Rapport de ZHPDiag v2013.4.16.93 par Nicolas Coolman, Update du 16/04/2013 Run by admin1 at 17/04/2013 16:55:16 State : Version à jour. WhiteList : Enable High Elevated Privileges : OK UAC : Not Found ---\\ Web Browser MSIE: Internet Explorer v8.0.6001.18702 MFIE: Mozilla Firefox 19.0.2 v19.0.2 GCIE: Google Chrome v23.0.1271.97 (Defaut) ---\\ Windows Product Information ~ Langage: Français Windows XP Professional Service Pack 3 (Build 2600) Windows Automatic Updates : OK Windows Genuine Advantage : OK ---\\ System Protection ---\\ System Optimizer CCleaner v2.29 ---\\ Software Update Adobe Flash Player 11 Plugin Adobe Reader 9.5.4 - Français Java 7 Update 15 ---\\ System Information ~ Processor: x86 Family 6 Model 15 Stepping 6, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 2046 MB (41% free) System Restore: Activé (Enable) System drive H: has 95 GB (15%) free of 596 GB ---\\ Logged in mode ~ Computer Name: MURCIELAGO ~ User Name: admin1 ~ All Users Names: UpdatusUser, SUPPORT_388945a0, patrick, HelpAssistant, ASPNET, Administrateur, admin1, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Environnement Variables ~ System Unit : H:\ ~ %AppData% : H:\Documents and Settings\admin1\Application Data\ ~ %Desktop% : H:\Documents and Settings\admin1\Bureau\ ~ %Favorites% : H:\Documents and Settings\admin1\Favoris\ ~ %LocalAppData% : H:\Documents and Settings\admin1\Local Settings\Application Data\ ~ %StartMenu% : H:\Documents and Settings\admin1\Menu Démarrer\ ~ %Windir% : H:\WINDOWS\ ~ %System% : H:\WINDOWS\system32\ ---\\ DOS/Devices D:\ Floppy drive, Flash card reader, USB Key (Not Inserted) E:\ Floppy drive, Flash card reader, USB Key (Not Inserted) F:\ Floppy drive, Flash card reader, USB Key (Not Inserted) G:\ CD-ROM drive (Not Inserted) H:\ Hard drive, Flash drive, Thumb drive (Free 95 Go of 596 Go) I:\ CD-ROM drive (Not Inserted) J:\ CD-ROM drive (Not Inserted) K:\ CD-ROM drive (Not Inserted) M:\ Floppy drive, Flash card reader, USB Key (Not Inserted) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK ~ Security Center: Scanned in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 - 03:34:03.) -- H:\WINDOWS\Explorer.exe [1037824] [MD5.48309E1F5ED8E72783EEFBA04898BDA1] - (.Microsoft Corporation - Internet Extensions for Win32.) (.02/03/2013 - 02:55:11.) -- H:\WINDOWS\system32\wininet.dll [916480] [MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14/04/2008 - 03:34:28.) -- H:\WINDOWS\system32\Winlogon.exe [512000] [MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- H:\WINDOWS\system32\Drivers\AFD.sys [138496] [MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 20:14:21.) -- H:\WINDOWS\system32\Drivers\Cdfs.sys [63744] [MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 19:40:46.) -- H:\WINDOWS\system32\Drivers\Cdrom.sys [62976] [MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.14/04/2008 - 02:57:38.) -- H:\WINDOWS\system32\Drivers\Fips.sys [44672] [MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 17:36:05.) -- H:\WINDOWS\system32\Drivers\HDAudBus.sys [144384] [MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.14/04/2008 - 03:00:52.) -- H:\WINDOWS\system32\Drivers\i8042prt.sys [54144] [MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 19:40:58.) -- H:\WINDOWS\system32\Drivers\Imapi.sys [42112] [MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 19:57:15.) -- H:\WINDOWS\system32\Drivers\IpNat.sys [152832] [MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 20:19:42.) -- H:\WINDOWS\system32\Drivers\IPSec.sys [75264] [MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- H:\WINDOWS\system32\Drivers\MRxSmb.sys [456320] [MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 20:21:00.) -- H:\WINDOWS\system32\Drivers\netBT.sys [162816] [MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 20:15:53.) -- H:\WINDOWS\system32\Drivers\ntfs.sys [574976] [MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/04/2008 - 03:09:40.) -- H:\WINDOWS\system32\Drivers\Parport.sys [80384] [MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 20:19:43.) -- H:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328] [MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 19:32:51.) -- H:\WINDOWS\system32\Drivers\rdpdr.sys [196224] [MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.14/04/2008 - 02:57:34.) -- H:\WINDOWS\system32\Drivers\redbook.sys [58752] [MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/04/2008 - 02:56:04.) -- H:\WINDOWS\system32\Drivers\volsnap.sys [53376] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 2/1098 ~ Mes musiques (My Musics) : 64/2097 ~ Mes Videos (My Videos) : 2/223 ~ Mes Favoris (My Favorites) : 1/13 ~ Mes Documents (My Documents) : 3/40668 ~ Mon Bureau (My Desktop) : 0/173 ~ Menu demarrer (Programs) : 1/62 ~ Hidden Files: Scanned in 00mn 55s ---\\ Processus lancés [MD5.0E097E4D63E39FD2583DB1CF5CFE3AD5] - (.Cisco Systems, Inc. - VPN Agent Service.) -- H:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [435152] [PID.1580] [MD5.32C139FC0363681804EFF9394CD6B1B8] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- H:\WINDOWS\RTHDCPL.exe [16126464] [PID.1240] [MD5.3C6C546F303C1B956C6F5C436C97CB8F] - (.ALWIL Software - avast! Antivirus.) -- H:\Program Files\Alwil Software\Avast5\AvastUI.exe [2815192] [PID.1272] [MD5.3CB07566302BCEEB898DE270A0BEC175] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- H:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [946352] [PID.1324] [MD5.26345C6180000928E958BFFDF7AF2128] - (.Cisco Systems, Inc. - Cisco AnyConnect User Interface.) -- H:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [519632] [PID.1344] [MD5.C6908549873D2F08240FF9FBFF3CDB2E] - (.Boxore OU - Boxore Client.) -- H:\Program Files\Boxore\BoxoreClient\boxore.exe [606520] [PID.1332] =>Adware.Boxore [MD5.12916E0642E92561C98B18A2A2D01B14] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- H:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [252848] [PID.1384] [MD5.93AD0B78C7357A05F50E594EC7C22300] - (...) -- ystem32\RunDLL32.exe [0] [PID.1396] [MD5.9222E48DFA681E35F340DF4E079F7C27] - (.Valve Corporation - Steam Client Bootstrapper (buildbot_winslav.) -- H:\Program Files\Steam\Steam.exe [1631144] [PID.1444] [MD5.F02A533F517EB38333CB12A9E8963773] - (.Google Inc. - Programme d'installation de Google.) -- H:\Documents and Settings\admin1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [136176] [PID.1488] [MD5.F34E7705751BB413283434697BF8E55D] - (.DT Soft Ltd - DAEMON Tools Lite.) -- H:\Program Files\DAEMON Tools Lite\DTLite.exe [357696] [PID.1604] [MD5.9EB925EDC8CF1C3D06E50E9348B54A0A] - (.Facebook Inc. - Programme d'installation de Facebook.) -- H:\Documents and Settings\admin1\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [138096] [PID.1736] [MD5.7E4AD8220AF0B281274F9785DD53E25C] - (.Skype Technologies S.A. - Skype.) -- H:\Program Files\Skype\Phone\Skype.exe [18642024] [PID.1748] [MD5.4458989C34FA84B5A75DD3ABCFBE786A] - (.Pas de propriétaire - Pando Media Booster.) -- H:\Program Files\Pando Networks\Media Booster\PMB.exe [3093624] [PID.1900] [MD5.AE5A69F44C1F97EDC83237FC0B29B6FB] - (.Google Inc. - Google Crash Handler.) -- H:\Documents and Settings\admin1\Local Settings\Application Data\Google\Update\1.3.21.123\GoogleCrashHandler.exe [212432] [PID.404] [MD5.D9F39EB720E2E171AD1D1CE0BE1DEF2B] - (.OpenOffice.org - OpenOffice.org 3.0.) -- H:\Program Files\OpenOffice.org 3\program\soffice.exe [7424000] [PID.484] [MD5.42E40CE6501819320F6282AC6A9D97D3] - (.OpenOffice.org - OpenOffice.org 3.0.) -- H:\Program Files\OpenOffice.org 3\program\soffice.bin [7418368] [PID.568] [MD5.73686FE0B2E0469F89FD2075BE724704] - (.Apple Computer, Inc. - Bonjour Service.) -- H:\Program Files\Bonjour\mDNSResponder.exe [229376] [PID.220] [MD5.4C260DE6B554A670546578426BB0C604] - (...) -- H:\Documents and Settings\All Users\Application Data\BrowserProtect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2469992] [PID.3000] =>Toolbar.Babylon [MD5.8D1F00F4254C3EF428B715484940427C] - (.Hi-Rez Studios - HiPatchService.) -- H:\Program Files\Hi-Rez Studios\HiPatchService.exe [8704] [PID.1180] [MD5.1758AF653723679E3746FC7DDD93C69B] - (.Oracle Corporation - Java(TM) Quick Starter Service.) -- H:\Program Files\Java\jre7\bin\jqs.exe [170912] [PID.2380] [MD5.30CB85790A3C70AE45C88E28BA6397C2] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 314.2.) -- H:\WINDOWS\system32\nvsvc32.exe [156960] [PID.2440] [MD5.205E1B699FD3F2F9B036EEA2EC30C620] - (...) -- H:\WINDOWS\system32\PnkBstrA.exe [76888] [PID.1964] [MD5.388AE59FE75F1B959DFA0900923C61BB] - (.Skype Technologies S.A. - Skype C2C Service.) -- H:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000] [PID.2040] [MD5.251A1AED2D4A26A47C0A4A3058AAE4A8] - (.Boxore OU. - Programme d'installation de Software.) -- H:\Program Files\Software\Update\SoftwareUpdate.exe [139576] [PID.2668] =>Adware.Boxore [MD5.5DFE72B9F1FF669070FC032090B7B982] - (.Sun Microsystems, Inc. - Java(TM) Update Checker.) -- H:\Program Files\Fichiers communs\Java\Java Update\jucheck.exe [507312] [PID.5564] [MD5.2D08AC1443FFA7FBED9A5EA5FD49AEB3] - (.Google Inc. - Google Chrome.) -- H:\Documents and Settings\admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe [1242728] [PID.1292] [MD5.DC79F4167BF4067CC0F2C72E4E6040B3] - (.Nicolas Coolman - ZHPDiag.) -- H:\Program Files\ZHPDiag\ZHPDiag.exe [6808576] [PID.1268] [MD5.37C8EC2860DF210ED93A94BF6525CBC7] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- H:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1266464] [PID.2592] [MD5.5E9A6658A2A69AE7EB195113B7A2E7A9] - (.Microsoft Corporation - Application Layer Gateway Service.) -- H:\WINDOWS\System32\alg.exe [44544] [PID.2088] ~ Processes Running: Scanned in 00mn 02s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) H:\Documents and Settings\admin1\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences G0 - GCSP: Preference [User Data\Default][HomePage] http://google.fr G0 - GCSP: Preference [User Data\Default] http://www.google.fr G1 - GCS: Preference [User Data\Default] None ~ Google Browser: Scanned in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) H:\Documents and Settings\admin1\Application Data\Mozilla\Firefox\Profiles\u7hz71zy.default\prefs.js H:\Documents and Settings\admin1\Application Data\Mozilla\Firefox\Profiles\u7hz71zy.default\user.js M3 - MFPP: Plugins - [admin1] -- H:\Documents and Settings\admin1\Application Data\Mozilla\Firefox\Profiles\u7hz71zy.default\searchplugins\babylon1.xml =>Toolbar.Babylon M3 - MFPP: Plugins - [admin1] -- H:\Documents and Settings\admin1\Application Data\Mozilla\Firefox\Profiles\u7hz71zy.default\searchplugins\BrowserProtect.xml =>Toolbar.Babylon M3 - MFPP: Plugins - [admin1] -- H:\Documents and Settings\admin1\Application Data\Mozilla\Firefox\Profiles\u7hz71zy.default\searchplugins\fissa.xml M3 - MFPP: Plugins - [admin1] -- H:\Documents and Settings\admin1\Application Data\Mozilla\Firefox\Profiles\u7hz71zy.default\searchplugins\Search.xml M3 - MFPP: Plugins - [admin1] -- H:\Program Files\Mozilla FireFox\searchplugins\babylon.xml =>Toolbar.Babylon M2 - MFEP: prefs.js [admin1 - u7hz71zy.default\@FissaPlugin] [] Fissa v1.0 (..) M2 - MFEP: prefs.js [admin1 - u7hz71zy.default\ChoiceGuard@Microsoft] [] Microsoft Choice Guard v2.0 (..) M2 - MFEP: prefs.js [admin1 - u7hz71zy.default\ffxtlbr@babylon.com] [] Babylon Toolbar v1.5.0 (..) =>Toolbar.Babylon M2 - MFEP: prefs.js [admin1 - u7hz71zy.default\plugin@videofiledownload.com] [] VideoFileDownload - Download YouTube Videos v1.5 (..) M2 - MFEP: prefs.js [admin1 - u7hz71zy.default\{1c491116-c175-45e1-a570-6fb14fea8b7b}] [] PHPNukeFR Community Toolbar v3.18.0.7 (..) M2 - MFEP: prefs.js [admin1 - u7hz71zy.default\{20a82645-c095-46ed-80e3-08825760534b}] [MicrosoftCG] Microsoft .NET Framework Assistant v1.2.1 (..) P2 - FPN:Firefox Plugin Navigator . (.BitComet - BitCometAgent v1.27 for Firefox.) -- H:\Program Files\Mozilla Firefox\Plugins\npBitCometAgent.dll P2 - FPN:Firefox Plugin Navigator . (.DivX, Inc - npdivxplayerplugin.) -- H:\Program Files\Mozilla Firefox\Plugins\npDivxPlayerPlugin.dll P2 - FPN: [HKLM] [@divx.com/DivX Browser Plugin,version=1.0.0] - (.DivX,Inc. - DivX Web Player version 2.0.0.254.) -- H:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll P2 - FPN: [HKLM] [@divx.com/DivX Player Plugin,version=1.0.0] - (.DivX, Inc - npdivxplayerplugin.) -- H:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll P2 - FPN: [HKLM] [@ngm.nexoneu.com/NxGame] - (.Nexon - Nexon Game Controller 1.0.0.1.) -- H:\Documents and Settings\All Users\Application Data\NexonEU\NGM\npNxGameeu.dll P2 - FPN: [HKLM] [@pandonetworks.com/PandoWebPlugin] - (.Pando Networks - Pando Web Plugin.) -- H:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll P2 - FPN: [HKLM] [@www.dlmanager.net/omaha/tools//Software Update;version=8] - (.Boxore OU. - Software Update.) -- H:\Program Files\Software\Update\1.2.201.0\npSoftwareOneClick8.dll =>Adware.Boxore P2 - FPN: [HKCU] [pandonetworks.com/PandoWebPlugin] - (.Pando Networks - Pando Web Plugin.) -- H:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll ~ Firefox Browser: 48 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com =>Toolbar.Babylon R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://downloads.phpnuke.org R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = http://search.babylon.com =>Toolbar.Babylon R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Pando Networks - Pando Web Plugin.) (No version) -- (.not file.) R3 - URLSearchHook: PHPNukeFR Toolbar - {1c491116-c175-45e1-a570-6fb14fea8b7b} . (.Pando Networks - Pando Web Plugin.) (No version) -- (.not file.) R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2 ~ IE Browser: 12 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=H:\WINDOWS\system32\userinit.exe, F2 - REG:system.ini: Shell=H:\WINDOWS\explorer.exe F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ Keys: Scanned in 00mn 00s ---\\ Redirection du fichier Hosts (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 20 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: PHPNukeFR - {1c491116-c175-45e1-a570-6fb14fea8b7b} . (.Conduit Ltd. - Conduit Toolbar.) -- H:\Program Files\PHPNukeFR\prxtbPHP0.dll =>Toolbar.Conduit O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} . (...) -- H:\Program Files\BabylonToolbar\BabylonToolbar\1.8.7.2\bh\BabylonToolbar.dll (.not file.) =>Toolbar.Babylon ~ BHO: 8 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: PHPNukeFR Toolbar - [HKLM]{1c491116-c175-45e1-a570-6fb14fea8b7b} . (.Conduit Ltd. - Conduit Toolbar.) -- H:\Program Files\PHPNukeFR\prxtbPHP0.dll =>Toolbar.Conduit O3 - Toolbar: (no name) - [HKLM]{D0F4A166-B8D4-48b8-9D63-80849FE137CB} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- H:\WINDOWS\RTHDCPL.exe O4 - HKLM\..\Run: [Alcmtr] . (.Realtek Semiconductor Corp. - Realtek Azalia Audio - Event Monitor.) -- H:\WINDOWS\ALCMTR.exe O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- H:\Program Files\QuickTime\QTTask.exe O4 - HKLM\..\Run: [PlusService] . (.Yuna Software - Messenger Plus! 5.) -- H:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe O4 - HKLM\..\Run: [avast5] . (.ALWIL Software - avast! Antivirus.) -- H:\Program Files\Alwil Software\Avast5\AvastUI.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- H:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe O4 - HKLM\..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] . (.Cisco Systems, Inc. - Cisco AnyConnect User Interface.) -- H:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe O4 - HKLM\..\Run: [NPSStartup] Clé orpheline O4 - HKLM\..\Run: [Boxore Client] . (.Boxore OU - Boxore Client.) -- H:\Program Files\Boxore\BoxoreClient\boxore.exe =>Adware.Boxore O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] . (.LogMeIn Inc. - Hamachi Client Application.) -- H:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- H:\Program Files\Fichiers communs\Java\Java Update\jusched.exe O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- H:\WINDOWS\system32\NvMCTray.dll O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- H:\WINDOWS\system32\NvCpl.dll O4 - HKLM\..\Run: [nwiz] . (...) -- H:\Program Files\NVIDIA Corporation\nview\nwiz.exe O4 - HKCU\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper (buildbot_winslav.) -- H:\Program Files\Steam\Steam.exe O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- H:\Documents and Settings\admin1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- H:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- H:\Program Files\DAEMON Tools Lite\DTLite.exe O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- H:\Documents and Settings\admin1\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe O4 - HKCU\..\Run: [Spotify] H:\Documents and Settings\admin1\Application Data\Spotify\Spotify.exe (.not file.) O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- H:\Program Files\Skype\Phone\Skype.exe O4 - HKCU\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- H:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Pando Media Booster] . (.Pas de propriétaire - Pando Media Booster.) -- H:\Program Files\Pando Networks\Media Booster\PMB.exe O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- H:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_6_602_180_Plugin.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- H:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- H:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- H:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-21-527237240-57989841-839522115-1006\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- H:\WINDOWS\system32\CTFMON.exe ~ Application: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Programs: Acrobat Reader 5.0.lnk . (.Adobe Systems Incorporated - Acrobat Reader 5.0.) -- H:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe O4 - GS\Programs: Adobe After Effects CS3.lnk . (.Adobe Systems Incorporated - Adobe After Effects CS3.) -- H:\Program Files\Adobe\Adobe After Effects CS3\Support Files\AfterFX.exe O4 - GS\Programs: Adobe Bridge CS3.lnk . (.Adobe Systems, Inc. - Adobe Bridge.) -- H:\Program Files\Adobe\Adobe Bridge CS3\Bridge.exe O4 - GS\Programs: Adobe Device Central CS3.lnk . (.Adobe Systems - Adobe Device Central CS3.) -- H:\Program Files\Adobe\Adobe Device Central CS3\DeviceCentral.exe O4 - GS\Programs: Adobe ExtendScript Toolkit 2.lnk . (.Adobe Systems, Incorporated - ExtendScript Toolkit 2 and Debugger.) -- H:\Program Files\Adobe\Adobe Utilities\ExtendScript Toolkit 2\ExtendScript Toolkit 2.exe O4 - GS\Programs: Adobe Photoshop CS3.lnk . (.Adobe Systems, Incorporated - Adobe Photoshop CS3.) -- H:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe O4 - GS\Programs: Adobe Reader 9.lnk . (...) -- H:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-A95000000001}\SC_Reader.ico O4 - GS\Programs: Adobe Stock Photos CS3.lnk . (.Adobe Systems Incorporated - Adobe Stock Photos CS3.) -- H:\Program Files\Adobe\Adobe Stock Photos CS3\Adobe Stock Photos CS3.exe O4 - GS\Programs: Apple Software Update.lnk . (...) -- H:\WINDOWS\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe O4 - GS\Programs: Audacity.lnk . (...) -- H:\Program Files\Audacity\audacity.exe O4 - GS\Programs: LOL Recorder.lnk . (...) -- H:\Program Files\LOLReplay\LOLRecorder.exe (.not file.) O4 - GS\Programs: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- H:\Program Files\Mozilla Firefox\firefox.exe O4 - GS\Programs: Windows Messenger.lnk . (.Microsoft Corporation - Windows Messenger.) -- H:\Program Files\Messenger\msmsgs.exe O4 - GS\Programs: Windows Movie Maker.lnk . (.Microsoft Corporation - Windows Movie Maker.) -- H:\Program Files\Movie Maker\moviemk.exe O4 - GS\Programs: Assistance à distance.lnk . (.Microsoft Corporation - Assistance à distance Microsoft.) -- H:\WINDOWS\system32\rcimlby.exe O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- H:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Programs: Outlook Express.lnk . (.Microsoft Corporation - Outlook Express.) -- H:\Program Files\Outlook Express\msimn.exe O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- H:\Program Files\Windows Media Player\wmplayer.exe O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- H:\Program Files\Internet Explorer\IEXPLORE.exe O4 - GS\Programs: Lecteur Windows Media.lnk . (.Microsoft Corporation - Windows Media Player.) -- H:\Program Files\Windows Media Player\wmplayer.exe O4 - GS\Programs: Jouer (EasyBits GO).lnk . (.EasyBits Software AS - Game Organizer.) -- H:\Documents and Settings\All Users\Application Data\Easybits GO\EasyBitsGO.exe O4 - GS\Programs: SymInstallStub.lnk . (.Symantec Corporation - SymInstallStub.) -- H:\WINDOWS\system32\Adobe\Shockwave 11\syminstallstub.exe ~ Global Startup: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -- Clé orpheline O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- H:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Clé orpheline O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- H:\Program Files\Messenger\msmsgs.exe ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Internet Explorer Plugins (O12) O12 - Plugin for .spop .(.Intertrust Technologies, Inc. - InterTrust Redemption Wizard.) -- H:\Program Files\Internet Explorer\Plugins\NPDocBox.dll ~ IE Extra Buttons: 1 Legitimates Filtered in 00mn 00s ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab ~ Objets ActiveX: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{4BDACEF3-0E2B-480A-9D0C-4002A98B28F4}: DhcpNameServer = 212.27.40.240 212.27.40.241 O17 - HKLM\System\CS1\Services\Tcpip\..\{4BDACEF3-0E2B-480A-9D0C-4002A98B28F4}: DhcpNameServer = 212.27.40.240 212.27.40.241 O17 - HKLM\System\CS2\Services\Tcpip\..\{4BDACEF3-0E2B-480A-9D0C-4002A98B28F4}: DhcpNameServer = 212.27.40.240 212.27.40.241 O17 - HKLM\System\CS3\Services\Tcpip\..\{4BDACEF3-0E2B-480A-9D0C-4002A98B28F4}: DhcpNameServer = 212.27.40.240 212.27.40.241 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- H:\WINDOWS\system32\wiascr.dll O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation - DLL commune du shell Windows.) -- H:\WINDOWS\system32\SHELL32.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- H:\WINDOWS\system32\crypt32.dll O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- H:\WINDOWS\system32\cryptnet.dll O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- H:\WINDOWS\system32\cscdll.dll O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- H:\WINDOWS\system32\dimsntfy.dll O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- H:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- H:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- H:\WINDOWS\system32\sclgntfy.dll O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- H:\WINDOWS\system32\WlNotify.dll O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- H:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- H:\WINDOWS\system32\wlnotify.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - AppInit_DLLs: . (...) - H:\Documents and Settings\All Users\Application Data\BrowserProtect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll =>Toolbar.Babylon ~ AppInit DLL: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: BrowserProtect (BrowserProtect) . (...) - H:\Documents and Settings\All Users\Application Data\BrowserProtect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe =>Toolbar.Babylon O23 - Service: PnkBstrA (PnkBstrA) . (...) - H:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Software Update Service (supdate) (supdate) . (.Boxore OU. - Programme d'installation de Software.) - H:\Program Files\Software\Update\SoftwareUpdate.exe =>Adware.Boxore O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) . (.Cisco Systems, Inc. - VPN Agent Service.) - H:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe ~ Services: 13 Legitimates Filtered in 00mn 05s ---\\ Enumération Active Desktop & MHTML Editor (O24) O24 - Desktop General: BackupWallPaper - .(...) - H:\Documents and Settings\admin1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop General: WallPaper - .(...) - H:\Documents and Settings\admin1\Mes documents\Mes images\Skyrim2.png ~ Desktop Component: 1 Legitimates Filtered in 00mn 00s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - H:\WINDOWS\Tasks\SoftwareUpdateTaskMachineCore.job [1070] O39 - APT:Automatic Planified Task - H:\WINDOWS\Tasks\SoftwareUpdateTaskMachineUA.job [1074] [MD5.251A1AED2D4A26A47C0A4A3058AAE4A8] [APT] [SoftwareUpdateTaskMachineCore] (.Boxore OU..) -- H:\Program Files\Software\Update\SoftwareUpdate.exe [139576] =>Adware.Boxore [MD5.251A1AED2D4A26A47C0A4A3058AAE4A8] [APT] [SoftwareUpdateTaskMachineUA] (.Boxore OU..) -- H:\Program Files\Software\Update\SoftwareUpdate.exe [139576] =>Adware.Boxore ~ Scheduled Task: 15 Legitimates Filtered in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: Babylon toolbar - (.BabylonToolbar.) [HKLM] -- BabylonToolbar =>Toolbar.Babylon O42 - Logiciel: Boxore Client - (.Boxore OU.) [HKLM] -- {EA69DAE1-1BC2-48ED-AB9A-24A5C8AC8071} =>Adware.Boxore O42 - Logiciel: BrowserProtect - (.Bit89 Inc.) [HKLM] -- {15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} =>Toolbar.Babylon O42 - Logiciel: Dragon Nest Europe - (...) [HKLM] -- Dragon Nest Europe O42 - Logiciel: LoudMo Contextual Ad Assistant - (...) [HKLM] -- OIY-g-UGUp9e_Hy O42 - Logiciel: PFConfig 1.0.296 - (.Portforward.com.) [HKLM] -- PFConfig O42 - Logiciel: PHPNukeFR Toolbar - (...) [HKLM] -- PHPNukeFR Toolbar O42 - Logiciel: Pando Media Booster - (.Pando Networks Inc..) [HKLM] -- {980A182F-E0A2-4A40-94C1-AE0C1235902E} O42 - Logiciel: Regressi - (.Evariste.) [HKCU] -- Regressi O42 - Logiciel: Source Filmmaker - (...) [HKLM] -- Steam App 1840 O42 - Logiciel: VideoFileDownload - (.VideoFileDownload.) [HKLM] -- vfd-apl O42 - Logiciel: X-Lite 3.0 - (.CounterPath Solutions Inc..) [HKLM] -- X-Lite 3.0_is1 O42 - Logiciel: µTorrent - (...) [HKLM] -- uTorrent ~ Logic: 252 Legitimates Filtered in 00mn 01s ---\\ HKCU & HKLM Software Keys [HKCU\Software\596ded1b139ee43] [HKCU\Software\AppDataLow\-JQmP2R] [HKCU\Software\AppDataLow\HavingFunOnline] [HKCU\Software\AppDataLow\Software\PHPNukeFR] [HKCU\Software\Ask.com] [HKCU\Software\AskToolbar] [HKCU\Software\BabylonToolbar] =>Toolbar.Babylon [HKCU\Software\BitComet] [HKCU\Software\BitTorrent] [HKCU\Software\ChrmTB] [HKCU\Software\CounterPath] [HKCU\Software\DataMngr] =>PUP.Datamngr [HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr [HKCU\Software\EBInstaller] [HKCU\Software\EasySystems] [HKCU\Software\FTPRush] [HKCU\Software\FissaSearch] [HKCU\Software\FunnyGames] [HKCU\Software\InstallCore] =>PUP.InstallCore [HKCU\Software\OfferBox] =>PUP.OfferBox [HKCU\Software\PHPNukeFR] [HKCU\Software\Pando Networks] [HKCU\Software\Prassi Technology] [HKCU\Software\PriceGong] =>Adware.PriceGong [HKCU\Software\ROBLOX Corporation] [HKCU\Software\RegressiJunior] [HKCU\Software\Softonic] [HKCU\Software\WideStream] [HKCU\Software\Woozle] [HKCU\Software\conduitEngine] [HKCU\Software\perforce] [HKLM\Software\14919ea49a8f3b4aa3cf1058d9a64cec] [HKLM\Software\596ded1b139ee43] [HKLM\Software\ATT] [HKLM\Software\Babylon] =>Toolbar.Babylon [HKLM\Software\Boxore] =>Adware.Boxore [HKLM\Software\DataMngr] =>PUP.Datamngr [HKLM\Software\Herac] [HKLM\Software\ImbaEnt] [HKLM\Software\Ntreev] [HKLM\Software\OfferBox] =>PUP.OfferBox [HKLM\Software\PHPNukeFR] [HKLM\Software\PWE] [HKLM\Software\Pando Networks] [HKLM\Software\Tarma Installer] =>Toolbar.Tarma [HKLM\Software\WRUpdater] [HKLM\Software\WindyZone] [HKLM\Software\id] [HKLM\Software\perforce] ~ Key Software: 386 Legitimates Filtered in 00mn 01s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 13/10/2011 - 18:23:57 - [12,169] ----D H:\Program Files\ATTNaturalVoices O43 - CFD: 12/11/2004 - 17:08:34 - [0,164] ----D H:\Program Files\BGI O43 - CFD: 09/05/2010 - 02:26:35 - [2,757] ----D H:\Program Files\BIN O43 - CFD: 13/03/2013 - 20:24:01 - [1,273] ----D H:\Program Files\Boxore =>Adware.Boxore O43 - CFD: 09/05/2010 - 15:35:10 - [23,494] ----D H:\Program Files\CounterPath O43 - CFD: 12/11/2004 - 17:08:36 - [0,162] ----D H:\Program Files\DOC O43 - CFD: 04/10/2011 - 23:15:26 - [4,789] ----D H:\Program Files\EVARISTE O43 - CFD: 12/11/2004 - 17:08:38 - [0,698] ----D H:\Program Files\EXAMPLES O43 - CFD: 15/03/2011 - 19:11:52 - [-1973,308] ----D H:\Program Files\Left4Dead O43 - CFD: 24/02/2013 - 12:43:29 - [0,000] ----D H:\Program Files\LimeWire O43 - CFD: 21/07/2012 - 14:10:39 - [0,066] ----D H:\Program Files\OApps O43 - CFD: 15/05/2010 - 18:25:16 - [7,234] ----D H:\Program Files\Pando Networks O43 - CFD: 07/05/2011 - 16:18:14 - [1,037] ----D H:\Program Files\PFConfig O43 - CFD: 30/04/2012 - 14:37:48 - [12,392] ----D H:\Program Files\PHPNukeFR O43 - CFD: 12/11/2004 - 17:08:36 - [0,219] ----D H:\Program Files\SOURCE O43 - CFD: 12/11/2004 - 17:08:38 - [0,297] ----D H:\Program Files\UNITS O43 - CFD: 16/09/2012 - 12:23:23 - [0,975] ----D H:\Program Files\uTorrent O43 - CFD: 25/12/2012 - 21:28:03 - [2,565] ----D H:\Documents and Settings\admin1\Application Data\BabSolution =>Hijacker.BabSolution O43 - CFD: 25/12/2012 - 21:27:00 - [0,009] ----D H:\Documents and Settings\admin1\Application Data\Babylon =>Toolbar.Babylon O43 - CFD: 23/01/2013 - 20:37:37 - [0] ----D H:\Documents and Settings\admin1\Application Data\BabylonToolbar =>Toolbar.Babylon O43 - CFD: 03/12/2012 - 22:42:49 - [0,310] ----D H:\Documents and Settings\admin1\Application Data\BitComet O43 - CFD: 01/06/2010 - 12:51:05 - [0,132] ----D H:\Documents and Settings\admin1\Application Data\FTPRush O43 - CFD: 05/07/2012 - 00:04:09 - [0,024] ----D H:\Documents and Settings\admin1\Application Data\FunnyGames O43 - CFD: 15/01/2011 - 18:55:53 - [0,222] ----D H:\Documents and Settings\admin1\Application Data\OfferBox =>PUP.OfferBox O43 - CFD: 07/11/2010 - 19:33:16 - [4,065] ----D H:\Documents and Settings\admin1\Application Data\OpenCandy =>Adware.OpenCandy O43 - CFD: 10/09/2011 - 16:59:52 - [2,117] ----D H:\Documents and Settings\admin1\Application Data\PriceGong =>Adware.PriceGong O43 - CFD: 18/03/2013 - 00:45:09 - [2,979] ----D H:\Documents and Settings\admin1\Application Data\uTorrent O43 - CFD: 13/01/2011 - 18:55:58 - [0,001] ----D H:\Documents and Settings\admin1\Application Data\widestream O43 - CFD: 23/01/2011 - 01:41:03 - [0,292] ----D H:\Documents and Settings\admin1\Application Data\WinterVoicesDemo O43 - CFD: 10/09/2011 - 16:59:52 - [4,424] ----D H:\Documents and Settings\admin1\Local Settings\Application Data\ConduitEngine O43 - CFD: 09/05/2010 - 15:37:52 - [0,066] ----D H:\Documents and Settings\admin1\Local Settings\Application Data\CounterPath O43 - CFD: 25/08/2011 - 00:43:58 - [162,932] ----D H:\Documents and Settings\admin1\Local Settings\Application Data\Ironclad Games O43 - CFD: 08/05/2010 - 14:17:57 - [0,076] ----D H:\Documents and Settings\admin1\Local Settings\Application Data\lazarus O43 - CFD: 08/01/2012 - 22:13:24 - [0,001] ----D H:\Documents and Settings\admin1\Local Settings\Application Data\mpress O43 - CFD: 07/11/2010 - 19:40:01 - [0] ----D H:\Documents and Settings\admin1\Local Settings\Application Data\OpenCandy =>Adware.OpenCandy O43 - CFD: 02/06/2012 - 13:59:53 - [6,643] ----D H:\Documents and Settings\admin1\Local Settings\Application Data\PHPNukeFR O43 - CFD: 14/09/2011 - 16:08:52 - [0,227] ----D H:\Documents and Settings\admin1\Local Settings\Application Data\Roblox O43 - CFD: 14/09/2011 - 16:04:01 - [17,094] ----D H:\Documents and Settings\admin1\Local Settings\Application Data\RobloxDownloads O43 - CFD: 14/09/2011 - 16:03:45 - [0,435] ----D H:\Documents and Settings\admin1\Local Settings\Application Data\RobloxVersions O43 - CFD: 27/09/2011 - 22:09:49 - [0] ----D H:\Documents and Settings\admin1\Local Settings\Application Data\uTorrent O43 - CFD: 13/01/2011 - 18:56:14 - [0,171] ----D H:\Documents and Settings\admin1\Local Settings\Application Data\widestream6 Air O43 - CFD: 04/10/2011 - 23:15:28 - [5,969] --H-D H:\Documents and Settings\admin1\Local Settings\Application Data\{74E9B3B4-EF23-4AE9-98CA-1BBF7BF6AC61} O43 - CFD: 25/12/2012 - 21:28:15 - [0,001] ----D H:\Documents and Settings\admin1\Menu Démarrer\Programmes\BrowserProtect =>Toolbar.Babylon O43 - CFD: 07/05/2011 - 16:18:12 - [0,001] ----D H:\Documents and Settings\admin1\Menu Démarrer\Programmes\Portforward.com O43 - CFD: 04/10/2011 - 23:15:27 - [0,006] ----D H:\Documents and Settings\admin1\Menu Démarrer\Programmes\Regressi ~ Program Folder: 279 Legitimates Filtered in 05mn 34s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.878D0210F2CC719C604F13BF1BDBE1EB] - 17/04/2013 - 15:37:03 ---A- . (...) -- H:\WINDOWS\system32\nvAppTimestamps [8672] O44 - LFC:[MD5.83D089C8A99519A1DA47DEDA4A74B219] - 17/04/2013 - 10:53:53 ---A- . (...) -- H:\WINDOWS\wiaservc.log [50] O44 - LFC:[MD5.9472BF4A8E5D7053514667A093DB2A8E] - 17/04/2013 - 10:53:52 ---A- . (...) -- H:\WINDOWS\wiadebug.log [159] O44 - LFC:[MD5.02DF407FF9A5C724BE0CA0387847F7F1] - 14/04/2013 - 18:25:53 ---A- . (...) -- H:\WINDOWS\system32\Drivers\PnkBstrK.sys [139048] O44 - LFC:[MD5.A0BE870EC5C21503E67F8203CDD513ED] - 14/04/2013 - 18:25:47 ---A- . (...) -- H:\WINDOWS\system32\PnkBstrB.exe [282296] O44 - LFC:[MD5.A0BE870EC5C21503E67F8203CDD513ED] - 14/04/2013 - 18:25:47 ---A- . (...) -- H:\WINDOWS\system32\PnkBstrB.xtr [282296] O44 - LFC:[MD5.BC2F44781E0A324E5276E32BB6408261] - 14/04/2013 - 14:17:23 ---A- . (...) -- H:\WINDOWS\RegBootClean.exe [181808] ~ Files: 14 Legitimates Filtered in 00mn 03s ---\\ Opérations et fonctions au démarrage de Windows Explorer (O46) O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll ~ ShellExecuteHooks: Scanned in 00mn 00s ---\\ Export de clé d'application autorisée (O47) O47 - AAKE:Key Export SP - "H:\Documents and Settings\admin1\Mes documents\Partage_kratos\Call of Duty - World at War\CoDWaW-lanfix 1.5.exe" [Enabled] .(...) -- H:\Documents and Settings\admin1\Mes documents\Partage_kratos\Call of Duty - World at War\CoDWaW-lanfix 1.5.exe (.not file.) O47 - AAKE:Key Export SP - "H:\Documents and Settings\admin1\Mes documents\Partage_kratos\Call of Duty - World at War\CoDWaW_LANFixed.exe" [Enabled] .(...) -- H:\Documents and Settings\admin1\Mes documents\Partage_kratos\Call of Duty - World at War\CoDWaW_LANFixed.exe (.not file.) O47 - AAKE:Key Export SP - "H:\Program Files\NovaLogic\Joint Operations Typhoon Rising\Jointops.exe" [Enabled] .(...) -- H:\Program Files\NovaLogic\Joint Operations Typhoon Rising\Jointops.exe (.not file.) O47 - AAKE:Key Export SP - "H:\Program Files\LimeWire\LimeWire.exe" [Enabled] .(...) -- H:\Program Files\LimeWire\LimeWire.exe (.not file.) O47 - AAKE:Key Export SP - "H:\Program Files\Atari\Act of War - Direct Action\ACTOFWAR.EXE" [Enabled] .(...) -- H:\Program Files\Atari\Act of War - Direct Action\ACTOFWAR.exe (.not file.) O47 - AAKE:Key Export SP - "H:\Program Files\Atari\Act of War - High Treason\ActOfWar_HighTreason.exe" [Enabled] .(...) -- H:\Program Files\Atari\Act of War - High Treason\ActOfWar_HighTreason.exe (.not file.) O47 - AAKE:Key Export SP - "H:\Program Files\CounterPath\X-Lite\x-lite.exe" [Enabled] .(.Pas de propriétaire.) -- H:\Program Files\CounterPath\X-Lite\x-lite.exe O47 - AAKE:Key Export SP - "H:5\Autodesk\Maya 8.5 Personal Learning Edition\bin\maya.exe" [Enabled] Clé orpheline O47 - AAKE:Key Export SP - "H:\Program Files\Autodesk\Maya 8.5 Personal Learning Edition\bin\maya.exe" [Enabled] .(.Autodesk.) -- H:\Program Files\Autodesk\Maya 8.5 Personal Learning Edition\bin\maya.exe O47 - AAKE:Key Export SP - "H:\Documents and Settings\All Users\Application Data\NexonEU\NGM\NGM.exe" [Enabled] .(.Nexon.) -- H:\Documents and Settings\All Users\Application Data\NexonEU\NGM\NGM.exe O47 - AAKE:Key Export SP - "H:\Nexon\Combat Arms EU\CombatArms.exe" [Enabled] .(...) -- H:\Nexon\Combat Arms EU\CombatArms.exe (.not file.) O47 - AAKE:Key Export SP - "H:\Nexon\Combat Arms EU\Engine.exe" [Enabled] .(...) -- H:\Nexon\Combat Arms EU\Engine.exe (.not file.) O47 - AAKE:Key Export SP - "H:\Nexon\Combat Arms EU\NMService.exe" [Enabled] .(...) -- H:\Nexon\Combat Arms EU\NMService.exe (.not file.) O47 - AAKE:Key Export SP - "H:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" [Enabled] .(.Pas de propriétaire.) -- H:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe O47 - AAKE:Key Export SP - "H:\Program Files\Xfire\Xfire.exe" [Enabled] .(.Xfire Inc..) -- H:\Program Files\Xfire\Xfire.exe O47 - AAKE:Key Export SP - "H:\Program Files\Activision\Call of Duty - Modern Warfare 2\iw4mp.exe" [Enabled] .(.Pas de propriétaire.) -- H:\Program Files\Activision\Call of Duty - Modern Warfare 2\iw4mp.exe O47 - AAKE:Key Export SP - "H:\Program Files\Microsoft Games\Halo Trial\halo.exe" [Enabled] .(...) -- H:\Program Files\Microsoft Games\Halo Trial\halo.exe (.not file.) O47 - AAKE:Key Export SP - "H:\Documents and Settings\admin1\Local Settings\Temp\Rar$EX87.328\teeworlds-0.5.2-win32\teeworlds_srv.exe" [Enabled] .(...) -- H:\Documents and Settings\admin1\Local Settings\Temp\Rar$EX87.328\teeworlds-0.5.2-win32\teeworlds_srv.exe (.not file.) O47 - AAKE:Key Export SP - "H:\Program Files\Left4Dead\hl2.exe" [Enabled] .(.Pas de propriétaire.) -- H:\Program Files\Left4Dead\hl2.exe O47 - AAKE:Key Export SP - "H:\Program Files\Left4Dead\left4dead.exe" [Enabled] .(.Pas de propriétaire.) -- H:\Program Files\Left4Dead\left4dead.exe O47 - AAKE:Key Export SP - "H:\Program Files\PFPortChecker\PFPortChecker.exe" [Enabled] .(...) -- H:\Program Files\PFPortChecker\PFPortChecker.exe (.not file.) O47 - AAKE:Key Export SP - "H:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe" [Enabled] .(.Pas de propriétaire.) -- H:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe O47 - AAKE:Key Export SP - "H:\Program Files\Origin Games\Battlefield Bad Company 2 Digital Deluxe Edition\BFBC2Game.exe" [Enabled] .(.EA Digital Illusions CE AB.) -- H:\Program Files\Origin Games\Battlefield Bad Company 2 Digital Deluxe Edition\BFBC2Game.exe O47 - AAKE:Key Export SP - "H:\Documents and Settings\admin1\Mes documents\Partage_kratos\Call of Duty - World at War\CoDWaW.exe" [Enabled] .(.Activision Blizzard, Inc..) -- H:\Documents and Settings\admin1\Mes documents\Partage_kratos\Call of Duty - World at War\CoDWaW.exe O47 - AAKE:Key Export SP - "H:\Documents and Settings\admin1\Mes documents\Partage_kratos\Call of Duty - World at War\CoDWaWmp.exe" [Enabled] .(.Activision Blizzard, Inc..) -- H:\Documents and Settings\admin1\Mes documents\Partage_kratos\Call of Duty - World at War\CoDWaWmp.exe O47 - AAKE:Key Export SP - "H:\Program Files\Turbine\Le Seigneur des Anneaux Online\lotroclient.exe" [Enabled] .(...) -- H:\Program Files\Turbine\Le Seigneur des Anneaux Online\lotroclient.exe (.not file.) O47 - AAKE:Key Export SP - "H:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" [Enabled] .(.NVIDIA Corporation.) -- H:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O47 - AAKE:Key Export SP - "H:\Program Files\Lemmingballz\lbz3d\tmp\co_real.exe" [Enabled] .(...) -- H:\Program Files\Lemmingballz\lbz3d\tmp\co_real.exe (.not file.) O47 - AAKE:Key Export SP - "H:\Documents and Settings\admin1\Mes documents\Partage_kratos\Call of Duty - World at War\CoDWaW LanFixed 1.7.exe" [Enabled] .(.Activision Blizzard, Inc..) -- H:\Documents and Settings\admin1\Mes documents\Partage_kratos\Call of Duty - World at War\CoDWaW LanFixed 1.7.exe O47 - AAKE:Key Export SP - "H:\Program Files\uTorrent\uTorrent.exe" [Enabled] .(.BitTorrent, Inc..) -- H:\Program Files\uTorrent\uTorrent.exe O47 - AAKE:Key Export SP - "H:\Documents and Settings\admin1\Mes documents\Madden\sdgfdsghn\sdgfdsghn\Madden.NFL.08\mainapp.exe" [Enabled] .(...) -- H:\Documents and Settings\admin1\Mes documents\Madden\sdgfdsghn\sdgfdsghn\Madden.NFL.08\mainapp.exe (.not file.) O47 - AAKE:Key Export SP - "H:\Program Files\BitComet\BitComet.exe" [Enabled] .(...) -- H:\Program Files\BitComet\BitComet.exe (.not file.) O47 - AAKE:Key Export SP - "H:\Documents and Settings\admin1\Mes documents\aIW-Client\iw4mp\iw4mp.dat" [Enabled] .(...) -- H:\Documents and Settings\admin1\Mes documents\aIW-Client\iw4mp\iw4mp.dat (.not file.) O47 - AAKE:Key Export SP - "H:\Program Files\Activision\Call of Duty - Modern Wafare 2 Multi Player\iw4mp.dat" [Enabled] .(...) -- H:\Program Files\Activision\Call of Duty - Modern Wafare 2 Multi Player\iw4mp.dat (.not file.) O47 - AAKE:Key Export SP - "H:\Riot Games\League of Legends\lol.launcher.exe" [Enabled] .(.Pas de propriétaire.) -- H:\Riot Games\League of Legends\lol.launcher.exe O47 - AAKE:Key Export SP - "H:\Documents and Settings\admin1\Mes documents\LBZ ALPHA Game Data\tmp\co_real.exe" [Enabled] .(...) -- H:\Documents and Settings\admin1\Mes documents\LBZ ALPHA Game Data\tmp\co_real.exe (.not file.) O47 - AAKE:Key Export SP - "H:\Program Files\LOLReplay\LOLReplay.exe" [Enabled] .(...) -- H:\Program Files\LOLReplay\LOLReplay.exe (.not file.) O47 - AAKE:Key Export SP - "H:\Program Files\Origin Games\Battlefield Bad Company 2 Digital Deluxe Edition\BFBC2Updater.exe" [Enabled] .(.EA Digital Illusions CE AB.) -- H:\Program Files\Origin Games\Battlefield Bad Company 2 Digital Deluxe Edition\BFBC2Updater.exe O47 - AAKE:Key Export SP - "H:\Documents and Settings\admin1\Mes documents\jeux\Call of Duty- Modern Warfare 3\iw5mp_server.exe" [Enabled] .(...) -- H:\Documents and Settings\admin1\Mes documents\jeux\Call of Duty- Modern Warfare 3\iw5mp_server.exe (.not file.) O47 - AAKE:Key Export SP - "H:\Documents and Settings\admin1\Mes documents\jeux\Call of Duty- Modern Warfare 3\iw5sp.exe" [Enabled] .(...) -- H:\Documents and Settings\admin1\Mes documents\jeux\Call of Duty- Modern Warfare 3\iw5sp.exe (.not file.) O47 - AAKE:Key Export SP - "H:\Documents and Settings\admin1\Application Data\Spotify\spotify.exe" [Enabled] .(...) -- H:\Documents and Settings\admin1\Application Data\Spotify\spotify.exe (.not file.) O47 - AAKE:Key Export SP - "H:\Program Files\Microsoft Games\Age of Mythology Gold Edition\aom.exe" [Enabled] .(...) -- H:\Program Files\Microsoft Games\Age of Mythology Gold Edition\aom.exe (.not file.) O47 - AAKE:Key Export SP - "H:\Program Files\Microsoft Games\Age of Mythology Gold Edition\aomx.exe" [Enabled] .(...) -- H:\Program Files\Microsoft Games\Age of Mythology Gold Edition\aomx.exe (.not file.) O47 - AAKE:Key Export SP - "H:\Documents and Settings\admin1\Mes documents\jeux\Call of Duty- Modern Warfare 3\iw5mp.exe" [Enabled] .(...) -- H:\Documents and Settings\admin1\Mes documents\jeux\Call of Duty- Modern Warfare 3\iw5mp.exe (.not file.) O47 - AAKE:Key Export SP - "H:\Documents and Settings\admin1\Local Settings\Apps\2.0\B7XKCHW2.A0C\9KHLL814.VZ9\laun...app_59711684aa47878d_0001.001a_e12ee8c4a80a8fe8\Launcher.exe" [Enabled] .(...) -- H:\Documents and Settings\admin1\Local Settings\Apps\2.0\B7XKCHW2.A0C\9KHLL814.VZ9\laun...app_59711684aa47878d_0001.001a_e12ee8c4a80a8fe8\Launcher.exe (.not file.) O47 - AAKE:Key Export SP - "H:\Documents and Settings\admin1\Local Settings\Apps\2.0\B7XKCHW2.A0C\9KHLL814.VZ9\laun...app_59711684aa47878d_0001.001a_1f6067c30be93428\Launcher.exe" [Enabled] .(...) -- H:\Documents and Settings\admin1\Local Settings\Apps\2.0\B7XKCHW2.A0C\9KHLL814.VZ9\laun...app_59711684aa47878d_0001.001a_1f6067c30be93428\Launcher.exe (.not file.) O47 - AAKE:Key Export SP - "H:\Program Files\Hi-Rez Studios\HiRezGames\tribes\Binaries\Win32\TribesAscend.exe" [Enabled] .(...) -- H:\Program Files\Hi-Rez Studios\HiRezGames\tribes\Binaries\Win32\TribesAscend.exe (.not file.) O47 - AAKE:Key Export SP - "H:\Program Files\Strogino CS Portal\Portal 2\portal2.exe" [Enabled] .(...) -- H:\Program Files\Strogino CS Portal\Portal 2\portal2.exe (.not file.) O47 - AAKE:Key Export SP - "H:\Program Files\Left 4 Dead 2\left4dead2.exe" [Enabled] .(.Pas de propriétaire.) -- H:\Program Files\Left 4 Dead 2\left4dead2.exe O47 - AAKE:Key Export SP - "H:\Program Files\Pando Networks\Media Booster\PMB.exe" [Enabled] .(..) -- H:\Program Files\Pando Networks\Media Booster\PMB.exe O47 - AAKE:Key Export SP - "H:\Program Files\eFusion\Dragon Nest Europe\DragonNest.exe" [Enabled] .(.Pas de propriétaire.) -- H:\Program Files\eFusion\Dragon Nest Europe\DragonNest.exe O47 - AAKE:Key Export DP - "H:\Nexon\Combat Arms EU\CombatArms.exe" [Enabled] .(...) -- H:\Nexon\Combat Arms EU\CombatArms.exe (.not file.) O47 - AAKE:Key Export DP - "H:\Nexon\Combat Arms EU\Engine.exe" [Enabled] .(...) -- H:\Nexon\Combat Arms EU\Engine.exe (.not file.) O47 - AAKE:Key Export DP - "H:\Program Files\Pando Networks\Media Booster\PMB.exe" [Enabled] .(..) -- H:\Program Files\Pando Networks\Media Booster\PMB.exe ~ Keys Export: 109 Legitimates Filtered in 00mn 01s ---\\ Image File Execution Options (IFEO) (O50) O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d ~ IFEO: Scanned in 00mn 00s ---\\ MountPoints2 Shell Key (O51) O51 - MPSK:{c9632bfd-2f59-11df-8e67-001617e8d857}\AutoRun\command. (...) -- L:\Setup.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.8C859744BB069A86E9159DD7B5B92629] - 03/05/2005 - 11:25:56 ---A- . (.Philips Semiconductors GmbH - 3xHybrid.) -- H:\WINDOWS\system32\Drivers\3xHybrid.sys [710144] O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 28/09/2001 - 12:00:00 ---A- . (...) -- H:\WINDOWS\system32\ansi.sys [9037] ~ Drivers: Scanned in 00mn 00s ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ ADS: Scanned in 00mn 00s ---\\ Liste des services Legacy (O64) O64 - Services: CurCS - 30/04/2004 - H:\WINDOWS\system32\Drivers\a347scsi.sys (a347scsi) .(.Pas de propriétaire - SCSI miniport.) - LEGACY_A347SCSI O64 - Services: CurCS - 06/05/2010 - H:\WINDOWS\system32\Drivers\Aavmker4.sys (Aavmker4) .(.ALWIL Software - avast! Base Kernel-Mode Device Driver for W.) - LEGACY_AAVMKER4 O64 - Services: CurCS - 23/03/2011 - H:\WINDOWS\system32\DRIVERS\acsint.sys (acsint) .(.Cisco Systems, Inc. - Cisco AnyConnect Kernel Driver Framework So.) - LEGACY_ACSINT O64 - Services: CurCS - 23/03/2011 - H:\WINDOWS\system32\DRIVERS\acsmux.sys (acsmux) .(.Cisco Systems, Inc. - Cisco AnyConnect Kernel Driver Framework So.) - LEGACY_ACSMUX O64 - Services: CurCS - 06/05/2010 - H:\WINDOWS\system32\Drivers\aswMon2.sys (aswMon2) .(.ALWIL Software - avast! File System Filter Driver for Window.) - LEGACY_ASWMON2 O64 - Services: CurCS - 06/05/2010 - H:\Program Files\Alwil Software\Avast5\AvastSvc.exe (avast! Mail Scanner) .(.ALWIL Software - avast! Service.) - LEGACY_AVAST!_MAIL_SCANNER O64 - Services: CurCS - 06/05/2010 - H:\Program Files\Alwil Software\Avast5\AvastSvc.exe (avast! Web Scanner) .(.ALWIL Software - avast! Service.) - LEGACY_AVAST!_WEB_SCANNER O64 - Services: CurCS - 28/02/2006 - H:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service) .(.Apple Computer, Inc. - Bonjour Service.) - LEGACY_BONJOUR_SERVICE O64 - Services: CurCS - ??\??\???? - ??\Hdrivers\EagleNT.sys (EagleNT) .(. - .) - LEGACY_EAGLENT O64 - Services: CurCS - 10/12/2012 - H:\Program Files\LogMeIn Hamachi\hamachi-2.exe (Hamachi2Svc) .(.LogMeIn Inc. - Hamachi Client Tunneling Engine.) - LEGACY_HAMACHI2SVC O64 - Services: CurCS - 12/07/2012 - H:\Program Files\Hi-Rez Studios\HiPatchService.exe (HiPatchService) .(.Hi-Rez Studios - HiPatchService.) - LEGACY_HIPATCHSERVICE O64 - Services: CurCS - 03/01/2013 - Pas de propriétaire (PnkBstrA) .(...) - LEGACY_PNKBSTRA O64 - Services: CurCS - 19/11/2012 - H:\Program Files\Software\Update\SoftwareUpdate.exe (supdate) .(.Boxore OU. - Programme d'installation de Software.) - LEGACY_SUPDATE =>Adware.Boxore O64 - Services: CurCS - 23/03/2011 - H:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (vpnagent) .(.Cisco Systems, Inc. - VPN Agent Service.) - LEGACY_VPNAGENT O64 - Services: CurCS - ??\??\???? - ??\HXDva397.sys (XDva397) .(. - .) - LEGACY_XDVA397 ~ Legacy: 150 Legitimates Filtered in 00mn 00s ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.) ~ FASS Keys: 17 Legitimates Filtered in 00mn 00s ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- H:\Documents and Settings\admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- H:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- H:\Documents and Settings\admin1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- H:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (O69) O69 - SBI: prefs.js [admin1 - u7hz71zy.default] user_pref("CommunityToolbar.EngineOwner", ""); O69 - SBI: prefs.js [admin1 - u7hz71zy.default] user_pref("CommunityToolbar.EngineOwnerGuid", "{1c491116-c175-45e1-a570-6fb14fea8b7b}"); O69 - SBI: prefs.js [admin1 - u7hz71zy.default] user_pref("CommunityToolbar.EngineOwnerToolbarId", "phpnukefr"); O69 - SBI: prefs.js [admin1 - u7hz71zy.default] user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Thu May 05 2011 20:15:56 GMT+0200"); O69 - SBI: prefs.js [admin1 - u7hz71zy.default] user_pref("CommunityToolbar.alert.alertInfoInterval", 1440); O69 - SBI: prefs.js [admin1 - u7hz71zy.default] user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Jun 17 2011 16:54:09 GMT+0200"); O69 - SBI: prefs.js [admin1 - u7hz71zy.default] user_pref("CommunityToolbar.alert.clientsServerUrl", "http://alert.client.conduit.com"); O69 - SBI: prefs.js [admin1 - u7hz71zy.default] user_pref("CommunityToolbar.alert.locale", "en"); O69 - SBI: prefs.js [admin1 - u7hz71zy.default] user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); O69 - SBI: prefs.js [admin1 - u7hz71zy.default] user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Jun 24 2011 20:58:45 GMT+0200"); O69 - SBI: prefs.js [admin1 - u7hz71zy.default] user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559"); O69 - SBI: prefs.js [admin1 - u7hz71zy.default] user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); O69 - SBI: prefs.js [admin1 - u7hz71zy.default] user_pref("CommunityToolbar.alert.servicesServerUrl", "http://alert.services.conduit.com"); O69 - SBI: prefs.js [admin1 - u7hz71zy.default] user_pref("CommunityToolbar.alert.showTrayIcon", false); O69 - SBI: prefs.js [admin1 - u7hz71zy.default] user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); O69 - SBI: prefs.js [admin1 - u7hz71zy.default] user_pref("CommunityToolbar.alert.userId", "{a2749bd2-f0d9-48f1-a793-2fd0dcb5f455}"); O69 - SBI: prefs.js [admin1 - u7hz71zy.default] user_pref("avg.install.userHPSettings", "http://search.babylon.com/?affID=110825&tt=5212_1&babsrc=HP_ss&mntrId=0000000000000000000[...] =>Toolbar.Babylon O69 - SBI: prefs.js [admin1 - u7hz71zy.default] user_pref("avg.install.userSPSettings", "Search the web (Babylon)"); =>Toolbar.Babylon O69 - SBI: prefs.js [admin1 - u7hz71zy.default] user_pref("browser.newtab.url", "http://search.babylon.com/?affID=110825&tt=5212_1&babsrc=NT_ss&mntrId=000000000000000000007a79199[...] =>Toolbar.Babylon O69 - SBI: prefs.js [admin1 - u7hz71zy.default] user_pref("browser.search.order.1", "Search the web (Babylon)"); =>Toolbar.Babylon O69 - SBI: prefs.js [admin1 - u7hz71zy.default] user_pref("extensions.BabylonToolbar.admin", false); =>Toolbar.Babylon O69 - SBI: prefs.js [admin1 - u7hz71zy.default] user_pref("extensions.BabylonToolbar.aflt", "babsst"); =>Toolbar.Babylon O69 - SBI: prefs.js [admin1 - u7hz71zy.default] user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}"); =>Toolbar.Babylon O69 - SBI: prefs.js [admin1 - u7hz71zy.default] user_pref("extensions.BabylonToolbar.autoRvrt", "false"); =>Toolbar.Babylon O69 - SBI: prefs.js [admin1 - u7hz71zy.default] user_pref("extensions.BabylonToolbar.dfltLng", "en"); =>Toolbar.Babylon O69 - SBI: prefs.js [admin1 - u7hz71zy.default] user_pref("extensions.BabylonToolbar.excTlbr", false); =>Toolbar.Babylon O69 - SBI: prefs.js [admin1 - u7hz71zy.default] user_pref("extensions.BabylonToolbar.id", "000000000000000000007a7919986917"); =>Toolbar.Babylon O69 - SBI: prefs.js [admin1 - u7hz71zy.default] user_pref("extensions.BabylonToolbar.instlDay", "15699"); =>Toolbar.Babylon O69 - SBI: prefs.js [admin1 - u7hz71zy.default] user_pref("extensions.BabylonToolbar.instlRef", "sst"); =>Toolbar.Babylon O69 - SBI: prefs.js [admin1 - u7hz71zy.default] user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); =>Toolbar.Babylon O69 - SBI: prefs.js [admin1 - u7hz71zy.default] user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); =>Toolbar.Babylon O69 - SBI: prefs.js [admin1 - u7hz71zy.default] user_pref("extensions.BabylonToolbar.rvrt", "false"); =>Toolbar.Babylon O69 - SBI: prefs.js [admin1 - u7hz71zy.default] user_pref("extensions.BabylonToolbar.tlbrId", "base"); =>Toolbar.Babylon O69 - SBI: prefs.js [admin1 - u7hz71zy.default] user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://search.babylon.com/?babsrc=TB_def&mntrId=000000000000000000007a79199869[...] =>Toolbar.Babylon O69 - SBI: prefs.js [admin1 - u7hz71zy.default] user_pref("extensions.BabylonToolbar.vrsn", "1.8.7.2"); =>Toolbar.Babylon O69 - SBI: prefs.js [admin1 - u7hz71zy.default] user_pref("extensions.BabylonToolbar.vrsni", "1.8.7.2"); =>Toolbar.Babylon O69 - SBI: prefs.js [admin1 - u7hz71zy.default] user_pref("extensions.BabylonToolbar_i.babExt", ""); =>Toolbar.Babylon O69 - SBI: prefs.js [admin1 - u7hz71zy.default] user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110825&tt=5212_1"); =>Toolbar.Babylon O69 - SBI: prefs.js [admin1 - u7hz71zy.default] user_pref("extensions.BabylonToolbar_i.excTlbr", false); =>Toolbar.Babylon O69 - SBI: prefs.js [admin1 - u7hz71zy.default] user_pref("extensions.BabylonToolbar_i.newTab", false); =>Toolbar.Babylon O69 - SBI: prefs.js [admin1 - u7hz71zy.default] user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); =>Toolbar.Babylon O69 - SBI: prefs.js [admin1 - u7hz71zy.default] user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); =>Toolbar.Babylon O69 - SBI: prefs.js [admin1 - u7hz71zy.default] user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.7.220:27:53"); =>Toolbar.Babylon O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} [DefaultScope] - (Search the web (Babylon)) - http://search.babylon.com =>Toolbar.Babylon O69 - SBI: SearchScopes [HKCU] {2DFA54A6-D73B-407F-860B-1273084A3D96} - (Google) - http://www.google.fr O69 - SBI: SearchScopes [HKCU] {3E18E4DA-BFC7-45AE-9E2A-C35EEF94C24D} - (http://downloads.phpnuke.org/fr/index.php?rvs=google) - http://downloads.phpnuke.org O69 - SBI: SearchScopes [HKCU] {512E3848-298F-4D6B-AA72-26D824BFADD4} - (http://downloads.phpnuke.org/fr/index.php?rvs=google) - http://downloads.phpnuke.org O69 - SBI: SearchScopes [HKCU] {b41306c6-96d0-442a-bcc4-b0f621e82ce9} - (Fissa) - http://www.fissa.com O69 - SBI: SearchScopes [HKCU] {E55D6665-A953-46F7-92FC-0EFF99A46A5D} - (http://downloads.phpnuke.org/fr/index.php?rvs=google) - http://downloads.phpnuke.org O69 - SBI: SearchScopes [HKUS\.DEFAULT] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://search.live.com O69 - SBI: SearchScopes [HKUS\.DEFAULT] {3E18E4DA-BFC7-45AE-9E2A-C35EEF94C24D} - (http://downloads.phpnuke.org/fr/index.php?rvs=google) - http://downloads.phpnuke.org O69 - SBI: SearchScopes [HKUS\.DEFAULT] {512E3848-298F-4D6B-AA72-26D824BFADD4} - (http://downloads.phpnuke.org/fr/index.php?rvs=google) - http://downloads.phpnuke.org O69 - SBI: SearchScopes [HKUS\.DEFAULT] {524808B6-9700-4F58-B896-A9CD66DF04B8} [DefaultScope] - (http://downloads.phpnuke.org/fr/index.php?rvs=google) - http://downloads.phpnuke.org O69 - SBI: SearchScopes [HKUS\.DEFAULT] {E55D6665-A953-46F7-92FC-0EFF99A46A5D} - (http://downloads.phpnuke.org/fr/index.php?rvs=google) - http://downloads.phpnuke.org O69 - SBI: SearchScopes [HKUS\S-1-5-18] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://search.live.com O69 - SBI: SearchScopes [HKUS\S-1-5-18] {3E18E4DA-BFC7-45AE-9E2A-C35EEF94C24D} - (http://downloads.phpnuke.org/fr/index.php?rvs=google) - http://downloads.phpnuke.org O69 - SBI: SearchScopes [HKUS\S-1-5-18] {512E3848-298F-4D6B-AA72-26D824BFADD4} - (http://downloads.phpnuke.org/fr/index.php?rvs=google) - http://downloads.phpnuke.org O69 - SBI: SearchScopes [HKUS\S-1-5-18] {524808B6-9700-4F58-B896-A9CD66DF04B8} [DefaultScope] - (http://downloads.phpnuke.org/fr/index.php?rvs=google) - http://downloads.phpnuke.org O69 - SBI: SearchScopes [HKUS\S-1-5-18] {E55D6665-A953-46F7-92FC-0EFF99A46A5D} - (http://downloads.phpnuke.org/fr/index.php?rvs=google) - http://downloads.phpnuke.org ~ Keys: Scanned in 00mn 00s ---\\ Recherche particuliere à la racine de certains dossiers (O84) [MD5.D1D4297B187F9D4497CA5B0AC19DED89] [SPRF][01/09/2011] (...) -- H:\Documents and Settings\admin1\Local Settings\Application Data\fusioncache.dat [129] [MD5.73709547A3B136DE4FCFDE3EF78C1B8F] [SPRF][31/12/2012] (...) -- H:\Documents and Settings\admin1\Application Data\PnkBstrK.sys [138056] [MD5.C9FB3AF7162C4546AFC0423A3FAFDC8E] [SPRF][11/11/2011] (...) -- H:\Documents and Settings\admin1\Application Data\steam_md4.dat [4] [MD5.B245CF4B173D35DD3033F6ACDD7CBA9D] [SPRF][16/10/2011] (.AVAST Software - avast! Antivirus Removal Tool.) -- H:\Documents and Settings\admin1\Bureau\aswclear.exe [306736] [MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][05/12/2010] (...) -- H:\Program Files\Dragonica_Francais_Officielle_PSB_23.06.2010.exe [1672990242] [MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][08/03/2013] (...) -- H:\Program Files\DragonNestEUSetup31.exe [3087836939] [MD5.4D5F3F32D95AF43D59E63575C7A6A05F] [SPRF][04/09/2009] (.Microsoft Corporation - Direct driver preloader.) -- H:\Program Files\DSETUP.dll [94024] [MD5.B8EDFADD157DD8279AB65A0CEE08D688] [SPRF][04/09/2009] (.Microsoft Corporation - Programme d'installation de DirectX - 32 bits.) -- H:\Program Files\dsetup32.dll [1691464] [MD5.9E970EB020EC22032DBBD0BD8C2C659F] [SPRF][04/09/2009] (.Microsoft Corporation - Installation de Microsoft DirectX.) -- H:\Program Files\DXSETUP.exe [525656] [MD5.9BAC11A26ECC3A952725D38C443B0CDD] [SPRF][06/11/2011] (...) -- H:\Program Files\uninst-Particular.exe [36868] [MD5.EABDD0DD54922B2AD42CE8D1310CBE65] [SPRF][15/05/2010] (...) -- H:\Program Files\War_Rock_20100331.exe [606124944] [MD5.61FB16B6016BCC9AA42E02F787DC87FC] [SPRF][26/01/2010] (.Adobe Systems Incorporated - Adobe® Flash® Player ActiveX Installer.) -- H:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe [1955384] ~ Files: Scanned in 00mn 35s ---\\ Scan Additionnel (O88) Database Version : v2.11560 - (16/04/2013) Clés trouvées (Keys found) : 143 Valeurs trouvées (Values found) : 2 Dossiers trouvés (Folders found) : 21 Fichiers trouvés (Files found) : 3 [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{006E6A46-8D55-4F10-BBA8-2C9653B4278B}] =>Adware.Boxore [HKLM\Software\Classes\CLSID\{092A2C6B-43EE-4F9F-8F8E-14ED5E11C14B}] =>Adware.Agent [HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>Toolbar.Babylon [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\{186E19A3-B909-4F48-B687-BB81EB8BC7CE}] =>Trojan.BHO [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1c491116-c175-45e1-a570-6fb14fea8b7b}] =>Toolbar.Conduit [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1c491116-c175-45e1-a570-6fb14fea8b7b}] =>Toolbar.Conduit [HKLM\Software\Classes\CLSID\{1c491116-c175-45e1-a570-6fb14fea8b7b}] =>Toolbar.Conduit [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1c491116-c175-45e1-a570-6fb14fea8b7b}] =>Toolbar.Conduit [HKLM\Software\Classes\CLSID\{257A6158-1416-4B31-9BF8-29FF49F3814F}] =>Adware.Agent [HKLM\Software\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}] =>Toolbar.Agent [HKLM\Software\Classes\CLSID\{291BCCC1-6890-484a-89D3-318C928DAC1B}] =>Toolbar.Babylon [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}] =>Toolbar.Conduit [HKLM\Software\Classes\AppID\{32451DFC-C23B-4E12-866C-FC7982238504}] =>Toolbar.Babylon [HKLM\Software\Classes\CLSID\{32451DFC-C23B-4E12-866C-FC7982238504}] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}] =>Toolbar.Babylon [HKLM\Software\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}] =>Toolbar.Babylon [HKLM\Software\Classes\CLSID\{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4}] =>Toolbar.Conduit [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4}] =>Toolbar.Conduit [HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon [HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon [HKLM\Software\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{736EF78E-5A04-46F9-893E-EDEC6EA5DF45}] =>Adware.Agent [HKLM\Software\Classes\Interface\{7A1BCE27-099C-4628-B63A-AEC00C6376B3}] =>Adware.Agent [HKLM\Software\Classes\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}] =>Adware.Yontoo [HKLM\Software\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}] =>Adware.Yontoo [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}] =>Toolbar.Babylon [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype [HKLM\Software\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype [HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype [HKLM\Software\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}] =>Toolbar.Babylon [HKLM\Software\Classes\CLSID\{AC5C4189-A8A0-4C9D-8910-C9CEF8360077}] =>Adware.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype [HKLM\Software\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype [HKLM\Software\Classes\Interface\{AF3AFF7C-B9E9-48DD-9002-212B6DEAAC02}] =>Adware.Agent [HKLM\Software\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}] =>Toolbar.Babylon [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{b41306c6-96d0-442a-bcc4-b0f621e82ce9}] =>PUP.OfferBox [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B41306C6-96D0-442A-BCC4-B0F621E82CE9}] =>PUP.OfferBox [HKLM\Software\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper [HKLM\Software\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon [HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{DBE82879-914A-422F-BAE9-2ECC80BE536F}] =>Adware.Agent [HKLM\Software\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{E12D7149-73EF-45E4-A1E9-99FD7DAE62D3}] =>Adware.Agent [HKLM\Software\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{F2B184F1-547C-4EE9-BFC4-AC489C7077D9}] =>Adware.Agent [HKLM\Software\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\escort.dll] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\escortapp.dll] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\escorteng.dll] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\esrv.EXE] =>Toolbar.Babylon [HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar] =>Toolbar.Babylon [HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine] =>Toolbar.Conduit [HKLM\Software\Classes\b] =>Toolbar.Babylon [HKLM\Software\Classes\Babylon.dskBnd] =>Toolbar.Babylon [HKLM\Software\Classes\Babylon.dskBnd.1] =>Toolbar.Babylon [HKLM\Software\Classes\bbylnApp.appCore] =>Toolbar.Babylon [HKLM\Software\Classes\bbylnApp.appCore.1] =>Toolbar.Babylon [HKLM\Software\Classes\bho_project.bho_object] =>PUP.FCTPlugin [HKLM\Software\Classes\bho_project.bho_object.1] =>PUP.FCTPlugin [HKLM\Software\Classes\Conduit.Engine] =>Toolbar.Conduit [HKLM\Software\Classes\escort.escortIEPane] =>PUP.Funmoods [HKLM\Software\Classes\escort.escortIEPane.1] =>PUP.Funmoods [HKLM\Software\Classes\esrv.BabylonESrvc] =>Toolbar.Babylon [HKLM\Software\Classes\esrv.BabylonESrvc.1] =>Toolbar.Babylon [HKLM\Software\Classes\Software.OneClickCtrl.8] =>Adware.Agent [HKLM\Software\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom] =>PUP.OfferBox [HKLM\Software\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb] =>Toolbar.Babylon [HKLM\Software\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl] =>PUP.FCTPlugin [HKLM\Software\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph] =>PUP.SpecialSavings [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\1C875DDE39636004CA8CDAEC335B4160] =>Adware.PredictAd [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\BA086F2D38A8E1A47912955A68B3AD24] =>Adware.PredictAd [HKCU\Software\Ask.com] =>Toolbar.AskBar [HKCU\Software\AskToolbar] =>Toolbar.AskTBar [HKCU\Software\BabylonToolbar] =>Toolbar.Babylon [HKLM\Software\BabylonToolbar] =>Toolbar.Babylon [HKLM\Software\Boxore] =>Adware.Boxore [HKCU\Software\conduitEngine] =>Toolbar.Conduit [HKCU\Software\DataMngr] =>Adware.Bandoo [HKLM\Software\DataMngr] =>Adware.Bandoo [HKCU\Software\FissaSearch] =>PUP.OfferBox [HKCU\Software\AppDataLow\HavingFunOnline] =>Adware.BHO [HKCU\Software\OfferBox] =>PUP.OfferBox [HKLM\Software\OfferBox] =>PUP.OfferBox [HKLM\Software\OpenCandy NSIS SDK] =>Adware.OpenCandy [HKCU\Software\PHPNukeFR] =>Toolbar.Conduit [HKCU\Software\AppDataLow\Software\PHPNukeFR] =>Toolbar.Conduit [HKLM\Software\PHPNukeFR] =>Toolbar.Conduit [HKCU\Software\PriceGong] =>Adware.PriceGong [HKCU\Software\Softonic] =>Toolbar.Conduit [HKCU\Software\Spointer] =>Adware.SPointer [HKLM\Software\Tarma Installer] =>Toolbar.Agent [HKCU\Software\WideStream] =>Adware.SPointer [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}] =>Toolbar.Babylon [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar] =>Toolbar.Babylon [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\PHPNukeFR Toolbar] =>Toolbar.Conduit [HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl] =>PUP.FCTPlugin [HKLM\SOFTWARE\SOFTWARE\UPDATE\CLIENTS\{5B54E9B6-D6C4-11E0-8E9D-92FB4824019B}] =>Adware.Boxore [HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon [HKLM\Software\Classes\Installer\Features\64A6E60055D801F4BB8AC269354B72B8] =>Adware.Boxore [HKLM\Software\Classes\Installer\Products\64A6E60055D801F4BB8AC269354B72B8] =>Adware.Boxore [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\64A6E60055D801F4BB8AC269354B72B8] =>Adware.Boxore [HKCU\Software\InstallCore] =>Adware.InstallCore [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings] =>PUP.BProtector [HKLM\SYSTEM\CurrentControlSet\Services\supdate] =>Adware.Boxore [HKLM\Software\Classes\Installer\Features\6207E55EA2FE71A4AA7ABD89AEF31D1B] =>PUP.DealPly [HKLM\Software\Classes\Installer\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B] =>PUP.DealPly [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B] =>PUP.DealPly [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}] =>PUP.BProtector [HKLM\Software\Classes\AppID\ESRV.EXE] =>Adware.Facemoods [HKLM\Software\Classes\TypeLib\{B00FE392-639D-4688-976E-A1BFF368CB96}] =>Adware.Agent [HKLM\Software\Classes\Interface\{3AE26843-9171-4F23-A8E5-5421701276A4}] =>Adware.Agent [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{EA69DAE1-1BC2-48ED-AB9A-24A5C8AC8071}] =>Adware.Boxore [HKLM\Software\Classes\Installer\Features\1EAD96AE2CB1DE84BAA9425A8CCA0817] =>Adware.Boxore [HKLM\Software\Classes\Installer\Products\1EAD96AE2CB1DE84BAA9425A8CCA0817] =>Adware.Boxore [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1EAD96AE2CB1DE84BAA9425A8CCA0817] =>Adware.Boxore [HKLM\Software\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}] =>Toolbar.Conduit [HKLM\Software\Messenger Plus!\OpenCandy] =>Adware.OpenCandy [HKLM\Software\Classes\Toolbar.CT2102473] =>Toolbar.Conduit [HKLM\Software\Classes\AppID\escort.DLL] =>PUP.Funmoods [HKLM\Software\Classes\AppID\escortApp.DLL] =>PUP.Funmoods [HKLM\Software\Classes\AppID\escortEng.DLL] =>PUP.Funmoods [HKLM\Software\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA] =>Adware.Boxore^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^ [HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{32099aac-c132-4136-9e9a-4e364a424e17} =>Toolbar.DaemonTools [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]:Boxore Client =>Adware.Boxore H:\Program Files\Boxore =>Adware.Boxore H:\Program Files\DAEMON Tools Toolbar =>Toolbar.Agent H:\Program Files\PHPNukeFR =>Toolbar.Conduit H:\Program Files\Software =>Adware.Boxore H:\Program Files\OApps =>Toolbar.Agent H:\Documents and Settings\admin1\Application Data\Babylon =>Toolbar.Babylon H:\Documents and Settings\admin1\Application Data\BabylonToolbar =>Toolbar.Babylon H:\Documents and Settings\admin1\Application Data\OfferBox =>PUP.OfferBox H:\Documents and Settings\admin1\Application Data\OpenCandy =>Adware.OpenCandy H:\Documents and Settings\admin1\Application Data\PriceGong =>Adware.PriceGong H:\Documents and Settings\admin1\Application Data\Widestream =>Adware.SPointer H:\Documents and Settings\admin1\Application Data\BabSolution =>Hijacker.BabSolution H:\Documents and Settings\admin1\Local Settings\Application Data\Conduit =>Toolbar.Conduit H:\Documents and Settings\admin1\Local Settings\Application Data\ConduitEngine =>Toolbar.Conduit H:\Documents and Settings\admin1\Local Settings\Application Data\OpenCandy =>Adware.OpenCandy H:\Documents and Settings\admin1\Local Settings\Application Data\PHPNukeFR =>Toolbar.Conduit H:\Documents and Settings\admin1\Local Settings\Application Data\Software =>Adware.Boxore H:\Documents and Settings\admin1\Local Settings\Application Data\widestream6 Air =>Adware.SPointer H:\Documents and Settings\admin1\Application Data\Mozilla\Firefox\Profiles\u7hz71zy.default\Conduit =>Toolbar.Conduit H:\Documents and Settings\admin1\Application Data\Mozilla\Firefox\Profiles\u7hz71zy.default\extensions\@FissaPlugin =>PUP.OfferBox H:\Documents and Settings\admin1\Application Data\Mozilla\Firefox\Profiles\u7hz71zy.default\Extensions\ffxtlbr@babylon.com =>Toolbar.Babylon H:\Documents and Settings\admin1\Application Data\Mozilla\Firefox\Profiles\u7hz71zy.default\bprotector_extensions.sqlite =>PUP.BProtector H:\Documents and Settings\admin1\Application Data\Mozilla\Firefox\Profiles\u7hz71zy.default\bprotector_prefs.js =>PUP.BProtector H:\Documents and Settings\admin1\Application Data\Mozilla\Firefox\Profiles\u7hz71zy.default\SearchPlugins\fissa.xml =>PUP.OfferBox ~ Additionnel: Scanned in 03mn 54s ---\\ Product Upgrade Codes (O90) O90 - PUC: "1EAD96AE2CB1DE84BAA9425A8CCA0817" . (.Boxore Client.) -- H:\WINDOWS\Installer\{EA69DAE1-1BC2-48ED-AB9A-24A5C8AC8071}\boxore.ico =>Adware.Boxore O90 - PUC: "6207E55EA2FE71A4AA7ABD89AEF31D1B" . (.Babylon Chrome Toolbar.) -- H:\WINDOWS\Installer\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}\BabylonSetup.ico =>Toolbar.Babylon ~ Update Products: 105 Legitimates Filtered in 00mn 00s ---\\ Random Export Key (O91) [HKCU\Software\596ded1b139ee43] =>Toolbar.Babylon^ [HKCU\Software\596ded1b139ee43]:GUID="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" [HKCU\Software\596ded1b139ee43]:version="2.5.1005.80" [HKLM\Software\14919ea49a8f3b4aa3cf1058d9a64cec] => Clé orpheline [HKLM\Software\596ded1b139ee43] =>Toolbar.Babylon^ [HKLM\Software\596ded1b139ee43]:GUID="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" [HKLM\Software\596ded1b139ee43]:version="2.5.1005.80" ~ Export Key Software: Scanned in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 12/03/2013 253656 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - H:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Auto 06/05/2010 40384 | (avast! Antivirus) . (.ALWIL Software.) - H:\Program Files\Alwil Software\Avast5\AvastSvc.exe SS - | Demand 06/05/2010 40384 | (avast! Mail Scanner) . (.ALWIL Software.) - H:\Program Files\Alwil Software\Avast5\AvastSvc.exe SS - | Demand 06/05/2010 40384 | (avast! Web Scanner) . (.ALWIL Software.) - H:\Program Files\Alwil Software\Avast5\AvastSvc.exe SR - | Auto 28/02/2006 229376 | (Bonjour Service) . (.Apple Computer, Inc..) - H:\Program Files\Bonjour\mDNSResponder.exe SR - | Auto 2469992 | (BrowserProtect) . (...) - H:\Documents and Settings\All Users\Application Data\BrowserProtect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe =>Toolbar.Babylon SS - | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - H:\WINDOWS\system32\dmadmin.exe SS - | Demand 20/03/2010 654848 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - H:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe SS - | Auto 10/12/2012 1435568 | (Hamachi2Svc) . (.LogMeIn Inc..) - H:\Program Files\LogMeIn Hamachi\hamachi-2.exe SR - | Auto 12/07/2012 8704 | (HiPatchService) . (.Hi-Rez Studios.) - H:\Program Files\Hi-Rez Studios\HiPatchService.exe SS - | Demand 03/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - H:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe SR - | Auto 21/02/2013 170912 | (JavaQuickStarterService) . (.Oracle Corporation.) - H:\Program Files\Java\jre7\bin\jqs.exe SS - | Demand 28/10/2012 312264 | (maconfservice) . (.CybelSoft.) - H:\Program Files\ma-config.com\maconfservice.exe SS - | Demand 11/03/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - H:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe SS - | Demand 08/09/2010 3852792 | (npggsvc) . (.INCA Internet Co., Ltd..) - H:\WINDOWS\system32\GameMon.des SR - | Auto 15/03/2013 156960 | (NVSvc) . (.NVIDIA Corporation.) - H:\WINDOWS\system32\nvsvc32.exe SR - | Auto 15/03/2013 1266464 | (nvUpdatusService) . (.NVIDIA Corporation.) - H:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe SR - | Auto 76888 | (PnkBstrA) . (...) - H:\WINDOWS\system32\PnkBstrA.exe SS - | Demand 07/04/2008 430592 | (ServiceLayer) . (.Nokia..) - H:\Program Files\PC Connectivity Solution\ServiceLayer.exe SR - | Auto 02/10/2012 3064000 | (Skype C2C Service) . (.Skype Technologies S.A..) - H:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe SS - | Auto 28/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - H:\Program Files\Skype\Updater\Updater.exe SS - | Auto 19/11/2012 139576 | (supdate) . (.Boxore OU..) - H:\Program Files\Software\Update\SoftwareUpdate.exe =>Adware.Boxore SR - | Auto 23/03/2011 435152 | (vpnagent) . (.Cisco Systems, Inc..) - H:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe ~ Services: Scanned in 00mn 01s ~ 1341 Legitimates filtered by white list End of the scan (949 lines in 11mn 28s)(0)