Publicité
Publicité
Format du document : text/plain
Prévisualisation
Rapport de ZHPDiag v2013.4.9.53 par Nicolas Coolman, Update du 9/04/2013
Run by User at 10/04/2013 14:45:29
State : Version � jour.
High Elevated Privileges : OK
UAC :
---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 16.0.2 v16.0.2
GCIE: Google Chrome v26.0.1410.43 (Defaut)
---\\ Windows Product Information
~ Langage: Fran�ais
Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
~ Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : WQD8Q
Windows License : OK
Windows Automatic Updates : OK
---\\ System Protection
Avira AntiVir Personal - Free Antivirus v10.2.0.167
MSCU for Microsoft Vista v1.0.1.1
---\\ System Information
~ Processor: x86 Family 6 Model 15 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1021 MB (14% free)
System Restore: Activ� (Enable)
System drive C: has 1 GB (0%) free of 143 GB
---\\ Logged in mode
~ Computer Name: PC-DE-USER
~ User Name: User
~ All Users Names: User, UpdatusUser, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\User\AppData\Roaming\
~ %Desktop% : C:\Users\User\Desktop\
~ %Favorites% : C:\Users\User\Favorites\
~ %LocalAppData% : C:\Users\User\AppData\Local\
~ %StartMenu% : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\System32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 1 Go of 143 Go)
D:\ CD-ROM drive (Not Inserted)
E:\ Hard drive, Flash drive, Thumb drive (Free 5 Go of 6 Go)
F:\ CD-ROM drive (Not Inserted)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Security Center: Scanned in 00mn 00s
---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 7:27:36.) -- C:\WINDOWS\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de d�marrage de Windows.) (.19/01/2008 - 8:33:37.) -- C:\WINDOWS\System32\Wininit.exe [96768]
[MD5.C5B6468422DB1C8AA36C32CBB0197E5E] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/02/2013 - 4:38:00.) -- C:\WINDOWS\System32\wininet.dll [1129472]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 7:28:13.) -- C:\WINDOWS\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\WINDOWS\system32\Drivers\AFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 7:32:26.) -- C:\WINDOWS\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.19/01/2008 - 6:28:02.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 5:39:17.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\WINDOWS\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 5:42:42.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.19/01/2008 - 6:49:18.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.19/01/2008 - 6:56:28.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 5:45:37.) -- C:\WINDOWS\system32\Drivers\netBT.sys [185856]
[MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - Pilote du syst�me de fichiers NT.) (.3/03/2013 - 20:07:52.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [1082232]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parall�le.) (.2/11/2006 - 9:51:30.) -- C:\WINDOWS\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.19/01/2008 - 6:56:34.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [76288]
[MD5.E8BD98D46F2ED77132BA927FCCB47D8B] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.2/11/2006 - 10:03:00.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [242688]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 5:45:22.) -- C:\WINDOWS\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 5:45:56.) -- C:\WINDOWS\system32\Drivers\tdx.sys [72192]
[MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.21/08/2012 - 12:47:42.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [224640]
~ Generic Processes: Scanned in 00mn 08s
---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 1/3
~ Mes musiques (My Musics) : 1/22
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/54
~ Mes Documents (My Documents) : 24/2234
~ Mon Bureau (My Desktop) : 12/497
~ Menu demarrer (Programs) : 0/32
~ Hidden Files: Scanned in 00mn 32s
---\\ Processus lanc�s
[MD5.7A6B6ED4E0E167065AE9774D8C715E0B] - (...) -- C:\Program Files\Polar\WebSync\WebSync.exe [6227512] [PID.3444]
[MD5.311CCA642D0BFAF29EBC2C0D71CBB286] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [1820520] [PID.3032]
[MD5.C0063DB87FB34539697460ED1A231F60] - (.Pas de propri�taire - BlueSoleil Bttray.) -- C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe [279552] [PID.1584]
[MD5.B0BF698030DB6561393AE753C6D3F936] - (.Google Inc. - Google Chrome.) -- C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe [1312720] [PID.3876]
[MD5.7E4AD8220AF0B281274F9785DD53E25C] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [18642024] [PID.1132]
[MD5.B588979D6910F9BE2D244FCBE2111DBF] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [6620160] [PID.4368]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.4844]
[MD5.A3B80E6B7CDE9660F639658739A5824E] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 306.2.) -- C:\Windows\system32\nvvsvc.exe [645992] [PID.924]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1292]
[MD5.954CA32CB0E3CCD19956D900A4A9F3FC] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [864104] [PID.1396]
[MD5.23C3A0680042C0D1DE1F360F8B62BC57] - (.Microsoft Corporation - Infrastructure d'extensibilit� pour les ser.) -- C:\Windows\system32\WLANExt.exe [74240] [PID.1888]
[MD5.A5BCBAF0477C4869B67E0195AEA4A9CD] - (.Avira GmbH - Antivirus Scheduler.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [136360] [PID.1988]
[MD5.3CCE4AFA4AACDB28E01A148394212186] - (.Avira GmbH - Antivirus On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [269480] [PID.484]
[MD5.80AAA0E1274435815BA8228E96CCE514] - (.Pas de propri�taire - BlueSoleilCS Module.) -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [837120] [PID.940]
[MD5.CDE000884FD7BAF0C1FDFE029B0891DE] - (.Avira GmbH - AntiVir shadow copy service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [76968] [PID.1300]
[MD5.C832A3622A35CA7C595EA8CA385BA813] - (.Broadcom Corporation. - Bluetooth Support Server.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [555560] [PID.1592]
[MD5.DBAFC6734C054FEEF9087754BD80F847] - (.Pas de propri�taire - CLCapSvc Module.) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [262243] [PID.1588]
[MD5.582F2D900A3AC34C98FBDC2C0ABEF6B9] - (.Intel Corporation - RAID Monitor.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [355096] [PID.1524]
[MD5.559C9B7800FAC92FC515CD0003D7C631] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440] [PID.2040]
[MD5.652565EA2FAB8E7366101A0B04DECBBC] - (...) -- C:\Program Files\Polar\Daemon\polard.exe [419536] [PID.2172]
[MD5.6987DC1DD7A7159752DFB1F6AABAE062] - (.Intel(R) Corporation - Intel(R) PROSet/Wireless Registry Service.) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [481552] [PID.2332]
[MD5.388AE59FE75F1B959DFA0900923C61BB] - (.Skype Technologies S.A. - Skype C2C Service.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000] [PID.2412]
[MD5.9D6A019DEA917F305AF23209FEDD5F16] - (.Intel(R) Corporation - Intel(R) PROSet/Wireless Event Log Service.) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe [870672] [PID.2624]
[MD5.2A7AF088B95D3A0B01A5C4BF49388A0B] - (.Microsoft Corporation - IAS Host.) -- C:\Windows\system32\iashost.exe [17408] [PID.3340]
[MD5.FBF30775527CCB9D9EEB4D5DAE2C0841] - (.Pas de propri�taire - BsHelpCS Module.) -- C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [98407] [PID.860]
[MD5.2CEEB349216FEBD91A907013D4ABCFF7] - (.Hewlett-Packard - HP Health Check Service.) -- C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [62984] [PID.2572]
~ Processes Running: Scanned in 00mn 05s
---\\ Google Chrome, D�marrage,Recherche,Extensions (G0,G1,G2)
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] None
~ Google Browser: Scanned in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zg8byx6w.default\prefs.js
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zg8byx6w.default\user.js
M3 - MFPP: Plugins - [User] -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zg8byx6w.default\searchplugins\daemon-search.xml
M3 - MFPP: Plugins - [User] -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zg8byx6w.default\searchplugins\Plusnetwork.xml
M3 - MFPP: Plugins - [User] -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zg8byx6w.default\searchplugins\Search_Results.xml
M3 - MFPP: Plugins - [User] -- C:\Program Files\Mozilla FireFox\searchplugins\babylon.xml =>Toolbar.Babylon
M0 - MFSP: prefs.js [User - zg8byx6w.default] http://search.babylon.com =>Toolbar.Babylon
M2 - MFEP: prefs.js [User - zg8byx6w.default\ffxtlbr@babylon.com] [] Babylon v1.1.9 (.Babylon.) =>Toolbar.Babylon
M2 - MFEP: prefs.js [User - zg8byx6w.default\ipfuck@p4ul.info] [] ipFuck v1.0.1 (.Paul Da Silva.)
M2 - MFEP: prefs.js [User - zg8byx6w.default\{20a82645-c095-46ed-80e3-08825760534b}] [MicrosoftCG] Microsoft .NET Framework Assistant v1.2.1 (.Microsoft.)
M2 - MFEP: prefs.js [User - zg8byx6w.default\{5384767E-00D9-40E9-B72F-9CC39D655D6F}] [] EPUBReader v1.4.2.1 (.Michael Volz.)
M2 - MFEP: prefs.js [User - zg8byx6w.default\{d122ad80-ff45-11dd-87af-0800200c9a66}] [] Green Fox v16.0.24.10.12 (.Jivko Evgeniev.)
M2 - MFEP: prefs.js [User - zg8byx6w.default\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}] [] Torbutton v1.2.5 (.Mike Perry & Scott Squires.)
P2 - FPN:Firefox Plugin Navigator . (.vShare.tv - vShare.tv plug-in.) -- C:\Program Files\Mozilla Firefox\Plugins\npvsharetvplg.dll
P2 - FPN: [HKLM] [@pandonetworks.com/PandoWebPlugin] - (.Pando Networks - Pando Web Plugin.) -- C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
P2 - FPN: [HKCU] [pandonetworks.com/PandoWebPlugin] - (.Pando Networks - Pando Web Plugin.) -- C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
~ Firefox Browser: 31 Legitimates Scanned in 00mn 02s
---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com =>Toolbar.Babylon
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Pando Networks - Pando Web Plugin.) (No version) -- (.not file.)
~ IE Browser: 13 Legitimates Scanned in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (.not file.)
~ BHO: 3 Legitimates Scanned in 00mn 00s
---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent, Inc. - �Torrent.) -- C:\Program Files\uTorrent\uTorrent.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-21-2194683331-645585910-1968582170-1000\..\Run: [uTorrent] . (.BitTorrent, Inc. - �Torrent.) -- C:\Program Files\uTorrent\uTorrent.exe
O4 - HKUS\S-1-5-21-2194683331-645585910-1968582170-1000\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Programs: Windows Mail.lnk . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files\Windows Mail\WinMail.exe
O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\QuickLaunch: CCleaner (2).lnk . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe
O4 - GS\QuickLaunch: CCleaner.lnk . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe
O4 - GS\QuickLaunch: DAEMON Tools Lite.lnk . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch: JDownloader.lnk . (.AppWork UG (haftungsbeschränkt) - JDownloader Launcher v4.) -- C:\Program Files\JDownloader\JDownloaderD3D.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch: Polar WebSync.lnk . (...) -- C:\Program Files\Polar\WebSync\WebSync.exe
O4 - GS\QuickLaunch: R i386 2.15.2.lnk . (...) -- C:\Program Files\R\R-2.15.2\bin\i386\Rgui.exe
O4 - GS\QuickLaunch: Unibet.lnk . (.Microgaming - Microgaming Poker Engine.) -- C:\Microgaming\Poker\unibetpokerMPP\MPPoker.exe
O4 - GS\QuickLaunch: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\QuickLaunch: �Torrent.lnk . (.BitTorrent, Inc. - �Torrent.) -- C:\Program Files\uTorrent\uTorrent.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\SendTo\Assistant Transfert de fichiers Bluetooth.LNK.backup . (...) -- C:\Users\User\AppData\Roaming\Microsoft\Windows\SendTo\Assistant Transfert de fichiers Bluetooth.LNK.backup
O4 - GS\SendTo: Bluetooth.lnk - Cl� orpheline
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - Global Startup: C:\Users\User\Desktop\Football Manager 2011.url . (...) -- C:\Users\User\Desktop\Football Manager 2011.url
O4 - GS\Desktop: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
~ Global Startup: Scanned in 00mn 42s
---\\ Boutons situ�s sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: PokerStars.be - {878AC5FC-BE78-4bae-896C-7F75B790A71E} -- Cl� orpheline
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico (.not file.)
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Winsock hijacker (Layered Service Provider) (O10)
~ Winsock: 7 Legitimates Scanned in 00mn 00s
---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKCU\...\Domains] *.clonewarsadventures.com
O15 - Trusted Zone: [HKCU\...\Domains] *.freerealms.com
O15 - Trusted Zone: [HKCU\...\Domains] *.soe.com
O15 - Trusted Zone: [HKCU\...\Domains] *.sony.com
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0BC06432-DC02-464F-A5F8-92BC6907305D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D5F4A5B-FF2F-485A-B4AB-881FA2F5EF3F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0BC06432-DC02-464F-A5F8-92BC6907305D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{7D5F4A5B-FF2F-485A-B4AB-881FA2F5EF3F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{0BC06432-DC02-464F-A5F8-92BC6907305D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{7D5F4A5B-FF2F-485A-B4AB-881FA2F5EF3F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Cl� de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
~ SSODL: 1 Legitimates Scanned in 00mn 00s
---\\ Cl� de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioth�que de l'interface utilisateur du.) -- C:\WINDOWS\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: Polar Daemon (Polar Daemon) . (...) - C:\Program Files\Polar\Daemon\polard.exe
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe
~ Services: 16 Legitimates Scanned in 00mn 16s
---\\ Enum�ration Active Desktop & MHTML Editor (O24)
~ Desktop Component: 1 Legitimates Scanned in 00mn 00s
---\\ BootExecute (O34)
~ BEX: 1 Legitimates Scanned in 00mn 00s
---\\ T�ches planifi�es en automatique (O39)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\PC Doc Pro Reminder.job [392]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\PC Doc Pro Scheduled Scan.job [396]
[MD5.00000000000000000000000000000000] [APT] [{5201C2B9-9D2C-48CE-8F6B-D37AAE6BCB8F}] (...) -- G:\autorun.exe (.not file.) [0]
~ Scheduled Task: 13 Legitimates Scanned in 00mn 11s
---\\ Composants install�s (ActiveSetup Installed Components) (O40)
~ Active Setup: 12 Legitimates Scanned in 00mn 01s
---\\ Pilotes lanc�s au d�marrage (O41)
~ Drivers: 66 Legitimates Scanned in 00mn 02s
---\\ Logiciels install�s (O42)
O42 - Logiciel: Java 7 Update 9 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83217009FF}
O42 - Logiciel: Pando Media Booster - (.Pando Networks Inc..) [HKLM] -- {980A182F-E0A2-4A40-94C1-AE0C1235902E}
O42 - Logiciel: Plus500 - (...) [HKLM] -- Plus500
O42 - Logiciel: Polar Daemon - (.Polar Electro Oy.) [HKLM] -- {2BA9320D-E061-4C71-ACCB-AC0E9D4FC82B}
O42 - Logiciel: Polar WebSync - (.Polar Electro Oy.) [HKLM] -- {320453EE-6AEA-4E1A-8E64-72F33C0C928F}
O42 - Logiciel: Unibet - (...) [HKLM] -- unibetpoker (Poker)
O42 - Logiciel: �Torrent - (.BitTorrent Inc..) [HKLM] -- uTorrent
~ Logic: 112 Legitimates Scanned in 00mn 02s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AT&T Labs]
[HKCU\Software\BitTorrent]
[HKCU\Software\Comical]
[HKCU\Software\DjVuSolo]
[HKCU\Software\Frogster Online Gaming]
[HKCU\Software\InstallCore] =>PUP.InstallCore
[HKCU\Software\MGS]
[HKCU\Software\Magic Workstation]
[HKCU\Software\Mth]
[HKCU\Software\PC Doc Pro]
[HKCU\Software\Pando Networks]
[HKCU\Software\Plus500]
[HKCU\Software\Polar Electro Oy]
[HKCU\Software\PopitNG]
[HKCU\Software\polar]
[HKCU\Software\vShare.tv]
[HKLM\Software\Babylon] =>Toolbar.Babylon
[HKLM\Software\Frogster Online Gaming]
[HKLM\Software\Full Tilt Poker]
[HKLM\Software\LKSoft]
[HKLM\Software\MSPG32]
[HKLM\Software\Mth]
[HKLM\Software\Pando Networks]
[HKLM\Software\Patch My PC]
[HKLM\Software\Polar Electro]
[HKLM\Software\THe UDS]
[HKLM\Software\WindowsDoctor]
~ Key Software: 239 Legitimates Scanned in 00mn 02s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 26/01/2013 - 14:37:56 - [0,246] ----D C:\Program Files\Comical
O43 - CFD: 27/11/2011 - 0:17:32 - [7,133] ----D C:\Program Files\Pando Networks
O43 - CFD: 17/01/2013 - 16:23:03 - [0] ----D C:\Program Files\PokerStars.BE
O43 - CFD: 17/03/2013 - 11:54:05 - [25,513] ----D C:\Program Files\Polar
O43 - CFD: 27/11/2012 - 13:50:14 - [76,803] ----D C:\Program Files\R
O43 - CFD: 6/11/2012 - 18:17:53 - [0,381] ----D C:\Program Files\uTorrent
O43 - CFD: 9/01/2012 - 11:42:33 - [0,396] ----D C:\Program Files\vShare.tv plugin
O43 - CFD: 23/11/2011 - 20:21:27 - [0,000] ----D C:\Program Files\WordBiz
O43 - CFD: 26/03/2011 - 12:02:30 - [1,883] ----D C:\Program Files\Common Files\LKSoft
O43 - CFD: 11/04/2012 - 19:59:38 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon
O43 - CFD: 17/12/2011 - 20:37:16 - [0,000] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 11/03/2012 - 14:13:53 - [0] ----D C:\ProgramData\MGS
O43 - CFD: 26/03/2011 - 11:24:51 - [1,257] ----D C:\ProgramData\VSprint company
O43 - CFD: 11/04/2012 - 19:59:37 - [0,006] ----D C:\Users\User\AppData\Roaming\Babylon =>Toolbar.Babylon
O43 - CFD: 22/09/2012 - 15:42:52 - [0,586] ----D C:\Users\User\AppData\Roaming\Image Zone Express
O43 - CFD: 26/03/2011 - 12:01:51 - [0,378] ----D C:\Users\User\AppData\Roaming\LKSoft
O43 - CFD: 29/10/2012 - 18:02:03 - [2,927] ----D C:\Users\User\AppData\Roaming\Microgaming
O43 - CFD: 10/10/2011 - 15:29:50 - [0,314] ----D C:\Users\User\AppData\Roaming\Polar WebSync
O43 - CFD: 24/05/2011 - 9:42:23 - [0,003] ----D C:\Users\User\AppData\Roaming\Printer Info Cache
O43 - CFD: 10/04/2013 - 12:04:39 - [-1563,716] ----D C:\Users\User\AppData\Roaming\uTorrent
O43 - CFD: 26/03/2011 - 11:25:25 - [0] ----D C:\Users\User\AppData\Roaming\VSprint company
O43 - CFD: 11/04/2012 - 19:59:42 - [4,187] ----D C:\Users\User\AppData\Local\Babylon =>Toolbar.Babylon
O43 - CFD: 4/01/2013 - 17:19:40 - [27,648] ----D C:\Users\User\AppData\Local\Plus500
O43 - CFD: 17/01/2013 - 16:22:47 - [0] ----D C:\Users\User\AppData\Local\PokerStars.BE
O43 - CFD: 4/01/2013 - 17:19:45 - [0] ----D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plus500
~ 361 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 654 Legitimates Scanned in 02mn 03s
---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.A506A50EE7713A441F505BFC65EE7209] - 10/04/2013 - 9:43:18 ---A- . (...) -- C:\WINDOWS\System32\bscs.ini [931]
~ Files: 36 Legitimates Scanned in 02mn 45s
---\\ Derniers fichiers cr��s dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.71AF6A6E4D4DD2905B8D1158F8CFAC73] - 10/04/2013 - 11:56:33 ---A- - C:\WINDOWS\Prefetch\SUMATRAPDF.EXE-E69A2FFF.pf
O45 - LFCP:[MD5.7020A1EA20D02FD003E1C4BBAAD4DF0D] - 10/04/2013 - 9:44:08 ---A- - C:\WINDOWS\Prefetch\IWRAP.EXE-E6AE5E1C.pf
O45 - LFCP:[MD5.2B7A150EF07DE348906D603568C3B9BA] - 10/04/2013 - 9:44:25 ---A- - C:\WINDOWS\Prefetch\IASHOST.EXE-D1717562.pf
O45 - LFCP:[MD5.0330228FEB704B1A7DC2B2F6223836CC] - 10/04/2013 - 9:46:50 ---A- - C:\WINDOWS\Prefetch\BSHELPCS.EXE-8C3821E0.pf
O45 - LFCP:[MD5.3698FF080992C348F6AB3AC45B0537AA] - 10/04/2013 - 9:47:59 ---A- - C:\WINDOWS\Prefetch\UTORRENT.EXE-07DD3997.pf
O45 - LFCP:[MD5.123E29395453268527CBF21BEC901DD9] - 3/04/2013 - 7:09:48 ---A- - C:\WINDOWS\Prefetch\PLUS500.EXE-EC1B528B.pf
O45 - LFCP:[MD5.7282C0D30EA9DE14115E83556DBF426E] - 3/04/2013 - 7:10:42 ---A- - C:\WINDOWS\Prefetch\500Z.EXE-1A1FC54C.pf
O45 - LFCP:[MD5.8F3A2017EBB92233ECCD313AE930473B] - 3/04/2013 - 7:11:09 ---A- - C:\WINDOWS\Prefetch\RESOURCECHANGE.EXE-DFDA523F.pf
O45 - LFCP:[MD5.9EBE6B62794A943CA3F5C4815CE0975C] - 3/04/2013 - 7:11:23 ---A- - C:\WINDOWS\Prefetch\INVESTSOFTPROJECT.EXE-A6F93117.pf
O45 - LFCP:[MD5.CDA9D8C1B0983B2B075F1939D9CCEC01] - 3/04/2013 - 7:12:02 ---A- - C:\WINDOWS\Prefetch\GETMAC.EXE-3443D198.pf
O45 - LFCP:[MD5.B5143DF51E94033350EA2A97766E53BC] - 5/04/2013 - 19:31:21 ---A- - C:\WINDOWS\Prefetch\SKYE8A8.TMP-E789D03B.pf
O45 - LFCP:[MD5.BDE45112150D330B3F0E05500FF0049A] - 9/04/2013 - 10:30:55 ---A- - C:\WINDOWS\Prefetch\MPC-HC.EXE-60D5C967.pf
~ Prefetcher: 119 Legitimates Scanned in 00mn 01s
---\\ D�ni du service (Local Security Authority) (O48)
~ LSA: 7 Legitimates Scanned in 00mn 00s
---\\ Contr�le du Safe Boot (CSB) (O49)
~ CBS: 15 Legitimates Scanned in 00mn 00s
---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{e2b305a3-7e28-11e1-9571-001b24e09258}\AutoRun\command. (...) -- H:\LaunchU3.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Trojan Driver Search Data (HKLM) (O52)
~ TDSD: 14 Legitimates Scanned in 00mn 01s
---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\avgnt [Key] . (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
O53 - SMSR:HKLM\...\startupreg\BtTray [Key] . (.Pas de propri�taire - BlueSoleil Bttray.) -- C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
O53 - SMSR:HKLM\...\startupreg\EA Core [Key] . (...) -- C:\Program Files\Electronic Arts\EADM\Core.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\lan [Key] . (...) -- C:\Users\User\chat-land\Chat-Landmessenger.jar (.not file.) =>Hijacker.ChercheUS
O53 - SMSR:HKLM\...\startupreg\Launcher [Key] . (.soft thinks - Launcher.) -- C:\WINDOWS\SMINST\launcher.exe
O53 - SMSR:HKLM\...\startupreg\SMSERIAL [Key] . (.Motorola Inc. - SM56 Modem Helper.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (.BitTorrent, Inc. - �Torrent.) -- C:\Program Files\uTorrent\uTorrent.exe
~ SMSR Keys: 33 Legitimates Scanned in 00mn 03s
---\\ Microsoft Control Security Providers (O54)
~ MSCP: 2 Legitimates Scanned in 00mn 00s
---\\ Microsoft Windows Policies System (O55)
~ MWPS: 13 Legitimates Scanned in 00mn 00s
---\\ Microsoft Windows Policies Explorer (O56)
~ MWPE Keys: 1 Legitimates Scanned in 00mn 00s
---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.2EDC5BBAC6C651ECE337BDE8ED97C9FB] - 2/11/2006 - 10:51:38 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\WINDOWS\System32\Drivers\adp94xx.sys [420968]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 2/11/2006 - 8:09:42 ---A- . (...) -- C:\WINDOWS\System32\ANSI.SYS [9029]
~ Drivers: Scanned in 00mn 00s
---\\ Derniers fichiers modifi�s ou cr�es (Utilisateur) (O61)
O61 - LFC: 10/04/2013 - 10:00:31 ---A- C:\Users\User\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [268934]
O61 - LFC: 10/04/2013 - 10:28:47 ---A- C:\Users\User\Downloads\modal+qualif+2013+02+12.doc [405504]
O61 - LFC: 10/04/2013 - 10:35:47 ---A- C:\Users\User\Downloads\NPC_calendrier_2013 (1).xls [144896]
O61 - LFC: 10/04/2013 - 10:47:50 ---A- C:\Users\User\AppData\Roaming\uTorrent\settings.dat.old [15201]
O61 - LFC: 10/04/2013 - 11:04:39 ---A- C:\Users\User\AppData\Roaming\uTorrent\dht.dat [1570]
O61 - LFC: 10/04/2013 - 11:04:39 ---A- C:\Users\User\AppData\Roaming\uTorrent\rss.dat [99]
O61 - LFC: 10/04/2013 - 11:04:39 ---A- C:\Users\User\AppData\Roaming\uTorrent\settings.dat [15224]
O61 - LFC: 10/04/2013 - 11:05:04 ---A- C:\Users\User\AppData\Roaming\uTorrent\resume.dat.new [174259]
O61 - LFC: 10/04/2013 - 11:56:03 ---A- C:\Users\User\Downloads\rankings-duathlon-women.pdf [282495]
O61 - LFC: 10/04/2013 - 13:49:24 ---A- C:\Users\User\AppData\Local\Google\Chrome\User Data\Local State [25791]
O61 - LFC: 10/04/2013 - 8:54:59 ---A- C:\Users\User\Downloads\7212.xls [45568]
O61 - LFC: 10/04/2013 - 9:28:27 ---A- C:\Users\User\AppData\Local\Google\Chrome\User Data\Local State~RF36195655.TMP [25771]
O61 - LFC: 10/04/2013 - 9:48:33 ---A- C:\Users\User\AppData\Roaming\Polar WebSync\_websynclog.txt [328740]
O61 - LFC: 7/04/2013 - 16:16:16 ---A- C:\Users\User\Downloads\S1Pa.docx [13115]
O61 - LFC: 7/04/2013 - 16:17:01 ---A- C:\Users\User\Downloads\S1Pa (1).docx [13115]
O61 - LFC: 7/04/2013 - 16:45:13 ---A- C:\Users\User\Downloads\S1Pa retour.doc [30208]
O61 - LFC: 7/04/2013 - 20:34:58 ---A- C:\Users\User\Downloads\NPC_calendrier_2013.xls [144896]
O61 - LFC: 7/04/2013 - 20:37:09 ---A- C:\Users\User\Downloads\calendrier_2013.xls [26624]
O61 - LFC: 8/04/2013 - 14:17:06 ---A- C:\Users\User\Downloads\Triathlon - Charleroi - StartList 2010.xls [83968]
O61 - LFC: 8/04/2013 - 18:53:09 ---A- C:\Users\User\Downloads\997617075_B97321380Z.1_20130408121340_000_G75M4CTN.1-0.jpg [231367]
O61 - LFC: 9/04/2013 - 12:16:17 ---A- C:\Users\User\AppData\Roaming\Media Player Classic\default.mpcpl [145]
O61 - LFC: 9/04/2013 - 9:21:55 ---A- C:\Users\User\Downloads\chimiesol_ch1.ppt [981504]
~ 7 Fichiers temporaires (Temporary files)
~ Files: 326 Legitimates Scanned in 06mn 02s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - ??\??\???? - Pas de propri�taire (WSearch) .(...) - LEGACY_WSEARCH
~ Legacy: 119 Legitimates Scanned in 00mn 07s
---\\ File Associations Shell Spawning (O67)
~ FASS Keys: 19 Legitimates Scanned in 00mn 00s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("browser.babylon.HPOnNewTab", "search.babylon.com"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("browser.search.defaultengine", "Web Search");
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("browser.search.defaultenginename", "Search the web (Babylon)"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("browser.search.order.1", "Search the web (Babylon)"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("browser.startup.homepage", "http://search.babylon.com/?affID=111434&tt=050412_30b&babsrc=HP_ss&mntrId=b2260c2f000000000[...] =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar.admin", false); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar.aflt", "babsst"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar.babExt", ""); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar.babTrack", "affID=111434&tt=050412_30b"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar.bbDpng", 8); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar.dfltSrch", false); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar.hmpg", false); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar.id", "b2260c2f00000000000000ffd66f196b"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar.instlDay", "15441"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar.instlRef", "sst"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar.lastDP", 8); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1720:00:07"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "16.0"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar.newTab", true); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar.newTabUrl", "http://search.babylon.com/?babsrc=NT_FFUP"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar.noFFXTlbr", false); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar.propectorlck", 103994350); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar.prtkDS", 0); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar.prtkHmpg", 1); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar.ptch_0717", true); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar.smplGrp", "azb"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar.srcExt", "ss"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar.tlbrId", "tb9"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1720:00:07"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar_i.babExt", ""); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111434&tt=050412_30b"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar_i.hardId", "b2260c2f00000000000000ffd66f196b"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar_i.id", "b2260c2f00000000000000ffd66f196b"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar_i.instlDay", "15441"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar_i.newTab", true); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar_i.newTabUrl", "http://search.babylon.com/?affID=111434&tt=050412_30b&babsrc=NT_ss&mntrId=b226[...] =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1720:00:07"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.enabledAddons", "ffxtlbr@babylon.com:1.1.9,ipfuck@p4ul.info:1.0.1,{5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4[...] =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("keyword.URL", "http://search.babylon.com/?affID=111434&tt=050412_30b&babsrc=KW_ss&mntrId=b2260c2f00000000000000ffd66f19[...] =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} [DefaultScope] - (Search the web (Babylon)) - http://search.babylon.com =>Toolbar.Babylon
O69 - SBI: SearchScopes [HKCU] {27645373-B1F9-419F-80BE-B31AB6856859} - (Yahoo!) - http://fr.search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {4327FABE-3C22-4689-8DBF-D226CF777FE9} - (Plus! Network) - http://plusnetwork.com
O69 - SBI: SearchScopes [HKCU] {54CD2DDB-47D4-4275-8E9C-0D8EE1CD21BD} - (Search Results) - http://dts.search-results.com
O69 - SBI: SearchScopes [HKCU] {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} - (DAEMON Search) - http://www.daemon-search.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche des services d�marr�s par Svchost (O83)
~ Services: 31 Legitimates Scanned in 00mn 01s
---\\ Recherche particuliere � la racine de certains dossiers (O84)
[MD5.07E6C4C1DB6C70FC9C7A9433394ECC47] [SPRF][22/03/2011] (...) -- C:\ProgramData\nvModes.dat [31776]
[MD5.81100D29D90838BE3435DF678D877BE2] [SPRF][19/03/2013] (...) -- C:\Users\User\AppData\Local\d3d9caps.dat [680]
[MD5.8CB1DDC3EAC6B60213C75B21DAE06FF5] [SPRF][29/01/2011] (.Musiccity Co.Ltd. - AOD Sourcer Filter.) -- C:\Users\User\AppData\Local\Temp\muzaf1.dll [135168]
[MD5.4F9BD5F58F631920BBAAEB9D9960286D] [SPRF][29/01/2011] (.Musiccity Co.Ltd. - MUZAoDAppCtrl Module.) -- C:\Users\User\AppData\Local\Temp\muzapp.dll [491520]
[MD5.A12FB1A9FC4433CD64C77A7250821A02] [SPRF][30/07/2012] (.Musiccity Co.Ltd. - MUZAoDApp Module.) -- C:\Users\User\AppData\Local\Temp\muzapp.exe [172032]
[MD5.0A2003F4CFD58C350C7B2E2D9807D12D] [SPRF][29/01/2011] (. (c) MusicCity - P3WMTSplitter Filter.) -- C:\Users\User\AppData\Local\Temp\muzwmts.dll [200704]
[MD5.64A66D123722A5276139855D574FBD63] [SPRF][29/10/2012] (.Spotify Ltd - Spotify.) -- C:\Users\User\AppData\Local\Temp\SpotifyUninstall.exe [7901144]
[MD5.AC43D3C8772E7207A8EAFA4F09A190DC] [SPRF][27/04/2012] (...) -- C:\Users\User\AppData\Local\Temp\_unps.exe [360448]
[MD5.3FEA9D2EDF23B0283C7A66C8DEA380BD] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\WINDOWS\Downloaded Program Files\dwusplay.dll [24576]
[MD5.CDBE35EA59BC9223E4F800BD1DB82D27] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\WINDOWS\Downloaded Program Files\dwusplay.exe [196608]
[MD5.3F4413DCD8D3BBABF08F68F25E6D60E1] [SPRF][16/02/2005] (.InstallShield Software Corporation - InstallShield Update Service Web Agent.) -- C:\WINDOWS\Downloaded Program Files\isusweb.dll [401408]
~ Files: Scanned in 00mn 01s
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{9C5E1CAA-60D2-4B22-AF9B-6AB8F9696DCF}" | In - Domain - P6 - TRUE | .(.Pas de propri�taire - Pando Media Booster.) -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
O87 - FAEL: "{A2CBE189-6CA2-45EA-840D-AB89CA008AAF}" | In - Domain - P17 - TRUE | .(.Pas de propri�taire - Pando Media Booster.) -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
O87 - FAEL: "{CCA21C83-77A9-4BD2-B6EB-AC35F4E0BE38}" | In - Private - P6 - TRUE | .(.Pas de propri�taire - Pando Media Booster.) -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
O87 - FAEL: "{73BEC9F4-AE5D-4B44-852B-6E24B40E15E6}" | In - Private - P17 - TRUE | .(.Pas de propri�taire - Pando Media Booster.) -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
O87 - FAEL: "{BE551B5F-E803-4A94-9E6A-550EE045CCEC}" | In - None - P17 - TRUE | .(.Pas de propri�taire - Pando Media Booster.) -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
O87 - FAEL: "{1CA48ABC-4F5F-4FE2-851F-AE83AB62A8E1}" | In - None - P6 - TRUE | .(.BitTorrent, Inc. - �Torrent.) -- C:\Program Files\uTorrent\uTorrent.exe
O87 - FAEL: "{90032EEA-CEC9-4F86-91C1-1F19809C507C}" | In - None - P17 - TRUE | .(.BitTorrent, Inc. - �Torrent.) -- C:\Program Files\uTorrent\uTorrent.exe
~ Firewall: 207 Legitimates Scanned in 00mn 06s
---\\ Scan Additionnel (O88)
Database Version : v2.11497 - (9/04/2013)
Cl�s trouv�es (Keys found) : 25
Valeurs trouv�es (Values found) : 0
Dossiers trouv�s (Folders found) : 5
Fichiers trouv�s (Files found) : 0
[HKLM\Software\Google\Chrome\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj] =>PUP.VShareRedir
[HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper
[HKLM\Software\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}] =>Toolbar.Babylon
[HKLM\Software\Classes\CLSID\{E46C8196-B634-44a1-AF6E-957C64278AB1}] =>Toolbar.Babylon
[HKLM\Software\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\escort.dll] =>Toolbar.Babylon
[HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader
[HKCU\Software\vShare.tv] =>PUP.VShareRedir
[HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Classes\AppID\escort.DLL] =>PUP.Funmoods
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\Arpcache\vShare.tv plugin] =>PUP.VShareRedir
C:\Program Files\vShare.tv plugin =>PUP.VShareRedir
C:\ProgramData\Babylon =>Toolbar.Babylon
C:\Users\User\AppData\Roaming\Babylon =>Toolbar.Babylon
C:\Users\User\AppData\Local\Babylon =>Toolbar.Babylon
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zg8byx6w.default\Extensions\ffxtlbr@babylon.com =>Toolbar.Babylon
~ Additionnel: Scanned in 01mn 21s
---\\ Product Upgrade Codes (O90)
O90 - PUC: "D0239AB2160E17C4CABCCAE0D9F48CB2" . (.Polar Daemon.) -- C:\Windows\Installer\{2BA9320D-E061-4C71-ACCB-AC0E9D4FC82B}\ARPPRODUCTICON.exe
O90 - PUC: "EE354023AEA6A1E4E846273FC3C029F8" . (.Polar WebSync.) -- C:\Windows\Installer\{320453EE-6AEA-4E1A-8E64-72F33C0C928F}\ARPPRODUCTICON.exe
~ Update Products: 108 Legitimates Scanned in 00mn 00s
---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 28/04/2011 136360 | (AntiVirSchedulerService) . (.Avira GmbH.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SR - | Auto 31/08/2011 269480 | (AntiVirService) . (.Avira GmbH.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 837120 | (BlueSoleilCS) . (...) - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
SR - | Demand 98407 | (BsHelpCS) . (...) - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
SR - | Auto 14/10/2008 555560 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
SR - | Auto 262243 | (CLCapSvc) . (...) - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
SS - | Auto 106593 | (CLSched) . (...) - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
SS - | Demand 12/01/2010 227896 | (Com4QLBEx) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
SR - | Auto 24/10/2011 870672 | (EvtEng) . (.Intel(R) Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
SR - | Auto 14/03/2007 62984 | (HP Health Check Service) . (.Hewlett-Packard.) - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
SR - | Demand 19/01/2008 21504 | C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\WINDOWS\System32\svchost.exe
SR - | Auto 19/01/2008 21504 | C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\WINDOWS\System32\svchost.exe
SS - | Demand 30/04/2009 229944 | (hpqwmiex) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
SR - | Auto 12/02/2007 355096 | (IAANTMON) . (.Intel Corporation.) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
SS - | Demand 22/10/2004 73728 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
SR - | Auto 14/12/2006 61440 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
SS - | Demand 14/11/2012 115168 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 19/01/2008 21504 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\WINDOWS\System32\svchost.exe
SR - | Auto 30/08/2012 645992 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SS - | Auto 30/08/2012 1258856 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 19/01/2008 21504 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\WINDOWS\System32\svchost.exe
SR - | Auto 419536 | (Polar Daemon) . (...) - C:\Program Files\Polar\Daemon\polard.exe
SR - | Auto 24/10/2011 481552 | (RegSrvc) . (.Intel(R) Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
SR - | Auto 2/10/2012 3064000 | (Skype C2C Service) . (.Skype Technologies S.A..) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
SS - | Auto 28/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 25/02/2013 543144 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files\Common Files\Steam\SteamService.exe
SS - | Demand 17/02/2007 74656 | (stllssvr) . (.MicroVision Development, Inc..) - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
SR - | Auto 19/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\WINDOWS\System32\svchost.exe
SR - | Auto 19/01/2008 21504 | C:\WINDOWS\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\WINDOWS\System32\svchost.exe
~ Services: Scanned in 00mn 07s
---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
~ MBR: 1 Legitimates Scanned in 00mn 02s
---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by User at 10/04/2013 15:07:39
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
~ 2095 Legitimates filtered by white list
End of the scan (737 lines in 22mn 10s)(0)
Run by User at 10/04/2013 14:45:29
State : Version � jour.
High Elevated Privileges : OK
UAC :
---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 16.0.2 v16.0.2
GCIE: Google Chrome v26.0.1410.43 (Defaut)
---\\ Windows Product Information
~ Langage: Fran�ais
Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
~ Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : WQD8Q
Windows License : OK
Windows Automatic Updates : OK
---\\ System Protection
Avira AntiVir Personal - Free Antivirus v10.2.0.167
MSCU for Microsoft Vista v1.0.1.1
---\\ System Information
~ Processor: x86 Family 6 Model 15 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1021 MB (14% free)
System Restore: Activ� (Enable)
System drive C: has 1 GB (0%) free of 143 GB
---\\ Logged in mode
~ Computer Name: PC-DE-USER
~ User Name: User
~ All Users Names: User, UpdatusUser, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\User\AppData\Roaming\
~ %Desktop% : C:\Users\User\Desktop\
~ %Favorites% : C:\Users\User\Favorites\
~ %LocalAppData% : C:\Users\User\AppData\Local\
~ %StartMenu% : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\System32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 1 Go of 143 Go)
D:\ CD-ROM drive (Not Inserted)
E:\ Hard drive, Flash drive, Thumb drive (Free 5 Go of 6 Go)
F:\ CD-ROM drive (Not Inserted)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Security Center: Scanned in 00mn 00s
---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 7:27:36.) -- C:\WINDOWS\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de d�marrage de Windows.) (.19/01/2008 - 8:33:37.) -- C:\WINDOWS\System32\Wininit.exe [96768]
[MD5.C5B6468422DB1C8AA36C32CBB0197E5E] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/02/2013 - 4:38:00.) -- C:\WINDOWS\System32\wininet.dll [1129472]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 7:28:13.) -- C:\WINDOWS\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\WINDOWS\system32\Drivers\AFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 7:32:26.) -- C:\WINDOWS\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.19/01/2008 - 6:28:02.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 5:39:17.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\WINDOWS\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 5:42:42.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.19/01/2008 - 6:49:18.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.19/01/2008 - 6:56:28.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 5:45:37.) -- C:\WINDOWS\system32\Drivers\netBT.sys [185856]
[MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - Pilote du syst�me de fichiers NT.) (.3/03/2013 - 20:07:52.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [1082232]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parall�le.) (.2/11/2006 - 9:51:30.) -- C:\WINDOWS\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.19/01/2008 - 6:56:34.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [76288]
[MD5.E8BD98D46F2ED77132BA927FCCB47D8B] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.2/11/2006 - 10:03:00.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [242688]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 5:45:22.) -- C:\WINDOWS\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 5:45:56.) -- C:\WINDOWS\system32\Drivers\tdx.sys [72192]
[MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.21/08/2012 - 12:47:42.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [224640]
~ Generic Processes: Scanned in 00mn 08s
---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 1/3
~ Mes musiques (My Musics) : 1/22
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/54
~ Mes Documents (My Documents) : 24/2234
~ Mon Bureau (My Desktop) : 12/497
~ Menu demarrer (Programs) : 0/32
~ Hidden Files: Scanned in 00mn 32s
---\\ Processus lanc�s
[MD5.7A6B6ED4E0E167065AE9774D8C715E0B] - (...) -- C:\Program Files\Polar\WebSync\WebSync.exe [6227512] [PID.3444]
[MD5.311CCA642D0BFAF29EBC2C0D71CBB286] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [1820520] [PID.3032]
[MD5.C0063DB87FB34539697460ED1A231F60] - (.Pas de propri�taire - BlueSoleil Bttray.) -- C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe [279552] [PID.1584]
[MD5.B0BF698030DB6561393AE753C6D3F936] - (.Google Inc. - Google Chrome.) -- C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe [1312720] [PID.3876]
[MD5.7E4AD8220AF0B281274F9785DD53E25C] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [18642024] [PID.1132]
[MD5.B588979D6910F9BE2D244FCBE2111DBF] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [6620160] [PID.4368]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.4844]
[MD5.A3B80E6B7CDE9660F639658739A5824E] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 306.2.) -- C:\Windows\system32\nvvsvc.exe [645992] [PID.924]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1292]
[MD5.954CA32CB0E3CCD19956D900A4A9F3FC] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [864104] [PID.1396]
[MD5.23C3A0680042C0D1DE1F360F8B62BC57] - (.Microsoft Corporation - Infrastructure d'extensibilit� pour les ser.) -- C:\Windows\system32\WLANExt.exe [74240] [PID.1888]
[MD5.A5BCBAF0477C4869B67E0195AEA4A9CD] - (.Avira GmbH - Antivirus Scheduler.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [136360] [PID.1988]
[MD5.3CCE4AFA4AACDB28E01A148394212186] - (.Avira GmbH - Antivirus On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [269480] [PID.484]
[MD5.80AAA0E1274435815BA8228E96CCE514] - (.Pas de propri�taire - BlueSoleilCS Module.) -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [837120] [PID.940]
[MD5.CDE000884FD7BAF0C1FDFE029B0891DE] - (.Avira GmbH - AntiVir shadow copy service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [76968] [PID.1300]
[MD5.C832A3622A35CA7C595EA8CA385BA813] - (.Broadcom Corporation. - Bluetooth Support Server.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [555560] [PID.1592]
[MD5.DBAFC6734C054FEEF9087754BD80F847] - (.Pas de propri�taire - CLCapSvc Module.) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [262243] [PID.1588]
[MD5.582F2D900A3AC34C98FBDC2C0ABEF6B9] - (.Intel Corporation - RAID Monitor.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [355096] [PID.1524]
[MD5.559C9B7800FAC92FC515CD0003D7C631] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440] [PID.2040]
[MD5.652565EA2FAB8E7366101A0B04DECBBC] - (...) -- C:\Program Files\Polar\Daemon\polard.exe [419536] [PID.2172]
[MD5.6987DC1DD7A7159752DFB1F6AABAE062] - (.Intel(R) Corporation - Intel(R) PROSet/Wireless Registry Service.) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [481552] [PID.2332]
[MD5.388AE59FE75F1B959DFA0900923C61BB] - (.Skype Technologies S.A. - Skype C2C Service.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000] [PID.2412]
[MD5.9D6A019DEA917F305AF23209FEDD5F16] - (.Intel(R) Corporation - Intel(R) PROSet/Wireless Event Log Service.) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe [870672] [PID.2624]
[MD5.2A7AF088B95D3A0B01A5C4BF49388A0B] - (.Microsoft Corporation - IAS Host.) -- C:\Windows\system32\iashost.exe [17408] [PID.3340]
[MD5.FBF30775527CCB9D9EEB4D5DAE2C0841] - (.Pas de propri�taire - BsHelpCS Module.) -- C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [98407] [PID.860]
[MD5.2CEEB349216FEBD91A907013D4ABCFF7] - (.Hewlett-Packard - HP Health Check Service.) -- C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [62984] [PID.2572]
~ Processes Running: Scanned in 00mn 05s
---\\ Google Chrome, D�marrage,Recherche,Extensions (G0,G1,G2)
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] None
~ Google Browser: Scanned in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zg8byx6w.default\prefs.js
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zg8byx6w.default\user.js
M3 - MFPP: Plugins - [User] -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zg8byx6w.default\searchplugins\daemon-search.xml
M3 - MFPP: Plugins - [User] -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zg8byx6w.default\searchplugins\Plusnetwork.xml
M3 - MFPP: Plugins - [User] -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zg8byx6w.default\searchplugins\Search_Results.xml
M3 - MFPP: Plugins - [User] -- C:\Program Files\Mozilla FireFox\searchplugins\babylon.xml =>Toolbar.Babylon
M0 - MFSP: prefs.js [User - zg8byx6w.default] http://search.babylon.com =>Toolbar.Babylon
M2 - MFEP: prefs.js [User - zg8byx6w.default\ffxtlbr@babylon.com] [] Babylon v1.1.9 (.Babylon.) =>Toolbar.Babylon
M2 - MFEP: prefs.js [User - zg8byx6w.default\ipfuck@p4ul.info] [] ipFuck v1.0.1 (.Paul Da Silva.)
M2 - MFEP: prefs.js [User - zg8byx6w.default\{20a82645-c095-46ed-80e3-08825760534b}] [MicrosoftCG] Microsoft .NET Framework Assistant v1.2.1 (.Microsoft.)
M2 - MFEP: prefs.js [User - zg8byx6w.default\{5384767E-00D9-40E9-B72F-9CC39D655D6F}] [] EPUBReader v1.4.2.1 (.Michael Volz.)
M2 - MFEP: prefs.js [User - zg8byx6w.default\{d122ad80-ff45-11dd-87af-0800200c9a66}] [] Green Fox v16.0.24.10.12 (.Jivko Evgeniev.)
M2 - MFEP: prefs.js [User - zg8byx6w.default\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}] [] Torbutton v1.2.5 (.Mike Perry & Scott Squires.)
P2 - FPN:Firefox Plugin Navigator . (.vShare.tv - vShare.tv plug-in.) -- C:\Program Files\Mozilla Firefox\Plugins\npvsharetvplg.dll
P2 - FPN: [HKLM] [@pandonetworks.com/PandoWebPlugin] - (.Pando Networks - Pando Web Plugin.) -- C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
P2 - FPN: [HKCU] [pandonetworks.com/PandoWebPlugin] - (.Pando Networks - Pando Web Plugin.) -- C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
~ Firefox Browser: 31 Legitimates Scanned in 00mn 02s
---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com =>Toolbar.Babylon
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Pando Networks - Pando Web Plugin.) (No version) -- (.not file.)
~ IE Browser: 13 Legitimates Scanned in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (.not file.)
~ BHO: 3 Legitimates Scanned in 00mn 00s
---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent, Inc. - �Torrent.) -- C:\Program Files\uTorrent\uTorrent.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-21-2194683331-645585910-1968582170-1000\..\Run: [uTorrent] . (.BitTorrent, Inc. - �Torrent.) -- C:\Program Files\uTorrent\uTorrent.exe
O4 - HKUS\S-1-5-21-2194683331-645585910-1968582170-1000\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Programs: Windows Mail.lnk . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files\Windows Mail\WinMail.exe
O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\QuickLaunch: CCleaner (2).lnk . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe
O4 - GS\QuickLaunch: CCleaner.lnk . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe
O4 - GS\QuickLaunch: DAEMON Tools Lite.lnk . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch: JDownloader.lnk . (.AppWork UG (haftungsbeschränkt) - JDownloader Launcher v4.) -- C:\Program Files\JDownloader\JDownloaderD3D.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch: Polar WebSync.lnk . (...) -- C:\Program Files\Polar\WebSync\WebSync.exe
O4 - GS\QuickLaunch: R i386 2.15.2.lnk . (...) -- C:\Program Files\R\R-2.15.2\bin\i386\Rgui.exe
O4 - GS\QuickLaunch: Unibet.lnk . (.Microgaming - Microgaming Poker Engine.) -- C:\Microgaming\Poker\unibetpokerMPP\MPPoker.exe
O4 - GS\QuickLaunch: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\QuickLaunch: �Torrent.lnk . (.BitTorrent, Inc. - �Torrent.) -- C:\Program Files\uTorrent\uTorrent.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\SendTo\Assistant Transfert de fichiers Bluetooth.LNK.backup . (...) -- C:\Users\User\AppData\Roaming\Microsoft\Windows\SendTo\Assistant Transfert de fichiers Bluetooth.LNK.backup
O4 - GS\SendTo: Bluetooth.lnk - Cl� orpheline
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - Global Startup: C:\Users\User\Desktop\Football Manager 2011.url . (...) -- C:\Users\User\Desktop\Football Manager 2011.url
O4 - GS\Desktop: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
~ Global Startup: Scanned in 00mn 42s
---\\ Boutons situ�s sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: PokerStars.be - {878AC5FC-BE78-4bae-896C-7F75B790A71E} -- Cl� orpheline
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico (.not file.)
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Winsock hijacker (Layered Service Provider) (O10)
~ Winsock: 7 Legitimates Scanned in 00mn 00s
---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKCU\...\Domains] *.clonewarsadventures.com
O15 - Trusted Zone: [HKCU\...\Domains] *.freerealms.com
O15 - Trusted Zone: [HKCU\...\Domains] *.soe.com
O15 - Trusted Zone: [HKCU\...\Domains] *.sony.com
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0BC06432-DC02-464F-A5F8-92BC6907305D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D5F4A5B-FF2F-485A-B4AB-881FA2F5EF3F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0BC06432-DC02-464F-A5F8-92BC6907305D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{7D5F4A5B-FF2F-485A-B4AB-881FA2F5EF3F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{0BC06432-DC02-464F-A5F8-92BC6907305D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{7D5F4A5B-FF2F-485A-B4AB-881FA2F5EF3F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Cl� de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
~ SSODL: 1 Legitimates Scanned in 00mn 00s
---\\ Cl� de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioth�que de l'interface utilisateur du.) -- C:\WINDOWS\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: Polar Daemon (Polar Daemon) . (...) - C:\Program Files\Polar\Daemon\polard.exe
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe
~ Services: 16 Legitimates Scanned in 00mn 16s
---\\ Enum�ration Active Desktop & MHTML Editor (O24)
~ Desktop Component: 1 Legitimates Scanned in 00mn 00s
---\\ BootExecute (O34)
~ BEX: 1 Legitimates Scanned in 00mn 00s
---\\ T�ches planifi�es en automatique (O39)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\PC Doc Pro Reminder.job [392]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\PC Doc Pro Scheduled Scan.job [396]
[MD5.00000000000000000000000000000000] [APT] [{5201C2B9-9D2C-48CE-8F6B-D37AAE6BCB8F}] (...) -- G:\autorun.exe (.not file.) [0]
~ Scheduled Task: 13 Legitimates Scanned in 00mn 11s
---\\ Composants install�s (ActiveSetup Installed Components) (O40)
~ Active Setup: 12 Legitimates Scanned in 00mn 01s
---\\ Pilotes lanc�s au d�marrage (O41)
~ Drivers: 66 Legitimates Scanned in 00mn 02s
---\\ Logiciels install�s (O42)
O42 - Logiciel: Java 7 Update 9 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83217009FF}
O42 - Logiciel: Pando Media Booster - (.Pando Networks Inc..) [HKLM] -- {980A182F-E0A2-4A40-94C1-AE0C1235902E}
O42 - Logiciel: Plus500 - (...) [HKLM] -- Plus500
O42 - Logiciel: Polar Daemon - (.Polar Electro Oy.) [HKLM] -- {2BA9320D-E061-4C71-ACCB-AC0E9D4FC82B}
O42 - Logiciel: Polar WebSync - (.Polar Electro Oy.) [HKLM] -- {320453EE-6AEA-4E1A-8E64-72F33C0C928F}
O42 - Logiciel: Unibet - (...) [HKLM] -- unibetpoker (Poker)
O42 - Logiciel: �Torrent - (.BitTorrent Inc..) [HKLM] -- uTorrent
~ Logic: 112 Legitimates Scanned in 00mn 02s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AT&T Labs]
[HKCU\Software\BitTorrent]
[HKCU\Software\Comical]
[HKCU\Software\DjVuSolo]
[HKCU\Software\Frogster Online Gaming]
[HKCU\Software\InstallCore] =>PUP.InstallCore
[HKCU\Software\MGS]
[HKCU\Software\Magic Workstation]
[HKCU\Software\Mth]
[HKCU\Software\PC Doc Pro]
[HKCU\Software\Pando Networks]
[HKCU\Software\Plus500]
[HKCU\Software\Polar Electro Oy]
[HKCU\Software\PopitNG]
[HKCU\Software\polar]
[HKCU\Software\vShare.tv]
[HKLM\Software\Babylon] =>Toolbar.Babylon
[HKLM\Software\Frogster Online Gaming]
[HKLM\Software\Full Tilt Poker]
[HKLM\Software\LKSoft]
[HKLM\Software\MSPG32]
[HKLM\Software\Mth]
[HKLM\Software\Pando Networks]
[HKLM\Software\Patch My PC]
[HKLM\Software\Polar Electro]
[HKLM\Software\THe UDS]
[HKLM\Software\WindowsDoctor]
~ Key Software: 239 Legitimates Scanned in 00mn 02s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 26/01/2013 - 14:37:56 - [0,246] ----D C:\Program Files\Comical
O43 - CFD: 27/11/2011 - 0:17:32 - [7,133] ----D C:\Program Files\Pando Networks
O43 - CFD: 17/01/2013 - 16:23:03 - [0] ----D C:\Program Files\PokerStars.BE
O43 - CFD: 17/03/2013 - 11:54:05 - [25,513] ----D C:\Program Files\Polar
O43 - CFD: 27/11/2012 - 13:50:14 - [76,803] ----D C:\Program Files\R
O43 - CFD: 6/11/2012 - 18:17:53 - [0,381] ----D C:\Program Files\uTorrent
O43 - CFD: 9/01/2012 - 11:42:33 - [0,396] ----D C:\Program Files\vShare.tv plugin
O43 - CFD: 23/11/2011 - 20:21:27 - [0,000] ----D C:\Program Files\WordBiz
O43 - CFD: 26/03/2011 - 12:02:30 - [1,883] ----D C:\Program Files\Common Files\LKSoft
O43 - CFD: 11/04/2012 - 19:59:38 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon
O43 - CFD: 17/12/2011 - 20:37:16 - [0,000] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 11/03/2012 - 14:13:53 - [0] ----D C:\ProgramData\MGS
O43 - CFD: 26/03/2011 - 11:24:51 - [1,257] ----D C:\ProgramData\VSprint company
O43 - CFD: 11/04/2012 - 19:59:37 - [0,006] ----D C:\Users\User\AppData\Roaming\Babylon =>Toolbar.Babylon
O43 - CFD: 22/09/2012 - 15:42:52 - [0,586] ----D C:\Users\User\AppData\Roaming\Image Zone Express
O43 - CFD: 26/03/2011 - 12:01:51 - [0,378] ----D C:\Users\User\AppData\Roaming\LKSoft
O43 - CFD: 29/10/2012 - 18:02:03 - [2,927] ----D C:\Users\User\AppData\Roaming\Microgaming
O43 - CFD: 10/10/2011 - 15:29:50 - [0,314] ----D C:\Users\User\AppData\Roaming\Polar WebSync
O43 - CFD: 24/05/2011 - 9:42:23 - [0,003] ----D C:\Users\User\AppData\Roaming\Printer Info Cache
O43 - CFD: 10/04/2013 - 12:04:39 - [-1563,716] ----D C:\Users\User\AppData\Roaming\uTorrent
O43 - CFD: 26/03/2011 - 11:25:25 - [0] ----D C:\Users\User\AppData\Roaming\VSprint company
O43 - CFD: 11/04/2012 - 19:59:42 - [4,187] ----D C:\Users\User\AppData\Local\Babylon =>Toolbar.Babylon
O43 - CFD: 4/01/2013 - 17:19:40 - [27,648] ----D C:\Users\User\AppData\Local\Plus500
O43 - CFD: 17/01/2013 - 16:22:47 - [0] ----D C:\Users\User\AppData\Local\PokerStars.BE
O43 - CFD: 4/01/2013 - 17:19:45 - [0] ----D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plus500
~ 361 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 654 Legitimates Scanned in 02mn 03s
---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.A506A50EE7713A441F505BFC65EE7209] - 10/04/2013 - 9:43:18 ---A- . (...) -- C:\WINDOWS\System32\bscs.ini [931]
~ Files: 36 Legitimates Scanned in 02mn 45s
---\\ Derniers fichiers cr��s dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.71AF6A6E4D4DD2905B8D1158F8CFAC73] - 10/04/2013 - 11:56:33 ---A- - C:\WINDOWS\Prefetch\SUMATRAPDF.EXE-E69A2FFF.pf
O45 - LFCP:[MD5.7020A1EA20D02FD003E1C4BBAAD4DF0D] - 10/04/2013 - 9:44:08 ---A- - C:\WINDOWS\Prefetch\IWRAP.EXE-E6AE5E1C.pf
O45 - LFCP:[MD5.2B7A150EF07DE348906D603568C3B9BA] - 10/04/2013 - 9:44:25 ---A- - C:\WINDOWS\Prefetch\IASHOST.EXE-D1717562.pf
O45 - LFCP:[MD5.0330228FEB704B1A7DC2B2F6223836CC] - 10/04/2013 - 9:46:50 ---A- - C:\WINDOWS\Prefetch\BSHELPCS.EXE-8C3821E0.pf
O45 - LFCP:[MD5.3698FF080992C348F6AB3AC45B0537AA] - 10/04/2013 - 9:47:59 ---A- - C:\WINDOWS\Prefetch\UTORRENT.EXE-07DD3997.pf
O45 - LFCP:[MD5.123E29395453268527CBF21BEC901DD9] - 3/04/2013 - 7:09:48 ---A- - C:\WINDOWS\Prefetch\PLUS500.EXE-EC1B528B.pf
O45 - LFCP:[MD5.7282C0D30EA9DE14115E83556DBF426E] - 3/04/2013 - 7:10:42 ---A- - C:\WINDOWS\Prefetch\500Z.EXE-1A1FC54C.pf
O45 - LFCP:[MD5.8F3A2017EBB92233ECCD313AE930473B] - 3/04/2013 - 7:11:09 ---A- - C:\WINDOWS\Prefetch\RESOURCECHANGE.EXE-DFDA523F.pf
O45 - LFCP:[MD5.9EBE6B62794A943CA3F5C4815CE0975C] - 3/04/2013 - 7:11:23 ---A- - C:\WINDOWS\Prefetch\INVESTSOFTPROJECT.EXE-A6F93117.pf
O45 - LFCP:[MD5.CDA9D8C1B0983B2B075F1939D9CCEC01] - 3/04/2013 - 7:12:02 ---A- - C:\WINDOWS\Prefetch\GETMAC.EXE-3443D198.pf
O45 - LFCP:[MD5.B5143DF51E94033350EA2A97766E53BC] - 5/04/2013 - 19:31:21 ---A- - C:\WINDOWS\Prefetch\SKYE8A8.TMP-E789D03B.pf
O45 - LFCP:[MD5.BDE45112150D330B3F0E05500FF0049A] - 9/04/2013 - 10:30:55 ---A- - C:\WINDOWS\Prefetch\MPC-HC.EXE-60D5C967.pf
~ Prefetcher: 119 Legitimates Scanned in 00mn 01s
---\\ D�ni du service (Local Security Authority) (O48)
~ LSA: 7 Legitimates Scanned in 00mn 00s
---\\ Contr�le du Safe Boot (CSB) (O49)
~ CBS: 15 Legitimates Scanned in 00mn 00s
---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{e2b305a3-7e28-11e1-9571-001b24e09258}\AutoRun\command. (...) -- H:\LaunchU3.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Trojan Driver Search Data (HKLM) (O52)
~ TDSD: 14 Legitimates Scanned in 00mn 01s
---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\avgnt [Key] . (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
O53 - SMSR:HKLM\...\startupreg\BtTray [Key] . (.Pas de propri�taire - BlueSoleil Bttray.) -- C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
O53 - SMSR:HKLM\...\startupreg\EA Core [Key] . (...) -- C:\Program Files\Electronic Arts\EADM\Core.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\lan [Key] . (...) -- C:\Users\User\chat-land\Chat-Landmessenger.jar (.not file.) =>Hijacker.ChercheUS
O53 - SMSR:HKLM\...\startupreg\Launcher [Key] . (.soft thinks - Launcher.) -- C:\WINDOWS\SMINST\launcher.exe
O53 - SMSR:HKLM\...\startupreg\SMSERIAL [Key] . (.Motorola Inc. - SM56 Modem Helper.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (.BitTorrent, Inc. - �Torrent.) -- C:\Program Files\uTorrent\uTorrent.exe
~ SMSR Keys: 33 Legitimates Scanned in 00mn 03s
---\\ Microsoft Control Security Providers (O54)
~ MSCP: 2 Legitimates Scanned in 00mn 00s
---\\ Microsoft Windows Policies System (O55)
~ MWPS: 13 Legitimates Scanned in 00mn 00s
---\\ Microsoft Windows Policies Explorer (O56)
~ MWPE Keys: 1 Legitimates Scanned in 00mn 00s
---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.2EDC5BBAC6C651ECE337BDE8ED97C9FB] - 2/11/2006 - 10:51:38 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\WINDOWS\System32\Drivers\adp94xx.sys [420968]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 2/11/2006 - 8:09:42 ---A- . (...) -- C:\WINDOWS\System32\ANSI.SYS [9029]
~ Drivers: Scanned in 00mn 00s
---\\ Derniers fichiers modifi�s ou cr�es (Utilisateur) (O61)
O61 - LFC: 10/04/2013 - 10:00:31 ---A- C:\Users\User\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [268934]
O61 - LFC: 10/04/2013 - 10:28:47 ---A- C:\Users\User\Downloads\modal+qualif+2013+02+12.doc [405504]
O61 - LFC: 10/04/2013 - 10:35:47 ---A- C:\Users\User\Downloads\NPC_calendrier_2013 (1).xls [144896]
O61 - LFC: 10/04/2013 - 10:47:50 ---A- C:\Users\User\AppData\Roaming\uTorrent\settings.dat.old [15201]
O61 - LFC: 10/04/2013 - 11:04:39 ---A- C:\Users\User\AppData\Roaming\uTorrent\dht.dat [1570]
O61 - LFC: 10/04/2013 - 11:04:39 ---A- C:\Users\User\AppData\Roaming\uTorrent\rss.dat [99]
O61 - LFC: 10/04/2013 - 11:04:39 ---A- C:\Users\User\AppData\Roaming\uTorrent\settings.dat [15224]
O61 - LFC: 10/04/2013 - 11:05:04 ---A- C:\Users\User\AppData\Roaming\uTorrent\resume.dat.new [174259]
O61 - LFC: 10/04/2013 - 11:56:03 ---A- C:\Users\User\Downloads\rankings-duathlon-women.pdf [282495]
O61 - LFC: 10/04/2013 - 13:49:24 ---A- C:\Users\User\AppData\Local\Google\Chrome\User Data\Local State [25791]
O61 - LFC: 10/04/2013 - 8:54:59 ---A- C:\Users\User\Downloads\7212.xls [45568]
O61 - LFC: 10/04/2013 - 9:28:27 ---A- C:\Users\User\AppData\Local\Google\Chrome\User Data\Local State~RF36195655.TMP [25771]
O61 - LFC: 10/04/2013 - 9:48:33 ---A- C:\Users\User\AppData\Roaming\Polar WebSync\_websynclog.txt [328740]
O61 - LFC: 7/04/2013 - 16:16:16 ---A- C:\Users\User\Downloads\S1Pa.docx [13115]
O61 - LFC: 7/04/2013 - 16:17:01 ---A- C:\Users\User\Downloads\S1Pa (1).docx [13115]
O61 - LFC: 7/04/2013 - 16:45:13 ---A- C:\Users\User\Downloads\S1Pa retour.doc [30208]
O61 - LFC: 7/04/2013 - 20:34:58 ---A- C:\Users\User\Downloads\NPC_calendrier_2013.xls [144896]
O61 - LFC: 7/04/2013 - 20:37:09 ---A- C:\Users\User\Downloads\calendrier_2013.xls [26624]
O61 - LFC: 8/04/2013 - 14:17:06 ---A- C:\Users\User\Downloads\Triathlon - Charleroi - StartList 2010.xls [83968]
O61 - LFC: 8/04/2013 - 18:53:09 ---A- C:\Users\User\Downloads\997617075_B97321380Z.1_20130408121340_000_G75M4CTN.1-0.jpg [231367]
O61 - LFC: 9/04/2013 - 12:16:17 ---A- C:\Users\User\AppData\Roaming\Media Player Classic\default.mpcpl [145]
O61 - LFC: 9/04/2013 - 9:21:55 ---A- C:\Users\User\Downloads\chimiesol_ch1.ppt [981504]
~ 7 Fichiers temporaires (Temporary files)
~ Files: 326 Legitimates Scanned in 06mn 02s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - ??\??\???? - Pas de propri�taire (WSearch) .(...) - LEGACY_WSEARCH
~ Legacy: 119 Legitimates Scanned in 00mn 07s
---\\ File Associations Shell Spawning (O67)
~ FASS Keys: 19 Legitimates Scanned in 00mn 00s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("browser.babylon.HPOnNewTab", "search.babylon.com"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("browser.search.defaultengine", "Web Search");
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("browser.search.defaultenginename", "Search the web (Babylon)"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("browser.search.order.1", "Search the web (Babylon)"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("browser.startup.homepage", "http://search.babylon.com/?affID=111434&tt=050412_30b&babsrc=HP_ss&mntrId=b2260c2f000000000[...] =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar.admin", false); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar.aflt", "babsst"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar.babExt", ""); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar.babTrack", "affID=111434&tt=050412_30b"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar.bbDpng", 8); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar.dfltSrch", false); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar.hmpg", false); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar.id", "b2260c2f00000000000000ffd66f196b"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar.instlDay", "15441"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar.instlRef", "sst"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar.lastDP", 8); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1720:00:07"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "16.0"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar.newTab", true); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar.newTabUrl", "http://search.babylon.com/?babsrc=NT_FFUP"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar.noFFXTlbr", false); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar.propectorlck", 103994350); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar.prtkDS", 0); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar.prtkHmpg", 1); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar.ptch_0717", true); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar.smplGrp", "azb"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar.srcExt", "ss"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar.tlbrId", "tb9"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1720:00:07"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar_i.babExt", ""); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111434&tt=050412_30b"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar_i.hardId", "b2260c2f00000000000000ffd66f196b"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar_i.id", "b2260c2f00000000000000ffd66f196b"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar_i.instlDay", "15441"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar_i.newTab", true); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar_i.newTabUrl", "http://search.babylon.com/?affID=111434&tt=050412_30b&babsrc=NT_ss&mntrId=b226[...] =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1720:00:07"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("extensions.enabledAddons", "ffxtlbr@babylon.com:1.1.9,ipfuck@p4ul.info:1.0.1,{5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4[...] =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("keyword.URL", "http://search.babylon.com/?affID=111434&tt=050412_30b&babsrc=KW_ss&mntrId=b2260c2f00000000000000ffd66f19[...] =>Toolbar.Babylon
O69 - SBI: prefs.js [User - zg8byx6w.default] user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} [DefaultScope] - (Search the web (Babylon)) - http://search.babylon.com =>Toolbar.Babylon
O69 - SBI: SearchScopes [HKCU] {27645373-B1F9-419F-80BE-B31AB6856859} - (Yahoo!) - http://fr.search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {4327FABE-3C22-4689-8DBF-D226CF777FE9} - (Plus! Network) - http://plusnetwork.com
O69 - SBI: SearchScopes [HKCU] {54CD2DDB-47D4-4275-8E9C-0D8EE1CD21BD} - (Search Results) - http://dts.search-results.com
O69 - SBI: SearchScopes [HKCU] {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} - (DAEMON Search) - http://www.daemon-search.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche des services d�marr�s par Svchost (O83)
~ Services: 31 Legitimates Scanned in 00mn 01s
---\\ Recherche particuliere � la racine de certains dossiers (O84)
[MD5.07E6C4C1DB6C70FC9C7A9433394ECC47] [SPRF][22/03/2011] (...) -- C:\ProgramData\nvModes.dat [31776]
[MD5.81100D29D90838BE3435DF678D877BE2] [SPRF][19/03/2013] (...) -- C:\Users\User\AppData\Local\d3d9caps.dat [680]
[MD5.8CB1DDC3EAC6B60213C75B21DAE06FF5] [SPRF][29/01/2011] (.Musiccity Co.Ltd. - AOD Sourcer Filter.) -- C:\Users\User\AppData\Local\Temp\muzaf1.dll [135168]
[MD5.4F9BD5F58F631920BBAAEB9D9960286D] [SPRF][29/01/2011] (.Musiccity Co.Ltd. - MUZAoDAppCtrl Module.) -- C:\Users\User\AppData\Local\Temp\muzapp.dll [491520]
[MD5.A12FB1A9FC4433CD64C77A7250821A02] [SPRF][30/07/2012] (.Musiccity Co.Ltd. - MUZAoDApp Module.) -- C:\Users\User\AppData\Local\Temp\muzapp.exe [172032]
[MD5.0A2003F4CFD58C350C7B2E2D9807D12D] [SPRF][29/01/2011] (. (c) MusicCity - P3WMTSplitter Filter.) -- C:\Users\User\AppData\Local\Temp\muzwmts.dll [200704]
[MD5.64A66D123722A5276139855D574FBD63] [SPRF][29/10/2012] (.Spotify Ltd - Spotify.) -- C:\Users\User\AppData\Local\Temp\SpotifyUninstall.exe [7901144]
[MD5.AC43D3C8772E7207A8EAFA4F09A190DC] [SPRF][27/04/2012] (...) -- C:\Users\User\AppData\Local\Temp\_unps.exe [360448]
[MD5.3FEA9D2EDF23B0283C7A66C8DEA380BD] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\WINDOWS\Downloaded Program Files\dwusplay.dll [24576]
[MD5.CDBE35EA59BC9223E4F800BD1DB82D27] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\WINDOWS\Downloaded Program Files\dwusplay.exe [196608]
[MD5.3F4413DCD8D3BBABF08F68F25E6D60E1] [SPRF][16/02/2005] (.InstallShield Software Corporation - InstallShield Update Service Web Agent.) -- C:\WINDOWS\Downloaded Program Files\isusweb.dll [401408]
~ Files: Scanned in 00mn 01s
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{9C5E1CAA-60D2-4B22-AF9B-6AB8F9696DCF}" | In - Domain - P6 - TRUE | .(.Pas de propri�taire - Pando Media Booster.) -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
O87 - FAEL: "{A2CBE189-6CA2-45EA-840D-AB89CA008AAF}" | In - Domain - P17 - TRUE | .(.Pas de propri�taire - Pando Media Booster.) -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
O87 - FAEL: "{CCA21C83-77A9-4BD2-B6EB-AC35F4E0BE38}" | In - Private - P6 - TRUE | .(.Pas de propri�taire - Pando Media Booster.) -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
O87 - FAEL: "{73BEC9F4-AE5D-4B44-852B-6E24B40E15E6}" | In - Private - P17 - TRUE | .(.Pas de propri�taire - Pando Media Booster.) -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
O87 - FAEL: "{BE551B5F-E803-4A94-9E6A-550EE045CCEC}" | In - None - P17 - TRUE | .(.Pas de propri�taire - Pando Media Booster.) -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
O87 - FAEL: "{1CA48ABC-4F5F-4FE2-851F-AE83AB62A8E1}" | In - None - P6 - TRUE | .(.BitTorrent, Inc. - �Torrent.) -- C:\Program Files\uTorrent\uTorrent.exe
O87 - FAEL: "{90032EEA-CEC9-4F86-91C1-1F19809C507C}" | In - None - P17 - TRUE | .(.BitTorrent, Inc. - �Torrent.) -- C:\Program Files\uTorrent\uTorrent.exe
~ Firewall: 207 Legitimates Scanned in 00mn 06s
---\\ Scan Additionnel (O88)
Database Version : v2.11497 - (9/04/2013)
Cl�s trouv�es (Keys found) : 25
Valeurs trouv�es (Values found) : 0
Dossiers trouv�s (Folders found) : 5
Fichiers trouv�s (Files found) : 0
[HKLM\Software\Google\Chrome\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj] =>PUP.VShareRedir
[HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper
[HKLM\Software\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}] =>Toolbar.Babylon
[HKLM\Software\Classes\CLSID\{E46C8196-B634-44a1-AF6E-957C64278AB1}] =>Toolbar.Babylon
[HKLM\Software\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\escort.dll] =>Toolbar.Babylon
[HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader
[HKCU\Software\vShare.tv] =>PUP.VShareRedir
[HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Classes\AppID\escort.DLL] =>PUP.Funmoods
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\Arpcache\vShare.tv plugin] =>PUP.VShareRedir
C:\Program Files\vShare.tv plugin =>PUP.VShareRedir
C:\ProgramData\Babylon =>Toolbar.Babylon
C:\Users\User\AppData\Roaming\Babylon =>Toolbar.Babylon
C:\Users\User\AppData\Local\Babylon =>Toolbar.Babylon
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zg8byx6w.default\Extensions\ffxtlbr@babylon.com =>Toolbar.Babylon
~ Additionnel: Scanned in 01mn 21s
---\\ Product Upgrade Codes (O90)
O90 - PUC: "D0239AB2160E17C4CABCCAE0D9F48CB2" . (.Polar Daemon.) -- C:\Windows\Installer\{2BA9320D-E061-4C71-ACCB-AC0E9D4FC82B}\ARPPRODUCTICON.exe
O90 - PUC: "EE354023AEA6A1E4E846273FC3C029F8" . (.Polar WebSync.) -- C:\Windows\Installer\{320453EE-6AEA-4E1A-8E64-72F33C0C928F}\ARPPRODUCTICON.exe
~ Update Products: 108 Legitimates Scanned in 00mn 00s
---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 28/04/2011 136360 | (AntiVirSchedulerService) . (.Avira GmbH.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SR - | Auto 31/08/2011 269480 | (AntiVirService) . (.Avira GmbH.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 837120 | (BlueSoleilCS) . (...) - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
SR - | Demand 98407 | (BsHelpCS) . (...) - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
SR - | Auto 14/10/2008 555560 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
SR - | Auto 262243 | (CLCapSvc) . (...) - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
SS - | Auto 106593 | (CLSched) . (...) - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
SS - | Demand 12/01/2010 227896 | (Com4QLBEx) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
SR - | Auto 24/10/2011 870672 | (EvtEng) . (.Intel(R) Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
SR - | Auto 14/03/2007 62984 | (HP Health Check Service) . (.Hewlett-Packard.) - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
SR - | Demand 19/01/2008 21504 | C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\WINDOWS\System32\svchost.exe
SR - | Auto 19/01/2008 21504 | C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\WINDOWS\System32\svchost.exe
SS - | Demand 30/04/2009 229944 | (hpqwmiex) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
SR - | Auto 12/02/2007 355096 | (IAANTMON) . (.Intel Corporation.) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
SS - | Demand 22/10/2004 73728 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
SR - | Auto 14/12/2006 61440 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
SS - | Demand 14/11/2012 115168 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 19/01/2008 21504 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\WINDOWS\System32\svchost.exe
SR - | Auto 30/08/2012 645992 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SS - | Auto 30/08/2012 1258856 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 19/01/2008 21504 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\WINDOWS\System32\svchost.exe
SR - | Auto 419536 | (Polar Daemon) . (...) - C:\Program Files\Polar\Daemon\polard.exe
SR - | Auto 24/10/2011 481552 | (RegSrvc) . (.Intel(R) Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
SR - | Auto 2/10/2012 3064000 | (Skype C2C Service) . (.Skype Technologies S.A..) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
SS - | Auto 28/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 25/02/2013 543144 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files\Common Files\Steam\SteamService.exe
SS - | Demand 17/02/2007 74656 | (stllssvr) . (.MicroVision Development, Inc..) - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
SR - | Auto 19/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\WINDOWS\System32\svchost.exe
SR - | Auto 19/01/2008 21504 | C:\WINDOWS\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\WINDOWS\System32\svchost.exe
~ Services: Scanned in 00mn 07s
---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
~ MBR: 1 Legitimates Scanned in 00mn 02s
---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by User at 10/04/2013 15:07:39
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
~ 2095 Legitimates filtered by white list
End of the scan (737 lines in 22mn 10s)(0)