Rapport de ZHPDiag v2013.4.26.155 par Nicolas Coolman, Update du 26/04/2013 Run by Utilisateur at 27/04/2013 18:54:28 State : Version à jour. WhiteList : Enable High Elevated Privileges : OK UAC : Deactivate by user ---\\ Web Browser MSIE: Internet Explorer v9.0.8112.16421 (Defaut) GCIE: Google Chrome ---\\ Windows Product Information ~ Langage: Français Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ~ Windows(R) 7, OEM_COA_NSLP channel Windows ID Activation : OK ~ Windows Partial Key : 7PQRC Windows License : OK ~ Windows Remaining Initializations Number : 3 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ System Protection Avira Free Antivirus v13.0.0.2678 Windows Defender W7 ---\\ System Optimizer CCleaner v3.09 ---\\ Software Update Adobe Flash Player 11 ActiveX Adobe Reader X Java 7 Update 21 ---\\ System Information ~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 6125 MB (31% free) System Restore: Activé (Enable) System drive C: has 260 GB (27%) free of 931 GB ---\\ Logged in mode ~ Computer Name: UTILISATEUR-PC ~ User Name: Utilisateur ~ All Users Names: Utilisateur, UpdatusUser, HomeGroupUser$, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Users\Utilisateur\AppData\Roaming\ ~ %Desktop% : C:\Users\Utilisateur\Desktop\ ~ %Favorites% : C:\Users\Utilisateur\Favorites\ ~ %LocalAppData% : C:\Users\Utilisateur\AppData\Local\ ~ %StartMenu% : C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 260 Go of 931 Go) D:\ CD-ROM drive (Not Inserted) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK ~ Security Center: Scanned in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808] [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024] [MD5.A4F6142CABA82FB7293ECE5FF864B440] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/02/2013 - 07:20:51.) -- C:\Windows\System32\wininet.dll [1392128] [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.21/11/2010 - 04:24:29.) -- C:\Windows\System32\Winlogon.exe [390656] [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448] [MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688] [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128] [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160] [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456] [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400] [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368] [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472] [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224] [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208] [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632] [MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680] [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280] [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536] [MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/11/2010 - 04:25:07.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888] [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184] [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296] [MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808] ~ Generic Processes: Scanned in 00mn 05s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 2/371 ~ Mes musiques (My Musics) : 1/632 ~ Mes Videos (My Videos) : 2/3 ~ Mes Favoris (My Favorites) : 1/31 ~ Mes Documents (My Documents) : 2/3381 ~ Mon Bureau (My Desktop) : 1/29455 ~ Menu demarrer (Programs) : 1/53 ~ Hidden Files: Scanned in 01mn 25s ---\\ Processus lancés [MD5.9EB4CDA2DFC1A555292CDC23205F10A8] - (.Microsoft Corporation - Windows Live Family Safety Filter.) -- C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe [892416] [PID.2924] [MD5.5B8E2CA848D2336013D46701CC1DD5F8] - (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345312] [PID.592] [MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816] [PID.1988] [MD5.32732CEDE2A1106B736EF3D84054EE04] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe [757376] [PID.960] [MD5.3B7AE505DA03E0CE115754D293E5CF3D] - (.BioWare, A Division of Electronic Arts - Star Wars: The Old Republic.) -- C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\swtor\RetailClient\swtor.exe [26511736] [PID.4916] [MD5.B55A4A88D4DA4BA371EE48EEF80703BD] - (.Avira Operations GmbH & Co. KG - Avira On-Demand Scanner.) -- C:\program files (x86)\avira\antivir desktop\avscan.exe [639712] [PID.4872] [MD5.652D5CF223D646D8427FB76B2E174898] - (.Avira Operations GmbH & Co. KG - Avira Notification Tool.) -- C:\program files (x86)\avira\antivir desktop\avnotify.exe [285408] [PID.5700] [MD5.8E5D36B7ACE957B33941D0A35DC3712B] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7027200] [PID.5368] [MD5.81F177C1954453AF407604160BD149CB] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [383264] [PID.896] [MD5.E41F55D0B71734BB68FF26963EB250E4] - (.Avira Operations GmbH & Co. KG - Avira Scheduler.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86752] [PID.1460] [MD5.880AE0BEDE234F27AC252049373B8CB9] - (.Avira Operations GmbH & Co. KG - Avira On-Access Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110816] [PID.1604] [MD5.4FE5C6D40664AE07BE5105874357D2ED] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [57008] [PID.1632] [MD5.812E1BA5C52A78F13EA6AA10DF708B1D] - (.Microsoft Corporation - Windows Live Family Safety Service.) -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [1512448] [PID.1932] [MD5.205E1B699FD3F2F9B036EEA2EC30C620] - (...) -- C:\Windows\SysWOW64\PnkBstrA.exe [76888] [PID.1992] [MD5.B7C53DA1C73FF39F4A6248643EFD979A] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1266464] [PID.4088] ~ Processes Running: Scanned in 00mn 16s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Default\Preferences ~ Google Browser: Scanned in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\Utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js C:\Users\Utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\0\user.js C:\Users\Utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js (.not file.) C:\Users\Utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js ~ Firefox Browser: 2 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do =>Hijacker.SmartBar R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do =>Hijacker.SmartBar ~ IE Browser: 16 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Redirection du fichier Hosts (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: Searchqu Toolbar [64Bits] - {99079a25-328f-4bd4-be04-00955acaa0a7} . (.Pas de propriétaire - dtx Dynamic Link Library.) -- C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll =>PUP.Datamngr O2 - BHO: DataMngr [64Bits] - {9D717F81-9148-4f12-8568-69135F087DB0} . (.Bandoo Media, inc - Url Helper.) -- C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll =>PUP.Datamngr O2 - BHO: Bruowse2saavee [64Bits] - {E7FEB151-7722-9FE4-43F4-9DDE1E584E35} . (...) -- C:\ProgramData\Bruowse2saavee\514ca590b1426.dll O2 - BHO: smartdownloader Class [64Bits] - {F1AF26F8-1828-4279-ABCE-074EF3235BD7} Clé orpheline ~ BHO: 8 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: (no name) [64Bits] - [HKLM]{ae07101b-46d4-4a98-af68-0333ea26e113} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [fssui] . (.Microsoft Corporation - Windows Live Family Safety Filter.) -- C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe O4 - HKCU\..\Run: [AdobeUpdates] . (...) -- C:\Users\Utilisateur\AppData\Local\Temp\hemxccaptft.exe O4 - HKLM\..\Wow6432Node\Run: [amd_dc_opt] . (.AMD - AMD Dual-Core Optimizer.) -- C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-21-2325942318-244056531-1732827896-1006\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-21-2325942318-244056531-1732827896-1006\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe ~ Application: Scanned in 00mn 01s ---\\ Autres liens utilisateurs (O4) O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe O4 - GS\Programs: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Programs: PlanetSide 2 Beta.lnk . (...) -- C:\Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2 Beta\LaunchPad.exe (.not file.) O4 - GS\QuickLaunch: Disk Speedup.lnk . (.Systweak Inc., (www.systweak.com) - Disk Speedup - Disk SpeedUp.) -- C:\Program Files (x86)\Disk Speedup\DSU.exe O4 - GS\QuickLaunch: Free Ipod Video Converter.lnk . (.Koyote Soft - Free iPod Video converter.) -- C:\Program Files (x86)\Free iPod video Converter\IPODConverter.exe O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch: monAlbumPhoto.lnk . (.monAlbumPhoto - monAlbumPhoto.) -- C:\Program Files (x86)\monAlbumPhoto\monAlbumphoto.exe O4 - GS\QuickLaunch: WinMend Auto Shutdown.lnk . (.WinMend.com - WinMend Auto Shutdown.) -- C:\Program Files (x86)\WinMend\Auto Shutdown\AutoShutdown.exe O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\Windows\system32\eudcedit.exe O4 - GS\SendTo: AVS Mobile Uploader.lnk . (.Online Media Technologies Ltd. - AVS Mobile Uploader.) -- C:\Program Files (x86)\Common Files\AVSMedia\MobileUploader\AVSMobileUploader.exe O4 - GS\SendTo: AVS Video Burner.lnk . (.Online Media Technologies Ltd. - AVS Video Burner.) -- C:\Program Files (x86)\Common Files\AVSMedia\BurnerService\AVSVideoBurner.exe O4 - GS\SendTo: AVS Video Uploader.lnk . (.Online Media Technologies Ltd. - AVS Video Uploader.) -- C:\Program Files (x86)\Common Files\AVSMedia\VideoUploader\AVSVideoUploader.exe O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe O4 - GS\Desktop: AVS Video Converter.lnk . (.Online Media Technologies Ltd. - Video Converter.) -- C:\Program Files (x86)\AVS4YOU\AVSVideoConverter\AVSVideoConverter.exe O4 - GS\Desktop: EVEREST Ultimate Edition.lnk . (.Lavalys, Inc. - EVEREST Ultimate Edition.) -- C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\everest.exe O4 - GS\Desktop: Fichiers d’installation Norton.lnk . (...) -- C:\Users\Public\Downloads\Norton\{N360203036-SHPD-FSD33017} O4 - GS\Desktop: SpeedFan.lnk . (.Almico Software (www.almico.com) - Pas de description.) -- C:\Program Files (x86)\SpeedFan\speedfan.exe O4 - Global Startup: C:\Users\Utilisateur\Desktop\Tomb Raider.url . (...) -- C:\Users\Utilisateur\Desktop\Tomb Raider.url O4 - GS\Desktop: Usenet.nl.lnk . (...) -- C:\Program Files (x86)\Usenet.nl\Usenet.nl.exe O4 - GS\Desktop: WinMend Auto Shutdown.lnk . (.WinMend.com - WinMend Auto Shutdown.) -- C:\Program Files (x86)\WinMend\Auto Shutdown\AutoShutdown.exe ~ Global Startup: Scanned in 00mn 03s ---\\ Site dans la Zone de confiance d'Internet Explorer (O15) O15 - Trusted Zone: [HKCU\...\Domains] *.clonewarsadventures.com O15 - Trusted Zone: [HKCU\...\Domains] *.freerealms.com O15 - Trusted Zone: [HKCU\...\Domains] *.soe.com O15 - Trusted Zone: [HKCU\...\Domains] *.sony.com ~ IE Zone Confiance: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{2B806D4D-21EA-4DC2-8691-35BC16832499}: DhcpNameServer = 10.2.0.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{A0747BAE-9A03-45B5-8B11-714148A788CE}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{2B806D4D-21EA-4DC2-8691-35BC16832499}: DhcpNameServer = 10.2.0.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{A0747BAE-9A03-45B5-8B11-714148A788CE}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{2B806D4D-21EA-4DC2-8691-35BC16832499}: DhcpNameServer = 10.2.0.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{A0747BAE-9A03-45B5-8B11-714148A788CE}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlmailhtml [64Bits] - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (...) -- O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - AppInit_DLLs: . (.Bandoo Media, inc - Data Manager.) - C:\Program Files (x86)\SEARCH~1\Datamngr\x64\datamngr.dll =>Adware.Bandoo ~ AppInit DLL: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: DSUDiskOptimizer (DSUDiskOptimizer) . (.Systweak Inc., (www.systweak.com) - Disk Speedup - Defrag Service.) - C:\Program Files (x86)\Disk Speedup\DSUDefragSrv64.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) . (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe ~ Services: 9 Legitimates Filtered in 00mn 05s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\Windows\Tasks\RegClean Pro_DEFAULT.job [288] O39 - APT:Automatic Planified Task - C:\Windows\Tasks\RegClean Pro_UPDATES.job [296] [MD5.00000000000000000000000000000000] [APT] [4830] (...) -- C:\Users\Utilisateur\AppData\Local\Temp\launchie.vbs \\B (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [Ad-Aware Update (Weekly)] (...) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe (.not file.) [0] [MD5.FA0F8558CBF4A4C1175F5BC1824CD253] [APT] [Express FilesUpdate] (.http://www.express-files.com/.) -- C:\Program Files (x86)\ExpressFiles\EFUpdater.exe [200952] =>Adware.ExpressFiles [MD5.00000000000000000000000000000000] [APT] [Go for FilesUpdate] (...) -- C:\Program Files (x86)\GoforFiles\GFFUpdater.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [GoforFilesUpdate] (...) -- C:\Program Files (x86)\GoforFiles\GFFUpdater.exe (.not file.) [0] [MD5.177EC6C4172F9B1731E6E7903A78186D] [APT] [RegClean Pro_DEFAULT] (.Systweak Inc.) -- C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [7853064] [MD5.177EC6C4172F9B1731E6E7903A78186D] [APT] [RegClean Pro_UPDATES] (.Systweak Inc.) -- C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [7853064] [MD5.00000000000000000000000000000000] [APT] [YourFile DownloaderUpdate] (...) -- C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe (.not file.) [0] [MD5.83D5508D371CE8F9ACFA37B6B12D984D] [APT] [{3A7B5893-CAE7-4DD8-9847-13BA1F19C1A0}] (.Electronic Arts Inc..) -- C:\Users\Utilisateur\LOTR BFME\LOTRBFME1\setup.exe [110592] [MD5.00000000000000000000000000000000] [APT] [{6D2D50C4-C7AA-4D17-A7A8-D8602A4D67AD}] (...) -- C:\Users\Utilisateur\Downloads\MassEffect_BDtS_ES_a.exe (.not file.) [0] ~ Scheduled Task: 20 Legitimates Filtered in 00mn 10s ---\\ Logiciels installés (O42) O42 - Logiciel: Arx Fatalis - (.Arkane Studios.) [HKLM][64Bits] -- Steam App 1700 O42 - Logiciel: BrowseToSave 1.74 - (...) [HKLM][64Bits] -- SP_f2a323db O42 - Logiciel: Bruowse2saavee - (.BrowseToSave.) [HKLM][64Bits] -- {C3F3165C-74D3-6FDB-3274-14FDA8698CFA} O42 - Logiciel: Disk Speedup - (.Systweak INC..) [HKLM][64Bits] -- {FC7E771F-8170-4573-825D-EDB6723C804F}_is1 O42 - Logiciel: ExpressFiles - (.http://www.express-files.com/.) [HKCU][64Bits] -- ExpressFiles =>Adware.ExpressFiles O42 - Logiciel: PhoeniX WorX Client - (.PhoeniX WorX.) [HKLM][64Bits] -- {ADE4E72B-35C4-41DD-99B7-A30722FF01A4} O42 - Logiciel: RegClean Pro - (.Systweak Inc.) [HKLM][64Bits] -- RegClean Pro_is1 O42 - Logiciel: Searchqu Toolbar - (.Bandoo Media Inc.) [HKLM][64Bits] -- Searchqu Toolbar =>PUP.Datamngr O42 - Logiciel: VpnOneClick - (.VpnOneClick.) [HKCU][64Bits] -- 31dfee6c296bca85 ~ Logic: 156 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\5ae8ddcb369eb13] [HKCU\Software\AMPLITUDE Studios] [HKCU\Software\AppDataLow\SProtector] [HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider [HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong [HKCU\Software\Ascaron Entertainment] [HKCU\Software\BabylonToolbar] =>Toolbar.Babylon [HKCU\Software\Cr_Installer] [HKCU\Software\DataMngr] =>PUP.Datamngr [HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr [HKCU\Software\EA-LordOfTheRings] [HKCU\Software\FlyVPN] [HKCU\Software\GoforFiles] [HKCU\Software\IM] [HKCU\Software\ImInstaller] [HKCU\Software\Iminent] =>Adware.IMBooster [HKCU\Software\IncrediMail] [HKCU\Software\OfferBox] =>PUP.OfferBox [HKCU\Software\Smartbar] =>Hijacker.SmartBar [HKCU\Software\Softonic] [HKCU\Software\SweetIM] =>PUP.SweetIM [HKCU\Software\YourFileDownloader] [HKCU\Software\iLivid] =>Adware.Bandoo [HKLM\Software\DataMngr] =>PUP.Datamngr [HKLM\Software\DomaIQ] [HKLM\Software\IB Updater] [HKLM\Software\Tarma Installer] =>Toolbar.Tarma [HKLM\Software\Wow6432Node\5ae8ddcb369eb13] [HKLM\Software\Wow6432Node\Ascaron Entertainment] [HKLM\Software\Wow6432Node\Babylon] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Boxore] =>Adware.Boxore [HKLM\Software\Wow6432Node\DataMngr] =>PUP.Datamngr [HKLM\Software\Wow6432Node\ExpressFiles] =>Adware.ExpressFiles [HKLM\Software\Wow6432Node\GoforFiles] [HKLM\Software\Wow6432Node\IB Updater] [HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster [HKLM\Software\Wow6432Node\IncrediMail] [HKLM\Software\Wow6432Node\OfferBox] =>PUP.OfferBox [HKLM\Software\Wow6432Node\Phoenix Project] [HKLM\Software\Wow6432Node\SP Global] [HKLM\Software\Wow6432Node\SProtector] [HKLM\Software\Wow6432Node\SearchquMediabarTb] =>PUP.Datamngr [HKLM\Software\Wow6432Node\Supreme Savings] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM [HKLM\Software\Wow6432Node\YourFileDownloader] ~ Key Software: 320 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 22/03/2013 - 20:41:25 - [1,473] ----D C:\Program Files (x86)\BrowseToSave O43 - CFD: 23/04/2013 - 21:36:29 - [1928,678] ----D C:\Program Files (x86)\Dead Island Riptide O43 - CFD: 09/01/2013 - 22:08:08 - [27,290] ----D C:\Program Files (x86)\Disk Speedup O43 - CFD: 22/03/2013 - 18:55:49 - [8,182] ----D C:\Program Files (x86)\ExpressFiles =>Adware.ExpressFiles O43 - CFD: 05/10/2012 - 20:36:15 - [0,010] ----D C:\Program Files (x86)\Giant Savings =>Adware.VidSaver O43 - CFD: 13/07/2012 - 23:16:02 - [0,586] ----D C:\Program Files (x86)\Iceberg Interactive O43 - CFD: 15/01/2013 - 19:04:57 - [0] ----D C:\Program Files (x86)\Iminent =>Adware.IMBooster O43 - CFD: 15/02/2012 - 18:49:13 - [1779,689] ----D C:\Program Files (x86)\Kingdoms.of.Amalur O43 - CFD: 02/11/2012 - 17:31:42 - [0,268] ----D C:\Program Files (x86)\Perion O43 - CFD: 22/03/2013 - 23:59:50 - [5,737] ----D C:\Program Files (x86)\PhoeniX WorX O43 - CFD: 09/01/2013 - 21:55:55 - [15,178] ----D C:\Program Files (x86)\RegClean Pro O43 - CFD: 02/05/2012 - 23:23:31 - [18,281] ----D C:\Program Files (x86)\Robot Entertainment O43 - CFD: 08/04/2012 - 19:10:32 - [13,277] ----D C:\Program Files (x86)\Searchqu Toolbar =>PUP.Datamngr O43 - CFD: 05/09/2012 - 11:30:28 - [1833,841] ----D C:\Program Files (x86)\sleeping.dogs O43 - CFD: 02/05/2012 - 23:04:38 - [1075,739] ----D C:\Program Files (x86)\total annihilation O43 - CFD: 12/04/2013 - 13:53:33 - [1,163] ----D C:\Program Files (x86)\UseNeXT O43 - CFD: 15/01/2013 - 14:09:39 - [0] ----D C:\Program Files (x86)\Common Files\Umbrella O43 - CFD: 21/11/2012 - 20:25:43 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon O43 - CFD: 08/04/2012 - 19:10:25 - [0,000] ----D C:\ProgramData\boost_interprocess O43 - CFD: 22/03/2013 - 20:41:35 - [0,265] ----D C:\ProgramData\Bruowse2saavee O43 - CFD: 04/01/2013 - 19:06:59 - [0] ----D C:\ProgramData\eMule O43 - CFD: 06/03/2013 - 18:05:39 - [0,001] ----D C:\ProgramData\FlyVPN O43 - CFD: 18/10/2012 - 11:52:43 - [0,008] ----D C:\ProgramData\IBUpdaterService =>Adware.InstallBrain O43 - CFD: 22/03/2013 - 20:41:35 - [1,489] ----D C:\ProgramData\InstallMate O43 - CFD: 24/04/2013 - 17:56:28 - [0] -SH-D C:\ProgramData\RazorU0 O43 - CFD: 22/03/2013 - 20:54:39 - [1,195] ----D C:\ProgramData\Tarma Installer =>Toolbar.Tarma O43 - CFD: 21/11/2012 - 20:25:43 - [0,059] ----D C:\Users\Utilisateur\AppData\Roaming\Babylon =>Toolbar.Babylon O43 - CFD: 24/12/2012 - 14:14:25 - [0,008] ----D C:\Users\Utilisateur\AppData\Roaming\ExpressFiles =>Adware.ExpressFiles O43 - CFD: 05/01/2013 - 18:24:03 - [0,008] ----D C:\Users\Utilisateur\AppData\Roaming\GoforFiles O43 - CFD: 07/09/2011 - 16:36:42 - [0,000] ----D C:\Users\Utilisateur\AppData\Roaming\OfferBox =>PUP.OfferBox O43 - CFD: 10/12/2011 - 11:47:41 - [0] ----D C:\Users\Utilisateur\AppData\Roaming\OpenCandy =>Adware.OpenCandy O43 - CFD: 24/04/2013 - 00:00:46 - [0,121] ----D C:\Users\Utilisateur\AppData\Roaming\StarTrekPC O43 - CFD: 02/09/2011 - 01:03:45 - [0,027] ----D C:\Users\Utilisateur\AppData\Roaming\Tropico 4 Demo O43 - CFD: 12/04/2013 - 13:53:33 - [0] ----D C:\Users\Utilisateur\AppData\Roaming\UseNeXT O43 - CFD: 20/02/2013 - 12:32:13 - [0] ----D C:\Users\Utilisateur\AppData\Roaming\uTorrent O43 - CFD: 05/03/2013 - 18:27:53 - [0] ----D C:\Users\Utilisateur\AppData\Roaming\YourFileDownloader O43 - CFD: 18/10/2011 - 20:05:49 - [0,001] ----D C:\Users\Utilisateur\AppData\Local\201280 O43 - CFD: 26/08/2011 - 00:25:27 - [0,001] ----D C:\Users\Utilisateur\AppData\Local\28050 O43 - CFD: 01/09/2011 - 19:47:39 - [0,078] ----D C:\Users\Utilisateur\AppData\Local\AirVideoServer O43 - CFD: 03/09/2011 - 17:57:21 - [0] ----D C:\Users\Utilisateur\AppData\Local\Ascaron Entertainment O43 - CFD: 05/10/2012 - 20:14:00 - [0,038] ----D C:\Users\Utilisateur\AppData\Local\Giant Savings =>Adware.VidSaver O43 - CFD: 08/04/2012 - 19:11:00 - [0,014] ----D C:\Users\Utilisateur\AppData\Local\Ilivid Player =>Adware.Bandoo O43 - CFD: 23/11/2012 - 19:33:15 - [0,001] ----D C:\Users\Utilisateur\AppData\Local\PutLockerDownloader =>Spyware.PutLocker O43 - CFD: 22/04/2013 - 23:54:01 - [0] ----D C:\Users\Utilisateur\AppData\Local\Supreme Savings =>PUP.RewardsArcade O43 - CFD: 23/11/2012 - 19:33:10 - [0,002] ----D C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PutLockerDownloader.com =>Spyware.PutLocker O43 - CFD: 02/11/2012 - 17:30:57 - [0,002] ----D C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com =>Hijacker.TornTV O43 - CFD: 04/03/2013 - 22:06:11 - [0,000] ----D C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VpnOneClick ~ 182 Dossiers CLSID vides (CLSID Empty Folders) ~ Program Folder: 521 Legitimates Filtered in 03mn 24s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.C0635413B904EE0B8980008C2B693953] - 27/04/2013 - 17:59:39 --HA- . (...) -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [27168] O44 - LFC:[MD5.C0635413B904EE0B8980008C2B693953] - 27/04/2013 - 17:59:39 --HA- . (...) -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [27168] O44 - LFC:[MD5.C0635413B904EE0B8980008C2B693953] - 27/04/2013 - 17:59:39 RSHAD . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [27168] O44 - LFC:[MD5.C0635413B904EE0B8980008C2B693953] - 27/04/2013 - 17:59:39 RSHAD . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [27168] ~ Files: 43 Legitimates Filtered in 00mn 06s ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.D8266AC091812199AC9D39F0EC0244AD] - 26/04/2013 - 21:54:40 ---A- - C:\Windows\Prefetch\USENET.NL.EXE-AC45ABA1.pf O45 - LFCP:[MD5.0698DD4786B6DC6F336ABBCCC5628D2A] - 27/04/2013 - 12:54:39 ---A- - C:\Windows\Prefetch\64BITMAPIBROKER.EXE-B72343BA.pf O45 - LFCP:[MD5.6D331009DDF1048831AF6D6B06F94904] - 27/04/2013 - 15:25:22 ---A- - C:\Windows\Prefetch\DMC-DEVILMAYCRY.EXE-D5A0EC48.pf ~ Prefetcher: 103 Legitimates Filtered in 00mn 00s ---\\ MountPoints2 Shell Key (O51) O51 - MPSK:{1d6e0f0f-a62f-11e0-a7fe-f46d0411dd7a}\AutoRun\command. (...) -- I:\WD SmartWare.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ ShareTools MSconfig StartupReg (O53) O53 - SMSR:HKLM\...\startupreg\Kujytuo [Key] . (...) -- C:\Users\Utilisateur\AppData\Roaming\kujytuo.exe O53 - SMSR:HKLM\...\startupreg\MobileDocuments [Key] . (...) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (.not file.) ~ SMSR Keys: 6 Legitimates Filtered in 00mn 00s ---\\ Microsoft Windows Policies System (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 18 Legitimates Filtered in 00mn 00s ---\\ Microsoft Windows Policies Explorer (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [491088] O58 - SDL:[MD5.19166026A93206F9C6A8CD3A1F010AE4] - 02/04/2009 - 13:30:14 ---A- . (...) -- C:\Windows\SysWOW64\drivers\ASUSHWIO.SYS [10296] O58 - SDL:[MD5.0FFE35F0B0CD5A324BBE22F02569AE3B] - 29/12/2012 - 21:59:38 ---A- . (.Almico Software - SpeedFan x64 Driver.) -- C:\Windows\SysWOW64\speedfan.sys [28664] ~ Drivers: Scanned in 00mn 00s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 24/04/2013 - 19:56:08 ---A- C:\Users\Utilisateur\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\French_rcp.dat [50450] O61 - LFC: 25/04/2013 - 12:23:03 ---A- C:\Users\Utilisateur\Documents\Usenet.nl\alt.binaries.teevee\greys.anatomy.921.hdtv-lol\Greys Anatomy - 09x21 - Sleeping Monster.LOL.French.C.updated.Addic7ed.com.mp4 [214040111] O61 - LFC: 26/04/2013 - 21:54:27 ---A- C:\Users\Utilisateur\Documents\Usenet.nl\alt.binaries.teevee\greys.anatomy.921.hdtv-lol\Greys Anatomy - 09x21 - Sleeping Monster.LOL.French.C.updated.Addic7ed.com.srt [68085] O61 - LFC: 26/04/2013 - 21:54:33 ---A- C:\Users\Utilisateur\AppData\Roaming\Usenet.nl\port.dat [5] O61 - LFC: 26/04/2013 - 21:59:09 ---A- C:\Users\Utilisateur\AppData\Roaming\Usenet.nl\articlestatus.dat [73250] O61 - LFC: 26/04/2013 - 21:59:09 ---A- C:\Users\Utilisateur\AppData\Roaming\Usenet.nl\articlestatus.dat.bak [73250] O61 - LFC: 26/04/2013 - 22:22:43 ---A- C:\Users\Utilisateur\AppData\Roaming\Usenet.nl\config.dat [1110] O61 - LFC: 26/04/2013 - 22:22:43 ---A- C:\Users\Utilisateur\AppData\Roaming\Usenet.nl\config.dat.bak [1110] O61 - LFC: 26/04/2013 - 22:22:43 ---A- C:\Users\Utilisateur\AppData\Roaming\Usenet.nl\downloadqueue.dat [11] O61 - LFC: 26/04/2013 - 22:22:43 ---A- C:\Users\Utilisateur\AppData\Roaming\Usenet.nl\downloadqueue.dat.bak [11] O61 - LFC: 26/04/2013 - 22:22:43 ---A- C:\Users\Utilisateur\AppData\Roaming\Usenet.nl\log.txt [88864] O61 - LFC: 26/04/2013 - 22:22:43 ---A- C:\Users\Utilisateur\AppData\Roaming\Usenet.nl\subscribed.dat [15] O61 - LFC: 26/04/2013 - 22:22:43 ---A- C:\Users\Utilisateur\AppData\Roaming\Usenet.nl\subscribed.dat.bak [15] O61 - LFC: 26/04/2013 - 22:22:43 ---A- C:\Users\Utilisateur\AppData\Roaming\Usenet.nl\wizard.dat [11] O61 - LFC: 26/04/2013 - 22:22:43 ---A- C:\Users\Utilisateur\AppData\Roaming\Usenet.nl\wizard.dat.bak [11] O61 - LFC: 27/04/2013 - 15:35:04 ---A- C:\Users\Utilisateur\AppData\Local\Resmon.ResmonCfg [7653] ~ 15 Fichiers temporaires (Temporary files) ~ 1 Fichiers cookies (Cookies files) ~ Files: 37 Legitimates Filtered in 29mn 57s ---\\ Alternate Data Stream File (O62) O62 - ADS:Alternate Data Stream File - C:\Windows\System32\D3DCompiler_43.dll:Zone.Identifier ~ ADS: Scanned in 02mn 45s ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ ADS: Scanned in 00mn 00s ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.html> [HKCR\..\open\Command] (.Not Key.) ~ FASS Keys: 19 Legitimates Filtered in 00mn 00s ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (O69) O69 - SBI: SearchScopes [HKCU] {006ee092-9658-4fd6-bd8e-a21a348e59f5} [DefaultScope] - (Web Search) - http://feed.snap.do =>Hijacker.SmartBar O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Delta Search) - http://www1.delta-search.com =>Toolbar.DeltaSearch ~ Keys: Scanned in 00mn 00s ---\\ Recherche particuliere à la racine de certains dossiers (O84) [MD5.659C6C75BC33EB082D190F7EC3D7DC88] [SPRF][27/04/2013] (.Ufasoft - bitcoin-miner.) -- C:\ProgramData\adobeUpdate.exe [1189888] [MD5.C86F260A14CB449D684E1FB44680CC08] [SPRF][05/07/2011] (...) -- C:\Users\Utilisateur\AppData\Local\fusioncache.dat [99] [MD5.B28C334C03CEE7C5E829C43AE75DAE5A] [SPRF][28/01/2013] (.Ask.com - AskIC Dynamic Link Library.) -- C:\Users\Utilisateur\AppData\Local\Temp\AskSLib.dll [248008] [MD5.FC1F33785FB9C61EC8409B47DE71B1BB] [SPRF][22/04/2013] (...) -- C:\Users\Utilisateur\AppData\Local\Temp\DNS.exe [1027609] [MD5.BE498A2CE7BD158A77AB32AE658F4035] [SPRF][24/04/2013] (...) -- C:\Users\Utilisateur\AppData\Local\Temp\hemxccaptft.exe [136704] [MD5.6C137D2BEF3CDD43F3AE2FD6705B9FED] [SPRF][05/04/2013] (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Users\Utilisateur\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe [904104] [MD5.2A6513A037892AA8929F94CFDA5DC982] [SPRF][18/01/2013] (.NVIDIA Corporation - Stereoscpic 3D driver Installer API.) -- C:\Users\Utilisateur\AppData\Local\Temp\nvStInst.exe [709920] [MD5.7E7EB7AFF595774E5E500B34058CC1A7] [SPRF][26/04/2013] (...) -- C:\Users\Utilisateur\AppData\Local\Temp\sfamcc00001.dll [192512] [MD5.7E7EB7AFF595774E5E500B34058CC1A7] [SPRF][25/04/2013] (...) -- C:\Users\Utilisateur\AppData\Local\Temp\sfamcc00002.dll [192512] [MD5.F0E142B1EF4006222863D4E4A0B952B7] [SPRF][16/12/2012] (...) -- C:\Users\Utilisateur\AppData\Local\Temp\sfextra.dll [55296] [MD5.3C6C79F8A875D11D920EAF0F63EDC1A5] [SPRF][17/04/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\Utilisateur\AppData\Local\Temp\uninst1.exe [394312] =>Toolbar.Babylon [MD5.7B7761D6B38CEA5F0C19748AB63B1B39] [SPRF][17/02/2012] (...) -- C:\Users\Utilisateur\AppData\Roaming\kujytuo.exe [391520] [MD5.C071D33BE76F7300125EB8562A2471CC] [SPRF][27/04/2013] (.Nicolas Coolman - ZHPDiag.) -- C:\Users\Utilisateur\Desktop\ZHPDiag2.exe [5609364] [MD5.F1CD64DD3702BDCDFB0531BB21C6BEFC] [SPRF][21/06/2011] (.Adobe Systems, Inc. - Adobe® Flash® Player Installer/Uninstaller 10.3 r181.) -- C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe [3123872] ~ Files: Scanned in 00mn 02s ---\\ Firewall Active Exception List (FirewallRules) (O87) O87 - FAEL: "TCP Query User{5A546054-988F-4C51-9DE7-7C2CC96EABC1}C:\program files (x86)\dragon age\bin_ship\eacoreserver.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\dragon age\bin_ship\eacoreserver.exe (.not file.) O87 - FAEL: "UDP Query User{69FA6C6F-288B-4C5D-9DEE-6D47A09EEC0D}C:\program files (x86)\dragon age\bin_ship\eacoreserver.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\dragon age\bin_ship\eacoreserver.exe (.not file.) O87 - FAEL: "{9F957A78-F7AC-45A1-A923-4075763F72B6}" |In - Private - P6 - TRUE | .(...) -- C:\Windows\System32\dmwu.exe (.not file.) O87 - FAEL: "{5795378C-4F94-409F-A8CD-1458DC52B972}" |In - Private - P17 - TRUE | .(...) -- C:\Windows\System32\dmwu.exe (.not file.) O87 - FAEL: "{A9F777B9-0C5C-4200-882E-62574B121B11}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\GoforFiles\goforfilesdl.exe (.not file.) O87 - FAEL: "{DEA6AD47-4AE4-4451-87A7-2BC000EAD53A}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\GoforFiles\goforfilesdl.exe (.not file.) O87 - FAEL: "{9B178250-C256-4B4A-9705-1783CA9DF8C4}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\GoforFiles\GoforFiles.exe (.not file.) O87 - FAEL: "{F3A38F4B-EC6A-481E-9E1B-C212F34B2D32}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\GoforFiles\GoforFiles.exe (.not file.) O87 - FAEL: "{BD485C53-B467-48C9-BC5D-14D20FF1F119}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\YourFileDownloader\Downloader.exe (.not file.) O87 - FAEL: "{591F2400-6CE3-4F75-B602-81B067027ECD}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\YourFileDownloader\Downloader.exe (.not file.) O87 - FAEL: "{DD63BA03-5418-4D33-BA64-133E5D4BF8EE}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\YourFileDownloader\YourFile.exe (.not file.) O87 - FAEL: "{D9A9CEE6-8493-4042-B218-212DEABCE665}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\YourFileDownloader\YourFile.exe (.not file.) O87 - FAEL: "{E9A1A133-98F4-49E6-984C-80C55F34D457}" | In - Private - P6 - TRUE | .(.http://www.express-files.com/ - ExpressDL Application.) -- C:\Program Files (x86)\ExpressFiles\expressdl.exe =>Adware.ExpressFiles O87 - FAEL: "{34B4DDAA-79B6-4401-89D0-352ED48AAB85}" | In - Private - P17 - TRUE | .(.http://www.express-files.com/ - ExpressDL Application.) -- C:\Program Files (x86)\ExpressFiles\expressdl.exe =>Adware.ExpressFiles O87 - FAEL: "{B52DD7E1-3D89-47D3-B50A-F93BC993BCB3}" | In - Private - P6 - TRUE | .(.http://www.express-files.com/ - ExpressFiles Application.) -- C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe =>Adware.ExpressFiles O87 - FAEL: "{C8010BAB-7F26-49A2-8E44-C65737C5F147}" | In - Private - P17 - TRUE | .(.http://www.express-files.com/ - ExpressFiles Application.) -- C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe =>Adware.ExpressFiles O87 - FAEL: "{01A499AC-721E-4FD9-B629-0C0E8303EF47}" |In - Private - P6 - TRUE | .(...) -- C:\Users\Utilisateur\AppData\Local\Temp\7zS164F.tmp\SymNRT.exe (.not file.) O87 - FAEL: "{52E6B8D9-169F-4D9C-A33F-961D8C1D051C}" |In - Private - P17 - TRUE | .(...) -- C:\Users\Utilisateur\AppData\Local\Temp\7zS164F.tmp\SymNRT.exe (.not file.) O87 - FAEL: "{81A169D8-5030-4B54-BD05-5695DCAED056}" |In - Private - P6 - TRUE | .(...) -- C:\Users\Utilisateur\AppData\Local\Temp\7zS1515.tmp\SymNRT.exe (.not file.) O87 - FAEL: "{97CE2841-1CA2-4C7D-A4B5-CBE6448FF956}" |In - Private - P17 - TRUE | .(...) -- C:\Users\Utilisateur\AppData\Local\Temp\7zS1515.tmp\SymNRT.exe (.not file.) O87 - FAEL: "TCP Query User{4667837B-6214-4369-A0EB-2568D110994A}C:\users\utilisateur\desktop\dead island\98794212-ddir1p\98794212-ddir1p\deadislandgame_x86_rwdi.exe" |In - Private - P6 - TRUE | .(...) -- C:\users\utilisateur\desktop\dead island\98794212-ddir1p\98794212-ddir1p\deadislandgame_x86_rwdi.exe (.not file.) O87 - FAEL: "UDP Query User{7CBA6A62-07DB-4FE0-A139-1BDA0C6D137B}C:\users\utilisateur\desktop\dead island\98794212-ddir1p\98794212-ddir1p\deadislandgame_x86_rwdi.exe" |In - Private - P17 - TRUE | .(...) -- C:\users\utilisateur\desktop\dead island\98794212-ddir1p\98794212-ddir1p\deadislandgame_x86_rwdi.exe (.not file.) ~ Firewall: 362 Legitimates Filtered in 00mn 14s ---\\ Scan Additionnel (O88) Database Version : v2.11719 - (26/04/2013) Clés trouvées (Keys found) : 250 Valeurs trouvées (Values found) : 2 Dossiers trouvés (Folders found) : 26 Fichiers trouvés (Files found) : 2 [HKLM\Software\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}] =>PUP.Funmoods [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}] =>Hijacker.SmartBar [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}] =>Hijacker.SmartBar [HKLM\Software\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}] =>Adware.IMBooster [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}] =>Adware.Yontoo [HKLM\Software\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}] =>Adware.Yontoo [HKLM\Software\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011501160}] =>PUP.SpecialSavings [HKLM\Software\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}] =>Adware.IncrediBar [HKLM\Software\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}] =>Adware.IncrediBar [HKLM\Software\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}] =>Adware.IncrediBar [HKLM\Software\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade [HKLM\Software\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}] =>Adware.Bandoo [HKLM\Software\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}] =>Adware.IncrediBar [HKLM\Software\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}] =>PUP.RewardsArcade [HKLM\Software\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}] =>Adware.Bandoo [HKLM\Software\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}] =>Adware.Agent [HKLM\Software\Wow6432Node\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}] =>Adware.Agent [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] =>Adware.SocialSkinz [HKLM\Software\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}] =>Adware.IMBooster [HKLM\Software\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Microsoft\Tracing\SnapDo_RASAPI32] =>Hijacker.SmartBar [HKLM\Software\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}] =>Adware.IncrediBar [HKLM\Software\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}] =>PUP.RewardsArcade [HKLM\Software\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}] =>Adware.Bandoo [HKLM\Software\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}] =>Toolbar.Babylon [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}] =>Adware.Bandoo [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Microsoft\Tracing\SnapDo_RASMANCS] =>Hijacker.SmartBar [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] =>Adware.Bandoo [HKLM\Software\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}] =>PUP.RewardsArcade [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}] =>Adware.Bandoo [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}] =>Adware.Bandoo [HKLM\Software\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}] =>Adware.Bandoo [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}] =>Adware.Bandoo [HKLM\Software\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}] =>Toolbar.Expresso [HKLM\Software\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}] =>Adware.Bandoo [HKLM\Software\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}] =>Adware.IncrediBar [HKLM\Software\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}] =>Adware.IncrediBar [HKLM\Software\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}] =>Adware.IncrediBar [HKLM\Software\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}] =>Adware.Bandoo [HKLM\Software\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}] =>PUP.RewardsArcade [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113}] =>Adware.Agent [HKLM\Software\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}] =>Adware.Agent [HKLM\Software\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper [HKLM\Software\Wow6432Node\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper [HKLM\Software\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}] =>Adware.IncrediBar [HKLM\Software\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}] =>PUP.RewardsArcade [HKLM\Software\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}] =>Adware.Bandoo [HKLM\Software\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}] =>Adware.IncrediBar [HKLM\Software\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}] =>Adware.IncrediBar [HKLM\Software\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}] =>PUP.RewardsArcade [HKLM\Software\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}] =>Adware.Bandoo [HKLM\Software\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}] =>PUP.RewardsArcade [HKLM\Software\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}] =>PUP.RewardsArcade [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] =>Adware.Yontoo [HKLM\Software\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}] =>Adware.IncrediBar [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}] =>Toolbar.Agent [HKLM\Software\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade [HKLM\Software\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}] =>Adware.Bandoo [HKLM\Software\Classes\AppID\BrowserConnection.dll] =>Adware.Bandoo [HKLM\Software\Classes\AppID\DNSBHO.dll] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Microsoft\Tracing\YourFile_RASAPI32] =>PUP.YourFileDownloader [HKLM\Software\Wow6432Node\Microsoft\Tracing\YourFileUpdater_RASAPI32] =>PUP.YourFileDownloader [HKLM\Software\Classes\BrowserConnection.Loader] =>Adware.Bandoo [HKLM\Software\Classes\BrowserConnection.Loader.1] =>Adware.Bandoo [HKLM\Software\Classes\DnsBHO.BHO] =>Adware.Bandoo [HKLM\Software\Classes\DnsBHO.BHO.1] =>Adware.Bandoo [HKLM\Software\Classes\SearchQUIEHelper.DNSGuard] =>Adware.Bandoo [HKLM\Software\Classes\SearchQUIEHelper.DNSGuard.1] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Microsoft\Tracing\YourFileUpdater_RASMANCS] =>PUP.YourFileDownloader [HKLM\Software\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd] =>Adware.IncrediBar [HKLM\Software\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd] =>Adware.IncrediBar [HKLM\Software\Wow6432Node\Google\Chrome\Extensions\niogeckbkdcabhnapjbkeiklablhjoca] =>Adware.IncrediBar [HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader [HKCU\Software\BabylonToolbar] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Boxore] =>Adware.Boxore [HKCU\Software\Cr_Installer] =>Adware.VidSaver [HKCU\Software\DataMngr] =>Adware.Bandoo [HKLM\Software\DataMngr] =>Adware.Bandoo [HKLM\Software\Wow6432Node\DataMngr] =>Adware.Bandoo [HKCU\Software\ilivid] =>Adware.Bandoo [HKCU\Software\Iminent] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster [HKCU\Software\OfferBox] =>PUP.OfferBox [HKLM\Software\Wow6432Node\OfferBox] =>PUP.OfferBox [HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong [HKLM\Software\Wow6432Node\SearchquMediabarTb] =>Adware.Bandoo [HKCU\Software\Softonic] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\SP Global] =>PUP.AdvancedSystemProtector [HKCU\Software\AppDataLow\SProtector] =>PUP.AdvancedSystemProtector [HKLM\Software\Wow6432Node\SProtector] =>PUP.AdvancedSystemProtector [HKCU\Software\SweetIM] =>PUP.SweetIM [HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM [HKLM\Software\Tarma Installer] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Microsoft\Tracing\Babylon_RASAPI32] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Microsoft\Tracing\Babylon_RASMANCS] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Microsoft\Tracing\Iminent_RASAPI32] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Microsoft\Tracing\Iminent_RASMANCS] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Microsoft\Tracing\IncredibarToolbar_RASAPI32] =>Adware.IncrediBar [HKLM\Software\Wow6432Node\Microsoft\Tracing\IncredibarToolbar_RASMANCS] =>Adware.IncrediBar [HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASAPI32] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASMANCS] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Microsoft\Tracing\SearchquMediaBar_RASAPI32] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Microsoft\Tracing\SearchquMediaBar_RASMANCS] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS] =>Adware.Bandoo [HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Microsoft\Tracing\offerbox_RASAPI32] =>PUP.OfferBox [HKLM\Software\Wow6432Node\Microsoft\Tracing\offerbox_RASMANCS] =>PUP.OfferBox [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}] =>Toolbar.Agent [HKLM\Software\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}] =>Adware.Agent [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>Toolbar.Agent [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>Toolbar.Agent [HKCU\AppEvents\Schemes\Apps\Explorer\Navigating\Old_Current] =>PUP.MediaFinder [HKLM\Software\Classes\Interface\{B7EA2226-F876-4BE4-B478-76EBAE2A668A}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}] =>Adware.Browse2Save [HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch [HKLM\Software\Wow6432Node\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch [HKLM\Software\Wow6432Node\Microsoft\Tracing\Savings Sidekick_RASAPI32] =>PUP.SavingsSidekick [HKLM\Software\Wow6432Node\Microsoft\Tracing\Savings Sidekick_RASMANCS] =>PUP.SavingsSidekick [HKLM\Software\Classes\PutLockerDownloader] =>Spyware.PutLocker [HKLM\Software\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}] =>Adware.MagniPic [HKLM\Software\Wow6432Node\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}] =>Adware.MagniPic [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SP_f2a323db] =>Adware.Browse2Save [HKLM\Software\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}] =>Toolbar.Conduit [HKLM\Software\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}] =>Toolbar.Babylon [HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider [HKLM\Software\Classes\Toolbar.CT2851639] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Classes\SearchQUIEHelper.DNSGuard] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Classes\SearchQUIEHelper.DNSGuard.1] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Classes\Toolbar.CT2851639] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111991162}] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111991162}] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110111991162}] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31111111-1111-1111-1111-110111991162}] =>PUP.CrossRider [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^ [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar]:{99079A25-328F-4BD4-BE04-00955ACAA0A7} =>Adware.Bandoo [HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Adware.AskSBAR C:\Program Files (x86)\Giant Savings =>Adware.VidSaver C:\Program Files (x86)\Iminent =>Adware.IMBooster C:\Program Files (x86)\Searchqu Toolbar =>Adware.Bandoo C:\Program Files (x86)\BrowseToSave =>Adware.Browse2Save C:\Program Files (x86)\Software =>Adware.Boxore C:\Program Files (x86)\RegClean Pro =>Rogue.RegistryPowerCleaner C:\Program Files (x86)\Common Files\Umbrella =>Adware.IMBooster C:\ProgramData\Babylon =>Toolbar.Babylon C:\ProgramData\IBUpdaterService =>Adware.IncrediBar C:\ProgramData\InstallMate =>Toolbar.Agent C:\ProgramData\Software =>Adware.Boxore C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro =>Rogue.RegistryPowerCleaner C:\Users\Utilisateur\AppData\Roaming\yourfiledownloader =>PUP.YourFileDownloader C:\Users\Utilisateur\AppData\Roaming\Babylon =>Toolbar.Babylon C:\Users\Utilisateur\AppData\Roaming\OfferBox =>PUP.OfferBox C:\Users\Utilisateur\AppData\Roaming\OpenCandy =>Adware.OpenCandy C:\Users\Utilisateur\AppData\Local\Giant Savings =>Adware.VidSaver C:\Users\Utilisateur\AppData\Local\Software =>Adware.Boxore C:\Users\Utilisateur\AppData\Local\Supreme Savings =>PUP.RewardsArcade C:\Users\Utilisateur\AppData\Local\PutLockerDownloader =>Spyware.PutLocker C:\Users\Utilisateur\AppData\LocalLow\BabylonToolbar =>Toolbar.Babylon C:\Users\Utilisateur\AppData\LocalLow\Conduit =>Toolbar.Conduit C:\Users\Utilisateur\AppData\LocalLow\Incredibar.com =>Adware.IncrediBar C:\Users\Utilisateur\AppData\LocalLow\PriceGong =>Adware.PriceGong C:\Users\Utilisateur\AppData\LocalLow\searchqutoolbar =>Adware.Bandoo C:\ProgramData\Bruowse2saavee =>Adware.Browse2Save^ C:\Users\Utilisateur\AppData\Local\Temp\uninst1.exe =>Toolbar.Babylon ~ Additionnel Scan: 310818 Items scanned in 00mn 12s ---\\ Random Export Key (O91) [HKCU\Software\5ae8ddcb369eb13\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.5.911.18]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" [HKCU\Software\5ae8ddcb369eb13\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.5.911.18]:version="2.5.911.18" [HKCU\Software\5ae8ddcb369eb13\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" [HKCU\Software\5ae8ddcb369eb13\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:version="2.6.1095.52" [HKCU\Software\5ae8ddcb369eb13] =>Toolbar.Babylon^ [HKLM\Software\Wow6432Node\5ae8ddcb369eb13] => Clé orpheline ~ Export Key Software: Scanned in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Disabled 18/12/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe SR - | Auto 25/02/2013 86752 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe SR - | Auto 25/02/2013 110816 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe SR - | Auto 21/12/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SR - | Auto 14/12/2012 692160 | (DSUDiskOptimizer) . (.Systweak Inc., (www.systweak.com).) - C:\Program Files (x86)\Disk Speedup\DSUDefragSrv64.exe SS - | Demand 03/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe SS - | Demand 20/02/2013 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SR - | Auto 15/03/2013 877856 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe SR - | Auto 15/03/2013 1266464 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe SR - | Auto 0 | (PnkBstrA) . (...) - C:\Windows\system32\PnkBstrA.exe SS - | Demand 16/03/2011 407336 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe SR - | Auto 14/03/2013 383264 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Demand 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 04s ---\\ Recherche Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net ~ MBR: 1 Legitimates Filtered in 00mn 02s ---\\ Recherche Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by Utilisateur at 27/04/2013 19:38:27 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 04s ~ 1832 Legitimates filtered by white list End of the scan (920 lines in 43mn 59s)(0)