cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Rapport de ZHPDiag v2013.6.4.7 par Nicolas Coolman, Update du 04/06/2013
Run by Administrateur at 04/06/2013 15:38:30
WebSite: http://nicolascoolman.webs.com
State : Version � jour.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Activate by user


---\\ Web Browser
MSIE: Internet Explorer v7.0.6002.18005
MFIE: Mozilla Firefox 21.0
GCIE: Google Chrome v27.0.1453.94 (Defaut)

---\\ Windows Product Information
~ Langage: Fran�ais
Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
~ Vista, OEM_COA_NSLP channel
Windows ID Activation : OK
~ Windows Partial Key : D6D3F
Windows License : OK
Windows Automatic Updates : OK

---\\ System Protection
Avira Free Antivirus v12.1.9.402
Spybot - Search & Destroy v1.6.2

---\\ System Optimizer
CCleaner v2.29 =>Piriform Ltd

---\\ Peer To Peer (P2P)
eMule
�Torrent v3.1.3 =>P2P.�Torrent

---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.4 - Fran�ais
Java 7 Update 21

---\\ System Information
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1788 MB (27% free)
System Restore: Activ� (Enable)
System drive C: has 20 GB (12%) free of 167 GB

---\\ Logged in mode
~ Computer Name: MAISON
~ User Name: Administrateur
~ All Users Names: UpdatusUser, pour les autres, Administrator, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\Administrateur\AppData\Roaming\
~ %Desktop% : C:\Users\Administrateur\Desktop\
~ %Favorites% : C:\Users\Administrateur\Desktop\Windows Media Player\eMule\Incoming\Favorites\
~ %LocalAppData% : C:\Users\Administrateur\AppData\Local\
~ %StartMenu% : C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 20 Go of 167 Go)
D:\ CD-ROM drive (Not Inserted)
F:\ Hard drive, Flash drive, Thumb drive (Free 19 Go of 20 Go)
G:\ Hard drive, Flash drive, Thumb drive (Free 913 Go of 932 Go)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] WarnOnHTTPSToHTTPRedirect: Modified
~ Security Center: 38 Legitimates Filtered in 00mn 00s



---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 07:27:36.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de d�marrage de Windows.) (.21/01/2008 - 03:23:42.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.567004E0814532794D9CDF4B948058D0] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.13/04/2013 - 07:20:24.) -- C:\Windows\System32\wininet.dll [834048]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 07:28:13.) -- C:\Windows\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 07:32:26.) -- C:\Windows\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:23:51.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 05:39:17.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 05:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:23:20.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:24:25.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 05:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856]
[MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - Pilote du syst�me de fichiers NT.) (.03/03/2013 - 20:07:52.) -- C:\Windows\system32\Drivers\ntfs.sys [1082232]
[MD5.8A79FDF04A73428597E2CAF9D0D67850] - (.Microsoft Corporation - Pilote de port parall�le.) (.21/01/2008 - 03:23:01.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/01/2008 - 03:24:55.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.FBC0BACD9C3D7F6956853F64A66E252D] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/01/2008 - 03:23:01.) -- C:\Windows\system32\Drivers\rdpdr.sys [248832]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 05:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 05:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192]
[MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.21/08/2012 - 12:47:42.) -- C:\Windows\system32\Drivers\volsnap.sys [224640]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 5/4990
~ Mes musiques (My Musics) : 9/17
~ Mes Favoris (My Favorites) : 1/5
~ Mes Documents (My Documents) : 23/431
~ Mon Bureau (My Desktop) : 1/1005
~ Menu demarrer (Programs) : 1/41
~ Hidden Files: Scanned in 00mn 23s



---\\ Processus lanc�s
[MD5.C456658AF90F42BE3CDF1048F9CDB5CA] - (.Microsoft Corporation - Notifications du contr�le parental Windows.) -- C:\Windows\System32\wpcumi.exe [176128] [PID.1908]
[MD5.9F0BE235A0136EA9E94CF9BD037C30EC] - (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [348664] [PID.1704]
[MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816] [PID.1436]
[MD5.390679F7A217A5E73D756276C40AE887] - (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480] [PID.1172]
[MD5.8BF6E87D0A6455905B89049851704201] - (.Conduit - Search Protect by Conduit.) -- C:\Users\Administrateur\AppData\Roaming\SearchProtect\bin\cltmng.exe [2731296] [PID.1176] =>Toolbar.Conduit
[MD5.B776DFE408E415AA901030C022EEB7DA] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [1821472] [PID.2084]
[MD5.F3F709C2D49DD6636F4EDE5C2CAE5448] - (.http://www.emule-project.net - eMule.) -- C:\Program Files\eMule\emule.exe [5758976] [PID.4952]
[MD5.BB7245420097B251D1271F5B6F0C9F02] - (.BitTorrent Inc. - �Torrent.) -- C:\Program Files\uTorrent\uTorrent.exe [802136] [PID.5760] =>P2P.�Torrent
[MD5.77BD0166102F3B9BB9499B2952C3BCFA] - (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\wlmail.exe [92024] [PID.2768]
[MD5.51C392EC9DA1119EC86D562FF3E7344F] - (.Google Inc. - Google Chrome.) -- C:\Users\Administrateur\AppData\Local\Google\Chrome\Application\chrome.exe [825808] [PID.5804]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.4756]
[MD5.FEB6495A683425CA8D1E92DB7500C977] - (.Enigma Software Group USA, LLC. - SpyHunter4 application.) -- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [6425984] [PID.2476] =>Crapware.SpyHunter
[MD5.9F777E35DE4788DD939E94D905EDCCFE] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7457792] [PID.400]
[MD5.31B8835B003CAA6D31BEAD83DDBF98E5] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 307.8.) -- C:\Windows\system32\nvvsvc.exe [634656] [PID.856]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1252]
[MD5.1ED58DA041A992EEEC934290508B6B71] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [865056] [PID.1300]
[MD5.B458A95F12D36F55F98A42FD66BAEBFA] - (.Avira Operations GmbH & Co. KG - Avira Scheduler.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224] [PID.1824]
[MD5.CC3110EEF77AA0810CAA03741168BA8F] - (.Avira Operations GmbH & Co. KG - Avira On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032] [PID.2668]
[MD5.E869E31D3FD7B6314EEFEA4304C413CA] - (.Avira Operations GmbH & Co. KG - Avira Shadow Copy Service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [80336] [PID.3896]
[MD5.0629259E3AF6BB0534FCECA208973404] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1258856] [PID.3148]
[MD5.85CD5B92052C3D285CC91244C593A1AC] - (.Enigma Software Group USA, LLC. - Service scanner interface.) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [770432] [PID.0] =>Crapware.SpyHunter
~ Processes Running: Scanned in 00mn 16s



---\\ Google Chrome, D�marrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Administrateur\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 0 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Administrateur\AppData\Roaming\Mozilla\Firefox\Profiles\czog45n6.default-1346315948304\prefs.js
C:\Users\Administrateur\AppData\Roaming\Mozilla\Firefox\Profiles\czog45n6.default-1346315948304\user.js
M3 - MFPP: Plugins - [Administrateur] -- C:\Users\Administrateur\AppData\Roaming\Mozilla\Firefox\Profiles\czog45n6.default-1346315948304\searchplugins\askcom.xml
M3 - MFPP: Plugins - [Administrateur] -- C:\Users\Administrateur\AppData\Roaming\Mozilla\Firefox\Profiles\czog45n6.default-1346315948304\searchplugins\conduit.xml
M3 - MFPP: Plugins - [Administrateur] -- C:\Users\Administrateur\AppData\Roaming\Mozilla\Firefox\Profiles\czog45n6.default-1346315948304\searchplugins\delta.xml
M3 - MFPP: Plugins - [Administrateur] -- C:\Users\Administrateur\AppData\Roaming\Mozilla\Firefox\Profiles\czog45n6.default-1346315948304\searchplugins\mywebsearch.xml =>Adware.MyWebSearch
M3 - MFPP: Plugins - [Administrateur] -- C:\Users\Administrateur\AppData\Roaming\Mozilla\Firefox\Profiles\czog45n6.default-1346315948304\searchplugins\Searchab.xml
M3 - MFPP: Plugins - [Administrateur] -- C:\Users\Administrateur\AppData\Roaming\Mozilla\Firefox\Profiles\czog45n6.default-1346315948304\searchplugins\WebSearch.xml
M3 - MFPP: Plugins - [Administrateur] -- C:\Program Files\Mozilla FireFox\searchplugins\babylon.xml =>Toolbar.Babylon
M0 - MFSP: prefs.js [Administrateur - czog45n6.default-1346315948304] http://websearch.lookforithere.info
M2 - MFEP: prefs.js [Administrateur - czog45n6.default-1346315948304\aieyggkce@hkjyoei.com] [] BrowSee2saivE v3.8 (..) =>Adware.Browse2Save
M2 - MFEP: prefs.js [Administrateur - czog45n6.default-1346315948304\by.gszf@ymfzy.edu] [] Browse2SiAAvae v3.8 (..) =>Adware.Browse2Save
M2 - MFEP: prefs.js [Administrateur - czog45n6.default-1346315948304\mjxw@hprcyiau.org] [] BrowSee2saivE v3.8 (..) =>Adware.Browse2Save
M2 - MFEP: prefs.js [Administrateur - czog45n6.default-1346315948304\wfkkal@bacdh-.net] [] ccoNtiinuetosavey v3.9 (..)
M2 - MFEP: prefs.js [Administrateur - czog45n6.default-1346315948304\ww-gb@tswojfspr.co.uk] [] BirowwsyE2savee v3.8 (..) =>Adware.Browse2Save
M2 - MFEP: prefs.js [Administrateur - czog45n6.default-1346315948304\xlm3b3_b3@fpjoj-oyuy.org] [] ccoNtiinuetosavey v3.9 (..)
M2 - MFEP: prefs.js [Administrateur - czog45n6.default-1346315948304\{0ecc6c22-c813-42ee-be3b-94bda0efe49f}] [] express-files FR v10.15.0.62 (..) =>Adware.ExpressFiles
M2 - MFEP: prefs.js [Administrateur - czog45n6.default-1346315948304\{88ac3cb6-596b-4217-964c-b6757ef9602d}] [] express-files v10.15.0.562 (..) =>Adware.ExpressFiles
P2 - FPN:Firefox Plugin Navigator . (.BitTorrent, Inc. - BitTorrent Plugin 1.) -- C:\Program Files\Mozilla Firefox\Plugins\npbittorrent.dll =>P2P.BitTorrent
P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - 1.9.0042.0.) -- C:\Program Files\Mozilla Firefox\Plugins\npLegitCheckPlugin.dll
P2 - FPN: [HKLM] [@bittorrent.com/BitTorrentDNA] - (.BitTorrent, Inc. - Delivery Network Acceleration by BitTorrent�.) -- C:\Program Files\DNA\plugins\npbtdna.dll =>P2P.BitTorrent
~ Firefox Browser: 55 Legitimates Filtered in 00mn 01s



---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.lookforithere.info
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.search-web.net
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.search-web.net
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.search-web.net
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.search-web.net
R3 - URLSearchHook: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} . (.Google Inc. - Google Update.) (No version) -- (.not file.)
R3 - URLSearchHook: (no name) - {81fae9c9-cfbd-4cb3-8322-412e72f55f65} . (.Google Inc. - Google Update.) (No version) -- (.not file.)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Google Inc. - Google Update.) (No version) -- (.not file.)
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 0
~ IE Browser: 15 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 05s
~ Nombre de lignes (Lines number): 15291



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} . (...) -- C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Zoomex - {52DAAFBB-F7CB-1663-EC86-B6272DB9BE63} . (...) -- C:\ProgramData\Zoomex\50ebcee998191.dll =>Adware.ZoomEx
O2 - BHO: BrowSee2saivE - {533C6DF5-341A-BDBC-1785-890B2BBED1CC} . (...) -- C:\ProgramData\BrowSee2saivE\517fa1077883b.dll =>Adware.Browse2Save
O2 - BHO: Browse2SiAAvae - {5D071C55-8D87-476C-00E0-B7F6987B8FB7} . (...) -- C:\ProgramData\Browse2SiAAvae\515314792cd9b.dll =>Adware.Browse2Save
O2 - BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} Cl� orpheline =>PUP.Funmoods
O2 - BHO: (no name) - {81fae9c9-cfbd-4cb3-8322-412e72f55f65} Cl� orpheline
O2 - BHO: (no name) - {88ac3cb6-596b-4217-964c-b6757ef9602d} Cl� orpheline
O2 - BHO: Zoomex - {95D01806-4A50-A1C6-49D0-F7EFF62CCBD3} . (...) -- C:\ProgramData\Zoomex\50e880bbc69f6.dll =>Adware.ZoomEx
O2 - BHO: BirowwsyE2savee - {9771150F-3F4D-22C5-8AF4-D19BBB2B9FA2} . (...) -- C:\ProgramData\BirowwsyE2savee\5152f8c855517.dll =>Adware.Browse2Save
O2 - BHO: Zoomex - {C2D13AFC-E465-6EC9-5A24-13365B60DC96} . (...) -- C:\ProgramData\Zoomex\50ebd66fde49a.dll =>Adware.ZoomEx
O2 - BHO: ccoNtiinuetosavey - {C52EC676-A65B-8D4C-B848-0857D98185BF} . (...) -- C:\ProgramData\ccoNtiinuetosavey\518d4b54405d1.dll =>PUP.OfferWare
O2 - BHO: Help the General-Search Project - {CA4520F3-AE13-4FB1-A513-58E23991C86D} . (...) -- C:\Users\Administrateur\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.dll =>PUP.MediaFinder
O2 - BHO: ccoNtiinuetosavey - {CAACDA61-38F6-D9B8-9C34-427A5EAAE575} . (...) -- C:\ProgramData\ccoNtiinuetosavey\518d4b4fbbc66.dll =>PUP.OfferWare
O2 - BHO: BrowSee2saivE - {D2982B48-0976-FBBC-CEA7-A48D7EFD2AA4} . (...) -- C:\ProgramData\BrowSee2saivE\517fa0ca83ffa.dll =>Adware.Browse2Save
O2 - BHO: (no name) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} Cl� orpheline
O2 - BHO: Zoomex - {E26AC380-B925-37F5-3F4E-0FB1FEE42D4F} . (...) -- C:\ProgramData\Zoomex\50e88160f0df9.dll =>Adware.ZoomEx
O2 - BHO: Zoomex - {E93F08DC-B01A-9DA2-7084-460D1EB03EBE} . (...) -- C:\ProgramData\Zoomex\50ebcdea9db36.dll =>Adware.ZoomEx
O2 - BHO: (no name) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Cl� orpheline
~ BHO: 27 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Lexmark Barre d'outils - [HKLM]{1017A80C-6F09-4548-A84D-EDD6AC9525F0} . (...) -- C:\Program Files\Lexmark Toolbar\toolband.dll
~ Toolbar: Scanned in 00mn 00s



---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Run: [WPCUMI] . (.Microsoft Corporation - Notifications du contr�le parental Windows.) -- C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [SearchProtectAll] . (.Conduit - Search Protect by Conduit.) -- C:\Program Files\SearchProtect\bin\cltmng.exe =>Toolbar.Conduit
O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\Administrateur\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKCU\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SearchProtect] . (.Conduit - Search Protect by Conduit.) -- C:\Users\Administrateur\AppData\Roaming\SearchProtect\bin\cltmng.exe =>Toolbar.Conduit
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-21-3810388439-2174192140-2591468744-1002\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-21-3810388439-2174192140-2591468744-1002\..\Run: [WindowsWelcomeCenter] oobefldr.dll
~ Application: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Programs: Windows Mail.lnk . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files\Windows Mail\WinMail.exe
O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\QuickLaunch: BearShare.lnk . (.MusicLab, LLC - BearShare.) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe =>PUP.BearShare
O4 - Global Startup: C:\Users\Administrateur\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Chat-Land site de chat et de rencontre gratuit.URL . (.MusicLab, LLC - BearShare.) -- C:\Users\Administrateur\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Chat-Land site de chat et de rencontre gratuit.URL =>PUP.BearShare
O4 - GS\QuickLaunch: Corneille-feat-La-Fouine--Des-Peres-des-Hommes-et-des-Freres-Smartorrent.exe - Raccourci.lnk . (...) -- C:\Users\Administrateur\Documents\Downloads\Corneille-feat-La-Fouine--Des-Peres-des-Hommes-et-des-Freres-Smartorrent.exe (.not file.)
O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\Administrateur\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch: Spybot - Search & Destroy.lnk . (.Safer Networking Limited - Spybot - Search & Destroy.) -- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
O4 - GS\QuickLaunch: �Torrent.lnk . (.BitTorrent Inc. - �Torrent.) -- C:\Program Files\uTorrent\uTorrent.exe =>P2P.�Torrent
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop: BearShare.lnk . (.MusicLab, LLC - BearShare.) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe =>PUP.BearShare
O4 - GS\Desktop: Calculator.lnk . (.Microsoft Corporation - Calculatrice de Windows.) -- C:\Windows\System32\calc.exe
O4 - GS\Desktop: Courrier �lectronique - Raccourci.lnk - Cl� orpheline
O4 - GS\Desktop: Downloads.lnk . (...) -- C:\Users\Administrateur\Documents\Downloads
O4 - GS\Desktop: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\Administrateur\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop: Microsoft Office Word 2007.lnk . (...) -- C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
O4 - GS\Desktop: Nettoyez votre registre gratuitement!.lnk - Cl� orpheline
O4 - GS\Desktop: Revo Uninstaller.lnk . (.VS Revo Group - Revo Uninstaller.) -- C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
O4 - GS\Desktop: SpyHunter.lnk . (.Enigma Software Group USA, LLC. - SpyHunter4 application.) -- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe =>Crapware.SpyHunter
O4 - GS\Desktop: Watchtower Library 2012 - Fran�ais.lnk . (.Watch Tower Bible and Tract Society of Penn - Watchtower Library 2012 - �dition fran�aise.) -- C:\Program Files\Watchtower\Watchtower Library 2012\F\WTLibrary.exe
~ Global Startup: Scanned in 00mn 00s



---\\ Boutons situ�s sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} . (.Microsoft Corporation - Windows Live Messenger Companion core resources.) -- C:\Program Files\Windows Live\Companion\companionres.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -- Cl� orpheline
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B2C8E50-9AE2-4EAB-A681-16FD64E4AF45}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CCS\Services\Tcpip\..\{56E90553-B959-4DFF-95B5-A0FB92ECB603}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4B9B3E9-71E2-4BAE-B604-4F6E6C3B54DC}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{0B2C8E50-9AE2-4EAB-A681-16FD64E4AF45}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS1\Services\Tcpip\..\{56E90553-B959-4DFF-95B5-A0FB92ECB603}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{C4B9B3E9-71E2-4BAE-B604-4F6E6C3B54DC}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{0B2C8E50-9AE2-4EAB-A681-16FD64E4AF45}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS2\Services\Tcpip\..\{56E90553-B959-4DFF-95B5-A0FB92ECB603}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{C4B9B3E9-71E2-4BAE-B604-4F6E6C3B54DC}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - C:\Program Files\browse~1\sprote~1.dll (.not file.)
~ AppInit DLL: Scanned in 00mn 00s



---\\ Cl� de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioth�que de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: SpyHunter 4 Service (SpyHunter 4 Service) . (.Enigma Software Group USA, LLC. - Service scanner interface.) - C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe =>Crapware.SpyHunter
~ Services: 5 Legitimates Filtered in 00mn 14s



---\\ T�ches planifi�es en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\RegClean Pro_DEFAULT.job [282] =>Rogue.RegistryPowerCleaner
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\RegClean Pro_UPDATES.job [290] =>Rogue.RegistryPowerCleaner
[MD5.00000000000000000000000000000000] [APT] [Ad-Aware Update (Weekly)] (...) -- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [Express FilesUpdate] (...) -- C:\Program Files\ExpressFiles\EFUpdater.exe (.not file.) [0] =>Adware.ExpressFiles
[MD5.177EC6C4172F9B1731E6E7903A78186D] [APT] [RegClean Pro] (.Systweak Inc.) -- C:\Program Files\RegClean Pro\RegCleanPro.exe [7853064] =>Rogue.RegistryPowerCleaner
[MD5.177EC6C4172F9B1731E6E7903A78186D] [APT] [RegClean Pro_DEFAULT] (.Systweak Inc.) -- C:\Program Files\RegClean Pro\RegCleanPro.exe [7853064] =>Rogue.RegistryPowerCleaner
[MD5.177EC6C4172F9B1731E6E7903A78186D] [APT] [RegClean Pro_UPDATES] (.Systweak Inc.) -- C:\Program Files\RegClean Pro\RegCleanPro.exe [7853064] =>Rogue.RegistryPowerCleaner
[MD5.FEB6495A683425CA8D1E92DB7500C977] [APT] [SpyHunter4Startup] (.Enigma Software Group USA, LLC..) -- C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [6425984] =>Crapware.SpyHunter
[MD5.00000000000000000000000000000000] [APT] [{38FABFED-A685-4133-BC99-12401F7840D6}] (...) -- C:\Users\Administrateur\Desktop\word.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{E146F2F5-033F-44EF-9E31-B20353F45189}] (...) -- C:\Users\Administrateur\Desktop\wmp11-windowsxp-x86-FR-FR.exe (.not file.) [0]
~ Scheduled Task: 18 Legitimates Filtered in 00mn 08s



---\\ Logiciels install�s (O42)
O42 - Logiciel: BearShare - (.Musiclab, LLC.) [HKLM] -- BearShare =>PUP.BearShare
O42 - Logiciel: BrowseToSave - (...) [HKLM] -- {01D5CB46-E0CC-4B4E-A9A5-A8EEDA36E9B0} =>Adware.Browse2Save
O42 - Logiciel: ContinueToSave - (...) [HKLM] -- {3784D5BB-FB34-40A8-A243-B316EC67F74D} =>PUP.OfferWare
O42 - Logiciel: RegClean Pro - (.Systweak Inc.) [HKLM] -- RegClean Pro_is1 =>Rogue.RegistryPowerCleaner
O42 - Logiciel: Search Assistant WebSearch 1.74 - (...) [HKLM] -- SP_b0285714
O42 - Logiciel: Search Protect by conduit - (.Conduit.) [HKLM] -- SearchProtect =>Toolbar.Conduit
O42 - Logiciel: SpyHunter - (.Enigma Software Group USA, LLC.) [HKLM] -- {E89498D8-1430-4A2B-A76A-4A71326981E9} =>Crapware.SpyHunter
O42 - Logiciel: Watchtower Library 2012 - Fran�ais - (.Watchtower Bible and Tract Society of Pennsylvania, Inc..) [HKLM] -- {429C765D-42CC-4F2A-A6CA-2737630E502A}
~ Logic: 75 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\58edbdce56abe15]
[HKCU\Software\AppDataLow\SProtector] =>PUP.Mocaflix
[HKCU\Software\AppDataLow\Software\ConduitSearchScopes]
[HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong
[HKCU\Software\AppDataLow\Software\Smartbar] =>Hijacker.SmartBar
[HKCU\Software\AppDataLow\Software\toolbar]
[HKCU\Software\Ask&Record]
[HKCU\Software\BabylonToolbar] =>Toolbar.Babylon
[HKCU\Software\BearShare] =>PUP.BearShare
[HKCU\Software\DataMngr] =>PUP.Datamngr
[HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr
[HKCU\Software\ExpressFiles] =>Adware.ExpressFiles
[HKCU\Software\IM]
[HKCU\Software\IncrediMail]
[HKCU\Software\InstallCore] =>PUP.InstallCore
[HKCU\Software\MediaFinder] =>PUP.MediaFinder
[HKCU\Software\MegaCloud]
[HKCU\Software\OfferBox] =>PUP.OfferBox
[HKCU\Software\PlayMP3Plus]
[HKCU\Software\SearchProtect] =>Toolbar.Conduit
[HKCU\Software\Softonic]
[HKCU\Software\StartSearch] =>PUP.StartSearch
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKCU\Software\Watchtower]
[HKCU\Software\Zugo] =>Adware.Zugo
[HKCU\Software\delta LTD]
[HKCU\Software\ilivid] =>Adware.Bandoo
[HKCU\Software\�A�v���P�[�V���� �E�B�U�[�h�Ő������ꂽ���[�J�� �A�v���P�[�V����]
[HKLM\Software\58edbdce56abe15]
[HKLM\Software\Babylon] =>Toolbar.Babylon
[HKLM\Software\DataMngr] =>PUP.Datamngr
[HKLM\Software\ExpressFiles] =>Adware.ExpressFiles
[HKLM\Software\Foxreal YouTube FLV Downloader]
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\My Password Manager]
[HKLM\Software\OfferBox] =>PUP.OfferBox
[HKLM\Software\SP Global] =>PUP.AdvancedSystemProtector
[HKLM\Software\SProtector] =>PUP.Mocaflix
[HKLM\Software\Tarma Installer] =>Toolbar.Tarma
[HKLM\Software\WATCHTOWER]
[HKLM\Software\babylontoolbar] =>Toolbar.Babylon
~ Key Software: 210 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 04/08/2011 - 16:34:53 - [1,304] ----D C:\Program Files\Bandoo =>Adware.Bandoo
O43 - CFD: 25/04/2013 - 14:23:58 - [43,112] ----D C:\Program Files\BearShare Applications =>PUP.BearShare
O43 - CFD: 30/04/2013 - 12:46:13 - [1,473] ----D C:\Program Files\BrowseToSave =>Adware.Browse2Save
O43 - CFD: 10/05/2013 - 21:32:57 - [1,473] ----D C:\Program Files\ContinueToSave =>PUP.Offerware
O43 - CFD: 20/01/2009 - 09:05:22 - [0,403] ----D C:\Program Files\DNA
O43 - CFD: 04/06/2013 - 14:17:21 - [7,342] ----D C:\Program Files\FA1D7
O43 - CFD: 04/08/2011 - 16:08:27 - [0] ----D C:\Program Files\LimeWire
O43 - CFD: 30/04/2013 - 12:45:42 - [14,235] ----D C:\Program Files\RegClean Pro =>Rogue.RegistryPowerCleaner
O43 - CFD: 17/03/2013 - 12:32:00 - [6,521] ----D C:\Program Files\SearchProtect =>Toolbar.Conduit
O43 - CFD: 11/04/2013 - 16:24:09 - [0] ----D C:\Program Files\TornTV.com =>Hijacker.TornTV
O43 - CFD: 08/05/2013 - 16:05:09 - [411,683] ----D C:\Program Files\Watchtower
O43 - CFD: 10/05/2013 - 21:33:36 - [1,470] ----D C:\Program Files\WebSearch
O43 - CFD: 17/02/2013 - 22:33:35 - [0,440] ----D C:\Program Files\ZoomEx =>Adware.ZoomEx
O43 - CFD: 04/02/2013 - 15:36:57 - [0] ----D C:\ProgramData\Ask
O43 - CFD: 04/03/2013 - 22:31:33 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon
O43 - CFD: 03/05/2013 - 22:20:02 - [0,079] ----D C:\ProgramData\BearShare =>PUP.BearShare
O43 - CFD: 11/04/2013 - 16:34:56 - [0,191] ----D C:\ProgramData\BirowwsyE2savee =>Adware.Browse2Save
O43 - CFD: 11/04/2013 - 16:34:54 - [0,191] ----D C:\ProgramData\Browse2SiAAvae =>Adware.Browse2Save
O43 - CFD: 03/05/2013 - 19:11:05 - [0,333] ----D C:\ProgramData\BrowSee2saivE =>Adware.Browse2Save
O43 - CFD: 10/05/2013 - 21:32:13 - [0,304] ----D C:\ProgramData\ccoNtiinuetosavey =>PUP.OfferWare
O43 - CFD: 10/05/2013 - 21:34:40 - [19,195] ----D C:\ProgramData\InstallMate
O43 - CFD: 17/02/2013 - 22:33:41 - [0] ----D C:\ProgramData\Premium
O43 - CFD: 10/05/2013 - 21:34:08 - [0] ----D C:\ProgramData\StarApp
O43 - CFD: 11/04/2013 - 16:24:56 - [1,195] ----D C:\ProgramData\Tarma Installer =>Toolbar.Tarma
O43 - CFD: 30/06/2010 - 21:36:52 - [0] ----D C:\ProgramData\ThumbnailCache4R
O43 - CFD: 04/06/2013 - 14:19:01 - [0,654] ----D C:\ProgramData\Zoomex =>Adware.ZoomEx
O43 - CFD: 03/05/2013 - 22:19:54 - [48,622] ----D C:\ProgramData\{0E4787A8-ED84-4FF5-B0A8-9F02006086D1}
O43 - CFD: 09/02/2012 - 13:50:14 - [18,273] ----D C:\ProgramData\{A0559A84-0A11-425F-BFFC-532378694B25}
O43 - CFD: 04/03/2013 - 22:31:33 - [0,008] ----D C:\Users\Administrateur\AppData\Roaming\Babylon =>Toolbar.Babylon
O43 - CFD: 17/02/2013 - 22:08:41 - [0,350] ----D C:\Users\Administrateur\AppData\Roaming\eType
O43 - CFD: 17/03/2013 - 12:30:55 - [0,001] ----D C:\Users\Administrateur\AppData\Roaming\ExpressFiles =>Adware.ExpressFiles
O43 - CFD: 28/03/2012 - 17:57:35 - [0,001] ----D C:\Users\Administrateur\AppData\Roaming\Foxreal
O43 - CFD: 27/07/2012 - 22:20:44 - [0,424] ----D C:\Users\Administrateur\AppData\Roaming\Media Finder =>PUP.MediaFinder
O43 - CFD: 26/12/2011 - 21:28:58 - [0,003] ----D C:\Users\Administrateur\AppData\Roaming\MegaCloud
O43 - CFD: 27/03/2013 - 17:08:39 - [0] ----D C:\Users\Administrateur\AppData\Roaming\NCdownloader
O43 - CFD: 17/02/2013 - 22:20:25 - [0,367] ----D C:\Users\Administrateur\AppData\Roaming\OfferBox =>PUP.OfferBox
O43 - CFD: 17/03/2013 - 12:32:00 - [8,420] ----D C:\Users\Administrateur\AppData\Roaming\SearchProtect =>Toolbar.Conduit
O43 - CFD: 11/04/2013 - 16:20:46 - [0,930] ----D C:\Users\Administrateur\AppData\Roaming\Shareaza
O43 - CFD: 07/01/2011 - 09:39:30 - [0] ----D C:\Users\Administrateur\AppData\Roaming\Watchtower
O43 - CFD: 28/03/2012 - 16:38:30 - [0,164] ----D C:\Users\Administrateur\AppData\Local\APN
O43 - CFD: 01/06/2013 - 08:19:27 - [84,158] ----D C:\Users\Administrateur\AppData\Local\BearShare =>PUP.BearShare
O43 - CFD: 04/08/2011 - 16:35:01 - [0,014] ----D C:\Users\Administrateur\AppData\Local\Ilivid Player =>Adware.Bandoo
O43 - CFD: 02/03/2013 - 12:33:46 - [101,117] ----D C:\Users\Administrateur\AppData\Local\Shareaza
O43 - CFD: 22/11/2008 - 16:40:13 - [0,003] ----D C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Advanced Spy
O43 - CFD: 04/06/2013 - 12:53:54 - [0,005] ----D C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter =>Crapware.SpyHunter
O43 - CFD: 08/05/2013 - 16:16:43 - [0,001] ----D C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com =>Hijacker.TornTV
~ 1270 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 1658 Legitimates Filtered in 01mn 12s



---\\ Derniers fichiers cr��s dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.782CC0F3787549AD93CEE32E0F2C58DA] - 01/06/2013 - 07:12:46 ---A- - C:\Windows\Prefetch\BEARSHARE.EXE-D62DC8F8.pf =>PUP.BearShare
O45 - LFCP:[MD5.17C14BD5D92DC4226A275F39185A7F59] - 03/06/2013 - 08:07:48 ---A- - C:\Windows\Prefetch\WTLIBRARY.EXE-D16FE2AE.pf
O45 - LFCP:[MD5.8EA59851380B5B8D1474E2F7334DF3DA] - 04/06/2013 - 06:17:21 ---A- - C:\Windows\Prefetch\EMULE.EXE-188E10F6.pf
O45 - LFCP:[MD5.C9695BC15D550FA30A8272BE2A8F4692] - 04/06/2013 - 11:50:16 ---A- - C:\Windows\Prefetch\SPYHUNTER-INSTALLER.EXE-0A189D5F.pf =>Crapware.SpyHunter
O45 - LFCP:[MD5.27AF7CEF5B295C462276BC5C4E0A1299] - 04/06/2013 - 11:52:55 ---A- - C:\Windows\Prefetch\WISECUSTOMCALLA17.EXE-9D8316E4.pf =>Crapware.SpyHunter
O45 - LFCP:[MD5.639A8CC465F31D4188EE4ABE54C37DF3] - 04/06/2013 - 11:53:06 ---A- - C:\Windows\Prefetch\WISECUSTOMCALLA18.EXE-B0D8D169.pf =>Crapware.SpyHunter
O45 - LFCP:[MD5.7C01DBF3BAE5C98A0A14A281D2F4BAE3] - 04/06/2013 - 11:53:16 ---A- - C:\Windows\Prefetch\WISECUSTOMCALLA19.EXE-C42E8BEE.pf =>Crapware.SpyHunter
O45 - LFCP:[MD5.5E97E7D7EE84F179192F6611FCDAF03E] - 04/06/2013 - 11:53:17 ---A- - C:\Windows\Prefetch\WISECUSTOMCALLA20.EXE-7B9D6E7E.pf =>Crapware.SpyHunter
O45 - LFCP:[MD5.F10931D324DC772AE0DF99D2BAD9E4E0] - 04/06/2013 - 11:54:11 ---A- - C:\Windows\Prefetch\WISECUSTOMCALLA22.EXE-A248E388.pf =>Crapware.SpyHunter
O45 - LFCP:[MD5.61E84371B66AE89F456311864F4EBEEB] - 04/06/2013 - 11:54:33 ---A- - C:\Windows\Prefetch\SH4SER~1.EXE-CF0016EB.pf
O45 - LFCP:[MD5.EA9A31B1AB442610A8AE41481E57AB4B] - 04/06/2013 - 11:54:40 ---A- - C:\Windows\Prefetch\ESGRKCHK.EXE-121BE0F5.pf
O45 - LFCP:[MD5.B1DB542A278E2D14D35BCAA569FC3A7C] - 04/06/2013 - 11:54:52 ---A- - C:\Windows\Prefetch\SPYHUNTER4.EXE-7BD5E907.pf =>Crapware.SpyHunter
~ Prefetcher: 139 Legitimates Filtered in 00mn 01s



---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{16883931-52e5-11e1-8294-001d7da70c74}\AutoRun\command. (...) -- H:\KODAK_Camera_Setup_App.exe (.not file.)
O51 - MPSK:{3f043462-e257-11df-9821-001d7da70c74}\AutoRun\command. (...) -- H:\wd_windows_tools\setup.exe (.not file.)
O51 - MPSK:{7ee31cfe-aa47-11dd-b9a8-001d7da70c74}\AutoRun\command. (...) -- G:\MIRA.exe (.not file.)
O51 - MPSK:{94d7c507-bf9e-11de-9899-001d7da70c74}\AutoRun\command. (...) -- H:\AdobeR.exe (.not file.)
O51 - MPSK:{d33e5132-2144-11e0-bc1b-001d7da70c74}\AutoRun\command. (...) -- C:\Windows\system32\I:\launcher.exe (.not file.)
O51 - MPSK:{f0567f8c-53ad-11df-95da-001d7da70c74}\AutoRun\command. (...) -- H:\launcher.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\BitTorrent DNA [Key] . (...) -- C:\Users\Administrateur\Program Files\DNA\btdna.exe (.not file.) =>P2P.BitTorrent
O53 - SMSR:HKLM\...\startupreg\eMuleAutoStart [Key] . (.http://www.emule-project.net - eMule.) -- C:\Program Files\eMule\emule.exe
O53 - SMSR:HKLM\...\startupreg\Freecorder FLV Service [Key] . (...) -- C:\Program Files\Freecorder\FLVSrvc.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Media Finder [Key] . (...) -- C:\Program Files\Media Finder\Media Finder.exe (.not file.) =>PUP.MediaFinder
O53 - SMSR:HKLM\...\startupreg\My Password Manager [Key] . (...) -- C:\Program Files\My Password Manager\mypass.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\offerbox [Key] . (...) -- C:\Program Files\OfferBox\OfferBox.exe (.not file.) =>PUP.OfferBox
O53 - SMSR:HKLM\...\startupreg\RavMont [Key] . (...) -- C:\Windows\system32\MIRA.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (.BitTorrent Inc. - �Torrent.) -- C:\Program Files\uTorrent\uTorrent.exe =>P2P.�Torrent
~ SMSR Keys: 21 Legitimates Filtered in 00mn 00s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.BC945D9C5292531EE04DC5892D411B95] - 16/03/2009 - 13:51:08 ---A- . (.Alice Box - Carte r�seau virtuelle Alice Box.) -- C:\Windows\System32\Drivers\abxusb32.sys [24576]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: Scanned in 00mn 00s



---\\ Derniers fichiers modifi�s ou cr�es (Utilisateur) (O61)
O61 - LFC: 01/06/2013 - 07:15:35 ---A- C:\Users\Administrateur\AppData\Local\BearShare\Artwork\D&D - youtube - h8oXXm3sOtM.jpeg [1222] =>PUP.BearShare
O61 - LFC: 01/06/2013 - 07:15:35 ---A- C:\Users\Administrateur\AppData\Local\BearShare\Artwork\youtube - h8oXXm3sOtM(150x150).jpeg [3872] =>PUP.BearShare
O61 - LFC: 01/06/2013 - 07:15:35 ---A- C:\Users\Administrateur\AppData\Local\BearShare\Artwork\youtube - h8oXXm3sOtM.jpeg [1222] =>PUP.BearShare
O61 - LFC: 01/06/2013 - 07:17:03 ---A- C:\Users\Administrateur\AppData\Local\BearShare\shistory.im [742] =>PUP.BearShare
O61 - LFC: 01/06/2013 - 07:19:28 ---A- C:\Users\Administrateur\AppData\Local\BearShare\Artwork\D&D - youtube - b3HeLs8Yosw(100x100).jpeg [7331] =>PUP.BearShare
O61 - LFC: 01/06/2013 - 07:19:28 ---A- C:\Users\Administrateur\AppData\Local\BearShare\Artwork\D&D - youtube - b3HeLs8Yosw.jpeg [11978] =>PUP.BearShare
O61 - LFC: 01/06/2013 - 07:19:28 ---A- C:\Users\Administrateur\AppData\Local\BearShare\Artwork\youtube - b3HeLs8Yosw(150x150).jpeg [14140] =>PUP.BearShare
O61 - LFC: 01/06/2013 - 07:19:28 ---A- C:\Users\Administrateur\AppData\Local\BearShare\Artwork\youtube - b3HeLs8Yosw.jpeg [11978] =>PUP.BearShare
O61 - LFC: 01/06/2013 - 07:20:04 ---A- C:\Users\Administrateur\AppData\Local\BearShare\Artwork\D&D - youtube - 9sY-TsLXiDo(100x100).jpeg [4786] =>PUP.BearShare
O61 - LFC: 01/06/2013 - 07:20:04 ---A- C:\Users\Administrateur\AppData\Local\BearShare\Artwork\D&D - youtube - 9sY-TsLXiDo.jpeg [7206] =>PUP.BearShare
O61 - LFC: 01/06/2013 - 07:20:04 ---A- C:\Users\Administrateur\AppData\Local\BearShare\Artwork\youtube - 9sY-TsLXiDo(150x150).jpeg [8806] =>PUP.BearShare
O61 - LFC: 01/06/2013 - 07:20:04 ---A- C:\Users\Administrateur\AppData\Local\BearShare\Artwork\youtube - 9sY-TsLXiDo.jpeg [7206] =>PUP.BearShare
O61 - LFC: 01/06/2013 - 07:20:15 ---A- C:\Users\Administrateur\AppData\Local\BearShare\Artwork\D&D - youtube - g5FGRv-SJoQ(100x100).jpeg [5976] =>PUP.BearShare
O61 - LFC: 01/06/2013 - 07:20:15 ---A- C:\Users\Administrateur\AppData\Local\BearShare\Artwork\D&D - youtube - g5FGRv-SJoQ.jpeg [8754] =>PUP.BearShare
O61 - LFC: 01/06/2013 - 07:20:15 ---A- C:\Users\Administrateur\AppData\Local\BearShare\Artwork\youtube - g5FGRv-SJoQ(150x150).jpeg [10912] =>PUP.BearShare
O61 - LFC: 01/06/2013 - 07:20:15 ---A- C:\Users\Administrateur\AppData\Local\BearShare\Artwork\youtube - g5FGRv-SJoQ.jpeg [8754] =>PUP.BearShare
O61 - LFC: 01/06/2013 - 07:20:38 ---A- C:\Users\Administrateur\AppData\Local\BearShare\Statistics.xml [5318] =>PUP.BearShare
O61 - LFC: 01/06/2013 - 07:20:39 ---A- C:\Users\Administrateur\AppData\Local\BearShare\Data\rjn.a92 [90] =>PUP.BearShare
O61 - LFC: 01/06/2013 - 07:20:40 ---A- C:\Users\Administrateur\AppData\Local\BearShare\Data\Albums.db [4333568] =>PUP.BearShare
O61 - LFC: 01/06/2013 - 07:20:40 ---A- C:\Users\Administrateur\AppData\Local\BearShare\Data\Artists.db [4317184] =>PUP.BearShare
O61 - LFC: 01/06/2013 - 07:20:40 ---A- C:\Users\Administrateur\AppData\Local\BearShare\Data\ContentFile.db [4366336] =>PUP.BearShare
O61 - LFC: 01/06/2013 - 07:20:40 ---A- C:\Users\Administrateur\AppData\Local\BearShare\Data\DownloadFile.db [4456448] =>PUP.BearShare
O61 - LFC: 01/06/2013 - 07:20:40 ---A- C:\Users\Administrateur\AppData\Local\BearShare\Data\Playlists.db [4276224] =>PUP.BearShare
O61 - LFC: 01/06/2013 - 07:20:40 ---A- C:\Users\Administrateur\AppData\Local\BearShare\Data\VirtualFile.db [4644864] =>PUP.BearShare
O61 - LFC: 02/06/2013 - 19:04:01 R--A- C:\Users\Administrateur\Documents\Downloads\Una Notte Da Leoni 3 2013 iTALiAN MD TS x264-TrTd TeaM\TrTd TeaM info.txt [952]
O61 - LFC: 02/06/2013 - 19:04:01 R--A- C:\Users\Administrateur\Documents\Downloads\Una Notte Da Leoni 3 2013 iTALiAN MD TS x264-TrTd TeaM\Una.Notte.Da.Leoni.3.2013.iTALiAN.MD.TS.x264-TrTd_TeaM.txt [6987]
O61 - LFC: 02/06/2013 - 19:27:43 R--A- C:\Users\Administrateur\Documents\Downloads\Una Notte Da Leoni 3 2013 iTALiAN MD TS x264-TrTd TeaM\Una.Notte.Da.Leoni.3.2013.iTALiAN.MD.TS.x264-TrTd_TeaM.mkv [345632690]
O61 - LFC: 03/06/2013 - 10:50:31 R--A- C:\Users\Administrateur\Documents\Downloads\Person.Of.Interest.2x14.Uno.Percento.ITA.ENG.720p.DLMux.h264-NR.mkv [1507451453]
O61 - LFC: 04/06/2013 - 06:18:08 ---A- C:\Users\Administrateur\AppData\Roaming\SearchProtect\bin\rep.dat [6840] =>Toolbar.Conduit
O61 - LFC: 04/06/2013 - 07:13:54 R--A- C:\Users\Administrateur\Documents\Downloads\Parto Con Mamma 2012 iTALiAN BrRip AC3 5.1 x264 - TrTd TeaM\Parto Con Mamma 2012 iTALiAN BrRip AC3 5.1 x264 - TrTd TeaM mkv 437MB.txt [6566]
O61 - LFC: 04/06/2013 - 07:13:54 R--A- C:\Users\Administrateur\Documents\Downloads\Parto Con Mamma 2012 iTALiAN BrRip AC3 5.1 x264 - TrTd TeaM\TrTd TeaM info.txt [962]
O61 - LFC: 04/06/2013 - 11:11:27 R--A- C:\Users\Administrateur\Documents\Downloads\Parto Con Mamma 2012 iTALiAN BrRip AC3 5.1 x264 - TrTd TeaM\Parto.Con.Mamma.2012.iTALiAN.BrRip.AC3.5.1.x264-TrTd_TeaM.mkv [458299910]
O61 - LFC: 04/06/2013 - 11:22:00 ---A- C:\Users\Administrateur\Documents\Downloads\accuseReception.pdf [16990]
O61 - LFC: 04/06/2013 - 11:44:48 ---A- C:\Users\Administrateur\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [267487]
O61 - LFC: 04/06/2013 - 11:50:01 ---A- C:\Users\Administrateur\Documents\Downloads\SpyHunter-Installer.exe [726464] =>Crapware.SpyHunter
O61 - LFC: 04/06/2013 - 11:53:59 R--A- C:\Users\Administrateur\AppData\Roaming\Microsoft\Installer\{E89498D8-1430-4A2B-A76A-4A71326981E9}\IconCF33A0CE.exe [110080]
O61 - LFC: 04/06/2013 - 11:53:59 R--A- C:\Users\Administrateur\AppData\Roaming\Microsoft\Installer\{E89498D8-1430-4A2B-A76A-4A71326981E9}\IconD7F16134.exe [110080]
O61 - LFC: 04/06/2013 - 11:53:59 R--A- C:\Users\Administrateur\AppData\Roaming\Microsoft\Installer\{E89498D8-1430-4A2B-A76A-4A71326981E9}\IconF7A21AF7.exe [110080]
O61 - LFC: 04/06/2013 - 11:53:59 R--A- C:\Users\Administrateur\AppData\Roaming\Microsoft\Installer\{E89498D8-1430-4A2B-A76A-4A71326981E9}\WISE89498D814304A2BA76A4A71326981E9_4_13_6_4253.MST [61440]
O61 - LFC: 04/06/2013 - 14:03:24 ---A- C:\Users\Administrateur\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\ExcludeList.rcp [6] =>Rogue.RegistryPowerCleaner
O61 - LFC: 04/06/2013 - 14:03:24 ---A- C:\Users\Administrateur\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\French_rcp.dat [52848] =>Rogue.RegistryPowerCleaner
O61 - LFC: 04/06/2013 - 14:03:24 ---A- C:\Users\Administrateur\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\TempHLList.rcp [6] =>Rogue.RegistryPowerCleaner
O61 - LFC: 04/06/2013 - 14:03:24 ---A- C:\Users\Administrateur\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\results.rcp [308132] =>Rogue.RegistryPowerCleaner
O61 - LFC: 04/06/2013 - 14:38:52 ---A- C:\Users\Administrateur\AppData\Local\Google\Chrome\User Data\Local State [44007]
~ 10 Fichiers temporaires (Temporary files)
~ Files: 368 Legitimates Filtered in 05mn 49s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s



---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 06/03/2013 - C:\Program Files\SearchProtect\bin\CltMngSvc.exe (CltMngSvc) .(.Conduit - Search Protect by Conduit.) - LEGACY_CLTMNGSVC =>Toolbar.Conduit
O64 - Services: CurCS - 06/05/2011 - Pas de propri�taire (esgiguard) .(...) - LEGACY_ESGIGUARD
O64 - Services: CurCS - ??\??\???? - Pas de propri�taire (slsvc) .(...) - LEGACY_SLSVC
~ Legacy: 87 Legitimates Filtered in 00mn 01s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\Administrateur\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Not Key.)
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: C:\Users\Administrateur\AppData\Roaming\Mozilla\Firefox\Profiles\czog45n6.default-1346315948304\searchplugins\askcom.xml
O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("CT3176921.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3176921&SearchSource=2&CUI=UN3090[...]
O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("CT3176921.installType", "conduitnsisintegration");
O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("CT3176921.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"http://search.conduit.com/?ctid=CT3176921&octid=CT3[...]
O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("Smartbar.ConduitHomepagesList", "http://search.conduit.com/?ctid=CT3176921&CUI=UN30906244791788228&UM=2&SearchSource=13[...] =>Hijacker.SmartBar
O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("Smartbar.ConduitSearchEngineList", "express-files Customized Web Search"); =>Hijacker.SmartBar
O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("Smartbar.ConduitSearchUrlList", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3176921&SearchSource=2&CUI=UN30906244[...] =>Hijacker.SmartBar
O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("Smartbar.SearchFromAddressBarSavedUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3176921&SearchSource=2&CUI=UN[...] =>Hijacker.SmartBar
O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("aol_toolbar.default.homepage.check", false);
O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("aol_toolbar.default.search.check", false);
O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("browser.search.defaultthis.engineName", "express-files FR Customized Web Search"); =>Adware.ExpressFiles
O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.50e880bbc6910.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,se[...] =>Toolbar.Babylon
O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.50e88160f0d1d.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,se[...] =>Toolbar.Babylon
O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.50ebcdea9da52.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,se[...] =>Toolbar.Babylon
O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.50ebcee9980ae.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,se[...] =>Toolbar.Babylon
O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.50ebd66fde3b5.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,se[...] =>Toolbar.Babylon
O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.50f3f599770cc.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,se[...] =>Toolbar.Babylon
O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.BabylonToolbar.prtkDS", 0); =>Toolbar.Babylon
O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.BabylonToolbar.prtkHmpg", 0); =>Toolbar.Babylon
O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.BabylonToolbar_i.newTab", true); =>Toolbar.Babylon
O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.BabylonToolbar_i.newTabUrl", "http://www.delta-search.com/?affID=119776&babsrc=NT_ss&mntrId=3855afbd00000000[...] =>Toolbar.Babylon
O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.delta.admin", false);
O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.delta.aflt", "babsst");
O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.delta.autoRvrt", "false");
O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.delta.bbDpng", "11");
O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.delta.cntry", "FR");
O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.delta.dfltLng", "en");
O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.delta.excTlbr", false);
O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.delta.hdrMd5", "013C99F625C7966613170E44B9EE2ADD");
O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.delta.id", "3855afbd000000000000001d7da70c74");
O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.delta.instlDay", "15768");
O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.delta.instlRef", "sst");
O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.delta.lastVrsnTs", "1.8.10.021:31:58");
O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.delta.newTab", false);
O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.delta.prdct", "delta");
O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.delta.prtnrId", "delta");
O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.delta.rvrt", "false");
O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.delta.sg", "azb");
O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.delta.smplGrp", "none");
O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.delta.tlbrId", "base");
O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.delta.tlbrSrchUrl", "");
O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.delta.vrsn", "1.8.10.0");
O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.delta.vrsnTs", "1.8.10.021:31:58");
O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("extensions.delta.vrsni", "1.8.10.0");
O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("keyword.URL", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3176921&SearchSource=2&CUI=UN30906244791788228&UM=&q=")[...]
O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("smartbar.conduitHomepageList", "http://search.conduit.com/?ctid=CT3176921&SearchSource=13&CUI=UN30906244791788228,http:[...] =>Hijacker.SmartBar
O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("smartbar.conduitSearchAddressUrlList", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3176921&SearchSource=2&CUI=UN3[...] =>Hijacker.SmartBar
O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("smartbar.originalSearchAddressUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3176921&SearchSource=2&CUI=UN3090[...] =>Hijacker.SmartBar
O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", ""); =>PUP.SweetIM
O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "EasyLife"); =>PUP.SweetIM
O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("sweetim.toolbar.previous.browser.startup.homepage", "http://search.easylifeapp.com/?pid=719&src=ff1&r=2013/03/27&hid=33[...] =>PUP.SweetIM
O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("sweetim.toolbar.previous.keyword.URL", ""); =>PUP.SweetIM
O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*"); =>PUP.SweetIM
O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "1"); =>PUP.SweetIM
O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "1"); =>PUP.SweetIM
O69 - SBI: prefs.js [Administrateur - czog45n6.default-1346315948304] user_pref("sweetim.toolbar.searchguard.enable", "false"); =>PUP.SweetIM
O69 - SBI: SearchScopes [HKCU] {01bd49d7-c76b-4310-8beb-14d7e5f322c6} - (EasyLife) - http://search.easylifeapp.com =>Hijacker.GadgetBox
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Delta Search) - http://www.delta-search.com =>Toolbar.DeltaSearch
O69 - SBI: SearchScopes [HKCU] {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - (Ask Search) - http://websearch.ask.com
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} - (Search Results) - http://dts.search-results.com
O69 - SBI: SearchScopes [HKCU] {afdbddaa-5d3f-42ee-b79c-185a7020515b} - (express-files FR Customized Web Search) - http://search.conduit.com =>Adware.ExpressFiles
O69 - SBI: SearchScopes [HKCU] {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} - (Funmoods) - http://start.funmoods.com =>PUP.Funmoods
O69 - SBI: SearchScopes [HKCU] {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} [DefaultScope] - (WebSearch) - http://websearch.lookforithere.info
O69 - SBI: SearchScopes [HKCU] {CF739809-1C6C-47C0-85B9-569DBB141420} - (Ask Search) - http://toolbar.ask.com
~ Keys: Scanned in 00mn 00s



---\\ Crack & Keygen Files (O82)
C:\Users\Administrateur\keygen.exe
C:\Users\Administrateur\keygen.exe
~ Files: Scanned in 02mn 11s



---\\ Recherche particuliere � la racine de certains dossiers (O84)
[MD5.0B0F240F81182D767325371650A18339] [SPRF][20/05/2013] (...) -- C:\Users\Administrateur\AppData\Local\d3d9caps.dat [680]
[MD5.B28C334C03CEE7C5E829C43AE75DAE5A] [SPRF][14/04/2013] (.Ask.com - AskIC Dynamic Link Library.) -- C:\Users\Administrateur\AppData\Local\Temp\AskSLib.dll [248008]
[MD5.EBB022C04721D4C732A7F6D0640DE059] [SPRF][25/04/2013] (.Musiclab, LLC - BearShare.) -- C:\Users\Administrateur\AppData\Local\Temp\BearShare_setup.exe [2489120] =>PUP.BearShare
[MD5.22C32D75E19BAD283CAB2E9E1E59903F] [SPRF][17/02/2013] (...) -- C:\Users\Administrateur\AppData\Local\Temp\Installhelper.dll [1643624]
[MD5.6C137D2BEF3CDD43F3AE2FD6705B9FED] [SPRF][05/04/2013] (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Users\Administrateur\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe [904104]
[MD5.5A1B14363C067634DA9E3C0DF5BECC0E] [SPRF][17/02/2013] (...) -- C:\Users\Administrateur\AppData\Local\Temp\SetupDataMngr_BearShare.exe [4423016] =>PUP.BearShare
[MD5.03EF087BE6876AB29AAF8F48391037A4] [SPRF][04/06/2013] (...) -- C:\Users\Administrateur\AppData\Local\Temp\SHSetup.exe [45217872]
[MD5.72412B526BCC716382E62B7939DCFD8F] [SPRF][06/05/2012] (...) -- C:\Users\Administrateur\AppData\Local\Temp\SRAssetsHelper.dll [1085952]
[MD5.82C239FF99942BF799A9FD0182734A1A] [SPRF][25/04/2013] (...) -- C:\Users\Administrateur\AppData\Local\Temp\thanks.bat [82]
[MD5.62903EE8A6B0E4B8015F382950C611D0] [SPRF][25/04/2013] (.Torch Media Inc. - Torch Browser.) -- C:\Users\Administrateur\AppData\Local\Temp\TorchSetupFull.exe [39278184]
[MD5.2249A39CC7C7BFB2CC8599A4DC9CAF60] [SPRF][17/04/2013] (...) -- C:\Users\Administrateur\AppData\Local\Temp\utt10A6.tmp.bat [98]
[MD5.3B3C2F7B8A3F26D74C1F6215A79B2B83] [SPRF][03/05/2013] (...) -- C:\Users\Administrateur\AppData\Local\Temp\utt83E0.tmp.bat [98]
[MD5.2249A39CC7C7BFB2CC8599A4DC9CAF60] [SPRF][17/04/2013] (...) -- C:\Users\Administrateur\AppData\Local\Temp\uttC709.tmp.bat [98]
[MD5.3B3C2F7B8A3F26D74C1F6215A79B2B83] [SPRF][03/05/2013] (...) -- C:\Users\Administrateur\AppData\Local\Temp\uttD25D.tmp.bat [98]
~ Files: Scanned in 00mn 06s



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{31EE9198-D1E3-456C-8EAA-16FDA0683626}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe (.not file.)
O87 - FAEL: "{A9AB94A1-FA16-4268-A682-98B5F8B54982}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe (.not file.)
O87 - FAEL: "{BAADDE56-F32A-4CB1-BFD8-99B6AFF65B20}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Administrateur\AppData\Local\Temp\lxdx\wireless\lxdxwpss.exe (.not file.)
O87 - FAEL: "{6569E673-B321-4E79-836B-F89711AE343A}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Administrateur\AppData\Local\Temp\lxdx\wireless\lxdxwpss.exe (.not file.)
O87 - FAEL: "TCP Query User{F6757B72-05EB-43FD-BB9F-5720CFD7A915}C:\users\administrateur\program files\dna\btdna.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\administrateur\program files\dna\btdna.exe (.not file.)
O87 - FAEL: "UDP Query User{D5EFDAE2-A613-4C10-BD37-E684B0D6EE8E}C:\users\administrateur\program files\dna\btdna.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\administrateur\program files\dna\btdna.exe (.not file.)
O87 - FAEL: "{493994FF-E3A7-4272-B129-9E93A1AEAF34}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\LimeWire\LimeWire.exe (.not file.)
O87 - FAEL: "{882498B0-9F2E-4FC1-AF7C-22A8D3E9693D}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\LimeWire\LimeWire.exe (.not file.)
O87 - FAEL: "TCP Query User{CD6B9325-644A-4782-A812-25FA815FA93A}C:\program files\tftp desktop\tftpdesk.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files\tftp desktop\tftpdesk.exe (.not file.)
O87 - FAEL: "UDP Query User{FA1847F5-C914-49F9-963E-816D576899ED}C:\program files\tftp desktop\tftpdesk.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files\tftp desktop\tftpdesk.exe (.not file.)
O87 - FAEL: "{C3EA90FF-5980-4E82-A3FF-5E27BB7024FB}" |In - None - P17 - TRUE | .(...) -- C:\Users\ADMINI~1\AppData\Local\Temp\ibtmp4af8291\eTypeSetup.exe (.not file.)
O87 - FAEL: "TCP Query User{B49FE6BE-5AC2-4C6C-90CC-261A9D125B31}C:\program files\1clickdownload\1clickdownloader.exe" | In - Public - P6 - TRUE | .(.Pas de propri�taire - DownloadAssistant.) -- C:\program files\1clickdownload\1clickdownloader.exe =>PUP.1ClickDownloader
O87 - FAEL: "UDP Query User{FE060316-20E9-44A0-8C69-CDDCD623A32A}C:\program files\1clickdownload\1clickdownloader.exe" | In - Public - P17 - TRUE | .(.Pas de propri�taire - DownloadAssistant.) -- C:\program files\1clickdownload\1clickdownloader.exe =>PUP.1ClickDownloader
O87 - FAEL: "{465620D9-2415-4DAE-92D0-5555301A59F1}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\ExpressFiles\expressdl.exe (.not file.) =>Adware.ExpressFiles
O87 - FAEL: "{1E00874B-222F-414A-9953-A9F69E973987}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\ExpressFiles\expressdl.exe (.not file.) =>Adware.ExpressFiles
O87 - FAEL: "{0E124E06-EDA6-42B8-BB1A-6DFFE725457C}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\ExpressFiles\ExpressFiles.exe (.not file.) =>Adware.ExpressFiles
O87 - FAEL: "{EBBC3290-F097-4D8A-8A6F-B7423E3D518C}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\ExpressFiles\ExpressFiles.exe (.not file.) =>Adware.ExpressFiles
O87 - FAEL: "{09510EC2-F68C-41DE-BA4A-9CC6C19FC022}" | In - Domain - P6 - TRUE | .(.MusicLab, LLC - BearShare.) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe =>PUP.BearShare
O87 - FAEL: "{3AC02147-6602-4809-9E95-7949ED7ED49F}" | In - Domain - P17 - TRUE | .(.MusicLab, LLC - BearShare.) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe =>PUP.BearShare
O87 - FAEL: "{A23CF91C-0BCB-49D6-B988-B4E142BF9129}" | In - Private - P6 - TRUE | .(.MusicLab, LLC - BearShare.) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe =>PUP.BearShare
O87 - FAEL: "{6A6FCBDD-F827-49CB-98D2-07117F521123}" | In - Private - P17 - TRUE | .(.MusicLab, LLC - BearShare.) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe =>PUP.BearShare
O87 - FAEL: "TCP Query User{3385E670-97DE-49AC-A60D-8848A9D8AC52}C:\program files\bearshare applications\bearshare\bearshare.exe" | In - Public - P6 - TRUE | .(.MusicLab, LLC.) -- C:\program files\bearshare applications\bearshare\bearshare.exe =>PUP.BearShare
O87 - FAEL: "UDP Query User{D47839DF-BFFC-48D3-A0AB-CA3E3C1C445E}C:\program files\bearshare applications\bearshare\bearshare.exe" | In - Public - P17 - TRUE | .(.MusicLab, LLC.) -- C:\program files\bearshare applications\bearshare\bearshare.exe =>PUP.BearShare
~ Firewall: 260 Legitimates Filtered in 00mn 03s



---\\ Scan Additionnel (O88)
Database Version : v2.12397 - (04/06/2013)
Cl�s trouv�es (Keys found) : 232
Valeurs trouv�es (Values found) : 4
Dossiers trouv�s (Folders found) : 37
Fichiers trouv�s (Files found) : 2

[HKLM\Software\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}] =>PUP.Funmoods
[HKLM\Software\Classes\CLSID\{35b8892d-c3fb-4d88-990d-31db2ebd72bd}] =>Adware.RecordNRip
[HKLM\Software\Classes\Interface\{3f607e46-0d3c-4442-b1de-de7fa4768f5c}] =>Adware.RecordNRip
[HKLM\Software\Classes\TypeLib\{93e3d79c-0786-48ff-9329-93bc9f6dc2b3}] =>Adware.RecordNRip
[HKLM\Software\Classes\Interface\{fe0273d1-99df-4ac0-87d5-1371c6271785}] =>Adware.RecordNRip
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}] =>Adware.MyWebSearch
[HKLM\Software\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}] =>Adware.Agent
[HKLM\Software\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}] =>Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}] =>Adware.BHO
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}] =>Adware.MyWebSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca}] =>Adware.MyWebSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}] =>Adware.MyWebSearch
[HKLM\Software\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}] =>PUP.Funmoods
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}] =>PUP.RewardsArcade
[HKCU\Software\delta LTD] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}] =>PUP.RewardsArcade
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}] =>Toolbar.Ask
[HKLM\Software\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}] =>PUP.Funmoods
[HKLM\Software\Classes\AppID\{1fc41815-fa4c-4f8b-b143-2c045c8ea2fc}] =>Toolbar.Kiwee
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201f27d4-3704-41d6-89c1-aa35e39143ed}] =>Toolbar.Ask
[HKLM\Software\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}] =>PUP.iMesh
[HKLM\Software\Classes\TypeLib\{252c2315-cce0-4446-8da7-c00292a690ba}] =>PUP.iMesh
[HKLM\Software\Classes\CLSID\{2656B92B-0207-4afb-BEBF-F5FD231ECD39}] =>PUP.BearShare
[HKLM\Software\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}] =>PUP.BearShare
[HKLM\Software\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}] =>PUP.RewardsArcade
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}] =>Adware.Bandoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] =>Toolbar.AskTBar
[HKLM\Software\Classes\CLSID\{31F8B21E-8674-4589-A37F-31A4D4B55CC5}] =>PUP.BearShare
[HKLM\Software\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}] =>PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516}] =>PUP.BearShare
[HKLM\Software\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}] =>PUP.BearShare
[HKLM\Software\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}] =>Toolbar.Conduit
[HKLM\Software\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}] =>PUP.iMesh
[HKLM\Software\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}] =>PUP.iMesh
[HKLM\Software\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47}] =>PUP.BearShare
[HKLM\Software\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}] =>PUP.RewardsArcade
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4BD8E034-E0F4-4509-A753-467A8E854CD8}] =>Adware.IMBooster
[HKLM\Software\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}] =>PUP.iMesh
[HKLM\Software\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}] =>PUP.iMesh
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0}] =>Adware.AdRotator
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}] =>Trojan.Vundo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58124A0B-DC32-4180-9BFF-E0E21AE34026}] =>Adware.IMBooster
[HKLM\Software\Classes\CLSID\{59570C1F-B692-48c9-91B4-7809E6945287}] =>PUP.BearShare
[HKLM\Software\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}] =>PUP.RewardsArcade
[HKLM\Software\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}] =>Adware.Agent
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] =>Adware.SocialSkinz
[HKLM\Software\Classes\CLSID\{63A0F7FA-2C95-4d7e-AF25-EFCC303D20A1}] =>PUP.BearShare
[HKLM\Software\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}] =>PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{6559E502-6EE1-46b8-A83C-F3A45BDA23EE}] =>Adware.BHO
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\AppID\{756C097C-6BDB-45de-A8F1-83E01AB86BA4}] =>PUP.BearShare
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}] =>PUP.Funmoods
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}] =>PUP.Funmoods
[HKLM\Software\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}] =>PUP.BearShare
[HKLM\Software\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}] =>PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}] =>Adware.Yontoo
[HKLM\Software\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}] =>Adware.Yontoo
[HKLM\Software\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}] =>PUP.BearShare
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{856E12B5-22D7-4E22-9ACA-EA9A008DD65B}] =>Toolbar.Minibar
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424c-BB9F-74C6899B9F92}] =>Adware.Bandoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}] =>Adware.Bandoo
[HKLM\Software\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}] =>PUP.SweetIM
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}] =>PUP.RewardsArcade
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] =>Adware.IMBooster
[HKLM\Software\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA}] =>PUP.BearShare
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}] =>PUP.Funmoods
[HKLM\Software\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade
[HKLM\Software\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}] =>PUP.iMesh
[HKLM\Software\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}] =>PUP.RewardsArcade
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA74D58F-ACD0-450D-A85E-6C04B171C044}] =>Toolbar.Minibar
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AAA38851-3CFF-475F-B5E0-720D3645E4A5}] =>Toolbar.Minibar
[HKLM\Software\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}] =>PUP.RewardsArcade
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}] =>PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}] =>PUP.iMesh
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}] =>PUP.iMesh
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}] =>PUP.Funmoods
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}] =>PUP.Funmoods
[HKLM\Software\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{C63CA8A4-AB4E-49e5-A6C0-33FC86D80205}] =>PUP.BearShare
[HKLM\Software\Classes\CLSID\{C6A7847E-8931-4a9a-B4EF-72A91E3CCF4D}] =>PUP.BearShare
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D}] =>Trojan.Agent
[HKLM\Software\Classes\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D}] =>Trojan.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D}] =>Trojan.Agent
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{cf739809-1c6c-47c0-85b9-569dbb141420}] =>Toolbar.AskBarDis
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{cf739809-1c6c-47c0-85b9-569dbb141420}] =>Toolbar.AskBarDis
[HKLM\Software\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}] =>PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{DD0F1D24-E250-4e93-966C-65615720AEFB}] =>PUP.BearShare
[HKLM\Software\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}] =>PUP.RewardsArcade
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}] =>PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{EC1277BB-1C71-4c0d-BA6D-BFEA16E773A6}] =>PUP.BearShare
[HKLM\Software\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] =>Adware.Yontoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] =>Adware.Yontoo
[HKLM\Software\Classes\AppID\BearShare.exe] =>PUP.BearShare
[HKLM\Software\Classes\AppID\DiscoveryHelper.DLL] =>PUP.BearShare
[HKLM\Software\Classes\AppID\GIFAnimator.DLL] =>PUP.BearShare
[HKLM\Software\Classes\AppID\IMTrProgress.DLL] =>PUP.BearShare
[HKLM\Software\Classes\AppID\IMWeb.DLL] =>PUP.BearShare
[HKLM\Software\Classes\AppID\WMHelper.DLL] =>PUP.BearShare
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar] =>Toolbar.Babylon
[HKLM\Software\Classes\b] =>Toolbar.Babylon
[HKLM\Software\Classes\Conduit.Engine] =>Toolbar.Conduit
[HKLM\Software\Classes\DiscoveryHelper.iMesh6Discovery] =>PUP.iMesh
[HKLM\Software\Classes\DiscoveryHelper.iMesh6Discovery.1] =>PUP.iMesh
[HKLM\Software\Classes\f] =>PUP.Funmoods
[HKLM\Software\Classes\funmoods.dskBnd] =>PUP.Funmoods
[HKLM\Software\Classes\funmoods.dskBnd.1] =>PUP.Funmoods
[HKLM\Software\Classes\imweb.imwebcontrol] =>PUP.iMesh
[HKLM\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj] =>Adware.SearchYa
[HKLM\Software\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco] =>PUP.1ClickDownloader
[HKCU\Software\Microsoft\Internet Explorer\MenuExt\Recherche avec search-web] =>Hijacker.ChercheUS
[HKLM\SYSTEM\CurrentControlSet\Services\SpyHunter 4 Service] =>Crapware.SpyHunter
[HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader
[HKCU\Software\Ask&Record] =>Toolbar.Agent
[HKCU\Software\BabylonToolbar] =>Toolbar.Babylon
[HKLM\Software\BabylonToolbar] =>Toolbar.Babylon
[HKCU\Software\AppDataLow\Software\ConduitSearchScopes] =>Toolbar.Conduit
[HKCU\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\DataMngr] =>Adware.Bandoo
[HKCU\Software\DataMngr_Toolbar] =>Toolbar.Agent
[HKCU\Software\ilivid] =>Adware.Bandoo
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKCU\Software\MediaFinder] =>PUP.MediaFinder
[HKCU\Software\OfferBox] =>PUP.OfferBox
[HKLM\Software\OfferBox] =>PUP.OfferBox
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\OfferBox] =>PUP.OfferBox
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect] =>Toolbar.Conduit
[HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKLM\Software\SP Global] =>PUP.AdvancedSystemProtector
[HKCU\Software\AppDataLow\SProtector] =>PUP.AdvancedSystemProtector
[HKLM\Software\SProtector] =>PUP.AdvancedSystemProtector
[HKCU\Software\StartSearch] =>Hijacker.Agent
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\Tarma Installer] =>Toolbar.Tarma
[HKCU\Software\AppDataLow\Software\Toolbar] =>Toolbar.Conduit
[HKCU\Software\Zugo] =>Adware.Zugo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}] =>Toolbar.Conduit
[HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon
[HKLM\Software\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki] =>PUP.Funmoods
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKLM\Software\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}] =>Adware.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0702A2B6-13AA-4090-9E01-BCDC85DD933F}] =>Toolbar.AskBarDis
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>Toolbar.Agent
[HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder] =>PUP.MediaFinder
[HKLM\Software\Classes\gencrawler_gc.GenCrawler] =>PUP.MediaFinder
[HKCU\Software\Classes\MF] =>PUP.MediaFinder
[HKLM\Software\Classes\MF] =>PUP.MediaFinder
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}] =>PUP.Funmoods
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}] =>Adware.Browse2Save
[HKLM\Software\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}] =>PUP.Funmoods
[HKLM\Software\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}] =>PUP.Funmoods
[HKLM\Software\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}] =>PUP.Funmoods
[HKLM\Software\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}] =>PUP.Funmoods
[HKLM\Software\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}] =>PUP.Funmoods
[HKLM\Software\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}] =>PUP.Funmoods
[HKLM\Software\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}] =>PUP.Funmoods
[HKLM\Software\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}] =>PUP.Funmoods
[HKLM\Software\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}] =>PUP.Funmoods
[HKLM\Software\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}] =>PUP.Funmoods
[HKLM\Software\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}] =>PUP.Funmoods
[HKLM\Software\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}] =>PUP.Funmoods
[HKLM\Software\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}] =>PUP.Funmoods
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{944FEDFD-C4FD-441D-8275-9C651A9FFBDE}] =>Adware.SmileyBar
[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\oneclick] =>PUP.1ClickDownloader
[HKLM\Software\Classes\oneclickmg] =>PUP.1ClickDownloader
[HKLM\Software\Classes\1ClicktorrentFile] =>PUP.1ClickDownloader
[HKLM\Software\Classes\1ClicktorrentFile1] =>PUP.1ClickDownloader
[HKLM\Software\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}] =>Adware.MagniPic
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494] =>Adware.IMBooster
[HKLM\Software\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk] =>Spyware.GophotoIt
[HKLM\Software\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf] =>Hijacker.TornTV
[HKLM\Software\Classes\funmoods.funmoodsHlpr] =>PUP.Funmoods
[HKLM\Software\Classes\funmoods.funmoodsHlpr.1] =>PUP.Funmoods
[HKLM\Software\Classes\funmoodsApp.appCore] =>PUP.Funmoods
[HKLM\Software\Classes\funmoodsApp.appCore.1] =>PUP.Funmoods
[HKLM\Software\Classes\Toolbar.CT1060933] =>Toolbar.Conduit
[HKLM\Software\Classes\Toolbar.CT3176921] =>Toolbar.Conduit
[HKLM\Software\Classes\Toolbar.CT3228856] =>Toolbar.Conduit
[HKLM\Software\Classes\Toolbar.CT3287943] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}] =>Adware.Bandoo^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SP_09b71135] =>Adware.Browse2Save^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SP_48c708f2] =>Adware.Browse2Save^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SP_b0285714] =>Adware.Browse2Save^
[HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow]:*.chat-land.org =>Hijacker.ChercheUS
[HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{30F9B915-B755-4826-820B-08FBA6BD249D} =>Toolbar.Conduit
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]:SearchProtectAll =>Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]:SearchProtect =>Toolbar.Conduit
C:\Program Files\Bandoo =>Adware.Bandoo
C:\Program Files\BearShare Applications =>PUP.BearShare
C:\Program Files\Conduit =>Toolbar.Conduit
C:\Program Files\SearchProtect =>Toolbar.Conduit
C:\Program Files\BrowseToSave =>Adware.Browse2Save
C:\Program Files\torntv.com =>Hijacker.TornTV
C:\Program Files\continuetosave =>PUP.Offerware
C:\Program Files\WebSearch =>Adware.Browse2Save
C:\Program Files\RegClean Pro =>Rogue.RegistryPowerCleaner
C:\Program Files\Zoomex =>Adware.ZoomEx
C:\Program Files\Gophoto.it =>Spyware.GophotoIt
C:\ProgramData\Babylon =>Toolbar.Babylon
C:\ProgramData\InstallMate =>Toolbar.Agent
C:\ProgramData\Zoomex =>Adware.ZoomEx
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\media finder =>PUP.MediaFinder
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro =>Rogue.RegistryPowerCleaner
C:\Users\Administrateur\AppData\Roaming\Babylon =>Toolbar.Babylon
C:\Users\Administrateur\AppData\Roaming\eType =>Adware.Zugo
C:\Users\Administrateur\AppData\Roaming\media finder =>PUP.MediaFinder
C:\Users\Administrateur\AppData\Roaming\OfferBox =>PUP.OfferBox
C:\Users\Administrateur\AppData\Roaming\SearchProtect =>Toolbar.Conduit
C:\Users\Administrateur\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com =>PUP.MediaFinder
C:\Users\Administrateur\AppData\Local\Conduit =>Toolbar.Conduit
C:\Users\Administrateur\AppData\LocalLow\Conduit =>Toolbar.Conduit
C:\Users\Administrateur\AppData\LocalLow\FunWebProducts =>Adware.MyWebSearch
C:\Users\Administrateur\AppData\LocalLow\PriceGong =>Adware.PriceGong
C:\Users\Administrateur\AppData\LocalLow\Toolbar4 =>Toolbar.Conduit
C:\Users\Administrateur\AppData\LocalLow\Zoomex =>Adware.ZoomEx
C:\Users\Administrateur\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel =>PUP.MediaFinder
C:\Users\Administrateur\AppData\Local\Google\Chrome\User Data\Default\Extensions\iibmmjhgclhlahmjniokmhleigemjpbh =>Toolbar.Conduit
C:\Users\Administrateur\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk =>Spyware.GophotoIt
C:\ProgramData\BirowwsyE2savee =>Adware.Browse2Save
C:\ProgramData\Browse2SiAAvae =>Adware.Browse2Save
C:\ProgramData\BrowSee2saivE =>Adware.Browse2Save
C:\ProgramData\ccoNtiinuetosavey =>PUP.Offerware^
C:\Users\Administrateur\AppData\Roaming\Mozilla\Firefox\Profiles\czog45n6.default-1346315948304\Smartbar =>Hijacker.SmartBar
C:\Users\Administrateur\AppData\Roaming\Mozilla\Firefox\Profiles\czog45n6.default-1346315948304\Extensions\{88ac3cb6-596b-4217-964c-b6757ef9602d} =>Toolbar.Conduit
C:\Users\Administrateur\AppData\Roaming\Mozilla\Firefox\Profiles\czog45n6.default-1346315948304\SearchPlugins\conduit.xml =>Toolbar.Conduit
C:\Users\Administrateur\Desktop\SpyHunter.lnk =>Crapware.SpyHunter
~ Additionnel Scan: 283806 Items scanned in 00mn 47s



---\\ Random Export Key (O91)
[HKCU\Software\58edbdce56abe15\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1184.107]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKCU\Software\58edbdce56abe15\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1184.107]:version="2.6.1184.107"
[HKCU\Software\58edbdce56abe15] =>Toolbar.Babylon^
[HKLM\Software\58edbdce56abe15] => Cl� orpheline
~ Export Key Software: Scanned in 00mn 00s



---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 15/05/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 12/04/2013 86224 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SR - | Auto 12/04/2013 110032 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SS - | Demand 06/03/2013 93984 | (CltMngSvc) . (.Conduit.) - C:\Program Files\SearchProtect\bin\CltMngSvc.exe =>Toolbar.Conduit
SS - | Disabled 27/09/2011 295192 | (LBTServ) . (.Logitech, Inc..) - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
SS - | Disabled 28/02/2008 98984 | (lxdxCATSCustConnectService) . (.Lexmark International, Inc..) - C:\Windows\system32\spool\DRIVERS\W32X86\3\lxdxserv.exe
SS - | Disabled 594600 | (lxdx_device) . (...) - C:\Windows\system32\lxdxcoms.exe
SS - | Disabled 08/08/2011 311928 | (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\maconfservice.exe
SS - | Disabled 18/05/2013 117144 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 31/01/2013 634656 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 10/10/2012 1258856 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SS - | Disabled 07/12/2009 40960 | (RealtekSE) . (.Realtek.) - C:\Program Files\REALTEK\RTL8185 Wireless LAN Utility\RtlService.exe
SS - | Disabled 26/01/2009 1153368 | (SBSDWSCService) . (.Safer Networking Ltd..) - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
SR - | Auto 07/05/2013 770432 | (SpyHunter 4 Service) . (.Enigma Software Group USA, LLC..) - C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe =>Crapware.SpyHunter
SR - | Auto 21/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 02s



~ 3193 Legitimates filtered by white list
End of the scan (1039 lines in 14mn 37s)(2)
































































































































































































Publicité


Signaler le contenu de ce document

Publicité