~ Rapport de ZHPDiag v2014.8.28.125 - Nicolas Coolman (28/08/2014) ~ Lancé par Stéphane (28/08/2014 15:40:42) ~ Adresse du Site Web http://nicolascoolman.fr ~ Adresse du Forum http://forum.nicolascoolman.fr ~ Traduit par Nicolas Coolman ~ Etat de la version : Version à jour. ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Deactivate by program ---\\ Navigateurs Internet MSIE: Internet Explorer v11.0.9600.17126 MFIE: Mozilla Firefox 30.0 GCIE: Google Chrome v33.0.1750.117 (Defaut) ---\\ Informations sur les produits Windows ~ Langage: Français Windows Vista (TM) Ultimate, 64-bit Service Pack 1 (Build 6000) Windows Server License Manager Script : OK ~ Windows Operating System - Windows(R) 7, OEM_SLP channel System Locked Preinstallation (OEM_SLP) : OK Windows ID Activation : OK ~ Windows Partial Key : 3Q6C9 Windows License : OK ~ Windows Remaining Initializations Number : 1 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK ---\\ Logiciels de protection du système AVG 2014 v14.0.3955 Microsoft Security Client v4.5.0216.0 McAfee Security Scan Plus v3.8.150.1 Spybot - Search & Destroy v1.6.2 ---\\ Logiciels d'optimisation du système CCleaner v4.08 ---\\ Logiciels de partage PeerToPeer ---\\ Surveillance de Logiciels Adobe Flash Player 13 Plugin ---\\ Informations sur le système ~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 4076 MB (27% free) System Restore: Activé (Enable) System drive C: has 1655 GB (89%) free of 1850 GB ---\\ Mode de connexion au système ~ Computer Name: PESTOUN-PC ~ User Name: Stéphane ~ All Users Names: UpdatusUser, Stéphane, HomeGroupUser$, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Users\Stéphane\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\Stéphane\AppData\Roaming\ ~ %Desktop% : C:\Users\Stéphane\Desktop\ ~ %Favorites% : C:\Users\Stéphane\Favorites\ ~ %LocalAppData% : C:\Users\Stéphane\AppData\Local\ ~ %StartMenu% : C:\Users\Stéphane\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 1655 Go of 1850 Go) D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 13 Go) E: CD-ROM drive (Free 0 Go of 1 Go) F: Floppy drive, Flash card reader, USB Key (Not Inserted) ---\\ Etat du Centre de Sécurité Windows [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date ~ Security Center: 41 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.16/12/2011 - 16:02:49.) -- C:\Windows\Explorer.exe [2871808] [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024] [MD5.40BFD9D6EC8E174145F012246CA73CCD] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.30/05/2014 - 08:56:56.) -- C:\Windows\System32\wininet.dll [2266112] [MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.04/03/2014 - 10:43:50.) -- C:\Windows\System32\Winlogon.exe [455168] [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448] [MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 02:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152] [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128] [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160] [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456] [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400] [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368] [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472] [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224] [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.16/12/2011 - 16:04:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208] [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632] [MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928] [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280] [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536] [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184] [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296] [MD5.DF8126BD41180351A093A3AD2FC8903B] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.16/12/2011 - 16:01:06.) -- C:\Windows\system32\Drivers\volsnap.sys [296320] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 1/40835 ~ Mes musiques (My Musics) : 1/246 ~ Mes Videos (My Videos) : 1/113 ~ Mes Favoris (My Favorites) : 1/1197 ~ Mes Documents (My Documents) : 1/54 ~ Mon Bureau (My Desktop) : 1/1019 ~ Menu demarrer (Programs) : 1/26 ~ Hidden Files: Scanned in 00mn 08s ---\\ Processus lancés [MD5.554A50B5310E702029D3A675459108FF] - (.Hewlett-Packard - hpsysdrv.) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768] [PID.4760] [MD5.48C3EBD6D5E52AFCB1A0FA9B7F9802FA] - (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720] [PID.4776] [MD5.799BCC829F48F19C5689478179060435] - (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720] [PID.4784] [MD5.DAB55357D9CC9A76052F4472EBD5C729] - (.Apple Inc. - Apple IE DAV.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1326408] [PID.4800] [MD5.390679F7A217A5E73D756276C40AE887] - (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480] [PID.4916] [MD5.A2418D3C557C0A0C634DA713A8AC3789] - (.Logitech Inc. - Logitech Webcam Software.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336] [PID.5004] [MD5.72860972F8196EBB3C896F53D2B95470] - (.Hewlett-Packard - HpqSRmon.) -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HpqSRmon.exe [150528] [PID.5064] [MD5.550B8CB98A8FA1D7A1A7371055A38DDA] - (...) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe [265240] [PID.2420] [MD5.B4E6C1B28AF8806008CB654C716ABAFA] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.4472] [MD5.C8F0DCA0E032881B6C4422B502194629] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5181456] [PID.2508] [MD5.47CB4D23AE630CA9F6B43DA6C0A083BE] - (.Pas de propriétaire - VProtect Application.) -- C:\Program Files (x86)\AVG Nation toolbar\vprot.exe [2556744] [PID.3284] [MD5.902054D6B4292329F9594FFF24EE02DB] - (...) -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe [680984] [PID.3112] [MD5.47833576F0BEE0AD7B45109982B769BD] - (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe [59720] [PID.1812] [MD5.5331DC9D1C88840326F68C2C531A82A7] - (.Logitech, Inc. - Logitech Updater.) -- C:\Users\Stéphane\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LULnchr.exe [351248] [PID.4572] [MD5.235D42833F2F89083FA70B9787899846] - (.Logitech, Inc. - Logitech Updater.) -- C:\Users\Stéphane\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe [1353232] [PID.6816] [MD5.B1E01D636350983E94171E229C759468] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.6084] [MD5.6E6656C6618C4B0B000267D9AF9EF743] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [859464] [PID.592] [MD5.33BF80A2291C54DC7D7601CDEF63138E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8099328] [PID.4948] [MD5.67A95B9D129ED5399E7965CD09CF30E7] - (.Logitech Inc. - Logitech User mode UMVPF service.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848] [PID.1356] [MD5.F518545E5B7623AD49ABE7F8776EFA46] - (.Apple Inc. - YSLoader.exe.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [43336] [PID.1976] [MD5.E5C581D358B62CF65776B8E4E17B9E5C] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [292424] [PID.1864] [MD5.CA793DCC1D5F619021EF1D37CC7A831E] - (.EasyBits Software AS - Shared EasyBits services for Windows.) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232] [PID.2064] [MD5.075CDE4F95ED6119B4BA9162876801F8] - (.PDF Complete Inc - Dispatcher.) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952] [PID.2516] [MD5.230F0D65431489B01DFA85749DEBF625] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [378472] [PID.2700] [MD5.D53118C165AE5D188632B6CDEEE82A1B] - (.TeamViewer GmbH - TeamViewer 8.) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [4308320] [PID.2772] [MD5.F02A533F517EB38333CB12A9E8963773] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [136176] [PID.672] [MD5.C0F42F23A02076B9907BD0D651EFBE33] - (...) -- C:\Program Files (x86)\BrowseSmart\updateBrowseSmart.exe [348448] [PID.588] =>PUP.BrowseSmart [MD5.1B47EC24EA2DBB897B72538FBD61E34E] - (...) -- C:\Program Files (x86)\FindRight\updateFindRight.exe [316704] [PID.2992] =>Hijacker.FindrToolbar [MD5.C0F42F23A02076B9907BD0D651EFBE33] - (...) -- C:\Program Files (x86)\BrowseSmart\bin\utilBrowseSmart.exe [348448] [PID.2104] =>PUP.BrowseSmart [MD5.002D492CB24F1BBD3BA5F22FE8049A15] - (...) -- C:\Program Files (x86)\FindRight\bin\utilFindRight.exe [317728] [PID.3116] =>Hijacker.FindrToolbar [MD5.8B2236701ACD97517B81701FA139A075] - (...) -- C:\Users\Stéphane\AppData\Roaming\VOPackage\VOsrv.exe [53760] [PID.3184] =>Adware.Downware [MD5.96C3155C779F977E3F71459E935CFFE2] - (.AVG Secure Search - ToolbarU Application.) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe [1793536] [PID.3216] =>Toolbar.AVGSearch [MD5.9063D0DB903AA1D72E32DE27F4714E55] - (.Pas de propriétaire - loggings Application.) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\loggingserver.exe [158536] [PID.3256] =>Toolbar.AVGSearch [MD5.794D4B48DFB6E999537C7C3947863463] - (.Safer Networking Ltd. - Spybot-S&D Security Center integration.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368] [PID.3340] [MD5.D75C4B4A8FE6D7FD74A7EECDBAEC729F] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [326168] [PID.3192] [MD5.FF7E8BC3A8B90F03BD20588B5840154F] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2214504] [PID.5256] [MD5.758C2CE427C343F780A205E28555C98D] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2656280] [PID.5228] ~ Processes Running: Scanned in 00mn 00s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\Stéphane\AppData\Local\Google\Chrome\User Data\Default\Preferences G2 - GCE: Preference [User Data\Default] [dlnembnfbcpjnepmfjmngjenhhajpdfd] IB Updater v.2.0.0.550, (Désactivé) =>Adware.InstallBrain G2 - GCE: Preference [User Data\Default] [icmijdhkcgeclpfjmibnginbbkfcbpep] SearchGBY v.0.9.82 (Désactivé) G2 - GCE: Preference [User Data\Default] [kajfghlhfkcocafkcjlajldicbikpgnp] Feven 2.2 v.12196.8751.4505, (Activé) =>PUP.CrossRider G2 - GCE: Preference [User Data\Default] [klhlfdbffplhpkpalkmacjejfbdeefaj] SmartSaver+ 8 v.1.26.69, (Activé) =>PUP.CrossRider G2 - GCE: Preference [User Data\Default] [lekgiimbfodefdaoofhlckefjbgpeilo] MediaPlayerEnhance v.1.26.69, (Activé) =>PUP.MediaPlayerEnhance G2 - GCE: Preference [User Data\Default] [ndibdjnfmopecpmkdieinmbadjfpblof] AVG Nation Toolbar v.18.1.0.443 (Désactivé) G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé) G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé) G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé) ---\\ Liste des dossiers d'extension Google Chrome ~ Google Lines Browser: 16 Legitimates Filtered in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\Stéphane\AppData\Roaming\Mozilla\Firefox\Profiles\qphghzox.default\prefs.js C:\Users\Stéphane\AppData\Roaming\Mozilla\Firefox\Profiles\qphghzox.default\user.js M3 - MFPP: Plugins - [Stéphane] -- C:\Users\Stéphane\AppData\Roaming\Mozilla\Firefox\Profiles\qphghzox.default\searchplugins\conduit-search.xml =>Toolbar.Conduit M3 - MFPP: Plugins - [Stéphane] -- C:\Users\Stéphane\AppData\Roaming\Mozilla\Firefox\Profiles\qphghzox.default\searchplugins\speedbit.xml M3 - MFPP: Plugins - [Stéphane] -- C:\Users\Stéphane\AppData\Roaming\Mozilla\Firefox\Profiles\qphghzox.default\searchplugins\Web Search.xml =>Parasite.Pugi M2 - MFEP: RegExtension {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} . (...) -- C:\Program Files (x86)\PriceGong\2.5.4\FF (.not file.) =>Adware.PriceGong M2 - MFEP: RegExtension {e4f94d1e-2f53-401e-8885-681602c0ddd8} . (...) -- C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi M2 - MFEP: prefs.js [Stéphane - qphghzox.default\ioeeaylf@bamroztoa.net] [] SaverPrro v4.31 (..) =>PUP.SaverPro M2 - MFEP: prefs.js [Stéphane - qphghzox.default\oay1.p@hrrajbuurso.edu] [] LucKyiCoupon v1.0 (..) =>PUP.LuckyCoupon M2 - MFEP: prefs.js [Stéphane - qphghzox.default\{1CB94A15-4515-4A88-A296-36DDCA34AF50}] [] RechercherWeb Toolbar v1.0.0 (..) M2 - MFEP: prefs.js [Stéphane - qphghzox.default\{94cd2cc3-083f-49ba-a218-4cda4b4829fd}] [] Value Apps v1.7.0.0 (..) =>Toolbar.Conduit M2 - MFEP: Extension [Stéphane - qphghzox.default] {4DC70064-89E2-4a55-8FC6-E8CDEAE3618C} ~ Firefox Browser: 15 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.trovigo.com =>Hijacker.Trovigo R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com =>PUP.Awesomehp R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com =>PUP.Awesomehp R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com =>Hijacker.SmartBar R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com =>PUP.Awesomehp R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com =>Hijacker.SmartBar R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com =>PUP.Awesomehp R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com =>PUP.Awesomehp R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com =>PUP.Awesomehp R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.com =>Hijacker.SmartBar R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.com =>Hijacker.SmartBar R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchUrl,Default = http://feed.snapdo.com =>Hijacker.SmartBar R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com =>PUP.Awesomehp R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com =>PUP.Awesomehp R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com =>PUP.Awesomehp ~ IE Browser: 24 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hôte est sain (The hosts file is clean) (15514) ~ Hosts File: Scanned in 00mn 07s ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: CrossriderApp0050776 [64Bits] - {11111111-1111-1111-1111-110511071176} . (.Plus HD - Plus-HD-7.5 BHO.) -- C:\Program Files (x86)\Plus-HD-7.5\Plus-HD-7.5-bho.dll =>PUP.CrossRider O2 - BHO: (no name) [64Bits] - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} Clé orpheline O2 - BHO: TBSB01555 [64Bits] - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} . (.Pas de propriétaire - Internet Explorer Toolbar Engine.) -- C:\Program Files (x86)\France Toolbar\tbcore3.dll O2 - BHO: AVG Do Not Track [64Bits] - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} Clé orpheline ~ BHO: 25 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Clé orpheline O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Desktop [Public]: Activeris AntiMalware.lnk . (.Activeris - Activeris AntiMalware.) -- C:\Program Files (x86)\Activeris AntiMalware\ActiverisAntiMalware.exe =>PUP.Activeris O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.awesomehp.com =>PUP.Awesomehp O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.awesomehp.com =>PUP.Awesomehp O4 - GS\Desktop [Public]: Optimizer Elite Max.lnk . (...) -- C:\Program Files (x86)\Optimizer Elite Max\Optimizer Elite Max.exe (.not file.) =>PUP.OptimizerEliteMax O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.awesomehp.com =>PUP.Awesomehp O4 - GS\QuickLaunch [Stéphane]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.awesomehp.com =>PUP.Awesomehp O4 - GS\QuickLaunch [Stéphane]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.awesomehp.com =>PUP.Awesomehp O4 - GS\Program [Stéphane]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com =>PUP.Awesomehp O4 - GS\Program [Stéphane]: Search.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://feed.snapdo.com =>Hijacker.SmartBar O4 - GS\SystemTools [Stéphane]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com =>PUP.Awesomehp ~ Global Startup: 11 Legitimates Filtered in 00mn 00s ---\\ Applications lancées au démarrage du système (O4) O4 - GS\Startup [Stéphane]: 2YourFace_Updater.lnk . (...) -- C:\Users\Stéphane\AppData\Roaming\2YourFace\Updater.exe (.not file.) =>Adware.2YourFace O4 - HKLM\..\Run: [hpsysdrv] . (.Hewlett-Packard - hpsysdrv.) -- c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe =>.Hewlett-Packard Co O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe O4 - HKLM\..\RunOnce: [NCPluginUpdater] . (.Hewlett-Packard - NCPluginUpdater.) -- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe O4 - HKCU\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe O4 - HKCU\..\Run: [ApplePhotoStreams] . (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe O4 - HKCU\..\Run: [AppleIEDAV] . (.Apple Inc. - Apple IE DAV.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Facebook Update] C:\Users\Stéphane\AppData\Local\Facebook\Update\FacebookUpdate.exe (.not file.) O4 - HKCU\..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (.not file.) O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe O4 - HKLM\..\Wow6432Node\Run: [Easybits Recovery] . (.EasyBits Software AS - Pas de description.) -- C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe =>.EasyBits Software AS O4 - HKLM\..\Wow6432Node\Run: [LWS] . (.Logitech Inc. - Logitech Webcam Software.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe =>.Logitech Inc O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe O4 - HKLM\..\Wow6432Node\Run: [hpqSRMon] . (.Hewlett-Packard - HpqSRmon.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Wow6432Node\Run: [Magic Desktop for HP notification] . (.Easybits - Software update notification.) -- C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe O4 - HKLM\..\Wow6432Node\Run: [fst_fr_83] C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe =>Adware.FreeSoftToday O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe O4 - HKLM\..\Wow6432Node\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe O4 - HKLM\..\Wow6432Node\Run: [vProt] . (.Pas de propriétaire - VProtect Application.) -- C:\Program Files (x86)\AVG Nation toolbar\vprot.exe O4 - HKLM\..\Wow6432Node\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe (.not file.) =>PUP.Mobogenie O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-2726131679-2337646977-2205106966-1000\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe O4 - HKUS\S-1-5-21-2726131679-2337646977-2205106966-1000\..\Run: [ApplePhotoStreams] . (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe O4 - HKUS\S-1-5-21-2726131679-2337646977-2205106966-1000\..\Run: [AppleIEDAV] . (.Apple Inc. - Apple IE DAV.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe O4 - HKUS\S-1-5-21-2726131679-2337646977-2205106966-1000\..\Run: [SpybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-21-2726131679-2337646977-2205106966-1000\..\Run: [Facebook Update] C:\Users\Stéphane\AppData\Local\Facebook\Update\FacebookUpdate.exe (.not file.) O4 - HKUS\S-1-5-21-2726131679-2337646977-2205106966-1000\..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (.not file.) O4 - HKUS\S-1-5-21-2726131679-2337646977-2205106966-1000\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe ~ Application: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 [64Bits] - {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\Resources\Icons\HP.ico O9 - Extra button: &Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.) O9 - Extra button: AVG Do Not Track [64Bits] - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} -- C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (.not file.) O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.) ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{798D0E29-6AB2-4615-B22E-04D7D106DA5E}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CS1\Services\Tcpip\..\{798D0E29-6AB2-4615-B22E-04D7D106DA5E}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CS2\Services\Tcpip\..\{798D0E29-6AB2-4615-B22E-04D7D106DA5E}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - AppInit_DLLs: . (...) - C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll =>PUP.OptimizerPro ~ AppInit DLL: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Optimizer Pro Crash Monitor (70e6ca8c) . (...) - C:\Program Files (x86)\optimi~1\OptProCrashSvc.dll =>PUP.OptimizerPro O23 - Service: Update BrowseSmart (Update BrowseSmart) . (...) - C:\Program Files (x86)\BrowseSmart\updateBrowseSmart.exe =>PUP.BrowseSmart O23 - Service: Update Cling Clang (Update Cling Clang) . (...) - C:\Program Files (x86)\Cling Clang\updateClingClang.exe (.not file.) =>PUP.ClingClang O23 - Service: Update FindRight (Update FindRight) . (...) - C:\Program Files (x86)\FindRight\updateFindRight.exe =>Hijacker.FindrToolbar O23 - Service: Util BrowseSmart (Util BrowseSmart) . (...) - C:\Program Files (x86)\BrowseSmart\bin\utilBrowseSmart.exe =>PUP.BrowseSmart O23 - Service: Util Cling Clang (Util Cling Clang) . (...) - C:\Program Files (x86)\Cling Clang\bin\utilClingClang.exe (.not file.) =>PUP.ClingClang O23 - Service: Util FindRight (Util FindRight) . (...) - C:\Program Files (x86)\FindRight\bin\utilFindRight.exe =>Hijacker.FindrToolbar O23 - Service: Service Component of VO (VOsrv) . (...) - C:\Users\Stéphane\AppData\Roaming\VOPackage\VOsrv.exe =>Adware.Downware O23 - Service: (vToolbarUpdater18.1.0) . (.AVG Secure Search - ToolbarU Application.) - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe =>Toolbar.AVGSearch O23 - Service: WajamUpdaterV3 (WajamUpdaterV3) . (...) - C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe (.not file.) =>PUP.Wajam ~ Services: 24 Legitimates Filtered in 00mn 10s ---\\ Enumère les données de BootExecute (BEX) (O34) O34 - HKLM BootExecute: ( /sync /restart) - File not found O34 - HKLM BootExecute: ( /sync /restart) - File not found ~ BEX: 3 Legitimates Filtered in 00mn 00s ---\\ Tâches planifiées en automatique (O39) [MD5.00000000000000000000000000000000] [APT] [Feven 2.2-firefoxinstaller] (...) -- C:\Program Files (x86)\Feven 2.2\Feven 2.2-firefoxinstaller.exe (.not file.) [0] =>PUP.CrossRider [MD5.00000000000000000000000000000000] [APT] [Feven 2.2-validator] (...) -- C:\Program Files (x86)\Feven 2.2\Feven 2.2-validator.exe (.not file.) [0] =>PUP.CrossRider [MD5.00000000000000000000000000000000] [APT] [MediaPlayerEnhance-chromeinstaller] (...) -- C:\Program Files (x86)\MediaPlayerEnhance\MediaPlayerEnhance-chromeinstaller.exe (.not file.) [0] =>PUP.MediaPlayerEnhance [MD5.00000000000000000000000000000000] [APT] [MediaPlayerEnhance-codedownloader] (...) -- C:\Program Files (x86)\MediaPlayerEnhance\MediaPlayerEnhance-codedownloader.exe (.not file.) [0] =>PUP.MediaPlayerEnhance [MD5.00000000000000000000000000000000] [APT] [MediaPlayerEnhance-enabler] (...) -- C:\Program Files (x86)\MediaPlayerEnhance\MediaPlayerEnhance-enabler.exe (.not file.) [0] =>PUP.MediaPlayerEnhance [MD5.00000000000000000000000000000000] [APT] [MediaPlayerEnhance-firefoxinstaller] (...) -- C:\Program Files (x86)\MediaPlayerEnhance\MediaPlayerEnhance-firefoxinstaller.exe (.not file.) [0] =>PUP.MediaPlayerEnhance [MD5.00000000000000000000000000000000] [APT] [MediaPlayerEnhance-updater] (...) -- C:\Program Files (x86)\MediaPlayerEnhance\MediaPlayerEnhance-updater.exe (.not file.) [0] =>PUP.MediaPlayerEnhance [MD5.00000000000000000000000000000000] [APT] [MySearchDial] (...) -- C:\Users\Stéphane\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>Adware.MyWebSearch [MD5.00000000000000000000000000000000] [APT] [PC Performer] (...) -- C:\Program Files (x86)\PC Performer\PCPerformer.exe (.not file.) [0] =>Rogue.PCPerformer [MD5.00000000000000000000000000000000] [APT] [PC Performer_DEFAULT] (...) -- C:\Program Files (x86)\PC Performer\PCPerformer.exe (.not file.) [0] =>Rogue.PCPerformer [MD5.00000000000000000000000000000000] [APT] [PC Performer_UPDATES] (...) -- C:\Program Files (x86)\PC Performer\PCPerformer.exe (.not file.) [0] =>Rogue.PCPerformer [MD5.00000000000000000000000000000000] [APT] [Plus-HD-7.5-codedownloader] (...) -- C:\Program Files (x86)\Plus-HD-7.5\Plus-HD-7.5-codedownloader.exe (.not file.) [0] =>Adware.PlusHD [MD5.00000000000000000000000000000000] [APT] [Plus-HD-7.5-enabler] (...) -- C:\Program Files (x86)\Plus-HD-7.5\Plus-HD-7.5-enabler.exe (.not file.) [0] =>Adware.PlusHD [MD5.00000000000000000000000000000000] [APT] [Plus-HD-7.5-firefoxinstaller] (...) -- C:\Program Files (x86)\Plus-HD-7.5\Plus-HD-7.5-firefoxinstaller.exe (.not file.) [0] =>Adware.PlusHD [MD5.00000000000000000000000000000000] [APT] [Plus-HD-7.5-updater] (...) -- C:\Program Files (x86)\Plus-HD-7.5\Plus-HD-7.5-updater.exe (.not file.) [0] =>Adware.PlusHD [MD5.00000000000000000000000000000000] [APT] [Plus-HD-7.5-validator] (...) -- C:\Program Files (x86)\Plus-HD-7.5\Plus-HD-7.5-validator.exe (.not file.) [0] =>Adware.PlusHD [MD5.00000000000000000000000000000000] [APT] [RegClean Pro] (...) -- C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe (.not file.) [0] =>Rogue.RegistryPowerCleaner [MD5.00000000000000000000000000000000] [APT] [SmartSaver+ 8-chromeinstaller] (...) -- C:\Program Files (x86)\SmartSaver+ 8\SmartSaver+ 8-chromeinstaller.exe (.not file.) [0] =>PUP.CrossRider [MD5.00000000000000000000000000000000] [APT] [SmartSaver+ 8-codedownloader] (...) -- C:\Program Files (x86)\SmartSaver+ 8\SmartSaver+ 8-codedownloader.exe (.not file.) [0] =>PUP.CrossRider [MD5.00000000000000000000000000000000] [APT] [SmartSaver+ 8-enabler] (...) -- C:\Program Files (x86)\SmartSaver+ 8\SmartSaver+ 8-enabler.exe (.not file.) [0] =>PUP.CrossRider [MD5.00000000000000000000000000000000] [APT] [SmartSaver+ 8-firefoxinstaller] (...) -- C:\Program Files (x86)\SmartSaver+ 8\SmartSaver+ 8-firefoxinstaller.exe (.not file.) [0] =>PUP.CrossRider [MD5.00000000000000000000000000000000] [APT] [SmartSaver+ 8-updater] (...) -- C:\Program Files (x86)\SmartSaver+ 8\SmartSaver+ 8-updater.exe (.not file.) [0] =>PUP.CrossRider [MD5.00000000000000000000000000000000] [APT] [UpdateVO] (...) -- C:\Users\Stéphane\AppData\Roaming\VOPackage\VOPackage.exe (.not file.) [0] =>Adware.Downware O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002] O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2726131679-2337646977-2205106966-1000Core [918] O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2726131679-2337646977-2205106966-1000UA [940] O39 - APT: Feven 2.2-firefoxinstaller - (...) -- C:\Windows\Tasks\Feven 2.2-firefoxinstaller.job [2228] =>PUP.CrossRider O39 - APT: Feven 2.2-firefoxinstaller - (...) -- C:\Windows\System32\Tasks\Feven 2.2-firefoxinstaller [2228] =>PUP.CrossRider O39 - APT: Feven 2.2-validator - (...) -- C:\Windows\Tasks\Feven 2.2-validator.job [2390] =>PUP.CrossRider O39 - APT: Feven 2.2-validator - (...) -- C:\Windows\System32\Tasks\Feven 2.2-validator [2390] =>PUP.CrossRider O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1068] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1072] O39 - APT: MediaPlayerEnhance-chromeinstaller - (...) -- C:\Windows\Tasks\MediaPlayerEnhance-chromeinstaller.job [3126] =>PUP.CrossRider O39 - APT: MediaPlayerEnhance-chromeinstaller - (...) -- C:\Windows\System32\Tasks\MediaPlayerEnhance-chromeinstaller [3126] =>PUP.CrossRider O39 - APT: MediaPlayerEnhance-codedownloader - (...) -- C:\Windows\Tasks\MediaPlayerEnhance-codedownloader.job [1556] =>PUP.CrossRider O39 - APT: MediaPlayerEnhance-codedownloader - (...) -- C:\Windows\System32\Tasks\MediaPlayerEnhance-codedownloader [1556] =>PUP.CrossRider O39 - APT: MediaPlayerEnhance-enabler - (...) -- C:\Windows\Tasks\MediaPlayerEnhance-enabler.job [1454] =>PUP.CrossRider O39 - APT: MediaPlayerEnhance-enabler - (...) -- C:\Windows\System32\Tasks\MediaPlayerEnhance-enabler [1454] =>PUP.CrossRider O39 - APT: MediaPlayerEnhance-firefoxinstaller - (...) -- C:\Windows\Tasks\MediaPlayerEnhance-firefoxinstaller.job [2400] =>PUP.CrossRider O39 - APT: MediaPlayerEnhance-firefoxinstaller - (...) -- C:\Windows\System32\Tasks\MediaPlayerEnhance-firefoxinstaller [2400] =>PUP.CrossRider O39 - APT: MediaPlayerEnhance-updater - (...) -- C:\Windows\Tasks\MediaPlayerEnhance-updater.job [1600] =>PUP.CrossRider O39 - APT: MediaPlayerEnhance-updater - (...) -- C:\Windows\System32\Tasks\MediaPlayerEnhance-updater [1600] =>PUP.CrossRider O39 - APT: MySearchDial - (...) -- C:\Windows\Tasks\MySearchDial.job [304] =>Adware.MyWebSearch O39 - APT: MySearchDial - (...) -- C:\Windows\System32\Tasks\MySearchDial [304] =>Adware.MyWebSearch O39 - APT: PC Performer_DEFAULT - (...) -- C:\Windows\Tasks\PC Performer_DEFAULT.job [282] =>Rogue.PCPerformer O39 - APT: PC Performer_DEFAULT - (...) -- C:\Windows\System32\Tasks\PC Performer_DEFAULT [282] =>Rogue.PCPerformer O39 - APT: PC Performer_UPDATES - (...) -- C:\Windows\Tasks\PC Performer_UPDATES.job [290] =>Rogue.PCPerformer O39 - APT: PC Performer_UPDATES - (...) -- C:\Windows\System32\Tasks\PC Performer_UPDATES [290] =>Rogue.PCPerformer O39 - APT: Plus-HD-7.5-codedownloader - (...) -- C:\Windows\Tasks\Plus-HD-7.5-codedownloader.job [1470] =>PUP.CrossRider O39 - APT: Plus-HD-7.5-codedownloader - (...) -- C:\Windows\System32\Tasks\Plus-HD-7.5-codedownloader [1470] =>PUP.CrossRider O39 - APT: Plus-HD-7.5-enabler - (...) -- C:\Windows\Tasks\Plus-HD-7.5-enabler.job [1368] =>PUP.CrossRider O39 - APT: Plus-HD-7.5-enabler - (...) -- C:\Windows\System32\Tasks\Plus-HD-7.5-enabler [1368] =>PUP.CrossRider O39 - APT: Plus-HD-7.5-firefoxinstaller - (...) -- C:\Windows\Tasks\Plus-HD-7.5-firefoxinstaller.job [2332] =>PUP.CrossRider O39 - APT: Plus-HD-7.5-firefoxinstaller - (...) -- C:\Windows\System32\Tasks\Plus-HD-7.5-firefoxinstaller [2332] =>PUP.CrossRider O39 - APT: Plus-HD-7.5-updater - (...) -- C:\Windows\Tasks\Plus-HD-7.5-updater.job [1514] =>PUP.CrossRider O39 - APT: Plus-HD-7.5-updater - (...) -- C:\Windows\System32\Tasks\Plus-HD-7.5-updater [1514] =>PUP.CrossRider O39 - APT: Plus-HD-7.5-validator - (...) -- C:\Windows\Tasks\Plus-HD-7.5-validator.job [2398] =>Adware.PlusHD O39 - APT: Plus-HD-7.5-validator - (...) -- C:\Windows\System32\Tasks\Plus-HD-7.5-validator [2398] =>Adware.PlusHD O39 - APT: SmartSaver+ 8-chromeinstaller - (...) -- C:\Windows\Tasks\SmartSaver+ 8-chromeinstaller.job [3106] =>PUP.CrossRider O39 - APT: SmartSaver+ 8-chromeinstaller - (...) -- C:\Windows\System32\Tasks\SmartSaver+ 8-chromeinstaller [3106] =>PUP.CrossRider O39 - APT: SmartSaver+ 8-codedownloader - (...) -- C:\Windows\Tasks\SmartSaver+ 8-codedownloader.job [1482] =>PUP.CrossRider O39 - APT: SmartSaver+ 8-codedownloader - (...) -- C:\Windows\System32\Tasks\SmartSaver+ 8-codedownloader [1482] =>PUP.CrossRider O39 - APT: SmartSaver+ 8-enabler - (...) -- C:\Windows\Tasks\SmartSaver+ 8-enabler.job [1380] =>PUP.CrossRider O39 - APT: SmartSaver+ 8-enabler - (...) -- C:\Windows\System32\Tasks\SmartSaver+ 8-enabler [1380] =>PUP.CrossRider O39 - APT: SmartSaver+ 8-firefoxinstaller - (...) -- C:\Windows\Tasks\SmartSaver+ 8-firefoxinstaller.job [2424] =>PUP.CrossRider O39 - APT: SmartSaver+ 8-firefoxinstaller - (...) -- C:\Windows\System32\Tasks\SmartSaver+ 8-firefoxinstaller [2424] =>PUP.CrossRider O39 - APT: SmartSaver+ 8-updater - (...) -- C:\Windows\Tasks\SmartSaver+ 8-updater.job [1526] =>PUP.CrossRider O39 - APT: SmartSaver+ 8-updater - (...) -- C:\Windows\System32\Tasks\SmartSaver+ 8-updater [1526] =>PUP.CrossRider ~ Scheduled Task: 80 Legitimates Filtered in 00mn 06s ---\\ Pilotes lancés au démarrage du système (O41) O41 - Driver: ({42e50651-9669-456e-9081-d5a836274274}w64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{42e50651-9669-456e-9081-d5a836274274}w64.sys =>PUP.LinkiDoo ~ Drivers: 78 Legitimates Filtered in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: Activeris AntiMalware - (.Activeris.) [HKLM][64Bits] -- 94EAE98D-444B-4817-858C-13DB943DF4F1_Activeris_A~741EE3A2_is1 =>PUP.Activeris O42 - Logiciel: Feven 2.2 - (.Feven.) [HKLM][64Bits] -- Feven 2.2 =>PUP.CrossRider O42 - Logiciel: France Toolbar - (.France Toolbar.) [HKLM][64Bits] -- France Toolbar O42 - Logiciel: IB Updater 2.0.0.550 - (.IncrediBar.) [HKLM][64Bits] -- {336D0C35-8A85-403a-B9D2-65C292C39087}_is1 =>Adware.InstallBrain O42 - Logiciel: MediaPlayerEnhance - (.Feven.) [HKLM][64Bits] -- MediaPlayerEnhance =>PUP.MediaPlayerEnhance O42 - Logiciel: Plus-HD-7.5 - (.Plus HD.) [HKLM][64Bits] -- Plus-HD-7.5 =>Adware.PlusHD O42 - Logiciel: ShopPerMaSStaer - (.ShopperMaesteR.) [HKLM][64Bits] -- {35E0D123-1F22-9AE6-F973-B7ECA46E8BFE} O42 - Logiciel: SmartSaver+ 8 - (.smart-saverplus.) [HKLM][64Bits] -- SmartSaver+ 8 =>PUP.CrossRider O42 - Logiciel: SweetIM for Messenger 3.7 - (.SweetIM Technologies Ltd..) [HKLM][64Bits] -- {7683B745-6060-41FD-AA75-0BBB383FEAD4} =>PUP.SweetIM O42 - Logiciel: WPM17.8.0.3325 - (.Cherished Technololgy LIMITED.) [HKLM][64Bits] -- WPM =>PUP.WpManager ~ Logic: 53 Legitimates Filtered in 00mn 01s ---\\ HKCU & HKLM Software Keys [HKCU\Software\Activeris] =>PUP.Activeris [HKCU\Software\BrowseSmart] =>PUP.BrowseSmart [HKCU\Software\Conduit] =>Toolbar.Conduit [HKCU\Software\FindRight] =>Hijacker.FindrToolbar [HKCU\Software\IM] [HKCU\Software\IncrediMail] [HKCU\Software\InstallCore] =>Adware.InstallCore [HKCU\Software\InstalledBrowserExtensions] =>Adware.VidSaver [HKCU\Software\Optimizer Elite Max] =>PUP.OptimizerEliteMax [HKCU\Software\Smartbar] =>Hijacker.SmartBar [HKCU\Software\Speedbit] [HKCU\Software\TutoTag] =>PUP.AgenceExclusive [HKCU\Software\freesofttoday] =>Adware.FreeSoftToday [HKCU\Software\mysearchdial] =>Adware.MyWebSearch [HKLM\Software\IB Updater] =>Adware.InstallBrain [HKLM\Software\InstalledBrowserExtensions] =>Adware.VidSaver [HKLM\Software\Tarma Installer] =>PUP.Tarma [HKLM\Software\Web Assistant] =>Adware.IncrediBar [HKLM\Software\Wow6432Node\Activeris] =>PUP.Activeris [HKLM\Software\Wow6432Node\BrowseSmart] =>PUP.BrowseSmart [HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\FREESOFTTODAY] =>Adware.FreeSoftToday [HKLM\Software\Wow6432Node\FindRight] =>Hijacker.FindrToolbar [HKLM\Software\Wow6432Node\IB Updater] =>Adware.InstallBrain [HKLM\Software\Wow6432Node\InstallCore] =>Adware.InstallCore [HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>Adware.VidSaver [HKLM\Software\Wow6432Node\Tutorials] =>PUP.AgenceExclusive [HKLM\Software\Wow6432Node\Web Assistant] =>Adware.IncrediBar [HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager [HKLM\Software\Wow6432Node\anset] [HKLM\Software\Wow6432Node\mamverifier] [HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab ~ Key Software: 435 Legitimates Filtered in 00mn 01s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 27/03/2014 - 12:03:42 - [] ----D C:\Program Files (x86)\Activeris AntiMalware =>PUP.Activeris O43 - CFD: 23/02/2014 - 17:10:51 - [0] ----D C:\Program Files (x86)\BringStar =>PUP.BringStar O43 - CFD: 22/03/2014 - 02:59:37 - [] ----D C:\Program Files (x86)\BrowseSmart =>PUP.BrowseSmart O43 - CFD: 22/03/2014 - 00:24:43 - [0] ----D C:\Program Files (x86)\Cling Clang =>PUP.ClingClang O43 - CFD: 08/02/2014 - 05:18:02 - [] ----D C:\Program Files (x86)\Conduit O43 - CFD: 09/05/2014 - 14:02:46 - [] ----D C:\Program Files (x86)\Feven 2.2 =>PUP.CrossRider O43 - CFD: 09/05/2014 - 14:02:50 - [] ----D C:\Program Files (x86)\FindRight =>Hijacker.FindrToolbar O43 - CFD: 07/12/2013 - 14:45:39 - [] ----D C:\Program Files (x86)\France Toolbar O43 - CFD: 09/05/2014 - 14:07:10 - [] ----D C:\Program Files (x86)\MediaPlayerEnhance =>PUP.MediaPlayerEnhance O43 - CFD: 09/05/2014 - 14:08:17 - [] ----D C:\Program Files (x86)\Plus-HD-7.5 =>Adware.PlusHD O43 - CFD: 09/05/2014 - 14:08:23 - [] ----D C:\Program Files (x86)\SmartSaver+ 8 =>PUP.CrossRider O43 - CFD: 18/04/2014 - 03:59:06 - [] ----D C:\Program Files (x86)\SupTab =>PUP.SupTab O43 - CFD: 08/02/2014 - 05:18:04 - [] ----D C:\Program Files (x86)\Uninstaller O43 - CFD: 21/03/2014 - 23:28:05 - [] ----D C:\ProgramData\3d0693424e0c2f7f O43 - CFD: 27/03/2014 - 12:03:41 - [] ----D C:\ProgramData\Activeris =>PUP.Activeris O43 - CFD: 30/12/2013 - 18:20:04 - [] ----D C:\ProgramData\APN O43 - CFD: 31/10/2013 - 12:13:42 - [] ----D C:\ProgramData\IBUpdaterService =>Adware.InstallBrain O43 - CFD: 03/06/2014 - 06:33:52 - [] ----D C:\ProgramData\IePluginService =>PUP.IePluginService O43 - CFD: 01/01/2012 - 18:22:04 - [] ----D C:\ProgramData\IM O43 - CFD: 01/01/2012 - 18:21:21 - [] ----D C:\ProgramData\IncrediMail O43 - CFD: 09/05/2014 - 14:10:41 - [] ----D C:\ProgramData\ShopPerMaSStaer O43 - CFD: 21/08/2013 - 17:16:13 - [0] ----D C:\ProgramData\Tarma Installer =>PUP.Tarma O43 - CFD: 10/02/2014 - 00:12:22 - [0] ----D C:\ProgramData\WPM =>PUP.WpManager O43 - CFD: 04/05/2014 - 12:41:59 - [] ----D C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F} O43 - CFD: 27/03/2014 - 12:03:49 - [] ----D C:\Users\Stéphane\AppData\Roaming\Activeris =>PUP.Activeris O43 - CFD: 27/03/2014 - 12:08:02 - [] ----D C:\Users\Stéphane\AppData\Roaming\Optimizer Elite Max =>PUP.OptimizerEliteMax O43 - CFD: 08/02/2014 - 05:18:12 - [] ----D C:\Users\Stéphane\AppData\Roaming\ValueApps =>Toolbar.Conduit O43 - CFD: 25/04/2014 - 19:42:54 - [] ----D C:\Users\Stéphane\AppData\Roaming\VOPackage =>Adware.Downware O43 - CFD: 01/01/2012 - 18:23:50 - [] ----D C:\Users\Stéphane\AppData\Local\IM ~ 71 Dossier CLSID vide (CLSID Empty Folder) ~ Program Folder: 306 Legitimates Filtered in 00mn 01s ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.91100BA6EB2A23FD9221F21E87C9D78A] - 01/08/2014 - 18:00:50 ---A- - C:\Windows\Prefetch\UPDATEBROWSESMART.EXE-741E0032.pf =>PUP.BrowseSmart O45 - LFCP:[MD5.225B07DCFDD2A94DA7B5D0E630A899A2] - 28/08/2014 - 14:02:18 ---A- - C:\Windows\Prefetch\UPDATEFINDRIGHT.EXE-BFADF59E.pf =>Hijacker.FindrToolbar O45 - LFCP:[MD5.F69BBD11B917F788E7A3963A2FAE2DCA] - 28/08/2014 - 14:02:18 ---A- - C:\Windows\Prefetch\UTILBROWSESMART.EXE-25B8950A.pf =>PUP.BrowseSmart O45 - LFCP:[MD5.6E2FEEE6FA0ACDE5941CA9E50EDAC12A] - 28/08/2014 - 14:02:18 ---A- - C:\Windows\Prefetch\UTILFINDRIGHT.EXE-0BCB0296.pf =>Hijacker.FindrToolbar ~ Prefetcher: 4 Legitimates Filtered in 00mn 00s ---\\ Clé de registre Shell MountPoints2 (MPKS) (O51) O51 - MPSK:{dff1bc4b-2803-11e1-934a-806e6f6e6963}\AutoRun\command. (...) -- E:\autoplay\autoplay.exe ~ Keys: Scanned in 00mn 00s ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 16 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:29/05/2012 - 13:53:30 ---A- . (.Windows (R) Codename Longhorn DDK provider - hpvhd 64bit support driver.) -- C:\Windows\System32\Drivers\cpqdfw.sys [27456] O58 - SDL:27/04/2010 - 18:43:50 ---A- . (...) -- C:\Windows\System32\Drivers\cqcpu.sys [24376] O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496] O58 - SDL:02/09/2005 - 01:40:26 ---A- . (...) -- C:\Windows\System32\Drivers\FBIKB_NT.Sys [4352] O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232] O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656] O58 - SDL:13/12/2012 - 13:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784] O58 - SDL:24/04/2014 - 11:23:46 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{42e50651-9669-456e-9081-d5a836274274}w64.sys [61112] =>PUP.LinkiDoo ~ Drivers: 67 Legitimates Filtered in 00mn 01s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 28/08/2014 - 15:41:36 ---A- . (...) -- C:\Users\Stéphane\Downloads\ZHPCleaner.exe [1240576] =>.Nicolas Coolman ~ 25 Fichiers temporaires (Temporary files) ~ 54 Fichiers cookies (Cookies files) ~ Files: 4 Legitimates Filtered in 00mn 02s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Liste les services legacy du registre (LALS) (O64) O64 - Services: CurCS - 24/04/2014 - C:\Windows\System32\drivers\{42e50651-9669-456e-9081-d5a836274274}w64.sys ({42e50651-9669-456e-9081-d5a836274274}w64) .(.StdLib - StdLib.) - LEGACY_{42E50651-9669-456E-9081-D5A836274274}W64 =>PUP.LinkiDoo ~ Legacy: 83 Legitimates Filtered in 00mn 00s ---\\ Associations Shell Spawning (O67) O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.) ~ FASS Keys: 11 Legitimates Filtered in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com =>PUP.Awesomehp ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: prefs.js [Stéphane - qphghzox.default] user_pref("browser.search.defaultenginename", "Conduit Search"); O69 - SBI: prefs.js [Stéphane - qphghzox.default] user_pref("extensions.crossrider.bic", "1440f7d8ef68928a6449a36ab9f4a401"); =>PUP.CrossRider O69 - SBI: SearchScopes [HKCU] {006ee092-9658-4fd6-bd8e-a21a348e59f5} - (Web Search) - http://feed.snapdo.com =>Hijacker.SmartBar O69 - SBI: SearchScopes [HKCU] {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} [DefaultScope] - (Conduit Search) - http://www.trovigo.com =>Hijacker.Trovigo O69 - SBI: SearchScopes [HKCU] {7F4EFF06-7032-458e-AE16-1C1D8255C28A} - (Google) - http://www.google.com ~ Keys: Scanned in 00mn 00s ---\\ Enumère les codes produits des logiciels (PUC) (O90) O90 - PUC: "547B38670606DF14AA57B0BB83F3AE4D" . (.SweetIM for Messenger 3.7.) -- C:\Windows\Installer\{7683B745-6060-41FD-AA75-0BBB383FEAD4}\ARPPRODUCTICON.exe =>PUP.SweetIM ~ Update Products: 1 Legitimates Filtered in 00mn 00s ---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS) [MD5.B144B2E367FC30C5020085DABB617B82] [WIS][01/09/2012] (.SweetIM Technologies Ltd. - SweetIM for Messenger 3.7.) -- C:\Windows\Installer\13965b.msi [3704832] =>PUP.SweetIM [MD5.2FAFA4218BDAB366BB71603CA77D146D] [WIS][01/09/2012] (.SweetIM Technologies Ltd. - SweetPacks Toolbar for Internet Explorer 4.0.) -- C:\Windows\Installer\139662.msi [3123200] =>PUP.SweetIM ~ WIS: 2 Legitimates Filtered in 00mn 01s ---\\ Recherche de clés de registre Tracing (O100) HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32 =>PUP.MyPCBackup HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS =>PUP.MyPCBackup HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASAPI32 =>Adware.NewPlayer HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASMANCS =>Adware.NewPlayer HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32 =>PUP.AdvancedSystemProtector HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS =>PUP.AdvancedSystemProtector HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\conduitinstaller_RASAPI32 =>Adware.Bloson HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\conduitinstaller_RASMANCS =>Adware.Bloson HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ExtensionUpdaterService_RASAPI32 =>Adware.Incredibar HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ExtensionUpdaterService_RASMANCS =>Adware.Incredibar HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\FindRight_RASAPI32 =>Hijacker.FindrToolbar HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\FindRight_RASMANCS =>Hijacker.FindrToolbar HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASAPI32 =>PUP.Babylon HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASMANCS =>PUP.Babylon HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NewPlayer_RASAPI32 =>Adware.NewPlayer HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NewPlayer_RASMANCS =>Adware.NewPlayer HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Savings Sidekick_RASAPI32 =>Adware.GamePlayLabs HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Savings Sidekick_RASMANCS =>Adware.GamePlayLabs HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SnapDo_RASAPI32 =>Hijacker.SmartBar HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SnapDo_RASMANCS =>Hijacker.SmartBar HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SweetIM_RASAPI32 =>PUP.SweetIM HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SweetIM_RASMANCS =>PUP.SweetIM HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32 =>PUP.SweetIM HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS =>PUP.SweetIM HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBrowseSmart_RASAPI32 =>PUP.BrowseSmart HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBrowseSmart_RASMANCS =>PUP.BrowseSmart HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateFindRight_RASAPI32 =>Hijacker.FindrToolbar HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateFindRight_RASMANCS =>Hijacker.FindrToolbar HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBrowseSmart_RASAPI32 =>PUP.BrowseSmart HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBrowseSmart_RASMANCS =>PUP.BrowseSmart HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilFindRight_RASAPI32 =>Hijacker.FindrToolbar HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilFindRight_RASMANCS =>Hijacker.FindrToolbar ~ BTK: 317 Legitimates Filtered in 00mn 00s ---\\ Recherche de clés de registre CLSID (O101) [HKCR\CLSID\{11111111-1111-1111-1111-110411411150}] (MediaPlayerEnhance) =>PUP.MediaPlayerEnhance [HKCR\CLSID\{11111111-1111-1111-1111-110511071176}] (Plus-HD-7.5) =>Adware.PlusHD [HKCR\CLSID\{22222222-2222-2222-2222-220422412250}] (CrossriderApp0044150.Sandbox) =>PUP.CrossRider [HKCR\CLSID\{22222222-2222-2222-2222-220422892226}] (CrossriderApp0048926.Sandbox) =>PUP.CrossRider [HKCR\CLSID\{22222222-2222-2222-2222-220522072276}] (CrossriderApp0050776.Sandbox) =>PUP.CrossRider [HKCR\CLSID\{93DBF2BB-A2B3-4683-A92E-57E60751F346}] (ValueApps) =>Toolbar.Conduit [HKCR\CLSID\{F63AAEDC-3602-49EF-AA45-262380A98980}] (Value Apps plugin) =>Toolbar.Conduit ~ BCK: 4509 Legitimates Filtered in 00mn 06s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Auto 08/02/2014 186496 | C:\Program Files (x86)\optimi~1\OptProCrashSvc.dll (70e6ca8c) . (...) - C:\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll =>PUP.OptimizerPro SS - | Demand 28/08/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Auto 13/05/2014 1473792 | (avgfws) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2014\avgfws.exe SS - | Auto 13/05/2014 3644432 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe SS - | Demand 28/01/2014 227904 | (GamesAppIntegrationService) . (.WildTangent.) - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe SS - | Auto 25/11/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 25/11/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 25/11/2012 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe SS - | Demand 13/05/2013 1129760 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe SS - | Demand 09/04/2014 289256 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe SS - | Demand 23/06/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe SS - | Auto 10/07/1658 0 | (Update Cling Clang) . (...) - C:\Program Files (x86)\Cling Clang\updateClingClang.exe =>PUP.ClingClang SS - | Auto 10/07/1658 0 | (Util Cling Clang) . (...) - C:\Program Files (x86)\Cling Clang\bin\utilClingClang.exe =>PUP.ClingClang SS - | Auto 10/07/1658 0 | (WajamUpdaterV3) . (...) - C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe =>PUP.Wajam SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 06/03/2012 148480 | (Agent) . (.Two Pilots.) - C:\Windows\VPDAgent_x64.exe SR - | Auto 07/01/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 13/05/2014 292424 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe SR - | Auto 10/07/1658 0 | (ezSharedSvc) . (.EasyBits Software AS.) - C:\Windows\System32\ezSharedSvcHost.exe =>.EasyBits Software AS SR - | Auto 04/11/2013 92160 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co SR - | Auto 11/10/2010 346168 | (HPClientSvc) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe SR - | Demand 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe SR - | Auto 14/07/2009 27136 | C:\Users\Stéphane\AppData\Local\Temp\7zS45AB\HPSLPSVC64.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe SR - | Demand 06/02/2014 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SR - | Auto 01/02/2011 326168 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe SR - | Auto 11/03/2014 23808 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe SR - | Auto 14/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe SR - | Auto 04/08/2011 1016936 | (NVSvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe SR - | Auto 04/08/2011 2214504 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe SR - | Auto 06/05/2011 1128952 | (pdfcDispatcher) . (.PDF Complete Inc.) - C:\Program Files (x86)\PDF Complete\pdfsvc.exe SR - | Auto 14/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe SR - | Auto 26/01/2009 1153368 | (SBSDWSCService) . (.Safer Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe SR - | Auto 30/03/2011 378472 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe SR - | Auto 07/08/2013 4308320 | (TeamViewer8) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe SR - | Auto 18/01/2012 450848 | (UMVPFSrv) . (.Logitech Inc..) - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe SR - | Auto 01/02/2011 2656280 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe SR - | Auto 21/03/2014 348448 | (Update BrowseSmart) . (...) - C:\Program Files (x86)\BrowseSmart\updateBrowseSmart.exe =>PUP.BrowseSmart SR - | Auto 04/05/2014 316704 | (Update FindRight) . (...) - C:\Program Files (x86)\FindRight\updateFindRight.exe =>Hijacker.FindrToolbar SR - | Auto 21/03/2014 348448 | (Util BrowseSmart) . (...) - C:\Program Files (x86)\BrowseSmart\bin\utilBrowseSmart.exe =>PUP.BrowseSmart SR - | Auto 09/05/2014 317728 | (Util FindRight) . (...) - C:\Program Files (x86)\FindRight\bin\utilFindRight.exe =>Hijacker.FindrToolbar SR - | Auto 23/02/2014 53760 | (VOsrv) . (...) - C:\Users\Stéphane\AppData\Roaming\VOPackage\VOsrv.exe =>Adware.Downware SR - | Auto 28/04/2014 1793536 | (vToolbarUpdater18.1.0) . (.AVG Secure Search.) - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe =>Toolbar.AVGSearch SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 07s ---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80) Run by Stéphane at 28/08/2014 15:42:07 ~ OS 64 not supported by MBR tool ~ MBR: 0 Legitimates Filtered in 00mn 00s ---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by Stéphane at 28/08/2014 15:42:09 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 02s ---\\ Scan Additionnel (O88) Database Version : 13026 - (28/08/2014) Clés trouvées (Keys found) : 296 Valeurs trouvées (Values found) : 12 Dossiers trouvés (Folders found) : 36 Fichiers trouvés (Files found) : 74 [HKLM\Software\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd] =>Adware.InstallBrain^ [HKLM\Software\Google\Chrome\Extensions\kajfghlhfkcocafkcjlajldicbikpgnp] =>PUP.CrossRider^ [HKLM\Software\Google\Chrome\Extensions\klhlfdbffplhpkpalkmacjejfbdeefaj] =>PUP.CrossRider^ [HKLM\Software\Google\Chrome\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo] =>PUP.MediaPlayerEnhance^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511071176}] =>PUP.CrossRider^ [HKLM\SYSTEM\CurrentControlSet\Services\70e6ca8c] =>PUP.OptimizerPro^ [HKLM\SYSTEM\CurrentControlSet\Services\Update BrowseSmart] =>PUP.BrowseSmart^ [HKLM\SYSTEM\CurrentControlSet\Services\Update Cling Clang] =>PUP.ClingClang^ [HKLM\SYSTEM\CurrentControlSet\Services\Update FindRight] =>Hijacker.FindrToolbar^ [HKLM\SYSTEM\CurrentControlSet\Services\Util BrowseSmart] =>PUP.BrowseSmart^ [HKLM\SYSTEM\CurrentControlSet\Services\Util Cling Clang] =>PUP.ClingClang^ [HKLM\SYSTEM\CurrentControlSet\Services\Util FindRight] =>Hijacker.FindrToolbar^ [HKLM\SYSTEM\CurrentControlSet\Services\VOsrv] =>Adware.Downware^ [HKLM\SYSTEM\CurrentControlSet\Services\vToolbarUpdater18.1.0] =>Toolbar.AVGSearch^ [HKLM\SYSTEM\CurrentControlSet\Services\WajamUpdaterV3] =>PUP.Wajam^ [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Feven 2.2-firefoxinstaller] =>PUP.CrossRider^ [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Feven 2.2-validator] =>PUP.CrossRider^ [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MediaPlayerEnhance-chromeinstaller] =>PUP.MediaPlayerEnhance^ [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MediaPlayerEnhance-codedownloader] =>PUP.MediaPlayerEnhance^ [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MediaPlayerEnhance-enabler] =>PUP.MediaPlayerEnhance^ [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MediaPlayerEnhance-firefoxinstaller] =>PUP.MediaPlayerEnhance^ [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MediaPlayerEnhance-updater] =>PUP.MediaPlayerEnhance^ [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MySearchDial] =>Adware.MyWebSearch^ [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Performer] =>Rogue.PCPerformer^ [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Performer_DEFAULT] =>Rogue.PCPerformer^ [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Performer_UPDATES] =>Rogue.PCPerformer^ [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-7.5-codedownloader] =>Adware.PlusHD^ [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-7.5-enabler] =>Adware.PlusHD^ [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-7.5-firefoxinstaller] =>Adware.PlusHD^ [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-7.5-updater] =>Adware.PlusHD^ [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-7.5-validator] =>Adware.PlusHD^ [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro] =>Rogue.RegistryPowerCleaner^ [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartSaver+ 8-chromeinstaller] =>PUP.CrossRider^ [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartSaver+ 8-codedownloader] =>PUP.CrossRider^ [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartSaver+ 8-enabler] =>PUP.CrossRider^ [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartSaver+ 8-firefoxinstaller] =>PUP.CrossRider^ [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartSaver+ 8-updater] =>PUP.CrossRider^ [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdateVO] =>Adware.Downware^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\94EAE98D-444B-4817-858C-13DB943DF4F1_Activeris_A~741EE3A2_is1] =>PUP.Activeris^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Feven 2.2] =>PUP.CrossRider^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1] =>Adware.InstallBrain^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MediaPlayerEnhance] =>PUP.MediaPlayerEnhance^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-7.5] =>Adware.PlusHD^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SmartSaver+ 8] =>PUP.CrossRider^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7683B745-6060-41FD-AA75-0BBB383FEAD4}] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WPM] =>PUP.WpManager^ [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}] =>Hijacker.SmartBar [HKLM\Software\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}] =>Adware.SocialSkinz [HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.AVGSearch [HKLM\Software\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.AVGSearch [HKLM\Software\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}] =>Adware.SocialSkinz [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1185823F-F22F-4027-80E5-4F68ACD5DE5E}] =>PUP.Babylon [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}] =>Adware.PriceGong [HKLM\Software\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}] =>Toolbar.AVGSearch [HKLM\Software\Wow6432Node\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}] =>Toolbar.AVGSearch [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011501160}] =>PUP.SpecialSavings [HKLM\Software\Classes\Interface\{2a42d13c-d427-4787-821b-cf6973855778}] =>Adware.Agent [HKLM\Software\Wow6432Node\Classes\Interface\{2a42d13c-d427-4787-821b-cf6973855778}] =>Adware.Agent [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}] =>PUP.Babylon [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}] =>Toolbar.Agent [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software [HKLM\Software\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}] =>PUP.Babylon [HKLM\Software\Classes\Interface\{3d8478aa-7b88-48a9-8bcb-b85d594411ec}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Classes\Interface\{3d8478aa-7b88-48a9-8bcb-b85d594411ec}] =>Adware.SocialSkinz [HKLM\Software\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}] =>Adware.SocialSkinz [HKLM\Software\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}] =>Adware.SocialSkinz [HKLM\Software\Classes\Interface\{4897bba6-48d9-468c-8efa-846275d7701b}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Classes\Interface\{4897bba6-48d9-468c-8efa-846275d7701b}] =>Adware.SocialSkinz [HKLM\Software\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}] =>Adware.SocialSkinz [HKLM\Software\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}] =>Adware.SocialSkinz [HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon [HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon [HKLM\Software\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>Toolbar.AVGSearch [HKLM\Software\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>Toolbar.AVGSearch [HKLM\Software\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Microsoft\Tracing\SnapDo_RASAPI32] =>Hijacker.SmartBar [HKLM\Software\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}] =>Adware.SocialSkinz [HKLM\Software\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}] =>Toolbar.AVGSearch [HKLM\Software\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}] =>Adware.SocialSkinz [HKLM\Software\Classes\protector_dll.protectorbho.1] =>PUP.BProtector [HKLM\Software\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Microsoft\Tracing\SnapDo_RASMANCS] =>Hijacker.SmartBar [HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}] =>Toolbar.AVGSearch [HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits [HKLM\Software\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ae07101b-46d4-4a98-af68-0333ea26e113}] =>Adware.Agent [HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>PUP.Babylon [HKLM\Software\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}] =>Adware.SocialSkinz [HKLM\Software\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}] =>Hijacker.Seeearch [HKLM\Software\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}] =>Adware.SocialSkinz [HKLM\Software\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}] =>Toolbar.AVGSearch [HKLM\Software\Wow6432Node\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}] =>Toolbar.AVGSearch [HKLM\Software\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}] =>Adware.SocialSkinz [HKLM\Software\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}] =>Toolbar.AVGSearch [HKLM\Software\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}] =>Toolbar.AVGSearch [HKLM\Software\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}] =>Toolbar.AVGSearch [HKLM\Software\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}] =>Hijacker.Seeearch [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}] =>Toolbar.Conduit [HKLM\Software\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}] =>Toolbar.Wajam [HKLM\Software\Wow6432Node\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}] =>Toolbar.Wajam [HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon [HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon [HKLM\Software\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}] =>Adware.SocialSkinz [HKLM\Software\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}] =>Adware.BullseyeToolbar [HKLM\Software\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}] =>Adware.BullseyeToolbar [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] =>Toolbar.AVGSearch [HKLM\Software\Classes\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}] =>Adware.SocialSkinz [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}] =>Adware.SocialSkinz [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}] =>Adware.SocialSkinz [HKLM\Software\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}] =>Adware.SocialSkinz [HKLM\Software\Wow6432Node\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}] =>Adware.SocialSkinz [HKLM\Software\Classes\AppID\escortapp.dll] =>PUP.Babylon [HKLM\Software\Classes\AppID\escorteng.dll] =>PUP.Babylon [HKLM\Software\Classes\AppID\esrv.EXE] =>PUP.Babylon [HKLM\Software\Classes\protector_dll.protectorbho] =>PUP.BProtector [HKLM\Software\Classes\AppID\ScriptHelper.EXE] =>Toolbar.AVGSearch [HKLM\Software\Classes\AppID\TbCommonUtils.DLL] =>Toolbar.Agent [HKLM\Software\Classes\AppID\TbHelper.EXE] =>Toolbar.Agent [HKLM\Software\Classes\comobject.deskbarenabler] =>Toolbar.Agent [HKLM\Software\Classes\comobject.deskbarenabler.1] =>Toolbar.Agent [HKLM\Software\Classes\SpeedUpMyPC] =>PUP.SpeedUpMyPC [HKLM\Software\Classes\ScriptHelper.ScriptHelperApi] =>Toolbar.AVGSearch [HKLM\Software\Classes\ScriptHelper.ScriptHelperApi.1] =>Toolbar.AVGSearch [HKLM\Software\Classes\TbCommonUtils.CommonUtils] =>Toolbar.Agent [HKLM\Software\Classes\TbCommonUtils.CommonUtils.1] =>Toolbar.Agent [HKLM\Software\Classes\URLSearchHook.ToolbarURLSearchHook] =>Toolbar.Agent [HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook.1] =>Adware.Agent [HKLM\Software\Classes\ViProtocol.ViProtocolOLE] =>Toolbar.AVGSearch [HKLM\Software\Classes\ViProtocol.ViProtocolOLE.1] =>Toolbar.AVGSearch [HKLM\Software\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd] =>Adware.IncrediBar [HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong [HKLM\Software\Tarma Installer] =>PUP.Tarma [HKLM\Software\Wow6432Node\Tutorials] =>Spyware.AgenceExclusive [HKLM\Software\Web Assistant] =>Adware.IncrediBar [HKLM\Software\Wow6432Node\Web Assistant] =>Adware.IncrediBar [HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASAPI32] =>PUP.Babylon [HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASMANCS] =>PUP.Babylon [HKLM\Software\Classes\Prod.cap] =>PUP.Babylon [HKLM\Software\Classes\Installer\Features\547B38670606DF14AA57B0BB83F3AE4D] =>PUP.SweetIM [HKLM\Software\Classes\Installer\Products\547B38670606DF14AA57B0BB83F3AE4D] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\547B38670606DF14AA57B0BB83F3AE4D] =>PUP.SweetIM [HKLM\Software\Wow6432Node\Classes\Installer\Features\547B38670606DF14AA57B0BB83F3AE4D] =>PUP.SweetIM [HKLM\Software\Wow6432Node\Classes\Installer\Products\547B38670606DF14AA57B0BB83F3AE4D] =>PUP.SweetIM [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7683B745-6060-41FD-AA75-0BBB383FEAD4}] =>PUP.SweetIM [HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3] =>PUP.SweetIM [HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EE58E3C298524145B73CBBED3CAC4D3] =>PUP.SweetIM [HKLM\Software\Wow6432Node\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3] =>PUP.SweetIM [HKLM\Software\Wow6432Node\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3] =>PUP.SweetIM [HKCU\Software\InstallCore] =>Adware.InstallCore [HKLM\Software\Wow6432Node\InstallCore] =>Adware.InstallCore [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E] =>PUP.SweetIM [HKLM\Software\Wow6432Node\Microsoft\Tracing\Savings Sidekick_RASAPI32] =>PUP.SavingsSidekick [HKLM\Software\Wow6432Node\Microsoft\Tracing\Savings Sidekick_RASMANCS] =>PUP.SavingsSidekick [HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASAPI32] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASMANCS] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof] =>Toolbar.AVGSearch [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}] =>Toolbar.Yahoo [HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider [HKLM\Software\InstalledBrowserExtensions] =>PUP.CrossRider [HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>PUP.CrossRider [HKLM\Software\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}] =>PUP.Babylon [HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro [HKLM\Software\Wow6432Node\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro [HKLM\Software\Classes\CrossriderApp0044150.BHO] =>PUP.CrossRider [HKLM\Software\Classes\CrossriderApp0044150.BHO.1] =>PUP.CrossRider [HKLM\Software\Classes\CrossriderApp0044150.Sandbox] =>PUP.CrossRider [HKLM\Software\Classes\CrossriderApp0044150.Sandbox.1] =>PUP.CrossRider [HKLM\Software\Classes\CrossriderApp0048926.BHO] =>PUP.CrossRider [HKLM\Software\Classes\CrossriderApp0048926.BHO.1] =>PUP.CrossRider [HKLM\Software\Classes\CrossriderApp0048926.Sandbox] =>PUP.CrossRider [HKLM\Software\Classes\CrossriderApp0048926.Sandbox.1] =>PUP.CrossRider [HKLM\Software\Classes\CrossriderApp0049012.BHO] =>PUP.CrossRider [HKLM\Software\Classes\CrossriderApp0049012.BHO.1] =>PUP.CrossRider [HKLM\Software\Classes\CrossriderApp0049012.Sandbox] =>PUP.CrossRider [HKLM\Software\Classes\CrossriderApp0049012.Sandbox.1] =>PUP.CrossRider [HKLM\Software\Classes\CrossriderApp0050776.BHO] =>PUP.CrossRider [HKLM\Software\Classes\CrossriderApp0050776.BHO.1] =>PUP.CrossRider [HKLM\Software\Classes\CrossriderApp0050776.Sandbox] =>PUP.CrossRider [HKLM\Software\Classes\CrossriderApp0050776.Sandbox.1] =>PUP.CrossRider [HKLM\Software\Classes\TbHelper.TbDownloadManager] =>Toolbar.Agent [HKLM\Software\Classes\TbHelper.TbDownloadManager.1] =>Toolbar.Agent [HKLM\Software\Classes\TbHelper.TbPropertyManager] =>Toolbar.Agent [HKLM\Software\Classes\TbHelper.TbPropertyManager.1] =>Toolbar.Agent [HKLM\Software\Classes\TbHelper.TbRequest] =>Toolbar.Agent [HKLM\Software\Classes\TbHelper.TbRequest.1] =>Toolbar.Agent [HKLM\Software\Classes\TbHelper.TbTask] =>Toolbar.Agent [HKLM\Software\Classes\TbHelper.TbTask.1] =>Toolbar.Agent [HKLM\Software\Classes\TbHelper.ToolbarHelper] =>Toolbar.Agent [HKLM\Software\Classes\TbHelper.ToolbarHelper.1] =>Toolbar.Agent [HKLM\Software\Classes\TBSB01555.IEToolbar] =>Toolbar.Agent [HKLM\Software\Classes\TBSB01555.IEToolbar.1] =>Toolbar.Agent [HKLM\Software\Classes\TBSB01555.TBSB01555] =>Toolbar.Agent [HKLM\Software\Classes\TBSB01555.TBSB01555.3] =>Toolbar.Agent [HKLM\Software\Classes\Toolbar3.TBSB01555] =>Toolbar.Agent [HKLM\Software\Classes\Toolbar3.TBSB01555.1] =>Toolbar.Agent [HKLM\Software\Classes\Toolbar.CT2724431] =>Toolbar.Conduit [HKLM\Software\Classes\Toolbar3.ContextMenuNotifier] =>Toolbar.Agent [HKLM\Software\Classes\Toolbar3.ContextMenuNotifier.1] =>Toolbar.Agent [HKLM\Software\Classes\Toolbar3.CustomInternetSecurityImpl] =>Toolbar.Agent [HKLM\Software\Classes\Toolbar3.CustomInternetSecurityImpl.1] =>Toolbar.Agent [HKLM\Software\Classes\Toolbar3.SearchProviderManager] =>Toolbar.Agent [HKLM\Software\Classes\Toolbar3.SearchProviderManager.1] =>Toolbar.Agent [HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110411411150}] =>PUP.CrossRider [HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110511071176}] =>PUP.CrossRider [HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220422412250}] =>PUP.CrossRider [HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220422892226}] =>PUP.CrossRider [HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220522072276}] =>PUP.CrossRider [HKLM\Software\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411411150}] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CrossriderApp0044150.BHO] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CrossriderApp0044150.BHO.1] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CrossriderApp0044150.Sandbox] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CrossriderApp0044150.Sandbox.1] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CrossriderApp0048926.BHO] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CrossriderApp0048926.BHO.1] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CrossriderApp0048926.Sandbox] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CrossriderApp0048926.Sandbox.1] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CrossriderApp0049012.BHO] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CrossriderApp0049012.BHO.1] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CrossriderApp0049012.Sandbox] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CrossriderApp0049012.Sandbox.1] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CrossriderApp0050776.BHO] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CrossriderApp0050776.BHO.1] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CrossriderApp0050776.Sandbox] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CrossriderApp0050776.Sandbox.1] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\TbHelper.TbDownloadManager] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\TbHelper.TbDownloadManager.1] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\TbHelper.TbPropertyManager] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\TbHelper.TbPropertyManager.1] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\TbHelper.TbRequest] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\TbHelper.TbRequest.1] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\TbHelper.TbTask] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\TbHelper.TbTask.1] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\TbHelper.ToolbarHelper] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\TbHelper.ToolbarHelper.1] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\TBSB01555.IEToolbar] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\TBSB01555.IEToolbar.1] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\TBSB01555.TBSB01555] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\TBSB01555.TBSB01555.3] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\Toolbar3.TBSB01555] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\Toolbar3.TBSB01555.1] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\Toolbar.CT2724431] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Classes\Toolbar3.ContextMenuNotifier] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\Toolbar3.ContextMenuNotifier.1] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\Toolbar3.CustomInternetSecurityImpl] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\Toolbar3.CustomInternetSecurityImpl.1] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\Toolbar3.SearchProviderManager] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\Toolbar3.SearchProviderManager.1] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110411411150}] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110411891126}] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110511071176}] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220022502260}] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220422412250}] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220422892226}] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220522072276}] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\AppID\escortApp.DLL] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\AppID\escortEng.DLL] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\AppID\TbHelper.EXE] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411411150}] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511071176}] =>PUP.CrossRider [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536] =>PUP.SweetIM^ [HKLM\Software\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}] =>Toolbar.Conduit^ [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:fst_fr_83 =>Adware.FreeSoftToday^ C:\Users\Stéphane\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd =>Adware.InstallBrain^ C:\Users\Stéphane\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajfghlhfkcocafkcjlajldicbikpgnp =>PUP.CrossRider^ C:\Users\Stéphane\AppData\Local\Google\Chrome\User Data\Default\Extensions\klhlfdbffplhpkpalkmacjejfbdeefaj =>PUP.CrossRider^ C:\Users\Stéphane\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo =>PUP.MediaPlayerEnhance^ C:\Users\Stéphane\AppData\Roaming\Mozilla\Firefox\Profiles\EP: RegExtension {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} . (...) -- C:\extensions\Program Files (x86)\PriceGong\2.5.4\FF (.not file.) =>Adware.PriceGong^ C:\Users\Stéphane\AppData\Roaming\Mozilla\Firefox\Profiles\qphghzox.default\extensions\ioeeaylf@bamroztoa.net =>PUP.SaverPro^ C:\Users\Stéphane\AppData\Roaming\Mozilla\Firefox\Profiles\qphghzox.default\extensions\oay1.p@hrrajbuurso.edu =>PUP.LuckyCoupon^ C:\Users\Stéphane\AppData\Roaming\Mozilla\Firefox\Profiles\qphghzox.default\extensions\{94cd2cc3-083f-49ba-a218-4cda4b4829fd} =>Toolbar.Conduit^ C:\Program Files (x86)\Activeris AntiMalware =>PUP.Activeris^ C:\Program Files (x86)\BringStar =>PUP.BringStar^ C:\Program Files (x86)\BrowseSmart =>PUP.BrowseSmart^ C:\Program Files (x86)\Cling Clang =>PUP.ClingClang^ C:\Program Files (x86)\Feven 2.2 =>PUP.CrossRider^ C:\Program Files (x86)\FindRight =>Hijacker.FindrToolbar^ C:\Program Files (x86)\MediaPlayerEnhance =>PUP.MediaPlayerEnhance^ C:\Program Files (x86)\Plus-HD-7.5 =>Adware.PlusHD^ C:\Program Files (x86)\SmartSaver+ 8 =>PUP.CrossRider^ C:\Program Files (x86)\SupTab =>PUP.SupTab^ C:\ProgramData\Activeris =>PUP.Activeris^ C:\ProgramData\IBUpdaterService =>Adware.InstallBrain^ C:\ProgramData\IePluginService =>PUP.IePluginService^ C:\ProgramData\Tarma Installer =>PUP.Tarma^ C:\ProgramData\WPM =>PUP.WpManager^ C:\Users\Stéphane\AppData\Roaming\Activeris =>PUP.Activeris^ C:\Users\Stéphane\AppData\Roaming\Optimizer Elite Max =>PUP.OptimizerEliteMax^ C:\Users\Stéphane\AppData\Roaming\ValueApps =>Toolbar.Conduit^ C:\Users\Stéphane\AppData\Roaming\VOPackage =>Adware.Downware^ C:\Program Files (x86)\Conduit =>Toolbar.Conduit C:\Program Files (x86)\France Toolbar =>Toolbar.France C:\Program Files (x86)\Optimizer Pro =>PUP.OptimizerPro C:\Program Files (x86)\Common Files\AVG Secure Search =>Toolbar.AVGSearch C:\ProgramData\AVG Secure Search =>Toolbar.AVGSearch C:\Users\Stéphane\AppData\LocalLow\Conduit =>Toolbar.Conduit C:\Users\Stéphane\AppData\LocalLow\SweetIM =>PUP.SweetIM C:\Users\Stéphane\AppData\LocalLow\Toolbar4 =>Toolbar.Conduit C:\Users\Stéphane\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof =>Toolbar.AVGSearch C:\Program Files (x86)\BrowseSmart\updateBrowseSmart.exe =>PUP.BrowseSmart^ C:\Program Files (x86)\FindRight\updateFindRight.exe =>Hijacker.FindrToolbar^ C:\Program Files (x86)\BrowseSmart\bin\utilBrowseSmart.exe =>PUP.BrowseSmart^ C:\Program Files (x86)\FindRight\bin\utilFindRight.exe =>Hijacker.FindrToolbar^ C:\Users\Stéphane\AppData\Roaming\VOPackage\VOsrv.exe =>Adware.Downware^ C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe =>Toolbar.AVGSearch^ C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\loggingserver.exe =>Toolbar.AVGSearch^ C:\Windows\Tasks\Feven 2.2-firefoxinstaller.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\Feven 2.2-firefoxinstaller =>PUP.CrossRider^ C:\Windows\Tasks\Feven 2.2-validator.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\Feven 2.2-validator =>PUP.CrossRider^ C:\Windows\Tasks\MediaPlayerEnhance-chromeinstaller.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\MediaPlayerEnhance-chromeinstaller =>PUP.CrossRider^ C:\Windows\Tasks\MediaPlayerEnhance-codedownloader.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\MediaPlayerEnhance-codedownloader =>PUP.CrossRider^ C:\Windows\Tasks\MediaPlayerEnhance-enabler.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\MediaPlayerEnhance-enabler =>PUP.CrossRider^ C:\Windows\Tasks\MediaPlayerEnhance-firefoxinstaller.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\MediaPlayerEnhance-firefoxinstaller =>PUP.CrossRider^ C:\Windows\Tasks\MediaPlayerEnhance-updater.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\MediaPlayerEnhance-updater =>PUP.CrossRider^ C:\Windows\Tasks\MySearchDial.job =>Adware.MyWebSearch^ C:\Windows\System32\Tasks\MySearchDial =>Adware.MyWebSearch^ C:\Windows\Tasks\PC Performer_DEFAULT.job =>Rogue.PCPerformer^ C:\Windows\System32\Tasks\PC Performer_DEFAULT =>Rogue.PCPerformer^ C:\Windows\Tasks\PC Performer_UPDATES.job =>Rogue.PCPerformer^ C:\Windows\System32\Tasks\PC Performer_UPDATES =>Rogue.PCPerformer^ C:\Windows\Tasks\Plus-HD-7.5-codedownloader.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\Plus-HD-7.5-codedownloader =>PUP.CrossRider^ C:\Windows\Tasks\Plus-HD-7.5-enabler.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\Plus-HD-7.5-enabler =>PUP.CrossRider^ C:\Windows\Tasks\Plus-HD-7.5-firefoxinstaller.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\Plus-HD-7.5-firefoxinstaller =>PUP.CrossRider^ C:\Windows\Tasks\Plus-HD-7.5-updater.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\Plus-HD-7.5-updater =>PUP.CrossRider^ C:\Windows\Tasks\Plus-HD-7.5-validator.job =>Adware.PlusHD^ C:\Windows\System32\Tasks\Plus-HD-7.5-validator =>Adware.PlusHD^ C:\Windows\Tasks\SmartSaver+ 8-chromeinstaller.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\SmartSaver+ 8-chromeinstaller =>PUP.CrossRider^ C:\Windows\Tasks\SmartSaver+ 8-codedownloader.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\SmartSaver+ 8-codedownloader =>PUP.CrossRider^ C:\Windows\Tasks\SmartSaver+ 8-enabler.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\SmartSaver+ 8-enabler =>PUP.CrossRider^ C:\Windows\Tasks\SmartSaver+ 8-firefoxinstaller.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\SmartSaver+ 8-firefoxinstaller =>PUP.CrossRider^ C:\Windows\Tasks\SmartSaver+ 8-updater.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\SmartSaver+ 8-updater =>PUP.CrossRider^ [HKCU\Software\Activeris] =>PUP.Activeris^ [HKCU\Software\BrowseSmart] =>PUP.BrowseSmart^ [HKCU\Software\Conduit] =>Toolbar.Conduit^ [HKCU\Software\FindRight] =>Hijacker.FindrToolbar^ [HKCU\Software\Optimizer Elite Max] =>PUP.OptimizerEliteMax^ [HKCU\Software\Smartbar] =>Hijacker.SmartBar^ [HKCU\Software\TutoTag] =>PUP.AgenceExclusive^ [HKCU\Software\freesofttoday] =>Adware.FreeSoftToday^ [HKCU\Software\mysearchdial] =>Adware.MyWebSearch^ [HKLM\Software\IB Updater] =>Adware.InstallBrain^ [HKLM\Software\Wow6432Node\Activeris] =>PUP.Activeris^ [HKLM\Software\Wow6432Node\BrowseSmart] =>PUP.BrowseSmart^ [HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit^ [HKLM\Software\Wow6432Node\FREESOFTTODAY] =>Adware.FreeSoftToday^ [HKLM\Software\Wow6432Node\FindRight] =>Hijacker.FindrToolbar^ [HKLM\Software\Wow6432Node\IB Updater] =>Adware.InstallBrain^ [HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager^ [HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab^ C:\Windows\Installer\13965b.msi =>PUP.SweetIM^ C:\Windows\Installer\139662.msi =>PUP.SweetIM^ [HKCR\CLSID\{11111111-1111-1111-1111-110411411150}] (MediaPlayerEnhance) =>PUP.MediaPlayerEnhance^ [HKCR\CLSID\{11111111-1111-1111-1111-110511071176}] (Plus-HD-7.5) =>Adware.PlusHD^ [HKCR\CLSID\{22222222-2222-2222-2222-220422412250}] (CrossriderApp0044150.Sandbox) =>PUP.CrossRider^ [HKCR\CLSID\{22222222-2222-2222-2222-220422892226}] (CrossriderApp0048926.Sandbox) =>PUP.CrossRider^ [HKCR\CLSID\{22222222-2222-2222-2222-220522072276}] (CrossriderApp0050776.Sandbox) =>PUP.CrossRider^ [HKCR\CLSID\{93DBF2BB-A2B3-4683-A92E-57E60751F346}] (ValueApps) =>Toolbar.Conduit^ [HKCR\CLSID\{F63AAEDC-3602-49EF-AA45-262380A98980}] (Value Apps plugin) =>Toolbar.Conduit^ ~ Additionnel Scan: 369104 Items scanned in 00mn 45s ---\\ Informations complémentaires sur les modules ~ http://nicolascoolman.fr/g2-google-chrome-extensions/ =>.Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5) ~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects de navigateur (O2) ~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer Toolbars (O3) ~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4) ~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Clé de registre Shell MountPoints2 (MPKS) (O51) ~ AMI: 6 Legitimates Filtered in 00mn 00s ---\\ Récapitulatif des détections trouvées sur votre station http://nicolascoolman.fr/pup-browsesmart =>PUP.BrowseSmart http://nicolascoolman.fr/hijacker-findrtoolbar =>Hijacker.FindrToolbar http://nicolascoolman.fr/adware-downware =>Adware.Downware http://nicolascoolman.fr/adware-installbrain =>Adware.InstallBrain http://nicolascoolman.fr/pup-crossrider =>PUP.CrossRider http://nicolascoolman.fr/toolbar-conduit =>Toolbar.Conduit http://nicolascoolman.fr/parasite-pugi =>Parasite.Pugi http://nicolascoolman.fr/adware-pricegong =>Adware.PriceGong http://nicolascoolman.fr/hijacker-trovigo =>Hijacker.Trovigo http://nicolascoolman.fr/pup-awesomehp =>PUP.Awesomehp http://nicolascoolman.fr/hijacker-smartbar =>Hijacker.SmartBar http://nicolascoolman.fr/pup-activeris =>PUP.Activeris http://nicolascoolman.fr/pup-optimizerelitemax =>PUP.OptimizerEliteMax http://nicolascoolman.fr/adware-2yourface =>Adware.2YourFace http://nicolascoolman.fr/adware-freesofttoday =>Adware.FreeSoftToday http://nicolascoolman.fr/pup-mobogenie =>PUP.Mobogenie http://nicolascoolman.fr/pup-optimizerpro =>PUP.OptimizerPro http://nicolascoolman.fr/41095379-pup-clingclang =>PUP.ClingClang http://nicolascoolman.fr/pup-wajam =>PUP.Wajam http://nicolascoolman.fr/adware-mywebsearch =>Adware.MyWebSearch http://nicolascoolman.fr/adware-plushd =>Adware.PlusHD http://nicolascoolman.fr/rogue-registrypowercleaner =>Rogue.RegistryPowerCleaner http://nicolascoolman.fr/pup-linkidoo =>PUP.LinkiDoo http://nicolascoolman.fr/pup-sweetim =>PUP.SweetIM http://nicolascoolman.fr/pup-wpmanager =>PUP.WpManager http://nicolascoolman.fr/adware-installcore =>Adware.InstallCore http://nicolascoolman.fr/adware-vidsaver =>Adware.VidSaver http://nicolascoolman.fr/spyware-agenceexclusive =>PUP.AgenceExclusive http://nicolascoolman.fr/pup-tarma =>PUP.Tarma http://nicolascoolman.fr/adware-incredibar =>Adware.IncrediBar http://nicolascoolman.fr/pup-suptab =>PUP.SupTab http://nicolascoolman.fr/41973881-pup-bringstar =>PUP.BringStar http://nicolascoolman.fr/pup-mypcbackup =>PUP.MyPCBackup http://nicolascoolman.fr/pup-advancedsystemprotector =>PUP.AdvancedSystemProtector http://nicolascoolman.fr/adware-bloson =>Adware.Bloson http://nicolascoolman.fr/pup-babylon =>PUP.Babylon http://nicolascoolman.fr/pup-specialsavings =>Adware.GamePlayLabs http://nicolascoolman.fr/adware-socialskinz =>Adware.SocialSkinz http://nicolascoolman.fr/pup-specialsavings =>PUP.SpecialSavings http://nicolascoolman.fr/pup-v9software =>PUP.V9Software http://nicolascoolman.fr/pup-bprotector =>PUP.BProtector http://nicolascoolman.fr/pup-toparcadehits =>PUP.ToparcadeHits http://nicolascoolman.fr/adware-bullseyetoolbar =>Adware.BullseyeToolbar http://nicolascoolman.fr/pup-funmoods =>PUP.Funmoods ~ MSI: 44 link(s) detected in 00mn 00s ~ 1101 Legitimates filtered by white list End of the scan (1222 lines in 02mn 13s)(0)