~ Rapport de ZHPDiag v2014.5.18.67 - Nicolas Coolman (18/05/2014) ~ Lancé par nino (19/05/2014 14:51:08) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Blog d'analyse software : http://nicolascoolman.byethost7.com ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/ ~ Traduit par Nicolas Coolman ~ Etat de la version : ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Activate by user ---\\ Navigateurs Internet MSIE: Internet Explorer v9.0.8112.16421 ---\\ Informations sur les produits Windows ~ Langage: Français Windows Vista (TM) Home Premium, 64-bit Service Pack 2 (Build 6002) Windows Server License Manager Script : OK ~ Windows Operating System - Vista, OEM_SLP channel System Locked Preinstallation (OEM_SLP) : OK Windows ID Activation : OK ~ Windows Partial Key : WQD8Q Windows License : OK Windows Automatic Updates : OK ---\\ Logiciels de protection du système Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft Security Client FR-FR Language Pack v2.1.1116.0 ---\\ Logiciels d'optimisation du système CCleaner v4.06 ---\\ Logiciels de partage PeerToPeer ---\\ Surveillance de Logiciels Adobe Flash Player 13 Plugin Adobe Reader 8.3.1 - Français ---\\ Informations sur le système ~ Processor: Intel64 Family 6 Model 15 Stepping 13, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 4093 MB (36% free) System Restore: Activé (Enable) System drive C: has 426 GB (73%) free of 583 GB ---\\ Mode de connexion au système ~ Computer Name: PC-DE-NINO ~ User Name: nino ~ All Users Names: nino, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Users\nino\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\nino\AppData\Roaming\ ~ %Desktop% : C:\Users\nino\Desktop\ ~ %Favorites% : C:\Users\nino\Favorites\ ~ %LocalAppData% : C:\Users\nino\AppData\Local\ ~ %StartMenu% : C:\Users\nino\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 426 Go of 583 Go) D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 13 Go) E: CD-ROM drive (Not Inserted) G: Floppy drive, Flash card reader, USB Key (Not Inserted) H: Floppy drive, Flash card reader, USB Key (Not Inserted) I: Floppy drive, Flash card reader, USB Key (Not Inserted) J: Floppy drive, Flash card reader, USB Key (Not Inserted) ---\\ Etat du Centre de Sécurité Windows [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date ~ Security Center: 50 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.6B08E54A451B3F95E4109DBA7E594270] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 08:10:17.) -- C:\Windows\Explorer.exe [3079168] [MD5.117EA87DF785CA1B9D821F6F213DCE07] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 - 03:50:23.) -- C:\Windows\System32\Wininit.exe [123904] [MD5.56932FF02302B2A294A2221FF7FF1F06] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.08/03/2014 - 04:40:14.) -- C:\Windows\System32\wininet.dll [1392128] [MD5.6D0773A3A65D28B663F334C90441D01A] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 08:11:08.) -- C:\Windows\System32\Winlogon.exe [405504] [MD5.2BA159E1F9FD75F6A496742B20F1D9CF] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.04/09/2013 - 03:31:51.) -- C:\Windows\system32\Drivers\AFD.sys [404992] [MD5.E68D9B3A3905619732F7FE039466A623] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 08:15:00.) -- C:\Windows\system32\Drivers\atapi.sys [20952] [MD5.B4D787DB8D30793A4D4DF9FEED18F136] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:50:39.) -- C:\Windows\system32\Drivers\Cdfs.sys [90624] [MD5.C025AA69BE3D0D25C7A2E746EF6F94FC] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 06:34:39.) -- C:\Windows\system32\Drivers\Cdrom.sys [79872] [MD5.8B722BA35205C71E7951CDC4CDBADE19] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 16:14:19.) -- C:\Windows\system32\Drivers\DfsC.sys [97792] [MD5.F942C5820205F2FB453243EDFEC82A3D] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 06:39:41.) -- C:\Windows\system32\Drivers\HDAudBus.sys [948736] [MD5.CBB597659A2713CE0C9CC20C88C7591F] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:46:59.) -- C:\Windows\system32\Drivers\i8042prt.sys [64000] [MD5.B7E6212F581EA5F6AB0C3A6CEEEB89BE] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:48:45.) -- C:\Windows\system32\Drivers\IpNat.sys [115712] [MD5.1485811B320FF8C7EDAD1CAEBB1C6C2B] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:39:34.) -- C:\Windows\system32\Drivers\MRxSmb.sys [135680] [MD5.FC2C792EBDDC8E28DF939D6A92C83D61] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 06:42:33.) -- C:\Windows\system32\Drivers\netBT.sys [248320] [MD5.2ACCAA3C3C55370A32F17B3595E1A217] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.03/03/2013 - 20:13:14.) -- C:\Windows\system32\Drivers\ntfs.sys [1513320] [MD5.AECD57F94C887F58919F307C35498EA0] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 10:37:57.) -- C:\Windows\system32\Drivers\Parport.sys [96768] [MD5.AC7BC4D42A7E558718DFDEC599BBFC2C] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.11/04/2009 - 06:43:38.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928] [MD5.C045D1FB111C28DF0D1BE8D4BDA22C06] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/01/2008 - 03:46:51.) -- C:\Windows\system32\Drivers\rdpdr.sys [314368] [MD5.290B6F6A0EC4FCDFC90F5CB6D7020473] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 06:42:19.) -- C:\Windows\system32\Drivers\smb.sys [88064] [MD5.458919C8C42E398DC4802178D5FFEE27] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 06:43:00.) -- C:\Windows\system32\Drivers\tdx.sys [94720] [MD5.582F710097B46140F5A89A19A6573D4B] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/08/2012 - 12:50:57.) -- C:\Windows\system32\Drivers\volsnap.sys [267648] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 1/50 ~ Mes musiques (My Musics) : 7/139 ~ Mes Videos (My Videos) : 1/2 ~ Mes Favoris (My Favorites) : 1/32 ~ Mes Documents (My Documents) : 2/455 ~ Mon Bureau (My Desktop) : 1/932 ~ Menu demarrer (Programs) : 1/34 ~ Hidden Files: Scanned in 00mn 00s ---\\ Processus lancés [MD5.66295B0D0FB2292C6D62904F5C3DE0B2] - (...) -- C:\Program Files (x86)\Orange\Orange Installer\OrangeInstaller.exe [561320] [PID.2204] [MD5.095184B28B8414A6D2D09C1CE7C7B86F] - (.Orange - Executable Orange Inside.) -- C:\Users\nino\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe [1530520] [PID.2216] [MD5.596C3DD487001E237CCE431EAE6F3EA0] - (.Hewlett-Packard - HP Advisor.) -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1689144] [PID.2352] [MD5.A40824624D8667FE31333B0CEB936169] - (.Sony - Sony PC Companion.) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449760] [PID.2464] [MD5.31EBC020D9B2D6239E2AF90BD48B6E60] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [20587680] [PID.2488] [MD5.6528D7D23AB7EE8374791E9666976429] - (.Orange - MailNotifier.) -- C:\Program Files (x86)\Orange\MailNotifier\MailNotifier.exe [884248] [PID.2496] [MD5.616593EE0D66C87912B57C5AE2A0C5CB] - (...) -- C:\Users\nino\AppData\Local\Genesis\Genesis.exe [3211264] [PID.2540] =>PUP.Genesis [MD5.D9335549EAE48B14FB66EFCB6FFAE736] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [214360] [PID.2588] [MD5.554A50B5310E702029D3A675459108FF] - (.Hewlett-Packard - hpsysdrv.) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768] [PID.2660] [MD5.68BB0D0F31DAB67979C24218777F97EA] - (.CyberLink Corp. - CyberLink PowerCinema Resident Program.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1152296] [PID.2828] [MD5.309C7161F58C75EE88B07F55CA858280] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [189736] [PID.2836] [MD5.B6F6228AB545E2819A60C0D63A84E52E] - (.CyberLink Corp. - HP DVDSmart Resident Program.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200] [PID.2852] [MD5.4334F0F2DDE36F1AF1B3200F88C1E155] - (.CyberLink Corp. - HP MediaSmart TV Resident Program.) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe [206120] [PID.2860] [MD5.0B692C328AF648AD478A967C21DD7936] - (.Pas de propriétaire - AgentMon Application.) -- C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe [391040] [PID.2896] [MD5.08E7173D1B74095335052459200CB1EA] - (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe [421888] [PID.2928] [MD5.79C28DDF889C26FDD6162F796FD49BC4] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.2940] [MD5.0A6E55FB7C79C89944D770FD0B907257] - (...) -- C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [748736] [PID.2956] =>PUP.Mobogenie [MD5.0F6D06A88A88007AAEE5F0EE1ECE42E4] - (...) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe [70880] [PID.2760] [MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\SysWOW64\conime.exe [69120] [PID.1372] [MD5.DDB1C559E36063532ED1CBC101C17DA3] - (.Hewlett-Packard Company - KBD EXE.) -- C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe [94208] [PID.2636] [MD5.B70278D1459A677639D51892160FD365] - (.Hewlett-Packard Co. - HP CUE Status Root.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe [184320] [PID.1216] [MD5.7E04B1ADE140F483A6581461568D8D9C] - (.Hewlett-Packard Co. - HP CUE Alert Popup Window Objects.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe [610304] [PID.4152] [MD5.883008A9B5BFF94A153D99DBA54CB5C1] - (.Hewlett-Packard - GPCore COM object.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe [362496] [PID.372] [MD5.542459D16B416D054161007FC9B1246E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032] [PID.5500] [MD5.B1FB8BC16D0DB185202415E3083E745A] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7877120] [PID.5888] [MD5.221564CC7BE37611FE15EACF443E1BF6] - (.Apple Inc. - YSLoader.exe.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [43336] [PID.2528] [MD5.DFEFF67508D3A9AEB1A85D7B0F513B24] - (.Hewlett-Packard Company - LightScribe Service.) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728] [PID.3196] [MD5.764BE9B8A5614F818597DB6F04EF6668] - (...) -- C:\Program Files (x86)\Mobogenie\MgAssist.exe [70848] [PID.3288] =>PUP.Mobogenie [MD5.C7F5C284B6F46FCAF6910EA4E644700B] - (.Nero AG - Nero BackItUp.) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [935208] [PID.3324] [MD5.4BC24AD1AF866EB21C09D837A8A017E7] - (.Pas de propriétaire - CLCapSvc Module.) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [296320] [PID.3528] [MD5.56196A4FD34A9985AB93531DCDC07DCB] - (.Pas de propriétaire - CLSched Module.) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [116104] [PID.3572] [MD5.E335395F34387302252ADAA989D6879E] - (...) -- C:\Users\nino\AppData\Roaming\VOPackage\VOsrv.exe [355328] [PID.3604] =>Adware.Downware [MD5.3A4F2C0BB87A0895ABEBA341AA1E341B] - (.Avanquest Software - Sony PCCompanion Service.) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155824] [PID.2736] ~ Processes Running: Scanned in 00mn 03s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\nino\AppData\Local\Google\Chrome\User Data\Default\Preferences G1 - GCS: Preference [User Data\Default] http://r.orange.fr G2 - GCE: Preference [User Data\Default] [ejocekekgcaldnmjngfdbmbeebcekelc] SPOTS - A better way to start v.0.1.38, (Désactivé) G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé) G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé) G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé) G2 - GCE: Preference [User Data\Default] [pioliciekajfgilkenamlbghbpgpipdm] Interest Recognizer for Widestream6 v.3.4.1545.153 (Désactivé) =>Adware.SPointer ---\\ Liste des dossiers d'extension Google Chrome ~ Google Lines Browser: 16 Legitimates Filtered in 00mn 01s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\nino\AppData\Roaming\Mozilla\Firefox\Profiles\73i52bq6.default\prefs.js C:\Users\nino\AppData\Roaming\Mozilla\Firefox\Profiles\73i52bq6.default\user.js M3 - MFPP: Plugins - [nino] -- C:\Users\nino\AppData\Roaming\Mozilla\Firefox\Profiles\73i52bq6.default\searchplugins\iminent.xml =>Adware.IMBooster M3 - MFPP: Plugins - [nino] -- C:\Users\nino\AppData\Roaming\Mozilla\Firefox\Profiles\73i52bq6.default\searchplugins\Mysearchdial-1.xml =>Adware.MyWebSearch M3 - MFPP: Plugins - [nino] -- C:\Users\nino\AppData\Roaming\Mozilla\Firefox\Profiles\73i52bq6.default\searchplugins\Mysearchdial.xml =>Adware.MyWebSearch M3 - MFPP: Plugins - [nino] -- C:\Users\nino\AppData\Roaming\Mozilla\Firefox\Profiles\73i52bq6.default\searchplugins\Web Search.xml =>Parasite.Pugi M2 - MFEP: prefs.js [nino - 73i52bq6.default\ffxtlbr@mysearchdial.com] [] mysearchdial.com v1.6.0 (..) =>Adware.MyWebSearch M2 - MFEP: prefs.js [nino - 73i52bq6.default\FissaPlugin-trash] [] Fissa v1.0 (..) =>PUP.OfferBox M2 - MFEP: prefs.js [nino - 73i52bq6.default\quick_start@gmail.com] [] Quick Start v1.1 (..) =>PUP.QuickStart M2 - MFEP: prefs.js [nino - 73i52bq6.default\{635abd67-4fe9-1b23-4f01-e679fa7484c1}] [yahoo.ytff] Yahoo! Toolbar v3.2.3.20140326060057 (..) M2 - MFEP: prefs.js [nino - 73i52bq6.default\{75cdeaed-1dc0-d2a3-e0f5-269b476f673f}] [] Snap.Do v3.2.3.20140326060057 (..) =>Hijacker.SmartBar M2 - MFEP: prefs.js [nino - 73i52bq6.default\{906000a4-88d9-4d52-b209-7a772970d91f}] [] DealPly Shopping v2.0 (..) =>PUP.DealPly P2 - FPN: [HKCU] [@lightspark.github.com/Lightspark;version=1] - (.Pas de propriétaire - Flash.) -- C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll ~ Firefox Browser: 19 Legitimates Filtered in 00mn 01s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com =>Adware.MyWebSearch R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com =>Hijacker.WebsSearches R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com =>Hijacker.WebsSearches R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com =>Hijacker.WebsSearches R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com =>Hijacker.WebsSearches ~ IE Browser: 21 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://127.0.0.1:9880 =>Hijacker.Proxy R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) O1 - Hosts: 216.239.32.20 google.com O1 - Hosts: 216.239.32.20 google.com www.google.ad O1 - Hosts: 216.239.32.20 google.com www.google.ae O1 - Hosts: 216.239.32.20 google.com www.google.com.af O1 - Hosts: 216.239.32.20 google.com www.google.com.ag O1 - Hosts: 216.239.32.20 google.com www.google.com.ai O1 - Hosts: 216.239.32.20 google.com www.google.al O1 - Hosts: 216.239.32.20 google.com www.google.am O1 - Hosts: 216.239.32.20 google.com www.google.co.ao O1 - Hosts: 216.239.32.20 google.com www.google.com.ar O1 - Hosts: 216.239.32.20 google.com www.google.as O1 - Hosts: 216.239.32.20 google.com www.google.at O1 - Hosts: 216.239.32.20 google.com www.google.com.au O1 - Hosts: 216.239.32.20 google.com www.google.az O1 - Hosts: 216.239.32.20 google.com www.google.ba O1 - Hosts: 216.239.32.20 google.com www.google.com.bd O1 - Hosts: 216.239.32.20 google.com www.google.be O1 - Hosts: 216.239.32.20 google.com www.google.bf O1 - Hosts: 216.239.32.20 google.com www.google.bg O1 - Hosts: 216.239.32.20 google.com www.google.com.bh O1 - Hosts: 216.239.32.20 google.com www.google.bi O1 - Hosts: 216.239.32.20 google.com www.google.bj O1 - Hosts: 216.239.32.20 google.com www.google.com.bn O1 - Hosts: 216.239.32.20 google.com www.google.com.bo O1 - Hosts: 216.239.32.20 google.com www.google.com.br O1 - Hosts: 216.239.32.20 google.com www.google.bs O1 - Hosts: 216.239.32.20 google.com www.google.bt O1 - Hosts: 216.239.32.20 google.com www.google.co.bw O1 - Hosts: 216.239.32.20 google.com www.google.by O1 - Hosts: 216.239.32.20 google.com www.google.com.bz O1 - Hosts: 216.239.32.20 google.com www.google.ca O1 - Hosts: 216.239.32.20 google.com www.google.cd O1 - Hosts: 216.239.32.20 google.com www.google.cf O1 - Hosts: 216.239.32.20 google.com www.google.cg O1 - Hosts: 216.239.32.20 google.com www.google.ch O1 - Hosts: 216.239.32.20 google.com www.google.ci O1 - Hosts: 216.239.32.20 google.com www.google.co.ck O1 - Hosts: 216.239.32.20 google.com www.google.cl O1 - Hosts: 216.239.32.20 google.com www.google.cm O1 - Hosts: 216.239.32.20 google.com www.google.cn O1 - Hosts: 216.239.32.20 google.com www.google.com.co O1 - Hosts: 216.239.32.20 google.com www.google.co.cr O1 - Hosts: 216.239.32.20 google.com www.google.com.cu O1 - Hosts: 216.239.32.20 google.com www.google.cv O1 - Hosts: 216.239.32.20 google.com www.google.com.cy O1 - Hosts: 216.239.32.20 google.com www.google.cz O1 - Hosts: 216.239.32.20 google.com www.google.de O1 - Hosts: 216.239.32.20 google.com www.google.dj O1 - Hosts: 216.239.32.20 google.com www.google.dk O1 - Hosts: 216.239.32.20 google.com www.google.dm O1 - Hosts: 216.239.32.20 google.com www.google.com.do O1 - Hosts: 216.239.32.20 google.com www.google.dz O1 - Hosts: 216.239.32.20 google.com www.google.com.ec O1 - Hosts: 216.239.32.20 google.com www.google.ee O1 - Hosts: 216.239.32.20 google.com www.google.com.eg O1 - Hosts: 216.239.32.20 google.com www.google.es O1 - Hosts: 216.239.32.20 google.com www.google.com.et O1 - Hosts: 216.239.32.20 google.com www.google.fi O1 - Hosts: 216.239.32.20 google.com www.google.com.fj O1 - Hosts: 216.239.32.20 google.com www.google.fm O1 - Hosts: 216.239.32.20 google.com www.google.fr O1 - Hosts: 216.239.32.20 google.com www.google.ga O1 - Hosts: 216.239.32.20 google.com www.google.ge O1 - Hosts: 216.239.32.20 google.com www.google.gg O1 - Hosts: 216.239.32.20 google.com www.google.com.gh O1 - Hosts: 216.239.32.20 google.com www.google.com.gi O1 - Hosts: 216.239.32.20 google.com www.google.gl O1 - Hosts: 216.239.32.20 google.com www.google.gm O1 - Hosts: 216.239.32.20 google.com www.google.gp O1 - Hosts: 216.239.32.20 google.com www.google.gr O1 - Hosts: 216.239.32.20 google.com www.google.com.gt O1 - Hosts: 216.239.32.20 google.com www.google.gy O1 - Hosts: 216.239.32.20 google.com www.google.com.hk O1 - Hosts: 216.239.32.20 google.com www.google.hn O1 - Hosts: 216.239.32.20 google.com www.google.hr O1 - Hosts: 216.239.32.20 google.com www.google.ht O1 - Hosts: 216.239.32.20 google.com www.google.hu O1 - Hosts: 216.239.32.20 google.com www.google.co.id O1 - Hosts: 216.239.32.20 google.com www.google.ie O1 - Hosts: 216.239.32.20 google.com www.google.co.il O1 - Hosts: 216.239.32.20 google.com www.google.im O1 - Hosts: 216.239.32.20 google.com www.google.co.in O1 - Hosts: 216.239.32.20 google.com www.google.iq O1 - Hosts: 216.239.32.20 google.com www.google.is O1 - Hosts: 216.239.32.20 google.com www.google.it O1 - Hosts: 216.239.32.20 google.com www.google.je O1 - Hosts: 216.239.32.20 google.com www.google.com.jm O1 - Hosts: 216.239.32.20 google.com www.google.jo O1 - Hosts: 216.239.32.20 google.com www.google.co.jp O1 - Hosts: 216.239.32.20 google.com www.google.co.ke O1 - Hosts: 216.239.32.20 google.com www.google.com.kh O1 - Hosts: 216.239.32.20 google.com www.google.ki O1 - Hosts: 216.239.32.20 google.com www.google.kg O1 - Hosts: 216.239.32.20 google.com www.google.co.kr O1 - Hosts: 216.239.32.20 google.com www.google.com.kw O1 - Hosts: 216.239.32.20 google.com www.google.kz O1 - Hosts: 216.239.32.20 google.com www.google.la O1 - Hosts: 216.239.32.20 google.com www.google.com.lb O1 - Hosts: 216.239.32.20 google.com www.google.li [...] ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 213 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: CrossriderApp0055697 [64Bits] - {11111111-1111-1111-1111-110511561197} . (.Corporate Inc - Pricora 10.4 BHO.) -- C:\Program Files (x86)\Pricora 10.4\Pricora 10.4-bho64.dll =>PUP.CrossRider O2 - BHO: Snap.DoEngine [64Bits] - {31ad400d-1b06-4e33-a59a-90c2c140cba0} . (...) -- mscoree.dll (.not file.) =>Hijacker.SmartBar ~ BHO: 18 Legitimates Filtered in 00mn 01s ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: Snap.Do - [HKLM]{ae07101b-46d4-4a98-af68-0333ea26e113} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll =>Toolbar.Google O3 - Toolbar\WebBrowser: (no name) - [HKCU]{D3028143-6145-4318-99D3-3EDCE54A95A9} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://istart.webssearches.com =>Hijacker.WebsSearches O4 - GS\Program [Public]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://istart.webssearches.com =>Hijacker.WebsSearches O4 - GS\Program [Public]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://istart.webssearches.com =>Hijacker.WebsSearches O4 - GS\SystemTools [Public]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://istart.webssearches.com =>Hijacker.WebsSearches O4 - GS\QuickLaunch [nino]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://istart.webssearches.com =>Hijacker.WebsSearches O4 - GS\QuickLaunch [nino]: Mozilla Firefox (2).lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://istart.webssearches.com =>Hijacker.WebsSearches O4 - GS\Desktop [nino]: Continue VuuPC Installation.lnk . (...) -- C:\Users\nino\AppData\Local\Temp\ICReinstall_nsw329D.tmp \RR (.not file.) =>PUP.VuuPC ~ Global Startup: 9 Legitimates Filtered in 00mn 03s ---\\ Applications lancées au démarrage du système (O4) O4 - GS\Startup [nino]: MyPC Backup.lnk . (.MyPCBackup.com - MyPC Backup.) -- C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe =>PUP.MyPCBackup O4 - HKLM\..\Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe (.not file.) O4 - HKLM\..\Run: [SmartMenu] C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (.not file.) O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation O4 - HKCU\..\Run: [HPAdvisor] . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\nino\AppData\Local\Facebook\Update\FacebookUpdate.exe O4 - HKCU\..\Run: [Sony PC Companion] . (.Sony - Sony PC Companion.) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe O4 - HKCU\..\Run: [Orange Installer] . (...) -- C:\Program Files (x86)\Orange\Orange Installer\OrangeInstaller.exe O4 - HKCU\..\Run: [OrangeInside] . (.Orange - Executable Orange Inside.) -- C:\Users\nino\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A. O4 - HKCU\..\Run: [MailNotifier] . (.Orange - MailNotifier.) -- C:\Program Files (x86)\Orange\MailNotifier\MailNotifier.exe O4 - HKCU\..\Run: [genesis] . (...) -- c:\users\nino\appdata\local\genesis\genesis.exe =>PUP.Genesis O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_206_Plugin.exe O4 - HKLM\..\Wow6432Node\Run: [hpsysdrv] . (.Hewlett-Packard - hpsysdrv.) -- c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe =>.Hewlett-Packard Co O4 - HKLM\..\Wow6432Node\Run: [KBD] . (.Microsoft - Kbd Stub.) -- C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc O4 - HKLM\..\Wow6432Node\Run: [HP Health Check Scheduler] . (.Hewlett-Packard - HP Health Check Scheduler.) -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Wow6432Node\Run: [UpdateP2GoShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe O4 - HKLM\..\Wow6432Node\Run: [UpdateLBPShortCut] . (.CyberLink Corp. - StartMen Application.) -- c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe O4 - HKLM\..\Wow6432Node\Run: [UpdatePDIRShortCut] . (.CyberLink Corp. - StartMen Application.) -- c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe O4 - HKLM\..\Wow6432Node\Run: [UpdatePSTShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe O4 - HKLM\..\Wow6432Node\Run: [TSMAgent] . (.CyberLink Corp. - CyberLink PowerCinema Resident Program.) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe O4 - HKLM\..\Wow6432Node\Run: [CLMLServer for HP TouchSmart] . (.CyberLink - CyberLink MediaLibray Service.) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe O4 - HKLM\..\Wow6432Node\Run: [DVDAgent] . (.CyberLink Corp. - HP DVDSmart Resident Program.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe O4 - HKLM\..\Wow6432Node\Run: [hpqSRMon] Clé orpheline O4 - HKLM\..\Wow6432Node\Run: [TVAgent] . (.CyberLink Corp. - HP MediaSmart TV Resident Program.) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe O4 - HKLM\..\Wow6432Node\Run: [LifeCam] . (.Microsoft Corporation - LifeExp.exe.) -- C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated O4 - HKLM\..\Wow6432Node\Run: [AgentMonitor] . (.Pas de propriétaire - AgentMon Application.) -- C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe O4 - HKLM\..\Wow6432Node\Run: [mobilegeni daemon] . (...) -- C:\Program Files (x86)\Mobogenie\DaemonProcess.exe =>PUP.Mobogenie O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] Clé orpheline O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] Clé orpheline O4 - HKUS\S-1-5-21-3710467032-3842738352-2000084877-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-3710467032-3842738352-2000084877-1000\..\Run: [HPAdvisor] . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe O4 - HKUS\S-1-5-21-3710467032-3842738352-2000084877-1000\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe O4 - HKUS\S-1-5-21-3710467032-3842738352-2000084877-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\nino\AppData\Local\Facebook\Update\FacebookUpdate.exe O4 - HKUS\S-1-5-21-3710467032-3842738352-2000084877-1000\..\Run: [Sony PC Companion] . (.Sony - Sony PC Companion.) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe O4 - HKUS\S-1-5-21-3710467032-3842738352-2000084877-1000\..\Run: [Orange Installer] . (...) -- C:\Program Files (x86)\Orange\Orange Installer\OrangeInstaller.exe O4 - HKUS\S-1-5-21-3710467032-3842738352-2000084877-1000\..\Run: [OrangeInside] . (.Orange - Executable Orange Inside.) -- C:\Users\nino\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe O4 - HKUS\S-1-5-21-3710467032-3842738352-2000084877-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A. O4 - HKUS\S-1-5-21-3710467032-3842738352-2000084877-1000\..\Run: [MailNotifier] . (.Orange - MailNotifier.) -- C:\Program Files (x86)\Orange\MailNotifier\MailNotifier.exe O4 - HKUS\S-1-5-21-3710467032-3842738352-2000084877-1000\..\Run: [genesis] . (...) -- c:\users\nino\appdata\local\genesis\genesis.exe =>PUP.Genesis O4 - HKUS\S-1-5-21-3710467032-3842738352-2000084877-1000\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_206_Plugin.exe ~ Application: Scanned in 00mn 01s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Skype Click to Call [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{B1901D06-4B17-4695-8610-5472550E4AC5}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{B1901D06-4B17-4695-8610-5472550E4AC5}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{B1901D06-4B17-4695-8610-5472550E4AC5}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - AppInit_DLLs: . (...) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (.not file.) =>Toolbar.Conduit ~ AppInit DLL: Scanned in 00mn 00s ---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22) O22 - SharedTaskScheduler: Component Categories cache daemon [64Bits] - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll ~ STS/SSO: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Computer Backup (MyPC Backup) (BackupStack) . (.Just Develop It - Backup Stack.) - C:\Program Files (x86)\MyPC Backup\BackupStack.exe =>PUP.MyPCBackup O23 - Service: Bandoo Coordinator (Bandoo Coordinator) . (...) - C:\Program Files (x86)\Bandoo\Bandoo.exe (.not file.) =>Adware.Bandoo O23 - Service: MgAssist Service (MgAssistService) . (...) - C:\Program Files (x86)\Mobogenie\MgAssist.exe =>PUP.Mobogenie O23 - Service: Service Component of VO (vosr) . (...) - C:\Users\nino\AppData\Roaming\VOPackage\VOsrv.exe =>Adware.Downware ~ Services: 14 Legitimates Filtered in 00mn 06s ---\\ Tâches planifiées en automatique (O39) [MD5.00000000000000000000000000000000] [APT] [APSnotifierPP1] (...) -- C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe (.not file.) [0] =>PUP.AnyProtect [MD5.00000000000000000000000000000000] [APT] [APSnotifierPP2] (...) -- C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe (.not file.) [0] =>PUP.AnyProtect [MD5.00000000000000000000000000000000] [APT] [APSnotifierPP3] (...) -- C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe (.not file.) [0] =>PUP.AnyProtect [MD5.00000000000000000000000000000000] [APT] [Dealply] (...) -- C:\Users\nino\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>PUP.DealPly [MD5.00000000000000000000000000000000] [APT] [fsupdate] (...) -- C:\Program Files (x86)\Flowsurf\fsupd.exe (.not file.) [0] =>PUP.FlowSurf [MD5.00000000000000000000000000000000] [APT] [MySearchDial] (...) -- C:\Users\nino\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>Adware.MyWebSearch [MD5.00000000000000000000000000000000] [APT] [wp_update] (...) -- C:\Users\nino\AppData\Roaming\~ijcvzuw.exe (.not file.) [0] =>PUP.WpManager [MD5.00000000000000000000000000000000] [APT] [{780074AC-EF6E-4CC6-8399-9A89E4CD5347}] (...) -- E:\Codec DivX V3.11\divx_311alpha.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{9C996F4B-B96F-4C50-B884-16AFC182D824}] (...) -- C:\Users\nino\Desktop\Codec DivX V3.11\divx_311alpha.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{E2BE3FCD-2A3C-4047-A812-2C53F63BEE1B}] (...) -- C:\Users\nino\Desktop\VideoLAN\VLC\uninstall.exe (.not file.) [0] O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002] O39 - APT: APSnotifierPP1 - (...) -- C:\Windows\Tasks\APSnotifierPP1.job [380] =>PUP.AnyProtect O39 - APT: APSnotifierPP1 - (...) -- C:\Windows\System32\Tasks\APSnotifierPP1 [380] =>PUP.AnyProtect O39 - APT: APSnotifierPP2 - (...) -- C:\Windows\Tasks\APSnotifierPP2.job [378] =>PUP.AnyProtect O39 - APT: APSnotifierPP2 - (...) -- C:\Windows\System32\Tasks\APSnotifierPP2 [378] =>PUP.AnyProtect O39 - APT: APSnotifierPP3 - (...) -- C:\Windows\Tasks\APSnotifierPP3.job [378] =>PUP.AnyProtect O39 - APT: APSnotifierPP3 - (...) -- C:\Windows\System32\Tasks\APSnotifierPP3 [378] =>PUP.AnyProtect O39 - APT: Dealply - (...) -- C:\Windows\Tasks\Dealply.job [286] =>PUP.DealPly O39 - APT: Dealply - (...) -- C:\Windows\System32\Tasks\Dealply [286] =>PUP.DealPly O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3710467032-3842738352-2000084877-1000Core [1070] O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3710467032-3842738352-2000084877-1000UA [1092] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1060] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1064] O39 - APT: MySearchDial - (...) -- C:\Windows\Tasks\MySearchDial.job [288] =>Adware.MyWebSearch O39 - APT: MySearchDial - (...) -- C:\Windows\System32\Tasks\MySearchDial [288] =>Adware.MyWebSearch O39 - APT: - (..) -- C:\Windows\System32\Tasks\PCDRScheduledMaintenance [456] O39 - APT: - (..) -- C:\Windows\System32\Tasks\User_Feed_Synchronization-{E9AC012B-1983-49F6-B86D-673EC563ED7F} [442] ~ Scheduled Task: 34 Legitimates Filtered in 00mn 04s ---\\ Pilotes lancés au démarrage du système (O41) O41 - Driver: ({2b4fc5ce-fd26-493c-97d3-e808aab73013}t64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{2b4fc5ce-fd26-493c-97d3-e808aab73013}t64.sys =>PUP.LinkiDoo ~ Drivers: 63 Legitimates Filtered in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: Fissa - (.Secure Digital Services.) [HKLM][64Bits] -- Fissa =>PUP.OfferBox O42 - Logiciel: Fissa - (.Secure Digital Services.) [HKLM][64Bits] -- {4BD271AB-66E2-4D58-AF88-80FE3B0770C4} =>PUP.OfferBox O42 - Logiciel: Genesis - (...) [HKCU][64Bits] -- genesis =>PUP.Genesis O42 - Logiciel: MyPC Backup - (.JDi Backup Ltd.) [HKLM][64Bits] -- MyPC Backup =>PUP.MyPCBackup O42 - Logiciel: Pricora 10.4 - (.Corporate Inc.) [HKLM][64Bits] -- Pricora 10.4 =>Adware.Pricora O42 - Logiciel: VO Package - (...) [HKLM][64Bits] -- VOPackage =>Adware.Downware O42 - Logiciel: ValueApps - (.Conduit.) [HKCU][64Bits] -- ValueApps =>Toolbar.Conduit O42 - Logiciel: ViewPassword - (.ViewPassword-software.) [HKLM][64Bits] -- F75BEFBB-AEAC-56BA-DCD1-5EDE5994FD0B =>PUP.ViewPassword ~ Logic: 60 Legitimates Filtered in 00mn 01s ---\\ HKCU & HKLM Software Keys [HKCU\Software\Alexa Internet] [HKCU\Software\AnyProtect] =>PUP.AnyProtect [HKCU\Software\Boxore] =>Adware.Boxore [HKCU\Software\FissaSearch] =>PUP.OfferBox [HKCU\Software\Genesis] =>PUP.Genesis [HKCU\Software\SearchquMediabarTb] =>PUP.Datamngr [HKCU\Software\Smartbar] =>Hijacker.SmartBar [HKCU\Software\TutoTag] =>PUP.AgenceExclusive [HKCU\Software\Tutorials] =>PUP.AgenceExclusive [HKCU\Software\WEDLMNGR] =>PUP.weDownloadManager [HKCU\Software\WideStream] =>Adware.SPointer [HKCU\Software\freesofttoday] =>Adware.FreeSoftToday [HKCU\Software\lollipop] =>Adware.Lollipop [HKCU\Software\mysearchdial.com] =>Adware.MyWebSearch [HKCU\Software\로컬 응용 프로그램 마법사에서 생성된 응용 프로그램] [HKLM\Software\InstalledBrowserExtensions] =>Adware.VidSaver [HKLM\Software\LevelQualityWatcher] =>PUP.LevelQualityWatcher [HKLM\Software\Wow6432Node\Bandoo] =>Adware.Bandoo [HKLM\Software\Wow6432Node\FissaSearch] =>PUP.OfferBox [HKLM\Software\Wow6432Node\MySearchDial] =>Adware.MyWebSearch [HKLM\Software\Wow6432Node\RST] [HKLM\Software\Wow6432Node\Tutorials] =>PUP.AgenceExclusive [HKLM\Software\Wow6432Node\mamverifier] [HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab [HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager [HKLM\Software\Wow6432Node\widestream] =>Adware.SPointer [HKLM\Software\suprasavings] =>PUP.SupraSavings ~ Key Software: 421 Legitimates Filtered in 00mn 01s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 03/08/2011 - 14:40:56 - [0] ----D C:\Program Files (x86)\Fluendo =>Adware.SPointer O43 - CFD: 01/05/2014 - 12:22:54 - [] ----D C:\Program Files (x86)\MyPC Backup =>PUP.MyPCBackup O43 - CFD: 02/05/2014 - 09:11:34 - [] ----D C:\Program Files (x86)\Pricora 10.4 =>Adware.Pricora O43 - CFD: 02/05/2014 - 09:11:34 - [] ----D C:\Program Files (x86)\ViewPassword-soft =>PUP.ViewPassword O43 - CFD: 11/10/2010 - 16:35:20 - [] ----D C:\Program Files (x86)\Widestream6 =>Adware.SPointer O43 - CFD: 23/02/2013 - 20:03:35 - [] ----D C:\Program Files (x86)\WowCartographe O43 - CFD: 30/06/2010 - 12:46:32 - [] ----D C:\ProgramData\Bandoo =>Adware.Bandoo O43 - CFD: 02/05/2014 - 09:11:33 - [] ----D C:\ProgramData\WPM =>PUP.WpManager O43 - CFD: 11/11/2010 - 18:07:20 - [] ----D C:\Users\nino\AppData\Roaming\AutoTransfer O43 - CFD: 27/06/2010 - 22:09:26 - [0] ----D C:\Users\nino\AppData\Roaming\Bandoo =>Adware.Bandoo O43 - CFD: 07/03/2011 - 19:22:39 - [] ----D C:\Users\nino\AppData\Roaming\FissaSearch =>PUP.OfferBox O43 - CFD: 17/10/2012 - 13:10:19 - [] ----D C:\Users\nino\AppData\Roaming\ManuelNumeriqueDidier O43 - CFD: 01/05/2014 - 22:15:01 - [0] ----D C:\Users\nino\AppData\Roaming\SupTab =>PUP.SupTab O43 - CFD: 01/05/2014 - 22:17:27 - [0] ----D C:\Users\nino\AppData\Roaming\ValueApps =>Toolbar.Conduit O43 - CFD: 15/04/2014 - 21:07:18 - [] ----D C:\Users\nino\AppData\Roaming\VOPackage =>Adware.Downware O43 - CFD: 11/10/2010 - 16:35:55 - [] ----D C:\Users\nino\AppData\Roaming\widestream =>Adware.SPointer O43 - CFD: 01/05/2014 - 16:59:51 - [] ----D C:\Users\nino\AppData\Roaming\wp_update =>PUP.WpManager O43 - CFD: 01/05/2014 - 22:15:01 - [] ----D C:\Users\nino\AppData\Local\41 O43 - CFD: 19/05/2014 - 14:50:35 - [] ----D C:\Users\nino\AppData\Local\Genesis =>PUP.Genesis O43 - CFD: 19/05/2014 - 14:17:31 - [] ----D C:\Users\nino\AppData\Local\widestream6 Air =>Adware.SPointer ~ 775 Dossier CLSID vide (CLSID Empty Folder) ~ Program Folder: 1040 Legitimates Filtered in 00mn 12s ---\\ Clé de registre Shell MountPoints2 (MPKS) (O51) O51 - MPSK:{f0764841-6298-11de-988e-00242156b3f1}\AutoRun\command. (...) -- C:\Windows\system32\bittorrent.exe (.not file.) =>P2P.BitTorrent O51 - MPSK:{fe62943f-bbb1-11e1-b671-00242156b3f1}\AutoRun\command. (...) -- K:\Startme.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 ~ MWPS: 19 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56) O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLogoff"=0 O56 - MWPE:[HKCU\...\policies\Explorer] - "NoClose"=0 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:21/01/2008 - 03:47:30 ---A- . (...) -- C:\Windows\System32\Drivers\bdasup.sys [15616] O58 - SDL:18/09/2006 - 22:30:18 ---A- . (...) -- C:\Windows\System32\Drivers\BrUsbMdm.sys [14976] O58 - SDL:19/09/2006 - 12:42:33 ---A- . (...) -- C:\Windows\System32\Drivers\BrUsbSer.sys [14720] O58 - SDL:21/01/2008 - 03:46:56 ---A- . (...) -- C:\Windows\System32\Drivers\E1G6032E.sys [146176] O58 - SDL:21/01/2008 - 03:46:59 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [397368] O58 - SDL:21/08/2012 - 13:01:20 ---A- . (...) -- C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240] O58 - SDL:03/07/2013 - 03:22:30 ---A- . (...) -- C:\Windows\System32\Drivers\hidparse.sys [31616] O58 - SDL:02/11/2006 - 13:02:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\System32\Drivers\iteatapi.sys [37480] O58 - SDL:02/11/2006 - 13:02:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\System32\Drivers\iteraid.sys [37480] O58 - SDL:21/01/2008 - 03:49:00 ---A- . (...) -- C:\Windows\System32\Drivers\ksthunk.sys [20864] O58 - SDL:21/01/2008 - 03:49:52 ---A- . (...) -- C:\Windows\System32\Drivers\mskssrv.sys [11008] O58 - SDL:02/11/2006 - 10:37:30 ---A- . (...) -- C:\Windows\System32\Drivers\mspclock.sys [7040] O58 - SDL:02/11/2006 - 10:37:30 ---A- . (...) -- C:\Windows\System32\Drivers\mspqm.sys [6656] O58 - SDL:21/01/2008 - 03:49:52 ---A- . (...) -- C:\Windows\System32\Drivers\mstee.sys [7936] O58 - SDL:02/11/2006 - 10:43:56 ---A- . (...) -- C:\Windows\System32\Drivers\ohci1394.sys [72192] O58 - SDL:11/04/2009 - 06:39:31 ---A- . (...) -- C:\Windows\System32\Drivers\stream.sys [68224] O58 - SDL:21/01/2008 - 03:46:56 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\System32\Drivers\uliahci.sys [284728] O58 - SDL:02/11/2006 - 12:50:54 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\System32\Drivers\ulsata.sys [148072] O58 - SDL:21/01/2008 - 03:46:52 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series x64 Windows Driver.) -- C:\Windows\System32\Drivers\ulsata2.sys [174696] O58 - SDL:13/12/2012 - 14:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784] O58 - SDL:11/04/2009 - 06:39:40 ---A- . (...) -- C:\Windows\System32\Drivers\USBCAMD2.sys [32640] O58 - SDL:29/06/2013 - 03:25:14 ---A- . (...) -- C:\Windows\System32\Drivers\usbd.sys [7552] O58 - SDL:12/07/2013 - 10:19:36 ---A- . (...) -- C:\Windows\System32\Drivers\usbvideo.sys [168960] O58 - SDL:02/11/2006 - 10:40:24 ---A- . (...) -- C:\Windows\System32\Drivers\wacompen.sys [26624] O58 - SDL:24/04/2014 - 11:18:02 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{2b4fc5ce-fd26-493c-97d3-e808aab73013}t64.sys [60096] =>PUP.LinkiDoo O58 - SDL:24/07/2006 - 16:05:00 ---A- . (...) -- C:\Windows\SysWOW64\drivers\StarOpen.sys [5632] ~ Drivers: 86 Legitimates Filtered in 00mn 04s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Liste les services legacy du registre (LALS) (O64) O64 - Services: CurCS - 24/04/2014 - C:\Windows\System32\drivers\{2b4fc5ce-fd26-493c-97d3-e808aab73013}t64.sys ({2b4fc5ce-fd26-493c-97d3-e808aab73013}t64) .(.StdLib - StdLib.) - LEGACY_{2B4FC5CE-FD26-493C-97D3-E808AAB73013}T64 =>PUP.LinkiDoo ~ Legacy: 80 Legitimates Filtered in 00mn 00s ---\\ Associations Shell Spawning (O67) O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.) ~ FASS Keys: 13 Legitimates Filtered in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: prefs.js [nino - 73i52bq6.default] user_pref("browser.search.order.1", "Mysearchdial"); =>Adware.MyWebSearch O69 - SBI: prefs.js [nino - 73i52bq6.default] user_pref("extensions.Fissa.Uninstall.lastRunTime", "Mon, 07 Mar 2011 17:24:15 GMT"); =>PUP.OfferBox O69 - SBI: prefs.js [nino - 73i52bq6.default] user_pref("extensions.Fissa.lastRunTime", "Sun, 20 Feb 2011 16:19:26 GMT"); =>PUP.OfferBox O69 - SBI: prefs.js [nino - 73i52bq6.default] user_pref("extensions.crossrider.bic", "1426b1e72f26766d3805f793c8dbca0b"); =>PUP.CrossRider O69 - SBI: prefs.js [nino - 73i52bq6.default] user_pref("extensions.helperbar.BackPageActive", true); =>PUP.HelperBar O69 - SBI: prefs.js [nino - 73i52bq6.default] user_pref("extensions.helperbar.DockingPositionDown", false); =>PUP.HelperBar O69 - SBI: prefs.js [nino - 73i52bq6.default] user_pref("extensions.helperbar.LastHiddenTime", 23284306); =>PUP.HelperBar O69 - SBI: prefs.js [nino - 73i52bq6.default] user_pref("extensions.helperbar.SmartbarDisabled", false); =>PUP.HelperBar O69 - SBI: prefs.js [nino - 73i52bq6.default] user_pref("extensions.helperbar.SmartbarStateMinimaized", false); =>PUP.HelperBar O69 - SBI: prefs.js [nino - 73i52bq6.default] user_pref("extensions.helperbar.Visibility", false); =>PUP.HelperBar O69 - SBI: prefs.js [nino - 73i52bq6.default] user_pref("extensions.helperbar.backPageCapacity", 3); =>PUP.HelperBar O69 - SBI: prefs.js [nino - 73i52bq6.default] user_pref("extensions.helperbar.backPageCounter", 1); =>PUP.HelperBar O69 - SBI: prefs.js [nino - 73i52bq6.default] user_pref("extensions.helperbar.backPageDay", 15); =>PUP.HelperBar O69 - SBI: prefs.js [nino - 73i52bq6.default] user_pref("extensions.helperbar.backPageLastEvent", "1397588436798"); =>PUP.HelperBar O69 - SBI: prefs.js [nino - 73i52bq6.default] user_pref("extensions.helperbar.backPageMinInterval", 15); =>PUP.HelperBar O69 - SBI: prefs.js [nino - 73i52bq6.default] user_pref("extensions.helperbar.barcodeid", "81860"); =>PUP.HelperBar O69 - SBI: prefs.js [nino - 73i52bq6.default] user_pref("extensions.helperbar.countryiso", "fr"); =>PUP.HelperBar O69 - SBI: prefs.js [nino - 73i52bq6.default] user_pref("extensions.helperbar.downloadprovider", "soft32yb"); =>PUP.HelperBar O69 - SBI: prefs.js [nino - 73i52bq6.default] user_pref("extensions.helperbar.externalJsFiles", ""); =>PUP.HelperBar O69 - SBI: prefs.js [nino - 73i52bq6.default] user_pref("extensions.helperbar.fromautoupdate", "true"); =>PUP.HelperBar O69 - SBI: prefs.js [nino - 73i52bq6.default] user_pref("extensions.helperbar.installationid", "75cdeaed-1dc0-d2a3-e0f5-269b476f673f"); =>PUP.HelperBar O69 - SBI: prefs.js [nino - 73i52bq6.default] user_pref("extensions.helperbar.installdate", "17/11/2013"); =>PUP.HelperBar O69 - SBI: prefs.js [nino - 73i52bq6.default] user_pref("extensions.helperbar.keepAliveLastevent", "1396252782"); =>PUP.HelperBar O69 - SBI: prefs.js [nino - 73i52bq6.default] user_pref("extensions.helperbar.lastExternalJsUpdate", "1399102336635"); =>PUP.HelperBar O69 - SBI: prefs.js [nino - 73i52bq6.default] user_pref("extensions.helperbar.publisher", "soft32yb"); =>PUP.HelperBar O69 - SBI: prefs.js [nino - 73i52bq6.default] user_pref("extensions.mysearchdial.AL", 2); =>Adware.MyWebSearch O69 - SBI: prefs.js [nino - 73i52bq6.default] user_pref("extensions.mysearchdial.aflt", "adk0102"); =>Adware.MyWebSearch O69 - SBI: prefs.js [nino - 73i52bq6.default] user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}"); =>Adware.MyWebSearch O69 - SBI: prefs.js [nino - 73i52bq6.default] user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutDtDtByEtBtCyDyC0BtA0FtCyCtAtB0EtN0D0Tzu0SzzyEyBtN1L2XzutBtFtCzztFtBtFtDt[...] =>Adware.MyWebSearch O69 - SBI: prefs.js [nino - 73i52bq6.default] user_pref("extensions.mysearchdial.cntry", "FR"); =>Adware.MyWebSearch O69 - SBI: prefs.js [nino - 73i52bq6.default] user_pref("extensions.mysearchdial.cr", "963428685"); =>Adware.MyWebSearch O69 - SBI: prefs.js [nino - 73i52bq6.default] user_pref("extensions.mysearchdial.dfltLng", ""); =>Adware.MyWebSearch O69 - SBI: prefs.js [nino - 73i52bq6.default] user_pref("extensions.mysearchdial.dfltSrch", true); =>Adware.MyWebSearch O69 - SBI: prefs.js [nino - 73i52bq6.default] user_pref("extensions.mysearchdial.dnsErr", true); =>Adware.MyWebSearch O69 - SBI: prefs.js [nino - 73i52bq6.default] user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497[...] =>Adware.MyWebSearch O69 - SBI: prefs.js [nino - 73i52bq6.default] user_pref("extensions.mysearchdial.dspFFXOld", "Orange"); =>Adware.MyWebSearch O69 - SBI: prefs.js [nino - 73i52bq6.default] user_pref("extensions.mysearchdial.excTlbr", false); =>Adware.MyWebSearch O69 - SBI: prefs.js [nino - 73i52bq6.default] user_pref("extensions.mysearchdial.hdrMd5", "B7475F2C4067BA903DC31D8114517E42"); =>Adware.MyWebSearch O69 - SBI: prefs.js [nino - 73i52bq6.default] user_pref("extensions.mysearchdial.hmpg", true); =>Adware.MyWebSearch O69 - SBI: prefs.js [nino - 73i52bq6.default] user_pref("extensions.mysearchdial.hmpgUrl", "http://start.mysearchdial.com/?f=1&a=adk0102&cd=2XzuyEtN2Y1L1QzutDtDtByEtBtCyDyC0BtA[...] =>Adware.MyWebSearch O69 - SBI: prefs.js [nino - 73i52bq6.default] user_pref("extensions.mysearchdial.hpFFXOld", "http://r.orange.fr/r/Ohome_portail?ref=O_OI_defaultPage_FF"); =>Adware.MyWebSearch O69 - SBI: prefs.js [nino - 73i52bq6.default] user_pref("extensions.mysearchdial.id", "00242156B3F1632E"); =>Adware.MyWebSearch O69 - SBI: prefs.js [nino - 73i52bq6.default] user_pref("extensions.mysearchdial.instlDay", "16186"); =>Adware.MyWebSearch O69 - SBI: prefs.js [nino - 73i52bq6.default] user_pref("extensions.mysearchdial.instlRef", ""); =>Adware.MyWebSearch O69 - SBI: prefs.js [nino - 73i52bq6.default] user_pref("extensions.mysearchdial.lastB", "http://r.orange.fr/r/Ohome_portail?ref=O_OI_defaultPage_FF"); =>Adware.MyWebSearch O69 - SBI: prefs.js [nino - 73i52bq6.default] user_pref("extensions.mysearchdial.lastVrsnTs", ""); =>Adware.MyWebSearch O69 - SBI: prefs.js [nino - 73i52bq6.default] user_pref("extensions.mysearchdial.newTabUrl", "http://start.mysearchdial.com/?f=2&a=adk0102&cd=2XzuyEtN2Y1L1QzutDtDtByEtBtCyDyC0B[...] =>Adware.MyWebSearch O69 - SBI: prefs.js [nino - 73i52bq6.default] user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"96\",\"lastVrsn\":\"96\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"s[...] =>Adware.MyWebSearch O69 - SBI: prefs.js [nino - 73i52bq6.default] user_pref("extensions.mysearchdial.prdct", "mysearchdial"); =>Adware.MyWebSearch O69 - SBI: prefs.js [nino - 73i52bq6.default] user_pref("extensions.mysearchdial.prtnrId", "mysearchdial"); =>Adware.MyWebSearch O69 - SBI: prefs.js [nino - 73i52bq6.default] user_pref("extensions.mysearchdial.sg", "{smplGrp}"); =>Adware.MyWebSearch O69 - SBI: prefs.js [nino - 73i52bq6.default] user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial"); =>Adware.MyWebSearch O69 - SBI: prefs.js [nino - 73i52bq6.default] user_pref("extensions.mysearchdial.tlbrId", "base"); =>Adware.MyWebSearch O69 - SBI: prefs.js [nino - 73i52bq6.default] user_pref("extensions.mysearchdial.tlbrSrchUrl", "http://start.mysearchdial.com/?f=3&a=adk0102&cd=2XzuyEtN2Y1L1QzutDtDtByEtBtCyDyC[...] =>Adware.MyWebSearch O69 - SBI: prefs.js [nino - 73i52bq6.default] user_pref("extensions.mysearchdial.vrsn", "1.8.29.0"); =>Adware.MyWebSearch O69 - SBI: prefs.js [nino - 73i52bq6.default] user_pref("extensions.mysearchdial.vrsni", "1.8.29.0"); =>Adware.MyWebSearch O69 - SBI: prefs.js [nino - 73i52bq6.default] user_pref("extensions.mysearchdial_i.newTab", false); =>Adware.MyWebSearch O69 - SBI: prefs.js [nino - 73i52bq6.default] user_pref("extensions.mysearchdial_i.smplGrp", "none"); =>Adware.MyWebSearch O69 - SBI: prefs.js [nino - 73i52bq6.default] user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.29.019:51:41"); =>Adware.MyWebSearch O69 - SBI: SearchScopes [HKCU] {006ee092-9658-4fd6-bd8e-a21a348e59f5} - (Web Search) - http://feed.snapdo.com =>Hijacker.SmartBar O69 - SBI: SearchScopes [HKCU] {77AA745B-F4F8-45DA-9B14-61D2D95054C8} - (Mysearchdial) - http://start.mysearchdial.com =>Adware.MyWebSearch O69 - SBI: SearchScopes [HKCU] {814C76CB-2623-43F4-AAD0-58A0E5190A20} [DefaultScope] - (Orange) - http://r.orange.fr ~ Keys: Scanned in 00mn 00s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.1E547A48574C8D382C1487402C0D4938] [SPRF][02/12/2013] (...) -- C:\Users\nino\AppData\Roaming\wklnhst.dat [1934] ~ Files: 2 Legitimates Filtered in 00mn 00s ---\\ Enumère les codes produits des logiciels (PUC) (O90) O90 - PUC: "BA172DB42E6685D4FA8808EFB370074C" . (.Fissa.) -- C:\Windows\Installer\{4BD271AB-66E2-4D58-AF88-80FE3B0770C4}\ARPPRODUCTICON.exe =>PUP.OfferBox ~ Update Products: 1 Legitimates Filtered in 00mn 00s ---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS) [MD5.949E14C7AA0986138052F11973D2BC29] [WIS][19/09/2012] (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Windows\Installer\41d17.msi [24064] =>Toolbar.Google [MD5.37DC40E3A79B1EBF06040FB6D9A63A79] [WIS][20/02/2011] (.Secure Digital Services - Fissa.) -- C:\Windows\Installer\69b802.msi [1275392] =>Adware.SPointer ~ WIS: 2 Legitimates Filtered in 00mn 09s ---\\ Recherche de clés de registre CLSID (O101) [HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar) =>Toolbar.Google [HKCR\CLSID\{56A45471-9392-433a-9DC8-16D1141D49C2}] (MediaGoLyricsComponent Class) =>Adware.AddLyrics [HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google [HKCR\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}] (Snap.Do) =>Hijacker.SmartBar ~ BCK: 3741 Legitimates Filtered in 00mn 07s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 01/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Auto 14/03/2014 36392 | (BackupStack) . (.Just Develop It.) - C:\Program Files (x86)\MyPC Backup\BackupStack.exe =>PUP.MyPCBackup SS - | Auto 10/07/1658 0 | (Bandoo Coordinator) . (...) - C:\Program Files (x86)\Bandoo\Bandoo.exe =>Adware.Bandoo SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe SS - | Auto 18/10/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 18/10/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 23/09/2012 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe SS - | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe SS - | Demand 30/03/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe SS - | Demand 10/07/1658 0 | (PCD5SRVC{8AAF211B-043E02A9-05040000}) . (...) - C:\Program Files (x86)\PC-DOC~1\PCD5SRVC_x64.pkms SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe SS - | Auto 21/01/2008 27648 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation SR - | Auto 12/02/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 01/12/2008 932864 | (Ati External Event Utility) . (.ATI Technologies Inc..) - C:\Windows\System32\Ati2evxx.exe SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SR - | Auto 21/01/2008 27648 | C:\Windows\System32\ezsvc7.dll (ezSharedSvc) . (.EasyBits Sofware AS.) - C:\Windows\System32\svchost.exe SR - | Auto 04/12/2008 94208 | (HP Health Check Service) . (.Hewlett-Packard.) - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe SR - | Demand 21/01/2008 27648 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe SR - | Auto 21/01/2008 27648 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe SR - | Demand 21/02/2014 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SR - | Auto 17/03/2009 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe SR - | Auto 26/04/2014 70848 | (MgAssistService) . (...) - C:\Program Files (x86)\Mobogenie\MgAssist.exe =>PUP.Mobogenie SR - | Auto 11/03/2014 23808 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe SR - | Auto 24/09/2008 935208 | (Nero BackItUp Scheduler 4.0) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe SR - | Auto 21/01/2008 27648 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe SR - | Auto 21/01/2008 27648 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe SR - | Demand 04/02/2013 155824 | (Sony PC Companion) . (.Avanquest Software.) - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe SR - | Auto 22/04/2009 296320 | (TVCapSvc) . (...) - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe SR - | Auto 22/04/2009 116104 | (TVSched) . (...) - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe SR - | Auto 15/04/2014 355328 | (vosr) . (...) - C:\Users\nino\AppData\Roaming\VOPackage\VOsrv.exe =>Adware.Downware SR - | Auto 21/01/2008 27648 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 28/11/2008 146928 | ({55662437-DA8C-40c0-AADA-2C816A897A49}) . (.CyberLink Corp..) - c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl ~ Services: Scanned in 00mn 08s ---\\ Scan Additionnel (O88) Database Version : 13036 - (18/05/2014) Clés trouvées (Keys found) : 174 Valeurs trouvées (Values found) : 3 Dossiers trouvés (Folders found) : 28 Fichiers trouvés (Files found) : 33 [HKLM\Software\Google\Chrome\Extensions\pioliciekajfgilkenamlbghbpgpipdm] =>Adware.SPointer^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511561197}] =>PUP.CrossRider^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}] =>Hijacker.SmartBar^ [HKLM\SYSTEM\CurrentControlSet\Services\MyPC Backup) (BackupStack] =>PUP.MyPCBackup^ [HKLM\SYSTEM\CurrentControlSet\Services\Bandoo Coordinator] =>Adware.Bandoo^ [HKLM\SYSTEM\CurrentControlSet\Services\MgAssistService] =>PUP.Mobogenie^ [HKLM\SYSTEM\CurrentControlSet\Services\vosr] =>Adware.Downware^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Fissa] =>PUP.OfferBox^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4BD271AB-66E2-4D58-AF88-80FE3B0770C4}] =>PUP.OfferBox^ [HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\genesis] =>PUP.Genesis^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup] =>PUP.MyPCBackup^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pricora 10.4] =>Adware.Pricora^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage] =>Adware.Downware^ [HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ValueApps] =>Toolbar.Conduit^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\F75BEFBB-AEAC-56BA-DCD1-5EDE5994FD0B] =>PUP.ViewPassword^ [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}] =>Hijacker.SmartBar [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}] =>Hijacker.SmartBar [HKLM\Software\Classes\Interface\{01222E21-6BD0-4EB3-94F1-967EB09CCED5}] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Classes\Interface\{01222E21-6BD0-4EB3-94F1-967EB09CCED5}] =>Adware.Bandoo [HKLM\Software\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}] =>Adware.Bandoo [HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>PUP.Babylon [HKLM\Software\Classes\Interface\{12D6D31C-C5BF-4C66-BF8D-D54D5BFD3D41}] =>Adware.SPointer [HKLM\Software\Wow6432Node\Classes\Interface\{12D6D31C-C5BF-4C66-BF8D-D54D5BFD3D41}] =>Adware.SPointer [HKLM\Software\Classes\AppID\{1301a8a5-3dfb-4731-a162-b357d00c9644}] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Classes\AppID\{1301a8a5-3dfb-4731-a162-b357d00c9644}] =>Adware.Bandoo [HKLM\Software\Classes\Interface\{24CBAA7E-4C85-4B75-B101-9803391AC327}] =>Adware.SPointer [HKLM\Software\Wow6432Node\Classes\Interface\{24CBAA7E-4C85-4B75-B101-9803391AC327}] =>Adware.SPointer [HKLM\Software\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}] =>Toolbar.Agent [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software [HKLM\Software\Classes\Interface\{33DDFC61-F531-4982-8C32-4212B7835D44}] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Classes\Interface\{33DDFC61-F531-4982-8C32-4212B7835D44}] =>Adware.Bandoo [HKLM\Software\Classes\AppID\{3AD7A5B6-610D-4A82-979E-0AED20920690}] =>Adware.Bandoo [HKLM\Software\Classes\TypeLib\{3AD7A5B6-610D-4A82-979E-0AED20920690}] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Classes\AppID\{3AD7A5B6-610D-4A82-979E-0AED20920690}] =>Adware.Bandoo [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624f4-c5dd-4e1d-bdd0-1e9c9b7799cc}] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624f4-c5dd-4e1d-bdd0-1e9c9b7799cc}] =>Adware.Bandoo [HKLM\Software\Classes\TypeLib\{4410C118-B23C-406C-9F52-9CDABD90A5EA}] =>Adware.Bandoo [HKLM\Software\Classes\Interface\{477f210a-2a86-4666-9c4b-1189634d2c84}] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Classes\Interface\{477f210a-2a86-4666-9c4b-1189634d2c84}] =>Adware.Bandoo [HKLM\Software\Classes\CLSID\{48ACB95E-38BE-4377-BE46-67F5B68C1A77}] =>Adware.SPointer [HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4BD271AB-66E2-4D58-AF88-80FE3B0770C4}] =>PUP.OfferBox [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4BD271AB-66E2-4D58-AF88-80FE3B0770C4}] =>PUP.OfferBox [HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon [HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon [HKLM\Software\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}] =>Hijacker.SmartBar [HKLM\Software\Classes\Interface\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\Interface\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}] =>Toolbar.Agent [HKLM\Software\Classes\TypeLib\{62E5C9E1-A0E8-4F8C-8EAF-0F9250CC5786}] =>Adware.Bandoo [HKLM\Software\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}] =>Hijacker.SmartBar [HKLM\Software\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}] =>Hijacker.SmartBar [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6D4630E6-2F14-4615-8FE3-26ECBC39AC2A}] =>Adware.SPointer [HKLM\Software\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}] =>Hijacker.SmartBar [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{723328FF-22D0-497f-9EB5-1AC919582DE1}] =>Adware.SPointer [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{723328FF-22D0-497f-9EB5-1AC919582DE1}] =>Adware.SPointer [HKLM\Software\Classes\Interface\{7D21B744-838A-4208-8CEF-3D70162B053B}] =>Adware.SPointer [HKLM\Software\Wow6432Node\Classes\Interface\{7D21B744-838A-4208-8CEF-3D70162B053B}] =>Adware.SPointer [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}] =>Adware.Bandoo [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FF99715-3016-4381-84CE-E4E4C9673020}] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7FF99715-3016-4381-84CE-E4E4C9673020}] =>Adware.Bandoo [HKLM\Software\Classes\Interface\{8273A950-A894-497B-B408-A19B33968243}] =>Adware.SPointer [HKLM\Software\Wow6432Node\Classes\Interface\{8273A950-A894-497B-B408-A19B33968243}] =>Adware.SPointer [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424c-BB9F-74C6899B9F92}] =>Adware.Bandoo [HKLM\Software\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}] =>Adware.Bandoo [HKLM\Software\Classes\Interface\{99379002-4781-440E-9002-EF5CEBC666FD}] =>Adware.SPointer [HKLM\Software\Wow6432Node\Classes\Interface\{99379002-4781-440E-9002-EF5CEBC666FD}] =>Adware.SPointer [HKLM\Software\Classes\AppID\{9C123289-82E1-4DA7-A3C2-B8D28AAD114B}] =>Adware.Bandoo [HKLM\Software\Classes\TypeLib\{9C123289-82E1-4DA7-A3C2-B8D28AAD114B}] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Classes\AppID\{9C123289-82E1-4DA7-A3C2-B8D28AAD114B}] =>Adware.Bandoo [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9c8a3ca5-889e-4554-beec-ec0876e4e96a}] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9c8a3ca5-889e-4554-beec-ec0876e4e96a}] =>Adware.Bandoo [HKLM\Software\Classes\AppID\{A01A3335-0C30-4312-A430-92356CC37A92}] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Classes\AppID\{A01A3335-0C30-4312-A430-92356CC37A92}] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A047FE02-C91C-41CB-898C-4ED21B86025A}] =>Toolbar.Orange [HKLM\Software\Classes\Interface\{A0DFD148-D748-4C58-B8E7-396B85D62091}] =>Adware.SPointer [HKLM\Software\Wow6432Node\Classes\Interface\{A0DFD148-D748-4C58-B8E7-396B85D62091}] =>Adware.SPointer [HKLM\Software\Classes\TypeLib\{A36EC25F-1846-45D0-903F-A9F9B5CF0FD0}] =>Adware.SPointer [HKLM\Software\Classes\TypeLib\{A4D74ECD-AEF8-45EB-929C-DB36E4D00ECF}] =>Adware.SPointer [HKLM\Software\Classes\Interface\{A9005ED5-4A1D-4606-A4DF-1A25E7D7B417}] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Classes\Interface\{A9005ED5-4A1D-4606-A4DF-1A25E7D7B417}] =>Adware.Bandoo [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113}] =>Adware.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ae07101b-46d4-4a98-af68-0333ea26e113}] =>Adware.Agent [HKLM\Software\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}] =>Adware.Agent [HKLM\Software\Classes\TypeLib\{B5E29133-7CC2-4174-B60E-42F51C7E7919}] =>Adware.SPointer [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}] =>PUP.iMesh [HKLM\Software\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}] =>Hijacker.SmartBar [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C9A6357B-25CC-4BCF-96C1-78736985D412}] =>Toolbar.Orange [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C9A6357B-25CC-4BCF-96C1-78736985D412}] =>Toolbar.Orange [HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CE1CB632-6817-47b3-8587-D05AF75D6D5A}] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D789B722-522C-4868-8DA4-EE7B5F5F575C}] =>Toolbar.Agent [HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon [HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon [HKLM\Software\Classes\Interface\{EAE5C2BC-AE3F-4C6F-A736-03DDF56FA2D9}] =>Adware.SPointer [HKLM\Software\Wow6432Node\Classes\Interface\{EAE5C2BC-AE3F-4C6F-A736-03DDF56FA2D9}] =>Adware.SPointer [HKLM\Software\Classes\AppID\{EDE2C296-2458-4E3B-A846-4B512C0703B5}] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Classes\AppID\{EDE2C296-2458-4E3B-A846-4B512C0703B5}] =>Adware.Bandoo [HKLM\Software\Classes\Interface\{F030DBBA-EFC2-4443-A1D1-0B716CE0CC78}] =>Adware.SPointer [HKLM\Software\Wow6432Node\Classes\Interface\{F030DBBA-EFC2-4443-A1D1-0B716CE0CC78}] =>Adware.SPointer [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f9189560-573a-4fde-b055-ae7b0f4cf080}] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f9189560-573a-4fde-b055-ae7b0f4cf080}] =>Adware.Bandoo [HKLM\Software\Classes\Interface\{ff871e51-2655-4d06-aed5-745962a96b32}] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Classes\Interface\{ff871e51-2655-4d06-aed5-745962a96b32}] =>Adware.Bandoo [HKLM\Software\Classes\AppID\BandooCoordinator.EXE] =>Adware.Bandoo [HKLM\Software\Classes\AppID\bandoocore.exe] =>Adware.Bandoo [HKLM\Software\Classes\AppID\escort.dll] =>PUP.Babylon [HKLM\Software\Classes\AppID\escortapp.dll] =>PUP.Babylon [HKLM\Software\Classes\AppID\GIFAnimator.DLL] =>PUP.BearShare [HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bandoo] =>Adware.Bandoo [HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Fissa] =>PUP.OfferBox [HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IMBoosterARP] =>Adware.IMBooster [HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu MediaBar] =>Adware.Bandoo [HKLM\Software\Classes\SearchBar.Client] =>Toolbar.Agent [HKLM\Software\Classes\Updater.AmiUpd] =>PUP.Software.Updater [HKLM\Software\Classes\Updater.AmiUpd.1] =>PUP.Software.Updater [HKLM\Software\Wow6432Node\Google\Chrome\Extensions\pioliciekajfgilkenamlbghbpgpipdm] =>Adware.SPointer [HKLM\Software\Classes\Installer\Features\BA172DB42E6685D4FA8808EFB370074C] =>PUP.OfferBox [HKLM\Software\Classes\Installer\Products\BA172DB42E6685D4FA8808EFB370074C] =>PUP.OfferBox [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BA172DB42E6685D4FA8808EFB370074C] =>PUP.OfferBox [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB525538DB364CE4495200ECDA84942C] =>Adware.SPointer [HKLM\Software\Wow6432Node\Bandoo] =>Adware.Bandoo [HKCU\Software\Boxore] =>Adware.Boxore [HKCU\Software\FissaSearch] =>PUP.OfferBox [HKLM\Software\Wow6432Node\FissaSearch] =>PUP.OfferBox [HKCU\Software\lollipop] =>Adware.Lollipop [HKCU\Software\SearchquMediabarTb] =>Adware.Bandoo [HKCU\Software\Spointer] =>Adware.SPointer [HKCU\Software\Tutorials] =>Spyware.AgenceExclusive [HKLM\Software\Wow6432Node\Tutorials] =>Spyware.AgenceExclusive [HKCU\Software\WideStream] =>Adware.SPointer [HKLM\Software\Wow6432Node\WideStream] =>Adware.SPointer [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Fissa] =>PUP.OfferBox [HKLM\Software\Classes\AppID\IEPLUGIN.DLL] =>PUP.MediaFinder [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D970ED5-3EDA-438D-BFFD-715931E2775B}] =>Toolbar.Sorcim [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D970ED5-3EDA-438D-BFFD-715931E2775B}] =>Toolbar.Sorcim [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D970ED5-3EDA-438D-BFFD-715931E2775B}] =>Toolbar.Sorcim [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47] =>Adware.IMBooster [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856] =>Adware.IMBooster [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494] =>Adware.IMBooster [HKLM\Software\InstalledBrowserExtensions] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}] =>Toolbar.Yahoo [HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro [HKLM\Software\Classes\Widestream6.Spointer] =>Adware.SPointer [HKLM\Software\Classes\Widestream6.Spointer.1] =>Adware.SPointer [HKLM\Software\Classes\Widestream6.SpointerCtrl] =>Adware.SPointer [HKLM\Software\Classes\Widestream6.SpointerCtrl.1] =>Adware.SPointer [HKLM\Software\Classes\Widestream6.SpointerWebDisp] =>Adware.SPointer [HKLM\Software\Classes\Widestream6.SpointerWebDisp.1] =>Adware.SPointer [HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110511561197}] =>PUP.CrossRider [HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220522562297}] =>PUP.CrossRider [HKLM\Software\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411361128}] =>PUP.CrossRider [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511011148}] =>PUP.CrossRider [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511291124}] =>PUP.CrossRider [HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\Arpcache\iminent] =>Adware.IMBooster [HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\Arpcache\mysearchdial] =>Adware.MyWebSearch [HKLM\Software\Wow6432Node\Classes\Widestream6.Spointer] =>Adware.SPointer [HKLM\Software\Wow6432Node\Classes\Widestream6.Spointer.1] =>Adware.SPointer [HKLM\Software\Wow6432Node\Classes\Widestream6.SpointerCtrl] =>Adware.SPointer [HKLM\Software\Wow6432Node\Classes\Widestream6.SpointerCtrl.1] =>Adware.SPointer [HKLM\Software\Wow6432Node\Classes\Widestream6.SpointerWebDisp] =>Adware.SPointer [HKLM\Software\Wow6432Node\Classes\Widestream6.SpointerWebDisp.1] =>Adware.SPointer [HKLM\Software\Wow6432Node\Classes\AppID\BandooCoordinator.EXE] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Classes\AppID\BandooCore.EXE] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Classes\AppID\escort.DLL] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\AppID\escortApp.DLL] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^ [HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^ [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:genesis =>PUP.Genesis^ [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:mobilegeni daemon =>PUP.Mobogenie^ C:\Users\nino\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioliciekajfgilkenamlbghbpgpipdm =>Adware.SPointer^ C:\Users\nino\AppData\Roaming\Mozilla\Firefox\Profiles\73i52bq6.default\extensions\ffxtlbr@mysearchdial.com =>Adware.MyWebSearch^ C:\Users\nino\AppData\Roaming\Mozilla\Firefox\Profiles\73i52bq6.default\extensions\FissaPlugin-trash =>PUP.OfferBox^ C:\Users\nino\AppData\Roaming\Mozilla\Firefox\Profiles\73i52bq6.default\extensions\quick_start@gmail.com =>PUP.QuickStart^ C:\Users\nino\AppData\Roaming\Mozilla\Firefox\Profiles\73i52bq6.default\extensions\{75cdeaed-1dc0-d2a3-e0f5-269b476f673f} =>Hijacker.SmartBar^ C:\Users\nino\AppData\Roaming\Mozilla\Firefox\Profiles\73i52bq6.default\extensions\{906000a4-88d9-4d52-b209-7a772970d91f} =>PUP.DealPly^ C:\Program Files (x86)\Fluendo =>Adware.SPointer^ C:\Program Files (x86)\MyPC Backup =>PUP.MyPCBackup^ C:\Program Files (x86)\Pricora 10.4 =>Adware.Pricora^ C:\Program Files (x86)\ViewPassword-soft =>PUP.ViewPassword^ C:\Program Files (x86)\Widestream6 =>Adware.SPointer^ C:\ProgramData\Bandoo =>Adware.Bandoo^ C:\ProgramData\WPM =>PUP.WpManager^ C:\Users\nino\AppData\Roaming\Bandoo =>Adware.Bandoo^ C:\Users\nino\AppData\Roaming\FissaSearch =>PUP.OfferBox^ C:\Users\nino\AppData\Roaming\SupTab =>PUP.SupTab^ C:\Users\nino\AppData\Roaming\ValueApps =>Toolbar.Conduit^ C:\Users\nino\AppData\Roaming\VOPackage =>Adware.Downware^ C:\Users\nino\AppData\Roaming\widestream =>Adware.SPointer^ C:\Users\nino\AppData\Roaming\wp_update =>PUP.WpManager^ C:\Users\nino\AppData\Local\Genesis =>PUP.Genesis^ C:\Users\nino\AppData\Local\widestream6 Air =>Adware.SPointer^ C:\Program Files (x86)\Software =>Adware.Boxore C:\Users\nino\AppData\Local\moovida air =>Adware.SPointer C:\Users\nino\AppData\Local\Moovida =>Adware.SPointer C:\Users\nino\AppData\LocalLow\searchqutb =>Adware.Bandoo C:\Users\nino\AppData\LocalLow\Smartbar =>Hijacker.SmartBar C:\Users\nino\AppData\Local\Temp\Smartbar =>Hijacker.SmartBar C:\Users\nino\AppData\Local\Genesis\Genesis.exe =>PUP.Genesis^ C:\Program Files (x86)\Mobogenie\DaemonProcess.exe =>PUP.Mobogenie^ C:\Program Files (x86)\Mobogenie\MgAssist.exe =>PUP.Mobogenie^ C:\Users\nino\AppData\Roaming\VOPackage\VOsrv.exe =>Adware.Downware^ C:\Windows\Tasks\APSnotifierPP1.job =>PUP.AnyProtect^ C:\Windows\System32\Tasks\APSnotifierPP1 =>PUP.AnyProtect^ C:\Windows\Tasks\APSnotifierPP2.job =>PUP.AnyProtect^ C:\Windows\System32\Tasks\APSnotifierPP2 =>PUP.AnyProtect^ C:\Windows\Tasks\APSnotifierPP3.job =>PUP.AnyProtect^ C:\Windows\System32\Tasks\APSnotifierPP3 =>PUP.AnyProtect^ C:\Windows\Tasks\Dealply.job =>PUP.DealPly^ C:\Windows\System32\Tasks\Dealply =>PUP.DealPly^ C:\Windows\Tasks\MySearchDial.job =>Adware.MyWebSearch^ C:\Windows\System32\Tasks\MySearchDial =>Adware.MyWebSearch^ [HKCU\Software\AnyProtect] =>PUP.AnyProtect^ [HKCU\Software\Genesis] =>PUP.Genesis^ [HKCU\Software\Smartbar] =>Hijacker.SmartBar^ [HKCU\Software\TutoTag] =>PUP.AgenceExclusive^ [HKCU\Software\WEDLMNGR] =>PUP.weDownloadManager^ [HKCU\Software\freesofttoday] =>Adware.FreeSoftToday^ [HKCU\Software\mysearchdial.com] =>Adware.MyWebSearch^ [HKLM\Software\LevelQualityWatcher] =>PUP.LevelQualityWatcher^ [HKLM\Software\Wow6432Node\MySearchDial] =>Adware.MyWebSearch^ [HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab^ [HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager^ [HKLM\Software\Wow6432Node\widestream] =>Adware.SPointer^ [HKLM\Software\suprasavings] =>PUP.SupraSavings^ C:\Windows\Installer\41d17.msi =>Toolbar.Google^ C:\Windows\Installer\69b802.msi =>Adware.SPointer^ [HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar) =>Toolbar.Google^ [HKCR\CLSID\{56A45471-9392-433a-9DC8-16D1141D49C2}] (MediaGoLyricsComponent Class) =>Adware.AddLyrics^ [HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google^ [HKCR\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}] (Snap.Do) =>Hijacker.SmartBar^ ~ Additionnel Scan: 442379 Items scanned in 02mn 11s ---\\ Récapitulatif des détections trouvées sur votre station http://nicolascoolman.byethost7.com/pup-mobogenie =>PUP.Mobogenie http://nicolascoolman.byethost7.com/adware-downware =>Adware.Downware http://nicolascoolman.byethost7.com/adware-spointer =>Adware.SPointer http://nicolascoolman.byethost7.com/adware-imbooster =>Adware.IMBooster http://nicolascoolman.byethost7.com/adware-mywebsearch =>Adware.MyWebSearch http://nicolascoolman.byethost7.com/parasite-pugi =>Parasite.Pugi http://nicolascoolman.byethost7.com/pup-offerbox =>PUP.OfferBox http://nicolascoolman.byethost7.com/pup-quickstart =>PUP.QuickStart http://nicolascoolman.byethost7.com/hijacker-smartbar =>Hijacker.SmartBar http://nicolascoolman.byethost7.com/pup-dealply =>PUP.DealPly http://nicolascoolman.byethost7.com/hijacker-webssearches =>Hijacker.WebsSearches http://nicolascoolman.byethost7.com/hijacker-proxy =>Hijacker.Proxy http://nicolascoolman.byethost7.com/pup-crossrider =>PUP.CrossRider http://nicolascoolman.webs.com/apps/blog/show/33388048-pup-vuupc =>PUP.VuuPC http://nicolascoolman.byethost7.com/pup-mypcbackup =>PUP.MyPCBackup http://nicolascoolman.byethost7.com/toolbar-conduit =>Toolbar.Conduit http://nicolascoolman.byethost7.com/adware-bandoo =>Adware.Bandoo http://nicolascoolman.byethost7.com/pup-anyprotect =>PUP.AnyProtect http://nicolascoolman.byethost7.com/pup-wpmanager =>PUP.WpManager http://nicolascoolman.byethost7.com/pup-linkidoo =>PUP.LinkiDoo http://nicolascoolman.webs.com/apps/blog/show/29294184-adware-pricora =>Adware.Pricora http://nicolascoolman.webs.com/apps/blog/show/35740148-pup-viewpassword =>PUP.ViewPassword http://nicolascoolman.byethost7.com/adware-boxore =>Adware.Boxore http://nicolascoolman.byethost7.com/pup-datamngr =>PUP.Datamngr http://nicolascoolman.byethost7.com/spyware-agenceexclusive =>PUP.AgenceExclusive http://nicolascoolman.webs.com/apps/blog/show/32930303-pup-wedownloadmanager =>PUP.weDownloadManager http://nicolascoolman.byethost7.com/adware-freesofttoday =>Adware.FreeSoftToday http://nicolascoolman.byethost7.com/adware-lollipop =>Adware.Lollipop http://nicolascoolman.byethost7.com/adware-vidsaver =>Adware.VidSaver http://nicolascoolman.byethost7.com/pup-suptab =>PUP.SupTab http://nicolascoolman.byethost7.com/pup-suprasavings =>PUP.SupraSavings http://nicolascoolman.webs.com/apps/blog/show/26601058-adware-addlyrics =>Adware.AddLyrics http://nicolascoolman.byethost7.com/pup-babylon =>PUP.Babylon http://nicolascoolman.byethost7.com/pup-v9software =>PUP.V9Software http://nicolascoolman.byethost7.com/pup-imesh =>PUP.iMesh http://nicolascoolman.byethost7.com/pup-bearshare =>PUP.BearShare http://nicolascoolman.byethost7.com/pup-software-updater =>PUP.Software.Updater http://nicolascoolman.webs.com/apps/blog/show/28445531-pup-mediafinder =>PUP.MediaFinder http://nicolascoolman.byethost7.com/pup-optimizerpro =>PUP.OptimizerPro http://nicolascoolman.byethost7.com/pup-funmoods =>PUP.Funmoods ~ MSI: 40 link(s) detected in 00mn 00s ~ 1762 Legitimates filtered by white list End of the scan (1069 lines in 03mn 47s)(0)