Publicité
Publicité
Format du document : text/plain
Prévisualisation
Rapport de ZHPDiag v2013.4.13.73 par Nicolas Coolman, Update du 13/04/2013
Run by maison at 14/04/2013 08:39:50
State : Version � jour.
High Elevated Privileges : OK
UAC : Activate by user
---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421
GCIE: Google Chrome v26.0.1410.64 (Defaut)
---\\ Windows Product Information
~ Langage: Fran�ais
Windows Vista Business Edition, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
~ Vista, OEM_COA_SLP channel
Windows ID Activation : OK
~ Windows Partial Key : FH49Y
Windows License : OK
Windows Automatic Updates : OK
---\\ System Protection
avast! Free Antivirus v7.0.1466.0
---\\ System Optimizer
CCleaner v3.01
---\\ Software Update
Adobe Flash Player 11 ActiveX
Adobe Reader X
---\\ System Information
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3036 MB (58% free)
System Restore: Activ� (Enable)
System drive C: has 13 GB (11%) free of 116 GB
---\\ Logged in mode
~ Computer Name: PC-DE-MAISON
~ User Name: maison
~ All Users Names: maison, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\maison\AppData\Roaming\
~ %Desktop% : C:\Users\maison\Desktop\
~ %Favorites% : C:\Users\maison\Favorites\
~ %LocalAppData% : C:\Users\maison\AppData\Local\
~ %StartMenu% : C:\Users\maison\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 13 Go of 116 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 106 Go of 107 Go)
E:\ CD-ROM drive (Not Inserted)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Security Center: Scanned in 00mn 00s
---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 07:27:36.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de d�marrage de Windows.) (.21/01/2008 - 03:24:09.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.C5B6468422DB1C8AA36C32CBB0197E5E] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/02/2013 - 04:38:00.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 07:28:13.) -- C:\Windows\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 07:32:26.) -- C:\Windows\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:24:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 05:39:17.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 05:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:23:44.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:24:51.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 05:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856]
[MD5.6A4A98CEE84CF9E99564510DDA4BAA47] - (.Microsoft Corporation - Pilote du syst�me de fichiers NT.) (.11/04/2009 - 07:32:49.) -- C:\Windows\system32\Drivers\ntfs.sys [1083880]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parall�le.) (.02/11/2006 - 09:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/01/2008 - 03:25:21.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.943B18305EAE3935598A9B4A3D560B4C] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.11/04/2009 - 05:52:34.) -- C:\Windows\system32\Drivers\rdpdr.sys [248320]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 05:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 05:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192]
[MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.21/08/2012 - 12:47:42.) -- C:\Windows\system32\Drivers\volsnap.sys [224640]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 1/4
~ Mes musiques (My Musics) : 0/215
~ Mes Videos (My Videos) : 1/48
~ Mes Favoris (My Favorites) : 1/5
~ Mes Documents (My Documents) : 1/93
~ Mon Bureau (My Desktop) : 6/894
~ Menu demarrer (Programs) : 1/36
~ Hidden Files: Scanned in 00mn 02s
---\\ Processus lanc�s
[MD5.BB13432FA552AFCE8A66BCB5EE85F652] - (...) -- C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2569168] [PID.636] =>Toolbar.Babylon
[MD5.BAD0D303EF0A519409C625738F3E10A3] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4282728] [PID.2812]
[MD5.B9AA850CDA55097EB13E03698C8F5828] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [266776] [PID.3384]
[MD5.98A078F838A70F84E1BD490D7C7675F4] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696] [PID.3624]
[MD5.B19B204CABFA9F225618EDA4A90C1A2C] - (.Microsoft Corporation - Serveur de personnalisation d�entr�e.) -- C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [198656] [PID.3652]
[MD5.4E9592BB2C100E571F82640E59E9ECD5] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [1312720] [PID.2392]
[MD5.7C5A4D3222DEA5570C8F08EC7FC74199] - (.Sun Microsystems, Inc. - Java(TM) Update Checker.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe [508136] [PID.1856]
[MD5.00E193148E1DC8145CE4219900593705] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [6742016] [PID.3060]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.1744]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1408]
[MD5.04AC21E821F259845BD7367CEE057290] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808] [PID.1836]
[MD5.3927397AC60D943DAF8808AFFED582B7] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65192] [PID.1904]
[MD5.CEDB27BACA286F063C3A11D44AF530AE] - (...) -- C:\Program Files\IB Updater\ExtensionUpdaterService.exe [188760] [PID.2072]
~ Processes Running: Scanned in 00mn 01s
---\\ Google Chrome, D�marrage,Recherche,Extensions (G0,G1,G2)
C:\Users\maison\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] None
~ Google Browser: Scanned in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
~ Firefox Browser: 9 Legitimates Scanned in 00mn 00s
---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.foozir.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.searchs.at
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.searchs.at
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchs.at/keyword/
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.searchs.at
~ IE Browser: 12 Legitimates Scanned in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: IB Updater Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} . (...) -- C:\Program Files\IB Updater\Extension32.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} . (.Yontoo LLC - Yontoo Runtime.) -- C:\Program Files\Yontoo\YontooIEClient.dll =>PUP.Yontoo
~ BHO: 9 Legitimates Scanned in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: barre d'outils Orange - [HKLM]{c9a6357b-25cc-4bcf-96c1-78736985d412} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
O3 - Toolbar: avast! WebRep - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: (no name) - [HKLM]{9E131A93-EED7-4BEB-B015-A0ADB30B5646} Cl� orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Run: [B2C_AGENT] . (.LG Electronics - B2C NotiAgent LGMobile Application.) -- C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKCU\..\Run: [ccleaner] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe
O4 - HKCU\..\Run: [Update Service] . (.Teknum Systems AS - Pas de description.) -- C:\Program Files\Common Files\Teknum Systems\update.exe
O4 - HKCU\..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (.not file.)
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-21-1934202622-4051806568-1844207965-1000\..\Run: [ccleaner] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe
O4 - HKUS\S-1-5-21-1934202622-4051806568-1844207965-1000\..\Run: [Update Service] . (.Teknum Systems AS - Pas de description.) -- C:\Program Files\Common Files\Teknum Systems\update.exe
O4 - HKUS\S-1-5-21-1934202622-4051806568-1844207965-1000\..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (.not file.)
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Programs: Microsoft SkyDrive.lnk . (.Microsoft Corporation - Microsoft SkyDrive.) -- C:\Users\maison\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\QuickLaunch: google - Raccourci (2).lnk - Cl� orpheline
O4 - GS\QuickLaunch: google - Raccourci.lnk - Cl� orpheline
O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: monAlbumPhoto.lnk . (.monAlbumPhoto - monAlbumPhoto.) -- C:\Program Files\monAlbumPhoto\monAlbumPhoto.exe
O4 - GS\QuickLaunch: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\System32\WFS.exe
O4 - GS\SendTo: Format Factory.lnk . (.Free Time - FormatFactory.) -- C:\Program Files\FreeTime\FormatFactory\FormatFactory.exe
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - GS\Desktop: GOOGLE.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop: Microsoft Office Publisher 2003.lnk . (...) -- C:\Windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
O4 - GS\Desktop: monAlbumPhoto.lnk . (.monAlbumPhoto - monAlbumPhoto.) -- C:\Program Files\monAlbumPhoto\monAlbumPhoto.exe
O4 - GS\Desktop: Poste de travail.lnk - Cl� orpheline
~ Global Startup: Scanned in 00mn 01s
---\\ Boutons situ�s sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
O9 - Extra button: PokerStars.fr - {90EAE591-7E7E-434a-8E28-ECFD00071806} -- C:\Program Files\PokerStars.FR\main.ico (.not file.)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Winsock hijacker (Layered Service Provider) (O10)
~ Winsock: 6 Legitimates Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {7ECB1A47-6647-4B2C-A8DA-675569C9FF15} ((no name)) - http://www.comboost.com/WebResource.axd?d=_w18RH1c50p6ifnGZA8CWXK_rCM-wW7ZOZatE0WMKBDr-ocQfoiyxIHm9xWdgEN96cEt-RGWogZUYWP49h09gQWxQb2gNukZyS0pXsOrJoVicbNa50gkG98_v9Emsq_vEJnqan6e2avjkZjZ07b9ZPKkFoZASNMOYGFj_XuuoC8aWk9N0&t=634535826618437500
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F1B8064-BDC0-4EDA-86F3-0F6FB8158D1F}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{820E74CC-7FAE-4016-86C8-90DD010D5958}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F1B8064-BDC0-4EDA-86F3-0F6FB8158D1F}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F1B8064-BDC0-4EDA-86F3-0F6FB8158D1F}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{820E74CC-7FAE-4016-86C8-90DD010D5958}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F1B8064-BDC0-4EDA-86F3-0F6FB8158D1F}: DhcpDomain = lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{0F1B8064-BDC0-4EDA-86F3-0F6FB8158D1F}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{820E74CC-7FAE-4016-86C8-90DD010D5958}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{0F1B8064-BDC0-4EDA-86F3-0F6FB8158D1F}: DhcpDomain = lan
O17 - HKLM\System\CS3\Services\Tcpip\..\{0F1B8064-BDC0-4EDA-86F3-0F6FB8158D1F}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS3\Services\Tcpip\..\{820E74CC-7FAE-4016-86C8-90DD010D5958}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{0F1B8064-BDC0-4EDA-86F3-0F6FB8158D1F}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll =>Toolbar.Babylon
~ AppInit DLL: Scanned in 00mn 00s
---\\ Cl� de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
~ SSODL: 1 Legitimates Scanned in 00mn 00s
---\\ Cl� de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioth�que de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: BrowserProtect (BrowserProtect) . (...) - C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe =>Toolbar.Babylon
O23 - Service: IB Updater (IB Updater) . (...) - C:\Program Files\IB Updater\ExtensionUpdaterService.exe
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe
~ Services: 7 Legitimates Scanned in 00mn 11s
---\\ Enum�ration Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Users\maison\MAISON\PHOTOS\Domancy 07-09\Vues chez Soso\DSC00132.JPG
O24 - Desktop General: WallPaper - .(...) - C:\Users\maison\MAISON\PHOTOS\Domancy 07-09\Vues chez Soso\DSC00132.JPG
~ Desktop Component: 1 Legitimates Scanned in 00mn 00s
---\\ BootExecute (O34)
~ BEX: 1 Legitimates Scanned in 00mn 00s
---\\ T�ches planifi�es en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{1D720201-19F7-4CD6-A72D-7E674169AE6F}] (...) -- C:\Users\maison\Desktop\VDownloaderSetup-3.5.864.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{3DED1808-C307-4700-BC06-898B4B4F8490}] (...) -- C:\Users\maison\Desktop\isyfoli6.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{4A069EB2-6420-4EB7-A73C-3EEDB0B72240}] (...) -- E:\Setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{59C93343-CD2E-477F-A809-4C68443C22E5}] (...) -- E:\INSTALL.exe (.not file.) [0]
~ Scheduled Task: 19 Legitimates Scanned in 00mn 04s
---\\ Composants install�s (ActiveSetup Installed Components) (O40)
~ Active Setup: 14 Legitimates Scanned in 00mn 00s
---\\ Pilotes lanc�s au d�marrage (O41)
~ Drivers: 78 Legitimates Scanned in 00mn 00s
---\\ Logiciels install�s (O42)
O42 - Logiciel: BannerZest - (.Aquafadas.) [HKCU] -- ee6e86a4821e87b9
O42 - Logiciel: BrowserProtect - (.Bit89 Inc.) [HKLM] -- {15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} =>Toolbar.Babylon
O42 - Logiciel: IB Updater 2.0.0.574 - (.IncrediBar.) [HKLM] -- {336D0C35-8A85-403a-B9D2-65C292C39087}_is1 =>Adware.IncrediBar
O42 - Logiciel: IB Updater Service - (...) [HKLM] -- WNLT
O42 - Logiciel: Les instruments de musique - (...) [HKLM] -- Les instruments de musique
O42 - Logiciel: Screen Recorder - (...) [HKLM] -- Screen Recorder
O42 - Logiciel: ToolbarFR - (.Orange.) [HKLM] -- {A047FE02-C91C-41CB-898C-4ED21B86025A}
O42 - Logiciel: Workspace - (.eInstruction.) [HKLM] -- {1A37508B-9B80-4525-AA14-98ECB1F7103D}
O42 - Logiciel: Yontoo 1.10.02 - (.Yontoo LLC.) [HKLM] -- {889DF117-14D1-44EE-9F31-C5FB5D47F68B} =>PUP.Yontoo
~ Logic: 78 Legitimates Scanned in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Acoolsoft]
[HKCU\Software\AleoSoft]
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKCU\Software\AppDataLow\Software\bearsharemediabartb] =>PUP.BearShare
[HKCU\Software\Awsdata]
[HKCU\Software\BabylonToolbar] =>Toolbar.Babylon
[HKCU\Software\BearShare] =>PUP.BearShare
[HKCU\Software\Cabrilog]
[HKCU\Software\ConvertDirect]
[HKCU\Software\Cr_Installer]
[HKCU\Software\DataMngr] =>PUP.Datamngr
[HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr
[HKCU\Software\GeoVid]
[HKCU\Software\HandyBits]
[HKCU\Software\IM]
[HKCU\Software\ImInstaller]
[HKCU\Software\IncrediMail]
[HKCU\Software\InnoShock]
[HKCU\Software\InstallCore] =>PUP.InstallCore
[HKCU\Software\KeepVid]
[HKCU\Software\Luidia]
[HKCU\Software\OpenEuclide]
[HKCU\Software\PTE]
[HKCU\Software\RETZ]
[HKCU\Software\River Past]
[HKCU\Software\Softonic]
[HKCU\Software\Softsoft Ltd.]
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKCU\Software\Teknum Systems]
[HKCU\Software\WNLT]
[HKCU\Software\ZD Soft]
[HKLM\Software\Acoolsoft]
[HKLM\Software\Application Updater]
[HKLM\Software\AskTBar]
[HKLM\Software\Awsdata]
[HKLM\Software\Babylon] =>Toolbar.Babylon
[HKLM\Software\DataMngr] =>PUP.Datamngr
[HKLM\Software\DemoPhono]
[HKLM\Software\Disk Doctor Labs Inc.]
[HKLM\Software\IB Updater]
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\IncrediMail]
[HKLM\Software\Interkodex]
[HKLM\Software\Luidia]
[HKLM\Software\River Past]
[HKLM\Software\SimplyGen]
[HKLM\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\Tarma Installer] =>Toolbar.Tarma
[HKLM\Software\WnSoft]
[HKLM\Software\freecordertoolbar]
~ Key Software: 329 Legitimates Scanned in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 02/05/2011 - 15:25:12 - [0,000] ----D C:\Program Files\AbulEdu
O43 - CFD: 18/09/2010 - 09:08:11 - [2,859] ----D C:\Program Files\ALDI
O43 - CFD: 09/09/2012 - 09:20:00 - [0] ----D C:\Program Files\Catalencoder
O43 - CFD: 11/09/2010 - 07:17:18 - [3,561] ----D C:\Program Files\coverXP
O43 - CFD: 23/10/2010 - 09:28:37 - [0] ----D C:\Program Files\Dyslexia
O43 - CFD: 11/12/2010 - 14:37:24 - [0,059] ----D C:\Program Files\E-Book Systems
O43 - CFD: 23/10/2010 - 09:30:11 - [0] ----D C:\Program Files\Fluendo
O43 - CFD: 10/08/2010 - 20:13:53 - [0,719] ----D C:\Program Files\Free Music Zilla
O43 - CFD: 06/08/2011 - 08:54:53 - [0,002] ----D C:\Program Files\GALLIMAR
O43 - CFD: 25/03/2010 - 21:42:53 - [2,031] ----D C:\Program Files\HandyBits
O43 - CFD: 08/03/2013 - 10:00:00 - [2,154] ----D C:\Program Files\IB Updater
O43 - CFD: 18/12/2011 - 16:43:59 - [0] ----D C:\Program Files\IVCsoft
O43 - CFD: 04/09/2010 - 08:52:12 - [0,000] ----D C:\Program Files\LimeWire
O43 - CFD: 18/12/2011 - 18:36:13 - [0] ----D C:\Program Files\Luidia
O43 - CFD: 08/12/2010 - 16:14:00 - [0] ----D C:\Program Files\OpenCandyDemoInstaller =>Adware.OpenCandy
O43 - CFD: 10/09/2010 - 07:44:39 - [0,184] ----D C:\Program Files\Photo!
O43 - CFD: 18/12/2011 - 16:40:55 - [0] ----D C:\Program Files\PokerStars.FR
O43 - CFD: 30/01/2011 - 18:42:57 - [15,471] ----D C:\Program Files\puzmat
O43 - CFD: 27/03/2013 - 16:28:00 - [0,848] ----D C:\Program Files\Screen Recorder
O43 - CFD: 11/12/2010 - 16:11:17 - [0,125] ----D C:\Program Files\SoftSoft
O43 - CFD: 20/12/2012 - 21:45:29 - [0] ----D C:\Program Files\Symaxe
O43 - CFD: 29/10/2012 - 14:46:59 - [0,315] ----D C:\Program Files\Yontoo =>PUP.Yontoo
O43 - CFD: 01/08/2012 - 08:43:50 - [0] ----D C:\Program Files\ZD Soft
O43 - CFD: 09/08/2010 - 17:07:12 - [1,653] ----D C:\Program Files\Common Files\GeoVid
O43 - CFD: 01/08/2010 - 10:11:16 - [0,530] -S--D C:\Program Files\Common Files\Teknum Systems
O43 - CFD: 14/08/2010 - 16:25:48 - [0,003] ----D C:\ProgramData\30142
O43 - CFD: 17/05/2012 - 11:01:35 - [0,001] ----D C:\ProgramData\Ant
O43 - CFD: 22/10/2012 - 13:49:51 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon
O43 - CFD: 03/04/2013 - 16:42:01 - [7,108] ----D C:\ProgramData\BrowserProtect =>Toolbar.Babylon
O43 - CFD: 21/08/2010 - 20:36:13 - [0] ----D C:\ProgramData\eMule
O43 - CFD: 11/09/2010 - 07:03:59 - [0,003] ----D C:\ProgramData\River Past G5
O43 - CFD: 18/08/2010 - 10:36:52 - [1737,099] ----D C:\ProgramData\Studio14Trial
O43 - CFD: 14/04/2013 - 08:23:12 - [1,655] ----D C:\ProgramData\Tarma Installer =>Toolbar.Tarma
O43 - CFD: 01/06/2011 - 21:20:16 - [0,077] ----D C:\Users\maison\AppData\Roaming\aHisoft
O43 - CFD: 22/10/2012 - 13:49:51 - [0,016] ----D C:\Users\maison\AppData\Roaming\Babylon =>Toolbar.Babylon
O43 - CFD: 26/02/2010 - 18:38:30 - [0] ----D C:\Users\maison\AppData\Roaming\Configuration
O43 - CFD: 10/08/2010 - 20:13:52 - [0] ----D C:\Users\maison\AppData\Roaming\FMZilla
O43 - CFD: 09/08/2010 - 17:19:58 - [0,005] ----D C:\Users\maison\AppData\Roaming\GeoVid
O43 - CFD: 03/04/2013 - 16:40:15 - [6,465] ----D C:\Users\maison\AppData\Roaming\OpenCandy =>Adware.OpenCandy
O43 - CFD: 25/06/2012 - 21:11:56 - [0,006] ----D C:\Users\maison\AppData\Roaming\PPT2Video
O43 - CFD: 22/08/2010 - 21:00:19 - [0,000] ----D C:\Users\maison\AppData\Roaming\River Past G5
O43 - CFD: 20/12/2012 - 21:45:53 - [2,360] ----D C:\Users\maison\AppData\Roaming\uTorrent
O43 - CFD: 06/02/2011 - 12:09:57 - [0,000] ----D C:\Users\maison\AppData\Local\Dictionnaire Freelang
O43 - CFD: 07/09/2011 - 23:47:16 - [97,910] ----D C:\Users\maison\AppData\Local\Downloaded
O43 - CFD: 18/12/2011 - 16:40:50 - [0] ----D C:\Users\maison\AppData\Local\PokerStars.FR
O43 - CFD: 24/01/2011 - 15:04:08 - [0,000] ----D C:\Users\maison\AppData\Local\SMA
O43 - CFD: 31/12/2011 - 10:31:24 - [0,000] ----D C:\Users\maison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aquafadas
O43 - CFD: 03/04/2013 - 16:42:09 - [0,001] ----D C:\Users\maison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect =>Toolbar.Babylon
O43 - CFD: 21/03/2012 - 15:15:14 - [0,004] ----D C:\Users\maison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrysis
~ 1 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 327 Legitimates Scanned in 00mn 22s
---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.72827D5D38D38A46231CB38E1F3FC5E3] - 27/03/2013 - 15:27:51 ---A- . (.InstallShield Corporation, Inc. - InstallShield unInstaller.) -- C:\Windows\uninst.exe [299520]
~ Files: 38 Legitimates Scanned in 00mn 33s
---\\ Export de cl� d'application autoris�e (O47)
O47 - AAKE:Key Export SP - "C:\Program Files\River Past\Audio Converter Pro\AudioConverter.exe" [Enabled] .(...) -- C:\Program Files\River Past\Audio Converter Pro\AudioConverter.exe (.not file.)
~ Keys Export: 1 Legitimates Scanned in 00mn 00s
---\\ D�ni du service (Local Security Authority) (O48)
~ LSA: 7 Legitimates Scanned in 00mn 00s
---\\ Contr�le du Safe Boot (CSB) (O49)
~ CBS: 13 Legitimates Scanned in 00mn 00s
---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{261663ae-61d0-11e0-9fb0-00235492ad3e}\AutoRun\command. (...) -- G:\LaunchU3.exe (.not file.)
O51 - MPSK:{7374e129-d524-11de-8a01-806e6f6e6963}\AutoRun\command. (...) -- E:\setup.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Trojan Driver Search Data (HKLM) (O52)
O52 - TDSD: \Drivers32\"vidc.ptev"="PteVideo.dll" . (...) -- C:\Windows\System32\PteVideo.dll
O52 - TDSD: \Drivers32\"vidc.dvsd"="mcdvd_32.dll" . (.MainConcept - MainConcept DV Codec.) -- C:\Windows\System32\mcdvd_32.dll
O52 - TDSD: \drivers.desc\"PteVideo.dll"="PicturesToExe video codec" . (...) -- C:\Windows\System32\PteVideo.dll
O52 - TDSD: \drivers.desc\"mcdvd_32.dll"="mcdvd_32.dll" . (.MainConcept - MainConcept DV Codec.) -- C:\Windows\System32\mcdvd_32.dll
~ TDSD: 20 Legitimates Scanned in 00mn 00s
---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\ActivControl [Key] . (...) -- C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\ATKOSD2 [Key] . (...) -- C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Freecorder FLV Service [Key] . (...) -- C:\Program Files\Freecorder\FLVSrvc.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\HControlUser [Key] . (...) -- C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\HP Software Update [Key] . (...) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\hpqSRMon [Key] . (...) -- C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Octoshape Streaming Services [Key] . (...) -- C:\Users\maison\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\PDFPrint [Key] . (.Geek Software GmbH - PDF24 Creator.) -- C:\Program Files\PDF24\pdf24.exe
O53 - SMSR:HKLM\...\startupreg\SearchSettings [Key] . (...) -- C:\Program Files\Search Settings\SearchSettings.exe (.not file.) =>Adware.SearchSettings
O53 - SMSR:HKLM\...\startupreg\SMART Board Service [Key] . (...) -- C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\SMART SNMP Agent [Key] . (...) -- C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Update Service [Key] . (.Teknum Systems AS - Pas de description.) -- C:\Program Files\COMMON~1\TEKNUM~1\update.exe
~ SMSR Keys: 27 Legitimates Scanned in 00mn 00s
---\\ Microsoft Control Security Providers (O54)
~ MSCP: 2 Legitimates Scanned in 00mn 00s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 16 Legitimates Scanned in 00mn 00s
---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLogOff"=0
~ MWPE Keys: 4 Legitimates Scanned in 00mn 00s
---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.04F0FCAC69C7C71A3AC4EB97FAFC8303] - 21/01/2008 - 03:23:45 ----- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [422968]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: Scanned in 00mn 00s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - ??\??\???? - Pas de propri�taire (ASUSProcObsrv) .(...) - LEGACY_ASUSPROCOBSRV
~ Legacy: 69 Legitimates Scanned in 00mn 00s
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.exe>[HKCU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.html>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 20 Legitimates Scanned in 00mn 00s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} [DefaultScope] - (MyStart Search) - http://mystart.incredibar.com =>Adware.IncrediBar
~ Keys: Scanned in 00mn 00s
---\\ Recherche des services d�marr�s par Svchost (O83)
~ Services: 32 Legitimates Scanned in 00mn 00s
---\\ Recherche particuliere � la racine de certains dossiers (O84)
[MD5.AECBBE9161D1CE7CCB37EA726B8F8719] [SPRF][25/10/2010] (...) -- C:\Users\maison\AppData\Local\7336813041.exe [980992]
[MD5.03AB6CA6A4F8FEF05CA80D98FCCF4935] [SPRF][25/10/2010] (...) -- C:\Users\maison\AppData\Local\83278.exe [980992]
[MD5.CCAFEBFA36FC460204C2C4FAE9DBFCC2] [SPRF][25/10/2010] (...) -- C:\Users\maison\AppData\Local\8537361109.exe [980992]
[MD5.3140D950B45B8C7240E850CC207F1E58] [SPRF][10/04/2013] (...) -- C:\Users\maison\AppData\Local\d3d9caps.dat [1356]
[MD5.36179B382A989075FF5FA282434F6892] [SPRF][21/03/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\maison\AppData\Local\Temp\uninst1.exe [394736] =>Toolbar.Babylon
[MD5.254FBCA565E049648B0CCE2CEADF05D2] [SPRF][28/12/2010] (...) -- C:\Users\maison\AppData\Roaming\inst.exe [87608]
[MD5.5B6C11DE7E839C05248CED8825470FEF] [SPRF][28/12/2010] (.VSO Software - low level access layer for CD/DVD/BD devices.) -- C:\Users\maison\AppData\Roaming\pcouffin.sys [47360]
[MD5.92E22C532DF3567061DAE395C33E9FC2] [SPRF][02/06/2010] (...) -- C:\Users\maison\AppData\Roaming\qcopjv.dat [12]
[MD5.3FEA9D2EDF23B0283C7A66C8DEA380BD] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\Windows\Downloaded Program Files\dwusplay.dll [24576]
[MD5.CDBE35EA59BC9223E4F800BD1DB82D27] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\Windows\Downloaded Program Files\dwusplay.exe [196608]
[MD5.0C78701C6F42345DFF2B2B6C3C3D01EF] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Web Agent.) -- C:\Windows\Downloaded Program Files\isusweb.dll [172032]
~ Files: Scanned in 00mn 00s
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{96405733-10AC-4B80-B328-11D5380A75CF}C:\program files\smart technologies\smart product drivers\smartsnmpagent.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files\smart technologies\smart product drivers\smartsnmpagent.exe (.not file.)
O87 - FAEL: "UDP Query User{AC1C75E4-B4EC-45E1-8086-65882EB8E4C2}C:\program files\smart technologies\smart product drivers\smartsnmpagent.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files\smart technologies\smart product drivers\smartsnmpagent.exe (.not file.)
O87 - FAEL: "TCP Query User{899F1A18-9CD9-4C4B-924D-8BDE03F1B8B1}C:\program files\free music zilla\fmzilla.exe" | In - Private - P6 - TRUE | .(.Pas de propri�taire - FMZilla Module.) -- C:\program files\free music zilla\fmzilla.exe
O87 - FAEL: "UDP Query User{3D9770CF-F52A-405E-99E1-B774D3C932B8}C:\program files\free music zilla\fmzilla.exe" | In - Private - P17 - TRUE | .(.Pas de propri�taire - FMZilla Module.) -- C:\program files\free music zilla\fmzilla.exe
O87 - FAEL: "TCP Query User{72644703-5B84-4090-9BEB-A4616B24ED46}C:\program files\free music zilla\fmzilla.exe" | In - Public - P6 - TRUE | .(.Pas de propri�taire - FMZilla Module.) -- C:\program files\free music zilla\fmzilla.exe
O87 - FAEL: "UDP Query User{0B8BF1E3-5452-4954-8906-FB2E3678C61B}C:\program files\free music zilla\fmzilla.exe" | In - Public - P17 - TRUE | .(.Pas de propri�taire - FMZilla Module.) -- C:\program files\free music zilla\fmzilla.exe
O87 - FAEL: "{57C199CA-66C3-47D4-AF4E-CD2653B23F15}" |In - Domain - P6 - TRUE | .(...) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe (.not file.) =>PUP.BearShare
O87 - FAEL: "{2A483762-17E3-489B-A3C6-1BBDB936B110}" |In - Domain - P17 - TRUE | .(...) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe (.not file.) =>PUP.BearShare
O87 - FAEL: "{6C619DF7-58DB-44CC-9B77-D2FA884BF1F4}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe (.not file.) =>PUP.BearShare
O87 - FAEL: "{CDB61132-C9E4-47B9-A2DD-B5BE8A09B30C}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe (.not file.) =>PUP.BearShare
O87 - FAEL: "{3AED7412-A9B8-44BC-980D-42D043AA12F0}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\LimeWire\LimeWire.exe (.not file.)
O87 - FAEL: "{2E12FF7D-3772-4978-995E-90244317918F}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\LimeWire\LimeWire.exe (.not file.)
O87 - FAEL: "{F075003B-BDE4-4BEA-9E67-05C7BC3A0F7B}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\LimeWire\LimeWire.exe (.not file.)
O87 - FAEL: "{C390701F-4255-4342-BA73-FDB2961372FC}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\LimeWire\LimeWire.exe (.not file.)
O87 - FAEL: "{0E67B5D2-F42A-440F-8D63-66FBFF40DBCD}" |In - Private - P6 - TRUE | .(...) -- C:\Users\maison\Desktop\VideoConverter_Setup.exe (.not file.)
O87 - FAEL: "{BD79068D-A2D3-4675-A47D-6B453D72D857}" |In - Private - P17 - TRUE | .(...) -- C:\Users\maison\Desktop\VideoConverter_Setup.exe (.not file.)
O87 - FAEL: "{4D9137F4-374F-4326-9ABF-E8086A94870C}" |In - Private - P6 - TRUE | .(...) -- C:\Users\maison\AppData\Local\Temp\is799009782\AInstaller.exe (.not file.)
O87 - FAEL: "{9E1C7947-44AC-49EB-B1CA-0D7C1CBF2932}" |In - Private - P17 - TRUE | .(...) -- C:\Users\maison\AppData\Local\Temp\is799009782\AInstaller.exe (.not file.)
O87 - FAEL: "{1DEE4532-681D-46F5-AD51-EBC1D354B7FB}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\Pinnacle\Studio 14\Programs\RM.exe (.not file.)
O87 - FAEL: "{14A629A7-2152-4E31-92A6-B1CDA90AB5A2}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\Pinnacle\Studio 14\Programs\RM.exe (.not file.)
O87 - FAEL: "{0D702210-DC8D-464B-A151-0D073E5739B3}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\Pinnacle\Studio 14\Programs\Studio.exe (.not file.)
O87 - FAEL: "{6AD28B69-6A1F-4033-8D95-DFBADEE19916}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\Pinnacle\Studio 14\Programs\Studio.exe (.not file.)
O87 - FAEL: "{29AEF761-B006-4523-BB1E-648B6CAD1045}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\Pinnacle\Studio 14\Programs\umi.exe (.not file.)
O87 - FAEL: "{30024D74-CF59-4547-9FE7-793D6EFEEB1F}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\Pinnacle\Studio 14\Programs\umi.exe (.not file.)
O87 - FAEL: "TCP Query User{E3DB1FA2-AA16-48E6-80B1-A106799008F2}C:\program files\emule\emule.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files\emule\emule.exe (.not file.)
O87 - FAEL: "UDP Query User{D8F165F2-445F-4F73-B550-C90798C9E7C1}C:\program files\emule\emule.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files\emule\emule.exe (.not file.)
O87 - FAEL: "{C72FF98E-9325-471D-A558-5ADC64415BD6}" |In - Private - P6 - TRUE | .(...) -- C:\Users\maison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7XMAZMZ4\VideoConverterSetup[1].exe (.not file.)
O87 - FAEL: "{2AC59D68-FEA2-4676-A2D0-A185CA3751EC}" |In - Private - P17 - TRUE | .(...) -- C:\Users\maison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7XMAZMZ4\VideoConverterSetup[1].exe (.not file.)
O87 - FAEL: "{FF904727-8338-4FCA-82AB-13DAA55A4CA2}" | In - Private - P6 - TRUE | .(.eInstruction Corporation - Launcher Application.) -- C:\Program Files\eInstruction\Device Manager\Launch.exe
O87 - FAEL: "{B0017E7D-4571-4B92-A59D-A2D06D0ADF98}" | In - Private - P17 - TRUE | .(.eInstruction Corporation - Launcher Application.) -- C:\Program Files\eInstruction\Device Manager\Launch.exe
O87 - FAEL: "TCP Query User{6C0367EB-42F6-49BC-8FBC-4850F8A42C45}C:\users\maison\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\maison\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe (.not file.)
O87 - FAEL: "UDP Query User{3B6396EC-9272-40D7-A5F7-AE26177F8204}C:\users\maison\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\maison\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe (.not file.)
O87 - FAEL: "TCP Query User{7D79D631-58BD-47B7-B078-BC8F08BC0345}C:\users\maison\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" |In - Private - P6 - TRUE | .(...) -- C:\users\maison\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe (.not file.)
O87 - FAEL: "UDP Query User{1A686E0F-3349-4D15-966B-7362024EB315}C:\users\maison\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" |In - Private - P17 - TRUE | .(...) -- C:\users\maison\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe (.not file.)
O87 - FAEL: "{ECA9D571-B299-43D6-A958-9F0E306D283A}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\SMART Technologies\SMART Product Drivers\WebServer.exe (.not file.)
O87 - FAEL: "{F8F9C475-ADE1-416F-8807-F3BB9B8F07FF}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\SMART Technologies\SMART Product Drivers\WebServer.exe (.not file.)
O87 - FAEL: "{BC4BF8F9-FFC0-4AF5-AC7E-F7D0DFED6460}" |In - Private - P6 - TRUE | .(...) -- C:\Users\maison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5WYWWDJ9\VideoToMp3Setup[1].exe (.not file.)
O87 - FAEL: "{16DBD798-DB4B-4DC3-BBC9-9B37CE6B014D}" |In - Private - P17 - TRUE | .(...) -- C:\Users\maison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5WYWWDJ9\VideoToMp3Setup[1].exe (.not file.)
O87 - FAEL: "{9D91B2EC-2781-4669-8467-8DCA8194D674}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\CrazyLoader\crazyloader.exe (.not file.)
O87 - FAEL: "{D10D8802-5749-4D68-8F0B-FA7038B9349E}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\CrazyLoader\crazyloader.exe (.not file.)
O87 - FAEL: "TCP Query User{6C2E3AB0-45E2-42C7-9EB2-69187D2134A2}C:\users\maison\appdata\local\temp\jdic_0_9_5\ieembed.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\maison\appdata\local\temp\jdic_0_9_5\ieembed.exe (.not file.)
O87 - FAEL: "UDP Query User{3BA13CD0-73EA-4D40-AEFD-107D8990359E}C:\users\maison\appdata\local\temp\jdic_0_9_5\ieembed.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\maison\appdata\local\temp\jdic_0_9_5\ieembed.exe (.not file.)
O87 - FAEL: "TCP Query User{BBC73490-DAC5-4B60-A777-D69EDD1C269E}C:\program files\einstruction\device manager\launch.exe" | In - Public - P6 - TRUE | .(.eInstruction Corporation.) -- C:\program files\einstruction\device manager\launch.exe
O87 - FAEL: "UDP Query User{391D8B56-0F3C-4BE1-A90F-B8837C5A5813}C:\program files\einstruction\device manager\launch.exe" | In - Public - P17 - TRUE | .(.eInstruction Corporation.) -- C:\program files\einstruction\device manager\launch.exe
O87 - FAEL: "TCP Query User{1E8E8B9C-8F7B-4B83-AA3A-51AB0E2A8C1A}C:\chrysis\lirebel++\demos\lirebel++6\lirebel6.exe" | In - Public - P6 - TRUE | .(...) -- C:\chrysis\lirebel++\demos\lirebel++6\lirebel6.exe
O87 - FAEL: "UDP Query User{C1935BFD-FE99-423F-9F99-6FBCDB7AEB4C}C:\chrysis\lirebel++\demos\lirebel++6\lirebel6.exe" | In - Public - P17 - TRUE | .(...) -- C:\chrysis\lirebel++\demos\lirebel++6\lirebel6.exe
O87 - FAEL: "{0ED851B0-E4A9-4811-BCB0-6E9A71FD7478}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe (.not file.) =>PUP.Datamngr
O87 - FAEL: "{3EDB11F9-6D89-40E5-A553-A90654E4C18D}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe (.not file.) =>PUP.Datamngr
O87 - FAEL: "{160D0AC1-DDE0-44BF-8542-6159D5E3BCC9}" |In - Public - P6 - TRUE | .(...) -- C:\Windows\System32\dmwu.exe (.not file.)
O87 - FAEL: "{3B22B88F-DD90-4306-AA03-E09AA65F8128}" |In - Public - P17 - TRUE | .(...) -- C:\Windows\System32\dmwu.exe (.not file.)
~ Firewall: 253 Legitimates Scanned in 00mn 01s
---\\ Scan Additionnel (O88)
Database Version : v2.11523 - (13/04/2013)
Cl�s trouv�es (Keys found) : 136
Valeurs trouv�es (Values found) : 1
Dossiers trouv�s (Folders found) : 7
Fichiers trouv�s (Files found) : 2
[HKLM\Software\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}] =>PUP.Funmoods
[HKLM\Software\Classes\CLSID\{35b8892d-c3fb-4d88-990d-31db2ebd72bd}] =>Adware.RecordNRip
[HKLM\Software\Classes\Interface\{3f607e46-0d3c-4442-b1de-de7fa4768f5c}] =>Adware.RecordNRip
[HKLM\Software\Classes\TypeLib\{93e3d79c-0786-48ff-9329-93bc9f6dc2b3}] =>Adware.RecordNRip
[HKLM\Software\Classes\Interface\{fe0273d1-99df-4ac0-87d5-1371c6271785}] =>Adware.RecordNRip
[HKLM\Software\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}] =>PUP.BearShare
[HKLM\Software\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}] =>Adware.Yontoo
[HKLM\Software\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}] =>Adware.Yontoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1392B8D2-5C05-419F-A8F6-B9F15A596612}] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}] =>Adware.Yontoo
[HKLM\Software\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}] =>Toolbar.Expresso
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011501160}] =>PUP.SpecialSavings
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}] =>Adware.IncrediBar
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}] =>Adware.IncrediBar
[HKLM\Software\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}] =>Adware.IncrediBar
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}] =>Adware.IncrediBar
[HKLM\Software\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}] =>Toolbar.Conduit
[HKLM\Software\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}] =>PUP.BearShare
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{5f05c28d-dea9-4ad6-a73a-064175988eab}] =>PUP.Dealio
[HKLM\Software\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}] =>Adware.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64c54209-175c-454d-9291-ac46d4d952cf}] =>Adware.Bandoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}] =>Adware.IncrediBar
[HKLM\Software\Classes\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}] =>Adware.Yontoo
[HKLM\Software\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}] =>Adware.Yontoo
[HKLM\Software\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}] =>PUP.iMesh
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}] =>Adware.Yontoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}] =>Adware.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}] =>Adware.Bandoo
[HKLM\Software\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}] =>PUP.Dealio
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}] =>PUP.BearShare
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}] =>PUP.BearShare
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A047FE02-C91C-41CB-898C-4ED21B86025A}] =>Toolbar.Orange
[HKLM\Software\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}] =>Toolbar.Expresso
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}] =>Toolbar.Agent
[HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper
[HKLM\Software\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}] =>Toolbar.Babylon
[HKLM\Software\Classes\TypeLib\{C31103D1-E584-4880-B1D3-6B1DF6FBDE22}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C9A6357B-25CC-4BCF-96C1-78736985D412}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C9A6357B-25CC-4BCF-96C1-78736985D412}] =>Toolbar.Agent
[HKLM\Software\Classes\CLSID\{C9A6357B-25CC-4BCF-96C1-78736985D412}] =>Toolbar.Agent
[HKLM\Software\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}] =>Adware.Yontoo
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}] =>Adware.IncrediBar
[HKLM\Software\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}] =>Adware.Yontoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DCE997C8-5920-4c09-99EE-59F46634FE2C}] =>Adware.ShopperReports
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] =>Adware.Yontoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] =>Adware.Yontoo
[HKLM\Software\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] =>Adware.Yontoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] =>Adware.Yontoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}] =>PUP.Dealio
[HKLM\Software\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}] =>PUP.iMesh
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}] =>Adware.IncrediBar
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] =>Adware.Yontoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] =>Adware.Yontoo
[HKLM\Software\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] =>Adware.Yontoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] =>Adware.Yontoo
[HKLM\Software\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}] =>Adware.Yontoo
[HKLM\Software\Classes\AppID\Extension.DLL] =>Toolbar.Expresso
[HKLM\Software\Classes\AppID\NCTAudioCompress3.DLL] =>PUP.BearShare
[HKLM\Software\Classes\Extension.ExtensionHelperObject] =>Toolbar.Expresso
[HKLM\Software\Classes\Extension.ExtensionHelperObject.1] =>Toolbar.Expresso
[HKLM\Software\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd] =>Adware.IncrediBar
[HKLM\Software\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph] =>PUP.SpecialSavings
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\CC94835868BCA58489B0D79DE655BCB1] =>PUP.Dealio
[HKLM\Software\Classes\Installer\Features\D82C50F59AED6DA47AA360145789E8BA] =>PUP.Dealio
[HKLM\Software\Classes\Installer\Products\D82C50F59AED6DA47AA360145789E8BA] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D82C50F59AED6DA47AA360145789E8BA] =>PUP.Dealio
[HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader
[HKLM\Software\Application Updater] =>PUP.Dealio
[HKCU\Software\BabylonToolbar] =>Toolbar.Babylon
[HKCU\Software\AppDataLow\Software\BearShareMediabarTb] =>Toolbar.Agent
[HKCU\Software\Cr_Installer] =>Adware.VidSaver
[HKCU\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\DataMngr] =>Adware.Bandoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Iminent] =>Adware.IMBooster
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings] =>PUP.Dealio
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\Tarma Installer] =>Toolbar.Agent
[HKCU\Software\WNLT] =>Adware.IncrediBar
[HKLM\Software\WNLT] =>Adware.IncrediBar
[HKLM\Software\SimplyGen] =>Adware.PredictAd
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}] =>Toolbar.Babylon
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1] =>Adware.IncrediBar
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WNLT] =>Adware.IncrediBar
[HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings] =>PUP.BProtector
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}] =>Toolbar.Agent
[HKLM\SYSTEM\CurrentControlSet\Services\IB Updater] =>Adware.IncrediBar
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload] =>PUP.1ClickDownloader
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}] =>Adware.IncrediBar
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}] =>Adware.IncrediBar
[HKLM\Software\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}] =>Adware.IncrediBar
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}] =>Adware.IncrediBar
[HKLM\Software\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}] =>PUP.ClaroSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>Toolbar.Agent
[HKCU\AppEvents\Schemes\Apps\Explorer\Navigating\Old_Current] =>PUP.MediaFinder
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownload] =>PUP.1ClickDownloader
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D0F4A166-B8D4-48B8-9D63-80849FE137CB}] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}] =>PUP.BProtector
[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044] =>PUP.Dealio
[HKLM\Software\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D970ED5-3EDA-438D-BFFD-715931E2775B}] =>Toolbar.Sorcim
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D970ED5-3EDA-438D-BFFD-715931E2775B}] =>Toolbar.Sorcim
[HKLM\Software\Classes\CLSID\{1D970ED5-3EDA-438D-BFFD-715931E2775B}] =>Toolbar.Sorcim
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D970ED5-3EDA-438D-BFFD-715931E2775B}] =>Toolbar.Sorcim
[HKLM\Software\Applian Technologies\OpenCandy] =>Adware.OpenCandy
[HKLM\Software\Classes\YontooIEClient.Api] =>Adware.Yontoo
[HKLM\Software\Classes\YontooIEClient.Api.1] =>Adware.Yontoo
[HKLM\Software\Classes\YontooIEClient.Layers] =>Adware.Yontoo
[HKLM\Software\Classes\YontooIEClient.Layers.1] =>Adware.Yontoo
[HKLM\Software\Classes\AppID\YontooIEClient.DLL] =>Adware.Yontoo
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{9E131A93-EED7-4BEB-B015-A0ADB30B5646} =>PUP.ClaroSearch
C:\Program Files\yontoo =>Adware.Yontoo
C:\Program Files\IB Updater =>Adware.IncrediBar
C:\Program Files\OpenCandyDemoInstaller =>Adware.OpenCandy
C:\ProgramData\Babylon =>Toolbar.Babylon
C:\Users\maison\AppData\Roaming\Babylon =>Toolbar.Babylon
C:\Users\maison\AppData\Roaming\OpenCandy =>Adware.OpenCandy
C:\Users\maison\AppData\LocalLow\Incredibar.com =>Adware.IncrediBar
C:\Users\maison\AppData\Local\Temp\uninst1.exe =>Toolbar.Babylon
~ Additionnel: Scanned in 00mn 34s
---\\ Product Upgrade Codes (O90)
O90 - PUC: "53F069A9AD1C0CF48B20AEFF1497DF0B" . (.MyScript HWR (French).) -- C:\Windows\Installer\{9A960F35-C1DA-4FC0-B802-EAFF4179FDB0}\ARPPRODUCTICON.exe
O90 - PUC: "B80573A108B95254AA4189CE1B7F01D3" . (.Workspace.) -- C:\Windows\Installer\{1A37508B-9B80-4525-AA14-98ECB1F7103D}\ARPPRODUCTICON.exe
O90 - PUC: "D82C50F59AED6DA47AA360145789E8BA" . (.Search Settings v1.2.3.) -- C:\Windows\Installer\{5F05C28D-DEA9-4AD6-A73A-064175988EAB}\ARPPRODUCTICON.exe
~ Update Products: 70 Legitimates Scanned in 00mn 00s
---\\ Random Export Key (O91)
[HKCU\Software\d558bdeb469b949] =>Toolbar.Babylon^
[HKCU\Software\d558bdeb469b949]:GUID="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKCU\Software\d558bdeb469b949]:version="2.6.1125.80"
[HKLM\Software\d558bdeb469b949] =>Toolbar.Babylon^
[HKLM\Software\d558bdeb469b949]:GUID="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKLM\Software\d558bdeb469b949]:version="2.6.1125.80"
~ Export Key Software: Scanned in 00mn 00s
---\\ MyComputer Name Space (O92)
~ IE Control Panel: 1 Legitimates Scanned in 00mn 00s
---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 18/12/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 21/08/2012 44808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 2569168 | (BrowserProtect) . (...) - C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe =>Toolbar.Babylon
SS - | Auto 06/02/2010 135664 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 06/02/2010 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SR - | Auto 188760 | (IB Updater) . (...) - C:\Program Files\IB Updater\ExtensionUpdaterService.exe
SS - | Demand 07/06/2011 820520 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Auto 0 | (Nero BackItUp Scheduler 4.0) . (...) - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SS - | Auto 20/05/2011 1055872 | (Orange update Core Service) . (.France Telecom SA.) - C:\Program Files\Orange\OrangeUpdate\Service\OUCore.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SS - | Auto 13/07/2012 160944 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SR - | Auto 21/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 00s
~ 1374 Legitimates filtered by white list
End of the scan (857 lines in 02mn 17s)(0)
Run by maison at 14/04/2013 08:39:50
State : Version � jour.
High Elevated Privileges : OK
UAC : Activate by user
---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421
GCIE: Google Chrome v26.0.1410.64 (Defaut)
---\\ Windows Product Information
~ Langage: Fran�ais
Windows Vista Business Edition, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
~ Vista, OEM_COA_SLP channel
Windows ID Activation : OK
~ Windows Partial Key : FH49Y
Windows License : OK
Windows Automatic Updates : OK
---\\ System Protection
avast! Free Antivirus v7.0.1466.0
---\\ System Optimizer
CCleaner v3.01
---\\ Software Update
Adobe Flash Player 11 ActiveX
Adobe Reader X
---\\ System Information
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3036 MB (58% free)
System Restore: Activ� (Enable)
System drive C: has 13 GB (11%) free of 116 GB
---\\ Logged in mode
~ Computer Name: PC-DE-MAISON
~ User Name: maison
~ All Users Names: maison, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\maison\AppData\Roaming\
~ %Desktop% : C:\Users\maison\Desktop\
~ %Favorites% : C:\Users\maison\Favorites\
~ %LocalAppData% : C:\Users\maison\AppData\Local\
~ %StartMenu% : C:\Users\maison\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 13 Go of 116 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 106 Go of 107 Go)
E:\ CD-ROM drive (Not Inserted)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Security Center: Scanned in 00mn 00s
---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 07:27:36.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de d�marrage de Windows.) (.21/01/2008 - 03:24:09.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.C5B6468422DB1C8AA36C32CBB0197E5E] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/02/2013 - 04:38:00.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 07:28:13.) -- C:\Windows\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 07:32:26.) -- C:\Windows\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:24:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 05:39:17.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 05:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:23:44.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:24:51.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 05:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856]
[MD5.6A4A98CEE84CF9E99564510DDA4BAA47] - (.Microsoft Corporation - Pilote du syst�me de fichiers NT.) (.11/04/2009 - 07:32:49.) -- C:\Windows\system32\Drivers\ntfs.sys [1083880]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parall�le.) (.02/11/2006 - 09:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/01/2008 - 03:25:21.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.943B18305EAE3935598A9B4A3D560B4C] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.11/04/2009 - 05:52:34.) -- C:\Windows\system32\Drivers\rdpdr.sys [248320]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 05:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 05:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192]
[MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.21/08/2012 - 12:47:42.) -- C:\Windows\system32\Drivers\volsnap.sys [224640]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 1/4
~ Mes musiques (My Musics) : 0/215
~ Mes Videos (My Videos) : 1/48
~ Mes Favoris (My Favorites) : 1/5
~ Mes Documents (My Documents) : 1/93
~ Mon Bureau (My Desktop) : 6/894
~ Menu demarrer (Programs) : 1/36
~ Hidden Files: Scanned in 00mn 02s
---\\ Processus lanc�s
[MD5.BB13432FA552AFCE8A66BCB5EE85F652] - (...) -- C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2569168] [PID.636] =>Toolbar.Babylon
[MD5.BAD0D303EF0A519409C625738F3E10A3] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4282728] [PID.2812]
[MD5.B9AA850CDA55097EB13E03698C8F5828] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [266776] [PID.3384]
[MD5.98A078F838A70F84E1BD490D7C7675F4] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696] [PID.3624]
[MD5.B19B204CABFA9F225618EDA4A90C1A2C] - (.Microsoft Corporation - Serveur de personnalisation d�entr�e.) -- C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [198656] [PID.3652]
[MD5.4E9592BB2C100E571F82640E59E9ECD5] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [1312720] [PID.2392]
[MD5.7C5A4D3222DEA5570C8F08EC7FC74199] - (.Sun Microsystems, Inc. - Java(TM) Update Checker.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe [508136] [PID.1856]
[MD5.00E193148E1DC8145CE4219900593705] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [6742016] [PID.3060]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.1744]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1408]
[MD5.04AC21E821F259845BD7367CEE057290] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808] [PID.1836]
[MD5.3927397AC60D943DAF8808AFFED582B7] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65192] [PID.1904]
[MD5.CEDB27BACA286F063C3A11D44AF530AE] - (...) -- C:\Program Files\IB Updater\ExtensionUpdaterService.exe [188760] [PID.2072]
~ Processes Running: Scanned in 00mn 01s
---\\ Google Chrome, D�marrage,Recherche,Extensions (G0,G1,G2)
C:\Users\maison\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] None
~ Google Browser: Scanned in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
~ Firefox Browser: 9 Legitimates Scanned in 00mn 00s
---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.foozir.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.searchs.at
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.searchs.at
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchs.at/keyword/
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.searchs.at
~ IE Browser: 12 Legitimates Scanned in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: IB Updater Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} . (...) -- C:\Program Files\IB Updater\Extension32.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} . (.Yontoo LLC - Yontoo Runtime.) -- C:\Program Files\Yontoo\YontooIEClient.dll =>PUP.Yontoo
~ BHO: 9 Legitimates Scanned in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: barre d'outils Orange - [HKLM]{c9a6357b-25cc-4bcf-96c1-78736985d412} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
O3 - Toolbar: avast! WebRep - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: (no name) - [HKLM]{9E131A93-EED7-4BEB-B015-A0ADB30B5646} Cl� orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Run: [B2C_AGENT] . (.LG Electronics - B2C NotiAgent LGMobile Application.) -- C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKCU\..\Run: [ccleaner] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe
O4 - HKCU\..\Run: [Update Service] . (.Teknum Systems AS - Pas de description.) -- C:\Program Files\Common Files\Teknum Systems\update.exe
O4 - HKCU\..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (.not file.)
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-21-1934202622-4051806568-1844207965-1000\..\Run: [ccleaner] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe
O4 - HKUS\S-1-5-21-1934202622-4051806568-1844207965-1000\..\Run: [Update Service] . (.Teknum Systems AS - Pas de description.) -- C:\Program Files\Common Files\Teknum Systems\update.exe
O4 - HKUS\S-1-5-21-1934202622-4051806568-1844207965-1000\..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (.not file.)
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Programs: Microsoft SkyDrive.lnk . (.Microsoft Corporation - Microsoft SkyDrive.) -- C:\Users\maison\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\QuickLaunch: google - Raccourci (2).lnk - Cl� orpheline
O4 - GS\QuickLaunch: google - Raccourci.lnk - Cl� orpheline
O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: monAlbumPhoto.lnk . (.monAlbumPhoto - monAlbumPhoto.) -- C:\Program Files\monAlbumPhoto\monAlbumPhoto.exe
O4 - GS\QuickLaunch: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\System32\WFS.exe
O4 - GS\SendTo: Format Factory.lnk . (.Free Time - FormatFactory.) -- C:\Program Files\FreeTime\FormatFactory\FormatFactory.exe
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - GS\Desktop: GOOGLE.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop: Microsoft Office Publisher 2003.lnk . (...) -- C:\Windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
O4 - GS\Desktop: monAlbumPhoto.lnk . (.monAlbumPhoto - monAlbumPhoto.) -- C:\Program Files\monAlbumPhoto\monAlbumPhoto.exe
O4 - GS\Desktop: Poste de travail.lnk - Cl� orpheline
~ Global Startup: Scanned in 00mn 01s
---\\ Boutons situ�s sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
O9 - Extra button: PokerStars.fr - {90EAE591-7E7E-434a-8E28-ECFD00071806} -- C:\Program Files\PokerStars.FR\main.ico (.not file.)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Winsock hijacker (Layered Service Provider) (O10)
~ Winsock: 6 Legitimates Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {7ECB1A47-6647-4B2C-A8DA-675569C9FF15} ((no name)) - http://www.comboost.com/WebResource.axd?d=_w18RH1c50p6ifnGZA8CWXK_rCM-wW7ZOZatE0WMKBDr-ocQfoiyxIHm9xWdgEN96cEt-RGWogZUYWP49h09gQWxQb2gNukZyS0pXsOrJoVicbNa50gkG98_v9Emsq_vEJnqan6e2avjkZjZ07b9ZPKkFoZASNMOYGFj_XuuoC8aWk9N0&t=634535826618437500
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F1B8064-BDC0-4EDA-86F3-0F6FB8158D1F}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{820E74CC-7FAE-4016-86C8-90DD010D5958}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F1B8064-BDC0-4EDA-86F3-0F6FB8158D1F}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F1B8064-BDC0-4EDA-86F3-0F6FB8158D1F}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{820E74CC-7FAE-4016-86C8-90DD010D5958}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F1B8064-BDC0-4EDA-86F3-0F6FB8158D1F}: DhcpDomain = lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{0F1B8064-BDC0-4EDA-86F3-0F6FB8158D1F}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{820E74CC-7FAE-4016-86C8-90DD010D5958}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{0F1B8064-BDC0-4EDA-86F3-0F6FB8158D1F}: DhcpDomain = lan
O17 - HKLM\System\CS3\Services\Tcpip\..\{0F1B8064-BDC0-4EDA-86F3-0F6FB8158D1F}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS3\Services\Tcpip\..\{820E74CC-7FAE-4016-86C8-90DD010D5958}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{0F1B8064-BDC0-4EDA-86F3-0F6FB8158D1F}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll =>Toolbar.Babylon
~ AppInit DLL: Scanned in 00mn 00s
---\\ Cl� de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
~ SSODL: 1 Legitimates Scanned in 00mn 00s
---\\ Cl� de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioth�que de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: BrowserProtect (BrowserProtect) . (...) - C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe =>Toolbar.Babylon
O23 - Service: IB Updater (IB Updater) . (...) - C:\Program Files\IB Updater\ExtensionUpdaterService.exe
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe
~ Services: 7 Legitimates Scanned in 00mn 11s
---\\ Enum�ration Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Users\maison\MAISON\PHOTOS\Domancy 07-09\Vues chez Soso\DSC00132.JPG
O24 - Desktop General: WallPaper - .(...) - C:\Users\maison\MAISON\PHOTOS\Domancy 07-09\Vues chez Soso\DSC00132.JPG
~ Desktop Component: 1 Legitimates Scanned in 00mn 00s
---\\ BootExecute (O34)
~ BEX: 1 Legitimates Scanned in 00mn 00s
---\\ T�ches planifi�es en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{1D720201-19F7-4CD6-A72D-7E674169AE6F}] (...) -- C:\Users\maison\Desktop\VDownloaderSetup-3.5.864.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{3DED1808-C307-4700-BC06-898B4B4F8490}] (...) -- C:\Users\maison\Desktop\isyfoli6.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{4A069EB2-6420-4EB7-A73C-3EEDB0B72240}] (...) -- E:\Setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{59C93343-CD2E-477F-A809-4C68443C22E5}] (...) -- E:\INSTALL.exe (.not file.) [0]
~ Scheduled Task: 19 Legitimates Scanned in 00mn 04s
---\\ Composants install�s (ActiveSetup Installed Components) (O40)
~ Active Setup: 14 Legitimates Scanned in 00mn 00s
---\\ Pilotes lanc�s au d�marrage (O41)
~ Drivers: 78 Legitimates Scanned in 00mn 00s
---\\ Logiciels install�s (O42)
O42 - Logiciel: BannerZest - (.Aquafadas.) [HKCU] -- ee6e86a4821e87b9
O42 - Logiciel: BrowserProtect - (.Bit89 Inc.) [HKLM] -- {15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} =>Toolbar.Babylon
O42 - Logiciel: IB Updater 2.0.0.574 - (.IncrediBar.) [HKLM] -- {336D0C35-8A85-403a-B9D2-65C292C39087}_is1 =>Adware.IncrediBar
O42 - Logiciel: IB Updater Service - (...) [HKLM] -- WNLT
O42 - Logiciel: Les instruments de musique - (...) [HKLM] -- Les instruments de musique
O42 - Logiciel: Screen Recorder - (...) [HKLM] -- Screen Recorder
O42 - Logiciel: ToolbarFR - (.Orange.) [HKLM] -- {A047FE02-C91C-41CB-898C-4ED21B86025A}
O42 - Logiciel: Workspace - (.eInstruction.) [HKLM] -- {1A37508B-9B80-4525-AA14-98ECB1F7103D}
O42 - Logiciel: Yontoo 1.10.02 - (.Yontoo LLC.) [HKLM] -- {889DF117-14D1-44EE-9F31-C5FB5D47F68B} =>PUP.Yontoo
~ Logic: 78 Legitimates Scanned in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Acoolsoft]
[HKCU\Software\AleoSoft]
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKCU\Software\AppDataLow\Software\bearsharemediabartb] =>PUP.BearShare
[HKCU\Software\Awsdata]
[HKCU\Software\BabylonToolbar] =>Toolbar.Babylon
[HKCU\Software\BearShare] =>PUP.BearShare
[HKCU\Software\Cabrilog]
[HKCU\Software\ConvertDirect]
[HKCU\Software\Cr_Installer]
[HKCU\Software\DataMngr] =>PUP.Datamngr
[HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr
[HKCU\Software\GeoVid]
[HKCU\Software\HandyBits]
[HKCU\Software\IM]
[HKCU\Software\ImInstaller]
[HKCU\Software\IncrediMail]
[HKCU\Software\InnoShock]
[HKCU\Software\InstallCore] =>PUP.InstallCore
[HKCU\Software\KeepVid]
[HKCU\Software\Luidia]
[HKCU\Software\OpenEuclide]
[HKCU\Software\PTE]
[HKCU\Software\RETZ]
[HKCU\Software\River Past]
[HKCU\Software\Softonic]
[HKCU\Software\Softsoft Ltd.]
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKCU\Software\Teknum Systems]
[HKCU\Software\WNLT]
[HKCU\Software\ZD Soft]
[HKLM\Software\Acoolsoft]
[HKLM\Software\Application Updater]
[HKLM\Software\AskTBar]
[HKLM\Software\Awsdata]
[HKLM\Software\Babylon] =>Toolbar.Babylon
[HKLM\Software\DataMngr] =>PUP.Datamngr
[HKLM\Software\DemoPhono]
[HKLM\Software\Disk Doctor Labs Inc.]
[HKLM\Software\IB Updater]
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\IncrediMail]
[HKLM\Software\Interkodex]
[HKLM\Software\Luidia]
[HKLM\Software\River Past]
[HKLM\Software\SimplyGen]
[HKLM\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\Tarma Installer] =>Toolbar.Tarma
[HKLM\Software\WnSoft]
[HKLM\Software\freecordertoolbar]
~ Key Software: 329 Legitimates Scanned in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 02/05/2011 - 15:25:12 - [0,000] ----D C:\Program Files\AbulEdu
O43 - CFD: 18/09/2010 - 09:08:11 - [2,859] ----D C:\Program Files\ALDI
O43 - CFD: 09/09/2012 - 09:20:00 - [0] ----D C:\Program Files\Catalencoder
O43 - CFD: 11/09/2010 - 07:17:18 - [3,561] ----D C:\Program Files\coverXP
O43 - CFD: 23/10/2010 - 09:28:37 - [0] ----D C:\Program Files\Dyslexia
O43 - CFD: 11/12/2010 - 14:37:24 - [0,059] ----D C:\Program Files\E-Book Systems
O43 - CFD: 23/10/2010 - 09:30:11 - [0] ----D C:\Program Files\Fluendo
O43 - CFD: 10/08/2010 - 20:13:53 - [0,719] ----D C:\Program Files\Free Music Zilla
O43 - CFD: 06/08/2011 - 08:54:53 - [0,002] ----D C:\Program Files\GALLIMAR
O43 - CFD: 25/03/2010 - 21:42:53 - [2,031] ----D C:\Program Files\HandyBits
O43 - CFD: 08/03/2013 - 10:00:00 - [2,154] ----D C:\Program Files\IB Updater
O43 - CFD: 18/12/2011 - 16:43:59 - [0] ----D C:\Program Files\IVCsoft
O43 - CFD: 04/09/2010 - 08:52:12 - [0,000] ----D C:\Program Files\LimeWire
O43 - CFD: 18/12/2011 - 18:36:13 - [0] ----D C:\Program Files\Luidia
O43 - CFD: 08/12/2010 - 16:14:00 - [0] ----D C:\Program Files\OpenCandyDemoInstaller =>Adware.OpenCandy
O43 - CFD: 10/09/2010 - 07:44:39 - [0,184] ----D C:\Program Files\Photo!
O43 - CFD: 18/12/2011 - 16:40:55 - [0] ----D C:\Program Files\PokerStars.FR
O43 - CFD: 30/01/2011 - 18:42:57 - [15,471] ----D C:\Program Files\puzmat
O43 - CFD: 27/03/2013 - 16:28:00 - [0,848] ----D C:\Program Files\Screen Recorder
O43 - CFD: 11/12/2010 - 16:11:17 - [0,125] ----D C:\Program Files\SoftSoft
O43 - CFD: 20/12/2012 - 21:45:29 - [0] ----D C:\Program Files\Symaxe
O43 - CFD: 29/10/2012 - 14:46:59 - [0,315] ----D C:\Program Files\Yontoo =>PUP.Yontoo
O43 - CFD: 01/08/2012 - 08:43:50 - [0] ----D C:\Program Files\ZD Soft
O43 - CFD: 09/08/2010 - 17:07:12 - [1,653] ----D C:\Program Files\Common Files\GeoVid
O43 - CFD: 01/08/2010 - 10:11:16 - [0,530] -S--D C:\Program Files\Common Files\Teknum Systems
O43 - CFD: 14/08/2010 - 16:25:48 - [0,003] ----D C:\ProgramData\30142
O43 - CFD: 17/05/2012 - 11:01:35 - [0,001] ----D C:\ProgramData\Ant
O43 - CFD: 22/10/2012 - 13:49:51 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon
O43 - CFD: 03/04/2013 - 16:42:01 - [7,108] ----D C:\ProgramData\BrowserProtect =>Toolbar.Babylon
O43 - CFD: 21/08/2010 - 20:36:13 - [0] ----D C:\ProgramData\eMule
O43 - CFD: 11/09/2010 - 07:03:59 - [0,003] ----D C:\ProgramData\River Past G5
O43 - CFD: 18/08/2010 - 10:36:52 - [1737,099] ----D C:\ProgramData\Studio14Trial
O43 - CFD: 14/04/2013 - 08:23:12 - [1,655] ----D C:\ProgramData\Tarma Installer =>Toolbar.Tarma
O43 - CFD: 01/06/2011 - 21:20:16 - [0,077] ----D C:\Users\maison\AppData\Roaming\aHisoft
O43 - CFD: 22/10/2012 - 13:49:51 - [0,016] ----D C:\Users\maison\AppData\Roaming\Babylon =>Toolbar.Babylon
O43 - CFD: 26/02/2010 - 18:38:30 - [0] ----D C:\Users\maison\AppData\Roaming\Configuration
O43 - CFD: 10/08/2010 - 20:13:52 - [0] ----D C:\Users\maison\AppData\Roaming\FMZilla
O43 - CFD: 09/08/2010 - 17:19:58 - [0,005] ----D C:\Users\maison\AppData\Roaming\GeoVid
O43 - CFD: 03/04/2013 - 16:40:15 - [6,465] ----D C:\Users\maison\AppData\Roaming\OpenCandy =>Adware.OpenCandy
O43 - CFD: 25/06/2012 - 21:11:56 - [0,006] ----D C:\Users\maison\AppData\Roaming\PPT2Video
O43 - CFD: 22/08/2010 - 21:00:19 - [0,000] ----D C:\Users\maison\AppData\Roaming\River Past G5
O43 - CFD: 20/12/2012 - 21:45:53 - [2,360] ----D C:\Users\maison\AppData\Roaming\uTorrent
O43 - CFD: 06/02/2011 - 12:09:57 - [0,000] ----D C:\Users\maison\AppData\Local\Dictionnaire Freelang
O43 - CFD: 07/09/2011 - 23:47:16 - [97,910] ----D C:\Users\maison\AppData\Local\Downloaded
O43 - CFD: 18/12/2011 - 16:40:50 - [0] ----D C:\Users\maison\AppData\Local\PokerStars.FR
O43 - CFD: 24/01/2011 - 15:04:08 - [0,000] ----D C:\Users\maison\AppData\Local\SMA
O43 - CFD: 31/12/2011 - 10:31:24 - [0,000] ----D C:\Users\maison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aquafadas
O43 - CFD: 03/04/2013 - 16:42:09 - [0,001] ----D C:\Users\maison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect =>Toolbar.Babylon
O43 - CFD: 21/03/2012 - 15:15:14 - [0,004] ----D C:\Users\maison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrysis
~ 1 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 327 Legitimates Scanned in 00mn 22s
---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.72827D5D38D38A46231CB38E1F3FC5E3] - 27/03/2013 - 15:27:51 ---A- . (.InstallShield Corporation, Inc. - InstallShield unInstaller.) -- C:\Windows\uninst.exe [299520]
~ Files: 38 Legitimates Scanned in 00mn 33s
---\\ Export de cl� d'application autoris�e (O47)
O47 - AAKE:Key Export SP - "C:\Program Files\River Past\Audio Converter Pro\AudioConverter.exe" [Enabled] .(...) -- C:\Program Files\River Past\Audio Converter Pro\AudioConverter.exe (.not file.)
~ Keys Export: 1 Legitimates Scanned in 00mn 00s
---\\ D�ni du service (Local Security Authority) (O48)
~ LSA: 7 Legitimates Scanned in 00mn 00s
---\\ Contr�le du Safe Boot (CSB) (O49)
~ CBS: 13 Legitimates Scanned in 00mn 00s
---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{261663ae-61d0-11e0-9fb0-00235492ad3e}\AutoRun\command. (...) -- G:\LaunchU3.exe (.not file.)
O51 - MPSK:{7374e129-d524-11de-8a01-806e6f6e6963}\AutoRun\command. (...) -- E:\setup.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Trojan Driver Search Data (HKLM) (O52)
O52 - TDSD: \Drivers32\"vidc.ptev"="PteVideo.dll" . (...) -- C:\Windows\System32\PteVideo.dll
O52 - TDSD: \Drivers32\"vidc.dvsd"="mcdvd_32.dll" . (.MainConcept - MainConcept DV Codec.) -- C:\Windows\System32\mcdvd_32.dll
O52 - TDSD: \drivers.desc\"PteVideo.dll"="PicturesToExe video codec" . (...) -- C:\Windows\System32\PteVideo.dll
O52 - TDSD: \drivers.desc\"mcdvd_32.dll"="mcdvd_32.dll" . (.MainConcept - MainConcept DV Codec.) -- C:\Windows\System32\mcdvd_32.dll
~ TDSD: 20 Legitimates Scanned in 00mn 00s
---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\ActivControl [Key] . (...) -- C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\ATKOSD2 [Key] . (...) -- C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Freecorder FLV Service [Key] . (...) -- C:\Program Files\Freecorder\FLVSrvc.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\HControlUser [Key] . (...) -- C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\HP Software Update [Key] . (...) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\hpqSRMon [Key] . (...) -- C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Octoshape Streaming Services [Key] . (...) -- C:\Users\maison\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\PDFPrint [Key] . (.Geek Software GmbH - PDF24 Creator.) -- C:\Program Files\PDF24\pdf24.exe
O53 - SMSR:HKLM\...\startupreg\SearchSettings [Key] . (...) -- C:\Program Files\Search Settings\SearchSettings.exe (.not file.) =>Adware.SearchSettings
O53 - SMSR:HKLM\...\startupreg\SMART Board Service [Key] . (...) -- C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\SMART SNMP Agent [Key] . (...) -- C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Update Service [Key] . (.Teknum Systems AS - Pas de description.) -- C:\Program Files\COMMON~1\TEKNUM~1\update.exe
~ SMSR Keys: 27 Legitimates Scanned in 00mn 00s
---\\ Microsoft Control Security Providers (O54)
~ MSCP: 2 Legitimates Scanned in 00mn 00s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 16 Legitimates Scanned in 00mn 00s
---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLogOff"=0
~ MWPE Keys: 4 Legitimates Scanned in 00mn 00s
---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.04F0FCAC69C7C71A3AC4EB97FAFC8303] - 21/01/2008 - 03:23:45 ----- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [422968]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: Scanned in 00mn 00s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - ??\??\???? - Pas de propri�taire (ASUSProcObsrv) .(...) - LEGACY_ASUSPROCOBSRV
~ Legacy: 69 Legitimates Scanned in 00mn 00s
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.exe>
O67 - Shell Spawning: <.html>
~ FASS Keys: 20 Legitimates Scanned in 00mn 00s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} [DefaultScope] - (MyStart Search) - http://mystart.incredibar.com =>Adware.IncrediBar
~ Keys: Scanned in 00mn 00s
---\\ Recherche des services d�marr�s par Svchost (O83)
~ Services: 32 Legitimates Scanned in 00mn 00s
---\\ Recherche particuliere � la racine de certains dossiers (O84)
[MD5.AECBBE9161D1CE7CCB37EA726B8F8719] [SPRF][25/10/2010] (...) -- C:\Users\maison\AppData\Local\7336813041.exe [980992]
[MD5.03AB6CA6A4F8FEF05CA80D98FCCF4935] [SPRF][25/10/2010] (...) -- C:\Users\maison\AppData\Local\83278.exe [980992]
[MD5.CCAFEBFA36FC460204C2C4FAE9DBFCC2] [SPRF][25/10/2010] (...) -- C:\Users\maison\AppData\Local\8537361109.exe [980992]
[MD5.3140D950B45B8C7240E850CC207F1E58] [SPRF][10/04/2013] (...) -- C:\Users\maison\AppData\Local\d3d9caps.dat [1356]
[MD5.36179B382A989075FF5FA282434F6892] [SPRF][21/03/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\maison\AppData\Local\Temp\uninst1.exe [394736] =>Toolbar.Babylon
[MD5.254FBCA565E049648B0CCE2CEADF05D2] [SPRF][28/12/2010] (...) -- C:\Users\maison\AppData\Roaming\inst.exe [87608]
[MD5.5B6C11DE7E839C05248CED8825470FEF] [SPRF][28/12/2010] (.VSO Software - low level access layer for CD/DVD/BD devices.) -- C:\Users\maison\AppData\Roaming\pcouffin.sys [47360]
[MD5.92E22C532DF3567061DAE395C33E9FC2] [SPRF][02/06/2010] (...) -- C:\Users\maison\AppData\Roaming\qcopjv.dat [12]
[MD5.3FEA9D2EDF23B0283C7A66C8DEA380BD] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\Windows\Downloaded Program Files\dwusplay.dll [24576]
[MD5.CDBE35EA59BC9223E4F800BD1DB82D27] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\Windows\Downloaded Program Files\dwusplay.exe [196608]
[MD5.0C78701C6F42345DFF2B2B6C3C3D01EF] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Web Agent.) -- C:\Windows\Downloaded Program Files\isusweb.dll [172032]
~ Files: Scanned in 00mn 00s
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{96405733-10AC-4B80-B328-11D5380A75CF}C:\program files\smart technologies\smart product drivers\smartsnmpagent.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files\smart technologies\smart product drivers\smartsnmpagent.exe (.not file.)
O87 - FAEL: "UDP Query User{AC1C75E4-B4EC-45E1-8086-65882EB8E4C2}C:\program files\smart technologies\smart product drivers\smartsnmpagent.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files\smart technologies\smart product drivers\smartsnmpagent.exe (.not file.)
O87 - FAEL: "TCP Query User{899F1A18-9CD9-4C4B-924D-8BDE03F1B8B1}C:\program files\free music zilla\fmzilla.exe" | In - Private - P6 - TRUE | .(.Pas de propri�taire - FMZilla Module.) -- C:\program files\free music zilla\fmzilla.exe
O87 - FAEL: "UDP Query User{3D9770CF-F52A-405E-99E1-B774D3C932B8}C:\program files\free music zilla\fmzilla.exe" | In - Private - P17 - TRUE | .(.Pas de propri�taire - FMZilla Module.) -- C:\program files\free music zilla\fmzilla.exe
O87 - FAEL: "TCP Query User{72644703-5B84-4090-9BEB-A4616B24ED46}C:\program files\free music zilla\fmzilla.exe" | In - Public - P6 - TRUE | .(.Pas de propri�taire - FMZilla Module.) -- C:\program files\free music zilla\fmzilla.exe
O87 - FAEL: "UDP Query User{0B8BF1E3-5452-4954-8906-FB2E3678C61B}C:\program files\free music zilla\fmzilla.exe" | In - Public - P17 - TRUE | .(.Pas de propri�taire - FMZilla Module.) -- C:\program files\free music zilla\fmzilla.exe
O87 - FAEL: "{57C199CA-66C3-47D4-AF4E-CD2653B23F15}" |In - Domain - P6 - TRUE | .(...) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe (.not file.) =>PUP.BearShare
O87 - FAEL: "{2A483762-17E3-489B-A3C6-1BBDB936B110}" |In - Domain - P17 - TRUE | .(...) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe (.not file.) =>PUP.BearShare
O87 - FAEL: "{6C619DF7-58DB-44CC-9B77-D2FA884BF1F4}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe (.not file.) =>PUP.BearShare
O87 - FAEL: "{CDB61132-C9E4-47B9-A2DD-B5BE8A09B30C}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe (.not file.) =>PUP.BearShare
O87 - FAEL: "{3AED7412-A9B8-44BC-980D-42D043AA12F0}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\LimeWire\LimeWire.exe (.not file.)
O87 - FAEL: "{2E12FF7D-3772-4978-995E-90244317918F}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\LimeWire\LimeWire.exe (.not file.)
O87 - FAEL: "{F075003B-BDE4-4BEA-9E67-05C7BC3A0F7B}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\LimeWire\LimeWire.exe (.not file.)
O87 - FAEL: "{C390701F-4255-4342-BA73-FDB2961372FC}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\LimeWire\LimeWire.exe (.not file.)
O87 - FAEL: "{0E67B5D2-F42A-440F-8D63-66FBFF40DBCD}" |In - Private - P6 - TRUE | .(...) -- C:\Users\maison\Desktop\VideoConverter_Setup.exe (.not file.)
O87 - FAEL: "{BD79068D-A2D3-4675-A47D-6B453D72D857}" |In - Private - P17 - TRUE | .(...) -- C:\Users\maison\Desktop\VideoConverter_Setup.exe (.not file.)
O87 - FAEL: "{4D9137F4-374F-4326-9ABF-E8086A94870C}" |In - Private - P6 - TRUE | .(...) -- C:\Users\maison\AppData\Local\Temp\is799009782\AInstaller.exe (.not file.)
O87 - FAEL: "{9E1C7947-44AC-49EB-B1CA-0D7C1CBF2932}" |In - Private - P17 - TRUE | .(...) -- C:\Users\maison\AppData\Local\Temp\is799009782\AInstaller.exe (.not file.)
O87 - FAEL: "{1DEE4532-681D-46F5-AD51-EBC1D354B7FB}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\Pinnacle\Studio 14\Programs\RM.exe (.not file.)
O87 - FAEL: "{14A629A7-2152-4E31-92A6-B1CDA90AB5A2}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\Pinnacle\Studio 14\Programs\RM.exe (.not file.)
O87 - FAEL: "{0D702210-DC8D-464B-A151-0D073E5739B3}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\Pinnacle\Studio 14\Programs\Studio.exe (.not file.)
O87 - FAEL: "{6AD28B69-6A1F-4033-8D95-DFBADEE19916}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\Pinnacle\Studio 14\Programs\Studio.exe (.not file.)
O87 - FAEL: "{29AEF761-B006-4523-BB1E-648B6CAD1045}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\Pinnacle\Studio 14\Programs\umi.exe (.not file.)
O87 - FAEL: "{30024D74-CF59-4547-9FE7-793D6EFEEB1F}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\Pinnacle\Studio 14\Programs\umi.exe (.not file.)
O87 - FAEL: "TCP Query User{E3DB1FA2-AA16-48E6-80B1-A106799008F2}C:\program files\emule\emule.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files\emule\emule.exe (.not file.)
O87 - FAEL: "UDP Query User{D8F165F2-445F-4F73-B550-C90798C9E7C1}C:\program files\emule\emule.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files\emule\emule.exe (.not file.)
O87 - FAEL: "{C72FF98E-9325-471D-A558-5ADC64415BD6}" |In - Private - P6 - TRUE | .(...) -- C:\Users\maison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7XMAZMZ4\VideoConverterSetup[1].exe (.not file.)
O87 - FAEL: "{2AC59D68-FEA2-4676-A2D0-A185CA3751EC}" |In - Private - P17 - TRUE | .(...) -- C:\Users\maison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7XMAZMZ4\VideoConverterSetup[1].exe (.not file.)
O87 - FAEL: "{FF904727-8338-4FCA-82AB-13DAA55A4CA2}" | In - Private - P6 - TRUE | .(.eInstruction Corporation - Launcher Application.) -- C:\Program Files\eInstruction\Device Manager\Launch.exe
O87 - FAEL: "{B0017E7D-4571-4B92-A59D-A2D06D0ADF98}" | In - Private - P17 - TRUE | .(.eInstruction Corporation - Launcher Application.) -- C:\Program Files\eInstruction\Device Manager\Launch.exe
O87 - FAEL: "TCP Query User{6C0367EB-42F6-49BC-8FBC-4850F8A42C45}C:\users\maison\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\maison\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe (.not file.)
O87 - FAEL: "UDP Query User{3B6396EC-9272-40D7-A5F7-AE26177F8204}C:\users\maison\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\maison\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe (.not file.)
O87 - FAEL: "TCP Query User{7D79D631-58BD-47B7-B078-BC8F08BC0345}C:\users\maison\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" |In - Private - P6 - TRUE | .(...) -- C:\users\maison\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe (.not file.)
O87 - FAEL: "UDP Query User{1A686E0F-3349-4D15-966B-7362024EB315}C:\users\maison\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" |In - Private - P17 - TRUE | .(...) -- C:\users\maison\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe (.not file.)
O87 - FAEL: "{ECA9D571-B299-43D6-A958-9F0E306D283A}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\SMART Technologies\SMART Product Drivers\WebServer.exe (.not file.)
O87 - FAEL: "{F8F9C475-ADE1-416F-8807-F3BB9B8F07FF}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\SMART Technologies\SMART Product Drivers\WebServer.exe (.not file.)
O87 - FAEL: "{BC4BF8F9-FFC0-4AF5-AC7E-F7D0DFED6460}" |In - Private - P6 - TRUE | .(...) -- C:\Users\maison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5WYWWDJ9\VideoToMp3Setup[1].exe (.not file.)
O87 - FAEL: "{16DBD798-DB4B-4DC3-BBC9-9B37CE6B014D}" |In - Private - P17 - TRUE | .(...) -- C:\Users\maison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5WYWWDJ9\VideoToMp3Setup[1].exe (.not file.)
O87 - FAEL: "{9D91B2EC-2781-4669-8467-8DCA8194D674}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\CrazyLoader\crazyloader.exe (.not file.)
O87 - FAEL: "{D10D8802-5749-4D68-8F0B-FA7038B9349E}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\CrazyLoader\crazyloader.exe (.not file.)
O87 - FAEL: "TCP Query User{6C2E3AB0-45E2-42C7-9EB2-69187D2134A2}C:\users\maison\appdata\local\temp\jdic_0_9_5\ieembed.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\maison\appdata\local\temp\jdic_0_9_5\ieembed.exe (.not file.)
O87 - FAEL: "UDP Query User{3BA13CD0-73EA-4D40-AEFD-107D8990359E}C:\users\maison\appdata\local\temp\jdic_0_9_5\ieembed.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\maison\appdata\local\temp\jdic_0_9_5\ieembed.exe (.not file.)
O87 - FAEL: "TCP Query User{BBC73490-DAC5-4B60-A777-D69EDD1C269E}C:\program files\einstruction\device manager\launch.exe" | In - Public - P6 - TRUE | .(.eInstruction Corporation.) -- C:\program files\einstruction\device manager\launch.exe
O87 - FAEL: "UDP Query User{391D8B56-0F3C-4BE1-A90F-B8837C5A5813}C:\program files\einstruction\device manager\launch.exe" | In - Public - P17 - TRUE | .(.eInstruction Corporation.) -- C:\program files\einstruction\device manager\launch.exe
O87 - FAEL: "TCP Query User{1E8E8B9C-8F7B-4B83-AA3A-51AB0E2A8C1A}C:\chrysis\lirebel++\demos\lirebel++6\lirebel6.exe" | In - Public - P6 - TRUE | .(...) -- C:\chrysis\lirebel++\demos\lirebel++6\lirebel6.exe
O87 - FAEL: "UDP Query User{C1935BFD-FE99-423F-9F99-6FBCDB7AEB4C}C:\chrysis\lirebel++\demos\lirebel++6\lirebel6.exe" | In - Public - P17 - TRUE | .(...) -- C:\chrysis\lirebel++\demos\lirebel++6\lirebel6.exe
O87 - FAEL: "{0ED851B0-E4A9-4811-BCB0-6E9A71FD7478}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe (.not file.) =>PUP.Datamngr
O87 - FAEL: "{3EDB11F9-6D89-40E5-A553-A90654E4C18D}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe (.not file.) =>PUP.Datamngr
O87 - FAEL: "{160D0AC1-DDE0-44BF-8542-6159D5E3BCC9}" |In - Public - P6 - TRUE | .(...) -- C:\Windows\System32\dmwu.exe (.not file.)
O87 - FAEL: "{3B22B88F-DD90-4306-AA03-E09AA65F8128}" |In - Public - P17 - TRUE | .(...) -- C:\Windows\System32\dmwu.exe (.not file.)
~ Firewall: 253 Legitimates Scanned in 00mn 01s
---\\ Scan Additionnel (O88)
Database Version : v2.11523 - (13/04/2013)
Cl�s trouv�es (Keys found) : 136
Valeurs trouv�es (Values found) : 1
Dossiers trouv�s (Folders found) : 7
Fichiers trouv�s (Files found) : 2
[HKLM\Software\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}] =>PUP.Funmoods
[HKLM\Software\Classes\CLSID\{35b8892d-c3fb-4d88-990d-31db2ebd72bd}] =>Adware.RecordNRip
[HKLM\Software\Classes\Interface\{3f607e46-0d3c-4442-b1de-de7fa4768f5c}] =>Adware.RecordNRip
[HKLM\Software\Classes\TypeLib\{93e3d79c-0786-48ff-9329-93bc9f6dc2b3}] =>Adware.RecordNRip
[HKLM\Software\Classes\Interface\{fe0273d1-99df-4ac0-87d5-1371c6271785}] =>Adware.RecordNRip
[HKLM\Software\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}] =>PUP.BearShare
[HKLM\Software\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}] =>Adware.Yontoo
[HKLM\Software\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}] =>Adware.Yontoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1392B8D2-5C05-419F-A8F6-B9F15A596612}] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}] =>Adware.Yontoo
[HKLM\Software\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}] =>Toolbar.Expresso
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011501160}] =>PUP.SpecialSavings
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}] =>Adware.IncrediBar
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}] =>Adware.IncrediBar
[HKLM\Software\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}] =>Adware.IncrediBar
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}] =>Adware.IncrediBar
[HKLM\Software\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}] =>Toolbar.Conduit
[HKLM\Software\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}] =>PUP.BearShare
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{5f05c28d-dea9-4ad6-a73a-064175988eab}] =>PUP.Dealio
[HKLM\Software\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}] =>Adware.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64c54209-175c-454d-9291-ac46d4d952cf}] =>Adware.Bandoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}] =>Adware.IncrediBar
[HKLM\Software\Classes\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}] =>Adware.Yontoo
[HKLM\Software\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}] =>Adware.Yontoo
[HKLM\Software\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}] =>PUP.iMesh
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}] =>Adware.Yontoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}] =>Adware.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}] =>Adware.Bandoo
[HKLM\Software\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}] =>PUP.Dealio
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}] =>PUP.BearShare
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}] =>PUP.BearShare
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A047FE02-C91C-41CB-898C-4ED21B86025A}] =>Toolbar.Orange
[HKLM\Software\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}] =>Toolbar.Expresso
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}] =>Toolbar.Agent
[HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper
[HKLM\Software\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}] =>Toolbar.Babylon
[HKLM\Software\Classes\TypeLib\{C31103D1-E584-4880-B1D3-6B1DF6FBDE22}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C9A6357B-25CC-4BCF-96C1-78736985D412}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C9A6357B-25CC-4BCF-96C1-78736985D412}] =>Toolbar.Agent
[HKLM\Software\Classes\CLSID\{C9A6357B-25CC-4BCF-96C1-78736985D412}] =>Toolbar.Agent
[HKLM\Software\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}] =>Adware.Yontoo
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}] =>Adware.IncrediBar
[HKLM\Software\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}] =>Adware.Yontoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DCE997C8-5920-4c09-99EE-59F46634FE2C}] =>Adware.ShopperReports
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] =>Adware.Yontoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] =>Adware.Yontoo
[HKLM\Software\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] =>Adware.Yontoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] =>Adware.Yontoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}] =>PUP.Dealio
[HKLM\Software\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}] =>PUP.iMesh
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}] =>Adware.IncrediBar
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] =>Adware.Yontoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] =>Adware.Yontoo
[HKLM\Software\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] =>Adware.Yontoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] =>Adware.Yontoo
[HKLM\Software\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}] =>Adware.Yontoo
[HKLM\Software\Classes\AppID\Extension.DLL] =>Toolbar.Expresso
[HKLM\Software\Classes\AppID\NCTAudioCompress3.DLL] =>PUP.BearShare
[HKLM\Software\Classes\Extension.ExtensionHelperObject] =>Toolbar.Expresso
[HKLM\Software\Classes\Extension.ExtensionHelperObject.1] =>Toolbar.Expresso
[HKLM\Software\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd] =>Adware.IncrediBar
[HKLM\Software\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph] =>PUP.SpecialSavings
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\CC94835868BCA58489B0D79DE655BCB1] =>PUP.Dealio
[HKLM\Software\Classes\Installer\Features\D82C50F59AED6DA47AA360145789E8BA] =>PUP.Dealio
[HKLM\Software\Classes\Installer\Products\D82C50F59AED6DA47AA360145789E8BA] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D82C50F59AED6DA47AA360145789E8BA] =>PUP.Dealio
[HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader
[HKLM\Software\Application Updater] =>PUP.Dealio
[HKCU\Software\BabylonToolbar] =>Toolbar.Babylon
[HKCU\Software\AppDataLow\Software\BearShareMediabarTb] =>Toolbar.Agent
[HKCU\Software\Cr_Installer] =>Adware.VidSaver
[HKCU\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\DataMngr] =>Adware.Bandoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Iminent] =>Adware.IMBooster
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings] =>PUP.Dealio
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\Tarma Installer] =>Toolbar.Agent
[HKCU\Software\WNLT] =>Adware.IncrediBar
[HKLM\Software\WNLT] =>Adware.IncrediBar
[HKLM\Software\SimplyGen] =>Adware.PredictAd
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}] =>Toolbar.Babylon
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1] =>Adware.IncrediBar
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WNLT] =>Adware.IncrediBar
[HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings] =>PUP.BProtector
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}] =>Toolbar.Agent
[HKLM\SYSTEM\CurrentControlSet\Services\IB Updater] =>Adware.IncrediBar
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload] =>PUP.1ClickDownloader
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}] =>Adware.IncrediBar
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}] =>Adware.IncrediBar
[HKLM\Software\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}] =>Adware.IncrediBar
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}] =>Adware.IncrediBar
[HKLM\Software\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}] =>PUP.ClaroSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>Toolbar.Agent
[HKCU\AppEvents\Schemes\Apps\Explorer\Navigating\Old_Current] =>PUP.MediaFinder
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownload] =>PUP.1ClickDownloader
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D0F4A166-B8D4-48B8-9D63-80849FE137CB}] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}] =>PUP.BProtector
[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044] =>PUP.Dealio
[HKLM\Software\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D970ED5-3EDA-438D-BFFD-715931E2775B}] =>Toolbar.Sorcim
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D970ED5-3EDA-438D-BFFD-715931E2775B}] =>Toolbar.Sorcim
[HKLM\Software\Classes\CLSID\{1D970ED5-3EDA-438D-BFFD-715931E2775B}] =>Toolbar.Sorcim
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D970ED5-3EDA-438D-BFFD-715931E2775B}] =>Toolbar.Sorcim
[HKLM\Software\Applian Technologies\OpenCandy] =>Adware.OpenCandy
[HKLM\Software\Classes\YontooIEClient.Api] =>Adware.Yontoo
[HKLM\Software\Classes\YontooIEClient.Api.1] =>Adware.Yontoo
[HKLM\Software\Classes\YontooIEClient.Layers] =>Adware.Yontoo
[HKLM\Software\Classes\YontooIEClient.Layers.1] =>Adware.Yontoo
[HKLM\Software\Classes\AppID\YontooIEClient.DLL] =>Adware.Yontoo
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{9E131A93-EED7-4BEB-B015-A0ADB30B5646} =>PUP.ClaroSearch
C:\Program Files\yontoo =>Adware.Yontoo
C:\Program Files\IB Updater =>Adware.IncrediBar
C:\Program Files\OpenCandyDemoInstaller =>Adware.OpenCandy
C:\ProgramData\Babylon =>Toolbar.Babylon
C:\Users\maison\AppData\Roaming\Babylon =>Toolbar.Babylon
C:\Users\maison\AppData\Roaming\OpenCandy =>Adware.OpenCandy
C:\Users\maison\AppData\LocalLow\Incredibar.com =>Adware.IncrediBar
C:\Users\maison\AppData\Local\Temp\uninst1.exe =>Toolbar.Babylon
~ Additionnel: Scanned in 00mn 34s
---\\ Product Upgrade Codes (O90)
O90 - PUC: "53F069A9AD1C0CF48B20AEFF1497DF0B" . (.MyScript HWR (French).) -- C:\Windows\Installer\{9A960F35-C1DA-4FC0-B802-EAFF4179FDB0}\ARPPRODUCTICON.exe
O90 - PUC: "B80573A108B95254AA4189CE1B7F01D3" . (.Workspace.) -- C:\Windows\Installer\{1A37508B-9B80-4525-AA14-98ECB1F7103D}\ARPPRODUCTICON.exe
O90 - PUC: "D82C50F59AED6DA47AA360145789E8BA" . (.Search Settings v1.2.3.) -- C:\Windows\Installer\{5F05C28D-DEA9-4AD6-A73A-064175988EAB}\ARPPRODUCTICON.exe
~ Update Products: 70 Legitimates Scanned in 00mn 00s
---\\ Random Export Key (O91)
[HKCU\Software\d558bdeb469b949] =>Toolbar.Babylon^
[HKCU\Software\d558bdeb469b949]:GUID="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKCU\Software\d558bdeb469b949]:version="2.6.1125.80"
[HKLM\Software\d558bdeb469b949] =>Toolbar.Babylon^
[HKLM\Software\d558bdeb469b949]:GUID="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKLM\Software\d558bdeb469b949]:version="2.6.1125.80"
~ Export Key Software: Scanned in 00mn 00s
---\\ MyComputer Name Space (O92)
~ IE Control Panel: 1 Legitimates Scanned in 00mn 00s
---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 18/12/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 21/08/2012 44808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 2569168 | (BrowserProtect) . (...) - C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe =>Toolbar.Babylon
SS - | Auto 06/02/2010 135664 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 06/02/2010 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SR - | Auto 188760 | (IB Updater) . (...) - C:\Program Files\IB Updater\ExtensionUpdaterService.exe
SS - | Demand 07/06/2011 820520 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Auto 0 | (Nero BackItUp Scheduler 4.0) . (...) - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SS - | Auto 20/05/2011 1055872 | (Orange update Core Service) . (.France Telecom SA.) - C:\Program Files\Orange\OrangeUpdate\Service\OUCore.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SS - | Auto 13/07/2012 160944 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SR - | Auto 21/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 00s
~ 1374 Legitimates filtered by white list
End of the scan (857 lines in 02mn 17s)(0)