Publicité
Publicité
Format du document : text/plain
Prévisualisation
Rapport de ZHPDiag v2013.4.6.35 par Nicolas Coolman, Update du 06/04/2013
Run by greg at 07/04/2013 14:08:18
State :
High Elevated Privileges : OK
UAC : Deactivate by user
---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 20.0 v20.0 (Defaut)
---\\ Windows Product Information
~ Langage: Fran�ais
Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : PMJBM
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System Information
~ Processor: Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3070 MB (46% free)
System Restore: Activ� (Enable)
System drive C: has 32 GB (7%) free of 446 GB
---\\ Logged in mode
~ Computer Name: GREG-PC
~ User Name: greg
~ All Users Names: UpdatusUser, HomeGroupUser$, greg, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\greg\AppData\Roaming\
~ %Desktop% : C:\Users\greg\Budget\Desktop\
~ %Favorites% : C:\Users\greg\Favorites\
~ %LocalAppData% : C:\Users\greg\AppData\Local\
~ %StartMenu% : C:\Users\greg\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 32 Go of 446 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 3 Go of 20 Go)
E:\ CD-ROM drive (Not Inserted)
F:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
I:\ CD-ROM drive (Not Inserted)
J:\ CD-ROM drive (Not Inserted)
K:\ CD-ROM drive (Not Inserted)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Security Center: Scanned in 00mn 00s
---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de d�marrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.FA274190682AA41A46B285208ED46A74] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.02/02/2013 - 07:47:19.) -- C:\Windows\System32\wininet.dll [1392128]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d�ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioth�que de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.E453ACF4E7D44E5530B5D5F2B9CA8563] - (.Microsoft Corporation - Pilote du syst�me de fichiers NT.) (.31/08/2012 - 19:19:35.) -- C:\Windows\system32\Drivers\ntfs.sys [1659760]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parall�le.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 12:06:41.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 2/647
~ Mes musiques (My Musics) : 1/97
~ Mes Videos (My Videos) : 10/182
~ Mes Favoris (My Favorites) : 1/30
~ Mes Documents (My Documents) : 3/115107
~ Mon Bureau (My Desktop) : 3/7697
~ Menu demarrer (Programs) : 1/50
~ Hidden Files: Scanned in 01mn 19s
---\\ Processus lanc�s
[MD5.198B8C260AA185881415E2128E262497] - (.Panda Security - Internet resident proxy.) -- C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA INTERNET SECURITY 2013\WebProxy.exe [108032] [PID.1196]
[MD5.143A396C5A8A4288787AC4628D70C0AC] - (.Pas de propri�taire - MSIAfterburner.) -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [364544] [PID.2380]
[MD5.58C27029A6BD35FD26B5949080FC8708] - (.TeamViewer GmbH - TeamViewer 8.) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe [10220896] [PID.3304]
[MD5.349AB4F70E2AC44970894E7F03E1576E] - (.Huawei Technologies Co., Ltd. - DataCardMonitor MFC Application.) -- C:\ProgramData\DatacardService\DCSHelper.exe [236384] [PID.3328]
[MD5.F6987FF6C6D683F79FDCE707B071A997] - (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe [955392] [PID.3784]
[MD5.40C6BFD3AAEA862F5149BC45760E2A04] - (.Nokia - Nokia Suite.) -- C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090040] [PID.4208]
[MD5.8904DD33184C1DBFD114046D12A4E61A] - (.Ralink Technology, Corp. - Ralink Wireless LAN Card Utility.) -- C:\Program Files (x86)\Ralink\Common\RaUI.exe [12660072] [PID.5092]
[MD5.12916E0642E92561C98B18A2A2D01B14] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848] [PID.4708]
[MD5.DC73E11DC27E7D9AEF884EBE816C4240] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440] [PID.4352]
[MD5.AD655DC36242ECFE81981FC36A7A0E46] - (.Bandoo Media, inc - Data Manager.) -- C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe [1694608] [PID.4412] =>PUP.Datamngr
[MD5.3CB07566302BCEEB898DE270A0BEC175] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352] [PID.4828]
[MD5.19D5046BC28BCCE1D2772F47E8021A19] - (.Panda Security, S.L. - Panda permanent protection.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\ApVxdWin.exe [1037600] [PID.5048]
[MD5.53F08937688A81F7CF9E54CA12ADA1B5] - (.Nokia - Microsoft Bluetooth Media Server.) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe [149480] [PID.5476]
[MD5.74D1E004483998E076FBBC0DE9B59763] - (.Panda Security, S.L. - PavBckPT Aplicaci�n.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PavBckPT.exe [112128] [PID.5580]
[MD5.5DFE72B9F1FF669070FC032090B7B982] - (.Sun Microsystems, Inc. - Java(TM) Update Checker.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe [507312] [PID.4668]
[MD5.312FC312F84305E10828FDBF92CE4300] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [920472] [PID.7712]
[MD5.DCBEFF88C66216530634390C697CE001] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [17304] [PID.6664]
[MD5.680AD8F376970696B45269F074A8A28E] - (.Adobe Systems, Inc. - Adobe Flash Player 11.6 r602.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe [1822424] [PID.6700]
[MD5.7A6638028D84C2B87EAB6D0A0F38A095] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [6535680] [PID.5804]
[MD5.F0359F7CE712D69ACEF0886BDB4792ED] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [382824] [PID.852]
[MD5.341457B79B3FC31A80C346C767045879] - (.Panda Security, S.L. - Anti-malware protection support executable.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PskSvc.exe [28992] [PID.1328]
[MD5.71D19B5D542B6EEA00C99D9984DC901F] - (.Panda Security, S.L. - TPSrv Application.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\TPSrvWow.exe [173344] [PID.1372]
[MD5.A0101E836D2A39682E134C47B1565256] - (.Nero AG - Nero BackItUp.) -- C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [836904] [PID.2764]
[MD5.54F00466439F749EDDF29CBA0BC1A28A] - (.Panda Security, S.L. - Panda Software Controler.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PsCtrls.exe [177440] [PID.2240]
[MD5.F458128A5321BB48DF7B3D8E279F6393] - (.Panda Security, S.L. - Panda Function Service.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PavFnSvr.exe [202016] [PID.2584]
[MD5.2AE3F6B23448443BBEF5DE207159213B] - (.Panda Security, S.L. - Panda Process Protection Service.) -- C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe [62768] [PID.2184]
[MD5.4D8C2645A12FDDF9CD4A68DDE8496BEF] - (.Panda Security, S.L. - Enhanced On-Access Anti-Malware Service.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\pavsrvx86.exe [313664] [PID.2536]
[MD5.CC85A36EB009F45A53FF5344CCEFD58E] - (.Panda Security, S.L. - Enhanced On-Access Anti-Malware Protection.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\AVENGINE.exe [225088] [PID.2940]
[MD5.532053E8E3BB8FA7166AB4E7685FDDCC] - (.Panda Security International - Panda Host Service.) -- c:\program files (x86)\panda security\panda internet security 2013\firewall\PSHOST.exe [226560] [PID.2976]
[MD5.196C450F2779D0B462C444DA4906EA7F] - (.Panda Security S.L. - Panda Interface Manager Service.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PsImSvc.exe [108288] [PID.2616]
[MD5.F4C083E290BCBC8DA05C6E2C7F8053B9] - (.Ralink Technology, Corp. - RalinkRegistryWriter.) -- C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [372736] [PID.2428]
[MD5.6B1B2F8D62D606B200C2072564090104] - (.TeamViewer GmbH - TeamViewer 8.) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [3560288] [PID.576]
[MD5.3346201D0BA2E631C6D6D43ED8CB7E08] - (.TeamViewer GmbH - TeamViewer 8.) -- C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe [185696] [PID.4092]
[MD5.289E853881E688286AD24299FCC485D8] - (.Nokia - ServiceLayer Module.) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [732648] [PID.4944]
[MD5.D5247E09FA4559E9661AE5C0FB8106A2] - (.Nokia - Serial Media Server.) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe [127464] [PID.4188]
[MD5.D4106AC79DA6DF822AD3BFCD09802F5D] - (.Panda Security, S.L. - Panda AntiSpam Trainer.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\SRVLOAD.exe [91648] [PID.5188]
[MD5.D41861E56E7552C13674D7F147A02464] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13592] [PID.1380]
~ Processes Running: Scanned in 00mn 03s
---\\ Google Chrome, D�marrage,Recherche,Extensions (G0,G1,G2)
C:\Users\greg\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: Scanned in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\wd9yqzkv.default\prefs.js
C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\wd9yqzkv.default\user.js
M3 - MFPP: Plugins - [greg] -- C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\wd9yqzkv.default\searchplugins\delta.xml
M3 - MFPP: Plugins - [greg] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\babylon.xml =>Toolbar.Babylon
M3 - MFPP: Plugins - [greg] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
M2 - MFEP: prefs.js [greg - wd9yqzkv.default\DeviceDetection@logitech.com] [] ????????? ????????? Logitech v1.23.0.5 (.Logitech, Inc..)
M2 - MFEP: prefs.js [greg - wd9yqzkv.default\synchronize@nokia.suite] [] Firefox Synchronisation Extension v1.9.105.1160 (.Nokia Corporation.)
M2 - MFEP: prefs.js [greg - wd9yqzkv.default\{28387537-e3f9-4ed7-860c-11e69af4a8a0}] [] Wincore Mediabar v4.6.1.01 (.Visicom Media Inc..)
M2 - MFEP: prefs.js [greg - wd9yqzkv.default\{40a1f5d7-afc2-498f-b264-02668d616ff6}] [] Mega Manager Integration v1.1 (.Megaupload Limited.)
P2 - FPN:Firefox Plugin Navigator . (.vShare.tv - vShare.tv plug-in.) -- C:\Program Files (x86)\Mozilla Firefox\Plugins\npvsharetvplg.dll
P2 - FPN: [HKLM] [@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf] - (.Tracker Software Products Ltd. - PDF-XChange Viewer Netscape Gecko Plugin.) -- C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll
P2 - FPN: [HKLM] [@microsoft.com/OfficeAuthz,version=14.0] - (.Microsoft Corporation - Office Authorization plug-in for NPAPI browsers.) -- C:\Program Files\Microsoft Office\Office14\NPAUTHZ.dll
P2 - FPN: [HKCU] [@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf] - (.Tracker Software Products Ltd. - PDF-XChange Viewer Netscape Gecko Plugin.) -- C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
P2 - FPN: [HKCU] [@stonetrip.com/ShiVaWebPlayer,version=1.8.1.0] - (.Stonetrip - ShiVa3D Plugin 1,8,1,1 for 3D real-time applications made with ShiVa E.) -- C:\Users\greg\AppData\Roaming\..\LocalLow\StoneTrip\WebPlayer1.8.1\npShiVa3D_1.8.1.dll
~ Firefox Browser: 42 Legitimates Scanned in 00mn 01s
---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-search.com =>Toolbar.DeltaSearch
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
R3 - URLSearchHook: Microsoft Url Search Hook [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)) -- C:\Windows\SysWOW64\ieframe.dll
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1
R4 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0
~ IE Browser: Scanned in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects de navigateur (O2)
~ BHO: 7 Legitimates Scanned in 00mn 00s
---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [Skytel] . (.Realtek Semiconductor Corp. - Realtek Voice Manager.) -- C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] . (.Microsoft Corporation - Gestionnaire pour appareils Windows Mobile.) -- C:\Windows\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Start WingMan Profiler] . (.Logicool Co. Ltd. - Logicool WingMan Event Monitor.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
O4 - HKCU\..\Run: [EPSON SX100 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEDE.exe
O4 - HKCU\..\Run: [NokiaSuite.exe] . (.Nokia - Nokia Suite.) -- C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
O4 - HKCU\..\Run: [Mobile Partner] Cl� orpheline
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Wow6432Node\Run: [DATAMNGR] . (.Bandoo Media, inc - Data Manager.) -- C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe =>PUP.Datamngr
O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Wow6432Node\Run: [APVXDWIN] . (.Panda Security, S.L. - Panda permanent protection.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\APVXDWIN.exe
O4 - HKLM\..\Wow6432Node\Run: [SCANINICIO] . (.Panda Security, S.L. - Inicio Programado.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\Inicio.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-523843482-445515722-1061558379-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-523843482-445515722-1061558379-1000\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
O4 - HKUS\S-1-5-21-523843482-445515722-1061558379-1000\..\Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe
O4 - HKUS\S-1-5-21-523843482-445515722-1061558379-1000\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
O4 - HKUS\S-1-5-21-523843482-445515722-1061558379-1000\..\Run: [EPSON SX100 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEDE.exe
O4 - HKUS\S-1-5-21-523843482-445515722-1061558379-1000\..\Run: [NokiaSuite.exe] . (.Nokia - Nokia Suite.) -- C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
O4 - HKUS\S-1-5-21-523843482-445515722-1061558379-1000\..\Run: [Mobile Partner] Cl� orpheline
~ Application: Scanned in 00mn 01s
---\\ Autres liens utilisateurs (O4)
O4 - GS\QuickLaunch: Panda Internet Security 2013.lnk . (.Panda Security, S.L. - Panda Console.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\Iface.exe
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - �diteur de caract�res priv�s.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe
O4 - GS\TaskBar: adsl TV.lnk . (.adsl TV / FM - Pas de description.) -- C:\Program Files (x86)\adslTV\adsltv.exe
O4 - GS\TaskBar: Calculator.lnk . (.Microsoft Corporation - Calculatrice de Windows.) -- C:\Windows\system32\calc.exe
O4 - GS\TaskBar: Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\TaskBar: Windows Live Messenger.lnk . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
O4 - GS\Programs: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: JDownloader.lnk . (.AppWork GmbH - JDownloader 0.9.) -- C:\Program Files (x86)\JDownloader\JDownloaderPortable.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch: Mozilla Thunderbird.lnk . (.Mozilla Messaging - Thunderbird.) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
O4 - GS\QuickLaunch: Nero StartSmart Essentials.lnk . (.Nero AG - Nero StartSmart 8 Application.) -- C:\Program Files (x86)\Nero\Nero8\Nero StartSmart\NeroStartSmart.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Global Startup: Scanned in 00mn 01s
---\\ Invisibilit� de l'ic�ne d'options IE dans le panneau de Configuration (O5)
~ IE Control Panel: 1 Legitimates Scanned in 00mn 00s
---\\ Boutons situ�s sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer � OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: Notes &li�es OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.)
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Winsock hijacker (Layered Service Provider) (O10)
~ Winsock: 8 Legitimates Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0527B03D-5119-40D2-92B9-E0B19108017B}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{342815B1-553F-4DAD-9C66-D51A954401FB}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{DBAAF28D-3D5D-4F4A-87CF-55EFDB61E738}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{0527B03D-5119-40D2-92B9-E0B19108017B}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{0527B03D-5119-40D2-92B9-E0B19108017B}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{342815B1-553F-4DAD-9C66-D51A954401FB}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{DBAAF28D-3D5D-4F4A-87CF-55EFDB61E738}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0527B03D-5119-40D2-92B9-E0B19108017B}: DhcpDomain = lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{0527B03D-5119-40D2-92B9-E0B19108017B}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{342815B1-553F-4DAD-9C66-D51A954401FB}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{DBAAF28D-3D5D-4F4A-87CF-55EFDB61E738}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{0527B03D-5119-40D2-92B9-E0B19108017B}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: avldr . (.On-Access Anti-Malware Scanner Sync - On-Access Anti-Malware Scanner Sync.) -- C:\Windows\System32\avldr64.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Cl� de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
~ SSODL: 1 Legitimates Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: Ralink UPnP Media Server (RaMediaServer) . (...) - C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe
O23 - Service: Panda TPSrv (TPSrv) . (.Panda Security, S.L. - TPSrv Application.) - C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\TPSrvWow.exe
~ Services: 22 Legitimates Scanned in 00mn 12s
---\\ Enum�ration Active Desktop & MHTML Editor (O24)
~ Desktop Component: 1 Legitimates Scanned in 00mn 00s
---\\ BootExecute (O34)
~ BEX: 1 Legitimates Scanned in 00mn 00s
---\\ T�ches planifi�es en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SesamTVMC.job [104]
[MD5.143A396C5A8A4288787AC4628D70C0AC] [APT] [MSIAfterburner] (...) -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [364544]
[MD5.00000000000000000000000000000000] [APT] [{31FC56FE-8A3E-415C-B9D2-4674DBE754C2}] (...) -- C:\Program Files (x86)\Avira\AntiVir Desktop\licmgr.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B24D1AF5-0449-41F8-ACC5-317470263964}] (...) -- C:\Users\greg\Documents\Downloads\Programs\CPU_Stability_Test_6.0_Build_154_Finale.exe (.not file.) [0]
[MD5.51DF4F50FEC38E92BB9C7E21F7863AD5] [APT] [{BB5CF8AF-CD7F-4D73-8F20-9A89EF7309F0}] (.Intel.) -- C:\Medion\Intel LAN\PRO2KXP_v13_5.exe [12812288]
[MD5.00000000000000000000000000000000] [APT] [{C140D58C-05FA-4CC6-A12D-313EEDADFE3B}] (...) -- C:\Program Files (x86)\Nokia\Ovi\Application Installer\Application Installer\ApplicationInstaller.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{DB976CEF-6589-4EA3-BA2A-8748F820CDFE}] (...) -- C:\Program Files (x86)\EA SPORTS\LFP MANAGER 10\Manager10.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{E7D1AE91-0767-43F3-9D88-3CF8AFE35B9E}] (...) -- C:\Program Files (x86)\EA SPORTS\LFP MANAGER 10\Manager10.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{FE8F04BC-B347-42DA-8181-19A3E37B45CE}] (...) -- C:\Program Files (x86)\EA SPORTS\LFP MANAGER 10\Manager10.exe (.not file.) [0]
~ Scheduled Task: 19 Legitimates Scanned in 00mn 04s
---\\ Composants install�s (ActiveSetup Installed Components) (O40)
~ Active Setup: 11 Legitimates Scanned in 00mn 00s
---\\ Pilotes lanc�s au d�marrage (O41)
O41 - Driver: (dk2drv) . (.Data Encryption Systems Limited - DK2DRV.) - C:\Windows\sysTEM32\Drivers\dk2drv64.sys
~ Drivers: 78 Legitimates Scanned in 00mn 00s
---\\ Logiciels install�s (O42)
O42 - Logiciel: Adobe Flash Player 11 ActiveX - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 11 Plugin - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Reader 9.5.2 - Fran�ais - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-7AD7-1036-7B44-A95000000001}
O42 - Logiciel: Ciel Compta 16.0 - (.Ciel.) [HKLM][64Bits] -- {F3BCE8FA-0EE2-4628-BF02-AB5AF4077997}
O42 - Logiciel: Ciel Immobilisations 16.0 - (.Ciel.) [HKLM][64Bits] -- {83BB956C-103E-4D36-823D-A2A640DFAF06}
O42 - Logiciel: Ciel Paye 16.00 - (.CIEL.) [HKLM][64Bits] -- {CB004EB8-C6DD-4908-8D49-C8ABA082B346}
O42 - Logiciel: DK2 DESkey Drivers v7.18.1.33 - (.Data Encryption Systems Limited.) [HKLM][64Bits] -- DESkey DK2 Uninstall
O42 - Logiciel: HortipassLinkSetup - (.La Graine Informatique.) [HKLM][64Bits] -- {78C92FC3-73D9-4531-8930-5DAF72DD09BD}
O42 - Logiciel: Java 7 Update 9 - (.Oracle.) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F83217009FF}
O42 - Logiciel: Kernel for Excel Demo 10.10.01 - (.Nucleus Data Recovery.Com Pvt Ltd.) [HKLM][64Bits] -- Kernel For Excel Demo_is1
O42 - Logiciel: Lightning - (.MSI, Inc..) [HKLM][64Bits] -- Lightning_is1
O42 - Logiciel: Liveupdate4 - (.MSI, Inc..) [HKLM][64Bits] -- Liveupdate4_is1
O42 - Logiciel: MSI Afterburner 2.1.0 - (.MSI Co., LTD.) [HKLM][64Bits] -- Afterburner
O42 - Logiciel: MSI Kombustor 1.1.3 - (.MSI Co., LTD.) [HKLM][64Bits] -- {0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1
O42 - Logiciel: Mafia II - (.Take-Two Interactive Software, Inc..) [HKLM][64Bits] -- Mafia II_is1
O42 - Logiciel: Modern Warfare 3 - (.Activision.) [HKLM][64Bits] -- {5D168A3F-ECA3-4F98-A2AC-F809B2E533F9}_is1
O42 - Logiciel: Phoenix Service Software 2011.08.005.45529 - (.FOREMOBI TECH.) [HKLM][64Bits] -- Phoenix Service Software 2011.08.005.45529_is1
O42 - Logiciel: Phoenix Service Software 2012.04.003.47798 - (.Seidea.com.) [HKLM][64Bits] -- Phoenix Service Software 2012.04.003.47798_is1
O42 - Logiciel: ProCom Remoter - (.TELL Software Hung�ria Kft..) [HKLM][64Bits] -- {090E3361-B789-4372-86A0-2D15B2841635}_is1
O42 - Logiciel: Richard Burns Rally - (...) [HKLM][64Bits] -- {92C7D009-A464-4948-A980-7A3E28CB2F49}
O42 - Logiciel: S3D Web Player - (.Stonetrip.) [HKLM][64Bits] -- S3D Web Player
O42 - Logiciel: SanctionedMedia - (.SanctionedMedia.) [HKCU][64Bits] -- Smad
O42 - Logiciel: vShare.tv plugin 1.3 - (.vShare.tv, Inc..) [HKLM][64Bits] -- vShare.tv plugin
~ Logic: 181 Legitimates Scanned in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\8805706a]
[HKCU\Software\AppDataLow\Software\Stonetrip]
[HKCU\Software\AppDataLow\Software\searchqutoolbar] =>PUP.Datamngr
[HKCU\Software\BabylonToolbar] =>Toolbar.Babylon
[HKCU\Software\DataMngr] =>PUP.Datamngr
[HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr
[HKCU\Software\Grand Virtual]
[HKCU\Software\InstallCore] =>PUP.InstallCore
[HKCU\Software\Nseries]
[HKCU\Software\PartyFrance]
[HKCU\Software\PerformerSoft LLC]
[HKCU\Software\Recoveronix]
[HKCU\Software\SanctionedMedia]
[HKCU\Software\Sesam.tv]
[HKCU\Software\Software]
[HKCU\Software\StartSearch]
[HKCU\Software\TELL]
[HKCU\Software\Tomato]
[HKCU\Software\ZRT Labs]
[HKCU\Software\iMesh] =>PUP.iMesh
[HKCU\Software\rFactor]
[HKCU\Software\vShare.tv]
[HKLM\Software\DataMngr] =>PUP.Datamngr
[HKLM\Software\Tarma Installer] =>Toolbar.Tarma
[HKLM\Software\Wow6432Node\10tacle Studios]
[HKLM\Software\Wow6432Node\14919ea49a8f3b4aa3cf1058d9a64cec]
[HKLM\Software\Wow6432Node\Babylon] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Bytemobile]
[HKLM\Software\Wow6432Node\Data Encryption Systems Limited]
[HKLM\Software\Wow6432Node\DataMngr] =>PUP.Datamngr
[HKLM\Software\Wow6432Node\Download!]
[HKLM\Software\Wow6432Node\OMSI]
[HKLM\Software\Wow6432Node\SBDT AB]
[HKLM\Software\Wow6432Node\SCi Games]
[HKLM\Software\Wow6432Node\SOFTWARE]
[HKLM\Software\Wow6432Node\Sesam.tv]
[HKLM\Software\Wow6432Node\SetupManager2]
[HKLM\Software\Wow6432Node\Trymedia Systems] =>Adware.Trymedia
[HKLM\Software\Wow6432Node\Winsudate]
[HKLM\Software\Wow6432Node\iMeshMediabarTb] =>PUP.iMesh
[HKLM\Software\Wow6432Node\rFactor]
~ Key Software: 321 Legitimates Scanned in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 12/06/2011 - 18:11:36 - [0,022] ----D C:\Program Files (x86)\Dusco
O43 - CFD: 19/01/2013 - 20:10:31 - [0,052] ----D C:\Program Files (x86)\GTR2
O43 - CFD: 01/12/2012 - 18:52:29 - [12,285] ----D C:\Program Files (x86)\Hotspot 3G+ BTelecom
O43 - CFD: 28/01/2012 - 10:43:36 - [0,003] ----D C:\Program Files (x86)\IntoVPN
O43 - CFD: 20/09/2012 - 08:19:53 - [8,542] ----D C:\Program Files (x86)\Kernel for Excel(Demo Version)
O43 - CFD: 18/01/2013 - 11:05:48 - [15,391] ----D C:\Program Files (x86)\LFP Manager 13
O43 - CFD: 10/12/2012 - 21:06:28 - [12,774] ----D C:\Program Files (x86)\LGI
O43 - CFD: 31/10/2012 - 23:16:45 - [390,739] ----D C:\Program Files (x86)\Medal of Honor Warfighter
O43 - CFD: 20/11/2011 - 22:07:12 - [55,248] ----D C:\Program Files (x86)\MSI Afterburner
O43 - CFD: 17/08/2011 - 20:49:12 - [9,303] ----D C:\Program Files (x86)\MSI Kombustor
O43 - CFD: 16/01/2011 - 01:53:33 - [-2034,556] ----D C:\Program Files (x86)\rFactor
O43 - CFD: 10/01/2010 - 04:04:42 - [0,745] ----D C:\Program Files (x86)\SEAF
O43 - CFD: 12/06/2011 - 18:32:51 - [0] ----D C:\Program Files (x86)\SkyGrabber
O43 - CFD: 13/12/2012 - 19:48:14 - [1,251] ----D C:\Program Files (x86)\TELL
O43 - CFD: 11/09/2011 - 22:12:17 - [3,160] ----D C:\Program Files (x86)\Tomato
O43 - CFD: 09/02/2011 - 23:45:02 - [0,071] ----D C:\Program Files (x86)\Visual IP Locator
O43 - CFD: 24/08/2011 - 17:31:36 - [0,396] ----D C:\Program Files (x86)\vShare.tv plugin
O43 - CFD: 13/02/2012 - 19:37:15 - [19,456] ----D C:\Program Files (x86)\VWS Installer
O43 - CFD: 20/05/2012 - 23:10:29 - [0,089] ----D C:\Program Files (x86)\Common Files\DESkey
O43 - CFD: 11/09/2011 - 22:12:18 - [7,397] ----D C:\Program Files (x86)\Common Files\Tomato
O43 - CFD: 09/04/2012 - 10:52:28 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon
O43 - CFD: 21/05/2012 - 18:03:54 - [0,000] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 28/03/2013 - 13:53:03 - [1,198] ----D C:\ProgramData\Tarma Installer =>Toolbar.Tarma
O43 - CFD: 09/04/2012 - 10:52:27 - [0,012] ----D C:\Users\greg\AppData\Roaming\Babylon =>Toolbar.Babylon
O43 - CFD: 26/03/2013 - 23:58:29 - [0,308] ----D C:\Users\greg\AppData\Roaming\File Scout
O43 - CFD: 08/12/2011 - 23:58:45 - [0] ----D C:\Users\greg\AppData\Roaming\Fuoh
O43 - CFD: 28/03/2013 - 13:51:50 - [0] ----D C:\Users\greg\AppData\Roaming\PerformerSoft
O43 - CFD: 27/03/2013 - 00:00:27 - [0,076] ----D C:\Users\greg\AppData\Roaming\SpeedanAlysis
O43 - CFD: 29/05/2011 - 22:10:18 - [10,523] ----D C:\Users\greg\AppData\Roaming\StoneTrip
O43 - CFD: 11/09/2011 - 22:13:19 - [0,024] ----D C:\Users\greg\AppData\Roaming\Tomato
O43 - CFD: 31/12/2010 - 11:47:22 - [0,608] ----D C:\Users\greg\AppData\Roaming\uTorrent
O43 - CFD: 09/12/2011 - 19:01:00 - [0] ----D C:\Users\greg\AppData\Roaming\Ytcun
O43 - CFD: 05/02/2012 - 22:38:08 - [0,014] ----D C:\Users\greg\AppData\Local\Ilivid Player =>Adware.Bandoo
O43 - CFD: 31/12/2010 - 11:47:17 - [4,785] ----D C:\Users\greg\AppData\Local\Ludi
O43 - CFD: 04/12/2011 - 21:12:05 - [0] ----D C:\Users\greg\AppData\Local\SanctionedMedia
O43 - CFD: 20/05/2012 - 22:28:49 - [0,001] ----D C:\Users\greg\AppData\Local\Symbian-Toys.com
O43 - CFD: 10/12/2012 - 21:06:30 - [0,003] ----D C:\Users\greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hortipass Link
O43 - CFD: 19/08/2011 - 19:27:18 - [0,009] ----D C:\Users\greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
O43 - CFD: 02/12/2010 - 20:48:59 - [0,000] ----D C:\Users\greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rFactor
~ 813 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 1194 Legitimates Scanned in 00mn 49s
---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.70688C023197D56E9D2A9EA27C20E387] - 07/04/2013 - 13:07:35 RSHAD . (...) -- C:\Windows\System32\Drivers\APPFCONT.DAT [336656]
O44 - LFC:[MD5.70688C023197D56E9D2A9EA27C20E387] - 07/04/2013 - 13:07:35 RSHAD . (...) -- C:\Windows\System32\Drivers\APPFCONT.DAT.bck [336656]
O44 - LFC:[MD5.DD5B44C10C1E6F14A1CF266EBE7779DE] - 07/04/2013 - 10:21:51 RSHAD . (...) -- C:\Windows\System32\Drivers\APPFLTR.CFG [1132]
O44 - LFC:[MD5.DD5B44C10C1E6F14A1CF266EBE7779DE] - 07/04/2013 - 10:21:51 RSHAD . (...) -- C:\Windows\System32\Drivers\APPFLTR.CFG.bck [1132]
O44 - LFC:[MD5.4CE91CEDF6EC0F5FDFF2B6E2DB4E520A] - 07/04/2013 - 10:20:58 ---A- . (...) -- C:\Windows\NeroDigital.ini [69]
O44 - LFC:[MD5.3FDE033DFB0D07F8B7D5C9A3044AA121] - 31/03/2013 - 19:44:16 RSHAD . (.Nokia - PCCS Mode Change Filter Driver.) -- C:\Windows\System32\Drivers\pccsmcfdx64.sys [26112]
O44 - LFC:[MD5.CA0325D254FF03AF01DDC7F63C99C38A] - 29/03/2013 - 08:01:07 ---A- . (...) -- C:\Windows\win.ini [1544]
~ Files: 59 Legitimates Scanned in 01mn 10s
---\\ Op�rations et fonctions au d�marrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ D�ni du service (Local Security Authority) (O48)
~ LSA: 9 Legitimates Scanned in 00mn 00s
---\\ Contr�le du Safe Boot (CSB) (O49)
~ CBS: 13 Legitimates Scanned in 00mn 00s
---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{138bd396-cba3-11de-918c-baf384979b6e}\AutoRun\command. (...) -- I:\Installer.exe (.not file.)
O51 - MPSK:{311ff53f-0bc2-11e1-a875-001d923c563b}\AutoRun\command. (...) -- K:\setup.exe (.not file.)
O51 - MPSK:{5701edd2-515e-11df-8bd1-d26458c3156c}\AutoRun\command. (...) -- K:\LaunchU3.exe (.not file.)
O51 - MPSK:{968c617c-d753-11de-92f1-9d164219076e}\AutoRun\command. (...) -- J:\ADD_ON2.exe (.not file.)
O51 - MPSK:{f9650c62-3a00-11e2-a38a-c14a93a8b120}\AutoRun\command. (...) -- L:\AutoRun.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Trojan Driver Search Data (HKLM) (O52)
~ TDSD: 2 Legitimates Scanned in 00mn 00s
---\\ ShareTools MSconfig StartupReg (O53)
~ SMSR Keys: 10 Legitimates Scanned in 00mn 00s
---\\ Microsoft Control Security Providers (O54)
~ MSCP: 2 Legitimates Scanned in 00mn 00s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Scanned in 00mn 00s
---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "HonorAutoRunSetting"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "HonorAutoRunSetting"=0
~ MWPE Keys: 9 Legitimates Scanned in 00mn 00s
---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.612B44C59A812DF2B3A57ED64A3F28AA] - 24/09/2009 - 08:30:02 ---A- . (.NXP Semiconductors Germany GmbH - 3xHybrid.) -- C:\Windows\System32\Drivers\3xHybr64.sys [1305056]
O58 - SDL:[MD5.A16FB34E56C781DC56BE7492315655B9] - 03/08/2005 - 15:05:02 ---A- . (.Prolific Technology Inc. - USB-Serial USB Driver.) -- C:\Windows\SysWOW64\SER9PL.sys [35892]
~ Drivers: Scanned in 00mn 00s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: SEAF By C_XX - (.C_XX.) [HKLM] -- SEAF
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 31/01/2011 - C:\Windows\system32\Drivers\APPFLT64.sys (APPFLT) .(.Panda Security, S.L. - Panda APPFLT.) - LEGACY_APPFLT
O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\drivers\atapi.sys (atapi) .(.Microsoft Corporation - ATAPI IDE Miniport Driver.) - LEGACY_ATAPI
O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\Drivers\Beep.sys (Beep) .(.Microsoft Corporation - BEEP Driver.) - LEGACY_BEEP
O64 - Services: CurCS - 04/07/2012 - C:\Windows\system32\browser.dll (bowser) .(.Microsoft Corporation - DLL du service Explorateur d�ordinateurs.) - LEGACY_BOWSER
O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\DRIVERS\cdfs.sys (cdfs) .(.Microsoft Corporation - CD-ROM File System Driver.) - LEGACY_CDFS
O64 - Services: CurCS - 14/12/2012 - C:\Windows\system32\DRIVERS\COMFiltr.sys (ComFiltr) .(.Pas de propri�taire - COMFiltr.) - LEGACY_COMFILTR
O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\cscsvc.dll (CSC) .(.Microsoft Corporation - DLL du service CSC.) - LEGACY_CSC
O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\drivers\dfsc.sys (DfsC) .(.Microsoft Corporation - DFS Namespace Client Driver.) - LEGACY_DFSC
O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\drivers\discache.sys (discache) .(.Microsoft Corporation - System Indexer/Cache Driver.) - LEGACY_DISCACHE
O64 - Services: CurCS - 20/05/2012 - C:\Windows\sysTEM32\Drivers\dk2drv64.sys (dk2drv) .(.Data Encryption Systems Limited - DK2DRV.) - LEGACY_DK2DRV
O64 - Services: CurCS - 25/09/2009 - C:\Windows\system32\Drivers\DSAFLT64.sys (DSAFLT) .(.Panda Security, S.L. - Pas de description.) - LEGACY_DSAFLT
O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\Drivers\fastfat.sys (fastfat) .(.Microsoft Corporation - Fast FAT File System Driver.) - LEGACY_FASTFAT
O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\drivers\fileinfo.sys (FileInfo) .(.Microsoft Corporation - FileInfo Filter Driver.) - LEGACY_FILEINFO
O64 - Services: CurCS - 15/02/2008 - C:\Program Files (x86)\MSI\Live Update 4\LU4\FLASHsys64.sys - FLASHSYS (FLASHSYS) .(...) - LEGACY_FLASHSYS
O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\drivers\fltmgr.sys (FltMgr) .(.Microsoft Corporation - Gestionnaire de filtres de syst�me de fichi.) - LEGACY_FLTMGR
O64 - Services: CurCS - 25/09/2009 - C:\Windows\system32\Drivers\fnetm64.sys (FNETMON) .(.Panda Security, S.L. - Panda FNetMon.) - LEGACY_FNETMON
O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\drivers\http.sys (HTTP) .(.Microsoft Corporation - HTTP Pile du protocole.) - LEGACY_HTTP
O64 - Services: CurCS - 09/09/2010 - C:\Windows\system32\Drivers\IDSFLT64.sys (IDSFLT) .(.Panda Security, S.L. - Intrusion Detection System.) - LEGACY_IDSFLT
O64 - Services: CurCS - 02/06/2012 - C:\Windows\System32\Drivers\ksecdd.sys (KSecDD) .(.Microsoft Corporation - Kernel Security Support Provider Interface.) - LEGACY_KSECDD
O64 - Services: CurCS - 02/06/2012 - C:\Windows\System32\Drivers\ksecpkg.sys (KSecPkg) .(.Microsoft Corporation - Kernel Security Support Provider Interface.) - LEGACY_KSECPKG
O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\drivers\mountmgr.sys (mountmgr) .(.Microsoft Corporation - Gestionnaire des points de montage.) - LEGACY_MOUNTMGR
O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\FirewallAPI.dll (mpsdrv) .(.Microsoft Corporation - API du Pare-feu Windows.) - LEGACY_MPSDRV
O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\webclnt.dll (MRxDAV) .(.Microsoft Corporation - Fichier DLL du service DAV pour le Web.) - LEGACY_MRXDAV
O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\wkssvc.dll (mrxsmb) .(.Microsoft Corporation - DLL du service Station de travail.) - LEGACY_MRXSMB
O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\wkssvc.dll (mrxsmb10) .(.Microsoft Corporation - DLL du service Station de travail.) - LEGACY_MRXSMB10
O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\drivers\msisadrv.sys (msisadrv) .(.Microsoft Corporation - ISA Driver.) - LEGACY_MSISADRV
O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\DRIVERS\netbios.sys (NetBIOS) .(.Microsoft Corporation - NetBIOS interface driver.) - LEGACY_NETBIOS
O64 - Services: CurCS - 25/09/2009 - C:\Windows\system32\Drivers\NETTDI64.sys (NETFLTDI) .(.Panda Security, S.L. - Panda TDI Filter.) - LEGACY_NETFLTDI
O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\drivers\nsiproxy.sys (nsiproxy) .(.Microsoft Corporation - NSI Proxy.) - LEGACY_NSIPROXY
O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\drivers\pcw.sys (pcw) .(.Microsoft Corporation - Performance Counters for Windows Driver.) - LEGACY_PCW
O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\drivers\peauth.sys (PEAUTH) .(.Microsoft Corporation - Protected Environment Authentication and Au.) - LEGACY_PEAUTH
O64 - Services: CurCS - 20/11/2010 - C:\Windows\System32\drivers\pacer.sys (Psched) .(.Microsoft Corporation - Planificateur de paquets QoS.) - LEGACY_PSCHED
O64 - Services: CurCS - 12/06/2011 - C:\Windows\system32\Drivers\pssdk42.sys (PSSDK42) .(.microOLAP Technologies LTD - PSSDK Driver Protocol v4.2 64bit.) - LEGACY_PSSDK42
O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\drivers\qwavedrv.sys (QWAVEdrv) .(.Microsoft Corporation - Pilote du support de Microsoft Quality Wind.) - LEGACY_QWAVEDRV
O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\wkssvc.dll (rdbss) .(.Microsoft Corporation - DLL du service Station de travail.) - LEGACY_RDBSS
O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\DRIVERS\RDPCDD.sys (RDPCDD) .(.Microsoft Corporation - RDP Miniport.) - LEGACY_RDPCDD
O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\drivers\RDPENCDD.sys (RDPENCDD) .(.Microsoft Corporation - RDP Encoder Miniport.) - LEGACY_RDPENCDD
O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\drivers\RdpRefMp.sys (RDPREFMP) .(.Microsoft Corporation - RDP Reflector Driver Miniport.) - LEGACY_RDPREFMP
O64 - Services: CurCS - 27/05/2010 - C:\Program Files (x86)\MSI Afterburner\RTCore64.sys - RTCore64 (RTCore64) .(...) - LEGACY_RTCORE64
O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\Drivers\spldr.sys (spldr) .(.Microsoft Corporation - loader for security processor.) - LEGACY_SPLDR
O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\srvsvc.dll (srv) .(.Microsoft Corporation - DLL du service Serveur.) - LEGACY_SRV
O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\srvsvc.dll (srv2) .(.Microsoft Corporation - DLL du service Serveur.) - LEGACY_SRV2
O64 - Services: CurCS - 03/10/2012 - C:\Windows\System32\drivers\tcpipreg.sys (tcpipreg) .(.Microsoft Corporation - TCP/IP Registry Compatibility Driver.) - LEGACY_TCPIPREG
O64 - Services: CurCS - 20/11/2010 - C:\Windows\System32\DRIVERS\udfs.sys (udfs) .(.Microsoft Corporation - UDF File System Driver.) - LEGACY_UDFS
O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\vmbusres.dll (vmbus) .(.Microsoft Corporation - Fichier DLL de ressources de bus VMBus.) - LEGACY_VMBUS
O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\drivers\volmgrx.sys (volmgrx) .(.Microsoft Corporation - Pilote d�extension du gestionnaire de volum.) - LEGACY_VOLMGRX
O64 - Services: CurCS - 20/11/2010 - C:\Windows\System32\DRIVERS\vpcnfltr.sys (vpcnfltr) .(.Microsoft Corporation - Virtual PC Network Filter Driver.) - LEGACY_VPCNFLTR
O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\DRIVERS\vwififlt.sys (vwififlt) .(.Microsoft Corporation - Virtual WiFi Filter Driver.) - LEGACY_VWIFIFLT
O64 - Services: CurCS - 26/07/2012 - C:\Windows\System32\drivers\Wdf01000.sys (Wdf01000) .(.Microsoft Corporation - Runtime de l�infrastructure de pilotes en m.) - LEGACY_WDF01000
O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\DRIVERS\wfplwf.sys (WfpLwf) .(.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - LEGACY_WFPLWF
O64 - Services: CurCS - 25/09/2009 - C:\Windows\system32\Drivers\WNMFLT64.sys (WNMFLT) .(.Panda Security, S.L. - Pas de description.) - LEGACY_WNMFLT
O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\drivers\ws2ifsl.sys (ws2ifsl) .(.Microsoft Corporation - Couche IFS Winsock2.) - LEGACY_WS2IFSL
O64 - Services: CurCS - 26/07/2012 - C:\Windows\System32\drivers\WudfPf.sys (WudfPf) .(.Microsoft Corporation - Windows Driver Foundation - User-mode Drive.) - LEGACY_WUDFPF
~ Legacy: 98 Legitimates Scanned in 00mn 01s
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.js>[HKLM\..\open\Command] (.Panda Security, S.L. - Panda Script Blocking.) -- C:\Program Files (x86)\PANDAS~1\PANDAI~1\PAVSCRIP.exe
O67 - Shell Spawning: <.js>[HKCR\..\open\Command] (.Panda Security, S.L. - Panda Script Blocking.) -- C:\Program Files (x86)\PANDAS~1\PANDAI~1\PAVSCRIP.exe
~ FASS Keys: 19 Legitimates Scanned in 00mn 00s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("browser.babylon.HPOnNewTab", "search.babylon.com"); =>Toolbar.Babylon
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("browser.search.defaultengine", "Web Search");
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); =>Toolbar.Babylon
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.BabylonToolbar_i.babExt", ""); =>Toolbar.Babylon
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110819&tt=050412_30b"); =>Toolbar.Babylon
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.BabylonToolbar_i.hardId", "42c104500000000000000015af4332a8"); =>Toolbar.Babylon
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.BabylonToolbar_i.id", "42c104500000000000000015af4332a8"); =>Toolbar.Babylon
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.BabylonToolbar_i.instlDay", "15439"); =>Toolbar.Babylon
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); =>Toolbar.Babylon
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.BabylonToolbar_i.newTab", true); =>Toolbar.Babylon
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.BabylonToolbar_i.newTabUrl", "http://search.babylon.com/?affID=110819&tt=050412_30b&babsrc=NT_ss&mntrId=42c1[...] =>Toolbar.Babylon
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); =>Toolbar.Babylon
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); =>Toolbar.Babylon
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); =>Toolbar.Babylon
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); =>Toolbar.Babylon
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9"); =>Toolbar.Babylon
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); =>Toolbar.Babylon
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1710:54:09"); =>Toolbar.Babylon
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); =>Toolbar.Babylon
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.delta.admin", false);
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.delta.aflt", "babsst");
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.delta.autoRvrt", "false");
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.delta.dfltLng", "en");
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.delta.excTlbr", false);
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.delta.id", "42c104500000000000000015af4332a8");
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.delta.instlDay", "15790");
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.delta.instlRef", "sst");
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.delta.newTab", false);
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.delta.prdct", "delta");
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.delta.prtnrId", "delta");
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.delta.rvrt", "false");
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.delta.smplGrp", "none");
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.delta.tlbrId", "base");
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.delta.tlbrSrchUrl", "");
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.delta.vrsn", "1.8.10.0");
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.delta.vrsnTs", "1.8.10.023:00:13");
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.delta.vrsni", "1.8.10.0");
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.vshare@toolbar.update.enabled", false);
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Delta Search) - http://www.delta-search.com =>Toolbar.DeltaSearch
O69 - SBI: SearchScopes [HKCU] {4A72D4A8-EBEF-40FC-BE1F-10F7A5FC2E73} - (Web Search) - http://startsear.ch
O69 - SBI: SearchScopes [HKCU] {972F176C-63F2-459B-9709-8D100364A4BB} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} [DefaultScope] - (Search Results) - http://dts.search-results.com
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} - (Search Results) - http://dts.search-results.com
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} - (Search Results) - http://dts.search-results.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche des services d�marr�s par Svchost (O83)
~ Services: 32 Legitimates Scanned in 00mn 00s
---\\ Recherche particuliere � la racine de certains dossiers (O84)
[MD5.07A3AB7469B7826F938D40AA4820E926] [SPRF][01/12/2008] (...) -- C:\Users\greg\AppData\Local\Temp\aae.exe [8990720]
[MD5.BCB0728F4B117855765CE8FE883B5E9B] [SPRF][02/04/2013] (...) -- C:\Users\greg\AppData\Local\Temp\NEventMessages.dll [1536]
[MD5.BCB0728F4B117855765CE8FE883B5E9B] [SPRF][02/04/2013] (...) -- C:\Users\greg\AppData\Local\Temp\NOSEventMessages.dll [1536]
[MD5.188460B7F1C0721A21951F0F7C1682E6] [SPRF][30/09/2011] (...) -- C:\Users\greg\Budget\Desktop\cc_20110930_203127.reg [3256]
[MD5.EB04478ACAD5B48178F9F92285CFF09D] [SPRF][20/10/2011] (...) -- C:\Users\greg\Budget\Desktop\cc_20111020_211113.reg [19138]
[MD5.AACC28EBFAE250B9411A97980D52009F] [SPRF][02/12/2011] (...) -- C:\Users\greg\Budget\Desktop\cc_20111202_203413.reg [12634]
[MD5.FEB8DC5096AD63CACE93A7FCF20CE86D] [SPRF][09/03/2012] (...) -- C:\Users\greg\Budget\Desktop\cc_20120309_195056.reg [23866]
[MD5.DC8FA7560A354F4DE2500954EA7A6C37] [SPRF][21/04/2012] (...) -- C:\Users\greg\Budget\Desktop\cc_20120421_172859.reg [2846]
[MD5.2FD994827193B68DD301F80BDF744231] [SPRF][03/04/2009] (.Husdawg, LLC - System Requirements Lab.) -- C:\Windows\Downloaded Program Files\sysreqlab_nvd.dll [354608]
~ Files: Scanned in 00mn 00s
---\\ Firewall Active Exception List (FirewallRules) (O87)
~ Firewall: 226 Legitimates Scanned in 00mn 02s
---\\ Scan Additionnel (O88)
Database Version : v2.11473 - (06/04/2013)
Cl�s trouv�es (Keys found) : 99
Valeurs trouv�es (Values found) : 1
Dossiers trouv�s (Folders found) : 7
Fichiers trouv�s (Files found) : 0
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}] =>Adware.Yontoo
[HKLM\Software\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28387537-e3f9-4ed7-860c-11e69af4a8a0}] =>PUP.iMesh
[HKLM\Software\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}] =>Adware.Bandoo
[HKLM\Software\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}] =>Toolbar.Babylon
[HKLM\Software\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}] =>Adware.Bandoo
[HKLM\Software\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}] =>Adware.Bandoo
[HKLM\Software\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}] =>Toolbar.Babylon
[HKLM\Software\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}] =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Adware.AskSBAR
[HKLM\Software\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}] =>Adware.Bandoo
[HKLM\Software\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}] =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}] =>Toolbar.Babylon
[HKLM\Software\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] =>Adware.Bandoo
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] =>Adware.Bandoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}] =>Adware.Bandoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}] =>Adware.Bandoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}] =>Toolbar.Agent
[HKLM\Software\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}] =>Adware.Bandoo
[HKLM\Software\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}] =>Spyware.Soft2PC
[HKLM\Software\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}] =>Spyware.Soft2PC
[HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper
[HKLM\Software\Wow6432Node\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper
[HKLM\Software\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}] =>Adware.Bandoo
[HKLM\Software\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\BrowserConnection.dll] =>Adware.Bandoo
[HKLM\Software\Classes\AppID\DNSBHO.dll] =>Adware.Bandoo
[HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader
[HKCU\Software\BabylonToolbar] =>Toolbar.Babylon
[HKCU\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\DataMngr] =>Adware.Bandoo
[HKCU\Software\DataMngr_Toolbar] =>Toolbar.Agent
[HKCU\Software\Grand Virtual] =>Spyware.AgenceExclusive
[HKCU\Software\iMesh] =>PUP.iMesh
[HKLM\Software\Wow6432Node\iMeshMediabarTB] =>PUP.iMesh
[HKCU\Software\PartyFrance] =>Casino.OnlineGames
[HKCU\Software\AppDataLow\Software\searchqutoolbar] =>Adware.Bandoo
[HKCU\Software\StartSearch] =>Hijacker.Agent
[HKLM\Software\Tarma Installer] =>Toolbar.Agent
[HKCU\Software\vShare.tv] =>PUP.VShareRedir
[HKLM\Software\Wow6432Node\Winsudate] =>Adware.Gibmedia
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASAPI32] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASMANCS] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Tracing\SearchquMediaBar_RASAPI32] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Tracing\SearchquMediaBar_RASMANCS] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS] =>Adware.Bandoo
[HKLM\Software\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}] =>Toolbar.Conduit
[HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Setup_RASAPI32] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Setup_RASMANCS] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}] =>Toolbar.Freecorder
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Smad] =>Trojan.Smad
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}] =>Adware.Bandoo^
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}] =>Adware.Bandoo^
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar]:{99079A25-328F-4BD4-BE04-00955ACAA0A7} =>Adware.Bandoo
C:\Program Files (x86)\Windows Searchqu Toolbar =>Adware.Bandoo
C:\Program Files (x86)\vShare.tv plugin =>PUP.VShareRedir
C:\ProgramData\Babylon =>Toolbar.Babylon
C:\Users\greg\AppData\Roaming\Babylon =>Toolbar.Babylon
C:\Users\greg\AppData\LocalLow\searchquband =>Adware.Bandoo
C:\Users\greg\AppData\LocalLow\mediabarim =>PUP.iMesh
C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\wd9yqzkv.default\mediabarim =>PUP.iMesh
~ Additionnel: Scanned in 00mn 26s
---\\ Product Upgrade Codes (O90)
O90 - PUC: "7FB15A97CEF69BB47993F814B5EFE723" . (.Phoenix Service Software.) -- C:\Windows\Installer\{79A51BF7-6FEC-4BB9-9739-8F415BFE7E32}\ARPPRODUCTICON.exe
O90 - PUC: "96299809B4552764F9D8A4A2D0A05F5B" . (..) -- C:\Windows\Installer\{90899269-554B-4672-9F8D-4A2A0D0AF5B5}\ARPPRODUCTICON.exe
O90 - PUC: "BF187F69A25C9E340A7EE964844279E5" . (.Phoenix Service Software.) -- C:\Windows\Installer\{96F781FB-C52A-43E9-A0E7-9E464824975E}\ARPPRODUCTICON.exe
~ Update Products: 117 Legitimates Scanned in 00mn 00s
---\\ Random Export Key (O91)
[HKLM\Software\Wow6432Node\14919ea49a8f3b4aa3cf1058d9a64cec] => Cl� orpheline
~ Export Key Software: Scanned in 00mn 00s
---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 12/03/2013 253656 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 17/12/2007 163840 | (EPSON_EB_RPCV4_01) . (.SEIKO EPSON CORPORATION.) - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.exe
SR - | Auto 11/01/2007 126464 | (EPSON_PM_RPCV4_01) . (.SEIKO EPSON CORPORATION.) - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.exe
SS - | Auto 03/12/2009 135664 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 03/12/2009 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SR - | Auto 346976 | (HWDeviceService64.exe) . (...) - C:\ProgramData\DatacardService\HWDeviceService64.exe
SR - | Auto 20/05/2011 13592 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SS - | Demand 14/11/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
SS - | Demand 124512 | (Installer Service) . (...) - C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{E3A0C45A-7EDB-48EB-AB86-2445E74FBFBB}\Installer\InstallerService.exe
SR - | Auto 22/09/2010 165032 | (Intel(R) PROSet Monitoring Service) . (.Intel Corporation.) - C:\Windows\system32\IProsetMonitor.exe
SS - | Demand 25/11/2011 427640 | (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\x64\maconfservice.exe
SS - | Demand 04/04/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 08/08/2007 836904 | (Nero BackItUp Scheduler 3) . (.Nero AG.) - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
SS - | Demand 21/08/2007 382248 | (NMIndexingService) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
SR - | Auto 02/10/2012 891240 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SS - | Auto 10/10/2012 1258856 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 19/11/2012 177440 | (Panda Software Controller) . (.Panda Security, S.L..) - C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PsCtrls.exe
SR - | Auto 21/09/2012 202016 | (PAVFNSVR) . (.Panda Security, S.L..) - C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PavFnSvr.exe
SR - | Auto 04/02/2008 62768 | (PavPrSrv) . (.Panda Security, S.L..) - C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe
SR - | Auto 13/04/2011 313664 | (PAVSRV) . (.Panda Security, S.L..) - C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\pavsrvx86.exe
SR - | Auto 26/11/2009 226560 | (PSHost) . (.Panda Security International.) - c:\program files (x86)\panda security\panda internet security 2013\firewall\PSHOST.exe
SR - | Auto 19/06/2008 108288 | (PSIMSVC) . (.Panda Security S.L..) - C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PsImSvc.exe
SR - | Auto 16/08/2010 28992 | (PskSvcRetail) . (.Panda Security, S.L..) - C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PskSvc.exe
SR - | Auto 12/01/2012 372736 | (RalinkRegistryWriter) . (.Ralink Technology, Corp..) - C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
SR - | Auto 12/01/2012 447488 | (RalinkRegistryWriter64) . (.Ralink Technology, Corp..) - C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
SS - | Auto 625728 | (RaMediaServer) . (...) - C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe
SR - | Demand 19/12/2012 732648 | (ServiceLayer) . (.Nokia.) - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
SS - | Demand 25/11/2010 403240 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SR - | Auto 02/10/2012 382824 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 06/03/2013 3560288 | (TeamViewer8) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
SR - | Auto 16/11/2012 173344 | (TPSrv) . (.Panda Security, S.L..) - C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\TPSrvWow.exe
SR - | Auto 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Disabled 12/11/2001 20480 | (x10nets) . (.X10.) - C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe
~ Services: Scanned in 00mn 01s
~ 2318 Legitimates filtered by white list
End of the scan (908 lines in 04mn 24s)(0)
Run by greg at 07/04/2013 14:08:18
State :
High Elevated Privileges : OK
UAC : Deactivate by user
---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 20.0 v20.0 (Defaut)
---\\ Windows Product Information
~ Langage: Fran�ais
Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : PMJBM
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System Information
~ Processor: Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3070 MB (46% free)
System Restore: Activ� (Enable)
System drive C: has 32 GB (7%) free of 446 GB
---\\ Logged in mode
~ Computer Name: GREG-PC
~ User Name: greg
~ All Users Names: UpdatusUser, HomeGroupUser$, greg, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\greg\AppData\Roaming\
~ %Desktop% : C:\Users\greg\Budget\Desktop\
~ %Favorites% : C:\Users\greg\Favorites\
~ %LocalAppData% : C:\Users\greg\AppData\Local\
~ %StartMenu% : C:\Users\greg\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 32 Go of 446 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 3 Go of 20 Go)
E:\ CD-ROM drive (Not Inserted)
F:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
I:\ CD-ROM drive (Not Inserted)
J:\ CD-ROM drive (Not Inserted)
K:\ CD-ROM drive (Not Inserted)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Security Center: Scanned in 00mn 00s
---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de d�marrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.FA274190682AA41A46B285208ED46A74] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.02/02/2013 - 07:47:19.) -- C:\Windows\System32\wininet.dll [1392128]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d�ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioth�que de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.E453ACF4E7D44E5530B5D5F2B9CA8563] - (.Microsoft Corporation - Pilote du syst�me de fichiers NT.) (.31/08/2012 - 19:19:35.) -- C:\Windows\system32\Drivers\ntfs.sys [1659760]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parall�le.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 12:06:41.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 2/647
~ Mes musiques (My Musics) : 1/97
~ Mes Videos (My Videos) : 10/182
~ Mes Favoris (My Favorites) : 1/30
~ Mes Documents (My Documents) : 3/115107
~ Mon Bureau (My Desktop) : 3/7697
~ Menu demarrer (Programs) : 1/50
~ Hidden Files: Scanned in 01mn 19s
---\\ Processus lanc�s
[MD5.198B8C260AA185881415E2128E262497] - (.Panda Security - Internet resident proxy.) -- C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA INTERNET SECURITY 2013\WebProxy.exe [108032] [PID.1196]
[MD5.143A396C5A8A4288787AC4628D70C0AC] - (.Pas de propri�taire - MSIAfterburner.) -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [364544] [PID.2380]
[MD5.58C27029A6BD35FD26B5949080FC8708] - (.TeamViewer GmbH - TeamViewer 8.) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe [10220896] [PID.3304]
[MD5.349AB4F70E2AC44970894E7F03E1576E] - (.Huawei Technologies Co., Ltd. - DataCardMonitor MFC Application.) -- C:\ProgramData\DatacardService\DCSHelper.exe [236384] [PID.3328]
[MD5.F6987FF6C6D683F79FDCE707B071A997] - (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe [955392] [PID.3784]
[MD5.40C6BFD3AAEA862F5149BC45760E2A04] - (.Nokia - Nokia Suite.) -- C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090040] [PID.4208]
[MD5.8904DD33184C1DBFD114046D12A4E61A] - (.Ralink Technology, Corp. - Ralink Wireless LAN Card Utility.) -- C:\Program Files (x86)\Ralink\Common\RaUI.exe [12660072] [PID.5092]
[MD5.12916E0642E92561C98B18A2A2D01B14] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848] [PID.4708]
[MD5.DC73E11DC27E7D9AEF884EBE816C4240] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440] [PID.4352]
[MD5.AD655DC36242ECFE81981FC36A7A0E46] - (.Bandoo Media, inc - Data Manager.) -- C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe [1694608] [PID.4412] =>PUP.Datamngr
[MD5.3CB07566302BCEEB898DE270A0BEC175] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352] [PID.4828]
[MD5.19D5046BC28BCCE1D2772F47E8021A19] - (.Panda Security, S.L. - Panda permanent protection.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\ApVxdWin.exe [1037600] [PID.5048]
[MD5.53F08937688A81F7CF9E54CA12ADA1B5] - (.Nokia - Microsoft Bluetooth Media Server.) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe [149480] [PID.5476]
[MD5.74D1E004483998E076FBBC0DE9B59763] - (.Panda Security, S.L. - PavBckPT Aplicaci�n.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PavBckPT.exe [112128] [PID.5580]
[MD5.5DFE72B9F1FF669070FC032090B7B982] - (.Sun Microsystems, Inc. - Java(TM) Update Checker.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe [507312] [PID.4668]
[MD5.312FC312F84305E10828FDBF92CE4300] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [920472] [PID.7712]
[MD5.DCBEFF88C66216530634390C697CE001] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [17304] [PID.6664]
[MD5.680AD8F376970696B45269F074A8A28E] - (.Adobe Systems, Inc. - Adobe Flash Player 11.6 r602.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe [1822424] [PID.6700]
[MD5.7A6638028D84C2B87EAB6D0A0F38A095] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [6535680] [PID.5804]
[MD5.F0359F7CE712D69ACEF0886BDB4792ED] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [382824] [PID.852]
[MD5.341457B79B3FC31A80C346C767045879] - (.Panda Security, S.L. - Anti-malware protection support executable.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PskSvc.exe [28992] [PID.1328]
[MD5.71D19B5D542B6EEA00C99D9984DC901F] - (.Panda Security, S.L. - TPSrv Application.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\TPSrvWow.exe [173344] [PID.1372]
[MD5.A0101E836D2A39682E134C47B1565256] - (.Nero AG - Nero BackItUp.) -- C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [836904] [PID.2764]
[MD5.54F00466439F749EDDF29CBA0BC1A28A] - (.Panda Security, S.L. - Panda Software Controler.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PsCtrls.exe [177440] [PID.2240]
[MD5.F458128A5321BB48DF7B3D8E279F6393] - (.Panda Security, S.L. - Panda Function Service.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PavFnSvr.exe [202016] [PID.2584]
[MD5.2AE3F6B23448443BBEF5DE207159213B] - (.Panda Security, S.L. - Panda Process Protection Service.) -- C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe [62768] [PID.2184]
[MD5.4D8C2645A12FDDF9CD4A68DDE8496BEF] - (.Panda Security, S.L. - Enhanced On-Access Anti-Malware Service.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\pavsrvx86.exe [313664] [PID.2536]
[MD5.CC85A36EB009F45A53FF5344CCEFD58E] - (.Panda Security, S.L. - Enhanced On-Access Anti-Malware Protection.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\AVENGINE.exe [225088] [PID.2940]
[MD5.532053E8E3BB8FA7166AB4E7685FDDCC] - (.Panda Security International - Panda Host Service.) -- c:\program files (x86)\panda security\panda internet security 2013\firewall\PSHOST.exe [226560] [PID.2976]
[MD5.196C450F2779D0B462C444DA4906EA7F] - (.Panda Security S.L. - Panda Interface Manager Service.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PsImSvc.exe [108288] [PID.2616]
[MD5.F4C083E290BCBC8DA05C6E2C7F8053B9] - (.Ralink Technology, Corp. - RalinkRegistryWriter.) -- C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [372736] [PID.2428]
[MD5.6B1B2F8D62D606B200C2072564090104] - (.TeamViewer GmbH - TeamViewer 8.) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [3560288] [PID.576]
[MD5.3346201D0BA2E631C6D6D43ED8CB7E08] - (.TeamViewer GmbH - TeamViewer 8.) -- C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe [185696] [PID.4092]
[MD5.289E853881E688286AD24299FCC485D8] - (.Nokia - ServiceLayer Module.) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [732648] [PID.4944]
[MD5.D5247E09FA4559E9661AE5C0FB8106A2] - (.Nokia - Serial Media Server.) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe [127464] [PID.4188]
[MD5.D4106AC79DA6DF822AD3BFCD09802F5D] - (.Panda Security, S.L. - Panda AntiSpam Trainer.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\SRVLOAD.exe [91648] [PID.5188]
[MD5.D41861E56E7552C13674D7F147A02464] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13592] [PID.1380]
~ Processes Running: Scanned in 00mn 03s
---\\ Google Chrome, D�marrage,Recherche,Extensions (G0,G1,G2)
C:\Users\greg\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: Scanned in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\wd9yqzkv.default\prefs.js
C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\wd9yqzkv.default\user.js
M3 - MFPP: Plugins - [greg] -- C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\wd9yqzkv.default\searchplugins\delta.xml
M3 - MFPP: Plugins - [greg] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\babylon.xml =>Toolbar.Babylon
M3 - MFPP: Plugins - [greg] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
M2 - MFEP: prefs.js [greg - wd9yqzkv.default\DeviceDetection@logitech.com] [] ????????? ????????? Logitech v1.23.0.5 (.Logitech, Inc..)
M2 - MFEP: prefs.js [greg - wd9yqzkv.default\synchronize@nokia.suite] [] Firefox Synchronisation Extension v1.9.105.1160 (.Nokia Corporation.)
M2 - MFEP: prefs.js [greg - wd9yqzkv.default\{28387537-e3f9-4ed7-860c-11e69af4a8a0}] [] Wincore Mediabar v4.6.1.01 (.Visicom Media Inc..)
M2 - MFEP: prefs.js [greg - wd9yqzkv.default\{40a1f5d7-afc2-498f-b264-02668d616ff6}] [] Mega Manager Integration v1.1 (.Megaupload Limited.)
P2 - FPN:Firefox Plugin Navigator . (.vShare.tv - vShare.tv plug-in.) -- C:\Program Files (x86)\Mozilla Firefox\Plugins\npvsharetvplg.dll
P2 - FPN: [HKLM] [@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf] - (.Tracker Software Products Ltd. - PDF-XChange Viewer Netscape Gecko Plugin.) -- C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll
P2 - FPN: [HKLM] [@microsoft.com/OfficeAuthz,version=14.0] - (.Microsoft Corporation - Office Authorization plug-in for NPAPI browsers.) -- C:\Program Files\Microsoft Office\Office14\NPAUTHZ.dll
P2 - FPN: [HKCU] [@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf] - (.Tracker Software Products Ltd. - PDF-XChange Viewer Netscape Gecko Plugin.) -- C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
P2 - FPN: [HKCU] [@stonetrip.com/ShiVaWebPlayer,version=1.8.1.0] - (.Stonetrip - ShiVa3D Plugin 1,8,1,1 for 3D real-time applications made with ShiVa E.) -- C:\Users\greg\AppData\Roaming\..\LocalLow\StoneTrip\WebPlayer1.8.1\npShiVa3D_1.8.1.dll
~ Firefox Browser: 42 Legitimates Scanned in 00mn 01s
---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-search.com =>Toolbar.DeltaSearch
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
R3 - URLSearchHook: Microsoft Url Search Hook [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)) -- C:\Windows\SysWOW64\ieframe.dll
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1
R4 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0
~ IE Browser: Scanned in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects de navigateur (O2)
~ BHO: 7 Legitimates Scanned in 00mn 00s
---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [Skytel] . (.Realtek Semiconductor Corp. - Realtek Voice Manager.) -- C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] . (.Microsoft Corporation - Gestionnaire pour appareils Windows Mobile.) -- C:\Windows\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Start WingMan Profiler] . (.Logicool Co. Ltd. - Logicool WingMan Event Monitor.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
O4 - HKCU\..\Run: [EPSON SX100 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEDE.exe
O4 - HKCU\..\Run: [NokiaSuite.exe] . (.Nokia - Nokia Suite.) -- C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
O4 - HKCU\..\Run: [Mobile Partner] Cl� orpheline
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Wow6432Node\Run: [DATAMNGR] . (.Bandoo Media, inc - Data Manager.) -- C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe =>PUP.Datamngr
O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Wow6432Node\Run: [APVXDWIN] . (.Panda Security, S.L. - Panda permanent protection.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\APVXDWIN.exe
O4 - HKLM\..\Wow6432Node\Run: [SCANINICIO] . (.Panda Security, S.L. - Inicio Programado.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\Inicio.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-523843482-445515722-1061558379-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-523843482-445515722-1061558379-1000\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
O4 - HKUS\S-1-5-21-523843482-445515722-1061558379-1000\..\Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe
O4 - HKUS\S-1-5-21-523843482-445515722-1061558379-1000\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
O4 - HKUS\S-1-5-21-523843482-445515722-1061558379-1000\..\Run: [EPSON SX100 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEDE.exe
O4 - HKUS\S-1-5-21-523843482-445515722-1061558379-1000\..\Run: [NokiaSuite.exe] . (.Nokia - Nokia Suite.) -- C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
O4 - HKUS\S-1-5-21-523843482-445515722-1061558379-1000\..\Run: [Mobile Partner] Cl� orpheline
~ Application: Scanned in 00mn 01s
---\\ Autres liens utilisateurs (O4)
O4 - GS\QuickLaunch: Panda Internet Security 2013.lnk . (.Panda Security, S.L. - Panda Console.) -- C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\Iface.exe
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - �diteur de caract�res priv�s.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe
O4 - GS\TaskBar: adsl TV.lnk . (.adsl TV / FM - Pas de description.) -- C:\Program Files (x86)\adslTV\adsltv.exe
O4 - GS\TaskBar: Calculator.lnk . (.Microsoft Corporation - Calculatrice de Windows.) -- C:\Windows\system32\calc.exe
O4 - GS\TaskBar: Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\TaskBar: Windows Live Messenger.lnk . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
O4 - GS\Programs: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: JDownloader.lnk . (.AppWork GmbH - JDownloader 0.9.) -- C:\Program Files (x86)\JDownloader\JDownloaderPortable.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch: Mozilla Thunderbird.lnk . (.Mozilla Messaging - Thunderbird.) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
O4 - GS\QuickLaunch: Nero StartSmart Essentials.lnk . (.Nero AG - Nero StartSmart 8 Application.) -- C:\Program Files (x86)\Nero\Nero8\Nero StartSmart\NeroStartSmart.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Global Startup: Scanned in 00mn 01s
---\\ Invisibilit� de l'ic�ne d'options IE dans le panneau de Configuration (O5)
~ IE Control Panel: 1 Legitimates Scanned in 00mn 00s
---\\ Boutons situ�s sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer � OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: Notes &li�es OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.)
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Winsock hijacker (Layered Service Provider) (O10)
~ Winsock: 8 Legitimates Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0527B03D-5119-40D2-92B9-E0B19108017B}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{342815B1-553F-4DAD-9C66-D51A954401FB}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{DBAAF28D-3D5D-4F4A-87CF-55EFDB61E738}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{0527B03D-5119-40D2-92B9-E0B19108017B}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{0527B03D-5119-40D2-92B9-E0B19108017B}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{342815B1-553F-4DAD-9C66-D51A954401FB}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{DBAAF28D-3D5D-4F4A-87CF-55EFDB61E738}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0527B03D-5119-40D2-92B9-E0B19108017B}: DhcpDomain = lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{0527B03D-5119-40D2-92B9-E0B19108017B}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{342815B1-553F-4DAD-9C66-D51A954401FB}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{DBAAF28D-3D5D-4F4A-87CF-55EFDB61E738}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{0527B03D-5119-40D2-92B9-E0B19108017B}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: avldr . (.On-Access Anti-Malware Scanner Sync - On-Access Anti-Malware Scanner Sync.) -- C:\Windows\System32\avldr64.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Cl� de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
~ SSODL: 1 Legitimates Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: Ralink UPnP Media Server (RaMediaServer) . (...) - C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe
O23 - Service: Panda TPSrv (TPSrv) . (.Panda Security, S.L. - TPSrv Application.) - C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\TPSrvWow.exe
~ Services: 22 Legitimates Scanned in 00mn 12s
---\\ Enum�ration Active Desktop & MHTML Editor (O24)
~ Desktop Component: 1 Legitimates Scanned in 00mn 00s
---\\ BootExecute (O34)
~ BEX: 1 Legitimates Scanned in 00mn 00s
---\\ T�ches planifi�es en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SesamTVMC.job [104]
[MD5.143A396C5A8A4288787AC4628D70C0AC] [APT] [MSIAfterburner] (...) -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [364544]
[MD5.00000000000000000000000000000000] [APT] [{31FC56FE-8A3E-415C-B9D2-4674DBE754C2}] (...) -- C:\Program Files (x86)\Avira\AntiVir Desktop\licmgr.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B24D1AF5-0449-41F8-ACC5-317470263964}] (...) -- C:\Users\greg\Documents\Downloads\Programs\CPU_Stability_Test_6.0_Build_154_Finale.exe (.not file.) [0]
[MD5.51DF4F50FEC38E92BB9C7E21F7863AD5] [APT] [{BB5CF8AF-CD7F-4D73-8F20-9A89EF7309F0}] (.Intel.) -- C:\Medion\Intel LAN\PRO2KXP_v13_5.exe [12812288]
[MD5.00000000000000000000000000000000] [APT] [{C140D58C-05FA-4CC6-A12D-313EEDADFE3B}] (...) -- C:\Program Files (x86)\Nokia\Ovi\Application Installer\Application Installer\ApplicationInstaller.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{DB976CEF-6589-4EA3-BA2A-8748F820CDFE}] (...) -- C:\Program Files (x86)\EA SPORTS\LFP MANAGER 10\Manager10.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{E7D1AE91-0767-43F3-9D88-3CF8AFE35B9E}] (...) -- C:\Program Files (x86)\EA SPORTS\LFP MANAGER 10\Manager10.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{FE8F04BC-B347-42DA-8181-19A3E37B45CE}] (...) -- C:\Program Files (x86)\EA SPORTS\LFP MANAGER 10\Manager10.exe (.not file.) [0]
~ Scheduled Task: 19 Legitimates Scanned in 00mn 04s
---\\ Composants install�s (ActiveSetup Installed Components) (O40)
~ Active Setup: 11 Legitimates Scanned in 00mn 00s
---\\ Pilotes lanc�s au d�marrage (O41)
O41 - Driver: (dk2drv) . (.Data Encryption Systems Limited - DK2DRV.) - C:\Windows\sysTEM32\Drivers\dk2drv64.sys
~ Drivers: 78 Legitimates Scanned in 00mn 00s
---\\ Logiciels install�s (O42)
O42 - Logiciel: Adobe Flash Player 11 ActiveX - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 11 Plugin - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Reader 9.5.2 - Fran�ais - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-7AD7-1036-7B44-A95000000001}
O42 - Logiciel: Ciel Compta 16.0 - (.Ciel.) [HKLM][64Bits] -- {F3BCE8FA-0EE2-4628-BF02-AB5AF4077997}
O42 - Logiciel: Ciel Immobilisations 16.0 - (.Ciel.) [HKLM][64Bits] -- {83BB956C-103E-4D36-823D-A2A640DFAF06}
O42 - Logiciel: Ciel Paye 16.00 - (.CIEL.) [HKLM][64Bits] -- {CB004EB8-C6DD-4908-8D49-C8ABA082B346}
O42 - Logiciel: DK2 DESkey Drivers v7.18.1.33 - (.Data Encryption Systems Limited.) [HKLM][64Bits] -- DESkey DK2 Uninstall
O42 - Logiciel: HortipassLinkSetup - (.La Graine Informatique.) [HKLM][64Bits] -- {78C92FC3-73D9-4531-8930-5DAF72DD09BD}
O42 - Logiciel: Java 7 Update 9 - (.Oracle.) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F83217009FF}
O42 - Logiciel: Kernel for Excel Demo 10.10.01 - (.Nucleus Data Recovery.Com Pvt Ltd.) [HKLM][64Bits] -- Kernel For Excel Demo_is1
O42 - Logiciel: Lightning - (.MSI, Inc..) [HKLM][64Bits] -- Lightning_is1
O42 - Logiciel: Liveupdate4 - (.MSI, Inc..) [HKLM][64Bits] -- Liveupdate4_is1
O42 - Logiciel: MSI Afterburner 2.1.0 - (.MSI Co., LTD.) [HKLM][64Bits] -- Afterburner
O42 - Logiciel: MSI Kombustor 1.1.3 - (.MSI Co., LTD.) [HKLM][64Bits] -- {0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1
O42 - Logiciel: Mafia II - (.Take-Two Interactive Software, Inc..) [HKLM][64Bits] -- Mafia II_is1
O42 - Logiciel: Modern Warfare 3 - (.Activision.) [HKLM][64Bits] -- {5D168A3F-ECA3-4F98-A2AC-F809B2E533F9}_is1
O42 - Logiciel: Phoenix Service Software 2011.08.005.45529 - (.FOREMOBI TECH.) [HKLM][64Bits] -- Phoenix Service Software 2011.08.005.45529_is1
O42 - Logiciel: Phoenix Service Software 2012.04.003.47798 - (.Seidea.com.) [HKLM][64Bits] -- Phoenix Service Software 2012.04.003.47798_is1
O42 - Logiciel: ProCom Remoter - (.TELL Software Hung�ria Kft..) [HKLM][64Bits] -- {090E3361-B789-4372-86A0-2D15B2841635}_is1
O42 - Logiciel: Richard Burns Rally - (...) [HKLM][64Bits] -- {92C7D009-A464-4948-A980-7A3E28CB2F49}
O42 - Logiciel: S3D Web Player - (.Stonetrip.) [HKLM][64Bits] -- S3D Web Player
O42 - Logiciel: SanctionedMedia - (.SanctionedMedia.) [HKCU][64Bits] -- Smad
O42 - Logiciel: vShare.tv plugin 1.3 - (.vShare.tv, Inc..) [HKLM][64Bits] -- vShare.tv plugin
~ Logic: 181 Legitimates Scanned in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\8805706a]
[HKCU\Software\AppDataLow\Software\Stonetrip]
[HKCU\Software\AppDataLow\Software\searchqutoolbar] =>PUP.Datamngr
[HKCU\Software\BabylonToolbar] =>Toolbar.Babylon
[HKCU\Software\DataMngr] =>PUP.Datamngr
[HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr
[HKCU\Software\Grand Virtual]
[HKCU\Software\InstallCore] =>PUP.InstallCore
[HKCU\Software\Nseries]
[HKCU\Software\PartyFrance]
[HKCU\Software\PerformerSoft LLC]
[HKCU\Software\Recoveronix]
[HKCU\Software\SanctionedMedia]
[HKCU\Software\Sesam.tv]
[HKCU\Software\Software]
[HKCU\Software\StartSearch]
[HKCU\Software\TELL]
[HKCU\Software\Tomato]
[HKCU\Software\ZRT Labs]
[HKCU\Software\iMesh] =>PUP.iMesh
[HKCU\Software\rFactor]
[HKCU\Software\vShare.tv]
[HKLM\Software\DataMngr] =>PUP.Datamngr
[HKLM\Software\Tarma Installer] =>Toolbar.Tarma
[HKLM\Software\Wow6432Node\10tacle Studios]
[HKLM\Software\Wow6432Node\14919ea49a8f3b4aa3cf1058d9a64cec]
[HKLM\Software\Wow6432Node\Babylon] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Bytemobile]
[HKLM\Software\Wow6432Node\Data Encryption Systems Limited]
[HKLM\Software\Wow6432Node\DataMngr] =>PUP.Datamngr
[HKLM\Software\Wow6432Node\Download!]
[HKLM\Software\Wow6432Node\OMSI]
[HKLM\Software\Wow6432Node\SBDT AB]
[HKLM\Software\Wow6432Node\SCi Games]
[HKLM\Software\Wow6432Node\SOFTWARE]
[HKLM\Software\Wow6432Node\Sesam.tv]
[HKLM\Software\Wow6432Node\SetupManager2]
[HKLM\Software\Wow6432Node\Trymedia Systems] =>Adware.Trymedia
[HKLM\Software\Wow6432Node\Winsudate]
[HKLM\Software\Wow6432Node\iMeshMediabarTb] =>PUP.iMesh
[HKLM\Software\Wow6432Node\rFactor]
~ Key Software: 321 Legitimates Scanned in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 12/06/2011 - 18:11:36 - [0,022] ----D C:\Program Files (x86)\Dusco
O43 - CFD: 19/01/2013 - 20:10:31 - [0,052] ----D C:\Program Files (x86)\GTR2
O43 - CFD: 01/12/2012 - 18:52:29 - [12,285] ----D C:\Program Files (x86)\Hotspot 3G+ BTelecom
O43 - CFD: 28/01/2012 - 10:43:36 - [0,003] ----D C:\Program Files (x86)\IntoVPN
O43 - CFD: 20/09/2012 - 08:19:53 - [8,542] ----D C:\Program Files (x86)\Kernel for Excel(Demo Version)
O43 - CFD: 18/01/2013 - 11:05:48 - [15,391] ----D C:\Program Files (x86)\LFP Manager 13
O43 - CFD: 10/12/2012 - 21:06:28 - [12,774] ----D C:\Program Files (x86)\LGI
O43 - CFD: 31/10/2012 - 23:16:45 - [390,739] ----D C:\Program Files (x86)\Medal of Honor Warfighter
O43 - CFD: 20/11/2011 - 22:07:12 - [55,248] ----D C:\Program Files (x86)\MSI Afterburner
O43 - CFD: 17/08/2011 - 20:49:12 - [9,303] ----D C:\Program Files (x86)\MSI Kombustor
O43 - CFD: 16/01/2011 - 01:53:33 - [-2034,556] ----D C:\Program Files (x86)\rFactor
O43 - CFD: 10/01/2010 - 04:04:42 - [0,745] ----D C:\Program Files (x86)\SEAF
O43 - CFD: 12/06/2011 - 18:32:51 - [0] ----D C:\Program Files (x86)\SkyGrabber
O43 - CFD: 13/12/2012 - 19:48:14 - [1,251] ----D C:\Program Files (x86)\TELL
O43 - CFD: 11/09/2011 - 22:12:17 - [3,160] ----D C:\Program Files (x86)\Tomato
O43 - CFD: 09/02/2011 - 23:45:02 - [0,071] ----D C:\Program Files (x86)\Visual IP Locator
O43 - CFD: 24/08/2011 - 17:31:36 - [0,396] ----D C:\Program Files (x86)\vShare.tv plugin
O43 - CFD: 13/02/2012 - 19:37:15 - [19,456] ----D C:\Program Files (x86)\VWS Installer
O43 - CFD: 20/05/2012 - 23:10:29 - [0,089] ----D C:\Program Files (x86)\Common Files\DESkey
O43 - CFD: 11/09/2011 - 22:12:18 - [7,397] ----D C:\Program Files (x86)\Common Files\Tomato
O43 - CFD: 09/04/2012 - 10:52:28 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon
O43 - CFD: 21/05/2012 - 18:03:54 - [0,000] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 28/03/2013 - 13:53:03 - [1,198] ----D C:\ProgramData\Tarma Installer =>Toolbar.Tarma
O43 - CFD: 09/04/2012 - 10:52:27 - [0,012] ----D C:\Users\greg\AppData\Roaming\Babylon =>Toolbar.Babylon
O43 - CFD: 26/03/2013 - 23:58:29 - [0,308] ----D C:\Users\greg\AppData\Roaming\File Scout
O43 - CFD: 08/12/2011 - 23:58:45 - [0] ----D C:\Users\greg\AppData\Roaming\Fuoh
O43 - CFD: 28/03/2013 - 13:51:50 - [0] ----D C:\Users\greg\AppData\Roaming\PerformerSoft
O43 - CFD: 27/03/2013 - 00:00:27 - [0,076] ----D C:\Users\greg\AppData\Roaming\SpeedanAlysis
O43 - CFD: 29/05/2011 - 22:10:18 - [10,523] ----D C:\Users\greg\AppData\Roaming\StoneTrip
O43 - CFD: 11/09/2011 - 22:13:19 - [0,024] ----D C:\Users\greg\AppData\Roaming\Tomato
O43 - CFD: 31/12/2010 - 11:47:22 - [0,608] ----D C:\Users\greg\AppData\Roaming\uTorrent
O43 - CFD: 09/12/2011 - 19:01:00 - [0] ----D C:\Users\greg\AppData\Roaming\Ytcun
O43 - CFD: 05/02/2012 - 22:38:08 - [0,014] ----D C:\Users\greg\AppData\Local\Ilivid Player =>Adware.Bandoo
O43 - CFD: 31/12/2010 - 11:47:17 - [4,785] ----D C:\Users\greg\AppData\Local\Ludi
O43 - CFD: 04/12/2011 - 21:12:05 - [0] ----D C:\Users\greg\AppData\Local\SanctionedMedia
O43 - CFD: 20/05/2012 - 22:28:49 - [0,001] ----D C:\Users\greg\AppData\Local\Symbian-Toys.com
O43 - CFD: 10/12/2012 - 21:06:30 - [0,003] ----D C:\Users\greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hortipass Link
O43 - CFD: 19/08/2011 - 19:27:18 - [0,009] ----D C:\Users\greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
O43 - CFD: 02/12/2010 - 20:48:59 - [0,000] ----D C:\Users\greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rFactor
~ 813 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 1194 Legitimates Scanned in 00mn 49s
---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.70688C023197D56E9D2A9EA27C20E387] - 07/04/2013 - 13:07:35 RSHAD . (...) -- C:\Windows\System32\Drivers\APPFCONT.DAT [336656]
O44 - LFC:[MD5.70688C023197D56E9D2A9EA27C20E387] - 07/04/2013 - 13:07:35 RSHAD . (...) -- C:\Windows\System32\Drivers\APPFCONT.DAT.bck [336656]
O44 - LFC:[MD5.DD5B44C10C1E6F14A1CF266EBE7779DE] - 07/04/2013 - 10:21:51 RSHAD . (...) -- C:\Windows\System32\Drivers\APPFLTR.CFG [1132]
O44 - LFC:[MD5.DD5B44C10C1E6F14A1CF266EBE7779DE] - 07/04/2013 - 10:21:51 RSHAD . (...) -- C:\Windows\System32\Drivers\APPFLTR.CFG.bck [1132]
O44 - LFC:[MD5.4CE91CEDF6EC0F5FDFF2B6E2DB4E520A] - 07/04/2013 - 10:20:58 ---A- . (...) -- C:\Windows\NeroDigital.ini [69]
O44 - LFC:[MD5.3FDE033DFB0D07F8B7D5C9A3044AA121] - 31/03/2013 - 19:44:16 RSHAD . (.Nokia - PCCS Mode Change Filter Driver.) -- C:\Windows\System32\Drivers\pccsmcfdx64.sys [26112]
O44 - LFC:[MD5.CA0325D254FF03AF01DDC7F63C99C38A] - 29/03/2013 - 08:01:07 ---A- . (...) -- C:\Windows\win.ini [1544]
~ Files: 59 Legitimates Scanned in 01mn 10s
---\\ Op�rations et fonctions au d�marrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ D�ni du service (Local Security Authority) (O48)
~ LSA: 9 Legitimates Scanned in 00mn 00s
---\\ Contr�le du Safe Boot (CSB) (O49)
~ CBS: 13 Legitimates Scanned in 00mn 00s
---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{138bd396-cba3-11de-918c-baf384979b6e}\AutoRun\command. (...) -- I:\Installer.exe (.not file.)
O51 - MPSK:{311ff53f-0bc2-11e1-a875-001d923c563b}\AutoRun\command. (...) -- K:\setup.exe (.not file.)
O51 - MPSK:{5701edd2-515e-11df-8bd1-d26458c3156c}\AutoRun\command. (...) -- K:\LaunchU3.exe (.not file.)
O51 - MPSK:{968c617c-d753-11de-92f1-9d164219076e}\AutoRun\command. (...) -- J:\ADD_ON2.exe (.not file.)
O51 - MPSK:{f9650c62-3a00-11e2-a38a-c14a93a8b120}\AutoRun\command. (...) -- L:\AutoRun.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Trojan Driver Search Data (HKLM) (O52)
~ TDSD: 2 Legitimates Scanned in 00mn 00s
---\\ ShareTools MSconfig StartupReg (O53)
~ SMSR Keys: 10 Legitimates Scanned in 00mn 00s
---\\ Microsoft Control Security Providers (O54)
~ MSCP: 2 Legitimates Scanned in 00mn 00s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Scanned in 00mn 00s
---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "HonorAutoRunSetting"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "HonorAutoRunSetting"=0
~ MWPE Keys: 9 Legitimates Scanned in 00mn 00s
---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.612B44C59A812DF2B3A57ED64A3F28AA] - 24/09/2009 - 08:30:02 ---A- . (.NXP Semiconductors Germany GmbH - 3xHybrid.) -- C:\Windows\System32\Drivers\3xHybr64.sys [1305056]
O58 - SDL:[MD5.A16FB34E56C781DC56BE7492315655B9] - 03/08/2005 - 15:05:02 ---A- . (.Prolific Technology Inc. - USB-Serial USB Driver.) -- C:\Windows\SysWOW64\SER9PL.sys [35892]
~ Drivers: Scanned in 00mn 00s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: SEAF By C_XX - (.C_XX.) [HKLM] -- SEAF
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 31/01/2011 - C:\Windows\system32\Drivers\APPFLT64.sys (APPFLT) .(.Panda Security, S.L. - Panda APPFLT.) - LEGACY_APPFLT
O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\drivers\atapi.sys (atapi) .(.Microsoft Corporation - ATAPI IDE Miniport Driver.) - LEGACY_ATAPI
O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\Drivers\Beep.sys (Beep) .(.Microsoft Corporation - BEEP Driver.) - LEGACY_BEEP
O64 - Services: CurCS - 04/07/2012 - C:\Windows\system32\browser.dll (bowser) .(.Microsoft Corporation - DLL du service Explorateur d�ordinateurs.) - LEGACY_BOWSER
O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\DRIVERS\cdfs.sys (cdfs) .(.Microsoft Corporation - CD-ROM File System Driver.) - LEGACY_CDFS
O64 - Services: CurCS - 14/12/2012 - C:\Windows\system32\DRIVERS\COMFiltr.sys (ComFiltr) .(.Pas de propri�taire - COMFiltr.) - LEGACY_COMFILTR
O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\cscsvc.dll (CSC) .(.Microsoft Corporation - DLL du service CSC.) - LEGACY_CSC
O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\drivers\dfsc.sys (DfsC) .(.Microsoft Corporation - DFS Namespace Client Driver.) - LEGACY_DFSC
O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\drivers\discache.sys (discache) .(.Microsoft Corporation - System Indexer/Cache Driver.) - LEGACY_DISCACHE
O64 - Services: CurCS - 20/05/2012 - C:\Windows\sysTEM32\Drivers\dk2drv64.sys (dk2drv) .(.Data Encryption Systems Limited - DK2DRV.) - LEGACY_DK2DRV
O64 - Services: CurCS - 25/09/2009 - C:\Windows\system32\Drivers\DSAFLT64.sys (DSAFLT) .(.Panda Security, S.L. - Pas de description.) - LEGACY_DSAFLT
O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\Drivers\fastfat.sys (fastfat) .(.Microsoft Corporation - Fast FAT File System Driver.) - LEGACY_FASTFAT
O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\drivers\fileinfo.sys (FileInfo) .(.Microsoft Corporation - FileInfo Filter Driver.) - LEGACY_FILEINFO
O64 - Services: CurCS - 15/02/2008 - C:\Program Files (x86)\MSI\Live Update 4\LU4\FLASHsys64.sys - FLASHSYS (FLASHSYS) .(...) - LEGACY_FLASHSYS
O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\drivers\fltmgr.sys (FltMgr) .(.Microsoft Corporation - Gestionnaire de filtres de syst�me de fichi.) - LEGACY_FLTMGR
O64 - Services: CurCS - 25/09/2009 - C:\Windows\system32\Drivers\fnetm64.sys (FNETMON) .(.Panda Security, S.L. - Panda FNetMon.) - LEGACY_FNETMON
O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\drivers\http.sys (HTTP) .(.Microsoft Corporation - HTTP Pile du protocole.) - LEGACY_HTTP
O64 - Services: CurCS - 09/09/2010 - C:\Windows\system32\Drivers\IDSFLT64.sys (IDSFLT) .(.Panda Security, S.L. - Intrusion Detection System.) - LEGACY_IDSFLT
O64 - Services: CurCS - 02/06/2012 - C:\Windows\System32\Drivers\ksecdd.sys (KSecDD) .(.Microsoft Corporation - Kernel Security Support Provider Interface.) - LEGACY_KSECDD
O64 - Services: CurCS - 02/06/2012 - C:\Windows\System32\Drivers\ksecpkg.sys (KSecPkg) .(.Microsoft Corporation - Kernel Security Support Provider Interface.) - LEGACY_KSECPKG
O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\drivers\mountmgr.sys (mountmgr) .(.Microsoft Corporation - Gestionnaire des points de montage.) - LEGACY_MOUNTMGR
O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\FirewallAPI.dll (mpsdrv) .(.Microsoft Corporation - API du Pare-feu Windows.) - LEGACY_MPSDRV
O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\webclnt.dll (MRxDAV) .(.Microsoft Corporation - Fichier DLL du service DAV pour le Web.) - LEGACY_MRXDAV
O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\wkssvc.dll (mrxsmb) .(.Microsoft Corporation - DLL du service Station de travail.) - LEGACY_MRXSMB
O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\wkssvc.dll (mrxsmb10) .(.Microsoft Corporation - DLL du service Station de travail.) - LEGACY_MRXSMB10
O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\drivers\msisadrv.sys (msisadrv) .(.Microsoft Corporation - ISA Driver.) - LEGACY_MSISADRV
O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\DRIVERS\netbios.sys (NetBIOS) .(.Microsoft Corporation - NetBIOS interface driver.) - LEGACY_NETBIOS
O64 - Services: CurCS - 25/09/2009 - C:\Windows\system32\Drivers\NETTDI64.sys (NETFLTDI) .(.Panda Security, S.L. - Panda TDI Filter.) - LEGACY_NETFLTDI
O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\drivers\nsiproxy.sys (nsiproxy) .(.Microsoft Corporation - NSI Proxy.) - LEGACY_NSIPROXY
O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\drivers\pcw.sys (pcw) .(.Microsoft Corporation - Performance Counters for Windows Driver.) - LEGACY_PCW
O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\drivers\peauth.sys (PEAUTH) .(.Microsoft Corporation - Protected Environment Authentication and Au.) - LEGACY_PEAUTH
O64 - Services: CurCS - 20/11/2010 - C:\Windows\System32\drivers\pacer.sys (Psched) .(.Microsoft Corporation - Planificateur de paquets QoS.) - LEGACY_PSCHED
O64 - Services: CurCS - 12/06/2011 - C:\Windows\system32\Drivers\pssdk42.sys (PSSDK42) .(.microOLAP Technologies LTD - PSSDK Driver Protocol v4.2 64bit.) - LEGACY_PSSDK42
O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\drivers\qwavedrv.sys (QWAVEdrv) .(.Microsoft Corporation - Pilote du support de Microsoft Quality Wind.) - LEGACY_QWAVEDRV
O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\wkssvc.dll (rdbss) .(.Microsoft Corporation - DLL du service Station de travail.) - LEGACY_RDBSS
O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\DRIVERS\RDPCDD.sys (RDPCDD) .(.Microsoft Corporation - RDP Miniport.) - LEGACY_RDPCDD
O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\drivers\RDPENCDD.sys (RDPENCDD) .(.Microsoft Corporation - RDP Encoder Miniport.) - LEGACY_RDPENCDD
O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\drivers\RdpRefMp.sys (RDPREFMP) .(.Microsoft Corporation - RDP Reflector Driver Miniport.) - LEGACY_RDPREFMP
O64 - Services: CurCS - 27/05/2010 - C:\Program Files (x86)\MSI Afterburner\RTCore64.sys - RTCore64 (RTCore64) .(...) - LEGACY_RTCORE64
O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\Drivers\spldr.sys (spldr) .(.Microsoft Corporation - loader for security processor.) - LEGACY_SPLDR
O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\srvsvc.dll (srv) .(.Microsoft Corporation - DLL du service Serveur.) - LEGACY_SRV
O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\srvsvc.dll (srv2) .(.Microsoft Corporation - DLL du service Serveur.) - LEGACY_SRV2
O64 - Services: CurCS - 03/10/2012 - C:\Windows\System32\drivers\tcpipreg.sys (tcpipreg) .(.Microsoft Corporation - TCP/IP Registry Compatibility Driver.) - LEGACY_TCPIPREG
O64 - Services: CurCS - 20/11/2010 - C:\Windows\System32\DRIVERS\udfs.sys (udfs) .(.Microsoft Corporation - UDF File System Driver.) - LEGACY_UDFS
O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\vmbusres.dll (vmbus) .(.Microsoft Corporation - Fichier DLL de ressources de bus VMBus.) - LEGACY_VMBUS
O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\drivers\volmgrx.sys (volmgrx) .(.Microsoft Corporation - Pilote d�extension du gestionnaire de volum.) - LEGACY_VOLMGRX
O64 - Services: CurCS - 20/11/2010 - C:\Windows\System32\DRIVERS\vpcnfltr.sys (vpcnfltr) .(.Microsoft Corporation - Virtual PC Network Filter Driver.) - LEGACY_VPCNFLTR
O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\DRIVERS\vwififlt.sys (vwififlt) .(.Microsoft Corporation - Virtual WiFi Filter Driver.) - LEGACY_VWIFIFLT
O64 - Services: CurCS - 26/07/2012 - C:\Windows\System32\drivers\Wdf01000.sys (Wdf01000) .(.Microsoft Corporation - Runtime de l�infrastructure de pilotes en m.) - LEGACY_WDF01000
O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\DRIVERS\wfplwf.sys (WfpLwf) .(.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - LEGACY_WFPLWF
O64 - Services: CurCS - 25/09/2009 - C:\Windows\system32\Drivers\WNMFLT64.sys (WNMFLT) .(.Panda Security, S.L. - Pas de description.) - LEGACY_WNMFLT
O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\drivers\ws2ifsl.sys (ws2ifsl) .(.Microsoft Corporation - Couche IFS Winsock2.) - LEGACY_WS2IFSL
O64 - Services: CurCS - 26/07/2012 - C:\Windows\System32\drivers\WudfPf.sys (WudfPf) .(.Microsoft Corporation - Windows Driver Foundation - User-mode Drive.) - LEGACY_WUDFPF
~ Legacy: 98 Legitimates Scanned in 00mn 01s
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.js>
O67 - Shell Spawning: <.js>
~ FASS Keys: 19 Legitimates Scanned in 00mn 00s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("browser.babylon.HPOnNewTab", "search.babylon.com"); =>Toolbar.Babylon
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("browser.search.defaultengine", "Web Search");
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); =>Toolbar.Babylon
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.BabylonToolbar_i.babExt", ""); =>Toolbar.Babylon
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110819&tt=050412_30b"); =>Toolbar.Babylon
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.BabylonToolbar_i.hardId", "42c104500000000000000015af4332a8"); =>Toolbar.Babylon
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.BabylonToolbar_i.id", "42c104500000000000000015af4332a8"); =>Toolbar.Babylon
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.BabylonToolbar_i.instlDay", "15439"); =>Toolbar.Babylon
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); =>Toolbar.Babylon
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.BabylonToolbar_i.newTab", true); =>Toolbar.Babylon
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.BabylonToolbar_i.newTabUrl", "http://search.babylon.com/?affID=110819&tt=050412_30b&babsrc=NT_ss&mntrId=42c1[...] =>Toolbar.Babylon
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); =>Toolbar.Babylon
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); =>Toolbar.Babylon
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); =>Toolbar.Babylon
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); =>Toolbar.Babylon
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9"); =>Toolbar.Babylon
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); =>Toolbar.Babylon
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1710:54:09"); =>Toolbar.Babylon
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); =>Toolbar.Babylon
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.delta.admin", false);
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.delta.aflt", "babsst");
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.delta.autoRvrt", "false");
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.delta.dfltLng", "en");
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.delta.excTlbr", false);
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.delta.id", "42c104500000000000000015af4332a8");
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.delta.instlDay", "15790");
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.delta.instlRef", "sst");
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.delta.newTab", false);
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.delta.prdct", "delta");
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.delta.prtnrId", "delta");
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.delta.rvrt", "false");
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.delta.smplGrp", "none");
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.delta.tlbrId", "base");
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.delta.tlbrSrchUrl", "");
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.delta.vrsn", "1.8.10.0");
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.delta.vrsnTs", "1.8.10.023:00:13");
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.delta.vrsni", "1.8.10.0");
O69 - SBI: prefs.js [greg - wd9yqzkv.default] user_pref("extensions.vshare@toolbar.update.enabled", false);
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Delta Search) - http://www.delta-search.com =>Toolbar.DeltaSearch
O69 - SBI: SearchScopes [HKCU] {4A72D4A8-EBEF-40FC-BE1F-10F7A5FC2E73} - (Web Search) - http://startsear.ch
O69 - SBI: SearchScopes [HKCU] {972F176C-63F2-459B-9709-8D100364A4BB} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} [DefaultScope] - (Search Results) - http://dts.search-results.com
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} - (Search Results) - http://dts.search-results.com
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} - (Search Results) - http://dts.search-results.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche des services d�marr�s par Svchost (O83)
~ Services: 32 Legitimates Scanned in 00mn 00s
---\\ Recherche particuliere � la racine de certains dossiers (O84)
[MD5.07A3AB7469B7826F938D40AA4820E926] [SPRF][01/12/2008] (...) -- C:\Users\greg\AppData\Local\Temp\aae.exe [8990720]
[MD5.BCB0728F4B117855765CE8FE883B5E9B] [SPRF][02/04/2013] (...) -- C:\Users\greg\AppData\Local\Temp\NEventMessages.dll [1536]
[MD5.BCB0728F4B117855765CE8FE883B5E9B] [SPRF][02/04/2013] (...) -- C:\Users\greg\AppData\Local\Temp\NOSEventMessages.dll [1536]
[MD5.188460B7F1C0721A21951F0F7C1682E6] [SPRF][30/09/2011] (...) -- C:\Users\greg\Budget\Desktop\cc_20110930_203127.reg [3256]
[MD5.EB04478ACAD5B48178F9F92285CFF09D] [SPRF][20/10/2011] (...) -- C:\Users\greg\Budget\Desktop\cc_20111020_211113.reg [19138]
[MD5.AACC28EBFAE250B9411A97980D52009F] [SPRF][02/12/2011] (...) -- C:\Users\greg\Budget\Desktop\cc_20111202_203413.reg [12634]
[MD5.FEB8DC5096AD63CACE93A7FCF20CE86D] [SPRF][09/03/2012] (...) -- C:\Users\greg\Budget\Desktop\cc_20120309_195056.reg [23866]
[MD5.DC8FA7560A354F4DE2500954EA7A6C37] [SPRF][21/04/2012] (...) -- C:\Users\greg\Budget\Desktop\cc_20120421_172859.reg [2846]
[MD5.2FD994827193B68DD301F80BDF744231] [SPRF][03/04/2009] (.Husdawg, LLC - System Requirements Lab.) -- C:\Windows\Downloaded Program Files\sysreqlab_nvd.dll [354608]
~ Files: Scanned in 00mn 00s
---\\ Firewall Active Exception List (FirewallRules) (O87)
~ Firewall: 226 Legitimates Scanned in 00mn 02s
---\\ Scan Additionnel (O88)
Database Version : v2.11473 - (06/04/2013)
Cl�s trouv�es (Keys found) : 99
Valeurs trouv�es (Values found) : 1
Dossiers trouv�s (Folders found) : 7
Fichiers trouv�s (Files found) : 0
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}] =>Adware.Yontoo
[HKLM\Software\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28387537-e3f9-4ed7-860c-11e69af4a8a0}] =>PUP.iMesh
[HKLM\Software\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}] =>Adware.Bandoo
[HKLM\Software\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}] =>Toolbar.Babylon
[HKLM\Software\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}] =>Adware.Bandoo
[HKLM\Software\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}] =>Adware.Bandoo
[HKLM\Software\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}] =>Toolbar.Babylon
[HKLM\Software\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}] =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Adware.AskSBAR
[HKLM\Software\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}] =>Adware.Bandoo
[HKLM\Software\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}] =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}] =>Toolbar.Babylon
[HKLM\Software\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] =>Adware.Bandoo
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] =>Adware.Bandoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}] =>Adware.Bandoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}] =>Adware.Bandoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}] =>Toolbar.Agent
[HKLM\Software\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}] =>Adware.Bandoo
[HKLM\Software\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}] =>Spyware.Soft2PC
[HKLM\Software\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}] =>Spyware.Soft2PC
[HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper
[HKLM\Software\Wow6432Node\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper
[HKLM\Software\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}] =>Adware.Bandoo
[HKLM\Software\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\BrowserConnection.dll] =>Adware.Bandoo
[HKLM\Software\Classes\AppID\DNSBHO.dll] =>Adware.Bandoo
[HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader
[HKCU\Software\BabylonToolbar] =>Toolbar.Babylon
[HKCU\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\DataMngr] =>Adware.Bandoo
[HKCU\Software\DataMngr_Toolbar] =>Toolbar.Agent
[HKCU\Software\Grand Virtual] =>Spyware.AgenceExclusive
[HKCU\Software\iMesh] =>PUP.iMesh
[HKLM\Software\Wow6432Node\iMeshMediabarTB] =>PUP.iMesh
[HKCU\Software\PartyFrance] =>Casino.OnlineGames
[HKCU\Software\AppDataLow\Software\searchqutoolbar] =>Adware.Bandoo
[HKCU\Software\StartSearch] =>Hijacker.Agent
[HKLM\Software\Tarma Installer] =>Toolbar.Agent
[HKCU\Software\vShare.tv] =>PUP.VShareRedir
[HKLM\Software\Wow6432Node\Winsudate] =>Adware.Gibmedia
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASAPI32] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASMANCS] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Tracing\SearchquMediaBar_RASAPI32] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Tracing\SearchquMediaBar_RASMANCS] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS] =>Adware.Bandoo
[HKLM\Software\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}] =>Toolbar.Conduit
[HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Setup_RASAPI32] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Setup_RASMANCS] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}] =>Toolbar.Freecorder
[HKLM\Software\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}] =>Toolbar.Freecorder
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Smad] =>Trojan.Smad
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}] =>Adware.Bandoo^
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}] =>Adware.Bandoo^
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar]:{99079A25-328F-4BD4-BE04-00955ACAA0A7} =>Adware.Bandoo
C:\Program Files (x86)\Windows Searchqu Toolbar =>Adware.Bandoo
C:\Program Files (x86)\vShare.tv plugin =>PUP.VShareRedir
C:\ProgramData\Babylon =>Toolbar.Babylon
C:\Users\greg\AppData\Roaming\Babylon =>Toolbar.Babylon
C:\Users\greg\AppData\LocalLow\searchquband =>Adware.Bandoo
C:\Users\greg\AppData\LocalLow\mediabarim =>PUP.iMesh
C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\wd9yqzkv.default\mediabarim =>PUP.iMesh
~ Additionnel: Scanned in 00mn 26s
---\\ Product Upgrade Codes (O90)
O90 - PUC: "7FB15A97CEF69BB47993F814B5EFE723" . (.Phoenix Service Software.) -- C:\Windows\Installer\{79A51BF7-6FEC-4BB9-9739-8F415BFE7E32}\ARPPRODUCTICON.exe
O90 - PUC: "96299809B4552764F9D8A4A2D0A05F5B" . (..) -- C:\Windows\Installer\{90899269-554B-4672-9F8D-4A2A0D0AF5B5}\ARPPRODUCTICON.exe
O90 - PUC: "BF187F69A25C9E340A7EE964844279E5" . (.Phoenix Service Software.) -- C:\Windows\Installer\{96F781FB-C52A-43E9-A0E7-9E464824975E}\ARPPRODUCTICON.exe
~ Update Products: 117 Legitimates Scanned in 00mn 00s
---\\ Random Export Key (O91)
[HKLM\Software\Wow6432Node\14919ea49a8f3b4aa3cf1058d9a64cec] => Cl� orpheline
~ Export Key Software: Scanned in 00mn 00s
---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 12/03/2013 253656 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 17/12/2007 163840 | (EPSON_EB_RPCV4_01) . (.SEIKO EPSON CORPORATION.) - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.exe
SR - | Auto 11/01/2007 126464 | (EPSON_PM_RPCV4_01) . (.SEIKO EPSON CORPORATION.) - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.exe
SS - | Auto 03/12/2009 135664 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 03/12/2009 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SR - | Auto 346976 | (HWDeviceService64.exe) . (...) - C:\ProgramData\DatacardService\HWDeviceService64.exe
SR - | Auto 20/05/2011 13592 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SS - | Demand 14/11/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
SS - | Demand 124512 | (Installer Service) . (...) - C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{E3A0C45A-7EDB-48EB-AB86-2445E74FBFBB}\Installer\InstallerService.exe
SR - | Auto 22/09/2010 165032 | (Intel(R) PROSet Monitoring Service) . (.Intel Corporation.) - C:\Windows\system32\IProsetMonitor.exe
SS - | Demand 25/11/2011 427640 | (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\x64\maconfservice.exe
SS - | Demand 04/04/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 08/08/2007 836904 | (Nero BackItUp Scheduler 3) . (.Nero AG.) - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
SS - | Demand 21/08/2007 382248 | (NMIndexingService) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
SR - | Auto 02/10/2012 891240 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SS - | Auto 10/10/2012 1258856 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 19/11/2012 177440 | (Panda Software Controller) . (.Panda Security, S.L..) - C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PsCtrls.exe
SR - | Auto 21/09/2012 202016 | (PAVFNSVR) . (.Panda Security, S.L..) - C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PavFnSvr.exe
SR - | Auto 04/02/2008 62768 | (PavPrSrv) . (.Panda Security, S.L..) - C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe
SR - | Auto 13/04/2011 313664 | (PAVSRV) . (.Panda Security, S.L..) - C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\pavsrvx86.exe
SR - | Auto 26/11/2009 226560 | (PSHost) . (.Panda Security International.) - c:\program files (x86)\panda security\panda internet security 2013\firewall\PSHOST.exe
SR - | Auto 19/06/2008 108288 | (PSIMSVC) . (.Panda Security S.L..) - C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PsImSvc.exe
SR - | Auto 16/08/2010 28992 | (PskSvcRetail) . (.Panda Security, S.L..) - C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PskSvc.exe
SR - | Auto 12/01/2012 372736 | (RalinkRegistryWriter) . (.Ralink Technology, Corp..) - C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
SR - | Auto 12/01/2012 447488 | (RalinkRegistryWriter64) . (.Ralink Technology, Corp..) - C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
SS - | Auto 625728 | (RaMediaServer) . (...) - C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe
SR - | Demand 19/12/2012 732648 | (ServiceLayer) . (.Nokia.) - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
SS - | Demand 25/11/2010 403240 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SR - | Auto 02/10/2012 382824 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 06/03/2013 3560288 | (TeamViewer8) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
SR - | Auto 16/11/2012 173344 | (TPSrv) . (.Panda Security, S.L..) - C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\TPSrvWow.exe
SR - | Auto 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Disabled 12/11/2001 20480 | (x10nets) . (.X10.) - C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe
~ Services: Scanned in 00mn 01s
~ 2318 Legitimates filtered by white list
End of the scan (908 lines in 04mn 24s)(0)