: BeTrapped!.lnk . (...)  -- C:\Program Files\MumboJumbo\Inspector Parker Mystery Bundle\BeTrapped!\BeTrapped.exe (.not file.)
O4 - GS\Desktop [Rose-Marie]: Inspector Parker.lnk . (...)  -- C:\Program Files\MumboJumbo\Inspector Parker Mystery Bundle\Inspector Parker\Parker.exe (.not file.)
O4 - GS\Desktop [Rose-Marie]: LMSOFT Web Creator 4.lnk . (...)  -- C:\Program Files\LMSOFT Web Creator 4\WebCreator4.exe (.not file.)
O4 - GS\Desktop [Rose-Marie]: RegCleaner.lnk . (...)  -- C:\Program Files\RegCleaner\RegCleanr.exe
O4 - GS\Desktop [Rose-Marie]: Safari.lnk - Clé orpheline
O4 - GS\Desktop [Rose-Marie]: Tukanas Files Converter.lnk . (...)  -- C:\Program Files\Tukanas Files Converter\UNWISE.exe (.not file.)
O4 - GS\QuickLaunch [Martine]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.)  -- C:\Program Files\Mozilla Firefox\firefox.exe 
O4 - GS\Program [Martine]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe 
O4 - GS\SystemTools [Martine]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe 
O4 - GS\SendTo [Martine]: Print to Fax.lnk . (...)  -- C:\Program Files\Dell AIO Printer 946\FAXTOOLS\SendFax.exe
O4 - GS\Desktop [Martine]: Candace Kane's Candy Factory.lnk . (...)  -- C:\Program Files\Candace Kane's Candy Factory\Candace Kanes Candy Factory.exe
O4 - GS\Desktop [Martine]: chkdsk - Raccourci.lnk . (.Microsoft Corporation - Utilitaire de vérification de disque.)  -- C:\Windows\System32\chkdsk.exe 
O4 - GS\Desktop [Martine]: HD Tune.lnk . (.EFD Software - HD Tune.)  -- C:\Program Files\HD Tune\HDTune.exe 
O4 - GS\QuickLaunch [Juliette]: Apple Safari.lnk . (...)  -- C:\Windows\Installer\{2EEC2A94-7204-45C6-93BB-67EAEB19E4D6}\SafariIco.exe
O4 - GS\QuickLaunch [Juliette]: BearShare.lnk . (...)  -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe (.not file.) =>PUP.BearShare
O4 - GS\QuickLaunch [Juliette]: Go to RealArcade.lnk . (...)  -- C:\Program Files\RealArcade\RealArcade.exe (.not file.)
O4 - GS\QuickLaunch [Juliette]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe 
O4 - GS\Program [Juliette]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe 
O4 - GS\SystemTools [Juliette]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe 
O4 - GS\Desktop [Juliette]: BeTrapped!.lnk . (...)  -- C:\Program Files\MumboJumbo\Inspector Parker Mystery Bundle\BeTrapped!\BeTrapped.exe (.not file.)
O4 - GS\Desktop [Juliette]: Inspector Parker.lnk . (...)  -- C:\Program Files\MumboJumbo\Inspector Parker Mystery Bundle\Inspector Parker\Parker.exe (.not file.)
O4 - GS\Desktop [Juliette]: LMSOFT Web Creator 4.lnk . (...)  -- C:\Program Files\LMSOFT Web Creator 4\WebCreator4.exe (.not file.)
O4 - GS\Desktop [Juliette]: Play Puppy Luv Adventures.lnk . (...)  -- C:\Program Files\Puppy Luv Adventures\PuppyLuvDE.exe (.not file.)
O4 - GS\Desktop [Juliette]: RegCleaner.lnk . (...)  -- C:\Program Files\RegCleaner\RegCleanr.exe
O4 - GS\Desktop [Juliette]: Safari.lnk - Clé orpheline
O4 - GS\Desktop [Juliette]: Tukanas Files Converter.lnk . (...)  -- C:\Program Files\Tukanas Files Converter\UNWISE.exe (.not file.)
O4 - GS\QuickLaunch [Guy]: Apple Safari.lnk . (...)  -- C:\Windows\Installer\{AFAC914D-9E83-4A89-8ABE-427521C82CCF}\SafariIco.exe
O4 - GS\QuickLaunch [Guy]: BearShare.lnk . (...)  -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe (.not file.) =>PUP.BearShare
O4 - GS\QuickLaunch [Guy]: Go to RealArcade.lnk . (...)  -- C:\Program Files\RealArcade\RealArcade.exe (.not file.)
O4 - GS\QuickLaunch [Guy]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe 
O4 - GS\Program [Guy]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe 
O4 - GS\SystemTools [Guy]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe 
O4 - GS\Desktop [Guy]: BeTrapped!.lnk . (...)  -- C:\Program Files\MumboJumbo\Inspector Parker Mystery Bundle\BeTrapped!\BeTrapped.exe (.not file.)
O4 - GS\Desktop [Guy]: Inspector Parker.lnk . (...)  -- C:\Program Files\MumboJumbo\Inspector Parker Mystery Bundle\Inspector Parker\Parker.exe (.not file.)
O4 - GS\Desktop [Guy]: RegCleaner.lnk . (...)  -- C:\Program Files\RegCleaner\RegCleanr.exe
~ Global Startup: 144 Legitimates Filtered in 00mn 05s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Rose-Marie]: OpenOffice.org 2.2.lnk . (...)  -- C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe (.not file.)
O4 - GS\Startup [Rose-Marie]: OpenOffice.org 3.1.lnk . (...)  -- C:\Program Files\OpenOffice.org 3\program\quickstart.exe (.not file.)
O4 - GS\Startup [Rose-Marie]: StarOffice 8.lnk . (...)  -- C:\Program Files\Sun\StarOffice 8\program\quickstart.exe (.not file.)
O4 - GS\Startup [Guy]: OpenOffice.org 2.2.lnk . (...)  -- C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe (.not file.)
O4 - HKLM\..\Run: [DLCICATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCItime.dll (.not file.) 
O4 - HKLM\..\Run: [dlcimon.exe] . (.Dell - DellDevice Monitor.) -- C:\Program Files\Dell AIO Printer 946\dlcimon.exe 
O4 - HKLM\..\Run: [FaxCenterServer] . (.Pas de propriétaire - Fax Man Server.) -- C:\Program Files\Dell Fax Solutions\fm3032.exe 
O4 - HKCU\..\Run: [DellSystemDetect] . (...) -- C:\Users\Martine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms 
O4 - HKCU\..\Run: [iLivid] C:\Users\Martine\AppData\Local\iLivid\iLivid.exe (.not file.) =>Adware.Bandoo
O4 - HKCU\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe  =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (.not file.) 
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe  =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] Clé orpheline 
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe  =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] Clé orpheline 
O4 - HKUS\S-1-5-18\..\RunOnce: [DelayShred] c:\program files\mcafee\mshr\ShrCL.exe (.not file.) 
O4 - HKUS\S-1-5-21-2111685095-2842039935-3567830899-1000\..\Run: [DellSystemDetect] . (...) -- C:\Users\Martine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms 
O4 - HKUS\S-1-5-21-2111685095-2842039935-3567830899-1000\..\Run: [iLivid] C:\Users\Martine\AppData\Local\iLivid\iLivid.exe (.not file.) =>Adware.Bandoo
O4 - HKUS\S-1-5-21-2111685095-2842039935-3567830899-1000\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe  =>.Microsoft Corporation
~ Application:  Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} . (...) -- C:\Program Files\IMVU\imvu.ico
~ IE Extra Buttons:  Scanned in 00mn 00s



---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKCU\...\Domains] *.dell.com
O15 - Trusted Zone: [HKCU\...\Domains] http.mcafee.com
~ IE Zone Confiance:  Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: CabBuilder (CabBuilder) - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} ((no name)) - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/fr/win/QuickTimeInstaller.exe
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ((no name)) - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
~ Objets ActiveX:  Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{95799A27-D36F-4F71-AA8F-4124E45DACD7}: NameServer = 67.69.239.49 207.164.234.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{EDE3EAD7-56CB-4D50-9AAB-F19706A18700}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{95799A27-D36F-4F71-AA8F-4124E45DACD7}: NameServer = 67.69.239.49 207.164.234.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{EDE3EAD7-56CB-4D50-9AAB-F19706A18700}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{EDE3EAD7-56CB-4D50-9AAB-F19706A18700}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
~ Domain:  Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll  =>.Microsoft Corporation
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} . (...) -- 
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.Google - Google Desktop.) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll
~ AppInit DLL:  Scanned in 00mn 00s



---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO:  Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Registry Helper Service (Registry Helper Service) . (.SafeApp Software, LLC - Registry Helper Service.) - C:\Program Files\Registry Helper\RegistryHelperService.exe
~ Services: 7 Legitimates Filtered in 00mn 12s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task  - C:\Windows\Tasks\PC Medkit.job   [322] =>Adware.iHaveNet
O39 - APT:Automatic Planified Task  - C:\Windows\Tasks\vtscheduletask.job   [458]
[MD5.00000000000000000000000000000000] [APT] [BFGLaunch_bfgclient] (...) -- C:\Program Files\bfgclient\bfgclient.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [BrowserSafeguard Update Task] (...) -- C:\Program Files\Browsersafeguard\uninstall.browsersafeguard.exe (.not file.)   [0]  =>PUP.BrowserSafeguard
[MD5.00000000000000000000000000000000] [APT] [Dr. CleanUp] (...) -- C:\Program Files\DrCleanUp\drCleanup.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [IHUninstallTrackingTASK] (...) -- C:\Users\Martine\AppData\Local\Temp\IHU5968.tmp.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [PC Medkit] (...) -- C:\Program Files\PC Medkit\PC Medkit.lnk --scan --stack=from-scheduler (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [wrSpySweeperTrialSweep] (...) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{05CFB9FC-C323-46F0-A2E3-E0C2A6D8ECC7}] (...) -- E:\setup.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{05D49E18-C5E6-49B1-B51A-40B7C5949798}] (...) -- E:\autorun.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{19714F75-25C2-4D66-820E-A2DE940D1084}] (...) -- C:\Users\Martine\AppData\Local\Zylom Games\AquaPark Deluxe\GameInstlr.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{32A9A47E-CB79-497F-9983-2D5FC38AD887}] (...) -- C:\Users\Martine\Downloads\atlant10n_fr.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{7AA93A88-B4D8-411A-B440-CB6CDDEBF577}] (...) -- E:\SETUP.exe (.not file.)   [0]
~ Scheduled Task: 31 Legitimates Filtered in 00mn 05s



---\\ Logiciels installés (O42)
O42 - Logiciel: BrowserSafeguard - (.Browsersafeguard.) [HKLM] -- Browsersafeguard =>PUP.BrowserSafeguard
O42 - Logiciel: Candace Kane's Candy Factory 1.0 - (.Gnosis Games.) [HKLM] -- Candace Kane's Candy Factory
O42 - Logiciel: Dogz2 (remove only) - (...) [HKLM] -- Dogz2
O42 - Logiciel: IncrediMail - (.IncrediMail.) [HKLM] -- {2CF22C94-1369-4C04-9A5F-A4BC6D91B508}
O42 - Logiciel: IncrediMail 2.0 - (.IncrediMail Ltd..) [HKLM] -- IncrediMail
O42 - Logiciel: My Scene(TM) STARS D' Hollywood - (...) [HKLM] -- My Scene(TM) STARS D' Hollywood
O42 - Logiciel: Totally Spies! Totally Party - (...) [HKLM] -- Totally Party
~ Logic: 100 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Alterlab]
[HKCU\Software\BearShare] =>PUP.BearShare
[HKCU\Software\ELIGCHK]
[HKCU\Software\Eyeblaster]
[HKCU\Software\Fixie]
[HKCU\Software\FxDrCl]
[HKCU\Software\IM]
[HKCU\Software\ITTNord]
[HKCU\Software\IncrediMail]
[HKCU\Software\Linksolutions]
[HKCU\Software\Mixi.DJ]
[HKCU\Software\TOPCMM]
[HKCU\Software\Teyon]
[HKCU\Software\WhiteSmoke] =>PUP.WhiteSmoke
[HKCU\Software\Yahoo]
[HKCU\Software\iWin.com Games]
[HKCU\Software\iWin]
[HKLM\Software\AMPing]
[HKLM\Software\DaycareNightmare2]
[HKLM\Software\Gnosis Games]
[HKLM\Software\Gnosis]
[HKLM\Software\Her Interactive, Inc.]
[HKLM\Software\Katana]
[HKLM\Software\MediaCenterPaths]
[HKLM\Software\NGWare]
[HKLM\Software\SDC Player]
[HKLM\Software\TLC]
[HKLM\Software\VBMZ]
[HKLM\Software\WhiteSmoke] =>PUP.WhiteSmoke
[HKLM\Software\Yahoo]
[HKLM\Software\iWin]
~ Key Software: 323 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 2013-04-26 - 16:37:22 - [0] ----D C:\Program Files\ABC 3GP Converter
O43 - CFD: 2009-11-03 - 19:42:13 - [0] ----D C:\Program Files\Anime Bowling Babes
O43 - CFD: 2007-06-12 - 22:50:03 - [97,352] ----D C:\Program Files\Autofr
O43 - CFD: 2008-07-13 - 14:04:21 - [0,040] ----D C:\Program Files\Baby Blimp
O43 - CFD: 2009-11-15 - 15:21:09 - [0] ----D C:\Program Files\Baby Luv
O43 - CFD: 2010-06-27 - 21:01:16 - [0,529] ----D C:\Program Files\BearShareTb =>PUP.BearShare
O43 - CFD: 2013-08-18 - 08:30:16 - [97,557] ----D C:\Program Files\Candace Kane's Candy Factory
O43 - CFD: 2012-10-07 - 16:08:40 - [0] ----D C:\Program Files\Carlton Books
O43 - CFD: 2009-06-19 - 18:37:23 - [0,022] ----D C:\Program Files\CookingAcademy2_at
O43 - CFD: 2012-10-07 - 16:01:20 - [39,514] ----D C:\Program Files\Family Restaurant
O43 - CFD: 2012-10-07 - 16:01:21 - [0,006] ----D C:\Program Files\Fashion Craze
O43 - CFD: 2011-04-24 - 11:36:10 - [0,001] ----D C:\Program Files\Hollywood Pets
O43 - CFD: 2013-01-23 - 12:17:18 - [26,687] ----D C:\Program Files\IncrediMail
O43 - CFD: 2011-05-31 - 09:43:04 - [0,837] ----D C:\Program Files\iWin.com
O43 - CFD: 2013-07-17 - 09:38:45 - [34,627] ----D C:\Program Files\iWin.com Games
O43 - CFD: 2007-08-18 - 13:59:07 - [582,885] ----D C:\Program Files\My Scene(TM)
O43 - CFD: 2009-11-15 - 15:38:58 - [0,024] ----D C:\Program Files\Puppy Luv
O43 - CFD: 2009-11-15 - 15:40:11 - [0,004] ----D C:\Program Files\Sallys Salon
O43 - CFD: 2009-11-15 - 15:40:54 - [0,008] ----D C:\Program Files\Sallys Spa
O43 - CFD: 2009-04-27 - 11:30:01 - [0,072] ----D C:\Program Files\Spyware Doctor
O43 - CFD: 2009-11-24 - 12:17:54 - [0] ----D C:\Program Files\The Tuttles
O43 - CFD: 2007-11-16 - 15:13:13 - [3,950] ----D C:\Program Files\TLC
O43 - CFD: 2010-09-08 - 13:07:18 - [0,003] ----D C:\ProgramData\12A
O43 - CFD: 2009-08-10 - 10:51:38 - [0,002] ----D C:\ProgramData\25262
O43 - CFD: 2008-04-11 - 04:33:06 - [17,810] ----D C:\ProgramData\Alterlab
O43 - CFD: 2011-06-29 - 06:08:45 - [0,003] ----D C:\ProgramData\clp
O43 - CFD: 2010-06-29 - 08:27:01 - [0,002] ----D C:\ProgramData\DigiCont
O43 - CFD: 2008-03-31 - 05:21:08 - [3,094] ----D C:\ProgramData\Fashion Solitaire 1.2
O43 - CFD: 2012-06-28 - 10:44:14 - [0] ----D C:\ProgramData\Fixie
O43 - CFD: 2009-09-20 - 12:43:14 - [0] ----D C:\ProgramData\IM
O43 - CFD: 2009-09-20 - 12:39:20 - [25,682] ----D C:\ProgramData\IncrediMail
O43 - CFD: 2013-09-16 - 12:59:36 - [0,062] ----D C:\ProgramData\iWin Games =>Adware.FunWebProducts)
O43 - CFD: 2008-05-21 - 15:56:11 - [0,010] ----D C:\ProgramData\Lifetime
O43 - CFD: 2008-04-10 - 16:45:06 - [0,241] ----D C:\ProgramData\Megastore Madness
O43 - CFD: 2008-03-14 - 12:29:19 - [0,001] ----D C:\ProgramData\n7-89-o9-3r-4t-r9
O43 - CFD: 2008-04-28 - 05:24:32 - [7,528] ----D C:\ProgramData\Pets Fun House
O43 - CFD: 2008-03-01 - 07:18:08 - [12,683] ----D C:\ProgramData\VogueTales
O43 - CFD: 2012-10-07 - 16:07:30 - [3,412] --H-D C:\ProgramData\~1
O43 - CFD: 2008-12-08 - 18:32:19 - [0,026] ----D C:\Users\Martine\AppData\Roaming\BFG_JanesRealty
O43 - CFD: 2007-11-30 - 13:27:19 - [0,058] ----D C:\Users\Martine\AppData\Roaming\Eyeblaster
O43 - CFD: 2012-06-28 - 10:44:15 - [1,109] ----D C:\Users\Martine\AppData\Roaming\Fixie
O43 - CFD: 2009-06-27 - 10:14:19 - [3,308] ----D C:\Users\Martine\AppData\Roaming\Fuzzy Games
O43 - CFD: 2012-06-28 - 10:57:21 - [0] ----D C:\Users\Martine\AppData\Roaming\FxDrCl
O43 - CFD: 2009-06-29 - 09:39:47 - [0,010] ----D C:\Users\Martine\AppData\Roaming\ITTNord
O43 - CFD: 2008-10-20 - 07:09:59 - [0,002] ----D C:\Users\Martine\AppData\Roaming\iWin_DressUpRush
O43 - CFD: 2008-10-18 - 13:10:07 - [0,036] ----D C:\Users\Martine\AppData\Roaming\iWin_JanesRealty
O43 - CFD: 2011-03-31 - 19:39:05 - [0,002] ----D C:\Users\Martine\AppData\Roaming\Mondou.A15764D5156612413EFCD55C47961909C8BF9BB1.1
O43 - CFD: 2011-05-31 - 09:47:50 - [2,704] ----D C:\Users\Martine\AppData\Roaming\MP3Rocket
O43 - CFD: 2009-06-13 - 18:14:40 - [0,009] ----D C:\Users\Martine\AppData\Roaming\Pi Eye Games
O43 - CFD: 2009-07-22 - 17:49:31 - [0,055] ----D C:\Users\Martine\AppData\Roaming\Reflexive_Janes_Realty
O43 - CFD: 2011-11-20 - 15:16:49 - [0,001] ----D C:\Users\Martine\AppData\Roaming\WhiteSmoke =>PUP.WhiteSmoke
O43 - CFD: 2008-03-24 - 07:53:53 - [0] ----D C:\Users\Martine\AppData\Roaming\Yahoo!
O43 - CFD: 2009-08-31 - 20:51:08 - [0] ----D C:\Users\Martine\AppData\Local\ICS
O43 - CFD: 2010-04-19 - 16:55:12 - [177,875] ----D C:\Users\Martine\AppData\Local\IM
O43 - CFD: 2013-07-17 - 09:39:42 - [0,003] ----D C:\Users\Martine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iWin.com Games
~ Program Folder: 425 Legitimates Filtered in 01mn 34s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 2013-10-03 - 21:17:41 R-HA- . (...) -- C:\Windows\WindowsShell.Manifest   [749]
O44 - LFC:[MD5.570E88C94F9ECE8383BB031D7444465D] - 2013-10-07 - 15:05:39 ---A- . (...) -- C:\dlci.log   [4287]
O44 - LFC:[MD5.A6C28FC0C3F31E3DB980A75958273B28] - 2013-10-07 - 15:16:13 ---A- . (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\System32\dlcicfg.exe   [381832]
O44 - LFC:[MD5.E6AD9406ED28CB01FBC90E8395999333] - 2013-10-07 - 15:16:14 ---A- . (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\System32\dlcicomc.dll   [684032]
O44 - LFC:[MD5.454E20DF156B42BC4B14DC6E4414C1FF] - 2013-10-07 - 15:16:14 ---A- . (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\System32\dlcicomm.dll   [421888]
O44 - LFC:[MD5.C16EE66C704681BB47AC98809E2D77EA] - 2013-10-07 - 15:16:15 ---A- . (.Pas de propriétaire - CU bitmap resource DLL.) -- C:\Windows\System32\dlcicub.dll   [86016]
O44 - LFC:[MD5.43EE531BC15B19EEB0EFCF44E2A847BC] - 2013-10-07 - 15:16:15 ---A- . (.Pas de propriétaire - Cu DLL.) -- C:\Windows\System32\dlcicu.dll   [73728]
O44 - LFC:[MD5.80E67C1BB21A1DF4F24B6F87474243A5] - 2013-10-07 - 15:16:15 ---A- . (.Pas de propriétaire - Cu resource DLL.) -- C:\Windows\System32\dlcicur.dll   [36864]
O44 - LFC:[MD5.A4C7EB91404F4D9B2F08BF7667D5E163] - 2013-10-07 - 15:16:15 ---A- . (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\System32\dlcicoms.exe   [537480]
O44 - LFC:[MD5.1DB146716891A253A8C0A250F2BD326A] - 2013-10-07 - 15:16:16 ---A- . (...) -- C:\Windows\System32\dlcihelp.chm   [291764]
O44 - LFC:[MD5.D45AADF2C95A91DB5F4E222D16F05A24] - 2013-10-07 - 15:16:16 ---A- . (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\System32\dlcihbn3.dll   [696320]
O44 - LFC:[MD5.1B5A7CE3E532490B1398EEFCFE0D476F] - 2013-10-07 - 15:16:17 ---A- . (.Pas de propriétaire - INS bitmap resource DLL.) -- C:\Windows\System32\dlciinsb.dll   [176128]
O44 - LFC:[MD5.0020A07DF1F0F5ECC9511A01978403CB] - 2013-10-07 - 15:16:17 ---A- . (.Pas de propriétaire - Ins resource DLL.) -- C:\Windows\System32\dlciinsr.dll   [114688]
O44 - LFC:[MD5.8A297D7BA913C51B7EA3ABFBB4D9C2F7] - 2013-10-07 - 15:16:17 ---A- . (.Pas de propriétaire - Jsw resource DLL.) -- C:\Windows\System32\dlcijswr.dll   [135168]
O44 - LFC:[MD5.57BE21279F0DC37FB42208CA76DF55F3] - 2013-10-07 - 15:16:17 ---A- . (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\System32\dlciih.exe   [385928]
O44 - LFC:[MD5.1E94BE9356E6B2481CDA48D0DBA29C01] - 2013-10-07 - 15:16:17 ---A- . (.Pas de propriétaire - ins DLL.) -- C:\Windows\System32\dlciins.dll   [159744]
O44 - LFC:[MD5.2A0C32CB84C6313400EF1B8626307C55] - 2013-10-07 - 15:16:18 ---A- . (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\System32\dlcilmpm.dll   [585728]
O44 - LFC:[MD5.29A92F76359A5BD75146782C7A2A2C31] - 2013-10-07 - 15:16:18 ---A- . (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\System32\dlcipmui.dll   [643072]
O44 - LFC:[MD5.7AEAA7800620387C03A7C560BDB327EA] - 2013-10-07 - 15:16:18 ---A- . (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\System32\dlcipplc.dll   [94208]
O44 - LFC:[MD5.21AB55041668F9424A3698070A918A5A] - 2013-10-07 - 15:16:18 ---A- . (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\System32\dlciprox.dll   [163840]
O44 - LFC:[MD5.98D36796CC850C94DD6EDEC384ECE304] - 2013-10-07 - 15:16:19 ---A- . (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\System32\dlciserv.dll   [1224704]
O44 - LFC:[MD5.FCE162D9604C08F2A0D60A674B64699D] - 2013-10-07 - 15:16:19 ---A- . (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\System32\dlciusb1.dll   [991232]
O44 - LFC:[MD5.91A9D940A9335BC14755F2027D44FB0E] - 2013-10-07 - 15:16:20 ---A- . (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\System32\dlciiesc.dll   [397312]
O44 - LFC:[MD5.D6B87681650DF6E516CC69EB3BD2C36B] - 2013-10-07 - 15:16:20 ---A- . (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\System32\dlciinpa.dll   [413696]
O44 - LFC:[MD5.C91F268F3CB4958FB89E0C3D10303BC9] - 2013-10-07 - 15:16:20 ---A- . (.Pas de propriétaire - utilities DLL.) -- C:\Windows\System32\dlciutil.dll   [434176]
O44 - LFC:[MD5.057108B7EFA273711413908461ADD507] - 2013-10-07 - 15:16:21 ---A- . (...) -- C:\Windows\System32\DLCIinst.dll   [274432]
O44 - LFC:[MD5.5B60FD90BADDF40B4199087E04F610E9] - 2013-10-07 - 15:16:21 ---A- . (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\System32\DLCIhcp.dll   [323584]
O44 - LFC:[MD5.CD0E2B2F2CAD53E5ED6AD8F9CEA15ACC] - 2013-10-07 - 15:18:13 ---A- . (...) -- C:\Windows\System32\dlcicoin.dll   [344064]
O44 - LFC:[MD5.4BF5D69CB37DFB6AB3D38DBC11B86D20] - 2013-10-07 - 15:22:56 ---A- . (...) -- C:\setupfax.log   [172]
O44 - LFC:[MD5.6AABA6E8AD90DD2854B6309C06264E96] - 2013-10-07 - 15:23:01 ---A- . (...) -- C:\Windows\System32\LexFiles.ulf   [23355]
O44 - LFC:[MD5.88B84992EF2C7D597D365FD9F59E7DFD] - 2013-10-11 - 13:40:05 ---A- . (...) -- C:\Windows\System32\mfc45.dat   [74703]
O44 - LFC:[MD5.682AE0FFA6A865A8D137C43139BB4BCD] - 2013-10-11 - 15:52:26 ---A- . (...) -- C:\Windows\diagerr.xml   [1905]
O44 - LFC:[MD5.682AE0FFA6A865A8D137C43139BB4BCD] - 2013-10-11 - 15:52:26 ---A- . (...) -- C:\Windows\diagwrn.xml   [1905]
O44 - LFC:[MD5.9D00D015159B6ADF0980BAEEB5DCC5E4] - 2013-10-13 - 17:20:22 ----- . (...) -- C:\Windows\System32\pwdspio.sys   [10320]
O44 - LFC:[MD5.3A6489DCB6F28970B6BBD9687777FA00] - 2013-10-13 - 17:20:38 ----- . (...) -- C:\Windows\System32\pwdrvio.sys   [15688]
O44 - LFC:[MD5.048131BBA0D5D183F433F75A24ADDAC6] - 2013-10-13 - 17:20:39 ---A- . (...) -- C:\Windows\System32\pwNative.exe   [2881848]
~ Files: 49 Legitimates Filtered in 02mn 05s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{12f36356-428e-11dc-8cc7-806e6f6e6963}\AutoRun\command. (...) -- E:\setup.exe (.not file.)
O51 - MPSK:{67e9da30-ceea-11df-819b-00188b633591}\AutoRun\command. (...) -- F:\Ursulines\Windows\Ursulines.exe (.not file.)
~ Keys:  Scanned in 00mn 00s



---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Anti Trojan Elite  [Key] . (.ISecSoft - Pas de description.) -- C:\Program Files\Anti Trojan Elite\TJEnder.exe
O53 - SMSR:HKLM\...\startupreg\ECenter  [Key] . (...) -- c:\dell\E-Center\EULALauncher.exe
O53 - SMSR:HKLM\...\startupreg\FaxCenterServer  [Key] . (.Pas de propriétaire - Fax Man Server.) -- C:\Program Files\Dell Fax Solutions\fm3032.exe
O53 - SMSR:HKLM\...\startupreg\IncrediMail  [Key] . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\bin\IncMail.exe
O53 - SMSR:HKLM\...\startupreg\OtShot  [Key] . (...) -- C:\Program Files\OtShot\otshot.exe (.not file.)
~ SMSR Keys: 29 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 20 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.E8F3F21A71720C84BCF423B80028359F] - 2006-11-02 - 04:51:34 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys   [316520]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 2006-11-02 - 02:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS   [9029]
~ Drivers: 20 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 2013-10-12 - 17:13:14 ---A- . (...) -- C:\Users\Martine\AppData\Roaming\Microsoft\Network\Connections\Pbk\rasphone.pbk   [1774]
O61 - LFC: 2013-10-14 - 17:05:26 ---A- . (...) -- C:\Users\Martine\AppData\Local\IM\content.xml   [88514]
O61 - LFC: 2013-10-14 - 17:13:16 ---A- . (...) -- C:\Users\Martine\AppData\Roaming\Microsoft\OIS\Toolbars.dat   [780]
O61 - LFC: 2013-10-15 - 17:13:13 ---A- . (...) -- C:\Users\Martine\AppData\Roaming\McAfee\Supportability\MVTLogs\Results\CANFIXDETAILS.XSL   [22162]
O61 - LFC: 2013-10-15 - 17:13:13 ---A- . (...) -- C:\Users\Martine\AppData\Roaming\McAfee\Supportability\MVTLogs\Results\CANNOTFIXDETAILS.XSL   [47196]
O61 - LFC: 2013-10-15 - 17:13:13 ---A- . (...) -- C:\Users\Martine\AppData\Roaming\McAfee\Supportability\MVTLogs\Results\COMPLETELOG.XSL   [54859]
O61 - LFC: 2013-10-15 - 17:13:13 ---A- . (...) -- C:\Users\Martine\AppData\Roaming\McAfee\Supportability\MVTLogs\Results\COMPLETELOGSAVE.XSL   [51670]
O61 - LFC: 2013-10-15 - 17:13:13 ---A- . (...) -- C:\Users\Martine\AppData\Roaming\McAfee\Supportability\MVTLogs\Results\FINALREPORTDETAILS.XSL   [63622]
O61 - LFC: 2013-10-15 - 17:13:13 ---A- . (...) -- C:\Users\Martine\AppData\Roaming\McAfee\Supportability\MVTLogs\Results\IE6.CSS   [744]
O61 - LFC: 2013-10-15 - 17:13:13 ---A- . (...) -- C:\Users\Martine\AppData\Roaming\McAfee\Supportability\MVTLogs\Results\IE7.CSS   [1062]
O61 - LFC: 2013-10-15 - 17:13:13 ---A- . (...) -- C:\Users\Martine\AppData\Roaming\McAfee\Supportability\MVTLogs\Results\MVTSCREEN.CSS   [7422]
O61 - LFC: 2013-10-15 - 17:13:13 ---A- . (...) -- C:\Users\Martine\AppData\Roaming\McAfee\Supportability\MVTLogs\Results\PREREQUISITE.XSL   [5932]
O61 - LFC: 2013-10-15 - 17:13:13 ---A- . (...) -- C:\Users\Martine\AppData\Roaming\McAfee\Supportability\MVTLogs\Results\PROBLEMLOG.XSL   [43026]
O61 - LFC: 2013-10-15 - 17:13:13 ---A- . (...) -- C:\Users\Martine\AppData\Roaming\McAfee\Supportability\MVTLogs\Results\PROBLEMLOGSAVE.XSL   [37306]
O61 - LFC: 2013-10-15 - 17:13:13 ---A- . (...) -- C:\Users\Martine\AppData\Roaming\McAfee\Supportability\MVTLogs\Results\REMEDIATE.XSL   [2580]
O61 - LFC: 2013-10-15 - 17:13:13 ---A- . (...) -- C:\Users\Martine\AppData\Roaming\McAfee\Supportability\MVTLogs\Results\STYLE.CSS   [28746]
O61 - LFC: 2013-10-15 - 17:13:13 ---A- . (...) -- C:\Users\Martine\AppData\Roaming\McAfee\Supportability\MVTLogs\Results\XSLSTRINGS.XSL   [2958]
O61 - LFC: 2013-10-15 - 17:13:14 ---A- . (...) -- C:\Users\Martine\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk   [3545]
O61 - LFC: 2013-10-15 - 17:13:46 ---A- . (...) -- C:\Users\Martine\AppData\Roaming\ZHP\Log.txt   [45162]  =>.Nicolas Coolman
O61 - LFC: 2013-10-15 - 17:13:46 ---A- . (...) -- C:\Users\Martine\AppData\Roaming\ZHP\TestsZHPDiag.txt   [2872]  =>.Nicolas Coolman
~ 2 Fichiers temporaires (Temporary files)
~ Files: 994 Legitimates Filtered in 18mn 46s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
O63 - Logiciel: RSIT - (.random/random.)
~ ADS:  Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 1601-01-01 - C:\Program Files\Anti Trojan Elite\ATEPMon.sys (ATE_PROCMON) .(...) - LEGACY_ATE_PROCMON
~ Legacy: 293 Legitimates Filtered in 00mn 08s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <Safari.exe> <Safari>[HKLM\..\Shell\open\Command] (.Apple Inc. - Safari.) -- C:\Program Files\Safari\Safari.exe
~ Keys:  Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: prefs.js [Martine - axv86c3u.default] user_pref("extensions.crossrider.bic", "141adfa6ca099c163e57e3744a41137c"); =>PUP.CrossRider
O69 - SBI: prefs.js [Martine - axv86c3u.default] user_pref("extensions.crossriderapp19962.19962.InstallationTime", 1381603373); =>PUP.CrossRider
O69 - SBI: prefs.js [Martine - axv86c3u.default] user_pref("extensions.crossriderapp19962.19962.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500"); =>PUP.CrossRider
O69 - SBI: prefs.js [Martine - axv86c3u.default] user_pref("extensions.crossriderapp19962.19962.cookie.InstallationTime.value", "1381603373"); =>PUP.CrossRider
O69 - SBI: prefs.js [Martine - axv86c3u.default] user_pref("extensions.crossriderapp19962.bic", "141adfa6ca099c163e57e3744a41137c"); =>PUP.CrossRider
O69 - SBI: prefs.js [Martine - axv86c3u.default] user_pref("extensions.crossriderapp19962.firstrun", false); =>PUP.CrossRider
O69 - SBI: prefs.js [Martine - axv86c3u.default] user_pref("extensions.crossriderapp19962.installationdate", 1381603373); =>PUP.CrossRider
O69 - SBI: prefs.js [Martine - axv86c3u.default] user_pref("extensions.crossriderapp19962.lastcheck", 23031168); =>PUP.CrossRider
O69 - SBI: prefs.js [Martine - axv86c3u.default] user_pref("extensions.crossriderapp19962.lastcheckitem", 23031199); =>PUP.CrossRider
O69 - SBI: prefs.js [Martine - axv86c3u.default] user_pref("extensions.crossriderapp19962.statsDailyCounter", 9); =>PUP.CrossRider
O69 - SBI: prefs.js [Martine - axv86c3u.default] user_pref("extensions.crossriderapp4479.4479.InstallationTime", 1381603372); =>PUP.CrossRider
O69 - SBI: prefs.js [Martine - axv86c3u.default] user_pref("extensions.crossriderapp4479.4479.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500"); =>PUP.CrossRider
O69 - SBI: prefs.js [Martine - axv86c3u.default] user_pref("extensions.crossriderapp4479.4479.cookie.InstallationTime.value", "1381603372"); =>PUP.CrossRider
O69 - SBI: prefs.js [Martine - axv86c3u.default] user_pref("extensions.crossriderapp4479.bic", "141adfa6ca099c163e57e3744a41137c"); =>PUP.CrossRider
O69 - SBI: prefs.js [Martine - axv86c3u.default] user_pref("extensions.crossriderapp4479.firstrun", false); =>PUP.CrossRider
O69 - SBI: prefs.js [Martine - axv86c3u.default] user_pref("extensions.crossriderapp4479.installationdate", 1381603372); =>PUP.CrossRider
O69 - SBI: prefs.js [Martine - axv86c3u.default] user_pref("extensions.crossriderapp4479.lastcheck", 23031168); =>PUP.CrossRider
O69 - SBI: prefs.js [Martine - axv86c3u.default] user_pref("extensions.crossriderapp4479.lastcheckitem", 23031199); =>PUP.CrossRider
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
~ Keys:  Scanned in 00mn 00s



---\\ Enumère les fichiers Crack & Keygen (CKF) (O82)
C:\Users\Martine\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#crackle.com\settings.sol
C:\Users\Martine\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#crackle.com\settings.sol
~ Files:  Scanned in 02mn 20s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.F836F8F03E8D92339289629B6155A13B] [SPRF][2009-12-28] (...) -- C:\ProgramData\ezsidmv.dat   [56]
[MD5.4944061495A29666114571167313DA42] [SPRF][2008-09-22] (...) -- C:\Users\Martine\AppData\Local\d3d8caps.dat   [552]
[MD5.3E34BE968715862965BD325660259AE3] [SPRF][2013-02-19] (...) -- C:\Users\Martine\AppData\Local\d3d9caps.dat   [1356]
[MD5.C4CA4238A0B923820DCC509A6F75849B] [SPRF][2008-04-28] (...) -- C:\Users\Martine\AppData\Local\gdia.dat   [1]
[MD5.A282B74ADB7726C007DDE900E0B2E9E9] [SPRF][2008-04-28] (...) -- C:\Users\Martine\AppData\Local\gnome.dat   [8]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][2011-11-30] (...) -- C:\Users\Martine\AppData\Roaming\wklnhst.dat   [0]
[MD5.AC799DA0E0E8789750D9219AFA698568] [SPRF][2013-04-08] (...) -- C:\Users\Martine\Desktop\a3gpset.exe   [4676944]
[MD5.31E39E9FF261030F71C0209C016580F4] [SPRF][2013-10-12] (...) -- C:\Users\Martine\Desktop\adwcleaner.exe   [1048960]
[MD5.749BCEB7D5A880E323B699199858FB71] [SPRF][2013-06-05] (.FileZilla Project - FileZilla FTP Client.) -- C:\Users\Martine\Desktop\FileZilla_3.7.0.2_win32-setup.exe   [4808816]
[MD5.088812A121E0A9CEB40CE9C808C8A90C] [SPRF][2013-10-12] (.EFD Software - HD Tune Setup.) -- C:\Users\Martine\Desktop\hd-tune_hd_tune_2.55_anglais_12775.exe   [642632]
[MD5.4CFB1526D8B8B3CD9B083E3C5DB10C50] [SPRF][2013-10-11] (.Pas de propriétaire - Configuration du PC.) -- C:\Users\Martine\Desktop\PCConfig.exe   [2271542]
[MD5.7BDDC4BBD95F60ADCF3CB8597580BB76] [SPRF][2013-04-13] (...) -- C:\Users\Martine\Desktop\PDFT30.exe   [271813029]
[MD5.666BD24BE5A29F1FF17D91CC280BD2EE] [SPRF][2013-10-12] (.Pas de propriétaire - Nettoyage des fichiers temporaires.) -- C:\Users\Martine\Desktop\SFTGC.exe   [1064060]
[MD5.46E2D72A986DCEF5B2827311E3B5C2EC] [SPRF][2009-01-15] (.Kiwee - Installer Control.) -- C:\Windows\Downloaded Program Files\InstallerControl.dll   [204800]
[MD5.22A276F8F08420E28E6A800914643D03] [SPRF][2007-06-10] (...) -- C:\Windows\Downloaded Program Files\QuickTimeInstaller(1).exe   [573440]
[MD5.3535F8E1DA7CBE9491771C7C0C388646] [SPRF][2007-06-10] (...) -- C:\Windows\Downloaded Program Files\QuickTimeInstaller.exe   [578728]
~ Files: 29 Legitimates Filtered in 00mn 17s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{F94C1880-CF7A-4E3C-9C4C-C7F29D462E78}" | In - Public - P6 - TRUE | .(.Pas de propriétaire - AIOC exe.) -- C:\Program Files\Dell AIO Printer 946\DLCIaiox.exe
O87 - FAEL: "{01C8495C-0500-46C8-B1F7-881E0D6B97E4}" | In - Public - P17 - TRUE | .(.Pas de propriétaire - AIOC exe.) -- C:\Program Files\Dell AIO Printer 946\DLCIaiox.exe
O87 - FAEL: "{A0468C9F-818B-4495-8DF1-6205115975A3}" | In - Public - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\Bin\IncMail.exe
O87 - FAEL: "{05D53052-ED1C-4DE2-A676-BDEE4967BF39}" | In - Public - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\Bin\IncMail.exe
O87 - FAEL: "{9F41EF19-5E8B-4F04-8B22-7474632FC982}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe (.not file.) =>Adware.Bandoo
O87 - FAEL: "{15696DB8-9D34-4DF3-B36A-BDFBCEE1D538}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe (.not file.) =>Adware.Bandoo
O87 - FAEL: "{3EBCFD3D-96C4-41A6-AA6A-39D4B6C78C4B}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\Bin\IncMail.exe
O87 - FAEL: "{6B3055AB-D45F-4934-88FB-88326C6D00E1}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\Bin\IncMail.exe
O87 - FAEL: "{E26C70B6-7523-46F7-8421-52C8610BDDF2}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files\IncrediMail\Bin\ImApp.exe
O87 - FAEL: "{6D2B8E7B-1AC8-40D8-99A3-B94D2D02423E}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files\IncrediMail\Bin\ImApp.exe
O87 - FAEL: "{1C8256C5-0EDE-48D3-894F-F9485FE155EA}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files\IncrediMail\Bin\ImpCnt.exe
O87 - FAEL: "{1CBD4B18-898E-4180-A07A-299161EA3A66}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files\IncrediMail\Bin\ImpCnt.exe
O87 - FAEL: "{76AB0726-8141-4F28-9E4E-BC7A17FB9544}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files\IncrediMail\Bin\ImpCnt.exe
O87 - FAEL: "{FD424BD0-818F-4C21-821C-3113C49CBEE3}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files\IncrediMail\Bin\ImpCnt.exe
O87 - FAEL: "{AB10D55D-ABA5-4EB4-B3DA-792BD3284953}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files\IncrediMail\Bin\ImpCnt.exe
O87 - FAEL: "{D7F39914-AA61-4039-B3A1-B668049E3870}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files\IncrediMail\Bin\ImpCnt.exe
O87 - FAEL: "{3E4CE34E-50A3-470F-A82C-DA9673B93F89}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files\IncrediMail\Bin\ImpCnt.exe
O87 - FAEL: "{975A045C-E59F-4AFC-AB53-8019E5C3102D}" | In - Private - P6 - TRUE | .(.Pas de propriétaire - AIOC exe.) -- C:\Program Files\Dell AIO Printer 946\DLCIaiox.exe
O87 - FAEL: "{F83B1E73-244F-4074-965B-8C129FCFFC79}" | In - Private - P17 - TRUE | .(.Pas de propriétaire - AIOC exe.) -- C:\Program Files\Dell AIO Printer 946\DLCIaiox.exe
O87 - FAEL: "TCP Query User{6CA2B081-CEB7-4595-87E0-6CA00846F1BA}C:\users\martine\desktop\pcconfig.exe" | In - Private - P6 - TRUE | .(.Pas de propriétaire - Configuration du PC.) -- C:\users\martine\desktop\pcconfig.exe
O87 - FAEL: "UDP Query User{FF375289-EFD4-4E47-AD10-9B29CF6617A5}C:\users\martine\desktop\pcconfig.exe" | In - Private - P17 - TRUE | .(.Pas de propriétaire - Configuration du PC.) -- C:\users\martine\desktop\pcconfig.exe
O87 - FAEL: "{D95DDA3B-43A6-4B66-A410-8BE24BA16C9A}" |In - Private - P6 - TRUE | .(...) -- C:\Users\Martine\AppData\Local\iLivid\iLivid.exe (.not file.) =>Adware.Bandoo
O87 - FAEL: "{C9DC2430-3DBC-4481-B730-8097B58D4571}" |In - Private - P17 - TRUE | .(...) -- C:\Users\Martine\AppData\Local\iLivid\iLivid.exe (.not file.) =>Adware.Bandoo
~ Firewall: 247 Legitimates Filtered in 00mn 02s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "0A70FDE3263018847A27DEE4663D80A4" . (.Barbie(R) idesign(TM) Ultimate Stylist(TM).) -- C:\Windows\Installer\{3EDF07A0-0362-4881-A772-ED4E66D3084A}\ARPPRODUCTICON.exe
O90 - PUC: "49C22FC2963140C4A9F54ACBD6195B80" . (.IncrediMail.) -- C:\Windows\Installer\{2CF22C94-1369-4C04-9A5F-A4BC6D91B508}\ARPPRODUCTICON.exe
~ Update Products: 64 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.1961AC1D29439E2EC6C9DA552D3B4AFA] [WIS][2012-11-24] (.Gorilla Games - Barbie(R) idesign(TM) Ultimate Stylist(TM).) -- C:\Windows\Installer\69c93.msi   [21746176]
[MD5.A10EB92BEB2DEC0B192380542D6E9171] [WIS][2013-01-23] (.IncrediMail - IncrediMail.) -- C:\Windows\Installer\92370a4.msi   [2833408]
~ WIS: 65 Legitimates Filtered in 00mn 06s



---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Disabled 2013-05-10 65640 |  (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Disabled 2013-09-19 257416 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Disabled 2011-10-24 55144 |  (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 2006-12-08 537480 |  (dlci_device) . (...) - C:\Windows\system32\dlcicoms.exe
SS - | Disabled 2010-06-22 30192 |  (GoogleDesktopManager-051210-111108) . (.Google.) - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
SS - | Disabled 2010-03-17 135664 |  (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Disabled 2010-03-17 135664 |  (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Auto 2011-09-06 194104 |  (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Disabled 2004-10-22 73728 |  (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
SS - | Demand 2011-11-13 821608 |  (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 2013-04-04 418376 |  (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 2013-04-04 701512 |  (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Disabled 2011-10-18 166288 |  (McShield) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
SR - | Auto 2011-10-18 160608 |  (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
SR - | Auto 2011-10-18 150856 |  (mfevtp) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
SS - | Demand 2013-09-10 118680 |  (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Disabled 2011-08-24 430136 |  (PMBDeviceInfoProvider) . (.Sony Corporation.) - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
SR - | Auto 2013-09-20 84328 |  (Registry Helper Service) . (.SafeApp Software, LLC.) - C:\Program Files\Registry Helper\RegistryHelperService.exe
SS - | Disabled 2013-02-28 161384 |  (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Auto 2008-01-19 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 2008-01-19 21504 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services:  Scanned in 00mn 07s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Martine at 2013-10-15 17:23:38

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll sfsync02.sys storport.sys nvstor32.sys 
C:\Windows\System32\drivers\sfsync02.sys Protection Technology StarForce Protection System
C:\Windows\system32\DRIVERS\nvstor32.sys NVIDIA Corporation NVIDIA nForce(TM) SATA Driver
1 ntkrnlpa!IofCallDriver[0x82077912] >> \Device\Harddisk0\DR0[0x86819A78]
kernel: MBR read successfully
user & kernel MBR OK 
~ MBR: 15 Legitimates Filtered in 00mn 02s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Martine at 2013-10-15 17:23:40

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR:  Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : 12948 - (2013-10-15)
Clés trouvées (Keys found) : 19
Valeurs trouvées (Values found) : 5
Dossiers trouvés  (Folders found) : 12
Fichiers trouvés  (Files found) : 4

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Browsersafeguard]   =>PUP.BrowserSafeguard^
[HKLM\Software\Classes\TypeLib\{495874fe-4a82-4ad1-9476-0b957e0b95eb}]   =>Adware.AdMedia
[HKLM\Software\Classes\AppID\{87E8D7F8-7052-42a2-B48B-674C1F700A0B}]   =>PUP.BearShare
[HKLM\Software\Classes\TypeLib\{87E8D7F8-7052-42a2-B48B-674C1F700A0B}]   =>PUP.BearShare
[HKLM\Software\Classes\Interface\{ec1a2105-5621-440f-987d-27ef428131d9}]   =>Adware.BHO
[HKLM\Software\Classes\AppID\BearShare.exe]   =>PUP.BearShare
[HKCU\Software\iwin]   =>Adware.iWinArcade
[HKLM\Software\iwin]   =>Adware.iWinArcade
[HKLM\Software\VBMZ]   =>Toolbar.Conduit
[HKCU\Software\Mixi.DJ]   =>Toolbar.MixiDJ
[HKCU\Software\iWin.com Games]   =>Adware.iWinArcade
[HKCU\Software\iWinArcade]   =>Adware.iWinArcade
[HKLM\Software\iWinArcade]   =>Adware.iWinArcade
[HKLM\Software\Classes\agcore.Text.JSON]   =>Adware.BHO
[HKLM\Software\Classes\IncrediSpooler.DeltaSync]   =>Toolbar.DeltaSearch
[HKLM\Software\Classes\IncrediSpooler.DeltaSync.1]   =>Toolbar.DeltaSearch
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110111991162}]   =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}]   =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111991162}]   =>PUP.CrossRider
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:iLivid   =>Adware.Bandoo^
C:\Users\Martine\AppData\Roaming\Mozilla\Firefox\Profiles\axv86c3u.default\9518042e-7ad6-4dac-b377-056e28d00c8f@f1cc0a13-4df1-4d66-938f-088db8838882.com   =>Adware.SolidSavings^
C:\Users\Martine\AppData\Roaming\Mozilla\Firefox\Profiles\axv86c3u.default\crossriderapp19962@crossrider.com   =>PUP.RewardsArcade^
C:\Users\Martine\AppData\Roaming\Mozilla\Firefox\Profiles\axv86c3u.default\crossriderapp4479@crossrider.com   =>Adware.VidSaver^
C:\Users\Martine\AppData\Roaming\Mozilla\Firefox\Profiles\axv86c3u.default\{3112ca9c-de6d-4884-a869-9855de68056c}   =>Toolbar.Google^
C:\Program Files\BearShareTb   =>PUP.BearShare^
C:\ProgramData\iWin Games   =>Adware.FunWebProducts)^
C:\Users\Martine\AppData\Roaming\WhiteSmoke   =>PUP.WhiteSmoke^
C:\Program Files\iWin.com   =>Adware.iWinArcade
C:\Program Files\iWin.com Games   =>Adware.iWinArcade
C:\ProgramData\{9CD61942-8DA1-4781-925C-4FE1471E0820}   =>Toolbar.Conduit
C:\Users\Martine\AppData\Local\Google\Chrome\User Data\Default\Extensions\dloejdefkancmfajekobpfoacecnhpgp   =>Adware.Bandoo
C:\Users\Martine\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbffombmdffoemfimpemoaaplncjdgfm   =>Toolbar.IncrediMail
C:\Windows\Tasks\PC Medkit.job   =>Adware.iHaveNet^
[HKCU\Software\BearShare]   =>PUP.BearShare^
[HKCU\Software\WhiteSmoke]   =>PUP.WhiteSmoke^
[HKLM\Software\WhiteSmoke]   =>PUP.WhiteSmoke^
~ Additionnel Scan: 365904 Items scanned in 00mn 41s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/27852918-adware-solidsavings   =>Adware.SolidSavings
~ http://nicolascoolman.webs.com/apps/blog/show/28000037-pup-rewardsarcade    =>PUP.RewardsArcade
~ http://nicolascoolman.webs.com/apps/blog/show/27557062-adware-vidsaver   =>Adware.VidSaver
~ http://nicolascoolman.webs.com/apps/blog/show/32384220-toolbar-google   =>Toolbar.Google
~ http://nicolascoolman.webs.com/apps/blog/show/26705717-pup-bearshare   =>PUP.BearShare
~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo  =>Adware.Bandoo
~ http://nicolascoolman.webs.com/apps/blog/show/32799788-pup-browsersafeguard   =>PUP.BrowserSafeguard
~ http://nicolascoolman.webs.com/apps/blog/show/27636417-pup-whitesmoke   =>PUP.WhiteSmoke
~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider   =>PUP.CrossRider
~ http://nicolascoolman.webs.com/apps/blog/show/28766471-adware-iwinarcade  =>Adware.iWinArcade
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit   =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch   =>Toolbar.DeltaSearch
~ MSI: 12 link(s) detected in 00mn 41s



~ 2765 Legitimates filtered by white list
End of the scan (791 lines in 27mn 12s)(2)