Publicité
Publicité
Format du document : text/plain
Prévisualisation
Rapport de ZHPDiag v2013.6.1.2 par Nicolas Coolman, Update du 01/06/2013
Run by Amandine at 02/06/2013 14:03:42
WebSite: http://nicolascoolman.webs.com
State : Version � jour.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Deactivate by program
---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421 (Defaut)
GCIE: Google Chrome v23.0.1271.97
---\\ Windows Product Information
~ Langage: Fran�ais
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : RMV82
Windows License : OK
~ Windows Remaining Initializations Number : 2
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System Protection
Trend Micro Client/Server Security Agent v3.5.1163
Windows Defender W7
---\\ System Optimizer
---\\ Peer To Peer (P2P)
Pando Media Booster v2.6.0.8
---\\ Software Update
Adobe Flash Player 11 ActiveX
Adobe Reader X
Java 7 Update 9
---\\ System Information
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3976 MB (55% free)
System Restore: Activ� (Enable)
System drive C: has 139 GB (59%) free of 232 GB
---\\ Logged in mode
~ Computer Name: AMANDINE-PC
~ User Name: Amandine
~ All Users Names: HomeGroupUser$, Amandine, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\Amandine\AppData\Roaming\
~ %Desktop% : C:\Users\Amandine\Desktop\
~ %Favorites% : C:\Users\Amandine\Favorites\
~ %LocalAppData% : C:\Users\Amandine\AppData\Local\
~ %StartMenu% : C:\Users\Amandine\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 139 Go of 232 Go)
D:\ CD-ROM drive (Not Inserted)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 34 Legitimates Filtered in 00mn 00s
---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.18/08/2011 - 00:16:56.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de d�marrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.8EA68FD3780DDDD5072F8CB830B3CB3D] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.29/06/2012 - 04:49:11.) -- C:\Windows\System32\wininet.dll [1392128]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d�ouverture de session Windows.) (.21/11/2010 - 04:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioth�que de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.A2F74975097F52A00745F9637451FDD8] - (.Microsoft Corporation - Pilote du syst�me de fichiers NT.) (.18/08/2011 - 00:16:54.) -- C:\Windows\system32\Drivers\ntfs.sys [1659776]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parall�le.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 01s
---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 2/1248
~ Mes musiques (My Musics) : 1/15
~ Mes Favoris (My Favorites) : 1/24
~ Mes Documents (My Documents) : 2/1580
~ Mon Bureau (My Desktop) : 1/40
~ Menu demarrer (Programs) : 1/31
~ Hidden Files: Scanned in 00mn 05s
---\\ Processus lanc�s
[MD5.A0EDCF34A355729CD4A38648A6142FE6] - (.Pas de propri�taire - FF_Protection MFC Application.) -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704] [PID.4072]
[MD5.8E0831382D3313E75614C9D85237B99F] - (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.exe [719672] [PID.4228]
[MD5.C99CC9784F1DC3EAF8E4FF4884659532] - (.Electronic Arts - Origin.) -- C:\Users\Amandine\Origin\Origin.exe [28651144] [PID.4620]
[MD5.AAB979089E192ACC0FE1E3C018F8B591] - (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Amandine\AppData\Local\Akamai\netsession_win.exe [4480768] [PID.4656]
[MD5.9958E309C6D3122C774B587B9C5749A4] - (.Microsoft Corporation - Windows Media Player.) -- C:\Users\Amandine\AppData\Roaming\Tyyhid\gaus.exe [297976] [PID.4676]
[MD5.2A6C01BAC0F8AA9143D61AE1E28E263A] - (.Yontoo LLC - Yontoo Desktop.) -- C:\Users\Amandine\AppData\Roaming\Yontoo\YontooDesktop.exe [42784] [PID.4768] =>Adware.Yontoo
[MD5.F5FBA8724DE219E96D9ABAF4772D31A3] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336] [PID.4984]
[MD5.4164A47F3A2DA7EA44572904C3DF44A4] - (.Pas de propri�taire - Roxio Burn Launcher.) -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544] [PID.5012]
[MD5.766E24A20116AFA41F380B57FFE7AF02] - (.Sony Corporation - Media Check Tool.) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [599328] [PID.5084]
[MD5.C6908549873D2F08240FF9FBFF3CDB2E] - (.Boxore OU - Boxore Client.) -- C:\Program Files (x86)\Boxore\BoxoreClient\boxore.exe [606520] [PID.3932] =>Adware.Boxore
[MD5.584ED09903EF7E158E40F34EB947D10B] - (.Aeria Games & Entertainment - Aeria Ignite.) -- C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1794224] [PID.592]
[MD5.043FE3C9088BEADC6A9FFC033C84F20F] - (.Microsoft Corporation - Microsoft OneNote Quick Launcher.) -- C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.exe [227712] [PID.4480]
[MD5.6EA1BF3F6E6B0613351411A3EB6B85A2] - (.Ask - Ask Updater.) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1561768] [PID.2716]
[MD5.8FFDB89A0FB7C8ABC3A8825E38047341] - (.Logitech Inc. - Logitech Webcam Software.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136] [PID.4364]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ysWOW64\RunDll32.exe [0] [PID.5416]
[MD5.540CFD3A3E2F6AB6411B1DFF4218C506] - (.Broadcom Corporation. - Bluetooth Headset Skype Proxy.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe [13600] [PID.5712]
[MD5.9987636E1191907AB52F3A49FFB83393] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7431168] [PID.5356]
[MD5.62B7936F9036DD6ED36E6A7EFA805DC0] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [63928] [PID.2044]
[MD5.2E552B658273B90251E0441631DE2CA3] - (.Microsoft Corporation - BCM SQL Startup Service.) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [31144] [PID.1544]
[MD5.2170317581575FF7D73562F6AFEF2D57] - (.Intel Corporation - Intel IPT Host Interface Service.) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [212984] [PID.2068]
[MD5.4E37455DB16AEC75862B1D0BC35B589E] - (.O2Micro International - O2 Flash Memory Service.) -- C:\Windows\system32\DRIVERS\o2flash.exe [72296] [PID.2160]
[MD5.4635935FC972C582632BF45C26BFCB0E] - (...) -- c:\Windows\SysWOW64\srvany.exe [8192] [PID.2204]
[MD5.B3BBFEB98C4B7FC5E3084498A68DA433] - (.O2Micro. - SDIOAssist.) -- c:\Windows\sysWOW64\SDIOAssist.exe [223848] [PID.2228]
[MD5.627FA58ADC043704F9D14CA44340956F] - (.Sony Corporation - Device Information Provider.) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [360224] [PID.2244]
[MD5.F036CFB275D0C55F4E45FBBF5F98B3C8] - (.Protexis Inc. - PsiService PsiService.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [193824] [PID.2268]
[MD5.1E9993AC255B3220BCE71FE9E056BBC9] - (...) -- C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [265952] [PID.2484] =>Adware.Zugo
[MD5.24FB8DB6D1D55E2C5D0A53DFE48E6AF8] - (.Microsoft - Y2Desktop.Updater.) -- C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe [23552] [PID.2716] =>Adware.Yontoo
[MD5.DA8DA61CB3289AE3840D35C3C73317A3] - (.Trend Micro Inc. - Generic Hosted Agent Service.) -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [50704] [PID.2924]
[MD5.B04264D1E751D941D5BACB263E867559] - (.Trend Micro Inc. - Hosted Agent Service.) -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe [23568] [PID.2996]
[MD5.F02A533F517EB38333CB12A9E8963773] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [136176] [PID.3956]
[MD5.103BE142566D66F8AE52C89FE9E92D2B] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [325912] [PID.5980]
[MD5.6B778A47EB9CE430708AC42980BB712C] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2594584] [PID.6004]
[MD5.FFE76459A5B76A37FF212E61E80C4790] - (.Trend Micro Inc. - Trend Micro OfficeScan Client Plug-in Servi.) -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe [435584] [PID.5596]
~ Processes Running: Scanned in 00mn 03s
---\\ Google Chrome, D�marrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Amandine\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [abepbblpkilpjohncjbccmdjhdhbnhdj] Sing Along v.1.112 (Activ�)
G2 - GCE: Preference [User Data\Default] [bebdghdpchfhbbmfeddkijldlpnkbjkk] LyricsTube v.1.111 (Activ�) =>Adware.AddLyrics
G2 - GCE: Preference [User Data\Default] [eooncjejnppfjjklapaamhcdmjbilmde] Delta Toolbar v.1.4 (D�sactiv�)
G2 - GCE: Preference [User Data\Default] [incfcgceegpikennjoplhfghaaikdgei] StartNow v.2.5.0 (Activ�) =>Adware.Zugo
G2 - GCE: Preference [User Data\Default] [niapdbllcanepiiimjjndipklodoedlc] Yontoo v.1.0.3 (Activ�) =>Adware.Yontoo
G2 - GCE: Preference [User Data\Default] [pbpohikckhbcljgombipcdoinkaedlfa] Smart Display v.1.5 (Activ�) =>Spyware.SmartDisplay
~ Google Browser: 9 Legitimates Filtered in 00mn 13s
---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R3 - URLSearchHook: UrlSearchHook Class [64Bits] - {00000000-6E41-4FD3-8538-502F5495E5FC} . (.Ask - Ask Toolbar.) (5.15.2.23037) -- C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll =>Toolbar.Ask
~ IE Browser: 16 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Sing Along [64Bits] - {6492E171-2427-4932-B414-33574A089F5E} . (.Xenophesoft - Sing Along.) -- C:\Program Files (x86)\SingAlong\singalng.dll =>Adware.Singalng
O2 - BHO: StartNow Toolbar Helper [64Bits] - {6E13D095-45C3-4271-9475-F3B48227DD9F} . (.Pas de propri�taire - Toolbar.) -- C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll =>Adware.Zugo
O2 - BHO: delta Helper Object [64Bits] - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} . (.Delta-search.com - Pas de description.) -- C:\Program Files (x86)\Delta\delta\1.8.16.16\bh\delta.dll =>Toolbar.DeltaSearch
O2 - BHO: Ask Toolbar BHO [64Bits] - {D4027C7F-154A-4066-A1AD-4243D8127440} . (.Ask - Ask Toolbar.) -- C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll =>Toolbar.Ask
O2 - BHO: Yontoo Layers [64Bits] - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} . (.Yontoo LLC - Yontoo Runtime.) -- C:\Program Files (x86)\Yontoo\YontooIEClient.dll =>Adware.Yontoo
~ BHO: 13 Legitimates Filtered in 00mn 02s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Google Toolbar [64Bits] - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Run: [Apoint] . (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] . (.Dell Inc. - DW WLAN Card Wireless Network Tray Applet.) -- C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
O4 - HKLM\..\Run: [FreeFallProtection] . (.Pas de propri�taire - FF_Protection MFC Application.) -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
O4 - HKLM\..\Run: [DFEPApplication] . (.Dell Inc. - Dell Feature Enhancement Pack.) -- C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [OfficeSyncProcess] . (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.exe
O4 - HKCU\..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (.not file.)
O4 - HKCU\..\Run: [EADM] . (.Electronic Arts - Origin.) -- C:\Users\Amandine\Origin\Origin.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Amandine\AppData\Local\Akamai\netsession_win.exe
O4 - HKCU\..\Run: [Iguzna] . (.Microsoft Corporation - Windows Media Player.) -- C:\Users\Amandine\AppData\Roaming\Tyyhid\gaus.exe
O4 - HKCU\..\Run: [Pando Media Booster] . (.Pas de propri�taire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [SandboxieControl] . (.SANDBOXIE L.T.D - Sandboxie Control.) -- C:\Program Files\Sandboxie\SbieCtrl.exe
O4 - HKCU\..\Run: [Yontoo Desktop] . (.Yontoo LLC - Yontoo Desktop.) -- C:\Users\Amandine\AppData\Roaming\Yontoo\YontooDesktop.exe =>Adware.Yontoo
O4 - HKCU\..\Run: [Skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [IMSS] . (.Intel Corporation - PIcon startup utility.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl9] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
O4 - HKLM\..\Wow6432Node\Run: [PDVD9LanguageShortcut] . (.CyberLink Corp. - PowerDVD Language Application.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe
O4 - HKLM\..\Wow6432Node\Run: [RoxWatchTray] . (.Sonic Solutions - RoxMMTrayApp Module.) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe
O4 - HKLM\..\Wow6432Node\Run: [Desktop Disc Tool] . (.Pas de propri�taire - Roxio Burn Launcher.) -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
O4 - HKLM\..\Wow6432Node\Run: [OfficeScanNT Monitor] . (.Trend Micro Inc. - Trend Micro Client/Server Security Agent Mo.) -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe
O4 - HKLM\..\Wow6432Node\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
O4 - HKLM\..\Wow6432Node\Run: [PMBVolumeWatcher] . (.Sony Corporation - Media Check Tool.) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
O4 - HKLM\..\Wow6432Node\Run: [Standby] . (.Corel - Standby service.) -- C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Wow6432Node\Run: [Boxore Client] . (.Boxore OU - Boxore Client.) -- C:\Program Files (x86)\Boxore\BoxoreClient\boxore.exe =>Adware.Boxore
O4 - HKLM\..\Wow6432Node\Run: [Aeria Ignite] . (.Aeria Games & Entertainment - Aeria Ignite.) -- C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe
O4 - HKLM\..\Wow6432Node\Run: [ApnUpdater] . (.Ask - Ask Updater.) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
O4 - HKLM\..\Wow6432Node\Run: [tuto4pc_fr_38] Cl� orpheline =>PUP.Eorezo
O4 - HKLM\..\Wow6432Node\Run: [LWS] . (.Logitech Inc. - Logitech Webcam Software.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-1888738001-566168446-4079802660-1000\..\Run: [OfficeSyncProcess] . (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.exe
O4 - HKUS\S-1-5-21-1888738001-566168446-4079802660-1000\..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (.not file.)
O4 - HKUS\S-1-5-21-1888738001-566168446-4079802660-1000\..\Run: [EADM] . (.Electronic Arts - Origin.) -- C:\Users\Amandine\Origin\Origin.exe
O4 - HKUS\S-1-5-21-1888738001-566168446-4079802660-1000\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Amandine\AppData\Local\Akamai\netsession_win.exe
O4 - HKUS\S-1-5-21-1888738001-566168446-4079802660-1000\..\Run: [Iguzna] . (.Microsoft Corporation - Windows Media Player.) -- C:\Users\Amandine\AppData\Roaming\Tyyhid\gaus.exe
O4 - HKUS\S-1-5-21-1888738001-566168446-4079802660-1000\..\Run: [Pando Media Booster] . (.Pas de propri�taire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKUS\S-1-5-21-1888738001-566168446-4079802660-1000\..\Run: [SandboxieControl] . (.SANDBOXIE L.T.D - Sandboxie Control.) -- C:\Program Files\Sandboxie\SbieCtrl.exe
O4 - HKUS\S-1-5-21-1888738001-566168446-4079802660-1000\..\Run: [Yontoo Desktop] . (.Yontoo LLC - Yontoo Desktop.) -- C:\Users\Amandine\AppData\Roaming\Yontoo\YontooDesktop.exe =>Adware.Yontoo
O4 - HKUS\S-1-5-21-1888738001-566168446-4079802660-1000\..\Run: [Skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (.not file.)
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\TaskBar: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe
O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
O4 - GS\Programs: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - �diteur de caract�res priv�s.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe
O4 - GS\SendTo: Sandboxie - DefaultBox.lnk . (...) -- C:\Program Files (x86)\Sandboxie\Start.exe (.not file.)
O4 - GS\Desktop: Corel Painter Photo Essentials 4.lnk . (.Corel Corporation - Painter Photo Essentials 4.) -- C:\Program Files (x86)\Corel\Corel Painter Photo Essentials 4\Corel Painter Photo Essentials.exe
O4 - GS\Desktop: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop: Horse Life.lnk . (.Dancing Dots - Ride Autorun.) -- C:\Program Files (x86)\Deep Silver\Horse Life\Autorun.exe
O4 - GS\Desktop: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop: Microsoft FrontPage.lnk . (...) -- C:\Windows\Installer\{0000040C-78E1-11D2-B60F-006097C998E7}\misc.exe
O4 - GS\Desktop: Microsoft Money.lnk . (.Microsoft(R) Corporation - Microsoft Money.) -- C:\Program Files (x86)\Microsoft Money 2005\MNYCoreFiles\msmoney.exe
O4 - GS\Desktop: Microsoft Word 2010.lnk . (...) -- C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
O4 - GS\Desktop: Paint.lnk . (.Microsoft Corporation - Paint.) -- C:\Windows\system32\mspaint.exe
O4 - GS\Desktop: Paint.NET.lnk . (...) -- C:\Program Files (x86)\Paint.NET\PaintDotNet.exe (.not file.)
O4 - GS\Desktop: Perfect World International.lnk . (...) -- C:\Perfect World Entertainment\Perfect World International FR\patcher\patcher.exe
O4 - GS\Desktop: Shortcut to SecureDownloadManager.exe.lnk . (...) -- C:\Users\Amandine\AppData\Roaming\Microsoft\Installer\{4AF9E60E-0C91-4E25-A264-6E47EB1CC25C}\_B9B2666564AF3BA6B01C23.exe
O4 - GS\Desktop: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe
~ Global Startup: Scanned in 00mn 01s
---\\ Boutons situ�s sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer � OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: Notes &li�es OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.)
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 [64Bits] - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKCU\...\Domains] http.aeriagames.com
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4FC0174-1D92-440B-B3D0-943E62F0AD0D}: DhcpNameServer = 192.168.15.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{A4FC0174-1D92-440B-B3D0-943E62F0AD0D}: DhcpNameServer = 192.168.15.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{A4FC0174-1D92-440B-B3D0-943E62F0AD0D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
O20 - Winlogon Notify: spba . (...) -- C:\Program Files\Common Files\SPBA\homefus2.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: Software Update Service (supdate) (supdate) . (.Boxore OU. - Programme d'installation de Software.) - C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe =>Adware.Boxore
O23 - Service: Updater Service for StartNow Toolbar (Updater Service for StartNow Toolbar) . (...) - C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe =>Adware.Zugo
O23 - Service: DW WLAN Tray Service (wltrysvc) . (.Dell Inc. - DW WLAN Card Wireless Network Service.) - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.exe
~ Services: 25 Legitimates Filtered in 00mn 07s
---\\ T�ches planifi�es en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Sing Along Update.job [398]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SoftwareUpdateTaskMachineCore.job [1086]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SoftwareUpdateTaskMachineUA.job [1090]
[MD5.65611587D8245CE8DB9E306D239EE22F] [APT] [EPUpdater] (...) -- C:\Users\Amandine\AppData\Roaming\BabSolution\Shared\BabMaint.exe [9808] =>Hijacker.BabSolution
[MD5.FA0F8558CBF4A4C1175F5BC1824CD253] [APT] [Express FilesUpdate] (.http://www.express-files.com/.) -- C:\Program Files (x86)\ExpressFiles\EFUpdater.exe [200952] =>Adware.ExpressFiles
[MD5.11C28EC4C0EBA3BB81925E3E6CBB3D63] [APT] [Sing Along Update] (.Xenophesoft.) -- C:\Program Files (x86)\SingAlong\SingalngUpdater.exe [118272] =>Adware.Singalng
[MD5.251A1AED2D4A26A47C0A4A3058AAE4A8] [APT] [SoftwareUpdateTaskMachineCore] (.Boxore OU..) -- C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe [139576] =>Adware.Boxore
[MD5.251A1AED2D4A26A47C0A4A3058AAE4A8] [APT] [SoftwareUpdateTaskMachineUA] (.Boxore OU..) -- C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe [139576] =>Adware.Boxore
~ Scheduled Task: 19 Legitimates Filtered in 00mn 08s
---\\ Logiciels install�s (O42)
O42 - Logiciel: Akamai NetSession Interface - (...) [HKLM][64Bits] -- Akamai
O42 - Logiciel: Akamai NetSession Interface - (.Akamai Technologies, Inc.) [HKCU][64Bits] -- Akamai
O42 - Logiciel: Ask Toolbar - (.Ask.com.) [HKLM][64Bits] -- {86D4B82A-ABED-442A-BE86-96357B70F4FE} =>Toolbar.Ask
O42 - Logiciel: Ask Toolbar Updater - (.Ask.com.) [HKCU][64Bits] -- {79A765E1-C399-405B-85AF-466F52E918B0} =>Toolbar.Ask
O42 - Logiciel: Boxore Client - (.Boxore OU.) [HKLM][64Bits] -- {EA69DAE1-1BC2-48ED-AB9A-24A5C8AC8071} =>Adware.Boxore
O42 - Logiciel: CuteFTP 4.2 FR - (...) [HKLM][64Bits] -- {091E322B-BF42-11D5-806E-00010246ECC0}
O42 - Logiciel: Delta toolbar - (.Delta.) [HKLM][64Bits] -- delta
O42 - Logiciel: ExpressFiles - (.http://www.express-files.com/.) [HKCU][64Bits] -- ExpressFiles =>Adware.ExpressFiles
O42 - Logiciel: Horse Life - (...) [HKLM][64Bits] -- Horse Life_is1
O42 - Logiciel: Sing Along - (.Xenophesoft.) [HKLM][64Bits] -- singalong@xenophesoft.com =>Adware.Singalng
O42 - Logiciel: StartNow Toolbar - (.StartNow.com.) [HKLM][64Bits] -- StartNow Toolbar =>Adware.Zugo
O42 - Logiciel: Transmission-Qt - (.transmissionbt.com.) [HKLM][64Bits] -- 8538E49A-6FE5-4FDB-8649-922BB839F21F
O42 - Logiciel: Wildlife Park 2 Horses - (.Deep Silver.) [HKLM][64Bits] -- {2EE37EFC-CDF1-4B4C-8977-BDCC57DF96F8}
O42 - Logiciel: Yontoo 2.05 - (.Yontoo LLC.) [HKLM][64Bits] -- {889DF117-14D1-44EE-9F31-C5FB5D47F68B} =>Adware.Yontoo
~ Logic: 175 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN]
[HKCU\Software\AppDataLow\Software\AskToolbar]
[HKCU\Software\AppDataLow\Software\SingAlong] =>Adware.Singalng
[HKCU\Software\Ask.com]
[HKCU\Software\BabylonToolbar] =>Toolbar.Babylon
[HKCU\Software\Delta]
[HKCU\Software\InstallCore] =>PUP.InstallCore
[HKCU\Software\TutoTag] =>Spyware.AgenceExcusive
[HKCU\Software\Tutorials] =>Spyware.AgenceExcusive
[HKCU\Software\Zugo] =>Adware.Zugo
[HKLM\Software\Tarma Installer] =>Toolbar.Tarma
[HKLM\Software\Wow6432Node\APN]
[HKLM\Software\Wow6432Node\AskToolbar]
[HKLM\Software\Wow6432Node\Babylon] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Boxore] =>Adware.Boxore
[HKLM\Software\Wow6432Node\Delta]
[HKLM\Software\Wow6432Node\ExpressFiles] =>Adware.ExpressFiles
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\InstallationKit]
[HKLM\Software\Wow6432Node\TUTO4PC] =>PUP.Eorezo
~ Key Software: 253 Legitimates Filtered in 00mn 01s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 28/05/2013 - 21:27:56 - [3,428] ----D C:\Program Files (x86)\Ask.com
O43 - CFD: 14/03/2013 - 00:32:36 - [1,273] ----D C:\Program Files (x86)\Boxore =>Adware.Boxore
O43 - CFD: 14/05/2013 - 15:50:14 - [2,424] ----D C:\Program Files (x86)\Delta
O43 - CFD: 14/05/2013 - 15:49:42 - [10,207] ----D C:\Program Files (x86)\ExpressFiles =>Adware.ExpressFiles
O43 - CFD: 14/05/2013 - 15:52:26 - [0] ----D C:\Program Files (x86)\LyricsTube =>Adware.AddLyrics
O43 - CFD: 14/05/2013 - 15:52:26 - [0,382] ----D C:\Program Files (x86)\SingAlong =>Adware.Singalng
O43 - CFD: 12/02/2013 - 22:56:51 - [2,200] ----D C:\Program Files (x86)\StartNow Toolbar =>Adware.Zugo
O43 - CFD: 27/05/2013 - 23:49:53 - [13,797] ----D C:\Program Files (x86)\Transmission-Qt
O43 - CFD: 14/05/2013 - 15:49:54 - [0,801] ----D C:\Program Files (x86)\Yontoo =>Adware.Yontoo
O43 - CFD: 02/06/2013 - 13:17:01 - [21,284] ----D C:\Program Files (x86)\Common Files\Akamai
O43 - CFD: 21/10/2012 - 20:11:17 - [0] ----D C:\ProgramData\Ask
O43 - CFD: 14/05/2013 - 15:49:45 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon
O43 - CFD: 11/11/2012 - 15:40:42 - [0] ----D C:\ProgramData\InstallMate
O43 - CFD: 11/11/2012 - 15:39:16 - [0] ----D C:\ProgramData\Premium
O43 - CFD: 14/05/2013 - 15:49:50 - [0] ----D C:\ProgramData\Tarma Installer =>Toolbar.Tarma
O43 - CFD: 14/05/2013 - 15:50:18 - [1,933] ----D C:\Users\Amandine\AppData\Roaming\BabSolution =>Hijacker.BabSolution
O43 - CFD: 14/05/2013 - 15:49:45 - [0,020] ----D C:\Users\Amandine\AppData\Roaming\Babylon =>Toolbar.Babylon
O43 - CFD: 14/05/2013 - 15:50:11 - [0,259] ----D C:\Users\Amandine\AppData\Roaming\Delta
O43 - CFD: 30/05/2013 - 16:31:44 - [4,045] ----D C:\Users\Amandine\AppData\Roaming\eIntaller
O43 - CFD: 14/05/2013 - 15:50:02 - [0,001] ----D C:\Users\Amandine\AppData\Roaming\ExpressFiles =>Adware.ExpressFiles
O43 - CFD: 01/06/2013 - 18:39:15 - [0] ----D C:\Users\Amandine\AppData\Roaming\Izef
O43 - CFD: 02/11/2012 - 13:31:10 - [0,032] ----D C:\Users\Amandine\AppData\Roaming\StartNow Toolbar =>Adware.Zugo
O43 - CFD: 30/05/2013 - 19:54:10 - [0,159] ----D C:\Users\Amandine\AppData\Roaming\transmission
O43 - CFD: 13/10/2012 - 00:01:42 - [0,284] ----D C:\Users\Amandine\AppData\Roaming\Tyyhid
O43 - CFD: 02/06/2013 - 07:09:33 - [0,247] ----D C:\Users\Amandine\AppData\Roaming\Yontoo =>Adware.Yontoo
O43 - CFD: 13/10/2012 - 00:01:42 - [0,381] ----D C:\Users\Amandine\AppData\Roaming\Ysbypu
O43 - CFD: 18/03/2013 - 19:14:56 - [32,382] ----D C:\Users\Amandine\AppData\Local\Akamai
O43 - CFD: 01/06/2013 - 18:01:50 - [0,000] ----D C:\Users\Amandine\AppData\Local\eorezo =>PUP.Eorezo
O43 - CFD: 27/05/2013 - 23:53:34 - [0,001] ----D C:\Users\Amandine\AppData\Local\transmission
O43 - CFD: 01/09/2012 - 17:41:52 - [0,002] -SH-D C:\Users\Amandine\AppData\Local\{fd50142a-67ea-aeb5-779c-bfd685da284c}
O43 - CFD: 27/05/2013 - 23:50:01 - [0,002] ----D C:\Users\Amandine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Transmission-Qt
~ Program Folder: 241 Legitimates Filtered in 00mn 25s
---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.659C0F7A1F9A2AA3C59FDC99ECCE64E4] - 02/06/2013 - 12:26:20 ---A- . (...) -- C:\tmuninst.ini [31]
O44 - LFC:[MD5.8F14DA5CA9071D94D1A0C4AF7CF45F54] - 02/06/2013 - 12:19:22 ---A- . (...) -- C:\Windows\SysNative\TmInstall.log [17816960]
O44 - LFC:[MD5.8F14DA5CA9071D94D1A0C4AF7CF45F54] - 02/06/2013 - 12:19:22 RSHAD . (...) -- C:\Windows\System32\TmInstall.log [17816960]
O44 - LFC:[MD5.DE3E2DC8436B72A63C398B8F77CA58F3] - 02/06/2013 - 06:25:40 ---A- . (...) -- C:\Windows\TMFilter.log [39043]
O44 - LFC:[MD5.B00F9868D229617CAF745820E4157044] - 01/06/2013 - 18:53:49 ---A- . (...) -- C:\Windows\LDPINST.LOG [3576]
O44 - LFC:[MD5.186DB8F4D23EB4251FB43C99BBF125B5] - 01/06/2013 - 18:53:49 ---A- . (...) -- C:\Windows\SysNative\lvcoinst.log [5691]
O44 - LFC:[MD5.186DB8F4D23EB4251FB43C99BBF125B5] - 01/06/2013 - 18:53:49 RSHAD . (...) -- C:\Windows\System32\lvcoinst.log [5691]
O44 - LFC:[MD5.790F2CD229262EF3E4489B58D05AB547] - 28/05/2013 - 14:25:27 ---A- . (...) -- C:\Windows\Sandboxie.ini [1488]
~ Files: 11 Legitimates Filtered in 03mn 45s
---\\ Derniers fichiers cr��s dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.DADED19B3F32ABCE3819692545DB0078] - 01/06/2013 - 11:04:40 ---A- - C:\Windows\Prefetch\GAUS.EXE-0B623E72.pf
O45 - LFCP:[MD5.6C983FD22D30735CB6505B4107C3AB4E] - 01/06/2013 - 17:23:05 ---A- - C:\Windows\Prefetch\SMARTSETTINGS.EXE-33440BA9.pf
O45 - LFCP:[MD5.E20AC0E621AE695649A9ABB6FD172D58] - 01/06/2013 - 19:32:00 ---A- - C:\Windows\Prefetch\SOFTWARECRASHHANDLER.EXE-26A5512E.pf
O45 - LFCP:[MD5.C393B65189D1906B204FFC955FC1DBC8] - 01/06/2013 - 21:57:31 ---A- - C:\Windows\Prefetch\OSA9.EXE-00A1045C.pf
O45 - LFCP:[MD5.0A2A3A572D7578B64AFFE18A883D70E4] - 01/06/2013 - 21:57:43 ---A- - C:\Windows\Prefetch\ROXWATCHTRAY12OEM.EXE-44D62E76.pf
O45 - LFCP:[MD5.539A0B0062E48A02564EBD8A8F7FD2F6] - 01/06/2013 - 21:57:47 ---A- - C:\Windows\Prefetch\PMBVOLUMEWATCHER.EXE-54F8D82B.pf
O45 - LFCP:[MD5.96E732526283F60AC4F7678C4C6343C8] - 02/06/2013 - 06:09:15 ---A- - C:\Windows\Prefetch\PMB.EXE-B9083A8E.pf
O45 - LFCP:[MD5.A418D8E7B2F13B9BA3EE2D4302DE221C] - 02/06/2013 - 06:09:26 ---A- - C:\Windows\Prefetch\AERIAIGNITE.EXE-9D9B2907.pf
O45 - LFCP:[MD5.37CE2F46F0BC4DD81CC6A59F7508EDA0] - 02/06/2013 - 12:17:52 ---A- - C:\Windows\Prefetch\DFEPAPPLICATION.EXE-B2FBBA50.pf
O45 - LFCP:[MD5.3DF998D41C24071321657667EA394373] - 02/06/2013 - 12:17:59 ---A- - C:\Windows\Prefetch\PCCNTMON.EXE-912D0DC8.pf
O45 - LFCP:[MD5.F84762C9D402BAD71BF60585847ABC32] - 02/06/2013 - 12:18:48 ---A- - C:\Windows\Prefetch\TMLWFINS.EXE-7694C2F2.pf
O45 - LFCP:[MD5.48571D32D4C1C84D52BB1230576F644F] - 02/06/2013 - 12:19:07 ---A- - C:\Windows\Prefetch\TMWFPINS.EXE-F1521ABE.pf
O45 - LFCP:[MD5.BD2A4366414D22395C4C88F92A01BCDA] - 02/06/2013 - 12:19:15 ---A- - C:\Windows\Prefetch\NCFG.EXE-6AC48934.pf
O45 - LFCP:[MD5.7447170773CD27724A872CD757E80C58] - 02/06/2013 - 12:23:17 ---A- - C:\Windows\Prefetch\BZIP2.EXE-D9014661.pf
O45 - LFCP:[MD5.AF5E200C2921FEC9FE9D200F201CB7C6] - 02/06/2013 - 12:26:20 ---A- - C:\Windows\Prefetch\TMUNINST.EXE-7D9CBC70.pf
O45 - LFCP:[MD5.87297C0B3AC7E8A125624C1674A95EAC] - 02/06/2013 - 12:26:30 ---A- - C:\Windows\Prefetch\CNTAOSMGR.EXE-308BAFDC.pf
O45 - LFCP:[MD5.8AD32B519695CDB35EEA56A795A76C47] - 02/06/2013 - 12:27:22 ---A- - C:\Windows\Prefetch\PATCH64.EXE-F66A35E0.pf
O45 - LFCP:[MD5.038AB1256CD34E680DAFE7C97C869D53] - 02/06/2013 - 12:32:07 ---A- - C:\Windows\Prefetch\COREL PAINT SHOP PRO PHOTO.EX-E807D69F.pf
O45 - LFCP:[MD5.8B5F5ECD013C32434F1686B918F089ED] - 02/06/2013 - 13:00:21 ---A- - C:\Windows\Prefetch\STANDBY.EXE-8DA4C0D5.pf
O45 - LFCP:[MD5.5876651813181C93DA9543CA99243343] - 02/06/2013 - 13:07:27 ---A- - C:\Windows\Prefetch\TSC64.EXE-F2F53F1A.pf
O45 - LFCP:[MD5.949D712FBE2CCC64DDE1726D96301D05] - 28/05/2013 - 01:03:07 ---A- - C:\Windows\Prefetch\INSTANTVIEWER.EXE-E4BC75F3.pf
O45 - LFCP:[MD5.B2C8DE499BE1BAA3AF5EA8557E86F2DB] - 29/05/2013 - 17:56:00 ---A- - C:\Windows\Prefetch\START.EXE-9F46CD0A.pf
O45 - LFCP:[MD5.CD6699D7E709C645BAD9729D0EAD23D9] - 29/05/2013 - 17:56:17 ---A- - C:\Windows\Prefetch\SANDBOXIERPCSS.EXE-0EC71314.pf
O45 - LFCP:[MD5.B4B18FBD9A23EFA8F55CF4C75594DD26] - 29/05/2013 - 17:56:20 ---A- - C:\Windows\Prefetch\SBIESVC.EXE-176A1A17.pf
O45 - LFCP:[MD5.3E1AF57FD5587157A268B665A180D040] - 29/05/2013 - 17:56:24 ---A- - C:\Windows\Prefetch\SANDBOXIEDCOMLAUNCH.EXE-AD79114B.pf
O45 - LFCP:[MD5.4E6C261A178E29C3CB9190D75553836A] - 29/05/2013 - 17:56:55 ---A- - C:\Windows\Prefetch\SANDBOXIECRYPTO.EXE-AC70C212.pf
O45 - LFCP:[MD5.7F2664C0A4DFCDB913E4E4788C926014] - 29/05/2013 - 20:16:35 ---A- - C:\Windows\Prefetch\MEDIACATALOGER.EXE-93F6343B.pf
O45 - LFCP:[MD5.D509169BFE799F8F9ADA398A55DC3D60] - 30/05/2013 - 15:24:09 ---A- - C:\Windows\Prefetch\TMBMSRV.EXE-34E3925F.pf
~ Prefetcher: 134 Legitimates Filtered in 00mn 05s
---\\ Op�rations et fonctions au d�marrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "DisableCAD"=1
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s
---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.1575A815C27789061F34B4F55AE0B5C3] - 22/07/2011 - 12:28:56 ---A- . (.ST Microelectronics - Accelerometer Port I/O.) -- C:\Windows\System32\Drivers\accelern.sys [27760]
~ Drivers: Scanned in 00mn 00s
---\\ Derniers fichiers modifi�s ou cr�es (Utilisateur) (O61)
O61 - LFC: 01/06/2013 - 17:01:52 ---A- C:\Users\Amandine\AppData\Local\eorezo\eorezo\1.10\eorezo.cyl [87] =>PUP.Eorezo
O61 - LFC: 01/06/2013 - 18:40:43 ---A- C:\Users\Amandine\Downloads\lws251.exe [74637872]
O61 - LFC: 01/06/2013 - 18:53:52 R--A- C:\Users\Amandine\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe [53248]
O61 - LFC: 01/06/2013 - 22:34:48 ---A- C:\Users\Amandine\Downloads\Jeux\Shaiya Evasion\Shaiya-Evasion_v1.1\shLauncher.cfg [76]
O61 - LFC: 02/06/2013 - 06:09:33 ---A- C:\Users\Amandine\AppData\Roaming\Yontoo\PlugIns.cache [31] =>Adware.Yontoo
O61 - LFC: 02/06/2013 - 12:17:48 ---A- C:\Users\Amandine\AppData\Local\PMB Files\cert\secmod.db [16384] =>P2P.Pando
O61 - LFC: 02/06/2013 - 12:18:09 ---A- C:\Users\Amandine\AppData\Roaming\Yontoo\dat\Desktop.OS.Plugin.dll [13600] =>Adware.Yontoo
O61 - LFC: 02/06/2013 - 12:20:48 ---A- C:\Users\Amandine\AppData\Local\PMB Files\pando.save [782] =>P2P.Pando
O61 - LFC: 02/06/2013 - 12:21:38 ---A- C:\Users\Amandine\AppData\Local\PMB Files\cert\cert8.db [65536] =>P2P.Pando
O61 - LFC: 02/06/2013 - 12:21:38 ---A- C:\Users\Amandine\AppData\Local\PMB Files\cert\key3.db [16384] =>P2P.Pando
O61 - LFC: 02/06/2013 - 12:27:27 ---A- C:\Users\Amandine\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [273240]
O61 - LFC: 02/06/2013 - 12:49:58 ---A- C:\Users\Amandine\Downloads\MGADiag.exe [2031992]
O61 - LFC: 02/06/2013 - 12:56:30 ---A- C:\Users\Amandine\Downloads\Jeux\Shaiya Evasion\Shaiya-Evasion_v1.1\data.saf [2875197946]
O61 - LFC: 02/06/2013 - 12:56:30 ---A- C:\Users\Amandine\Downloads\Jeux\Shaiya Evasion\Shaiya-Evasion_v1.1\data.sah [1008448]
O61 - LFC: 02/06/2013 - 12:58:18 ---A- C:\Users\Amandine\Downloads\Jeux\Shaiya Evasion\Shaiya-Evasion_v1.1\CONFIG.INI [5367]
O61 - LFC: 02/06/2013 - 13:02:14 ---A- C:\Users\Amandine\Downloads\Jeux\Shaiya Evasion\Shaiya-Evasion_v1.1\Game.dmp [65526]
O61 - LFC: 02/06/2013 - 13:03:33 ---A- C:\Users\Amandine\AppData\Local\Google\Chrome\User Data\Local State [31651]
O61 - LFC: 02/06/2013 - 13:03:36 ---A- C:\Users\Amandine\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt [5]
O61 - LFC: 30/05/2013 - 13:40:11 ---A- C:\Users\Amandine\AppData\Roaming\Yontoo\dat\Paladin.dat [85280] =>Adware.Yontoo
O61 - LFC: 30/05/2013 - 14:12:17 ---A- C:\Users\Amandine\Documents\Cours\CV LM\Assurance internationale.doc [465408]
O61 - LFC: 30/05/2013 - 14:19:06 ---A- C:\Users\Amandine\Documents\Cours\CV LM\Lettre de motivation AEP.doc.docx [15521]
O61 - LFC: 30/05/2013 - 15:31:45 ---A- C:\Users\Amandine\AppData\Roaming\eIntaller\6DEC258B9AF64a9bB9832F58DE9B4320\eGdpSvc.exe [11248]
O61 - LFC: 30/05/2013 - 15:31:45 ---A- C:\Users\Amandine\AppData\Roaming\eIntaller\6DEC258B9AF64a9bB9832F58DE9B4320\eXQ.exe [11244]
O61 - LFC: 30/05/2013 - 15:31:51 ---A- C:\Users\Amandine\AppData\Roaming\eIntaller\6DEC258B9AF64a9bB9832F58DE9B4320\Desk365.exe [4218832] =>Hijacker.22Find
O61 - LFC: 30/05/2013 - 16:43:06 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Data\frFR\expansion1-locale-frFR.MPQ [2809557]
O61 - LFC: 30/05/2013 - 17:31:18 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Data\frFR\expansion2-locale-frFR.MPQ [10830776]
O61 - LFC: 30/05/2013 - 17:45:55 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\BackgroundDownloader.exe [6377696]
O61 - LFC: 30/05/2013 - 18:03:19 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Data\base-Win.MPQ [28944487]
O61 - LFC: 30/05/2013 - 18:13:25 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Data\frFR\expansion1-speech-frFR.MPQ [48622406]
O61 - LFC: 30/05/2013 - 18:16:44 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Repair.exe [3249952]
O61 - LFC: 30/05/2013 - 18:19:51 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Data\frFR\expansion3-speech-frFR.MPQ [51784187]
O61 - LFC: 30/05/2013 - 18:20:42 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Data\frFR\temp\wow-update-frFR-14946.MPQ [53804781]
O61 - LFC: 30/05/2013 - 18:21:30 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Data\frFR\expansion2-speech-frFR.MPQ [119107748]
O61 - LFC: 30/05/2013 - 18:27:01 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Data\frFR\temp\wow-update-frFR-13914.MPQ [33708261]
O61 - LFC: 30/05/2013 - 18:27:25 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Battle.net.dll [15196408]
O61 - LFC: 30/05/2013 - 18:28:18 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Data\frFR\temp\wow-update-frFR-14333.MPQ [42827975]
O61 - LFC: 30/05/2013 - 18:28:28 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Data\wow-update-13287.MPQ [439572894]
O61 - LFC: 30/05/2013 - 18:28:44 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Data\wow-update-13596.MPQ [171195360]
O61 - LFC: 30/05/2013 - 18:29:14 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Data\expansion3.MPQ [663026233]
O61 - LFC: 30/05/2013 - 18:29:15 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Data\expansion1.MPQ [1426738997]
O61 - LFC: 30/05/2013 - 18:29:15 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Data\frFR\speech-frFR.MPQ [185194602]
O61 - LFC: 30/05/2013 - 18:29:16 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Data\art.MPQ [3265179888]
O61 - LFC: 30/05/2013 - 18:29:16 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Data\wow-update-13329.MPQ [167588901]
O61 - LFC: 30/05/2013 - 18:29:17 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Data\world.MPQ [2617195827]
O61 - LFC: 30/05/2013 - 18:29:18 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Data\sound.MPQ [1383261030]
O61 - LFC: 30/05/2013 - 18:29:18 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Data\wow-update-13164.MPQ [656543919]
O61 - LFC: 30/05/2013 - 18:29:19 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Data\expansion2.MPQ [2689420665]
O61 - LFC: 30/05/2013 - 18:29:20 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Data\frFR\locale-frFR.MPQ [337013950]
O61 - LFC: 30/05/2013 - 18:52:57 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Errors\2013-05-30 19.52.57 Error.txt [31236]
O61 - LFC: 30/05/2013 - 18:52:59 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Errors\2013-05-30 19.52.57 Error.dmp [186377]
O61 - LFC: 30/05/2013 - 18:53:01 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Errors\2013-05-30 19.53.01 Error.dmp [191628]
O61 - LFC: 30/05/2013 - 18:53:01 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Errors\2013-05-30 19.53.01 Error.txt [31299]
O61 - LFC: 30/05/2013 - 18:53:05 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Errors\2013-05-30 19.53.04 Error.dmp [194006]
O61 - LFC: 30/05/2013 - 18:53:05 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Errors\2013-05-30 19.53.04 Error.txt [31299]
O61 - LFC: 30/05/2013 - 18:53:11 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Errors\2013-05-30 19.53.11 Error.dmp [193406]
O61 - LFC: 30/05/2013 - 18:53:11 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Errors\2013-05-30 19.53.11 Error.txt [31377]
O61 - LFC: 30/05/2013 - 18:53:44 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Errors\2013-05-30 19.53.44 Error.dmp [199438]
O61 - LFC: 30/05/2013 - 18:53:44 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Errors\2013-05-30 19.53.44 Error.txt [30472]
O61 - LFC: 30/05/2013 - 18:54:09 ---A- C:\Users\Amandine\AppData\Roaming\transmission\Resume\DragonWar.fr-4.0.6a.db2b55bce229a568.resume [5638]
O61 - LFC: 30/05/2013 - 18:54:09 ---A- C:\Users\Amandine\AppData\Roaming\transmission\dht.dat [610]
O61 - LFC: 30/05/2013 - 18:54:09 ---A- C:\Users\Amandine\AppData\Roaming\transmission\stats.json [156]
O61 - LFC: 30/05/2013 - 18:54:10 ---A- C:\Users\Amandine\AppData\Roaming\transmission\settings.json [3413]
O61 - LFC: 30/05/2013 - 18:54:49 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Scan.dll [51972]
O61 - LFC: 31/05/2013 - 13:54:15 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\WTF\Config.wtf [813]
~ 136 Fichiers temporaires (Temporary files)
~ 6 Fichiers cookies (Cookies files)
~ Files: 586 Legitimates Filtered in 16mn 01s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {0388404D-6072-4CEB-B521-8F090FEAEE57} [DefaultScope] - (Yahoo!) - http://klit.startnow.com =>Adware.Zugo
O69 - SBI: SearchScopes [HKCU] {043E1974-BDB0-4A13-A251-BE5BD6D69D80} - (Ask Search) - http://websearch.ask.com
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Delta Search) - http://www1.delta-search.com =>Toolbar.DeltaSearch
O69 - SBI: SearchScopes [HKCU] {73F8F4DE-C3C2-4FCF-99B6-55D063D42492} - (Web Search) - http://search.conduit.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche particuliere � la racine de certains dossiers (O84)
[MD5.0641A46F1E58529A42EAD4573A3A0861] [SPRF][21/07/2012] (...) -- C:\ProgramData\89EFA7FF7B.sys [8]
[MD5.8CC6FB85C2F4312C7549FCA1C33C786A] [SPRF][29/05/2013] (...) -- C:\ProgramData\KGyGaAvL.sys [3766]
[MD5.631DBBCF6FFCD5249D30A6CDE934D35F] [SPRF][04/11/2012] (.The GIMP Team - GIMP Setup.) -- C:\Users\Amandine\AppData\Local\Temp\34881-666577-gimp.exe [76225536]
[MD5.1025402B15012EBFD3F127D22D613020] [SPRF][21/10/2012] (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Users\Amandine\AppData\Local\Temp\38900-658974-java-runtime-environment-jre.exe [16754464]
[MD5.160EA9BA4F751C488CA4EF4A445FFC69] [SPRF][21/10/2012] (.Ask.com - AskStub Application.) -- C:\Users\Amandine\AppData\Local\Temp\APNStub.exe [357064]
[MD5.A0B75D24C18205E2D1D628ACE0D9DEB5] [SPRF][22/08/2012] (...) -- C:\Users\Amandine\AppData\Local\Temp\b7ce414e3dd841d3.exe [11274]
[MD5.8390E3FF29B6C223A3039C4E339EC832] [SPRF][09/09/2012] (...) -- C:\Users\Amandine\AppData\Local\Temp\defaultCache.reg [1472412]
[MD5.890A444D1059B0BCEB439E0425C22810] [SPRF][23/10/2011] (.Electronic Arts, Inc. - Origin.) -- C:\Users\Amandine\AppData\Local\Temp\EAD7703.exe [48106400]
[MD5.B390440E2147B310C645163B051260DE] [SPRF][08/04/2012] (.Adobe Systems Incorporated - Adobe� Flash� Player Installer/Uninstaller 11.2 r202.) -- C:\Users\Amandine\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe [4138656]
[MD5.A021A4299DB47255294BD2CB59904107] [SPRF][08/11/2011] (.Google Inc. - Google Toolbar Installer.) -- C:\Users\Amandine\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe [2376368]
[MD5.67657F148BE620729271D04ABF6AE973] [SPRF][21/10/2012] (...) -- C:\Users\Amandine\AppData\Local\Temp\guninstaller_babylon.exe [11293] =>Toolbar.Babylon
[MD5.A55B82103A202C20717F45C201EC4553] [SPRF][14/05/2013] (.Terra Informatica Software, Inc., British C - HTMLayout - embeddable HTML rendering and layout component.) -- C:\Users\Amandine\AppData\Local\Temp\htmlayout.dll [936960]
[MD5.0BBE2C5D09B20D19508F34CE40910428] [SPRF][30/05/2013] (...) -- C:\Users\Amandine\AppData\Local\Temp\ICReinstall_SkypeSetup (1).exe [607368]
[MD5.0BBE2C5D09B20D19508F34CE40910428] [SPRF][30/05/2013] (...) -- C:\Users\Amandine\AppData\Local\Temp\ICReinstall_SkypeSetup (2).exe [607368]
[MD5.A86F888BBE33FAD0576C69FBEED32E76] [SPRF][20/10/2011] (.Electronic Arts, Inc. - Origin installer extension.) -- C:\Users\Amandine\AppData\Local\Temp\installerdll2320936.dll [3039360]
[MD5.A86F888BBE33FAD0576C69FBEED32E76] [SPRF][20/10/2011] (.Electronic Arts, Inc. - Origin installer extension.) -- C:\Users\Amandine\AppData\Local\Temp\installerdll2333759.dll [3039360]
[MD5.0B54D0F88A5DC32A05FC66C0C963F407] [SPRF][19/08/2011] (.Electronic Arts, Inc. - Origin installer extension.) -- C:\Users\Amandine\AppData\Local\Temp\installerdll2872992.dll [3028608]
[MD5.2FF9B590342C62748885D459D082295F] [SPRF][22/08/2012] (.Adobe Systems, Inc. - Adobe� Flash� Player Installer/Uninstaller 11.0 r1.) -- C:\Users\Amandine\AppData\Local\Temp\InstallFlashPlayer.exe [89248]
[MD5.75E68C0C7910D38542792B1B5D0C179D] [SPRF][02/11/2012] (...) -- C:\Users\Amandine\AppData\Local\Temp\instloffer.exe [61494]
[MD5.0E2281AEC56203CA6A9E1848F7DBDF5A] [SPRF][19/10/2011] (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Users\Amandine\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe [909088]
[MD5.376EAD6E862E2957628576A77C08D1E1] [SPRF][22/04/2013] (.Pas de propri�taire - LyricsTube.) -- C:\Users\Amandine\AppData\Local\Temp\LyricsTube.exe [288489] =>Adware.AddLyrics
[MD5.D35D2CA3E93F361CC55F700E9E907247] [SPRF][14/05/2013] (.Pas de propri�taire - Sing Along.) -- C:\Users\Amandine\AppData\Local\Temp\lyrictmp.exe [283874]
[MD5.19CEE58DC4BD63D4AB21E3EC055EDF71] [SPRF][13/08/2010] (.Microsoft Corporation - Barre d'outils Bing.) -- C:\Users\Amandine\AppData\Local\Temp\MSN1269.exe [468232]
[MD5.6366C18D31940467BE88E9D5E403446A] [SPRF][23/03/2012] (...) -- C:\Users\Amandine\AppData\Local\Temp\msquafhm.dll [10240]
[MD5.71EA857B02F778B3D54BA59444A9F802] [SPRF][19/10/2011] (.Microsoft Corporation - Win32 Cabinet Self-Extractor.) -- C:\Users\Amandine\AppData\Local\Temp\rootsupd.exe [336280]
[MD5.CC9D0095E7C68788FF0A7A0B8D7199B0] [SPRF][21/09/2011] (...) -- C:\Users\Amandine\AppData\Local\Temp\scs.exe [454656]
[MD5.2E09006ABACEBC66F2E670022E91DF81] [SPRF][20/10/2011] (.Electronic Arts, Inc. - Origin.) -- C:\Users\Amandine\AppData\Local\Temp\Setup.exe [46985240]
[MD5.110292FB946BED3AE871281633253473] [SPRF][26/05/2013] (.Skype Technologies S.A. - Skype.) -- C:\Users\Amandine\AppData\Local\Temp\SkypeSetup.exe [30670440]
[MD5.B9270BA1B0D210F786D2E001A7BB902B] [SPRF][07/12/2012] (.Eclipse Foundation - SWT for Windows native library.) -- C:\Users\Amandine\AppData\Local\Temp\swt-win32-3740.dll [430080]
[MD5.2D2894581D355D5F44EAE38898A66846] [SPRF][01/01/2012] (.Conduit Ltd. - Conduit Toolbar.) -- C:\Users\Amandine\AppData\Local\Temp\tbVuze.dll [4398888] =>P2P.Azureus
[MD5.40ED501483E24786A5E3BD3D28D06733] [SPRF][29/08/2012] (...) -- C:\Users\Amandine\AppData\Local\Temp\tmp13a8700f.bat [202]
[MD5.067BECAFD5F884CEB2E86F766F965B5D] [SPRF][14/05/2013] (.Web Deals Interactive LLC - Installer.) -- C:\Users\Amandine\AppData\Local\Temp\toolbar3367921.exe [1418136]
[MD5.2A1486FAA80C007C5181CF964C5333EF] [SPRF][14/05/2013] (...) -- C:\Users\Amandine\AppData\Local\Temp\toolbar3369091.exe [786416]
[MD5.2A1486FAA80C007C5181CF964C5333EF] [SPRF][14/05/2013] (...) -- C:\Users\Amandine\AppData\Local\Temp\toolbar3496154.exe [786416]
[MD5.128B88FA937A4EEA0E778CF49A34891E] [SPRF][14/05/2013] (.AddLyrics - AddLyrics.) -- C:\Users\Amandine\AppData\Local\Temp\toolbar3505654.exe [327775] =>Adware.AddLyrics
[MD5.E28A290FBF38C63AB28B688784F5CB72] [SPRF][28/03/2009] (.Electronic Arts, Inc. - EADM Installer.) -- C:\Users\Amandine\AppData\Local\Temp\UninstallEADM.dll [195056]
[MD5.CBE0B05C11D5D523C2AF997D737C137B] [SPRF][19/10/2011] (.Microsoft Corporation - Microsoft Visual C++ 2010 x64 Redistributable Setup.) -- C:\Users\Amandine\AppData\Local\Temp\vcredist_x64.exe [5673816]
[MD5.CEDE02D7AF62449A2C38C49ABECC0CD3] [SPRF][19/10/2011] (.Microsoft Corporation - Microsoft Visual C++ 2010 x86 Redistributable Setup.) -- C:\Users\Amandine\AppData\Local\Temp\vcredist_x86.exe [4995416]
[MD5.342F79337765760AD4E392EB67D5ED2C] [SPRF][19/10/2011] (.Microsoft Corporation - Update Package.) -- C:\Users\Amandine\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe [2585872]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][14/01/2013] (...) -- C:\Users\Amandine\AppData\Local\Temp\{473AC462-A5F8-40CB-9FD4-8E31FB698278}.bat [0]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][14/01/2013] (...) -- C:\Users\Amandine\AppData\Local\Temp\{543D4306-4198-479C-BCFD-F4284403FA13}.bat [0]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][11/11/2012] (...) -- C:\Users\Amandine\AppData\Local\Temp\{5BCBEA8C-E344-4393-A7C7-0114549BC9F4}.bat [0]
[MD5.175C48DDDE1790415BF5328BBAD75536] [SPRF][21/05/2012] (.Intel Corporation - Intel MEDAL Capability Tool DLL.) -- C:\Users\Amandine\AppData\Roaming\JomCap.dll [20984]
[MD5.A31156B8D80A68E8F4354C63E0747BEB] [SPRF][05/03/2012] (...) -- C:\Users\Amandine\Desktop\eMule0.50a-Installer[1].exe [3389035]
[MD5.B17061DE647CE30B24DD661FD0BBB7C9] [SPRF][08/04/2002] (.GlobalSCAPE, Inc. - Pas de description.) -- C:\Program Files (x86)\cuteftpFR.exe [2458176]
~ Files: Scanned in 00mn 20s
---\\ Scan Additionnel (O88)
Database Version : v2.12368 - (01/06/2013)
Cl�s trouv�es (Keys found) : 195
Valeurs trouv�es (Values found) : 3
Dossiers trouv�s (Folders found) : 21
Fichiers trouv�s (Files found) : 12
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{006E6A46-8D55-4F10-BBA8-2C9653B4278B}] =>Adware.Boxore
[HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}] =>Adware.Yontoo
[HKLM\Software\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}] =>Adware.Yontoo
[HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] =>Adware.AskSBAR
[HKLM\Software\Classes\AppID\{32451DFC-C23B-4E12-866C-FC7982238504}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{32451DFC-C23B-4E12-866C-FC7982238504}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4}] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4}] =>Toolbar.Conduit
[HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon
[HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6492E171-2427-4932-B414-33574A089F5E}] =>Adware.Singalng
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6492E171-2427-4932-B414-33574A089F5E}] =>Adware.Singalng
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6492E171-2427-4932-B414-33574A089F5E}] =>Adware.Singalng
[HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}] =>Toolbar.Ask
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}] =>Adware.Zugo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}] =>Adware.Zugo
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}] =>Adware.Zugo
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\singalong@xenophesoft.com] =>Adware.Singalng
[HKLM\Software\Wow6432Node\Classes\Interface\{736EF78E-5A04-46F9-893E-EDEC6EA5DF45}] =>Adware.Agent
[HKLM\Software\Wow6432Node\Classes\Interface\{7A1BCE27-099C-4628-B63A-AEC00C6376B3}] =>Adware.Agent
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}] =>Adware.Yontoo
[HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}] =>Toolbar.Ask
[HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}] =>Adware.AskSBAR
[HKLM\Software\Wow6432Node\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}] =>Adware.AskSBAR
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0388404D-6072-4CEB-B521-8F090FEAEE57}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Adware.AskSBAR
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Adware.AskSBAR
[HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Classes\Interface\{AF3AFF7C-B9E9-48DD-9002-212B6DEAAC02}] =>Adware.Agent
[HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}] =>Adware.Yontoo
[HKLM\Software\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}] =>Adware.Yontoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Adware.AskSBAR
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Adware.AskSBAR
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Adware.AskSBAR
[HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon
[HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\Interface\{DBE82879-914A-422F-BAE9-2ECC80BE536F}] =>Adware.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Classes\Interface\{E12D7149-73EF-45E4-A1E9-99FD7DAE62D3}] =>Adware.Agent
[HKLM\Software\Wow6432Node\Classes\Interface\{F2B184F1-547C-4EE9-BFC4-AC489C7077D9}] =>Adware.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] =>Adware.Yontoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] =>Adware.Yontoo
[HKLM\Software\Classes\AppID\escort.dll] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\escortapp.dll] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\escorteng.dll] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\esrv.EXE] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\GenericAskToolbar.DLL] =>Adware.AskSBAR
[HKLM\Software\Classes\AppID\Toolbar.DLL] =>Toolbar.Agent
[HKLM\Software\Classes\escort.escortIEPane] =>PUP.Funmoods
[HKLM\Software\Classes\escort.escortIEPane.1] =>PUP.Funmoods
[HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd] =>Adware.AskSBAR
[HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1] =>Adware.AskSBAR
[HKLM\Software\Classes\Software.OneClickCtrl.8] =>Adware.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\1C875DDE39636004CA8CDAEC335B4160] =>Adware.PredictAd
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\430E8DB44F0E90547A3564A7E858C48D] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED] =>Toolbar.Ask
[HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\BA086F2D38A8E1A47912955A68B3AD24] =>Adware.PredictAd
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9] =>Adware.MyWebSearch
[HKCU\Software\APN] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\APN] =>Toolbar.Ask
[HKCU\Software\Ask.com] =>Toolbar.AskBar
[HKCU\Software\AppDataLow\Software\AskToolbar] =>Toolbar.AskTBar
[HKLM\Software\Wow6432Node\AskToolbar] =>Toolbar.AskTBar
[HKCU\Software\BabylonToolbar] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Boxore] =>Adware.Boxore
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKLM\Software\Tarma Installer] =>Toolbar.Tarma
[HKLM\Software\Wow6432Node\Tuto4pc] =>PUP.Eorezo
[HKCU\Software\Tutorials] =>Spyware.AgenceExclusive
[HKCU\Software\Zugo] =>Adware.Zugo
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASAPI32] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASMANCS] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}] =>Toolbar.AskBar
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\StartNow Toolbar] =>Adware.Zugo
[HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon
[HKLM\Software\Classes\Installer\Features\64A6E60055D801F4BB8AC269354B72B8] =>Adware.Boxore
[HKLM\Software\Classes\Installer\Products\64A6E60055D801F4BB8AC269354B72B8] =>Adware.Boxore
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\64A6E60055D801F4BB8AC269354B72B8] =>Adware.Boxore
[HKLM\Software\Wow6432Node\Classes\Installer\Features\64A6E60055D801F4BB8AC269354B72B8] =>Adware.Boxore
[HKLM\Software\Wow6432Node\Classes\Installer\Products\64A6E60055D801F4BB8AC269354B72B8] =>Adware.Boxore
[HKCU\Software\AppDataLow\Software\SingAlong] =>Adware.Singalng
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKLM\SYSTEM\CurrentControlSet\Services\supdate] =>Adware.Boxore
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}] =>PUP.Funmoods
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}] =>PUP.Funmoods
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2] =>Toolbar.Ask
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}] =>Adware.Zugo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}] =>Adware.Zugo
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}] =>Toolbar.DeltaSearch
[HKLM\SYSTEM\CurrentControlSet\Services\Yontoo Desktop Updater] =>Adware.Yontoo
[HKLM\Software\Classes\delta.deltaappCore] =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltaappCore.1] =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltadskBnd] =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltadskBnd.1] =>PUP.Funmoods
[HKLM\Software\Classes\AppID\ESRV.EXE] =>Adware.Facemoods
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EA69DAE1-1BC2-48ED-AB9A-24A5C8AC8071}] =>Adware.Boxore
[HKLM\Software\Classes\Installer\Features\1EAD96AE2CB1DE84BAA9425A8CCA0817] =>Adware.Boxore
[HKLM\Software\Classes\Installer\Products\1EAD96AE2CB1DE84BAA9425A8CCA0817] =>Adware.Boxore
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1EAD96AE2CB1DE84BAA9425A8CCA0817] =>Adware.Boxore
[HKLM\Software\Wow6432Node\Classes\Installer\Features\1EAD96AE2CB1DE84BAA9425A8CCA0817] =>Adware.Boxore
[HKLM\Software\Wow6432Node\Classes\Installer\Products\1EAD96AE2CB1DE84BAA9425A8CCA0817] =>Adware.Boxore
[HKLM\Software\Wow6432Node\Microsoft\Tracing\boxore_RASAPI32] =>Adware.Boxore
[HKLM\Software\Wow6432Node\Microsoft\Tracing\boxore_RASMANCS] =>Adware.Boxore
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\dcmagccbogebndpoodhhhafmofelpffh] =>PUP.RewardsArcade
[HKLM\Software\Classes\delta.deltaHlpr] =>toolbar.DeltaSearch
[HKLM\Software\Classes\delta.deltaHlpr.1] =>toolbar.DeltaSearch
[HKLM\Software\Classes\esrv.deltaESrvc] =>toolbar.DeltaSearch
[HKLM\Software\Classes\esrv.deltaESrvc.1] =>toolbar.DeltaSearch
[HKLM\Software\Classes\RewardsArcade.BHO] =>PUP.RewardsArcade
[HKLM\Software\Classes\RewardsArcade.Sandbox] =>PUP.RewardsArcade
[HKLM\Software\Classes\RewardsArcade.Sandbox.1] =>PUP.RewardsArcade
[HKLM\Software\Classes\YontooIEClient.Api] =>Adware.Yontoo
[HKLM\Software\Classes\YontooIEClient.Api.1] =>Adware.Yontoo
[HKLM\Software\Classes\YontooIEClient.Layers] =>Adware.Yontoo
[HKLM\Software\Classes\YontooIEClient.Layers.1] =>Adware.Yontoo
[HKLM\Software\Classes\AppID\escort.DLL] =>PUP.Funmoods
[HKLM\Software\Classes\AppID\escortApp.DLL] =>PUP.Funmoods
[HKLM\Software\Classes\AppID\escortEng.DLL] =>PUP.Funmoods
[HKLM\Software\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods
[HKLM\Software\Classes\AppID\YontooIEClient.DLL] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Classes\delta.deltaappCore] =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltaappCore.1] =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltadskBnd] =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltadskBnd.1] =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltaHlpr] =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltaHlpr.1] =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\esrv.deltaESrvc] =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\esrv.deltaESrvc.1] =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\escort.escortIEPane] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\escort.escortIEPane.1] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\RewardsArcade.BHO] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\RewardsArcade.Sandbox] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\RewardsArcade.Sandbox.1] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\YontooIEClient.Api] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Classes\YontooIEClient.Api.1] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Classes\YontooIEClient.Layers] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Classes\YontooIEClient.Layers.1] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Classes\AppID\escort.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\escortApp.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\escortEng.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\YontooIEClient.DLL] =>Adware.Yontoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
[HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{00000000-6E41-4FD3-8538-502F5495E5FC} =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Adware.AskSBAR
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]:Yontoo Desktop =>Adware.Yontoo
C:\Program Files (x86)\yontoo =>Adware.Yontoo
C:\Program Files (x86)\Ask.com =>Toolbar.AskBar
C:\Program Files (x86)\Boxore =>Adware.Boxore
C:\Program Files (x86)\SingAlong =>Adware.Singalng
C:\Program Files (x86)\Software =>Adware.Boxore
C:\Program Files (x86)\StartNow Toolbar =>Adware.Zugo
C:\Program Files (x86)\LyricsTube =>Adware.AddLyrics
C:\ProgramData\Babylon =>Toolbar.Babylon
C:\ProgramData\InstallMate =>Toolbar.Agent
C:\Users\Amandine\AppData\Roaming\yontoo =>Adware.Yontoo
C:\Users\Amandine\AppData\Roaming\Babylon =>Toolbar.Babylon
C:\Users\Amandine\AppData\Roaming\StartNow Toolbar =>Adware.Zugo
C:\Users\Amandine\AppData\Roaming\BabSolution =>Hijacker.BabSolution
C:\Users\Amandine\AppData\Roaming\eIntaller =>PUP.eSafeSecurity
C:\Users\Amandine\AppData\Local\EoRezo =>PUP.Eorezo
C:\Users\Amandine\AppData\Local\Software =>Adware.Boxore
C:\Users\Amandine\AppData\LocalLow\AskToolbar =>Toolbar.AskTBar
C:\Users\Amandine\AppData\Local\Temp\Iminent =>Adware.IMBooster
C:\Users\Amandine\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc =>Adware.Yontoo
C:\Users\Amandine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbpohikckhbcljgombipcdoinkaedlfa =>Spyware.SmartDisplay
C:\Users\Amandine\AppData\Local\Google\Chrome\User Data\Default\Extensions\incfcgceegpikennjoplhfghaaikdgei =>Adware.Zugo
C:\Users\Amandine\AppData\Local\Temp\instloffer.exe =>PUP.OfferBox
C:\Users\Amandine\AppData\Local\Temp\guninstaller_babylon.exe =>PUP.SweetIM
C:\Users\Amandine\AppData\Local\Temp\square_babylonv2.bmp =>PUP.SweetIM
C:\Users\Amandine\AppData\Local\Temp\square_babylonv3.bmp =>PUP.SweetIM
C:\Users\Amandine\AppData\Local\Temp\square_lollipop.bmp =>Adware.Lollipop
C:\Users\Amandine\AppData\Local\Temp\GoogleToolbarInstaller1.log =>Toolbar.Babylon
C:\Users\Amandine\AppData\Local\Temp\GoogleToolbarInstaller2.log =>Toolbar.Babylon
C:\Users\Amandine\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe =>Toolbar.Babylon
C:\Users\Amandine\AppData\Local\Temp\pricepeep_logo.bmp =>Adware.PricePeep
C:\Users\Amandine\AppData\Local\Temp\square_pricepeep.bmp =>Adware.PricePeep
C:\Users\Amandine\AppData\Local\Temp\tbVuze.dll =>Toolbar.Conduit
~ Additionnel Scan: 419349 Items scanned in 01mn 12s
---\\ Product Upgrade Codes (O90)
O90 - PUC: "16F2A4FD62E115D449BB637D6787DBDA" . (.PSPH10Pro.) -- C:\Windows\Installer\{DF4A2F61-1E26-4D51-94BB-36D77678BDAD}\ARPPRODUCTICON.exe
O90 - PUC: "1EAD96AE2CB1DE84BAA9425A8CCA0817" . (.Boxore Client.) -- C:\Windows\Installer\{EA69DAE1-1BC2-48ED-AB9A-24A5C8AC8071}\boxore.ico =>Adware.Boxore
O90 - PUC: "79320CFDFE0E198428E05174CD6C07B1" . (.ContentHD.) -- C:\Windows\Installer\{DFC02397-E0EF-4891-820E-1547DCC6701B}\ARPPRODUCTICON.exe
O90 - PUC: "A28B4D68DEBAA244EB686953B7074FEF" . (.Ask Toolbar.) -- C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe =>Toolbar.Ask
~ Update Products: 165 Legitimates Filtered in 00mn 00s
---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 04/04/2012 63928 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 15/05/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 03/03/2009 89600 | (AESTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\IDT\WDM\AESTSr64.exe
SR - | Auto 14/07/2009 27136 | c:\program files (x86)\common files\akamai\netsession_win_ca0e279.dll (Akamai) . (.Akamai Technologies, Inc..) - C:\Windows\System32\svchost.exe
SR - | Auto 08/02/2011 956192 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
SR - | Auto 02/12/2011 1043872 | (Credential Vault Host Control Service) . (.Broadcom Corporation.) - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
SR - | Auto 02/12/2011 36768 | (Credential Vault Host Storage) . (.Broadcom Corporation.) - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
SR - | Auto 08/05/2012 2279960 | (DFEPService) . (.Dell Inc..) - C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
SS - | Auto 08/11/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 08/11/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 21/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Auto 22/09/2010 165032 | (Intel(R) PROSet Monitoring Service) . (.Intel Corporation.) - C:\Windows\system32\IProsetMonitor.exe
SR - | Auto 21/05/2012 212984 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
SR - | Auto 19/01/2012 325912 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 19/02/2011 1836616 | (ntrtscan) . (.Trend Micro Inc..) - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe
SR - | Auto 11/02/2010 72296 | (O2FLASH) . (.O2Micro International.) - C:\Windows\System32\DRIVERS\o2flash.exe
SR - | Auto 8192 | (O2SDIOAssist) . (...) - c:\Windows\SysWOW64\srvany.exe
SR - | Auto 24/10/2009 360224 | (PMBDeviceInfoProvider) . (.Sony Corporation.) - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
SR - | Auto 11/03/2010 193824 | (PSI_SVC_2) . (.Protexis Inc..) - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
SS - | Demand 25/11/2010 1116656 | (RoxMediaDB12OEM) . (.Sonic Solutions.) - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
SS - | Auto 25/11/2010 219632 | (RoxWatch12) . (.Sonic Solutions.) - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
SR - | Auto 16/12/2012 123664 | (SbieSvc) . (.SANDBOXIE L.T.D.) - C:\Program Files\Sandboxie\SbieSvc.exe
SR - | Auto 25/01/2011 296448 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV64.exe
SS - | Demand 08/11/2010 74392 | (stllssvr) . (.MicroVision Development, Inc..) - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
SS - | Auto 21/10/2012 139576 | (supdate) . (.Boxore OU..) - C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe =>Adware.Boxore
SR - | Auto 07/04/2011 50704 | (svcGenericHost) . (.Trend Micro Inc..) - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
SS - | Auto 1637888 | (tcsd_win32.exe) . (...) - C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
SR - | Demand 06/07/2009 570632 | (TMBMServer) . (.Trend Micro Inc..) - c:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe
SR - | Auto 19/02/2011 2060896 | (tmlisten) . (.Trend Micro Inc..) - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe
SS - | Demand 21/07/2010 596032 | (TmPfw) . (.Trend Micro Inc..) - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe
SR - | Demand 21/07/2010 917840 | (TmProxy) . (.Trend Micro Inc..) - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe
SR - | Auto 19/01/2012 2594584 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 265952 | (Updater Service for StartNow Toolbar) . (...) - C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe =>Adware.Zugo
SR - | Auto 18/01/2011 48128 | (wltrysvc) . (.Dell Inc..) - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.exe
SR - | Auto 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Auto 13/03/2013 23552 | (Yontoo Desktop Updater) . (.Microsoft.) - C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe =>Adware.Yontoo
~ Services: Scanned in 00mn 12s
---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
~ MBR: 1 Legitimates Filtered in 00mn 02s
---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Amandine at 02/06/2013 14:31:16
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
~ 1761 Legitimates filtered by white list
End of the scan (955 lines in 27mn 33s)(0)
Run by Amandine at 02/06/2013 14:03:42
WebSite: http://nicolascoolman.webs.com
State : Version � jour.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Deactivate by program
---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421 (Defaut)
GCIE: Google Chrome v23.0.1271.97
---\\ Windows Product Information
~ Langage: Fran�ais
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : RMV82
Windows License : OK
~ Windows Remaining Initializations Number : 2
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System Protection
Trend Micro Client/Server Security Agent v3.5.1163
Windows Defender W7
---\\ System Optimizer
---\\ Peer To Peer (P2P)
Pando Media Booster v2.6.0.8
---\\ Software Update
Adobe Flash Player 11 ActiveX
Adobe Reader X
Java 7 Update 9
---\\ System Information
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3976 MB (55% free)
System Restore: Activ� (Enable)
System drive C: has 139 GB (59%) free of 232 GB
---\\ Logged in mode
~ Computer Name: AMANDINE-PC
~ User Name: Amandine
~ All Users Names: HomeGroupUser$, Amandine, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\Amandine\AppData\Roaming\
~ %Desktop% : C:\Users\Amandine\Desktop\
~ %Favorites% : C:\Users\Amandine\Favorites\
~ %LocalAppData% : C:\Users\Amandine\AppData\Local\
~ %StartMenu% : C:\Users\Amandine\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 139 Go of 232 Go)
D:\ CD-ROM drive (Not Inserted)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 34 Legitimates Filtered in 00mn 00s
---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.18/08/2011 - 00:16:56.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de d�marrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.8EA68FD3780DDDD5072F8CB830B3CB3D] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.29/06/2012 - 04:49:11.) -- C:\Windows\System32\wininet.dll [1392128]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d�ouverture de session Windows.) (.21/11/2010 - 04:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioth�que de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.A2F74975097F52A00745F9637451FDD8] - (.Microsoft Corporation - Pilote du syst�me de fichiers NT.) (.18/08/2011 - 00:16:54.) -- C:\Windows\system32\Drivers\ntfs.sys [1659776]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parall�le.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 01s
---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 2/1248
~ Mes musiques (My Musics) : 1/15
~ Mes Favoris (My Favorites) : 1/24
~ Mes Documents (My Documents) : 2/1580
~ Mon Bureau (My Desktop) : 1/40
~ Menu demarrer (Programs) : 1/31
~ Hidden Files: Scanned in 00mn 05s
---\\ Processus lanc�s
[MD5.A0EDCF34A355729CD4A38648A6142FE6] - (.Pas de propri�taire - FF_Protection MFC Application.) -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704] [PID.4072]
[MD5.8E0831382D3313E75614C9D85237B99F] - (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.exe [719672] [PID.4228]
[MD5.C99CC9784F1DC3EAF8E4FF4884659532] - (.Electronic Arts - Origin.) -- C:\Users\Amandine\Origin\Origin.exe [28651144] [PID.4620]
[MD5.AAB979089E192ACC0FE1E3C018F8B591] - (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Amandine\AppData\Local\Akamai\netsession_win.exe [4480768] [PID.4656]
[MD5.9958E309C6D3122C774B587B9C5749A4] - (.Microsoft Corporation - Windows Media Player.) -- C:\Users\Amandine\AppData\Roaming\Tyyhid\gaus.exe [297976] [PID.4676]
[MD5.2A6C01BAC0F8AA9143D61AE1E28E263A] - (.Yontoo LLC - Yontoo Desktop.) -- C:\Users\Amandine\AppData\Roaming\Yontoo\YontooDesktop.exe [42784] [PID.4768] =>Adware.Yontoo
[MD5.F5FBA8724DE219E96D9ABAF4772D31A3] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336] [PID.4984]
[MD5.4164A47F3A2DA7EA44572904C3DF44A4] - (.Pas de propri�taire - Roxio Burn Launcher.) -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544] [PID.5012]
[MD5.766E24A20116AFA41F380B57FFE7AF02] - (.Sony Corporation - Media Check Tool.) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [599328] [PID.5084]
[MD5.C6908549873D2F08240FF9FBFF3CDB2E] - (.Boxore OU - Boxore Client.) -- C:\Program Files (x86)\Boxore\BoxoreClient\boxore.exe [606520] [PID.3932] =>Adware.Boxore
[MD5.584ED09903EF7E158E40F34EB947D10B] - (.Aeria Games & Entertainment - Aeria Ignite.) -- C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1794224] [PID.592]
[MD5.043FE3C9088BEADC6A9FFC033C84F20F] - (.Microsoft Corporation - Microsoft OneNote Quick Launcher.) -- C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.exe [227712] [PID.4480]
[MD5.6EA1BF3F6E6B0613351411A3EB6B85A2] - (.Ask - Ask Updater.) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1561768] [PID.2716]
[MD5.8FFDB89A0FB7C8ABC3A8825E38047341] - (.Logitech Inc. - Logitech Webcam Software.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136] [PID.4364]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ysWOW64\RunDll32.exe [0] [PID.5416]
[MD5.540CFD3A3E2F6AB6411B1DFF4218C506] - (.Broadcom Corporation. - Bluetooth Headset Skype Proxy.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe [13600] [PID.5712]
[MD5.9987636E1191907AB52F3A49FFB83393] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7431168] [PID.5356]
[MD5.62B7936F9036DD6ED36E6A7EFA805DC0] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [63928] [PID.2044]
[MD5.2E552B658273B90251E0441631DE2CA3] - (.Microsoft Corporation - BCM SQL Startup Service.) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [31144] [PID.1544]
[MD5.2170317581575FF7D73562F6AFEF2D57] - (.Intel Corporation - Intel IPT Host Interface Service.) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [212984] [PID.2068]
[MD5.4E37455DB16AEC75862B1D0BC35B589E] - (.O2Micro International - O2 Flash Memory Service.) -- C:\Windows\system32\DRIVERS\o2flash.exe [72296] [PID.2160]
[MD5.4635935FC972C582632BF45C26BFCB0E] - (...) -- c:\Windows\SysWOW64\srvany.exe [8192] [PID.2204]
[MD5.B3BBFEB98C4B7FC5E3084498A68DA433] - (.O2Micro. - SDIOAssist.) -- c:\Windows\sysWOW64\SDIOAssist.exe [223848] [PID.2228]
[MD5.627FA58ADC043704F9D14CA44340956F] - (.Sony Corporation - Device Information Provider.) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [360224] [PID.2244]
[MD5.F036CFB275D0C55F4E45FBBF5F98B3C8] - (.Protexis Inc. - PsiService PsiService.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [193824] [PID.2268]
[MD5.1E9993AC255B3220BCE71FE9E056BBC9] - (...) -- C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [265952] [PID.2484] =>Adware.Zugo
[MD5.24FB8DB6D1D55E2C5D0A53DFE48E6AF8] - (.Microsoft - Y2Desktop.Updater.) -- C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe [23552] [PID.2716] =>Adware.Yontoo
[MD5.DA8DA61CB3289AE3840D35C3C73317A3] - (.Trend Micro Inc. - Generic Hosted Agent Service.) -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [50704] [PID.2924]
[MD5.B04264D1E751D941D5BACB263E867559] - (.Trend Micro Inc. - Hosted Agent Service.) -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe [23568] [PID.2996]
[MD5.F02A533F517EB38333CB12A9E8963773] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [136176] [PID.3956]
[MD5.103BE142566D66F8AE52C89FE9E92D2B] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [325912] [PID.5980]
[MD5.6B778A47EB9CE430708AC42980BB712C] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2594584] [PID.6004]
[MD5.FFE76459A5B76A37FF212E61E80C4790] - (.Trend Micro Inc. - Trend Micro OfficeScan Client Plug-in Servi.) -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe [435584] [PID.5596]
~ Processes Running: Scanned in 00mn 03s
---\\ Google Chrome, D�marrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Amandine\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [abepbblpkilpjohncjbccmdjhdhbnhdj] Sing Along v.1.112 (Activ�)
G2 - GCE: Preference [User Data\Default] [bebdghdpchfhbbmfeddkijldlpnkbjkk] LyricsTube v.1.111 (Activ�) =>Adware.AddLyrics
G2 - GCE: Preference [User Data\Default] [eooncjejnppfjjklapaamhcdmjbilmde] Delta Toolbar v.1.4 (D�sactiv�)
G2 - GCE: Preference [User Data\Default] [incfcgceegpikennjoplhfghaaikdgei] StartNow v.2.5.0 (Activ�) =>Adware.Zugo
G2 - GCE: Preference [User Data\Default] [niapdbllcanepiiimjjndipklodoedlc] Yontoo v.1.0.3 (Activ�) =>Adware.Yontoo
G2 - GCE: Preference [User Data\Default] [pbpohikckhbcljgombipcdoinkaedlfa] Smart Display v.1.5 (Activ�) =>Spyware.SmartDisplay
~ Google Browser: 9 Legitimates Filtered in 00mn 13s
---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R3 - URLSearchHook: UrlSearchHook Class [64Bits] - {00000000-6E41-4FD3-8538-502F5495E5FC} . (.Ask - Ask Toolbar.) (5.15.2.23037) -- C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll =>Toolbar.Ask
~ IE Browser: 16 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Sing Along [64Bits] - {6492E171-2427-4932-B414-33574A089F5E} . (.Xenophesoft - Sing Along.) -- C:\Program Files (x86)\SingAlong\singalng.dll =>Adware.Singalng
O2 - BHO: StartNow Toolbar Helper [64Bits] - {6E13D095-45C3-4271-9475-F3B48227DD9F} . (.Pas de propri�taire - Toolbar.) -- C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll =>Adware.Zugo
O2 - BHO: delta Helper Object [64Bits] - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} . (.Delta-search.com - Pas de description.) -- C:\Program Files (x86)\Delta\delta\1.8.16.16\bh\delta.dll =>Toolbar.DeltaSearch
O2 - BHO: Ask Toolbar BHO [64Bits] - {D4027C7F-154A-4066-A1AD-4243D8127440} . (.Ask - Ask Toolbar.) -- C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll =>Toolbar.Ask
O2 - BHO: Yontoo Layers [64Bits] - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} . (.Yontoo LLC - Yontoo Runtime.) -- C:\Program Files (x86)\Yontoo\YontooIEClient.dll =>Adware.Yontoo
~ BHO: 13 Legitimates Filtered in 00mn 02s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Google Toolbar [64Bits] - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Run: [Apoint] . (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] . (.Dell Inc. - DW WLAN Card Wireless Network Tray Applet.) -- C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
O4 - HKLM\..\Run: [FreeFallProtection] . (.Pas de propri�taire - FF_Protection MFC Application.) -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
O4 - HKLM\..\Run: [DFEPApplication] . (.Dell Inc. - Dell Feature Enhancement Pack.) -- C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [OfficeSyncProcess] . (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.exe
O4 - HKCU\..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (.not file.)
O4 - HKCU\..\Run: [EADM] . (.Electronic Arts - Origin.) -- C:\Users\Amandine\Origin\Origin.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Amandine\AppData\Local\Akamai\netsession_win.exe
O4 - HKCU\..\Run: [Iguzna] . (.Microsoft Corporation - Windows Media Player.) -- C:\Users\Amandine\AppData\Roaming\Tyyhid\gaus.exe
O4 - HKCU\..\Run: [Pando Media Booster] . (.Pas de propri�taire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [SandboxieControl] . (.SANDBOXIE L.T.D - Sandboxie Control.) -- C:\Program Files\Sandboxie\SbieCtrl.exe
O4 - HKCU\..\Run: [Yontoo Desktop] . (.Yontoo LLC - Yontoo Desktop.) -- C:\Users\Amandine\AppData\Roaming\Yontoo\YontooDesktop.exe =>Adware.Yontoo
O4 - HKCU\..\Run: [Skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [IMSS] . (.Intel Corporation - PIcon startup utility.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl9] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
O4 - HKLM\..\Wow6432Node\Run: [PDVD9LanguageShortcut] . (.CyberLink Corp. - PowerDVD Language Application.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe
O4 - HKLM\..\Wow6432Node\Run: [RoxWatchTray] . (.Sonic Solutions - RoxMMTrayApp Module.) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe
O4 - HKLM\..\Wow6432Node\Run: [Desktop Disc Tool] . (.Pas de propri�taire - Roxio Burn Launcher.) -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
O4 - HKLM\..\Wow6432Node\Run: [OfficeScanNT Monitor] . (.Trend Micro Inc. - Trend Micro Client/Server Security Agent Mo.) -- C:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe
O4 - HKLM\..\Wow6432Node\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
O4 - HKLM\..\Wow6432Node\Run: [PMBVolumeWatcher] . (.Sony Corporation - Media Check Tool.) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
O4 - HKLM\..\Wow6432Node\Run: [Standby] . (.Corel - Standby service.) -- C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Wow6432Node\Run: [Boxore Client] . (.Boxore OU - Boxore Client.) -- C:\Program Files (x86)\Boxore\BoxoreClient\boxore.exe =>Adware.Boxore
O4 - HKLM\..\Wow6432Node\Run: [Aeria Ignite] . (.Aeria Games & Entertainment - Aeria Ignite.) -- C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe
O4 - HKLM\..\Wow6432Node\Run: [ApnUpdater] . (.Ask - Ask Updater.) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
O4 - HKLM\..\Wow6432Node\Run: [tuto4pc_fr_38] Cl� orpheline =>PUP.Eorezo
O4 - HKLM\..\Wow6432Node\Run: [LWS] . (.Logitech Inc. - Logitech Webcam Software.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-1888738001-566168446-4079802660-1000\..\Run: [OfficeSyncProcess] . (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.exe
O4 - HKUS\S-1-5-21-1888738001-566168446-4079802660-1000\..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (.not file.)
O4 - HKUS\S-1-5-21-1888738001-566168446-4079802660-1000\..\Run: [EADM] . (.Electronic Arts - Origin.) -- C:\Users\Amandine\Origin\Origin.exe
O4 - HKUS\S-1-5-21-1888738001-566168446-4079802660-1000\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Amandine\AppData\Local\Akamai\netsession_win.exe
O4 - HKUS\S-1-5-21-1888738001-566168446-4079802660-1000\..\Run: [Iguzna] . (.Microsoft Corporation - Windows Media Player.) -- C:\Users\Amandine\AppData\Roaming\Tyyhid\gaus.exe
O4 - HKUS\S-1-5-21-1888738001-566168446-4079802660-1000\..\Run: [Pando Media Booster] . (.Pas de propri�taire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKUS\S-1-5-21-1888738001-566168446-4079802660-1000\..\Run: [SandboxieControl] . (.SANDBOXIE L.T.D - Sandboxie Control.) -- C:\Program Files\Sandboxie\SbieCtrl.exe
O4 - HKUS\S-1-5-21-1888738001-566168446-4079802660-1000\..\Run: [Yontoo Desktop] . (.Yontoo LLC - Yontoo Desktop.) -- C:\Users\Amandine\AppData\Roaming\Yontoo\YontooDesktop.exe =>Adware.Yontoo
O4 - HKUS\S-1-5-21-1888738001-566168446-4079802660-1000\..\Run: [Skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (.not file.)
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\TaskBar: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe
O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
O4 - GS\Programs: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - �diteur de caract�res priv�s.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe
O4 - GS\SendTo: Sandboxie - DefaultBox.lnk . (...) -- C:\Program Files (x86)\Sandboxie\Start.exe (.not file.)
O4 - GS\Desktop: Corel Painter Photo Essentials 4.lnk . (.Corel Corporation - Painter Photo Essentials 4.) -- C:\Program Files (x86)\Corel\Corel Painter Photo Essentials 4\Corel Painter Photo Essentials.exe
O4 - GS\Desktop: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop: Horse Life.lnk . (.Dancing Dots - Ride Autorun.) -- C:\Program Files (x86)\Deep Silver\Horse Life\Autorun.exe
O4 - GS\Desktop: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop: Microsoft FrontPage.lnk . (...) -- C:\Windows\Installer\{0000040C-78E1-11D2-B60F-006097C998E7}\misc.exe
O4 - GS\Desktop: Microsoft Money.lnk . (.Microsoft(R) Corporation - Microsoft Money.) -- C:\Program Files (x86)\Microsoft Money 2005\MNYCoreFiles\msmoney.exe
O4 - GS\Desktop: Microsoft Word 2010.lnk . (...) -- C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
O4 - GS\Desktop: Paint.lnk . (.Microsoft Corporation - Paint.) -- C:\Windows\system32\mspaint.exe
O4 - GS\Desktop: Paint.NET.lnk . (...) -- C:\Program Files (x86)\Paint.NET\PaintDotNet.exe (.not file.)
O4 - GS\Desktop: Perfect World International.lnk . (...) -- C:\Perfect World Entertainment\Perfect World International FR\patcher\patcher.exe
O4 - GS\Desktop: Shortcut to SecureDownloadManager.exe.lnk . (...) -- C:\Users\Amandine\AppData\Roaming\Microsoft\Installer\{4AF9E60E-0C91-4E25-A264-6E47EB1CC25C}\_B9B2666564AF3BA6B01C23.exe
O4 - GS\Desktop: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe
~ Global Startup: Scanned in 00mn 01s
---\\ Boutons situ�s sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer � OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: Notes &li�es OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.)
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 [64Bits] - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKCU\...\Domains] http.aeriagames.com
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4FC0174-1D92-440B-B3D0-943E62F0AD0D}: DhcpNameServer = 192.168.15.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{A4FC0174-1D92-440B-B3D0-943E62F0AD0D}: DhcpNameServer = 192.168.15.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{A4FC0174-1D92-440B-B3D0-943E62F0AD0D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
O20 - Winlogon Notify: spba . (...) -- C:\Program Files\Common Files\SPBA\homefus2.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: Software Update Service (supdate) (supdate) . (.Boxore OU. - Programme d'installation de Software.) - C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe =>Adware.Boxore
O23 - Service: Updater Service for StartNow Toolbar (Updater Service for StartNow Toolbar) . (...) - C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe =>Adware.Zugo
O23 - Service: DW WLAN Tray Service (wltrysvc) . (.Dell Inc. - DW WLAN Card Wireless Network Service.) - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.exe
~ Services: 25 Legitimates Filtered in 00mn 07s
---\\ T�ches planifi�es en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Sing Along Update.job [398]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SoftwareUpdateTaskMachineCore.job [1086]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SoftwareUpdateTaskMachineUA.job [1090]
[MD5.65611587D8245CE8DB9E306D239EE22F] [APT] [EPUpdater] (...) -- C:\Users\Amandine\AppData\Roaming\BabSolution\Shared\BabMaint.exe [9808] =>Hijacker.BabSolution
[MD5.FA0F8558CBF4A4C1175F5BC1824CD253] [APT] [Express FilesUpdate] (.http://www.express-files.com/.) -- C:\Program Files (x86)\ExpressFiles\EFUpdater.exe [200952] =>Adware.ExpressFiles
[MD5.11C28EC4C0EBA3BB81925E3E6CBB3D63] [APT] [Sing Along Update] (.Xenophesoft.) -- C:\Program Files (x86)\SingAlong\SingalngUpdater.exe [118272] =>Adware.Singalng
[MD5.251A1AED2D4A26A47C0A4A3058AAE4A8] [APT] [SoftwareUpdateTaskMachineCore] (.Boxore OU..) -- C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe [139576] =>Adware.Boxore
[MD5.251A1AED2D4A26A47C0A4A3058AAE4A8] [APT] [SoftwareUpdateTaskMachineUA] (.Boxore OU..) -- C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe [139576] =>Adware.Boxore
~ Scheduled Task: 19 Legitimates Filtered in 00mn 08s
---\\ Logiciels install�s (O42)
O42 - Logiciel: Akamai NetSession Interface - (...) [HKLM][64Bits] -- Akamai
O42 - Logiciel: Akamai NetSession Interface - (.Akamai Technologies, Inc.) [HKCU][64Bits] -- Akamai
O42 - Logiciel: Ask Toolbar - (.Ask.com.) [HKLM][64Bits] -- {86D4B82A-ABED-442A-BE86-96357B70F4FE} =>Toolbar.Ask
O42 - Logiciel: Ask Toolbar Updater - (.Ask.com.) [HKCU][64Bits] -- {79A765E1-C399-405B-85AF-466F52E918B0} =>Toolbar.Ask
O42 - Logiciel: Boxore Client - (.Boxore OU.) [HKLM][64Bits] -- {EA69DAE1-1BC2-48ED-AB9A-24A5C8AC8071} =>Adware.Boxore
O42 - Logiciel: CuteFTP 4.2 FR - (...) [HKLM][64Bits] -- {091E322B-BF42-11D5-806E-00010246ECC0}
O42 - Logiciel: Delta toolbar - (.Delta.) [HKLM][64Bits] -- delta
O42 - Logiciel: ExpressFiles - (.http://www.express-files.com/.) [HKCU][64Bits] -- ExpressFiles =>Adware.ExpressFiles
O42 - Logiciel: Horse Life - (...) [HKLM][64Bits] -- Horse Life_is1
O42 - Logiciel: Sing Along - (.Xenophesoft.) [HKLM][64Bits] -- singalong@xenophesoft.com =>Adware.Singalng
O42 - Logiciel: StartNow Toolbar - (.StartNow.com.) [HKLM][64Bits] -- StartNow Toolbar =>Adware.Zugo
O42 - Logiciel: Transmission-Qt - (.transmissionbt.com.) [HKLM][64Bits] -- 8538E49A-6FE5-4FDB-8649-922BB839F21F
O42 - Logiciel: Wildlife Park 2 Horses - (.Deep Silver.) [HKLM][64Bits] -- {2EE37EFC-CDF1-4B4C-8977-BDCC57DF96F8}
O42 - Logiciel: Yontoo 2.05 - (.Yontoo LLC.) [HKLM][64Bits] -- {889DF117-14D1-44EE-9F31-C5FB5D47F68B} =>Adware.Yontoo
~ Logic: 175 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN]
[HKCU\Software\AppDataLow\Software\AskToolbar]
[HKCU\Software\AppDataLow\Software\SingAlong] =>Adware.Singalng
[HKCU\Software\Ask.com]
[HKCU\Software\BabylonToolbar] =>Toolbar.Babylon
[HKCU\Software\Delta]
[HKCU\Software\InstallCore] =>PUP.InstallCore
[HKCU\Software\TutoTag] =>Spyware.AgenceExcusive
[HKCU\Software\Tutorials] =>Spyware.AgenceExcusive
[HKCU\Software\Zugo] =>Adware.Zugo
[HKLM\Software\Tarma Installer] =>Toolbar.Tarma
[HKLM\Software\Wow6432Node\APN]
[HKLM\Software\Wow6432Node\AskToolbar]
[HKLM\Software\Wow6432Node\Babylon] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Boxore] =>Adware.Boxore
[HKLM\Software\Wow6432Node\Delta]
[HKLM\Software\Wow6432Node\ExpressFiles] =>Adware.ExpressFiles
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\InstallationKit]
[HKLM\Software\Wow6432Node\TUTO4PC] =>PUP.Eorezo
~ Key Software: 253 Legitimates Filtered in 00mn 01s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 28/05/2013 - 21:27:56 - [3,428] ----D C:\Program Files (x86)\Ask.com
O43 - CFD: 14/03/2013 - 00:32:36 - [1,273] ----D C:\Program Files (x86)\Boxore =>Adware.Boxore
O43 - CFD: 14/05/2013 - 15:50:14 - [2,424] ----D C:\Program Files (x86)\Delta
O43 - CFD: 14/05/2013 - 15:49:42 - [10,207] ----D C:\Program Files (x86)\ExpressFiles =>Adware.ExpressFiles
O43 - CFD: 14/05/2013 - 15:52:26 - [0] ----D C:\Program Files (x86)\LyricsTube =>Adware.AddLyrics
O43 - CFD: 14/05/2013 - 15:52:26 - [0,382] ----D C:\Program Files (x86)\SingAlong =>Adware.Singalng
O43 - CFD: 12/02/2013 - 22:56:51 - [2,200] ----D C:\Program Files (x86)\StartNow Toolbar =>Adware.Zugo
O43 - CFD: 27/05/2013 - 23:49:53 - [13,797] ----D C:\Program Files (x86)\Transmission-Qt
O43 - CFD: 14/05/2013 - 15:49:54 - [0,801] ----D C:\Program Files (x86)\Yontoo =>Adware.Yontoo
O43 - CFD: 02/06/2013 - 13:17:01 - [21,284] ----D C:\Program Files (x86)\Common Files\Akamai
O43 - CFD: 21/10/2012 - 20:11:17 - [0] ----D C:\ProgramData\Ask
O43 - CFD: 14/05/2013 - 15:49:45 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon
O43 - CFD: 11/11/2012 - 15:40:42 - [0] ----D C:\ProgramData\InstallMate
O43 - CFD: 11/11/2012 - 15:39:16 - [0] ----D C:\ProgramData\Premium
O43 - CFD: 14/05/2013 - 15:49:50 - [0] ----D C:\ProgramData\Tarma Installer =>Toolbar.Tarma
O43 - CFD: 14/05/2013 - 15:50:18 - [1,933] ----D C:\Users\Amandine\AppData\Roaming\BabSolution =>Hijacker.BabSolution
O43 - CFD: 14/05/2013 - 15:49:45 - [0,020] ----D C:\Users\Amandine\AppData\Roaming\Babylon =>Toolbar.Babylon
O43 - CFD: 14/05/2013 - 15:50:11 - [0,259] ----D C:\Users\Amandine\AppData\Roaming\Delta
O43 - CFD: 30/05/2013 - 16:31:44 - [4,045] ----D C:\Users\Amandine\AppData\Roaming\eIntaller
O43 - CFD: 14/05/2013 - 15:50:02 - [0,001] ----D C:\Users\Amandine\AppData\Roaming\ExpressFiles =>Adware.ExpressFiles
O43 - CFD: 01/06/2013 - 18:39:15 - [0] ----D C:\Users\Amandine\AppData\Roaming\Izef
O43 - CFD: 02/11/2012 - 13:31:10 - [0,032] ----D C:\Users\Amandine\AppData\Roaming\StartNow Toolbar =>Adware.Zugo
O43 - CFD: 30/05/2013 - 19:54:10 - [0,159] ----D C:\Users\Amandine\AppData\Roaming\transmission
O43 - CFD: 13/10/2012 - 00:01:42 - [0,284] ----D C:\Users\Amandine\AppData\Roaming\Tyyhid
O43 - CFD: 02/06/2013 - 07:09:33 - [0,247] ----D C:\Users\Amandine\AppData\Roaming\Yontoo =>Adware.Yontoo
O43 - CFD: 13/10/2012 - 00:01:42 - [0,381] ----D C:\Users\Amandine\AppData\Roaming\Ysbypu
O43 - CFD: 18/03/2013 - 19:14:56 - [32,382] ----D C:\Users\Amandine\AppData\Local\Akamai
O43 - CFD: 01/06/2013 - 18:01:50 - [0,000] ----D C:\Users\Amandine\AppData\Local\eorezo =>PUP.Eorezo
O43 - CFD: 27/05/2013 - 23:53:34 - [0,001] ----D C:\Users\Amandine\AppData\Local\transmission
O43 - CFD: 01/09/2012 - 17:41:52 - [0,002] -SH-D C:\Users\Amandine\AppData\Local\{fd50142a-67ea-aeb5-779c-bfd685da284c}
O43 - CFD: 27/05/2013 - 23:50:01 - [0,002] ----D C:\Users\Amandine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Transmission-Qt
~ Program Folder: 241 Legitimates Filtered in 00mn 25s
---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.659C0F7A1F9A2AA3C59FDC99ECCE64E4] - 02/06/2013 - 12:26:20 ---A- . (...) -- C:\tmuninst.ini [31]
O44 - LFC:[MD5.8F14DA5CA9071D94D1A0C4AF7CF45F54] - 02/06/2013 - 12:19:22 ---A- . (...) -- C:\Windows\SysNative\TmInstall.log [17816960]
O44 - LFC:[MD5.8F14DA5CA9071D94D1A0C4AF7CF45F54] - 02/06/2013 - 12:19:22 RSHAD . (...) -- C:\Windows\System32\TmInstall.log [17816960]
O44 - LFC:[MD5.DE3E2DC8436B72A63C398B8F77CA58F3] - 02/06/2013 - 06:25:40 ---A- . (...) -- C:\Windows\TMFilter.log [39043]
O44 - LFC:[MD5.B00F9868D229617CAF745820E4157044] - 01/06/2013 - 18:53:49 ---A- . (...) -- C:\Windows\LDPINST.LOG [3576]
O44 - LFC:[MD5.186DB8F4D23EB4251FB43C99BBF125B5] - 01/06/2013 - 18:53:49 ---A- . (...) -- C:\Windows\SysNative\lvcoinst.log [5691]
O44 - LFC:[MD5.186DB8F4D23EB4251FB43C99BBF125B5] - 01/06/2013 - 18:53:49 RSHAD . (...) -- C:\Windows\System32\lvcoinst.log [5691]
O44 - LFC:[MD5.790F2CD229262EF3E4489B58D05AB547] - 28/05/2013 - 14:25:27 ---A- . (...) -- C:\Windows\Sandboxie.ini [1488]
~ Files: 11 Legitimates Filtered in 03mn 45s
---\\ Derniers fichiers cr��s dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.DADED19B3F32ABCE3819692545DB0078] - 01/06/2013 - 11:04:40 ---A- - C:\Windows\Prefetch\GAUS.EXE-0B623E72.pf
O45 - LFCP:[MD5.6C983FD22D30735CB6505B4107C3AB4E] - 01/06/2013 - 17:23:05 ---A- - C:\Windows\Prefetch\SMARTSETTINGS.EXE-33440BA9.pf
O45 - LFCP:[MD5.E20AC0E621AE695649A9ABB6FD172D58] - 01/06/2013 - 19:32:00 ---A- - C:\Windows\Prefetch\SOFTWARECRASHHANDLER.EXE-26A5512E.pf
O45 - LFCP:[MD5.C393B65189D1906B204FFC955FC1DBC8] - 01/06/2013 - 21:57:31 ---A- - C:\Windows\Prefetch\OSA9.EXE-00A1045C.pf
O45 - LFCP:[MD5.0A2A3A572D7578B64AFFE18A883D70E4] - 01/06/2013 - 21:57:43 ---A- - C:\Windows\Prefetch\ROXWATCHTRAY12OEM.EXE-44D62E76.pf
O45 - LFCP:[MD5.539A0B0062E48A02564EBD8A8F7FD2F6] - 01/06/2013 - 21:57:47 ---A- - C:\Windows\Prefetch\PMBVOLUMEWATCHER.EXE-54F8D82B.pf
O45 - LFCP:[MD5.96E732526283F60AC4F7678C4C6343C8] - 02/06/2013 - 06:09:15 ---A- - C:\Windows\Prefetch\PMB.EXE-B9083A8E.pf
O45 - LFCP:[MD5.A418D8E7B2F13B9BA3EE2D4302DE221C] - 02/06/2013 - 06:09:26 ---A- - C:\Windows\Prefetch\AERIAIGNITE.EXE-9D9B2907.pf
O45 - LFCP:[MD5.37CE2F46F0BC4DD81CC6A59F7508EDA0] - 02/06/2013 - 12:17:52 ---A- - C:\Windows\Prefetch\DFEPAPPLICATION.EXE-B2FBBA50.pf
O45 - LFCP:[MD5.3DF998D41C24071321657667EA394373] - 02/06/2013 - 12:17:59 ---A- - C:\Windows\Prefetch\PCCNTMON.EXE-912D0DC8.pf
O45 - LFCP:[MD5.F84762C9D402BAD71BF60585847ABC32] - 02/06/2013 - 12:18:48 ---A- - C:\Windows\Prefetch\TMLWFINS.EXE-7694C2F2.pf
O45 - LFCP:[MD5.48571D32D4C1C84D52BB1230576F644F] - 02/06/2013 - 12:19:07 ---A- - C:\Windows\Prefetch\TMWFPINS.EXE-F1521ABE.pf
O45 - LFCP:[MD5.BD2A4366414D22395C4C88F92A01BCDA] - 02/06/2013 - 12:19:15 ---A- - C:\Windows\Prefetch\NCFG.EXE-6AC48934.pf
O45 - LFCP:[MD5.7447170773CD27724A872CD757E80C58] - 02/06/2013 - 12:23:17 ---A- - C:\Windows\Prefetch\BZIP2.EXE-D9014661.pf
O45 - LFCP:[MD5.AF5E200C2921FEC9FE9D200F201CB7C6] - 02/06/2013 - 12:26:20 ---A- - C:\Windows\Prefetch\TMUNINST.EXE-7D9CBC70.pf
O45 - LFCP:[MD5.87297C0B3AC7E8A125624C1674A95EAC] - 02/06/2013 - 12:26:30 ---A- - C:\Windows\Prefetch\CNTAOSMGR.EXE-308BAFDC.pf
O45 - LFCP:[MD5.8AD32B519695CDB35EEA56A795A76C47] - 02/06/2013 - 12:27:22 ---A- - C:\Windows\Prefetch\PATCH64.EXE-F66A35E0.pf
O45 - LFCP:[MD5.038AB1256CD34E680DAFE7C97C869D53] - 02/06/2013 - 12:32:07 ---A- - C:\Windows\Prefetch\COREL PAINT SHOP PRO PHOTO.EX-E807D69F.pf
O45 - LFCP:[MD5.8B5F5ECD013C32434F1686B918F089ED] - 02/06/2013 - 13:00:21 ---A- - C:\Windows\Prefetch\STANDBY.EXE-8DA4C0D5.pf
O45 - LFCP:[MD5.5876651813181C93DA9543CA99243343] - 02/06/2013 - 13:07:27 ---A- - C:\Windows\Prefetch\TSC64.EXE-F2F53F1A.pf
O45 - LFCP:[MD5.949D712FBE2CCC64DDE1726D96301D05] - 28/05/2013 - 01:03:07 ---A- - C:\Windows\Prefetch\INSTANTVIEWER.EXE-E4BC75F3.pf
O45 - LFCP:[MD5.B2C8DE499BE1BAA3AF5EA8557E86F2DB] - 29/05/2013 - 17:56:00 ---A- - C:\Windows\Prefetch\START.EXE-9F46CD0A.pf
O45 - LFCP:[MD5.CD6699D7E709C645BAD9729D0EAD23D9] - 29/05/2013 - 17:56:17 ---A- - C:\Windows\Prefetch\SANDBOXIERPCSS.EXE-0EC71314.pf
O45 - LFCP:[MD5.B4B18FBD9A23EFA8F55CF4C75594DD26] - 29/05/2013 - 17:56:20 ---A- - C:\Windows\Prefetch\SBIESVC.EXE-176A1A17.pf
O45 - LFCP:[MD5.3E1AF57FD5587157A268B665A180D040] - 29/05/2013 - 17:56:24 ---A- - C:\Windows\Prefetch\SANDBOXIEDCOMLAUNCH.EXE-AD79114B.pf
O45 - LFCP:[MD5.4E6C261A178E29C3CB9190D75553836A] - 29/05/2013 - 17:56:55 ---A- - C:\Windows\Prefetch\SANDBOXIECRYPTO.EXE-AC70C212.pf
O45 - LFCP:[MD5.7F2664C0A4DFCDB913E4E4788C926014] - 29/05/2013 - 20:16:35 ---A- - C:\Windows\Prefetch\MEDIACATALOGER.EXE-93F6343B.pf
O45 - LFCP:[MD5.D509169BFE799F8F9ADA398A55DC3D60] - 30/05/2013 - 15:24:09 ---A- - C:\Windows\Prefetch\TMBMSRV.EXE-34E3925F.pf
~ Prefetcher: 134 Legitimates Filtered in 00mn 05s
---\\ Op�rations et fonctions au d�marrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "DisableCAD"=1
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s
---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.1575A815C27789061F34B4F55AE0B5C3] - 22/07/2011 - 12:28:56 ---A- . (.ST Microelectronics - Accelerometer Port I/O.) -- C:\Windows\System32\Drivers\accelern.sys [27760]
~ Drivers: Scanned in 00mn 00s
---\\ Derniers fichiers modifi�s ou cr�es (Utilisateur) (O61)
O61 - LFC: 01/06/2013 - 17:01:52 ---A- C:\Users\Amandine\AppData\Local\eorezo\eorezo\1.10\eorezo.cyl [87] =>PUP.Eorezo
O61 - LFC: 01/06/2013 - 18:40:43 ---A- C:\Users\Amandine\Downloads\lws251.exe [74637872]
O61 - LFC: 01/06/2013 - 18:53:52 R--A- C:\Users\Amandine\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe [53248]
O61 - LFC: 01/06/2013 - 22:34:48 ---A- C:\Users\Amandine\Downloads\Jeux\Shaiya Evasion\Shaiya-Evasion_v1.1\shLauncher.cfg [76]
O61 - LFC: 02/06/2013 - 06:09:33 ---A- C:\Users\Amandine\AppData\Roaming\Yontoo\PlugIns.cache [31] =>Adware.Yontoo
O61 - LFC: 02/06/2013 - 12:17:48 ---A- C:\Users\Amandine\AppData\Local\PMB Files\cert\secmod.db [16384] =>P2P.Pando
O61 - LFC: 02/06/2013 - 12:18:09 ---A- C:\Users\Amandine\AppData\Roaming\Yontoo\dat\Desktop.OS.Plugin.dll [13600] =>Adware.Yontoo
O61 - LFC: 02/06/2013 - 12:20:48 ---A- C:\Users\Amandine\AppData\Local\PMB Files\pando.save [782] =>P2P.Pando
O61 - LFC: 02/06/2013 - 12:21:38 ---A- C:\Users\Amandine\AppData\Local\PMB Files\cert\cert8.db [65536] =>P2P.Pando
O61 - LFC: 02/06/2013 - 12:21:38 ---A- C:\Users\Amandine\AppData\Local\PMB Files\cert\key3.db [16384] =>P2P.Pando
O61 - LFC: 02/06/2013 - 12:27:27 ---A- C:\Users\Amandine\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [273240]
O61 - LFC: 02/06/2013 - 12:49:58 ---A- C:\Users\Amandine\Downloads\MGADiag.exe [2031992]
O61 - LFC: 02/06/2013 - 12:56:30 ---A- C:\Users\Amandine\Downloads\Jeux\Shaiya Evasion\Shaiya-Evasion_v1.1\data.saf [2875197946]
O61 - LFC: 02/06/2013 - 12:56:30 ---A- C:\Users\Amandine\Downloads\Jeux\Shaiya Evasion\Shaiya-Evasion_v1.1\data.sah [1008448]
O61 - LFC: 02/06/2013 - 12:58:18 ---A- C:\Users\Amandine\Downloads\Jeux\Shaiya Evasion\Shaiya-Evasion_v1.1\CONFIG.INI [5367]
O61 - LFC: 02/06/2013 - 13:02:14 ---A- C:\Users\Amandine\Downloads\Jeux\Shaiya Evasion\Shaiya-Evasion_v1.1\Game.dmp [65526]
O61 - LFC: 02/06/2013 - 13:03:33 ---A- C:\Users\Amandine\AppData\Local\Google\Chrome\User Data\Local State [31651]
O61 - LFC: 02/06/2013 - 13:03:36 ---A- C:\Users\Amandine\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt [5]
O61 - LFC: 30/05/2013 - 13:40:11 ---A- C:\Users\Amandine\AppData\Roaming\Yontoo\dat\Paladin.dat [85280] =>Adware.Yontoo
O61 - LFC: 30/05/2013 - 14:12:17 ---A- C:\Users\Amandine\Documents\Cours\CV LM\Assurance internationale.doc [465408]
O61 - LFC: 30/05/2013 - 14:19:06 ---A- C:\Users\Amandine\Documents\Cours\CV LM\Lettre de motivation AEP.doc.docx [15521]
O61 - LFC: 30/05/2013 - 15:31:45 ---A- C:\Users\Amandine\AppData\Roaming\eIntaller\6DEC258B9AF64a9bB9832F58DE9B4320\eGdpSvc.exe [11248]
O61 - LFC: 30/05/2013 - 15:31:45 ---A- C:\Users\Amandine\AppData\Roaming\eIntaller\6DEC258B9AF64a9bB9832F58DE9B4320\eXQ.exe [11244]
O61 - LFC: 30/05/2013 - 15:31:51 ---A- C:\Users\Amandine\AppData\Roaming\eIntaller\6DEC258B9AF64a9bB9832F58DE9B4320\Desk365.exe [4218832] =>Hijacker.22Find
O61 - LFC: 30/05/2013 - 16:43:06 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Data\frFR\expansion1-locale-frFR.MPQ [2809557]
O61 - LFC: 30/05/2013 - 17:31:18 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Data\frFR\expansion2-locale-frFR.MPQ [10830776]
O61 - LFC: 30/05/2013 - 17:45:55 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\BackgroundDownloader.exe [6377696]
O61 - LFC: 30/05/2013 - 18:03:19 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Data\base-Win.MPQ [28944487]
O61 - LFC: 30/05/2013 - 18:13:25 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Data\frFR\expansion1-speech-frFR.MPQ [48622406]
O61 - LFC: 30/05/2013 - 18:16:44 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Repair.exe [3249952]
O61 - LFC: 30/05/2013 - 18:19:51 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Data\frFR\expansion3-speech-frFR.MPQ [51784187]
O61 - LFC: 30/05/2013 - 18:20:42 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Data\frFR\temp\wow-update-frFR-14946.MPQ [53804781]
O61 - LFC: 30/05/2013 - 18:21:30 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Data\frFR\expansion2-speech-frFR.MPQ [119107748]
O61 - LFC: 30/05/2013 - 18:27:01 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Data\frFR\temp\wow-update-frFR-13914.MPQ [33708261]
O61 - LFC: 30/05/2013 - 18:27:25 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Battle.net.dll [15196408]
O61 - LFC: 30/05/2013 - 18:28:18 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Data\frFR\temp\wow-update-frFR-14333.MPQ [42827975]
O61 - LFC: 30/05/2013 - 18:28:28 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Data\wow-update-13287.MPQ [439572894]
O61 - LFC: 30/05/2013 - 18:28:44 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Data\wow-update-13596.MPQ [171195360]
O61 - LFC: 30/05/2013 - 18:29:14 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Data\expansion3.MPQ [663026233]
O61 - LFC: 30/05/2013 - 18:29:15 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Data\expansion1.MPQ [1426738997]
O61 - LFC: 30/05/2013 - 18:29:15 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Data\frFR\speech-frFR.MPQ [185194602]
O61 - LFC: 30/05/2013 - 18:29:16 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Data\art.MPQ [3265179888]
O61 - LFC: 30/05/2013 - 18:29:16 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Data\wow-update-13329.MPQ [167588901]
O61 - LFC: 30/05/2013 - 18:29:17 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Data\world.MPQ [2617195827]
O61 - LFC: 30/05/2013 - 18:29:18 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Data\sound.MPQ [1383261030]
O61 - LFC: 30/05/2013 - 18:29:18 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Data\wow-update-13164.MPQ [656543919]
O61 - LFC: 30/05/2013 - 18:29:19 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Data\expansion2.MPQ [2689420665]
O61 - LFC: 30/05/2013 - 18:29:20 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Data\frFR\locale-frFR.MPQ [337013950]
O61 - LFC: 30/05/2013 - 18:52:57 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Errors\2013-05-30 19.52.57 Error.txt [31236]
O61 - LFC: 30/05/2013 - 18:52:59 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Errors\2013-05-30 19.52.57 Error.dmp [186377]
O61 - LFC: 30/05/2013 - 18:53:01 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Errors\2013-05-30 19.53.01 Error.dmp [191628]
O61 - LFC: 30/05/2013 - 18:53:01 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Errors\2013-05-30 19.53.01 Error.txt [31299]
O61 - LFC: 30/05/2013 - 18:53:05 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Errors\2013-05-30 19.53.04 Error.dmp [194006]
O61 - LFC: 30/05/2013 - 18:53:05 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Errors\2013-05-30 19.53.04 Error.txt [31299]
O61 - LFC: 30/05/2013 - 18:53:11 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Errors\2013-05-30 19.53.11 Error.dmp [193406]
O61 - LFC: 30/05/2013 - 18:53:11 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Errors\2013-05-30 19.53.11 Error.txt [31377]
O61 - LFC: 30/05/2013 - 18:53:44 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Errors\2013-05-30 19.53.44 Error.dmp [199438]
O61 - LFC: 30/05/2013 - 18:53:44 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Errors\2013-05-30 19.53.44 Error.txt [30472]
O61 - LFC: 30/05/2013 - 18:54:09 ---A- C:\Users\Amandine\AppData\Roaming\transmission\Resume\DragonWar.fr-4.0.6a.db2b55bce229a568.resume [5638]
O61 - LFC: 30/05/2013 - 18:54:09 ---A- C:\Users\Amandine\AppData\Roaming\transmission\dht.dat [610]
O61 - LFC: 30/05/2013 - 18:54:09 ---A- C:\Users\Amandine\AppData\Roaming\transmission\stats.json [156]
O61 - LFC: 30/05/2013 - 18:54:10 ---A- C:\Users\Amandine\AppData\Roaming\transmission\settings.json [3413]
O61 - LFC: 30/05/2013 - 18:54:49 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\Scan.dll [51972]
O61 - LFC: 31/05/2013 - 13:54:15 ---A- C:\Users\Amandine\Documents\Downloads\DragonWar.fr-4.0.6a\WTF\Config.wtf [813]
~ 136 Fichiers temporaires (Temporary files)
~ 6 Fichiers cookies (Cookies files)
~ Files: 586 Legitimates Filtered in 16mn 01s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {0388404D-6072-4CEB-B521-8F090FEAEE57} [DefaultScope] - (Yahoo!) - http://klit.startnow.com =>Adware.Zugo
O69 - SBI: SearchScopes [HKCU] {043E1974-BDB0-4A13-A251-BE5BD6D69D80} - (Ask Search) - http://websearch.ask.com
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Delta Search) - http://www1.delta-search.com =>Toolbar.DeltaSearch
O69 - SBI: SearchScopes [HKCU] {73F8F4DE-C3C2-4FCF-99B6-55D063D42492} - (Web Search) - http://search.conduit.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche particuliere � la racine de certains dossiers (O84)
[MD5.0641A46F1E58529A42EAD4573A3A0861] [SPRF][21/07/2012] (...) -- C:\ProgramData\89EFA7FF7B.sys [8]
[MD5.8CC6FB85C2F4312C7549FCA1C33C786A] [SPRF][29/05/2013] (...) -- C:\ProgramData\KGyGaAvL.sys [3766]
[MD5.631DBBCF6FFCD5249D30A6CDE934D35F] [SPRF][04/11/2012] (.The GIMP Team - GIMP Setup.) -- C:\Users\Amandine\AppData\Local\Temp\34881-666577-gimp.exe [76225536]
[MD5.1025402B15012EBFD3F127D22D613020] [SPRF][21/10/2012] (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Users\Amandine\AppData\Local\Temp\38900-658974-java-runtime-environment-jre.exe [16754464]
[MD5.160EA9BA4F751C488CA4EF4A445FFC69] [SPRF][21/10/2012] (.Ask.com - AskStub Application.) -- C:\Users\Amandine\AppData\Local\Temp\APNStub.exe [357064]
[MD5.A0B75D24C18205E2D1D628ACE0D9DEB5] [SPRF][22/08/2012] (...) -- C:\Users\Amandine\AppData\Local\Temp\b7ce414e3dd841d3.exe [11274]
[MD5.8390E3FF29B6C223A3039C4E339EC832] [SPRF][09/09/2012] (...) -- C:\Users\Amandine\AppData\Local\Temp\defaultCache.reg [1472412]
[MD5.890A444D1059B0BCEB439E0425C22810] [SPRF][23/10/2011] (.Electronic Arts, Inc. - Origin.) -- C:\Users\Amandine\AppData\Local\Temp\EAD7703.exe [48106400]
[MD5.B390440E2147B310C645163B051260DE] [SPRF][08/04/2012] (.Adobe Systems Incorporated - Adobe� Flash� Player Installer/Uninstaller 11.2 r202.) -- C:\Users\Amandine\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe [4138656]
[MD5.A021A4299DB47255294BD2CB59904107] [SPRF][08/11/2011] (.Google Inc. - Google Toolbar Installer.) -- C:\Users\Amandine\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe [2376368]
[MD5.67657F148BE620729271D04ABF6AE973] [SPRF][21/10/2012] (...) -- C:\Users\Amandine\AppData\Local\Temp\guninstaller_babylon.exe [11293] =>Toolbar.Babylon
[MD5.A55B82103A202C20717F45C201EC4553] [SPRF][14/05/2013] (.Terra Informatica Software, Inc., British C - HTMLayout - embeddable HTML rendering and layout component.) -- C:\Users\Amandine\AppData\Local\Temp\htmlayout.dll [936960]
[MD5.0BBE2C5D09B20D19508F34CE40910428] [SPRF][30/05/2013] (...) -- C:\Users\Amandine\AppData\Local\Temp\ICReinstall_SkypeSetup (1).exe [607368]
[MD5.0BBE2C5D09B20D19508F34CE40910428] [SPRF][30/05/2013] (...) -- C:\Users\Amandine\AppData\Local\Temp\ICReinstall_SkypeSetup (2).exe [607368]
[MD5.A86F888BBE33FAD0576C69FBEED32E76] [SPRF][20/10/2011] (.Electronic Arts, Inc. - Origin installer extension.) -- C:\Users\Amandine\AppData\Local\Temp\installerdll2320936.dll [3039360]
[MD5.A86F888BBE33FAD0576C69FBEED32E76] [SPRF][20/10/2011] (.Electronic Arts, Inc. - Origin installer extension.) -- C:\Users\Amandine\AppData\Local\Temp\installerdll2333759.dll [3039360]
[MD5.0B54D0F88A5DC32A05FC66C0C963F407] [SPRF][19/08/2011] (.Electronic Arts, Inc. - Origin installer extension.) -- C:\Users\Amandine\AppData\Local\Temp\installerdll2872992.dll [3028608]
[MD5.2FF9B590342C62748885D459D082295F] [SPRF][22/08/2012] (.Adobe Systems, Inc. - Adobe� Flash� Player Installer/Uninstaller 11.0 r1.) -- C:\Users\Amandine\AppData\Local\Temp\InstallFlashPlayer.exe [89248]
[MD5.75E68C0C7910D38542792B1B5D0C179D] [SPRF][02/11/2012] (...) -- C:\Users\Amandine\AppData\Local\Temp\instloffer.exe [61494]
[MD5.0E2281AEC56203CA6A9E1848F7DBDF5A] [SPRF][19/10/2011] (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Users\Amandine\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe [909088]
[MD5.376EAD6E862E2957628576A77C08D1E1] [SPRF][22/04/2013] (.Pas de propri�taire - LyricsTube.) -- C:\Users\Amandine\AppData\Local\Temp\LyricsTube.exe [288489] =>Adware.AddLyrics
[MD5.D35D2CA3E93F361CC55F700E9E907247] [SPRF][14/05/2013] (.Pas de propri�taire - Sing Along.) -- C:\Users\Amandine\AppData\Local\Temp\lyrictmp.exe [283874]
[MD5.19CEE58DC4BD63D4AB21E3EC055EDF71] [SPRF][13/08/2010] (.Microsoft Corporation - Barre d'outils Bing.) -- C:\Users\Amandine\AppData\Local\Temp\MSN1269.exe [468232]
[MD5.6366C18D31940467BE88E9D5E403446A] [SPRF][23/03/2012] (...) -- C:\Users\Amandine\AppData\Local\Temp\msquafhm.dll [10240]
[MD5.71EA857B02F778B3D54BA59444A9F802] [SPRF][19/10/2011] (.Microsoft Corporation - Win32 Cabinet Self-Extractor.) -- C:\Users\Amandine\AppData\Local\Temp\rootsupd.exe [336280]
[MD5.CC9D0095E7C68788FF0A7A0B8D7199B0] [SPRF][21/09/2011] (...) -- C:\Users\Amandine\AppData\Local\Temp\scs.exe [454656]
[MD5.2E09006ABACEBC66F2E670022E91DF81] [SPRF][20/10/2011] (.Electronic Arts, Inc. - Origin.) -- C:\Users\Amandine\AppData\Local\Temp\Setup.exe [46985240]
[MD5.110292FB946BED3AE871281633253473] [SPRF][26/05/2013] (.Skype Technologies S.A. - Skype.) -- C:\Users\Amandine\AppData\Local\Temp\SkypeSetup.exe [30670440]
[MD5.B9270BA1B0D210F786D2E001A7BB902B] [SPRF][07/12/2012] (.Eclipse Foundation - SWT for Windows native library.) -- C:\Users\Amandine\AppData\Local\Temp\swt-win32-3740.dll [430080]
[MD5.2D2894581D355D5F44EAE38898A66846] [SPRF][01/01/2012] (.Conduit Ltd. - Conduit Toolbar.) -- C:\Users\Amandine\AppData\Local\Temp\tbVuze.dll [4398888] =>P2P.Azureus
[MD5.40ED501483E24786A5E3BD3D28D06733] [SPRF][29/08/2012] (...) -- C:\Users\Amandine\AppData\Local\Temp\tmp13a8700f.bat [202]
[MD5.067BECAFD5F884CEB2E86F766F965B5D] [SPRF][14/05/2013] (.Web Deals Interactive LLC - Installer.) -- C:\Users\Amandine\AppData\Local\Temp\toolbar3367921.exe [1418136]
[MD5.2A1486FAA80C007C5181CF964C5333EF] [SPRF][14/05/2013] (...) -- C:\Users\Amandine\AppData\Local\Temp\toolbar3369091.exe [786416]
[MD5.2A1486FAA80C007C5181CF964C5333EF] [SPRF][14/05/2013] (...) -- C:\Users\Amandine\AppData\Local\Temp\toolbar3496154.exe [786416]
[MD5.128B88FA937A4EEA0E778CF49A34891E] [SPRF][14/05/2013] (.AddLyrics - AddLyrics.) -- C:\Users\Amandine\AppData\Local\Temp\toolbar3505654.exe [327775] =>Adware.AddLyrics
[MD5.E28A290FBF38C63AB28B688784F5CB72] [SPRF][28/03/2009] (.Electronic Arts, Inc. - EADM Installer.) -- C:\Users\Amandine\AppData\Local\Temp\UninstallEADM.dll [195056]
[MD5.CBE0B05C11D5D523C2AF997D737C137B] [SPRF][19/10/2011] (.Microsoft Corporation - Microsoft Visual C++ 2010 x64 Redistributable Setup.) -- C:\Users\Amandine\AppData\Local\Temp\vcredist_x64.exe [5673816]
[MD5.CEDE02D7AF62449A2C38C49ABECC0CD3] [SPRF][19/10/2011] (.Microsoft Corporation - Microsoft Visual C++ 2010 x86 Redistributable Setup.) -- C:\Users\Amandine\AppData\Local\Temp\vcredist_x86.exe [4995416]
[MD5.342F79337765760AD4E392EB67D5ED2C] [SPRF][19/10/2011] (.Microsoft Corporation - Update Package.) -- C:\Users\Amandine\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe [2585872]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][14/01/2013] (...) -- C:\Users\Amandine\AppData\Local\Temp\{473AC462-A5F8-40CB-9FD4-8E31FB698278}.bat [0]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][14/01/2013] (...) -- C:\Users\Amandine\AppData\Local\Temp\{543D4306-4198-479C-BCFD-F4284403FA13}.bat [0]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][11/11/2012] (...) -- C:\Users\Amandine\AppData\Local\Temp\{5BCBEA8C-E344-4393-A7C7-0114549BC9F4}.bat [0]
[MD5.175C48DDDE1790415BF5328BBAD75536] [SPRF][21/05/2012] (.Intel Corporation - Intel MEDAL Capability Tool DLL.) -- C:\Users\Amandine\AppData\Roaming\JomCap.dll [20984]
[MD5.A31156B8D80A68E8F4354C63E0747BEB] [SPRF][05/03/2012] (...) -- C:\Users\Amandine\Desktop\eMule0.50a-Installer[1].exe [3389035]
[MD5.B17061DE647CE30B24DD661FD0BBB7C9] [SPRF][08/04/2002] (.GlobalSCAPE, Inc. - Pas de description.) -- C:\Program Files (x86)\cuteftpFR.exe [2458176]
~ Files: Scanned in 00mn 20s
---\\ Scan Additionnel (O88)
Database Version : v2.12368 - (01/06/2013)
Cl�s trouv�es (Keys found) : 195
Valeurs trouv�es (Values found) : 3
Dossiers trouv�s (Folders found) : 21
Fichiers trouv�s (Files found) : 12
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{006E6A46-8D55-4F10-BBA8-2C9653B4278B}] =>Adware.Boxore
[HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}] =>Adware.Yontoo
[HKLM\Software\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}] =>Adware.Yontoo
[HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] =>Adware.AskSBAR
[HKLM\Software\Classes\AppID\{32451DFC-C23B-4E12-866C-FC7982238504}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{32451DFC-C23B-4E12-866C-FC7982238504}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4}] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4}] =>Toolbar.Conduit
[HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon
[HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6492E171-2427-4932-B414-33574A089F5E}] =>Adware.Singalng
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6492E171-2427-4932-B414-33574A089F5E}] =>Adware.Singalng
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6492E171-2427-4932-B414-33574A089F5E}] =>Adware.Singalng
[HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}] =>Toolbar.Ask
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}] =>Adware.Zugo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}] =>Adware.Zugo
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}] =>Adware.Zugo
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\singalong@xenophesoft.com] =>Adware.Singalng
[HKLM\Software\Wow6432Node\Classes\Interface\{736EF78E-5A04-46F9-893E-EDEC6EA5DF45}] =>Adware.Agent
[HKLM\Software\Wow6432Node\Classes\Interface\{7A1BCE27-099C-4628-B63A-AEC00C6376B3}] =>Adware.Agent
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}] =>Adware.Yontoo
[HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}] =>Toolbar.Ask
[HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}] =>Adware.AskSBAR
[HKLM\Software\Wow6432Node\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}] =>Adware.AskSBAR
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0388404D-6072-4CEB-B521-8F090FEAEE57}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Adware.AskSBAR
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Adware.AskSBAR
[HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Classes\Interface\{AF3AFF7C-B9E9-48DD-9002-212B6DEAAC02}] =>Adware.Agent
[HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}] =>Adware.Yontoo
[HKLM\Software\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}] =>Adware.Yontoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Adware.AskSBAR
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Adware.AskSBAR
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Adware.AskSBAR
[HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon
[HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\Interface\{DBE82879-914A-422F-BAE9-2ECC80BE536F}] =>Adware.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Classes\Interface\{E12D7149-73EF-45E4-A1E9-99FD7DAE62D3}] =>Adware.Agent
[HKLM\Software\Wow6432Node\Classes\Interface\{F2B184F1-547C-4EE9-BFC4-AC489C7077D9}] =>Adware.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] =>Adware.Yontoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] =>Adware.Yontoo
[HKLM\Software\Classes\AppID\escort.dll] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\escortapp.dll] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\escorteng.dll] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\esrv.EXE] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\GenericAskToolbar.DLL] =>Adware.AskSBAR
[HKLM\Software\Classes\AppID\Toolbar.DLL] =>Toolbar.Agent
[HKLM\Software\Classes\escort.escortIEPane] =>PUP.Funmoods
[HKLM\Software\Classes\escort.escortIEPane.1] =>PUP.Funmoods
[HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd] =>Adware.AskSBAR
[HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1] =>Adware.AskSBAR
[HKLM\Software\Classes\Software.OneClickCtrl.8] =>Adware.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\1C875DDE39636004CA8CDAEC335B4160] =>Adware.PredictAd
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\430E8DB44F0E90547A3564A7E858C48D] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED] =>Toolbar.Ask
[HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\BA086F2D38A8E1A47912955A68B3AD24] =>Adware.PredictAd
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9] =>Adware.MyWebSearch
[HKCU\Software\APN] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\APN] =>Toolbar.Ask
[HKCU\Software\Ask.com] =>Toolbar.AskBar
[HKCU\Software\AppDataLow\Software\AskToolbar] =>Toolbar.AskTBar
[HKLM\Software\Wow6432Node\AskToolbar] =>Toolbar.AskTBar
[HKCU\Software\BabylonToolbar] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Boxore] =>Adware.Boxore
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKLM\Software\Tarma Installer] =>Toolbar.Tarma
[HKLM\Software\Wow6432Node\Tuto4pc] =>PUP.Eorezo
[HKCU\Software\Tutorials] =>Spyware.AgenceExclusive
[HKCU\Software\Zugo] =>Adware.Zugo
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASAPI32] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASMANCS] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}] =>Toolbar.AskBar
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\StartNow Toolbar] =>Adware.Zugo
[HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon
[HKLM\Software\Classes\Installer\Features\64A6E60055D801F4BB8AC269354B72B8] =>Adware.Boxore
[HKLM\Software\Classes\Installer\Products\64A6E60055D801F4BB8AC269354B72B8] =>Adware.Boxore
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\64A6E60055D801F4BB8AC269354B72B8] =>Adware.Boxore
[HKLM\Software\Wow6432Node\Classes\Installer\Features\64A6E60055D801F4BB8AC269354B72B8] =>Adware.Boxore
[HKLM\Software\Wow6432Node\Classes\Installer\Products\64A6E60055D801F4BB8AC269354B72B8] =>Adware.Boxore
[HKCU\Software\AppDataLow\Software\SingAlong] =>Adware.Singalng
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKLM\SYSTEM\CurrentControlSet\Services\supdate] =>Adware.Boxore
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}] =>PUP.Funmoods
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}] =>PUP.Funmoods
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2] =>Toolbar.Ask
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}] =>Adware.Zugo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}] =>Adware.Zugo
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}] =>Toolbar.DeltaSearch
[HKLM\SYSTEM\CurrentControlSet\Services\Yontoo Desktop Updater] =>Adware.Yontoo
[HKLM\Software\Classes\delta.deltaappCore] =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltaappCore.1] =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltadskBnd] =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltadskBnd.1] =>PUP.Funmoods
[HKLM\Software\Classes\AppID\ESRV.EXE] =>Adware.Facemoods
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EA69DAE1-1BC2-48ED-AB9A-24A5C8AC8071}] =>Adware.Boxore
[HKLM\Software\Classes\Installer\Features\1EAD96AE2CB1DE84BAA9425A8CCA0817] =>Adware.Boxore
[HKLM\Software\Classes\Installer\Products\1EAD96AE2CB1DE84BAA9425A8CCA0817] =>Adware.Boxore
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1EAD96AE2CB1DE84BAA9425A8CCA0817] =>Adware.Boxore
[HKLM\Software\Wow6432Node\Classes\Installer\Features\1EAD96AE2CB1DE84BAA9425A8CCA0817] =>Adware.Boxore
[HKLM\Software\Wow6432Node\Classes\Installer\Products\1EAD96AE2CB1DE84BAA9425A8CCA0817] =>Adware.Boxore
[HKLM\Software\Wow6432Node\Microsoft\Tracing\boxore_RASAPI32] =>Adware.Boxore
[HKLM\Software\Wow6432Node\Microsoft\Tracing\boxore_RASMANCS] =>Adware.Boxore
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\dcmagccbogebndpoodhhhafmofelpffh] =>PUP.RewardsArcade
[HKLM\Software\Classes\delta.deltaHlpr] =>toolbar.DeltaSearch
[HKLM\Software\Classes\delta.deltaHlpr.1] =>toolbar.DeltaSearch
[HKLM\Software\Classes\esrv.deltaESrvc] =>toolbar.DeltaSearch
[HKLM\Software\Classes\esrv.deltaESrvc.1] =>toolbar.DeltaSearch
[HKLM\Software\Classes\RewardsArcade.BHO] =>PUP.RewardsArcade
[HKLM\Software\Classes\RewardsArcade.Sandbox] =>PUP.RewardsArcade
[HKLM\Software\Classes\RewardsArcade.Sandbox.1] =>PUP.RewardsArcade
[HKLM\Software\Classes\YontooIEClient.Api] =>Adware.Yontoo
[HKLM\Software\Classes\YontooIEClient.Api.1] =>Adware.Yontoo
[HKLM\Software\Classes\YontooIEClient.Layers] =>Adware.Yontoo
[HKLM\Software\Classes\YontooIEClient.Layers.1] =>Adware.Yontoo
[HKLM\Software\Classes\AppID\escort.DLL] =>PUP.Funmoods
[HKLM\Software\Classes\AppID\escortApp.DLL] =>PUP.Funmoods
[HKLM\Software\Classes\AppID\escortEng.DLL] =>PUP.Funmoods
[HKLM\Software\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods
[HKLM\Software\Classes\AppID\YontooIEClient.DLL] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Classes\delta.deltaappCore] =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltaappCore.1] =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltadskBnd] =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltadskBnd.1] =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltaHlpr] =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltaHlpr.1] =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\esrv.deltaESrvc] =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\esrv.deltaESrvc.1] =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\escort.escortIEPane] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\escort.escortIEPane.1] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\RewardsArcade.BHO] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\RewardsArcade.Sandbox] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\RewardsArcade.Sandbox.1] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\YontooIEClient.Api] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Classes\YontooIEClient.Api.1] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Classes\YontooIEClient.Layers] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Classes\YontooIEClient.Layers.1] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Classes\AppID\escort.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\escortApp.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\escortEng.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\YontooIEClient.DLL] =>Adware.Yontoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
[HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{00000000-6E41-4FD3-8538-502F5495E5FC} =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Adware.AskSBAR
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]:Yontoo Desktop =>Adware.Yontoo
C:\Program Files (x86)\yontoo =>Adware.Yontoo
C:\Program Files (x86)\Ask.com =>Toolbar.AskBar
C:\Program Files (x86)\Boxore =>Adware.Boxore
C:\Program Files (x86)\SingAlong =>Adware.Singalng
C:\Program Files (x86)\Software =>Adware.Boxore
C:\Program Files (x86)\StartNow Toolbar =>Adware.Zugo
C:\Program Files (x86)\LyricsTube =>Adware.AddLyrics
C:\ProgramData\Babylon =>Toolbar.Babylon
C:\ProgramData\InstallMate =>Toolbar.Agent
C:\Users\Amandine\AppData\Roaming\yontoo =>Adware.Yontoo
C:\Users\Amandine\AppData\Roaming\Babylon =>Toolbar.Babylon
C:\Users\Amandine\AppData\Roaming\StartNow Toolbar =>Adware.Zugo
C:\Users\Amandine\AppData\Roaming\BabSolution =>Hijacker.BabSolution
C:\Users\Amandine\AppData\Roaming\eIntaller =>PUP.eSafeSecurity
C:\Users\Amandine\AppData\Local\EoRezo =>PUP.Eorezo
C:\Users\Amandine\AppData\Local\Software =>Adware.Boxore
C:\Users\Amandine\AppData\LocalLow\AskToolbar =>Toolbar.AskTBar
C:\Users\Amandine\AppData\Local\Temp\Iminent =>Adware.IMBooster
C:\Users\Amandine\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc =>Adware.Yontoo
C:\Users\Amandine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbpohikckhbcljgombipcdoinkaedlfa =>Spyware.SmartDisplay
C:\Users\Amandine\AppData\Local\Google\Chrome\User Data\Default\Extensions\incfcgceegpikennjoplhfghaaikdgei =>Adware.Zugo
C:\Users\Amandine\AppData\Local\Temp\instloffer.exe =>PUP.OfferBox
C:\Users\Amandine\AppData\Local\Temp\guninstaller_babylon.exe =>PUP.SweetIM
C:\Users\Amandine\AppData\Local\Temp\square_babylonv2.bmp =>PUP.SweetIM
C:\Users\Amandine\AppData\Local\Temp\square_babylonv3.bmp =>PUP.SweetIM
C:\Users\Amandine\AppData\Local\Temp\square_lollipop.bmp =>Adware.Lollipop
C:\Users\Amandine\AppData\Local\Temp\GoogleToolbarInstaller1.log =>Toolbar.Babylon
C:\Users\Amandine\AppData\Local\Temp\GoogleToolbarInstaller2.log =>Toolbar.Babylon
C:\Users\Amandine\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe =>Toolbar.Babylon
C:\Users\Amandine\AppData\Local\Temp\pricepeep_logo.bmp =>Adware.PricePeep
C:\Users\Amandine\AppData\Local\Temp\square_pricepeep.bmp =>Adware.PricePeep
C:\Users\Amandine\AppData\Local\Temp\tbVuze.dll =>Toolbar.Conduit
~ Additionnel Scan: 419349 Items scanned in 01mn 12s
---\\ Product Upgrade Codes (O90)
O90 - PUC: "16F2A4FD62E115D449BB637D6787DBDA" . (.PSPH10Pro.) -- C:\Windows\Installer\{DF4A2F61-1E26-4D51-94BB-36D77678BDAD}\ARPPRODUCTICON.exe
O90 - PUC: "1EAD96AE2CB1DE84BAA9425A8CCA0817" . (.Boxore Client.) -- C:\Windows\Installer\{EA69DAE1-1BC2-48ED-AB9A-24A5C8AC8071}\boxore.ico =>Adware.Boxore
O90 - PUC: "79320CFDFE0E198428E05174CD6C07B1" . (.ContentHD.) -- C:\Windows\Installer\{DFC02397-E0EF-4891-820E-1547DCC6701B}\ARPPRODUCTICON.exe
O90 - PUC: "A28B4D68DEBAA244EB686953B7074FEF" . (.Ask Toolbar.) -- C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe =>Toolbar.Ask
~ Update Products: 165 Legitimates Filtered in 00mn 00s
---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 04/04/2012 63928 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 15/05/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 03/03/2009 89600 | (AESTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\IDT\WDM\AESTSr64.exe
SR - | Auto 14/07/2009 27136 | c:\program files (x86)\common files\akamai\netsession_win_ca0e279.dll (Akamai) . (.Akamai Technologies, Inc..) - C:\Windows\System32\svchost.exe
SR - | Auto 08/02/2011 956192 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
SR - | Auto 02/12/2011 1043872 | (Credential Vault Host Control Service) . (.Broadcom Corporation.) - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
SR - | Auto 02/12/2011 36768 | (Credential Vault Host Storage) . (.Broadcom Corporation.) - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
SR - | Auto 08/05/2012 2279960 | (DFEPService) . (.Dell Inc..) - C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
SS - | Auto 08/11/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 08/11/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 21/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Auto 22/09/2010 165032 | (Intel(R) PROSet Monitoring Service) . (.Intel Corporation.) - C:\Windows\system32\IProsetMonitor.exe
SR - | Auto 21/05/2012 212984 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
SR - | Auto 19/01/2012 325912 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 19/02/2011 1836616 | (ntrtscan) . (.Trend Micro Inc..) - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe
SR - | Auto 11/02/2010 72296 | (O2FLASH) . (.O2Micro International.) - C:\Windows\System32\DRIVERS\o2flash.exe
SR - | Auto 8192 | (O2SDIOAssist) . (...) - c:\Windows\SysWOW64\srvany.exe
SR - | Auto 24/10/2009 360224 | (PMBDeviceInfoProvider) . (.Sony Corporation.) - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
SR - | Auto 11/03/2010 193824 | (PSI_SVC_2) . (.Protexis Inc..) - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
SS - | Demand 25/11/2010 1116656 | (RoxMediaDB12OEM) . (.Sonic Solutions.) - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
SS - | Auto 25/11/2010 219632 | (RoxWatch12) . (.Sonic Solutions.) - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
SR - | Auto 16/12/2012 123664 | (SbieSvc) . (.SANDBOXIE L.T.D.) - C:\Program Files\Sandboxie\SbieSvc.exe
SR - | Auto 25/01/2011 296448 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV64.exe
SS - | Demand 08/11/2010 74392 | (stllssvr) . (.MicroVision Development, Inc..) - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
SS - | Auto 21/10/2012 139576 | (supdate) . (.Boxore OU..) - C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe =>Adware.Boxore
SR - | Auto 07/04/2011 50704 | (svcGenericHost) . (.Trend Micro Inc..) - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
SS - | Auto 1637888 | (tcsd_win32.exe) . (...) - C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
SR - | Demand 06/07/2009 570632 | (TMBMServer) . (.Trend Micro Inc..) - c:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe
SR - | Auto 19/02/2011 2060896 | (tmlisten) . (.Trend Micro Inc..) - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe
SS - | Demand 21/07/2010 596032 | (TmPfw) . (.Trend Micro Inc..) - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe
SR - | Demand 21/07/2010 917840 | (TmProxy) . (.Trend Micro Inc..) - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe
SR - | Auto 19/01/2012 2594584 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 265952 | (Updater Service for StartNow Toolbar) . (...) - C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe =>Adware.Zugo
SR - | Auto 18/01/2011 48128 | (wltrysvc) . (.Dell Inc..) - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.exe
SR - | Auto 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Auto 13/03/2013 23552 | (Yontoo Desktop Updater) . (.Microsoft.) - C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe =>Adware.Yontoo
~ Services: Scanned in 00mn 12s
---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
~ MBR: 1 Legitimates Filtered in 00mn 02s
---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Amandine at 02/06/2013 14:31:16
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
~ 1761 Legitimates filtered by white list
End of the scan (955 lines in 27mn 33s)(0)