~ Rapport de ZHPDiag v2014.5.9.58 - Nicolas Coolman (09/05/2014) ~ Lancé par CAMILLE (09/05/2014 20:22:45) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/ ~ Traduit par Nicolas Coolman ~ Etat de la version : ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Activate by user ---\\ Navigateurs Internet MSIE: Internet Explorer v8.0.6001.19170 MFIE: Mozilla Firefox 12.0 GCIE: Google Chrome v34.0.1847.131 (Defaut) ---\\ Informations sur les produits Windows ~ Langage: Français Windows Vista (TM) Home Basic, 32-bit Service Pack 2 (Build 6002) Windows Server License Manager Script : OK ~ Windows Operating System - Vista, OEM_SLP channel System Locked Preinstallation (OEM_SLP) : OK Windows ID Activation : OK ~ Windows Partial Key : 44MV3 Windows License : OK Windows Automatic Updates : OK ---\\ Logiciels de protection du système Bitdefender Antivirus Plus 2013 v16.26.0.1739 ---\\ Logiciels d'optimisation du système CCleaner v4.05 ---\\ Logiciels de partage PeerToPeer ---\\ Surveillance de Logiciels Adobe Flash Player 9 ActiveX Adobe Reader X ---\\ Informations sur le système ~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 2038 MB (40% free) System Restore: Activé (Enable) System drive C: has 1 GB (0%) free of 288 GB ---\\ Mode de connexion au système ~ Computer Name: PC-DE-CAMILLE ~ User Name: CAMILLE ~ All Users Names: CAMILLE, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Users\CAMILLE\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\CAMILLE\AppData\Roaming\ ~ %Desktop% : C:\Users\CAMILLE\Desktop\ ~ %Favorites% : C:\Users\CAMILLE\Favorites\ ~ %LocalAppData% : C:\Users\CAMILLE\AppData\Local\ ~ %StartMenu% : C:\Users\CAMILLE\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 1 Go of 288 Go) D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 10 Go) E: CD-ROM drive (Free 0 Go of 7 Go) ---\\ Etat du Centre de Sécurité Windows [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date ~ Security Center: 42 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 07:27:36.) -- C:\Windows\Explorer.exe [2926592] [MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 - 03:33:13.) -- C:\Windows\System32\Wininit.exe [96768] [MD5.1D94FA7C81D2FFE494AF094619BA706F] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.16/02/2012 - 07:48:15.) -- C:\Windows\System32\wininet.dll [1127424] [MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 07:28:13.) -- C:\Windows\System32\Winlogon.exe [314368] [MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408] [MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 07:32:26.) -- C:\Windows\system32\Drivers\atapi.sys [19944] [MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:33:23.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144] [MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 05:39:17.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072] [MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264] [MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 05:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152] [MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:32:45.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784] [MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:34:06.) -- C:\Windows\system32\Drivers\IpNat.sys [100864] [MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496] [MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 05:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856] [MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.03/03/2013 - 20:07:52.) -- C:\Windows\system32\Drivers\ntfs.sys [1082232] [MD5.8A79FDF04A73428597E2CAF9D0D67850] - (.Microsoft Corporation - Pilote de port parallèle.) (.21/01/2008 - 03:32:22.) -- C:\Windows\system32\Drivers\Parport.sys [79360] [MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/01/2008 - 03:34:44.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288] [MD5.FBC0BACD9C3D7F6956853F64A66E252D] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/01/2008 - 03:32:22.) -- C:\Windows\system32\Drivers\rdpdr.sys [248832] [MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 05:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560] [MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 05:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192] [MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/08/2012 - 12:47:42.) -- C:\Windows\system32\Drivers\volsnap.sys [224640] ~ Generic Processes: Scanned in 00mn 01s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 1/14085 ~ Mes musiques (My Musics) : 19/502 ~ Mes Videos (My Videos) : 1/6 ~ Mes Favoris (My Favorites) : 1/30 ~ Mes Documents (My Documents) : 9/1929 ~ Mon Bureau (My Desktop) : 10/119 ~ Menu demarrer (Programs) : 1/30 ~ Hidden Files: Scanned in 00mn 23s ---\\ Processus lancés [MD5.4F4609746E7BF4AEFE60A718C2B9D43F] - (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904] [PID.3140] [MD5.DC679F135C75C36F4FC638D775209266] - (.Intel Corporation - igfxsrvc Module.) -- C:\windows\system32\igfxsrvc.exe [252952] [PID.3228] [MD5.1ABF80D4F4941ECEE600AEC768173523] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1430824] [PID.3652] [MD5.AC04E26828895435AFA7379E27780BC7] - (.Hewlett-Packard - HP Wireless Assistant main program.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [506424] [PID.3668] [MD5.067410FCDC491DF989D0142724262BA9] - (. Hewlett-Packard Development Company, L.P. - Quick Launch Buttons.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe [287288] [PID.3688] [MD5.690A6DF02625A46ABEE250C6151B7FBA] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [54576] [PID.3696] [MD5.5BDDB55329F20EB592A3F5020E8F5233] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [141848] [PID.3716] [MD5.CD972D1B0CE23B748708627C55CC135A] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [173592] [PID.1936] [MD5.B7D920688464700A12C9E14FC8F3F3B4] - (. Hewlett-Packard Development Company, L.P. - Volume related element.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe [91440] [PID.2136] [MD5.F17DF85D4006EF6456FDC6774391753E] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [150552] [PID.2472] [MD5.31702C5816E6EC1D66D3397EBB390579] - (.Bitdefender - Bitdefender Agent.) -- C:\Program Files\BitDefender\Bitdefender 2013\bdagent.exe [1614344] [PID.1724] [MD5.A7810B302294793DE88542AAE177D1B1] - (.ArcSoft Inc. - ArcSoft Connect Daemon.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424] [PID.1704] [MD5.0408F0E5C0411B11B9502D957BCE15E1] - (.Nikon Corporation - Nikon Transfer Monitor.) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe [479232] [PID.3984] [MD5.FA67B019063B2C456A6BB2D3FC44A21D] - (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray.exe [483428] [PID.3552] [MD5.26A114105F44E4121E65386E3FDE38C4] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2393376] [PID.928] [MD5.F6041A72058ADD22166C31B5FD5E919C] - (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\CAMILLE\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000] [PID.1844] [MD5.343E19B2F141B65FA1723385C664F861] - (.Spotify Ltd - Spotify.) -- C:\Users\CAMILLE\AppData\Roaming\Spotify\spotify.exe [6087224] [PID.1848] [MD5.723DB99F24FBDCC8DE746D5689B20E79] - (.BitTorrent Inc. - µTorrent.) -- C:\Users\CAMILLE\AppData\Roaming\uTorrent\uTorrent.exe [1266520] [PID.4504] =>P2P.BitTorrent [MD5.4094667C86ADAEA50095E69A7780F014] - (.Teleca Software Solutions AB - Phone Connection Monitor application.) -- C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe [754176] [PID.4992] [MD5.58FC1B36032F03342E4C02813F80DAC1] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\CAMILLE\AppData\Roaming\Dropbox\bin\Dropbox.exe [30714328] [PID.5036] [MD5.F400694D7D2785F60133C20F7F2F4F7A] - (.ArcSoft Inc. - ArcSoft Connect Notifier.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac [309824] [PID.5260] [MD5.DEABB07BC9B0009D826D2CA04C43F90F] - (.Conduit - Search Protect by Conduit.) -- C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe [4693792] [PID.5320] =>Toolbar.Conduit [MD5.EFAAE131121B7AD73CBA0FECC0B5A277] - (.Conduit - Search Protect by Conduit.) -- C:\Program Files\SearchProtect\UI\bin\cltmngui.exe [3037472] [PID.5352] =>Toolbar.Conduit [MD5.1E1519C9F9A8FCCFB7D1C27E0C6B8992] - (.Symbian Ltd. - ConnMngmntBox Module.) -- C:\Program Files\Sony Ericsson\Mobile\Connectivity Pack\ConnMngMntBox.exe [180224] [PID.0] [MD5.F983BB6D9208A1ABA285DF5457FBBC94] - (.Intuwave Ltd. - mRouterRuntime MFC Application.) -- c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe [557122] [PID.4196] [MD5.5A56936640ECF4DBC94FDB9A759EDF23] - (.France Telecom SA - Pas de description.) -- C:\Program Files\Common Files\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe [90112] [PID.4844] [MD5.F92871A389230747AC6348C64D41AD57] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [103720] [PID.5228] [MD5.F28C33D2589F7B89185F3B9445641F84] - (.Pas de propriétaire - HpqToaster Module.) -- C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe [628016] [PID.3324] [MD5.19669327968537BA685F5C836180B493] - (.France Telecom SA - Pas de description.) -- C:\Program Files\OrangeHSS\systray\systrayapp.exe [94208] [PID.1636] [MD5.5777523CDDD178ECFE1BBDB7A3F2D6CF] - (...) -- C:\Users\CAMILLE\AppData\Roaming\Spotify\Data\SpotifyHelper.exe [602680] [PID.2380] [MD5.BE01E566D1F569AAB32D0335613E1EEA] - (.Microsoft Corporation - COM Surrogate.) -- C:\windows\system32\DllHost.exe [7168] [PID.6384] [MD5.0BE55CE27465CAE6AFB660BCEAD3D5DC] - (.Conduit - Search Protect by Conduit Uninstaller.) -- C:\Users\CAMILLE\AppData\Local\Temp\~nsu.tmp\Au_.exe [1063800] [PID.8160] =>Toolbar.Conduit [MD5.542459D16B416D054161007FC9B1246E] - (.Google Inc. - Google Chrome.) -- C:\Users\CAMILLE\AppData\Local\Google\Chrome\Application\chrome.exe [841032] [PID.6248] [MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\windows\system32\conime.exe [69120] [PID.5468] [MD5.05BE9A378036323EC42CCD3F9BB03266] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7872000] [PID.4048] [MD5.DE1AD5C2FC511360EC64A6D50E6E85CB] - (.Bitdefender - Bitdefender Security Service.) -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe [1343472] [PID.1008] [MD5.7C43EE429B6F503EB6ADAFFF3C20A305] - (.IDT, Inc. - IDT PC Audio.) -- C:\windows\System32\DriverStore\FileRepository\stwrt.inf_2159adbc\STacSV.exe [254042] [PID.1484] [MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\windows\system32\SLsvc.exe [3408896] [PID.1756] [MD5.ADC420616C501B45D26C0FD3EF1E54E4] - (.ArcSoft Inc. - ArcSoft Connect Service.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152] [PID.2332] [MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.2360] [MD5.827DBC22C96EECF6D36A13162FABAFD3] - (.Andrea Electronics Corporation - Andrea filters APO access service (32-bit).) -- C:\windows\System32\DriverStore\FileRepository\stwrt.inf_2159adbc\aestsrv.exe [81920] [PID.2412] [MD5.9C9D3B7A05445B1AB2DF4D0C4D6B77E8] - (.Agere Systems - Agere Soft Modem Call Progress Service.) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336] [PID.2440] [MD5.C88862F45AC3B447DF50E814BE2F6A13] - (.France Telecom SA - Pas de description.) -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [65536] [PID.2488] [MD5.213822072085B5BBAD9AF30AB577D817] - (.InterVideo - RegMgr Module.) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [112152] [PID.2612] [MD5.1615458FB71003B4ED7AD1F26C3A4047] - (.Hewlett-Packard Company - LightScribe Service.) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe [79136] [PID.2628] [MD5.8D6C1E70004EFC97710697AA9450130A] - (...) -- C:\Users\CAMILLE\AppData\Local\MAJTuto\MAJTuto.exe [3015168] [PID.2664] [MD5.3E3AC2BE7467EB3AFE1131154A886C6C] - (.PDF Complete Inc - Dispatcher.) -- C:\Program Files\PDF Complete\pdfsvc.exe [777240] [PID.2704] [MD5.A6A7AD767BF5141665F5C675F671B3E1] - (.Protexis Inc. - PsiService PsiService.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [185632] [PID.2808] [MD5.675C575444AAFD56B4E8A99EF8A570CD] - (.Absolute Software Corp. - rpcnet.) -- C:\windows\system32\rpcnet.exe [69792] [PID.2860] [MD5.BAFB0A7567153549CE30532A7C51D5AA] - (.Bitdefender - Bitdefender Update Service.) -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe [54960] [PID.3048] [MD5.C14A9ADD8776756AEC5D20AB3DEE60ED] - (.Intel Corporation - RAID Monitor.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [354840] [PID.3560] [MD5.188FF0ADF66768D53AD94F43972E1E9A] - (.Hewlett-Packard Development Company, L.P. - hpqwmiex Module.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [223232] [PID.1396] [MD5.F2B6E950ED768CC8D980F6D27273B741] - (.Hewlett-Packard Development Company, L.P. - Com for QLB application.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [209464] [PID.3316] [MD5.F31EAD497B8CBE16895A3B7B201C4EAE] - (.Conduit - Search Protect by Conduit.) -- C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe [2470688] [PID.5220] =>Toolbar.Conduit [MD5.A19B0BB5A7EB6DF2DD4A0711D36955EE] - (.Hewlett-Packard - HP Health Check Service.) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208] [PID.5472] [MD5.F02A533F517EB38333CB12A9E8963773] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files\Google\Update\GoogleUpdate.exe [136176] [PID.6228] ~ Processes Running: Scanned in 00mn 08s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\CAMILLE\AppData\Local\Google\Chrome\User Data\Default\Preferences G1 - GCS: Preference [User Data\Default] http://search.conduit.com G2 - GCE: Preference [User Data\Default] [booedmolknjekdopkepjjeckmjkdpfgl] Extutil v.0.1 (Activé) =>PUP.Manager G2 - GCE: Preference [User Data\Default] [flpcjncodpafbgdpnkljologafpionhb] Managera v.0.1 (Activé) =>PUP.Manager G2 - GCE: Preference [User Data\Default] [mfffpogegjflfpflabcdkioaeobkgjik] GaiaAuthExtension v.0.0.1, (Activé) G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé) G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé) G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé) ---\\ Liste des dossiers d'extension Google Chrome ~ Google Lines Browser: 14 Legitimates Filtered in 00mn 01s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\CAMILLE\AppData\Roaming\Mozilla\Firefox\Profiles\47b4pruj.default\prefs.js C:\Users\CAMILLE\AppData\Roaming\Mozilla\Firefox\Profiles\47b4pruj.default\user.js M3 - MFPP: Plugins - [CAMILLE] -- C:\Program Files\Mozilla FireFox\searchplugins\babylon.xml =>PUP.Babylon M0 - MFSP: prefs.js [CAMILLE - 47b4pruj.default] http://search.babylon.com =>PUP.Babylon M2 - MFEP: prefs.js [CAMILLE - 47b4pruj.default\ffxtlbr@babylon.com] [] Babylon v1.1.9 (..) =>PUP.Babylon ~ Firefox Browser: 29 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = http://search.babylon.com =>PUP.Babylon ~ IE Browser: 9 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 20 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: BHO Project - {de4e75d3-60aa-4f02-a0e4-c8a40576574c} . (.InternetEngine - Pas de description.) -- C:\Program Files\Object\bho_project.dll ~ BHO: 6 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: (no name) - [HKLM]{0BF43445-2F28-4351-9252-17FE6E806AA0} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Desktop [CAMILLE]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\CAMILLE\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent ~ Global Startup: 1 Legitimates Filtered in 00mn 05s ---\\ Applications lancées au démarrage du système (O4) O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe O4 - HKLM\..\Run: [IAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [PDF Complete] . (.PDF Complete Inc - Sentry for PDF.) -- C:\Program Files\PDF Complete\pdfsty.exe =>.PDF Complete Inc O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [WirelessAssistant] . (.Hewlett-Packard - HP Wireless Assistant main program.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [HP Health Check Scheduler] . (.Hewlett-Packard - HP Health Check Scheduler.) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [QlbCtrl.exe] . (. Hewlett-Packard Development Company, L.P. - Quick Launch Buttons.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\windows\system32\igfxpers.exe O4 - HKLM\..\Run: [HPCam_Menu] . (.CyberLink Corp. - MUI StartMenu Application.) -- c:\Program Files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe O4 - HKLM\..\Run: [WatchDog] . (.InterVideo Inc. - DVDCheck Application.) -- C:\Program Files\InterVideo\DVD8SESD\DVDCheck.exe O4 - HKLM\..\Run: [ORAHSSSessionManager] . (.France Telecom SA - Pas de description.) -- C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe O4 - HKLM\..\Run: [PCTuto] . (...) -- C:\Program Files\PCTuto\pctuto.exe =>PUP.AgenceExclusive O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated O4 - HKLM\..\Run: [Bdagent] . (.Bitdefender - Bitdefender Agent.) -- C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe O4 - HKLM\..\Run: [ArcSoft Connection Service] . (.ArcSoft Inc. - ArcSoft Connect Daemon.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [Nikon Transfer Monitor] . (.Nikon Corporation - Nikon Transfer Monitor.) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray.exe O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation O4 - HKCU\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\CAMILLE\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\CAMILLE\AppData\Local\Facebook\Update\FacebookUpdate.exe O4 - HKCU\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\CAMILLE\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe O4 - HKCU\..\Run: [Spotify] . (.Spotify Ltd - Spotify.) -- C:\Users\CAMILLE\AppData\Roaming\Spotify\spotify.exe O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\CAMILLE\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] Clé orpheline O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] Clé orpheline O4 - HKUS\S-1-5-21-4023509632-2876493822-3044149005-1004\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-4023509632-2876493822-3044149005-1004\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe O4 - HKUS\S-1-5-21-4023509632-2876493822-3044149005-1004\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\CAMILLE\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc O4 - HKUS\S-1-5-21-4023509632-2876493822-3044149005-1004\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\CAMILLE\AppData\Local\Facebook\Update\FacebookUpdate.exe O4 - HKUS\S-1-5-21-4023509632-2876493822-3044149005-1004\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\CAMILLE\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe O4 - HKUS\S-1-5-21-4023509632-2876493822-3044149005-1004\..\Run: [Spotify] . (.Spotify Ltd - Spotify.) -- C:\Users\CAMILLE\AppData\Roaming\Spotify\spotify.exe O4 - HKUS\S-1-5-21-4023509632-2876493822-3044149005-1004\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\CAMILLE\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent ~ Application: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} . (.Microsoft Corporation - Windows Live Messenger Companion core resources.) -- C:\Program Files\Windows Live\Companion\companionres.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Site dans la Zone de confiance d'Internet Explorer (O15) O15 - Trusted Zone: [HKLM\...\Domains\www] http.mcafeeasap.com O15 - Trusted Zone: [HKLM\...\EscDomains\www] http.mcafeeasap.com ~ IE Zone Confiance: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{76CBCEDD-84D7-4CE7-A3F6-A8A01D8D97F3}: DhcpNameServer = 212.27.40.241 212.27.40.240 O17 - HKLM\System\CCS\Services\Tcpip\..\{A08139C2-E3E5-47D6-90FA-4AACABA0FF4F}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{76CBCEDD-84D7-4CE7-A3F6-A8A01D8D97F3}: DhcpNameServer = 212.27.40.241 212.27.40.240 O17 - HKLM\System\CS1\Services\Tcpip\..\{A08139C2-E3E5-47D6-90FA-4AACABA0FF4F}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{76CBCEDD-84D7-4CE7-A3F6-A8A01D8D97F3}: DhcpNameServer = 212.27.40.241 212.27.40.240 O17 - HKLM\System\CS2\Services\Tcpip\..\{A08139C2-E3E5-47D6-90FA-4AACABA0FF4F}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{76CBCEDD-84D7-4CE7-A3F6-A8A01D8D97F3}: DhcpNameServer = 212.27.40.241 212.27.40.240 O17 - HKLM\System\CS3\Services\Tcpip\..\{A08139C2-E3E5-47D6-90FA-4AACABA0FF4F}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - AppInit_DLLs: . (.Conduit - Search Protect by Conduit.) - C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll =>Toolbar.Conduit ~ AppInit DLL: Scanned in 00mn 00s ---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22) O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll ~ STS/SSO: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Search Protect by Conduit Service (CltMngSvc) . (.Conduit - Search Protect by Conduit.) - C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe =>Toolbar.Conduit O23 - Service: MAJTuto (MAJTuto) . (...) - C:\Users\CAMILLE\AppData\Local\MAJTuto\MAJTuto.exe ~ Services: 18 Legitimates Filtered in 00mn 12s ---\\ Tâches planifiées en automatique (O39) [MD5.00000000000000000000000000000000] [APT] [{122366FF-BF68-4D5E-995F-8A75C3FFF47E}] (...) -- C:\Users\CAMILLE\AppData\Local\Temp\pft56C8~tmp\anubis_setup\anubis.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{1DF1CA6B-E193-4175-9A94-FA312D2508E1}] (...) -- C:\Users\CAMILLE\Downloads\sony_ericsson_pcsuite_3.11_2711.exe (.not file.) [0] O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002] O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4023509632-2876493822-3044149005-1004Core [914] O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4023509632-2876493822-3044149005-1004UA [936] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1054] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1058] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4023509632-2876493822-3044149005-1004Core [1034] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4023509632-2876493822-3044149005-1004Core1cc93b5c0ccbaa0 [1034] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4023509632-2876493822-3044149005-1004UA [1086] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4023509632-2876493822-3044149005-1004UA1cc93b5c4a3d280 [1086] ~ Scheduled Task: 24 Legitimates Filtered in 00mn 05s ---\\ Logiciels installés (O42) O42 - Logiciel: Facetheme - (.facetheme.com.) [HKLM] -- facetheme =>PUP.FCTPlugin O42 - Logiciel: OpenProj - (.Serena Software Inc..) [HKLM] -- {13702021-43FB-480C-912F-D9B74A538288} O42 - Logiciel: PCTuto 2.0 - (.PCTuto.) [HKLM] -- PCTuto_is1 =>PUP.AgenceExclusive O42 - Logiciel: PCTuto Maj 1.0 - (.PC-Tuto.) [HKLM] -- PCTuto Maj_is1 =>PUP.AgenceExclusive O42 - Logiciel: Search Protect - (.Conduit.) [HKLM] -- SearchProtect =>Toolbar.Conduit O42 - Logiciel: UpdatePCTuto 2.0 - (.PCtuto.) [HKLM] -- UpdatePCTuto_is1 =>PUP.AgenceExclusive ~ Logic: 24 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader [HKCU\Software\MAS] [HKCU\Software\PCTuto] =>PUP.AgenceExclusive [HKCU\Software\iVIDI Plugin] =>PUP.Ividi [HKLM\Software\Babylon] =>PUP.Babylon [HKLM\Software\PCTuto] =>PUP.AgenceExclusive ~ Key Software: 248 Legitimates Filtered in 00mn 01s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 15/03/2012 - 15:02:28 - [] ----D C:\Program Files\Object O43 - CFD: 02/01/2014 - 18:43:49 - [] ----D C:\Program Files\PCTuto =>PUP.AgenceExclusive O43 - CFD: 01/07/2012 - 18:15:19 - [0] ----D C:\ProgramData\Babylon =>PUP.Babylon O43 - CFD: 01/07/2012 - 18:15:19 - [] ----D C:\Users\CAMILLE\AppData\Roaming\Babylon =>PUP.Babylon O43 - CFD: 25/08/2011 - 21:39:00 - [] ----D C:\Users\CAMILLE\AppData\Roaming\PCtuto =>PUP.AgenceExclusive O43 - CFD: 05/03/2013 - 17:13:37 - [] ----D C:\Users\CAMILLE\AppData\Local\comnetwork O43 - CFD: 15/03/2012 - 15:02:30 - [] ----D C:\Users\CAMILLE\AppData\Local\eojet =>PUP.Eorezo O43 - CFD: 15/03/2012 - 15:02:31 - [] ----D C:\Users\CAMILLE\AppData\Local\MAJTuto O43 - CFD: 25/08/2011 - 21:38:54 - [] ----D C:\Users\CAMILLE\AppData\Local\PCTuto =>PUP.AgenceExclusive ~ 1551 Dossier CLSID vide (CLSID Empty Folder) ~ Program Folder: 1811 Legitimates Filtered in 00mn 29s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.D7E370A47CABEA74F23DD7CA8E6ED22A] - 08/05/2014 - 20:43:37 ---A- . (...) -- C:\bdlog.txt [1268810] O44 - LFC:[MD5.DE483C36FC2B08B6F716422B15FB8345] - 09/05/2014 - 13:05:33 ---A- . (...) -- C:\Windows\System32\spsys.log [173096] O44 - LFC:[MD5.C14731D94AF1EF0CAB3DA53BDF8710E1] - 09/05/2014 - 13:05:44 ---A- . (...) -- C:\Windows\System32\rpcnetp.exe [17408] ~ Files: 8 Legitimates Filtered in 00mn 15s ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 ~ MWPS: 16 Legitimates Filtered in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:21/01/2008 - 03:32:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [342584] O58 - SDL:02/11/2006 - 10:50:07 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\System32\Drivers\iteatapi.sys [35944] O58 - SDL:02/11/2006 - 10:50:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\System32\Drivers\iteraid.sys [35944] O58 - SDL:26/03/2009 - 13:39:04 ---A- . (.Pas de propriétaire - USBCAMD for Sonix UVC.) -- C:\Windows\System32\Drivers\sncduvc.sys [34480] O58 - SDL:26/03/2009 - 13:39:14 ----- . (.Pas de propriétaire - UVC Camera Streaming Driver.) -- C:\Windows\System32\Drivers\snp2uvc.sys [1765168] O58 - SDL:30/03/2009 - 13:47:00 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt.sys [398848] O58 - SDL:21/01/2008 - 03:32:45 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\System32\Drivers\uliahci.sys [238648] O58 - SDL:02/11/2006 - 10:50:35 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\System32\Drivers\ulsata.sys [98408] O58 - SDL:21/01/2008 - 03:32:49 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\Windows\System32\Drivers\ulsata2.sys [115816] O58 - SDL:02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029] O58 - SDL:02/11/2006 - 08:09:45 ---A- . (...) -- C:\Windows\System32\country.sys [27097] O58 - SDL:02/11/2006 - 08:09:41 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768] O58 - SDL:02/11/2006 - 08:09:44 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809] O58 - SDL:02/11/2006 - 08:09:44 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537] O58 - SDL:02/11/2006 - 08:09:29 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866] O58 - SDL:02/11/2006 - 08:09:35 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146] O58 - SDL:02/11/2006 - 08:09:38 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370] O58 - SDL:02/11/2006 - 08:09:40 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274] O58 - SDL:02/11/2006 - 08:09:31 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146] O58 - SDL:02/11/2006 - 08:09:20 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952] O58 - SDL:02/11/2006 - 08:09:23 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672] O58 - SDL:02/11/2006 - 08:09:24 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776] O58 - SDL:02/11/2006 - 08:09:26 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536] O58 - SDL:02/11/2006 - 08:09:22 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672] ~ Drivers: 90 Legitimates Filtered in 00mn 54s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\CAMILLE\AppData\Local\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: prefs.js [CAMILLE - 47b4pruj.default] user_pref("browser.babylon.HPOnNewTab", "search.babylon.com"); =>PUP.Babylon O69 - SBI: prefs.js [CAMILLE - 47b4pruj.default] user_pref("browser.newtab.url", "http://search.babylon.com/?affID=108988&tt=280612_6_&babsrc=NT_ss&mntrId=7410cf000000000000000024[...] =>PUP.Babylon O69 - SBI: prefs.js [CAMILLE - 47b4pruj.default] user_pref("browser.search.defaultenginename", "Search the web (Babylon)"); =>PUP.Babylon O69 - SBI: prefs.js [CAMILLE - 47b4pruj.default] user_pref("browser.search.order.1", "Search the web (Babylon)"); =>PUP.Babylon O69 - SBI: prefs.js [CAMILLE - 47b4pruj.default] user_pref("browser.search.selectedEngine", "Search the web (Babylon)"); =>PUP.Babylon O69 - SBI: prefs.js [CAMILLE - 47b4pruj.default] user_pref("browser.startup.homepage", "http://search.babylon.com/?affID=108988&tt=280612_6_&babsrc=HP_ss&mntrId=7410cf000000000000[...] =>PUP.Babylon O69 - SBI: prefs.js [CAMILLE - 47b4pruj.default] user_pref("extensions.BabylonToolbar.admin", false); =>PUP.Babylon O69 - SBI: prefs.js [CAMILLE - 47b4pruj.default] user_pref("extensions.BabylonToolbar.aflt", "babsst"); =>PUP.Babylon O69 - SBI: prefs.js [CAMILLE - 47b4pruj.default] user_pref("extensions.BabylonToolbar.babExt", ""); =>PUP.Babylon O69 - SBI: prefs.js [CAMILLE - 47b4pruj.default] user_pref("extensions.BabylonToolbar.babTrack", "affID=108988&tt=280612_6_"); =>PUP.Babylon O69 - SBI: prefs.js [CAMILLE - 47b4pruj.default] user_pref("extensions.BabylonToolbar.bbDpng", 14); =>PUP.Babylon O69 - SBI: prefs.js [CAMILLE - 47b4pruj.default] user_pref("extensions.BabylonToolbar.dfltSrch", false); =>PUP.Babylon O69 - SBI: prefs.js [CAMILLE - 47b4pruj.default] user_pref("extensions.BabylonToolbar.hmpg", false); =>PUP.Babylon O69 - SBI: prefs.js [CAMILLE - 47b4pruj.default] user_pref("extensions.BabylonToolbar.id", "7410cf0000000000000000247e972dcd"); =>PUP.Babylon O69 - SBI: prefs.js [CAMILLE - 47b4pruj.default] user_pref("extensions.BabylonToolbar.instlDay", "15522"); =>PUP.Babylon O69 - SBI: prefs.js [CAMILLE - 47b4pruj.default] user_pref("extensions.BabylonToolbar.instlRef", "sst"); =>PUP.Babylon O69 - SBI: prefs.js [CAMILLE - 47b4pruj.default] user_pref("extensions.BabylonToolbar.lastDP", 14); =>PUP.Babylon O69 - SBI: prefs.js [CAMILLE - 47b4pruj.default] user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1718:15:47"); =>PUP.Babylon O69 - SBI: prefs.js [CAMILLE - 47b4pruj.default] user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "12.0"); =>PUP.Babylon O69 - SBI: prefs.js [CAMILLE - 47b4pruj.default] user_pref("extensions.BabylonToolbar.newTab", true); =>PUP.Babylon O69 - SBI: prefs.js [CAMILLE - 47b4pruj.default] user_pref("extensions.BabylonToolbar.newTabUrl", "http://search.babylon.com/?babsrc=NT_bb"); =>PUP.Babylon O69 - SBI: prefs.js [CAMILLE - 47b4pruj.default] user_pref("extensions.BabylonToolbar.noFFXTlbr", false); =>PUP.Babylon O69 - SBI: prefs.js [CAMILLE - 47b4pruj.default] user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); =>PUP.Babylon O69 - SBI: prefs.js [CAMILLE - 47b4pruj.default] user_pref("extensions.BabylonToolbar.propectorlck", 120341333); =>PUP.Babylon O69 - SBI: prefs.js [CAMILLE - 47b4pruj.default] user_pref("extensions.BabylonToolbar.prtkDS", 1); =>PUP.Babylon O69 - SBI: prefs.js [CAMILLE - 47b4pruj.default] user_pref("extensions.BabylonToolbar.prtkHmpg", 1); =>PUP.Babylon O69 - SBI: prefs.js [CAMILLE - 47b4pruj.default] user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); =>PUP.Babylon O69 - SBI: prefs.js [CAMILLE - 47b4pruj.default] user_pref("extensions.BabylonToolbar.ptch_0717", true); =>PUP.Babylon O69 - SBI: prefs.js [CAMILLE - 47b4pruj.default] user_pref("extensions.BabylonToolbar.smplGrp", "tzb"); =>PUP.Babylon O69 - SBI: prefs.js [CAMILLE - 47b4pruj.default] user_pref("extensions.BabylonToolbar.srcExt", "ss"); =>PUP.Babylon O69 - SBI: prefs.js [CAMILLE - 47b4pruj.default] user_pref("extensions.BabylonToolbar.tlbrId", "base"); =>PUP.Babylon O69 - SBI: prefs.js [CAMILLE - 47b4pruj.default] user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17"); =>PUP.Babylon O69 - SBI: prefs.js [CAMILLE - 47b4pruj.default] user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1718:15:47"); =>PUP.Babylon O69 - SBI: prefs.js [CAMILLE - 47b4pruj.default] user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17"); =>PUP.Babylon O69 - SBI: prefs.js [CAMILLE - 47b4pruj.default] user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); =>PUP.Babylon O69 - SBI: prefs.js [CAMILLE - 47b4pruj.default] user_pref("extensions.BabylonToolbar_i.babExt", ""); =>PUP.Babylon O69 - SBI: prefs.js [CAMILLE - 47b4pruj.default] user_pref("extensions.BabylonToolbar_i.babTrack", "affID=108988&tt=280612_6_"); =>PUP.Babylon O69 - SBI: prefs.js [CAMILLE - 47b4pruj.default] user_pref("extensions.BabylonToolbar_i.hardId", "7410cf0000000000000000247e972dcd"); =>PUP.Babylon O69 - SBI: prefs.js [CAMILLE - 47b4pruj.default] user_pref("extensions.BabylonToolbar_i.id", "7410cf0000000000000000247e972dcd"); =>PUP.Babylon O69 - SBI: prefs.js [CAMILLE - 47b4pruj.default] user_pref("extensions.BabylonToolbar_i.instlDay", "15522"); =>PUP.Babylon O69 - SBI: prefs.js [CAMILLE - 47b4pruj.default] user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); =>PUP.Babylon O69 - SBI: prefs.js [CAMILLE - 47b4pruj.default] user_pref("extensions.BabylonToolbar_i.newTab", true); =>PUP.Babylon O69 - SBI: prefs.js [CAMILLE - 47b4pruj.default] user_pref("extensions.BabylonToolbar_i.newTabUrl", "http://search.babylon.com/?affID=108988&tt=280612_6_&babsrc=NT_ss&mntrId=7410c[...] =>PUP.Babylon O69 - SBI: prefs.js [CAMILLE - 47b4pruj.default] user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); =>PUP.Babylon O69 - SBI: prefs.js [CAMILLE - 47b4pruj.default] user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); =>PUP.Babylon O69 - SBI: prefs.js [CAMILLE - 47b4pruj.default] user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); =>PUP.Babylon O69 - SBI: prefs.js [CAMILLE - 47b4pruj.default] user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); =>PUP.Babylon O69 - SBI: prefs.js [CAMILLE - 47b4pruj.default] user_pref("extensions.BabylonToolbar_i.tlbrId", "base"); =>PUP.Babylon O69 - SBI: prefs.js [CAMILLE - 47b4pruj.default] user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); =>PUP.Babylon O69 - SBI: prefs.js [CAMILLE - 47b4pruj.default] user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1718:15:47"); =>PUP.Babylon O69 - SBI: prefs.js [CAMILLE - 47b4pruj.default] user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); =>PUP.Babylon O69 - SBI: prefs.js [CAMILLE - 47b4pruj.default] user_pref("extensions.enabledAddons", "{20a82645-c095-46ed-80e3-08825760534b}:0.0.0,ffxtlbr@babylon.com:1.1.9,{972ce4c6-7e08-4474-[...] =>PUP.Babylon O69 - SBI: prefs.js [CAMILLE - 47b4pruj.default] user_pref("keyword.URL", "http://search.babylon.com/?affID=108988&tt=280612_6_&babsrc=KW_ss&mntrId=7410cf0000000000000000247e972dc[...] =>PUP.Babylon O69 - SBI: SearchScopes [HKCU] {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} [DefaultScope] - (Conduit Search) - http://search.conduit.com O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Search the web (Babylon)) - http://search.babylon.com =>PUP.Babylon ~ Keys: Scanned in 00mn 00s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.618C1513864D0D76B4CD15D7185867C5] [SPRF][05/03/2013] (...) -- C:\ProgramData\1362489297.bdinstall.bin [1807629] [MD5.0641A46F1E58529A42EAD4573A3A0861] [SPRF][30/07/2011] (...) -- C:\ProgramData\A78323E928.sys [8] [MD5.A29D0EB94AF455615CEAF74C970A3104] [SPRF][15/03/2012] (...) -- C:\ProgramData\bdinstall.bin [75938] [MD5.434287308BAB12FA6BFF5CDDB83BF299] [SPRF][21/04/2014] (...) -- C:\ProgramData\KGyGaAvL.sys [2828] ~ Files: 4 Legitimates Filtered in 00mn 00s ---\\ Liste des exceptions du parefeu (FirewallRules) (O87) O87 - FAEL: "{99AAF323-5C92-4C4C-B61A-2D54E1B9D8F8}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\CAMILLE\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent O87 - FAEL: "{3071E01B-7C0E-40FC-B188-126C782DCA3F}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\CAMILLE\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent ~ Firewall: 2 Legitimates Filtered in 00mn 03s ---\\ Recherche de clés de registre CLSID (O101) [HKCR\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}] (Babylon toolbar helper) =>PUP.Babylon [HKCR\CLSID\{de4e75d3-60aa-4f02-a0e4-c8a40576574c}] (Facetheme) =>PUP.FCTPlugin ~ BCK: 5736 Legitimates Filtered in 00mn 12s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 29/04/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Demand 16/03/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 03/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe SS - | Demand 23/05/2012 129976 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe SS - | Demand 08/04/2008 1112560 | (RoxMediaDB10) . (.Sonic Solutions.) - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe SS - | Demand 24/03/2008 74384 | (stllssvr) . (.MicroVision Development, Inc..) - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe SS - | Auto 21/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 18/03/2010 113152 | (ACDaemon) . (.ArcSoft Inc..) - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe SR - | Auto 02/03/2009 81920 | (AESTFilters) . (.Andrea Electronics Corporation.) - C:\windows\System32\DriverStore\FileRepository\stwrt.inf_2159adbc\aestsrv.exe SR - | Auto 26/08/2008 14336 | (AgereModemAudio) . (.Agere Systems.) - C:\Program Files\LSI SoftModem\agrsmsvc.exe SR - | Auto 08/04/2014 2470688 | (CltMngSvc) . (.Conduit.) - C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe =>Toolbar.Conduit SR - | Demand 03/02/2009 209464 | (Com4QLBEx) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe SR - | Auto 11/12/2007 65536 | C:\Program Files\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (FTRTSVC) . (.France Telecom SA.) - C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe SR - | Auto 16/03/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SR - | Auto 09/10/2008 94208 | (HP Health Check Service) . (.Hewlett-Packard.) - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe SR - | Demand 23/10/2008 223232 | (hpqwmiex) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe SR - | Auto 16/12/2008 354840 | (IAANTMON) . (.Intel Corporation.) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe SR - | Auto 04/01/2007 112152 | (IviRegMgr) . (.InterVideo.) - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe SR - | Auto 10/01/2009 79136 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe SR - | Auto 04/01/2012 3015168 | (MAJTuto) . (...) - C:\Users\CAMILLE\AppData\Local\MAJTuto\MAJTuto.exe SR - | Auto 08/08/2008 777240 | (pdfcDispatcher) . (.PDF Complete Inc.) - C:\Program Files\PDF Complete\pdfsvc.exe SR - | Auto 24/07/2007 185632 | (PSI_SVC_2) . (.Protexis Inc..) - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe SR - | Auto 23/07/2013 69792 | (rpcnet) . (.Absolute Software Corp..) - C:\windows\system32\rpcnet.exe SR - | Auto 30/03/2009 254042 | (STacSV) . (.IDT, Inc..) - C:\windows\System32\DriverStore\FileRepository\stwrt.inf_2159adbc\STacSV.exe SR - | Auto 17/09/2013 54960 | (UPDATESRV) . (.Bitdefender.) - C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe SR - | Auto 28/11/2013 1343472 | (VSSERV) . (.Bitdefender.) - C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe SR - | Auto 21/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 15s ---\\ Scan Additionnel (O88) Database Version : 13045 - (09/05/2014) Clés trouvées (Keys found) : 28 Valeurs trouvées (Values found) : 3 Dossiers trouvés (Folders found) : 15 Fichiers trouvés (Files found) : 11 [HKLM\Software\Google\Chrome\Extensions\booedmolknjekdopkepjjeckmjkdpfgl] =>PUP.Manager^ [HKLM\Software\Google\Chrome\Extensions\flpcjncodpafbgdpnkljologafpionhb] =>PUP.Manager^ [HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc] =>Toolbar.Conduit^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\facetheme] =>PUP.FCTPlugin^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\PCTuto_is1] =>PUP.AgenceExclusive^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\PCTuto Maj_is1] =>PUP.AgenceExclusive^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect] =>Toolbar.Conduit^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdatePCTuto_is1] =>PUP.AgenceExclusive^ [HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>PUP.Babylon [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>PUP.Babylon [HKLM\Software\Classes\AppID\{759F1421-4D31-4C1F-8C51-E4956A037676}] =>Toolbar.Agent [HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper [HKLM\Software\Classes\CLSID\{E46C8196-B634-44a1-AF6E-957C64278AB1}] =>PUP.Babylon [HKLM\Software\Classes\AppID\escort.dll] =>PUP.Babylon [HKLM\Software\Classes\AppID\PCTutoBHO.DLL] =>Spyware.AgenceExclusive [HKLM\Software\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl] =>PUP.FCTPlugin [HKLM\Software\Classes\CLSID\{08C06D61-F1F3-4799-86F8-BE1A89362C85}] =>Toolbar.Orange [HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader [HKCU\Software\PCTuto] =>Spyware.AgenceExclusive [HKLM\Software\PCTuto] =>Spyware.AgenceExclusive [HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect] =>Toolbar.Conduit [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\PCTuto Avast_is1] =>Spyware.AgenceExclusive [HKLM\Software\Classes\Prod.cap] =>PUP.Babylon [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DE4E75D3-60AA-4F02-A0E4-C8A40576574C}] =>PUP.FCTPlugin [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DE4E75D3-60AA-4F02-A0E4-C8A40576574C}] =>PUP.FCTPlugin [HKLM\Software\Classes\CLSID\{DE4E75D3-60AA-4F02-A0E4-C8A40576574C}] =>PUP.FCTPlugin [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DE4E75D3-60AA-4F02-A0E4-C8A40576574C}] =>PUP.FCTPlugin [HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facetheme] =>PUP.FCTPlugin [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:PCTuto =>PUP.AgenceExclusive^ [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent =>P2P.BitTorrent^ C:\Users\CAMILLE\AppData\Local\Google\Chrome\User Data\Default\Extensions\booedmolknjekdopkepjjeckmjkdpfgl =>PUP.Manager^ C:\Users\CAMILLE\AppData\Local\Google\Chrome\User Data\Default\Extensions\flpcjncodpafbgdpnkljologafpionhb =>PUP.Manager^ C:\Users\CAMILLE\AppData\Roaming\Mozilla\Firefox\Profiles\47b4pruj.default\extensions\ffxtlbr@babylon.com =>PUP.Babylon^ C:\Program Files\PCTuto =>PUP.AgenceExclusive^ C:\ProgramData\Babylon =>PUP.Babylon^ C:\Users\CAMILLE\AppData\Roaming\Babylon =>PUP.Babylon^ C:\Users\CAMILLE\AppData\Roaming\PCtuto =>PUP.AgenceExclusive^ C:\Users\CAMILLE\AppData\Local\eojet =>PUP.Eorezo^ C:\Users\CAMILLE\AppData\Local\PCTuto =>PUP.AgenceExclusive^ C:\Program Files\object =>PUP.FCTPlugin C:\Program Files\SearchProtect =>Toolbar.Conduit C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCTuto =>Spyware.AgenceExclusive C:\Users\CAMILLE\AppData\Roaming\WebPlayerBdd =>Adware.SocialSkinz C:\Users\CAMILLE\AppData\Local\MAJTuto =>Spyware.AgenceExclusive C:\Users\CAMILLE\AppData\Local\SearchProtect =>Toolbar.Conduit C:\Users\CAMILLE\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent^ C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe =>Toolbar.Conduit^ C:\Program Files\SearchProtect\UI\bin\cltmngui.exe =>Toolbar.Conduit^ C:\Users\CAMILLE\AppData\Local\Temp\~nsu.tmp\Au_.exe =>Toolbar.Conduit^ C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe =>Toolbar.Conduit^ [HKCU\Software\iVIDI Plugin] =>PUP.Ividi^ [HKLM\Software\Babylon] =>PUP.Babylon^ [HKCR\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}] (Babylon toolbar helper) =>PUP.Babylon^ [HKCR\CLSID\{de4e75d3-60aa-4f02-a0e4-c8a40576574c}] (Facetheme) =>PUP.FCTPlugin^ C:\Program Files\object\bho_project.dll =>PUP.FCTPlugin C:\Users\CAMILLE\AppData\Local\Temp\GoogleToolbarInstaller1.log =>PUP.Babylon ~ Additionnel Scan: 357438 Items scanned in 01mn 20s ---\\ Récapitulatif des détections trouvées sur votre station http://nicolascoolman.byethost7.com/wordpress/toolbar-conduit/ =>Toolbar.Conduit http://nicolascoolman.byethost7.com/wordpress/pup-manager/ =>PUP.Manager http://nicolascoolman.byethost7.com/wordpress/pup-babylon/ =>PUP.Babylon http://nicolascoolman.byethost7.com/wordpress/spyware-agenceexclusive/ =>PUP.AgenceExclusive http://nicolascoolman.webs.com/apps/blog/show/30049678-pup-fctplugin =>PUP.FCTPlugin http://nicolascoolman.webs.com/apps/blog/show/26607014-pup-1clickdownloader =>PUP.1ClickDownloader http://nicolascoolman.webs.com/apps/blog/show/33067902-pup-ividi =>PUP.Ividi http://nicolascoolman.byethost7.com/wordpress/pup-eorezo/ =>PUP.Eorezo http://nicolascoolman.byethost7.com/wordpress/adware-socialskinz/ =>Adware.SocialSkinz ~ MSI: 9 link(s) detected in 00mn 00s ~ 2446 Legitimates filtered by white list End of the scan (667 lines in 05mn 09s)(0)