cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2014.8.9.116 - Nicolas Coolman (2014-08-09)
~ Lancé par Bernard (2014-08-11 09:45:49)
~ Adresse du Site Web http://nicolascoolman.fr
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Désactivée par l'utilisateur
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v9.0.8112.16421
GCIE: Google Chrome v36.0.1985.125 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista (TM) Home Premium, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
~ Windows Operating System - Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 3FTT3
Windows License : OK
Windows Automatic Updates : OK

---\\ Logiciels de protection du système
AVG 2014 v14.0.4007
Trusteer Sécurité des points d'accès v3.5.1307.93

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 14 ActiveX
Adobe Reader X
Java 7 Update 55

---\\ Informations sur le système
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3070 MB (47% free)
System Restore: Activé (Enable)
System drive C: has 10 GB (10%) free of 100 GB

---\\ Mode de connexion au système
~ Computer Name: LAPTOP
~ User Name: Bernard
~ All Users Names: Bernard, ASPNET, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Bernard\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Bernard\AppData\Roaming\
~ %Desktop% : C:\Users\Bernard\Desktop\
~ %Favorites% : C:\Users\Bernard\Favorites\
~ %LocalAppData% : C:\Users\Bernard\AppData\Local\
~ %StartMenu% : C:\Users\Bernard\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 10 Go of 100 Go)
D: Hard drive, Flash drive, Thumb drive (Free 189 Go of 190 Go)
E: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: Modified
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Security Center: 50 Scanned in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.2009-04-11 - 01:27:36.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.2008-01-20 - 21:23:42.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.61D9AD9E55D7A1E10C0EF701ADE1C486] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.2014-06-06 - 18:02:16.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.2009-04-11 - 01:28:13.) -- C:\Windows\System32\Winlogon.exe [314368]
[MD5.F5272A105F59A7B3B345D9D6D87DA7AD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.2014-05-30 - 01:53:22.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.2009-04-11 - 01:32:26.) -- C:\Windows\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.2008-01-20 - 21:23:51.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.2009-04-10 - 23:39:17.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.2011-04-14 - 09:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.2009-04-10 - 23:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.2008-01-20 - 21:23:20.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.2008-01-20 - 21:24:25.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.2011-04-29 - 08:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.2009-04-10 - 23:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856]
[MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.2013-03-03 - 14:07:52.) -- C:\Windows\system32\Drivers\ntfs.sys [1082232]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.2006-11-02 - 03:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.2008-01-20 - 21:24:55.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.FBC0BACD9C3D7F6956853F64A66E252D] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.2008-01-20 - 21:23:01.) -- C:\Windows\system32\Drivers\rdpdr.sys [248832]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.2009-04-10 - 23:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.2009-04-10 - 23:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192]
[MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.2012-08-21 - 06:47:42.) -- C:\Windows\system32\Drivers\volsnap.sys [224640]
~ Generic Processes: Scanned in 00mn 01s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 74/4640
~ Mes musiques (My Musics) : 69/99
~ Mes Favoris (My Favorites) : 1/215
~ Mes Documents (My Documents) : 1/7700
~ Mon Bureau (My Desktop) : 1/22
~ Menu demarrer (Programs) : 2/44
~ Hidden Files: Scanned in 00mn 15s



---\\ Processus lancés
[MD5.E9938F144C15A96DB353137683B4271F] - (.Trusteer Ltd. - RapportService.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe [2640152] [PID.2636]
[MD5.F4418E93F50CBD6DF523685F83C079D4] - (.MSI - System Control Manager.) -- C:\Program Files\LG Software\System Control Manager\MGSysCtrl.exe [565248] [PID.3824]
[MD5.CEB8177E5FD2709DBC9D7DF84ECA116D] - (.BIT LEADER - Giljabi Start.) -- C:\Program Files\lg_swupdate\GiljabiStart.exe [296240] [PID.3840]
[MD5.598DAA6F3B34C8F523AC1AE1AB483799] - (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe [4718592] [PID.3860]
[MD5.F98281EF23616F751FABE97A6EC5DBE6] - (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104] [PID.3916]
[MD5.CAF03357DE72F8F19FA099581A685C1A] - (.Apple Computer, Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\qttask.exe [282624] [PID.3928]
[MD5.D83D1046B8074C2DE0AE3E7CBCBC9AA6] - (.Pas de propriétaire - CPMonitor Application.) -- C:\Program Files\Roxio Creator 2009 Special Edition\5.0\CPMonitor.exe [84464] [PID.3948]
[MD5.CE5C9977DA751DDC30952AC4DCBCA788] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208] [PID.3964]
[MD5.04A6AFB35C568B8362B62D0EC1433EAE] - (.Pas de propriétaire - OtShot MFC Application.) -- C:\Program Files\OtShot\otshot.exe [4386816] [PID.3980]
[MD5.C456658AF90F42BE3CDF1048F9CDB5CA] - (.Microsoft Corporation - Notifications du contrôle parental Windows.) -- C:\Windows\System32\wpcumi.exe [176128] [PID.4004]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336] [PID.4012]
[MD5.1425E5356CA84583CBE65B456A0AE97A] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files\AVG\AVG2014\avgui.exe [5187088] [PID.4048]
[MD5.BF08674925F151BD4537B89A493E3E0C] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehtray.exe [125952] [PID.2180]
[MD5.01288497B818A49B5ADC83FCB650CEFC] - (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe [1818472] [PID.1604]
[MD5.31EBC020D9B2D6239E2AF90BD48B6E60] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [20587680] [PID.1656]
[MD5.3A95A6A724A1C1D66FB9B69D58A5CD76] - (.Pas de propriétaire - Rainlendar2.) -- C:\Program Files\Rainlendar2\Rainlendar2.exe [2611808] [PID.1524]
[MD5.7E6ACA6B6C89B7CD098944A9159DAED3] - (.TomTom - System Tray application for TomTom HOME.) -- D:\TomTom HOME 2\TomTomHOMERunner.exe [248208] [PID.2320]
[MD5.E681281D9BFC9D45D3B72532717E5880] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [49152] [PID.2644]
[MD5.0F4195B9B348DE5CF9B822F81704B20E] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\Windows\ehome\ehmsas.exe [37376] [PID.3228]
[MD5.B43E68B8A022FB00FF54360D408E871B] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [860488] [PID.3204]
[MD5.2BE6691CF0E13A8D49B89AB050FADA66] - (.Hewlett-Packard Co. - HPNetworkCommunicator.) -- C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe [655208] [PID.3312]
[MD5.25CA1677AAA3CDC99CD4FCF940886F3C] - (.ATI Technologies Inc. - Catalyst Control Centre: Host application.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [49152] [PID.3224]
[MD5.2875ED5399CD95AD378B35097311FB1E] - (.Client Connect LTD - Search Protect.) -- C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe [5428672] [PID.5160] =>PUP.SearchProtect
[MD5.FCD5525DF15E9F59707AE0CBE0D636C2] - (.Client Connect LTD - Search Protect.) -- C:\Program Files\SearchProtect\UI\bin\cltmngui.exe [3226560] [PID.4912] =>PUP.SearchProtect
[MD5.7DCE7A74764EB7C67D21A32BC579453D] - (.Oracle Corporation - Java(TM) Update Checker.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe [507264] [PID.5672]
[MD5.044C57C0B61A20B982F40AD8E436EC0C] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8090624] [PID.2608]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.1072]
[MD5.0616B9B072D1358FEBBEF0F3A8C87012] - (.AVG Technologies CZ, s.r.o. - AVG Resident Shield Service.) -- C:\Program Files\AVG\AVG2014\avgrsx.exe [846864] [PID.496]
[MD5.682105DBD23ADD0FDFCFB8A4765E89D0] - (.AVG Technologies CZ, s.r.o. - AVG Scanning Core Module - Server Part.) -- C:\Program Files\AVG\AVG2014\avgcsrvx.exe [643088] [PID.532]
[MD5.7DAE238180AE07A393DEE9E62BE40051] - (.Trusteer Ltd. - RapportMgmtService.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [1886488] [PID.1204]
[MD5.A8F308D79950DE33B478A3E5E026ADD9] - (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) -- C:\Windows\system32\Ati2evxx.exe [667648] [PID.1316]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1556]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.2308]
[MD5.2563652FA7B34E36B868F9F5E192DB4B] - (.AVG Technologies CZ, s.r.o. - AVG Firewall Service.) -- C:\Program Files\AVG\AVG2014\avgfws.exe [1417160] [PID.2364]
[MD5.35C4B10F6BE9D2A375F153895D046FC1] - (.AVG Technologies CZ, s.r.o. - AVG Identity Protection Service.) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe [3244048] [PID.2432]
[MD5.809201993B2CD679194915D8F2AAB37A] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328] [PID.2524]
[MD5.397D14958D6C9C2B365469A857B2AC4E] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe [230792] [PID.2624]
[MD5.725FF88EA218FD7FAC44FC7BE32E60ED] - (...) -- C:\Program Files\LG Software\System Control Manager\edd.exe [61440] [PID.2684]
[MD5.D955D5DE998DB2476BF0892BE3A96C26] - (.O2Micro International - O2 Flash Memory Service.) -- C:\Program Files\O2Micro Oz128 Driver\o2flash.exe [65536] [PID.2820]
[MD5.5B3462FA2A3878316F3933B0CB0C40C1] - (.AVG Technologies CZ, s.r.o. - AVG Online Shield Service.) -- C:\Program Files\AVG\AVG2014\avgnsx.exe [838160] [PID.3348]
[MD5.273EF1811FA753D8867A683AEE10B1B5] - (.AVG Technologies CZ, s.r.o. - AVG E-mail Scanner.) -- C:\Program Files\AVG\AVG2014\avgemcx.exe [657936] [PID.3380]
[MD5.E4FAD21646088D79F8889B6531396ACF] - (.TomTom - Windows Service for TomTom HOME.) -- D:\TomTom HOME 2\TomTomHOMEService.exe [93072] [PID.2588]
[MD5.4AA2CC5979AFF984227364F2C23B04F3] - (.Wajam - Auto-updater.) -- C:\Program Files\Wajam\Updater\WajamUpdater.exe [109064] [PID.3264] =>PUP.Wajam
[MD5.DD0042F0C3B606A6A8B92D49AFB18AD6] - (.Yahoo! Inc. - AutoUpater Service Module.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [602392] [PID.1540]
[MD5.49010923A074F8C93B0CBC10600187CD] - (.Client Connect LTD - Search Protect.) -- C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe [2982336] [PID.4372] =>PUP.SearchProtect
[MD5.97D9D6A04E3AD9B6C626B9931DB78DBA] - (.Microsoft Corporation - Programme d’installation de modules Windows.) -- C:\Windows\servicing\TrustedInstaller.exe [39424] [PID.4124]
~ Processes Running: Scanned in 00mn 04s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Bernard\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][HomePage] http://www.google.ca
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Store v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [booedmolknjekdopkepjjeckmjkdpfgl] Extutil v.0.1 (Activé) =>PUP.Manager
G2 - GCE: Preference [User Data\Default] [eemcgdkfndhakfknompkggombfjjjeno] Bookmark Manager v.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [ennkphjdgehloodpbhlhldgbnhmacadg] Settings v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [flpcjncodpafbgdpnkljologafpionhb] Managera v.0.1 (Activé) =>PUP.Manager
G2 - GCE: Preference [User Data\Default] [gfdkimpbcpahaombhbimeihdjnejgicl] Feedback v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [jcdgjdiieiljkfkdcloehkohchhpekkn] SweetIM for Facebook v.1.2.0.0 (Désactivé) =>PUP.SweetIM
G2 - GCE: Preference [User Data\Default] [kicbefokomboipccpmfmeomobpijbnie] midicairus2 v.10.31.4.510, (Désactivé) =>Toolbar.Midicairus
G2 - GCE: Preference [User Data\Default] [kmendfapggjehodndflmmgagdbamhnfd] CryptoTokenExtension v.0.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [lonndllmbldmmoefheenkmgkencnkdkh] KeyBar 1.6 v.10.31.4.510, (Désactivé) =>Toolbar.KeyBar
G2 - GCE: Preference [User Data\Default] [mfehgcgbbipciphmccgaenjidiccnmng] Cloud Print v.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [mgndgikekgjfcpckkfioiadnlibdjbkf] Chrome v.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

---\\ Liste des dossiers d'extension Google Chrome
G2 - EXT: C:\Users\Bernard\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn [SweetIM for Facebook] =>PUP.SweetIM
G2 - EXT: C:\Users\Bernard\AppData\Local\Google\Chrome\User Data\Default\Extensions\kicbefokomboipccpmfmeomobpijbnie [midicairus2] =>Toolbar.Midicairus
G2 - EXT: C:\Users\Bernard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lonndllmbldmmoefheenkmgkencnkdkh [KeyBar 1.6] =>Toolbar.KeyBar
G2 - EXT: C:\Users\Bernard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [Google Wallet]
~ Google Lines Browser: 21 Scanned in 00mn 12s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
M2 - MFEP: RegExtension {58bd07eb-0ee0-4df0-8121-dc9b693373df} . (...) -- C:\ProgramData\BrowserProtect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension (.not file.) =>Hijacker.Eazel
P2 - FPN: [HKLM] [@adobe.com/ShockwavePlayer] - (.Adobe Systems, Inc. - Adobe Shockwave for Director Netscape plug-in, version 11.5.) -- C:\Windows\system32\Adobe\Director\np32dsw.dll
P2 - FPN: [HKLM] [@java.com/DTPlugin,version=10.55.2] - (.Oracle Corporation - NPRuntime Script Plug-in Library for Java(TM) Deploy.) -- C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
P2 - FPN: [HKLM] [@java.com/JavaPlugin,version=10.55.2] - (.Oracle Corporation - Next Generation Java Plug-in 10.55.2 for Mozilla browsers.) -- C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 5.1.30514.0.) -- C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll
P2 - FPN: [HKLM] [@microsoft.com/OfficeAuthz,version=14.0] - (.Microsoft Corporation - Office Authorization plug-in for NPAPI browsers.) -- C:\Program Files\Microsoft Office\Office14\NPAUTHZ.dll
P2 - FPN: [HKLM] [@microsoft.com/OfficeLive,version=1.5] - (.Microsoft Corp. - Office Live Update v1.5.) -- C:\Program Files\Microsoft\Office Live\npOLW.dll
P2 - FPN: [HKLM] [@microsoft.com/SharePoint,version=14.0] - (.Microsoft Corporation - The plug-in allows you to open and edit files using Microsoft Office a.) -- C:\Program Files\Microsoft Office\Office14\NPSPWRAP.dll
P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=15.4.3502.0922] - (.Microsoft Corporation - NPWLPG.) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=15.4.3508.1109] - (.Microsoft Corporation - NPWLPG.) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=15.4.3538.0513] - (.Microsoft Corporation - NPWLPG.) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=15.4.3555.0308] - (.Microsoft Corporation - NPWLPG.) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
P2 - FPN: [HKLM] [@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5] - (.RocketLife, LLP - A component of your photo software powered by RocketLife.) -- C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll
P2 - FPN: [HKLM] [Adobe Reader] - (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.10.) -- C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
P2 - FPN: [HKCU] [@facebook.com/FBPlugin,version=1.0.3] - (.Pas de propriétaire - Provides additional functionality on Facebook. See ~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
O1 - Hosts: 54.204.28.26 nikdaiaidiiiogaidkkekcmokcgcdeac
~ Hosts File: Scanned in 00mn 09s
~ Nombre de lignes (Lines number): 12659



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} . (...) -- C:\Program Files\IEPro\iepro.dll (.not file.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} Clé orpheline
O2 - BHO: Wincore Mediabar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} . (...) -- C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll (.not file.) =>PUP.iMesh
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} Clé orpheline
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: BrowserHelper Class - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} . (.Make The Web Better, LLC - Pas de description.) -- C:\Program Files\SGPSA\SearchAssistant.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} . (...) -- C:\PROGRA~1\WI9130~1\Datamngr\ToolBar\searchqudtx.dll (.not file.) =>PUP.Datamngr
O2 - BHO: Wajam IE BHO - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} . (.Wajam - Wajam Internet Explorer Add-on.) -- C:\Program Files\Wajam\IE\priam_bho.dll =>PUP.Wajam
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} . (.Microsoft Corporation - Microsoft Office Document Cache Handler.) -- C:\Program Files\Microsoft Office\Office14\URLREDIR.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} . (.Google Inc. - These are the Gears that power the tubes! :.) -- C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
~ BHO: 24 Scanned in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Grab Pro - [HKLM]{C55BBCD6-41AD-48AD-9953-3609C48EACC7} . (...) -- C:\Program Files\IEPro\IEProRecorder.dll
O3 - Toolbar: Searchqu Toolbar - [HKLM]{99079a25-328f-4bd4-be04-00955acaa0a7} . (...) -- C:\Program Files\WI9130~1\Datamngr\ToolBar\searchqudtx.dll =>PUP.Datamngr
O3 - Toolbar: Wincore Mediabar - [HKLM]{28387537-e3f9-4ed7-860c-11e69af4a8a0} . (...) -- C:\Program Files\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll =>PUP.iMesh
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{1BB22D38-A411-4B13-A746-C2A4F4EC7344} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{30F9B915-B755-4826-820B-08FBA6BD249D} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{C55BBCD6-41AD-48AD-9953-3609C48EACC7} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Bernard]: Offline Mail.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://mail.google.com =>Hijacker.Browsers
~ Global Startup: 1 Scanned in 00mn 04s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKLM\..\Run: [MGSysCtrl] . (.MSI - System Control Manager.) -- C:\Program Files\LG Software\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [LG Intelligent Update] . (.BIT LEADER - Giljabi Start.) -- C:\Program Files\lg_swupdate\giljabistart.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Run: [UCam_Menu] . (.CyberLink Corp. - StartMen Application.) -- C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Computer, Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [fssui] . (.Microsoft Corporation - Windows Live Family Safety Filter.) -- C:\Program Files\Windows Live\Family Safety\fsui.exe
O4 - HKLM\..\Run: [CPMonitor] . (.Pas de propriétaire - CPMonitor Application.) -- C:\Program Files\Roxio Creator 2009 Special Edition\5.0\CPMonitor.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [OtShot] . (.Pas de propriétaire - OtShot MFC Application.) -- C:\Program Files\OtShot\otshot.exe
O4 - HKLM\..\Run: [WPCUMI] . (.Microsoft Corporation - Notifications du contrôle parental Windows.) -- C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [fst_ca_2] Clé orpheline =>Adware.FreeSoftToday
O4 - HKLM\..\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files\AVG\AVG2014\avgui.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\Bernard\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
O4 - HKCU\..\Run: [HP Deskjet 3510 series (NET)] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe =>.Hewlett-Packard Co
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [Rainlendar2] . (.Pas de propriétaire - Rainlendar2.) -- C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] . (.TomTom - System Tray application for TomTom HOME.) -- D:\TomTom HOME 2\TomTomHOMERunner.exe
O4 - HKCU\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe =>.Microsoft Corporation
O4 - HKUS\.DEFAULT\..\Run: [SearchProtect] Clé orpheline =>PUP.SearchProtect
O4 - HKUS\S-1-5-18\..\Run: [SearchProtect] Clé orpheline =>PUP.SearchProtect
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-21-2899770558-228574227-284294365-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2899770558-228574227-284294365-1000\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-21-2899770558-228574227-284294365-1000\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\Bernard\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
O4 - HKUS\S-1-5-21-2899770558-228574227-284294365-1000\..\Run: [HP Deskjet 3510 series (NET)] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe =>.Hewlett-Packard Co
O4 - HKUS\S-1-5-21-2899770558-228574227-284294365-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-2899770558-228574227-284294365-1000\..\Run: [Rainlendar2] . (.Pas de propriétaire - Rainlendar2.) -- C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKUS\S-1-5-21-2899770558-228574227-284294365-1000\..\Run: [TomTomHOME.exe] . (.TomTom - System Tray application for TomTom HOME.) -- D:\TomTom HOME 2\TomTomHOMERunner.exe
O4 - HKUS\S-1-5-21-2899770558-228574227-284294365-1000\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} -- C:\Program Files\IEPro\iepro.dll (.not file.)
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} -- C:\Program Files\IEPro\iepro.dll (.not file.)
O9 - Extra button: Paramètres de Google &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} -- Clé orpheline
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBTTN~1.dll =>.Microsoft Corporation
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d'affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll =>.Microsoft Corporation
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll
O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corporation - Windows Sockets Helper DLL.) -- C:\Windows\system32\wshbth.dll
~ Winsock: 7 Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F4B8F84-7569-4135-8FD2-C7258DEE912F}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{C9F9E15A-2E2E-4722-92A8-EC87F7D40B8D}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{6F4B8F84-7569-4135-8FD2-C7258DEE912F}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{C9F9E15A-2E2E-4722-92A8-EC87F7D40B8D}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{6F4B8F84-7569-4135-8FD2-C7258DEE912F}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{C9F9E15A-2E2E-4722-92A8-EC87F7D40B8D}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{C9F9E15A-2E2E-4722-92A8-EC87F7D40B8D}: DhcpDomain = vf.cgocable.ca
O17 - HKLM\System\CS3\Services\Tcpip\..\{6F4B8F84-7569-4135-8FD2-C7258DEE912F}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS3\Services\Tcpip\..\{C9F9E15A-2E2E-4722-92A8-EC87F7D40B8D}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{C9F9E15A-2E2E-4722-92A8-EC87F7D40B8D}: DhcpDomain = vf.cgocable.ca
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.Client Connect LTD - Search Protect.) - C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll =>PUP.SearchProtect
~ AppInit DLL: Scanned in 00mn 00s



---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Contrôleur de site Web.) -- C:\Windows\System32\webcheck.dll
~ SSODL: 1 Scanned in 00mn 00s



---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: (Ati External Event Utility) . (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) - C:\Windows\System32\Ati2evxx.exe
O23 - Service: Pare-feu AVG (avgfws) . (.AVG Technologies CZ, s.r.o. - AVG Firewall Service.) - C:\Program Files\AVG\AVG2014\avgfws.exe
O23 - Service: AVGIDSAgent (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o. - AVG Identity Protection Service.) - C:\Program Files\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) . (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Search Protect Service (CltMngSvc) . (.Client Connect LTD - Search Protect.) - C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe =>PUP.SearchProtect
O23 - Service: Google Update Service (gupdate) (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe =>.Google Inc
O23 - Service: Evil Driver Daemon (NishService) . (...) - C:\Program Files\LG Software\System Control Manager\edd.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) . (.O2Micro International - O2 Flash Memory Service.) - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: Rapport Management Service (RapportMgmtService) . (.Trusteer Ltd. - RapportMgmtService.) - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Roxio Upnp Server 11 (Roxio Upnp Server 11) . (.Sonic Solutions - RoxioUpnpService11 Module.) - C:\Program Files\Roxio Creator 2009 Special Edition\Digital Home 11\RoxioUpnpService11.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) . (...) - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (.not file.)
O23 - Service: LiveShare P2P Server 11 (RoxLiveShare11) . (.Sonic Solutions - Roxio LiveShare Service.) - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe
O23 - Service: Roxio Hard Drive Watcher 11 (RoxWatch11) . (.Sonic Solutions - RoxWatch11 Module.) - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TomTomHOMEService (TomTomHOMEService) . (.TomTom - Windows Service for TomTom HOME.) - D:\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: WajamUpdater (WajamUpdater) . (.Wajam - Auto-updater.) - C:\Program Files\Wajam\Updater\WajamUpdater.exe =>PUP.Wajam
~ Services: 16 Scanned in 00mn 26s



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(.Microsoft Corporation - Microsoft Office Word.) - C:\Program Files\Microsoft Office\Office12\WINWORD.exe
O24 - Desktop General: BackupWallPaper - .(...) - C:\Users\Bernard\Pictures\Nouveau dossier\tumblr_m61w28ZOEY1rzssc8o1_500.jpg
O24 - Desktop General: WallPaper - .(...) - C:\Users\Bernard\Pictures\Nouveau dossier\tumblr_m61w28ZOEY1rzssc8o1_500.jpg
~ Desktop Component: 4 Scanned in 00mn 00s



---\\ Enumère les données de BootExecute (BEX) (O34)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
~ BEX: 1 Scanned in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [4883] (...) -- C:\Users\Bernard\AppData\Local\Temp\launchie.vbs \\B (.not file.) [0]
[MD5.A6B6AB9502B63F43A9A56AE6AFB22078] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [262320]
[MD5.2064E97CF3396C4EC5A497CE49E4515F] [APT] [bench-sys] (...) -- C:\Program Files\Bench\Updater\updater.exe [254456] =>PUP.GiganticSavings
[MD5.00000000000000000000000000000000] [APT] [Funmoods] (...) -- C:\Users\Bernard\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>PUP.Funmoods
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe [136176]
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe [136176]
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskUserS-1-5-21-2899770558-228574227-284294365-1000Core] (.Google Inc..) -- C:\Users\Bernard\AppData\Local\Google\Update\GoogleUpdate.exe [136176]
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskUserS-1-5-21-2899770558-228574227-284294365-1000UA] (.Google Inc..) -- C:\Users\Bernard\AppData\Local\Google\Update\GoogleUpdate.exe [136176]
[MD5.B9E3FCBACBD3DD05C2C60E8405C9B78D] [APT] [HP Photo Creations Communicator] (...) -- C:\ProgramData\HP Photo Creations\Communicator.exe [185920]
[MD5.D35D96683476CFA5DC483F2F18C52795] [APT] [HPCustParticipation HP Deskjet 3510 series] (.Hewlett-Packard Co..) -- C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPCustPartic.exe [2905448]
[MD5.00000000000000000000000000000000] [APT] [Launch HTC Sync Loader] (...) -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B6083279-ACAB-424B-BF8E-3FFFE2715DFD}] (...) -- C:\Program Files\Bandoo\PreUninstall.exe (.not file.) [0] =>Adware.Bandoo
O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\Windows\Tasks\Adobe Flash Player Updater.job [1002]
O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: - (..) -- C:\Windows\Tasks\AmiUpdXp.job [364] =>PUP.Software.Updater
O39 - APT: bench-sys - (...) -- C:\Windows\Tasks\bench-sys.job [336] =>Hijacker.iHaveNet
O39 - APT: bench-sys - (...) -- C:\Windows\System32\Tasks\bench-sys [336] =>PUP.GiganticSavings
O39 - APT: - (..) -- C:\Windows\Tasks\bench-Updater removing.job [286] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\System32\Tasks\bench-Updater removing [286] =>PUP.CrossRider
O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [1054]
O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1054]
O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [1058]
O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1058]
O39 - APT: GoogleUpdateTaskUserS-1-5-21-2899770558-228574227-284294365-1000Core - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2899770558-228574227-284294365-1000Core.job [1034]
O39 - APT: GoogleUpdateTaskUserS-1-5-21-2899770558-228574227-284294365-1000Core - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2899770558-228574227-284294365-1000Core [1034]
O39 - APT: GoogleUpdateTaskUserS-1-5-21-2899770558-228574227-284294365-1000UA - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2899770558-228574227-284294365-1000UA.job [1086]
O39 - APT: GoogleUpdateTaskUserS-1-5-21-2899770558-228574227-284294365-1000UA - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2899770558-228574227-284294365-1000UA [1086]
O39 - APT: HP Photo Creations Communicator - (...) -- C:\Windows\Tasks\HP Photo Creations Communicator.job [342]
O39 - APT: HP Photo Creations Communicator - (...) -- C:\Windows\System32\Tasks\HP Photo Creations Communicator [342]
~ Scheduled Task: 22 Scanned in 00mn 09s



---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Microsoft Windows Media Player - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Ressources du Lecteur Windows Media.) -- C:\Windows\System32\wmploc.dll =>.Microsoft Corporation
O40 - ASIC: Internet Explorer - >{26923b43-4d38-484f-9b9e-de460746276c} . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\system32\ie4uinit.exe
O40 - ASIC: Browser Customizations - >{60B49E34-C7CC-11D0-8953-00A0C90347FF} . (.Microsoft Corporation - Personnalisation d’IEAK.) -- C:\Windows\system32\iedkcs32.dll
O40 - ASIC: Microsoft Windows Media Player 11.0 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\Windows\System32\wmpdxm.dll =>.Microsoft Corporation
O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation - API Windows Theme.) -- C:\Windows\System32\themeui.dll
O40 - ASIC: Microsoft Windows Mail 7 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files\Windows Mail\WinMail.exe =>.Microsoft Corporation
O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation - Extension Shell dossier FTP Microsoft Internet Explorer..) -- C:\Windows\System32\msieftp.dll
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Ressources du Lecteur Windows Media.) -- C:\Windows\System32\wmploc.dll =>.Microsoft Corporation
O40 - ASIC: Windows Desktop Update - {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll
O40 - ASIC: Web Platform Customizations - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\system32\mscories.dll
O40 - ASIC: Google Chrome - {8A69D345-D564-463c-AFF1-A69D9E530F96} . (.Google Inc. - Google Chrome Installer.) -- C:\Program Files\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11CF-96B8-444553540000} . (.Adobe Systems, Inc. - Adobe Flash Player 14.0 r0.) -- C:\Windows\system32\Macromed\Flash\Flash32_14_0_0_145.ocx
~ Active Setup: 13 Scanned in 00mn 00s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (Avgdiskx) . (.AVG Technologies CZ, s.r.o. - AVG File Vault Driver.) - C:\Windows\System32\DRIVERS\avgdiskx.sys
O41 - Driver: (Avgfwfd) . (.AVG Technologies CZ, s.r.o. - AVG Filter Driver.) - C:\Windows\System32\DRIVERS\avgfwd6x.sys
O41 - Driver: (AVGIDSDriver) . (.AVG Technologies CZ, s.r.o. - AVG IDS Application Activity Monitor Driver.) - C:\Windows\System32\DRIVERS\avgidsdriverx.sys
O41 - Driver: (AVGIDSShim) . (.AVG Technologies CZ, s.r.o. - AVG IDS Application Activity Monitor Loader.) - C:\Windows\System32\DRIVERS\avgidsshimx.sys
O41 - Driver: (Avgldx86) . (.AVG Technologies CZ, s.r.o. - AVG AVI Loader Driver.) - C:\Windows\System32\DRIVERS\avgldx86.sys
O41 - Driver: (Avgtdix) . (.AVG Technologies CZ, s.r.o. - AVG Network connection watcher.) - C:\Windows\System32\DRIVERS\avgtdix.sys
O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys
O41 - Driver: C:\Windows\System32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys
O41 - Driver: (i8042prt) . (.Microsoft Corporation - Pilote de port i8042.) - C:\Windows\System32\DRIVERS\i8042prt.sys
O41 - Driver: (kbdclass) . (.Microsoft Corporation - Pilote de la classe Clavier.) - C:\Windows\System32\DRIVERS\kbdclass.sys
O41 - Driver: (mouclass) . (.Microsoft Corporation - Pilote de la classe Souris.) - C:\Windows\System32\DRIVERS\mouclass.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
O41 - Driver: (netbt) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver: (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\System32\drivers\pacer.sys (PSched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\System32\DRIVERS\pacer.sys
O41 - Driver: (RapportCerberus_69108) . (...) - C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_69108.sys
O41 - Driver: (RapportEI) . (.Trusteer Ltd. - RapportEI.) - C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
O41 - Driver: (RapportPG) . (.Trusteer Ltd. - RapportPG.) - C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
O41 - Driver: (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\Windows\System32\DRIVERS\rasacd.sys
O41 - Driver: (rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver: (RDPENCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys
O41 - Driver: C:\Windows\System32\tcpipcfg.dll (Smb) . (.Microsoft Corporation - SMB Transport driver.) - C:\Windows\System32\DRIVERS\smb.sys
O41 - Driver: C:\Windows\System32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\Windows\System32\DRIVERS\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver: (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys
O41 - Driver: Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0 (ws2ifsl) . (.Microsoft Corporation - Winsock2 IFS Layer.) - C:\Windows\system32\drivers\ws2ifsl.sys
~ Drivers: 80 Scanned in 00mn 01s



---\\ Logiciels installés (O42)
O42 - Logiciel: AVG 2014 - (.AVG Technologies.) [HKLM] -- AVG
O42 - Logiciel: AVG 2014 - (.AVG Technologies.) [HKLM] -- {A2F8F3F6-5AE8-4BE7-AE0E-9FA930C8EE90}
O42 - Logiciel: AVG 2014 - (.AVG Technologies.) [HKLM] -- {C9811F26-3EF6-449A-9736-BB79A125D894}
O42 - Logiciel: Adobe AIR - (.Adobe Systems Incorporated.) [HKLM] -- Adobe AIR
O42 - Logiciel: Adobe AIR - (.Adobe Systems Incorporated.) [HKLM] -- {47FA2C44-D148-4DBC-AF60-B91934AA4842}
O42 - Logiciel: Adobe Flash Player 14 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Reader X (10.1.10) - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-AA1000000001}
O42 - Logiciel: Adobe Shockwave Player 11.5 - (.Adobe Systems, Inc..) [HKLM] -- Adobe Shockwave Player
O42 - Logiciel: Atheros Driver Installation Program - (.Atheros.) [HKLM] -- {28006915-2739-4EBE-B5E8-49B25D32EB33}
O42 - Logiciel: Avery Wizard 3.1 - (.Avery.) [HKLM] -- {B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}
O42 - Logiciel: BrowserProtect - (.Bit89 Inc.) [HKLM] -- {15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} =>Hijacker.Eazel
O42 - Logiciel: Catalyst Control Center - Branding - (.ATI.) [HKLM] -- {3F3328F3-79EE-4B2C-A5E2-13D5787ADAC1}
O42 - Logiciel: CyberLink YouCam - (.CyberLink Corp..) [HKLM] -- InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}
O42 - Logiciel: CyberLink YouCam - (.CyberLink Corp..) [HKLM] -- {01FB4998-33C4-4431-85ED-079E3EEFE75D}
O42 - Logiciel: D3DX10 - (.Microsoft.) [HKLM] -- {E09C4DB7-630C-4F06-A631-8EA7239923AF}
O42 - Logiciel: DirectX 9 Runtime - (.Sonic Solutions.) [HKLM] -- {AF9E97C1-7431-426D-A8D5-ABE40995C0B1}
O42 - Logiciel: DirectXInstallService - (.Roxio.) [HKLM] -- {098122AB-C605-4853-B441-C0A4EB359B75}
O42 - Logiciel: EMC 11 Content - (.Nom de votre société.) [HKLM] -- {21ABEA96-CCAB-4C40-8699-6BDFEC5FD63C}
O42 - Logiciel: Facebook Plug-In - (.Facebook, Inc..) [HKCU] -- Facebook Plug-In
O42 - Logiciel: Fast Browser Search (My Tattoons) - (.Make The Web Better, LLC.) [HKLM] -- TBSB07183.TBSB07183Toolbar =>PUP.FbSearch
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM] -- Google Chrome
O42 - Logiciel: Google Gears - (.Google.) [HKLM] -- {2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}
O42 - Logiciel: Google Talk Plugin - (.Google.) [HKLM] -- {C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
O42 - Logiciel: HP Deskjet 3510 series Aide - (.Hewlett Packard.) [HKLM] -- {80AF2B7F-8A40-4FC0-9D66-A4D65009596A}
O42 - Logiciel: HP Photo Creations - (.HP.) [HKLM] -- HP Photo Creations
O42 - Logiciel: HP Update - (.Hewlett-Packard.) [HKLM] -- {6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}
O42 - Logiciel: IE7Pro - (.IE7Pro Team.) [HKLM] -- IE7Pro
O42 - Logiciel: Java 7 Update 55 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83217025FF}
O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM] -- {1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
O42 - Logiciel: LG Intelligent Update - (...) [HKLM] -- {81717D01-32F6-449C-85E1-41AFD678E545}
O42 - Logiciel: LG Smart Recovery - (.LG Electronics Inc.) [HKLM] -- InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}
O42 - Logiciel: Le collectionneur de recettes 1.7.7 - (.Robert Lebel.) [HKLM] -- {9D38CBBA-6627-4606-962F-3B21D7AD4AF0}_is1
O42 - Logiciel: Logiciel de base du périphérique HP Deskjet 3510 series - (.Hewlett-Packard Co..) [HKLM] -- {66DA7BF8-A80A-4B95-85B7-9A7A4CA52539} =>.Hewlett-Packard Co
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
O42 - Logiciel: MSXML 4.0 SP3 Parser (KB2721691) - (.Microsoft Corporation.) [HKLM] -- {355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}
O42 - Logiciel: MSXML 4.0 SP3 Parser (KB2758694) - (.Microsoft Corporation.) [HKLM] -- {1D95BA90-F4F8-47EC-A882-441C99D30C1E}
O42 - Logiciel: MSXML 4.0 SP3 Parser (KB973685) - (.Microsoft Corporation.) [HKLM] -- {859DFA95-E4A6-48CD-B88E-A3E483E89B44}
O42 - Logiciel: MSXML 4.0 SP3 Parser - (.Microsoft Corporation.) [HKLM] -- {196467F1-C11F-4F76-858B-5812ADC83B94}
O42 - Logiciel: Mesh Runtime - (.Microsoft Corporation.) [HKLM] -- {8C6D6116-B724-4810-8F2D-D047E6B7D68E}
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: Next Generation Visualisations - (. Microsoft.) [HKLM] -- {2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}
O42 - Logiciel: O2Micro Flash Memory Card Reader Driver Installer(x86) - (.O2Micro.) [HKLM] -- {78764173-3805-4916-B3CE-B433702B8870}
O42 - Logiciel: QuestScan 1.0 build 131 powered by FIRST SEARCHBAR - (...) [HKLM] -- QuestScan =>Adware.QuestScan
O42 - Logiciel: QuickTime - (.Apple Computer, Inc..) [HKLM] -- {F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
O42 - Logiciel: Rainlendar2 (remove only) - (...) [HKLM] -- Rainlendar2
O42 - Logiciel: Rapport - (.Trusteer.) [HKLM] -- {1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}
O42 - Logiciel: Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Window - (.Realtek.) [HKLM] -- {8833FFB6-5B0C-4764-81AA-06DFEED9A476}
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
O42 - Logiciel: Roxio Activation Module - (.Roxio.) [HKLM] -- {1D53B6F9-E66E-42D8-A221-4FF8AC134FD7}
O42 - Logiciel: Roxio Activation Module - (.Roxio.) [HKLM] -- {EC877639-07AB-495C-BFD1-D63AF9140810}
O42 - Logiciel: Roxio Central - (.Roxio.) [HKLM] -- {3383136B-4F86-4F05-8612-DD4BB16A1EAE}
O42 - Logiciel: Roxio CinePlayer - (.Roxio.) [HKLM] -- {AA749D64-3741-4D5F-B804-B0BC05D179D1}
O42 - Logiciel: Roxio CinePlayer Decoder Pack - (.Roxio.) [HKLM] -- {C0FE37FA-0886-4B66-B01B-76CF70FB77AB}
O42 - Logiciel: Roxio Creator 2009 Special Edition - (.Roxio.) [HKLM] -- {69F56014-2C48-4885-8D72-0E069F89647F}
O42 - Logiciel: Roxio Creator 2009 Special Edition - (.Roxio.) [HKLM] -- {7919D8D9-69FB-4E94-B330-04C4AF251867}
O42 - Logiciel: Roxio Update Manager - (.Roxio.) [HKLM] -- {30465B6C-B53F-49A1-9EBA-A3F187AD502E}
O42 - Logiciel: Roxio Video Capture USB Driver - (...) [HKLM] -- TVEpaDrv
O42 - Logiciel: Search Protect - (.Client Connect LTD.) [HKLM] -- SearchProtect =>PUP.SearchProtect
O42 - Logiciel: Security Update for CAPICOM (KB931906) - (.Microsoft Corporation.) [HKLM] -- KB931906
O42 - Logiciel: Security Update for CAPICOM (KB931906) - (.Microsoft Corporation.) [HKLM] -- {0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
O42 - Logiciel: Security Update for Windows Media Encoder (KB2447961) - (.Microsoft Corporation.) [HKLM] -- KB2447961
O42 - Logiciel: Security Update for Windows Media Encoder (KB954156) - (.Microsoft Corporation.) [HKLM] -- KB954156
O42 - Logiciel: Security Update for Windows Media Encoder (KB979332) - (.Microsoft Corporation.) [HKLM] -- KB979332
O42 - Logiciel: Segoe UI - (.Microsoft Corp.) [HKLM] -- {5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}
O42 - Logiciel: ShopperReports - (.ShopperReports.) [HKLM] -- ShoppingReport2 =>Adware.ShopperReports
O42 - Logiciel: Skype™ 6.11 - (.Skype Technologies S.A..) [HKLM] -- {4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}
O42 - Logiciel: SmartSound Quicktracks Plugin - (.SmartSound Software Inc.) [HKLM] -- InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
O42 - Logiciel: Software Version Updater - (...) [HKLM] -- {99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} =>PUP.Software.Updater
O42 - Logiciel: Synaptics Pointing Device Driver - (.Synaptics.) [HKLM] -- SynTPDeinstKey
O42 - Logiciel: System Control Manager - (.LG.) [HKLM] -- {ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}
O42 - Logiciel: TomTom HOME - (.Nom de votre société.) [HKLM] -- {99072AB4-D795-44D5-9D65-E3C9F8322C97}
O42 - Logiciel: TomTom HOME Visual Studio Merge Modules - (.TomTom International B.V..) [HKLM] -- {8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}
O42 - Logiciel: Trusteer Sécurité des points d'accès - (.Trusteer.) [HKLM] -- Rapport_msi
O42 - Logiciel: Visual Studio 2012 x86 Redistributables - (.AVG Technologies CZ, s.r.o..) [HKLM] -- {98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}
O42 - Logiciel: VisualBee for Microsoft PowerPoint - (.VisualBee.com.) [HKCU] -- VisualBee for Microsoft PowerPoint =>Adware.VisualBeeToolbar
O42 - Logiciel: Wajam - (.Wajam.) [HKLM] -- Wajam =>PUP.Wajam
O42 - Logiciel: Windows Media Encoder 9 Series - (...) [HKLM] -- Windows Media Encoder 9
O42 - Logiciel: Windows Media Encoder 9 Series - (.Microsoft Corporation.) [HKLM] -- {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
O42 - Logiciel: Yahoo! Software Update - (...) [HKLM] -- Yahoo! Software Update
O42 - Logiciel: fst_ca_67 - (.free_soft_to_day.) [HKLM] -- fst_ca_67_is1 =>Adware.FreeSoftToday
O42 - Logiciel: Étude pour l'amélioration du produit HP Deskjet 3510 series - (.Hewlett-Packard Co..) [HKLM] -- {CD0A6C7F-82F7-4D6B-9D37-595D3DC45146} =>.Hewlett-Packard Co
~ Logic: 44 Scanned in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\5e57dfd9b16ebe17] =>Hijacker.Eazel
[HKCU\Software\AOL]
[HKCU\Software\ATI Technologies Inc.]
[HKCU\Software\ATI]
[HKCU\Software\Adobe]
[HKCU\Software\America Online]
[HKCU\Software\AppDataLow\Aurigma]
[HKCU\Software\AppDataLow\IEPro]
[HKCU\Software\AppDataLow\Software\Adobe]
[HKCU\Software\AppDataLow\Software\ConduitSearchScopes]
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKCU\Software\AppDataLow\Software\Google]
[HKCU\Software\AppDataLow\Software\JavaSoft]
[HKCU\Software\AppDataLow\Software\Macromedia]
[HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong
[HKCU\Software\AppDataLow\Software\ShoppingReport2] =>Adware.ShoppingReport
[HKCU\Software\AppDataLow\Software\Smartbar] =>Hijacker.SmartBar
[HKCU\Software\AppDataLow\Software\Softonic_France] =>Toolbar.Conduit
[HKCU\Software\AppDataLow\Software\Video-Saver] =>PUP.Video-Saver
[HKCU\Software\AppDataLow\Software\Yahoo]
[HKCU\Software\AppDataLow\Software\mediabarim] =>PUP.iMesh
[HKCU\Software\AppDataLow\Software\searchqutoolbar] =>PUP.Datamngr
[HKCU\Software\AppDataLow]
[HKCU\Software\Avanquest]
[HKCU\Software\Avery]
[HKCU\Software\Avg]
[HKCU\Software\Babylon] =>PUP.Babylon
[HKCU\Software\Banner Maker Pro for Flash 3]
[HKCU\Software\BlueVoda 10]
[HKCU\Software\CDDB]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\CyberLink]
[HKCU\Software\Datamngr] =>PUP.Datamngr
[HKCU\Software\DivXNetworks]
[HKCU\Software\Ewisoft Applications]
[HKCU\Software\Ewisoft]
[HKCU\Software\FileMaker]
[HKCU\Software\Funmoods] =>PUP.Funmoods
[HKCU\Software\Gabest]
[HKCU\Software\Google]
[HKCU\Software\HP Photo Creations]
[HKCU\Software\HP]
[HKCU\Software\HookNetwork]
[HKCU\Software\HowardMedia]
[HKCU\Software\IM Providers]
[HKCU\Software\IM]
[HKCU\Software\ImInstaller]
[HKCU\Software\IncrediMail]
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\InstallShield]
[HKCU\Software\InterActual Technologies]
[HKCU\Software\InterVideo]
[HKCU\Software\JavaSoft]
[HKCU\Software\LeCollectionneurDeRecettes]
[HKCU\Software\Licenses]
[HKCU\Software\Local AppWizard-Generated Applications]
[HKCU\Software\Macromedia]
[HKCU\Software\MainConcept]
[HKCU\Software\Mediachance]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Mozilla]
[HKCU\Software\MyHeritage.com]
[HKCU\Software\Nektra]
[HKCU\Software\Netscape]
[HKCU\Software\ODBC]
[HKCU\Software\Orange]
[HKCU\Software\OtShot]
[HKCU\Software\Photo Notifier and Animation Creator]
[HKCU\Software\Policies]
[HKCU\Software\PopCap]
[HKCU\Software\Realtek]
[HKCU\Software\Roxio]
[HKCU\Software\Safer Networking Limited]
[HKCU\Software\ShoppingReport2] =>Adware.ShoppingReport
[HKCU\Software\Skype]
[HKCU\Software\SlySoft]
[HKCU\Software\SmartSound Software]
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\Sonic]
[HKCU\Software\SubSystems]
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKCU\Software\Synaptics]
[HKCU\Software\Systweak]
[HKCU\Software\The Complete Genealogy Reporter]
[HKCU\Software\TomTom]
[HKCU\Software\Trolltech]
[HKCU\Software\Trusteer]
[HKCU\Software\TutoTag] =>PUP.AgenceExclusive
[HKCU\Software\Tutorials] =>PUP.AgenceExclusive
[HKCU\Software\Ulead Systems]
[HKCU\Software\Ulead]
[HKCU\Software\VB and VBA Program Settings]
[HKCU\Software\VSO]
[HKCU\Software\Visan]
[HKCU\Software\Visualbee] =>Adware.VisualBeeToolbar
[HKCU\Software\Wajam] =>PUP.Wajam
[HKCU\Software\Windows Live Writer]
[HKCU\Software\Windows Live]
[HKCU\Software\Yahoo]
[HKCU\Software\Zylom]
[HKCU\Software\clickpotatolitesa] =>Adware.ClickPotato
[HKCU\Software\dskMetrics]
[HKCU\Software\freesofttoday] =>Adware.FreeSoftToday
[HKCU\Software\i2s Finance]
[HKCU\Software\iMesh] =>PUP.iMesh
[HKCU\Software\keyhole.com]
[HKLM\Software\5e57dfd9b16ebe17] =>Hijacker.Eazel
[HKLM\Software\AOL]
[HKLM\Software\ATI Technologies]
[HKLM\Software\ATI]
[HKLM\Software\Adobe]
[HKLM\Software\America Online]
[HKLM\Software\AppDataLow]
[HKLM\Software\Apple Computer, Inc.]
[HKLM\Software\Ashmanov & Partners]
[HKLM\Software\Aspell]
[HKLM\Software\Atheros]
[HKLM\Software\Avery]
[HKLM\Software\Avg]
[HKLM\Software\Babylon] =>PUP.Babylon
[HKLM\Software\Bandoo] =>Adware.Bandoo
[HKLM\Software\Bench] =>PUP.GiganticSavings
[HKLM\Software\CDDB]
[HKLM\Software\Classes]
[HKLM\Software\ClickPotatoLite] =>Adware.ClickPotato
[HKLM\Software\Clients]
[HKLM\Software\Conduit] =>Toolbar.Conduit
[HKLM\Software\CyberLink]
[HKLM\Software\DataMngr] =>PUP.Datamngr
[HKLM\Software\Debug]
[HKLM\Software\DivXNetworks]
[HKLM\Software\DivX]
[HKLM\Software\Driver-Soft]
[HKLM\Software\Ewisoft]
[HKLM\Software\FREESOFTTODAY] =>Adware.FreeSoftToday
[HKLM\Software\FirstSearch]
[HKLM\Software\Funmoods] =>PUP.Funmoods
[HKLM\Software\Global IP Solutions]
[HKLM\Software\Google]
[HKLM\Software\HP]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\IEPro]
[HKLM\Software\IM Providers]
[HKLM\Software\ImInstaller]
[HKLM\Software\InstallCore] =>Adware.InstallCore
[HKLM\Software\InstallShield]
[HKLM\Software\InstalledOptions]
[HKLM\Software\Intel]
[HKLM\Software\InterActual Technologies]
[HKLM\Software\JavaSoft]
[HKLM\Software\JreMetrics]
[HKLM\Software\KWorld MultiMedia]
[HKLM\Software\KasperskyLab]
[HKLM\Software\LG Electronics]
[HKLM\Software\LG]
[HKLM\Software\LeCollectionneurDeRecettes]
[HKLM\Software\Licenses]
[HKLM\Software\Ludosoft]
[HKLM\Software\MSI]
[HKLM\Software\Macromedia]
[HKLM\Software\McAfee.com]
[HKLM\Software\MimarSinan]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\MusicNet]
[HKLM\Software\MyHeritage.com]
[HKLM\Software\NOS]
[HKLM\Software\ODBC]
[HKLM\Software\Policies]
[HKLM\Software\PopCap]
[HKLM\Software\Pure Networks]
[HKLM\Software\RTLSetup]
[HKLM\Software\Realtek Semiconductor Corp.]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\RocketLife]
[HKLM\Software\Roxio]
[HKLM\Software\SRS Labs]
[HKLM\Software\Safer Networking Limited]
[HKLM\Software\Skype]
[HKLM\Software\SmartSound Software]
[HKLM\Software\Solid Savings] =>Adware.SolidSavings
[HKLM\Software\Sonic Desktop Software]
[HKLM\Software\Sonic]
[HKLM\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\Symantec]
[HKLM\Software\Synaptics]
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKLM\Software\TomTom]
[HKLM\Software\Trusteer]
[HKLM\Software\Tutorials] =>PUP.AgenceExclusive
[HKLM\Software\USB2800]
[HKLM\Software\Uniblue]
[HKLM\Software\VBMZ] =>PUP.Duuqu
[HKLM\Software\VSO]
[HKLM\Software\Visan]
[HKLM\Software\Visualbee] =>Adware.VisualBeeToolbar
[HKLM\Software\Volatile]
[HKLM\Software\WOW6432Node]
[HKLM\Software\Waves Audio]
[HKLM\Software\Windows]
[HKLM\Software\Yahoo]
[HKLM\Software\ZalmanInstaller_otshot]
[HKLM\Software\free_soft_to_day] =>Adware.FreeSoftToday
[HKLM\Software\mozilla.org]
~ Key Software: 342 Scanned in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 2011-06-16 - 07:57:57 - [] ----D C:\Program Files\Adobe
O43 - CFD: 2010-05-13 - 03:16:57 - [] ----D C:\Program Files\AIM Toolbar
O43 - CFD: 2012-12-27 - 01:28:36 - [] ----D C:\Program Files\AppGraffiti =>PUP.AppGraffiti
O43 - CFD: 2008-06-20 - 16:27:12 - [] ----D C:\Program Files\Atheros
O43 - CFD: 2008-06-20 - 16:28:02 - [] ----D C:\Program Files\ATI
O43 - CFD: 2008-06-20 - 16:28:54 - [] ----D C:\Program Files\ATI Technologies
O43 - CFD: 2010-01-16 - 18:39:47 - [] ----D C:\Program Files\Avery
O43 - CFD: 2014-08-10 - 16:02:47 - [] ----D C:\Program Files\AVG
O43 - CFD: 2011-12-23 - 10:21:43 - [] ----D C:\Program Files\Bandoo =>Adware.Bandoo
O43 - CFD: 2014-02-12 - 23:03:11 - [] ----D C:\Program Files\Bench =>PUP.GiganticSavings
O43 - CFD: 2011-05-14 - 21:49:08 - [] ----D C:\Program Files\ClickPotatoLite =>Adware.ClickPotato
O43 - CFD: 2014-05-15 - 19:17:44 - [] ----D C:\Program Files\Common Files
O43 - CFD: 2012-12-28 - 22:16:01 - [] ----D C:\Program Files\Conduit
O43 - CFD: 2008-06-20 - 16:30:27 - [] ----D C:\Program Files\CyberLink
O43 - CFD: 2012-12-24 - 19:03:34 - [] ----D C:\Program Files\DomaIQ Uninstaller =>Adware.DomaIQ
O43 - CFD: 2011-11-16 - 10:32:37 - [] ----D C:\Program Files\El Juky
O43 - CFD: 2009-02-14 - 18:21:44 - [] ----D C:\Program Files\EwisoftWeb
O43 - CFD: 2010-05-13 - 03:17:28 - [0] ----D C:\Program Files\Family Toolbar
O43 - CFD: 2014-04-23 - 22:13:49 - [] ----D C:\Program Files\fst_ca_67 =>Adware.FreeSoftToday
O43 - CFD: 2013-07-26 - 08:50:28 - [] ----D C:\Program Files\Google
O43 - CFD: 2013-03-17 - 15:48:08 - [] ----D C:\Program Files\HP
O43 - CFD: 2013-03-09 - 13:22:50 - [] ----D C:\Program Files\HP Photo Creations
O43 - CFD: 2012-05-26 - 13:18:07 - [] ----D C:\Program Files\iMesh Applications =>PUP.iMesh
O43 - CFD: 2012-05-09 - 11:22:36 - [] --H-D C:\Program Files\InstallShield Installation Information
O43 - CFD: 2011-04-24 - 13:39:37 - [] ----D C:\Program Files\InterActual
O43 - CFD: 2014-07-15 - 10:05:58 - [] ----D C:\Program Files\Internet Explorer
O43 - CFD: 2014-04-28 - 13:46:13 - [] ----D C:\Program Files\Java
O43 - CFD: 2013-05-25 - 20:32:09 - [] ----D C:\Program Files\Le collectionneur de recettes
O43 - CFD: 2008-06-20 - 16:31:42 - [] ----D C:\Program Files\LG Software
O43 - CFD: 2014-08-11 - 09:39:35 - [] ----D C:\Program Files\lg_swupdate
O43 - CFD: 2011-11-15 - 16:58:25 - [] ----D C:\Program Files\LudoSoft
O43 - CFD: 2011-11-15 - 16:58:04 - [] ----D C:\Program Files\MAKuisine
O43 - CFD: 2011-08-03 - 09:34:44 - [] ----D C:\Program Files\Microsoft
O43 - CFD: 2012-09-09 - 17:57:59 - [] ----D C:\Program Files\Microsoft Analysis Services
O43 - CFD: 2009-03-22 - 10:56:37 - [] ----D C:\Program Files\Microsoft CAPICOM 2.1.0.2
O43 - CFD: 2006-11-02 - 08:37:34 - [] ----D C:\Program Files\Microsoft Games
O43 - CFD: 2012-10-07 - 19:58:28 - [] ----D C:\Program Files\Microsoft Office
O43 - CFD: 2014-07-29 - 09:59:46 - [] ----D C:\Program Files\Microsoft Silverlight
O43 - CFD: 2008-12-02 - 20:31:10 - [] ----D C:\Program Files\Microsoft SQL Server Compact Edition
O43 - CFD: 2012-10-07 - 19:58:22 - [] ----D C:\Program Files\Microsoft Visual Studio
O43 - CFD: 2012-10-07 - 19:54:35 - [] ----D C:\Program Files\Microsoft Visual Studio 8
O43 - CFD: 2012-10-09 - 05:41:50 - [] ----D C:\Program Files\Microsoft Works
O43 - CFD: 2012-09-09 - 18:02:01 - [] ----D C:\Program Files\Microsoft.NET
O43 - CFD: 2010-08-13 - 10:28:14 - [] ----D C:\Program Files\Movie Maker
O43 - CFD: 2012-12-24 - 19:04:14 - [] ----D C:\Program Files\Mozilla Firefox
O43 - CFD: 2012-10-07 - 19:58:51 - [] ----D C:\Program Files\MSBuild
O43 - CFD: 2011-05-20 - 14:41:15 - [] ----D C:\Program Files\MSXML 4.0
O43 - CFD: 2013-03-17 - 16:10:43 - [0] ----D C:\Program Files\MyHeritage
O43 - CFD: 2008-05-16 - 20:24:50 - [] ----D C:\Program Files\O2Micro Oz128 Driver
O43 - CFD: 2013-05-02 - 12:48:31 - [] ----D C:\Program Files\OtShot
O43 - CFD: 2014-02-01 - 08:22:02 - [0] ----D C:\Program Files\predm
O43 - CFD: 2011-10-23 - 16:10:03 - [] ----D C:\Program Files\Pure Networks
O43 - CFD: 2011-06-11 - 08:08:39 - [] ----D C:\Program Files\QuestScan =>Adware.QuestScan
O43 - CFD: 2008-12-21 - 18:51:12 - [] ----D C:\Program Files\QuickTime
O43 - CFD: 2014-01-01 - 12:33:13 - [] ----D C:\Program Files\Rainlendar2
O43 - CFD: 2008-05-16 - 20:22:07 - [] ----D C:\Program Files\Realtek
O43 - CFD: 2006-11-02 - 08:37:34 - [] ----D C:\Program Files\Reference Assemblies
O43 - CFD: 2011-05-20 - 15:05:32 - [] ----D C:\Program Files\Roxio
O43 - CFD: 2011-04-24 - 13:37:43 - [] ----D C:\Program Files\Roxio Creator 2009 Special Edition
O43 - CFD: 2014-08-11 - 08:57:42 - [] ----D C:\Program Files\SearchProtect =>PUP.SearchProtect
O43 - CFD: 2009-12-19 - 16:04:32 - [] ----D C:\Program Files\SGPSA
O43 - CFD: 2011-06-21 - 07:43:27 - [] ----D C:\Program Files\ShoppingReport2 =>Adware.ShoppingReport
O43 - CFD: 2013-12-16 - 07:30:52 - [] R---D C:\Program Files\Skype
O43 - CFD: 2011-09-09 - 18:03:21 - [] ----D C:\Program Files\SlySoft
O43 - CFD: 2008-12-21 - 18:51:34 - [] ----D C:\Program Files\SmartSound Software
O43 - CFD: 2008-06-20 - 16:31:14 - [] ----D C:\Program Files\Synaptics
O43 - CFD: 2010-10-02 - 21:26:43 - [] ----D C:\Program Files\TLC-Edusoft
O43 - CFD: 2010-06-29 - 19:07:31 - [0] ----D C:\Program Files\TomTom DesktopSuite
O43 - CFD: 2014-01-31 - 21:46:34 - [] ----D C:\Program Files\TomTom International B.V
O43 - CFD: 2011-08-15 - 06:56:15 - [] ----D C:\Program Files\Trusteer
O43 - CFD: 2006-11-02 - 09:01:55 - [0] --H-D C:\Program Files\Uninstall Information
O43 - CFD: 2011-05-20 - 14:50:27 - [0] ----D C:\Program Files\VideoLAN
O43 - CFD: 2014-02-20 - 21:35:20 - [] ----D C:\Program Files\Wajam =>PUP.Wajam
O43 - CFD: 2009-09-22 - 09:02:29 - [] ----D C:\Program Files\Windows Calendar
O43 - CFD: 2009-09-22 - 09:02:29 - [] ----D C:\Program Files\Windows Collaboration
O43 - CFD: 2009-09-22 - 09:02:28 - [] ----D C:\Program Files\Windows Defender
O43 - CFD: 2014-07-15 - 10:06:05 - [] ----D C:\Program Files\Windows Journal
O43 - CFD: 2013-06-02 - 12:39:16 - [] ----D C:\Program Files\Windows Live
O43 - CFD: 2008-12-05 - 13:23:09 - [] ----D C:\Program Files\Windows Live Toolbar
O43 - CFD: 2012-04-12 - 07:06:38 - [] ----D C:\Program Files\Windows Mail =>.Microsoft Corporation
O43 - CFD: 2008-12-21 - 18:49:01 - [] ----D C:\Program Files\Windows Media Components
O43 - CFD: 2014-01-11 - 16:08:16 - [] ----D C:\Program Files\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 2006-11-02 - 08:37:34 - [] ----D C:\Program Files\Windows NT
O43 - CFD: 2009-09-22 - 09:02:29 - [] ----D C:\Program Files\Windows Photo Gallery
O43 - CFD: 2009-11-18 - 00:27:26 - [] ----D C:\Program Files\Windows Portable Devices
O43 - CFD: 2009-09-22 - 09:02:29 - [] ----D C:\Program Files\Windows Sidebar
O43 - CFD: 2012-05-09 - 14:03:04 - [] ----D C:\Program Files\Yahoo!
O43 - CFD: 2014-08-11 - 09:45:24 - [] ----D C:\Program Files\ZHPDiag =>.Nicolas Coolman
O43 - CFD: 2011-06-16 - 07:58:02 - [] ----D C:\Program Files\Common Files\Adobe
O43 - CFD: 2012-10-19 - 07:53:50 - [] ----D C:\Program Files\Common Files\Adobe AIR
O43 - CFD: 2010-05-13 - 03:16:28 - [0] ----D C:\Program Files\Common Files\AOL
O43 - CFD: 2014-05-15 - 19:17:44 - [] ----D C:\Program Files\Common Files\DESIGNER
O43 - CFD: 2009-02-27 - 07:18:36 - [] ----D C:\Program Files\Common Files\InstallShield
O43 - CFD: 2013-10-19 - 21:25:41 - [] ----D C:\Program Files\Common Files\Java
O43 - CFD: 2012-10-09 - 05:42:12 - [] ----D C:\Program Files\Common Files\microsoft shared
O43 - CFD: 2011-05-20 - 15:05:31 - [] ----D C:\Program Files\Common Files\PX Storage Engine
O43 - CFD: 2011-05-20 - 15:06:10 - [] ----D C:\Program Files\Common Files\Roxio Shared
O43 - CFD: 2006-11-02 - 07:18:33 - [] ----D C:\Program Files\Common Files\Services
O43 - CFD: 2013-06-02 - 12:51:26 - [] ----D C:\Program Files\Common Files\Skype
O43 - CFD: 2011-05-20 - 15:05:13 - [] ----D C:\Program Files\Common Files\Sonic Shared
O43 - CFD: 2006-11-02 - 07:18:33 - [] ----D C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 2011-11-09 - 23:21:01 - [] ----D C:\Program Files\Common Files\System
O43 - CFD: 2009-06-01 - 19:11:58 - [] ----D C:\Program Files\Common Files\Windows Live
O43 - CFD: 2008-12-02 - 20:25:36 - [] -SH-D C:\Program Files\Common Files\WindowsLiveInstaller
O43 - CFD: 2012-05-09 - 17:26:26 - [] ----D C:\ProgramData\1A227
O43 - CFD: 2011-07-01 - 13:35:44 - [] ----D C:\ProgramData\Adobe
O43 - CFD: 2008-12-21 - 18:50:55 - [] ----D C:\ProgramData\Apple Computer
O43 - CFD: 2006-11-02 - 09:02:03 - [] -SH-D C:\ProgramData\Application Data
O43 - CFD: 2013-04-30 - 14:31:10 - [] ----D C:\ProgramData\Ask
O43 - CFD: 2008-06-20 - 16:26:56 - [] ----D C:\ProgramData\Atheros
O43 - CFD: 2008-06-20 - 16:36:08 - [] ----D C:\ProgramData\ATI
O43 - CFD: 2014-08-10 - 16:46:07 - [] ----D C:\ProgramData\AVG2014
O43 - CFD: 2012-12-24 - 19:02:55 - [0] ----D C:\ProgramData\Babylon =>PUP.Babylon
O43 - CFD: 2009-03-07 - 19:37:54 - [0] ----D C:\ProgramData\Banner Maker Pro for Flash 3
O43 - CFD: 2011-12-28 - 16:42:58 - [] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 2009-12-20 - 17:58:33 - [] --H-D C:\ProgramData\CanonBJ
O43 - CFD: 2011-06-14 - 06:23:47 - [] ----D C:\ProgramData\ClickPotatoLiteSA =>Adware.ClickPotato
O43 - CFD: 2014-08-10 - 15:56:57 - [] --H-D C:\ProgramData\Common Files
O43 - CFD: 2014-01-23 - 07:41:15 - [] ----D C:\ProgramData\Conduit
O43 - CFD: 2008-12-02 - 21:06:30 - [] ----D C:\ProgramData\CyberLink
O43 - CFD: 2006-11-02 - 09:02:03 - [] -SH-D C:\ProgramData\Desktop
O43 - CFD: 2006-11-02 - 09:02:03 - [] -SH-D C:\ProgramData\Documents
O43 - CFD: 2012-03-22 - 20:26:55 - [] ----D C:\ProgramData\DriverGenius
O43 - CFD: 2009-02-27 - 07:19:26 - [] ----D C:\ProgramData\eSellerate
O43 - CFD: 2006-11-02 - 09:02:03 - [] -SH-D C:\ProgramData\Favorites
O43 - CFD: 2013-07-25 - 11:19:03 - [] ----D C:\ProgramData\Google
O43 - CFD: 2013-03-09 - 13:09:02 - [] ----D C:\ProgramData\HP
O43 - CFD: 2014-05-29 - 15:34:25 - [] ----D C:\ProgramData\HP Photo Creations
O43 - CFD: 2008-12-05 - 12:28:20 - [] ----D C:\ProgramData\IM
O43 - CFD: 2008-12-05 - 12:27:20 - [] ----D C:\ProgramData\IncrediMail
O43 - CFD: 2009-02-27 - 07:18:40 - [] ----D C:\ProgramData\InstallShield
O43 - CFD: 2014-08-10 - 15:34:14 - [] ----D C:\ProgramData\Kaspersky Lab
O43 - CFD: 2013-07-30 - 09:17:24 - [] ----D C:\ProgramData\Kaspersky Lab Setup Files
O43 - CFD: 2009-06-04 - 15:53:33 - [] ----D C:\ProgramData\Ludia
O43 - CFD: 2009-12-21 - 10:59:08 - [] ----D C:\ProgramData\McAfee
O43 - CFD: 2009-12-19 - 00:26:21 - [] ----D C:\ProgramData\McAfee Security Scan
O43 - CFD: 2014-08-11 - 09:46:52 - [] ----D C:\ProgramData\MFAData
O43 - CFD: 2014-02-26 - 00:03:49 - [] -S--D C:\ProgramData\Microsoft
O43 - CFD: 2014-07-29 - 10:22:01 - [] ----D C:\ProgramData\Microsoft Help
O43 - CFD: 2009-12-15 - 01:15:51 - [] ----D C:\ProgramData\Norton
O43 - CFD: 2009-12-15 - 01:09:11 - [] ----D C:\ProgramData\NortonInstaller
O43 - CFD: 2014-04-28 - 13:49:18 - [0] ----D C:\ProgramData\Oracle
O43 - CFD: 2010-12-21 - 20:03:01 - [] ----D C:\ProgramData\PopCap Games
O43 - CFD: 2011-10-23 - 16:11:15 - [] ----D C:\ProgramData\Pure Networks
O43 - CFD: 2011-06-11 - 08:08:39 - [0] ----D C:\ProgramData\QuestScan =>Adware.QuestScan
O43 - CFD: 2013-06-07 - 16:30:14 - [] ----D C:\ProgramData\Roxio
O43 - CFD: 2013-12-16 - 07:31:20 - [] ----D C:\ProgramData\Skype
O43 - CFD: 2010-03-21 - 10:14:41 - [] ----D C:\ProgramData\SlySoft
O43 - CFD: 2011-04-25 - 08:15:58 - [] ----D C:\ProgramData\SmartSound Software Inc
O43 - CFD: 2011-04-24 - 13:40:40 - [] ----D C:\ProgramData\Sonic
O43 - CFD: 2009-12-19 - 16:05:54 - [] ----D C:\ProgramData\Spybot - Search & Destroy
O43 - CFD: 2006-11-02 - 09:02:03 - [] -SH-D C:\ProgramData\Start Menu
O43 - CFD: 2011-11-15 - 15:56:00 - [] ----D C:\ProgramData\Sun
O43 - CFD: 2009-12-15 - 01:09:14 - [] ----D C:\ProgramData\Symantec
O43 - CFD: 2013-05-17 - 11:52:59 - [] ----D C:\ProgramData\Tarma Installer =>PUP.Tarma
O43 - CFD: 2012-12-26 - 15:20:21 - [0] ---AD C:\ProgramData\TEMP
O43 - CFD: 2006-11-02 - 09:02:04 - [] -SH-D C:\ProgramData\Templates
O43 - CFD: 2010-06-29 - 19:07:11 - [] ----D C:\ProgramData\TomTom
O43 - CFD: 2011-08-15 - 06:55:14 - [] ----D C:\ProgramData\Trusteer
O43 - CFD: 2012-05-09 - 13:59:37 - [] ----D C:\ProgramData\Ulead Systems
O43 - CFD: 2011-04-24 - 14:07:16 - [] ----D C:\ProgramData\Uninstall
O43 - CFD: 2013-06-07 - 16:31:02 - [] ----D C:\ProgramData\Visan
O43 - CFD: 2014-01-20 - 13:30:24 - [] ----D C:\ProgramData\VisualBee =>Adware.VisualBeeToolbar
O43 - CFD: 2013-10-18 - 08:39:14 - [] ----D C:\ProgramData\WindowsSearch
O43 - CFD: 2008-12-02 - 20:22:39 - [] ----D C:\ProgramData\WLInstaller
O43 - CFD: 2012-05-09 - 14:03:04 - [] ----D C:\ProgramData\Yahoo!
O43 - CFD: 2013-05-01 - 13:29:36 - [] ----D C:\ProgramData\ZalmanInstaller_5233
O43 - CFD: 2011-08-03 - 09:51:46 - [] ----D C:\ProgramData\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
O43 - CFD: 2011-11-15 - 17:45:40 - [] --H-D C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
O43 - CFD: 2012-05-27 - 14:23:29 - [0] --H-D C:\ProgramData\~0
O43 - CFD: 2010-04-05 - 11:59:08 - [] ----D C:\Users\Bernard\AppData\Roaming\acccore
O43 - CFD: 2011-07-01 - 13:34:39 - [] ----D C:\Users\Bernard\AppData\Roaming\Adobe
O43 - CFD: 2009-02-02 - 10:58:40 - [] ----D C:\Users\Bernard\AppData\Roaming\Apple Computer
O43 - CFD: 2008-11-20 - 03:36:14 - [] ----D C:\Users\Bernard\AppData\Roaming\ATI
O43 - CFD: 2014-08-10 - 16:11:28 - [] ----D C:\Users\Bernard\AppData\Roaming\AVG2014
O43 - CFD: 2012-12-24 - 19:02:55 - [] ----D C:\Users\Bernard\AppData\Roaming\Babylon =>PUP.Babylon
O43 - CFD: 2011-12-21 - 12:17:09 - [0] ----D C:\Users\Bernard\AppData\Roaming\Bandoo =>Adware.Bandoo
O43 - CFD: 2014-04-20 - 16:44:39 - [] ----D C:\Users\Bernard\AppData\Roaming\BudgetExpress 4
O43 - CFD: 2011-11-15 - 17:43:25 - [] ----D C:\Users\Bernard\AppData\Roaming\ChickenPing
O43 - CFD: 2011-05-14 - 21:49:08 - [0] ----D C:\Users\Bernard\AppData\Roaming\ClickPotatoLite =>Adware.ClickPotato
O43 - CFD: 2011-11-15 - 17:10:23 - [0] ----D C:\Users\Bernard\AppData\Roaming\Computer Cuisine Deluxe 6.5
O43 - CFD: 2010-05-13 - 17:26:01 - [] ----D C:\Users\Bernard\AppData\Roaming\Facebook
O43 - CFD: 2012-12-24 - 19:01:04 - [] ----D C:\Users\Bernard\AppData\Roaming\Funmoods =>PUP.Funmoods
O43 - CFD: 2010-12-26 - 01:17:55 - [0] ----D C:\Users\Bernard\AppData\Roaming\GrabPro
O43 - CFD: 2012-08-08 - 20:54:31 - [0] ----D C:\Users\Bernard\AppData\Roaming\HpUpdate
O43 - CFD: 2008-11-20 - 03:35:50 - [] ----D C:\Users\Bernard\AppData\Roaming\Identities
O43 - CFD: 2009-12-06 - 14:47:04 - [0] ----D C:\Users\Bernard\AppData\Roaming\Ludia
O43 - CFD: 2008-12-03 - 16:48:29 - [] ----D C:\Users\Bernard\AppData\Roaming\Macromedia
O43 - CFD: 2011-11-15 - 16:58:04 - [] ----D C:\Users\Bernard\AppData\Roaming\MAKuisine
O43 - CFD: 2006-11-02 - 08:37:34 - [0] ----D C:\Users\Bernard\AppData\Roaming\Media Center Programs
O43 - CFD: 2013-10-13 - 11:07:25 - [] -S--D C:\Users\Bernard\AppData\Roaming\Microsoft
O43 - CFD: 2008-12-21 - 19:23:29 - [0] ----D C:\Users\Bernard\AppData\Roaming\Microsoft Web Folders
O43 - CFD: 2014-06-08 - 14:09:41 - [] ----D C:\Users\Bernard\AppData\Roaming\Mozilla
O43 - CFD: 2012-12-24 - 18:50:08 - [0] ----D C:\Users\Bernard\AppData\Roaming\PeerNetworking
O43 - CFD: 2012-01-04 - 07:48:55 - [] ----D C:\Users\Bernard\AppData\Roaming\Roxio
O43 - CFD: 2014-01-23 - 07:38:55 - [] ----D C:\Users\Bernard\AppData\Roaming\SearchProtect =>PUP.SearchProtect
O43 - CFD: 2014-08-10 - 16:11:55 - [] ----D C:\Users\Bernard\AppData\Roaming\Skype
O43 - CFD: 2011-04-24 - 15:18:48 - [] ----D C:\Users\Bernard\AppData\Roaming\Sonic
O43 - CFD: 2014-02-01 - 08:24:09 - [0] ----D C:\Users\Bernard\AppData\Roaming\systweak
O43 - CFD: 2010-06-29 - 19:04:43 - [] ----D C:\Users\Bernard\AppData\Roaming\TomTom
O43 - CFD: 2011-08-15 - 06:56:26 - [] ----D C:\Users\Bernard\AppData\Roaming\Trusteer
O43 - CFD: 2014-08-10 - 16:06:18 - [] ----D C:\Users\Bernard\AppData\Roaming\TuneUp Software
O43 - CFD: 2008-12-22 - 21:02:55 - [] ----D C:\Users\Bernard\AppData\Roaming\Ulead Systems
O43 - CFD: 2013-06-07 - 16:31:02 - [] ----D C:\Users\Bernard\AppData\Roaming\Visan
O43 - CFD: 2010-03-02 - 17:53:06 - [] ----D C:\Users\Bernard\AppData\Roaming\VSO
O43 - CFD: 2011-03-09 - 11:08:15 - [] ----D C:\Users\Bernard\AppData\Roaming\Windows Live Writer
O43 - CFD: 2010-06-28 - 22:41:53 - [] ----D C:\Users\Bernard\AppData\Roaming\Yahoo!
O43 - CFD: 2014-08-11 - 09:47:54 - [] ----D C:\Users\Bernard\AppData\Roaming\ZHP =>.Nicolas Coolman
O43 - CFD: 2013-07-25 - 11:17:17 - [] ----D C:\Users\Bernard\AppData\Local\Adobe
O43 - CFD: 2010-04-05 - 11:58:38 - [] ----D C:\Users\Bernard\AppData\Local\AIM
O43 - CFD: 2010-04-05 - 11:58:38 - [] ----D C:\Users\Bernard\AppData\Local\AOL
O43 - CFD: 2008-11-20 - 03:32:43 - [] -SH-D C:\Users\Bernard\AppData\Local\Application Data
O43 - CFD: 2014-02-01 - 08:26:55 - [] ----D C:\Users\Bernard\AppData\Local\ApplicationHistory
O43 - CFD: 2010-03-28 - 15:42:32 - [] ----D C:\Users\Bernard\AppData\Local\Apps
O43 - CFD: 2010-03-29 - 23:11:15 - [] ----D C:\Users\Bernard\AppData\Local\assembly
O43 - CFD: 2008-11-20 - 03:36:14 - [] ----D C:\Users\Bernard\AppData\Local\ATI
O43 - CFD: 2014-08-10 - 16:26:34 - [] ----D C:\Users\Bernard\AppData\Local\Avg2014
O43 - CFD: 2014-02-01 - 08:30:40 - [] ----D C:\Users\Bernard\AppData\Local\Conduit
O43 - CFD: 2014-01-23 - 07:38:19 - [] ----D C:\Users\Bernard\AppData\Local\CRE
O43 - CFD: 2014-04-23 - 22:31:50 - [0] ----D C:\Users\Bernard\AppData\Local\Deployment
O43 - CFD: 2014-01-31 - 21:43:27 - [] ----D C:\Users\Bernard\AppData\Local\Downloaded Installations
O43 - CFD: 2013-05-14 - 13:25:48 - [] ----D C:\Users\Bernard\AppData\Local\ElevatedDiagnostics
O43 - CFD: 2011-11-15 - 17:08:21 - [] ----D C:\Users\Bernard\AppData\Local\FileMaker
O43 - CFD: 2014-08-10 - 16:46:07 - [] ----D C:\Users\Bernard\AppData\Local\fst_ca_2 =>Adware.FreeSoftToday
O43 - CFD: 2014-03-15 - 16:34:16 - [] ----D C:\Users\Bernard\AppData\Local\fst_ca_67 =>Adware.FreeSoftToday
O43 - CFD: 2013-07-25 - 11:19:03 - [] ----D C:\Users\Bernard\AppData\Local\Google
O43 - CFD: 2011-11-15 - 17:26:28 - [] ----D C:\Users\Bernard\AppData\Local\Harry_Jennerway
O43 - CFD: 2008-11-20 - 03:32:43 - [] -SH-D C:\Users\Bernard\AppData\Local\Historique
O43 - CFD: 2013-03-09 - 13:40:47 - [] ----D C:\Users\Bernard\AppData\Local\HP
O43 - CFD: 2010-12-19 - 14:01:36 - [] ----D C:\Users\Bernard\AppData\Local\IM
O43 - CFD: 2010-03-29 - 23:07:11 - [] ----D C:\Users\Bernard\AppData\Local\IsolatedStorage
O43 - CFD: 2013-05-25 - 20:31:00 - [] ----D C:\Users\Bernard\AppData\Local\Le collectionneur de recettes
O43 - CFD: 2013-03-17 - 15:55:52 - [0] ----D C:\Users\Bernard\AppData\Local\Magentic
O43 - CFD: 2012-07-27 - 19:23:16 - [] ----D C:\Users\Bernard\AppData\Local\MagenticRuntime
O43 - CFD: 2014-08-10 - 15:56:56 - [] ----D C:\Users\Bernard\AppData\Local\MFAData
O43 - CFD: 2013-07-06 - 12:22:12 - [] ----D C:\Users\Bernard\AppData\Local\Microsoft
O43 - CFD: 2009-11-17 - 19:40:53 - [] ----D C:\Users\Bernard\AppData\Local\Microsoft Games
O43 - CFD: 2009-03-21 - 18:25:43 - [0] ----D C:\Users\Bernard\AppData\Local\Microsoft Help
O43 - CFD: 2012-09-09 - 17:09:41 - [] ----D C:\Users\Bernard\AppData\Local\MicrosoftStore
O43 - CFD: 2014-01-23 - 07:38:17 - [] ----D C:\Users\Bernard\AppData\Local\NativeMessaging
O43 - CFD: 2011-07-31 - 15:06:17 - [0] ----D C:\Users\Bernard\AppData\Local\PackageAware
O43 - CFD: 2010-12-21 - 14:34:55 - [] ----D C:\Users\Bernard\AppData\Local\PopCap Games
O43 - CFD: 2011-04-24 - 14:15:55 - [] ----D C:\Users\Bernard\AppData\Local\RoxioCentralFx
O43 - CFD: 2014-01-20 - 13:33:28 - [] ----D C:\Users\Bernard\AppData\Local\SearchProtect =>PUP.SearchProtect
O43 - CFD: 2011-04-24 - 15:18:35 - [] ----D C:\Users\Bernard\AppData\Local\Sonic_Solutions
O43 - CFD: 2014-04-23 - 19:59:32 - [] ----D C:\Users\Bernard\AppData\Local\SwvUpdater =>PUP.Software.Updater
O43 - CFD: 2014-08-11 - 09:47:53 - [] ----D C:\Users\Bernard\AppData\Local\Temp
O43 - CFD: 2008-11-20 - 03:32:43 - [] -SH-D C:\Users\Bernard\AppData\Local\Temporary Internet Files
O43 - CFD: 2010-06-29 - 19:04:43 - [] ----D C:\Users\Bernard\AppData\Local\TomTom
O43 - CFD: 2011-08-15 - 06:58:46 - [] ----D C:\Users\Bernard\AppData\Local\Trusteer
O43 - CFD: 2008-11-20 - 03:36:25 - [] ----D C:\Users\Bernard\AppData\Local\VirtualStore
O43 - CFD: 2014-01-20 - 13:31:40 - [] ----D C:\Users\Bernard\AppData\Local\VisualBeeClient =>Adware.VisualBeeToolbar
O43 - CFD: 2014-01-20 - 13:31:06 - [] ----D C:\Users\Bernard\AppData\Local\VisualBeeExe =>Adware.VisualBeeToolbar
O43 - CFD: 2012-09-09 - 17:48:45 - [] ----D C:\Users\Bernard\AppData\Local\Wajam =>PUP.Wajam
O43 - CFD: 2012-12-28 - 22:28:22 - [] ----D C:\Users\Bernard\AppData\Local\Windows Live
O43 - CFD: 2011-07-24 - 22:17:49 - [] ----D C:\Users\Bernard\AppData\Local\Windows Live Writer
O43 - CFD: 2012-05-09 - 14:03:06 - [] ----D C:\Users\Bernard\AppData\Local\Yahoo
O43 - CFD: 2009-08-02 - 18:51:21 - [] R---D C:\Users\Bernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 2009-08-02 - 18:51:22 - [] R---D C:\Users\Bernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 2012-12-24 - 19:05:23 - [] ----D C:\Users\Bernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect =>Hijacker.Eazel
O43 - CFD: 2009-08-02 - 18:51:22 - [] ----D C:\Users\Bernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
O43 - CFD: 2013-11-27 - 23:18:05 - [] ----D C:\Users\Bernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
O43 - CFD: 2009-08-02 - 18:51:22 - [] ----D C:\Users\Bernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LG Smart Recovery
O43 - CFD: 2009-08-02 - 18:51:22 - [] R---D C:\Users\Bernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 2014-02-01 - 08:27:14 - [] R---D C:\Users\Bernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
O43 - CFD: 2013-05-01 - 13:33:13 - [] ----D C:\Users\Bernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam =>PUP.Wajam
~ 1413 Dossier CLSID vide (CLSID Empty Folder)
~ Program Folder: 1679 Scanned in 00mn 05s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.7283ABD214A70974C88422CA6247D6E0] - 2014-08-10 - 14:16:17 ---A- . (...) -- C:\Windows\System32\FNTCACHE.DAT [478088]
O44 - LFC:[MD5.1592CC179DF66789809D24A0A7C0CF26] - 2014-08-10 - 14:49:40 ---A- . (...) -- C:\Windows\PFRO.log [163710]
O44 - LFC:[MD5.4E5AD829CF44CE43757C8A571649E1DB] - 2014-08-11 - 08:33:07 -S-A- . (...) -- C:\Windows\bootstat.dat [67584]
O44 - LFC:[MD5.BD72FF90F1E1F0DF8976F14679C82E0A] - 2014-08-11 - 08:35:50 ---A- . (...) -- C:\Windows\WindowsUpdate.log [1184743]
O44 - LFC:[MD5.4CC53502EFD60ED77F7CB6D4AAB70A5B] - 2014-08-11 - 08:36:02 ---A- . (...) -- C:\Windows\lgcenter.ini [1034]
O44 - LFC:[MD5.EF0BAF318274035D239951F21DCFF8DB] - 2014-08-11 - 08:36:54 ---A- . (...) -- C:\Windows\win.ini [288]
O44 - LFC:[MD5.4D4F717FE404C988A2609A203AAF3040] - 2014-08-11 - 08:38:33 ---A- . (...) -- C:\Windows\lg_up.ini [9365]
~ Files: 7 Scanned in 01mn 21s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.AEE8FD8D2E43CB9B1C8D49B30DF911AE] - 2014-08-10 - 15:22:03 ---A- - C:\Windows\Prefetch\UPFST_CA_2.EXE-A94934D4.pf =>Adware.FreeSoftToday
~ Prefetcher: 1 Scanned in 00mn 00s



---\\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export SP - "C:\Program Files\IEPro\MiniDM.exe" [Enabled] .(...) -- C:\Program Files\IEPro\MiniDM.exe (.not file.)
~ Keys Export: 1 Scanned in 00mn 00s



---\\ Déni du service (Local Security Authority) (O48)
O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Moteur du client de l'Éditeur de configuration de sécurité Windows.) -- C:\Windows\System32\scecli.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Package de sécurité Kerberos.) -- C:\Windows\System32\kerberos.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\Windows\System32\schannel.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\Windows\System32\wdigest.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Web Service Security Package.) -- C:\Windows\System32\tspkg.dll
~ LSA: 7 Scanned in 00mn 00s



---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\System32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Volume Manager Extension Driver.) -- C:\Windows\System32\Drivers\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\Drivers\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\System32\Drivers\nsiproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Miniport.) -- C:\Windows\System32\Drivers\rdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\System32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Volume Manager Extension Driver.) -- C:\Windows\System32\Drivers\volmgrx.sys
~ CSB: 13 Scanned in 00mn 00s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{f036aa6e-0d5a-11df-9be0-001d92583ecd}\AutoRun\command - Clé orpheline
O51 - MPSK:{f308d9cd-ecd2-11de-a0a8-001d92583ecd}\AutoRun\command. (...) -- G:\WD SmartWare.exe (.not file.)
O51 - MPSK:{fec5db5d-3f05-11dd-9463-806e6f6e6963}\AutoRun\command. (...) -- C:\Windows\system32\E:\autorun.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les pilotes (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Codec Cinepak®.) -- C:\Windows\System32\iccvid.dll
O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
~ TDSD: 3 Scanned in 00mn 00s



---\\ Enumération des clés de registre SecurityProviders (MCSP) (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TS Single Sign On Security Package.) -- C:\Windows\System32\credssp.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TS Single Sign On Security Package.) -- C:\Windows\System32\credssp.dll
~ MSCP: 2 Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=2
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1
O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=0
O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKCU\...\Policies\System] - "LogonHoursAction"=2
O55 - MWPS:[HKCU\...\Policies\System] - "DontDisplayLogonHoursWarnings"=1
~ MWPS: 18 Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "HideSCAHealth"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=145
O56 - MWPE:[HKLM\...\policies\Explorer] - "BindDirectlyToPropertySetStorage"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveTypeAutoRun"=60
~ MWPE Keys: 4 Scanned in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:2009-01-13 - 08:45:00 ---A- . (.Atheros Communications, Inc. - Atheros Extensible Wireless LAN device driver.) -- C:\Windows\System32\Drivers\athr.sys [954368]
O58 - SDL:2014-06-30 - 11:43:12 ---A- . (.AVG Technologies CZ, s.r.o. - AVG File Vault Driver.) -- C:\Windows\System32\Drivers\avgdiskx.sys [121624]
O58 - SDL:2013-09-26 - 10:00:38 ---A- . (.AVG Technologies CZ, s.r.o. - AVG Filter Driver.) -- C:\Windows\System32\Drivers\avgfwd6x.sys [47928]
O58 - SDL:2014-06-17 - 15:06:40 ---A- . (.AVG Technologies CZ, s.r.o. - AVG IDS Application Activity Monitor Driver..) -- C:\Windows\System32\Drivers\avgidsdriverx.sys [199960]
O58 - SDL:2014-06-17 - 15:17:58 ---A- . (.AVG Technologies CZ, s.r.o. - AVG Application Activity Monitor Helper Driver.) -- C:\Windows\System32\Drivers\avgidshx.sys [147736]
O58 - SDL:2014-06-17 - 15:06:20 ---A- . (.AVG Technologies CZ, s.r.o. - AVG IDS Application Activity Monitor Loader Driver.) -- C:\Windows\System32\Drivers\avgidsshimx.sys [21272]
O58 - SDL:2014-06-17 - 15:22:02 ---A- . (.AVG Technologies CZ, s.r.o. - AVG AVI Loader Driver.) -- C:\Windows\System32\Drivers\avgldx86.sys [188696]
O58 - SDL:2014-06-17 - 15:18:00 ---A- . (.AVG Technologies CZ, s.r.o. - AVG Logging Driver.) -- C:\Windows\System32\Drivers\avglogx.sys [241944]
O58 - SDL:2014-06-17 - 15:06:24 ---A- . (.AVG Technologies CZ, s.r.o. - AVG Resident Shield Minifilter Driver.) -- C:\Windows\System32\Drivers\avgmfx86.sys [98584]
O58 - SDL:2014-06-17 - 15:06:22 ---A- . (.AVG Technologies CZ, s.r.o. - AVG Anti-Rootkit Driver.) -- C:\Windows\System32\Drivers\avgrkx86.sys [27416]
O58 - SDL:2014-06-17 - 15:21:22 ---A- . (.AVG Technologies CZ, s.r.o. - AVG Network connection watcher.) -- C:\Windows\System32\Drivers\avgtdix.sys [197400]
O58 - SDL:2009-12-14 - 11:44:24 ---A- . (.Infowatch - Cryptographic Algorithm Lib Driver..) -- C:\Windows\System32\Drivers\CSCrySec.sys [88632]
O58 - SDL:2009-12-14 - 11:44:24 ---A- . (.Infowatch - Virtual Volume Container Driver (wxp).) -- C:\Windows\System32\Drivers\CSVirtualDiskDrv.sys [39352]
O58 - SDL:2014-06-23 - 11:15:38 ---A- . (.Trusteer Ltd. - RapportKE.) -- C:\Windows\System32\Drivers\RapportKELL.sys [123544]
O58 - SDL:2007-12-20 - 20:02:06 ---A- . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function Driver.) -- C:\Windows\System32\Drivers\RTKVHDA.sys [2032280]
O58 - SDL:2010-06-23 - 08:21:32 ---A- . (.Realtek - Realtek 8136/8168/8169 NDIS6 32-bit Driver.) -- C:\Windows\System32\Drivers\Rtlh86.sys [259176]
O58 - SDL:2008-03-26 - 12:32:04 ---A- . (.CyberLink - WIN32.) -- C:\Windows\System32\Drivers\WSVD.sys [81192]
O58 - SDL:2006-11-02 - 02:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:2006-11-02 - 02:09:45 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:2006-11-02 - 02:09:41 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:2006-11-02 - 02:09:44 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:2006-11-02 - 02:09:44 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:2006-11-02 - 02:09:29 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:2006-11-02 - 02:09:35 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:2006-11-02 - 02:09:38 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:2006-11-02 - 02:09:40 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:2006-11-02 - 02:09:31 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:2006-11-02 - 02:09:20 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:2006-11-02 - 02:09:23 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:2006-11-02 - 02:09:24 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:2006-11-02 - 02:09:26 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:2006-11-02 - 02:09:22 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 32 Scanned in 01mn 09s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 2014-08-06 - 09:50:57 ---A- . (.Client Connect LTD.) -- C:\Users\Bernard\AppData\Local\Temp\SPSetup.exe [6837632]
O61 - LFC: 2014-08-10 - 09:51:15 ---A- . (.AVG Technologies.) -- C:\Users\Bernard\Downloads\avg_isc_stb_all_2014_4089 (1).exe [4409080]
O61 - LFC: 2014-08-10 - 09:51:15 ---A- . (.AVG Technologies.) -- C:\Users\Bernard\Downloads\avg_isc_stb_all_2014_4089 (2).exe [4409080]
O61 - LFC: 2014-08-10 - 09:51:15 ---A- . (.AVG Technologies.) -- C:\Users\Bernard\Downloads\avg_isc_stb_all_2014_4089.exe [4409080]
O61 - LFC: 2014-08-11 - 09:51:17 ---A- . (.Nicolas Coolman.) -- C:\Users\Bernard\Downloads\ZHPDiag2.exe [6860008] =>.Nicolas Coolman
~ 749 Fichiers temporaires (Temporary files)
~ 1205 Fichiers cookies (Cookies files)
~ Files: 5 Scanned in 00mn 37s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 2014-06-30 - C:\Windows\System32\DRIVERS\avgdiskx.sys (Avgdiskx) .(.AVG Technologies CZ, s.r.o. - AVG File Vault Driver.) - LEGACY_AVGDISKX
O64 - Services: CurCS - 2013-09-26 - C:\Windows\System32\DRIVERS\avgfwd6x.sys (Avgfwfd) .(.AVG Technologies CZ, s.r.o. - AVG Filter Driver.) - LEGACY_AVGFWFD
O64 - Services: CurCS - 2014-06-17 - C:\Windows\System32\DRIVERS\avgidsdriverx.sys (AVGIDSDriver) .(.AVG Technologies CZ, s.r.o. - AVG IDS Application Activity Monitor Driver.) - LEGACY_AVGIDSDRIVER
O64 - Services: CurCS - 2014-06-17 - C:\Windows\System32\DRIVERS\avgidshx.sys (AVGIDSHX) .(.AVG Technologies CZ, s.r.o. - AVG Application Activity Monitor Helper Dri.) - LEGACY_AVGIDSHX
O64 - Services: CurCS - 2014-06-17 - C:\Windows\System32\DRIVERS\avgidsshimx.sys (AVGIDSShim) .(.AVG Technologies CZ, s.r.o. - AVG IDS Application Activity Monitor Loader.) - LEGACY_AVGIDSSHIM
O64 - Services: CurCS - 2014-06-17 - C:\Windows\System32\DRIVERS\avgldx86.sys (Avgldx86) .(.AVG Technologies CZ, s.r.o. - AVG AVI Loader Driver.) - LEGACY_AVGLDX86
O64 - Services: CurCS - 2014-06-17 - C:\Windows\System32\DRIVERS\avglogx.sys (Avglogx) .(.AVG Technologies CZ, s.r.o. - AVG Logging Driver.) - LEGACY_AVGLOGX
O64 - Services: CurCS - 2014-06-17 - C:\Windows\System32\DRIVERS\avgmfx86.sys (Avgmfx86) .(.AVG Technologies CZ, s.r.o. - AVG Resident Shield Minifilter Driver.) - LEGACY_AVGMFX86
O64 - Services: CurCS - 2014-06-17 - C:\Windows\System32\DRIVERS\avgrkx86.sys (Avgrkx86) .(.AVG Technologies CZ, s.r.o. - AVG Anti-Rootkit Driver.) - LEGACY_AVGRKX86
O64 - Services: CurCS - 2014-06-17 - C:\Windows\System32\DRIVERS\avgtdix.sys (Avgtdix) .(.AVG Technologies CZ, s.r.o. - AVG Network connection watcher.) - LEGACY_AVGTDIX
O64 - Services: CurCS - 2006-12-22 - C:\Windows\system32\drivers\MGHwCtrl.sys (MGHwCtrl) .(.Windows (R) Codename Longhorn DDK provider - MGHwCtrl Driver using WDF.) - LEGACY_MGHWCTRL
O64 - Services: CurCS - 2014-07-15 - C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_69108.sys (RapportCerberus_69108) .(...) - LEGACY_RAPPORTCERBERUS_69108 =>.Cerberus
O64 - Services: CurCS - 2014-06-23 - C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (RapportEI) .(.Trusteer Ltd. - RapportEI.) - LEGACY_RAPPORTEI
O64 - Services: CurCS - 2014-06-23 - C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG) .(.Trusteer Ltd. - RapportPG.) - LEGACY_RAPPORTPG
O64 - Services: CurCS - 2006-11-02 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Legacy: 95 Scanned in 00mn 12s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> [HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.cmd> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> [HKLM\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d'événements.) -- C:\Windows\System32\eventvwr.exe
O67 - Shell Spawning: <.exe> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O67 - Shell Spawning: <.js> [HKLM\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> [HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: <.scr> [HKLM\..\open\Command] (...) -- "%1" /S
O67 - Shell Spawning: <.exe> [HKCU\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 14 Scanned in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Users\Bernard\AppData\Local\exi.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] C3070A7F17264693A2B5EC346031F236 - (midicairus2 Customized Web Search) - http://search.conduit.com =>Toolbar.Midicairus
O69 - SBI: SearchScopes [HKCU] {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} [DefaultScope] - (Trovi search) - http://search.conduit.com
O69 - SBI: SearchScopes [HKCU] {0B4A10D1-FBD6-451d-BFDA-F03252B05984} - (AIM Search) - http://slirsredirect.search.aol.com
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Search the web (Babylon)) - http://search.babylon.com =>PUP.Babylon
O69 - SBI: SearchScopes [HKCU] {511F05FE-747C-41A7-8384-74F3C6A00AB1} - (Search Results) - http://dts.search-results.com =>PUP.SearchResults
O69 - SBI: SearchScopes [HKCU] {5F4CD3A4-AF71-4219-B771-0A5C6ECA43AA} - (Fast Browser Search) - http://www.fastbrowsersearch.com =>PUP.FbSearch
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {6A7B05BC-75E4-4368-BD9C-5DE505DA014E} - (Ask Search) - http://websearch.ask.com =>Toolbar.Ask
O69 - SBI: SearchScopes [HKCU] {8A96AF9E-4074-43b7-BEA3-87217BDA74C8} - (Web Search) - http://www.searchqu.com =>PUP.Datamngr
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} - (Search Results) - http://dts.search-results.com =>PUP.SearchResults
O69 - SBI: SearchScopes [HKCU] {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} - (Funmoods) - http://searchfunmoods.com =>PUP.Funmoods
O69 - SBI: SearchScopes [HKCU] {BE28C22E-F666-424d-B5FD-125C4AFEE34E} - (MyHeritage Search) - http://search.myheritage.com
O69 - SBI: SearchScopes [HKCU] {C04B7D22-5AEC-4561-8F49-27F6269208F6} - (Inbox Recherche) - http://www2.inbox.com
O69 - SBI: SearchScopes [HKCU] {CD10120B-C165-4f8d-8C74-639629E238FF} - (MyStart Search) - http://mystart.magentic.com =>Spyware.VMNToolbar
O69 - SBI: SearchScopes [HKCU] {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} - (MyStart Search) - http://mystart.incredimail.com =>Spyware.VMNToolbar
~ Keys: Scanned in 00mn 00s



---\\ Enumère les service demarrés par Svchost (SSS) (O83)
O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Service Expérience d’application.) -- C:\Windows\System32\aelupsvc.dll [24576]
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Rapports et solutions aux problèmes.) -- C:\Windows\System32\wercplsupport.dll [62976]
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Dll des services Windows Shell.) -- C:\Windows\System32\shsvcs.dll [247808]
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Service de propagation de certificats de cartes à puce Microsoft.) -- C:\Windows\System32\certprop.dll [40448]
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Service de propagation de certificats de cartes à puce Microsoft.) -- C:\Windows\System32\certprop.dll [40448]
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - DLL du service Serveur.) -- C:\Windows\System32\srvsvc.dll [125952]
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Client de stratégie de groupe.) -- C:\Windows\System32\gpsvc.dll [576512]
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - Extension IKE.) -- C:\Windows\System32\ikeext.dll [444928]
O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Service Audio Windows.) -- C:\Windows\System32\Audiosrv.dll [315392]
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Gestionnaire de numérotation automatique d’accès distant.) -- C:\Windows\System32\rasauto.dll [90624]
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Gestionnaire de connexions d'accès distant.) -- C:\Windows\System32\rasmans.dll [262144]
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Gestionnaire d’interface dynamique.) -- C:\Windows\System32\mprdim.dll [68608]
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - Service de notification d’événements système (SENS).) -- C:\Windows\System32\sens.dll [47104]
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Composants de l'application d'assistance à Microsoft NAT.) -- C:\Windows\System32\ipnathlp.dll [288256]
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Serveur de téléphonie Microsoft® Windows(TM).) -- C:\Windows\System32\tapisrv.dll [242688]
O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Gestionnaire des connexions distantes Terminal Server.) -- C:\Windows\System32\termsrv.dll [449024]
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Agent de mise à jour automatique Windows Update.) -- C:\Windows\System32\wuaueng.dll [1933848]
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Service de transfert intelligent en arrière-plan.) -- C:\Windows\System32\qmgr.dll [758784]
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Dll des services Windows Shell.) -- C:\Windows\System32\shsvcs.dll [247808]
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service offrant une connectivité IPv6 sur un réseau IPv4..) -- C:\Windows\System32\iphlpsvc.dll [200704]
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - DLL de service d'ouverture de session secondaire.) -- C:\Windows\system32\seclogon.dll [19968]
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Service Informations d’application.) -- C:\Windows\System32\appinfo.dll [33280]
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - Service de découverte iSCSI.) -- C:\Windows\System32\iscsiexe.dll [111616]
O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Service Planificateur de classes multimédias.) -- C:\Windows\System32\mmcss.dll [45056]
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\System32\profsvc.dll [153088]
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Service EAPHost Microsoft.) -- C:\Windows\System32\eapsvc.dll [57344]
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\System32\wbem\WMIsvc.dll [162304]
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Service du Planificateur de tâches.) -- C:\Windows\System32\schedsvc.dll [601600]
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Service de configuration des services Terminal Server.) -- C:\Windows\System32\sessenv.dll [84992]
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - DLL du service Explorateur d’ordinateurs.) -- C:\Windows\System32\browser.dll [81920]
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Service Gestion des clés.) -- C:\Windows\System32\kmsvc.dll [68096]
~ Services: 31 Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.48E78A116CEE57047B36334CD73F5314] [SPRF][2014-08-10] (...) -- C:\ProgramData\ntuser.dat [262144]
[MD5.561DCFBAE6D788C48EB08C793F7B9876] [SPRF][2013-06-18] (...) -- C:\Users\Bernard\Desktop\Rainlendar-Lite-2-11-1-32bit.exe [14871560]
[MD5.8CE7705CB43B03BB7970B04087C7758F] [SPRF][2006-06-30] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\Windows\Downloaded Program Files\dwusplay.dll [29616]
[MD5.01E2ECA759056F23C73A035FDABB2D6D] [SPRF][2006-06-30] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\Windows\Downloaded Program Files\dwusplay.exe [201648]
[MD5.2D54DAECBA60EB03F9E63DD50669F634] [SPRF][2008-10-24] (.Macrovision Corporation - Macrovision Software Manager Web Agent.) -- C:\Windows\Downloaded Program Files\isusweb.dll [488736]
~ Files: 5 Scanned in 00mn 00s



---\\ Export de clés de registre aléatoires (O91)
[HKCU\Software\5e57dfd9b16ebe17\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.5.1005.80]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\5e57dfd9b16ebe17\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.5.1005.80]:version="2.5.1005.80" =>Hijacker.Eazel
[HKCU\Software\5e57dfd9b16ebe17] =>PUP.Babylon^
[HKCU\Software\5e57dfd9b16ebe17]:version="2.5.1005.80" =>Hijacker.Eazel
[HKLM\Software\5e57dfd9b16ebe17]:version="2.5.1005.80" =>Hijacker.Eazel
~ Export Key Software: Scanned in 00mn 00s



---\\ Recherche de clés de registre CLSID (O101)
[HKCR\CLSID\{1602F07D-8BF3-4c08-BDD6-DDDB1C48AEDC}] (ClickPotatoLite Info Class) =>Adware.ClickPotato
[HKCR\CLSID\{28387537-e3f9-4ed7-860c-11e69af4a8a0}] (Wincore Mediabar) =>PUP.iMesh
[HKCR\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}] (WajamDownloader Class) =>PUP.Wajam
[HKCR\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}] (Searchqu Toolbar) =>PUP.Datamngr
[HKCR\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}] (Wajam) =>PUP.Wajam
[HKCR\CLSID\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5}] (ClickPotatoLite UserProfiles Class) =>Adware.ClickPotato
[HKCR\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}] (BandooCore Class) =>Adware.Bandoo
~ BCK: 7276 Scanned in 00mn 29s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 2014-07-14 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 2010-03-28 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 2010-03-28 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 2008-08-13 313840 | (Roxio UPnP Renderer 11) . (.Sonic Solutions.) - C:\Program Files\Roxio Creator 2009 Special Edition\Digital Home 11\RoxioUPnPRenderer11.exe
SS - | Auto 2008-08-13 367088 | (Roxio Upnp Server 11) . (.Sonic Solutions.) - C:\Program Files\Roxio Creator 2009 Special Edition\Digital Home 11\RoxioUpnpService11.exe
SS - | Auto 1658-07-10 0 | (RoxLiveShare10) . (...) - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
SS - | Auto 2008-08-13 309744 | (RoxLiveShare11) . (.Sonic Solutions.) - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe
SS - | Demand 2009-01-09 1122304 | (RoxMediaDB11) . (.Sonic Solutions.) - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe
SS - | Auto 2008-08-13 170480 | (RoxWatch11) . (.Sonic Solutions.) - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe
SS - | Auto 2013-10-23 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SR - | Auto 2013-12-18 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 2008-03-29 667648 | (Ati External Event Utility) . (.ATI Technologies Inc..) - C:\Windows\System32\Ati2evxx.exe
SR - | Auto 2014-07-10 1417160 | (avgfws) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\AVG2014\avgfws.exe
SR - | Auto 2014-07-10 3244048 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\AVG2014\avgidsagent.exe
SR - | Auto 2014-07-10 289328 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
SR - | Auto 2014-08-06 2982336 | (CltMngSvc) . (.Client Connect LTD.) - C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe =>PUP.SearchProtect
SR - | Auto 2007-08-23 61440 | (NishService) . (...) - C:\Program Files\LG Software\System Control Manager\edd.exe
SR - | Auto 2007-02-12 65536 | (o2flash) . (.O2Micro International.) - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
SR - | Auto 2014-06-23 1886488 | (RapportMgmtService) . (.Trusteer Ltd..) - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
SR - | Auto 2013-08-27 93072 | (TomTomHOMEService) . (.TomTom.) - D:\TomTom HOME 2\TomTomHOMEService.exe
SR - | Auto 2013-03-28 109064 | (WajamUpdater) . (.Wajam.) - C:\Program Files\Wajam\Updater\WajamUpdater.exe =>PUP.Wajam
SR - | Auto 2008-01-20 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 2008-11-09 602392 | (YahooAUService) . (.Yahoo! Inc..) - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
~ Services: Scanned in 00mn 30s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Bernard at 2014-08-11 09:53:37
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll
1 ntkrnlpa!IofCallDriver[0x86C82916] >> \Device\Harddisk0\DR0[0x8ABFEAC8]
3 CLASSPNP[0x8F1AE8B3] >> ntkrnlpa!IofCallDriver[0x86C82916] >> [0x8A525620]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 12 Scanned in 00mn 02s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Bernard at 2014-08-11 09:53:40
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : 13026 - (2014-08-09)
Clés trouvées (Keys found) : 221
Valeurs trouvées (Values found) : 4
Dossiers trouvés (Folders found) : 50
Fichiers trouvés (Files found) : 39

[HKLM\Software\Google\Chrome\Extensions\booedmolknjekdopkepjjeckmjkdpfgl] =>PUP.Manager^
[HKLM\Software\Google\Chrome\Extensions\flpcjncodpafbgdpnkljologafpionhb] =>PUP.Manager^
[HKLM\Software\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn] =>PUP.SweetIM^
[HKLM\Software\Google\Chrome\Extensions\kicbefokomboipccpmfmeomobpijbnie] =>Toolbar.Midicairus^
[HKLM\Software\Google\Chrome\Extensions\lonndllmbldmmoefheenkmgkencnkdkh] =>Toolbar.KeyBar^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}] =>PUP.iMesh^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}] =>PUP.Datamngr^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}] =>PUP.Wajam^
[HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc] =>PUP.SearchProtect^
[HKLM\SYSTEM\CurrentControlSet\Services\WajamUpdater] =>PUP.Wajam^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}] =>Hijacker.Eazel^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\TBSB07183.TBSB07183Toolbar] =>PUP.FbSearch^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\QuestScan] =>Adware.QuestScan^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect] =>PUP.SearchProtect^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport2] =>Adware.ShopperReports^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}] =>PUP.Software.Updater^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\VisualBee for Microsoft PowerPoint] =>Adware.VisualBeeToolbar^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Wajam] =>PUP.Wajam^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\fst_ca_67_is1] =>Adware.FreeSoftToday^
[HKLM\Software\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}] =>PUP.Funmoods
[HKLM\Software\Classes\Interface\{030C9927-10FC-4169-97A2-55BECD5D88D8}] =>Adware.SmartShopper
[HKLM\Software\Classes\AppID\{055069F3-F78B-4BD1-A277-FE66648D3300}] =>PUP.Fbsearch
[HKLM\Software\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}] =>Adware.Bandoo
[HKLM\Software\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}] =>Toolbar.Wajam
[HKLM\Software\Classes\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C}] =>Adware.ShopperReports
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>PUP.Babylon
[HKLM\Software\Classes\AppID\{1301a8a5-3dfb-4731-a162-b357d00c9644}] =>Adware.Bandoo
[HKLM\Software\Classes\CLSID\{1602F07D-8BF3-4c08-BDD6-DDDB1C48AEDC}] =>Adware.ClickPotato
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602F07D-8BF3-4c08-BDD6-DDDB1C48AEDC}] =>Adware.ClickPotato
[HKLM\Software\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}] =>Toolbar.Wajam
[HKLM\Software\Classes\CLSID\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}] =>Adware.Bandoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}] =>Toolbar.Agent
[HKLM\Software\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}] =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{2a42d13c-d427-4787-821b-cf6973855778}] =>Adware.Agent
[HKLM\Software\Classes\TypeLib\{3088c799-9630-4719-a471-4544d7cabc2d}] =>Trojan.BHO
[HKLM\Software\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}] =>Adware.iWinArcade
[HKLM\Software\Classes\Interface\{3d8478aa-7b88-48a9-8bcb-b85d594411ec}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{419EDA30-6DFF-432C-B534-E15D899ABEE4}] =>Adware.ClickPotato
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624f4-c5dd-4e1d-bdd0-1e9c9b7799cc}] =>Adware.Bandoo
[HKLM\Software\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}] =>Toolbar.Wajam
[HKLM\Software\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}] =>Toolbar.Wajam
[HKLM\Software\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{45D59156-647B-4B06-B20E-0E297A1077BD}] =>Trojan.BHO
[HKLM\Software\Classes\Interface\{477f210a-2a86-4666-9c4b-1189634d2c84}] =>Adware.Bandoo
[HKLM\Software\Classes\Interface\{4897bba6-48d9-468c-8efa-846275d7701b}] =>Adware.SocialSkinz
[HKLM\Software\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}] =>Toolbar.Wajam
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}] =>Toolbar.Agent
[HKLM\Software\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}] =>PUP.Software.Updater
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-cd68-4f36-8d02-8c43722ee5da}] =>Adware.Hotbar
[HKLM\Software\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}] =>PUP.Funmoods
[HKLM\Software\Classes\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}] =>Adware.Softomate
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}] =>Adware.Bandoo
[HKLM\Software\Classes\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}] =>Adware.Yontoo
[HKLM\Software\Classes\TypeLib\{814BAA91-DC22-4350-87D6-0C86E93F7F08}] =>Adware.ClickPotato
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}] =>Toolbar.Crawler
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8a96af9e-4074-43b7-bea3-87217bda74c8}] =>Adware.Bandoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}] =>PUP.Fbsearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}] =>PUP.Fbsearch
[HKLM\Software\Classes\CLSID\{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}] =>PUP.Fbsearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}] =>PUP.Fbsearch
[HKLM\Software\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}] =>Adware.Bandoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{91C18ED5-5E1C-4AE5-A148-A861DE8C8E16}] =>PUP.Fbsearch
[HKLM\Software\Classes\CLSID\{91C18ED5-5E1C-4AE5-A148-A861DE8C8E16}] =>PUP.Fbsearch
[HKLM\Software\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}] =>PUP.Funmoods
[HKLM\Software\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}] =>PUP.Funmoods
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}] =>Adware.Bandoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}] =>Adware.Bandoo
[HKLM\Software\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}] =>Adware.Bandoo
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9c8a3ca5-889e-4554-beec-ec0876e4e96a}] =>Adware.Bandoo
[HKLM\Software\Classes\Interface\{9ebb289a-2d7b-465b-825f-1530b813e95a}] =>Adware.Softomate
[HKLM\Software\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}] =>PUP.Software.Updater
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}] =>Adware.Softomate
[HKLM\Software\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}] =>PUP.Software.Updater
[HKLM\Software\Classes\Interface\{a1f1ecd3-4806-44c6-a869-f0dadf11c57c}] =>Adware.SmartShopper
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}] =>Toolbar.Agent
[HKLM\Software\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}] =>Toolbar.Agent
[HKLM\Software\Classes\TypeLib\{AA2E16F2-387A-415F-BA95-B89BAF3AF109}] =>PUP.Fbsearch
[HKLM\Software\Classes\CLSID\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5}] =>Adware.ClickPotato
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5}] =>Adware.ClickPotato
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
[HKLM\Software\Classes\TypeLib\{b035ba6b-57cd-4f72-b545-65be465fcaf6}] =>Adware.SmartShopper
[HKLM\Software\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}] =>Adware.Bandoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE}] =>Adware.ClickPotato
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}] =>PUP.Funmoods
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}] =>PUP.Funmoods
[HKLM\Software\Classes\CLSID\{bb76a90b-2b4c-4378-8506-9a2b6e16943c}] =>Adware.Bandoo
[HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}] =>Adware.ShopperReports
[HKLM\Software\Classes\Interface\{BE990A32-C2EC-4654-8FD0-26FECEA81998}] =>Trojan.BHO
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}] =>Toolbar.Agent
[HKLM\Software\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}] =>Adware.Bandoo
[HKLM\Software\Classes\TypeLib\{C55CA95C-324B-451C-B2D2-6E895AA75FEC}] =>Adware.ClickPotato
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}] =>PUP.Funmoods
[HKLM\Software\Classes\Interface\{cd5c92ae-97b0-4bc3-ba65-ba0308d543bf}] =>Adware.Softomate
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}] =>Adware.IncrediBar
[HKLM\Software\Classes\AppID\{D2083641-E57F-4eab-BB85-0582424F4A29}] =>Adware.Hotbar
[HKLM\Software\Classes\TypeLib\{D44FD6F0-9746-484E-B5C4-C66688393872}] =>Adware.ShopperReports
[HKLM\Software\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}] =>Toolbar.Wajam
[HKLM\Software\Classes\CLSID\{DD15BCC0-5FE9-4690-A957-99FA60ED9D26}] =>Adware.SmartShopper
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] =>Adware.Yontoo
[HKLM\Software\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}] =>Adware.BullseyeToolbar
[HKLM\Software\Classes\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}] =>Adware.SocialSkinz
[HKLM\Software\Classes\TypeLib\{f244a744-534d-4a46-855f-c0c7e9f27daa}] =>Adware.SmartShopper
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f9189560-573a-4fde-b055-ae7b0f4cf080}] =>Adware.Bandoo
[HKLM\Software\Classes\Interface\{ff871e51-2655-4d06-aed5-745962a96b32}] =>Adware.Bandoo
[HKLM\Software\Classes\AppID\bandoocore.exe] =>Adware.Bandoo
[HKLM\Software\Classes\AppID\BHO.DLL] =>Toolbar.Agent
[HKLM\Software\Classes\AppID\esrv.EXE] =>PUP.Babylon
[HKLM\Software\Classes\AppID\MenuButtonIE.DLL] =>Adware.ClickPotato
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine] =>Toolbar.Conduit
[HKLM\Software\Classes\bho.pshelper] =>Adware.BHO
[HKLM\Software\Classes\bho.pshelper.1] =>Adware.BHO
[HKLM\Software\Classes\comobject.deskbarenabler] =>Toolbar.Agent
[HKLM\Software\Classes\comobject.deskbarenabler.1] =>Toolbar.Agent
[HKLM\Software\Classes\Conduit.Engine] =>Toolbar.Conduit
[HKLM\Software\Classes\esrv.funmoodsESrvc] =>PUP.Funmoods
[HKLM\Software\Classes\esrv.funmoodsESrvc.1] =>PUP.Funmoods
[HKLM\Software\Classes\MenuButtonIE.ButtonIE] =>Adware.ClickPotato
[HKLM\Software\Classes\MenuButtonIE.ButtonIE.1] =>Adware.ClickPotato
[HKLM\Software\Classes\Updater.AmiUpd] =>PUP.Software.Updater
[HKLM\Software\Classes\Updater.AmiUpd.1] =>PUP.Software.Updater
[HKLM\Software\Classes\URLSearchHook.ToolbarURLSearchHook] =>Toolbar.Agent
[HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook.1] =>Adware.Agent
[HKLM\Software\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph] =>Hijacker.Eazel
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E] =>Toolbar.Ask
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater] =>Toolbar.Wajam
[HKLM\Software\Bandoo] =>Adware.Bandoo
[HKLM\Software\ClickPotatoLite] =>Adware.ClickPotato
[HKCU\Software\AppDataLow\Software\ConduitSearchScopes] =>Toolbar.Conduit
[HKCU\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\DataMngr] =>Adware.Bandoo
[HKCU\Software\funmoods] =>PUP.Funmoods
[HKLM\Software\funmoods] =>PUP.Funmoods
[HKCU\Software\iMesh] =>PUP.iMesh
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect] =>Toolbar.Conduit
[HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong
[HKLM\Software\QuestScan] =>Adware.QuestScan
[HKCU\Software\AppDataLow\Software\searchqutoolbar] =>Adware.Bandoo
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\AppDataLow\Software\Softonic_France] =>Toolbar.Conduit
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKCU\Software\Tutorials] =>Spyware.AgenceExclusive
[HKLM\Software\Tutorials] =>Spyware.AgenceExclusive
[HKCU\SOFTWARE\InstallCore\funmoods] =>PUP.Funmoods
[HKLM\Software\Classes\Prod.cap] =>PUP.Babylon
[HKLM\Software\Classes\AppID\priam_bho.DLL] =>Toolbar.Wajam
[HKLM\Software\VBMZ] =>Toolbar.Conduit
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKLM\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings] =>PUP.BProtector
[HKCU\Software\AppDataLow\Software\mediabarim] =>PUP.iMesh
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}] =>PUP.RebateInformer
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}] =>PUP.AppGraffiti
[HKLM\Software\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}] =>PUP.AppGraffiti
[HKLM\Software\Solid Savings] =>Adware.SolidSavings
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}] =>PUP.AppGraffiti
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}] =>Adware.SimilarSites
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}] =>Toolbar.Yahoo
[HKLM\Software\Classes\BandooCore.BandooCore] =>Adware.Bandoo
[HKLM\Software\Classes\BandooCore.BandooCore.1] =>Adware.Bandoo
[HKLM\Software\Classes\BandooCore.ResourcesMngr] =>Adware.Bandoo
[HKLM\Software\Classes\BandooCore.ResourcesMngr.1] =>Adware.Bandoo
[HKLM\Software\Classes\BandooCore.SettingsMngr] =>Adware.Bandoo
[HKLM\Software\Classes\BandooCore.SettingsMngr.1] =>Adware.Bandoo
[HKLM\Software\Classes\BandooCore.StatisticMngr] =>Adware.Bandoo
[HKLM\Software\Classes\BandooCore.StatisticMngr.1] =>Adware.Bandoo
[HKLM\Software\Classes\ClickPotatoLiteAx.Info] =>Adware.ClickPotato
[HKLM\Software\Classes\ClickPotatoLiteAx.Info.1] =>Adware.ClickPotato
[HKLM\Software\Classes\ClickPotatoLiteAX.UserProfiles] =>Adware.ClickPotato
[HKLM\Software\Classes\ClickPotatoLiteAX.UserProfiles.1] =>Adware.ClickPotato
[HKLM\Software\Classes\ShoppingReport2.HbAx] =>Adware.ShoppingReport
[HKLM\Software\Classes\ShoppingReport2.HbAx.1] =>Adware.ShoppingReport
[HKLM\Software\Classes\ShoppingReport2.HbInfoBand] =>Adware.ShoppingReport
[HKLM\Software\Classes\ShoppingReport2.HbInfoBand.1] =>Adware.ShoppingReport
[HKLM\Software\Classes\ShoppingReport2.IEButton] =>Adware.ShoppingReport
[HKLM\Software\Classes\ShoppingReport2.IEButton.1] =>Adware.ShoppingReport
[HKLM\Software\Classes\ShoppingReport2.IEButtonA] =>Adware.ShoppingReport
[HKLM\Software\Classes\ShoppingReport2.IEButtonA.1] =>Adware.ShoppingReport
[HKLM\Software\Classes\ShoppingReport2.RprtCtrl] =>Adware.ShoppingReport
[HKLM\Software\Classes\ShoppingReport2.RprtCtrl.1] =>Adware.ShoppingReport
[HKLM\Software\Classes\TBSB07183.IEToolbar] =>Toolbar.Agent
[HKLM\Software\Classes\TBSB07183.IEToolbar.1] =>Toolbar.Agent
[HKLM\Software\Classes\TBSB07183.TBSB07183] =>Toolbar.Agent
[HKLM\Software\Classes\TBSB07183.TBSB07183.3] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar.CT2542115] =>Toolbar.Conduit
[HKLM\Software\Classes\Toolbar.CT2724386] =>Toolbar.Conduit
[HKLM\Software\Classes\Toolbar.CT3244149] =>Toolbar.Conduit
[HKLM\Software\Classes\Toolbar.CT3281149] =>Toolbar.Conduit
[HKLM\Software\Classes\Toolbar.CT3284668] =>Toolbar.Conduit
[HKLM\Software\Classes\Toolbar3.MHTBPos00] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.MHTBPos00.1] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.XBTBPos00] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.XBTBPos00.1] =>Toolbar.Agent
[HKLM\Software\Classes\wajam.WajamBHO] =>PUP.Wajam
[HKLM\Software\Classes\wajam.WajamBHO.1] =>PUP.Wajam
[HKLM\Software\Classes\wajam.WajamDownloader] =>PUP.Wajam
[HKLM\Software\Classes\wajam.WajamDownloader.1] =>PUP.Wajam
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\Arpcache\ShoppingReport2] =>Adware.ShoppingReport
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\Arpcache\TBSB07183.TBSB07183Toolbar] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\Arpcache\Wajam] =>PUP.Wajam
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}] =>Adware.Bandoo^
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}] =>Adware.Bandoo^
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{99079a25-328f-4bd4-be04-00955acaa0a7} =>PUP.Datamngr^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:fst_ca_2 =>Adware.FreeSoftToday^
[HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{30F9B915-B755-4826-820B-08FBA6BD249D} =>Toolbar.Conduit
[HKLM\Software\Mozilla\Firefox\Extensions]:ClickPotatoLite@ClickPotatoLite.com =>Adware.ClickPotato
C:\Users\Bernard\AppData\Local\Google\Chrome\User Data\Default\Extensions\booedmolknjekdopkepjjeckmjkdpfgl =>PUP.Manager^
C:\Users\Bernard\AppData\Local\Google\Chrome\User Data\Default\Extensions\flpcjncodpafbgdpnkljologafpionhb =>PUP.Manager^
C:\Users\Bernard\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn =>PUP.SweetIM^
C:\Users\Bernard\AppData\Local\Google\Chrome\User Data\Default\Extensions\kicbefokomboipccpmfmeomobpijbnie =>Toolbar.Midicairus^
C:\Users\Bernard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lonndllmbldmmoefheenkmgkencnkdkh =>Toolbar.KeyBar^
C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\EP: RegExtension {58bd07eb-0ee0-4df0-8121-dc9b693373df} . (...) -- C:\extensions\ProgramData\BrowserProtect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension (.not file.) =>Hijacker.Eazel^
C:\Program Files\AppGraffiti =>PUP.AppGraffiti^
C:\Program Files\Bandoo =>Adware.Bandoo^
C:\Program Files\Bench =>PUP.GiganticSavings^
C:\Program Files\ClickPotatoLite =>Adware.ClickPotato^
C:\Program Files\DomaIQ Uninstaller =>Adware.DomaIQ^
C:\Program Files\fst_ca_67 =>Adware.FreeSoftToday^
C:\Program Files\iMesh Applications =>PUP.iMesh^
C:\Program Files\QuestScan =>Adware.QuestScan^
C:\Program Files\SearchProtect =>PUP.SearchProtect^
C:\Program Files\ShoppingReport2 =>Adware.ShoppingReport^
C:\Program Files\Wajam =>PUP.Wajam^
C:\ProgramData\Babylon =>PUP.Babylon^
C:\ProgramData\ClickPotatoLiteSA =>Adware.ClickPotato^
C:\ProgramData\QuestScan =>Adware.QuestScan^
C:\ProgramData\Tarma Installer =>PUP.Tarma^
C:\ProgramData\VisualBee =>Adware.VisualBeeToolbar^
C:\Users\Bernard\AppData\Roaming\Babylon =>PUP.Babylon^
C:\Users\Bernard\AppData\Roaming\Bandoo =>Adware.Bandoo^
C:\Users\Bernard\AppData\Roaming\ClickPotatoLite =>Adware.ClickPotato^
C:\Users\Bernard\AppData\Roaming\Funmoods =>PUP.Funmoods^
C:\Users\Bernard\AppData\Roaming\SearchProtect =>PUP.SearchProtect^
C:\Users\Bernard\AppData\Local\fst_ca_2 =>Adware.FreeSoftToday^
C:\Users\Bernard\AppData\Local\fst_ca_67 =>Adware.FreeSoftToday^
C:\Users\Bernard\AppData\Local\SearchProtect =>PUP.SearchProtect^
C:\Users\Bernard\AppData\Local\SwvUpdater =>PUP.Software.Updater^
C:\Users\Bernard\AppData\Local\VisualBeeClient =>Adware.VisualBeeToolbar^
C:\Users\Bernard\AppData\Local\VisualBeeExe =>Adware.VisualBeeToolbar^
C:\Users\Bernard\AppData\Local\Wajam =>PUP.Wajam^
C:\Users\Bernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect =>Hijacker.Eazel^
C:\Users\Bernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam =>PUP.Wajam^
C:\Program Files\Conduit =>Toolbar.Conduit
C:\Program Files\Family Toolbar =>Toolbar.Agent
C:\Program Files\SGPSA =>PUP.Fbsearch
C:\ProgramData\Conduit =>Toolbar.Conduit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\clickpotato =>Adware.ClickPotato
C:\Users\Bernard\AppData\Local\Conduit =>Toolbar.Conduit
C:\Users\Bernard\AppData\LocalLow\Bandoo =>Adware.Bandoo
C:\Users\Bernard\AppData\LocalLow\Conduit =>Toolbar.Conduit
C:\Users\Bernard\AppData\LocalLow\Funmoods =>PUP.Funmoods
C:\Users\Bernard\AppData\LocalLow\PriceGong =>Adware.PriceGong
C:\Users\Bernard\AppData\LocalLow\searchquband =>Adware.Bandoo
C:\Users\Bernard\AppData\LocalLow\ShoppingReport2 =>Adware.ShopperReports
C:\Users\Bernard\AppData\LocalLow\Softonic_France =>Toolbar.Conduit
C:\Users\Bernard\AppData\LocalLow\wincoreimband =>PUP.iMesh
C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe =>PUP.SearchProtect^
C:\Program Files\SearchProtect\UI\bin\cltmngui.exe =>PUP.SearchProtect^
C:\Program Files\Wajam\Updater\WajamUpdater.exe =>PUP.Wajam^
C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe =>PUP.SearchProtect^
C:\Program Files\Bench\Updater\updater.exe =>PUP.GiganticSavings^
C:\Windows\Tasks\AmiUpdXp.job =>PUP.Software.Updater^
C:\Windows\Tasks\bench-sys.job =>Hijacker.iHaveNet^
C:\Windows\System32\Tasks\bench-sys =>PUP.GiganticSavings^
C:\Windows\Tasks\bench-Updater removing.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\bench-Updater removing =>PUP.CrossRider^
[HKCU\Software\AppDataLow\Software\ShoppingReport2] =>Adware.ShoppingReport^
[HKCU\Software\AppDataLow\Software\Smartbar] =>Hijacker.SmartBar^
[HKCU\Software\AppDataLow\Software\Video-Saver] =>PUP.Video-Saver^
[HKCU\Software\Babylon] =>PUP.Babylon^
[HKCU\Software\Conduit] =>Toolbar.Conduit^
[HKCU\Software\Datamngr] =>PUP.Datamngr^
[HKCU\Software\Funmoods] =>PUP.Funmoods^
[HKCU\Software\ShoppingReport2] =>Adware.ShoppingReport^
[HKCU\Software\TutoTag] =>PUP.AgenceExclusive^
[HKCU\Software\Visualbee] =>Adware.VisualBeeToolbar^
[HKCU\Software\Wajam] =>PUP.Wajam^
[HKCU\Software\clickpotatolitesa] =>Adware.ClickPotato^
[HKCU\Software\freesofttoday] =>Adware.FreeSoftToday^
[HKLM\Software\Babylon] =>PUP.Babylon^
[HKLM\Software\Bench] =>PUP.GiganticSavings^
[HKLM\Software\Conduit] =>Toolbar.Conduit^
[HKLM\Software\FREESOFTTODAY] =>Adware.FreeSoftToday^
[HKLM\Software\Funmoods] =>PUP.Funmoods^
[HKLM\Software\Visualbee] =>Adware.VisualBeeToolbar^
[HKLM\Software\free_soft_to_day] =>Adware.FreeSoftToday^
[HKCU\Software\5e57dfd9b16ebe17\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.5.1005.80]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel^
[HKCU\Software\5e57dfd9b16ebe17] =>PUP.Babylon^^
[HKCR\CLSID\{1602F07D-8BF3-4c08-BDD6-DDDB1C48AEDC}] (ClickPotatoLite Info Class) =>Adware.ClickPotato^
[HKCR\CLSID\{28387537-e3f9-4ed7-860c-11e69af4a8a0}] (Wincore Mediabar) =>PUP.iMesh^
[HKCR\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}] (WajamDownloader Class) =>PUP.Wajam^
[HKCR\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}] (Searchqu Toolbar) =>PUP.Datamngr^
[HKCR\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}] (Wajam) =>PUP.Wajam^
[HKCR\CLSID\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5}] (ClickPotatoLite UserProfiles Class) =>Adware.ClickPotato^
[HKCR\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}] (BandooCore Class) =>Adware.Bandoo^
~ Additionnel Scan: 367945 Items scanned in 01mn 40s



---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/g0-page-de-demarrage-google-chrome/ =>.Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
~ http://nicolascoolman.fr/g2-google-chrome-extensions/ =>.Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects de navigateur (O2)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer Toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Clé de registre Shell MountPoints2 (MPKS) (O51)
~ AMI: 7 Scanned in 00mn 00s



---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.fr/pup-searchprotect =>PUP.SearchProtect
http://nicolascoolman.fr/pup-wajam =>PUP.Wajam
http://nicolascoolman.fr/pup-manager =>PUP.Manager
http://nicolascoolman.fr/pup-sweetim =>PUP.SweetIM
http://nicolascoolman.fr/hijacker-eazel =>Hijacker.Eazel
http://nicolascoolman.fr/pup-funmoods =>PUP.Funmoods
http://nicolascoolman.fr/pup-imesh =>PUP.iMesh
http://nicolascoolman.fr/pup-datamngr =>PUP.Datamngr
http://nicolascoolman.fr/hijacker-browsers =>Hijacker.Browsers
http://nicolascoolman.fr/adware-freesofttoday =>Adware.FreeSoftToday
http://nicolascoolman.fr/pup-giganticsavings =>PUP.GiganticSavings
http://nicolascoolman.fr/adware-bandoo =>Adware.Bandoo
http://nicolascoolman.fr/pup-software-updater =>PUP.Software.Updater
http://nicolascoolman.fr/hijacker-ihavenet =>Hijacker.iHaveNet
http://nicolascoolman.fr/pup-crossrider =>PUP.CrossRider
http://nicolascoolman.fr/27629963-pup-fbsearch =>PUP.FbSearch
http://nicolascoolman.fr/adware-questscan =>Adware.QuestScan
http://nicolascoolman.fr/adware-visualbeetoolbar =>Adware.VisualBeeToolbar
http://nicolascoolman.fr/adware-pricegong =>Adware.PriceGong
http://nicolascoolman.fr/adware-shoppingreport =>Adware.ShoppingReport
http://nicolascoolman.fr/hijacker-smartbar =>Hijacker.SmartBar
http://nicolascoolman.fr/toolbar-conduit =>Toolbar.Conduit
http://nicolascoolman.fr/pup-videosaver =>PUP.Video-Saver
http://nicolascoolman.fr/pup-babylon =>PUP.Babylon
http://nicolascoolman.fr/adware-installcore =>Adware.InstallCore
http://nicolascoolman.fr/spyware-agenceexclusive =>PUP.AgenceExclusive
http://nicolascoolman.fr/adware-clickpotato =>Adware.ClickPotato
http://nicolascoolman.fr/adware-solidsavings =>Adware.SolidSavings
http://nicolascoolman.fr/pup-tarma =>PUP.Tarma
http://nicolascoolman.fr/pup-duuqu =>PUP.Duuqu
http://nicolascoolman.fr/pup-appgraffiti =>PUP.AppGraffiti
http://nicolascoolman.fr/adware-domaiq =>Adware.DomaIQ
http://nicolascoolman.fr/pup-searchresults =>PUP.SearchResults
http://nicolascoolman.fr/toolbar-ask =>Toolbar.Ask
http://nicolascoolman.fr/spyware-vmntoolbar =>Spyware.VMNToolbar
http://nicolascoolman.fr/adware-iwinarcade =>Adware.iWinArcade
http://nicolascoolman.fr/adware-socialskinz =>Adware.SocialSkinz
http://nicolascoolman.fr/adware-hotbar =>Adware.Hotbar
http://nicolascoolman.fr/adware-softomate =>Adware.Softomate
http://nicolascoolman.fr/adware-yontoo =>Adware.Yontoo
http://nicolascoolman.fr/adware-incredibar =>Adware.IncrediBar
http://nicolascoolman.fr/adware-bullseyetoolbar =>Adware.BullseyeToolbar
http://nicolascoolman.fr/pup-bprotector =>PUP.BProtector
http://nicolascoolman.fr/pup-rebateinformer =>PUP.RebateInformer
http://nicolascoolman.fr/adware-similarsites =>Adware.SimilarSites
~ MSI: 45 link(s) detected in 00mn 00s



End of the scan (1868 lines in 09mn 42s)(0)