~ Rapport de ZHPDiag v2014.5.8.57 - Nicolas Coolman (08/05/2014) ~ Lancé par asus (08/05/2014 21:22:31) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/ ~ Traduit par Nicolas Coolman ~ Etat de la version : ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Activate by user ---\\ Navigateurs Internet MSIE: Internet Explorer v9.0.8112.16421 ---\\ Informations sur les produits Windows ~ Langage: Français Windows 7 Professional, 64-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ~ Windows Operating System - Windows(R) 7, OEM_SLP channel System Locked Preinstallation (OEM_SLP) : OK Windows ID Activation : OK ~ Windows Partial Key : PV9HW Windows License : OK ~ Windows Remaining Initializations Number : 4 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ Logiciels de protection du système Microsoft Security Client v4.4.0304.0 Windows Defender W7 ---\\ Logiciels d'optimisation du système ---\\ Logiciels de partage PeerToPeer ---\\ Surveillance de Logiciels Adobe Flash Player 13 ActiveX ---\\ Informations sur le système ~ Processor: Intel64 Family 6 Model 15 Stepping 13, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 3071 MB (35% free) System Restore: Activé (Enable) System drive C: has 270 GB (90%) free of 298 GB ---\\ Mode de connexion au système ~ Computer Name: ASUS-PC ~ User Name: asus ~ All Users Names: UpdatusUser, asus, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Users\asus\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\asus\AppData\Roaming\ ~ %Desktop% : C:\Users\asus\Desktop\ ~ %Favorites% : C:\Users\asus\Favorites\ ~ %LocalAppData% : C:\Users\asus\AppData\Local\ ~ %StartMenu% : C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 270 Go of 298 Go) D: CD-ROM drive (Not Inserted) ---\\ Etat du Centre de Sécurité Windows [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: Modified [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: Modified [HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: Modified [HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: Modified [HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoResolveSearch: Modified [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSetProgramAccessAndDefaults: Modified =>PUA.StartShow [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowNetConn: Modified ~ Security Center: 46 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.AC4C51EB24AA95B77F705AB159189E24] - (.Microsoft Corporation - Explorateur Windows.) (.20/11/2010 - 14:24:45.) -- C:\Windows\Explorer.exe [2872320] [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024] [MD5.56932FF02302B2A294A2221FF7FF1F06] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.01/05/2014 - 18:40:48.) -- C:\Windows\System32\wininet.dll [1392128] [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656] [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448] [MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688] [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128] [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160] [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456] [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400] [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368] [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472] [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224] [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208] [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632] [MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680] [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280] [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536] [MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 12:06:41.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888] [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184] [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296] [MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808] ~ Generic Processes: Scanned in 00mn 01s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 1/13 ~ Mes Favoris (My Favorites) : 1/26 ~ Mes Documents (My Documents) : 1/15 ~ Mon Bureau (My Desktop) : 1/6 ~ Menu demarrer (Programs) : 1/32 ~ Hidden Files: Scanned in 00mn 00s ---\\ Processus lancés [MD5.385B043F340AB3A8DF69F66C4F5886AF] - (...) -- C:\Program Files (x86)\SelectionTool-soft\SelectionTool_wd.exe [93696] [PID.2260] [MD5.DC12AAAE925C0211E4668B9C90BDD2BA] - (.Systweak - Advanced System Protector.) -- C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe [6600048] [PID.2300] =>PUP.AdvancedSystemProtector [MD5.9BB700669BC5CBD162989B9051BC0BFD] - (.GenTechnologies Apps, LLC - Movie Mode.) -- C:\ProgramData\MovieMode\up\2.6.78\MovieMode.exe [152720] [PID.2648] =>PUP.MovieMode [MD5.3737F673D161849BB20B0551D87851CA] - (...) -- C:\Users\asus\AppData\Local\PirritSuggestor\PirritDesktop.exe [191320] [PID.956] =>PUP.PirritSuggestor [MD5.1FF7D6C9A6BABBC31441D93395109C90] - (...) -- C:\Users\asus\AppData\Local\fst_fr_170\upfst_fr_170.exe [3267568] [PID.4568] =>Adware.FreeSoftToday [MD5.2E35CE78141C99D2E0E88DCCDE89FB99] - (.Pas de propriétaire - Printer Device Monitor.) -- C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe [660136] [PID.4964] [MD5.50131BFA7FD0C6029E611DBA35AA7E4D] - (.Lexmark International Inc. - Lexmark Fast Pics Application.) -- C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe [107176] [PID.4992] [MD5.7AFF1C22E8BC6D8181053FC3590FD0F2] - (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.exe [718208] [PID.5016] [MD5.6DBF73D20C7532592C5749381A3C24DE] - (...) -- C:\Users\asus\AppData\Roaming\cacaoweb\cacaoweb.exe [489984] [PID.1172] =>PUP.CacaoWeb [MD5.9AE58A7E8B7FDDE752E3D10EE3843A4D] - (...) -- C:\Program Files (x86)\fst_fr_170\fst_fr_170.exe [3985392] [PID.4568] =>Adware.FreeSoftToday [MD5.2214FCB2ADDCCA4C6A85A3A814EC6FD0] - (.Software Updater - Software Updater.) -- C:\Program Files (x86)\Software Updater\SoftwareUpdater.exe [1934016] [PID.4632] =>PUP.Eorezo [MD5.DF45594CBD8FE78C46DFB15C4E134BD0] - (.Aedge Performance BCN SL - OfferBox.) -- C:\Program Files (x86)\OfferBox\OfferBox.exe [8627008] [PID.4128] =>PUP.OfferBox [MD5.41986D0C4D94AF7824F3A3A8D30424BC] - (.Pas de propriétaire - Printer Card Transfer Monitor.) -- C:\Program Files (x86) (x86)\Lexmark 2600 Series\lxdnMsdMon.exe [25256] [PID.4516] [MD5.542459D16B416D054161007FC9B1246E] - (.Google Inc. - Google Chrome.) -- C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe [841032] [PID.7612] [MD5.9EAD738E517B633B5375FBAB5695E7D4] - (.Pas de propriétaire - srptm.) -- C:\Users\asus\AppData\Local\LPT\srptm.exe [23072] [PID.9324] =>Adware.Incredibar [MD5.CCD09CA21C1946AF24834512BD9A6FCA] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7873536] [PID.8676] [MD5.5A19667A580B1CE886EAF968B9743F45] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [383264] [PID.780] [MD5.E91C669DB45EC0F1D18185A9B7006E44] - (.Cherished Technololgy LIMITED - IePlugin Service.) -- C:\ProgramData\IePluginService\PluginService.exe [705136] [PID.1508] =>Trojan.SProtector [MD5.6BA8985C841A5D1E94D91B81AF764229] - (.Cherished Technololgy LIMITED - WPM Service.) -- C:\ProgramData\WPM\wprotectmanager.exe [496640] [PID.1636] =>PUP.WpManager [MD5.9B7B8F61A11A05617DC379D0860E32A5] - (.Pas de propriétaire - srpts.) -- C:\Program Files (x86)\LPT\srpts.exe [37920] [PID.1976] =>Adware.Incredibar [MD5.3D8B851E7EFCDC130E4B301BDDE10099] - (.PriceMeter - PriceMeterLiveUpdate Update.) -- C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe [150504] [PID.2272] =>PUP.PriceMeter [MD5.A80DF9092BE0CBBFB749E215897767D0] - (.GenTechnologies Apps, LLC - Movie Mode Service.) -- C:\ProgramData\MovieMode\up\2.6.78\MovieModeService.exe [66704] [PID.3024] =>PUP.MovieMode [MD5.AF312DBE00F2210800373E64EF2804BD] - (...) -- C:\Users\asus\AppData\Local\PirritSuggestor\PirritService.exe [52568] [PID.2488] =>PUP.PirritSuggestor [MD5.F660D12105DB68684762BE0E8581026A] - (...) -- C:\Program Files (x86)\Pirrit\AutoUpdater.exe [59904] [PID.2588] =>PUP.PirritSuggestor [MD5.D61DB8A9C0F154F13AA4E5C95C486CB0] - (...) -- C:\Program Files\V-bates\ExtensionUpdaterService.exe [209408] [PID.1568] =>Adware.Incredibar [MD5.834C2634C3AE7F4DE56A1548C5375685] - (.Wajam Internet Technologies Inc. - Wajam Internet Enhancer Service.) -- C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe [210432] [PID.2880] =>PUP.Wajam [MD5.3F918D0A7AEEEBDECFCB28C4A1B8FC65] - (...) -- C:\Program Files (x86)\WinRST\WinRST.exe [59904] [PID.2384] =>PUP.WinRST [MD5.4789E020D2617046862D1790FC235FF6] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1260320] [PID.3464] [MD5.53711E93F5FDA357CCB4FAC10B4AA6A5] - (.Wajam Internet Technologies Inc. - Wajam Internet Enhancer.) -- C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancer.exe [73728] [PID.8336] =>PUP.Wajam [MD5.EC4BEBF4A67891F87CEFA15CA5A13408] - (...) -- C:\Program Files (x86)\SelectionTool-soft\SelectionTool157.exe [196096] [PID.7396] ~ Processes Running: Scanned in 00mn 07s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Preferences G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Google Drive v.6.3 (Activé) G2 - GCE: Preference [User Data\Default] [ejocekekgcaldnmjngfdbmbeebcekelc] SPOTS - A better way to start v.0.1.38, (Désactivé) G2 - GCE: Preference [User Data\Default] [hnabdehiamfmckjabaejlcjopbcnfkmh] PriceDowNNloadEEra v.2.4 (Activé) =>PUP.PriceDownloader G2 - GCE: Preference [User Data\Default] [leahdjjpjmnamomgpojikeapflgbmjab] cacaoweb v.1.16 (Désactivé) =>PUP.CacaoWeb G2 - GCE: Preference [User Data\Default] [mfffpogegjflfpflabcdkioaeobkgjik] GaiaAuthExtension v.0.0.1, (Activé) G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé) G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé) G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé) G2 - GCE: Preference [User Data\Default] [pelmeidfhdlhlbjimpabfcbnnojbboma] Quick Start v.3.2.3, (Désactivé) =>PUP.QuickStart ---\\ Liste des dossiers d'extension Google Chrome ~ Google Lines Browser: 22 Legitimates Filtered in 00mn 02s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.com =>Hijacker.SmartBar R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com =>Adware.MyWebSearch R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com =>Adware.MyWebSearch R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com =>Hijacker.SmartBar R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com =>Hijacker.Qone8 R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qone8.com =>Hijacker.Qone8 R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com =>Hijacker.SmartBar R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.qone8.com =>Hijacker.Qone8 R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com =>Hijacker.Qone8 R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qone8.com =>Hijacker.Qone8 R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.com =>Hijacker.SmartBar R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.com =>Hijacker.SmartBar R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.qone8.com =>Hijacker.Qone8 R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com =>Hijacker.Qone8 R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qone8.com =>Hijacker.Qone8 ~ IE Browser: 24 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://127.0.0.1:9880 =>Hijacker.Proxy R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) O1 - Hosts: 216.239.32.20 google.com O1 - Hosts: 216.239.32.20 google.com www.google.ad O1 - Hosts: 216.239.32.20 google.com www.google.ae O1 - Hosts: 216.239.32.20 google.com www.google.com.af O1 - Hosts: 216.239.32.20 google.com www.google.com.ag O1 - Hosts: 216.239.32.20 google.com www.google.com.ai O1 - Hosts: 216.239.32.20 google.com www.google.al O1 - Hosts: 216.239.32.20 google.com www.google.am O1 - Hosts: 216.239.32.20 google.com www.google.co.ao O1 - Hosts: 216.239.32.20 google.com www.google.com.ar O1 - Hosts: 216.239.32.20 google.com www.google.as O1 - Hosts: 216.239.32.20 google.com www.google.at O1 - Hosts: 216.239.32.20 google.com www.google.com.au O1 - Hosts: 216.239.32.20 google.com www.google.az O1 - Hosts: 216.239.32.20 google.com www.google.ba O1 - Hosts: 216.239.32.20 google.com www.google.com.bd O1 - Hosts: 216.239.32.20 google.com www.google.be O1 - Hosts: 216.239.32.20 google.com www.google.bf O1 - Hosts: 216.239.32.20 google.com www.google.bg O1 - Hosts: 216.239.32.20 google.com www.google.com.bh O1 - Hosts: 216.239.32.20 google.com www.google.bi O1 - Hosts: 216.239.32.20 google.com www.google.bj O1 - Hosts: 216.239.32.20 google.com www.google.com.bn O1 - Hosts: 216.239.32.20 google.com www.google.com.bo O1 - Hosts: 216.239.32.20 google.com www.google.com.br O1 - Hosts: 216.239.32.20 google.com www.google.bs O1 - Hosts: 216.239.32.20 google.com www.google.bt O1 - Hosts: 216.239.32.20 google.com www.google.co.bw O1 - Hosts: 216.239.32.20 google.com www.google.by O1 - Hosts: 216.239.32.20 google.com www.google.com.bz O1 - Hosts: 216.239.32.20 google.com www.google.ca O1 - Hosts: 216.239.32.20 google.com www.google.cd O1 - Hosts: 216.239.32.20 google.com www.google.cf O1 - Hosts: 216.239.32.20 google.com www.google.cg O1 - Hosts: 216.239.32.20 google.com www.google.ch O1 - Hosts: 216.239.32.20 google.com www.google.ci O1 - Hosts: 216.239.32.20 google.com www.google.co.ck O1 - Hosts: 216.239.32.20 google.com www.google.cl O1 - Hosts: 216.239.32.20 google.com www.google.cm O1 - Hosts: 216.239.32.20 google.com www.google.cn O1 - Hosts: 216.239.32.20 google.com www.google.com.co O1 - Hosts: 216.239.32.20 google.com www.google.co.cr O1 - Hosts: 216.239.32.20 google.com www.google.com.cu O1 - Hosts: 216.239.32.20 google.com www.google.cv O1 - Hosts: 216.239.32.20 google.com www.google.com.cy O1 - Hosts: 216.239.32.20 google.com www.google.cz O1 - Hosts: 216.239.32.20 google.com www.google.de O1 - Hosts: 216.239.32.20 google.com www.google.dj O1 - Hosts: 216.239.32.20 google.com www.google.dk O1 - Hosts: 216.239.32.20 google.com www.google.dm O1 - Hosts: 216.239.32.20 google.com www.google.com.do O1 - Hosts: 216.239.32.20 google.com www.google.dz O1 - Hosts: 216.239.32.20 google.com www.google.com.ec O1 - Hosts: 216.239.32.20 google.com www.google.ee O1 - Hosts: 216.239.32.20 google.com www.google.com.eg O1 - Hosts: 216.239.32.20 google.com www.google.es O1 - Hosts: 216.239.32.20 google.com www.google.com.et O1 - Hosts: 216.239.32.20 google.com www.google.fi O1 - Hosts: 216.239.32.20 google.com www.google.com.fj O1 - Hosts: 216.239.32.20 google.com www.google.fm O1 - Hosts: 216.239.32.20 google.com www.google.fr O1 - Hosts: 216.239.32.20 google.com www.google.ga O1 - Hosts: 216.239.32.20 google.com www.google.ge O1 - Hosts: 216.239.32.20 google.com www.google.gg O1 - Hosts: 216.239.32.20 google.com www.google.com.gh O1 - Hosts: 216.239.32.20 google.com www.google.com.gi O1 - Hosts: 216.239.32.20 google.com www.google.gl O1 - Hosts: 216.239.32.20 google.com www.google.gm O1 - Hosts: 216.239.32.20 google.com www.google.gp O1 - Hosts: 216.239.32.20 google.com www.google.gr O1 - Hosts: 216.239.32.20 google.com www.google.com.gt O1 - Hosts: 216.239.32.20 google.com www.google.gy O1 - Hosts: 216.239.32.20 google.com www.google.com.hk O1 - Hosts: 216.239.32.20 google.com www.google.hn O1 - Hosts: 216.239.32.20 google.com www.google.hr O1 - Hosts: 216.239.32.20 google.com www.google.ht O1 - Hosts: 216.239.32.20 google.com www.google.hu O1 - Hosts: 216.239.32.20 google.com www.google.co.id O1 - Hosts: 216.239.32.20 google.com www.google.ie O1 - Hosts: 216.239.32.20 google.com www.google.co.il O1 - Hosts: 216.239.32.20 google.com www.google.im O1 - Hosts: 216.239.32.20 google.com www.google.co.in O1 - Hosts: 216.239.32.20 google.com www.google.iq O1 - Hosts: 216.239.32.20 google.com www.google.is O1 - Hosts: 216.239.32.20 google.com www.google.it O1 - Hosts: 216.239.32.20 google.com www.google.je O1 - Hosts: 216.239.32.20 google.com www.google.com.jm O1 - Hosts: 216.239.32.20 google.com www.google.jo O1 - Hosts: 216.239.32.20 google.com www.google.co.jp O1 - Hosts: 216.239.32.20 google.com www.google.co.ke O1 - Hosts: 216.239.32.20 google.com www.google.com.kh O1 - Hosts: 216.239.32.20 google.com www.google.ki O1 - Hosts: 216.239.32.20 google.com www.google.kg O1 - Hosts: 216.239.32.20 google.com www.google.co.kr O1 - Hosts: 216.239.32.20 google.com www.google.com.kw O1 - Hosts: 216.239.32.20 google.com www.google.kz O1 - Hosts: 216.239.32.20 google.com www.google.la O1 - Hosts: 216.239.32.20 google.com www.google.com.lb O1 - Hosts: 216.239.32.20 google.com www.google.li [...] ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 214 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: CrossriderApp0054253 [64Bits] - {11111111-1111-1111-1111-110511421153} . (.Freeven - Freeven pro 1.2 BHO.) -- C:\Program Files (x86)\Freeven pro 1.2\Freeven pro 1.2-bho.dll =>PUP.CrossRider O2 - BHO: V-bates Helper [64Bits] - {21EAF666-26B3-4a3c-ABD0-CA2F5A326744} . (...) -- C:\Program Files\V-bates\Extension32.dll =>Adware.Incredibar O2 - BHO: SmartbarInternetExplorerBHOEngine [64Bits] - {31ad400d-1b06-4e33-a59a-90c2c140cba0} . (...) -- mscoree.dll (.not file.) =>Hijacker.SmartBar O2 - BHO: IETabPage Class [64Bits] - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} . (.Thinknice Co. Limited - SupTab setup package.) -- C:\Program Files (x86)\SupTab\SupTab.dll =>PUP.SupTab O2 - BHO: sAaviinshop [64Bits] - {BF75E54F-2F7A-4EE0-88BB-41DCD2D0D156} . (...) -- C:\ProgramData\sAaviinshop\6L8VbIl.dll =>PUP.SavinShop O2 - BHO: IEExtension.Extension [64Bits] - {d40c654d-7c51-4eb3-95b2-1e23905c2a2d} . (...) -- mscoree.dll (.not file.) ~ BHO: 16 Legitimates Filtered in 00mn 01s ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: Snap.Do - [HKLM]{ae07101b-46d4-4a98-af68-0333ea26e113} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation O3 - Toolbar\WebBrowser: (no name) - [HKCU]{1017A80C-6F09-4548-A84D-EDD6AC9525F0} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Desktop [Public]: NewPlayer.lnk . (...) -- C:\Program Files (x86)\NewPlayer\NewPlayer.exe =>Adware.NewPlayer O4 - GS\Program [Public]: OfferBox.lnk . (.Aedge Performance BCN SL - OfferBox.) -- C:\Program Files (x86)\OfferBox\OfferBox.exe =>PUP.OfferBox O4 - GS\QuickLaunch [asus]: PC Cleaner.lnk . (...) -- C:\Program Files (x86)\PC Cleaner\PCCleaner.exe (.not file.) =>USP.PCCleaner O4 - GS\Program [asus]: Search.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe http://feed.snapdo.com =>Hijacker.SmartBar ~ Global Startup: 5 Legitimates Filtered in 00mn 07s ---\\ Applications lancées au démarrage du système (O4) O4 - GS\Startup [Public]: SoftwareUpdater.lnk . (.Software Updater - Software Updater.) -- C:\Program Files (x86)\Software Updater\SoftwareUpdater.exe =>PUP.Eorezo O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe O4 - HKLM\..\Run: [lxdnmon.exe] . (.Pas de propriétaire - Printer Device Monitor.) -- C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe O4 - HKLM\..\Run: [EzPrint] . (.Lexmark International Inc. - Lexmark Fast Pics Application.) -- C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe O4 - HKCU\..\Run: [OfficeSyncProcess] . (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.exe O4 - HKCU\..\Run: [cacaoweb] . (...) -- C:\Users\asus\AppData\Roaming\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb O4 - HKCU\..\Run: [Bubble Dock] . (.Nosibay - Bubble Dock.) -- C:\Users\asus\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe =>PUP.BubbleDock O4 - HKCU\..\Run: [Browser Tab Search by Askx64] C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\BrowserTabSearch\msbloader64.exe (.not file.) =>PUP.MoviesToolbar O4 - HKCU\..\Run: [Browser Infrastructure Helper] . (.Smartbar - Smartbar.) -- C:\Users\asus\AppData\Local\Smartbar\Application\SnapDo.exe =>Hijacker.SmartBar O4 - HKLM\..\Wow6432Node\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe (.not file.) =>PUP.Mobogenie O4 - HKLM\..\Wow6432Node\Run: [fst_fr_170] . (...) -- C:\Program Files (x86)\fst_fr_170\fst_fr_170.exe =>Adware.FreeSoftToday O4 - HKLM\..\Wow6432Node\Run: [offerbox] . (.Aedge Performance BCN SL - OfferBox.) -- C:\Program Files (x86)\OfferBox\OfferBox.exe =>PUP.OfferBox O4 - HKLM\..\Wow6432Node\Run: [lxdnmon.exe] . (.Pas de propriétaire - Printer Device Monitor.) -- C:\Program Files (x86) (x86)\Lexmark 2600 Series\lxdnmon.exe O4 - HKLM\..\Wow6432Node\Run: [lxdnamon] . (...) -- C:\Program Files (x86) (x86)\Lexmark 2600 Series\lxdnamon.exe O4 - HKLM\..\Wow6432Node\Run: [EzPrint] . (.Lexmark International Inc. - Lexmark Fast Pics Application.) -- C:\Program Files (x86) (x86)\Lexmark 2600 Series\ezprint.exe O4 - HKLM\..\Wow6432Node\RunOnce: [upfst_fr_170.exe] . (...) -- C:\Users\asus\AppData\Local\fst_fr_170\upfst_fr_170.exe =>Adware.FreeSoftToday O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-3865638134-2310788458-2055670615-1000\..\Run: [OfficeSyncProcess] . (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.exe O4 - HKUS\S-1-5-21-3865638134-2310788458-2055670615-1000\..\Run: [cacaoweb] . (...) -- C:\Users\asus\AppData\Roaming\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb O4 - HKUS\S-1-5-21-3865638134-2310788458-2055670615-1000\..\Run: [Bubble Dock] . (.Nosibay - Bubble Dock.) -- C:\Users\asus\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe =>PUP.BubbleDock O4 - HKUS\S-1-5-21-3865638134-2310788458-2055670615-1000\..\Run: [Browser Tab Search by Askx64] C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\BrowserTabSearch\msbloader64.exe (.not file.) =>PUP.MoviesToolbar O4 - HKUS\S-1-5-21-3865638134-2310788458-2055670615-1000\..\Run: [Browser Infrastructure Helper] . (.Smartbar - Smartbar.) -- C:\Users\asus\AppData\Local\Smartbar\Application\SnapDo.exe =>Hijacker.SmartBar ~ Application: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: &Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll =>.Microsoft Corporation O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll =>.Microsoft Corporation ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{5BFEF337-06FD-47BE-B3D1-5F4C4484E85E}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{5BFEF337-06FD-47BE-B3D1-5F4C4484E85E}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{5BFEF337-06FD-47BE-B3D1-5F4C4484E85E}: DhcpNameServer = 212.27.40.240 212.27.40.241 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - AppInit_DLLs: . (.Skytech Co., Ltd. - Skytech.) - C:\Program Files (x86)\SupTab\SearchProtect64.dll =>PUP.SupTab ~ AppInit DLL: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Service Google Update (gupdate) (gupdate) . (...) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (.not file.) O23 - Service: IePlugin Service (IePluginService) . (.Cherished Technololgy LIMITED - IePlugin Service.) - C:\ProgramData\IePluginService\PluginService.exe =>Trojan.SProtector O23 - Service: LPT System Updater Service (LPTSystemUpdater) . (.Pas de propriétaire - srpts.) - C:\Program Files (x86)\LPT\srpts.exe =>Adware.Incredibar O23 - Service: Movie Mode (MovieMode) . (.GenTechnologies Apps, LLC - Movie Mode Service.) - C:\ProgramData\MovieMode\up\2.6.78\MovieModeService.exe =>PUP.MovieMode O23 - Service: NewPlayer Updater Service (NewPlayerUpdaterService) . (.Pas de propriétaire - NewPlayerUpdaterService.) - C:\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe =>Adware.NewPlayer O23 - Service: PirritDesktop (PirritDesktop) . (...) - C:\Users\asus\AppData\Local\PirritSuggestor\PirritService.exe =>PUP.PirritSuggestor O23 - Service: PirritUpdater (PirritUpdater) . (...) - C:\Program Files (x86)\Pirrit\AutoUpdater.exe =>PUP.PirritSuggestor O23 - Service: PriceMeterLiveUpdate Service (pricemeterliveUpdate) (pricemeterliveUpdate) . (.PriceMeter - PriceMeterLiveUpdate Update.) - C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe =>PUP.PriceMeter O23 - Service: SelectionTool (SelectionTool) . (...) - C:\Program Files (x86)\SelectionTool-soft\SelectionTool157.exe O23 - Service: V-bates Updater (V-bates Updater) . (...) - C:\Program Files\V-bates\ExtensionUpdaterService.exe =>Adware.Incredibar O23 - Service: Wajam Internet Enhancer Service (Wajam Internet Enhancer Service) . (.Wajam Internet Technologies Inc. - Wajam Internet Enhancer Service.) - C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe =>PUP.Wajam O23 - Service: WinRST (WinRST) . (...) - C:\Program Files (x86)\WinRST\WinRST.exe =>PUP.WinRST O23 - Service: Wpm Service (Wpm) . (.Cherished Technololgy LIMITED - WPM Service.) - C:\ProgramData\WPM\wprotectmanager.exe =>PUP.WpManager ~ Services: 18 Legitimates Filtered in 00mn 06s ---\\ Tâches planifiées en automatique (O39) [MD5.801C74158B846ED240233CA8FAC07461] [APT] [9fb77cad-fe80-4845-9628-2b66036ee0f2-1] (.Freeven.) -- C:\Program Files (x86)\Freeven pro 1.2\Freeven pro 1.2-codedownloader.exe [482152] =>PUP.Freeven [MD5.F0106D18D2786F9F1D2C89F745CFCAE9] [APT] [9fb77cad-fe80-4845-9628-2b66036ee0f2-2] (.Freeven.) -- C:\Program Files (x86)\Freeven pro 1.2\9fb77cad-fe80-4845-9628-2b66036ee0f2-2.exe [338792] =>PUP.Freeven [MD5.1FC0589E6D6879A4CC2335CBEEFC0687] [APT] [9fb77cad-fe80-4845-9628-2b66036ee0f2-3] (.Freeven.) -- C:\Program Files (x86)\Freeven pro 1.2\9fb77cad-fe80-4845-9628-2b66036ee0f2-3.exe [1865576] =>PUP.Freeven [MD5.12AE210FD7F106855E0A56B6360408C2] [APT] [9fb77cad-fe80-4845-9628-2b66036ee0f2-4] (.Freeven.) -- C:\Program Files (x86)\Freeven pro 1.2\9fb77cad-fe80-4845-9628-2b66036ee0f2-4.exe [801128] =>PUP.Freeven [MD5.C01FE604FDACF9FD558B19917D4E8C57] [APT] [9fb77cad-fe80-4845-9628-2b66036ee0f2-5] (.Freeven.) -- C:\Program Files (x86)\Freeven pro 1.2\9fb77cad-fe80-4845-9628-2b66036ee0f2-5.exe [325992] =>PUP.Freeven [MD5.DC12AAAE925C0211E4668B9C90BDD2BA] [APT] [Advanced System Protector_startup] (.Systweak.) -- C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe [6600048] =>PUP.AdvancedSystemProtector [MD5.00000000000000000000000000000000] [APT] [APSnotifierPP1] (...) -- C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe (.not file.) [0] =>PUP.AnyProtect [MD5.00000000000000000000000000000000] [APT] [APSnotifierPP2] (...) -- C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe (.not file.) [0] =>PUP.AnyProtect [MD5.00000000000000000000000000000000] [APT] [APSnotifierPP3] (...) -- C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe (.not file.) [0] =>PUP.AnyProtect [MD5.07605ABEB10FC533881C91F19DECF69A] [APT] [AutoKMS] (...) -- C:\Windows\AutoKMS\AutoKMS.exe [1923584] =>Trojan.Keygen [MD5.00000000000000000000000000000000] [APT] [Express FilesUpdate] (...) -- C:\Program Files (x86)\ExpressFiles\EFUpdater.exe (.not file.) [0] =>Adware.ExpressFiles [MD5.E4F815680844A22F663273FBFEBBF52D] [APT] [FF Watcher {0B917540-3050-4590-9C64-034BD18AF409}] (...) -- C:\Program Files\V-bates\PrefHelper.exe [336384] =>Adware.Incredibar [MD5.EF46205D284DFFE5AC49866003E24123] [APT] [FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl] (.Sien SA.) -- C:\Users\asus\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl\MinibarChrome.exe [869184] =>PUP.Minibar [MD5.6611F0E57AA3223FA798BE3F6D1DF458] [APT] [MySearchDial] (...) -- C:\Users\asus\AppData\Roaming\MySearchDial\UpdateProc\UpdateTask.exe [104960] =>Adware.MyWebSearch [MD5.C96477FF16BB1B3885D125B2D4CB870B] [APT] [pricemeterdownloader] (.PriceMeter.) -- C:\Users\asus\AppData\Local\PriceMeter\pricemeterd.exe [370184] =>PUP.PriceMeter [MD5.3D8B851E7EFCDC130E4B301BDDE10099] [APT] [PriceMeterLiveUpdateUpdateTaskMachineCore] (.PriceMeter.) -- C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe [150504] =>PUP.PriceMeter [MD5.3D8B851E7EFCDC130E4B301BDDE10099] [APT] [PriceMeterLiveUpdateUpdateTaskMachineUA] (.PriceMeter.) -- C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe [150504] =>PUP.PriceMeter [MD5.731D5021CC80657598F954A9007AFD94] [APT] [PriceMeterUpdater] (...) -- C:\Users\asus\AppData\Roaming\PriceMeterUpdater\UpdateProc\UpdateTask.exe [110592] =>PUP.PriceMeter [MD5.208F31C7823091F6925266C1906A27B1] [APT] [SelectionTool Update] (...) -- C:\Program Files (x86)\SelectionTool-soft\STupd.exe [321536] [MD5.385B043F340AB3A8DF69F66C4F5886AF] [APT] [SelectionTool_wd] (...) -- C:\Program Files (x86)\SelectionTool-soft\SelectionTool_wd.exe [93696] O39 - APT: 9fb77cad-fe80-4845-9628-2b66036ee0f2-1 - (.Freeven.) -- C:\Windows\Tasks\9fb77cad-fe80-4845-9628-2b66036ee0f2-1.job [1398] =>PUP.CrossRider O39 - APT: 9fb77cad-fe80-4845-9628-2b66036ee0f2-1 - (.Freeven.) -- C:\Windows\System32\Tasks\9fb77cad-fe80-4845-9628-2b66036ee0f2-1 [1398] =>PUP.CrossRider O39 - APT: 9fb77cad-fe80-4845-9628-2b66036ee0f2-2 - (.Freeven.) -- C:\Windows\Tasks\9fb77cad-fe80-4845-9628-2b66036ee0f2-2.job [1370] =>PUP.CrossRider O39 - APT: 9fb77cad-fe80-4845-9628-2b66036ee0f2-2 - (.Freeven.) -- C:\Windows\System32\Tasks\9fb77cad-fe80-4845-9628-2b66036ee0f2-2 [1370] =>PUP.CrossRider O39 - APT: 9fb77cad-fe80-4845-9628-2b66036ee0f2-3 - (.Freeven.) -- C:\Windows\Tasks\9fb77cad-fe80-4845-9628-2b66036ee0f2-3.job [2412] =>PUP.CrossRider O39 - APT: 9fb77cad-fe80-4845-9628-2b66036ee0f2-3 - (.Freeven.) -- C:\Windows\System32\Tasks\9fb77cad-fe80-4845-9628-2b66036ee0f2-3 [2412] =>PUP.CrossRider O39 - APT: 9fb77cad-fe80-4845-9628-2b66036ee0f2-4 - (.Freeven.) -- C:\Windows\Tasks\9fb77cad-fe80-4845-9628-2b66036ee0f2-4.job [2132] =>PUP.CrossRider O39 - APT: 9fb77cad-fe80-4845-9628-2b66036ee0f2-4 - (.Freeven.) -- C:\Windows\System32\Tasks\9fb77cad-fe80-4845-9628-2b66036ee0f2-4 [2132] =>PUP.CrossRider O39 - APT: 9fb77cad-fe80-4845-9628-2b66036ee0f2-5 - (.Freeven.) -- C:\Windows\Tasks\9fb77cad-fe80-4845-9628-2b66036ee0f2-5.job [1482] =>PUP.CrossRider O39 - APT: 9fb77cad-fe80-4845-9628-2b66036ee0f2-5 - (.Freeven.) -- C:\Windows\System32\Tasks\9fb77cad-fe80-4845-9628-2b66036ee0f2-5 [1482] =>PUP.CrossRider O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002] O39 - APT: APSnotifierPP1 - (...) -- C:\Windows\Tasks\APSnotifierPP1.job [382] =>PUP.AnyProtect O39 - APT: APSnotifierPP1 - (...) -- C:\Windows\System32\Tasks\APSnotifierPP1 [382] =>PUP.AnyProtect O39 - APT: APSnotifierPP2 - (...) -- C:\Windows\Tasks\APSnotifierPP2.job [378] =>PUP.AnyProtect O39 - APT: APSnotifierPP2 - (...) -- C:\Windows\System32\Tasks\APSnotifierPP2 [378] =>PUP.AnyProtect O39 - APT: APSnotifierPP3 - (...) -- C:\Windows\Tasks\APSnotifierPP3.job [378] =>PUP.AnyProtect O39 - APT: APSnotifierPP3 - (...) -- C:\Windows\System32\Tasks\APSnotifierPP3 [378] =>PUP.AnyProtect O39 - APT: AutoKMS - (...) -- C:\Windows\Tasks\AutoKMS.job [268] =>Trojan.Keygen O39 - APT: AutoKMS - (...) -- C:\Windows\System32\Tasks\AutoKMS [268] =>Trojan.Keygen O39 - APT: FF Watcher {0B917540-3050-4590-9C64-034BD18AF409} - (...) -- C:\Windows\Tasks\FF Watcher {0B917540-3050-4590-9C64-034BD18AF409}.job [280] O39 - APT: FF Watcher {0B917540-3050-4590-9C64-034BD18AF409} - (...) -- C:\Windows\System32\Tasks\FF Watcher {0B917540-3050-4590-9C64-034BD18AF409} [280] O39 - APT: MySearchDial - (...) -- C:\Windows\Tasks\MySearchDial.job [304] =>Adware.MyWebSearch O39 - APT: MySearchDial - (...) -- C:\Windows\System32\Tasks\MySearchDial [304] =>Adware.MyWebSearch O39 - APT: PriceMeterLiveUpdateUpdateTaskMachineCore - (.PriceMeter.) -- C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job [958] =>PUP.PriceMeter O39 - APT: PriceMeterLiveUpdateUpdateTaskMachineCore - (.PriceMeter.) -- C:\Windows\System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore [958] =>PUP.PriceMeter O39 - APT: PriceMeterLiveUpdateUpdateTaskMachineUA - (.PriceMeter.) -- C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job [962] =>PUP.PriceMeter O39 - APT: PriceMeterLiveUpdateUpdateTaskMachineUA - (.PriceMeter.) -- C:\Windows\System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA [962] =>PUP.PriceMeter O39 - APT: PriceMeterUpdater - (...) -- C:\Windows\Tasks\PriceMeterUpdater.job [314] =>PUP.PriceMeter O39 - APT: PriceMeterUpdater - (...) -- C:\Windows\System32\Tasks\PriceMeterUpdater [314] =>PUP.PriceMeter O39 - APT: SelectionTool Update - (...) -- C:\Windows\Tasks\SelectionTool Update.job [406] O39 - APT: SelectionTool Update - (...) -- C:\Windows\System32\Tasks\SelectionTool Update [406] O39 - APT: SelectionTool_wd - (...) -- C:\Windows\Tasks\SelectionTool_wd.job [412] O39 - APT: SelectionTool_wd - (...) -- C:\Windows\System32\Tasks\SelectionTool_wd [412] ~ Scheduled Task: 49 Legitimates Filtered in 00mn 09s ---\\ Pilotes lancés au démarrage du système (O41) O41 - Driver: ({552199fb-9890-4055-9aaf-b2f6d51d46e9}w64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{552199fb-9890-4055-9aaf-b2f6d51d46e9}w64.sys =>PUP.LinkiDoo ~ Drivers: 66 Legitimates Filtered in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: Advanced System Protector - (.Systweak Software.) [HKLM][64Bits] -- 00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1 =>PUP.AdvancedSystemProtector O42 - Logiciel: Freeven pro 1.2 - (.Freeven.) [HKLM][64Bits] -- Freeven pro 1.2 =>PUP.Freeven O42 - Logiciel: Iminent - (.Iminent.) [HKLM][64Bits] -- IMBoosterARP =>Adware.IMBooster O42 - Logiciel: LPT System Updater Service - (.LPT.) [HKLM][64Bits] -- {BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24} =>Adware.IncrediBar O42 - Logiciel: Movie Mode - (.GenTechnologies Apps, LLC.) [HKLM][64Bits] -- MovieMode =>PUP.MovieMode O42 - Logiciel: My 7 CustoBox - (.Http://www.My7Vision.Fr.) [HKLM][64Bits] -- {C1942FF7-ACAA-42AF-BF1D-9A5440401AA6}_is1 O42 - Logiciel: Mysearchdial - (.Mysearchdial.) [HKLM][64Bits] -- mysearchdial =>Adware.MyWebSearch O42 - Logiciel: NewPlayer - (...) [HKLM][64Bits] -- NewPlayer =>Adware.NewPlayer O42 - Logiciel: SelectionTool - (.SelectionTool Software.) [HKLM][64Bits] -- 9288f417-7d88-4ac0-89eb-7c81559e985e O42 - Logiciel: Update for PriceMeter - (.Update for PriceMeter.) [HKCU][64Bits] -- PriceMeterUpdater =>PUP.PriceMeter O42 - Logiciel: V-bates 2.0.0.438 - (.Southstarco.) [HKLM][64Bits] -- {21EAF666-26B3-4a3c-ABD0-CA2F5A326744}_is1 =>Adware.Incredibar O42 - Logiciel: VO Package - (...) [HKLM][64Bits] -- VOPackage =>Adware.Downware O42 - Logiciel: WPM17.8.0.3442 - (.Cherished Technololgy LIMITED.) [HKLM][64Bits] -- WPM =>PUP.WpManager O42 - Logiciel: Wajam - (.Wajam.) [HKLM][64Bits] -- Wajam =>PUP.Wajam O42 - Logiciel: fst_fr_170 - (.free_soft_today.) [HKLM][64Bits] -- fst_fr_170_is1 =>Adware.FreeSoftToday O42 - Logiciel: fst_fr_26 - (.FREESOFTTODAY.) [HKLM][64Bits] -- fst_fr_26_is1 =>Adware.FreeSoftToday O42 - Logiciel: sAaviinshop - (.SiaaveiNshoop.) [HKLM][64Bits] -- {70BD2558-27DA-8B02-02D0-D8704ECD2EDF} =>PUP.SavinShop ~ Logic: 35 Legitimates Filtered in 00mn 01s ---\\ HKCU & HKLM Software Keys [HKCU\Software\AnyProtect] =>PUP.AnyProtect [HKCU\Software\ExpressFiles] =>Adware.ExpressFiles [HKCU\Software\Iminent] =>Adware.IMBooster [HKCU\Software\InstallCore] =>Adware.InstallCore [HKCU\Software\InstalledBrowserExtensions] =>Adware.VidSaver [HKCU\Software\OB] [HKCU\Software\OfferBox] =>PUP.OfferBox [HKCU\Software\PriceMeter] =>PUP.PriceMeter [HKCU\Software\SmartbarBackup] =>Hijacker.SmartBar [HKCU\Software\SmartbarLog] =>Hijacker.SmartBar [HKCU\Software\Smartbar] =>Hijacker.SmartBar [HKCU\Software\TutoTag] =>AgenceExclusive [HKCU\Software\Tutorials] =>AgenceExclusive [HKCU\Software\Wajam] =>PUP.Wajam [HKCU\Software\WinkHandler] =>Adware.IMBooster [HKCU\Software\cacaoweb] =>PUP.CacaoWeb [HKCU\Software\freesofttoday] =>Adware.FreeSoftToday [HKCU\Software\lollipop] =>Adware.Lollipop [HKCU\Software\mysearchdial] =>Adware.MyWebSearch [HKLM\Software\InstalledBrowserExtensions] =>Adware.VidSaver [HKLM\Software\V-bates] =>Adware.Incredibar [HKLM\Software\Wow6432Node\DealPlyLive] =>PUP.DealPly [HKLM\Software\Wow6432Node\ExpressFiles] =>Adware.ExpressFiles [HKLM\Software\Wow6432Node\FREESOFTTODAY] =>Adware.FreeSoftToday [HKLM\Software\Wow6432Node\IePlugin] [HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster [HKLM\Software\Wow6432Node\InstallCore] =>Adware.InstallCore [HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>Adware.VidSaver [HKLM\Software\Wow6432Node\MaxPower] [HKLM\Software\Wow6432Node\MySearchDial] =>Adware.MyWebSearch [HKLM\Software\Wow6432Node\RST] [HKLM\Software\Wow6432Node\Tutorials] =>AgenceExclusive [HKLM\Software\Wow6432Node\Umbrella] [HKLM\Software\Wow6432Node\V-bates] =>Adware.Incredibar [HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager [HKLM\Software\Wow6432Node\free_soft_today] =>Adware.FreeSoftToday [HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab [HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager ~ Key Software: 217 Legitimates Filtered in 00mn 01s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 07/10/2008 - 00:14:41 - [] ----D C:\Program Files (x86)\Advanced System Protector =>PUP.AdvancedSystemProtector O43 - CFD: 07/10/2008 - 00:37:10 - [] ----D C:\Program Files (x86)\Freeven pro 1.2 =>PUP.Freeven O43 - CFD: 07/10/2008 - 01:58:50 - [] ----D C:\Program Files (x86)\fst_fr_170 =>Adware.FreeSoftToday O43 - CFD: 07/10/2008 - 00:14:41 - [] ----D C:\Program Files (x86)\fst_fr_26 =>Adware.FreeSoftToday O43 - CFD: 07/10/2008 - 00:18:49 - [] ----D C:\Program Files (x86)\HQTotal1.2 O43 - CFD: 01/05/2014 - 17:03:37 - [] ----D C:\Program Files (x86)\LPT =>Adware.Incredibar O43 - CFD: 13/01/2014 - 19:35:12 - [] ----D C:\Program Files (x86)\My 7 CustoBox O43 - CFD: 07/10/2008 - 01:58:08 - [] ----D C:\Program Files (x86)\Mysearchdial =>Adware.MyWebSearch O43 - CFD: 07/10/2008 - 00:37:09 - [] ----D C:\Program Files (x86)\NewPlayer =>Adware.NewPlayer O43 - CFD: 29/04/2014 - 17:29:12 - [] ----D C:\Program Files (x86)\OfferBox =>PUP.OfferBox O43 - CFD: 07/10/2008 - 00:32:46 - [] ----D C:\Program Files (x86)\RegClean Pro =>Rogue.RegistryPowerCleaner O43 - CFD: 07/10/2008 - 00:18:48 - [] ----D C:\Program Files (x86)\SaveClicker =>PUP.SaveClicker O43 - CFD: 07/10/2008 - 00:14:40 - [] ----D C:\Program Files (x86)\SelectionTool-soft O43 - CFD: 07/10/2008 - 00:04:31 - [] ----D C:\Program Files (x86)\Supporter =>PUP.SaveClicker O43 - CFD: 29/03/2014 - 20:27:33 - [] ----D C:\Program Files (x86)\SupTab =>PUP.SupTab O43 - CFD: 07/10/2008 - 00:14:42 - [] ----D C:\Program Files (x86)\Wajam =>PUP.Wajam O43 - CFD: 30/03/2014 - 19:16:46 - [] ----D C:\Program Files (x86)\WinRST =>PUP.WinRST O43 - CFD: 29/04/2014 - 17:28:29 - [] ----D C:\Program Files (x86)\Common Files\Umbrella O43 - CFD: 07/10/2008 - 00:41:39 - [] ----D C:\ProgramData\96ff9d90da9b675f O43 - CFD: 30/03/2014 - 17:53:00 - [0] ----D C:\ProgramData\BitGuard =>PUP.BitGuard O43 - CFD: 30/03/2014 - 17:53:00 - [0] ----D C:\ProgramData\Browser Manager O43 - CFD: 30/03/2014 - 17:53:01 - [0] ----D C:\ProgramData\BrowserProtect =>Hijacker.Eazel O43 - CFD: 15/04/2014 - 13:35:21 - [] ----D C:\ProgramData\IePluginService =>Trojan.SProtector O43 - CFD: 07/10/2008 - 00:11:22 - [] ----D C:\ProgramData\MovieMode =>PUP.MovieMode O43 - CFD: 07/10/2008 - 00:41:37 - [] ----D C:\ProgramData\sAaviinshop =>PUP.SavinShop O43 - CFD: 07/10/2008 - 00:18:46 - [] ----D C:\ProgramData\SaveClicker =>PUP.SaveClicker O43 - CFD: 29/03/2014 - 20:27:21 - [] ----D C:\ProgramData\WPM =>PUP.WpManager O43 - CFD: 07/10/2008 - 00:58:02 - [0] ----D C:\Users\asus\AppData\Roaming\Activeris =>PUP.Activeris O43 - CFD: 08/05/2014 - 20:44:09 - [] ----D C:\Users\asus\AppData\Roaming\cacaoweb =>PUP.CacaoWeb O43 - CFD: 29/04/2014 - 17:28:00 - [] ----D C:\Users\asus\AppData\Roaming\driver O43 - CFD: 30/03/2014 - 17:31:45 - [] ----D C:\Users\asus\AppData\Roaming\ExpressFiles =>Adware.ExpressFiles O43 - CFD: 08/05/2014 - 14:38:27 - [] ----D C:\Users\asus\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl O43 - CFD: 07/10/2008 - 01:58:08 - [] ----D C:\Users\asus\AppData\Roaming\mysearchdial =>Adware.MyWebSearch O43 - CFD: 29/04/2014 - 17:29:16 - [] ----D C:\Users\asus\AppData\Roaming\OfferBox =>PUP.OfferBox O43 - CFD: 07/10/2008 - 00:13:54 - [] ----D C:\Users\asus\AppData\Roaming\PriceMeterUpdater =>PUP.PriceMeter O43 - CFD: 29/03/2014 - 20:27:31 - [] ----D C:\Users\asus\AppData\Roaming\SupTab =>PUP.SupTab O43 - CFD: 29/04/2014 - 17:29:29 - [] ----D C:\Users\asus\AppData\Roaming\VOPackage =>Adware.Downware O43 - CFD: 07/10/2008 - 00:39:26 - [] ----D C:\Users\asus\AppData\Local\com O43 - CFD: 08/05/2014 - 15:39:49 - [] ----D C:\Users\asus\AppData\Local\fst_fr_170 =>Adware.FreeSoftToday O43 - CFD: 07/10/2008 - 01:31:52 - [] ----D C:\Users\asus\AppData\Local\fst_fr_26 =>Adware.FreeSoftToday O43 - CFD: 05/04/2014 - 21:27:27 - [0] ----D C:\Users\asus\AppData\Local\Lollipop =>Adware.Lollipop O43 - CFD: 29/04/2014 - 17:45:08 - [] ----D C:\Users\asus\AppData\Local\LPT =>Adware.Incredibar O43 - CFD: 08/05/2014 - 20:56:46 - [] ----D C:\Users\asus\AppData\Local\MovieMode =>PUP.MovieMode O43 - CFD: 07/10/2008 - 00:37:48 - [] ----D C:\Users\asus\AppData\Local\newplayer =>Adware.NewPlayer O43 - CFD: 07/10/2008 - 00:14:42 - [] ----D C:\Users\asus\AppData\Local\PriceMeter =>PUP.PriceMeter O43 - CFD: 29/04/2014 - 17:45:03 - [] ----D C:\Users\asus\AppData\Local\Smartbar =>Hijacker.SmartBar O43 - CFD: 30/03/2014 - 19:16:50 - [0] ----D C:\Users\asus\AppData\Local\WinRST =>PUP.WinRST O43 - CFD: 07/10/2008 - 00:14:41 - [] ----D C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceMeter =>PUP.PriceMeter O43 - CFD: 07/10/2008 - 00:14:41 - [] ----D C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage =>Adware.Downware ~ Program Folder: 156 Legitimates Filtered in 00mn 01s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.4B333D3CC96AE66BD754329FD2989EE2] - 01/05/2014 - 18:40:47 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [72822] O44 - LFC:[MD5.8DF678FD93646AED6724FD7DE4294DC7] - 01/05/2014 - 18:43:00 ---A- . (...) -- C:\Windows\IE9_main.log [4599] O44 - LFC:[MD5.C236A8735A48B165A2A7724357DBE332] - 03/05/2014 - 14:26:21 ---A- . (...) -- C:\Windows\System32\RacRules.xml [105559] O44 - LFC:[MD5.5EC92F0EAE3CA59F647C3CA5AA7CB053] - 03/05/2014 - 14:26:29 ---A- . (...) -- C:\Windows\System32\systemsf.ebd [347904] O44 - LFC:[MD5.5C18CD22BE4628865FCB63337A6E5EF6] - 03/05/2014 - 14:26:35 ---A- . (...) -- C:\Windows\System32\ScavengeSpace.xml [10429] O44 - LFC:[MD5.4FD50C55D8BF9F3AF5F4306FBB8839FD] - 03/05/2014 - 14:32:01 ---A- . (...) -- C:\lxdn.log [600] O44 - LFC:[MD5.3A42C362161C7EAB1B672A2E2BBABBDC] - 03/05/2014 - 14:54:13 ---A- . (...) -- C:\Windows\System32\LXDNinst.dll [528384] O44 - LFC:[MD5.40707F4E1D40B8D163D508DA1541D13C] - 03/05/2014 - 14:54:13 ---A- . (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\System32\LXDNhcp.dll [672256] O44 - LFC:[MD5.C64A2460DFF515A6C356886EDDBD0CD4] - 03/05/2014 - 14:54:38 ---A- . (...) -- C:\Windows\System32\LexFiles.ulf [16629] O44 - LFC:[MD5.AC705DD883AB3E34D20BE0B516B4D832] - 24/04/2014 - 11:19:46 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{552199fb-9890-4055-9aaf-b2f6d51d46e9}w64.sys [61112] =>PUP.LinkiDoo O44 - LFC:[MD5.14B3A55E048392DA9D3131F2EED071FE] - 29/04/2014 - 16:59:32 ---A- . (...) -- C:\lxdncomx.log [180] ~ Files: 991 Legitimates Filtered in 01mn 58s ---\\ Opérations et fonctions au démarrage de Windows Explorer (O46) O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\Microsoft Office\Office14\GROOVEEX.DLL O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\Microsoft Office\Office14\GROOVEEX.DLL ~ ShellExecuteHooks: Scanned in 00mn 00s ---\\ Image File Execution Options (IFEO) (O50) O50 - IFEO:Image File Execution Options - bitguard.exe - tasklist.exe =>PUP.BitGuard O50 - IFEO:Image File Execution Options - bprotect.exe - tasklist.exe O50 - IFEO:Image File Execution Options - bpsvc.exe - tasklist.exe O50 - IFEO:Image File Execution Options - browsemngr.exe - tasklist.exe O50 - IFEO:Image File Execution Options - browserdefender.exe - tasklist.exe =>Hijacker.Eazel O50 - IFEO:Image File Execution Options - browsermngr.exe - tasklist.exe =>PUP.Babylon O50 - IFEO:Image File Execution Options - browserprotect.exe - tasklist.exe =>Hijacker.Eazel O50 - IFEO:Image File Execution Options - browsersafeguard.exe - tasklist.exe =>PUP.BrowserSafeguard O50 - IFEO:Image File Execution Options - bundlesweetimsetup.exe - tasklist.exe =>PUP.SweetIM O50 - IFEO:Image File Execution Options - cltmngsvc.exe - tasklist.exe O50 - IFEO:Image File Execution Options - DatamngrCoordinator.exe - tasklist.exe =>PUP.Datamngr O50 - IFEO:Image File Execution Options - delta babylon.exe - tasklist.exe =>PUP.Babylon O50 - IFEO:Image File Execution Options - delta tb.exe - tasklist.exe O50 - IFEO:Image File Execution Options - delta2.exe - tasklist.exe O50 - IFEO:Image File Execution Options - deltainstaller.exe - tasklist.exe O50 - IFEO:Image File Execution Options - deltasetup.exe - tasklist.exe O50 - IFEO:Image File Execution Options - deltatb.exe - tasklist.exe =>Toolbar.DeltaSearch O50 - IFEO:Image File Execution Options - deltatb_2501-c733154b.exe - tasklist.exe =>Toolbar.DeltaSearch O50 - IFEO:Image File Execution Options - dprotectsvc.exe - tasklist.exe =>Trojan.Staser O50 - IFEO:Image File Execution Options - iminentsetup.exe - tasklist.exe =>Adware.IMBooster O50 - IFEO:Image File Execution Options - protectedsearch.exe - tasklist.exe =>Spyware.ProtectedSearch O50 - IFEO:Image File Execution Options - rjatydimofu.exe - tasklist.exe O50 - IFEO:Image File Execution Options - searchprotection.exe - tasklist.exe =>Toolbar.Conduit O50 - IFEO:Image File Execution Options - searchprotector.exe - tasklist.exe =>Toolbar.Conduit O50 - IFEO:Image File Execution Options - snapdo.exe - tasklist.exe =>Hijacker.SmartBar O50 - IFEO:Image File Execution Options - stinst32.exe - tasklist.exe O50 - IFEO:Image File Execution Options - stinst64.exe - tasklist.exe O50 - IFEO:Image File Execution Options - sweetimsetup.exe - tasklist.exe =>PUP.SweetIM O50 - IFEO:Image File Execution Options - tbdelta.exetoolbar783881609.exe - tasklist.exe O50 - IFEO:Image File Execution Options - utiljumpflip.exe - tasklist.exe =>PUP.JumpFlip ~ IFEO: Scanned in 00mn 00s ---\\ Clé de registre Shell MountPoints2 (MPKS) (O51) O51 - MPSK:{fefd17cc-d138-11e3-a9a5-002354810931}\AutoRun\command. (...) -- E:\iLinker.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 O55 - MWPS:[HKLM\...\Policies\System] - "RunLogonScriptSync"=1 O55 - MWPS:[HKLM\...\Policies\System] - "SynchronousMachineGroupPolicy"=0 O55 - MWPS:[HKLM\...\Policies\System] - "SynchronousUserGroupPolicy"=0 ~ MWPS: 20 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56) O56 - MWPE:[HKCU\...\policies\Explorer] - "LinkResolveIgnoreLinkInfo"=1 O56 - MWPE:[HKCU\...\policies\Explorer] - "NoResolveSearch"=1 O56 - MWPE:[HKCU\...\policies\Explorer] - "NoResolveTrack"=1 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 8 Legitimates Filtered in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:09/08/2007 - 00:21:00 ---A- . (.Pas de propriétaire - ATK0100 ACPI Utility.) -- C:\Windows\System32\Drivers\ATK64AMD.sys [13680] O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496] O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232] O58 - SDL:18/11/2006 - 12:07:48 ---A- . (.REDC - RICOH xD SM Driver.) -- C:\Windows\System32\Drivers\rixdpx64.sys [55296] O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656] O58 - SDL:24/04/2014 - 11:19:46 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{552199fb-9890-4055-9aaf-b2f6d51d46e9}w64.sys [61112] =>PUP.LinkiDoo ~ Drivers: 48 Legitimates Filtered in 00mn 01s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Liste les services legacy du registre (LALS) (O64) O64 - Services: CurCS - 24/04/2014 - C:\Windows\System32\drivers\{552199fb-9890-4055-9aaf-b2f6d51d46e9}w64.sys ({552199fb-9890-4055-9aaf-b2f6d51d46e9}w64) .(.StdLib - StdLib.) - LEGACY_{552199FB-9890-4055-9AAF-B2F6D51D46E9}W64 =>PUP.LinkiDoo ~ Legacy: 71 Legitimates Filtered in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://start.qone8.com =>Hijacker.Qone8 ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {006ee092-9658-4fd6-bd8e-a21a348e59f5} [DefaultScope] - (Web Search) - http://feed.snapdo.com =>Hijacker.SmartBar O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKUS\.DEFAULT] {006ee092-9658-4fd6-bd8e-a21a348e59f5} [DefaultScope] - (Web Search) - http://feed.snapdo.com =>Hijacker.SmartBar O69 - SBI: SearchScopes [HKUS\S-1-5-18] {006ee092-9658-4fd6-bd8e-a21a348e59f5} [DefaultScope] - (Web Search) - http://feed.snapdo.com =>Hijacker.SmartBar ~ Keys: Scanned in 00mn 00s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.6DBF73D20C7532592C5749381A3C24DE] [SPRF][08/05/2014] (...) -- C:\Users\asus\Desktop\cacaoweb.exe [489984] =>PUP.CacaoWeb ~ Files: 1 Legitimates Filtered in 00mn 00s ---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS) [MD5.09D232ED38DC5023D3E61A6B890144EC] [WIS][29/04/2014] (.ReSoft Ltd. - Snap.Do.) -- C:\Windows\Installer\526ede.msi [10108928] =>Hijacker.SmartBar [MD5.0018C0854FB76747B5FCECD34856186D] [WIS][08/04/2014] (.LPT - LPT System Updater Service.) -- C:\Windows\Installer\526ee3.msi [1892352] =>Adware.IncrediBar ~ WIS: 2 Legitimates Filtered in 00mn 01s ---\\ Recherche de clés de registre Tracing (O100) HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32 =>PUP.MyPCBackup HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS =>PUP.MyPCBackup HKLM\SOFTWARE\Microsoft\Tracing\MovieMode64_RASAPI32 =>PUP.MovieMode HKLM\SOFTWARE\Microsoft\Tracing\MovieMode64_RASMANCS =>PUP.MovieMode HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASAPI32 =>Adware.NewPlayer HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASMANCS =>Adware.NewPlayer HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ActiverisAntiMalware_RASAPI32 =>PUP.Activeris HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ActiverisAntiMalware_RASMANCS =>PUP.Activeris HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32 =>PUP.AdvancedSystemProtector HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS =>PUP.AdvancedSystemProtector HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AnyProtectScannerSetup_RASAPI32 =>PUP.AnyProtect HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AnyProtectScannerSetup_RASMANCS =>PUP.AnyProtect HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bubble Dock AddonsUI_RASAPI32 =>PUP.BubbleDock HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bubble Dock AddonsUI_RASMANCS =>PUP.BubbleDock HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bubble Dock BSetup_RASAPI32 =>PUP.BubbleDock HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bubble Dock BSetup_RASMANCS =>PUP.BubbleDock HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bubble Dock Update_RASAPI32 =>PUP.BubbleDock HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bubble Dock Update_RASMANCS =>PUP.BubbleDock HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bubble Dock_RASAPI32 =>PUP.BubbleDock HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bubble Dock_RASMANCS =>PUP.BubbleDock HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ExpressFiles_RASAPI32 =>Adware.ExpressFiles HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ExpressFiles_RASMANCS =>Adware.ExpressFiles HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Freeven pro 1_RASAPI32 =>PUP.Freeven HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Freeven pro 1_RASMANCS =>PUP.Freeven HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\fst_fr_170_RASAPI32 =>Adware.FreeSoftToday HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\fst_fr_170_RASMANCS =>Adware.FreeSoftToday HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Iminent_RASAPI32 =>Adware.IMBooster HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Iminent_RASMANCS =>Adware.IMBooster HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InstallManagerR_RASAPI32 =>PUP.Manager HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InstallManagerR_RASMANCS =>PUP.Manager HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Install_BubbleDock_FR_RASAPI32 =>PUP.BubbleDock HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Install_BubbleDock_FR_RASMANCS =>PUP.BubbleDock HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Lollipop_RASAPI32 =>Adware.Lollipop HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Lollipop_RASMANCS =>Adware.Lollipop HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Mobogenie_RASAPI32 =>PUP.Mobogenie HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Mobogenie_RASMANCS =>PUP.Mobogenie HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MovieModeService_RASAPI32 =>PUP.MovieMode HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MovieModeService_RASMANCS =>PUP.MovieMode HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MovieMode_RASAPI32 =>PUP.MovieMode HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MovieMode_RASMANCS =>PUP.MovieMode HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MySearchDial_RASAPI32 =>Adware.MyWebSearch HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MySearchDial_RASMANCS =>Adware.MyWebSearch HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NewPlayer_RASAPI32 =>Adware.NewPlayer HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NewPlayer_RASMANCS =>Adware.NewPlayer HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\OfferBoxUpdateService_RASAPI32 =>PUP.OfferBox HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\OfferBoxUpdateService_RASMANCS =>PUP.OfferBox HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\offerbox_RASAPI32 =>PUP.OfferBox HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\offerbox_RASMANCS =>PUP.OfferBox HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\OptimizerPro_RASAPI32 =>PUP.OptimizerPro HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\OptimizerPro_RASMANCS =>PUP.OptimizerPro HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\OptProStart_RASAPI32 =>PUP.OptimizerPro HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\OptProStart_RASMANCS =>PUP.OptimizerPro HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PCSpeedMaximizer_RASAPI32 =>Rogue.PCSpeedMaximizer HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PCSpeedMaximizer_RASMANCS =>Rogue.PCSpeedMaximizer HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PirritDesktop_RASAPI32 =>PUP.PirritSuggestor HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PirritDesktop_RASMANCS =>PUP.PirritSuggestor HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PirritSuggestor_InstallMonetizer_RASAPI32 =>PUP.PirritSuggestor HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PirritSuggestor_InstallMonetizer_RASMANCS =>PUP.PirritSuggestor HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\pricemeterd_RASAPI32 =>PUP.PriceMeter HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\pricemeterd_RASMANCS =>PUP.PriceMeter HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftwareUpdater_RASAPI32 =>PUP.Eorezo HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftwareUpdater_RASMANCS =>PUP.Eorezo HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\speedupmypc_RASAPI32 =>PUP.SpeedUpMyPC HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\speedupmypc_RASMANCS =>PUP.SpeedUpMyPC HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SupTab_RASAPI32 =>PUP.SupTab HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SupTab_RASMANCS =>PUP.SupTab HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Uninstall Bubble Dock_RASAPI32 =>PUP.BubbleDock HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Uninstall Bubble Dock_RASMANCS =>PUP.BubbleDock HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\upfst_fr_170_RASAPI32 =>Adware.FreeSoftToday HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\upfst_fr_170_RASMANCS =>Adware.FreeSoftToday HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\upfst_fr_26_RASAPI32 =>Adware.FreeSoftToday HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\upfst_fr_26_RASMANCS =>Adware.FreeSoftToday HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\VOPackage_RASAPI32 =>Adware.Downware HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\VOPackage_RASMANCS =>Adware.Downware HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancerService_RASAPI32 =>PUP.Wajam HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancerService_RASMANCS =>PUP.Wajam HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32 =>PUP.Wajam HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS =>PUP.Wajam HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wajam_download_RASAPI32 =>PUP.Wajam HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wajam_download_RASMANCS =>PUP.Wajam HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wajam_install_RASAPI32 =>PUP.Wajam HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wajam_install_RASMANCS =>PUP.Wajam HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wpm_RASAPI32 =>PUP.WpManager HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wpm_RASMANCS =>PUP.WpManager ~ BTK: 373 Legitimates Filtered in 00mn 00s ---\\ Recherche de clés de registre CLSID (O101) [HKCR\CLSID\{11111111-1111-1111-1111-110511421153}] (Freeven pro 1.2) =>PUP.Freeven [HKCR\CLSID\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] (V-bates) =>Adware.Incredibar [HKCR\CLSID\{22222222-2222-2222-2222-220522422253}] (CrossriderApp0054253.Sandbox) =>PUP.CrossRider [HKCR\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}] (SmartbarInternetExplorerBHOEngine) =>Hijacker.SmartBar [HKCR\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}] (Snap.Do) =>Hijacker.SmartBar ~ BCK: 4290 Legitimates Filtered in 00mn 07s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 02/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Auto 10/07/1658 0 | (gupdate) . (...) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 10/07/1658 0 | (gupdatem) . (...) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Auto 20/06/2013 336704 | (OfferBox update service) . (.Aedge Performance BCN SL.) - C:\Program Files (x86)\OfferBox\OfferBoxUpdateService.exe =>PUP.OfferBox SS - | Auto 30/03/2014 150504 | (pricemeterliveUpdate) . (.PriceMeter.) - C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe =>PUP.PriceMeter SS - | Demand 30/03/2014 150504 | (pricemeterliveUpdatem) . (.PriceMeter.) - C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe =>PUP.PriceMeter SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 11/04/2014 705136 | (IePluginService) . (.Cherished Technololgy LIMITED.) - C:\ProgramData\IePluginService\PluginService.exe =>Trojan.SProtector SR - | Auto 08/04/2014 37920 | (LPTSystemUpdater) . (...) - C:\Program Files (x86)\LPT\srpts.exe =>Adware.Incredibar SR - | Auto 28/11/2007 1039872 | (lxdn_device) . (...) - C:\Windows\system32\lxdncoms.exe SR - | Auto 06/10/2008 66704 | (MovieMode) . (.GenTechnologies Apps, LLC.) - C:\ProgramData\MovieMode\up\2.6.78\MovieModeService.exe =>PUP.MovieMode SR - | Auto 23/10/2013 23808 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe SR - | Auto 16/04/2014 11776 | (NewPlayerUpdaterService) . (...) - C:\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe =>Adware.NewPlayer SR - | Auto 18/01/2013 884512 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe SR - | Auto 26/02/2013 1260320 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe SR - | Auto 20/02/2014 52568 | (PirritDesktop) . (...) - C:\Users\asus\AppData\Local\PirritSuggestor\PirritService.exe =>PUP.PirritSuggestor SR - | Auto 20/02/2014 59904 | (PirritUpdater) . (...) - C:\Program Files (x86)\Pirrit\AutoUpdater.exe =>PUP.PirritSuggestor SR - | Auto 17/03/2014 196096 | (SelectionTool) . (...) - C:\Program Files (x86)\SelectionTool-soft\SelectionTool157.exe SR - | Auto 18/01/2013 383264 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe SR - | Auto 28/01/2014 209408 | (V-bates Updater) . (...) - C:\Program Files\V-bates\ExtensionUpdaterService.exe =>Adware.Incredibar SR - | Auto 28/03/2014 210432 | (Wajam Internet Enhancer Service) . (.Wajam Internet Technologies Inc..) - C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe =>PUP.Wajam SR - | Auto 26/02/2014 59904 | (WinRST) . (...) - C:\Program Files (x86)\WinRST\WinRST.exe =>PUP.WinRST SR - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation SR - | Auto 29/03/2014 496640 | (Wpm) . (.Cherished Technololgy LIMITED.) - C:\ProgramData\WPM\wprotectmanager.exe =>PUP.WpManager SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 09s ---\\ Scan Additionnel (O88) Database Version : 13045 - (08/05/2014) Clés trouvées (Keys found) : 135 Valeurs trouvées (Values found) : 8 Dossiers trouvés (Folders found) : 50 Fichiers trouvés (Files found) : 102 [HKLM\Software\Google\Chrome\Extensions\hnabdehiamfmckjabaejlcjopbcnfkmh] =>PUP.PriceDownloader^ [HKLM\Software\Google\Chrome\Extensions\leahdjjpjmnamomgpojikeapflgbmjab] =>PUP.CacaoWeb^ [HKLM\Software\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma] =>PUP.QuickStart^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511421153}] =>PUP.CrossRider^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}] =>Adware.Incredibar^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}] =>Hijacker.SmartBar^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}] =>PUP.SupTab^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF75E54F-2F7A-4EE0-88BB-41DCD2D0D156}] =>PUP.SavinShop^ [HKLM\SYSTEM\CurrentControlSet\Services\IePluginService] =>Trojan.SProtector^ [HKLM\SYSTEM\CurrentControlSet\Services\LPTSystemUpdater] =>Adware.Incredibar^ [HKLM\SYSTEM\CurrentControlSet\Services\MovieMode] =>PUP.MovieMode^ [HKLM\SYSTEM\CurrentControlSet\Services\NewPlayerUpdaterService] =>Adware.NewPlayer^ [HKLM\SYSTEM\CurrentControlSet\Services\PirritDesktop] =>PUP.PirritSuggestor^ [HKLM\SYSTEM\CurrentControlSet\Services\PirritUpdater] =>PUP.PirritSuggestor^ [HKLM\SYSTEM\CurrentControlSet\Services\pricemeterliveUpdate) (pricemeterliveUpdate] =>PUP.PriceMeter^ [HKLM\SYSTEM\CurrentControlSet\Services\V-bates Updater] =>Adware.Incredibar^ [HKLM\SYSTEM\CurrentControlSet\Services\Wajam Internet Enhancer Service] =>PUP.Wajam^ [HKLM\SYSTEM\CurrentControlSet\Services\WinRST] =>PUP.WinRST^ [HKLM\SYSTEM\CurrentControlSet\Services\Wpm] =>PUP.WpManager^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1] =>PUP.AdvancedSystemProtector^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Freeven pro 1.2] =>PUP.Freeven^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP] =>Adware.IMBooster^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}] =>Adware.IncrediBar^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MovieMode] =>PUP.MovieMode^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\mysearchdial] =>Adware.MyWebSearch^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\NewPlayer] =>Adware.NewPlayer^ [HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\PriceMeterUpdater] =>PUP.PriceMeter^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}_is1] =>Adware.Incredibar^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage] =>Adware.Downware^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WPM] =>PUP.WpManager^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Wajam] =>PUP.Wajam^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\fst_fr_170_is1] =>Adware.FreeSoftToday^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\fst_fr_26_is1] =>Adware.FreeSoftToday^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{70BD2558-27DA-8B02-02D0-D8704ECD2EDF}] =>PUP.SavinShop^ [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}] =>Hijacker.SmartBar [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}] =>Hijacker.SmartBar [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0EE02110-967B-4256-ACA6-BC8AC7CB7E61}] =>Toolbar.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer [HKLM\Software\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}] =>Toolbar.Expresso [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}] =>Toolbar.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}] =>Toolbar.Agent [HKLM\Software\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}] =>Toolbar.Agent [HKLM\Software\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}] =>Hijacker.SmartBar [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}] =>Adware.IMBooster [HKLM\Software\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}] =>Hijacker.SmartBar [HKLM\Software\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}] =>Hijacker.SmartBar [HKLM\Software\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}] =>Hijacker.SmartBar [HKLM\Software\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Toolbar.Ask [HKLM\Software\Classes\Interface\{8216BD4A-4DC2-4DCE-9AFF-C86C5ACC6757}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{8216BD4A-4DC2-4DCE-9AFF-C86C5ACC6757}] =>PUP.Babylon [HKLM\Software\Classes\TypeLib\{8ABB9FA2-0740-4AD9-8F54-1192254B3CF4}] =>Toolbar.Agent [HKLM\Software\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}] =>Toolbar.Expresso [HKLM\Software\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}] =>Toolbar.Expresso [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}] =>Adware.Bandoo [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113}] =>Adware.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ae07101b-46d4-4a98-af68-0333ea26e113}] =>Adware.Agent [HKLM\Software\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}] =>Adware.Agent [HKLM\Software\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}] =>Toolbar.Agent [HKLM\Software\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}] =>Hijacker.SmartBar [HKLM\Software\Classes\Interface\{D4D390BE-98E6-4633-AD1B-B18B54BE5E76}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{D4D390BE-98E6-4633-AD1B-B18B54BE5E76}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}] =>Adware.IMBooster [HKLM\Software\Classes\AppID\esrv.EXE] =>PUP.Babylon [HKLM\Software\Classes\AppID\Extension.DLL] =>Toolbar.Expresso [HKLM\Software\Classes\Extension.ExtensionHelperObject] =>Toolbar.Expresso [HKLM\Software\Classes\Extension.ExtensionHelperObject.1] =>Toolbar.Expresso [HKLM\Software\Classes\OfferBoxUI.TheBoxCtrl] =>PUP.OfferBox [HKLM\Software\Classes\OfferBoxUI.TheBoxCtrl.1] =>PUP.OfferBox [HKLM\Software\Wow6432Node\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl] =>Adware.IMBooster [HKCU\Software\cacaoweb] =>PUP.CacaoWeb [HKCU\Software\lollipop] =>Adware.Lollipop [HKCU\Software\Iminent] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster [HKCU\Software\OfferBox] =>PUP.OfferBox [HKLM\Software\Wow6432Node\OfferBox] =>PUP.OfferBox [HKCU\Software\SmartbarBackup] =>Hijacker.SmartBar [HKCU\Software\SmartbarLog] =>Hijacker.SmartBar [HKCU\Software\Tutorials] =>Spyware.AgenceExclusive [HKLM\Software\Wow6432Node\Tutorials] =>Spyware.AgenceExclusive [HKLM\Software\Wow6432Node\Microsoft\Tracing\Iminent_RASAPI32] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Microsoft\Tracing\Iminent_RASMANCS] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Microsoft\Tracing\optprostart_RASMANCS] =>PUP.OptimizerPro [HKLM\Software\Wow6432Node\Microsoft\Tracing\optprostart_RASAPI32] =>PUP.OptimizerPro [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\OfferBox] =>PUP.OfferBox [HKLM\Software\Wow6432Node\Microsoft\Tracing\offerbox_RASAPI32] =>PUP.OfferBox [HKLM\Software\Wow6432Node\Microsoft\Tracing\offerbox_RASMANCS] =>PUP.OfferBox [HKLM\Software\Wow6432Node\Microsoft\Tracing\OfferBoxUpdateService_RASAPI32] =>PUP.OfferBox [HKLM\Software\Wow6432Node\Microsoft\Tracing\OfferBoxUpdateService_RASMANCS] =>PUP.OfferBox [HKCU\Software\InstallCore] =>Adware.InstallCore [HKLM\Software\Wow6432Node\InstallCore] =>Adware.InstallCore [HKLM\Software\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}] =>Adware.Agent [HKLM\Software\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}] =>Adware.MagniPic [HKLM\Software\Wow6432Node\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}] =>Adware.MagniPic [HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider [HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider [HKCU\Software\SoftwareUpdater] =>Hijacker.Eazel [HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider [HKLM\Software\InstalledBrowserExtensions] =>PUP.CrossRider [HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>PUP.CrossRider [HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro [HKLM\Software\Wow6432Node\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro [HKLM\Software\Wow6432Node\Microsoft\Tracing\Mobogenie_RASAPI32] =>PUP.Mobogenie [HKLM\Software\Wow6432Node\Microsoft\Tracing\Mobogenie_RASMANCS] =>PUP.Mobogenie [HKLM\Software\Wow6432Node\Microsoft\Tracing\optimizerpro_RASAPI32] =>PUP.OptimizerPro [HKLM\Software\Wow6432Node\Microsoft\Tracing\optimizerpro_RASMANCS] =>PUP.OptimizerPro [HKLM\Software\Wow6432Node\Microsoft\Tracing\speedupmypc_RASAPI32] =>PUP.SpeedUpMyPC [HKLM\Software\Wow6432Node\Microsoft\Tracing\speedupmypc_RASMANCS] =>PUP.SpeedUpMyPC [HKLM\Software\Classes\TypeLib\{F126C9FC-9299-40F2-BD42-C59023AD1E7F}] =>PUP.GetNow [HKLM\Software\Classes\Interface\{237FDFDB-3722-470E-8BA8-90196DABE967}] =>PUP.GetNow [HKLM\Software\Wow6432Node\Classes\Interface\{237FDFDB-3722-470E-8BA8-90196DABE967}] =>PUP.GetNow [HKLM\Software\Classes\CrossriderApp0054253.BHO] =>PUP.CrossRider [HKLM\Software\Classes\CrossriderApp0054253.BHO.1] =>PUP.CrossRider [HKLM\Software\Classes\CrossriderApp0054253.Sandbox] =>PUP.CrossRider [HKLM\Software\Classes\CrossriderApp0054253.Sandbox.1] =>PUP.CrossRider [HKLM\Software\Classes\Iminent] =>Adware.IMBooster [HKLM\Software\Classes\esrv.mysearchdialESrvc] =>Adware.MyWebSearch [HKLM\Software\Classes\esrv.mysearchdialESrvc.1] =>Adware.MyWebSearch [HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110511421153}] =>PUP.CrossRider [HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220522422253}] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CrossriderApp0054253.BHO] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CrossriderApp0054253.BHO.1] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CrossriderApp0054253.Sandbox] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CrossriderApp0054253.Sandbox.1] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\Iminent] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\esrv.mysearchdialESrvc] =>Adware.MyWebSearch [HKLM\Software\Wow6432Node\Classes\esrv.mysearchdialESrvc.1] =>Adware.MyWebSearch [HKLM\Software\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110511421153}] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220522422253}] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511421153}] =>PUP.CrossRider [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488}] =>Adware.Bandoo^ [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:cacaoweb =>PUP.CacaoWeb^ [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:mobilegeni daemon =>PUP.Mobogenie^ [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]:upfst_fr_170.exe =>Adware.FreeSoftToday^ C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnabdehiamfmckjabaejlcjopbcnfkmh =>PUP.PriceDownloader^ C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\leahdjjpjmnamomgpojikeapflgbmjab =>PUP.CacaoWeb^ C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma =>PUP.QuickStart^ C:\Program Files (x86)\Advanced System Protector =>PUP.AdvancedSystemProtector^ C:\Program Files (x86)\Freeven pro 1.2 =>PUP.Freeven^ C:\Program Files (x86)\fst_fr_170 =>Adware.FreeSoftToday^ C:\Program Files (x86)\fst_fr_26 =>Adware.FreeSoftToday^ C:\Program Files (x86)\LPT =>Adware.Incredibar^ C:\Program Files (x86)\Mysearchdial =>Adware.MyWebSearch^ C:\Program Files (x86)\NewPlayer =>Adware.NewPlayer^ C:\Program Files (x86)\OfferBox =>PUP.OfferBox^ C:\Program Files (x86)\RegClean Pro =>Rogue.RegistryPowerCleaner^ C:\Program Files (x86)\SaveClicker =>PUP.SaveClicker^ C:\Program Files (x86)\Supporter =>PUP.SaveClicker^ C:\Program Files (x86)\SupTab =>PUP.SupTab^ C:\Program Files (x86)\Wajam =>PUP.Wajam^ C:\Program Files (x86)\WinRST =>PUP.WinRST^ C:\ProgramData\BitGuard =>PUP.BitGuard^ C:\ProgramData\BrowserProtect =>Hijacker.Eazel^ C:\ProgramData\IePluginService =>Trojan.SProtector^ C:\ProgramData\MovieMode =>PUP.MovieMode^ C:\ProgramData\sAaviinshop =>PUP.SavinShop^ C:\ProgramData\SaveClicker =>PUP.SaveClicker^ C:\ProgramData\WPM =>PUP.WpManager^ C:\Users\asus\AppData\Roaming\Activeris =>PUP.Activeris^ C:\Users\asus\AppData\Roaming\cacaoweb =>PUP.CacaoWeb^ C:\Users\asus\AppData\Roaming\ExpressFiles =>Adware.ExpressFiles^ C:\Users\asus\AppData\Roaming\mysearchdial =>Adware.MyWebSearch^ C:\Users\asus\AppData\Roaming\OfferBox =>PUP.OfferBox^ C:\Users\asus\AppData\Roaming\PriceMeterUpdater =>PUP.PriceMeter^ C:\Users\asus\AppData\Roaming\SupTab =>PUP.SupTab^ C:\Users\asus\AppData\Roaming\VOPackage =>Adware.Downware^ C:\Users\asus\AppData\Local\fst_fr_170 =>Adware.FreeSoftToday^ C:\Users\asus\AppData\Local\fst_fr_26 =>Adware.FreeSoftToday^ C:\Users\asus\AppData\Local\Lollipop =>Adware.Lollipop^ C:\Users\asus\AppData\Local\LPT =>Adware.Incredibar^ C:\Users\asus\AppData\Local\MovieMode =>PUP.MovieMode^ C:\Users\asus\AppData\Local\newplayer =>Adware.NewPlayer^ C:\Users\asus\AppData\Local\PriceMeter =>PUP.PriceMeter^ C:\Users\asus\AppData\Local\Smartbar =>Hijacker.SmartBar^ C:\Users\asus\AppData\Local\WinRST =>PUP.WinRST^ C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceMeter =>PUP.PriceMeter^ C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage =>Adware.Downware^ C:\Program Files (x86)\Amazon Browser Bar =>Toolbar.Amazon C:\Program Files (x86)\Common Files\Umbrella =>Adware.IMBooster C:\ProgramData\Browser Manager =>PUP.Babylon C:\Users\asus\AppData\Local\Amazon Browser Bar =>Toolbar.Amazon C:\Users\asus\AppData\LocalLow\Smartbar =>Hijacker.SmartBar C:\Users\asus\AppData\Local\Temp\Iminent =>Adware.IMBooster C:\Users\asus\AppData\Local\Temp\Smartbar =>Hijacker.SmartBar [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSetProgramAccessAndDefaults: Modified =>PUA.StartShow^ C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe =>PUP.AdvancedSystemProtector^ C:\ProgramData\MovieMode\up\2.6.78\MovieMode.exe =>PUP.MovieMode^ C:\Users\asus\AppData\Local\PirritSuggestor\PirritDesktop.exe =>PUP.PirritSuggestor^ C:\Users\asus\AppData\Local\fst_fr_170\upfst_fr_170.exe =>Adware.FreeSoftToday^ C:\Users\asus\AppData\Roaming\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb^ C:\Program Files (x86)\fst_fr_170\fst_fr_170.exe =>Adware.FreeSoftToday^ C:\Program Files (x86)\Software Updater\SoftwareUpdater.exe =>PUP.Eorezo^ C:\Program Files (x86)\OfferBox\OfferBox.exe =>PUP.OfferBox^ C:\Users\asus\AppData\Local\LPT\srptm.exe =>Adware.Incredibar^ C:\ProgramData\IePluginService\PluginService.exe =>Trojan.SProtector^ C:\ProgramData\WPM\wprotectmanager.exe =>PUP.WpManager^ C:\Program Files (x86)\LPT\srpts.exe =>Adware.Incredibar^ C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe =>PUP.PriceMeter^ C:\ProgramData\MovieMode\up\2.6.78\MovieModeService.exe =>PUP.MovieMode^ C:\Users\asus\AppData\Local\PirritSuggestor\PirritService.exe =>PUP.PirritSuggestor^ C:\Program Files (x86)\Pirrit\AutoUpdater.exe =>PUP.PirritSuggestor^ C:\Program Files\V-bates\ExtensionUpdaterService.exe =>Adware.Incredibar^ C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe =>PUP.Wajam^ C:\Program Files (x86)\WinRST\WinRST.exe =>PUP.WinRST^ C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancer.exe =>PUP.Wajam^ C:\Program Files (x86)\Freeven pro 1.2\Freeven pro 1.2-codedownloader.exe =>PUP.Freeven^ C:\Program Files (x86)\Freeven pro 1.2\9fb77cad-fe80-4845-9628-2b66036ee0f2-2.exe =>PUP.Freeven^ C:\Program Files (x86)\Freeven pro 1.2\9fb77cad-fe80-4845-9628-2b66036ee0f2-3.exe =>PUP.Freeven^ C:\Program Files (x86)\Freeven pro 1.2\9fb77cad-fe80-4845-9628-2b66036ee0f2-4.exe =>PUP.Freeven^ C:\Program Files (x86)\Freeven pro 1.2\9fb77cad-fe80-4845-9628-2b66036ee0f2-5.exe =>PUP.Freeven^ C:\Windows\AutoKMS\AutoKMS.exe =>Trojan.Keygen^ C:\Program Files\V-bates\PrefHelper.exe =>Adware.Incredibar^ C:\Users\asus\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl\MinibarChrome.exe =>PUP.Minibar^ C:\Users\asus\AppData\Roaming\MySearchDial\UpdateProc\UpdateTask.exe =>Adware.MyWebSearch^ C:\Users\asus\AppData\Local\PriceMeter\pricemeterd.exe =>PUP.PriceMeter^ C:\Users\asus\AppData\Roaming\PriceMeterUpdater\UpdateProc\UpdateTask.exe =>PUP.PriceMeter^ C:\Windows\Tasks\9fb77cad-fe80-4845-9628-2b66036ee0f2-1.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\9fb77cad-fe80-4845-9628-2b66036ee0f2-1 =>PUP.CrossRider^ C:\Windows\Tasks\9fb77cad-fe80-4845-9628-2b66036ee0f2-2.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\9fb77cad-fe80-4845-9628-2b66036ee0f2-2 =>PUP.CrossRider^ C:\Windows\Tasks\9fb77cad-fe80-4845-9628-2b66036ee0f2-3.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\9fb77cad-fe80-4845-9628-2b66036ee0f2-3 =>PUP.CrossRider^ C:\Windows\Tasks\9fb77cad-fe80-4845-9628-2b66036ee0f2-4.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\9fb77cad-fe80-4845-9628-2b66036ee0f2-4 =>PUP.CrossRider^ C:\Windows\Tasks\9fb77cad-fe80-4845-9628-2b66036ee0f2-5.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\9fb77cad-fe80-4845-9628-2b66036ee0f2-5 =>PUP.CrossRider^ C:\Windows\Tasks\APSnotifierPP1.job =>PUP.AnyProtect^ C:\Windows\System32\Tasks\APSnotifierPP1 =>PUP.AnyProtect^ C:\Windows\Tasks\APSnotifierPP2.job =>PUP.AnyProtect^ C:\Windows\System32\Tasks\APSnotifierPP2 =>PUP.AnyProtect^ C:\Windows\Tasks\APSnotifierPP3.job =>PUP.AnyProtect^ C:\Windows\System32\Tasks\APSnotifierPP3 =>PUP.AnyProtect^ C:\Windows\Tasks\AutoKMS.job =>Trojan.Keygen^ C:\Windows\System32\Tasks\AutoKMS =>Trojan.Keygen^ C:\Windows\Tasks\MySearchDial.job =>Adware.MyWebSearch^ C:\Windows\System32\Tasks\MySearchDial =>Adware.MyWebSearch^ C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job =>PUP.PriceMeter^ C:\Windows\System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore =>PUP.PriceMeter^ C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job =>PUP.PriceMeter^ C:\Windows\System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA =>PUP.PriceMeter^ C:\Windows\Tasks\PriceMeterUpdater.job =>PUP.PriceMeter^ C:\Windows\System32\Tasks\PriceMeterUpdater =>PUP.PriceMeter^ [HKCU\Software\AnyProtect] =>PUP.AnyProtect^ [HKCU\Software\ExpressFiles] =>Adware.ExpressFiles^ [HKCU\Software\PriceMeter] =>PUP.PriceMeter^ [HKCU\Software\Smartbar] =>Hijacker.SmartBar^ [HKCU\Software\Wajam] =>PUP.Wajam^ [HKCU\Software\WinkHandler] =>Adware.IMBooster^ [HKCU\Software\freesofttoday] =>Adware.FreeSoftToday^ [HKCU\Software\mysearchdial] =>Adware.MyWebSearch^ [HKLM\Software\V-bates] =>Adware.Incredibar^ [HKLM\Software\Wow6432Node\DealPlyLive] =>PUP.DealPly^ [HKLM\Software\Wow6432Node\ExpressFiles] =>Adware.ExpressFiles^ [HKLM\Software\Wow6432Node\FREESOFTTODAY] =>Adware.FreeSoftToday^ [HKLM\Software\Wow6432Node\MySearchDial] =>Adware.MyWebSearch^ [HKLM\Software\Wow6432Node\V-bates] =>Adware.Incredibar^ [HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager^ [HKLM\Software\Wow6432Node\free_soft_today] =>Adware.FreeSoftToday^ [HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab^ [HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager^ C:\Users\asus\Desktop\cacaoweb.exe =>PUP.CacaoWeb^ C:\Windows\Installer\526ede.msi =>Hijacker.SmartBar^ C:\Windows\Installer\526ee3.msi =>Adware.IncrediBar^ [HKCR\CLSID\{11111111-1111-1111-1111-110511421153}] (Freeven pro 1.2) =>PUP.Freeven^ [HKCR\CLSID\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] (V-bates) =>Adware.Incredibar^ [HKCR\CLSID\{22222222-2222-2222-2222-220522422253}] (CrossriderApp0054253.Sandbox) =>PUP.CrossRider^ [HKCR\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}] (SmartbarInternetExplorerBHOEngine) =>Hijacker.SmartBar^ [HKCR\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}] (Snap.Do) =>Hijacker.SmartBar^ C:\Users\asus\AppData\Local\Temp\OB.exe =>PUP.OfferBox C:\Users\asus\AppData\Local\Temp\BundleSweetIMSetup.exe =>PUP.SweetIM C:\Users\asus\AppData\Local\Temp\MybabylonTB.exe =>PUP.SweetIM C:\Users\asus\AppData\Local\Temp\nsb7591.exe =>Toolbar.Conduit C:\Users\asus\AppData\Local\Temp\nsd20C1.exe =>Toolbar.Conduit C:\Users\asus\AppData\Local\Temp\nsdF52C.exe =>Toolbar.Conduit C:\Users\asus\AppData\Local\Temp\nsiF06A.exe =>Toolbar.Conduit C:\Users\asus\AppData\Local\Temp\nsy2499.exe =>Toolbar.Conduit C:\Users\asus\AppData\Local\Temp\spidentifierimpl.exe =>Toolbar.Conduit C:\Users\asus\AppData\Local\Temp\SPSetup.exe =>Toolbar.Conduit ~ Additionnel Scan: 190433 Items scanned in 03mn 03s ---\\ Récapitulatif des détections trouvées sur votre station http://nicolascoolman.webs.com/apps/blog/show/34077727-pua-startshow =>PUA.StartShow http://nicolascoolman.byethost7.com/wordpress/pup-advancedsystemprotector/ =>PUP.AdvancedSystemProtector http://nicolascoolman.webs.com/apps/blog/show/41590424-pup-pirritsuggestor =>PUP.PirritSuggestor http://nicolascoolman.byethost7.com/wordpress/adware-freesofttoday/ =>Adware.FreeSoftToday http://nicolascoolman.byethost7.com/wordpress/pup-cacaoweb/ =>PUP.CacaoWeb http://nicolascoolman.byethost7.com/wordpress/pup-eorezo/ =>PUP.Eorezo http://nicolascoolman.byethost7.com/wordpress/pup-offerbox/ =>PUP.OfferBox http://nicolascoolman.byethost7.com/wordpress/adware-incredibar/ =>Adware.Incredibar http://nicolascoolman.byethost7.com/wordpress/trojan-sprotector/ =>Trojan.SProtector http://nicolascoolman.byethost7.com/wordpress/pup-wpmanager/ =>PUP.WpManager http://nicolascoolman.webs.com/apps/blog/show/41981105-pup-pricemeter =>PUP.PriceMeter http://nicolascoolman.byethost7.com/wordpress/pup-wajam/ =>PUP.Wajam http://nicolascoolman.webs.com/apps/blog/show/41962558-pup-quickstart =>PUP.QuickStart http://nicolascoolman.byethost7.com/wordpress/hijacker-smartbar/ =>Hijacker.SmartBar http://nicolascoolman.byethost7.com/wordpress/adware-mywebsearch/ =>Adware.MyWebSearch http://nicolascoolman.webs.com/apps/blog/show/33262880-hijacker-qone8 =>Hijacker.Qone8 http://nicolascoolman.byethost7.com/wordpress/hijacker-proxy/ =>Hijacker.Proxy http://nicolascoolman.byethost7.com/wordpress/pup-crossrider/ =>PUP.CrossRider http://nicolascoolman.byethost7.com/wordpress/pup-suptab/ =>PUP.SupTab http://nicolascoolman.webs.com/apps/blog/show/29956939-usp-pccleaner =>USP.PCCleaner http://nicolascoolman.byethost7.com/wordpress/pup-bubbledock/ =>PUP.BubbleDock http://nicolascoolman.webs.com/apps/blog/show/33744863-pup-moviestoolbar =>PUP.MoviesToolbar http://nicolascoolman.byethost7.com/wordpress/pup-mobogenie/ =>PUP.Mobogenie http://nicolascoolman.byethost7.com/wordpress/pup-anyprotect/ =>PUP.AnyProtect http://nicolascoolman.webs.com/apps/blog/show/26753274-adware-expressfiles =>Adware.ExpressFiles http://nicolascoolman.webs.com/apps/blog/show/34407192-pup-minibar =>PUP.Minibar http://nicolascoolman.byethost7.com/wordpress/pup-linkidoo/ =>PUP.LinkiDoo http://nicolascoolman.byethost7.com/wordpress/adware-imbooster/ =>Adware.IMBooster http://nicolascoolman.webs.com/apps/blog/show/26690384-adware-downware =>Adware.Downware http://nicolascoolman.byethost7.com/wordpress/adware-installcore =>Adware.InstallCore http://nicolascoolman.byethost7.com/wordpress/adware-vidsaver/ =>Adware.VidSaver http://nicolascoolman.byethost7.com/wordpress/spyware-agenceexclusive/ =>AgenceExclusive http://nicolascoolman.byethost7.com/wordpress/adware-lollipop/ =>Adware.Lollipop http://nicolascoolman.byethost7.com/wordpress/pup-dealply/ =>PUP.DealPly http://nicolascoolman.webs.com/apps/blog/show/29295819-rogue-registrypowercleaner =>Rogue.RegistryPowerCleaner http://nicolascoolman.webs.com/apps/blog/show/41737185-pup-saveclicker =>PUP.SaveClicker http://nicolascoolman.webs.com/apps/blog/show/32979753-pup-bitguard =>PUP.BitGuard http://nicolascoolman.byethost7.com/wordpress/hijacker-eazel/ =>Hijacker.Eazel http://nicolascoolman.webs.com/apps/blog/show/41903075-pup-activeris =>PUP.Activeris http://nicolascoolman.byethost7.com/wordpress/pup-babylon/ =>PUP.Babylon http://nicolascoolman.webs.com/apps/blog/show/32799788-pup-browsersafeguard =>PUP.BrowserSafeguard http://nicolascoolman.byethost7.com/wordpress/pup-sweetim/ =>PUP.SweetIM http://nicolascoolman.byethost7.com/wordpress/pup-datamngr =>PUP.Datamngr http://nicolascoolman.byethost7.com/wordpress/toolbar-deltasearch/ =>Toolbar.DeltaSearch http://nicolascoolman.byethost7.com/wordpress/trojan-staser/ =>Trojan.Staser http://nicolascoolman.webs.com/apps/blog/show/33367156-spyware-protectedsearch =>Spyware.ProtectedSearch http://nicolascoolman.byethost7.com/wordpress/toolbar-conduit/ =>Toolbar.Conduit http://nicolascoolman.byethost7.com/wordpress/pup-mypcbackup/ =>PUP.MyPCBackup http://nicolascoolman.byethost7.com/wordpress/pup-manager/ =>PUP.Manager http://nicolascoolman.byethost7.com/wordpress/pup-optimizerpro/ =>PUP.OptimizerPro http://nicolascoolman.byethost7.com/wordpress/rogue-pcspeedmaximizer/ =>Rogue.PCSpeedMaximizer http://nicolascoolman.byethost7.com/wordpress/adware-spointer/ =>Adware.SPointer http://nicolascoolman.byethost7.com/wordpress/toolbar-ask/ =>Toolbar.Ask http://nicolascoolman.byethost7.com/wordpress/adware-bandoo/ =>Adware.Bandoo http://nicolascoolman.webs.com/apps/blog/show/26632189-adware-magnipic =>Adware.MagniPic http://nicolascoolman.byethost7.com/wordpress/pup-getnow/ =>PUP.GetNow ~ MSI: 56 link(s) detected in 00mn 00s ~ 1740 Legitimates filtered by white list End of the scan (1230 lines in 06mn 20s)(0)