cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2014.3.28.34 - Nicolas Coolman (28/03/2014)
~ Lancé par Gael (28/03/2014 16:40:38)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16518
GCIE: Google Chrome v4.1.249.1045 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : HYRR2
Windows License : OK
~ Windows Remaining Initializations Number : 4
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
Windows Defender W7

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer
eMule

---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader X

---\\ Informations sur le système
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2038 MB (58% free)
System Restore: Activé (Enable)
System drive C: has 3 GB (4%) free of 70 GB

---\\ Mode de connexion au système
~ Computer Name: GAEL-PC
~ User Name: Gael
~ All Users Names: HomeGroupUser$, Gael, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Gael\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Gael\AppData\Roaming\
~ %Desktop% : C:\Users\Gael\Desktop\
~ %Favorites% : C:\Users\Gael\Favorites\
~ %LocalAppData% : C:\Users\Gael\AppData\Local\
~ %StartMenu% : C:\Users\Gael\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 3 Go of 70 Go)
D: Hard drive, Flash drive, Thumb drive (Free 47 Go of 70 Go)
E: CD-ROM drive (Not Inserted)
H: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 43 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.9C89246184979A070B0C6CCF61C68136] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.06/02/2014 - 09:41:35.) -- C:\Windows\System32\wininet.dll [1820160]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 13:17:54.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 13:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/09/2013 - 01:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 09:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 09:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 10:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 09:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 14:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 11:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 09:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 13:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 01s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 3/1354
~ Mes musiques (My Musics) : 9/511
~ Mes Videos (My Videos) : 3/61
~ Mes Favoris (My Favorites) : 1/19
~ Mes Documents (My Documents) : 5/220
~ Mon Bureau (My Desktop) : 1/186
~ Menu demarrer (Programs) : 1/30
~ Hidden Files: Scanned in 00mn 07s



---\\ Processus lancés
[MD5.860927EC4DA5D1B5D15337BF3E997C6A] - (.Elaborate Bytes AG - Virtual CloneDrive Daemon.) -- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [85160] [PID.2824]
[MD5.F708A2CA13F52AD594333765DE034526] - (.ali - usb1.) -- C:\Program Files\USB Disk Win98 Driver\Res.exe [65536] [PID.2848]
[MD5.96B3C4E20F02CA16AA1E3E425BFFCC8B] - (.Microsoft Corporation - Gestionnaire pour appareils Windows Mobile.) -- C:\Windows\WindowsMobile\wmdcBase.exe [648072] [PID.2888]
[MD5.7B878518590E826F1F3A5B1D61D405F8] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3396624] [PID.2896]
[MD5.C6C3CC5AE986758CD58A3318551B6056] - (.iMesh, Inc - Data Manager.) -- C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe [985008] [PID.2908] =>PUP.Datamngr
[MD5.048EA4B978851788E9F5E8E4F081DF7A] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904] [PID.2976]
[MD5.F08F3B9F7C4C89DE9153587C4CA27F36] - (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATICFE.exe [182272] [PID.3004]
[MD5.F3F709C2D49DD6636F4EDE5C2CAE5448] - (.http://www.emule-project.net - eMule.) -- C:\Program Files\eMule\emule.exe [5758976] [PID.3036]
[MD5.C64E9B1C9EA057DCECDCB98F34377811] - (.Microsoft Corporation - Microsoft OneNote Quick Launcher.) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.exe [228552] [PID.3080]
[MD5.2217E08D0A421DAD5B9C8CA2B5146788] - (.Google Inc. - Google Chrome.) -- C:\Users\Gael\AppData\Local\Google\Chrome\Application\chrome.exe [530416] [PID.3168]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53784] [PID.192]
[MD5.D908476FF66371DC1D2F4B313B1306DF] - (.Corel - Standby service.) -- C:\Program Files\Common Files\Corel\Standby\Standby.exe [105632] [PID.3908]
[MD5.780CBE4DEFA3E842BE4B99D35C3CC4B8] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8177664] [PID.1512]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Gael\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][HomePage] http://mystart.incredimail.com =>Spyware.VMNToolbar

---\\ Liste des dossiers d'extension Google Chrome

~ Google Lines Browser: 2 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com =>Spyware.VMNToolbar
~ IE Browser: 12 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} . (.Babylon BHO - Pas de description.) -- C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll =>PUP.Babylon
O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} . (.iMesh, Inc - IEHelper.) -- C:\Program Files\iMesh Applications\MediaBar\Datamngr\IEBHO.dll =>PUP.Datamngr
O2 - BHO: MediaBar - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} . (.Pas de propriétaire - MediaBar Link Library.) -- C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll =>PUP.iMesh
~ BHO: 8 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: MediaBar - [HKLM]{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} . (.Pas de propriétaire - MediaBar Link Library.) -- C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll =>PUP.iMesh
O3 - Toolbar: Babylon Toolbar - [HKLM]{98889811-442D-49dd-99D7-DC866BE87DBC} . (.Babylon Ltd. - Pas de description.) -- C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll =>PUP.Babylon
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{4DAAC69C-CBA7-45E2-9BC8-1044483D3352} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{249D74A3-BD19-4657-B6CE-E62F480A20DE} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: eMule.lnk . (.http://www.emule-project.net - eMule.) -- C:\Program Files\eMule\emule.exe
O4 - GS\Desktop [Public]: Géorando Maxi Liberté VT.lnk . (...) -- C:\Users\Public\Georando-Maxi-Liberte-VT\Georando.exe
O4 - GS\Desktop [Public]: MAGIX Video deluxe 2007 e-version.lnk . (.MAGIX AG - MAGIX Video deluxe 2007 e-version.) -- C:\MAGIX\Video_deluxe_2007_e-version\Videodeluxe.exe
O4 - GS\Desktop [Public]: TopSolid 2009.lnk . (.Missler Software - TopSolid application.) -- C:\Missler\V610\bin\top610.exe
O4 - GS\Desktop [Public]: TopSolid'Finder 2009.lnk . (...) -- C:\Missler\V610\finder\bin\topfinder.exe
O4 - GS\Desktop [Public]: TopSolid'Viewer 2009.lnk . (.Missler Software - TopSolid'Viewer application.) -- C:\Missler\V610\viewer\bin\topview.exe
O4 - GS\Program [Public]: IncrediMail.lnk . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\Bin\IncMail.exe
O4 - GS\QuickLaunch [Gael]: IncrediMail 2.0.lnk . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\Bin\IncMail.exe
O4 - GS\QuickLaunch [Gael]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Gael]: Microsoft Outlook.lnk . (.Microsoft Corporation - Microsoft Outlook.) -- C:\Program Files\Microsoft Office\Office14\OUTLOOK.exe
O4 - GS\TaskBar [Gael]: Ciel Compta.lnk . (.Sage activité Ciel - Ciel Compta.) -- C:\Program Files\Ciel\Compta\WK.exe
O4 - GS\TaskBar [Gael]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\Gael\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Gael]: IncrediMail.lnk . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\Bin\IncMail.exe
O4 - GS\Program [Gael]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Gael]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SendTo [Gael]: MediaInfo.lnk . (...) -- C:\Program Files\K-Lite Codec Pack\Tools\mediainfo.exe
O4 - GS\Desktop [Gael]: Ecurie d e la Grange.lnk . (...) -- C:\Users\Gael\Documents\Ecurie d e la Grange
O4 - GS\Desktop [Gael]: Géorando Maxi Liberté VT.lnk . (...) -- C:\Users\Public\Georando-Maxi-Liberte-VT\Georando.exe
O4 - GS\Desktop [Gael]: Numériser un document ou une photo -.lnk - Clé orpheline
O4 - GS\Desktop [Gael]: Play GTAIII.lnk . (...) -- C:\Program Files\Rockstar Games\GTAIII\gta3.exe
~ Global Startup: 70 Legitimates Filtered in 00mn 03s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Gael]: OneNote 2010 - Capture d’écran et lancement.lnk . (.Microsoft Corporation - Microsoft OneNote Quick Launcher.) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.exe =>.Microsoft Corporation
O4 - HKLM\..\Run: [VirtualCloneDrive] . (.Elaborate Bytes AG - Virtual CloneDrive Daemon.) -- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe =>.Elaborate Bytes AG
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe (.not file.)
O4 - HKLM\..\Run: [Standby] . (.Corel - Standby service.) -- c:\Program Files\Common Files\Corel\Standby\Standby.exe
O4 - HKLM\..\Run: [USB Storage Toolbox] . (.ali - usb1.) -- C:\Program Files\USB Disk Win98 Driver\Res.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\MpcStar\Codecs\QuickTime\QTTask.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] . (.Microsoft Corporation - Gestionnaire pour appareils Windows Mobile.) -- C:\Windows\WindowsMobile\wmdcBase.exe
O4 - HKLM\..\Run: [avast5] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\avastUI.exe
O4 - HKLM\..\Run: [DATAMNGR] . (.iMesh, Inc - Data Manager.) -- C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe =>PUP.Datamngr
O4 - HKLM\..\Run: [EpsonAPD4SV] . (.SEIKO EPSON CORPORATION - EPSON APD4 Status Viewer.) -- C:\Program Files\EPSON\EPSON Advanced Printer Driver 4\Tools\EAPSV\EAPSV.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (.not file.)
O4 - HKCU\..\Run: [lrpwd] c:\users\gael\appdata\local\lrpwd.exe (.not file.)
O4 - HKCU\..\Run: [EPSON Stylus DX9400F Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICFE.exe =>.Epson Seiko Corporation
O4 - HKCU\..\Run: [eMuleAutoStart] . (.http://www.emule-project.net - eMule.) -- C:\Program Files\eMule\emule.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-698494462-690999159-3801560696-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-698494462-690999159-3801560696-1000\..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (.not file.)
O4 - HKUS\S-1-5-21-698494462-690999159-3801560696-1000\..\Run: [lrpwd] c:\users\gael\appdata\local\lrpwd.exe (.not file.)
O4 - HKUS\S-1-5-21-698494462-690999159-3801560696-1000\..\Run: [EPSON Stylus DX9400F Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICFE.exe =>.Epson Seiko Corporation
O4 - HKUS\S-1-5-21-698494462-690999159-3801560696-1000\..\Run: [eMuleAutoStart] . (.http://www.emule-project.net - eMule.) -- C:\Program Files\eMule\emule.exe
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBTTN~1.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: Microsoft XML Parser for Java - (Microsoft XML Parser for Java) - (.not file.) - C:\Windows\Java\classes\xmldso.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD397823-852E-4684-B5CB-CA0B6F1CE07D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{DD397823-852E-4684-B5CB-CA0B6F1CE07D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.iMesh, Inc - Data Manager.) - C:\Program Files\IMESHA~1\MediaBar\Datamngr\datamngr.dll =>PUP.Datamngr
~ AppInit DLL: Scanned in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\OfferBoxUpdate.job [246] =>PUP.OfferBox
[MD5.00000000000000000000000000000000] [APT] [{39EFC9E9-EFEB-4E13-ACCC-2754B684566D}] (...) -- C:\Users\Gael\Music\Travel League - Les Bijoux Disparus\Uninstall.exe (.not file.) [0]
[MD5.09DB67D4084EA556D6494DA51A7B8C9D] [APT] [{710966FB-5739-497B-8107-932C0D2B2808}] (...) -- c:\users\Gael\appdata\local\msagdci.bat [89]
[MD5.F7E2FF95EFE203D7D96FB6787185FDE6] [APT] [{8F3B4CF8-6274-4216-B75E-948B41884C70}] (...) -- c:\users\Gael\appdata\local\iscpbm.bat [89]
~ Scheduled Task: 5 Legitimates Filtered in 00mn 07s



---\\ Logiciels installés (O42)
O42 - Logiciel: Babylon toolbar on IE - (...) [HKLM] -- BabylonToolbar =>PUP.Babylon
O42 - Logiciel: Favorit (lrpwd) - (...) [HKLM] -- lrpwd =>Adware.Favorit
O42 - Logiciel: IncrediMail - (.IncrediMail.) [HKLM] -- {5E97F3BD-CDDC-4188-9D98-532E14FABB5D}
O42 - Logiciel: IncrediMail 2.0 - (.IncrediMail Ltd..) [HKLM] -- IncrediMail
O42 - Logiciel: MediaBar - (.iMesh Inc..) [HKLM] -- iMesh MediaBar =>PUP.iMesh
O42 - Logiciel: TopSolid 2009 Global Patch - (...) [HKLM] -- {EAD5AB9B-8447-46E6-8DB5-E3C831822031}
O42 - Logiciel: directDéclaration - (...) [HKLM] -- {F428CE0D-0E60-432D-8254-F8EED9079DC0}
~ Logic: 18 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\BabylonToolbar] =>PUP.Babylon
[HKCU\Software\DataMngr] =>PUP.Datamngr
[HKCU\Software\IM]
[HKCU\Software\IncrediMail]
[HKCU\Software\OfferBox] =>PUP.OfferBox
[HKCU\Software\STAFF]
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\TopSolid'Finder]
[HKCU\Software\fcn]
[HKCU\Software\iMesh] =>PUP.iMesh
[HKLM\Software\Babylon] =>PUP.Babylon
[HKLM\Software\DataMngr] =>PUP.Datamngr
[HKLM\Software\Freeze.com] =>Adware.Freeze
[HKLM\Software\OfferBox] =>PUP.OfferBox
[HKLM\Software\SpacEyes]
[HKLM\Software\iMeshMediabarTb] =>PUP.iMesh
~ Key Software: 258 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 02/01/2012 - 07:29:38 - [1,725] ----D C:\Program Files\BabylonToolbar =>PUP.Babylon
O43 - CFD: 09/11/2011 - 12:07:06 - [1,797] ----D C:\Program Files\es-Builder
O43 - CFD: 09/11/2011 - 13:10:55 - [0,050] ----D C:\Program Files\Free Offers from Freeze.com =>Adware.Freeze
O43 - CFD: 30/04/2011 - 09:21:43 - [0,002] ----D C:\Program Files\GamesBar =>Adware.GamesBar
O43 - CFD: 09/05/2011 - 21:33:06 - [26,221] ----D C:\Program Files\IncrediMail
O43 - CFD: 09/11/2011 - 13:07:13 - [0] ----D C:\Program Files\Planning Manager
O43 - CFD: 02/01/2012 - 07:29:21 - [0] ----D C:\ProgramData\Babylon =>PUP.Babylon
O43 - CFD: 30/09/2012 - 22:53:50 - [0] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 30/04/2011 - 09:21:43 - [0] ----D C:\ProgramData\GamesBar =>Adware.GamesBar
O43 - CFD: 06/11/2010 - 17:08:14 - [0] ----D C:\ProgramData\IM
O43 - CFD: 06/11/2010 - 17:07:13 - [6,153] ----D C:\ProgramData\IncrediMail
O43 - CFD: 09/11/2011 - 13:11:16 - [0,183] ----D C:\ProgramData\SearchOnline
O43 - CFD: 02/01/2012 - 07:29:21 - [0,049] ----D C:\Users\Gael\AppData\Roaming\Babylon =>PUP.Babylon
O43 - CFD: 02/06/2011 - 20:06:29 - [0] ----D C:\Users\Gael\AppData\Roaming\K-PACS-Lite
O43 - CFD: 13/11/2011 - 19:55:44 - [0] ----D C:\Users\Gael\AppData\Roaming\OfferBox =>PUP.OfferBox
O43 - CFD: 02/01/2012 - 07:29:22 - [3,521] ----D C:\Users\Gael\AppData\Local\Babylon =>PUP.Babylon
O43 - CFD: 13/11/2011 - 19:57:09 - [0] ----D C:\Users\Gael\AppData\Local\Conduit
O43 - CFD: 02/06/2011 - 18:54:13 - [98,101] ----D C:\Users\Gael\AppData\Local\IM
O43 - CFD: 13/05/2011 - 13:20:48 - [1802,683] ----D C:\Users\Gael\AppData\Local\iMesh =>PUP.iMesh
~ Program Folder: 223 Legitimates Filtered in 01mn 24s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.0AC4073C3EB00ABC91F919836F3384EC] - 15/03/2014 - 03:00:42 ---A- . (...) -- C:\Windows\msxml4-KB954430-enu.LOG [194998]
~ Files: 4 Legitimates Filtered in 00mn 09s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{6a4916c2-4881-11df-b227-001b3857d360}\AutoRun\command. (...) -- H:\setup.exe (.not file.)
O51 - MPSK:{6caa7173-487f-11df-b452-001b3857d360}\AutoRun\command. (...) -- F:\WD SmartWare.exe (.not file.)
O51 - MPSK:{828f60e1-b4d5-11df-b03a-001b3857d360}\AutoRun\command. (...) -- F:\Memorybar.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 14/07/2009 - 02:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 13/07/2009 - 23:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:[MD5.6C1F93C0760C9F79A1869D07233DF39D] - 14/11/2006 - 16:35:20 ---A- . (.REDC - RICOH XD SM Driver.) -- C:\Windows\System32\Drivers\rixdptsk.sys [37376]
O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 14/07/2009 - 02:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:[MD5.E8C1B9EBAC65288E1B51E8A987D98AF6] - 16/04/2010 - 07:33:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl.sys [41472]
O58 - SDL:[MD5.00E7E5B6ACEE1BD77B65E0428DBDAE5E] - 15/04/2010 - 16:08:03 RSH-- . (...) -- C:\Windows\System32\43401A53DD.sys [88]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 13/07/2009 - 22:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 13/07/2009 - 22:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.75C9547460EC84C0694524C276B9848F] - 16/10/2011 - 08:49:29 -SHA- . (...) -- C:\Windows\System32\KGyGaAvL.sys [2828]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 13/07/2009 - 22:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 13/07/2009 - 22:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 13/07/2009 - 22:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 13/07/2009 - 22:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 13/07/2009 - 22:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 13/07/2009 - 22:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 13/07/2009 - 22:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 13/07/2009 - 22:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 13/07/2009 - 22:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 13/07/2009 - 22:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 16 Legitimates Filtered in 00mn 07s



---\\ Recherche heuristique Magic.control (HSMI) (O59)
O59 - HSMI:Heuristic Search MagicControl Infection - (...) -- C:\Users\Gael\AppData\Local\rvfdhro_nav.dat
O59 - HSMI:Heuristic Search MagicControl Infection - (...) -- C:\Users\Gael\AppData\Local\rvfdhro_navps.dat
O59 - HSMI:Heuristic Search MagicControl Infection - (...) -- C:\Users\Gael\AppData\Local\rvfdhro.dat
~ Files: Scanned in 00mn 01s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\Gael\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Search the web (Babylon)) - http://search.babylon.com =>PUP.Babylon
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} [DefaultScope] - (Web Search) - http://search.imesh.com =>PUP.iMesh
O69 - SBI: SearchScopes [HKCU] {afdbddaa-5d3f-42ee-b79c-185a7020515b} - (Softonic_France Customized Web Search) - http://search.conduit.com =>Toolbar.Conduit
O69 - SBI: SearchScopes [HKCU] {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} - (MyStart Search) - http://mystart.incredimail.com =>Spyware.VMNToolbar
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.99CF592E0A3A3AEB3D9798A5A64D698D] [SPRF][15/04/2010] (...) -- C:\ProgramData\43401A53DD.sys [88]
[MD5.BF072713466ABBFC74D9CD1720C1F3E7] [SPRF][26/02/2011] (...) -- C:\ProgramData\KGyGaAvL.sys [5642]
[MD5.A31156B8D80A68E8F4354C63E0747BEB] [SPRF][02/01/2012] (...) -- C:\Users\Gael\Desktop\eMule0.50a-Installer.exe [3389035]
[MD5.A37C8C8523B2027897BE24C9DEC7CF35] [SPRF][05/02/2010] (...) -- C:\Users\Gael\Desktop\Flash_Disinfector.exe [132597]
[MD5.BD234CE960895E7DF492CEEFEB67863A] [SPRF][02/01/2012] (.Babylon Ltd. - Babylon Client Setup.) -- C:\Users\Gael\Desktop\MyBabylonTB.exe [837744] =>PUP.Babylon
~ Files: 5 Legitimates Filtered in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{739B1E3F-7DB3-4F99-AD28-09CA62E77EB0}C:\program files\ciel\directdeclaration\directdeclaration.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files\ciel\directdeclaration\directdeclaration.exe (.not file.)
O87 - FAEL: "UDP Query User{7D700B78-33B5-43AC-89F2-511C53DEF127}C:\program files\ciel\directdeclaration\directdeclaration.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files\ciel\directdeclaration\directdeclaration.exe (.not file.)
O87 - FAEL: "{00B8C35C-BE75-4228-A9F5-B00CD97E6F1C}" | In - Public - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files\IncrediMail\Bin\ImpCnt.exe
O87 - FAEL: "{1E672175-8E67-43D0-B087-A88C41A731F2}" | In - Public - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files\IncrediMail\Bin\ImpCnt.exe
O87 - FAEL: "{F0F9E901-81C0-421B-93A9-3177CBE85E06}" |In - Domain - P6 - TRUE | .(...) -- C:\Program Files\iMesh Applications\iMesh\iMesh.exe (.not file.) =>PUP.iMesh
O87 - FAEL: "{368D7DCC-CC9D-465E-9274-855E69ADF5BA}" |In - Domain - P17 - TRUE | .(...) -- C:\Program Files\iMesh Applications\iMesh\iMesh.exe (.not file.) =>PUP.iMesh
O87 - FAEL: "{88B9CB7C-D1D0-492D-95E1-32ECD6C3C6AE}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\iMesh Applications\iMesh\iMesh.exe (.not file.) =>PUP.iMesh
O87 - FAEL: "{CF0BC33E-07A6-4750-A0A6-F7DEEB8DD3C9}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\iMesh Applications\iMesh\iMesh.exe (.not file.) =>PUP.iMesh
O87 - FAEL: "{3EA894F0-6363-4AAE-B5F8-3FF414BF7F3B}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\iMesh Applications\iMesh\iMesh.exe (.not file.) =>PUP.iMesh
O87 - FAEL: "{B5662B92-5FBE-47FD-9397-5194C0F0883E}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\iMesh Applications\iMesh\iMesh.exe (.not file.) =>PUP.iMesh
O87 - FAEL: "{CDE69C35-4AEB-4026-8829-88CDDC5ADFDF}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files\IncrediMail\Bin\ImpCnt.exe
O87 - FAEL: "{12D9C208-3578-4859-BE77-48C82ADBC20E}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files\IncrediMail\Bin\ImpCnt.exe
O87 - FAEL: "{427767C6-5172-4D0F-AD0E-F289A92DE028}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\Bin\IncMail.exe
O87 - FAEL: "{46859ACE-958E-4A5A-B9C6-EC0517C699F1}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\Bin\IncMail.exe
O87 - FAEL: "{7B6EF1DC-E3F1-4145-9389-0BAFBB243599}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files\IncrediMail\Bin\ImApp.exe
O87 - FAEL: "{90AEDF06-7E65-4113-B656-95C838F4B168}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files\IncrediMail\Bin\ImApp.exe
O87 - FAEL: "{02C029E8-0B30-4ADD-A157-840B14F105B5}" | In - Public - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\Bin\IncMail.exe
O87 - FAEL: "{E7D9AFBD-5FB4-4742-BB23-3136BEAA7E79}" | In - Public - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\Bin\IncMail.exe
O87 - FAEL: "{37CC84A7-6D3F-43D0-B5CC-BE73E621BDB6}" | In - Public - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files\IncrediMail\Bin\ImApp.exe
O87 - FAEL: "{652FC501-1A6B-4A3A-85E1-35189583C484}" | In - Public - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files\IncrediMail\Bin\ImApp.exe
~ Firewall: 780 Legitimates Filtered in 00mn 05s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "3D16EEAFE5A2F7F429F677AA0CC84EDD" . (.Sentinel System Driver Installer 7.5.0.) -- C:\Windows\Installer\{FAEE61D3-2A5E-4F7F-926F-77AAC08CE4DD}\ARPPRODUCTICON.exe
O90 - PUC: "DB3F79E5CDDC8814D98935E241AFBBD5" . (.IncrediMail.) -- C:\Windows\Installer\{5E97F3BD-CDDC-4188-9D98-532E14FABB5D}\ARPPRODUCTICON.exe
~ Update Products: 55 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.A795897A0BD1414670A3AD7E258E0663] [WIS][11/07/2011] (.IncrediMail - IncrediMail.) -- C:\Windows\Installer\7df33b6.msi [2836480]
[MD5.D5EB3C8B46FC47A254B66E0FCD879461] [WIS][25/03/2011] (.EPSON - EPSON APD4 Point and Print Support.) -- C:\Windows\Installer\dce7270.msi [1728000]
~ WIS: 60 Legitimates Filtered in 00mn 42s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 14/11/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

SR - | Auto 10/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 13/01/2011 40384 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
SR - | Auto 28/03/2009 290816 | (EpsonPOSLog) . (.SEIKO EPSON CORPORATION.) - C:\Program Files\EPSON\EPSON Advanced Printer Driver 4\EpsonPHLog.exe
SR - | Auto 23/05/2009 376832 | (EpsonPOSPort) . (.SEIKO EPSON CORPORATION.) - C:\Program Files\EPSON\EPSON Advanced Printer Driver 4\EpsonPH.exe
SR - | Auto 05/06/2007 177704 | (ProtexisLicensing) . (...) - C:\Windows\system32\PSIService.exe
SR - | Auto 24/07/2007 185632 | (PSI_SVC_2) . (.Protexis Inc..) - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
SR - | Auto 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 44s



---\\ Alert Messages
WARNING : Adware.Navipromo/MagicControl found in registry or folder


---\\ Scan Additionnel (O88)
Database Version : 13031 - (28/03/2014)
Clés trouvées (Keys found) : 87
Valeurs trouvées (Values found) : 4
Dossiers trouvés (Folders found) : 15
Fichiers trouvés (Files found) : 21

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}] =>PUP.Babylon^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{474597C5-AB09-49D6-A4D5-2E8D7341384E}] =>PUP.Datamngr^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}] =>PUP.iMesh^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar] =>PUP.Babylon^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\lrpwd] =>Adware.Favorit^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\iMesh MediaBar] =>PUP.iMesh^
[HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>PUP.Babylon
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>PUP.Babylon
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28D35620-51D9-11DE-9D13-2DB156D89593}] =>PUP.iMesh
[HKLM\Software\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}] =>Toolbar.Agent
[HKLM\Software\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}] =>PUP.Babylon
[HKLM\Software\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}] =>PUP.Babylon
[HKLM\Software\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}] =>PUP.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{474597C5-AB09-49d6-A4D5-2E8D7341384E}] =>PUP.iMesh
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49d6-A4D5-2E8D7341384E}] =>PUP.iMesh
[HKLM\Software\Classes\CLSID\{474597C5-AB09-49d6-A4D5-2E8D7341384E}] =>PUP.iMesh
[HKLM\Software\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}] =>PUP.Babylon
[HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon
[HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon
[HKLM\Software\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}] =>PUP.Babylon
[HKLM\Software\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}] =>PUP.Babylon
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}] =>PUP.Babylon
[HKLM\Software\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}] =>PUP.Babylon
[HKLM\Software\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}] =>PUP.Babylon
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2a59}] =>PUP.iMesh
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2a59}] =>PUP.iMesh
[HKLM\Software\Classes\TypeLib\{A147AA03-820F-4A0F-9F34-D6CB4004A2F9}] =>PUP.iMesh
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}] =>PUP.Babylon
[HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>PUP.Babylon
[HKLM\Software\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}] =>PUP.Babylon
[HKLM\Software\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}] =>PUP.Babylon
[HKLM\Software\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}] =>PUP.Babylon
[HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper
[HKLM\Software\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}] =>PUP.Babylon
[HKLM\Software\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}] =>PUP.Babylon
[HKLM\Software\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}] =>PUP.Babylon
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}] =>Adware.IncrediBar
[HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon
[HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon
[HKLM\Software\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}] =>PUP.Babylon
[HKLM\Software\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}] =>PUP.Babylon
[HKLM\Software\Classes\CLSID\{E46C8196-B634-44a1-AF6E-957C64278AB1}] =>PUP.Babylon
[HKLM\Software\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}] =>PUP.Babylon
[HKLM\Software\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}] =>PUP.Babylon
[HKLM\Software\Classes\AppID\escort.dll] =>PUP.Babylon
[HKLM\Software\Classes\AppID\escortapp.dll] =>PUP.Babylon
[HKLM\Software\Classes\AppID\escorteng.dll] =>PUP.Babylon
[HKLM\Software\Classes\AppID\esrv.EXE] =>PUP.Babylon
[HKLM\Software\Classes\b] =>PUP.Babylon
[HKLM\Software\Classes\Babylon.dskBnd] =>PUP.Babylon
[HKLM\Software\Classes\Babylon.dskBnd.1] =>PUP.Babylon
[HKLM\Software\Classes\bbylnApp.appCore] =>PUP.Babylon
[HKLM\Software\Classes\bbylnApp.appCore.1] =>PUP.Babylon
[HKLM\Software\Classes\Conduit.Engine] =>Toolbar.Conduit
[HKLM\Software\Classes\escort.escortIEPane] =>PUP.Funmoods
[HKLM\Software\Classes\escort.escortIEPane.1] =>PUP.Funmoods
[HKLM\Software\Classes\escort.escrtBtn.1] =>PUP.Babylon
[HKLM\Software\Classes\esrv.BabylonESrvc] =>PUP.Babylon
[HKLM\Software\Classes\esrv.BabylonESrvc.1] =>PUP.Babylon
[HKCU\Software\BabylonToolbar] =>PUP.Babylon
[HKLM\Software\BabylonToolbar] =>PUP.Babylon
[HKCU\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\DataMngr] =>Adware.Bandoo
[HKCU\Software\fcn] =>Rogue.Multiple
[HKLM\Software\freeze.com] =>Adware.BHO
[HKCU\Software\iMesh] =>PUP.iMesh
[HKCU\Software\AppDataLow\Software\iMeshMediabarTB] =>PUP.iMesh
[HKLM\Software\iMeshMediabarTB] =>PUP.iMesh
[HKCU\Software\OfferBox] =>PUP.OfferBox
[HKLM\Software\OfferBox] =>PUP.OfferBox
[HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\AppDataLow\Software\Toolbar] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Tracing\MyBabylontb_RASAPI32] =>PUP.Babylon
[HKLM\Software\Microsoft\Tracing\MyBabylontb_RASMANCS] =>PUP.Babylon
[HKLM\Software\Classes\Prod.cap] =>PUP.Babylon
[HKLM\Software\Microsoft\Tracing\offerbox_RASAPI32] =>PUP.OfferBox
[HKLM\Software\Microsoft\Tracing\offerbox_RASMANCS] =>PUP.OfferBox
[HKLM\Software\Microsoft\Tracing\OfferBoxHTTPProxy_RASAPI32] =>PUP.OfferBox
[HKLM\Software\Microsoft\Tracing\OfferBoxHTTPProxy_RASMANCS] =>PUP.OfferBox
[HKLM\Software\Microsoft\Tracing\ConduitInstaller_RASAPI32] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Tracing\ConduitInstaller_RASMANCS] =>Toolbar.Conduit
[HKLM\Software\Classes\Toolbar.CT2542115] =>Toolbar.Conduit
[HKLM\Software\Classes\Toolbar.CT2724431] =>Toolbar.Conduit
[HKLM\Software\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} =>PUP.iMesh^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:DATAMNGR =>PUP.Datamngr^
[HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{249D74A3-BD19-4657-B6CE-E62F480A20DE} =>Toolbar.Conduit
[HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{249D74A3-BD19-4657-B6CE-E62F480A20DE} =>Toolbar.Conduit
C:\Program Files\BabylonToolbar =>PUP.Babylon^
C:\Program Files\Free Offers from Freeze.com =>Adware.Freeze^
C:\Program Files\GamesBar =>Adware.GamesBar^
C:\ProgramData\Babylon =>PUP.Babylon^
C:\ProgramData\GamesBar =>Adware.GamesBar^
C:\Users\Gael\AppData\Roaming\Babylon =>PUP.Babylon^
C:\Users\Gael\AppData\Roaming\OfferBox =>PUP.OfferBox^
C:\Users\Gael\AppData\Local\Babylon =>PUP.Babylon^
C:\Users\Gael\AppData\Local\iMesh =>PUP.iMesh^
C:\Program Files\iMesh Applications =>PUP.iMesh
C:\Users\Gael\AppData\Local\Conduit =>Toolbar.Conduit
C:\Users\Gael\AppData\LocalLow\BabylonToolbar =>PUP.Babylon
C:\Users\Gael\AppData\LocalLow\Conduit =>Toolbar.Conduit
C:\Users\Gael\AppData\LocalLow\iMeshMediabarTb =>PUP.iMesh
C:\Users\Gael\AppData\Local\Temp\BabylonToolbar =>PUP.Babylon
C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe =>PUP.Datamngr^
C:\Windows\Tasks\OfferBoxUpdate.job =>PUP.OfferBox^
[HKLM\Software\Babylon] =>PUP.Babylon^
[HKLM\Software\Freeze.com] =>Adware.Freeze^
[HKLM\Software\iMeshMediabarTb] =>PUP.iMesh^
C:\Users\Gael\Desktop\MyBabylonTB.exe =>PUP.Babylon^
C:\Users\Gael\AppData\Local\Temp\OB.exe =>PUP.OfferBox
C:\Users\Gael\AppData\Local\Temp\iMesh_setup.exe =>PUP.iMesh
C:\Users\Gael\AppData\Local\Temp\GoogleToolbarInstaller.exe =>PUP.Babylon
C:\Users\Gael\AppData\Local\Temp\ConduitEngine.dll =>Toolbar.Conduit
C:\Users\Gael\AppData\Local\Temp\nsi1A45.tmp.ConduitEngineEmbbed.exe =>Toolbar.Conduit
C:\Users\Gael\AppData\Local\Temp\prxGLFCCAF.tmp.tbIncr.dll =>Toolbar.Conduit
C:\Users\Gael\AppData\Local\Temp\tbIncr.dll =>Toolbar.Conduit
C:\Users\Gael\AppData\Local\Temp\tbSof0.dll =>Toolbar.Conduit
~ Additionnel Scan: 325110 Items scanned in 01mn 11s



---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.webs.com/apps/blog/show/27583992-pup-datamngr =>PUP.Datamngr
http://nicolascoolman.webs.com/apps/blog/show/27985391-spyware-vmntoolbar =>Spyware.VMNToolbar
http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>PUP.Babylon
http://nicolascoolman.webs.com/apps/blog/show/28441146-pup-imesh =>PUP.iMesh
http://nicolascoolman.webs.com/apps/blog/show/28606910-pup-offerbox =>PUP.OfferBox
http://nicolascoolman.webs.com/apps/blog/show/29439557-adware-favorit =>Adware.Favorit
http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
http://nicolascoolman.webs.com/apps/blog/show/28740985-adware-freeze =>Adware.Freeze
http://nicolascoolman.webs.com/apps/blog/show/26808625-adware-gamesbar =>Adware.GamesBar
http://nicolascoolman.webs.com/apps/blog/show/26898222-adware-incredibar =>Adware.IncrediBar
http://nicolascoolman.webs.com/apps/blog/show/27630986-pup-funmoods =>PUP.Funmoods
http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo
http://nicolascoolman.webs.com/apps/blog/show/26666995-adware-pricegong =>Adware.PriceGong
~ MSI: 13 link(s) detected in 00mn 00s



~ 1605 Legitimates filtered by white list
End of the scan (652 lines in 04mn 55s)(0)

Publicité


Signaler le contenu de ce document

Publicité