Rapport de ZHPDiag v2013.4.6.35 par Nicolas Coolman, Update du 06/04/2013 Run by greg at 07/04/2013 14:08:18 State : High Elevated Privileges : OK UAC : Deactivate by user ---\\ Web Browser MSIE: Internet Explorer v9.0.8112.16421 MFIE: Mozilla Firefox 20.0 v20.0 (Defaut) ---\\ Windows Product Information ~ Langage: Français Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ~ Windows(R) 7, OEM_SLP channel System Locked Preinstallation (OEM_SLP) : OK Windows ID Activation : OK ~ Windows Partial Key : PMJBM Windows License : OK ~ Windows Remaining Initializations Number : 3 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ System Information ~ Processor: Intel64 Family 6 Model 15 Stepping 11, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 3070 MB (46% free) System Restore: Activé (Enable) System drive C: has 32 GB (7%) free of 446 GB ---\\ Logged in mode ~ Computer Name: GREG-PC ~ User Name: greg ~ All Users Names: UpdatusUser, HomeGroupUser$, greg, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Users\greg\AppData\Roaming\ ~ %Desktop% : C:\Users\greg\Budget\Desktop\ ~ %Favorites% : C:\Users\greg\Favorites\ ~ %LocalAppData% : C:\Users\greg\AppData\Local\ ~ %StartMenu% : C:\Users\greg\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 32 Go of 446 Go) D:\ Hard drive, Flash drive, Thumb drive (Free 3 Go of 20 Go) E:\ CD-ROM drive (Not Inserted) F:\ Floppy drive, Flash card reader, USB Key (Not Inserted) G:\ Floppy drive, Flash card reader, USB Key (Not Inserted) H:\ Floppy drive, Flash card reader, USB Key (Not Inserted) I:\ CD-ROM drive (Not Inserted) J:\ CD-ROM drive (Not Inserted) K:\ CD-ROM drive (Not Inserted) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK ~ Security Center: Scanned in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808] [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024] [MD5.FA274190682AA41A46B285208ED46A74] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.02/02/2013 - 07:47:19.) -- C:\Windows\System32\wininet.dll [1392128] [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656] [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448] [MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688] [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128] [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160] [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456] [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400] [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368] [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472] [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224] [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208] [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632] [MD5.E453ACF4E7D44E5530B5D5F2B9CA8563] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.31/08/2012 - 19:19:35.) -- C:\Windows\system32\Drivers\ntfs.sys [1659760] [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280] [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536] [MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 12:06:41.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888] [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184] [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296] [MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 2/647 ~ Mes musiques (My Musics) : 1/97 ~ Mes Videos (My Videos) : 10/182 ~ Mes Favoris (My Favorites) : 1/30 ~ Mes Documents (My Documents) : 3/115107 ~ Mon Bureau (My Desktop) : 3/7697 ~ Menu demarrer (Programs) : 1/50 ~ Hidden Files: Scanned in 01mn 19s ---\\ Processus lancés [MD5.198B8C260AA185881415E2128E262497] - (.Panda Security - Internet resident proxy.) -- C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA INTERNET SECURITY 2013\WebProxy.exe [108032] [PID.1196] [MD5.143A396C5A8A4288787AC4628D70C0AC] - (.Pas de propriétaire - MSIAfterburner.) -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [364544] [PID.2380] [MD5.58C27029A6BD35FD26B5949080FC8708] - (.TeamViewer GmbH - TeamViewer 8.) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe [10220896] [PID.3304] [MD5.349AB4F70E2AC44970894E7F03E1576E] - (.Huawei Technologies Co., Ltd. - DataCardMonitor MFC Application.) -- C:\ProgramData\DatacardService\DCSHelper.exe [236384] [PID.3328] [MD5.F6987FF6C6D683F79FDCE707B071A997] - (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe [955392] [PID.3784] [MD5.40C6BFD3AAEA862F5149BC45760E2A04] - (.Nokia - Nokia Suite.) -- C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090040] [PID.4208] [MD5.8904DD33184C1DBFD114046D12A4E61A] - (.Ralink Technology, Corp. - Ralink Wireless LAN Card Utility.) -- C:\Program Files (x86)\Ralink\Common\RaUI.exe [12660072] [PID.5092] [MD5.12916E0642E92561C98B18A2A2D01B14] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848] [PID.4708] [MD5.DC73E11DC27E7D9AEF884EBE816C4240] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440] [PID.4352] [MD5.AD655DC36242ECFE81981FC36A7A0E46] - (.Bandoo Media, inc - Data Manager.) -- C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe [1694608] [PID.4412] =>PUP.Datamngr [MD5.3CB07566302BCEEB898DE270A0BEC175] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352] [PID.4828] [MD5.19D5046BC28BCCE1D2772F47E8021A19] - (.Panda Security, S.L. - Panda permanent protection.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\ApVxdWin.exe [1037600] [PID.5048] [MD5.53F08937688A81F7CF9E54CA12ADA1B5] - (.Nokia - Microsoft Bluetooth Media Server.) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe [149480] [PID.5476] [MD5.74D1E004483998E076FBBC0DE9B59763] - (.Panda Security, S.L. - PavBckPT Aplicación.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PavBckPT.exe [112128] [PID.5580] [MD5.5DFE72B9F1FF669070FC032090B7B982] - (.Sun Microsystems, Inc. - Java(TM) Update Checker.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe [507312] [PID.4668] [MD5.312FC312F84305E10828FDBF92CE4300] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [920472] [PID.7712] [MD5.DCBEFF88C66216530634390C697CE001] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [17304] [PID.6664] [MD5.680AD8F376970696B45269F074A8A28E] - (.Adobe Systems, Inc. - Adobe Flash Player 11.6 r602.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe [1822424] [PID.6700] [MD5.7A6638028D84C2B87EAB6D0A0F38A095] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [6535680] [PID.5804] [MD5.F0359F7CE712D69ACEF0886BDB4792ED] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [382824] [PID.852] [MD5.341457B79B3FC31A80C346C767045879] - (.Panda Security, S.L. - Anti-malware protection support executable.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PskSvc.exe [28992] [PID.1328] [MD5.71D19B5D542B6EEA00C99D9984DC901F] - (.Panda Security, S.L. - TPSrv Application.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\TPSrvWow.exe [173344] [PID.1372] [MD5.A0101E836D2A39682E134C47B1565256] - (.Nero AG - Nero BackItUp.) -- C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [836904] [PID.2764] [MD5.54F00466439F749EDDF29CBA0BC1A28A] - (.Panda Security, S.L. - Panda Software Controler.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PsCtrls.exe [177440] [PID.2240] [MD5.F458128A5321BB48DF7B3D8E279F6393] - (.Panda Security, S.L. - Panda Function Service.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PavFnSvr.exe [202016] [PID.2584] [MD5.2AE3F6B23448443BBEF5DE207159213B] - (.Panda Security, S.L. - Panda Process Protection Service.) -- C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe [62768] [PID.2184] [MD5.4D8C2645A12FDDF9CD4A68DDE8496BEF] - (.Panda Security, S.L. - Enhanced On-Access Anti-Malware Service.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\pavsrvx86.exe [313664] [PID.2536] [MD5.CC85A36EB009F45A53FF5344CCEFD58E] - (.Panda Security, S.L. - Enhanced On-Access Anti-Malware Protection.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\AVENGINE.exe [225088] [PID.2940] [MD5.532053E8E3BB8FA7166AB4E7685FDDCC] - (.Panda Security International - Panda Host Service.) -- c:\program files (x86)\panda security\panda internet security 2013\firewall\PSHOST.exe [226560] [PID.2976] [MD5.196C450F2779D0B462C444DA4906EA7F] - (.Panda Security S.L. - Panda Interface Manager Service.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PsImSvc.exe [108288] [PID.2616] [MD5.F4C083E290BCBC8DA05C6E2C7F8053B9] - (.Ralink Technology, Corp. - RalinkRegistryWriter.) -- C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [372736] [PID.2428] [MD5.6B1B2F8D62D606B200C2072564090104] - (.TeamViewer GmbH - TeamViewer 8.) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [3560288] [PID.576] [MD5.3346201D0BA2E631C6D6D43ED8CB7E08] - (.TeamViewer GmbH - TeamViewer 8.) -- C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe [185696] [PID.4092] [MD5.289E853881E688286AD24299FCC485D8] - (.Nokia - ServiceLayer Module.) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [732648] [PID.4944] [MD5.D5247E09FA4559E9661AE5C0FB8106A2] - (.Nokia - Serial Media Server.) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe [127464] [PID.4188] [MD5.D4106AC79DA6DF822AD3BFCD09802F5D] - (.Panda Security, S.L. - Panda AntiSpam Trainer.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\SRVLOAD.exe [91648] [PID.5188] [MD5.D41861E56E7552C13674D7F147A02464] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13592] [PID.1380] ~ Processes Running: Scanned in 00mn 03s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\greg\AppData\Local\Google\Chrome\User Data\Default\Preferences ~ Google Browser: Scanned in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\wd9yqzkv.default\prefs.js C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\wd9yqzkv.default\user.js M3 - MFPP: Plugins - [greg] -- C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\wd9yqzkv.default\searchplugins\delta.xml M3 - MFPP: Plugins - [greg] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\babylon.xml =>Toolbar.Babylon M3 - MFPP: Plugins - [greg] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml M2 - MFEP: prefs.js [greg - wd9yqzkv.default\DeviceDetection@logitech.com] [] ????????? ????????? Logitech v1.23.0.5 (.Logitech, Inc..) M2 - MFEP: prefs.js [greg - wd9yqzkv.default\synchronize@nokia.suite] [] Firefox Synchronisation Extension v1.9.105.1160 (.Nokia Corporation.) M2 - MFEP: prefs.js [greg - wd9yqzkv.default\{28387537-e3f9-4ed7-860c-11e69af4a8a0}] [] Wincore Mediabar v4.6.1.01 (.Visicom Media Inc..) M2 - MFEP: prefs.js [greg - wd9yqzkv.default\{40a1f5d7-afc2-498f-b264-02668d616ff6}] [] Mega Manager Integration v1.1 (.Megaupload Limited.) P2 - FPN:Firefox Plugin Navigator . (.vShare.tv - vShare.tv plug-in.) -- C:\Program Files (x86)\Mozilla Firefox\Plugins\npvsharetvplg.dll P2 - FPN: [HKLM] [@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf] - (.Tracker Software Products Ltd. - PDF-XChange Viewer Netscape Gecko Plugin.) -- C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll P2 - FPN: [HKLM] [@microsoft.com/OfficeAuthz,version=14.0] - (.Microsoft Corporation - Office Authorization plug-in for NPAPI browsers.) -- C:\Program Files\Microsoft Office\Office14\NPAUTHZ.dll P2 - FPN: [HKCU] [@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf] - (.Tracker Software Products Ltd. - PDF-XChange Viewer Netscape Gecko Plugin.) -- C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll P2 - FPN: [HKCU] [@stonetrip.com/ShiVaWebPlayer,version=1.8.1.0] - (.Stonetrip - ShiVa3D Plugin 1,8,1,1 for 3D real-time applications made with ShiVa E.) -- C:\Users\greg\AppData\Roaming\..\LocalLow\StoneTrip\WebPlayer1.8.1\npShiVa3D_1.8.1.dll ~ Firefox Browser: 42 Legitimates Scanned in 00mn 01s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-search.com =>Toolbar.DeltaSearch R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com R3 - URLSearchHook: Microsoft Url Search Hook [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)) -- C:\Windows\SysWOW64\ieframe.dll R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1 R4 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0 ~ IE Browser: Scanned in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Redirection du fichier Hosts (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Browser Helper Objects de navigateur (O2) ~ BHO: 7 Legitimates Scanned in 00mn 00s ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe O4 - HKLM\..\Run: [Skytel] . (.Realtek Semiconductor Corp. - Realtek Voice Manager.) -- C:\Program Files\Realtek\Audio\HDA\Skytel.exe O4 - HKLM\..\Run: [Windows Mobile Device Center] . (.Microsoft Corporation - Gestionnaire pour appareils Windows Mobile.) -- C:\Windows\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [Start WingMan Profiler] . (.Logicool Co. Ltd. - Logicool WingMan Event Monitor.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe O4 - HKCU\..\Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe O4 - HKCU\..\Run: [EPSON SX100 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEDE.exe O4 - HKCU\..\Run: [NokiaSuite.exe] . (.Nokia - Nokia Suite.) -- C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe O4 - HKCU\..\Run: [Mobile Partner] Clé orpheline O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Wow6432Node\Run: [DATAMNGR] . (.Bandoo Media, inc - Data Manager.) -- C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe =>PUP.Datamngr O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe O4 - HKLM\..\Wow6432Node\Run: [APVXDWIN] . (.Panda Security, S.L. - Panda permanent protection.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\APVXDWIN.exe O4 - HKLM\..\Wow6432Node\Run: [SCANINICIO] . (.Panda Security, S.L. - Inicio Programado.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\Inicio.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-21-523843482-445515722-1061558379-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKUS\S-1-5-21-523843482-445515722-1061558379-1000\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe O4 - HKUS\S-1-5-21-523843482-445515722-1061558379-1000\..\Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe O4 - HKUS\S-1-5-21-523843482-445515722-1061558379-1000\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe O4 - HKUS\S-1-5-21-523843482-445515722-1061558379-1000\..\Run: [EPSON SX100 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEDE.exe O4 - HKUS\S-1-5-21-523843482-445515722-1061558379-1000\..\Run: [NokiaSuite.exe] . (.Nokia - Nokia Suite.) -- C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe O4 - HKUS\S-1-5-21-523843482-445515722-1061558379-1000\..\Run: [Mobile Partner] Clé orpheline ~ Application: Scanned in 00mn 01s ---\\ Autres liens utilisateurs (O4) O4 - GS\QuickLaunch: Panda Internet Security 2013.lnk . (.Panda Security, S.L. - Panda Console.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\Iface.exe O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\Windows\system32\eudcedit.exe O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe O4 - GS\TaskBar: adsl TV.lnk . (.adsl TV / FM - Pas de description.) -- C:\Program Files (x86)\adslTV\adsltv.exe O4 - GS\TaskBar: Calculator.lnk . (.Microsoft Corporation - Calculatrice de Windows.) -- C:\Windows\system32\calc.exe O4 - GS\TaskBar: Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O4 - GS\TaskBar: Windows Live Messenger.lnk . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe O4 - GS\Programs: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch: JDownloader.lnk . (.AppWork GmbH - JDownloader 0.9.) -- C:\Program Files (x86)\JDownloader\JDownloaderPortable.exe O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O4 - GS\QuickLaunch: Mozilla Thunderbird.lnk . (.Mozilla Messaging - Thunderbird.) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe O4 - GS\QuickLaunch: Nero StartSmart Essentials.lnk . (.Nero AG - Nero StartSmart 8 Application.) -- C:\Program Files (x86)\Nero\Nero8\Nero StartSmart\NeroStartSmart.exe O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe ~ Global Startup: Scanned in 00mn 01s ---\\ Invisibilité de l'icône d'options IE dans le panneau de Configuration (O5) ~ IE Control Panel: 1 Legitimates Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: &Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.) O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.) ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Winsock hijacker (Layered Service Provider) (O10) ~ Winsock: 8 Legitimates Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{0527B03D-5119-40D2-92B9-E0B19108017B}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\..\{342815B1-553F-4DAD-9C66-D51A954401FB}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\..\{DBAAF28D-3D5D-4F4A-87CF-55EFDB61E738}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{0527B03D-5119-40D2-92B9-E0B19108017B}: DhcpDomain = lan O17 - HKLM\System\CS1\Services\Tcpip\..\{0527B03D-5119-40D2-92B9-E0B19108017B}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CS1\Services\Tcpip\..\{342815B1-553F-4DAD-9C66-D51A954401FB}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CS1\Services\Tcpip\..\{DBAAF28D-3D5D-4F4A-87CF-55EFDB61E738}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{0527B03D-5119-40D2-92B9-E0B19108017B}: DhcpDomain = lan O17 - HKLM\System\CS2\Services\Tcpip\..\{0527B03D-5119-40D2-92B9-E0B19108017B}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CS2\Services\Tcpip\..\{342815B1-553F-4DAD-9C66-D51A954401FB}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CS2\Services\Tcpip\..\{DBAAF28D-3D5D-4F4A-87CF-55EFDB61E738}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{0527B03D-5119-40D2-92B9-E0B19108017B}: DhcpDomain = lan O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: avldr . (.On-Access Anti-Malware Scanner Sync - On-Access Anti-Malware Scanner Sync.) -- C:\Windows\System32\avldr64.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21) ~ SSODL: 1 Legitimates Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Ralink UPnP Media Server (RaMediaServer) . (...) - C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe O23 - Service: Panda TPSrv (TPSrv) . (.Panda Security, S.L. - TPSrv Application.) - C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\TPSrvWow.exe ~ Services: 22 Legitimates Scanned in 00mn 12s ---\\ Enumération Active Desktop & MHTML Editor (O24) ~ Desktop Component: 1 Legitimates Scanned in 00mn 00s ---\\ BootExecute (O34) ~ BEX: 1 Legitimates Scanned in 00mn 00s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SesamTVMC.job [104] [MD5.143A396C5A8A4288787AC4628D70C0AC] [APT] [MSIAfterburner] (...) -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [364544] [MD5.00000000000000000000000000000000] [APT] [{31FC56FE-8A3E-415C-B9D2-4674DBE754C2}] (...) -- C:\Program Files (x86)\Avira\AntiVir Desktop\licmgr.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{B24D1AF5-0449-41F8-ACC5-317470263964}] (...) -- C:\Users\greg\Documents\Downloads\Programs\CPU_Stability_Test_6.0_Build_154_Finale.exe (.not file.) [0] [MD5.51DF4F50FEC38E92BB9C7E21F7863AD5] [APT] [{BB5CF8AF-CD7F-4D73-8F20-9A89EF7309F0}] (.Intel.) -- C:\Medion\Intel LAN\PRO2KXP_v13_5.exe [12812288] [MD5.00000000000000000000000000000000] [APT] [{C140D58C-05FA-4CC6-A12D-313EEDADFE3B}] (...) -- C:\Program Files (x86)\Nokia\Ovi\Application Installer\Application Installer\ApplicationInstaller.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{DB976CEF-6589-4EA3-BA2A-8748F820CDFE}] (...) -- C:\Program Files (x86)\EA SPORTS\LFP MANAGER 10\Manager10.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{E7D1AE91-0767-43F3-9D88-3CF8AFE35B9E}] (...) -- C:\Program Files (x86)\EA SPORTS\LFP MANAGER 10\Manager10.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{FE8F04BC-B347-42DA-8181-19A3E37B45CE}] (...) -- C:\Program Files (x86)\EA SPORTS\LFP MANAGER 10\Manager10.exe (.not file.) [0] ~ Scheduled Task: 19 Legitimates Scanned in 00mn 04s ---\\ Composants installés (ActiveSetup Installed Components) (O40) ~ Active Setup: 11 Legitimates Scanned in 00mn 00s ---\\ Pilotes lancés au démarrage (O41) O41 - Driver: (dk2drv) . (.Data Encryption Systems Limited - DK2DRV.) - C:\Windows\sysTEM32\Drivers\dk2drv64.sys ~ Drivers: 78 Legitimates Scanned in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: Adobe Flash Player 11 ActiveX - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player ActiveX O42 - Logiciel: Adobe Flash Player 11 Plugin - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player Plugin O42 - Logiciel: Adobe Reader 9.5.2 - Français - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-7AD7-1036-7B44-A95000000001} O42 - Logiciel: Ciel Compta 16.0 - (.Ciel.) [HKLM][64Bits] -- {F3BCE8FA-0EE2-4628-BF02-AB5AF4077997} O42 - Logiciel: Ciel Immobilisations 16.0 - (.Ciel.) [HKLM][64Bits] -- {83BB956C-103E-4D36-823D-A2A640DFAF06} O42 - Logiciel: Ciel Paye 16.00 - (.CIEL.) [HKLM][64Bits] -- {CB004EB8-C6DD-4908-8D49-C8ABA082B346} O42 - Logiciel: DK2 DESkey Drivers v7.18.1.33 - (.Data Encryption Systems Limited.) [HKLM][64Bits] -- DESkey DK2 Uninstall O42 - Logiciel: HortipassLinkSetup - (.La Graine Informatique.) [HKLM][64Bits] -- {78C92FC3-73D9-4531-8930-5DAF72DD09BD} O42 - Logiciel: Java 7 Update 9 - (.Oracle.) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F83217009FF} O42 - Logiciel: Kernel for Excel Demo 10.10.01 - (.Nucleus Data Recovery.Com Pvt Ltd.) [HKLM][64Bits] -- Kernel For Excel Demo_is1 O42 - Logiciel: Lightning - (.MSI, Inc..) [HKLM][64Bits] -- Lightning_is1 O42 - Logiciel: Liveupdate4 - (.MSI, Inc..) [HKLM][64Bits] -- Liveupdate4_is1 O42 - Logiciel: MSI Afterburner 2.1.0 - (.MSI Co., LTD.) [HKLM][64Bits] -- Afterburner O42 - Logiciel: MSI Kombustor 1.1.3 - (.MSI Co., LTD.) [HKLM][64Bits] -- {0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1 O42 - Logiciel: Mafia II - (.Take-Two Interactive Software, Inc..) [HKLM][64Bits] -- Mafia II_is1 O42 - Logiciel: Modern Warfare 3 - (.Activision.) [HKLM][64Bits] -- {5D168A3F-ECA3-4F98-A2AC-F809B2E533F9}_is1 O42 - Logiciel: Phoenix Service Software 2011.08.005.45529 - (.FOREMOBI TECH.) [HKLM][64Bits] -- Phoenix Service Software 2011.08.005.45529_is1 O42 - Logiciel: Phoenix Service Software 2012.04.003.47798 - (.Seidea.com.) [HKLM][64Bits] -- Phoenix Service Software 2012.04.003.47798_is1 O42 - Logiciel: ProCom Remoter - (.TELL Software Hungária Kft..) [HKLM][64Bits] -- {090E3361-B789-4372-86A0-2D15B2841635}_is1 O42 - Logiciel: Richard Burns Rally - (...) [HKLM][64Bits] -- {92C7D009-A464-4948-A980-7A3E28CB2F49} O42 - Logiciel: S3D Web Player - (.Stonetrip.) [HKLM][64Bits] -- S3D Web Player O42 - Logiciel: SanctionedMedia - (.SanctionedMedia.) [HKCU][64Bits] -- Smad O42 - Logiciel: vShare.tv plugin 1.3 - (.vShare.tv, Inc..) [HKLM][64Bits] -- vShare.tv plugin ~ Logic: 181 Legitimates Scanned in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\8805706a] [HKCU\Software\AppDataLow\Software\Stonetrip] [HKCU\Software\AppDataLow\Software\searchqutoolbar] =>PUP.Datamngr [HKCU\Software\BabylonToolbar] =>Toolbar.Babylon [HKCU\Software\DataMngr] =>PUP.Datamngr [HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr [HKCU\Software\Grand Virtual] [HKCU\Software\InstallCore] =>PUP.InstallCore [HKCU\Software\Nseries] [HKCU\Software\PartyFrance] [HKCU\Software\PerformerSoft LLC] [HKCU\Software\Recoveronix] [HKCU\Software\SanctionedMedia] [HKCU\Software\Sesam.tv] [HKCU\Software\Software] [HKCU\Software\StartSearch] [HKCU\Software\TELL] [HKCU\Software\Tomato] [HKCU\Software\ZRT Labs] [HKCU\Software\iMesh] =>PUP.iMesh [HKCU\Software\rFactor] [HKCU\Software\vShare.tv] [HKLM\Software\DataMngr] =>PUP.Datamngr [HKLM\Software\Tarma Installer] =>Toolbar.Tarma [HKLM\Software\Wow6432Node\10tacle Studios] [HKLM\Software\Wow6432Node\14919ea49a8f3b4aa3cf1058d9a64cec] [HKLM\Software\Wow6432Node\Babylon] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Bytemobile] [HKLM\Software\Wow6432Node\Data Encryption Systems Limited] [HKLM\Software\Wow6432Node\DataMngr] =>PUP.Datamngr [HKLM\Software\Wow6432Node\Download!] [HKLM\Software\Wow6432Node\OMSI] [HKLM\Software\Wow6432Node\SBDT AB] [HKLM\Software\Wow6432Node\SCi Games] [HKLM\Software\Wow6432Node\SOFTWARE] [HKLM\Software\Wow6432Node\Sesam.tv] [HKLM\Software\Wow6432Node\SetupManager2] [HKLM\Software\Wow6432Node\Trymedia Systems] =>Adware.Trymedia [HKLM\Software\Wow6432Node\Winsudate] [HKLM\Software\Wow6432Node\iMeshMediabarTb] =>PUP.iMesh [HKLM\Software\Wow6432Node\rFactor] ~ Key Software: 321 Legitimates Scanned in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 12/06/2011 - 18:11:36 - [0,022] ----D C:\Program Files (x86)\Dusco O43 - CFD: 19/01/2013 - 20:10:31 - [0,052] ----D C:\Program Files (x86)\GTR2 O43 - CFD: 01/12/2012 - 18:52:29 - [12,285] ----D C:\Program Files (x86)\Hotspot 3G+ BTelecom O43 - CFD: 28/01/2012 - 10:43:36 - [0,003] ----D C:\Program Files (x86)\IntoVPN O43 - CFD: 20/09/2012 - 08:19:53 - [8,542] ----D C:\Program Files (x86)\Kernel for Excel(Demo Version) O43 - CFD: 18/01/2013 - 11:05:48 - [15,391] ----D C:\Program Files (x86)\LFP Manager 13 O43 - CFD: 10/12/2012 - 21:06:28 - [12,774] ----D C:\Program Files (x86)\LGI O43 - CFD: 31/10/2012 - 23:16:45 - [390,739] ----D C:\Program Files (x86)\Medal of Honor Warfighter O43 - CFD: 20/11/2011 - 22:07:12 - [55,248] ----D C:\Program Files (x86)\MSI Afterburner O43 - CFD: 17/08/2011 - 20:49:12 - [9,303] ----D C:\Program Files (x86)\MSI Kombustor O43 - CFD: 16/01/2011 - 01:53:33 - [-2034,556] ----D C:\Program Files (x86)\rFactor O43 - CFD: 10/01/2010 - 04:04:42 - [0,745] ----D C:\Program Files (x86)\SEAF O43 - CFD: 12/06/2011 - 18:32:51 - [0] ----D C:\Program Files (x86)\SkyGrabber O43 - CFD: 13/12/2012 - 19:48:14 - [1,251] ----D C:\Program Files (x86)\TELL O43 - CFD: 11/09/2011 - 22:12:17 - [3,160] ----D C:\Program Files (x86)\Tomato O43 - CFD: 09/02/2011 - 23:45:02 - [0,071] ----D C:\Program Files (x86)\Visual IP Locator O43 - CFD: 24/08/2011 - 17:31:36 - [0,396] ----D C:\Program Files (x86)\vShare.tv plugin O43 - CFD: 13/02/2012 - 19:37:15 - [19,456] ----D C:\Program Files (x86)\VWS Installer O43 - CFD: 20/05/2012 - 23:10:29 - [0,089] ----D C:\Program Files (x86)\Common Files\DESkey O43 - CFD: 11/09/2011 - 22:12:18 - [7,397] ----D C:\Program Files (x86)\Common Files\Tomato O43 - CFD: 09/04/2012 - 10:52:28 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon O43 - CFD: 21/05/2012 - 18:03:54 - [0,000] ----D C:\ProgramData\boost_interprocess O43 - CFD: 28/03/2013 - 13:53:03 - [1,198] ----D C:\ProgramData\Tarma Installer =>Toolbar.Tarma O43 - CFD: 09/04/2012 - 10:52:27 - [0,012] ----D C:\Users\greg\AppData\Roaming\Babylon =>Toolbar.Babylon O43 - CFD: 26/03/2013 - 23:58:29 - [0,308] ----D C:\Users\greg\AppData\Roaming\File Scout O43 - CFD: 08/12/2011 - 23:58:45 - [0] ----D C:\Users\greg\AppData\Roaming\Fuoh O43 - CFD: 28/03/2013 - 13:51:50 - [0] ----D C:\Users\greg\AppData\Roaming\PerformerSoft O43 - CFD: 27/03/2013 - 00:00:27 - [0,076] ----D C:\Users\greg\AppData\Roaming\SpeedanAlysis O43 - CFD: 29/05/2011 - 22:10:18 - [10,523] ----D C:\Users\greg\AppData\Roaming\StoneTrip O43 - CFD: 11/09/2011 - 22:13:19 - [0,024] ----D C:\Users\greg\AppData\Roaming\Tomato O43 - CFD: 31/12/2010 - 11:47:22 - [0,608] ----D C:\Users\greg\AppData\Roaming\uTorrent O43 - CFD: 09/12/2011 - 19:01:00 - [0] ----D C:\Users\greg\AppData\Roaming\Ytcun O43 - CFD: 05/02/2012 - 22:38:08 - [0,014] ----D C:\Users\greg\AppData\Local\Ilivid Player =>Adware.Bandoo O43 - CFD: 31/12/2010 - 11:47:17 - [4,785] ----D C:\Users\greg\AppData\Local\Ludi O43 - CFD: 04/12/2011 - 21:12:05 - [0] ----D C:\Users\greg\AppData\Local\SanctionedMedia O43 - CFD: 20/05/2012 - 22:28:49 - [0,001] ----D C:\Users\greg\AppData\Local\Symbian-Toys.com O43 - CFD: 10/12/2012 - 21:06:30 - [0,003] ----D C:\Users\greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hortipass Link O43 - CFD: 19/08/2011 - 19:27:18 - [0,009] ----D C:\Users\greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner O43 - CFD: 02/12/2010 - 20:48:59 - [0,000] ----D C:\Users\greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rFactor ~ 813 Dossiers CLSID vides (CLSID Empty Folders) ~ Program Folder: 1194 Legitimates Scanned in 00mn 49s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.70688C023197D56E9D2A9EA27C20E387] - 07/04/2013 - 13:07:35 RSHAD . (...) -- C:\Windows\System32\Drivers\APPFCONT.DAT [336656] O44 - LFC:[MD5.70688C023197D56E9D2A9EA27C20E387] - 07/04/2013 - 13:07:35 RSHAD . (...) -- C:\Windows\System32\Drivers\APPFCONT.DAT.bck [336656] O44 - LFC:[MD5.DD5B44C10C1E6F14A1CF266EBE7779DE] - 07/04/2013 - 10:21:51 RSHAD . (...) -- C:\Windows\System32\Drivers\APPFLTR.CFG [1132] O44 - LFC:[MD5.DD5B44C10C1E6F14A1CF266EBE7779DE] - 07/04/2013 - 10:21:51 RSHAD . (...) -- C:\Windows\System32\Drivers\APPFLTR.CFG.bck [1132] O44 - LFC:[MD5.4CE91CEDF6EC0F5FDFF2B6E2DB4E520A] - 07/04/2013 - 10:20:58 ---A- . (...) -- C:\Windows\NeroDigital.ini [69] O44 - LFC:[MD5.3FDE033DFB0D07F8B7D5C9A3044AA121] - 31/03/2013 - 19:44:16 RSHAD . (.Nokia - PCCS Mode Change Filter Driver.) -- C:\Windows\System32\Drivers\pccsmcfdx64.sys [26112] O44 - LFC:[MD5.CA0325D254FF03AF01DDC7F63C99C38A] - 29/03/2013 - 08:01:07 ---A- . (...) -- C:\Windows\win.ini [1544] ~ Files: 59 Legitimates Scanned in 01mn 10s ---\\ Opérations et fonctions au démarrage de Windows Explorer (O46) O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL ~ ShellExecuteHooks: Scanned in 00mn 00s ---\\ Déni du service (Local Security Authority) (O48) ~ LSA: 9 Legitimates Scanned in 00mn 00s ---\\ Contrôle du Safe Boot (CSB) (O49) ~ CBS: 13 Legitimates Scanned in 00mn 00s ---\\ MountPoints2 Shell Key (O51) O51 - MPSK:{138bd396-cba3-11de-918c-baf384979b6e}\AutoRun\command. (...) -- I:\Installer.exe (.not file.) O51 - MPSK:{311ff53f-0bc2-11e1-a875-001d923c563b}\AutoRun\command. (...) -- K:\setup.exe (.not file.) O51 - MPSK:{5701edd2-515e-11df-8bd1-d26458c3156c}\AutoRun\command. (...) -- K:\LaunchU3.exe (.not file.) O51 - MPSK:{968c617c-d753-11de-92f1-9d164219076e}\AutoRun\command. (...) -- J:\ADD_ON2.exe (.not file.) O51 - MPSK:{f9650c62-3a00-11e2-a38a-c14a93a8b120}\AutoRun\command. (...) -- L:\AutoRun.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ Trojan Driver Search Data (HKLM) (O52) ~ TDSD: 2 Legitimates Scanned in 00mn 00s ---\\ ShareTools MSconfig StartupReg (O53) ~ SMSR Keys: 10 Legitimates Scanned in 00mn 00s ---\\ Microsoft Control Security Providers (O54) ~ MSCP: 2 Legitimates Scanned in 00mn 00s ---\\ Microsoft Windows Policies System (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 16 Legitimates Scanned in 00mn 00s ---\\ Microsoft Windows Policies Explorer (O56) O56 - MWPE:[HKCU\...\policies\Explorer] - "HonorAutoRunSetting"=0 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1 O56 - MWPE:[HKLM\...\policies\Explorer] - "HonorAutoRunSetting"=0 ~ MWPE Keys: 9 Legitimates Scanned in 00mn 00s ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.612B44C59A812DF2B3A57ED64A3F28AA] - 24/09/2009 - 08:30:02 ---A- . (.NXP Semiconductors Germany GmbH - 3xHybrid.) -- C:\Windows\System32\Drivers\3xHybr64.sys [1305056] O58 - SDL:[MD5.A16FB34E56C781DC56BE7492315655B9] - 03/08/2005 - 15:05:02 ---A- . (.Prolific Technology Inc. - USB-Serial USB Driver.) -- C:\Windows\SysWOW64\SER9PL.sys [35892] ~ Drivers: Scanned in 00mn 00s ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: SEAF By C_XX - (.C_XX.) [HKLM] -- SEAF O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ ADS: Scanned in 00mn 00s ---\\ Liste des services Legacy (O64) O64 - Services: CurCS - 31/01/2011 - C:\Windows\system32\Drivers\APPFLT64.sys (APPFLT) .(.Panda Security, S.L. - Panda APPFLT.) - LEGACY_APPFLT O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\drivers\atapi.sys (atapi) .(.Microsoft Corporation - ATAPI IDE Miniport Driver.) - LEGACY_ATAPI O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\Drivers\Beep.sys (Beep) .(.Microsoft Corporation - BEEP Driver.) - LEGACY_BEEP O64 - Services: CurCS - 04/07/2012 - C:\Windows\system32\browser.dll (bowser) .(.Microsoft Corporation - DLL du service Explorateur d’ordinateurs.) - LEGACY_BOWSER O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\DRIVERS\cdfs.sys (cdfs) .(.Microsoft Corporation - CD-ROM File System Driver.) - LEGACY_CDFS O64 - Services: CurCS - 14/12/2012 - C:\Windows\system32\DRIVERS\COMFiltr.sys (ComFiltr) .(.Pas de propriétaire - COMFiltr.) - LEGACY_COMFILTR O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\cscsvc.dll (CSC) .(.Microsoft Corporation - DLL du service CSC.) - LEGACY_CSC O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\drivers\dfsc.sys (DfsC) .(.Microsoft Corporation - DFS Namespace Client Driver.) - LEGACY_DFSC O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\drivers\discache.sys (discache) .(.Microsoft Corporation - System Indexer/Cache Driver.) - LEGACY_DISCACHE O64 - Services: CurCS - 20/05/2012 - C:\Windows\sysTEM32\Drivers\dk2drv64.sys (dk2drv) .(.Data Encryption Systems Limited - DK2DRV.) - LEGACY_DK2DRV O64 - Services: CurCS - 25/09/2009 - C:\Windows\system32\Drivers\DSAFLT64.sys (DSAFLT) .(.Panda Security, S.L. - Pas de description.) - LEGACY_DSAFLT O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\Drivers\fastfat.sys (fastfat) .(.Microsoft Corporation - Fast FAT File System Driver.) - LEGACY_FASTFAT O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\drivers\fileinfo.sys (FileInfo) .(.Microsoft Corporation - FileInfo Filter Driver.) - LEGACY_FILEINFO O64 - Services: CurCS - 15/02/2008 - C:\Program Files (x86)\MSI\Live Update 4\LU4\FLASHsys64.sys - FLASHSYS (FLASHSYS) .(...) - LEGACY_FLASHSYS O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\drivers\fltmgr.sys (FltMgr) .(.Microsoft Corporation - Gestionnaire de filtres de système de fichi.) - LEGACY_FLTMGR O64 - Services: CurCS - 25/09/2009 - C:\Windows\system32\Drivers\fnetm64.sys (FNETMON) .(.Panda Security, S.L. - Panda FNetMon.) - LEGACY_FNETMON O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\drivers\http.sys (HTTP) .(.Microsoft Corporation - HTTP Pile du protocole.) - LEGACY_HTTP O64 - Services: CurCS - 09/09/2010 - C:\Windows\system32\Drivers\IDSFLT64.sys (IDSFLT) .(.Panda Security, S.L. - Intrusion Detection System.) - LEGACY_IDSFLT O64 - Services: CurCS - 02/06/2012 - C:\Windows\System32\Drivers\ksecdd.sys (KSecDD) .(.Microsoft Corporation - Kernel Security Support Provider Interface.) - LEGACY_KSECDD O64 - Services: CurCS - 02/06/2012 - C:\Windows\System32\Drivers\ksecpkg.sys (KSecPkg) .(.Microsoft Corporation - Kernel Security Support Provider Interface.) - LEGACY_KSECPKG O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\drivers\mountmgr.sys (mountmgr) .(.Microsoft Corporation - Gestionnaire des points de montage.) - LEGACY_MOUNTMGR O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\FirewallAPI.dll (mpsdrv) .(.Microsoft Corporation - API du Pare-feu Windows.) - LEGACY_MPSDRV O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\webclnt.dll (MRxDAV) .(.Microsoft Corporation - Fichier DLL du service DAV pour le Web.) - LEGACY_MRXDAV O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\wkssvc.dll (mrxsmb) .(.Microsoft Corporation - DLL du service Station de travail.) - LEGACY_MRXSMB O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\wkssvc.dll (mrxsmb10) .(.Microsoft Corporation - DLL du service Station de travail.) - LEGACY_MRXSMB10 O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\drivers\msisadrv.sys (msisadrv) .(.Microsoft Corporation - ISA Driver.) - LEGACY_MSISADRV O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\DRIVERS\netbios.sys (NetBIOS) .(.Microsoft Corporation - NetBIOS interface driver.) - LEGACY_NETBIOS O64 - Services: CurCS - 25/09/2009 - C:\Windows\system32\Drivers\NETTDI64.sys (NETFLTDI) .(.Panda Security, S.L. - Panda TDI Filter.) - LEGACY_NETFLTDI O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\drivers\nsiproxy.sys (nsiproxy) .(.Microsoft Corporation - NSI Proxy.) - LEGACY_NSIPROXY O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\drivers\pcw.sys (pcw) .(.Microsoft Corporation - Performance Counters for Windows Driver.) - LEGACY_PCW O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\drivers\peauth.sys (PEAUTH) .(.Microsoft Corporation - Protected Environment Authentication and Au.) - LEGACY_PEAUTH O64 - Services: CurCS - 20/11/2010 - C:\Windows\System32\drivers\pacer.sys (Psched) .(.Microsoft Corporation - Planificateur de paquets QoS.) - LEGACY_PSCHED O64 - Services: CurCS - 12/06/2011 - C:\Windows\system32\Drivers\pssdk42.sys (PSSDK42) .(.microOLAP Technologies LTD - PSSDK Driver Protocol v4.2 64bit.) - LEGACY_PSSDK42 O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\drivers\qwavedrv.sys (QWAVEdrv) .(.Microsoft Corporation - Pilote du support de Microsoft Quality Wind.) - LEGACY_QWAVEDRV O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\wkssvc.dll (rdbss) .(.Microsoft Corporation - DLL du service Station de travail.) - LEGACY_RDBSS O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\DRIVERS\RDPCDD.sys (RDPCDD) .(.Microsoft Corporation - RDP Miniport.) - LEGACY_RDPCDD O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\drivers\RDPENCDD.sys (RDPENCDD) .(.Microsoft Corporation - RDP Encoder Miniport.) - LEGACY_RDPENCDD O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\drivers\RdpRefMp.sys (RDPREFMP) .(.Microsoft Corporation - RDP Reflector Driver Miniport.) - LEGACY_RDPREFMP O64 - Services: CurCS - 27/05/2010 - C:\Program Files (x86)\MSI Afterburner\RTCore64.sys - RTCore64 (RTCore64) .(...) - LEGACY_RTCORE64 O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\Drivers\spldr.sys (spldr) .(.Microsoft Corporation - loader for security processor.) - LEGACY_SPLDR O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\srvsvc.dll (srv) .(.Microsoft Corporation - DLL du service Serveur.) - LEGACY_SRV O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\srvsvc.dll (srv2) .(.Microsoft Corporation - DLL du service Serveur.) - LEGACY_SRV2 O64 - Services: CurCS - 03/10/2012 - C:\Windows\System32\drivers\tcpipreg.sys (tcpipreg) .(.Microsoft Corporation - TCP/IP Registry Compatibility Driver.) - LEGACY_TCPIPREG O64 - Services: CurCS - 20/11/2010 - C:\Windows\System32\DRIVERS\udfs.sys (udfs) .(.Microsoft Corporation - UDF File System Driver.) - LEGACY_UDFS O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\vmbusres.dll (vmbus) .(.Microsoft Corporation - Fichier DLL de ressources de bus VMBus.) - LEGACY_VMBUS O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\drivers\volmgrx.sys (volmgrx) .(.Microsoft Corporation - Pilote d’extension du gestionnaire de volum.) - LEGACY_VOLMGRX O64 - Services: CurCS - 20/11/2010 - C:\Windows\System32\DRIVERS\vpcnfltr.sys (vpcnfltr) .(.Microsoft Corporation - Virtual PC Network Filter Driver.) - LEGACY_VPCNFLTR O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\DRIVERS\vwififlt.sys (vwififlt) .(.Microsoft Corporation - Virtual WiFi Filter Driver.) - LEGACY_VWIFIFLT O64 - Services: CurCS - 26/07/2012 - C:\Windows\System32\drivers\Wdf01000.sys (Wdf01000) .(.Microsoft Corporation - Runtime de l’infrastructure de pilotes en m.) - LEGACY_WDF01000 O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\DRIVERS\wfplwf.sys (WfpLwf) .(.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - LEGACY_WFPLWF O64 - Services: CurCS - 25/09/2009 - C:\Windows\system32\Drivers\WNMFLT64.sys (WNMFLT) .(.Panda Security, S.L. - Pas de description.) - LEGACY_WNMFLT O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\drivers\ws2ifsl.sys (ws2ifsl) .(.Microsoft Corporation - Couche IFS Winsock2.) - LEGACY_WS2IFSL O64 - Services: CurCS - 26/07/2012 - C:\Windows\System32\drivers\WudfPf.sys (WudfPf) .(.Microsoft Corporation - Windows Driver Foundation - User-mode Drive.) - LEGACY_WUDFPF ~ Legacy: 98 Legitimates Scanned in 00mn 01s ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.js> [HKLM\..\open\Command] (.Panda Security, S.L. - Panda Script Blocking.) -- C:\Program Files (x86)\PANDAS~1\PANDAI~1\PAVSCRIP.exe O67 - Shell Spawning: <.js> [HKCR\..\open\Command] (.Panda Security, S.L. - Panda Script Blocking.) -- C:\Program Files (x86)\PANDAS~1\PANDAI~1\PAVSCRIP.exe ~ FASS Keys: 19 Legitimates Scanned in 00mn 00s ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (O69) O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("browser.babylon.HPOnNewTab", "search.babylon.com"); =>Toolbar.Babylon O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("browser.search.defaultengine", "Web Search"); O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); =>Toolbar.Babylon O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.BabylonToolbar_i.babExt", ""); =>Toolbar.Babylon O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110819&tt=050412_30b"); =>Toolbar.Babylon O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.BabylonToolbar_i.hardId", "42c104500000000000000015af4332a8"); =>Toolbar.Babylon O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.BabylonToolbar_i.id", "42c104500000000000000015af4332a8"); =>Toolbar.Babylon O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.BabylonToolbar_i.instlDay", "15439"); =>Toolbar.Babylon O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); =>Toolbar.Babylon O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.BabylonToolbar_i.newTab", true); =>Toolbar.Babylon O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.BabylonToolbar_i.newTabUrl", "http://search.babylon.com/?affID=110819&tt=050412_30b&babsrc=NT_ss&mntrId=42c1[...] =>Toolbar.Babylon O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); =>Toolbar.Babylon O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); =>Toolbar.Babylon O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); =>Toolbar.Babylon O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); =>Toolbar.Babylon O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9"); =>Toolbar.Babylon O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); =>Toolbar.Babylon O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1710:54:09"); =>Toolbar.Babylon O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); =>Toolbar.Babylon O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.delta.admin", false); O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.delta.aflt", "babsst"); O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.delta.autoRvrt", "false"); O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.delta.dfltLng", "en"); O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.delta.excTlbr", false); O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.delta.id", "42c104500000000000000015af4332a8"); O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.delta.instlDay", "15790"); O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.delta.instlRef", "sst"); O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.delta.newTab", false); O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.delta.prdct", "delta"); O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.delta.prtnrId", "delta"); O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.delta.rvrt", "false"); O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.delta.smplGrp", "none"); O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.delta.tlbrId", "base"); O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.delta.tlbrSrchUrl", ""); O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.delta.vrsn", "1.8.10.0"); O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.delta.vrsnTs", "1.8.10.023:00:13"); O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.delta.vrsni", "1.8.10.0"); O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.vshare@toolbar.update.enabled", false); O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Delta Search) - http://www.delta-search.com =>Toolbar.DeltaSearch O69 - SBI: SearchScopes [HKCU] {4A72D4A8-EBEF-40FC-BE1F-10F7A5FC2E73} - (Web Search) - http://startsear.ch O69 - SBI: SearchScopes [HKCU] {972F176C-63F2-459B-9709-8D100364A4BB} - (Google) - http://www.google.com O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} [DefaultScope] - (Search Results) - http://dts.search-results.com O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} - (Search Results) - http://dts.search-results.com O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} - (Search Results) - http://dts.search-results.com ~ Keys: Scanned in 00mn 00s ---\\ Recherche des services démarrés par Svchost (O83) ~ Services: 32 Legitimates Scanned in 00mn 00s ---\\ Recherche particuliere à la racine de certains dossiers (O84) [MD5.07A3AB7469B7826F938D40AA4820E926] [SPRF][01/12/2008] (...) -- C:\Users\greg\AppData\Local\Temp\aae.exe [8990720] [MD5.BCB0728F4B117855765CE8FE883B5E9B] [SPRF][02/04/2013] (...) -- C:\Users\greg\AppData\Local\Temp\NEventMessages.dll [1536] [MD5.BCB0728F4B117855765CE8FE883B5E9B] [SPRF][02/04/2013] (...) -- C:\Users\greg\AppData\Local\Temp\NOSEventMessages.dll [1536] [MD5.188460B7F1C0721A21951F0F7C1682E6] [SPRF][30/09/2011] (...) -- C:\Users\greg\Budget\Desktop\cc_20110930_203127.reg [3256] [MD5.EB04478ACAD5B48178F9F92285CFF09D] [SPRF][20/10/2011] (...) -- C:\Users\greg\Budget\Desktop\cc_20111020_211113.reg [19138] [MD5.AACC28EBFAE250B9411A97980D52009F] [SPRF][02/12/2011] (...) -- C:\Users\greg\Budget\Desktop\cc_20111202_203413.reg [12634] [MD5.FEB8DC5096AD63CACE93A7FCF20CE86D] [SPRF][09/03/2012] (...) -- C:\Users\greg\Budget\Desktop\cc_20120309_195056.reg [23866] [MD5.DC8FA7560A354F4DE2500954EA7A6C37] [SPRF][21/04/2012] (...) -- C:\Users\greg\Budget\Desktop\cc_20120421_172859.reg [2846] [MD5.2FD994827193B68DD301F80BDF744231] [SPRF][03/04/2009] (.Husdawg, LLC - System Requirements Lab.) -- C:\Windows\Downloaded Program Files\sysreqlab_nvd.dll [354608] ~ Files: Scanned in 00mn 00s ---\\ Firewall Active Exception List (FirewallRules) (O87) ~ Firewall: 226 Legitimates Scanned in 00mn 02s ---\\ Scan Additionnel (O88) Database Version : v2.11473 - (06/04/2013) Clés trouvées (Keys found) : 99 Valeurs trouvées (Values found) : 1 Dossiers trouvés (Folders found) : 7 Fichiers trouvés (Files found) : 0 [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}] =>Adware.Yontoo [HKLM\Software\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}] =>Adware.Yontoo [HKLM\Software\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28387537-e3f9-4ed7-860c-11e69af4a8a0}] =>PUP.iMesh [HKLM\Software\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}] =>Adware.Bandoo [HKLM\Software\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}] =>Toolbar.Babylon [HKLM\Software\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}] =>Adware.Bandoo [HKLM\Software\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}] =>Adware.Bandoo [HKLM\Software\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}] =>Toolbar.Babylon [HKLM\Software\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}] =>Toolbar.Agent [HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Adware.AskSBAR [HKLM\Software\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}] =>Adware.Bandoo [HKLM\Software\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}] =>Toolbar.Agent [HKLM\Software\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}] =>Toolbar.Babylon [HKLM\Software\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}] =>Toolbar.Agent [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] =>Adware.Bandoo [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] =>Adware.Bandoo [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}] =>Adware.Bandoo [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}] =>Adware.Bandoo [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}] =>Toolbar.Agent [HKLM\Software\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}] =>Adware.Bandoo [HKLM\Software\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}] =>Spyware.Soft2PC [HKLM\Software\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}] =>Spyware.Soft2PC [HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper [HKLM\Software\Wow6432Node\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper [HKLM\Software\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}] =>Adware.Bandoo [HKLM\Software\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\BrowserConnection.dll] =>Adware.Bandoo [HKLM\Software\Classes\AppID\DNSBHO.dll] =>Adware.Bandoo [HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader [HKCU\Software\BabylonToolbar] =>Toolbar.Babylon [HKCU\Software\DataMngr] =>Adware.Bandoo [HKLM\Software\DataMngr] =>Adware.Bandoo [HKLM\Software\Wow6432Node\DataMngr] =>Adware.Bandoo [HKCU\Software\DataMngr_Toolbar] =>Toolbar.Agent [HKCU\Software\Grand Virtual] =>Spyware.AgenceExclusive [HKCU\Software\iMesh] =>PUP.iMesh [HKLM\Software\Wow6432Node\iMeshMediabarTB] =>PUP.iMesh [HKCU\Software\PartyFrance] =>Casino.OnlineGames [HKCU\Software\AppDataLow\Software\searchqutoolbar] =>Adware.Bandoo [HKCU\Software\StartSearch] =>Hijacker.Agent [HKLM\Software\Tarma Installer] =>Toolbar.Agent [HKCU\Software\vShare.tv] =>PUP.VShareRedir [HKLM\Software\Wow6432Node\Winsudate] =>Adware.Gibmedia [HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASAPI32] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASMANCS] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Microsoft\Tracing\SearchquMediaBar_RASAPI32] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Microsoft\Tracing\SearchquMediaBar_RASMANCS] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS] =>Adware.Bandoo [HKLM\Software\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}] =>Toolbar.Conduit [HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon [HKCU\Software\InstallCore] =>Adware.InstallCore [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing [HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch [HKLM\Software\Wow6432Node\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch [HKLM\Software\Wow6432Node\Microsoft\Tracing\Setup_RASAPI32] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Microsoft\Tracing\Setup_RASMANCS] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}] =>Toolbar.Freecorder [HKLM\Software\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}] =>Toolbar.Freecorder [HKLM\Software\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}] =>Toolbar.Freecorder [HKLM\Software\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}] =>Toolbar.Freecorder [HKLM\Software\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}] =>Toolbar.Freecorder [HKLM\Software\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}] =>Toolbar.Freecorder [HKLM\Software\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}] =>Toolbar.Freecorder [HKLM\Software\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}] =>Toolbar.Freecorder [HKLM\Software\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}] =>Toolbar.Freecorder [HKLM\Software\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}] =>Toolbar.Freecorder [HKLM\Software\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}] =>Toolbar.Freecorder [HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Smad] =>Trojan.Smad [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}] =>Adware.Bandoo^ [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}] =>Adware.Bandoo^ [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar]:{99079A25-328F-4BD4-BE04-00955ACAA0A7} =>Adware.Bandoo C:\Program Files (x86)\Windows Searchqu Toolbar =>Adware.Bandoo C:\Program Files (x86)\vShare.tv plugin =>PUP.VShareRedir C:\ProgramData\Babylon =>Toolbar.Babylon C:\Users\greg\AppData\Roaming\Babylon =>Toolbar.Babylon C:\Users\greg\AppData\LocalLow\searchquband =>Adware.Bandoo C:\Users\greg\AppData\LocalLow\mediabarim =>PUP.iMesh C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\wd9yqzkv.default\mediabarim =>PUP.iMesh ~ Additionnel: Scanned in 00mn 26s ---\\ Product Upgrade Codes (O90) O90 - PUC: "7FB15A97CEF69BB47993F814B5EFE723" . (.Phoenix Service Software.) -- C:\Windows\Installer\{79A51BF7-6FEC-4BB9-9739-8F415BFE7E32}\ARPPRODUCTICON.exe O90 - PUC: "96299809B4552764F9D8A4A2D0A05F5B" . (..) -- C:\Windows\Installer\{90899269-554B-4672-9F8D-4A2A0D0AF5B5}\ARPPRODUCTICON.exe O90 - PUC: "BF187F69A25C9E340A7EE964844279E5" . (.Phoenix Service Software.) -- C:\Windows\Installer\{96F781FB-C52A-43E9-A0E7-9E464824975E}\ARPPRODUCTICON.exe ~ Update Products: 117 Legitimates Scanned in 00mn 00s ---\\ Random Export Key (O91) [HKLM\Software\Wow6432Node\14919ea49a8f3b4aa3cf1058d9a64cec] => Clé orpheline ~ Export Key Software: Scanned in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 12/03/2013 253656 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SR - | Auto 17/12/2007 163840 | (EPSON_EB_RPCV4_01) . (.SEIKO EPSON CORPORATION.) - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.exe SR - | Auto 11/01/2007 126464 | (EPSON_PM_RPCV4_01) . (.SEIKO EPSON CORPORATION.) - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.exe SS - | Auto 03/12/2009 135664 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 03/12/2009 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SR - | Auto 346976 | (HWDeviceService64.exe) . (...) - C:\ProgramData\DatacardService\HWDeviceService64.exe SR - | Auto 20/05/2011 13592 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe SS - | Demand 14/11/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe SS - | Demand 124512 | (Installer Service) . (...) - C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{E3A0C45A-7EDB-48EB-AB86-2445E74FBFBB}\Installer\InstallerService.exe SR - | Auto 22/09/2010 165032 | (Intel(R) PROSet Monitoring Service) . (.Intel Corporation.) - C:\Windows\system32\IProsetMonitor.exe SS - | Demand 25/11/2011 427640 | (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\x64\maconfservice.exe SS - | Demand 04/04/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe SR - | Auto 08/08/2007 836904 | (Nero BackItUp Scheduler 3) . (.Nero AG.) - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe SS - | Demand 21/08/2007 382248 | (NMIndexingService) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe SR - | Auto 02/10/2012 891240 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe SS - | Auto 10/10/2012 1258856 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe SR - | Auto 19/11/2012 177440 | (Panda Software Controller) . (.Panda Security, S.L..) - C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PsCtrls.exe SR - | Auto 21/09/2012 202016 | (PAVFNSVR) . (.Panda Security, S.L..) - C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PavFnSvr.exe SR - | Auto 04/02/2008 62768 | (PavPrSrv) . (.Panda Security, S.L..) - C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe SR - | Auto 13/04/2011 313664 | (PAVSRV) . (.Panda Security, S.L..) - C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\pavsrvx86.exe SR - | Auto 26/11/2009 226560 | (PSHost) . (.Panda Security International.) - c:\program files (x86)\panda security\panda internet security 2013\firewall\PSHOST.exe SR - | Auto 19/06/2008 108288 | (PSIMSVC) . (.Panda Security S.L..) - C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PsImSvc.exe SR - | Auto 16/08/2010 28992 | (PskSvcRetail) . (.Panda Security, S.L..) - C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PskSvc.exe SR - | Auto 12/01/2012 372736 | (RalinkRegistryWriter) . (.Ralink Technology, Corp..) - C:\Program Files (x86)\Ralink\Common\RaRegistry.exe SR - | Auto 12/01/2012 447488 | (RalinkRegistryWriter64) . (.Ralink Technology, Corp..) - C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe SS - | Auto 625728 | (RaMediaServer) . (...) - C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe SR - | Demand 19/12/2012 732648 | (ServiceLayer) . (.Nokia.) - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe SS - | Demand 25/11/2010 403240 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe SR - | Auto 02/10/2012 382824 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe SR - | Auto 06/03/2013 3560288 | (TeamViewer8) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe SR - | Auto 16/11/2012 173344 | (TPSrv) . (.Panda Security, S.L..) - C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\TPSrvWow.exe SR - | Auto 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SS - | Disabled 12/11/2001 20480 | (x10nets) . (.X10.) - C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe ~ Services: Scanned in 00mn 01s ~ 2318 Legitimates filtered by white list End of the scan (908 lines in 04mn 24s)(0)