Rapport de ZHPDiag v2013.6.4.7 par Nicolas Coolman, Update du 04/06/2013 Run by Administrateur at 04/06/2013 15:38:30 WebSite: http://nicolascoolman.webs.com State : Version à jour. WhiteList : Enable High Elevated Privileges : OK UAC : Activate by user ---\\ Web Browser MSIE: Internet Explorer v7.0.6002.18005 MFIE: Mozilla Firefox 21.0 GCIE: Google Chrome v27.0.1453.94 (Defaut) ---\\ Windows Product Information ~ Langage: Français Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002) Windows Server License Manager Script : OK ~ Vista, OEM_COA_NSLP channel Windows ID Activation : OK ~ Windows Partial Key : D6D3F Windows License : OK Windows Automatic Updates : OK ---\\ System Protection Avira Free Antivirus v12.1.9.402 Spybot - Search & Destroy v1.6.2 ---\\ System Optimizer CCleaner v2.29 =>Piriform Ltd ---\\ Peer To Peer (P2P) eMule µTorrent v3.1.3 =>P2P.µTorrent ---\\ Software Update Adobe Flash Player 11 Plugin Adobe Reader 9.5.4 - Français Java 7 Update 21 ---\\ System Information ~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 1788 MB (27% free) System Restore: Activé (Enable) System drive C: has 20 GB (12%) free of 167 GB ---\\ Logged in mode ~ Computer Name: MAISON ~ User Name: Administrateur ~ All Users Names: UpdatusUser, pour les autres, Administrator, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Users\Administrateur\AppData\Roaming\ ~ %Desktop% : C:\Users\Administrateur\Desktop\ ~ %Favorites% : C:\Users\Administrateur\Desktop\Windows Media Player\eMule\Incoming\Favorites\ ~ %LocalAppData% : C:\Users\Administrateur\AppData\Local\ ~ %StartMenu% : C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 20 Go of 167 Go) D:\ CD-ROM drive (Not Inserted) F:\ Hard drive, Flash drive, Thumb drive (Free 19 Go of 20 Go) G:\ Hard drive, Flash drive, Thumb drive (Free 913 Go of 932 Go) H:\ Floppy drive, Flash card reader, USB Key (Not Inserted) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: Modified [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] WarnOnHTTPSToHTTPRedirect: Modified ~ Security Center: 38 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 07:27:36.) -- C:\Windows\Explorer.exe [2926592] [MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 - 03:23:42.) -- C:\Windows\System32\Wininit.exe [96768] [MD5.567004E0814532794D9CDF4B948058D0] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.13/04/2013 - 07:20:24.) -- C:\Windows\System32\wininet.dll [834048] [MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 07:28:13.) -- C:\Windows\System32\Winlogon.exe [314368] [MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408] [MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 07:32:26.) -- C:\Windows\system32\Drivers\atapi.sys [19944] [MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:23:51.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144] [MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 05:39:17.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072] [MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264] [MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 05:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152] [MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:23:20.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784] [MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:24:25.) -- C:\Windows\system32\Drivers\IpNat.sys [100864] [MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496] [MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 05:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856] [MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.03/03/2013 - 20:07:52.) -- C:\Windows\system32\Drivers\ntfs.sys [1082232] [MD5.8A79FDF04A73428597E2CAF9D0D67850] - (.Microsoft Corporation - Pilote de port parallèle.) (.21/01/2008 - 03:23:01.) -- C:\Windows\system32\Drivers\Parport.sys [79360] [MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/01/2008 - 03:24:55.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288] [MD5.FBC0BACD9C3D7F6956853F64A66E252D] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/01/2008 - 03:23:01.) -- C:\Windows\system32\Drivers\rdpdr.sys [248832] [MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 05:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560] [MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 05:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192] [MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/08/2012 - 12:47:42.) -- C:\Windows\system32\Drivers\volsnap.sys [224640] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 5/4990 ~ Mes musiques (My Musics) : 9/17 ~ Mes Favoris (My Favorites) : 1/5 ~ Mes Documents (My Documents) : 23/431 ~ Mon Bureau (My Desktop) : 1/1005 ~ Menu demarrer (Programs) : 1/41 ~ Hidden Files: Scanned in 00mn 23s ---\\ Processus lancés [MD5.C456658AF90F42BE3CDF1048F9CDB5CA] - (.Microsoft Corporation - Notifications du contrôle parental Windows.) -- C:\Windows\System32\wpcumi.exe [176128] [PID.1908] [MD5.9F0BE235A0136EA9E94CF9BD037C30EC] - (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [348664] [PID.1704] [MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816] [PID.1436] [MD5.390679F7A217A5E73D756276C40AE887] - (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480] [PID.1172] [MD5.8BF6E87D0A6455905B89049851704201] - (.Conduit - Search Protect by Conduit.) -- C:\Users\Administrateur\AppData\Roaming\SearchProtect\bin\cltmng.exe [2731296] [PID.1176] =>Toolbar.Conduit [MD5.B776DFE408E415AA901030C022EEB7DA] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [1821472] [PID.2084] [MD5.F3F709C2D49DD6636F4EDE5C2CAE5448] - (.http://www.emule-project.net - eMule.) -- C:\Program Files\eMule\emule.exe [5758976] [PID.4952] [MD5.BB7245420097B251D1271F5B6F0C9F02] - (.BitTorrent Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe [802136] [PID.5760] =>P2P.µTorrent [MD5.77BD0166102F3B9BB9499B2952C3BCFA] - (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\wlmail.exe [92024] [PID.2768] [MD5.51C392EC9DA1119EC86D562FF3E7344F] - (.Google Inc. - Google Chrome.) -- C:\Users\Administrateur\AppData\Local\Google\Chrome\Application\chrome.exe [825808] [PID.5804] [MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.4756] [MD5.FEB6495A683425CA8D1E92DB7500C977] - (.Enigma Software Group USA, LLC. - SpyHunter4 application.) -- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [6425984] [PID.2476] =>Crapware.SpyHunter [MD5.9F777E35DE4788DD939E94D905EDCCFE] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7457792] [PID.400] [MD5.31B8835B003CAA6D31BEAD83DDBF98E5] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 307.8.) -- C:\Windows\system32\nvvsvc.exe [634656] [PID.856] [MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1252] [MD5.1ED58DA041A992EEEC934290508B6B71] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [865056] [PID.1300] [MD5.B458A95F12D36F55F98A42FD66BAEBFA] - (.Avira Operations GmbH & Co. KG - Avira Scheduler.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224] [PID.1824] [MD5.CC3110EEF77AA0810CAA03741168BA8F] - (.Avira Operations GmbH & Co. KG - Avira On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032] [PID.2668] [MD5.E869E31D3FD7B6314EEFEA4304C413CA] - (.Avira Operations GmbH & Co. KG - Avira Shadow Copy Service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [80336] [PID.3896] [MD5.0629259E3AF6BB0534FCECA208973404] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1258856] [PID.3148] [MD5.85CD5B92052C3D285CC91244C593A1AC] - (.Enigma Software Group USA, LLC. - Service scanner interface.) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [770432] [PID.0] =>Crapware.SpyHunter ~ Processes Running: Scanned in 00mn 16s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\Administrateur\AppData\Local\Google\Chrome\User Data\Default\Preferences ~ Google Browser: 0 Legitimates Filtered in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\Administrateur\AppData\Roaming\Mozilla\Firefox\Profiles\czog45n6.default-1346315948304\prefs.js C:\Users\Administrateur\AppData\Roaming\Mozilla\Firefox\Profiles\czog45n6.default-1346315948304\user.js M3 - MFPP: Plugins - [Administrateur] -- C:\Users\Administrateur\AppData\Roaming\Mozilla\Firefox\Profiles\czog45n6.default-1346315948304\searchplugins\askcom.xml M3 - MFPP: Plugins - [Administrateur] -- C:\Users\Administrateur\AppData\Roaming\Mozilla\Firefox\Profiles\czog45n6.default-1346315948304\searchplugins\conduit.xml M3 - MFPP: Plugins - [Administrateur] -- C:\Users\Administrateur\AppData\Roaming\Mozilla\Firefox\Profiles\czog45n6.default-1346315948304\searchplugins\delta.xml M3 - MFPP: Plugins - [Administrateur] -- C:\Users\Administrateur\AppData\Roaming\Mozilla\Firefox\Profiles\czog45n6.default-1346315948304\searchplugins\mywebsearch.xml =>Adware.MyWebSearch M3 - MFPP: Plugins - [Administrateur] -- C:\Users\Administrateur\AppData\Roaming\Mozilla\Firefox\Profiles\czog45n6.default-1346315948304\searchplugins\Searchab.xml M3 - MFPP: Plugins - [Administrateur] -- C:\Users\Administrateur\AppData\Roaming\Mozilla\Firefox\Profiles\czog45n6.default-1346315948304\searchplugins\WebSearch.xml M3 - MFPP: Plugins - [Administrateur] -- C:\Program Files\Mozilla FireFox\searchplugins\babylon.xml =>Toolbar.Babylon M0 - MFSP: prefs.js [Administrateur - czog45n6.default-1346315948304] http://websearch.lookforithere.info M2 - MFEP: prefs.js [Administrateur - czog45n6.default-1346315948304\aieyggkce@hkjyoei.com] [] BrowSee2saivE v3.8 (..) =>Adware.Browse2Save M2 - MFEP: prefs.js [Administrateur - czog45n6.default-1346315948304\by.gszf@ymfzy.edu] [] Browse2SiAAvae v3.8 (..) =>Adware.Browse2Save M2 - MFEP: prefs.js [Administrateur - czog45n6.default-1346315948304\mjxw@hprcyiau.org] [] BrowSee2saivE v3.8 (..) =>Adware.Browse2Save M2 - MFEP: prefs.js [Administrateur - czog45n6.default-1346315948304\wfkkal@bacdh-.net] [] ccoNtiinuetosavey v3.9 (..) M2 - MFEP: prefs.js [Administrateur - czog45n6.default-1346315948304\ww-gb@tswojfspr.co.uk] [] BirowwsyE2savee v3.8 (..) =>Adware.Browse2Save M2 - MFEP: prefs.js [Administrateur - czog45n6.default-1346315948304\xlm3b3_b3@fpjoj-oyuy.org] [] ccoNtiinuetosavey v3.9 (..) M2 - MFEP: prefs.js [Administrateur - czog45n6.default-1346315948304\{0ecc6c22-c813-42ee-be3b-94bda0efe49f}] [] express-files FR v10.15.0.62 (..) =>Adware.ExpressFiles M2 - MFEP: prefs.js [Administrateur - czog45n6.default-1346315948304\{88ac3cb6-596b-4217-964c-b6757ef9602d}] [] express-files v10.15.0.562 (..) =>Adware.ExpressFiles P2 - FPN:Firefox Plugin Navigator . (.BitTorrent, Inc. - BitTorrent Plugin 1.) -- C:\Program Files\Mozilla Firefox\Plugins\npbittorrent.dll =>P2P.BitTorrent P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - 1.9.0042.0.) -- C:\Program Files\Mozilla Firefox\Plugins\npLegitCheckPlugin.dll P2 - FPN: [HKLM] [@bittorrent.com/BitTorrentDNA] - (.BitTorrent, Inc. - Delivery Network Acceleration by BitTorrent™.) -- C:\Program Files\DNA\plugins\npbtdna.dll =>P2P.BitTorrent ~ Firefox Browser: 55 Legitimates Filtered in 00mn 01s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.lookforithere.info R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.search-web.net R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.search-web.net R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.search-web.net R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.search-web.net R3 - URLSearchHook: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} . (.Google Inc. - Google Update.) (No version) -- (.not file.) R3 - URLSearchHook: (no name) - {81fae9c9-cfbd-4cb3-8322-412e72f55f65} . (.Google Inc. - Google Update.) (No version) -- (.not file.) R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Google Inc. - Google Update.) (No version) -- (.not file.) R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 0 ~ IE Browser: 15 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ Keys: Scanned in 00mn 00s ---\\ Redirection du fichier Hosts (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 05s ~ Nombre de lignes (Lines number): 15291 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} . (...) -- C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: Zoomex - {52DAAFBB-F7CB-1663-EC86-B6272DB9BE63} . (...) -- C:\ProgramData\Zoomex\50ebcee998191.dll =>Adware.ZoomEx O2 - BHO: BrowSee2saivE - {533C6DF5-341A-BDBC-1785-890B2BBED1CC} . (...) -- C:\ProgramData\BrowSee2saivE\517fa1077883b.dll =>Adware.Browse2Save O2 - BHO: Browse2SiAAvae - {5D071C55-8D87-476C-00E0-B7F6987B8FB7} . (...) -- C:\ProgramData\Browse2SiAAvae\515314792cd9b.dll =>Adware.Browse2Save O2 - BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} Clé orpheline =>PUP.Funmoods O2 - BHO: (no name) - {81fae9c9-cfbd-4cb3-8322-412e72f55f65} Clé orpheline O2 - BHO: (no name) - {88ac3cb6-596b-4217-964c-b6757ef9602d} Clé orpheline O2 - BHO: Zoomex - {95D01806-4A50-A1C6-49D0-F7EFF62CCBD3} . (...) -- C:\ProgramData\Zoomex\50e880bbc69f6.dll =>Adware.ZoomEx O2 - BHO: BirowwsyE2savee - {9771150F-3F4D-22C5-8AF4-D19BBB2B9FA2} . (...) -- C:\ProgramData\BirowwsyE2savee\5152f8c855517.dll =>Adware.Browse2Save O2 - BHO: Zoomex - {C2D13AFC-E465-6EC9-5A24-13365B60DC96} . (...) -- C:\ProgramData\Zoomex\50ebd66fde49a.dll =>Adware.ZoomEx O2 - BHO: ccoNtiinuetosavey - {C52EC676-A65B-8D4C-B848-0857D98185BF} . (...) -- C:\ProgramData\ccoNtiinuetosavey\518d4b54405d1.dll =>PUP.OfferWare O2 - BHO: Help the General-Search Project - {CA4520F3-AE13-4FB1-A513-58E23991C86D} . (...) -- C:\Users\Administrateur\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.dll =>PUP.MediaFinder O2 - BHO: ccoNtiinuetosavey - {CAACDA61-38F6-D9B8-9C34-427A5EAAE575} . (...) -- C:\ProgramData\ccoNtiinuetosavey\518d4b4fbbc66.dll =>PUP.OfferWare O2 - BHO: BrowSee2saivE - {D2982B48-0976-FBBC-CEA7-A48D7EFD2AA4} . (...) -- C:\ProgramData\BrowSee2saivE\517fa0ca83ffa.dll =>Adware.Browse2Save O2 - BHO: (no name) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} Clé orpheline O2 - BHO: Zoomex - {E26AC380-B925-37F5-3F4E-0FB1FEE42D4F} . (...) -- C:\ProgramData\Zoomex\50e88160f0df9.dll =>Adware.ZoomEx O2 - BHO: Zoomex - {E93F08DC-B01A-9DA2-7084-460D1EB03EBE} . (...) -- C:\ProgramData\Zoomex\50ebcdea9db36.dll =>Adware.ZoomEx O2 - BHO: (no name) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Clé orpheline ~ BHO: 27 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: Lexmark Barre d'outils - [HKLM]{1017A80C-6F09-4548-A84D-EDD6AC9525F0} . (...) -- C:\Program Files\Lexmark Toolbar\toolband.dll ~ Toolbar: Scanned in 00mn 00s ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [WPCUMI] . (.Microsoft Corporation - Notifications du contrôle parental Windows.) -- C:\Windows\system32\WpcUmi.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe O4 - HKLM\..\Run: [SearchProtectAll] . (.Conduit - Search Protect by Conduit.) -- C:\Program Files\SearchProtect\bin\cltmng.exe =>Toolbar.Conduit O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\Administrateur\AppData\Local\Google\Update\GoogleUpdate.exe O4 - HKCU\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [SearchProtect] . (.Conduit - Search Protect by Conduit.) -- C:\Users\Administrateur\AppData\Roaming\SearchProtect\bin\cltmng.exe =>Toolbar.Conduit O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll O4 - HKUS\S-1-5-21-3810388439-2174192140-2591468744-1002\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-21-3810388439-2174192140-2591468744-1002\..\Run: [WindowsWelcomeCenter] oobefldr.dll ~ Application: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Programs: Windows Mail.lnk . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files\Windows Mail\WinMail.exe O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe O4 - GS\QuickLaunch: BearShare.lnk . (.MusicLab, LLC - BearShare.) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe =>PUP.BearShare O4 - Global Startup: C:\Users\Administrateur\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Chat-Land site de chat et de rencontre gratuit.URL . (.MusicLab, LLC - BearShare.) -- C:\Users\Administrateur\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Chat-Land site de chat et de rencontre gratuit.URL =>PUP.BearShare O4 - GS\QuickLaunch: Corneille-feat-La-Fouine--Des-Peres-des-Hommes-et-des-Freres-Smartorrent.exe - Raccourci.lnk . (...) -- C:\Users\Administrateur\Documents\Downloads\Corneille-feat-La-Fouine--Des-Peres-des-Hommes-et-des-Freres-Smartorrent.exe (.not file.) O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\Administrateur\AppData\Local\Google\Chrome\Application\chrome.exe O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O4 - GS\QuickLaunch: Spybot - Search & Destroy.lnk . (.Safer Networking Limited - Spybot - Search & Destroy.) -- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe O4 - GS\QuickLaunch: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe =>P2P.µTorrent O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Desktop: BearShare.lnk . (.MusicLab, LLC - BearShare.) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe =>PUP.BearShare O4 - GS\Desktop: Calculator.lnk . (.Microsoft Corporation - Calculatrice de Windows.) -- C:\Windows\System32\calc.exe O4 - GS\Desktop: Courrier électronique - Raccourci.lnk - Clé orpheline O4 - GS\Desktop: Downloads.lnk . (...) -- C:\Users\Administrateur\Documents\Downloads O4 - GS\Desktop: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\Administrateur\AppData\Local\Google\Chrome\Application\chrome.exe O4 - GS\Desktop: Microsoft Office Word 2007.lnk . (...) -- C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe O4 - GS\Desktop: Nettoyez votre registre gratuitement!.lnk - Clé orpheline O4 - GS\Desktop: Revo Uninstaller.lnk . (.VS Revo Group - Revo Uninstaller.) -- C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe O4 - GS\Desktop: SpyHunter.lnk . (.Enigma Software Group USA, LLC. - SpyHunter4 application.) -- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe =>Crapware.SpyHunter O4 - GS\Desktop: Watchtower Library 2012 - Français.lnk . (.Watch Tower Bible and Tract Society of Penn - Watchtower Library 2012 - Édition française.) -- C:\Program Files\Watchtower\Watchtower Library 2012\F\WTLibrary.exe ~ Global Startup: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} . (.Microsoft Corporation - Windows Live Messenger Companion core resources.) -- C:\Program Files\Windows Live\Companion\companionres.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO O9 - Extra button: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -- Clé orpheline ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{0B2C8E50-9AE2-4EAB-A681-16FD64E4AF45}: DhcpNameServer = 212.27.40.241 212.27.40.240 O17 - HKLM\System\CCS\Services\Tcpip\..\{56E90553-B959-4DFF-95B5-A0FB92ECB603}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CCS\Services\Tcpip\..\{C4B9B3E9-71E2-4BAE-B604-4F6E6C3B54DC}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CS1\Services\Tcpip\..\{0B2C8E50-9AE2-4EAB-A681-16FD64E4AF45}: DhcpNameServer = 212.27.40.241 212.27.40.240 O17 - HKLM\System\CS1\Services\Tcpip\..\{56E90553-B959-4DFF-95B5-A0FB92ECB603}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CS1\Services\Tcpip\..\{C4B9B3E9-71E2-4BAE-B604-4F6E6C3B54DC}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CS2\Services\Tcpip\..\{0B2C8E50-9AE2-4EAB-A681-16FD64E4AF45}: DhcpNameServer = 212.27.40.241 212.27.40.240 O17 - HKLM\System\CS2\Services\Tcpip\..\{56E90553-B959-4DFF-95B5-A0FB92ECB603}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CS2\Services\Tcpip\..\{C4B9B3E9-71E2-4BAE-B604-4F6E6C3B54DC}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - AppInit_DLLs: . (...) - C:\Program Files\browse~1\sprote~1.dll (.not file.) ~ AppInit DLL: Scanned in 00mn 00s ---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22) O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll ~ STS/SSO: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: SpyHunter 4 Service (SpyHunter 4 Service) . (.Enigma Software Group USA, LLC. - Service scanner interface.) - C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe =>Crapware.SpyHunter ~ Services: 5 Legitimates Filtered in 00mn 14s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\Windows\Tasks\RegClean Pro_DEFAULT.job [282] =>Rogue.RegistryPowerCleaner O39 - APT:Automatic Planified Task - C:\Windows\Tasks\RegClean Pro_UPDATES.job [290] =>Rogue.RegistryPowerCleaner [MD5.00000000000000000000000000000000] [APT] [Ad-Aware Update (Weekly)] (...) -- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [Express FilesUpdate] (...) -- C:\Program Files\ExpressFiles\EFUpdater.exe (.not file.) [0] =>Adware.ExpressFiles [MD5.177EC6C4172F9B1731E6E7903A78186D] [APT] [RegClean Pro] (.Systweak Inc.) -- C:\Program Files\RegClean Pro\RegCleanPro.exe [7853064] =>Rogue.RegistryPowerCleaner [MD5.177EC6C4172F9B1731E6E7903A78186D] [APT] [RegClean Pro_DEFAULT] (.Systweak Inc.) -- C:\Program Files\RegClean Pro\RegCleanPro.exe [7853064] =>Rogue.RegistryPowerCleaner [MD5.177EC6C4172F9B1731E6E7903A78186D] [APT] [RegClean Pro_UPDATES] (.Systweak Inc.) -- C:\Program Files\RegClean Pro\RegCleanPro.exe [7853064] =>Rogue.RegistryPowerCleaner [MD5.FEB6495A683425CA8D1E92DB7500C977] [APT] [SpyHunter4Startup] (.Enigma Software Group USA, LLC..) -- C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [6425984] =>Crapware.SpyHunter [MD5.00000000000000000000000000000000] [APT] [{38FABFED-A685-4133-BC99-12401F7840D6}] (...) -- C:\Users\Administrateur\Desktop\word.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{E146F2F5-033F-44EF-9E31-B20353F45189}] (...) -- C:\Users\Administrateur\Desktop\wmp11-windowsxp-x86-FR-FR.exe (.not file.) [0] ~ Scheduled Task: 18 Legitimates Filtered in 00mn 08s ---\\ Logiciels installés (O42) O42 - Logiciel: BearShare - (.Musiclab, LLC.) [HKLM] -- BearShare =>PUP.BearShare O42 - Logiciel: BrowseToSave - (...) [HKLM] -- {01D5CB46-E0CC-4B4E-A9A5-A8EEDA36E9B0} =>Adware.Browse2Save O42 - Logiciel: ContinueToSave - (...) [HKLM] -- {3784D5BB-FB34-40A8-A243-B316EC67F74D} =>PUP.OfferWare O42 - Logiciel: RegClean Pro - (.Systweak Inc.) [HKLM] -- RegClean Pro_is1 =>Rogue.RegistryPowerCleaner O42 - Logiciel: Search Assistant WebSearch 1.74 - (...) [HKLM] -- SP_b0285714 O42 - Logiciel: Search Protect by conduit - (.Conduit.) [HKLM] -- SearchProtect =>Toolbar.Conduit O42 - Logiciel: SpyHunter - (.Enigma Software Group USA, LLC.) [HKLM] -- {E89498D8-1430-4A2B-A76A-4A71326981E9} =>Crapware.SpyHunter O42 - Logiciel: Watchtower Library 2012 - Français - (.Watchtower Bible and Tract Society of Pennsylvania, Inc..) [HKLM] -- {429C765D-42CC-4F2A-A6CA-2737630E502A} ~ Logic: 75 Legitimates Filtered in 00mn 01s ---\\ HKCU & HKLM Software Keys [HKCU\Software\58edbdce56abe15] [HKCU\Software\AppDataLow\SProtector] =>PUP.Mocaflix [HKCU\Software\AppDataLow\Software\ConduitSearchScopes] [HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong [HKCU\Software\AppDataLow\Software\Smartbar] =>Hijacker.SmartBar [HKCU\Software\AppDataLow\Software\toolbar] [HKCU\Software\Ask&Record] [HKCU\Software\BabylonToolbar] =>Toolbar.Babylon [HKCU\Software\BearShare] =>PUP.BearShare [HKCU\Software\DataMngr] =>PUP.Datamngr [HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr [HKCU\Software\ExpressFiles] =>Adware.ExpressFiles [HKCU\Software\IM] [HKCU\Software\IncrediMail] [HKCU\Software\InstallCore] =>PUP.InstallCore [HKCU\Software\MediaFinder] =>PUP.MediaFinder [HKCU\Software\MegaCloud] [HKCU\Software\OfferBox] =>PUP.OfferBox [HKCU\Software\PlayMP3Plus] [HKCU\Software\SearchProtect] =>Toolbar.Conduit [HKCU\Software\Softonic] [HKCU\Software\StartSearch] =>PUP.StartSearch [HKCU\Software\SweetIM] =>PUP.SweetIM [HKCU\Software\Watchtower] [HKCU\Software\Zugo] =>Adware.Zugo [HKCU\Software\delta LTD] [HKCU\Software\ilivid] =>Adware.Bandoo [HKCU\Software\ƒAƒvƒŠƒP[ƒVƒ‡ƒ“ ƒEƒBƒU[ƒh‚Ŷ¬‚³‚ꂽƒ[ƒJƒ‹ ƒAƒvƒŠƒP[ƒVƒ‡ƒ“] [HKLM\Software\58edbdce56abe15] [HKLM\Software\Babylon] =>Toolbar.Babylon [HKLM\Software\DataMngr] =>PUP.Datamngr [HKLM\Software\ExpressFiles] =>Adware.ExpressFiles [HKLM\Software\Foxreal YouTube FLV Downloader] [HKLM\Software\Iminent] =>Adware.IMBooster [HKLM\Software\My Password Manager] [HKLM\Software\OfferBox] =>PUP.OfferBox [HKLM\Software\SP Global] =>PUP.AdvancedSystemProtector [HKLM\Software\SProtector] =>PUP.Mocaflix [HKLM\Software\Tarma Installer] =>Toolbar.Tarma [HKLM\Software\WATCHTOWER] [HKLM\Software\babylontoolbar] =>Toolbar.Babylon ~ Key Software: 210 Legitimates Filtered in 00mn 01s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 04/08/2011 - 16:34:53 - [1,304] ----D C:\Program Files\Bandoo =>Adware.Bandoo O43 - CFD: 25/04/2013 - 14:23:58 - [43,112] ----D C:\Program Files\BearShare Applications =>PUP.BearShare O43 - CFD: 30/04/2013 - 12:46:13 - [1,473] ----D C:\Program Files\BrowseToSave =>Adware.Browse2Save O43 - CFD: 10/05/2013 - 21:32:57 - [1,473] ----D C:\Program Files\ContinueToSave =>PUP.Offerware O43 - CFD: 20/01/2009 - 09:05:22 - [0,403] ----D C:\Program Files\DNA O43 - CFD: 04/06/2013 - 14:17:21 - [7,342] ----D C:\Program Files\FA1D7 O43 - CFD: 04/08/2011 - 16:08:27 - [0] ----D C:\Program Files\LimeWire O43 - CFD: 30/04/2013 - 12:45:42 - [14,235] ----D C:\Program Files\RegClean Pro =>Rogue.RegistryPowerCleaner O43 - CFD: 17/03/2013 - 12:32:00 - [6,521] ----D C:\Program Files\SearchProtect =>Toolbar.Conduit O43 - CFD: 11/04/2013 - 16:24:09 - [0] ----D C:\Program Files\TornTV.com =>Hijacker.TornTV O43 - CFD: 08/05/2013 - 16:05:09 - [411,683] ----D C:\Program Files\Watchtower O43 - CFD: 10/05/2013 - 21:33:36 - [1,470] ----D C:\Program Files\WebSearch O43 - CFD: 17/02/2013 - 22:33:35 - [0,440] ----D C:\Program Files\ZoomEx =>Adware.ZoomEx O43 - CFD: 04/02/2013 - 15:36:57 - [0] ----D C:\ProgramData\Ask O43 - CFD: 04/03/2013 - 22:31:33 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon O43 - CFD: 03/05/2013 - 22:20:02 - [0,079] ----D C:\ProgramData\BearShare =>PUP.BearShare O43 - CFD: 11/04/2013 - 16:34:56 - [0,191] ----D C:\ProgramData\BirowwsyE2savee =>Adware.Browse2Save O43 - CFD: 11/04/2013 - 16:34:54 - [0,191] ----D C:\ProgramData\Browse2SiAAvae =>Adware.Browse2Save O43 - CFD: 03/05/2013 - 19:11:05 - [0,333] ----D C:\ProgramData\BrowSee2saivE =>Adware.Browse2Save O43 - CFD: 10/05/2013 - 21:32:13 - [0,304] ----D C:\ProgramData\ccoNtiinuetosavey =>PUP.OfferWare O43 - CFD: 10/05/2013 - 21:34:40 - [19,195] ----D C:\ProgramData\InstallMate O43 - CFD: 17/02/2013 - 22:33:41 - [0] ----D C:\ProgramData\Premium O43 - CFD: 10/05/2013 - 21:34:08 - [0] ----D C:\ProgramData\StarApp O43 - CFD: 11/04/2013 - 16:24:56 - [1,195] ----D C:\ProgramData\Tarma Installer =>Toolbar.Tarma O43 - CFD: 30/06/2010 - 21:36:52 - [0] ----D C:\ProgramData\ThumbnailCache4R O43 - CFD: 04/06/2013 - 14:19:01 - [0,654] ----D C:\ProgramData\Zoomex =>Adware.ZoomEx O43 - CFD: 03/05/2013 - 22:19:54 - [48,622] ----D C:\ProgramData\{0E4787A8-ED84-4FF5-B0A8-9F02006086D1} O43 - CFD: 09/02/2012 - 13:50:14 - [18,273] ----D C:\ProgramData\{A0559A84-0A11-425F-BFFC-532378694B25} O43 - CFD: 04/03/2013 - 22:31:33 - [0,008] ----D C:\Users\Administrateur\AppData\Roaming\Babylon =>Toolbar.Babylon O43 - CFD: 17/02/2013 - 22:08:41 - [0,350] ----D C:\Users\Administrateur\AppData\Roaming\eType O43 - CFD: 17/03/2013 - 12:30:55 - [0,001] ----D C:\Users\Administrateur\AppData\Roaming\ExpressFiles =>Adware.ExpressFiles O43 - CFD: 28/03/2012 - 17:57:35 - [0,001] ----D C:\Users\Administrateur\AppData\Roaming\Foxreal O43 - CFD: 27/07/2012 - 22:20:44 - [0,424] ----D C:\Users\Administrateur\AppData\Roaming\Media Finder =>PUP.MediaFinder O43 - CFD: 26/12/2011 - 21:28:58 - [0,003] ----D C:\Users\Administrateur\AppData\Roaming\MegaCloud O43 - CFD: 27/03/2013 - 17:08:39 - [0] ----D C:\Users\Administrateur\AppData\Roaming\NCdownloader O43 - CFD: 17/02/2013 - 22:20:25 - [0,367] ----D C:\Users\Administrateur\AppData\Roaming\OfferBox =>PUP.OfferBox O43 - CFD: 17/03/2013 - 12:32:00 - [8,420] ----D C:\Users\Administrateur\AppData\Roaming\SearchProtect =>Toolbar.Conduit O43 - CFD: 11/04/2013 - 16:20:46 - [0,930] ----D C:\Users\Administrateur\AppData\Roaming\Shareaza O43 - CFD: 07/01/2011 - 09:39:30 - [0] ----D C:\Users\Administrateur\AppData\Roaming\Watchtower O43 - CFD: 28/03/2012 - 16:38:30 - [0,164] ----D C:\Users\Administrateur\AppData\Local\APN O43 - CFD: 01/06/2013 - 08:19:27 - [84,158] ----D C:\Users\Administrateur\AppData\Local\BearShare =>PUP.BearShare O43 - CFD: 04/08/2011 - 16:35:01 - [0,014] ----D C:\Users\Administrateur\AppData\Local\Ilivid Player =>Adware.Bandoo O43 - CFD: 02/03/2013 - 12:33:46 - [101,117] ----D C:\Users\Administrateur\AppData\Local\Shareaza O43 - CFD: 22/11/2008 - 16:40:13 - [0,003] ----D C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Advanced Spy O43 - CFD: 04/06/2013 - 12:53:54 - [0,005] ----D C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter =>Crapware.SpyHunter O43 - CFD: 08/05/2013 - 16:16:43 - [0,001] ----D C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com =>Hijacker.TornTV ~ 1270 Dossiers CLSID vides (CLSID Empty Folders) ~ Program Folder: 1658 Legitimates Filtered in 01mn 12s ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.782CC0F3787549AD93CEE32E0F2C58DA] - 01/06/2013 - 07:12:46 ---A- - C:\Windows\Prefetch\BEARSHARE.EXE-D62DC8F8.pf =>PUP.BearShare O45 - LFCP:[MD5.17C14BD5D92DC4226A275F39185A7F59] - 03/06/2013 - 08:07:48 ---A- - C:\Windows\Prefetch\WTLIBRARY.EXE-D16FE2AE.pf O45 - LFCP:[MD5.8EA59851380B5B8D1474E2F7334DF3DA] - 04/06/2013 - 06:17:21 ---A- - C:\Windows\Prefetch\EMULE.EXE-188E10F6.pf O45 - LFCP:[MD5.C9695BC15D550FA30A8272BE2A8F4692] - 04/06/2013 - 11:50:16 ---A- - C:\Windows\Prefetch\SPYHUNTER-INSTALLER.EXE-0A189D5F.pf =>Crapware.SpyHunter O45 - LFCP:[MD5.27AF7CEF5B295C462276BC5C4E0A1299] - 04/06/2013 - 11:52:55 ---A- - C:\Windows\Prefetch\WISECUSTOMCALLA17.EXE-9D8316E4.pf =>Crapware.SpyHunter O45 - LFCP:[MD5.639A8CC465F31D4188EE4ABE54C37DF3] - 04/06/2013 - 11:53:06 ---A- - C:\Windows\Prefetch\WISECUSTOMCALLA18.EXE-B0D8D169.pf =>Crapware.SpyHunter O45 - LFCP:[MD5.7C01DBF3BAE5C98A0A14A281D2F4BAE3] - 04/06/2013 - 11:53:16 ---A- - C:\Windows\Prefetch\WISECUSTOMCALLA19.EXE-C42E8BEE.pf =>Crapware.SpyHunter O45 - LFCP:[MD5.5E97E7D7EE84F179192F6611FCDAF03E] - 04/06/2013 - 11:53:17 ---A- - C:\Windows\Prefetch\WISECUSTOMCALLA20.EXE-7B9D6E7E.pf =>Crapware.SpyHunter O45 - LFCP:[MD5.F10931D324DC772AE0DF99D2BAD9E4E0] - 04/06/2013 - 11:54:11 ---A- - C:\Windows\Prefetch\WISECUSTOMCALLA22.EXE-A248E388.pf =>Crapware.SpyHunter O45 - LFCP:[MD5.61E84371B66AE89F456311864F4EBEEB] - 04/06/2013 - 11:54:33 ---A- - C:\Windows\Prefetch\SH4SER~1.EXE-CF0016EB.pf O45 - LFCP:[MD5.EA9A31B1AB442610A8AE41481E57AB4B] - 04/06/2013 - 11:54:40 ---A- - C:\Windows\Prefetch\ESGRKCHK.EXE-121BE0F5.pf O45 - LFCP:[MD5.B1DB542A278E2D14D35BCAA569FC3A7C] - 04/06/2013 - 11:54:52 ---A- - C:\Windows\Prefetch\SPYHUNTER4.EXE-7BD5E907.pf =>Crapware.SpyHunter ~ Prefetcher: 139 Legitimates Filtered in 00mn 01s ---\\ MountPoints2 Shell Key (O51) O51 - MPSK:{16883931-52e5-11e1-8294-001d7da70c74}\AutoRun\command. (...) -- H:\KODAK_Camera_Setup_App.exe (.not file.) O51 - MPSK:{3f043462-e257-11df-9821-001d7da70c74}\AutoRun\command. (...) -- H:\wd_windows_tools\setup.exe (.not file.) O51 - MPSK:{7ee31cfe-aa47-11dd-b9a8-001d7da70c74}\AutoRun\command. (...) -- G:\MIRA.exe (.not file.) O51 - MPSK:{94d7c507-bf9e-11de-9899-001d7da70c74}\AutoRun\command. (...) -- H:\AdobeR.exe (.not file.) O51 - MPSK:{d33e5132-2144-11e0-bc1b-001d7da70c74}\AutoRun\command. (...) -- C:\Windows\system32\I:\launcher.exe (.not file.) O51 - MPSK:{f0567f8c-53ad-11df-95da-001d7da70c74}\AutoRun\command. (...) -- H:\launcher.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ ShareTools MSconfig StartupReg (O53) O53 - SMSR:HKLM\...\startupreg\BitTorrent DNA [Key] . (...) -- C:\Users\Administrateur\Program Files\DNA\btdna.exe (.not file.) =>P2P.BitTorrent O53 - SMSR:HKLM\...\startupreg\eMuleAutoStart [Key] . (.http://www.emule-project.net - eMule.) -- C:\Program Files\eMule\emule.exe O53 - SMSR:HKLM\...\startupreg\Freecorder FLV Service [Key] . (...) -- C:\Program Files\Freecorder\FLVSrvc.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\Media Finder [Key] . (...) -- C:\Program Files\Media Finder\Media Finder.exe (.not file.) =>PUP.MediaFinder O53 - SMSR:HKLM\...\startupreg\My Password Manager [Key] . (...) -- C:\Program Files\My Password Manager\mypass.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\offerbox [Key] . (...) -- C:\Program Files\OfferBox\OfferBox.exe (.not file.) =>PUP.OfferBox O53 - SMSR:HKLM\...\startupreg\RavMont [Key] . (...) -- C:\Windows\system32\MIRA.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (.BitTorrent Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe =>P2P.µTorrent ~ SMSR Keys: 21 Legitimates Filtered in 00mn 00s ---\\ Microsoft Windows Policies System (O55) O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 ~ MWPS: 18 Legitimates Filtered in 00mn 00s ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.BC945D9C5292531EE04DC5892D411B95] - 16/03/2009 - 13:51:08 ---A- . (.Alice Box - Carte réseau virtuelle Alice Box.) -- C:\Windows\System32\Drivers\abxusb32.sys [24576] O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029] ~ Drivers: Scanned in 00mn 00s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 01/06/2013 - 07:15:35 ---A- C:\Users\Administrateur\AppData\Local\BearShare\Artwork\D&D - youtube - h8oXXm3sOtM.jpeg [1222] =>PUP.BearShare O61 - LFC: 01/06/2013 - 07:15:35 ---A- C:\Users\Administrateur\AppData\Local\BearShare\Artwork\youtube - h8oXXm3sOtM(150x150).jpeg [3872] =>PUP.BearShare O61 - LFC: 01/06/2013 - 07:15:35 ---A- C:\Users\Administrateur\AppData\Local\BearShare\Artwork\youtube - h8oXXm3sOtM.jpeg [1222] =>PUP.BearShare O61 - LFC: 01/06/2013 - 07:17:03 ---A- C:\Users\Administrateur\AppData\Local\BearShare\shistory.im [742] =>PUP.BearShare O61 - LFC: 01/06/2013 - 07:19:28 ---A- C:\Users\Administrateur\AppData\Local\BearShare\Artwork\D&D - youtube - b3HeLs8Yosw(100x100).jpeg [7331] =>PUP.BearShare O61 - LFC: 01/06/2013 - 07:19:28 ---A- C:\Users\Administrateur\AppData\Local\BearShare\Artwork\D&D - youtube - b3HeLs8Yosw.jpeg [11978] =>PUP.BearShare O61 - LFC: 01/06/2013 - 07:19:28 ---A- C:\Users\Administrateur\AppData\Local\BearShare\Artwork\youtube - b3HeLs8Yosw(150x150).jpeg [14140] =>PUP.BearShare O61 - LFC: 01/06/2013 - 07:19:28 ---A- C:\Users\Administrateur\AppData\Local\BearShare\Artwork\youtube - b3HeLs8Yosw.jpeg [11978] =>PUP.BearShare O61 - LFC: 01/06/2013 - 07:20:04 ---A- C:\Users\Administrateur\AppData\Local\BearShare\Artwork\D&D - youtube - 9sY-TsLXiDo(100x100).jpeg [4786] =>PUP.BearShare O61 - LFC: 01/06/2013 - 07:20:04 ---A- C:\Users\Administrateur\AppData\Local\BearShare\Artwork\D&D - youtube - 9sY-TsLXiDo.jpeg [7206] =>PUP.BearShare O61 - LFC: 01/06/2013 - 07:20:04 ---A- C:\Users\Administrateur\AppData\Local\BearShare\Artwork\youtube - 9sY-TsLXiDo(150x150).jpeg [8806] =>PUP.BearShare O61 - LFC: 01/06/2013 - 07:20:04 ---A- C:\Users\Administrateur\AppData\Local\BearShare\Artwork\youtube - 9sY-TsLXiDo.jpeg [7206] =>PUP.BearShare O61 - LFC: 01/06/2013 - 07:20:15 ---A- C:\Users\Administrateur\AppData\Local\BearShare\Artwork\D&D - youtube - g5FGRv-SJoQ(100x100).jpeg [5976] =>PUP.BearShare O61 - LFC: 01/06/2013 - 07:20:15 ---A- C:\Users\Administrateur\AppData\Local\BearShare\Artwork\D&D - youtube - g5FGRv-SJoQ.jpeg [8754] =>PUP.BearShare O61 - LFC: 01/06/2013 - 07:20:15 ---A- C:\Users\Administrateur\AppData\Local\BearShare\Artwork\youtube - g5FGRv-SJoQ(150x150).jpeg [10912] =>PUP.BearShare O61 - LFC: 01/06/2013 - 07:20:15 ---A- C:\Users\Administrateur\AppData\Local\BearShare\Artwork\youtube - g5FGRv-SJoQ.jpeg [8754] =>PUP.BearShare O61 - LFC: 01/06/2013 - 07:20:38 ---A- C:\Users\Administrateur\AppData\Local\BearShare\Statistics.xml [5318] =>PUP.BearShare O61 - LFC: 01/06/2013 - 07:20:39 ---A- C:\Users\Administrateur\AppData\Local\BearShare\Data\rjn.a92 [90] =>PUP.BearShare O61 - LFC: 01/06/2013 - 07:20:40 ---A- C:\Users\Administrateur\AppData\Local\BearShare\Data\Albums.db [4333568] =>PUP.BearShare O61 - LFC: 01/06/2013 - 07:20:40 ---A- C:\Users\Administrateur\AppData\Local\BearShare\Data\Artists.db [4317184] =>PUP.BearShare O61 - LFC: 01/06/2013 - 07:20:40 ---A- C:\Users\Administrateur\AppData\Local\BearShare\Data\ContentFile.db [4366336] =>PUP.BearShare O61 - LFC: 01/06/2013 - 07:20:40 ---A- C:\Users\Administrateur\AppData\Local\BearShare\Data\DownloadFile.db [4456448] =>PUP.BearShare O61 - LFC: 01/06/2013 - 07:20:40 ---A- C:\Users\Administrateur\AppData\Local\BearShare\Data\Playlists.db [4276224] =>PUP.BearShare O61 - LFC: 01/06/2013 - 07:20:40 ---A- C:\Users\Administrateur\AppData\Local\BearShare\Data\VirtualFile.db [4644864] =>PUP.BearShare O61 - LFC: 02/06/2013 - 19:04:01 R--A- C:\Users\Administrateur\Documents\Downloads\Una Notte Da Leoni 3 2013 iTALiAN MD TS x264-TrTd TeaM\TrTd TeaM info.txt [952] O61 - LFC: 02/06/2013 - 19:04:01 R--A- C:\Users\Administrateur\Documents\Downloads\Una Notte Da Leoni 3 2013 iTALiAN MD TS x264-TrTd TeaM\Una.Notte.Da.Leoni.3.2013.iTALiAN.MD.TS.x264-TrTd_TeaM.txt [6987] O61 - LFC: 02/06/2013 - 19:27:43 R--A- C:\Users\Administrateur\Documents\Downloads\Una Notte Da Leoni 3 2013 iTALiAN MD TS x264-TrTd TeaM\Una.Notte.Da.Leoni.3.2013.iTALiAN.MD.TS.x264-TrTd_TeaM.mkv [345632690] O61 - LFC: 03/06/2013 - 10:50:31 R--A- C:\Users\Administrateur\Documents\Downloads\Person.Of.Interest.2x14.Uno.Percento.ITA.ENG.720p.DLMux.h264-NR.mkv [1507451453] O61 - LFC: 04/06/2013 - 06:18:08 ---A- C:\Users\Administrateur\AppData\Roaming\SearchProtect\bin\rep.dat [6840] =>Toolbar.Conduit O61 - LFC: 04/06/2013 - 07:13:54 R--A- C:\Users\Administrateur\Documents\Downloads\Parto Con Mamma 2012 iTALiAN BrRip AC3 5.1 x264 - TrTd TeaM\Parto Con Mamma 2012 iTALiAN BrRip AC3 5.1 x264 - TrTd TeaM mkv 437MB.txt [6566] O61 - LFC: 04/06/2013 - 07:13:54 R--A- C:\Users\Administrateur\Documents\Downloads\Parto Con Mamma 2012 iTALiAN BrRip AC3 5.1 x264 - TrTd TeaM\TrTd TeaM info.txt [962] O61 - LFC: 04/06/2013 - 11:11:27 R--A- C:\Users\Administrateur\Documents\Downloads\Parto Con Mamma 2012 iTALiAN BrRip AC3 5.1 x264 - TrTd TeaM\Parto.Con.Mamma.2012.iTALiAN.BrRip.AC3.5.1.x264-TrTd_TeaM.mkv [458299910] O61 - LFC: 04/06/2013 - 11:22:00 ---A- C:\Users\Administrateur\Documents\Downloads\accuseReception.pdf [16990] O61 - LFC: 04/06/2013 - 11:44:48 ---A- C:\Users\Administrateur\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [267487] O61 - LFC: 04/06/2013 - 11:50:01 ---A- C:\Users\Administrateur\Documents\Downloads\SpyHunter-Installer.exe [726464] =>Crapware.SpyHunter O61 - LFC: 04/06/2013 - 11:53:59 R--A- C:\Users\Administrateur\AppData\Roaming\Microsoft\Installer\{E89498D8-1430-4A2B-A76A-4A71326981E9}\IconCF33A0CE.exe [110080] O61 - LFC: 04/06/2013 - 11:53:59 R--A- C:\Users\Administrateur\AppData\Roaming\Microsoft\Installer\{E89498D8-1430-4A2B-A76A-4A71326981E9}\IconD7F16134.exe [110080] O61 - LFC: 04/06/2013 - 11:53:59 R--A- C:\Users\Administrateur\AppData\Roaming\Microsoft\Installer\{E89498D8-1430-4A2B-A76A-4A71326981E9}\IconF7A21AF7.exe [110080] O61 - LFC: 04/06/2013 - 11:53:59 R--A- C:\Users\Administrateur\AppData\Roaming\Microsoft\Installer\{E89498D8-1430-4A2B-A76A-4A71326981E9}\WISE89498D814304A2BA76A4A71326981E9_4_13_6_4253.MST [61440] O61 - LFC: 04/06/2013 - 14:03:24 ---A- C:\Users\Administrateur\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\ExcludeList.rcp [6] =>Rogue.RegistryPowerCleaner O61 - LFC: 04/06/2013 - 14:03:24 ---A- C:\Users\Administrateur\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\French_rcp.dat [52848] =>Rogue.RegistryPowerCleaner O61 - LFC: 04/06/2013 - 14:03:24 ---A- C:\Users\Administrateur\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\TempHLList.rcp [6] =>Rogue.RegistryPowerCleaner O61 - LFC: 04/06/2013 - 14:03:24 ---A- C:\Users\Administrateur\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\results.rcp [308132] =>Rogue.RegistryPowerCleaner O61 - LFC: 04/06/2013 - 14:38:52 ---A- C:\Users\Administrateur\AppData\Local\Google\Chrome\User Data\Local State [44007] ~ 10 Fichiers temporaires (Temporary files) ~ Files: 368 Legitimates Filtered in 05mn 49s ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ ADS: Scanned in 00mn 00s ---\\ Liste des services Legacy (O64) O64 - Services: CurCS - 06/03/2013 - C:\Program Files\SearchProtect\bin\CltMngSvc.exe (CltMngSvc) .(.Conduit - Search Protect by Conduit.) - LEGACY_CLTMNGSVC =>Toolbar.Conduit O64 - Services: CurCS - 06/05/2011 - Pas de propriétaire (esgiguard) .(...) - LEGACY_ESGIGUARD O64 - Services: CurCS - ??\??\???? - Pas de propriétaire (slsvc) .(...) - LEGACY_SLSVC ~ Legacy: 87 Legitimates Filtered in 00mn 01s ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\Administrateur\AppData\Local\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Not Key.) ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (O69) O69 - SBI: C:\Users\Administrateur\AppData\Roaming\Mozilla\Firefox\Profiles\czog45n6.default-1346315948304\searchplugins\askcom.xml O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("CT3176921.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3176921&SearchSource=2&CUI=UN3090[...] O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("CT3176921.installType", "conduitnsisintegration"); O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("CT3176921.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"http://search.conduit.com/?ctid=CT3176921&octid=CT3[...] O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("Smartbar.ConduitHomepagesList", "http://search.conduit.com/?ctid=CT3176921&CUI=UN30906244791788228&UM=2&SearchSource=13[...] =>Hijacker.SmartBar O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("Smartbar.ConduitSearchEngineList", "express-files Customized Web Search"); =>Hijacker.SmartBar O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("Smartbar.ConduitSearchUrlList", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3176921&SearchSource=2&CUI=UN30906244[...] =>Hijacker.SmartBar O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("Smartbar.SearchFromAddressBarSavedUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3176921&SearchSource=2&CUI=UN[...] =>Hijacker.SmartBar O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("aol_toolbar.default.homepage.check", false); O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("aol_toolbar.default.search.check", false); O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("browser.search.defaultthis.engineName", "express-files FR Customized Web Search"); =>Adware.ExpressFiles O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.50e880bbc6910.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,se[...] =>Toolbar.Babylon O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.50e88160f0d1d.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,se[...] =>Toolbar.Babylon O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.50ebcdea9da52.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,se[...] =>Toolbar.Babylon O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.50ebcee9980ae.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,se[...] =>Toolbar.Babylon O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.50ebd66fde3b5.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,se[...] =>Toolbar.Babylon O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.50f3f599770cc.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,se[...] =>Toolbar.Babylon O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.BabylonToolbar.prtkDS", 0); =>Toolbar.Babylon O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.BabylonToolbar.prtkHmpg", 0); =>Toolbar.Babylon O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.BabylonToolbar_i.newTab", true); =>Toolbar.Babylon O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.BabylonToolbar_i.newTabUrl", "http://www.delta-search.com/?affID=119776&babsrc=NT_ss&mntrId=3855afbd00000000[...] =>Toolbar.Babylon O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.delta.admin", false); O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.delta.aflt", "babsst"); O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.delta.autoRvrt", "false"); O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.delta.bbDpng", "11"); O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.delta.cntry", "FR"); O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.delta.dfltLng", "en"); O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.delta.excTlbr", false); O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.delta.hdrMd5", "013C99F625C7966613170E44B9EE2ADD"); O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.delta.id", "3855afbd000000000000001d7da70c74"); O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.delta.instlDay", "15768"); O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.delta.instlRef", "sst"); O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.delta.lastVrsnTs", "1.8.10.021:31:58"); O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.delta.newTab", false); O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.delta.prdct", "delta"); O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.delta.prtnrId", "delta"); O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.delta.rvrt", "false"); O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.delta.sg", "azb"); O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.delta.smplGrp", "none"); O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.delta.tlbrId", "base"); O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.delta.tlbrSrchUrl", ""); O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.delta.vrsn", "1.8.10.0"); O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.delta.vrsnTs", "1.8.10.021:31:58"); O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.delta.vrsni", "1.8.10.0"); O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("keyword.URL", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3176921&SearchSource=2&CUI=UN30906244791788228&UM=&q=")[...] O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("smartbar.conduitHomepageList", "http://search.conduit.com/?ctid=CT3176921&SearchSource=13&CUI=UN30906244791788228,http:[...] =>Hijacker.SmartBar O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("smartbar.conduitSearchAddressUrlList", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3176921&SearchSource=2&CUI=UN3[...] =>Hijacker.SmartBar O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("smartbar.originalSearchAddressUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3176921&SearchSource=2&CUI=UN3090[...] =>Hijacker.SmartBar O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", ""); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "EasyLife"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("sweetim.toolbar.previous.browser.startup.homepage", "http://search.easylifeapp.com/?pid=719&src=ff1&r=2013/03/27&hid=33[...] =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("sweetim.toolbar.previous.keyword.URL", ""); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "1"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "1"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("sweetim.toolbar.searchguard.enable", "false"); =>PUP.SweetIM O69 - SBI: SearchScopes [HKCU] {01bd49d7-c76b-4310-8beb-14d7e5f322c6} - (EasyLife) - http://search.easylifeapp.com =>Hijacker.GadgetBox O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Delta Search) - http://www.delta-search.com =>Toolbar.DeltaSearch O69 - SBI: SearchScopes [HKCU] {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - (Ask Search) - http://websearch.ask.com O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} - (Search Results) - http://dts.search-results.com O69 - SBI: SearchScopes [HKCU] {afdbddaa-5d3f-42ee-b79c-185a7020515b} - (express-files FR Customized Web Search) - http://search.conduit.com =>Adware.ExpressFiles O69 - SBI: SearchScopes [HKCU] {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} - (Funmoods) - http://start.funmoods.com =>PUP.Funmoods O69 - SBI: SearchScopes [HKCU] {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} [DefaultScope] - (WebSearch) - http://websearch.lookforithere.info O69 - SBI: SearchScopes [HKCU] {CF739809-1C6C-47C0-85B9-569DBB141420} - (Ask Search) - http://toolbar.ask.com ~ Keys: Scanned in 00mn 00s ---\\ Crack & Keygen Files (O82) C:\Users\Administrateur\keygen.exe C:\Users\Administrateur\keygen.exe ~ Files: Scanned in 02mn 11s ---\\ Recherche particuliere à la racine de certains dossiers (O84) [MD5.0B0F240F81182D767325371650A18339] [SPRF][20/05/2013] (...) -- C:\Users\Administrateur\AppData\Local\d3d9caps.dat [680] [MD5.B28C334C03CEE7C5E829C43AE75DAE5A] [SPRF][14/04/2013] (.Ask.com - AskIC Dynamic Link Library.) -- C:\Users\Administrateur\AppData\Local\Temp\AskSLib.dll [248008] [MD5.EBB022C04721D4C732A7F6D0640DE059] [SPRF][25/04/2013] (.Musiclab, LLC - BearShare.) -- C:\Users\Administrateur\AppData\Local\Temp\BearShare_setup.exe [2489120] =>PUP.BearShare [MD5.22C32D75E19BAD283CAB2E9E1E59903F] [SPRF][17/02/2013] (...) -- C:\Users\Administrateur\AppData\Local\Temp\Installhelper.dll [1643624] [MD5.6C137D2BEF3CDD43F3AE2FD6705B9FED] [SPRF][05/04/2013] (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Users\Administrateur\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe [904104] [MD5.5A1B14363C067634DA9E3C0DF5BECC0E] [SPRF][17/02/2013] (...) -- C:\Users\Administrateur\AppData\Local\Temp\SetupDataMngr_BearShare.exe [4423016] =>PUP.BearShare [MD5.03EF087BE6876AB29AAF8F48391037A4] [SPRF][04/06/2013] (...) -- C:\Users\Administrateur\AppData\Local\Temp\SHSetup.exe [45217872] [MD5.72412B526BCC716382E62B7939DCFD8F] [SPRF][06/05/2012] (...) -- C:\Users\Administrateur\AppData\Local\Temp\SRAssetsHelper.dll [1085952] [MD5.82C239FF99942BF799A9FD0182734A1A] [SPRF][25/04/2013] (...) -- C:\Users\Administrateur\AppData\Local\Temp\thanks.bat [82] [MD5.62903EE8A6B0E4B8015F382950C611D0] [SPRF][25/04/2013] (.Torch Media Inc. - Torch Browser.) -- C:\Users\Administrateur\AppData\Local\Temp\TorchSetupFull.exe [39278184] [MD5.2249A39CC7C7BFB2CC8599A4DC9CAF60] [SPRF][17/04/2013] (...) -- C:\Users\Administrateur\AppData\Local\Temp\utt10A6.tmp.bat [98] [MD5.3B3C2F7B8A3F26D74C1F6215A79B2B83] [SPRF][03/05/2013] (...) -- C:\Users\Administrateur\AppData\Local\Temp\utt83E0.tmp.bat [98] [MD5.2249A39CC7C7BFB2CC8599A4DC9CAF60] [SPRF][17/04/2013] (...) -- C:\Users\Administrateur\AppData\Local\Temp\uttC709.tmp.bat [98] [MD5.3B3C2F7B8A3F26D74C1F6215A79B2B83] [SPRF][03/05/2013] (...) -- C:\Users\Administrateur\AppData\Local\Temp\uttD25D.tmp.bat [98] ~ Files: Scanned in 00mn 06s ---\\ Firewall Active Exception List (FirewallRules) (O87) O87 - FAEL: "{31EE9198-D1E3-456C-8EAA-16FDA0683626}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe (.not file.) O87 - FAEL: "{A9AB94A1-FA16-4268-A682-98B5F8B54982}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe (.not file.) O87 - FAEL: "{BAADDE56-F32A-4CB1-BFD8-99B6AFF65B20}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Administrateur\AppData\Local\Temp\lxdx\wireless\lxdxwpss.exe (.not file.) O87 - FAEL: "{6569E673-B321-4E79-836B-F89711AE343A}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Administrateur\AppData\Local\Temp\lxdx\wireless\lxdxwpss.exe (.not file.) O87 - FAEL: "TCP Query User{F6757B72-05EB-43FD-BB9F-5720CFD7A915}C:\users\administrateur\program files\dna\btdna.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\administrateur\program files\dna\btdna.exe (.not file.) O87 - FAEL: "UDP Query User{D5EFDAE2-A613-4C10-BD37-E684B0D6EE8E}C:\users\administrateur\program files\dna\btdna.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\administrateur\program files\dna\btdna.exe (.not file.) O87 - FAEL: "{493994FF-E3A7-4272-B129-9E93A1AEAF34}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\LimeWire\LimeWire.exe (.not file.) O87 - FAEL: "{882498B0-9F2E-4FC1-AF7C-22A8D3E9693D}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\LimeWire\LimeWire.exe (.not file.) O87 - FAEL: "TCP Query User{CD6B9325-644A-4782-A812-25FA815FA93A}C:\program files\tftp desktop\tftpdesk.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files\tftp desktop\tftpdesk.exe (.not file.) O87 - FAEL: "UDP Query User{FA1847F5-C914-49F9-963E-816D576899ED}C:\program files\tftp desktop\tftpdesk.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files\tftp desktop\tftpdesk.exe (.not file.) O87 - FAEL: "{C3EA90FF-5980-4E82-A3FF-5E27BB7024FB}" |In - None - P17 - TRUE | .(...) -- C:\Users\ADMINI~1\AppData\Local\Temp\ibtmp4af8291\eTypeSetup.exe (.not file.) O87 - FAEL: "TCP Query User{B49FE6BE-5AC2-4C6C-90CC-261A9D125B31}C:\program files\1clickdownload\1clickdownloader.exe" | In - Public - P6 - TRUE | .(.Pas de propriétaire - DownloadAssistant.) -- C:\program files\1clickdownload\1clickdownloader.exe =>PUP.1ClickDownloader O87 - FAEL: "UDP Query User{FE060316-20E9-44A0-8C69-CDDCD623A32A}C:\program files\1clickdownload\1clickdownloader.exe" | In - Public - P17 - TRUE | .(.Pas de propriétaire - DownloadAssistant.) -- C:\program files\1clickdownload\1clickdownloader.exe =>PUP.1ClickDownloader O87 - FAEL: "{465620D9-2415-4DAE-92D0-5555301A59F1}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\ExpressFiles\expressdl.exe (.not file.) =>Adware.ExpressFiles O87 - FAEL: "{1E00874B-222F-414A-9953-A9F69E973987}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\ExpressFiles\expressdl.exe (.not file.) =>Adware.ExpressFiles O87 - FAEL: "{0E124E06-EDA6-42B8-BB1A-6DFFE725457C}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\ExpressFiles\ExpressFiles.exe (.not file.) =>Adware.ExpressFiles O87 - FAEL: "{EBBC3290-F097-4D8A-8A6F-B7423E3D518C}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\ExpressFiles\ExpressFiles.exe (.not file.) =>Adware.ExpressFiles O87 - FAEL: "{09510EC2-F68C-41DE-BA4A-9CC6C19FC022}" | In - Domain - P6 - TRUE | .(.MusicLab, LLC - BearShare.) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe =>PUP.BearShare O87 - FAEL: "{3AC02147-6602-4809-9E95-7949ED7ED49F}" | In - Domain - P17 - TRUE | .(.MusicLab, LLC - BearShare.) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe =>PUP.BearShare O87 - FAEL: "{A23CF91C-0BCB-49D6-B988-B4E142BF9129}" | In - Private - P6 - TRUE | .(.MusicLab, LLC - BearShare.) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe =>PUP.BearShare O87 - FAEL: "{6A6FCBDD-F827-49CB-98D2-07117F521123}" | In - Private - P17 - TRUE | .(.MusicLab, LLC - BearShare.) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe =>PUP.BearShare O87 - FAEL: "TCP Query User{3385E670-97DE-49AC-A60D-8848A9D8AC52}C:\program files\bearshare applications\bearshare\bearshare.exe" | In - Public - P6 - TRUE | .(.MusicLab, LLC.) -- C:\program files\bearshare applications\bearshare\bearshare.exe =>PUP.BearShare O87 - FAEL: "UDP Query User{D47839DF-BFFC-48D3-A0AB-CA3E3C1C445E}C:\program files\bearshare applications\bearshare\bearshare.exe" | In - Public - P17 - TRUE | .(.MusicLab, LLC.) -- C:\program files\bearshare applications\bearshare\bearshare.exe =>PUP.BearShare ~ Firewall: 260 Legitimates Filtered in 00mn 03s ---\\ Scan Additionnel (O88) Database Version : v2.12397 - (04/06/2013) Clés trouvées (Keys found) : 232 Valeurs trouvées (Values found) : 4 Dossiers trouvés (Folders found) : 37 Fichiers trouvés (Files found) : 2 [HKLM\Software\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}] =>PUP.Funmoods [HKLM\Software\Classes\CLSID\{35b8892d-c3fb-4d88-990d-31db2ebd72bd}] =>Adware.RecordNRip [HKLM\Software\Classes\Interface\{3f607e46-0d3c-4442-b1de-de7fa4768f5c}] =>Adware.RecordNRip [HKLM\Software\Classes\TypeLib\{93e3d79c-0786-48ff-9329-93bc9f6dc2b3}] =>Adware.RecordNRip [HKLM\Software\Classes\Interface\{fe0273d1-99df-4ac0-87d5-1371c6271785}] =>Adware.RecordNRip [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}] =>Adware.MyWebSearch [HKLM\Software\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}] =>Adware.Agent [HKLM\Software\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}] =>Adware.IMBooster [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}] =>Adware.BHO [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}] =>Adware.MyWebSearch [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca}] =>Adware.MyWebSearch [HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}] =>Adware.MyWebSearch [HKLM\Software\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}] =>PUP.Funmoods [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}] =>PUP.RewardsArcade [HKCU\Software\delta LTD] =>Toolbar.DeltaSearch [HKLM\Software\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}] =>PUP.RewardsArcade [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}] =>Toolbar.Ask [HKLM\Software\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}] =>PUP.RewardsArcade [HKLM\Software\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}] =>PUP.Funmoods [HKLM\Software\Classes\AppID\{1fc41815-fa4c-4f8b-b143-2c045c8ea2fc}] =>Toolbar.Kiwee [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201f27d4-3704-41d6-89c1-aa35e39143ed}] =>Toolbar.Ask [HKLM\Software\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}] =>PUP.iMesh [HKLM\Software\Classes\TypeLib\{252c2315-cce0-4446-8da7-c00292a690ba}] =>PUP.iMesh [HKLM\Software\Classes\CLSID\{2656B92B-0207-4afb-BEBF-F5FD231ECD39}] =>PUP.BearShare [HKLM\Software\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}] =>PUP.BearShare [HKLM\Software\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade [HKLM\Software\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}] =>PUP.RewardsArcade [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}] =>Adware.Bandoo [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] =>Toolbar.AskTBar [HKLM\Software\Classes\CLSID\{31F8B21E-8674-4589-A37F-31A4D4B55CC5}] =>PUP.BearShare [HKLM\Software\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}] =>PUP.RewardsArcade [HKLM\Software\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516}] =>PUP.BearShare [HKLM\Software\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade [HKLM\Software\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}] =>PUP.BearShare [HKLM\Software\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}] =>Toolbar.Conduit [HKLM\Software\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}] =>PUP.iMesh [HKLM\Software\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}] =>PUP.iMesh [HKLM\Software\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47}] =>PUP.BearShare [HKLM\Software\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}] =>PUP.RewardsArcade [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4BD8E034-E0F4-4509-A753-467A8E854CD8}] =>Adware.IMBooster [HKLM\Software\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}] =>PUP.iMesh [HKLM\Software\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}] =>PUP.iMesh [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0}] =>Adware.AdRotator [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}] =>Trojan.Vundo [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58124A0B-DC32-4180-9BFF-E0E21AE34026}] =>Adware.IMBooster [HKLM\Software\Classes\CLSID\{59570C1F-B692-48c9-91B4-7809E6945287}] =>PUP.BearShare [HKLM\Software\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}] =>PUP.RewardsArcade [HKLM\Software\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}] =>Adware.Agent [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] =>Adware.SocialSkinz [HKLM\Software\Classes\CLSID\{63A0F7FA-2C95-4d7e-AF25-EFCC303D20A1}] =>PUP.BearShare [HKLM\Software\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}] =>PUP.RewardsArcade [HKLM\Software\Classes\CLSID\{6559E502-6EE1-46b8-A83C-F3A45BDA23EE}] =>Adware.BHO [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}] =>PUP.RewardsArcade [HKLM\Software\Classes\AppID\{756C097C-6BDB-45de-A8F1-83E01AB86BA4}] =>PUP.BearShare [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}] =>PUP.Funmoods [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}] =>PUP.Funmoods [HKLM\Software\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}] =>PUP.BearShare [HKLM\Software\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}] =>PUP.RewardsArcade [HKLM\Software\Classes\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}] =>Adware.Yontoo [HKLM\Software\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}] =>Adware.Yontoo [HKLM\Software\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}] =>PUP.BearShare [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{856E12B5-22D7-4E22-9ACA-EA9A008DD65B}] =>Toolbar.Minibar [HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424c-BB9F-74C6899B9F92}] =>Adware.Bandoo [HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}] =>Adware.Bandoo [HKLM\Software\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}] =>PUP.RewardsArcade [HKLM\Software\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}] =>PUP.SweetIM [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}] =>PUP.RewardsArcade [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] =>Adware.IMBooster [HKLM\Software\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA}] =>PUP.BearShare [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}] =>PUP.Funmoods [HKLM\Software\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade [HKLM\Software\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}] =>PUP.iMesh [HKLM\Software\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}] =>PUP.RewardsArcade [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA74D58F-ACD0-450D-A85E-6C04B171C044}] =>Toolbar.Minibar [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AAA38851-3CFF-475F-B5E0-720D3645E4A5}] =>Toolbar.Minibar [HKLM\Software\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}] =>PUP.RewardsArcade [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}] =>Toolbar.Conduit [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}] =>PUP.RewardsArcade [HKLM\Software\Classes\CLSID\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}] =>PUP.iMesh [HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}] =>PUP.iMesh [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}] =>PUP.Funmoods [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}] =>PUP.Funmoods [HKLM\Software\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}] =>PUP.RewardsArcade [HKLM\Software\Classes\CLSID\{C63CA8A4-AB4E-49e5-A6C0-33FC86D80205}] =>PUP.BearShare [HKLM\Software\Classes\CLSID\{C6A7847E-8931-4a9a-B4EF-72A91E3CCF4D}] =>PUP.BearShare [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D}] =>Trojan.Agent [HKLM\Software\Classes\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D}] =>Trojan.Agent [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D}] =>Trojan.Agent [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{cf739809-1c6c-47c0-85b9-569dbb141420}] =>Toolbar.AskBarDis [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{cf739809-1c6c-47c0-85b9-569dbb141420}] =>Toolbar.AskBarDis [HKLM\Software\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}] =>PUP.RewardsArcade [HKLM\Software\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}] =>PUP.RewardsArcade [HKLM\Software\Classes\CLSID\{DD0F1D24-E250-4e93-966C-65615720AEFB}] =>PUP.BearShare [HKLM\Software\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}] =>PUP.RewardsArcade [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}] =>PUP.RewardsArcade [HKLM\Software\Classes\CLSID\{EC1277BB-1C71-4c0d-BA6D-BFEA16E773A6}] =>PUP.BearShare [HKLM\Software\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] =>Adware.Yontoo [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] =>Adware.Yontoo [HKLM\Software\Classes\AppID\BearShare.exe] =>PUP.BearShare [HKLM\Software\Classes\AppID\DiscoveryHelper.DLL] =>PUP.BearShare [HKLM\Software\Classes\AppID\GIFAnimator.DLL] =>PUP.BearShare [HKLM\Software\Classes\AppID\IMTrProgress.DLL] =>PUP.BearShare [HKLM\Software\Classes\AppID\IMWeb.DLL] =>PUP.BearShare [HKLM\Software\Classes\AppID\WMHelper.DLL] =>PUP.BearShare [HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar] =>Toolbar.Babylon [HKLM\Software\Classes\b] =>Toolbar.Babylon [HKLM\Software\Classes\Conduit.Engine] =>Toolbar.Conduit [HKLM\Software\Classes\DiscoveryHelper.iMesh6Discovery] =>PUP.iMesh [HKLM\Software\Classes\DiscoveryHelper.iMesh6Discovery.1] =>PUP.iMesh [HKLM\Software\Classes\f] =>PUP.Funmoods [HKLM\Software\Classes\funmoods.dskBnd] =>PUP.Funmoods [HKLM\Software\Classes\funmoods.dskBnd.1] =>PUP.Funmoods [HKLM\Software\Classes\imweb.imwebcontrol] =>PUP.iMesh [HKLM\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj] =>Adware.SearchYa [HKLM\Software\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco] =>PUP.1ClickDownloader [HKCU\Software\Microsoft\Internet Explorer\MenuExt\Recherche avec search-web] =>Hijacker.ChercheUS [HKLM\SYSTEM\CurrentControlSet\Services\SpyHunter 4 Service] =>Crapware.SpyHunter [HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader [HKCU\Software\Ask&Record] =>Toolbar.Agent [HKCU\Software\BabylonToolbar] =>Toolbar.Babylon [HKLM\Software\BabylonToolbar] =>Toolbar.Babylon [HKCU\Software\AppDataLow\Software\ConduitSearchScopes] =>Toolbar.Conduit [HKCU\Software\DataMngr] =>Adware.Bandoo [HKLM\Software\DataMngr] =>Adware.Bandoo [HKCU\Software\DataMngr_Toolbar] =>Toolbar.Agent [HKCU\Software\ilivid] =>Adware.Bandoo [HKLM\Software\Iminent] =>Adware.IMBooster [HKCU\Software\MediaFinder] =>PUP.MediaFinder [HKCU\Software\OfferBox] =>PUP.OfferBox [HKLM\Software\OfferBox] =>PUP.OfferBox [HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\OfferBox] =>PUP.OfferBox [HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect] =>Toolbar.Conduit [HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong [HKCU\Software\Softonic] =>Toolbar.Conduit [HKLM\Software\SP Global] =>PUP.AdvancedSystemProtector [HKCU\Software\AppDataLow\SProtector] =>PUP.AdvancedSystemProtector [HKLM\Software\SProtector] =>PUP.AdvancedSystemProtector [HKCU\Software\StartSearch] =>Hijacker.Agent [HKCU\Software\SweetIM] =>PUP.SweetIM [HKLM\Software\Tarma Installer] =>Toolbar.Tarma [HKCU\Software\AppDataLow\Software\Toolbar] =>Toolbar.Conduit [HKCU\Software\Zugo] =>Adware.Zugo [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP] =>Adware.IMBooster [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect] =>Toolbar.Conduit [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}] =>Toolbar.Conduit [HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon [HKLM\Software\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki] =>PUP.Funmoods [HKCU\Software\InstallCore] =>Adware.InstallCore [HKLM\Software\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}] =>Adware.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0702A2B6-13AA-4090-9E01-BCDC85DD933F}] =>Toolbar.AskBarDis [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>Toolbar.Agent [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>Toolbar.Agent [HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder] =>PUP.MediaFinder [HKLM\Software\Classes\gencrawler_gc.GenCrawler] =>PUP.MediaFinder [HKCU\Software\Classes\MF] =>PUP.MediaFinder [HKLM\Software\Classes\MF] =>PUP.MediaFinder [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}] =>PUP.Funmoods [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}] =>Adware.Browse2Save [HKLM\Software\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}] =>PUP.Funmoods [HKLM\Software\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}] =>PUP.Funmoods [HKLM\Software\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}] =>PUP.Funmoods [HKLM\Software\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}] =>PUP.Funmoods [HKLM\Software\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}] =>PUP.Funmoods [HKLM\Software\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}] =>PUP.Funmoods [HKLM\Software\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}] =>PUP.Funmoods [HKLM\Software\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}] =>PUP.Funmoods [HKLM\Software\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}] =>PUP.Funmoods [HKLM\Software\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}] =>PUP.Funmoods [HKLM\Software\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}] =>PUP.Funmoods [HKLM\Software\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}] =>PUP.Funmoods [HKLM\Software\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}] =>PUP.Funmoods [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193] =>Toolbar.Babylon [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{944FEDFD-C4FD-441D-8275-9C651A9FFBDE}] =>Adware.SmileyBar [HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\oneclick] =>PUP.1ClickDownloader [HKLM\Software\Classes\oneclickmg] =>PUP.1ClickDownloader [HKLM\Software\Classes\1ClicktorrentFile] =>PUP.1ClickDownloader [HKLM\Software\Classes\1ClicktorrentFile1] =>PUP.1ClickDownloader [HKLM\Software\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}] =>Adware.MagniPic [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47] =>Adware.IMBooster [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856] =>Adware.IMBooster [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494] =>Adware.IMBooster [HKLM\Software\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk] =>Spyware.GophotoIt [HKLM\Software\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf] =>Hijacker.TornTV [HKLM\Software\Classes\funmoods.funmoodsHlpr] =>PUP.Funmoods [HKLM\Software\Classes\funmoods.funmoodsHlpr.1] =>PUP.Funmoods [HKLM\Software\Classes\funmoodsApp.appCore] =>PUP.Funmoods [HKLM\Software\Classes\funmoodsApp.appCore.1] =>PUP.Funmoods [HKLM\Software\Classes\Toolbar.CT1060933] =>Toolbar.Conduit [HKLM\Software\Classes\Toolbar.CT3176921] =>Toolbar.Conduit [HKLM\Software\Classes\Toolbar.CT3228856] =>Toolbar.Conduit [HKLM\Software\Classes\Toolbar.CT3287943] =>Toolbar.Conduit [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}] =>Adware.Bandoo^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SP_09b71135] =>Adware.Browse2Save^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SP_48c708f2] =>Adware.Browse2Save^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SP_b0285714] =>Adware.Browse2Save^ [HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow]:*.chat-land.org =>Hijacker.ChercheUS [HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{30F9B915-B755-4826-820B-08FBA6BD249D} =>Toolbar.Conduit [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]:SearchProtectAll =>Toolbar.Conduit [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]:SearchProtect =>Toolbar.Conduit C:\Program Files\Bandoo =>Adware.Bandoo C:\Program Files\BearShare Applications =>PUP.BearShare C:\Program Files\Conduit =>Toolbar.Conduit C:\Program Files\SearchProtect =>Toolbar.Conduit C:\Program Files\BrowseToSave =>Adware.Browse2Save C:\Program Files\torntv.com =>Hijacker.TornTV C:\Program Files\continuetosave =>PUP.Offerware C:\Program Files\WebSearch =>Adware.Browse2Save C:\Program Files\RegClean Pro =>Rogue.RegistryPowerCleaner C:\Program Files\Zoomex =>Adware.ZoomEx C:\Program Files\Gophoto.it =>Spyware.GophotoIt C:\ProgramData\Babylon =>Toolbar.Babylon C:\ProgramData\InstallMate =>Toolbar.Agent C:\ProgramData\Zoomex =>Adware.ZoomEx C:\ProgramData\Microsoft\Windows\Start Menu\Programs\media finder =>PUP.MediaFinder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro =>Rogue.RegistryPowerCleaner C:\Users\Administrateur\AppData\Roaming\Babylon =>Toolbar.Babylon C:\Users\Administrateur\AppData\Roaming\eType =>Adware.Zugo C:\Users\Administrateur\AppData\Roaming\media finder =>PUP.MediaFinder C:\Users\Administrateur\AppData\Roaming\OfferBox =>PUP.OfferBox C:\Users\Administrateur\AppData\Roaming\SearchProtect =>Toolbar.Conduit C:\Users\Administrateur\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com =>PUP.MediaFinder C:\Users\Administrateur\AppData\Local\Conduit =>Toolbar.Conduit C:\Users\Administrateur\AppData\LocalLow\Conduit =>Toolbar.Conduit C:\Users\Administrateur\AppData\LocalLow\FunWebProducts =>Adware.MyWebSearch C:\Users\Administrateur\AppData\LocalLow\PriceGong =>Adware.PriceGong C:\Users\Administrateur\AppData\LocalLow\Toolbar4 =>Toolbar.Conduit C:\Users\Administrateur\AppData\LocalLow\Zoomex =>Adware.ZoomEx C:\Users\Administrateur\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel =>PUP.MediaFinder C:\Users\Administrateur\AppData\Local\Google\Chrome\User Data\Default\Extensions\iibmmjhgclhlahmjniokmhleigemjpbh =>Toolbar.Conduit C:\Users\Administrateur\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk =>Spyware.GophotoIt C:\ProgramData\BirowwsyE2savee =>Adware.Browse2Save C:\ProgramData\Browse2SiAAvae =>Adware.Browse2Save C:\ProgramData\BrowSee2saivE =>Adware.Browse2Save C:\ProgramData\ccoNtiinuetosavey =>PUP.Offerware^ C:\Users\Administrateur\AppData\Roaming\Mozilla\Firefox\Profiles\czog45n6.default-1346315948304\Smartbar =>Hijacker.SmartBar C:\Users\Administrateur\AppData\Roaming\Mozilla\Firefox\Profiles\czog45n6.default-1346315948304\Extensions\{88ac3cb6-596b-4217-964c-b6757ef9602d} =>Toolbar.Conduit C:\Users\Administrateur\AppData\Roaming\Mozilla\Firefox\Profiles\czog45n6.default-1346315948304\SearchPlugins\conduit.xml =>Toolbar.Conduit C:\Users\Administrateur\Desktop\SpyHunter.lnk =>Crapware.SpyHunter ~ Additionnel Scan: 283806 Items scanned in 00mn 47s ---\\ Random Export Key (O91) [HKCU\Software\58edbdce56abe15\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1184.107]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" [HKCU\Software\58edbdce56abe15\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1184.107]:version="2.6.1184.107" [HKCU\Software\58edbdce56abe15] =>Toolbar.Babylon^ [HKLM\Software\58edbdce56abe15] => Clé orpheline ~ Export Key Software: Scanned in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 15/05/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe SR - | Auto 12/04/2013 86224 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe SR - | Auto 12/04/2013 110032 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe SS - | Demand 06/03/2013 93984 | (CltMngSvc) . (.Conduit.) - C:\Program Files\SearchProtect\bin\CltMngSvc.exe =>Toolbar.Conduit SS - | Disabled 27/09/2011 295192 | (LBTServ) . (.Logitech, Inc..) - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe SS - | Disabled 28/02/2008 98984 | (lxdxCATSCustConnectService) . (.Lexmark International, Inc..) - C:\Windows\system32\spool\DRIVERS\W32X86\3\lxdxserv.exe SS - | Disabled 594600 | (lxdx_device) . (...) - C:\Windows\system32\lxdxcoms.exe SS - | Disabled 08/08/2011 311928 | (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\maconfservice.exe SS - | Disabled 18/05/2013 117144 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe SR - | Auto 31/01/2013 634656 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe SR - | Auto 10/10/2012 1258856 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe SS - | Disabled 07/12/2009 40960 | (RealtekSE) . (.Realtek.) - C:\Program Files\REALTEK\RTL8185 Wireless LAN Utility\RtlService.exe SS - | Disabled 26/01/2009 1153368 | (SBSDWSCService) . (.Safer Networking Ltd..) - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe SR - | Auto 07/05/2013 770432 | (SpyHunter 4 Service) . (.Enigma Software Group USA, LLC..) - C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe =>Crapware.SpyHunter SR - | Auto 21/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 21/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 02s ~ 3193 Legitimates filtered by white list End of the scan (1039 lines in 14mn 37s)(2)