Publicité
Publicité
Format du document : text/plain
Prévisualisation
~ Report of ZHPDiag v2014.2.23.20 - Nicolas Coolman (23/02/2014)
~ Launched by Administrateur (27/02/2014 14:05:59)
~ Web site address : http://nicolascoolman.webs.com
~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps/links/
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Not Found
---\\ Internet browsers
MSIE: Internet Explorer v7.0.5730.13
MFIE: Mozilla Firefox 27.0.1 (Defaut)
---\\ Windows product information
~ Langage: Anglais
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO
---\\ System protection software
---\\ System optimization software
---\\ Sharing software PeerToPeer
---\\ Surveillance software
Adobe Flash Player 11 Plugin
---\\ Information on the system
~ Processor: x86 Family 15 Model 6 Stepping 5, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1406 MB (57% free)
System Restore: Désactivé (Disabled)
System drive C: has 35 GB (71%) free of 49 GB
---\\ Connection to the system mode
~ Computer Name: SWEET-3A112B8C9
~ User Name: Administrateur
~ All Users Names: SUPPORT_388945a0, HelpAssistant, ASPNET, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\Administrateur\Application Data\ZHP\
~ %AppData% : C:\Documents and Settings\Administrateur\Application Data\
~ %Desktop% : C:\Documents and Settings\Administrateur\Bureau\
~ %Favorites% : C:\Documents and Settings\Administrateur\Favoris\
~ %LocalAppData% : C:\Documents and Settings\Administrateur\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\Administrateur\Menu Démarrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\
---\\ Enumeration of the disk units
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 35 Go of 49 Go)
D: Hard drive, Flash drive, Thumb drive (Free 16 Go of 34 Go)
E: Hard drive, Flash drive, Thumb drive (Free 0 Go of 34 Go)
F: Hard drive, Flash drive, Thumb drive (Free 5 Go of 32 Go)
G: CD-ROM drive (Free 0 Go of 3 Go)
I: Floppy drive, Flash card reader, USB Key (Free 4 Go of 4 Go)
---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s
---\\ Search Generic System Files
[MD5.BFBBBFE0913E6C9706F97598A6588B8F] - (.Microsoft Corporation - Explorateur Windows.) (.27/09/2008 - 11:24:52.) -- C:\WINDOWS\Explorer.exe [1573888]
[MD5.90B16FF3ACEC94B95BA95AA686442A47] - (.Microsoft Corporation - Internet Extensions for Win32.) (.27/09/2008 - 11:27:20.) -- C:\WINDOWS\system32\wininet.dll [879616]
[MD5.4BB6301D634C857A5089E8B24C5555E4] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.27/09/2008 - 11:27:21.) -- C:\WINDOWS\system32\Winlogon.exe [593408]
[MD5.744B88B93D2A58A1EB84C11D48CA85C8] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/07/2008 - 12:44:47.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.4B0A100EAF5C49EF3CCA8C641431EACC] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.02/05/2008 - 11:49:39.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.32ECB7D3C03532B4460E09E960A3B72E] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.30/07/2008 - 13:09:57.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [455936]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.A0857C97770034FD2AF17DC4014B5ABD] - (.Microsoft Corporation - NT File System Driver.) (.22/04/2008 - 14:45:52.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [576384]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.27/09/2008 - 11:31:20.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.27/09/2008 - 00:58:26.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.27/09/2008 - 02:58:26.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 00s
---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 1/9
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 5/27
~ Mes Documents (My Documents) : 2/779
~ Mon Bureau (My Desktop) : 0/307
~ Menu demarrer (Programs) : 1/33
~ Hidden Files: Scanned in 00mn 01s
---\\ Process running
[MD5.811A775DB3DBA12D8FD27C352AF071DC] - (.Beijing Rising Information Technology Co., - RsMgrSvc Application.) -- C:\Program Files\Rising\RSD\RsMgrSvc.exe [150168] [PID.1776]
[MD5.776046E2040F098547399FFC942B3645] - (.Beijing Rising Information Technology Co., - ravmond.) -- C:\Program Files\Rising\RAV\RavMonD.exe [167832] [PID.1788]
[MD5.EFA551863AD71A69690A3685145FD378] - (...) -- ystem32\rundll32.exe [0] [PID.288]
[MD5.4C76BE04981EB8BE76DC4AC900F16AFB] - (...) -- C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe [2606616] [PID.852]
[MD5.C98ACDE22458C8F46FD0503CB9E2D01F] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe [223112] [PID.952]
[MD5.D65ADC7AD95E88FAB486707B8C228F17] - (.Beijing Rising Information Technology Co., - Rising tray framework.) -- C:\Program Files\Rising\RAV\RSTRAY.exe [178840] [PID.1196]
[MD5.977507613F92E1B4BDF2A9496FEB1EB7] - (...) -- C:\Program Files\BrowseSmart\updateBrowseSmart.exe [111904] [PID.1004] =>PUP.BrowseSmart
[MD5.977507613F92E1B4BDF2A9496FEB1EB7] - (...) -- C:\Program Files\BrowseSmart\bin\utilBrowseSmart.exe [111904] [PID.2224] =>PUP.BrowseSmart
[MD5.9237CDFF7D7185510A7DDB3666691D0D] - (.AVG Secure Search - ToolbarU Application (Official).) -- C:\Program Files\Fichiers communs\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [1771544] [PID.2364] =>Toolbar.AVGSearch
[MD5.7D66C7460240C5FA7DA4E775DF9FF328] - (.cake bake - Desktop.Updater.) -- C:\Program Files\Betcat\WBDesktop.Updater.exe [51992] [PID.2400] =>Adware.WebCake
[MD5.2F6EC25614A74793A4CE45469D7C5970] - (.No owner - loggings Application.) -- C:\Program Files\Fichiers communs\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe [159768] [PID.2572] =>Toolbar.AVGSearch
[MD5.642DD7A1BF43E7DA11530EFE7C9FBD25] - (.Maple Studio - CoolNovo Browser.) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\MapleStudio\ChromePlus\Application\chrome.exe [1294240] [PID.3480]
[MD5.42FEDBCB3ED926F6F529E0FDDF750BE0] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8339968] [PID.2096]
~ Processes Running: Scanned in 00mn 01s
---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 0 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.b1.org
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.softonic.com =>Toolbar.Conduit
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = http://search.speedbit.com
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 0
~ IE Browser: 15 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
~ Proxy management: Scanned in 00mn 00s
---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 0
---\\ Browser Helper Objects (O2)
O2 - BHO: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} . (.Montera Technologeis LTD - No Comment.) -- C:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll =>Adware.IncrediBar
O2 - BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} . (.AVG Secure Search - toolbar.dll (Official).) -- C:\Program Files\AVG SafeGuard toolbar\17.3.0.49\AVG SafeGuard toolbar_toolbar.dll =>Toolbar.AVGSearch
~ BHO: 12 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: Incredibar Toolbar - [HKLM]{F9639E4A-801B-4843-AEE3-03D9DA199E77} . (.Montera Technologeis LTD - No Comment.) -- C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll =>Adware.IncrediBar
O3 - Toolbar: AVG SafeGuard toolbar - [HKLM]{95B7759C-8C7F-4BF1-B163-73684A933233} . (.AVG Secure Search - toolbar.dll (Official).) -- C:\Program Files\AVG SafeGuard toolbar\17.3.0.49\AVG SafeGuard toolbar_toolbar.dll =>Toolbar.AVGSearch
O3 - Toolbar: (no name) - [HKCU]{710EB7A1-45ED-11D0-924A-0020AFC7AC4D} Orphan key
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Orphan key
~ Toolbar: Scanned in 00mn 00s
---\\ Other User Links (O4)
O4 - GS\Program [AllUsers]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [Administrateur]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Global Startup: 8 Legitimates Filtered in 00mn 00s
---\\ Auto loading programs from Registry and folders (O4)
O4 - GS\Program [AllUsers]: rvlkl.lnk . (.Logixoft - Revealer Keylogger Free.) -- C:\Documents and Settings\All Users\Application Data\rvlkl\rvlkl.exe =>Keylogger.Logixoft
O4 - GS\Program [Administrateur]: Vidal CD.lnk . (.Vidal - Module de lancement de VidalCD.) -- C:\Program Files\Vidal\VidalCD\VidalCD.exe
O4 - HKLM\..\Run: [VTTimer] . (.S3 Graphics, Inc. - No Comment.) -- C:\WINDOWS\system32\VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] . (.S3 Graphics Co., Ltd. - s3contrl (32-bit).) -- C:\WINDOWS\system32\S3trayp.exe
O4 - HKLM\..\Run: [RSDTRAY] . (.Beijing Rising Information Technology Co., - tray 应用程序.) -- C:\Program Files\Rising\RSD\popwndexe.exe
O4 - HKLM\..\Run: [RavTRAY] . (.Beijing Rising Information Technology Co., - Rising tray framework.) -- C:\Program Files\Rising\RAV\RSTRAY.exe
O4 - HKLM\..\Run: [KernelFaultCheck] Orphan key
O4 - HKLM\..\Run: [vProt] . (.No owner - VProtect Application (Non Official).) -- C:\Program Files\AVG SafeGuard toolbar\vprot.exe
O4 - HKLM\..\Run: [mobilegeni daemon] . (...) -- C:\Program Files\Mobogenie\DaemonProcess.exe =>PUP.Mobogenie
O4 - HKLM\..\Run: [Activation Method for 2013, 2012, 2011, 2010] . (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\WINDOWS\system32\wscript.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Internet Security] C:\Documents and Settings\All Users\Application Data\amsecure.exe (.not file.)
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [Activation Method for 2013, 2012, 2011, 2010] . (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\WINDOWS\system32\wscript.exe
O4 - HKLM\..\policies\Explorer\Run: [TOSH] rundll32 "C:\WINDOWS\system32\d3dx9_30E.dll (.not file.)
O4 - HKLM\..\policies\Explorer\Run: [Ujegbkd] rundll32 "C:\WINDOWS\system32\linkinfo0.dll (.not file.)
O4 - HKUS\.DEFAULT\..\RunOnce: [JkDefrag] Orphan key
O4 - HKUS\.DEFAULT\..\RunOnce: [SweetRegistry] Orphan key
O4 - HKUS\S-1-5-18\..\RunOnce: [JkDefrag] Orphan key
O4 - HKUS\S-1-5-18\..\RunOnce: [SweetRegistry] Orphan key
O4 - HKUS\S-1-5-20\..\RunOnce: [JkDefrag] Orphan key
O4 - HKUS\S-1-5-20\..\RunOnce: [SweetRegistry] Orphan key
O4 - HKUS\S-1-5-21-1844237615-527237240-1606980848-500\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1844237615-527237240-1606980848-500\..\Run: [Internet Security] C:\Documents and Settings\All Users\Application Data\amsecure.exe (.not file.)
O4 - HKUS\S-1-5-21-1844237615-527237240-1606980848-500\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-1844237615-527237240-1606980848-500\..\Run: [Activation Method for 2013, 2012, 2011, 2010] . (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\WINDOWS\system32\wscript.exe
~ Application: Scanned in 00mn 00s
---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Orphan key
O9 - Extra button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} . (...) -- C:\Program Files\Fichiers communs\DVDVideoSoft\plugins\dvdvideosoft.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{F69C474F-7E2A-4B2A-B93A-000A417FA99D}: NameServer = 109.0.66.10 195.186.4.111
O17 - HKLM\System\CCS\Services\Tcpip\..\{4DB766D7-9012-4B83-B550-72398640B330}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{4DB766D7-9012-4B83-B550-72398640B330}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{F69C474F-7E2A-4B2A-B93A-000A417FA99D}: NameServer = 109.0.66.10 195.186.4.111
O17 - HKLM\System\CS1\Services\Tcpip\..\{4DB766D7-9012-4B83-B550-72398640B330}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{4DB766D7-9012-4B83-B550-72398640B330}: DhcpDomain = lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{4DB766D7-9012-4B83-B550-72398640B330}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{4DB766D7-9012-4B83-B550-72398640B330}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
~ Domain: Scanned in 00mn 00s
---\\ Extra protocols (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Windows Genuine Advantage Notifications.) -- C:\WINDOWS\system32\WgaLogon.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: Update BrowseSmart (Update BrowseSmart) . (...) - C:\Program Files\BrowseSmart\updateBrowseSmart.exe =>PUP.BrowseSmart
O23 - Service: Util BrowseSmart (Util BrowseSmart) . (...) - C:\Program Files\BrowseSmart\bin\utilBrowseSmart.exe =>PUP.BrowseSmart
O23 - Service: (vToolbarUpdater17.3.0) . (.AVG Secure Search - ToolbarU Application (Official).) - C:\Program Files\Fichiers communs\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe =>Toolbar.AVGSearch
O23 - Service: WebCake Desktop Updater (WebCake Desktop Updater) . (.cake bake - Desktop.Updater.) - C:\Program Files\Betcat\WBDesktop.Updater.exe =>Adware.WebCake
~ Services: 8 Legitimates Filtered in 00mn 10s
---\\ Windows Active Desktop & MHTML Editor (O24)
O24 - Desktop Component 0: (no name) - file:http://forum.brg8.com/alt=
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s
---\\ BootExecute (BEX) (O34)
O34 - HKLM BootExecute: ( bsmain) - File not found
~ BEX: 2 Legitimates Filtered in 00mn 00s
---\\ Task Planned Automatically (039)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0214b_rel.job [360]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0214b_rmv.job [362]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoforFilesUpdate.job [282] =>P2P.GoforFiles
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\putefn.job [328] =>Hijacker.iHaveNet
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\SBWUpdateTask_Logon_20694426-001BB9CA81A0.job [578]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\SBWUpdateTask_Time_20694426-001BB9CA81A0.job [578]
[MD5.4C76BE04981EB8BE76DC4AC900F16AFB] [APT] [AVG-Secure-Search-Update_0214b_rel] (...) -- C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe [2606616]
[MD5.4C76BE04981EB8BE76DC4AC900F16AFB] [APT] [AVG-Secure-Search-Update_0214b_rmv] (...) -- C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe [2606616]
[MD5.00000000000000000000000000000000] [APT] [GoforFilesUpdate] (...) -- C:\Program Files\GoforFiles\GFFUpdater.exe (.not file.) [0] =>P2P.GoforFiles
~ Scheduled Task: 20 Legitimates Filtered in 00mn 00s
---\\ Software installed (O42)
O42 - Logiciel: BrowseSmart - (.BrowseSmart.) [HKLM] -- BrowseSmart =>PUP.BrowseSmart
O42 - Logiciel: CoolNovo - (.The Maple Studio.) [HKCU] -- ChromePlus
O42 - Logiciel: Incredibar Toolbar on IE - (...) [HKLM] -- incredibar =>Adware.IncrediBar
O42 - Logiciel: Internat Test version 1.5 - (...) [HKLM] -- {3611ABCF-B21B-4866-800B-A39E31EC318E}_is1
~ Logic: 24 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\2.6.1519.190] =>Hijacker.Hijacker.Eazel
[HKCU\Software\596d8d0b038ee47] =>Hijacker.Hijacker.Eazel
[HKCU\Software\8751B89239B26C47AA23485064775A1E]
[HKCU\Software\BabSolution] =>Hijacker.BabSolution
[HKCU\Software\BrowseSmart] =>PUP.BrowseSmart
[HKCU\Software\ConduitSearchScopes]
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\DIMSNUFEL]
[HKCU\Software\DSNR Labs]
[HKCU\Software\DataMngr] =>PUP.Datamngr
[HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr
[HKCU\Software\FileScout] =>PUP.FileScout
[HKCU\Software\IB Updater] =>Adware.InstallBrain
[HKCU\Software\IM]
[HKCU\Software\IncrediMail]
[HKCU\Software\Incredibar.com] =>Adware.IncrediBar
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\PriceGong] =>Adware.PriceGong
[HKCU\Software\SBCONVERT]
[HKCU\Software\Smartbar] =>Hijacker.SmartBar
[HKCU\Software\SpeedBit]
[HKLM\Software\596d8d0b038ee47] =>Hijacker.Hijacker.Eazel
[HKLM\Software\Babylon] =>PUP.Babylon
[HKLM\Software\Conduit] =>Toolbar.Conduit
[HKLM\Software\DIMSNUFEL]
[HKLM\Software\DataMngr] =>PUP.Datamngr
[HKLM\Software\IB Updater] =>Adware.InstallBrain
[HKLM\Software\IncrediMail]
[HKLM\Software\Incredibar.com] =>Adware.IncrediBar
[HKLM\Software\SpeedBit]
[HKLM\Software\Tarma Installer] =>PUP.Tarma
~ Key Software: 255 Legitimates Filtered in 00mn 01s
---\\ Contents of the Common Files folders (O43)
O43 - CFD: 07/01/2014 - 16:30:46 - [2,733] ----D C:\Program Files\BrowseSmart =>PUP.BrowseSmart
O43 - CFD: 02/11/2012 - 13:57:43 - [0,609] ----D C:\Program Files\Conduit
O43 - CFD: 06/01/2013 - 12:36:21 - [1,825] ----D C:\Program Files\Incredibar.com =>Adware.IncrediBar
O43 - CFD: 31/12/2012 - 23:25:59 - [27,076] ----D C:\Program Files\Internat Test
O43 - CFD: 27/01/2014 - 21:55:23 - [0,015] ----D C:\Program Files\MyPC Backup =>PUP.MyPCBackup
O43 - CFD: 19/12/2013 - 17:42:46 - [0] ----D C:\Program Files\SuRof andu keepp =>Adware.SurfAndKeep
O43 - CFD: 09/08/2013 - 16:20:27 - [0,098] ----D C:\Program Files\Web Cake =>Adware.WebCake
O43 - CFD: 20/12/2013 - 14:26:25 - [0] ----D C:\Program Files\YoutubeAdblocker =>PUP.Multiplug
O43 - CFD: 19/12/2013 - 22:21:19 - [2,793] ----D C:\Program Files\Fichiers communs\SpeedBit
O43 - CFD: 03/02/2013 - 19:21:31 - [0] ----D C:\Documents and Settings\All Users\Application Data\Babylon =>PUP.Babylon
O43 - CFD: 20/12/2013 - 14:26:25 - [0,040] ----D C:\Documents and Settings\All Users\Application Data\d3644022fbfe371b
O43 - CFD: 13/11/2013 - 16:17:55 - [0,080] ----D C:\Documents and Settings\All Users\Application Data\InstallMate
O43 - CFD: 15/01/2014 - 23:01:25 - [0,516] ----D C:\Documents and Settings\All Users\Application Data\rvlkl =>Keylogger.Logixoft
O43 - CFD: 19/12/2013 - 17:58:25 - [0] ----D C:\Documents and Settings\All Users\Application Data\SuRof andu keepp =>Adware.SurfAndKeep
O43 - CFD: 19/12/2013 - 17:00:14 - [1,045] ----D C:\Documents and Settings\All Users\Application Data\Tarma Installer =>PUP.Tarma
O43 - CFD: 20/12/2013 - 14:30:50 - [0] ----D C:\Documents and Settings\All Users\Application Data\YoutubeAdblocker =>PUP.Multiplug
O43 - CFD: 13/07/2013 - 23:22:55 - [0,457] ----D C:\Documents and Settings\Administrateur\Application Data\B1Toolbar =>Hijacker.SearchB1org
O43 - CFD: 03/02/2013 - 19:21:31 - [0,023] ----D C:\Documents and Settings\Administrateur\Application Data\Babylon =>PUP.Babylon
O43 - CFD: 10/01/2013 - 17:23:03 - [0,287] ----D C:\Documents and Settings\Administrateur\Application Data\eType
O43 - CFD: 19/09/2013 - 19:43:32 - [0,308] ----D C:\Documents and Settings\Administrateur\Application Data\File Scout =>PUP.FileScout
O43 - CFD: 12/01/2013 - 12:59:28 - [0] ----D C:\Documents and Settings\Administrateur\Application Data\Incredibar.com =>Adware.IncrediBar
O43 - CFD: 05/01/2013 - 22:10:34 - [0] ----D C:\Documents and Settings\Administrateur\Application Data\PriceGong =>Adware.PriceGong
O43 - CFD: 19/12/2013 - 22:21:10 - [0,760] ----D C:\Documents and Settings\Administrateur\Application Data\Toolbar4
O43 - CFD: 09/08/2013 - 15:49:57 - [0,931] ----D C:\Documents and Settings\Administrateur\Application Data\Web Cake =>Adware.WebCake
O43 - CFD: 13/07/2013 - 23:23:00 - [0,163] ----D C:\Documents and Settings\Administrateur\Local Settings\Application Data\B1E
O43 - CFD: 12/01/2013 - 12:59:22 - [0,135] ----D C:\Documents and Settings\Administrateur\Local Settings\Application Data\Conduit
O43 - CFD: 25/10/2012 - 16:06:45 - [0,005] ----D C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\CoolNovo
~ Program Folder: 149 Legitimates Filtered in 00mn 08s
---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.C7BC96C3711C0D269DA26D1F0ECEC547] - 13/02/2014 - 19:03:32 ---A- . (...) -- C:\WINDOWS\NeroDigital.ini [69]
O44 - LFC:[MD5.C9D253E92F8B48415C364F5C545D1A92] - 15/02/2014 - 19:46:27 ---A- . (...) -- C:\WINDOWS\IE4 Error Log.txt [239]
O44 - LFC:[MD5.EB98CAB122336AE48F0DCB464E6AC98C] - 18/02/2014 - 20:30:16 ---A- . (.Northern Codeworks - Northern Codeworks Uninstaller.) -- C:\WINDOWS\NCUNINST.EXE [45056]
O44 - LFC:[MD5.29A63AAF2809063CB14EFE9D667DD3E6] - 26/02/2014 - 19:39:20 ---A- . (...) -- C:\WINDOWS\WD.INI [26]
O44 - LFC:[MD5.91B6DFBA0FD7D0F4836FB711D1B5D81C] - 27/02/2014 - 13:03:07 ---A- . (...) -- C:\WINDOWS\system32\TrueSight.sys [26624]
O44 - LFC:[MD5.685ECE1A1120AE7E8367220FAA2DE86E] - 27/02/2014 - 13:19:42 ----- . (...) -- C:\UsbFix [Scan 1] SWEET-3A112B8C9.txt [8231]
O44 - LFC:[MD5.716A4EC0A2A55517EA63861B21A979EA] - 27/02/2014 - 13:22:03 ----- . (...) -- C:\UsbFix [Listing 1] SWEET-3A112B8C9.txt [8049]
O44 - LFC:[MD5.2817DBA60CBC8185BD439BAB3E3F20A2] - 27/02/2014 - 13:22:43 ----- . (...) -- C:\UsbFix [Listing 2] SWEET-3A112B8C9.txt [8164]
O44 - LFC:[MD5.21EE91F7A61CEF2543C7BFE3756B218B] - 27/02/2014 - 13:26:33 ----- . (...) -- C:\UsbFix [Scan 2] SWEET-3A112B8C9.txt [7929]
O44 - LFC:[MD5.A6052A9BE5D22312959C8C5AEF60CD51] - 27/02/2014 - 13:30:32 ----- . (...) -- C:\UsbFix [Scan 3] SWEET-3A112B8C9.txt [7793]
O44 - LFC:[MD5.CEE79F57BE6BBCC7D7F264263CB90BDF] - 27/02/2014 - 13:58:23 ---A- . (...) -- C:\UsbFix [Clean 2] SWEET-3A112B8C9.txt [14875]
~ Files: 16 Legitimates Filtered in 00mn 02s
---\\ Operations and functions at Windows Explorer startup (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Export authorized application key (O47)
O47 - AAKE:Key Export SP - "C:\Program Files\GoforFiles\goforfilesdl.exe" [Enabled] .(...) -- C:\Program Files\GoforFiles\goforfilesdl.exe (.not file.) =>P2P.GoforFiles
O47 - AAKE:Key Export SP - "C:\Program Files\GoforFiles\GoforFiles.exe" [Enabled] .(...) -- C:\Program Files\GoforFiles\GoforFiles.exe (.not file.) =>P2P.GoforFiles
~ Keys Export: 12 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=1
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=1
~ MWPS: 6 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "ForceClassicControlPanel"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "LinkResolveIgnoreLinkInfo"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDesktopCleanupWizard"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoInstrumentation"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoRecentDocsHistory"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoRecentDocsMenu"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoResolveSearch"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoResolveTrack"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoSMBalloonTip"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoSMConfigurePrograms"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoSMHelp"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoStartMenuMFUprogramsList"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoWelcomeScreen"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDrives"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "CDRAutoRun"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "HideRunAsVerb"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoCDBurning"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDesktopCleanupWizard"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoInstrumentation"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoNetConnectDisconnect"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoRecentDocsHistory"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoRemoteRecursiveEvents"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoResolveTrack"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoStartMenuMFUprogramsList"=1
~ MWPE Keys: 34 Legitimates Filtered in 00mn 00s
---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 27/09/2008 - 11:31:20 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:[MD5.573C7D0A32852B48F3058CFD8026F511] - 14/04/2008 - 13:00:00 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 14/04/2008 - 13:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 27/09/2008 - 11:31:20 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4912]
O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27916]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:[MD5.CAAA108FD7BF71989946B39704323455] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [34000]
O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
O58 - SDL:[MD5.91B6DFBA0FD7D0F4836FB711D1B5D81C] - 27/02/2014 - 13:03:07 ---A- . (...) -- C:\WINDOWS\system32\TrueSight.sys [26624]
~ Drivers: 6 Legitimates Filtered in 00mn 01s
---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: UsbFix - (.El Desaparecido - www.usbfix.net - www.sosvirus.net.) [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ List all legacy services(LALS) (O64)
O64 - Services: CurCS - 25/02/2014 - C:\Program Files\BrowseSmart\updateBrowseSmart.exe (Update BrowseSmart) .(...) - LEGACY_UPDATE_BROWSESMART =>PUP.BrowseSmart
O64 - Services: CurCS - 25/02/2014 - C:\Program Files\BrowseSmart\bin\utilBrowseSmart.exe (Util BrowseSmart) .(...) - LEGACY_UTIL_BROWSESMART =>PUP.BrowseSmart
O64 - Services: CurCS - 08/01/2014 - C:\Program Files\Fichiers communs\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe (vToolbarUpdater17.3.0) .(.AVG Secure Search - ToolbarU Application (Official).) - LEGACY_VTOOLBARUPDATER17.3.0 =>Toolbar.AVGSearch
O64 - Services: CurCS - 10/08/2013 - C:\Program Files\Betcat\WBDesktop.Updater.exe (WebCake Desktop Updater) .(.cake bake - Desktop.Updater.) - LEGACY_WEBCAKE_DESKTOP_UPDATER =>Adware.WebCake
~ Legacy: 111 Legitimates Filtered in 00mn 00s
---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Maple Studio - CoolNovo Browser.) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\MapleStudio\ChromePlus\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Maple Studio - CoolNovo Browser.) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\MapleStudio\ChromePlus\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {06B469CF-CDC2-47F4-81A9-8EA6E8506E45} - (Google) - http://www.google.fr
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Delta Search) - http://www1.delta-search.com =>Toolbar.DeltaSearch
O69 - SBI: SearchScopes [HKCU] {7F4EFF06-7032-458e-AE16-1C1D8255C28A} [DefaultScope] - (Speedbit Search) - http://search.speedbit.com
O69 - SBI: SearchScopes [HKCU] {95B7759C-8C7F-4BF1-B163-73684A933233} - (AVG Secure Search) - http://mysearch.avg.com =>Adware.MyWebSearch
O69 - SBI: SearchScopes [HKCU] {afdbddaa-5d3f-42ee-b79c-185a7020515b} - (4shared.com Customized Web Search) - http://search.conduit.com
O69 - SBI: SearchScopes [HKCU] {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} - (MyStart Search) - http://mystart.incredibar.com =>Adware.IncrediBar
O69 - SBI: SearchScopes [HKCU] {DCDBBF03-BC10-457D-911F-EFB0321D22BE} - (Search The Web (Softonic)) - ${SRCH_SCP_URL} =>Adware.IMBooster
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {06B469CF-CDC2-47F4-81A9-8EA6E8506E45} [DefaultScope] - (Google) - http://www.google.fr
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {06B469CF-CDC2-47F4-81A9-8EA6E8506E45} [DefaultScope] - (Google) - http://www.google.fr
O69 - SBI: SearchScopes [HKUS\S-1-5-20] {06B469CF-CDC2-47F4-81A9-8EA6E8506E45} [DefaultScope] - (Google) - http://www.google.fr
~ Keys: Scanned in 00mn 00s
---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.3EBF71D22F8B2035026B66A5BDFD4A9B] [SPRF][27/02/2014] (...) -- C:\Documents and Settings\Administrateur\Bureau\RogueKiller.exe [3818496]
~ Files: 2 Legitimates Filtered in 00mn 00s
---\\ Random Export Key (REK) (O91)
[HKCU\Software\596d8d0b038ee47\2.6.1519.190\upd]:="upd=1" =>Hijacker.Hijacker.Eazel
[HKCU\Software\596d8d0b038ee47\2.6.1673.238\upd]:="upd=1" =>Hijacker.Hijacker.Eazel
[HKCU\Software\596d8d0b038ee47\2.6.1694.246\upd]:="upd=" =>Hijacker.Hijacker.Eazel
[HKCU\Software\596d8d0b038ee47\2.7.1769.27\upd]:="upd=" =>Hijacker.Hijacker.Eazel
[HKCU\Software\596d8d0b038ee47\2.7.1832.68\upd]:="upd=" =>Hijacker.Hijacker.Eazel
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:dllName="BrowserDefender.dll" =>Hijacker.Hijacker.Eazel
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:exeName="BrowserDefender.exe" =>Hijacker.Hijacker.Eazel
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:folderName="BrowserDefender" =>Hijacker.Hijacker.Eazel
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Hijacker.Eazel
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:serviceName="BrowserDefendert" =>PUA.BrowserDefendert
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:version="2.6.1339.144" =>Hijacker.Hijacker.Eazel
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:dllName="BrowserDefender.dll" =>Hijacker.Hijacker.Eazel
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:exeName="BrowserDefender.exe" =>Hijacker.Hijacker.Eazel
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:folderName="BrowserDefender" =>Hijacker.Hijacker.Eazel
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Hijacker.Eazel
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:serviceName="BrowserDefendert" =>PUA.BrowserDefendert
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:version="2.6.1519.190" =>Hijacker.Hijacker.Eazel
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:dllName="BitGuard.dll" =>PUP.BitGuard
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:exeName="BitGuard.exe" =>PUP.BitGuard
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:folderName="BitGuard" =>PUP.BitGuard
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Hijacker.Eazel
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:serviceName="BitGuard" =>PUP.BitGuard
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:version="2.6.1673.238" =>Hijacker.Hijacker.Eazel
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:dllName="BitGuard.dll" =>PUP.BitGuard
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:exeName="BitGuard.exe" =>PUP.BitGuard
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:folderName="BitGuard" =>PUP.BitGuard
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Hijacker.Eazel
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:serviceName="BitGuard" =>PUP.BitGuard
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:version="2.6.1694.246" =>Hijacker.Hijacker.Eazel
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.7.1769.27]:SERVICE_NAME="BitGuard" =>PUP.BitGuard
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.7.1769.27]:dllName="BitGuard.dll" =>PUP.BitGuard
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.7.1769.27]:exeName="BitGuard.exe" =>PUP.BitGuard
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.7.1769.27]:folderName="BitGuard" =>PUP.BitGuard
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.7.1769.27]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Hijacker.Eazel
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.7.1769.27]:version="2.7.1769.27" =>Hijacker.Hijacker.Eazel
[HKCU\Software\8751B89239B26C47AA23485064775A1E]:FRun="0"
[HKCU\Software\8751B89239B26C47AA23485064775A1E]:O`ld="Houdsodu!Rdbtshux"
[HKCU\Software\8751B89239B26C47AA23485064775A1E]:Q`ui="B;]Enbtldour!`oe!Rduuhofr]@mm!Trdsr]@qqmhb`uhno!E`u`]`lrdbtsd/dyd"
[HKLM\Software\596d8d0b038ee47] => Clé orpheline
~ Export Key Software: Scanned in 00mn 00s
---\\ Windows Installer Scan (WIS) (O93) (NTFS)
[MD5.C4B4AE62E4311B12E64C4BBE5B86CCA4] [WIS][21/02/2013] (.Passware - Passware Kit Enterprise 9.3 installation package.) -- C:\Windows\Installer\ab836.msi [1475072]
~ WIS: 47 Legitimates Filtered in 00mn 06s
---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Disabled 09/01/2014 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 13/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Demand 14/06/2013 1044816 | (FLEXnet Licensing Service) . (.Flexera Software, Inc..) - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Auto 01/02/2013 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 01/02/2013 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Disabled 25/10/2012 161664 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe
SS - | Disabled 10/07/1658 0 | (MozillaMaintenance) . (...) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SR - | Auto 30/11/2011 150168 | (RsMgrSvc) . (.Beijing Rising Information Technology Co.,.) - C:\Program Files\Rising\RSD\RsMgrSvc.exe
SR - | Auto 29/07/2013 167832 | (RsRavMon) . (.Beijing Rising Information Technology Co.,.) - C:\Program Files\Rising\RAV\RavMonD.exe
SR - | Auto 25/02/2014 111904 | (Update BrowseSmart) . (...) - C:\Program Files\BrowseSmart\updateBrowseSmart.exe =>PUP.BrowseSmart
SR - | Auto 25/02/2014 111904 | (Util BrowseSmart) . (...) - C:\Program Files\BrowseSmart\bin\utilBrowseSmart.exe =>PUP.BrowseSmart
SR - | Auto 08/01/2014 1771544 | (vToolbarUpdater17.3.0) . (.AVG Secure Search.) - C:\Program Files\Fichiers communs\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe =>Toolbar.AVGSearch
SR - | Auto 10/08/2013 51992 | (WebCake Desktop Updater) . (.cake bake.) - C:\Program Files\Betcat\WBDesktop.Updater.exe =>Adware.WebCake
~ Services: Scanned in 00mn 07s
---\\ Scan Additionnel (O88)
Database Version : 13031 - (23/02/2014)
Clés trouvées (Keys found) : 155
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 24
Fichiers trouvés (Files found) : 23
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}] =>Adware.IncrediBar^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] =>Toolbar.AVGSearch^
[HKLM\SYSTEM\CurrentControlSet\Services\Update BrowseSmart] =>PUP.BrowseSmart^
[HKLM\SYSTEM\CurrentControlSet\Services\Util BrowseSmart] =>PUP.BrowseSmart^
[HKLM\SYSTEM\CurrentControlSet\Services\vToolbarUpdater17.3.0] =>Toolbar.AVGSearch^
[HKLM\SYSTEM\CurrentControlSet\Services\WebCake Desktop Updater] =>Adware.WebCake^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BrowseSmart] =>PUP.BrowseSmart^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\incredibar] =>Adware.IncrediBar^
[HKLM\Software\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}] =>Adware.SocialSkinz
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}] =>Toolbar.Agent
[HKLM\Software\Classes\CLSID\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}] =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.AVGSearch
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>PUP.Babylon
[HKLM\Software\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}] =>Adware.SocialSkinz
[HKLM\Software\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}] =>Adware.SocialSkinz
[HKLM\Software\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}] =>Adware.IncrediBar
[HKLM\Software\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}] =>Adware.IncrediBar
[HKLM\Software\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}] =>Adware.IncrediBar
[HKLM\Software\Classes\Interface\{2a42d13c-d427-4787-821b-cf6973855778}] =>Adware.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}] =>Adware.IncrediBar
[HKLM\Software\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}] =>Adware.SocialSkinz
[HKLM\Software\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}] =>Adware.iWinArcade
[HKLM\Software\Classes\Interface\{3d8478aa-7b88-48a9-8bcb-b85d594411ec}] =>Adware.SocialSkinz
[HKLM\Software\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}] =>Adware.IncrediBar
[HKLM\Software\Classes\Interface\{4897bba6-48d9-468c-8efa-846275d7701b}] =>Adware.SocialSkinz
[HKLM\Software\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}] =>Adware.IncrediBar
[HKLM\Software\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}] =>Adware.SocialSkinz
[HKLM\Software\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}] =>Adware.Agent
[HKLM\Software\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] =>Adware.SocialSkinz
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}] =>Adware.SocialSkinz
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}] =>Adware.IncrediBar
[HKLM\Software\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}] =>Adware.IncrediBar
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}] =>Adware.IncrediBar
[HKLM\Software\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}] =>Adware.IncrediBar
[HKLM\Software\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}] =>Adware.SocialSkinz
[HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits
[HKLM\Software\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}] =>Adware.IncrediBar
[HKLM\Software\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}] =>Adware.IncrediBar
[HKLM\Software\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}] =>Adware.IncrediBar
[HKLM\Software\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}] =>Adware.SocialSkinz
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}] =>Adware.SocialSkinz
[HKLM\Software\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}] =>Hijacker.Seeearch
[HKLM\Software\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}] =>Adware.IncrediBar
[HKLM\Software\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}] =>Adware.SocialSkinz
[HKLM\Software\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}] =>Adware.IncrediBar
[HKLM\Software\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}] =>Adware.IncrediBar
[HKLM\Software\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}] =>Hijacker.Seeearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}] =>Adware.IncrediBar
[HKLM\Software\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}] =>Adware.IncrediBar
[HKLM\Software\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}] =>Adware.IncrediBar
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}] =>Adware.IncrediBar
[HKLM\Software\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}] =>Adware.SocialSkinz
[HKLM\Software\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}] =>Adware.IncrediBar
[HKLM\Software\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}] =>Adware.SocialSkinz
[HKLM\Software\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}] =>Adware.IncrediBar
[HKLM\Software\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}] =>Adware.BullseyeToolbar
[HKLM\Software\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\CLSID\{e8cfc029-8420-4eae-adef-915bdc77e1dc}] =>Spyware.AdaEbook
[HKLM\Software\Classes\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}] =>Adware.SocialSkinz
[HKLM\Software\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}] =>Adware.IncrediBar
[HKLM\Software\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}] =>Adware.IncrediBar
[HKLM\Software\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}] =>Adware.IncrediBar
[HKLM\Software\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}] =>Adware.IncrediBar
[HKLM\Software\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}] =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}] =>Adware.SocialSkinz
[HKLM\Software\Classes\AppID\TbCommonUtils.DLL] =>Toolbar.Agent
[HKLM\Software\Classes\AppID\TbHelper.EXE] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\incredibar] =>Adware.IncrediBar
[HKLM\Software\Classes\comobject.deskbarenabler] =>Toolbar.Agent
[HKLM\Software\Classes\comobject.deskbarenabler.1] =>Toolbar.Agent
[HKLM\Software\Classes\esrv.IncredibarESrvc] =>Adware.IncrediBar
[HKLM\Software\Classes\esrv.IncredibarESrvc.1] =>Adware.IncrediBar
[HKLM\Software\Classes\I] =>Adware.IncrediBar
[HKLM\Software\Classes\S] =>Toolbar.Agent
[HKLM\Software\Classes\ScriptHelper.ScriptHelperApi] =>Toolbar.AVGSearch
[HKLM\Software\Classes\ScriptHelper.ScriptHelperApi.1] =>Toolbar.AVGSearch
[HKLM\Software\Classes\TbCommonUtils.CommonUtils] =>Toolbar.Agent
[HKLM\Software\Classes\TbCommonUtils.CommonUtils.1] =>Toolbar.Agent
[HKLM\Software\Classes\URLSearchHook.ToolbarURLSearchHook] =>Toolbar.Agent
[HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook.1] =>Adware.Agent
[HKLM\Software\Classes\ViProtocol.ViProtocolOLE] =>Toolbar.AVGSearch
[HKLM\Software\Classes\ViProtocol.ViProtocolOLE.1] =>Toolbar.AVGSearch
[HKLM\Software\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd] =>Adware.IncrediBar
[HKCU\Software\ConduitSearchScopes] =>Toolbar.Conduit
[HKCU\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\DataMngr] =>Adware.Bandoo
[HKCU\Software\DSNR Labs] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\FilesFrog Update Checker] =>Adware.Agent
[HKCU\Software\Incredibar.com] =>Adware.IncrediBar
[HKLM\Software\Incredibar.com] =>Adware.IncrediBar
[HKCU\Software\PriceGong] =>Adware.PriceGong
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKLM\Software\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}] =>PUP.Funmoods
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\Prod.cap] =>PUP.Babylon
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DCDBBF03-BC10-457D-911F-EFB0321D22BE}] =>Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}] =>PUP.Funmoods
[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar] =>Toolbar.AVGSafeGuard
[HKCU\Software\AVG SafeGuard toolbar] =>Toolbar.AVGSafeGuard
[HKLM\Software\AVG SafeGuard toolbar] =>Toolbar.AVGSafeGuard
[HKLM\Software\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof] =>Toolbar.AVGSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}] =>Adware.WebCake
[HKLM\Software\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}] =>Adware.BrowseFox
[HKLM\Software\Classes\Incredibar.dskBnd] =>Adware.Incredibar
[HKLM\Software\Classes\Incredibar.dskBnd.1] =>Adware.Incredibar
[HKLM\Software\Classes\Incredibar.IncredibarHlpr] =>Adware.Incredibar
[HKLM\Software\Classes\Incredibar.IncredibarHlpr.1] =>Adware.Incredibar
[HKLM\Software\Classes\IncredibarApp.appCore] =>Adware.Incredibar
[HKLM\Software\Classes\IncredibarApp.appCore.1] =>Adware.Incredibar
[HKLM\Software\Classes\TbHelper.TbDownloadManager] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbDownloadManager.1] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbPropertyManager] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbPropertyManager.1] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbRequest] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbRequest.1] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbTask] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbTask.1] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.ToolbarHelper] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.ToolbarHelper.1] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar.CT2233703] =>Toolbar.Conduit
[HKLM\Software\Classes\Toolbar3.ContextMenuNotifier] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.ContextMenuNotifier.1] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.CustomInternetSecurityImpl] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.CustomInternetSecurityImpl.1] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.SBCONVERT] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.SBCONVERT.1] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.SearchProviderManager] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.SearchProviderManager.1] =>Toolbar.Agent
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{F9639E4A-801B-4843-AEE3-03D9DA199E77} =>Adware.IncrediBar^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:mobilegeni daemon =>PUP.Mobogenie^
C:\Program Files\BrowseSmart =>PUP.BrowseSmart^
C:\Program Files\Incredibar.com =>Adware.IncrediBar^
C:\Program Files\MyPC Backup =>PUP.MyPCBackup^
C:\Program Files\SuRof andu keepp =>Adware.SurfAndKeep^
C:\Program Files\Web Cake =>Adware.WebCake^
C:\Program Files\YoutubeAdblocker =>PUP.Multiplug^
C:\Documents and Settings\All Users\Application Data\Babylon =>PUP.Babylon^
C:\Documents and Settings\All Users\Application Data\rvlkl =>Keylogger.Logixoft^
C:\Documents and Settings\All Users\Application Data\SuRof andu keepp =>Adware.SurfAndKeep^
C:\Documents and Settings\All Users\Application Data\Tarma Installer =>PUP.Tarma^
C:\Documents and Settings\All Users\Application Data\YoutubeAdblocker =>PUP.Multiplug^
C:\Documents and Settings\Administrateur\Application Data\B1Toolbar =>Hijacker.SearchB1org^
C:\Documents and Settings\Administrateur\Application Data\Babylon =>PUP.Babylon^
C:\Documents and Settings\Administrateur\Application Data\File Scout =>PUP.FileScout^
C:\Documents and Settings\Administrateur\Application Data\Incredibar.com =>Adware.IncrediBar^
C:\Documents and Settings\Administrateur\Application Data\PriceGong =>Adware.PriceGong^
C:\Documents and Settings\Administrateur\Application Data\Web Cake =>Adware.WebCake^
C:\Program Files\Conduit =>Toolbar.Conduit
C:\Program Files\Fichiers communs\AVG Secure Search =>Toolbar.AVGSearch
C:\Documents and Settings\All Users\Application Data\InstallMate =>PUP.Tarma
C:\Documents and Settings\Administrateur\Application Data\eType =>Adware.Zugo
C:\Documents and Settings\Administrateur\Application Data\Toolbar4 =>Toolbar.Conduit
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Conduit =>Toolbar.Conduit
C:\Documents and Settings\Administrateur\Local Settings\Application Data\B1E =>Toolbar.BrotherSoft
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application^
C:\Program Files\BrowseSmart\updateBrowseSmart.exe =>PUP.BrowseSmart^
C:\Program Files\BrowseSmart\bin\utilBrowseSmart.exe =>PUP.BrowseSmart^
C:\Program Files\Fichiers communs\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe =>Toolbar.AVGSearch^
C:\Program Files\Betcat\WBDesktop.Updater.exe =>Adware.WebCake^
C:\Program Files\Fichiers communs\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe =>Toolbar.AVGSearch^
C:\WINDOWS\Tasks\GoforFilesUpdate.job =>P2P.GoforFiles^
C:\WINDOWS\Tasks\putefn.job =>Hijacker.iHaveNet^
[HKCU\Software\BabSolution] =>Hijacker.BabSolution^
[HKCU\Software\BrowseSmart] =>PUP.BrowseSmart^
[HKCU\Software\Conduit] =>Toolbar.Conduit^
[HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr^
[HKCU\Software\FileScout] =>PUP.FileScout^
[HKCU\Software\IB Updater] =>Adware.InstallBrain^
[HKCU\Software\Smartbar] =>Hijacker.SmartBar^
[HKLM\Software\Babylon] =>PUP.Babylon^
[HKLM\Software\Conduit] =>Toolbar.Conduit^
[HKLM\Software\IB Updater] =>Adware.InstallBrain^
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:dllName="BrowserDefender.dll" =>Hijacker.Hijacker.Eazel^
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:dllName="BrowserDefender.dll" =>Hijacker.Hijacker.Eazel^
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:dllName="BitGuard.dll" =>PUP.BitGuard^
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:dllName="BitGuard.dll" =>PUP.BitGuard^
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.7.1769.27]:SERVICE_NAME="BitGuard" =>PUP.BitGuard^
~ Additionnel Scan: 139403 Items scanned in 00mn 29s
---\\ Summary of the detections found on your workstation
~ http://nicolascoolman.webs.com/apps/blog/show/39517100-pup-browsesmart =>PUP.BrowseSmart
~ http://nicolascoolman.webs.com/apps/blog/show/27285539-adware-webcake =>Adware.WebCake
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/26898222-adware-incredibar =>Adware.Incredibar
~ http://nicolascoolman.webs.com/apps/blog/show/27910374-keylogger-logixoft =>Keylogger.Logixoft
~ http://nicolascoolman.webs.com/apps/blog/show/41034005-pup-mobogenie =>PUP.Mobogenie
~ http://nicolascoolman.webs.com/apps/blog/show/33336602-hijacker-ihavenet =>Hijacker.iHavenet
~ http://nicolascoolman.webs.com/apps/blog/show/27161672-hijacker-eazel =>Hijacker.Eazel
~ http://nicolascoolman.webs.com/apps/blog/show/26678994-hijacker-babsolution =>Hijacker.BabSolution
~ http://nicolascoolman.webs.com/apps/blog/show/27583992-pup-datamngr =>PUP.Datamngr
~ http://nicolascoolman.webs.com/apps/blog/show/34311830-pup-filescout =>PUP.FileScout
~ http://nicolascoolman.webs.com/apps/blog/show/26907365-adware-installbrain =>Adware.InstallBrain
~ http://nicolascoolman.webs.com/apps/blog/show/29790567-adware-installcore =>Adware.InstallCore
~ http://nicolascoolman.webs.com/apps/blog/show/26666995-adware-pricegong =>Adware.PriceGong
~ http://nicolascoolman.webs.com/apps/blog/show/26990375-hijacker-smartbar =>Hijacker.SmartBar
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>PUP.Babylon
~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma
~ http://nicolascoolman.webs.com/apps/blog/show/32174815-pup-mypcbackup =>PUP.MyPCBackup
~ http://nicolascoolman.webs.com/apps/blog/show/35582793-adware-surfandkeep =>Adware.SurfAndKeep
~ http://nicolascoolman.webs.com/apps/blog/show/30703839-hijacker-searchb1org =>Hijacker.SearchB1org
~ http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch =>Toolbar.DeltaSearch
~ http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch =>Adware.MyWebSearch
~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster
~ http://nicolascoolman.webs.com/apps/blog/show/35127313-pua-browserdefendert =>PUA.BrowserDefendert
~ http://nicolascoolman.webs.com/apps/blog/show/32979753-pup-bitguard =>PUP.BitGuard
~ http://nicolascoolman.webs.com/apps/blog/show/27480243-adware-socialskinz =>Adware.SocialSkinz
~ http://nicolascoolman.webs.com/apps/blog/show/28766471-adware-iwinarcade =>Adware.iWinArcade
~ http://nicolascoolman.webs.com/apps/blog/show/30234464-pup-toparcadehits =>PUP.ToparcadeHits
~ http://nicolascoolman.webs.com/apps/blog/show/27674245-adware-bullseyetoolbar =>Adware.BullseyeToolbar
~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo
~ http://nicolascoolman.webs.com/apps/blog/show/27630986-pup-funmoods =>PUP.Funmoods
~ http://nicolascoolman.webs.com/apps/blog/show/32363262-adware-browsefox =>Adware.BrowseFox
~ http://nicolascoolman.webs.com/apps/blog/show/26828293-adware-zugo =>Adware.Zugo
~ MSI: 33 link(s) detected in 00mn 31s
~ 890 Legitimates filtered by white list
End of the scan (847 lines in 01mn 25s)(0)
~ Launched by Administrateur (27/02/2014 14:05:59)
~ Web site address : http://nicolascoolman.webs.com
~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps/links/
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Not Found
---\\ Internet browsers
MSIE: Internet Explorer v7.0.5730.13
MFIE: Mozilla Firefox 27.0.1 (Defaut)
---\\ Windows product information
~ Langage: Anglais
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO
---\\ System protection software
---\\ System optimization software
---\\ Sharing software PeerToPeer
---\\ Surveillance software
Adobe Flash Player 11 Plugin
---\\ Information on the system
~ Processor: x86 Family 15 Model 6 Stepping 5, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1406 MB (57% free)
System Restore: Désactivé (Disabled)
System drive C: has 35 GB (71%) free of 49 GB
---\\ Connection to the system mode
~ Computer Name: SWEET-3A112B8C9
~ User Name: Administrateur
~ All Users Names: SUPPORT_388945a0, HelpAssistant, ASPNET, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\Administrateur\Application Data\ZHP\
~ %AppData% : C:\Documents and Settings\Administrateur\Application Data\
~ %Desktop% : C:\Documents and Settings\Administrateur\Bureau\
~ %Favorites% : C:\Documents and Settings\Administrateur\Favoris\
~ %LocalAppData% : C:\Documents and Settings\Administrateur\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\Administrateur\Menu Démarrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\
---\\ Enumeration of the disk units
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 35 Go of 49 Go)
D: Hard drive, Flash drive, Thumb drive (Free 16 Go of 34 Go)
E: Hard drive, Flash drive, Thumb drive (Free 0 Go of 34 Go)
F: Hard drive, Flash drive, Thumb drive (Free 5 Go of 32 Go)
G: CD-ROM drive (Free 0 Go of 3 Go)
I: Floppy drive, Flash card reader, USB Key (Free 4 Go of 4 Go)
---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s
---\\ Search Generic System Files
[MD5.BFBBBFE0913E6C9706F97598A6588B8F] - (.Microsoft Corporation - Explorateur Windows.) (.27/09/2008 - 11:24:52.) -- C:\WINDOWS\Explorer.exe [1573888]
[MD5.90B16FF3ACEC94B95BA95AA686442A47] - (.Microsoft Corporation - Internet Extensions for Win32.) (.27/09/2008 - 11:27:20.) -- C:\WINDOWS\system32\wininet.dll [879616]
[MD5.4BB6301D634C857A5089E8B24C5555E4] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.27/09/2008 - 11:27:21.) -- C:\WINDOWS\system32\Winlogon.exe [593408]
[MD5.744B88B93D2A58A1EB84C11D48CA85C8] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/07/2008 - 12:44:47.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.4B0A100EAF5C49EF3CCA8C641431EACC] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.02/05/2008 - 11:49:39.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.32ECB7D3C03532B4460E09E960A3B72E] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.30/07/2008 - 13:09:57.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [455936]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.A0857C97770034FD2AF17DC4014B5ABD] - (.Microsoft Corporation - NT File System Driver.) (.22/04/2008 - 14:45:52.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [576384]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.27/09/2008 - 11:31:20.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.27/09/2008 - 00:58:26.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.27/09/2008 - 02:58:26.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 00s
---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 1/9
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 5/27
~ Mes Documents (My Documents) : 2/779
~ Mon Bureau (My Desktop) : 0/307
~ Menu demarrer (Programs) : 1/33
~ Hidden Files: Scanned in 00mn 01s
---\\ Process running
[MD5.811A775DB3DBA12D8FD27C352AF071DC] - (.Beijing Rising Information Technology Co., - RsMgrSvc Application.) -- C:\Program Files\Rising\RSD\RsMgrSvc.exe [150168] [PID.1776]
[MD5.776046E2040F098547399FFC942B3645] - (.Beijing Rising Information Technology Co., - ravmond.) -- C:\Program Files\Rising\RAV\RavMonD.exe [167832] [PID.1788]
[MD5.EFA551863AD71A69690A3685145FD378] - (...) -- ystem32\rundll32.exe [0] [PID.288]
[MD5.4C76BE04981EB8BE76DC4AC900F16AFB] - (...) -- C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe [2606616] [PID.852]
[MD5.C98ACDE22458C8F46FD0503CB9E2D01F] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe [223112] [PID.952]
[MD5.D65ADC7AD95E88FAB486707B8C228F17] - (.Beijing Rising Information Technology Co., - Rising tray framework.) -- C:\Program Files\Rising\RAV\RSTRAY.exe [178840] [PID.1196]
[MD5.977507613F92E1B4BDF2A9496FEB1EB7] - (...) -- C:\Program Files\BrowseSmart\updateBrowseSmart.exe [111904] [PID.1004] =>PUP.BrowseSmart
[MD5.977507613F92E1B4BDF2A9496FEB1EB7] - (...) -- C:\Program Files\BrowseSmart\bin\utilBrowseSmart.exe [111904] [PID.2224] =>PUP.BrowseSmart
[MD5.9237CDFF7D7185510A7DDB3666691D0D] - (.AVG Secure Search - ToolbarU Application (Official).) -- C:\Program Files\Fichiers communs\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [1771544] [PID.2364] =>Toolbar.AVGSearch
[MD5.7D66C7460240C5FA7DA4E775DF9FF328] - (.cake bake - Desktop.Updater.) -- C:\Program Files\Betcat\WBDesktop.Updater.exe [51992] [PID.2400] =>Adware.WebCake
[MD5.2F6EC25614A74793A4CE45469D7C5970] - (.No owner - loggings Application.) -- C:\Program Files\Fichiers communs\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe [159768] [PID.2572] =>Toolbar.AVGSearch
[MD5.642DD7A1BF43E7DA11530EFE7C9FBD25] - (.Maple Studio - CoolNovo Browser.) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\MapleStudio\ChromePlus\Application\chrome.exe [1294240] [PID.3480]
[MD5.42FEDBCB3ED926F6F529E0FDDF750BE0] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8339968] [PID.2096]
~ Processes Running: Scanned in 00mn 01s
---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 0 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.b1.org
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.softonic.com =>Toolbar.Conduit
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = http://search.speedbit.com
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 0
~ IE Browser: 15 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
~ Proxy management: Scanned in 00mn 00s
---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 0
---\\ Browser Helper Objects (O2)
O2 - BHO: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} . (.Montera Technologeis LTD - No Comment.) -- C:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll =>Adware.IncrediBar
O2 - BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} . (.AVG Secure Search - toolbar.dll (Official).) -- C:\Program Files\AVG SafeGuard toolbar\17.3.0.49\AVG SafeGuard toolbar_toolbar.dll =>Toolbar.AVGSearch
~ BHO: 12 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: Incredibar Toolbar - [HKLM]{F9639E4A-801B-4843-AEE3-03D9DA199E77} . (.Montera Technologeis LTD - No Comment.) -- C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll =>Adware.IncrediBar
O3 - Toolbar: AVG SafeGuard toolbar - [HKLM]{95B7759C-8C7F-4BF1-B163-73684A933233} . (.AVG Secure Search - toolbar.dll (Official).) -- C:\Program Files\AVG SafeGuard toolbar\17.3.0.49\AVG SafeGuard toolbar_toolbar.dll =>Toolbar.AVGSearch
O3 - Toolbar: (no name) - [HKCU]{710EB7A1-45ED-11D0-924A-0020AFC7AC4D} Orphan key
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Orphan key
~ Toolbar: Scanned in 00mn 00s
---\\ Other User Links (O4)
O4 - GS\Program [AllUsers]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [Administrateur]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Global Startup: 8 Legitimates Filtered in 00mn 00s
---\\ Auto loading programs from Registry and folders (O4)
O4 - GS\Program [AllUsers]: rvlkl.lnk . (.Logixoft - Revealer Keylogger Free.) -- C:\Documents and Settings\All Users\Application Data\rvlkl\rvlkl.exe =>Keylogger.Logixoft
O4 - GS\Program [Administrateur]: Vidal CD.lnk . (.Vidal - Module de lancement de VidalCD.) -- C:\Program Files\Vidal\VidalCD\VidalCD.exe
O4 - HKLM\..\Run: [VTTimer] . (.S3 Graphics, Inc. - No Comment.) -- C:\WINDOWS\system32\VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] . (.S3 Graphics Co., Ltd. - s3contrl (32-bit).) -- C:\WINDOWS\system32\S3trayp.exe
O4 - HKLM\..\Run: [RSDTRAY] . (.Beijing Rising Information Technology Co., - tray 应用程序.) -- C:\Program Files\Rising\RSD\popwndexe.exe
O4 - HKLM\..\Run: [RavTRAY] . (.Beijing Rising Information Technology Co., - Rising tray framework.) -- C:\Program Files\Rising\RAV\RSTRAY.exe
O4 - HKLM\..\Run: [KernelFaultCheck] Orphan key
O4 - HKLM\..\Run: [vProt] . (.No owner - VProtect Application (Non Official).) -- C:\Program Files\AVG SafeGuard toolbar\vprot.exe
O4 - HKLM\..\Run: [mobilegeni daemon] . (...) -- C:\Program Files\Mobogenie\DaemonProcess.exe =>PUP.Mobogenie
O4 - HKLM\..\Run: [Activation Method for 2013, 2012, 2011, 2010] . (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\WINDOWS\system32\wscript.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Internet Security] C:\Documents and Settings\All Users\Application Data\amsecure.exe (.not file.)
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [Activation Method for 2013, 2012, 2011, 2010] . (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\WINDOWS\system32\wscript.exe
O4 - HKLM\..\policies\Explorer\Run: [TOSH] rundll32 "C:\WINDOWS\system32\d3dx9_30E.dll (.not file.)
O4 - HKLM\..\policies\Explorer\Run: [Ujegbkd] rundll32 "C:\WINDOWS\system32\linkinfo0.dll (.not file.)
O4 - HKUS\.DEFAULT\..\RunOnce: [JkDefrag] Orphan key
O4 - HKUS\.DEFAULT\..\RunOnce: [SweetRegistry] Orphan key
O4 - HKUS\S-1-5-18\..\RunOnce: [JkDefrag] Orphan key
O4 - HKUS\S-1-5-18\..\RunOnce: [SweetRegistry] Orphan key
O4 - HKUS\S-1-5-20\..\RunOnce: [JkDefrag] Orphan key
O4 - HKUS\S-1-5-20\..\RunOnce: [SweetRegistry] Orphan key
O4 - HKUS\S-1-5-21-1844237615-527237240-1606980848-500\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1844237615-527237240-1606980848-500\..\Run: [Internet Security] C:\Documents and Settings\All Users\Application Data\amsecure.exe (.not file.)
O4 - HKUS\S-1-5-21-1844237615-527237240-1606980848-500\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-1844237615-527237240-1606980848-500\..\Run: [Activation Method for 2013, 2012, 2011, 2010] . (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\WINDOWS\system32\wscript.exe
~ Application: Scanned in 00mn 00s
---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Orphan key
O9 - Extra button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} . (...) -- C:\Program Files\Fichiers communs\DVDVideoSoft\plugins\dvdvideosoft.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{F69C474F-7E2A-4B2A-B93A-000A417FA99D}: NameServer = 109.0.66.10 195.186.4.111
O17 - HKLM\System\CCS\Services\Tcpip\..\{4DB766D7-9012-4B83-B550-72398640B330}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{4DB766D7-9012-4B83-B550-72398640B330}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{F69C474F-7E2A-4B2A-B93A-000A417FA99D}: NameServer = 109.0.66.10 195.186.4.111
O17 - HKLM\System\CS1\Services\Tcpip\..\{4DB766D7-9012-4B83-B550-72398640B330}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{4DB766D7-9012-4B83-B550-72398640B330}: DhcpDomain = lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{4DB766D7-9012-4B83-B550-72398640B330}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{4DB766D7-9012-4B83-B550-72398640B330}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
~ Domain: Scanned in 00mn 00s
---\\ Extra protocols (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Windows Genuine Advantage Notifications.) -- C:\WINDOWS\system32\WgaLogon.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: Update BrowseSmart (Update BrowseSmart) . (...) - C:\Program Files\BrowseSmart\updateBrowseSmart.exe =>PUP.BrowseSmart
O23 - Service: Util BrowseSmart (Util BrowseSmart) . (...) - C:\Program Files\BrowseSmart\bin\utilBrowseSmart.exe =>PUP.BrowseSmart
O23 - Service: (vToolbarUpdater17.3.0) . (.AVG Secure Search - ToolbarU Application (Official).) - C:\Program Files\Fichiers communs\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe =>Toolbar.AVGSearch
O23 - Service: WebCake Desktop Updater (WebCake Desktop Updater) . (.cake bake - Desktop.Updater.) - C:\Program Files\Betcat\WBDesktop.Updater.exe =>Adware.WebCake
~ Services: 8 Legitimates Filtered in 00mn 10s
---\\ Windows Active Desktop & MHTML Editor (O24)
O24 - Desktop Component 0: (no name) - file:http://forum.brg8.com/alt=
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s
---\\ BootExecute (BEX) (O34)
O34 - HKLM BootExecute: ( bsmain) - File not found
~ BEX: 2 Legitimates Filtered in 00mn 00s
---\\ Task Planned Automatically (039)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0214b_rel.job [360]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0214b_rmv.job [362]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoforFilesUpdate.job [282] =>P2P.GoforFiles
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\putefn.job [328] =>Hijacker.iHaveNet
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\SBWUpdateTask_Logon_20694426-001BB9CA81A0.job [578]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\SBWUpdateTask_Time_20694426-001BB9CA81A0.job [578]
[MD5.4C76BE04981EB8BE76DC4AC900F16AFB] [APT] [AVG-Secure-Search-Update_0214b_rel] (...) -- C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe [2606616]
[MD5.4C76BE04981EB8BE76DC4AC900F16AFB] [APT] [AVG-Secure-Search-Update_0214b_rmv] (...) -- C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe [2606616]
[MD5.00000000000000000000000000000000] [APT] [GoforFilesUpdate] (...) -- C:\Program Files\GoforFiles\GFFUpdater.exe (.not file.) [0] =>P2P.GoforFiles
~ Scheduled Task: 20 Legitimates Filtered in 00mn 00s
---\\ Software installed (O42)
O42 - Logiciel: BrowseSmart - (.BrowseSmart.) [HKLM] -- BrowseSmart =>PUP.BrowseSmart
O42 - Logiciel: CoolNovo - (.The Maple Studio.) [HKCU] -- ChromePlus
O42 - Logiciel: Incredibar Toolbar on IE - (...) [HKLM] -- incredibar =>Adware.IncrediBar
O42 - Logiciel: Internat Test version 1.5 - (...) [HKLM] -- {3611ABCF-B21B-4866-800B-A39E31EC318E}_is1
~ Logic: 24 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\2.6.1519.190] =>Hijacker.Hijacker.Eazel
[HKCU\Software\596d8d0b038ee47] =>Hijacker.Hijacker.Eazel
[HKCU\Software\8751B89239B26C47AA23485064775A1E]
[HKCU\Software\BabSolution] =>Hijacker.BabSolution
[HKCU\Software\BrowseSmart] =>PUP.BrowseSmart
[HKCU\Software\ConduitSearchScopes]
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\DIMSNUFEL]
[HKCU\Software\DSNR Labs]
[HKCU\Software\DataMngr] =>PUP.Datamngr
[HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr
[HKCU\Software\FileScout] =>PUP.FileScout
[HKCU\Software\IB Updater] =>Adware.InstallBrain
[HKCU\Software\IM]
[HKCU\Software\IncrediMail]
[HKCU\Software\Incredibar.com] =>Adware.IncrediBar
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\PriceGong] =>Adware.PriceGong
[HKCU\Software\SBCONVERT]
[HKCU\Software\Smartbar] =>Hijacker.SmartBar
[HKCU\Software\SpeedBit]
[HKLM\Software\596d8d0b038ee47] =>Hijacker.Hijacker.Eazel
[HKLM\Software\Babylon] =>PUP.Babylon
[HKLM\Software\Conduit] =>Toolbar.Conduit
[HKLM\Software\DIMSNUFEL]
[HKLM\Software\DataMngr] =>PUP.Datamngr
[HKLM\Software\IB Updater] =>Adware.InstallBrain
[HKLM\Software\IncrediMail]
[HKLM\Software\Incredibar.com] =>Adware.IncrediBar
[HKLM\Software\SpeedBit]
[HKLM\Software\Tarma Installer] =>PUP.Tarma
~ Key Software: 255 Legitimates Filtered in 00mn 01s
---\\ Contents of the Common Files folders (O43)
O43 - CFD: 07/01/2014 - 16:30:46 - [2,733] ----D C:\Program Files\BrowseSmart =>PUP.BrowseSmart
O43 - CFD: 02/11/2012 - 13:57:43 - [0,609] ----D C:\Program Files\Conduit
O43 - CFD: 06/01/2013 - 12:36:21 - [1,825] ----D C:\Program Files\Incredibar.com =>Adware.IncrediBar
O43 - CFD: 31/12/2012 - 23:25:59 - [27,076] ----D C:\Program Files\Internat Test
O43 - CFD: 27/01/2014 - 21:55:23 - [0,015] ----D C:\Program Files\MyPC Backup =>PUP.MyPCBackup
O43 - CFD: 19/12/2013 - 17:42:46 - [0] ----D C:\Program Files\SuRof andu keepp =>Adware.SurfAndKeep
O43 - CFD: 09/08/2013 - 16:20:27 - [0,098] ----D C:\Program Files\Web Cake =>Adware.WebCake
O43 - CFD: 20/12/2013 - 14:26:25 - [0] ----D C:\Program Files\YoutubeAdblocker =>PUP.Multiplug
O43 - CFD: 19/12/2013 - 22:21:19 - [2,793] ----D C:\Program Files\Fichiers communs\SpeedBit
O43 - CFD: 03/02/2013 - 19:21:31 - [0] ----D C:\Documents and Settings\All Users\Application Data\Babylon =>PUP.Babylon
O43 - CFD: 20/12/2013 - 14:26:25 - [0,040] ----D C:\Documents and Settings\All Users\Application Data\d3644022fbfe371b
O43 - CFD: 13/11/2013 - 16:17:55 - [0,080] ----D C:\Documents and Settings\All Users\Application Data\InstallMate
O43 - CFD: 15/01/2014 - 23:01:25 - [0,516] ----D C:\Documents and Settings\All Users\Application Data\rvlkl =>Keylogger.Logixoft
O43 - CFD: 19/12/2013 - 17:58:25 - [0] ----D C:\Documents and Settings\All Users\Application Data\SuRof andu keepp =>Adware.SurfAndKeep
O43 - CFD: 19/12/2013 - 17:00:14 - [1,045] ----D C:\Documents and Settings\All Users\Application Data\Tarma Installer =>PUP.Tarma
O43 - CFD: 20/12/2013 - 14:30:50 - [0] ----D C:\Documents and Settings\All Users\Application Data\YoutubeAdblocker =>PUP.Multiplug
O43 - CFD: 13/07/2013 - 23:22:55 - [0,457] ----D C:\Documents and Settings\Administrateur\Application Data\B1Toolbar =>Hijacker.SearchB1org
O43 - CFD: 03/02/2013 - 19:21:31 - [0,023] ----D C:\Documents and Settings\Administrateur\Application Data\Babylon =>PUP.Babylon
O43 - CFD: 10/01/2013 - 17:23:03 - [0,287] ----D C:\Documents and Settings\Administrateur\Application Data\eType
O43 - CFD: 19/09/2013 - 19:43:32 - [0,308] ----D C:\Documents and Settings\Administrateur\Application Data\File Scout =>PUP.FileScout
O43 - CFD: 12/01/2013 - 12:59:28 - [0] ----D C:\Documents and Settings\Administrateur\Application Data\Incredibar.com =>Adware.IncrediBar
O43 - CFD: 05/01/2013 - 22:10:34 - [0] ----D C:\Documents and Settings\Administrateur\Application Data\PriceGong =>Adware.PriceGong
O43 - CFD: 19/12/2013 - 22:21:10 - [0,760] ----D C:\Documents and Settings\Administrateur\Application Data\Toolbar4
O43 - CFD: 09/08/2013 - 15:49:57 - [0,931] ----D C:\Documents and Settings\Administrateur\Application Data\Web Cake =>Adware.WebCake
O43 - CFD: 13/07/2013 - 23:23:00 - [0,163] ----D C:\Documents and Settings\Administrateur\Local Settings\Application Data\B1E
O43 - CFD: 12/01/2013 - 12:59:22 - [0,135] ----D C:\Documents and Settings\Administrateur\Local Settings\Application Data\Conduit
O43 - CFD: 25/10/2012 - 16:06:45 - [0,005] ----D C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\CoolNovo
~ Program Folder: 149 Legitimates Filtered in 00mn 08s
---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.C7BC96C3711C0D269DA26D1F0ECEC547] - 13/02/2014 - 19:03:32 ---A- . (...) -- C:\WINDOWS\NeroDigital.ini [69]
O44 - LFC:[MD5.C9D253E92F8B48415C364F5C545D1A92] - 15/02/2014 - 19:46:27 ---A- . (...) -- C:\WINDOWS\IE4 Error Log.txt [239]
O44 - LFC:[MD5.EB98CAB122336AE48F0DCB464E6AC98C] - 18/02/2014 - 20:30:16 ---A- . (.Northern Codeworks - Northern Codeworks Uninstaller.) -- C:\WINDOWS\NCUNINST.EXE [45056]
O44 - LFC:[MD5.29A63AAF2809063CB14EFE9D667DD3E6] - 26/02/2014 - 19:39:20 ---A- . (...) -- C:\WINDOWS\WD.INI [26]
O44 - LFC:[MD5.91B6DFBA0FD7D0F4836FB711D1B5D81C] - 27/02/2014 - 13:03:07 ---A- . (...) -- C:\WINDOWS\system32\TrueSight.sys [26624]
O44 - LFC:[MD5.685ECE1A1120AE7E8367220FAA2DE86E] - 27/02/2014 - 13:19:42 ----- . (...) -- C:\UsbFix [Scan 1] SWEET-3A112B8C9.txt [8231]
O44 - LFC:[MD5.716A4EC0A2A55517EA63861B21A979EA] - 27/02/2014 - 13:22:03 ----- . (...) -- C:\UsbFix [Listing 1] SWEET-3A112B8C9.txt [8049]
O44 - LFC:[MD5.2817DBA60CBC8185BD439BAB3E3F20A2] - 27/02/2014 - 13:22:43 ----- . (...) -- C:\UsbFix [Listing 2] SWEET-3A112B8C9.txt [8164]
O44 - LFC:[MD5.21EE91F7A61CEF2543C7BFE3756B218B] - 27/02/2014 - 13:26:33 ----- . (...) -- C:\UsbFix [Scan 2] SWEET-3A112B8C9.txt [7929]
O44 - LFC:[MD5.A6052A9BE5D22312959C8C5AEF60CD51] - 27/02/2014 - 13:30:32 ----- . (...) -- C:\UsbFix [Scan 3] SWEET-3A112B8C9.txt [7793]
O44 - LFC:[MD5.CEE79F57BE6BBCC7D7F264263CB90BDF] - 27/02/2014 - 13:58:23 ---A- . (...) -- C:\UsbFix [Clean 2] SWEET-3A112B8C9.txt [14875]
~ Files: 16 Legitimates Filtered in 00mn 02s
---\\ Operations and functions at Windows Explorer startup (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Export authorized application key (O47)
O47 - AAKE:Key Export SP - "C:\Program Files\GoforFiles\goforfilesdl.exe" [Enabled] .(...) -- C:\Program Files\GoforFiles\goforfilesdl.exe (.not file.) =>P2P.GoforFiles
O47 - AAKE:Key Export SP - "C:\Program Files\GoforFiles\GoforFiles.exe" [Enabled] .(...) -- C:\Program Files\GoforFiles\GoforFiles.exe (.not file.) =>P2P.GoforFiles
~ Keys Export: 12 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=1
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=1
~ MWPS: 6 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "ForceClassicControlPanel"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "LinkResolveIgnoreLinkInfo"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDesktopCleanupWizard"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoInstrumentation"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoRecentDocsHistory"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoRecentDocsMenu"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoResolveSearch"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoResolveTrack"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoSMBalloonTip"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoSMConfigurePrograms"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoSMHelp"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoStartMenuMFUprogramsList"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoWelcomeScreen"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDrives"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "CDRAutoRun"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "HideRunAsVerb"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoCDBurning"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDesktopCleanupWizard"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoInstrumentation"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoNetConnectDisconnect"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoRecentDocsHistory"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoRemoteRecursiveEvents"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoResolveTrack"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoStartMenuMFUprogramsList"=1
~ MWPE Keys: 34 Legitimates Filtered in 00mn 00s
---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 27/09/2008 - 11:31:20 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:[MD5.573C7D0A32852B48F3058CFD8026F511] - 14/04/2008 - 13:00:00 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 14/04/2008 - 13:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 27/09/2008 - 11:31:20 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4912]
O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27916]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:[MD5.CAAA108FD7BF71989946B39704323455] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [34000]
O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
O58 - SDL:[MD5.91B6DFBA0FD7D0F4836FB711D1B5D81C] - 27/02/2014 - 13:03:07 ---A- . (...) -- C:\WINDOWS\system32\TrueSight.sys [26624]
~ Drivers: 6 Legitimates Filtered in 00mn 01s
---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: UsbFix - (.El Desaparecido - www.usbfix.net - www.sosvirus.net.) [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ List all legacy services(LALS) (O64)
O64 - Services: CurCS - 25/02/2014 - C:\Program Files\BrowseSmart\updateBrowseSmart.exe (Update BrowseSmart) .(...) - LEGACY_UPDATE_BROWSESMART =>PUP.BrowseSmart
O64 - Services: CurCS - 25/02/2014 - C:\Program Files\BrowseSmart\bin\utilBrowseSmart.exe (Util BrowseSmart) .(...) - LEGACY_UTIL_BROWSESMART =>PUP.BrowseSmart
O64 - Services: CurCS - 08/01/2014 - C:\Program Files\Fichiers communs\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe (vToolbarUpdater17.3.0) .(.AVG Secure Search - ToolbarU Application (Official).) - LEGACY_VTOOLBARUPDATER17.3.0 =>Toolbar.AVGSearch
O64 - Services: CurCS - 10/08/2013 - C:\Program Files\Betcat\WBDesktop.Updater.exe (WebCake Desktop Updater) .(.cake bake - Desktop.Updater.) - LEGACY_WEBCAKE_DESKTOP_UPDATER =>Adware.WebCake
~ Legacy: 111 Legitimates Filtered in 00mn 00s
---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {06B469CF-CDC2-47F4-81A9-8EA6E8506E45} - (Google) - http://www.google.fr
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Delta Search) - http://www1.delta-search.com =>Toolbar.DeltaSearch
O69 - SBI: SearchScopes [HKCU] {7F4EFF06-7032-458e-AE16-1C1D8255C28A} [DefaultScope] - (Speedbit Search) - http://search.speedbit.com
O69 - SBI: SearchScopes [HKCU] {95B7759C-8C7F-4BF1-B163-73684A933233} - (AVG Secure Search) - http://mysearch.avg.com =>Adware.MyWebSearch
O69 - SBI: SearchScopes [HKCU] {afdbddaa-5d3f-42ee-b79c-185a7020515b} - (4shared.com Customized Web Search) - http://search.conduit.com
O69 - SBI: SearchScopes [HKCU] {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} - (MyStart Search) - http://mystart.incredibar.com =>Adware.IncrediBar
O69 - SBI: SearchScopes [HKCU] {DCDBBF03-BC10-457D-911F-EFB0321D22BE} - (Search The Web (Softonic)) - ${SRCH_SCP_URL} =>Adware.IMBooster
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {06B469CF-CDC2-47F4-81A9-8EA6E8506E45} [DefaultScope] - (Google) - http://www.google.fr
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {06B469CF-CDC2-47F4-81A9-8EA6E8506E45} [DefaultScope] - (Google) - http://www.google.fr
O69 - SBI: SearchScopes [HKUS\S-1-5-20] {06B469CF-CDC2-47F4-81A9-8EA6E8506E45} [DefaultScope] - (Google) - http://www.google.fr
~ Keys: Scanned in 00mn 00s
---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.3EBF71D22F8B2035026B66A5BDFD4A9B] [SPRF][27/02/2014] (...) -- C:\Documents and Settings\Administrateur\Bureau\RogueKiller.exe [3818496]
~ Files: 2 Legitimates Filtered in 00mn 00s
---\\ Random Export Key (REK) (O91)
[HKCU\Software\596d8d0b038ee47\2.6.1519.190\upd]:="upd=1" =>Hijacker.Hijacker.Eazel
[HKCU\Software\596d8d0b038ee47\2.6.1673.238\upd]:="upd=1" =>Hijacker.Hijacker.Eazel
[HKCU\Software\596d8d0b038ee47\2.6.1694.246\upd]:="upd=" =>Hijacker.Hijacker.Eazel
[HKCU\Software\596d8d0b038ee47\2.7.1769.27\upd]:="upd=" =>Hijacker.Hijacker.Eazel
[HKCU\Software\596d8d0b038ee47\2.7.1832.68\upd]:="upd=" =>Hijacker.Hijacker.Eazel
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:dllName="BrowserDefender.dll" =>Hijacker.Hijacker.Eazel
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:exeName="BrowserDefender.exe" =>Hijacker.Hijacker.Eazel
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:folderName="BrowserDefender" =>Hijacker.Hijacker.Eazel
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Hijacker.Eazel
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:serviceName="BrowserDefendert" =>PUA.BrowserDefendert
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:version="2.6.1339.144" =>Hijacker.Hijacker.Eazel
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:dllName="BrowserDefender.dll" =>Hijacker.Hijacker.Eazel
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:exeName="BrowserDefender.exe" =>Hijacker.Hijacker.Eazel
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:folderName="BrowserDefender" =>Hijacker.Hijacker.Eazel
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Hijacker.Eazel
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:serviceName="BrowserDefendert" =>PUA.BrowserDefendert
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:version="2.6.1519.190" =>Hijacker.Hijacker.Eazel
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:dllName="BitGuard.dll" =>PUP.BitGuard
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:exeName="BitGuard.exe" =>PUP.BitGuard
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:folderName="BitGuard" =>PUP.BitGuard
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Hijacker.Eazel
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:serviceName="BitGuard" =>PUP.BitGuard
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:version="2.6.1673.238" =>Hijacker.Hijacker.Eazel
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:dllName="BitGuard.dll" =>PUP.BitGuard
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:exeName="BitGuard.exe" =>PUP.BitGuard
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:folderName="BitGuard" =>PUP.BitGuard
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Hijacker.Eazel
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:serviceName="BitGuard" =>PUP.BitGuard
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:version="2.6.1694.246" =>Hijacker.Hijacker.Eazel
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.7.1769.27]:SERVICE_NAME="BitGuard" =>PUP.BitGuard
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.7.1769.27]:dllName="BitGuard.dll" =>PUP.BitGuard
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.7.1769.27]:exeName="BitGuard.exe" =>PUP.BitGuard
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.7.1769.27]:folderName="BitGuard" =>PUP.BitGuard
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.7.1769.27]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Hijacker.Eazel
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.7.1769.27]:version="2.7.1769.27" =>Hijacker.Hijacker.Eazel
[HKCU\Software\8751B89239B26C47AA23485064775A1E]:FRun="0"
[HKCU\Software\8751B89239B26C47AA23485064775A1E]:O`ld="Houdsodu!Rdbtshux"
[HKCU\Software\8751B89239B26C47AA23485064775A1E]:Q`ui="B;]Enbtldour!`oe!Rduuhofr]@mm!Trdsr]@qqmhb`uhno!E`u`]`lrdbtsd/dyd"
[HKLM\Software\596d8d0b038ee47] => Clé orpheline
~ Export Key Software: Scanned in 00mn 00s
---\\ Windows Installer Scan (WIS) (O93) (NTFS)
[MD5.C4B4AE62E4311B12E64C4BBE5B86CCA4] [WIS][21/02/2013] (.Passware - Passware Kit Enterprise 9.3 installation package.) -- C:\Windows\Installer\ab836.msi [1475072]
~ WIS: 47 Legitimates Filtered in 00mn 06s
---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Disabled 09/01/2014 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 13/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Demand 14/06/2013 1044816 | (FLEXnet Licensing Service) . (.Flexera Software, Inc..) - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Auto 01/02/2013 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 01/02/2013 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Disabled 25/10/2012 161664 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe
SS - | Disabled 10/07/1658 0 | (MozillaMaintenance) . (...) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SR - | Auto 30/11/2011 150168 | (RsMgrSvc) . (.Beijing Rising Information Technology Co.,.) - C:\Program Files\Rising\RSD\RsMgrSvc.exe
SR - | Auto 29/07/2013 167832 | (RsRavMon) . (.Beijing Rising Information Technology Co.,.) - C:\Program Files\Rising\RAV\RavMonD.exe
SR - | Auto 25/02/2014 111904 | (Update BrowseSmart) . (...) - C:\Program Files\BrowseSmart\updateBrowseSmart.exe =>PUP.BrowseSmart
SR - | Auto 25/02/2014 111904 | (Util BrowseSmart) . (...) - C:\Program Files\BrowseSmart\bin\utilBrowseSmart.exe =>PUP.BrowseSmart
SR - | Auto 08/01/2014 1771544 | (vToolbarUpdater17.3.0) . (.AVG Secure Search.) - C:\Program Files\Fichiers communs\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe =>Toolbar.AVGSearch
SR - | Auto 10/08/2013 51992 | (WebCake Desktop Updater) . (.cake bake.) - C:\Program Files\Betcat\WBDesktop.Updater.exe =>Adware.WebCake
~ Services: Scanned in 00mn 07s
---\\ Scan Additionnel (O88)
Database Version : 13031 - (23/02/2014)
Clés trouvées (Keys found) : 155
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 24
Fichiers trouvés (Files found) : 23
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}] =>Adware.IncrediBar^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] =>Toolbar.AVGSearch^
[HKLM\SYSTEM\CurrentControlSet\Services\Update BrowseSmart] =>PUP.BrowseSmart^
[HKLM\SYSTEM\CurrentControlSet\Services\Util BrowseSmart] =>PUP.BrowseSmart^
[HKLM\SYSTEM\CurrentControlSet\Services\vToolbarUpdater17.3.0] =>Toolbar.AVGSearch^
[HKLM\SYSTEM\CurrentControlSet\Services\WebCake Desktop Updater] =>Adware.WebCake^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BrowseSmart] =>PUP.BrowseSmart^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\incredibar] =>Adware.IncrediBar^
[HKLM\Software\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}] =>Adware.SocialSkinz
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}] =>Toolbar.Agent
[HKLM\Software\Classes\CLSID\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}] =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.AVGSearch
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>PUP.Babylon
[HKLM\Software\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}] =>Adware.SocialSkinz
[HKLM\Software\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}] =>Adware.SocialSkinz
[HKLM\Software\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}] =>Adware.IncrediBar
[HKLM\Software\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}] =>Adware.IncrediBar
[HKLM\Software\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}] =>Adware.IncrediBar
[HKLM\Software\Classes\Interface\{2a42d13c-d427-4787-821b-cf6973855778}] =>Adware.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}] =>Adware.IncrediBar
[HKLM\Software\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}] =>Adware.SocialSkinz
[HKLM\Software\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}] =>Adware.iWinArcade
[HKLM\Software\Classes\Interface\{3d8478aa-7b88-48a9-8bcb-b85d594411ec}] =>Adware.SocialSkinz
[HKLM\Software\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}] =>Adware.IncrediBar
[HKLM\Software\Classes\Interface\{4897bba6-48d9-468c-8efa-846275d7701b}] =>Adware.SocialSkinz
[HKLM\Software\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}] =>Adware.IncrediBar
[HKLM\Software\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}] =>Adware.SocialSkinz
[HKLM\Software\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}] =>Adware.Agent
[HKLM\Software\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] =>Adware.SocialSkinz
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}] =>Adware.SocialSkinz
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}] =>Adware.IncrediBar
[HKLM\Software\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}] =>Adware.IncrediBar
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}] =>Adware.IncrediBar
[HKLM\Software\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}] =>Adware.IncrediBar
[HKLM\Software\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}] =>Adware.SocialSkinz
[HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits
[HKLM\Software\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}] =>Adware.IncrediBar
[HKLM\Software\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}] =>Adware.IncrediBar
[HKLM\Software\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}] =>Adware.IncrediBar
[HKLM\Software\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}] =>Adware.SocialSkinz
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}] =>Adware.SocialSkinz
[HKLM\Software\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}] =>Hijacker.Seeearch
[HKLM\Software\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}] =>Adware.IncrediBar
[HKLM\Software\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}] =>Adware.SocialSkinz
[HKLM\Software\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}] =>Adware.IncrediBar
[HKLM\Software\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}] =>Adware.IncrediBar
[HKLM\Software\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}] =>Hijacker.Seeearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}] =>Adware.IncrediBar
[HKLM\Software\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}] =>Adware.IncrediBar
[HKLM\Software\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}] =>Adware.IncrediBar
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}] =>Adware.IncrediBar
[HKLM\Software\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}] =>Adware.SocialSkinz
[HKLM\Software\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}] =>Adware.IncrediBar
[HKLM\Software\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}] =>Adware.SocialSkinz
[HKLM\Software\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}] =>Adware.IncrediBar
[HKLM\Software\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}] =>Adware.BullseyeToolbar
[HKLM\Software\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\CLSID\{e8cfc029-8420-4eae-adef-915bdc77e1dc}] =>Spyware.AdaEbook
[HKLM\Software\Classes\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}] =>Adware.SocialSkinz
[HKLM\Software\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}] =>Adware.IncrediBar
[HKLM\Software\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}] =>Adware.IncrediBar
[HKLM\Software\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}] =>Adware.IncrediBar
[HKLM\Software\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}] =>Adware.IncrediBar
[HKLM\Software\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}] =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}] =>Adware.SocialSkinz
[HKLM\Software\Classes\AppID\TbCommonUtils.DLL] =>Toolbar.Agent
[HKLM\Software\Classes\AppID\TbHelper.EXE] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\incredibar] =>Adware.IncrediBar
[HKLM\Software\Classes\comobject.deskbarenabler] =>Toolbar.Agent
[HKLM\Software\Classes\comobject.deskbarenabler.1] =>Toolbar.Agent
[HKLM\Software\Classes\esrv.IncredibarESrvc] =>Adware.IncrediBar
[HKLM\Software\Classes\esrv.IncredibarESrvc.1] =>Adware.IncrediBar
[HKLM\Software\Classes\I] =>Adware.IncrediBar
[HKLM\Software\Classes\S] =>Toolbar.Agent
[HKLM\Software\Classes\ScriptHelper.ScriptHelperApi] =>Toolbar.AVGSearch
[HKLM\Software\Classes\ScriptHelper.ScriptHelperApi.1] =>Toolbar.AVGSearch
[HKLM\Software\Classes\TbCommonUtils.CommonUtils] =>Toolbar.Agent
[HKLM\Software\Classes\TbCommonUtils.CommonUtils.1] =>Toolbar.Agent
[HKLM\Software\Classes\URLSearchHook.ToolbarURLSearchHook] =>Toolbar.Agent
[HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook.1] =>Adware.Agent
[HKLM\Software\Classes\ViProtocol.ViProtocolOLE] =>Toolbar.AVGSearch
[HKLM\Software\Classes\ViProtocol.ViProtocolOLE.1] =>Toolbar.AVGSearch
[HKLM\Software\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd] =>Adware.IncrediBar
[HKCU\Software\ConduitSearchScopes] =>Toolbar.Conduit
[HKCU\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\DataMngr] =>Adware.Bandoo
[HKCU\Software\DSNR Labs] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\FilesFrog Update Checker] =>Adware.Agent
[HKCU\Software\Incredibar.com] =>Adware.IncrediBar
[HKLM\Software\Incredibar.com] =>Adware.IncrediBar
[HKCU\Software\PriceGong] =>Adware.PriceGong
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKLM\Software\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}] =>PUP.Funmoods
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\Prod.cap] =>PUP.Babylon
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DCDBBF03-BC10-457D-911F-EFB0321D22BE}] =>Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}] =>PUP.Funmoods
[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar] =>Toolbar.AVGSafeGuard
[HKCU\Software\AVG SafeGuard toolbar] =>Toolbar.AVGSafeGuard
[HKLM\Software\AVG SafeGuard toolbar] =>Toolbar.AVGSafeGuard
[HKLM\Software\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof] =>Toolbar.AVGSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}] =>Adware.WebCake
[HKLM\Software\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}] =>Adware.BrowseFox
[HKLM\Software\Classes\Incredibar.dskBnd] =>Adware.Incredibar
[HKLM\Software\Classes\Incredibar.dskBnd.1] =>Adware.Incredibar
[HKLM\Software\Classes\Incredibar.IncredibarHlpr] =>Adware.Incredibar
[HKLM\Software\Classes\Incredibar.IncredibarHlpr.1] =>Adware.Incredibar
[HKLM\Software\Classes\IncredibarApp.appCore] =>Adware.Incredibar
[HKLM\Software\Classes\IncredibarApp.appCore.1] =>Adware.Incredibar
[HKLM\Software\Classes\TbHelper.TbDownloadManager] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbDownloadManager.1] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbPropertyManager] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbPropertyManager.1] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbRequest] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbRequest.1] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbTask] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbTask.1] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.ToolbarHelper] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.ToolbarHelper.1] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar.CT2233703] =>Toolbar.Conduit
[HKLM\Software\Classes\Toolbar3.ContextMenuNotifier] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.ContextMenuNotifier.1] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.CustomInternetSecurityImpl] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.CustomInternetSecurityImpl.1] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.SBCONVERT] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.SBCONVERT.1] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.SearchProviderManager] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.SearchProviderManager.1] =>Toolbar.Agent
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{F9639E4A-801B-4843-AEE3-03D9DA199E77} =>Adware.IncrediBar^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:mobilegeni daemon =>PUP.Mobogenie^
C:\Program Files\BrowseSmart =>PUP.BrowseSmart^
C:\Program Files\Incredibar.com =>Adware.IncrediBar^
C:\Program Files\MyPC Backup =>PUP.MyPCBackup^
C:\Program Files\SuRof andu keepp =>Adware.SurfAndKeep^
C:\Program Files\Web Cake =>Adware.WebCake^
C:\Program Files\YoutubeAdblocker =>PUP.Multiplug^
C:\Documents and Settings\All Users\Application Data\Babylon =>PUP.Babylon^
C:\Documents and Settings\All Users\Application Data\rvlkl =>Keylogger.Logixoft^
C:\Documents and Settings\All Users\Application Data\SuRof andu keepp =>Adware.SurfAndKeep^
C:\Documents and Settings\All Users\Application Data\Tarma Installer =>PUP.Tarma^
C:\Documents and Settings\All Users\Application Data\YoutubeAdblocker =>PUP.Multiplug^
C:\Documents and Settings\Administrateur\Application Data\B1Toolbar =>Hijacker.SearchB1org^
C:\Documents and Settings\Administrateur\Application Data\Babylon =>PUP.Babylon^
C:\Documents and Settings\Administrateur\Application Data\File Scout =>PUP.FileScout^
C:\Documents and Settings\Administrateur\Application Data\Incredibar.com =>Adware.IncrediBar^
C:\Documents and Settings\Administrateur\Application Data\PriceGong =>Adware.PriceGong^
C:\Documents and Settings\Administrateur\Application Data\Web Cake =>Adware.WebCake^
C:\Program Files\Conduit =>Toolbar.Conduit
C:\Program Files\Fichiers communs\AVG Secure Search =>Toolbar.AVGSearch
C:\Documents and Settings\All Users\Application Data\InstallMate =>PUP.Tarma
C:\Documents and Settings\Administrateur\Application Data\eType =>Adware.Zugo
C:\Documents and Settings\Administrateur\Application Data\Toolbar4 =>Toolbar.Conduit
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Conduit =>Toolbar.Conduit
C:\Documents and Settings\Administrateur\Local Settings\Application Data\B1E =>Toolbar.BrotherSoft
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application^
C:\Program Files\BrowseSmart\updateBrowseSmart.exe =>PUP.BrowseSmart^
C:\Program Files\BrowseSmart\bin\utilBrowseSmart.exe =>PUP.BrowseSmart^
C:\Program Files\Fichiers communs\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe =>Toolbar.AVGSearch^
C:\Program Files\Betcat\WBDesktop.Updater.exe =>Adware.WebCake^
C:\Program Files\Fichiers communs\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe =>Toolbar.AVGSearch^
C:\WINDOWS\Tasks\GoforFilesUpdate.job =>P2P.GoforFiles^
C:\WINDOWS\Tasks\putefn.job =>Hijacker.iHaveNet^
[HKCU\Software\BabSolution] =>Hijacker.BabSolution^
[HKCU\Software\BrowseSmart] =>PUP.BrowseSmart^
[HKCU\Software\Conduit] =>Toolbar.Conduit^
[HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr^
[HKCU\Software\FileScout] =>PUP.FileScout^
[HKCU\Software\IB Updater] =>Adware.InstallBrain^
[HKCU\Software\Smartbar] =>Hijacker.SmartBar^
[HKLM\Software\Babylon] =>PUP.Babylon^
[HKLM\Software\Conduit] =>Toolbar.Conduit^
[HKLM\Software\IB Updater] =>Adware.InstallBrain^
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:dllName="BrowserDefender.dll" =>Hijacker.Hijacker.Eazel^
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:dllName="BrowserDefender.dll" =>Hijacker.Hijacker.Eazel^
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:dllName="BitGuard.dll" =>PUP.BitGuard^
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1694.246]:dllName="BitGuard.dll" =>PUP.BitGuard^
[HKCU\Software\596d8d0b038ee47\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.7.1769.27]:SERVICE_NAME="BitGuard" =>PUP.BitGuard^
~ Additionnel Scan: 139403 Items scanned in 00mn 29s
---\\ Summary of the detections found on your workstation
~ http://nicolascoolman.webs.com/apps/blog/show/39517100-pup-browsesmart =>PUP.BrowseSmart
~ http://nicolascoolman.webs.com/apps/blog/show/27285539-adware-webcake =>Adware.WebCake
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/26898222-adware-incredibar =>Adware.Incredibar
~ http://nicolascoolman.webs.com/apps/blog/show/27910374-keylogger-logixoft =>Keylogger.Logixoft
~ http://nicolascoolman.webs.com/apps/blog/show/41034005-pup-mobogenie =>PUP.Mobogenie
~ http://nicolascoolman.webs.com/apps/blog/show/33336602-hijacker-ihavenet =>Hijacker.iHavenet
~ http://nicolascoolman.webs.com/apps/blog/show/27161672-hijacker-eazel =>Hijacker.Eazel
~ http://nicolascoolman.webs.com/apps/blog/show/26678994-hijacker-babsolution =>Hijacker.BabSolution
~ http://nicolascoolman.webs.com/apps/blog/show/27583992-pup-datamngr =>PUP.Datamngr
~ http://nicolascoolman.webs.com/apps/blog/show/34311830-pup-filescout =>PUP.FileScout
~ http://nicolascoolman.webs.com/apps/blog/show/26907365-adware-installbrain =>Adware.InstallBrain
~ http://nicolascoolman.webs.com/apps/blog/show/29790567-adware-installcore =>Adware.InstallCore
~ http://nicolascoolman.webs.com/apps/blog/show/26666995-adware-pricegong =>Adware.PriceGong
~ http://nicolascoolman.webs.com/apps/blog/show/26990375-hijacker-smartbar =>Hijacker.SmartBar
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>PUP.Babylon
~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma
~ http://nicolascoolman.webs.com/apps/blog/show/32174815-pup-mypcbackup =>PUP.MyPCBackup
~ http://nicolascoolman.webs.com/apps/blog/show/35582793-adware-surfandkeep =>Adware.SurfAndKeep
~ http://nicolascoolman.webs.com/apps/blog/show/30703839-hijacker-searchb1org =>Hijacker.SearchB1org
~ http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch =>Toolbar.DeltaSearch
~ http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch =>Adware.MyWebSearch
~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster
~ http://nicolascoolman.webs.com/apps/blog/show/35127313-pua-browserdefendert =>PUA.BrowserDefendert
~ http://nicolascoolman.webs.com/apps/blog/show/32979753-pup-bitguard =>PUP.BitGuard
~ http://nicolascoolman.webs.com/apps/blog/show/27480243-adware-socialskinz =>Adware.SocialSkinz
~ http://nicolascoolman.webs.com/apps/blog/show/28766471-adware-iwinarcade =>Adware.iWinArcade
~ http://nicolascoolman.webs.com/apps/blog/show/30234464-pup-toparcadehits =>PUP.ToparcadeHits
~ http://nicolascoolman.webs.com/apps/blog/show/27674245-adware-bullseyetoolbar =>Adware.BullseyeToolbar
~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo
~ http://nicolascoolman.webs.com/apps/blog/show/27630986-pup-funmoods =>PUP.Funmoods
~ http://nicolascoolman.webs.com/apps/blog/show/32363262-adware-browsefox =>Adware.BrowseFox
~ http://nicolascoolman.webs.com/apps/blog/show/26828293-adware-zugo =>Adware.Zugo
~ MSI: 33 link(s) detected in 00mn 31s
~ 890 Legitimates filtered by white list
End of the scan (847 lines in 01mn 25s)(0)