cjoint

Publicité

Priorité au Logiciel Libre! Je soutiens l'April.

Publicité

Priorité au Logiciel Libre! Je soutiens l'April.

Format du document : text/plain

Prévisualisation

Rapport de ZHPDiag v2013.4.22.135 par Nicolas Coolman, Update du 22/04/2013
Run by Eric Navarro at 23/04/2013 14:20:13
State : Version � jour.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Activate by user


---\\ Web Browser
MSIE: Internet Explorer v10.0.9200.16540
MFIE: Mozilla Firefox 20.0.1 (Defaut)
GCIE: Google Chrome v26.0.1410.64
OBIE: Safari v5.34.57.2

---\\ Windows Product Information
~ Langage: Fran�ais
Windows 8 Home Premium Edition, 64-bit (Build 9200)
Windows Server License Manager Script : OK
~ ion : Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : YPWYG
Windows License : OK
~ Windows Remaining Initializations Number : 998
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System Protection
AVG 2013 v13.0.2904
Spybot - Search & Destroy v2.0.12
Windows Defender W8

---\\ System Optimizer

---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader XI
Java 7 Update 15

---\\ System Information
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 6033 MB (64% free)
System Restore: Activ� (Enable)
System drive C: has 469 GB (69%) free of 677 GB

---\\ Logged in mode
~ Computer Name: ERIC
~ User Name: Eric Navarro
~ All Users Names: UpdatusUser, HomeGroupUser$, Eric Navarro, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\Eric Navarro\AppData\Roaming\
~ %Desktop% : C:\Users\Eric Navarro\Desktop\
~ %Favorites% : C:\Users\Eric Navarro\Favorites\
~ %LocalAppData% : C:\Users\Eric Navarro\AppData\Local\
~ %StartMenu% : C:\Users\Eric Navarro\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 469 Go of 677 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 3 Go of 21 Go)
E:\ CD-ROM drive (Not Inserted)
F:\ CD-ROM drive (Not Inserted)
G:\ CD-ROM drive (Not Inserted)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Security Center: Scanned in 00mn 00s



---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.E13A31D5254C25406A7946BDD9B06364] - (.Microsoft Corporation - Explorateur Windows.) (.11/10/2012 - 08:35:16.) -- C:\Windows\Explorer.exe [2380944]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Application de d�marrage de Windows.) (.26/07/2012 - 04:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.753C0848AE7872A3F59663078A517293] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.21/02/2013 - 11:15:07.) -- C:\Windows\System32\wininet.dll [2240512]
[MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Application d�ouverture de session Windows.) (.11/10/2012 - 06:46:58.) -- C:\Windows\System32\Winlogon.exe [517120]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Biblioth�que de licences.) (.26/07/2012 - 04:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.36D6A3201721558A8AFBCC09C2DA4C2C] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.06/11/2012 - 04:53:44.) -- C:\Windows\system32\Drivers\AFD.sys [560640]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 06:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26/07/2012 - 03:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26/07/2012 - 03:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.09D9EB9E7898F8E6561473A20CC808B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/07/2012 - 03:26:53.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/09/2012 - 07:08:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Pilote de port i8042.) (.26/07/2012 - 03:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.26/07/2012 - 03:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.05/02/2013 - 23:29:09.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.26/07/2012 - 03:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.76929F4A69E425911A63B407E26C2589] - (.Microsoft Corporation - Pilote du syst�me de fichiers NT.) (.02/02/2013 - 11:54:54.) -- C:\Windows\system32\Drivers\ntfs.sys [1933544]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Pilote de port parall�le.) (.26/07/2012 - 03:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26/07/2012 - 03:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Redirecteur de p�riph�rique de Microsoft RDP.) (.26/07/2012 - 03:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 06:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.2FB3CDFD5EAF4CD9D4AFAF96877D13AE] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.26/07/2012 - 05:57:09.) -- C:\Windows\system32\Drivers\volsnap.sys [332016]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 2/34
~ Mes musiques (My Musics) : 1/537
~ Mes Favoris (My Favorites) : 1/8
~ Mes Documents (My Documents) : 2/13461
~ Mon Bureau (My Desktop) : 5/97131
~ Menu demarrer (Programs) : 1/30
~ Hidden Files: Scanned in 01mn 38s



---\\ Processus lanc�s
[MD5.CE3CAFC0FDAE974235EFF64ACBBEEBDD] - (.AuthenTec Inc. - TouchControl.) -- C:\Program Files (x86)\HP SimplePass\TouchControl.exe [3698024] [PID.1988]
[MD5.FA127AC8BDF668903543D29C96B31632] - (...) -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2561488] [PID.1212] =>Toolbar.Babylon
[MD5.B7F55E2AE978D3D34F7876EE5D689AAE] - (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488] [PID.4132]
[MD5.724CB7A116F7E1A67009D751BCF86586] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120] [PID.4140]
[MD5.EDE5216C1A9F67F542D1FA68A8502A40] - (.Pas de propri�taire - IEWebSiteLogon.) -- C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe [4073320] [PID.2836]
[MD5.4458989C34FA84B5A75DD3ABCFBE786A] - (.Pas de propri�taire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624] [PID.6080]
[MD5.47CA2F039FDB67697EE60C260CB8083C] - (.Google - Google Talk.) -- C:\Program Files (x86)\Google\Google Talk\googletalk.exe [3297280] [PID.6124]
[MD5.B7995C675014EEBE77A0BEB7AFCCFC08] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432] [PID.5344]
[MD5.A9732510C6D8E3C954DB2F249AAC9818] - (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512] [PID.5672]
[MD5.9F3655267BA37004F519ABDDB3AEE244] - (.Hewlett-Packard Development Company, L.P. - HP CoolSense.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008] [PID.1668]
[MD5.9DADF1A809ECEC86F04BDE35190D59FE] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe [3147384] [PID.5644]
[MD5.12916E0642E92561C98B18A2A2D01B14] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848] [PID.3048]
[MD5.F80FFD4517C0B8025ECC54FBB30F88C4] - (.SEIKO EPSON CORPORATION - FAX Status Monitor.) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872] [PID.2060]
[MD5.B5A4EBA9487F08BECC843A87422B8052] - (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176] [PID.6228]
[MD5.6F5386A655598F71BAAB2D6B63A69D6A] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [920472] [PID.6776]
[MD5.F834B06933E51E2266DC4858A0E9DD98] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [17304] [PID.6964]
[MD5.680AD8F376970696B45269F074A8A28E] - (.Adobe Systems, Inc. - Adobe Flash Player 11.6 r602.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe [1822424] [PID.5500]
[MD5.858E13176C6332EC966E2299BDD870D0] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [6961664] [PID.6996]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, D�marrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Eric Navarro\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] http://www.delta-search.com =>Toolbar.DeltaSearch
~ Google Browser: Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Eric Navarro\AppData\Roaming\Mozilla\Firefox\Profiles\vkogsvzc.default\prefs.js
C:\Users\Eric Navarro\AppData\Roaming\Mozilla\Firefox\Profiles\vkogsvzc.default\user.js
M3 - MFPP: Plugins - [Eric Navarro] -- C:\Users\Eric Navarro\AppData\Roaming\Mozilla\Firefox\Profiles\vkogsvzc.default\searchplugins\BrowserProtect.xml =>Toolbar.Babylon
M3 - MFPP: Plugins - [Eric Navarro] -- C:\Users\Eric Navarro\AppData\Roaming\Mozilla\Firefox\Profiles\vkogsvzc.default\searchplugins\delta.xml
M3 - MFPP: Plugins - [Eric Navarro] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\babylon.xml =>Toolbar.Babylon
M2 - MFEP: prefs.js [Eric Navarro - vkogsvzc.default\ffxtlbr@delta.com] [] Delta Toolbar v1.5.0 (..)
P2 - FPN: [HKCU] [pandonetworks.com/PandoWebPlugin] - (.Pando Networks - Pando Web Plugin.) -- C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
~ Firefox Browser: 15 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-search.com =>Toolbar.DeltaSearch
~ IE Browser: 11 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 23



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Babylon toolbar helper [64Bits] - {2EECD738-5844-4a99-B4B6-146BF802613B} . (.Babylon BHO - Pas de description.) -- C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.7.2\bh\BabylonToolbar.dll =>Toolbar.Babylon
O2 - BHO: Spybot-S&D IE Protection [64Bits] - {53707962-6F74-2D53-2644-206D7942484F} . (.Safer-Networking Ltd. - Blocks URLs that could install spyware, mal.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: delta Helper Object [64Bits] - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} . (.Delta-search.com - Pas de description.) -- C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll =>Toolbar.DeltaSearch
O2 - BHO: Yontoo Layers [64Bits] - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} . (.Yontoo LLC - Yontoo Runtime.) -- C:\Program Files (x86)\Yontoo\YontooIEClient.dll =>PUP.Yontoo
~ BHO: 10 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) [64Bits] - [HKLM]{9421DD08-935F-4701-A9CA-22DF90AC4EA6} Cl� orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe
O4 - HKLM\..\Run: [BTMTrayAgent] . (.Motorola Solutions, Inc. - Bluetooth Shell Extension.) -- C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe
O4 - HKCU\..\Run: [Vidalia] C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe (.not file.)
O4 - HKCU\..\Run: [Pando Media Booster] . (.Pas de propri�taire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
O4 - HKCU\..\Run: [Epson Stylus Office BX305(R�seau)] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGJE.exe
O4 - HKCU\..\Run: [EPSON46584B (Epson Stylus Office BX305)] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGJE.exe
O4 - HKCU\..\Run: [WengoPhoneNG] C:\Program Files (x86)\WengoPhone\qtwengophone.exe (.not file.)
O4 - HKCU\..\Run: [googletalk] . (.Google - Google Talk.) -- C:\Program Files (x86)\Google\Google Talk\googletalk.exe
O4 - HKLM\..\Wow6432Node\Run: [CLVirtualDrive] . (.CyberLink Corp. - CyberLink Virtual Drive.) -- C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Quick Launch] . (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Wow6432Node\Run: [HP CoolSense] . (.Hewlett-Packard Development Company, L.P. - HP CoolSense.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
O4 - HKLM\..\Wow6432Node\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Wow6432Node\Run: [FUFAXSTM] . (.SEIKO EPSON CORPORATION - FAX Status Monitor.) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
O4 - HKLM\..\Wow6432Node\Run: [SDTray] . (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
O4 - HKUS\S-1-5-18\..\Run: [RapidDrive] . (.Rapidshare AG - RapidDrive.) -- C:\Program Files (x86)\RAPIDSHARE AG\RapidDrive\VirtualDrive.exe
O4 - HKUS\S-1-5-21-1282559180-3753446319-743887448-1002\..\Run: [Vidalia] C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe (.not file.)
O4 - HKUS\S-1-5-21-1282559180-3753446319-743887448-1002\..\Run: [Pando Media Booster] . (.Pas de propri�taire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKUS\S-1-5-21-1282559180-3753446319-743887448-1002\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
O4 - HKUS\S-1-5-21-1282559180-3753446319-743887448-1002\..\Run: [Epson Stylus Office BX305(R�seau)] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGJE.exe
O4 - HKUS\S-1-5-21-1282559180-3753446319-743887448-1002\..\Run: [EPSON46584B (Epson Stylus Office BX305)] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGJE.exe
O4 - HKUS\S-1-5-21-1282559180-3753446319-743887448-1002\..\Run: [WengoPhoneNG] C:\Program Files (x86)\WengoPhone\qtwengophone.exe (.not file.)
O4 - HKUS\S-1-5-21-1282559180-3753446319-743887448-1002\..\Run: [googletalk] . (.Google - Google Talk.) -- C:\Program Files (x86)\Google\Google Talk\googletalk.exe
~ Application: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\QuickLaunch: Spybot-S&D Start Center.lnk . (.Safer-Networking Ltd. - Start Center.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
O4 - GS\QuickLaunch: System Scan.lnk . (.Safer-Networking Ltd. - Malware Scanner.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
O4 - GS\Desktop: Cossacks II.lnk . (...) -- C:\Program Files (x86)\GSC Game World\Cossacks II\Cossacks2.exe
O4 - GS\Desktop: Google Talk.lnk . (.Google - Google Talk.) -- C:\Program Files (x86)\Google\Google Talk\googletalk.exe
O4 - GS\Desktop: M2Fish.lnk . (...) -- C:\Program Files (x86)\M2Fish\M2Fish.exe (.not file.)
O4 - GS\Desktop: Easy Query - Raccourci.lnk . (.Metin2cheat.com - Pas de description.) -- C:\Users\Eric Navarro\Desktop\reprise sp\Easy-Qwery\Easy-Qwery\Easy Query.exe
O4 - GS\Desktop: LaunchIW4M - Raccourci.lnk . (...) -- C:\Users\Eric Navarro\AppData\Local\IW4M\LaunchIW4M.exe
O4 - GS\Desktop: MRV2 - Raccourci.lnk . (.Moustikk-tools - Gestionnaire d'archives Metin�.) -- C:\Program Files (x86)\Metin2 Repacker V2\MRV2.exe
O4 - GS\Desktop: WinSCP.lnk . (.Martin Prikryl - WinSCP: SFTP, FTP and SCP client.) -- C:\Program Files (x86)\WinSCP\WinSCP.exe
~ Global Startup: Scanned in 00mn 00s



---\\ Boutons situ�s sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer � OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBttnIE.dll
O9 - Extra button: Notes &li�es OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBTTN~1.dll
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{5182CB21-4A95-4190-AAB1-290C37DC3322}: DhcpNameServer = 172.168.0.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6929731-E2F4-4F6F-9FBF-6F816D143E23}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{5182CB21-4A95-4190-AAB1-290C37DC3322}: DhcpNameServer = 172.168.0.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{E6929731-E2F4-4F6F-9FBF-6F816D143E23}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.NVIDIA Corporation - NVIDIA shim initialization dll, Version 314.) - C:\Windows\system32\nvinitx.dll
~ AppInit DLL: Scanned in 00mn 00s



---\\ Cl� de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: EldosMountNotificator-cbfs4-0 - {796400FC-0D12-467D-B77E-328BC6976F08} . (.EldoS Corporation - Mount Notifier.) -- C:\Program Files (x86)\Common Files\CBFS\cbfsMntNtf4.dll
~ SSODL: 2 Legitimates Filtered in 00mn 00s



---\\ Cl� de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) [64Bits] - {796400FC-0D12-467D-B77E-328BC6976F08} . (.EldoS Corporation - Mount Notifier.) -- C:\Program Files (x86)\Common Files\CBFS\WOW64\cbfsMntNtf4.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: BrowserProtect (BrowserProtect) . (...) - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe =>Toolbar.Babylon
O23 - Service: FileZillaServer (FileZillaServer) . (.FileZilla Project - FileZilla Server.) - C:\xampp\filezillaftp\filezillaserver.exe
O23 - Service: mysql (mysql) . (...) - C:\xampp\mysql\bin\mysqld.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) . (.Safer-Networking Ltd. - Spybot-S&D 2 Scanner Service.) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) . (.Safer-Networking Ltd. - Spybot-S&D 2 Background update service.) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) . (.Safer-Networking Ltd. - Windows Security Center integration..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Validity WBF Policy Service (valWBFPolicyService) . (...) - C:\Windows\system32\valWBFPolicyService.exe
O23 - Service: Intel(R) PROSet/Wireless Zero Configurat (ZeroConfigService) . (.Intel� Corporation - Intel� PROSet/Wireless Zero Configure Servi.) - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
~ Services: 34 Legitimates Filtered in 00mn 04s



---\\ T�ches planifi�es en automatique (O39)
[MD5.452DB84283EB2F043827AC95D62CE19C] [APT] [Check for updates] (.Safer-Networking Ltd..) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [3487240]
[MD5.36A82C214B46787385F3B0CD02ECAA88] [APT] [Refresh immunization] (.Safer-Networking Ltd..) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [3653656]
[MD5.E4A0900CF535888DDD85B10040CA3E34] [APT] [Scan the system] (.Safer-Networking Ltd..) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [3906584]
~ Scheduled Task: 16 Legitimates Filtered in 00mn 03s



---\\ Logiciels install�s (O42)
O42 - Logiciel: Babylon toolbar - (.BabylonToolbar.) [HKLM][64Bits] -- BabylonToolbar =>Toolbar.Babylon
O42 - Logiciel: BrowserProtect - (.Bit89 Inc.) [HKLM][64Bits] -- {15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} =>Toolbar.Babylon
O42 - Logiciel: Delta toolbar - (.Delta.) [HKLM][64Bits] -- delta
O42 - Logiciel: Easy2Convert PNG to DDS 1.1 - (.Easy2Convert Software.) [HKLM][64Bits] -- {C8F8021F-32E0-455B-921A-1C9E2552BE52}_is1
O42 - Logiciel: Granny Viewer 2.9.1.0 - (.RAD Game Tools, Inc..) [HKLM][64Bits] -- Granny Viewer_is1
O42 - Logiciel: LegendOfMetin version 1 - (.Legend Of Metin.) [HKLM][64Bits] -- {FCF04DA4-4590-4903-9C55-6B777CE393A8}_is1
O42 - Logiciel: M2Fish 4.0 - (.ErpeL.) [HKLM][64Bits] -- M2Fish
O42 - Logiciel: NeoCochon - (...) [HKLM][64Bits] -- NeoCochon
O42 - Logiciel: Omega Online v4 version 4 - (.Omega Online, Inc..) [HKLM][64Bits] -- {C8AA2EA7-7398-4D0F-88B6-7FB6D2B28B03}_is1
O42 - Logiciel: Pando Media Booster - (.Pando Networks Inc..) [HKLM][64Bits] -- {980A182F-E0A2-4A40-94C1-AE0C1235902E}
O42 - Logiciel: RapidDrive - (.RAPIDSHARE AG.) [HKLM][64Bits] -- {FC6BBA62-FA9F-4D00-B61A-613354D389DD}
O42 - Logiciel: WorldOfMetin - (...) [HKLM][64Bits] -- WorldOfMetin
O42 - Logiciel: Yontoo 1.12.02 - (.Yontoo LLC.) [HKLM][64Bits] -- {889DF117-14D1-44EE-9F31-C5FB5D47F68B} =>PUP.Yontoo
O42 - Logiciel: �Torrent - (.BitTorrent Inc..) [HKLM][64Bits] -- uTorrent
~ Logic: 233 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\BI]
[HKCU\Software\BabylonToolbar] =>Toolbar.Babylon
[HKCU\Software\BitTorrent]
[HKCU\Software\DataMngr] =>PUP.Datamngr
[HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr
[HKCU\Software\Delta]
[HKCU\Software\HKEY_LOCAL_MACHINE]
[HKCU\Software\InstallCore] =>PUP.InstallCore
[HKCU\Software\Moustikk-tools]
[HKCU\Software\Moustikk]
[HKCU\Software\Privoxy]
[HKCU\Software\Softonic]
[HKCU\Software\Yurima]
[HKCU\Software\a55d8d9e73ae547]
[HKCU\Software\delta LTD]
[HKCU\Software\fourDeltaOne]
[HKLM\Software\Tarma Installer] =>Toolbar.Tarma
[HKLM\Software\Wow6432Node\Babylon] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\DataMngr] =>PUP.Datamngr
[HKLM\Software\Wow6432Node\Delta]
[HKLM\Software\Wow6432Node\a55d8d9e73ae547]
~ Key Software: 302 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 26/12/2012 - 01:20:03 - [2,343] ----D C:\Program Files (x86)\BabylonToolbar =>Toolbar.Babylon
O43 - CFD: 05/03/2013 - 17:11:35 - [2,769] ----D C:\Program Files (x86)\Delta
O43 - CFD: 16/02/2013 - 21:27:28 - [0] ----D C:\Program Files (x86)\Flvto Converter
O43 - CFD: 27/01/2013 - 16:15:46 - [3,303] ----D C:\Program Files (x86)\Granny Viewer
O43 - CFD: 12/02/2013 - 21:35:45 - [1,842] ----D C:\Program Files (x86)\M2Fish
O43 - CFD: 04/03/2013 - 13:14:16 - [1186,812] ----D C:\Program Files (x86)\Modern Warfare 2
O43 - CFD: 10/02/2013 - 19:55:51 - [1642,788] ----D C:\Program Files (x86)\NeoCochon
O43 - CFD: 25/12/2012 - 16:07:36 - [6,817] ----D C:\Program Files (x86)\PaintTool SAI
O43 - CFD: 11/02/2013 - 15:47:49 - [5,337] ----D C:\Program Files (x86)\RAPIDSHARE AG
O43 - CFD: 24/02/2013 - 02:50:47 - [1282,471] ----D C:\Program Files (x86)\Subagames
O43 - CFD: 13/03/2013 - 19:59:01 - [0] ----D C:\Program Files (x86)\TecmoKoei
O43 - CFD: 25/12/2012 - 03:32:48 - [0,924] ----D C:\Program Files (x86)\uTorrent
O43 - CFD: 18/02/2013 - 23:41:53 - [0,326] ----D C:\Program Files (x86)\Yontoo =>PUP.Yontoo
O43 - CFD: 11/02/2013 - 15:47:51 - [1,079] ----D C:\Program Files (x86)\Common Files\CBFS
O43 - CFD: 26/12/2012 - 01:16:58 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon
O43 - CFD: 08/03/2013 - 03:18:23 - [8,159] ----D C:\ProgramData\BrowserProtect =>Toolbar.Babylon
O43 - CFD: 18/02/2013 - 23:41:51 - [2,572] ----D C:\ProgramData\Tarma Installer =>Toolbar.Tarma
O43 - CFD: 25/08/2012 - 10:12:20 - [43,928] ----D C:\ProgramData\{BE4DD016-EE56-4AC8-9832-69281423A3D4}
O43 - CFD: 26/12/2012 - 01:20:27 - [3,451] ----D C:\Users\Eric Navarro\AppData\Roaming\BabSolution =>Hijacker.BabSolution
O43 - CFD: 26/12/2012 - 01:16:58 - [0,017] ----D C:\Users\Eric Navarro\AppData\Roaming\Babylon =>Toolbar.Babylon
O43 - CFD: 05/03/2013 - 17:11:33 - [0,259] ----D C:\Users\Eric Navarro\AppData\Roaming\Delta
O43 - CFD: 18/02/2013 - 17:45:53 - [0,000] ----D C:\Users\Eric Navarro\AppData\Roaming\Easy2Convert
O43 - CFD: 16/02/2013 - 21:14:32 - [26,555] ----D C:\Users\Eric Navarro\AppData\Roaming\OpenCandy =>Adware.OpenCandy
O43 - CFD: 11/02/2013 - 15:48:07 - [1,593] ----D C:\Users\Eric Navarro\AppData\Roaming\RapidDrive
O43 - CFD: 27/12/2012 - 16:41:47 - [0,023] ----D C:\Users\Eric Navarro\AppData\Roaming\TI ProgramEditor
O43 - CFD: 11/04/2013 - 23:09:11 - [2,643] ----D C:\Users\Eric Navarro\AppData\Roaming\uTorrent
O43 - CFD: 10/04/2013 - 19:40:05 - [0,001] ----D C:\Users\Eric Navarro\AppData\Roaming\WengoPhone
O43 - CFD: 04/03/2013 - 13:14:05 - [32,480] ----D C:\Users\Eric Navarro\AppData\Local\IW4M
O43 - CFD: 11/02/2013 - 15:48:11 - [0,003] ----D C:\Users\Eric Navarro\AppData\Local\Rapidshare_AG
O43 - CFD: 15/02/2013 - 00:20:52 - [0,002] ----D C:\Users\Eric Navarro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ghostscript
O43 - CFD: 03/01/2013 - 14:46:42 - [0] ----D C:\Users\Eric Navarro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\M2Fish
~ Program Folder: 248 Legitimates Filtered in 01mn 05s



---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.4FD2E5BDBBBAB094B65E76908F9FADB3] - 14/04/2013 - 10:34:28 ---A- . (...) -- C:\Windows\SysNative\ApnDatabase.xml [387867]
O44 - LFC:[MD5.4FD2E5BDBBBAB094B65E76908F9FADB3] - 14/04/2013 - 10:34:28 RSHAD . (...) -- C:\Windows\System32\ApnDatabase.xml [387867]
O44 - LFC:[MD5.23948829C6D049B8ADE0E0FB87305AC3] - 11/04/2013 - 18:35:37 ---A- . (.Safer Networking Limited - Pas de description.) -- C:\Windows\SysNative\sdnclean64.exe [17272]
O44 - LFC:[MD5.23948829C6D049B8ADE0E0FB87305AC3] - 11/04/2013 - 18:35:37 RSHAD . (.Safer Networking Limited - Pas de description.) -- C:\Windows\System32\sdnclean64.exe [17272]
~ Files: 146 Legitimates Filtered in 00mn 13s



---\\ Op�rations et fonctions au d�marrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Export de cl� d'application autoris�e (O47)
O47 - AAKE:Key Export SP - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [Enabled] .(.Safer-Networking Ltd..) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
O47 - AAKE:Key Export SP - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" [Enabled] .(.Safer-Networking Ltd..) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O47 - AAKE:Key Export SP - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" [Enabled] .(.Safer-Networking Ltd..) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
O47 - AAKE:Key Export SP - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" [Enabled] .(.Safer-Networking Ltd..) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
~ Keys Export: 4 Legitimates Filtered in 00mn 00s



---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{09260d02-4e02-11e2-be73-84a6c82d3781}\AutoRun\command. (...) -- H:\LaunchU3.exe (.not file.)
O51 - MPSK:{290be249-7f98-11e2-be8c-082e5f756493}\AutoRun\command. (...) -- H:\WD SmartWare.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "AllowLegacyWebView"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "AllowUnhashedWebView"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s



---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.4F18D4C7EA14F11A7211F60D553C03DB] - 26/07/2012 - 06:00:49 ---A- . (.LSI - LSI 3ware SCSI Storport Driver.) -- C:\Windows\System32\Drivers\3ware.sys [106736]
O58 - SDL:[MD5.9131FE60ADFAB595C8DA53AD6A06AA31] - 29/12/2004 - 01:43:08 ---A- . (.INCA Internet Co., Ltd. - nProtect NPSC Kernel Mode Driver for NT.) -- C:\Windows\SysWOW64\npptNT2.sys [4682]
~ Drivers: Scanned in 00mn 00s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Apple Inc. - Safari.) -- C:\Program Files (x86)\Safari\Safari.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: prefs.js [Eric Navarro - vkogsvzc.default] user_pref("avg.install.userHPSettings", "http://www.delta-search.com/?affID=119816&tt=5212_4&babsrc=HP_ss&mntrId=ac60c696000000000[...] =>Toolbar.DeltaSearch
O69 - SBI: prefs.js [Eric Navarro - vkogsvzc.default] user_pref("avg.install.userSPSettings", "Delta Search");
O69 - SBI: prefs.js [Eric Navarro - vkogsvzc.default] user_pref("extensions.BabylonToolbar_i.newTab", true); =>Toolbar.Babylon
O69 - SBI: prefs.js [Eric Navarro - vkogsvzc.default] user_pref("extensions.BabylonToolbar_i.newTabUrl", "http://www.delta-search.com/?affID=119816&tt=5212_4&babsrc=NT_ss&mntrId=ac60c6[...] =>Toolbar.Babylon
O69 - SBI: prefs.js [Eric Navarro - vkogsvzc.default] user_pref("extensions.delta.admin", false);
O69 - SBI: prefs.js [Eric Navarro - vkogsvzc.default] user_pref("extensions.delta.aflt", "babsst");
O69 - SBI: prefs.js [Eric Navarro - vkogsvzc.default] user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
O69 - SBI: prefs.js [Eric Navarro - vkogsvzc.default] user_pref("extensions.delta.autoRvrt", "false");
O69 - SBI: prefs.js [Eric Navarro - vkogsvzc.default] user_pref("extensions.delta.babTrack", "affID=44444&tt=5212_4");
O69 - SBI: prefs.js [Eric Navarro - vkogsvzc.default] user_pref("extensions.delta.bbDpng", "5");
O69 - SBI: prefs.js [Eric Navarro - vkogsvzc.default] user_pref("extensions.delta.cntry", "FR");
O69 - SBI: prefs.js [Eric Navarro - vkogsvzc.default] user_pref("extensions.delta.dfltLng", "en");
O69 - SBI: prefs.js [Eric Navarro - vkogsvzc.default] user_pref("extensions.delta.excTlbr", false);
O69 - SBI: prefs.js [Eric Navarro - vkogsvzc.default] user_pref("extensions.delta.hdrMd5", "A8C34D4B8C2C05CFD5BFD461DCE84886");
O69 - SBI: prefs.js [Eric Navarro - vkogsvzc.default] user_pref("extensions.delta.id", "ac60c69600000000000084a6c82d377e");
O69 - SBI: prefs.js [Eric Navarro - vkogsvzc.default] user_pref("extensions.delta.instlDay", "15769");
O69 - SBI: prefs.js [Eric Navarro - vkogsvzc.default] user_pref("extensions.delta.instlRef", "sst");
O69 - SBI: prefs.js [Eric Navarro - vkogsvzc.default] user_pref("extensions.delta.lastVrsnTs", "1.8.10.016:11:41");
O69 - SBI: prefs.js [Eric Navarro - vkogsvzc.default] user_pref("extensions.delta.newTab", false);
O69 - SBI: prefs.js [Eric Navarro - vkogsvzc.default] user_pref("extensions.delta.prdct", "delta");
O69 - SBI: prefs.js [Eric Navarro - vkogsvzc.default] user_pref("extensions.delta.prtnrId", "delta");
O69 - SBI: prefs.js [Eric Navarro - vkogsvzc.default] user_pref("extensions.delta.rvrt", "false");
O69 - SBI: prefs.js [Eric Navarro - vkogsvzc.default] user_pref("extensions.delta.sg", "azb");
O69 - SBI: prefs.js [Eric Navarro - vkogsvzc.default] user_pref("extensions.delta.smplGrp", "none");
O69 - SBI: prefs.js [Eric Navarro - vkogsvzc.default] user_pref("extensions.delta.tlbrId", "base");
O69 - SBI: prefs.js [Eric Navarro - vkogsvzc.default] user_pref("extensions.delta.tlbrSrchUrl", "");
O69 - SBI: prefs.js [Eric Navarro - vkogsvzc.default] user_pref("extensions.delta.vrsn", "1.8.10.0");
O69 - SBI: prefs.js [Eric Navarro - vkogsvzc.default] user_pref("extensions.delta.vrsnTs", "1.8.10.016:11:41");
O69 - SBI: prefs.js [Eric Navarro - vkogsvzc.default] user_pref("extensions.delta.vrsni", "1.8.10.0");
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} [DefaultScope] - (Delta Search) - http://www.delta-search.com =>Toolbar.DeltaSearch
O69 - SBI: SearchScopes [HKCU] {2fa28606-de77-4029-af96-b231e3b8f827} - (Ask.com) - http://eu.ask.com
O69 - SBI: SearchScopes [HKCU] {B3F433C2-BDF0-4F08-96D9-5C8650ED8717} - (Propositions de recherche Amazon.fr) - http://www.amazon.fr
O69 - SBI: SearchScopes [HKCU] {b7fca997-d0fb-4fe0-8afd-255e89cf9671} - (Yahoo) - http://fr.search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {D944BB61-2E34-4DBF-A683-47E505C587DC} - (eBay) - http://rover.ebay.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche particuliere � la racine de certains dossiers (O84)
[MD5.BE65A68CAF476E39FF62AF6813D0198F] [SPRF][02/11/2004] (...) -- C:\Users\Eric Navarro\AppData\Local\Temp\unrar.dll [158720]
[MD5.A205551E7BA8580D2C0FF896A4D79FA9] [SPRF][31/08/2007] (.Macrovision Corporation - Setup.exe.) -- C:\Users\Eric Navarro\AppData\Local\Temp\_is34DD.exe [460248]
[MD5.A205551E7BA8580D2C0FF896A4D79FA9] [SPRF][31/08/2007] (.Macrovision Corporation - Setup.exe.) -- C:\Users\Eric Navarro\AppData\Local\Temp\_isBE4.exe [460248]
[MD5.3E0EC6EEE3720FE16766A23E6DBBED86] [SPRF][16/01/2013] (...) -- C:\Users\Eric Navarro\Desktop\Bot yang v2.2.exe [314969]
[MD5.E09274F8B958644EBBD3A9D2591476DB] [SPRF][04/07/2012] (...) -- C:\Users\Eric Navarro\Desktop\ESP-AimBot.exe [330240]
[MD5.0B112953FA261B857A577AFCA725AF1D] [SPRF][21/04/2013] (...) -- C:\Users\Eric Navarro\Desktop\g�n�rateur de query V1.1.exe [335729]
[MD5.A0B0174B19B40061056541302CE7A9C0] [SPRF][18/04/2013] (...) -- C:\Users\Eric Navarro\Desktop\Pokemon Version Platine.sav [1048576]
[MD5.D69875891AD94842059D968DE3FAA497] [SPRF][22/05/2009] (...) -- C:\Users\Eric Navarro\Desktop\Pokesav_Platinum_006d_FR_12.exe [411648]
~ Files: Scanned in 00mn 00s



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{643AD4C3-DA4D-4748-A133-306D5B943B41}" | In - None - P6 - TRUE | .(.BitTorrent, Inc. - �Torrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
O87 - FAEL: "{3C044919-C07A-41F6-80D4-71E9CC248CF9}" | In - None - P17 - TRUE | .(.BitTorrent, Inc. - �Torrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
O87 - FAEL: "TCP Query User{96D4F922-EF91-4759-A6BA-7470357B400F}C:\program files (x86)\metin2\metin2memory\lanceurfenetre.exe" | In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\metin2\metin2memory\lanceurfenetre.exe
O87 - FAEL: "UDP Query User{B82055E9-1207-4A19-ACDD-95BD4786BE15}C:\program files (x86)\metin2\metin2memory\lanceurfenetre.exe" | In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\metin2\metin2memory\lanceurfenetre.exe
O87 - FAEL: "TCP Query User{C5064B3B-1DBB-4712-9687-287B445773D6}C:\program files (x86)\metin2\metin2\metin2client.bin" | In - Private - P6 - TRUE | .(.Ymir Entertainment - Metin2Client.) -- C:\program files (x86)\metin2\metin2\metin2client.bin
O87 - FAEL: "UDP Query User{4EC53907-CFC0-46E3-A7A0-620065CADFDA}C:\program files (x86)\metin2\metin2\metin2client.bin" | In - Private - P17 - TRUE | .(.Ymir Entertainment - Metin2Client.) -- C:\program files (x86)\metin2\metin2\metin2client.bin
O87 - FAEL: "TCP Query User{18ECE23C-9CB2-414C-BB56-C7CF2FB34E4F}C:\program files (x86)\metin2\metin2memory\lanceurfenetre.exe" | In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\metin2\metin2memory\lanceurfenetre.exe
O87 - FAEL: "UDP Query User{D516F87C-70BE-43B8-8BA7-ADAA253ADE08}C:\program files (x86)\metin2\metin2memory\lanceurfenetre.exe" | In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\metin2\metin2memory\lanceurfenetre.exe
O87 - FAEL: "TCP Query User{DBA8985D-800A-4F98-9611-CE8360503243}C:\users\eric navarro\downloads\fail online\fail online\serv.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\eric navarro\downloads\fail online\fail online\serv.exe (.not file.)
O87 - FAEL: "UDP Query User{715B43C6-A473-4392-A4EF-F6911F8AE345}C:\users\eric navarro\downloads\fail online\fail online\serv.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\eric navarro\downloads\fail online\fail online\serv.exe (.not file.)
O87 - FAEL: "TCP Query User{36838ACF-0ADF-49ED-B582-2C2E07DC0A4F}C:\program files (x86)\metin2\fail online\serv.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\metin2\fail online\serv.exe (.not file.)
O87 - FAEL: "UDP Query User{0817DB39-51F8-4FCE-B24C-C9AA4238395D}C:\program files (x86)\metin2\fail online\serv.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\metin2\fail online\serv.exe (.not file.)
O87 - FAEL: "TCP Query User{184480E0-ED5B-4288-A1C3-E2AB236EB12A}C:\program files (x86)\metin2\metin2 fail online\serv.exe" | In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\metin2\metin2 fail online\serv.exe
O87 - FAEL: "UDP Query User{9C93A6EE-34A6-4F94-A918-08A85E40C2BD}C:\program files (x86)\metin2\metin2 fail online\serv.exe" | In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\metin2\metin2 fail online\serv.exe
O87 - FAEL: "TCP Query User{1309DCF0-8639-4471-AF44-D6E25474101B}C:\program files (x86)\metin2\metin2\metin2client.bin" | In - Public - P6 - TRUE | .(.Ymir Entertainment - Metin2Client.) -- C:\program files (x86)\metin2\metin2\metin2client.bin
O87 - FAEL: "UDP Query User{0F68DE52-ED36-4206-B88E-CB7B9ECA7821}C:\program files (x86)\metin2\metin2\metin2client.bin" | In - Public - P17 - TRUE | .(.Ymir Entertainment - Metin2Client.) -- C:\program files (x86)\metin2\metin2\metin2client.bin
O87 - FAEL: "TCP Query User{52091A67-7E0A-4CDC-A323-352DB878D24F}C:\program files (x86)\metin2\metin2 fail online\serv.exe" | In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\metin2\metin2 fail online\serv.exe
O87 - FAEL: "UDP Query User{4100104C-E356-4C03-AE90-90D74375F9D8}C:\program files (x86)\metin2\metin2 fail online\serv.exe" | In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\metin2\metin2 fail online\serv.exe
O87 - FAEL: "TCP Query User{4D2EC3B0-F84E-4648-987D-D08070A6FF40}H:\eric\client metin 2\metin2\metin2 fail online\serv.exe" |In - Private - P6 - TRUE | .(...) -- H:\eric\client metin 2\metin2\metin2 fail online\serv.exe (.not file.)
O87 - FAEL: "UDP Query User{23D3AAC4-22DF-42CA-9B06-360600E3C2BD}H:\eric\client metin 2\metin2\metin2 fail online\serv.exe" |In - Private - P17 - TRUE | .(...) -- H:\eric\client metin 2\metin2\metin2 fail online\serv.exe (.not file.)
O87 - FAEL: "TCP Query User{50749365-38F1-4B12-8BC4-12FE0430A4C2}H:\modern warfare 2\iw4mp.exe" |In - Private - P6 - TRUE | .(...) -- H:\modern warfare 2\iw4mp.exe (.not file.)
O87 - FAEL: "UDP Query User{9F6FEA16-BCE5-485F-92BF-7C1E781FCF71}H:\modern warfare 2\iw4mp.exe" |In - Private - P17 - TRUE | .(...) -- H:\modern warfare 2\iw4mp.exe (.not file.)
O87 - FAEL: "TCP Query User{2C1868CB-EA6B-4E40-944E-8FB4F0FAF991}H:\modern warfare 2\iw4mp.dat" |In - Private - P6 - TRUE | .(...) -- H:\modern warfare 2\iw4mp.dat (.not file.)
O87 - FAEL: "UDP Query User{6EC75D60-2AB7-4D2B-BBDB-50E757B7FB4C}H:\modern warfare 2\iw4mp.dat" |In - Private - P17 - TRUE | .(...) -- H:\modern warfare 2\iw4mp.dat (.not file.)
O87 - FAEL: "TCP Query User{5AAAB53A-467F-48DD-9F26-D2B6AA3B133C}H:\modern warfare 2\iw4m.exe" |In - Private - P6 - TRUE | .(...) -- H:\modern warfare 2\iw4m.exe (.not file.)
O87 - FAEL: "UDP Query User{A4EF82D5-BC0E-4B94-885E-DE625674C75D}H:\modern warfare 2\iw4m.exe" |In - Private - P17 - TRUE | .(...) -- H:\modern warfare 2\iw4m.exe (.not file.)
O87 - FAEL: "TCP Query User{CF2D84E4-517C-4BE4-A234-08BA25365CFD}H:\modern warfare 2\iw4m2p.exe" |In - Private - P6 - TRUE | .(...) -- H:\modern warfare 2\iw4m2p.exe (.not file.)
O87 - FAEL: "UDP Query User{72A6F53E-904E-48BC-A7FC-5D1F1E173042}H:\modern warfare 2\iw4m2p.exe" |In - Private - P17 - TRUE | .(...) -- H:\modern warfare 2\iw4m2p.exe (.not file.)
O87 - FAEL: "TCP Query User{3E16D7E2-35BB-4E8C-AC0A-78E0243A9E4C}H:\eric\modern warfare 2\iw4mp.exe" |In - Private - P6 - TRUE | .(...) -- H:\eric\modern warfare 2\iw4mp.exe (.not file.)
O87 - FAEL: "UDP Query User{59E0BD3A-56C9-4DE3-AC00-AE3C35C108AC}H:\eric\modern warfare 2\iw4mp.exe" |In - Private - P17 - TRUE | .(...) -- H:\eric\modern warfare 2\iw4mp.exe (.not file.)
O87 - FAEL: "TCP Query User{B0BBAD1C-0BF5-41A6-BE4D-F01DCB6010A0}H:\eric\modern warfare 2\iw4mp.dat" |In - Private - P6 - TRUE | .(...) -- H:\eric\modern warfare 2\iw4mp.dat (.not file.)
O87 - FAEL: "UDP Query User{61989852-4014-41AC-A574-EDDFC2E03B1E}H:\eric\modern warfare 2\iw4mp.dat" |In - Private - P17 - TRUE | .(...) -- H:\eric\modern warfare 2\iw4mp.dat (.not file.)
O87 - FAEL: "TCP Query User{FA83A7B1-3369-42C5-99FD-2800FD1D52D2}H:\modern warfare 2\iw4.exe" |In - Private - P6 - TRUE | .(...) -- H:\modern warfare 2\iw4.exe (.not file.)
O87 - FAEL: "UDP Query User{6E1E70B5-1EE8-4A3D-AA2B-D430147867A2}H:\modern warfare 2\iw4.exe" |In - Private - P17 - TRUE | .(...) -- H:\modern warfare 2\iw4.exe (.not file.)
O87 - FAEL: "TCP Query User{D0AE98C3-F43E-4301-B5D2-CCF6545AD637}C:\program files (x86)\modern warfare 2\iw4.exe" | In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\modern warfare 2\iw4.exe
O87 - FAEL: "UDP Query User{14C6C2C5-D2A0-4729-9369-546EB381BF27}C:\program files (x86)\modern warfare 2\iw4.exe" | In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\modern warfare 2\iw4.exe
O87 - FAEL: "TCP Query User{B7411880-4BB0-439A-960F-CE1CE49EBBA5}C:\program files (x86)\modern warfare 2\iw4m.exe" | In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\modern warfare 2\iw4m.exe
O87 - FAEL: "UDP Query User{A75AB6B0-A32A-4737-8C4F-076D300FE29E}C:\program files (x86)\modern warfare 2\iw4m.exe" | In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\modern warfare 2\iw4m.exe
O87 - FAEL: "TCP Query User{68748AA4-552F-451E-862F-DC0E05A5BDDF}C:\program files (x86)\modern warfare 2\iw4mp.dat" | In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\modern warfare 2\iw4mp.dat
O87 - FAEL: "UDP Query User{EED702D9-88AA-4ABF-BF77-C0F3C0781FE4}C:\program files (x86)\modern warfare 2\iw4mp.dat" | In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\modern warfare 2\iw4mp.dat
O87 - FAEL: "TCP Query User{8280AE70-EB3D-4741-A5B0-E9095D549D01}C:\program files (x86)\modern warfare 2\iw4mp.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\modern warfare 2\iw4mp.exe (.not file.)
O87 - FAEL: "UDP Query User{05B090BB-7625-4D86-828D-E3CD538E5B91}C:\program files (x86)\modern warfare 2\iw4mp.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\modern warfare 2\iw4mp.exe (.not file.)
O87 - FAEL: "TCP Query User{A6AE4C57-62CC-4604-8DFE-6BF64E74F54F}C:\program files (x86)\modern warfare 2\iw4mpcrk.exe" | In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\modern warfare 2\iw4mpcrk.exe
O87 - FAEL: "UDP Query User{15208C9A-0582-4047-AD37-356230EE62F2}C:\program files (x86)\modern warfare 2\iw4mpcrk.exe" | In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\modern warfare 2\iw4mpcrk.exe
O87 - FAEL: "TCP Query User{F1E464B1-4FDF-467A-B3FC-4785CA1E0677}C:\program files (x86)\modern warfare 2\iw4mpold.exe" | In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\modern warfare 2\iw4mpold.exe
O87 - FAEL: "UDP Query User{71F7C98B-C45C-4B41-B730-7A936094EB58}C:\program files (x86)\modern warfare 2\iw4mpold.exe" | In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\modern warfare 2\iw4mpold.exe
O87 - FAEL: "TCP Query User{B5CFA82F-C24E-4707-93B1-FC1F0FA2117A}C:\program files (x86)\modern warfare 2\iw42mp.exe" | In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\modern warfare 2\iw42mp.exe
O87 - FAEL: "UDP Query User{921E48B3-181D-42B3-A3E8-549D4B0D9A01}C:\program files (x86)\modern warfare 2\iw42mp.exe" | In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\modern warfare 2\iw42mp.exe
O87 - FAEL: "TCP Query User{73B81091-C3F8-459A-BB76-75F9D5B5EEAD}C:\users\eric navarro\appdata\local\iw4m\iw4m.dat" | In - Private - P6 - TRUE | .(...) -- C:\users\eric navarro\appdata\local\iw4m\iw4m.dat
O87 - FAEL: "UDP Query User{6349DE19-8D8B-41D1-A515-0C29D0112D2F}C:\users\eric navarro\appdata\local\iw4m\iw4m.dat" | In - Private - P17 - TRUE | .(...) -- C:\users\eric navarro\appdata\local\iw4m\iw4m.dat
O87 - FAEL: "TCP Query User{6E1EC825-0319-4D1D-8B96-05F40743780F}C:\program files (x86)\metin2\metin2mage\metin2client.exe" | In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\metin2\metin2mage\metin2client.exe
O87 - FAEL: "UDP Query User{987E2B97-3C1E-4406-89C9-C699816108E8}C:\program files (x86)\metin2\metin2mage\metin2client.exe" | In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\metin2\metin2mage\metin2client.exe
O87 - FAEL: "TCP Query User{621E6939-1DF1-4935-99A0-F82969C63761}H:\eric\client metin 2\neocochon\metin2client.exe" |In - Private - P6 - TRUE | .(...) -- H:\eric\client metin 2\neocochon\metin2client.exe (.not file.)
O87 - FAEL: "UDP Query User{B5EA47BA-3D84-4114-94F8-761E4DA34FE7}H:\eric\client metin 2\neocochon\metin2client.exe" |In - Private - P17 - TRUE | .(...) -- H:\eric\client metin 2\neocochon\metin2client.exe (.not file.)
O87 - FAEL: "TCP Query User{A2E8C0D1-CF54-4B5F-96E5-7466D2DEFD78}H:\eric\tout pour sp\neocochon\metin2client.exe" |In - Private - P6 - TRUE | .(...) -- H:\eric\tout pour sp\neocochon\metin2client.exe (.not file.)
O87 - FAEL: "UDP Query User{8C6DE336-4738-409C-AD11-3D22571CDE9C}H:\eric\tout pour sp\neocochon\metin2client.exe" |In - Private - P17 - TRUE | .(...) -- H:\eric\tout pour sp\neocochon\metin2client.exe (.not file.)
O87 - FAEL: "TCP Query User{5142127B-2883-4362-995C-98065BC0A5FD}C:\xampp\mysql\bin\mysqld.exe" | In - Private - P6 - TRUE | .(...) -- C:\xampp\mysql\bin\mysqld.exe
O87 - FAEL: "UDP Query User{3B0CBA80-5079-4B10-8A1F-41BD54E3D273}C:\xampp\mysql\bin\mysqld.exe" | In - Private - P17 - TRUE | .(...) -- C:\xampp\mysql\bin\mysqld.exe
O87 - FAEL: "TCP Query User{10635326-BA76-4842-A6F8-B8CA8BA8EBBB}H:\eric\client metin 2\history_v2\metin2client.exe" |In - Private - P6 - TRUE | .(...) -- H:\eric\client metin 2\history_v2\metin2client.exe (.not file.)
O87 - FAEL: "UDP Query User{7C2EDB50-49E4-45B3-99C7-7737DF90D414}H:\eric\client metin 2\history_v2\metin2client.exe" |In - Private - P17 - TRUE | .(...) -- H:\eric\client metin 2\history_v2\metin2client.exe (.not file.)
O87 - FAEL: "TCP Query User{EB7C3CD5-BD3C-407D-BDC4-42B508228012}C:\program files (x86)\metin2\neocochon\metin2client.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\metin2\neocochon\metin2client.exe (.not file.)
O87 - FAEL: "UDP Query User{0685B247-347D-4B25-B07F-F1C567A81DFE}C:\program files (x86)\metin2\neocochon\metin2client.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\metin2\neocochon\metin2client.exe (.not file.)
O87 - FAEL: "TCP Query User{FBCD76FB-E16F-434F-9FCA-8D9F327A200A}H:\eric\client metin 2\omega-online_v3\omegaonline.exe" |In - Private - P6 - TRUE | .(...) -- H:\eric\client metin 2\omega-online_v3\omegaonline.exe (.not file.)
O87 - FAEL: "UDP Query User{443F9EC9-B9E6-41EF-8D5A-6D5201325D04}H:\eric\client metin 2\omega-online_v3\omegaonline.exe" |In - Private - P17 - TRUE | .(...) -- H:\eric\client metin 2\omega-online_v3\omegaonline.exe (.not file.)
O87 - FAEL: "TCP Query User{38AE67AC-A815-4DFF-8171-2D7D48A77FFA}H:\eric\omega-online_v3\omegaonline.exe" |In - Private - P6 - TRUE | .(...) -- H:\eric\omega-online_v3\omegaonline.exe (.not file.)
O87 - FAEL: "UDP Query User{A6E97620-FD44-4164-A038-EFCB19F69E3C}H:\eric\omega-online_v3\omegaonline.exe" |In - Private - P17 - TRUE | .(...) -- H:\eric\omega-online_v3\omegaonline.exe (.not file.)
O87 - FAEL: "TCP Query User{FC2AFE96-FB8A-4AD5-8C54-21F7F20473B2}C:\program files (x86)\winscp\winscp.exe" | In - Private - P6 - TRUE | .(.Martin Prikryl - WinSCP: SFTP, FTP and SCP client.) -- C:\program files (x86)\winscp\winscp.exe
O87 - FAEL: "UDP Query User{D2B5DB38-7419-46F0-9531-F7FBC64FD00F}C:\program files (x86)\winscp\winscp.exe" | In - Private - P17 - TRUE | .(.Martin Prikryl - WinSCP: SFTP, FTP and SCP client.) -- C:\program files (x86)\winscp\winscp.exe
O87 - FAEL: "TCP Query User{1E104449-E2AD-4123-830B-BFB87824333A}C:\program files (x86)\metin2\neocochon\neocochon.exe" | In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\metin2\neocochon\neocochon.exe
O87 - FAEL: "UDP Query User{50958A84-5905-4355-98BC-7CD460EC6D5A}C:\program files (x86)\metin2\neocochon\neocochon.exe" | In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\metin2\neocochon\neocochon.exe
O87 - FAEL: "TCP Query User{026697AC-B66F-4609-9BC5-302D6260917A}C:\program files (x86)\metin2\client neocochon en ligne\neocochon\metin2.bin" | In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\metin2\client neocochon en ligne\neocochon\metin2.bin
O87 - FAEL: "UDP Query User{DF610344-E5B8-4668-99CC-69015F485282}C:\program files (x86)\metin2\client neocochon en ligne\neocochon\metin2.bin" | In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\metin2\client neocochon en ligne\neocochon\metin2.bin
O87 - FAEL: "TCP Query User{00B42290-B675-4CA5-B350-01C729F5F2C3}C:\program files (x86)\metin2\neocochon\metin2.bin" | In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\metin2\neocochon\metin2.bin
O87 - FAEL: "UDP Query User{829F8999-FB48-41D9-93E1-51B716688864}C:\program files (x86)\metin2\neocochon\metin2.bin" | In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\metin2\neocochon\metin2.bin
O87 - FAEL: "TCP Query User{64E23778-668E-46DC-8C4D-5B2791607808}C:\program files (x86)\neocochon\neocochon\metin2.bin" | In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\neocochon\neocochon\metin2.bin
O87 - FAEL: "UDP Query User{207042BF-CE42-434C-9E25-E7DB774AD4D0}C:\program files (x86)\neocochon\neocochon\metin2.bin" | In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\neocochon\neocochon\metin2.bin
O87 - FAEL: "TCP Query User{29BE44D0-21F2-46EF-A35E-04D5585DD7F1}C:\program files (x86)\winscp\winscp.exe" | In - Public - P6 - TRUE | .(.Martin Prikryl - WinSCP: SFTP, FTP and SCP client.) -- C:\program files (x86)\winscp\winscp.exe
O87 - FAEL: "UDP Query User{5AB6E855-CE36-4005-9B96-E447598ACEA7}C:\program files (x86)\winscp\winscp.exe" | In - Public - P17 - TRUE | .(.Martin Prikryl - WinSCP: SFTP, FTP and SCP client.) -- C:\program files (x86)\winscp\winscp.exe
O87 - FAEL: "TCP Query User{F83C3F21-0FD6-45B4-98E8-A02FFADDBCBA}C:\program files (x86)\metin2\metin2 b�ta\metin2client.bin" | In - Private - P6 - TRUE | .(.Ymir Entertainment.) -- C:\program files (x86)\metin2\metin2 b�ta\metin2client.bin
O87 - FAEL: "UDP Query User{F39EC58B-E4E3-484A-B662-34B9FF970EED}C:\program files (x86)\metin2\metin2 b�ta\metin2client.bin" | In - Private - P17 - TRUE | .(.Ymir Entertainment.) -- C:\program files (x86)\metin2\metin2 b�ta\metin2client.bin
O87 - FAEL: "TCP Query User{FBF5D106-A106-4A5F-AE60-58F4458A6528}C:\program files (x86)\metin2\metin2 b�ta - copie\metin2client.bin" | In - Private - P6 - TRUE | .(.Ymir Entertainment.) -- C:\program files (x86)\metin2\metin2 b�ta - copie\metin2client.bin
O87 - FAEL: "UDP Query User{6AB05678-004A-47A0-AA90-CDF1A69CB473}C:\program files (x86)\metin2\metin2 b�ta - copie\metin2client.bin" | In - Private - P17 - TRUE | .(.Ymir Entertainment.) -- C:\program files (x86)\metin2\metin2 b�ta - copie\metin2client.bin
O87 - FAEL: "TCP Query User{CAD933A9-82CE-45AB-B33F-3A030CF65FF3}C:\users\eric navarro\appdata\local\iw4m\iw4m.dat" | In - Public - P6 - TRUE | .(...) -- C:\users\eric navarro\appdata\local\iw4m\iw4m.dat
O87 - FAEL: "UDP Query User{EEE85927-0A51-49AF-9684-A7DFE5F57A19}C:\users\eric navarro\appdata\local\iw4m\iw4m.dat" | In - Public - P17 - TRUE | .(...) -- C:\users\eric navarro\appdata\local\iw4m\iw4m.dat
O87 - FAEL: "{14490276-1359-412A-9D15-13FB5296F97D}" | In - Domain - P6 - TRUE | .(.Pas de propri�taire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O87 - FAEL: "{C14EB5EE-F003-43A7-BC54-D218CBC7A3F3}" | In - Domain - P17 - TRUE | .(.Pas de propri�taire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O87 - FAEL: "{BD368822-2998-4349-B1C3-A6B9FB3604C8}" | In - Private - P6 - TRUE | .(.Pas de propri�taire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O87 - FAEL: "{9DE5FD5B-8535-4BD5-A6F2-30343F77658D}" | In - Private - P17 - TRUE | .(.Pas de propri�taire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O87 - FAEL: "{601DA6AF-F46A-44A6-8609-8A79FF9FCD2C}" | In - None - P17 - TRUE | .(.Pas de propri�taire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O87 - FAEL: "TCP Query User{07A8B881-D94D-46E1-8214-BD0E596DF7ED}C:\program files (x86)\metin2\legendofmetin\metin2client.exe" | In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\metin2\legendofmetin\metin2client.exe
O87 - FAEL: "UDP Query User{7C17F556-C2A8-4BB6-B66A-277D8658B867}C:\program files (x86)\metin2\legendofmetin\metin2client.exe" | In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\metin2\legendofmetin\metin2client.exe
O87 - FAEL: "TCP Query User{87B639D5-AA25-469C-92D0-5213B4626AA7}C:\program files (x86)\metin2\worldofmetin\worldofmetin.exe" | In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\metin2\worldofmetin\worldofmetin.exe
O87 - FAEL: "UDP Query User{E0CB2C8C-7F48-46BC-BF44-4D4AC034F3C7}C:\program files (x86)\metin2\worldofmetin\worldofmetin.exe" | In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\metin2\worldofmetin\worldofmetin.exe
O87 - FAEL: "TCP Query User{568B4470-3E9A-4F56-920E-E2C30EAEA150}C:\program files (x86)\metin2\roleria2 v2.6\roleria.exe" | In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\metin2\roleria2 v2.6\roleria.exe
O87 - FAEL: "UDP Query User{6F380823-A6F3-418B-80C5-4AC195CE6F41}C:\program files (x86)\metin2\roleria2 v2.6\roleria.exe" | In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\metin2\roleria2 v2.6\roleria.exe
O87 - FAEL: "TCP Query User{EC0F1731-1D53-4968-973C-E25099931339}C:\program files (x86)\metin2\omega online v4\client.exe" | In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\metin2\omega online v4\client.exe
O87 - FAEL: "UDP Query User{62EEFA1D-5864-44DC-91D3-EB20BB8B145A}C:\program files (x86)\metin2\omega online v4\client.exe" | In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\metin2\omega online v4\client.exe
O87 - FAEL: "TCP Query User{8DB92314-109B-4923-8E54-402F53854C0A}C:\program files (x86)\metin2\omega online v4\client.exe" | In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\metin2\omega online v4\client.exe
O87 - FAEL: "UDP Query User{02451A5C-7F2A-46C9-8777-3AD002E85B8B}C:\program files (x86)\metin2\omega online v4\client.exe" | In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\metin2\omega online v4\client.exe
~ Firewall: 364 Legitimates Filtered in 00mn 05s



---\\ Scan Additionnel (O88)
Database Version : v2.11647 - (22/04/2013)
Cl�s trouv�es (Keys found) : 146
Valeurs trouv�es (Values found) : 1
Dossiers trouv�s (Folders found) : 10
Fichiers trouv�s (Files found) : 2

[HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}] =>Adware.Yontoo
[HKCU\Software\delta LTD] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}] =>Adware.Yontoo
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}] =>Toolbar.Babylon
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}] =>Toolbar.Babylon
[HKLM\Software\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon
[HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon
[HKLM\Software\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Adware.AskSBAR
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}] =>Toolbar.Babylon
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}] =>Adware.Yontoo
[HKLM\Software\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper
[HKLM\Software\Wow6432Node\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper
[HKLM\Software\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}] =>Adware.Yontoo
[HKLM\Software\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}] =>Adware.Yontoo
[HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon
[HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] =>Adware.Yontoo
[HKLM\Software\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] =>Adware.Yontoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] =>Adware.Yontoo
[HKLM\Software\Classes\AppID\escort.dll] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\escortapp.dll] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\escorteng.dll] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\esrv.EXE] =>Toolbar.Babylon
[HKLM\Software\Classes\b] =>Toolbar.Babylon
[HKLM\Software\Classes\Babylon.dskBnd] =>Toolbar.Babylon
[HKLM\Software\Classes\Babylon.dskBnd.1] =>Toolbar.Babylon
[HKLM\Software\Classes\bbylnApp.appCore] =>Toolbar.Babylon
[HKLM\Software\Classes\bbylnApp.appCore.1] =>Toolbar.Babylon
[HKLM\Software\Classes\escort.escortIEPane] =>PUP.Funmoods
[HKLM\Software\Classes\escort.escortIEPane.1] =>PUP.Funmoods
[HKLM\Software\Classes\esrv.BabylonESrvc] =>Toolbar.Babylon
[HKLM\Software\Classes\esrv.BabylonESrvc.1] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb] =>Toolbar.Babylon
[HKCU\Software\BabylonToolbar] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\BabylonToolbar] =>Toolbar.Babylon
[HKCU\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\DataMngr] =>Adware.Bandoo
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKLM\Software\Tarma Installer] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings] =>PUP.BProtector
[HKLM\Software\Classes\Installer\Features\6207E55EA2FE71A4AA7ABD89AEF31D1B] =>PUP.DealPly
[HKLM\Software\Classes\Installer\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B] =>PUP.DealPly
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B] =>PUP.DealPly
[HKLM\Software\Wow6432Node\Classes\Installer\Features\6207E55EA2FE71A4AA7ABD89AEF31D1B] =>PUP.DealPly
[HKLM\Software\Wow6432Node\Classes\Installer\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B] =>PUP.DealPly
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}] =>PUP.Funmoods
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller] =>Adware.MegaSearch
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}] =>PUP.BProtector
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\delta.deltaappCore] =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltaappCore.1] =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltadskBnd] =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltadskBnd.1] =>PUP.Funmoods
[HKLM\Software\Classes\AppID\ESRV.EXE] =>Adware.Facemoods
[HKLM\Software\Wow6432Node\Martin Prikryl\OpenCandy] =>Adware.OpenCandy
[HKLM\Software\Classes\delta.deltaHlpr] =>toolbar.DeltaSearch
[HKLM\Software\Classes\delta.deltaHlpr.1] =>toolbar.DeltaSearch
[HKLM\Software\Classes\esrv.deltaESrvc] =>toolbar.DeltaSearch
[HKLM\Software\Classes\esrv.deltaESrvc.1] =>toolbar.DeltaSearch
[HKLM\Software\Classes\YontooIEClient.Api] =>Adware.Yontoo
[HKLM\Software\Classes\YontooIEClient.Api.1] =>Adware.Yontoo
[HKLM\Software\Classes\YontooIEClient.Layers] =>Adware.Yontoo
[HKLM\Software\Classes\YontooIEClient.Layers.1] =>Adware.Yontoo
[HKLM\Software\Classes\AppID\escort.DLL] =>PUP.Funmoods
[HKLM\Software\Classes\AppID\escortApp.DLL] =>PUP.Funmoods
[HKLM\Software\Classes\AppID\escortEng.DLL] =>PUP.Funmoods
[HKLM\Software\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods
[HKLM\Software\Classes\AppID\YontooIEClient.DLL] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Classes\delta.deltaappCore] =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltaappCore.1] =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltadskBnd] =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltadskBnd.1] =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltaHlpr] =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltaHlpr.1] =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\esrv.deltaESrvc] =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\esrv.deltaESrvc.1] =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\escort.escortIEPane] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\escort.escortIEPane.1] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\YontooIEClient.Api] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Classes\YontooIEClient.Api.1] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Classes\YontooIEClient.Layers] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Classes\YontooIEClient.Layers.1] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Classes\AppID\escort.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\escortApp.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\escortEng.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\YontooIEClient.DLL] =>Adware.Yontoo
[HKCU\Software\Mozilla\Firefox\Extensions]:{0F827075-B026-42F3-885D-98981EE7B1AE} =>Toolbar.Babylon
C:\Program Files (x86)\yontoo =>Adware.Yontoo
C:\Program Files (x86)\BabylonToolbar =>Toolbar.Babylon
C:\ProgramData\Babylon =>Toolbar.Babylon
C:\Users\Eric Navarro\AppData\Roaming\Babylon =>Toolbar.Babylon
C:\Users\Eric Navarro\AppData\Roaming\OpenCandy =>Adware.OpenCandy
C:\Users\Eric Navarro\AppData\Roaming\BabSolution =>Hijacker.BabSolution
C:\Users\Eric Navarro\AppData\Local\Bundled software uninstaller =>Adware.MegaSearch
C:\Users\Eric Navarro\AppData\LocalLow\BabylonToolbar =>Toolbar.Babylon
C:\Users\Eric Navarro\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc =>Adware.Yontoo
C:\Users\Eric Navarro\AppData\Roaming\Mozilla\Firefox\Profiles\vkogsvzc.default\Extensions\ffxtlbr@delta.com =>PUP.Funmoods
C:\Users\Eric Navarro\AppData\Roaming\Mozilla\Firefox\Profiles\vkogsvzc.default\bprotector_extensions.sqlite =>PUP.BProtector
C:\Users\Eric Navarro\AppData\Roaming\Mozilla\Firefox\Profiles\vkogsvzc.default\bprotector_prefs.js =>PUP.BProtector
~ Additionnel Scan: 316072 Items scanned in 00mn 14s



---\\ Product Upgrade Codes (O90)
O90 - PUC: "26ABB6CFF9AF00D46BA11633453D98DD" . (.RapidDrive.) -- C:\Windows\Installer\{FC6BBA62-FA9F-4D00-B61A-613354D389DD}\_853F67D554F05449430E7E.exe
O90 - PUC: "6207E55EA2FE71A4AA7ABD89AEF31D1B" . (.Babylon Chrome Toolbar.) -- C:\Windows\Installer\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}\BabylonSetup.ico =>Toolbar.Babylon
~ Update Products: 123 Legitimates Filtered in 00mn 00s



---\\ Random Export Key (O91)
[HKCU\Software\a55d8d9e73ae547\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.5.1005.80]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKCU\Software\a55d8d9e73ae547\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.5.1005.80]:version="2.5.1005.80"
[HKCU\Software\a55d8d9e73ae547] =>Toolbar.Babylon^
[HKCU\Software\a55d8d9e73ae547]:GUID="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKCU\Software\a55d8d9e73ae547]:version="2.6.1095.52"
[HKLM\Software\Wow6432Node\a55d8d9e73ae547] =>Toolbar.Babylon^
[HKLM\Software\Wow6432Node\a55d8d9e73ae547]:GUID="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKLM\Software\Wow6432Node\a55d8d9e73ae547]:version="2.6.1095.52"
~ Export Key Software: Scanned in 00mn 00s



---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 68096 | (Adobe LM Service) . (...) - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
SR - | Auto 18/12/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 12/03/2013 253656 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 16/07/2012 731688 | (AMPPALR3) . (.Intel Corporation.) - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
SS - | Disabled 18/08/2012 22016 | (Apache2.4) . (.Apache Software Foundation.) - C:\xampp\apache\bin\httpd.exe
SR - | Auto 15/11/2012 5814904 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
SR - | Auto 22/10/2012 196664 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
SR - | Auto 08/08/2012 1091520 | (Bluetooth Device Monitor) . (.Motorola Solutions, Inc..) - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
SR - | Auto 08/08/2012 1112000 | (Bluetooth OBEX Service) . (.Motorola Solutions, Inc..) - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 2561488 | (BrowserProtect) . (...) - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe =>Toolbar.Babylon
SR - | Auto 02/05/2012 135952 | (BTHSSecurityMgr) . (.Intel(R) Corporation.) - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
SS - | Demand 0 | (c2wts) . (...) - C:\Program Files (x86)\Windows Identity Foundation\v3.5\c2wtshost.exe
SS - | Demand 28/07/2012 276288 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SR - | Auto 19/12/2006 94208 | (EpsonBidirectionalService) . (.SEIKO EPSON CORPORATION.) - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
SR - | Auto 18/07/2012 627504 | (EvtEng) . (.Intel(R) Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
SR - | Auto 11/05/2012 632320 | (FileZillaServer) . (.FileZilla Project.) - C:\xampp\filezillaftp\filezillaserver.exe
SR - | Auto 10/08/2012 1641320 | (FPLService) . (.HP.) - C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 26/12/2012 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 26/12/2012 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SR - | Auto 10/08/2012 85504 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
SR - | Demand 10/08/2012 1001376 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
SR - | Auto 23/08/2012 29600 | (hpsrv) . (.Hewlett-Packard Company.) - C:\Windows\System32\Hpservice.exe
SR - | Auto 31/07/2012 35232 | (HPWMISVC) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
SR - | Auto 20/04/2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 18/07/2012 128896 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Auto 18/07/2012 165760 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 18/07/2012 276864 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SS - | Demand 11/04/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 8186368 | (mysql) . (...) - C:\xampp\mysql\bin\mysqld.exe
SS - | Demand 272176 | (MyWiFiDHCPDNS) . (...) - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
SS - | Demand ??\??\???? 0 | (npggsvc) . (.INCA Internet Co., Ltd..) - C:\Windows\system32\GameMon.des
SR - | Auto 15/03/2013 877856 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 15/03/2013 1266464 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 18/07/2012 149296 | (RegSrvc) . (.Intel(R) Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
SR - | Auto 13/11/2012 1103392 | (SDScannerService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
SR - | Auto 13/11/2012 1369624 | (SDUpdateService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
SR - | Auto 13/11/2012 168384 | (SDWSCService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
SS - | Auto 28/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 24/07/2012 321536 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV64.exe
SR - | Auto 10/10/2012 143024 | (Start8) . (.Stardock Software, Inc.) - C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
SR - | Demand 16/07/2012 401256 | (TrueService) . (.AuthenTec, Inc..) - C:\Program Files\Common Files\AuthenTec\TrueService.exe
SR - | Auto 18/07/2012 364416 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 28160 | (valWBFPolicyService) . (...) - C:\Windows\system32\valWBFPolicyService.exe
SS - | Demand 13/05/2012 18432 | (wampapache) . (.Apache Software Foundation.) - c:\wamp\bin\apache\apache2.2.22\bin\httpd.exe
SS - | Demand 8177664 | (wampmysqld) . (...) - c:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe
SR - | Auto 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SS - | Demand 20/09/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 18/07/2012 2699568 | (ZeroConfigService) . (.Intel� Corporation.) - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
~ Services: Scanned in 00mn 02s



~ 1450 Legitimates filtered by white list
End of the scan (884 lines in 03mn 41s)(0)

Publicité

Soutenons La Quadrature du Net ! Soutenons La Quadrature du Net !

Signaler le contenu de ce document

Publicité

Soutenons La Quadrature du Net !