~ Rapport de ZHPDiag v2013.10.18.49 - Nicolas Coolman (2013-10-18) ~ Lancé par Martine (2013-10-18 19:54:00) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/ ~ Traduit par Nicolas Coolman ~ Etat de la version : ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Deactivate by program ---\\ Navigateurs Internet MSIE: Internet Explorer v9.0.8112.16421 MFIE: Mozilla Firefox 24.0 (Defaut) GCIE: Google Chrome ---\\ Informations sur les produits Windows ~ Langage: Français Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002) Windows Server License Manager Script : OK Windows Automatic Updates : OK ---\\ Logiciels de protection du système Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft Security Client v2.1.1116.0 ---\\ Logiciels d'optimisation du système ---\\ Logiciels de partage PeerToPeer ---\\ Surveillance de Logiciels Adobe Flash Player 11 Plugin ---\\ Informations sur le système ~ Processor: x86 Family 15 Model 107 Stepping 1, AuthenticAMD ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 3005 MB (69% free) System Restore: Activé (Enable) System drive C: has 50 GB (22%) free of 223 GB ---\\ Mode de connexion au système ~ Computer Name: PC-GRANTHAM-MAR ~ User Name: Martine ~ All Users Names: Rose-Marie, Martine, Juliette, Guy, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Users\Martine\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\Martine\AppData\Roaming\ ~ %Desktop% : C:\Users\Martine\Desktop\ ~ %Favorites% : C:\Users\Martine\Favorites\ ~ %LocalAppData% : C:\Users\Martine\AppData\Local\ ~ %StartMenu% : C:\Users\Martine\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 50 Go of 223 Go) D: Hard drive, Flash drive, Thumb drive (Free 7 Go of 10 Go) E: CD-ROM drive (Not Inserted) F: Floppy drive, Flash card reader, USB Key (Free 1 Go of 2 Go) G: Floppy drive, Flash card reader, USB Key (Not Inserted) ---\\ Etat du Centre de Sécurité Windows ~ Security Center: 45 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.2009-04-11 - 01:27:36.) -- C:\Windows\Explorer.exe [2926592] [MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.2008-01-19 - 02:33:37.) -- C:\Windows\System32\Wininit.exe [96768] [MD5.02F98B5C0E397AD06124D84428CF8F1A] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.2011-11-03 - 17:39:47.) -- C:\Windows\System32\wininet.dll [1127424] [MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.2009-04-11 - 01:28:13.) -- C:\Windows\System32\Winlogon.exe [314368] [MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.2011-04-21 - 08:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408] [MD5.9E7E85EC61D1C9C3171CC08427108863] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.2007-05-16 - 13:14:47.) -- C:\Windows\system32\Drivers\atapi.sys [21688] [MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.2008-01-19 - 00:28:02.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144] [MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.2009-04-10 - 23:39:17.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072] [MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.2011-04-14 - 09:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264] [MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.2009-04-10 - 23:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152] [MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.2008-01-19 - 00:49:18.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784] [MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.2008-01-19 - 00:56:28.) -- C:\Windows\system32\Drivers\IpNat.sys [100864] [MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.2011-04-29 - 08:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496] [MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.2009-04-10 - 23:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856] [MD5.6A4A98CEE84CF9E99564510DDA4BAA47] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.2009-04-11 - 01:32:49.) -- C:\Windows\system32\Drivers\ntfs.sys [1083880] [MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.2006-11-02 - 03:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360] [MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.2008-01-19 - 00:56:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288] [MD5.0245418224CFA77BF4B41C2FE0622258] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.2007-05-16 - 13:14:10.) -- C:\Windows\system32\Drivers\rdpdr.sys [242688] [MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.2009-04-10 - 23:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560] [MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.2009-04-10 - 23:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192] [MD5.147281C01FCB1DF9252DE2A10D5E7093] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.2009-04-11 - 01:32:55.) -- C:\Windows\system32\Drivers\volsnap.sys [226280] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 2/14500 ~ Mes musiques (My Musics) : 9/1282 ~ Mes Videos (My Videos) : 1/69 ~ Mes Favoris (My Favorites) : 1/107 ~ Mes Documents (My Documents) : 2/1542 ~ Mon Bureau (My Desktop) : 10/5122 ~ Menu demarrer (Programs) : 1/32 ~ Hidden Files: Scanned in 00mn 11s ---\\ Processus lancés [MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.3900] [MD5.0D7BF641151539AE14889C2080C80592] - (.Dell - DellDevice Monitor.) -- C:\Program Files\Dell AIO Printer 946\DLCImon.exe [435696] [PID.2120] [MD5.C1DB9BDF885C2F1ADC15264FBEA2788F] - (.Pas de propriétaire - HOSTS Anti-PUPs/Adwares.) -- C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe [302961] [PID.3732] [MD5.62BB79160F86CD962F312C68C6239BFD] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53472] [PID.3452] [MD5.3DEBC4F06BA637D7EE7BB1A69AC79052] - (.Nicolas Coolman - ZHPDiag.) -- C:\Users\Martine\Desktop\ZHPDiag\ZHPDiag.exe [8102912] [PID.724] [MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.484] [MD5.CFCE43B70CA0CC4DCC8ADB62B792B173] - (.Microsoft Corporation - Antimalware Service Executable.) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [11736] [PID.992] [MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1360] [MD5.A4C7EB91404F4D9B2F08BF7667D5E163] - (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\system32\dlcicoms.exe [537480] [PID.772] [MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.1840] [MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.1340] [MD5.AD52269897626D614B31E153F5C5D65C] - (.McAfee, Inc. - McAfee Process Validation Service.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [150856] [PID.340] [MD5.31E023681015C35EBFE1498B07813B87] - (.Microsoft Corporation - MsCamSvc.exe.) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe [139120] [PID.424] [MD5.3F17534B8867854113DF2B45FFF3ACF5] - (.McAfee, Inc. - McAfee Core Firewall Service.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [160608] [PID.2100] [MD5.A5CB074F34BBD89948E34A630D459C0C] - (.Microsoft Corporation - Microsoft Network Inspection System.) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [208944] [PID.2384] [MD5.8F0DE4FEF8201E306F9938B0905AC96A] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files\Google\Update\GoogleUpdate.exe [135664] [PID.3320] ~ Processes Running: Scanned in 00mn 00s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\Martine\AppData\Local\Google\Chrome\User Data\Default\Preferences ~ Google Browser: 0 Legitimates Filtered in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\Martine\AppData\Roaming\Mozilla\Firefox\Profiles\axv86c3u.default\prefs.js ~ Firefox Browser: 19 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 653 ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar\WebBrowser: (no name) - [HKCU]{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} Clé orpheline O3 - Toolbar\WebBrowser: (no name) - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Desktop [Public]: Free YouTube to MP3 Converter.lnk . (.DVDVideoSoft Ltd. - FreeYouTubeToMP3Converter.) -- C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe O4 - GS\Desktop [Public]: MiniTool Partition Wizard Home Edition.lnk . (...) -- C:\Program Files\MiniTool Partition Wizard Home Edition 8.1.1\loader.exe O4 - GS\Desktop [Public]: OpenOffice 4.0.0.lnk . (.Apache Software Foundation - OpenOffice 4.0.0.) -- C:\Program Files\OpenOffice 4\program\soffice.exe O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O4 - GS\QuickLaunch [Rose-Marie]: Apple Safari.lnk . (...) -- C:\Windows\Installer\{AFAC914D-9E83-4A89-8ABE-427521C82CCF}\SafariIco.exe O4 - GS\QuickLaunch [Rose-Marie]: BearShare.lnk . (...) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe (.not file.) =>PUP.BearShare O4 - GS\QuickLaunch [Rose-Marie]: Go to RealArcade.lnk . (...) -- C:\Program Files\RealArcade\RealArcade.exe (.not file.) O4 - GS\QuickLaunch [Rose-Marie]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Program [Rose-Marie]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\SystemTools [Rose-Marie]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Desktop [Rose-Marie]: BeTrapped!.lnk . (...) -- C:\Program Files\MumboJumbo\Inspector Parker Mystery Bundle\BeTrapped!\BeTrapped.exe (.not file.) O4 - GS\Desktop [Rose-Marie]: Inspector Parker.lnk . (...) -- C:\Program Files\MumboJumbo\Inspector Parker Mystery Bundle\Inspector Parker\Parker.exe (.not file.) O4 - GS\Desktop [Rose-Marie]: LMSOFT Web Creator 4.lnk . (...) -- C:\Program Files\LMSOFT Web Creator 4\WebCreator4.exe (.not file.) O4 - GS\Desktop [Rose-Marie]: RegCleaner.lnk . (...) -- C:\Program Files\RegCleaner\RegCleanr.exe O4 - GS\Desktop [Rose-Marie]: Safari.lnk - Clé orpheline O4 - GS\Desktop [Rose-Marie]: Tukanas Files Converter.lnk . (...) -- C:\Program Files\Tukanas Files Converter\UNWISE.exe (.not file.) O4 - GS\QuickLaunch [Martine]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O4 - GS\Program [Martine]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\SystemTools [Martine]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\SendTo [Martine]: Print to Fax.lnk . (...) -- C:\Program Files\Dell AIO Printer 946\FAXTOOLS\SendFax.exe O4 - GS\Desktop [Martine]: chkdsk - Raccourci.lnk . (.Microsoft Corporation - Utilitaire de vérification de disque.) -- C:\Windows\System32\chkdsk.exe O4 - GS\Desktop [Martine]: HD Tune.lnk . (.EFD Software - HD Tune.) -- C:\Program Files\HD Tune\HDTune.exe O4 - GS\QuickLaunch [Juliette]: Apple Safari.lnk . (...) -- C:\Windows\Installer\{2EEC2A94-7204-45C6-93BB-67EAEB19E4D6}\SafariIco.exe O4 - GS\QuickLaunch [Juliette]: BearShare.lnk . (...) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe (.not file.) =>PUP.BearShare O4 - GS\QuickLaunch [Juliette]: Go to RealArcade.lnk . (...) -- C:\Program Files\RealArcade\RealArcade.exe (.not file.) O4 - GS\QuickLaunch [Juliette]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Program [Juliette]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\SystemTools [Juliette]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Desktop [Juliette]: BeTrapped!.lnk . (...) -- C:\Program Files\MumboJumbo\Inspector Parker Mystery Bundle\BeTrapped!\BeTrapped.exe (.not file.) O4 - GS\Desktop [Juliette]: Inspector Parker.lnk . (...) -- C:\Program Files\MumboJumbo\Inspector Parker Mystery Bundle\Inspector Parker\Parker.exe (.not file.) O4 - GS\Desktop [Juliette]: LMSOFT Web Creator 4.lnk . (...) -- C:\Program Files\LMSOFT Web Creator 4\WebCreator4.exe (.not file.) O4 - GS\Desktop [Juliette]: Play Puppy Luv Adventures.lnk . (...) -- C:\Program Files\Puppy Luv Adventures\PuppyLuvDE.exe (.not file.) O4 - GS\Desktop [Juliette]: RegCleaner.lnk . (...) -- C:\Program Files\RegCleaner\RegCleanr.exe O4 - GS\Desktop [Juliette]: Safari.lnk - Clé orpheline O4 - GS\Desktop [Juliette]: Tukanas Files Converter.lnk . (...) -- C:\Program Files\Tukanas Files Converter\UNWISE.exe (.not file.) O4 - GS\QuickLaunch [Guy]: Apple Safari.lnk . (...) -- C:\Windows\Installer\{AFAC914D-9E83-4A89-8ABE-427521C82CCF}\SafariIco.exe O4 - GS\QuickLaunch [Guy]: BearShare.lnk . (...) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe (.not file.) =>PUP.BearShare O4 - GS\QuickLaunch [Guy]: Go to RealArcade.lnk . (...) -- C:\Program Files\RealArcade\RealArcade.exe (.not file.) O4 - GS\QuickLaunch [Guy]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Program [Guy]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\SystemTools [Guy]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Desktop [Guy]: BeTrapped!.lnk . (...) -- C:\Program Files\MumboJumbo\Inspector Parker Mystery Bundle\BeTrapped!\BeTrapped.exe (.not file.) O4 - GS\Desktop [Guy]: Inspector Parker.lnk . (...) -- C:\Program Files\MumboJumbo\Inspector Parker Mystery Bundle\Inspector Parker\Parker.exe (.not file.) O4 - GS\Desktop [Guy]: RegCleaner.lnk . (...) -- C:\Program Files\RegCleaner\RegCleanr.exe ~ Global Startup: 124 Legitimates Filtered in 00mn 10s ---\\ Applications lancées au démarrage du sytème (O4) O4 - GS\Startup [Rose-Marie]: OpenOffice.org 2.2.lnk . (...) -- C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe (.not file.) O4 - GS\Startup [Rose-Marie]: OpenOffice.org 3.1.lnk . (...) -- C:\Program Files\OpenOffice.org 3\program\quickstart.exe (.not file.) O4 - GS\Startup [Rose-Marie]: StarOffice 8.lnk . (...) -- C:\Program Files\Sun\StarOffice 8\program\quickstart.exe (.not file.) O4 - GS\Startup [Guy]: OpenOffice.org 2.2.lnk . (...) -- C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe (.not file.) O4 - HKLM\..\Run: [DLCICATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCItime.dll (.not file.) O4 - HKLM\..\Run: [dlcimon.exe] . (.Dell - DellDevice Monitor.) -- C:\Program Files\Dell AIO Printer 946\dlcimon.exe O4 - HKLM\..\Run: [FaxCenterServer] . (.Pas de propriétaire - Fax Man Server.) -- C:\Program Files\Dell Fax Solutions\fm3032.exe O4 - HKLM\..\Run: [HOSTS Anti-Adware_PUPs] . (.Pas de propriétaire - HOSTS Anti-PUPs/Adwares.) -- C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe O4 - HKCU\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (.not file.) O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-2111685095-2842039935-3567830899-1000\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe =>.Microsoft Corporation ~ Application: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Site dans la Zone de confiance d'Internet Explorer (O15) O15 - Trusted Zone: [HKCU\...\Domains] *.dell.com O15 - Trusted Zone: [HKCU\...\Domains] http.mcafee.com ~ IE Zone Confiance: Scanned in 00mn 00s ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: CabBuilder (CabBuilder) - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} ((no name)) - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/fr/win/QuickTimeInstaller.exe O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ((no name)) - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab ~ Objets ActiveX: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{2B79011A-82AD-49E4-AD95-4F2659DBE8C3}: NameServer = 67.69.239.49 207.164.234.129 O17 - HKLM\System\CCS\Services\Tcpip\..\{EDE3EAD7-56CB-4D50-9AAB-F19706A18700}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{2B79011A-82AD-49E4-AD95-4F2659DBE8C3}: NameServer = 67.69.239.49 207.164.234.129 O17 - HKLM\System\CS1\Services\Tcpip\..\{EDE3EAD7-56CB-4D50-9AAB-F19706A18700}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{EDE3EAD7-56CB-4D50-9AAB-F19706A18700}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll =>.Microsoft Corporation O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} . (...) -- ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22) O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll ~ STS/SSO: Scanned in 00mn 00s ---\\ Tâches planifiées en automatique (O39) [MD5.00000000000000000000000000000000] [APT] [BFGLaunch_bfgclient] (...) -- C:\Program Files\bfgclient\bfgclient.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [wrSpySweeperTrialSweep] (...) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{05CFB9FC-C323-46F0-A2E3-E0C2A6D8ECC7}] (...) -- E:\setup.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{05D49E18-C5E6-49B1-B51A-40B7C5949798}] (...) -- E:\autorun.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{7AA93A88-B4D8-411A-B440-CB6CDDEBF577}] (...) -- E:\SETUP.exe (.not file.) [0] ~ Scheduled Task: 21 Legitimates Filtered in 00mn 04s ---\\ HKCU & HKLM Software Keys [HKCU\Software\Alterlab] [HKCU\Software\ELIGCHK] [HKCU\Software\Eyeblaster] [HKCU\Software\Fixie] [HKCU\Software\FxDrCl] [HKCU\Software\ITTNord] [HKCU\Software\Linksolutions] [HKCU\Software\TOPCMM] [HKCU\Software\Teyon] [HKLM\Software\AMPing] [HKLM\Software\DaycareNightmare2] [HKLM\Software\Gnosis Games] [HKLM\Software\Gnosis] [HKLM\Software\Katana] [HKLM\Software\MediaCenterPaths] [HKLM\Software\NGWare] [HKLM\Software\SDC Player] [HKLM\Software\TLC] ~ Key Software: 285 Legitimates Filtered in 00mn 01s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 2013-04-26 - 16:37:22 - [0] ----D C:\Program Files\ABC 3GP Converter O43 - CFD: 2009-11-03 - 19:42:13 - [0] ----D C:\Program Files\Anime Bowling Babes O43 - CFD: 2007-06-12 - 22:50:03 - [97,352] ----D C:\Program Files\Autofr O43 - CFD: 2008-07-13 - 14:04:21 - [0,040] ----D C:\Program Files\Baby Blimp O43 - CFD: 2009-11-15 - 15:21:09 - [0] ----D C:\Program Files\Baby Luv O43 - CFD: 2013-10-16 - 19:23:20 - [0,009] ----D C:\Program Files\Candace Kane's Candy Factory O43 - CFD: 2012-10-07 - 16:08:40 - [0] ----D C:\Program Files\Carlton Books O43 - CFD: 2009-06-19 - 18:37:23 - [0,022] ----D C:\Program Files\CookingAcademy2_at O43 - CFD: 2012-10-07 - 16:01:20 - [39,514] ----D C:\Program Files\Family Restaurant O43 - CFD: 2012-10-07 - 16:01:21 - [0,006] ----D C:\Program Files\Fashion Craze O43 - CFD: 2011-04-24 - 11:36:10 - [0,001] ----D C:\Program Files\Hollywood Pets O43 - CFD: 2009-11-15 - 15:38:58 - [0,024] ----D C:\Program Files\Puppy Luv O43 - CFD: 2009-11-15 - 15:40:11 - [0,004] ----D C:\Program Files\Sallys Salon O43 - CFD: 2009-11-15 - 15:40:54 - [0,008] ----D C:\Program Files\Sallys Spa O43 - CFD: 2009-11-24 - 12:17:54 - [0] ----D C:\Program Files\The Tuttles O43 - CFD: 2007-11-16 - 15:13:13 - [3,950] ----D C:\Program Files\TLC O43 - CFD: 2010-09-08 - 13:07:18 - [0,003] ----D C:\ProgramData\12A O43 - CFD: 2009-08-10 - 10:51:38 - [0,002] ----D C:\ProgramData\25262 O43 - CFD: 2008-04-11 - 04:33:06 - [17,810] ----D C:\ProgramData\Alterlab O43 - CFD: 2011-06-29 - 06:08:45 - [0,003] ----D C:\ProgramData\clp O43 - CFD: 2010-06-29 - 08:27:01 - [0,002] ----D C:\ProgramData\DigiCont O43 - CFD: 2008-03-31 - 05:21:08 - [3,094] ----D C:\ProgramData\Fashion Solitaire 1.2 O43 - CFD: 2012-06-28 - 10:44:14 - [0] ----D C:\ProgramData\Fixie O43 - CFD: 2008-05-21 - 15:56:11 - [0,010] ----D C:\ProgramData\Lifetime O43 - CFD: 2008-04-10 - 16:45:06 - [0,241] ----D C:\ProgramData\Megastore Madness O43 - CFD: 2008-03-14 - 12:29:19 - [0,001] ----D C:\ProgramData\n7-89-o9-3r-4t-r9 O43 - CFD: 2008-04-28 - 05:24:32 - [7,528] ----D C:\ProgramData\Pets Fun House O43 - CFD: 2008-03-01 - 07:18:08 - [12,683] ----D C:\ProgramData\VogueTales O43 - CFD: 2012-10-07 - 16:07:30 - [3,412] --H-D C:\ProgramData\~1 O43 - CFD: 2008-12-08 - 18:32:19 - [0,026] ----D C:\Users\Martine\AppData\Roaming\BFG_JanesRealty O43 - CFD: 2007-11-30 - 13:27:19 - [0,058] ----D C:\Users\Martine\AppData\Roaming\Eyeblaster O43 - CFD: 2012-06-28 - 10:44:15 - [1,109] ----D C:\Users\Martine\AppData\Roaming\Fixie O43 - CFD: 2009-06-27 - 10:14:19 - [3,308] ----D C:\Users\Martine\AppData\Roaming\Fuzzy Games O43 - CFD: 2012-06-28 - 10:57:21 - [0] ----D C:\Users\Martine\AppData\Roaming\FxDrCl O43 - CFD: 2009-06-29 - 09:39:47 - [0,010] ----D C:\Users\Martine\AppData\Roaming\ITTNord O43 - CFD: 2008-10-20 - 07:09:59 - [0,002] ----D C:\Users\Martine\AppData\Roaming\iWin_DressUpRush O43 - CFD: 2008-10-18 - 13:10:07 - [0,036] ----D C:\Users\Martine\AppData\Roaming\iWin_JanesRealty O43 - CFD: 2011-03-31 - 19:39:05 - [0,002] ----D C:\Users\Martine\AppData\Roaming\Mondou.A15764D5156612413EFCD55C47961909C8BF9BB1.1 O43 - CFD: 2011-05-31 - 09:47:50 - [2,704] ----D C:\Users\Martine\AppData\Roaming\MP3Rocket O43 - CFD: 2009-06-13 - 18:14:40 - [0,009] ----D C:\Users\Martine\AppData\Roaming\Pi Eye Games O43 - CFD: 2009-07-22 - 17:49:31 - [0,055] ----D C:\Users\Martine\AppData\Roaming\Reflexive_Janes_Realty O43 - CFD: 2009-08-31 - 20:51:08 - [0] ----D C:\Users\Martine\AppData\Local\ICS ~ Program Folder: 395 Legitimates Filtered in 00mn 54s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.A6C28FC0C3F31E3DB980A75958273B28] - 2013-10-07 - 15:16:13 ---A- . (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\System32\dlcicfg.exe [381832] O44 - LFC:[MD5.E6AD9406ED28CB01FBC90E8395999333] - 2013-10-07 - 15:16:14 ---A- . (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\System32\dlcicomc.dll [684032] O44 - LFC:[MD5.454E20DF156B42BC4B14DC6E4414C1FF] - 2013-10-07 - 15:16:14 ---A- . (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\System32\dlcicomm.dll [421888] O44 - LFC:[MD5.C16EE66C704681BB47AC98809E2D77EA] - 2013-10-07 - 15:16:15 ---A- . (.Pas de propriétaire - CU bitmap resource DLL.) -- C:\Windows\System32\dlcicub.dll [86016] O44 - LFC:[MD5.43EE531BC15B19EEB0EFCF44E2A847BC] - 2013-10-07 - 15:16:15 ---A- . (.Pas de propriétaire - Cu DLL.) -- C:\Windows\System32\dlcicu.dll [73728] O44 - LFC:[MD5.80E67C1BB21A1DF4F24B6F87474243A5] - 2013-10-07 - 15:16:15 ---A- . (.Pas de propriétaire - Cu resource DLL.) -- C:\Windows\System32\dlcicur.dll [36864] O44 - LFC:[MD5.A4C7EB91404F4D9B2F08BF7667D5E163] - 2013-10-07 - 15:16:15 ---A- . (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\System32\dlcicoms.exe [537480] O44 - LFC:[MD5.1DB146716891A253A8C0A250F2BD326A] - 2013-10-07 - 15:16:16 ---A- . (...) -- C:\Windows\System32\dlcihelp.chm [291764] O44 - LFC:[MD5.D45AADF2C95A91DB5F4E222D16F05A24] - 2013-10-07 - 15:16:16 ---A- . (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\System32\dlcihbn3.dll [696320] O44 - LFC:[MD5.1B5A7CE3E532490B1398EEFCFE0D476F] - 2013-10-07 - 15:16:17 ---A- . (.Pas de propriétaire - INS bitmap resource DLL.) -- C:\Windows\System32\dlciinsb.dll [176128] O44 - LFC:[MD5.0020A07DF1F0F5ECC9511A01978403CB] - 2013-10-07 - 15:16:17 ---A- . (.Pas de propriétaire - Ins resource DLL.) -- C:\Windows\System32\dlciinsr.dll [114688] O44 - LFC:[MD5.8A297D7BA913C51B7EA3ABFBB4D9C2F7] - 2013-10-07 - 15:16:17 ---A- . (.Pas de propriétaire - Jsw resource DLL.) -- C:\Windows\System32\dlcijswr.dll [135168] O44 - LFC:[MD5.57BE21279F0DC37FB42208CA76DF55F3] - 2013-10-07 - 15:16:17 ---A- . (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\System32\dlciih.exe [385928] O44 - LFC:[MD5.1E94BE9356E6B2481CDA48D0DBA29C01] - 2013-10-07 - 15:16:17 ---A- . (.Pas de propriétaire - ins DLL.) -- C:\Windows\System32\dlciins.dll [159744] O44 - LFC:[MD5.2A0C32CB84C6313400EF1B8626307C55] - 2013-10-07 - 15:16:18 ---A- . (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\System32\dlcilmpm.dll [585728] O44 - LFC:[MD5.29A92F76359A5BD75146782C7A2A2C31] - 2013-10-07 - 15:16:18 ---A- . (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\System32\dlcipmui.dll [643072] O44 - LFC:[MD5.7AEAA7800620387C03A7C560BDB327EA] - 2013-10-07 - 15:16:18 ---A- . (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\System32\dlcipplc.dll [94208] O44 - LFC:[MD5.21AB55041668F9424A3698070A918A5A] - 2013-10-07 - 15:16:18 ---A- . (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\System32\dlciprox.dll [163840] O44 - LFC:[MD5.98D36796CC850C94DD6EDEC384ECE304] - 2013-10-07 - 15:16:19 ---A- . (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\System32\dlciserv.dll [1224704] O44 - LFC:[MD5.FCE162D9604C08F2A0D60A674B64699D] - 2013-10-07 - 15:16:19 ---A- . (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\System32\dlciusb1.dll [991232] O44 - LFC:[MD5.91A9D940A9335BC14755F2027D44FB0E] - 2013-10-07 - 15:16:20 ---A- . (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\System32\dlciiesc.dll [397312] O44 - LFC:[MD5.D6B87681650DF6E516CC69EB3BD2C36B] - 2013-10-07 - 15:16:20 ---A- . (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\System32\dlciinpa.dll [413696] O44 - LFC:[MD5.C91F268F3CB4958FB89E0C3D10303BC9] - 2013-10-07 - 15:16:20 ---A- . (.Pas de propriétaire - utilities DLL.) -- C:\Windows\System32\dlciutil.dll [434176] O44 - LFC:[MD5.057108B7EFA273711413908461ADD507] - 2013-10-07 - 15:16:21 ---A- . (...) -- C:\Windows\System32\DLCIinst.dll [274432] O44 - LFC:[MD5.5B60FD90BADDF40B4199087E04F610E9] - 2013-10-07 - 15:16:21 ---A- . (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\System32\DLCIhcp.dll [323584] O44 - LFC:[MD5.CD0E2B2F2CAD53E5ED6AD8F9CEA15ACC] - 2013-10-07 - 15:18:13 ---A- . (...) -- C:\Windows\System32\dlcicoin.dll [344064] O44 - LFC:[MD5.6AABA6E8AD90DD2854B6309C06264E96] - 2013-10-07 - 15:23:01 ---A- . (...) -- C:\Windows\System32\LexFiles.ulf [23355] O44 - LFC:[MD5.88B84992EF2C7D597D365FD9F59E7DFD] - 2013-10-11 - 13:40:05 ---A- . (...) -- C:\Windows\System32\mfc45.dat [74703] O44 - LFC:[MD5.682AE0FFA6A865A8D137C43139BB4BCD] - 2013-10-11 - 15:52:26 ---A- . (...) -- C:\Windows\diagerr.xml [1905] O44 - LFC:[MD5.682AE0FFA6A865A8D137C43139BB4BCD] - 2013-10-11 - 15:52:26 ---A- . (...) -- C:\Windows\diagwrn.xml [1905] O44 - LFC:[MD5.9D00D015159B6ADF0980BAEEB5DCC5E4] - 2013-10-13 - 17:20:22 ----- . (...) -- C:\Windows\System32\pwdspio.sys [10320] O44 - LFC:[MD5.3A6489DCB6F28970B6BBD9687777FA00] - 2013-10-13 - 17:20:38 ----- . (...) -- C:\Windows\System32\pwdrvio.sys [15688] O44 - LFC:[MD5.048131BBA0D5D183F433F75A24ADDAC6] - 2013-10-13 - 17:20:39 ---A- . (...) -- C:\Windows\System32\pwNative.exe [2881848] O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 2013-10-15 - 21:45:13 R-HA- . (...) -- C:\Windows\WindowsShell.Manifest [749] O44 - LFC:[MD5.E432062293B158C93303F23318BA4130] - 2013-10-16 - 18:57:30 ---A- . (...) -- C:\Windows\ka.ini [180] ~ Files: 49 Legitimates Filtered in 01mn 47s ---\\ Enumération des clés de registre StartupReg (SMSR) (O53) O53 - SMSR:HKLM\...\startupreg\Anti Trojan Elite [Key] . (.ISecSoft - Pas de description.) -- C:\Program Files\Anti Trojan Elite\TJEnder.exe O53 - SMSR:HKLM\...\startupreg\AppleSyncNotifier [Key] . (...) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\ECenter [Key] . (...) -- c:\dell\E-Center\EULALauncher.exe O53 - SMSR:HKLM\...\startupreg\FaxCenterServer [Key] . (.Pas de propriétaire - Fax Man Server.) -- C:\Program Files\Dell Fax Solutions\fm3032.exe O53 - SMSR:HKLM\...\startupreg\NvCplDaemon [Key] . (...) -- C:\Windows\system32\NvCpl.dll (.not file.) O53 - SMSR:HKLM\...\startupreg\NvMediaCenter [Key] . (...) -- C:\Windows\system32\NvMcTray.dll (.not file.) O53 - SMSR:HKLM\...\startupreg\NvSvc [Key] . (...) -- C:\Windows\system32\nvsvc.dll (.not file.) O53 - SMSR:HKLM\...\startupreg\OtShot [Key] . (...) -- C:\Program Files\OtShot\otshot.exe (.not file.) ~ SMSR Keys: 28 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 ~ MWPS: 18 Legitimates Filtered in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:[MD5.E8F3F21A71720C84BCF423B80028359F] - 2006-11-02 - 04:51:34 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [316520] O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 2006-11-02 - 02:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029] ~ Drivers: 18 Legitimates Filtered in 00mn 00s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman O63 - Logiciel: RSIT - (.random/random.) ~ ADS: Scanned in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com ~ Keys: Scanned in 00mn 00s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.F836F8F03E8D92339289629B6155A13B] [SPRF][2009-12-28] (...) -- C:\ProgramData\ezsidmv.dat [56] [MD5.4944061495A29666114571167313DA42] [SPRF][2008-09-22] (...) -- C:\Users\Martine\AppData\Local\d3d8caps.dat [552] [MD5.3E34BE968715862965BD325660259AE3] [SPRF][2013-02-19] (...) -- C:\Users\Martine\AppData\Local\d3d9caps.dat [1356] [MD5.A282B74ADB7726C007DDE900E0B2E9E9] [SPRF][2008-04-28] (...) -- C:\Users\Martine\AppData\Local\gnome.dat [8] [MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][2011-11-30] (...) -- C:\Users\Martine\AppData\Roaming\wklnhst.dat [0] [MD5.AC799DA0E0E8789750D9219AFA698568] [SPRF][2013-04-08] (...) -- C:\Users\Martine\Desktop\a3gpset.exe [4676944] [MD5.2084AC9305E20BE7141DAC46902C5427] [SPRF][2013-10-17] (...) -- C:\Users\Martine\Desktop\adwcleaner.exe [1050644] [MD5.088812A121E0A9CEB40CE9C808C8A90C] [SPRF][2013-10-12] (.EFD Software - HD Tune Setup.) -- C:\Users\Martine\Desktop\hd-tune_hd_tune_2.55_anglais_12775.exe [642632] [MD5.4CFB1526D8B8B3CD9B083E3C5DB10C50] [SPRF][2013-10-11] (.Pas de propriétaire - Configuration du PC.) -- C:\Users\Martine\Desktop\PCConfig.exe [2271542] [MD5.7BDDC4BBD95F60ADCF3CB8597580BB76] [SPRF][2013-04-13] (...) -- C:\Users\Martine\Desktop\PDFT30.exe [271813029] [MD5.6C5498A4E64B01F2270EF04F00B4CBC5] [SPRF][2013-10-18] (...) -- C:\Users\Martine\Desktop\RogueKiller.exe [951808] [MD5.666BD24BE5A29F1FF17D91CC280BD2EE] [SPRF][2013-10-12] (.Pas de propriétaire - Nettoyage des fichiers temporaires.) -- C:\Users\Martine\Desktop\SFTGC.exe [1064060] [MD5.22A276F8F08420E28E6A800914643D03] [SPRF][2007-06-10] (...) -- C:\Windows\Downloaded Program Files\QuickTimeInstaller(1).exe [573440] [MD5.3535F8E1DA7CBE9491771C7C0C388646] [SPRF][2007-06-10] (...) -- C:\Windows\Downloaded Program Files\QuickTimeInstaller.exe [578728] ~ Files: 26 Legitimates Filtered in 00mn 07s ---\\ Liste des exceptions du parefeu (FirewallRules) (O87) O87 - FAEL: "{F94C1880-CF7A-4E3C-9C4C-C7F29D462E78}" | In - Public - P6 - TRUE | .(.Pas de propriétaire - AIOC exe.) -- C:\Program Files\Dell AIO Printer 946\DLCIaiox.exe O87 - FAEL: "{01C8495C-0500-46C8-B1F7-881E0D6B97E4}" | In - Public - P17 - TRUE | .(.Pas de propriétaire - AIOC exe.) -- C:\Program Files\Dell AIO Printer 946\DLCIaiox.exe O87 - FAEL: "{975A045C-E59F-4AFC-AB53-8019E5C3102D}" | In - Private - P6 - TRUE | .(.Pas de propriétaire - AIOC exe.) -- C:\Program Files\Dell AIO Printer 946\DLCIaiox.exe O87 - FAEL: "{F83B1E73-244F-4074-965B-8C129FCFFC79}" | In - Private - P17 - TRUE | .(.Pas de propriétaire - AIOC exe.) -- C:\Program Files\Dell AIO Printer 946\DLCIaiox.exe O87 - FAEL: "TCP Query User{6CA2B081-CEB7-4595-87E0-6CA00846F1BA}C:\users\martine\desktop\pcconfig.exe" | In - Private - P6 - TRUE | .(.Pas de propriétaire - Configuration du PC.) -- C:\users\martine\desktop\pcconfig.exe O87 - FAEL: "UDP Query User{FF375289-EFD4-4E47-AD10-9B29CF6617A5}C:\users\martine\desktop\pcconfig.exe" | In - Private - P17 - TRUE | .(.Pas de propriétaire - Configuration du PC.) -- C:\users\martine\desktop\pcconfig.exe ~ Firewall: 219 Legitimates Filtered in 00mn 01s ---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Disabled 2013-09-19 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe SR - | Auto 2006-12-08 537480 | (dlci_device) . (...) - C:\Windows\system32\dlcicoms.exe SS - | Disabled 2010-06-22 30192 | (GoogleDesktopManager-051210-111108) . (.Google.) - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe SS - | Disabled 2010-03-17 135664 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Disabled 2010-03-17 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Auto 2011-09-06 194104 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe SS - | Auto 2013-10-17 285795 | (HOSTS Anti-PUPs) . (...) - C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe SS - | Disabled 2004-10-22 73728 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe SS - | Demand 2011-11-13 821608 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SR - | Auto 2013-04-04 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe SR - | Auto 2013-04-04 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe SS - | Disabled 2011-10-18 166288 | (McShield) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe SR - | Auto 2011-10-18 160608 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe SR - | Auto 2011-10-18 150856 | (mfevtp) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe SS - | Demand 2013-09-10 118680 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe SS - | Disabled 2011-08-24 430136 | (PMBDeviceInfoProvider) . (.Sony Corporation.) - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe SS - | Auto 2008-01-19 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 2008-01-19 21504 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 04s ---\\ Scan Additionnel (O88) Database Version : 12949 - (2013-10-18) Clés trouvées (Keys found) : 0 Valeurs trouvées (Values found) : 3 Dossiers trouvés (Folders found) : 0 Fichiers trouvés (Files found) : 0 ~ Additionnel Scan: 294769 Items scanned in 00mn 34s ---\\ Récapitulatif des détections trouvées sur votre station ~ http://nicolascoolman.webs.com/apps/blog/show/26705717-pup-bearshare =>PUP.BearShare ~ MSI: 1 link(s) detected in 00mn 34s ~ 1620 Legitimates filtered by white list End of the scan (529 lines in 04mn 20s)(0)