Rapport de ZHPDiag v2013.4.13.73 par Nicolas Coolman, Update du 13/04/2013 Run by maison at 14/04/2013 08:39:50 State : Version à jour. High Elevated Privileges : OK UAC : Activate by user ---\\ Web Browser MSIE: Internet Explorer v9.0.8112.16421 GCIE: Google Chrome v26.0.1410.64 (Defaut) ---\\ Windows Product Information ~ Langage: Français Windows Vista Business Edition, 32-bit Service Pack 2 (Build 6002) Windows Server License Manager Script : OK ~ Vista, OEM_COA_SLP channel Windows ID Activation : OK ~ Windows Partial Key : FH49Y Windows License : OK Windows Automatic Updates : OK ---\\ System Protection avast! Free Antivirus v7.0.1466.0 ---\\ System Optimizer CCleaner v3.01 ---\\ Software Update Adobe Flash Player 11 ActiveX Adobe Reader X ---\\ System Information ~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 3036 MB (58% free) System Restore: Activé (Enable) System drive C: has 13 GB (11%) free of 116 GB ---\\ Logged in mode ~ Computer Name: PC-DE-MAISON ~ User Name: maison ~ All Users Names: maison, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Users\maison\AppData\Roaming\ ~ %Desktop% : C:\Users\maison\Desktop\ ~ %Favorites% : C:\Users\maison\Favorites\ ~ %LocalAppData% : C:\Users\maison\AppData\Local\ ~ %StartMenu% : C:\Users\maison\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 13 Go of 116 Go) D:\ Hard drive, Flash drive, Thumb drive (Free 106 Go of 107 Go) E:\ CD-ROM drive (Not Inserted) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK ~ Security Center: Scanned in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 07:27:36.) -- C:\Windows\Explorer.exe [2926592] [MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 - 03:24:09.) -- C:\Windows\System32\Wininit.exe [96768] [MD5.C5B6468422DB1C8AA36C32CBB0197E5E] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/02/2013 - 04:38:00.) -- C:\Windows\System32\wininet.dll [1129472] [MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 07:28:13.) -- C:\Windows\System32\Winlogon.exe [314368] [MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408] [MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 07:32:26.) -- C:\Windows\system32\Drivers\atapi.sys [19944] [MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:24:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144] [MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 05:39:17.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072] [MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264] [MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 05:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152] [MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:23:44.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784] [MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:24:51.) -- C:\Windows\system32\Drivers\IpNat.sys [100864] [MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496] [MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 05:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856] [MD5.6A4A98CEE84CF9E99564510DDA4BAA47] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.11/04/2009 - 07:32:49.) -- C:\Windows\system32\Drivers\ntfs.sys [1083880] [MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 09:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360] [MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/01/2008 - 03:25:21.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288] [MD5.943B18305EAE3935598A9B4A3D560B4C] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.11/04/2009 - 05:52:34.) -- C:\Windows\system32\Drivers\rdpdr.sys [248320] [MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 05:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560] [MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 05:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192] [MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/08/2012 - 12:47:42.) -- C:\Windows\system32\Drivers\volsnap.sys [224640] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 1/4 ~ Mes musiques (My Musics) : 0/215 ~ Mes Videos (My Videos) : 1/48 ~ Mes Favoris (My Favorites) : 1/5 ~ Mes Documents (My Documents) : 1/93 ~ Mon Bureau (My Desktop) : 6/894 ~ Menu demarrer (Programs) : 1/36 ~ Hidden Files: Scanned in 00mn 02s ---\\ Processus lancés [MD5.BB13432FA552AFCE8A66BCB5EE85F652] - (...) -- C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2569168] [PID.636] =>Toolbar.Babylon [MD5.BAD0D303EF0A519409C625738F3E10A3] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4282728] [PID.2812] [MD5.B9AA850CDA55097EB13E03698C8F5828] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [266776] [PID.3384] [MD5.98A078F838A70F84E1BD490D7C7675F4] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696] [PID.3624] [MD5.B19B204CABFA9F225618EDA4A90C1A2C] - (.Microsoft Corporation - Serveur de personnalisation d’entrée.) -- C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [198656] [PID.3652] [MD5.4E9592BB2C100E571F82640E59E9ECD5] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [1312720] [PID.2392] [MD5.7C5A4D3222DEA5570C8F08EC7FC74199] - (.Sun Microsystems, Inc. - Java(TM) Update Checker.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe [508136] [PID.1856] [MD5.00E193148E1DC8145CE4219900593705] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [6742016] [PID.3060] [MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.1744] [MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1408] [MD5.04AC21E821F259845BD7367CEE057290] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808] [PID.1836] [MD5.3927397AC60D943DAF8808AFFED582B7] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65192] [PID.1904] [MD5.CEDB27BACA286F063C3A11D44AF530AE] - (...) -- C:\Program Files\IB Updater\ExtensionUpdaterService.exe [188760] [PID.2072] ~ Processes Running: Scanned in 00mn 01s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\maison\AppData\Local\Google\Chrome\User Data\Default\Preferences G1 - GCS: Preference [User Data\Default] None ~ Google Browser: Scanned in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) ~ Firefox Browser: 9 Legitimates Scanned in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.foozir.com R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.searchs.at R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.searchs.at R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchs.at/keyword/ R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.searchs.at ~ IE Browser: 12 Legitimates Scanned in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ Keys: Scanned in 00mn 00s ---\\ Redirection du fichier Hosts (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 20 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: IB Updater Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} . (...) -- C:\Program Files\IB Updater\Extension32.dll O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} . (.Yontoo LLC - Yontoo Runtime.) -- C:\Program Files\Yontoo\YontooIEClient.dll =>PUP.Yontoo ~ BHO: 9 Legitimates Scanned in 00mn 00s ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: barre d'outils Orange - [HKLM]{c9a6357b-25cc-4bcf-96c1-78736985d412} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll O3 - Toolbar: avast! WebRep - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O3 - Toolbar: (no name) - [HKLM]{9E131A93-EED7-4BEB-B015-A0ADB30B5646} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [B2C_AGENT] . (.LG Electronics - B2C NotiAgent LGMobile Application.) -- C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe O4 - HKCU\..\Run: [ccleaner] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe O4 - HKCU\..\Run: [Update Service] . (.Teknum Systems AS - Pas de description.) -- C:\Program Files\Common Files\Teknum Systems\update.exe O4 - HKCU\..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (.not file.) O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll O4 - HKUS\S-1-5-21-1934202622-4051806568-1844207965-1000\..\Run: [ccleaner] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe O4 - HKUS\S-1-5-21-1934202622-4051806568-1844207965-1000\..\Run: [Update Service] . (.Teknum Systems AS - Pas de description.) -- C:\Program Files\Common Files\Teknum Systems\update.exe O4 - HKUS\S-1-5-21-1934202622-4051806568-1844207965-1000\..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (.not file.) ~ Application: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Programs: Microsoft SkyDrive.lnk . (.Microsoft Corporation - Microsoft SkyDrive.) -- C:\Users\maison\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe O4 - GS\QuickLaunch: google - Raccourci (2).lnk - Clé orpheline O4 - GS\QuickLaunch: google - Raccourci.lnk - Clé orpheline O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch: monAlbumPhoto.lnk . (.monAlbumPhoto - monAlbumPhoto.) -- C:\Program Files\monAlbumPhoto\monAlbumPhoto.exe O4 - GS\QuickLaunch: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\System32\WFS.exe O4 - GS\SendTo: Format Factory.lnk . (.Free Time - FormatFactory.) -- C:\Program Files\FreeTime\FormatFactory\FormatFactory.exe O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O4 - GS\Desktop: GOOGLE.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O4 - GS\Desktop: Microsoft Office Publisher 2003.lnk . (...) -- C:\Windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe O4 - GS\Desktop: monAlbumPhoto.lnk . (.monAlbumPhoto - monAlbumPhoto.) -- C:\Program Files\monAlbumPhoto\monAlbumPhoto.exe O4 - GS\Desktop: Poste de travail.lnk - Clé orpheline ~ Global Startup: Scanned in 00mn 01s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico O9 - Extra button: PokerStars.fr - {90EAE591-7E7E-434a-8E28-ECFD00071806} -- C:\Program Files\PokerStars.FR\main.ico (.not file.) O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Winsock hijacker (Layered Service Provider) (O10) ~ Winsock: 6 Legitimates Scanned in 00mn 00s ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {7ECB1A47-6647-4B2C-A8DA-675569C9FF15} ((no name)) - http://www.comboost.com/WebResource.axd?d=_w18RH1c50p6ifnGZA8CWXK_rCM-wW7ZOZatE0WMKBDr-ocQfoiyxIHm9xWdgEN96cEt-RGWogZUYWP49h09gQWxQb2gNukZyS0pXsOrJoVicbNa50gkG98_v9Emsq_vEJnqan6e2avjkZjZ07b9ZPKkFoZASNMOYGFj_XuuoC8aWk9N0&t=634535826618437500 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab ~ Objets ActiveX: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{0F1B8064-BDC0-4EDA-86F3-0F6FB8158D1F}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\..\{820E74CC-7FAE-4016-86C8-90DD010D5958}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{0F1B8064-BDC0-4EDA-86F3-0F6FB8158D1F}: DhcpDomain = lan O17 - HKLM\System\CS1\Services\Tcpip\..\{0F1B8064-BDC0-4EDA-86F3-0F6FB8158D1F}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CS1\Services\Tcpip\..\{820E74CC-7FAE-4016-86C8-90DD010D5958}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{0F1B8064-BDC0-4EDA-86F3-0F6FB8158D1F}: DhcpDomain = lan O17 - HKLM\System\CS2\Services\Tcpip\..\{0F1B8064-BDC0-4EDA-86F3-0F6FB8158D1F}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CS2\Services\Tcpip\..\{820E74CC-7FAE-4016-86C8-90DD010D5958}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{0F1B8064-BDC0-4EDA-86F3-0F6FB8158D1F}: DhcpDomain = lan O17 - HKLM\System\CS3\Services\Tcpip\..\{0F1B8064-BDC0-4EDA-86F3-0F6FB8158D1F}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CS3\Services\Tcpip\..\{820E74CC-7FAE-4016-86C8-90DD010D5958}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{0F1B8064-BDC0-4EDA-86F3-0F6FB8158D1F}: DhcpDomain = lan O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - AppInit_DLLs: . (...) - C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll =>Toolbar.Babylon ~ AppInit DLL: Scanned in 00mn 00s ---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21) ~ SSODL: 1 Legitimates Scanned in 00mn 00s ---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22) O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll ~ STS/SSO: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: BrowserProtect (BrowserProtect) . (...) - C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe =>Toolbar.Babylon O23 - Service: IB Updater (IB Updater) . (...) - C:\Program Files\IB Updater\ExtensionUpdaterService.exe O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe ~ Services: 7 Legitimates Scanned in 00mn 11s ---\\ Enumération Active Desktop & MHTML Editor (O24) O24 - Desktop General: BackupWallPaper - .(...) - C:\Users\maison\MAISON\PHOTOS\Domancy 07-09\Vues chez Soso\DSC00132.JPG O24 - Desktop General: WallPaper - .(...) - C:\Users\maison\MAISON\PHOTOS\Domancy 07-09\Vues chez Soso\DSC00132.JPG ~ Desktop Component: 1 Legitimates Scanned in 00mn 00s ---\\ BootExecute (O34) ~ BEX: 1 Legitimates Scanned in 00mn 00s ---\\ Tâches planifiées en automatique (O39) [MD5.00000000000000000000000000000000] [APT] [{1D720201-19F7-4CD6-A72D-7E674169AE6F}] (...) -- C:\Users\maison\Desktop\VDownloaderSetup-3.5.864.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{3DED1808-C307-4700-BC06-898B4B4F8490}] (...) -- C:\Users\maison\Desktop\isyfoli6.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{4A069EB2-6420-4EB7-A73C-3EEDB0B72240}] (...) -- E:\Setup.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{59C93343-CD2E-477F-A809-4C68443C22E5}] (...) -- E:\INSTALL.exe (.not file.) [0] ~ Scheduled Task: 19 Legitimates Scanned in 00mn 04s ---\\ Composants installés (ActiveSetup Installed Components) (O40) ~ Active Setup: 14 Legitimates Scanned in 00mn 00s ---\\ Pilotes lancés au démarrage (O41) ~ Drivers: 78 Legitimates Scanned in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: BannerZest - (.Aquafadas.) [HKCU] -- ee6e86a4821e87b9 O42 - Logiciel: BrowserProtect - (.Bit89 Inc.) [HKLM] -- {15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} =>Toolbar.Babylon O42 - Logiciel: IB Updater 2.0.0.574 - (.IncrediBar.) [HKLM] -- {336D0C35-8A85-403a-B9D2-65C292C39087}_is1 =>Adware.IncrediBar O42 - Logiciel: IB Updater Service - (...) [HKLM] -- WNLT O42 - Logiciel: Les instruments de musique - (...) [HKLM] -- Les instruments de musique O42 - Logiciel: Screen Recorder - (...) [HKLM] -- Screen Recorder O42 - Logiciel: ToolbarFR - (.Orange.) [HKLM] -- {A047FE02-C91C-41CB-898C-4ED21B86025A} O42 - Logiciel: Workspace - (.eInstruction.) [HKLM] -- {1A37508B-9B80-4525-AA14-98ECB1F7103D} O42 - Logiciel: Yontoo 1.10.02 - (.Yontoo LLC.) [HKLM] -- {889DF117-14D1-44EE-9F31-C5FB5D47F68B} =>PUP.Yontoo ~ Logic: 78 Legitimates Scanned in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\Acoolsoft] [HKCU\Software\AleoSoft] [HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider [HKCU\Software\AppDataLow\Software\bearsharemediabartb] =>PUP.BearShare [HKCU\Software\Awsdata] [HKCU\Software\BabylonToolbar] =>Toolbar.Babylon [HKCU\Software\BearShare] =>PUP.BearShare [HKCU\Software\Cabrilog] [HKCU\Software\ConvertDirect] [HKCU\Software\Cr_Installer] [HKCU\Software\DataMngr] =>PUP.Datamngr [HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr [HKCU\Software\GeoVid] [HKCU\Software\HandyBits] [HKCU\Software\IM] [HKCU\Software\ImInstaller] [HKCU\Software\IncrediMail] [HKCU\Software\InnoShock] [HKCU\Software\InstallCore] =>PUP.InstallCore [HKCU\Software\KeepVid] [HKCU\Software\Luidia] [HKCU\Software\OpenEuclide] [HKCU\Software\PTE] [HKCU\Software\RETZ] [HKCU\Software\River Past] [HKCU\Software\Softonic] [HKCU\Software\Softsoft Ltd.] [HKCU\Software\SweetIM] =>PUP.SweetIM [HKCU\Software\Teknum Systems] [HKCU\Software\WNLT] [HKCU\Software\ZD Soft] [HKLM\Software\Acoolsoft] [HKLM\Software\Application Updater] [HKLM\Software\AskTBar] [HKLM\Software\Awsdata] [HKLM\Software\Babylon] =>Toolbar.Babylon [HKLM\Software\DataMngr] =>PUP.Datamngr [HKLM\Software\DemoPhono] [HKLM\Software\Disk Doctor Labs Inc.] [HKLM\Software\IB Updater] [HKLM\Software\Iminent] =>Adware.IMBooster [HKLM\Software\IncrediMail] [HKLM\Software\Interkodex] [HKLM\Software\Luidia] [HKLM\Software\River Past] [HKLM\Software\SimplyGen] [HKLM\Software\SweetIM] =>PUP.SweetIM [HKLM\Software\Tarma Installer] =>Toolbar.Tarma [HKLM\Software\WnSoft] [HKLM\Software\freecordertoolbar] ~ Key Software: 329 Legitimates Scanned in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 02/05/2011 - 15:25:12 - [0,000] ----D C:\Program Files\AbulEdu O43 - CFD: 18/09/2010 - 09:08:11 - [2,859] ----D C:\Program Files\ALDI O43 - CFD: 09/09/2012 - 09:20:00 - [0] ----D C:\Program Files\Catalencoder O43 - CFD: 11/09/2010 - 07:17:18 - [3,561] ----D C:\Program Files\coverXP O43 - CFD: 23/10/2010 - 09:28:37 - [0] ----D C:\Program Files\Dyslexia O43 - CFD: 11/12/2010 - 14:37:24 - [0,059] ----D C:\Program Files\E-Book Systems O43 - CFD: 23/10/2010 - 09:30:11 - [0] ----D C:\Program Files\Fluendo O43 - CFD: 10/08/2010 - 20:13:53 - [0,719] ----D C:\Program Files\Free Music Zilla O43 - CFD: 06/08/2011 - 08:54:53 - [0,002] ----D C:\Program Files\GALLIMAR O43 - CFD: 25/03/2010 - 21:42:53 - [2,031] ----D C:\Program Files\HandyBits O43 - CFD: 08/03/2013 - 10:00:00 - [2,154] ----D C:\Program Files\IB Updater O43 - CFD: 18/12/2011 - 16:43:59 - [0] ----D C:\Program Files\IVCsoft O43 - CFD: 04/09/2010 - 08:52:12 - [0,000] ----D C:\Program Files\LimeWire O43 - CFD: 18/12/2011 - 18:36:13 - [0] ----D C:\Program Files\Luidia O43 - CFD: 08/12/2010 - 16:14:00 - [0] ----D C:\Program Files\OpenCandyDemoInstaller =>Adware.OpenCandy O43 - CFD: 10/09/2010 - 07:44:39 - [0,184] ----D C:\Program Files\Photo! O43 - CFD: 18/12/2011 - 16:40:55 - [0] ----D C:\Program Files\PokerStars.FR O43 - CFD: 30/01/2011 - 18:42:57 - [15,471] ----D C:\Program Files\puzmat O43 - CFD: 27/03/2013 - 16:28:00 - [0,848] ----D C:\Program Files\Screen Recorder O43 - CFD: 11/12/2010 - 16:11:17 - [0,125] ----D C:\Program Files\SoftSoft O43 - CFD: 20/12/2012 - 21:45:29 - [0] ----D C:\Program Files\Symaxe O43 - CFD: 29/10/2012 - 14:46:59 - [0,315] ----D C:\Program Files\Yontoo =>PUP.Yontoo O43 - CFD: 01/08/2012 - 08:43:50 - [0] ----D C:\Program Files\ZD Soft O43 - CFD: 09/08/2010 - 17:07:12 - [1,653] ----D C:\Program Files\Common Files\GeoVid O43 - CFD: 01/08/2010 - 10:11:16 - [0,530] -S--D C:\Program Files\Common Files\Teknum Systems O43 - CFD: 14/08/2010 - 16:25:48 - [0,003] ----D C:\ProgramData\30142 O43 - CFD: 17/05/2012 - 11:01:35 - [0,001] ----D C:\ProgramData\Ant O43 - CFD: 22/10/2012 - 13:49:51 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon O43 - CFD: 03/04/2013 - 16:42:01 - [7,108] ----D C:\ProgramData\BrowserProtect =>Toolbar.Babylon O43 - CFD: 21/08/2010 - 20:36:13 - [0] ----D C:\ProgramData\eMule O43 - CFD: 11/09/2010 - 07:03:59 - [0,003] ----D C:\ProgramData\River Past G5 O43 - CFD: 18/08/2010 - 10:36:52 - [1737,099] ----D C:\ProgramData\Studio14Trial O43 - CFD: 14/04/2013 - 08:23:12 - [1,655] ----D C:\ProgramData\Tarma Installer =>Toolbar.Tarma O43 - CFD: 01/06/2011 - 21:20:16 - [0,077] ----D C:\Users\maison\AppData\Roaming\aHisoft O43 - CFD: 22/10/2012 - 13:49:51 - [0,016] ----D C:\Users\maison\AppData\Roaming\Babylon =>Toolbar.Babylon O43 - CFD: 26/02/2010 - 18:38:30 - [0] ----D C:\Users\maison\AppData\Roaming\Configuration O43 - CFD: 10/08/2010 - 20:13:52 - [0] ----D C:\Users\maison\AppData\Roaming\FMZilla O43 - CFD: 09/08/2010 - 17:19:58 - [0,005] ----D C:\Users\maison\AppData\Roaming\GeoVid O43 - CFD: 03/04/2013 - 16:40:15 - [6,465] ----D C:\Users\maison\AppData\Roaming\OpenCandy =>Adware.OpenCandy O43 - CFD: 25/06/2012 - 21:11:56 - [0,006] ----D C:\Users\maison\AppData\Roaming\PPT2Video O43 - CFD: 22/08/2010 - 21:00:19 - [0,000] ----D C:\Users\maison\AppData\Roaming\River Past G5 O43 - CFD: 20/12/2012 - 21:45:53 - [2,360] ----D C:\Users\maison\AppData\Roaming\uTorrent O43 - CFD: 06/02/2011 - 12:09:57 - [0,000] ----D C:\Users\maison\AppData\Local\Dictionnaire Freelang O43 - CFD: 07/09/2011 - 23:47:16 - [97,910] ----D C:\Users\maison\AppData\Local\Downloaded O43 - CFD: 18/12/2011 - 16:40:50 - [0] ----D C:\Users\maison\AppData\Local\PokerStars.FR O43 - CFD: 24/01/2011 - 15:04:08 - [0,000] ----D C:\Users\maison\AppData\Local\SMA O43 - CFD: 31/12/2011 - 10:31:24 - [0,000] ----D C:\Users\maison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aquafadas O43 - CFD: 03/04/2013 - 16:42:09 - [0,001] ----D C:\Users\maison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect =>Toolbar.Babylon O43 - CFD: 21/03/2012 - 15:15:14 - [0,004] ----D C:\Users\maison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrysis ~ 1 Dossiers CLSID vides (CLSID Empty Folders) ~ Program Folder: 327 Legitimates Scanned in 00mn 22s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.72827D5D38D38A46231CB38E1F3FC5E3] - 27/03/2013 - 15:27:51 ---A- . (.InstallShield Corporation, Inc. - InstallShield unInstaller.) -- C:\Windows\uninst.exe [299520] ~ Files: 38 Legitimates Scanned in 00mn 33s ---\\ Export de clé d'application autorisée (O47) O47 - AAKE:Key Export SP - "C:\Program Files\River Past\Audio Converter Pro\AudioConverter.exe" [Enabled] .(...) -- C:\Program Files\River Past\Audio Converter Pro\AudioConverter.exe (.not file.) ~ Keys Export: 1 Legitimates Scanned in 00mn 00s ---\\ Déni du service (Local Security Authority) (O48) ~ LSA: 7 Legitimates Scanned in 00mn 00s ---\\ Contrôle du Safe Boot (CSB) (O49) ~ CBS: 13 Legitimates Scanned in 00mn 00s ---\\ MountPoints2 Shell Key (O51) O51 - MPSK:{261663ae-61d0-11e0-9fb0-00235492ad3e}\AutoRun\command. (...) -- G:\LaunchU3.exe (.not file.) O51 - MPSK:{7374e129-d524-11de-8a01-806e6f6e6963}\AutoRun\command. (...) -- E:\setup.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ Trojan Driver Search Data (HKLM) (O52) O52 - TDSD: \Drivers32\"vidc.ptev"="PteVideo.dll" . (...) -- C:\Windows\System32\PteVideo.dll O52 - TDSD: \Drivers32\"vidc.dvsd"="mcdvd_32.dll" . (.MainConcept - MainConcept DV Codec.) -- C:\Windows\System32\mcdvd_32.dll O52 - TDSD: \drivers.desc\"PteVideo.dll"="PicturesToExe video codec" . (...) -- C:\Windows\System32\PteVideo.dll O52 - TDSD: \drivers.desc\"mcdvd_32.dll"="mcdvd_32.dll" . (.MainConcept - MainConcept DV Codec.) -- C:\Windows\System32\mcdvd_32.dll ~ TDSD: 20 Legitimates Scanned in 00mn 00s ---\\ ShareTools MSconfig StartupReg (O53) O53 - SMSR:HKLM\...\startupreg\ActivControl [Key] . (...) -- C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\ATKOSD2 [Key] . (...) -- C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\Freecorder FLV Service [Key] . (...) -- C:\Program Files\Freecorder\FLVSrvc.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\HControlUser [Key] . (...) -- C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\HP Software Update [Key] . (...) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\hpqSRMon [Key] . (...) -- C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\Octoshape Streaming Services [Key] . (...) -- C:\Users\maison\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\PDFPrint [Key] . (.Geek Software GmbH - PDF24 Creator.) -- C:\Program Files\PDF24\pdf24.exe O53 - SMSR:HKLM\...\startupreg\SearchSettings [Key] . (...) -- C:\Program Files\Search Settings\SearchSettings.exe (.not file.) =>Adware.SearchSettings O53 - SMSR:HKLM\...\startupreg\SMART Board Service [Key] . (...) -- C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\SMART SNMP Agent [Key] . (...) -- C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\Update Service [Key] . (.Teknum Systems AS - Pas de description.) -- C:\Program Files\COMMON~1\TEKNUM~1\update.exe ~ SMSR Keys: 27 Legitimates Scanned in 00mn 00s ---\\ Microsoft Control Security Providers (O54) ~ MSCP: 2 Legitimates Scanned in 00mn 00s ---\\ Microsoft Windows Policies System (O55) O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 ~ MWPS: 16 Legitimates Scanned in 00mn 00s ---\\ Microsoft Windows Policies Explorer (O56) O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLogOff"=0 ~ MWPE Keys: 4 Legitimates Scanned in 00mn 00s ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.04F0FCAC69C7C71A3AC4EB97FAFC8303] - 21/01/2008 - 03:23:45 ----- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [422968] O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029] ~ Drivers: Scanned in 00mn 00s ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ ADS: Scanned in 00mn 00s ---\\ Liste des services Legacy (O64) O64 - Services: CurCS - ??\??\???? - Pas de propriétaire (ASUSProcObsrv) .(...) - LEGACY_ASUSPROCOBSRV ~ Legacy: 69 Legitimates Scanned in 00mn 00s ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.exe> [HKCU\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.) ~ FASS Keys: 20 Legitimates Scanned in 00mn 00s ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (O69) O69 - SBI: SearchScopes [HKCU] {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} [DefaultScope] - (MyStart Search) - http://mystart.incredibar.com =>Adware.IncrediBar ~ Keys: Scanned in 00mn 00s ---\\ Recherche des services démarrés par Svchost (O83) ~ Services: 32 Legitimates Scanned in 00mn 00s ---\\ Recherche particuliere à la racine de certains dossiers (O84) [MD5.AECBBE9161D1CE7CCB37EA726B8F8719] [SPRF][25/10/2010] (...) -- C:\Users\maison\AppData\Local\7336813041.exe [980992] [MD5.03AB6CA6A4F8FEF05CA80D98FCCF4935] [SPRF][25/10/2010] (...) -- C:\Users\maison\AppData\Local\83278.exe [980992] [MD5.CCAFEBFA36FC460204C2C4FAE9DBFCC2] [SPRF][25/10/2010] (...) -- C:\Users\maison\AppData\Local\8537361109.exe [980992] [MD5.3140D950B45B8C7240E850CC207F1E58] [SPRF][10/04/2013] (...) -- C:\Users\maison\AppData\Local\d3d9caps.dat [1356] [MD5.36179B382A989075FF5FA282434F6892] [SPRF][21/03/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\maison\AppData\Local\Temp\uninst1.exe [394736] =>Toolbar.Babylon [MD5.254FBCA565E049648B0CCE2CEADF05D2] [SPRF][28/12/2010] (...) -- C:\Users\maison\AppData\Roaming\inst.exe [87608] [MD5.5B6C11DE7E839C05248CED8825470FEF] [SPRF][28/12/2010] (.VSO Software - low level access layer for CD/DVD/BD devices.) -- C:\Users\maison\AppData\Roaming\pcouffin.sys [47360] [MD5.92E22C532DF3567061DAE395C33E9FC2] [SPRF][02/06/2010] (...) -- C:\Users\maison\AppData\Roaming\qcopjv.dat [12] [MD5.3FEA9D2EDF23B0283C7A66C8DEA380BD] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\Windows\Downloaded Program Files\dwusplay.dll [24576] [MD5.CDBE35EA59BC9223E4F800BD1DB82D27] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\Windows\Downloaded Program Files\dwusplay.exe [196608] [MD5.0C78701C6F42345DFF2B2B6C3C3D01EF] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Web Agent.) -- C:\Windows\Downloaded Program Files\isusweb.dll [172032] ~ Files: Scanned in 00mn 00s ---\\ Firewall Active Exception List (FirewallRules) (O87) O87 - FAEL: "TCP Query User{96405733-10AC-4B80-B328-11D5380A75CF}C:\program files\smart technologies\smart product drivers\smartsnmpagent.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files\smart technologies\smart product drivers\smartsnmpagent.exe (.not file.) O87 - FAEL: "UDP Query User{AC1C75E4-B4EC-45E1-8086-65882EB8E4C2}C:\program files\smart technologies\smart product drivers\smartsnmpagent.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files\smart technologies\smart product drivers\smartsnmpagent.exe (.not file.) O87 - FAEL: "TCP Query User{899F1A18-9CD9-4C4B-924D-8BDE03F1B8B1}C:\program files\free music zilla\fmzilla.exe" | In - Private - P6 - TRUE | .(.Pas de propriétaire - FMZilla Module.) -- C:\program files\free music zilla\fmzilla.exe O87 - FAEL: "UDP Query User{3D9770CF-F52A-405E-99E1-B774D3C932B8}C:\program files\free music zilla\fmzilla.exe" | In - Private - P17 - TRUE | .(.Pas de propriétaire - FMZilla Module.) -- C:\program files\free music zilla\fmzilla.exe O87 - FAEL: "TCP Query User{72644703-5B84-4090-9BEB-A4616B24ED46}C:\program files\free music zilla\fmzilla.exe" | In - Public - P6 - TRUE | .(.Pas de propriétaire - FMZilla Module.) -- C:\program files\free music zilla\fmzilla.exe O87 - FAEL: "UDP Query User{0B8BF1E3-5452-4954-8906-FB2E3678C61B}C:\program files\free music zilla\fmzilla.exe" | In - Public - P17 - TRUE | .(.Pas de propriétaire - FMZilla Module.) -- C:\program files\free music zilla\fmzilla.exe O87 - FAEL: "{57C199CA-66C3-47D4-AF4E-CD2653B23F15}" |In - Domain - P6 - TRUE | .(...) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe (.not file.) =>PUP.BearShare O87 - FAEL: "{2A483762-17E3-489B-A3C6-1BBDB936B110}" |In - Domain - P17 - TRUE | .(...) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe (.not file.) =>PUP.BearShare O87 - FAEL: "{6C619DF7-58DB-44CC-9B77-D2FA884BF1F4}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe (.not file.) =>PUP.BearShare O87 - FAEL: "{CDB61132-C9E4-47B9-A2DD-B5BE8A09B30C}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe (.not file.) =>PUP.BearShare O87 - FAEL: "{3AED7412-A9B8-44BC-980D-42D043AA12F0}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\LimeWire\LimeWire.exe (.not file.) O87 - FAEL: "{2E12FF7D-3772-4978-995E-90244317918F}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\LimeWire\LimeWire.exe (.not file.) O87 - FAEL: "{F075003B-BDE4-4BEA-9E67-05C7BC3A0F7B}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\LimeWire\LimeWire.exe (.not file.) O87 - FAEL: "{C390701F-4255-4342-BA73-FDB2961372FC}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\LimeWire\LimeWire.exe (.not file.) O87 - FAEL: "{0E67B5D2-F42A-440F-8D63-66FBFF40DBCD}" |In - Private - P6 - TRUE | .(...) -- C:\Users\maison\Desktop\VideoConverter_Setup.exe (.not file.) O87 - FAEL: "{BD79068D-A2D3-4675-A47D-6B453D72D857}" |In - Private - P17 - TRUE | .(...) -- C:\Users\maison\Desktop\VideoConverter_Setup.exe (.not file.) O87 - FAEL: "{4D9137F4-374F-4326-9ABF-E8086A94870C}" |In - Private - P6 - TRUE | .(...) -- C:\Users\maison\AppData\Local\Temp\is799009782\AInstaller.exe (.not file.) O87 - FAEL: "{9E1C7947-44AC-49EB-B1CA-0D7C1CBF2932}" |In - Private - P17 - TRUE | .(...) -- C:\Users\maison\AppData\Local\Temp\is799009782\AInstaller.exe (.not file.) O87 - FAEL: "{1DEE4532-681D-46F5-AD51-EBC1D354B7FB}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\Pinnacle\Studio 14\Programs\RM.exe (.not file.) O87 - FAEL: "{14A629A7-2152-4E31-92A6-B1CDA90AB5A2}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\Pinnacle\Studio 14\Programs\RM.exe (.not file.) O87 - FAEL: "{0D702210-DC8D-464B-A151-0D073E5739B3}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\Pinnacle\Studio 14\Programs\Studio.exe (.not file.) O87 - FAEL: "{6AD28B69-6A1F-4033-8D95-DFBADEE19916}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\Pinnacle\Studio 14\Programs\Studio.exe (.not file.) O87 - FAEL: "{29AEF761-B006-4523-BB1E-648B6CAD1045}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\Pinnacle\Studio 14\Programs\umi.exe (.not file.) O87 - FAEL: "{30024D74-CF59-4547-9FE7-793D6EFEEB1F}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\Pinnacle\Studio 14\Programs\umi.exe (.not file.) O87 - FAEL: "TCP Query User{E3DB1FA2-AA16-48E6-80B1-A106799008F2}C:\program files\emule\emule.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files\emule\emule.exe (.not file.) O87 - FAEL: "UDP Query User{D8F165F2-445F-4F73-B550-C90798C9E7C1}C:\program files\emule\emule.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files\emule\emule.exe (.not file.) O87 - FAEL: "{C72FF98E-9325-471D-A558-5ADC64415BD6}" |In - Private - P6 - TRUE | .(...) -- C:\Users\maison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7XMAZMZ4\VideoConverterSetup[1].exe (.not file.) O87 - FAEL: "{2AC59D68-FEA2-4676-A2D0-A185CA3751EC}" |In - Private - P17 - TRUE | .(...) -- C:\Users\maison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7XMAZMZ4\VideoConverterSetup[1].exe (.not file.) O87 - FAEL: "{FF904727-8338-4FCA-82AB-13DAA55A4CA2}" | In - Private - P6 - TRUE | .(.eInstruction Corporation - Launcher Application.) -- C:\Program Files\eInstruction\Device Manager\Launch.exe O87 - FAEL: "{B0017E7D-4571-4B92-A59D-A2D06D0ADF98}" | In - Private - P17 - TRUE | .(.eInstruction Corporation - Launcher Application.) -- C:\Program Files\eInstruction\Device Manager\Launch.exe O87 - FAEL: "TCP Query User{6C0367EB-42F6-49BC-8FBC-4850F8A42C45}C:\users\maison\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\maison\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe (.not file.) O87 - FAEL: "UDP Query User{3B6396EC-9272-40D7-A5F7-AE26177F8204}C:\users\maison\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\maison\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe (.not file.) O87 - FAEL: "TCP Query User{7D79D631-58BD-47B7-B078-BC8F08BC0345}C:\users\maison\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" |In - Private - P6 - TRUE | .(...) -- C:\users\maison\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe (.not file.) O87 - FAEL: "UDP Query User{1A686E0F-3349-4D15-966B-7362024EB315}C:\users\maison\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" |In - Private - P17 - TRUE | .(...) -- C:\users\maison\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe (.not file.) O87 - FAEL: "{ECA9D571-B299-43D6-A958-9F0E306D283A}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\SMART Technologies\SMART Product Drivers\WebServer.exe (.not file.) O87 - FAEL: "{F8F9C475-ADE1-416F-8807-F3BB9B8F07FF}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\SMART Technologies\SMART Product Drivers\WebServer.exe (.not file.) O87 - FAEL: "{BC4BF8F9-FFC0-4AF5-AC7E-F7D0DFED6460}" |In - Private - P6 - TRUE | .(...) -- C:\Users\maison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5WYWWDJ9\VideoToMp3Setup[1].exe (.not file.) O87 - FAEL: "{16DBD798-DB4B-4DC3-BBC9-9B37CE6B014D}" |In - Private - P17 - TRUE | .(...) -- C:\Users\maison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5WYWWDJ9\VideoToMp3Setup[1].exe (.not file.) O87 - FAEL: "{9D91B2EC-2781-4669-8467-8DCA8194D674}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\CrazyLoader\crazyloader.exe (.not file.) O87 - FAEL: "{D10D8802-5749-4D68-8F0B-FA7038B9349E}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\CrazyLoader\crazyloader.exe (.not file.) O87 - FAEL: "TCP Query User{6C2E3AB0-45E2-42C7-9EB2-69187D2134A2}C:\users\maison\appdata\local\temp\jdic_0_9_5\ieembed.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\maison\appdata\local\temp\jdic_0_9_5\ieembed.exe (.not file.) O87 - FAEL: "UDP Query User{3BA13CD0-73EA-4D40-AEFD-107D8990359E}C:\users\maison\appdata\local\temp\jdic_0_9_5\ieembed.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\maison\appdata\local\temp\jdic_0_9_5\ieembed.exe (.not file.) O87 - FAEL: "TCP Query User{BBC73490-DAC5-4B60-A777-D69EDD1C269E}C:\program files\einstruction\device manager\launch.exe" | In - Public - P6 - TRUE | .(.eInstruction Corporation.) -- C:\program files\einstruction\device manager\launch.exe O87 - FAEL: "UDP Query User{391D8B56-0F3C-4BE1-A90F-B8837C5A5813}C:\program files\einstruction\device manager\launch.exe" | In - Public - P17 - TRUE | .(.eInstruction Corporation.) -- C:\program files\einstruction\device manager\launch.exe O87 - FAEL: "TCP Query User{1E8E8B9C-8F7B-4B83-AA3A-51AB0E2A8C1A}C:\chrysis\lirebel++\demos\lirebel++6\lirebel6.exe" | In - Public - P6 - TRUE | .(...) -- C:\chrysis\lirebel++\demos\lirebel++6\lirebel6.exe O87 - FAEL: "UDP Query User{C1935BFD-FE99-423F-9F99-6FBCDB7AEB4C}C:\chrysis\lirebel++\demos\lirebel++6\lirebel6.exe" | In - Public - P17 - TRUE | .(...) -- C:\chrysis\lirebel++\demos\lirebel++6\lirebel6.exe O87 - FAEL: "{0ED851B0-E4A9-4811-BCB0-6E9A71FD7478}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe (.not file.) =>PUP.Datamngr O87 - FAEL: "{3EDB11F9-6D89-40E5-A553-A90654E4C18D}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe (.not file.) =>PUP.Datamngr O87 - FAEL: "{160D0AC1-DDE0-44BF-8542-6159D5E3BCC9}" |In - Public - P6 - TRUE | .(...) -- C:\Windows\System32\dmwu.exe (.not file.) O87 - FAEL: "{3B22B88F-DD90-4306-AA03-E09AA65F8128}" |In - Public - P17 - TRUE | .(...) -- C:\Windows\System32\dmwu.exe (.not file.) ~ Firewall: 253 Legitimates Scanned in 00mn 01s ---\\ Scan Additionnel (O88) Database Version : v2.11523 - (13/04/2013) Clés trouvées (Keys found) : 136 Valeurs trouvées (Values found) : 1 Dossiers trouvés (Folders found) : 7 Fichiers trouvés (Files found) : 2 [HKLM\Software\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}] =>PUP.Funmoods [HKLM\Software\Classes\CLSID\{35b8892d-c3fb-4d88-990d-31db2ebd72bd}] =>Adware.RecordNRip [HKLM\Software\Classes\Interface\{3f607e46-0d3c-4442-b1de-de7fa4768f5c}] =>Adware.RecordNRip [HKLM\Software\Classes\TypeLib\{93e3d79c-0786-48ff-9329-93bc9f6dc2b3}] =>Adware.RecordNRip [HKLM\Software\Classes\Interface\{fe0273d1-99df-4ac0-87d5-1371c6271785}] =>Adware.RecordNRip [HKLM\Software\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}] =>PUP.BearShare [HKLM\Software\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}] =>Adware.Yontoo [HKLM\Software\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}] =>Adware.Yontoo [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1392B8D2-5C05-419F-A8F6-B9F15A596612}] =>Toolbar.Conduit [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}] =>Adware.Yontoo [HKLM\Software\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}] =>Toolbar.Expresso [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011501160}] =>PUP.SpecialSavings [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}] =>Adware.IncrediBar [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}] =>Adware.IncrediBar [HKLM\Software\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}] =>Adware.IncrediBar [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}] =>Adware.IncrediBar [HKLM\Software\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}] =>Toolbar.Conduit [HKLM\Software\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}] =>PUP.BearShare [HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{5f05c28d-dea9-4ad6-a73a-064175988eab}] =>PUP.Dealio [HKLM\Software\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}] =>Adware.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64c54209-175c-454d-9291-ac46d4d952cf}] =>Adware.Bandoo [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}] =>Adware.IncrediBar [HKLM\Software\Classes\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}] =>Adware.Yontoo [HKLM\Software\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}] =>Adware.Yontoo [HKLM\Software\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}] =>PUP.iMesh [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}] =>Adware.Yontoo [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype [HKLM\Software\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype [HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype [HKLM\Software\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}] =>Adware.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}] =>Adware.Bandoo [HKLM\Software\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}] =>PUP.Dealio [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}] =>PUP.BearShare [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}] =>PUP.BearShare [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A047FE02-C91C-41CB-898C-4ED21B86025A}] =>Toolbar.Orange [HKLM\Software\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}] =>Toolbar.Expresso [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype [HKLM\Software\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype [HKLM\Software\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}] =>Toolbar.Agent [HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper [HKLM\Software\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}] =>Toolbar.Babylon [HKLM\Software\Classes\TypeLib\{C31103D1-E584-4880-B1D3-6B1DF6FBDE22}] =>Toolbar.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C9A6357B-25CC-4BCF-96C1-78736985D412}] =>Toolbar.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C9A6357B-25CC-4BCF-96C1-78736985D412}] =>Toolbar.Agent [HKLM\Software\Classes\CLSID\{C9A6357B-25CC-4BCF-96C1-78736985D412}] =>Toolbar.Agent [HKLM\Software\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}] =>Adware.Yontoo [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}] =>Adware.IncrediBar [HKLM\Software\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}] =>Adware.Yontoo [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DCE997C8-5920-4c09-99EE-59F46634FE2C}] =>Adware.ShopperReports [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] =>Adware.Yontoo [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] =>Adware.Yontoo [HKLM\Software\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] =>Adware.Yontoo [HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] =>Adware.Yontoo [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}] =>PUP.Dealio [HKLM\Software\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}] =>PUP.iMesh [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}] =>Adware.IncrediBar [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] =>Adware.Yontoo [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] =>Adware.Yontoo [HKLM\Software\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] =>Adware.Yontoo [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] =>Adware.Yontoo [HKLM\Software\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}] =>Adware.Yontoo [HKLM\Software\Classes\AppID\Extension.DLL] =>Toolbar.Expresso [HKLM\Software\Classes\AppID\NCTAudioCompress3.DLL] =>PUP.BearShare [HKLM\Software\Classes\Extension.ExtensionHelperObject] =>Toolbar.Expresso [HKLM\Software\Classes\Extension.ExtensionHelperObject.1] =>Toolbar.Expresso [HKLM\Software\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd] =>Adware.IncrediBar [HKLM\Software\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph] =>PUP.SpecialSavings [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\CC94835868BCA58489B0D79DE655BCB1] =>PUP.Dealio [HKLM\Software\Classes\Installer\Features\D82C50F59AED6DA47AA360145789E8BA] =>PUP.Dealio [HKLM\Software\Classes\Installer\Products\D82C50F59AED6DA47AA360145789E8BA] =>PUP.Dealio [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D82C50F59AED6DA47AA360145789E8BA] =>PUP.Dealio [HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader [HKLM\Software\Application Updater] =>PUP.Dealio [HKCU\Software\BabylonToolbar] =>Toolbar.Babylon [HKCU\Software\AppDataLow\Software\BearShareMediabarTb] =>Toolbar.Agent [HKCU\Software\Cr_Installer] =>Adware.VidSaver [HKCU\Software\DataMngr] =>Adware.Bandoo [HKLM\Software\DataMngr] =>Adware.Bandoo [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Iminent] =>Adware.IMBooster [HKLM\Software\Iminent] =>Adware.IMBooster [HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings] =>PUP.Dealio [HKCU\Software\Softonic] =>Toolbar.Conduit [HKCU\Software\SweetIM] =>PUP.SweetIM [HKLM\Software\SweetIM] =>PUP.SweetIM [HKLM\Software\Tarma Installer] =>Toolbar.Agent [HKCU\Software\WNLT] =>Adware.IncrediBar [HKLM\Software\WNLT] =>Adware.IncrediBar [HKLM\Software\SimplyGen] =>Adware.PredictAd [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}] =>Toolbar.Babylon [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1] =>Adware.IncrediBar [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WNLT] =>Adware.IncrediBar [HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon [HKCU\Software\InstallCore] =>Adware.InstallCore [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings] =>PUP.BProtector [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}] =>Toolbar.Agent [HKLM\SYSTEM\CurrentControlSet\Services\IB Updater] =>Adware.IncrediBar [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload] =>PUP.1ClickDownloader [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}] =>Adware.IncrediBar [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}] =>Adware.IncrediBar [HKLM\Software\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}] =>Adware.IncrediBar [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}] =>Adware.IncrediBar [HKLM\Software\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}] =>PUP.ClaroSearch [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>Toolbar.Agent [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>Toolbar.Agent [HKCU\AppEvents\Schemes\Apps\Explorer\Navigating\Old_Current] =>PUP.MediaFinder [HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownload] =>PUP.1ClickDownloader [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D0F4A166-B8D4-48B8-9D63-80849FE137CB}] =>Toolbar.Babylon [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}] =>PUP.BProtector [HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044] =>PUP.Dealio [HKLM\Software\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}] =>Toolbar.Conduit [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D970ED5-3EDA-438D-BFFD-715931E2775B}] =>Toolbar.Sorcim [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D970ED5-3EDA-438D-BFFD-715931E2775B}] =>Toolbar.Sorcim [HKLM\Software\Classes\CLSID\{1D970ED5-3EDA-438D-BFFD-715931E2775B}] =>Toolbar.Sorcim [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D970ED5-3EDA-438D-BFFD-715931E2775B}] =>Toolbar.Sorcim [HKLM\Software\Applian Technologies\OpenCandy] =>Adware.OpenCandy [HKLM\Software\Classes\YontooIEClient.Api] =>Adware.Yontoo [HKLM\Software\Classes\YontooIEClient.Api.1] =>Adware.Yontoo [HKLM\Software\Classes\YontooIEClient.Layers] =>Adware.Yontoo [HKLM\Software\Classes\YontooIEClient.Layers.1] =>Adware.Yontoo [HKLM\Software\Classes\AppID\YontooIEClient.DLL] =>Adware.Yontoo [HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{9E131A93-EED7-4BEB-B015-A0ADB30B5646} =>PUP.ClaroSearch C:\Program Files\yontoo =>Adware.Yontoo C:\Program Files\IB Updater =>Adware.IncrediBar C:\Program Files\OpenCandyDemoInstaller =>Adware.OpenCandy C:\ProgramData\Babylon =>Toolbar.Babylon C:\Users\maison\AppData\Roaming\Babylon =>Toolbar.Babylon C:\Users\maison\AppData\Roaming\OpenCandy =>Adware.OpenCandy C:\Users\maison\AppData\LocalLow\Incredibar.com =>Adware.IncrediBar C:\Users\maison\AppData\Local\Temp\uninst1.exe =>Toolbar.Babylon ~ Additionnel: Scanned in 00mn 34s ---\\ Product Upgrade Codes (O90) O90 - PUC: "53F069A9AD1C0CF48B20AEFF1497DF0B" . (.MyScript HWR (French).) -- C:\Windows\Installer\{9A960F35-C1DA-4FC0-B802-EAFF4179FDB0}\ARPPRODUCTICON.exe O90 - PUC: "B80573A108B95254AA4189CE1B7F01D3" . (.Workspace.) -- C:\Windows\Installer\{1A37508B-9B80-4525-AA14-98ECB1F7103D}\ARPPRODUCTICON.exe O90 - PUC: "D82C50F59AED6DA47AA360145789E8BA" . (.Search Settings v1.2.3.) -- C:\Windows\Installer\{5F05C28D-DEA9-4AD6-A73A-064175988EAB}\ARPPRODUCTICON.exe ~ Update Products: 70 Legitimates Scanned in 00mn 00s ---\\ Random Export Key (O91) [HKCU\Software\d558bdeb469b949] =>Toolbar.Babylon^ [HKCU\Software\d558bdeb469b949]:GUID="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" [HKCU\Software\d558bdeb469b949]:version="2.6.1125.80" [HKLM\Software\d558bdeb469b949] =>Toolbar.Babylon^ [HKLM\Software\d558bdeb469b949]:GUID="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" [HKLM\Software\d558bdeb469b949]:version="2.6.1125.80" ~ Export Key Software: Scanned in 00mn 00s ---\\ MyComputer Name Space (O92) ~ IE Control Panel: 1 Legitimates Scanned in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SR - | Auto 18/12/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe SR - | Auto 21/08/2012 44808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe SR - | Auto 2569168 | (BrowserProtect) . (...) - C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe =>Toolbar.Babylon SS - | Auto 06/02/2010 135664 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 06/02/2010 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SR - | Auto 188760 | (IB Updater) . (...) - C:\Program Files\IB Updater\ExtensionUpdaterService.exe SS - | Demand 07/06/2011 820520 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SS - | Auto 0 | (Nero BackItUp Scheduler 4.0) . (...) - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe SR - | Auto 21/01/2008 21504 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe SS - | Auto 20/05/2011 1055872 | (Orange update Core Service) . (.France Telecom SA.) - C:\Program Files\Orange\OrangeUpdate\Service\OUCore.exe SR - | Auto 21/01/2008 21504 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe SS - | Auto 13/07/2012 160944 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe SR - | Auto 21/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 21/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 00s ~ 1374 Legitimates filtered by white list End of the scan (857 lines in 02mn 17s)(0)