Rapport de ZHPDiag v2013.4.22.135 par Nicolas Coolman, Update du 22/04/2013 Run by CHARLOTTE ROY at 23/04/2013 14:44:13 State : WhiteList : Enable High Elevated Privileges : OK UAC : Activate by user ---\\ Web Browser MSIE: Internet Explorer v9.0.8112.16421 (Defaut) ---\\ Windows Product Information ~ Langage: Français Windows Vista Home Premium Edition, 64-bit Service Pack 2 (Build 6002) Windows Server License Manager Script : OK ~ Vista, OEM_SLP channel System Locked Preinstallation (OEM_SLP) : OK Windows ID Activation : OK ~ Windows Partial Key : WQD8Q Windows License : OK Windows Automatic Updates : OK ---\\ System Protection AVG 2012 v12.1.2241 Spybot - Search & Destroy v2.0.12 ---\\ System Optimizer CCleaner v2.30 ---\\ Software Update Adobe Flash Player 11 Plugin Adobe Reader X Java 7 Update 17 ---\\ System Information ~ Processor: Intel64 Family 6 Model 23 Stepping 7, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 4094 MB (39% free) System Restore: Activé (Enable) System drive C: has 219 GB (48%) free of 452 GB ---\\ Logged in mode ~ Computer Name: PC-DE-CHARLOTTE ~ User Name: CHARLOTTE ROY ~ All Users Names: UpdatusUser, CHARLOTTE ROY, ASPNET, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Users\CHARLOTTE ROY\AppData\Roaming\ ~ %Desktop% : C:\Users\CHARLOTTE ROY\Desktop\ ~ %Favorites% : C:\Users\CHARLOTTE ROY\Favorites\ ~ %LocalAppData% : C:\Users\CHARLOTTE ROY\AppData\Local\ ~ %StartMenu% : C:\Users\CHARLOTTE ROY\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 219 Go of 452 Go) D:\ Hard drive, Flash drive, Thumb drive (Free 1 Go of 14 Go) E:\ CD-ROM drive (Free 0 Go of 1 Go) F:\ Hard drive, Flash drive, Thumb drive (Free 46 Go of 233 Go) H:\ Hard drive, Flash drive, Thumb drive (Free 907 Go of 1863 Go) I:\ Floppy drive, Flash card reader, USB Key (Not Inserted) J:\ Floppy drive, Flash card reader, USB Key (Not Inserted) K:\ Floppy drive, Flash card reader, USB Key (Not Inserted) L:\ Floppy drive, Flash card reader, USB Key (Not Inserted) M:\ Hard drive, Flash drive, Thumb drive (Free 152 Go of 466 Go) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableRegistryTools: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyComputer: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date ~ Security Center: Scanned in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.6B08E54A451B3F95E4109DBA7E594270] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 08:10:17.) -- C:\Windows\Explorer.exe [3079168] [MD5.117EA87DF785CA1B9D821F6F213DCE07] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 - 03:50:23.) -- C:\Windows\System32\Wininit.exe [123904] [MD5.3D165C53E40236A68B7102D1A622D4E0] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.24/08/2012 - 11:21:18.) -- C:\Windows\System32\wininet.dll [1392128] [MD5.6D0773A3A65D28B663F334C90441D01A] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 08:11:08.) -- C:\Windows\System32\Winlogon.exe [405504] [MD5.C4F6CE6087760AD70960C9EB130E7943] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.03/01/2012 - 15:25:21.) -- C:\Windows\system32\Drivers\AFD.sys [404992] [MD5.1898FAE8E07D97F2F6C2D5326C633FAC] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.21/01/2008 - 03:46:50.) -- C:\Windows\system32\Drivers\atapi.sys [22584] [MD5.B4D787DB8D30793A4D4DF9FEED18F136] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:50:39.) -- C:\Windows\system32\Drivers\Cdfs.sys [90624] [MD5.C025AA69BE3D0D25C7A2E746EF6F94FC] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 06:34:39.) -- C:\Windows\system32\Drivers\Cdrom.sys [79872] [MD5.8B722BA35205C71E7951CDC4CDBADE19] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 16:14:19.) -- C:\Windows\system32\Drivers\DfsC.sys [97792] [MD5.F942C5820205F2FB453243EDFEC82A3D] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 06:39:41.) -- C:\Windows\system32\Drivers\HDAudBus.sys [948736] [MD5.CBB597659A2713CE0C9CC20C88C7591F] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:46:59.) -- C:\Windows\system32\Drivers\i8042prt.sys [64000] [MD5.B7E6212F581EA5F6AB0C3A6CEEEB89BE] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:48:45.) -- C:\Windows\system32\Drivers\IpNat.sys [115712] [MD5.1485811B320FF8C7EDAD1CAEBB1C6C2B] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:39:34.) -- C:\Windows\system32\Drivers\MRxSmb.sys [135680] [MD5.FC2C792EBDDC8E28DF939D6A92C83D61] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 06:42:33.) -- C:\Windows\system32\Drivers\netBT.sys [248320] [MD5.BAC869DFB98E499BA4D9BB1FB43270E1] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.11/04/2009 - 08:15:34.) -- C:\Windows\system32\Drivers\ntfs.sys [1515496] [MD5.AECD57F94C887F58919F307C35498EA0] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 10:37:57.) -- C:\Windows\system32\Drivers\Parport.sys [96768] [MD5.AC7BC4D42A7E558718DFDEC599BBFC2C] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.11/04/2009 - 06:43:38.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928] [MD5.C045D1FB111C28DF0D1BE8D4BDA22C06] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/01/2008 - 03:46:51.) -- C:\Windows\system32\Drivers\rdpdr.sys [314368] [MD5.290B6F6A0EC4FCDFC90F5CB6D7020473] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 06:42:19.) -- C:\Windows\system32\Drivers\smb.sys [88064] [MD5.458919C8C42E398DC4802178D5FFEE27] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 06:43:00.) -- C:\Windows\system32\Drivers\tdx.sys [94720] [MD5.5280AADA24AB36B01A84A6424C475C8D] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.11/04/2009 - 08:15:45.) -- C:\Windows\system32\Drivers\volsnap.sys [269288] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 1/7 ~ Mes musiques (My Musics) : 127/567 ~ Mes Favoris (My Favorites) : 1/569 ~ Mes Documents (My Documents) : 1/3076 ~ Mon Bureau (My Desktop) : 1/24 ~ Menu demarrer (Programs) : 1/31 ~ Hidden Files: Scanned in 00mn 03s ---\\ Processus lancés [MD5.86825C57CFD7BABC8AB861AA0CFF5212] - (.bProtector - bProtector Engine.) -- C:\ProgramData\bProtector\bProtect.exe [773624] [PID.2244] [MD5.C156DE6EB37B6C5D6498DD87C23F3FA4] - (.SFR - Mediacenter Evolution.) -- C:\Program Files (x86)\SFR\Mediacenter Evolution\MediaCenter.exe [2688368] [PID.3604] [MD5.B24C99FDF29B2678738344A394279B09] - (.Logiciels13 - Agenda Informatique.) -- C:\Program Files (x86)\Pense-bete\pb79g.exe [2192896] [PID.4024] [MD5.371BA71B566260932DCCCF843BF6C7E7] - (.AVG Technologies CZ, s.r.o. - AVG Tray Monitor.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2598520] [PID.4900] [MD5.77F91DE9AE1E63D889E0B5D4ADBE6ECF] - (.Pas de propriétaire - VProtect Application.) -- C:\Program Files (x86)\AVG Secure Search\vprot.exe [1124016] [PID.4912] =>Toolbar.AVGSearch [MD5.12916E0642E92561C98B18A2A2D01B14] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848] [PID.4928] [MD5.B5A4EBA9487F08BECC843A87422B8052] - (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176] [PID.4936] [MD5.290769DDC05C7231FCFBFCD44C302621] - (.PC Help Soft - PC Cleaner Performance Monitor.) -- C:\Program Files (x86)\PC Cleaner\PCCReminder.exe [898360] [PID.4668] [MD5.5C543230B376A57A8690C7119423F146] - (.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe [264768] [PID.3600] [MD5.A854BC2D2AD9856F6B84C7870FF246D9] - (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe [706776] [PID.5320] [MD5.22CC6CDBA678790046693654C3B212E4] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe [748680] [PID.6388] [MD5.BAD663957F682F95B22C4E83AB49CB52] - (.Google Inc. - Google Toolbar Broker.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe [308368] [PID.7152] [MD5.771A5E7CF4C19F3DE5D36B19284F1FC6] - (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe [367168] [PID.7112] [MD5.858E13176C6332EC966E2299BDD870D0] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [6961664] [PID.8076] [MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\SysWOW64\conime.exe [69120] [PID.7492] [MD5.2C25A72B53B28034BE260D81C4EA4955] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [382312] [PID.932] [MD5.3927397AC60D943DAF8808AFFED582B7] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65192] [PID.2104] [MD5.6C469E3CB15CF33AD3E757096E6C7026] - (.AVG Technologies CZ, s.r.o. - AVG Firewall Service.) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2321560] [PID.2168] [MD5.EA1145DEBCD508FD25BD1E95C4346929] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [193288] [PID.2196] [MD5.73686FE0B2E0469F89FD2075BE724704] - (.Apple Computer, Inc. - Bonjour Service.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376] [PID.2232] [MD5.452DB84283EB2F043827AC95D62CE19C] - (.Safer-Networking Ltd. - Update.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [3487240] [PID.3068] [MD5.5B19DFC29A9563A5DA5CA559BED83AA8] - (.Intel Corporation - RAID Monitor.) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [354840] [PID.3012] [MD5.B1EF4686961986DFFB7FE8F18E6FCB5B] - (.Nalpeiron Ltd. - This service enables products that use the.) -- C:\Windows\SysWOW64\nlssrv32.exe [66560] [PID.2128] [MD5.543A4EF0923BF70D126625B034EF25AF] - (.Protexis Inc. - PsiService PsiService.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [189728] [PID.2704] [MD5.206387AB881E93A1A6EB89966C8651F1] - (.Safer-Networking Ltd. - Spybot-S&D 2 Scanner Service.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392] [PID.2492] [MD5.87C57CBE385E00726A2113614F6C6BD2] - (.Pas de propriétaire - ToolbarU Application.) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe [965296] [PID.3180] =>Toolbar.AVGSearch [MD5.CB63BDB77BB86549FC3303C2F11EDC18] - (.Safer-Networking Ltd. - Windows Security Center integration..) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384] [PID.3956] [MD5.231B6AD3DB2866BC3FDB9979E6B2B61E] - (.AVG Technologies CZ, s.r.o. - AVG Identity Protection Service.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [5174392] [PID.4076] [MD5.ABF9218BC7B87ED93C0B5DEAD9E2F7E9] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1258856] [PID.5308] ~ Processes Running: Scanned in 00mn 01s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\CHARLOTTE ROY\AppData\Local\Google\Chrome\User Data\Default\Preferences ~ Google Browser: Scanned in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\CHARLOTTE ROY\AppData\Roaming\Mozilla\Firefox\Profiles\3t415c5f.default\prefs.js C:\Users\CHARLOTTE ROY\AppData\Roaming\Mozilla\Firefox\Profiles\3t415c5f.default\user.js M3 - MFPP: Plugins - [CHARLOTTE ROY] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\avg-secure-search.xml M3 - MFPP: Plugins - [CHARLOTTE ROY] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\babylon.xml =>Toolbar.Babylon M3 - MFPP: Plugins - [CHARLOTTE ROY] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\mysearch.xml ~ Firefox Browser: 25 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmoods.com =>PUP.Funmoods R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmoods.com =>PUP.Funmoods R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do =>Hijacker.SmartBar R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do =>Hijacker.SmartBar R3 - URLSearchHook: (no name) [64Bits] - {249d74a3-bd19-4657-b6ce-e62f480a20de} . (.Microsoft Corporation - Navigateur Internet.) (No version) -- (.not file.) R3 - URLSearchHook: (no name) [64Bits] - {cfcb809c-3a22-4616-a916-6c007bd9d920} . (.Microsoft Corporation - Navigateur Internet.) (No version) -- (.not file.) R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2 ~ IE Browser: 16 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ Keys: Scanned in 00mn 00s ---\\ Redirection du fichier Hosts (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 22 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: AVG Do Not Track [64Bits] - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} . (.AVG Technologies CZ, s.r.o. - AVG Do Not Track for IE.) -- C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll ~ BHO: 4 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: (no name) [64Bits] - [HKLM]{32099AAC-C132-4136-9E9A-4E364A424E17} Clé orpheline O3 - Toolbar: (no name) [64Bits] - [HKLM]{ae07101b-46d4-4a98-af68-0333ea26e113} Clé orpheline O3 - Toolbar: Google Toolbar [64Bits] - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll ~ Toolbar: Scanned in 00mn 00s ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [IncrediMail] . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\bin\IncMail.exe O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MysticThumbs] . (.MysticCoder - MysticThumbs.) -- C:\Program Files\MysticCoder\MysticThumbs\MysticThumbs.exe O4 - HKCU\..\Run: [SFR Mediacenter] . (.SFR - Mediacenter Evolution.) -- C:\Program Files (x86)\SFR\Mediacenter Evolution\MediaCenter.exe O4 - HKCU\..\Run: [PC Cleaner] . (.PC Help Soft - Fix, clean, optimize your PC!.) -- C:\Program Files (x86)\PC Cleaner\PCCLauncher.exe O4 - HKLM\..\Wow6432Node\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (.not file.) O4 - HKLM\..\Wow6432Node\Run: [AdobeCS5ServiceManager] . (.Adobe Systems Incorporated - Adobe CS5 Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe O4 - HKLM\..\Wow6432Node\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Wow6432Node\Run: [AVG_TRAY] . (.AVG Technologies CZ, s.r.o. - AVG Tray Monitor.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe O4 - HKLM\..\Wow6432Node\Run: [vProt] . (.Pas de propriétaire - VProtect Application.) -- C:\Program Files (x86)\AVG Secure Search\vprot.exe =>Toolbar.AVGSearch O4 - HKLM\..\Wow6432Node\Run: [Tutorials] Clé orpheline O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe O4 - HKLM\..\Wow6432Node\Run: [SDTray] . (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll O4 - HKUS\S-1-5-21-226999641-4124606770-2154794069-1003\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-21-226999641-4124606770-2154794069-1003\..\Run: [HPADVISOR] . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe O4 - HKUS\S-1-5-21-226999641-4124606770-2154794069-1003\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (.not file.) O4 - HKUS\S-1-5-21-226999641-4124606770-2154794069-1003\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe O4 - HKUS\S-1-5-21-226999641-4124606770-2154794069-1003\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-21-226999641-4124606770-2154794069-1003\..\Run: [Corel Photo Downloader] . (.Corel, Inc. - Corel Photo Downloader.) -- C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe O4 - HKUS\S-1-5-21-226999641-4124606770-2154794069-1003\..\Run: [Neuf Media Center] C:\Program Files (x86)\SFR\Media Center\MediaCenter.exe (.not file.) O4 - HKUS\S-1-5-21-226999641-4124606770-2154794069-1003\..\Run: [DriverFinder] C:\Program Files (x86)\DriverFinder\DriverFinder.exe (.not file.) O4 - HKUS\S-1-5-21-226999641-4124606770-2154794069-1003\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe (.not file.) O4 - HKUS\S-1-5-21-226999641-4124606770-2154794069-1003\..\Run: [IncrediMail] . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\bin\IncMail.exe O4 - HKUS\S-1-5-21-226999641-4124606770-2154794069-1003\..\Run: [ROC_JAN2013_TB] . (...) -- C:\Program Files (x86)\AVG Secure Search\ROC_JAN2013_TB.exe =>Toolbar.AVGSearch ~ Application: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Programs: CyberLink DVD Suite Deluxe.lnk . (...) -- C:\Program Files (x86)\CyberLink\DVD Suite Deluxe\PowerStarter.exe (.not file.) O4 - GS\QuickLaunch: IncrediMail.lnk . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\bin\IncMail.exe O4 - GS\Desktop: PhotoFiltre.lnk . (...) -- C:\Program Files (x86)\photofiltre\PhotoFiltre.exe (.not file.) O4 - GS\Programs: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch: Adobe Photoshop CS5 - Raccourci.lnk . (.Adobe Systems, Incorporated - Adobe Photoshop CS5.) -- C:\Program Files (x86)\Adobe\Adobe Photoshop CS5\Photoshop.exe O4 - GS\QuickLaunch: AVG PC Tuneup.lnk . (.AVG - PC Tuneup 2011.) -- C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe O4 - GS\QuickLaunch: Charger le Media Center - Raccourci (2).lnk . (.SFR - Mediacenter Evolution.) -- C:\Program Files (x86)\SFR\Mediacenter Evolution\MediaCenter.exe O4 - GS\QuickLaunch: Corel Paint Shop Pro X.lnk . (.Corel, Inc. - Paint Shop Pro X.) -- C:\Program Files (x86)\Corel\Corel Paint Shop Pro X\Paint Shop Pro X.exe O4 - GS\QuickLaunch: e-Carte Bleue La Banque Postale.lnk . (.Orbiscom Ltd. All rights reserved. - ECBL Client.) -- C:\Program Files (x86)\e-Carte Bleue La Banque Postale\ecbl-lbp.exe O4 - GS\QuickLaunch: ImLc - Raccourci.lnk . (.IncrediMail, Ltd. - IncrediMail Letter Creator Application.) -- C:\Program Files (x86)\IncrediMail\Bin\ImLc.exe O4 - GS\QuickLaunch: IncMail - Raccourci.lnk . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch: Microsoft SharedView.lnk . (.Microsoft Corporation - SharedView Console.) -- C:\Program Files (x86)\Microsoft SharedView\SharedView.exe O4 - GS\QuickLaunch: Outil Capture - Raccourci.lnk . (.Microsoft Corporation - Outil Capture.) -- C:\Windows\System32\SnippingTool.exe O4 - GS\QuickLaunch: PostSmile.lnk . (.Masterra - Pas de description.) -- C:\Program Files (x86)\PostSmile\postsmile.exe O4 - GS\QuickLaunch: Snipping Tool.lnk . (.Microsoft Corporation - Outil Capture.) -- C:\Windows\System32\SnippingTool.exe O4 - GS\QuickLaunch: Suitcase Fusion 2 - Raccourci.lnk . (.Extensis - Suitcase Fusion 2.) -- C:\Program Files (x86)\Extensis\Suitcase Fusion 2\FontManagementUI.exe O4 - GS\QuickLaunch: WildTangent Games App - hp.lnk . (.WildTangent - WildTangent Games App.) -- C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe O4 - GS\QuickLaunch: Windows Calendar.lnk . (.Microsoft Corporation - Calendrier Windows.) -- C:\Program Files (x86)\Windows Calendar\WinCal.exe O4 - GS\QuickLaunch: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe O4 - GS\QuickLaunch: WINWORD.EXE - Raccourci.lnk . (.Microsoft Corporation - Microsoft Office Word.) -- C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.exe O4 - GS\QuickLaunch: xnview.exe - Raccourci.lnk . (.XnView, http://www.xnview.com - XnView for Windows.) -- C:\Program Files (x86)\XnView\xnview.exe O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\SendTo: Assistant Transfert de fichiers Bluetooth.LNK . (.Microsoft Corporation - Pas de description.) -- C:\Windows\System32\fsquirt.exe O4 - GS\SendTo: XnView.lnk . (.XnView, http://www.xnview.com - XnView for Windows.) -- C:\Program Files (x86)\XnView\xnview.exe O4 - GS\Desktop: AVG PC Tuneup.lnk . (.AVG - PC Tuneup 2011.) -- C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe O4 - GS\Desktop: Corel Paint Shop Pro X - Raccourci.lnk . (...) -- C:\Windows\Installer\{1A15507A-8551-4626-915D-3D5FA095CC1B}\Icon_Exe.ico O4 - GS\Desktop: FILMS (F) - Raccourci.lnk . (...) -- F:\ O4 - GS\Desktop: IncMail.exe - Raccourci.lnk . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe O4 - GS\Desktop: Jasc Animation Shop 3 - Raccourci.lnk . (.InstallShield Software Corp. - InstallShield.) -- C:\Windows\Installer\{7C4196CA-CA41-4F34-9C08-7724E7705D52}\NewShortcut1_7C4196CACA414F349C087724E7705D52.exe O4 - GS\Desktop: JEUX JEUX JEUX - Raccourci.lnk . (...) -- M:\MODE EMPLOI CANON 600 D\JEUX JEUX JEUX O4 - GS\Desktop: JkDefrag.exe - Raccourci.lnk . (.J.C. Kessels - JkDefrag - disk defragmentation and optimiz.) -- C:\Program Files (x86)\JkDefrag\JkDefrag.exe O4 - GS\Desktop: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Desktop: Paris Mahjong.exe - Raccourci.lnk . (...) -- C:\Users\CHARLOTTE ROY\Downloads\Paris Mahjong\Paris Mahjong.exe O4 - GS\Desktop: PC Cleaner.lnk . (.PC Help Soft - PC Cleaner.) -- C:\Program Files (x86)\PC Cleaner\PCCleaner.exe O4 - GS\Desktop: Photoshop - Raccourci.lnk . (.Adobe Systems, Incorporated - Adobe Photoshop CS5.) -- C:\Program Files (x86)\Adobe\Adobe Photoshop CS5\Photoshop.exe O4 - GS\Desktop: PostSmile.lnk . (.Masterra - Pas de description.) -- C:\Program Files (x86)\PostSmile\postsmile.exe O4 - GS\Desktop: Suitcase Fusion 2 - Raccourci.lnk . (.Extensis - Suitcase Fusion 2.) -- C:\Program Files (x86)\Extensis\Suitcase Fusion 2\FontManagementUI.exe O4 - GS\Desktop: Windows Media Player (2).lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe O4 - GS\Desktop: xnview.exe - Raccourci.lnk . (.XnView, http://www.xnview.com - XnView for Windows.) -- C:\Program Files (x86)\XnView\xnview.exe ~ Global Startup: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: AVG Do Not Track [64Bits] - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} . (.AVG Technologies CZ, s.r.o. - AVG Do Not Track for IE.) -- C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{8A3BF80D-70A3-4ACA-A7C4-DF672DA88A40}: DhcpNameServer = 212.27.40.240 212.27.40.241 O17 - HKLM\System\CCS\Services\Tcpip\..\{FF4FB70F-D9A9-4078-A201-FE3634319983}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{8A3BF80D-70A3-4ACA-A7C4-DF672DA88A40}: DhcpNameServer = 212.27.40.240 212.27.40.241 O17 - HKLM\System\CS1\Services\Tcpip\..\{FF4FB70F-D9A9-4078-A201-FE3634319983}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{8A3BF80D-70A3-4ACA-A7C4-DF672DA88A40}: DhcpNameServer = 212.27.40.240 212.27.40.241 O17 - HKLM\System\CS2\Services\Tcpip\..\{FF4FB70F-D9A9-4078-A201-FE3634319983}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22) O22 - SharedTaskScheduler: Component Categories cache daemon [64Bits] - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll ~ STS/SSO: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: bProtector (bProtector) . (.bProtector - bProtector Engine.) - C:\ProgramData\bProtector\bProtect.exe O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) . (.Safer-Networking Ltd. - Spybot-S&D 2 Scanner Service.) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) . (.Safer-Networking Ltd. - Spybot-S&D 2 Background update service.) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) . (.Safer-Networking Ltd. - Windows Security Center integration..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe O23 - Service: (vToolbarUpdater14.1.7) . (.Pas de propriétaire - ToolbarU Application.) - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe =>Toolbar.AVGSearch ~ Services: 20 Legitimates Filtered in 00mn 09s ---\\ Enumération Active Desktop & MHTML Editor (O24) O24 - Desktop General: BackupWallPaper - .(...) - M:\ZZZPERSO Photos famille\photos nature\16 AVRIL 2013_SALAGOU photos par Pascale (20).JPG O24 - Desktop General: WallPaper - .(...) - M:\ZZZPERSO Photos famille\photos nature\16 AVRIL 2013_SALAGOU photos par Pascale (20).JPG ~ Desktop Component: 4 Legitimates Filtered in 00mn 00s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job [632] O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job [628] O39 - APT:Automatic Planified Task - C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job [354] O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job [458] [MD5.AD5A7976CB6A2555AFAE3036ECF8F26A] [APT] [addon_prot] (...) -- C:\Program Files (x86)\Internet Explorer\eprot.exe [8704] [MD5.F498F9A6044DE57744BD465662E6AD77] [APT] [bho_update] (...) -- C:\Program Files (x86)\Internet Explorer\Updater.exe [117760] [MD5.452DB84283EB2F043827AC95D62CE19C] [APT] [Check for updates (Spybot - Search & Destroy)] (.Safer-Networking Ltd..) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [3487240] [MD5.00000000000000000000000000000000] [APT] [Go for FilesUpdate] (...) -- C:\Program Files (x86)\GoforFiles\GFFUpdater.exe (.not file.) [0] [MD5.36A82C214B46787385F3B0CD02ECAA88] [APT] [Refresh immunization (Spybot - Search & Destroy)] (.Safer-Networking Ltd..) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [3653656] [MD5.DAB00B3479A39002E9BEEF9BF3647E64] [APT] [ROC_JAN2013_TB_rmv] (...) -- C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe [1176656] =>Toolbar.AVGSearch [MD5.E4A0900CF535888DDD85B10040CA3E34] [APT] [Scan the system (Spybot - Search & Destroy)] (.Safer-Networking Ltd..) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [3906584] [MD5.E6E501853C50CB1E7A0F06CE27BDDC90] [APT] [{011C09F6-0724-4FE8-B79A-D303A78DE77A}] (...) -- C:\Program Files\Windows Media Player\G-Force 3.00 Platinum + ScreenSaver + Serial\G-Force_300_Platinum\G-Force_300_Platinum.exe [2951696] [MD5.00000000000000000000000000000000] [APT] [{0F854BF6-A73F-47C5-9C6F-428FCDDBF5EE}] (...) -- C:\Program Files (x86)\GetSmile\unins000.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{1FA0BB3B-E418-4CA7-8463-544996236FDB}] (...) -- E:\setup.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{263C6284-446C-48CA-87B6-C2D594E3A84D}] (...) -- C:\Users\CHARLOTTE ROY\Downloads\2020fr.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{2BE79EEF-1E0C-4908-9036-D78F430F9CEC}] (...) -- E:\QuickCam\setup.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{2FAFB01C-3DEB-41C5-AFDD-926A8E0F9AEF}] (...) -- C:\Users\CHARLOTTE ROY\AppData\Local\Temp\kiwee_toolbar_installer.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{3401820D-7FD3-4046-9DF9-F27147CA5786}] (...) -- C:\Program Files (x86)\Zylom Games\Babel Deluxe\GameInstlr.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{4024AAAA-48FD-4A49-BA6A-726DBE77AAFF}] (...) -- C:\NEW FILTRES\3dshadowsetup.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{44E305FB-6D93-4BFA-8079-1A4DF835AAB7}] (...) -- E:\setup.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{49CFD845-92D7-4777-AD82-61DDF6C3FE9E}] (...) -- C:\abrViewer.NET\ABRViewer\Release\Setup.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{4B9FC6F4-D59F-48FD-8AD4-8039F6E89E14}] (...) -- E:\Autorun.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{4F6092FC-CE3C-4192-BE1D-C5AF513B3E00}] (...) -- C:\Users\CHARLOTTE ROY\Documents\Mes fichiers reçus\Fishdom H2O - Hidden Odyssey.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{53DC1646-F80F-4641-BE13-29492EFE6006}] (...) -- C:\Plugins\xenofex1\fo-xen11.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{56B4A4DD-2E5E-4DE7-8021-27C2001FA220}] (...) -- C:\Users\CHARLOTTE ROY\Desktop\ToolBarSD.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{61E4AA50-9DFF-4EDC-93F6-1369E31E38F0}] (...) -- C:\Program Files\2020 logiciel\2020fr.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{6973FD4D-79EC-4E15-9DF9-A71DFB6E6923}] (...) -- C:\Program Files (x86)\Yahoo!\MESSEN~1\UNWISE.exe (.not file.) [0] [MD5.79D8B800271229678B73BDF99D7D4343] [APT] [{6F9D8B87-C4E0-44CB-99A6-78B91681E90E}] (...) -- C:\Program Files (x86)\IncrediMailSetup_fr.exe [13054920] [MD5.00000000000000000000000000000000] [APT] [{70412127-4700-46DA-8B54-1D825966949C}] (...) -- C:\Users\CHARLOTTE ROY\Downloads\PLEINS DE JEUX\Games_ENG\Games\Hammer Heads Deluxe v1.1.0.0\HammerHeadsSetup.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{8FC4E31B-DCF4-4659-94CB-78CA441C277D}] (...) -- G:\XXXXX SAUVEGARDE LOGICIELS DESSINS - CS & PSP13\VERSION 1_INCREDIMAI1\incredimail_5.8.6_build_4332_francais.exe (.not file.) [0] [MD5.CAFB55AA463C6DF8802122838D50D2BB] [APT] [{916727A1-276A-4FCC-9674-66625B2E546F}] (.InstallShield Software Corporation.) -- C:\NVIDIA\Win2KXP\93.71\setup.exe [116880] [MD5.00000000000000000000000000000000] [APT] [{A2191390-AFCA-451E-B08B-C1C2BCBB2E07}] (...) -- C:\Program Files (x86)\PopCap Games\Feeding Frenzy 2 Deluxe\PopUninstall.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{A633C944-4F43-4CEA-9FA9-B8139949684F}] (...) -- C:\Users\CHARLOTTE ROY\Desktop\jeux\AUTORUN.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{A68D0609-B4BD-41D7-B604-87A6E5E581FE}] (...) -- C:\Program Files (x86)\Realtek\Audio\Drivers\HDADrv\Setup.exe (.not file.) [0] [MD5.C42FD5CC641916CAD98F36A5963768AF] [APT] [{B2D45379-1F99-42EB-A8A7-B1118DDAEA19}] (...) -- C:\Plugins\xenofex.exe [589381] [MD5.CFCD39CC0209069BC5C1EA305FCF449E] [APT] [{C1F77408-68AC-4F71-A889-599F007663B9}] (.Bot Productions.) -- C:\Program Files (x86)\PSP Thumbnail Handler\Setup.exe [147456] [MD5.00000000000000000000000000000000] [APT] [{C2D11601-6B86-4247-A728-C42866F28555}] (...) -- C:\Users\CHARLOTTE ROY\Desktop\Nouveau dossier\SC4_UNINST.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{C99460BF-4989-47FA-BE8B-23B6F5716102}] (...) -- C:\Corel\Crack.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{CCF83D7F-8415-4461-A2E8-98D33E74A16A}] (...) -- C:\Windows\System32\SnowFlakes.scr -d C:\Windows\system32 -c \S (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{CE0BF75C-F5D3-4A45-8A21-9F2405B3B99B}] (...) -- J:\G-Force 3.00 Platinum + ScreenSaver + Serial\G-Force_300_Platinum\G-Force_300_Platinum.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{CEEF95DB-9EA0-4EE6-AB92-A099EE2FE8D4}] (...) -- C:\Users\CHARLOTTE ROY\Downloads\Photoshop - Astuces et secrets inédits. Fr\ArcIMS_Plugin_6_for_92_sp3\Setup.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{D59DAE16-A291-4F45-94A0-C416635893A5}] (...) -- C:\Users\CHARLOTTE ROY\Documents\Mes fichiers reçus\setup.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{D5F5EB23-2175-4C8E-9FAE-86FB26A13824}] (...) -- C:\Program Files (x86)\byLight\2020\UNWISE.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{D642D81F-EA50-45F4-A486-929282BCA63A}] (...) -- C:\ProgramData\IncrediMail\bin\IMSetup.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{D66F6D00-D5F2-4CF4-906B-C087FA06F3CD}] (...) -- C:\Users\CHARLOTTE ROY\MagicEncyclopediaFirstStory_10128.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{E0665765-5C52-4DC6-85C0-B316F2D97E48}] (...) -- C:\Users\CHARLOTTE ROY\MagicEncyclopediaFirstStory_10128.exe (.not file.) [0] [MD5.E44E508ADE5ACF748967E4A1F308FB49] [APT] [{E598A8E9-3F5F-4A5B-8A4B-FECFA8BD7573}] (...) -- C:\Program Files (x86)\CorelPaintShopProX\setup.exe [253952] [MD5.00000000000000000000000000000000] [APT] [{F0C16723-AA1F-4F9C-8889-3B34D8B7028E}] (...) -- C:\Users\CHARLOTTE ROY\Desktop\Nouveau dossier\setup.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{F672BADB-7930-4088-B50D-309BB5E074A1}] (...) -- C:\Users\CHARLOTTE ROY\Desktop\jeux\SC4_UNINST.exe (.not file.) [0] [MD5.8A447432636CC71B1036034B9BFF5342] [APT] [Scheduled Maintenance] (.PC-Doctor, Inc..) -- C:\Program Files (x86)\PC-Doctor for Windows\RunProfiler.exe [86016] [MD5.EFB0FCD1CD300E5708E73230D91D6532] [APT] [Scheduled Maintenance Swap] (.PC-Doctor, Inc..) -- C:\Program Files (x86)\PC-Doctor for Windows\task_swap.exe [67946] ~ Scheduled Task: 70 Legitimates Filtered in 00mn 10s ---\\ Logiciels installés (O42) O42 - Logiciel: Animated SnowFlakes Screensaver 2.9.8 - (.Animated Screen.) [HKLM][64Bits] -- {3B88F79B-03F3-4B6D-85AC-CC312EE5CD3F}_is1 O42 - Logiciel: Browser Helper Object - (.APC Soft.) [HKLM][64Bits] -- Browser Helper Object1.4 O42 - Logiciel: Conduit Engine - (.Conduit Ltd..) [HKLM][64Bits] -- conduitEngine =>Toolbar.Conduit O42 - Logiciel: FileConverter 1.5 Toolbar - (.FileConverter 1.5.) [HKLM][64Bits] -- FileConverter_1.5 Toolbar O42 - Logiciel: IncrediMail - (.IncrediMail.) [HKLM][64Bits] -- {2CF22C94-1369-4C04-9A5F-A4BC6D91B508} O42 - Logiciel: IncrediMail 2.0 - (.IncrediMail Ltd..) [HKLM][64Bits] -- IncrediMail O42 - Logiciel: Masterra PostSmile 6.4 - (.Masterra.) [HKLM][64Bits] -- PostSmile_is1 O42 - Logiciel: Multimedia Combo Set Driver - (...) [HKLM][64Bits] -- {ECFADFA9-F1B7-438E-A2DC-C6D482D5C760} O42 - Logiciel: PSP Thumbnail Handler - (.Bot Productions.) [HKLM][64Bits] -- {2086A549-ED96-4dc9-BBE3-0538AB29ABEC} O42 - Logiciel: Pando - (.Pando Networks Inc..) [HKLM][64Bits] -- {AB480DA0-7EE9-465D-9C12-4CDE65BF18FB} O42 - Logiciel: Plugin Galaxy 1.0 - (...) [HKLM][64Bits] -- Plugin Galaxy 1.0_is1 O42 - Logiciel: VLC Skin Editor - (.VideoLAN.) [HKLM][64Bits] -- {977C5080-EA08-435D-8901-233A506E1651}}_is1 O42 - Logiciel: Vizros Plug-ins 4.1 - (...) [HKLM][64Bits] -- Vizros Plug-ins 4.1 O42 - Logiciel: Xenofex 1.0 - (...) [HKLM][64Bits] -- Xenofex 1.0 ~ Logic: 275 Legitimates Filtered in 00mn 01s ---\\ HKCU & HKLM Software Keys [HKCU\Software\124] [HKCU\Software\AFH Systems] [HKCU\Software\AGI] [HKCU\Software\ATS-FFormula] [HKCU\Software\Agence-Exclusive] =>PUP.AgenceExcusive [HKCU\Software\Animated Screen] [HKCU\Software\Apophysis 2.0] [HKCU\Software\AppDataLow\Software\ConduitSearchScopes] [HKCU\Software\AppDataLow\Software\FileConverter_1.5] [HKCU\Software\AppDataLow\Software\IncrediMail_MediaBar_2] [HKCU\Software\AppDataLow\Software\IncrediMail_MediaBar_4] [HKCU\Software\AppDataLow\Software\IncrediMail_MediaBar_Francais_2] [HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong [HKCU\Software\AppDataLow\Software\Smartbar] =>Hijacker.SmartBar [HKCU\Software\AppDataLow\Software\WiseConvert_1.5_B2] [HKCU\Software\AppDataLow\Software\conduitEngine] [HKCU\Software\AppDataLow\Software\toolbar] [HKCU\Software\AppDataLow\Toolbar] [HKCU\Software\ArcticLine] [HKCU\Software\AutoPrntApp] [HKCU\Software\AutocompleteProBHO] [HKCU\Software\Axion] [HKCU\Software\Babylon] =>Toolbar.Babylon [HKCU\Software\Boonty] [HKCU\Software\ConduitEngine] [HKCU\Software\DataMngr] =>PUP.Datamngr [HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr [HKCU\Software\DataWorks] [HKCU\Software\FSCR Master] [HKCU\Software\Fantastic Machines] [HKCU\Software\Fisher] [HKCU\Software\Flaming Pear PV] [HKCU\Software\FunkyEmoticons] [HKCU\Software\GoforFiles] [HKCU\Software\HKEY_CURRENT_USER] [HKCU\Software\HarrysFilters] [HKCU\Software\IM] [HKCU\Software\ImInstaller] [HKCU\Software\Iminent] =>Adware.IMBooster [HKCU\Software\IncrediMail] [HKCU\Software\Infinite Interactive] [HKCU\Software\JOE Full] [HKCU\Software\Lokas Ltd] [HKCU\Software\Masterra] [HKCU\Software\Namida] [HKCU\Software\New Virtual Research] [HKCU\Software\PUSH Entertainment] [HKCU\Software\PostSmile] [HKCU\Software\PostworkShop 3 64] [HKCU\Software\Rick Jansen] [HKCU\Software\SnowQueen] [HKCU\Software\Softonic] [HKCU\Software\Synthetik] [HKCU\Software\TTRsoft] [HKCU\Software\TetRize] [HKCU\Software\Topaz Labs] [HKCU\Software\TutoTag] [HKCU\Software\Tutorials] [HKCU\Software\VanDerLee] [HKCU\Software\WhiteSmoke] =>PUP.WhiteSmoke [HKCU\Software\Zugo] [HKCU\Software\bProtector] [HKCU\Software\byLight] [HKCU\Software\cacaoweb] =>PUP.CacaoWeb [HKLM\Software\IB Updater] [HKLM\Software\PUSH Entertainment] [HKLM\Software\Topaz Labs] [HKLM\Software\Wow6432Node\AGI] [HKLM\Software\Wow6432Node\Agence-Exclusive] =>PUP.AgenceExcusive [HKLM\Software\Wow6432Node\Babylon] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Boonty] [HKLM\Software\Wow6432Node\DataMngr] =>PUP.Datamngr [HKLM\Software\Wow6432Node\FileConverter_1.5] [HKLM\Software\Wow6432Node\Freeze.com] [HKLM\Software\Wow6432Node\FunkyEmoticons] [HKLM\Software\Wow6432Node\GoforFiles] [HKLM\Software\Wow6432Node\ImInstaller] [HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster [HKLM\Software\Wow6432Node\IncrediMail_MediaBar_Francais_2] [HKLM\Software\Wow6432Node\LiveCraft] [HKLM\Software\Wow6432Node\Lokas Ltd] [HKLM\Software\Wow6432Node\PluginGalaxy] [HKLM\Software\Wow6432Node\Silver] [HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM [HKLM\Software\Wow6432Node\TUTO4PC] =>PUP.Eorezo [HKLM\Software\Wow6432Node\TerminalStudio] [HKLM\Software\Wow6432Node\Topaz Labs] [HKLM\Software\Wow6432Node\Trymedia Systems] =>Adware.Trymedia [HKLM\Software\Wow6432Node\Vizros] [HKLM\Software\Wow6432Node\WhiteSmoke] =>PUP.WhiteSmoke [HKLM\Software\Wow6432Node\namesuppressed] ~ Key Software: 569 Legitimates Filtered in 00mn 01s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 23/08/2009 - 07:06:45 - [73,462] ----D C:\Program Files (x86)\abrViewer.NET O43 - CFD: 23/08/2009 - 07:07:04 - [110,962] ----D C:\Program Files (x86)\Acrobat 7.0 O43 - CFD: 17/12/2012 - 10:28:16 - [199,956] ----D C:\Program Files (x86)\Animated Screen O43 - CFD: 22/06/2011 - 18:10:59 - [0,008] ----D C:\Program Files (x86)\AutocompletePro O43 - CFD: 15/09/2011 - 19:10:29 - [0] ----D C:\Program Files (x86)\Babylon =>Toolbar.Babylon O43 - CFD: 23/08/2009 - 07:07:40 - [5,344] ----D C:\Program Files (x86)\BroadJump O43 - CFD: 29/03/2013 - 21:00:53 - [2,261] ----D C:\Program Files (x86)\Browser Helper Object O43 - CFD: 17/04/2012 - 12:03:03 - [13,960] ----D C:\Program Files (x86)\byLight2020 O43 - CFD: 24/11/2012 - 20:07:46 - [55,209] ----D C:\Program Files (x86)\Christmas Evening 3D Screensaver O43 - CFD: 23/08/2009 - 07:07:42 - [0,014] ----D C:\Program Files (x86)\Components O43 - CFD: 22/12/2010 - 14:09:47 - [3,803] ----D C:\Program Files (x86)\ConduitEngine O43 - CFD: 23/08/2009 - 07:08:16 - [0,294] ----D C:\Program Files (x86)\Cursors O43 - CFD: 21/09/2012 - 20:29:02 - [0,008] ----D C:\Program Files (x86)\D-Tools O43 - CFD: 23/08/2009 - 07:08:16 - [0,012] ----D C:\Program Files (x86)\data O43 - CFD: 30/11/2012 - 08:24:56 - [4,993] ----D C:\Program Files (x86)\FileConverter_1.5 O43 - CFD: 23/08/2009 - 07:09:11 - [38,326] ----D C:\Program Files (x86)\FILES O43 - CFD: 23/08/2009 - 07:09:11 - [1,201] ----D C:\Program Files (x86)\fio O43 - CFD: 05/04/2009 - 10:04:13 - [0] ----D C:\Program Files (x86)\Folder Marker O43 - CFD: 11/01/2013 - 20:23:40 - [9,155] RS--D C:\Program Files (x86)\Fonts O43 - CFD: 15/12/2012 - 21:31:59 - [0] ----D C:\Program Files (x86)\Funmoods =>PUP.Funmoods O43 - CFD: 16/08/2012 - 20:33:39 - [4,507] ----D C:\Program Files (x86)\GUM5449.tmp O43 - CFD: 18/09/2010 - 09:48:48 - [0,009] ----D C:\Program Files (x86)\Iminent =>Adware.IMBooster O43 - CFD: 07/01/2013 - 03:24:51 - [26,488] ----D C:\Program Files (x86)\IncrediMail O43 - CFD: 16/11/2012 - 20:00:02 - [0,716] ----D C:\Program Files (x86)\Koi Fish 3D Screensaver O43 - CFD: 23/08/2009 - 07:10:11 - [0,203] ----D C:\Program Files (x86)\Languages O43 - CFD: 20/11/2012 - 00:16:55 - [4,340] ----D C:\Program Files (x86)\Mechanical Clock 3D Screensaver O43 - CFD: 23/08/2009 - 07:10:12 - [2,579] ----D C:\Program Files (x86)\Media O43 - CFD: 23/08/2009 - 07:10:12 - [0,592] ----D C:\Program Files (x86)\Meshes O43 - CFD: 23/08/2009 - 07:10:14 - [0,544] ----D C:\Program Files (x86)\MSNFix O43 - CFD: 23/08/2009 - 07:10:14 - [1,402] ----D C:\Program Files (x86)\Multimedia Combo Set O43 - CFD: 16/01/2013 - 15:27:58 - [0] ---AD C:\Program Files (x86)\MyScrapNook_12EI O43 - CFD: 06/12/2012 - 14:23:29 - [1,131] ----D C:\Program Files (x86)\NewFreeScreensavers O43 - CFD: 15/10/2009 - 09:56:09 - [0,075] ----D C:\Program Files (x86)\Perpetual Disco O43 - CFD: 13/11/2009 - 12:19:11 - [164,471] ----D C:\Program Files (x86)\PhotoMosaique O43 - CFD: 10/05/2012 - 15:10:17 - [0] ----D C:\Program Files (x86)\POST-NET O43 - CFD: 13/05/2012 - 14:18:09 - [56,692] ----D C:\Program Files (x86)\PostSmile O43 - CFD: 23/08/2009 - 07:10:35 - [0,012] ----D C:\Program Files (x86)\properties O43 - CFD: 07/04/2013 - 15:51:04 - [0,286] ----D C:\Program Files (x86)\PSP Thumbnail Handler O43 - CFD: 23/08/2009 - 07:10:36 - [1,137] ----D C:\Program Files (x86)\Reflet O43 - CFD: 23/08/2009 - 07:10:36 - [0,944] ----D C:\Program Files (x86)\Samples O43 - CFD: 28/11/2012 - 19:15:38 - [0,044] ----D C:\Program Files (x86)\Santa Claus 3D Screensaver O43 - CFD: 25/11/2010 - 10:14:58 - [34,979] ----D C:\Program Files (x86)\Snow Village 3D Screensaver O43 - CFD: 06/11/2012 - 22:43:01 - [738,217] ----D C:\Program Files (x86)\Studio Artist O43 - CFD: 05/02/2013 - 20:23:47 - [39,966] ----D C:\Program Files (x86)\Summer Forest 3D Screensaver O43 - CFD: 30/07/2012 - 12:52:41 - [43,075] ----D C:\Program Files (x86)\Sun Village 3D Screensaver O43 - CFD: 02/11/2009 - 00:39:04 - [0] ----D C:\Program Files (x86)\SuperBladePro O43 - CFD: 14/02/2009 - 08:59:09 - [0,207] ----D C:\Program Files (x86)\TABLETTE GRAPHIQUE O43 - CFD: 27/11/2009 - 20:30:42 - [6,763] ----D C:\Program Files (x86)\Themes O43 - CFD: 23/08/2009 - 07:10:53 - [0,535] ----D C:\Program Files (x86)\vfx_plug O43 - CFD: 06/12/2012 - 14:23:30 - [3,007] R---D C:\Program Files (x86)\Vizros O43 - CFD: 01/12/2012 - 14:00:51 - [50,687] ----D C:\Program Files (x86)\White Christmas 3D Screensaver O43 - CFD: 12/03/2011 - 13:52:13 - [0] ----D C:\Program Files (x86)\WhiteSmoke =>PUP.WhiteSmoke O43 - CFD: 26/02/2009 - 13:51:08 - [0,066] ----D C:\Program Files (x86)\Common Files\BOONTY Shared O43 - CFD: 18/01/2012 - 18:49:34 - [92,809] ----D C:\Program Files (x86)\Common Files\Topaz Labs O43 - CFD: 30/03/2009 - 21:15:49 - [12,089] ----D C:\ProgramData\App4rTemp O43 - CFD: 28/12/2011 - 15:36:54 - [0] ----D C:\ProgramData\Ask O43 - CFD: 13/05/2012 - 14:15:42 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon O43 - CFD: 28/12/2009 - 13:31:36 - [0,000] ----D C:\ProgramData\BlockBreaker O43 - CFD: 26/10/2012 - 13:33:51 - [0] ----D C:\ProgramData\boost_interprocess O43 - CFD: 09/07/2012 - 13:29:10 - [0,766] ----D C:\ProgramData\bProtector O43 - CFD: 24/10/2010 - 20:04:42 - [0,000] ----D C:\ProgramData\Driver Mender O43 - CFD: 18/01/2012 - 14:39:41 - [0,000] ----D C:\ProgramData\IM O43 - CFD: 07/01/2013 - 03:24:51 - [9,444] ----D C:\ProgramData\IncrediMail O43 - CFD: 18/01/2012 - 08:36:54 - [0] ----D C:\ProgramData\IncrediMail(256) O43 - CFD: 17/01/2012 - 19:41:44 - [0,045] ----D C:\ProgramData\IncrediMail(98) O43 - CFD: 11/11/2012 - 10:55:50 - [0] ----D C:\ProgramData\MakeUp O43 - CFD: 27/09/2010 - 14:23:22 - [0,001] ----D C:\ProgramData\Media Art O43 - CFD: 08/06/2009 - 19:06:27 - [0,000] ----D C:\ProgramData\n7-89-o9-3r-4t-r9 O43 - CFD: 18/11/2011 - 18:05:46 - [0,008] ----D C:\ProgramData\namesuppressed O43 - CFD: 21/03/2012 - 15:04:16 - [0,002] ----D C:\ProgramData\Phenomedia O43 - CFD: 04/07/2012 - 20:05:02 - [13,839] ----D C:\ProgramData\The Legacy of Nostradamus O43 - CFD: 08/09/2012 - 12:48:44 - [0,003] ----D C:\ProgramData\Trymedia =>Adware.Trymedia O43 - CFD: 01/03/2012 - 01:05:35 - [0,002] ----D C:\ProgramData\WildWestQuest2 O43 - CFD: 20/09/2012 - 05:26:14 - [0] --H-D C:\ProgramData\{16996CC6-7043-45AD-9C8D-A784409115E4} O43 - CFD: 16/08/2012 - 09:43:15 - [3,111] --H-D C:\ProgramData\{529BBEB3-0369-420C-BD9C-37553D289203} O43 - CFD: 20/09/2012 - 05:10:16 - [0] --H-D C:\ProgramData\{8265C354-3D13-4FE5-95C7-65F277FF3041} O43 - CFD: 20/09/2012 - 05:11:59 - [0] --H-D C:\ProgramData\{9DE75BC9-6CF5-4972-8A4E-86BAAD477DC6} O43 - CFD: 20/09/2012 - 05:23:20 - [0] --H-D C:\ProgramData\{AB404F93-CDCE-40D9-8D4E-8606C84D368C} O43 - CFD: 16/08/2012 - 09:43:15 - [3,109] --H-D C:\ProgramData\{E6AF2639-F710-4F5B-8830-95A396FB523F} O43 - CFD: 25/03/2009 - 07:06:19 - [0,002] ----D C:\Users\CHARLOTTE ROY\AppData\Roaming\agi O43 - CFD: 17/12/2012 - 10:28:19 - [8,790] ----D C:\Users\CHARLOTTE ROY\AppData\Roaming\Animated Screen O43 - CFD: 04/04/2009 - 22:52:51 - [0,002] ----D C:\Users\CHARLOTTE ROY\AppData\Roaming\ArcticLine O43 - CFD: 06/08/2012 - 16:18:13 - [0,001] ----D C:\Users\CHARLOTTE ROY\AppData\Roaming\AV Bros Puzzle Pro 3.0 O43 - CFD: 13/05/2012 - 14:15:42 - [0,027] ----D C:\Users\CHARLOTTE ROY\AppData\Roaming\Babylon =>Toolbar.Babylon O43 - CFD: 07/05/2012 - 18:30:21 - [0,072] ----D C:\Users\CHARLOTTE ROY\AppData\Roaming\Babylonia =>Toolbar.Babylon O43 - CFD: 12/11/2012 - 15:31:48 - [1863,936] ----D C:\Users\CHARLOTTE ROY\AppData\Roaming\cacaoweb =>PUP.CacaoWeb O43 - CFD: 20/02/2009 - 18:39:23 - [0,001] ----D C:\Users\CHARLOTTE ROY\AppData\Roaming\Free&Easy Font Viewer O43 - CFD: 16/08/2011 - 17:59:58 - [0,000] ----D C:\Users\CHARLOTTE ROY\AppData\Roaming\FriendsGamesNetwork O43 - CFD: 16/11/2012 - 10:06:52 - [0] ----D C:\Users\CHARLOTTE ROY\AppData\Roaming\GoforFiles O43 - CFD: 23/02/2010 - 10:30:46 - [0] ----D C:\Users\CHARLOTTE ROY\AppData\Roaming\iWin O43 - CFD: 05/08/2012 - 19:23:00 - [109,348] ----D C:\Users\CHARLOTTE ROY\AppData\Roaming\OpenCandy =>Adware.OpenCandy O43 - CFD: 24/02/2009 - 19:11:11 - [0] ----D C:\Users\CHARLOTTE ROY\AppData\Roaming\Skinux O43 - CFD: 27/12/2011 - 19:51:23 - [0,001] ----D C:\Users\CHARLOTTE ROY\AppData\Roaming\SuperEZ Video Converter O43 - CFD: 12/03/2011 - 13:52:07 - [0,000] ----D C:\Users\CHARLOTTE ROY\AppData\Roaming\WhiteSmoke =>PUP.WhiteSmoke O43 - CFD: 23/11/2009 - 10:17:59 - [13,210] ----D C:\Users\CHARLOTTE ROY\AppData\Local\CaledosLAB O43 - CFD: 20/01/2011 - 06:23:10 - [0,013] ----D C:\Users\CHARLOTTE ROY\AppData\Local\ConduitEngine O43 - CFD: 04/01/2013 - 23:44:28 - [322,060] ----D C:\Users\CHARLOTTE ROY\AppData\Local\IM O43 - CFD: 02/08/2009 - 11:44:04 - [33,915] ----D C:\Users\CHARLOTTE ROY\AppData\Local\Installer2872 O43 - CFD: 02/08/2009 - 11:52:32 - [30,447] ----D C:\Users\CHARLOTTE ROY\AppData\Local\Installer960 O43 - CFD: 15/06/2012 - 12:25:16 - [0,002] ----D C:\Users\CHARLOTTE ROY\AppData\Local\LiveCraft O43 - CFD: 29/11/2011 - 13:37:41 - [0] --HAD C:\Users\CHARLOTTE ROY\AppData\Local\M9JFi9Lc8B2E2gV O43 - CFD: 08/09/2012 - 12:50:44 - [0,002] ----D C:\Users\CHARLOTTE ROY\AppData\Local\OrbyxDeluxeGH O43 - CFD: 05/07/2012 - 03:23:57 - [2,141] ----D C:\Users\CHARLOTTE ROY\AppData\Local\Pando O43 - CFD: 08/02/2012 - 20:53:56 - [0,096] ----D C:\Users\CHARLOTTE ROY\AppData\Local\ProDigital O43 - CFD: 15/12/2012 - 20:12:05 - [0,054] ----D C:\Users\CHARLOTTE ROY\AppData\Local\Wajam =>Toolbar.Wajam O43 - CFD: 15/12/2010 - 15:23:32 - [6,387] ----D C:\Users\CHARLOTTE ROY\AppData\Local\{99D5BFA2-767C-434A-83CF-613CC6D36C3F} O43 - CFD: 22/03/2009 - 17:08:49 - [5,984] ----D C:\Users\CHARLOTTE ROY\AppData\Local\{E61AED2D-F303-484A-9707-E775FF1DB3F6} O43 - CFD: 17/04/2012 - 11:59:27 - [0] ----D C:\Users\CHARLOTTE ROY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\2020 O43 - CFD: 29/09/2010 - 11:34:05 - [0,004] ----D C:\Users\CHARLOTTE ROY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pense-Bête ~ 20 Dossiers CLSID vides (CLSID Empty Folders) ~ Program Folder: 567 Legitimates Filtered in 02mn 12s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.23948829C6D049B8ADE0E0FB87305AC3] - 23/04/2013 - 10:02:33 ---A- . (.Safer Networking Limited - Pas de description.) -- C:\Windows\SysNative\sdnclean64.exe [17272] O44 - LFC:[MD5.23948829C6D049B8ADE0E0FB87305AC3] - 23/04/2013 - 10:02:33 RSHAD . (.Safer Networking Limited - Pas de description.) -- C:\Windows\System32\sdnclean64.exe [17272] O44 - LFC:[MD5.6D7C0B6C6EB82C6CAE1F3CBC14B8EE31] - 16/04/2013 - 03:53:28 ---A- . (...) -- C:\Windows\msxml4-KB2758694-enu.LOG [272948] ~ Files: 17 Legitimates Filtered in 00mn 06s ---\\ Export de clé d'application autorisée (O47) O47 - AAKE:Key Export SP - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [Enabled] .(.Safer-Networking Ltd..) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe O47 - AAKE:Key Export SP - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" [Enabled] .(.Safer-Networking Ltd..) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe O47 - AAKE:Key Export SP - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" [Enabled] .(.Safer-Networking Ltd..) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe O47 - AAKE:Key Export SP - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" [Enabled] .(.Safer-Networking Ltd..) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe ~ Keys Export: 4 Legitimates Filtered in 00mn 00s ---\\ MountPoints2 Shell Key (O51) O51 - MPSK:{0f3192a0-6e55-11de-97fa-806e6f6e6963}\AutoRun\command. (...) -- K:\Launcher\LAUNCHER.exe (.not file.) O51 - MPSK:{754e7210-db5e-11df-8b7d-0022159cf8d6}\AutoRun\command. (...) -- C:\Windows\system32\DOUDou.exe (.not file.) O51 - MPSK:{f68088cb-7e35-11dd-bfa1-806e6f6e6963}\AutoRun\command. (...) -- E:\Launcher\LAUNCHER.exe ~ Keys: Scanned in 00mn 05s ---\\ ShareTools MSconfig StartupReg (O53) O53 - SMSR:HKLM\...\startupreg\a-squared [Key] . (...) -- C:\Program Files (x86)\a-squared Anti-Malware\a2guard.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\CANAL+ CANALSAT A LA DEMANDE [Key] . (...) -- C:\Program Files (x86)\Canal+\CANAL+ CANALSAT A LA DEMANDE\Launcher.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\KiweeHook [Key] . (...) -- C:\Program Files (x86)\Kiwee Toolbar\2.9.201\kwtbaim.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\Malwarebytes' Anti-Malware (reboot) [Key] . (...) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (.not file.) ~ SMSR Keys: 23 Legitimates Filtered in 00mn 00s ---\\ Microsoft Windows Policies System (O55) O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 ~ MWPS: 17 Legitimates Filtered in 00mn 00s ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.F14215E37CF124104575073F782111D2] - 21/01/2008 - 03:46:53 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [486456] O58 - SDL:[MD5.08F60F40D1A2A95A1F12EDDBD9F25C1C] - 14/02/2009 - 07:32:27 ---A- . (.Macrovision Europe Ltd - Macrovision SECURITY Driver.) -- C:\Windows\SysWOW64\drivers\CdaC15BA.SYS [12464] O58 - SDL:[MD5.235B8D0B7D707FADD1697FB394CC68D6] - 08/12/2012 - 07:08:50 -SHA- . (...) -- C:\Windows\SysWOW64\KGyGaAvL.sys [2516] ~ Drivers: Scanned in 00mn 00s ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: Ad-Remover By C_XX - (.C_XX.) [HKLM] -- Ad-Remover O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ ADS: Scanned in 00mn 00s ---\\ Liste des services Legacy (O64) O64 - Services: CurCS - 02/03/2007 - C:\Windows\System32\DRIVERS\fvxscsi.sys (FVXSCSI) .(.FarStone Inc. - FarStone SCSI Miniport (64bit).) - LEGACY_FVXSCSI O64 - Services: CurCS - ??\??\???? - Pas de propriétaire (NTACCESS) .(...) - LEGACY_NTACCESS ~ Legacy: 82 Legitimates Filtered in 00mn 05s ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (O69) O69 - SBI: SearchScopes [HKCU] {006ee092-9658-4fd6-bd8e-a21a348e59f5} - (Web Search) - http://feed.snap.do =>Hijacker.SmartBar O69 - SBI: SearchScopes [HKCU] {0388404D-6072-4CEB-B521-8F090FEAEE57} - (Yahoo!) - http://klit.startnow.com O69 - SBI: SearchScopes [HKCU] {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - (Search the Web) - http://search.imgag.com O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Search the web (Babylon)) - http://isearch.babylon.com =>Toolbar.Babylon O69 - SBI: SearchScopes [HKCU] {2750771E-AA94-4E4C-AB67-CF9343CF52CC} [DefaultScope] - (AOL Recherche) - http://slirsredirect.search.aol.com O69 - SBI: SearchScopes [HKCU] {33372C9B-EED2-4909-AC38-8D452F3EE630} - (Yahoo! Search) - http://search.yahoo.com O69 - SBI: SearchScopes [HKCU] {63FEE953-982F-4d57-BF87-5F9E197C6A88} - (MyStart Search) - http://mystart.magentic.com O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com O69 - SBI: SearchScopes [HKCU] {78F29633-DB06-47F3-9B54-D6313EDF8E9A} - (Kelkoo) - http://fr.kelkoopartners.net O69 - SBI: SearchScopes [HKCU] {8B63A8D6-BBED-4341-8867-790E5F524C96} - (Rechercher MyStart) - http://mystart.hiyo.com O69 - SBI: SearchScopes [HKCU] {95B7759C-8C7F-4BF1-B163-73684A933233} - (AVG Secure Search) - http://isearch.avg.com =>Toolbar.AVGSearch O69 - SBI: SearchScopes [HKCU] {9B6103C1-F818-48a8-9683-314055BE6075} - (MyStart Rechercher) - http://mystart.hiyo.com O69 - SBI: SearchScopes [HKCU] {A6037AB3-84D9-4470-9D60-D318E1C72708} - (Ask Search) - http://websearch.ask.com O69 - SBI: SearchScopes [HKCU] {AC854C16-CA1E-43f1-8513-0D2F36C726ED} - (Google) - http://www.afodo.com O69 - SBI: SearchScopes [HKCU] {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} - (DAEMON Search) - http://www.daemon-search.com O69 - SBI: SearchScopes [HKCU] {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} - (Funmoods) - http://searchfunmoods.com =>PUP.Funmoods O69 - SBI: SearchScopes [HKCU] {CD10120B-C165-4f8d-8C74-639629E238FF} - (MyStart Search) - http://mystart.magentic.com O69 - SBI: SearchScopes [HKCU] {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} - (MyStart Rechercher) - http://mystart.incredimail.com O69 - SBI: SearchScopes [HKCU] {DECA3892-BA8F-44b8-A993-A466AD694AE4} - (Yahoo!) - http://fr.search.yahoo.com O69 - SBI: SearchScopes [HKCU] {EEE6C360-6118-11DC-9C72-001320C79847} - (SweetIM Search) - http://search.sweetim.com =>PUP.SweetIM O69 - SBI: SearchScopes [HKUS\.DEFAULT] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://search.live.com O69 - SBI: SearchScopes [HKUS\.DEFAULT] {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - (Live Search Powered by Kiwee) - http://kwtb.search.imgag.com O69 - SBI: SearchScopes [HKUS\.DEFAULT] {2750771E-AA94-4E4C-AB67-CF9343CF52CC} - (AOL Recherche) - http://slirsredirect.search.aol.com O69 - SBI: SearchScopes [HKUS\.DEFAULT] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com O69 - SBI: SearchScopes [HKUS\.DEFAULT] {78F29633-DB06-47F3-9B54-D6313EDF8E9A} - (Kelkoo) - http://fr.kelkoopartners.net O69 - SBI: SearchScopes [HKUS\S-1-5-18] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://search.live.com O69 - SBI: SearchScopes [HKUS\S-1-5-18] {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - (Live Search Powered by Kiwee) - http://kwtb.search.imgag.com O69 - SBI: SearchScopes [HKUS\S-1-5-18] {2750771E-AA94-4E4C-AB67-CF9343CF52CC} - (AOL Recherche) - http://slirsredirect.search.aol.com O69 - SBI: SearchScopes [HKUS\S-1-5-18] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com O69 - SBI: SearchScopes [HKUS\S-1-5-18] {78F29633-DB06-47F3-9B54-D6313EDF8E9A} - (Kelkoo) - http://fr.kelkoopartners.net ~ Keys: Scanned in 00mn 00s ---\\ Recherche particuliere à la racine de certains dossiers (O84) [MD5.39EA96ADB42890861D784FBDD0332E0F] [SPRF][04/07/2011] (...) -- C:\ProgramData\6E85A45D40.sys [168] [MD5.6EE5BA201C15667853DD3F7FE306B834] [SPRF][30/09/2011] (...) -- C:\ProgramData\9FC65E41BC.sys [88] [MD5.0C6F900991285EA4CF371C1C13EBC461] [SPRF][13/01/2012] (...) -- C:\ProgramData\KGyGaAvL.sys [10022] [MD5.428DADAA311226297111FCE41FDEAF0D] [SPRF][16/08/2012] (...) -- C:\ProgramData\nvModes.dat [63611] [MD5.40ED0305F106A205987746B572251D89] [SPRF][19/11/2012] (...) -- C:\Users\CHARLOTTE ROY\AppData\Local\d3d8caps.dat [552] [MD5.2CE6B32A824C72F29E20C510C45AC3A5] [SPRF][16/04/2013] (...) -- C:\Users\CHARLOTTE ROY\AppData\Local\d3d9caps.dat [2032] [MD5.9596568E92BF41C3361C03C36DBA18DB] [SPRF][16/04/2013] (...) -- C:\Users\CHARLOTTE ROY\AppData\Local\d3d9caps64.dat [1460] [MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][05/08/2009] (...) -- C:\Users\CHARLOTTE ROY\AppData\Roaming\wklnhst.dat [0] [MD5.D03F39A2F63D2920FBD4880D4A6AC42B] [SPRF][23/04/2013] (.Nicolas Coolman - ZHPDiag.) -- C:\Users\CHARLOTTE ROY\Desktop\ZHPDiag2.exe [5598615] [MD5.04F4DCEC002BB7306700BAFB8461A15A] [SPRF][12/07/2012] (.Pas de propriétaire - 2.0.1.) -- C:\Program Files (x86)\Aeon_201_Gold.exe [26838336] [MD5.C832B62D916C2A4C034B21E493417F60] [SPRF][15/07/1999] (...) -- C:\Program Files (x86)\AssignPath.exe [24576] [MD5.DE2BF7F77E34FD24BE1C8BFF471F78BD] [SPRF][24/04/2008] (.Intel Corporation - Certified Realtek AC97 Driver for all OS.) -- C:\Program Files (x86)\AUD_ALLOS_5.10.0.6020_PV_RealtekAC97.exe [24917222] [MD5.D3B17961AA97684EE6B7A5720591F2FF] [SPRF][16/08/2010] (.3Planesoft - Coral Clock 3D Screensaver Setup.) -- C:\Program Files (x86)\coralclock.exe [14335297] [MD5.5693DDE1616E239F8262A9B7D8AACC24] [SPRF][24/04/2008] (...) -- C:\Program Files (x86)\Google_Updater.exe [878720] [MD5.E90181EBFFC8E9F764789725F9DA7963] [SPRF][05/04/2013] (...) -- C:\Program Files (x86)\gs905w32.exe [12702607] [MD5.F60759E7A1FE711BEAA36EB4F848589B] [SPRF][05/04/2013] (...) -- C:\Program Files (x86)\gs905w64.exe [12988826] [MD5.79D8B800271229678B73BDF99D7D4343] [SPRF][07/02/2012] (...) -- C:\Program Files (x86)\IncrediMailSetup_fr.exe [13054920] [MD5.C39D25141E01072BAC332D44459758F5] [SPRF][22/08/2012] (.MysticCoder - MysticThumbs v3.0.0.) -- C:\Program Files (x86)\MysticThumbs300.exe [10343832] [MD5.21FAA4A58076CE1CAADA80235A736A6C] [SPRF][22/09/2010] (.Pas de propriétaire - nfsDigitalClock07 New Free Screensaver Setup.) -- C:\Program Files (x86)\nuagesdigitalclock07.exe [12981723] [MD5.329AB24DCCDC59F1B9171A10454A5487] [SPRF][26/02/2008] (.Masterra - PostSmile.) -- C:\Program Files (x86)\postsmile.exe [3120225] [MD5.5B403285C6ED012BE72DFE6F048F4FBF] [SPRF][03/11/2011] (.Acresso Software Inc. - Setup.exe.) -- C:\Program Files (x86)\PSPX4_TBYB30EN.exe [295206264] [MD5.B7E3E7178ABE7CA76716D742B88B5138] [SPRF][26/03/2007] (...) -- C:\Program Files (x86)\visualisateurfichier PSP.exe [148480] [MD5.C796FFE6E484CCCBA46F323D5E3DC051] [SPRF][26/02/2008] (.Microsoft Corporation - Windows Media Component Setup Application.) -- C:\Program Files (x86)\wmp11-windowsxp-x86-FR-FR.exe [25839688] [MD5.3FEA9D2EDF23B0283C7A66C8DEA380BD] [SPRF][26/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\Windows\Downloaded Program Files\dwusplay.dll [24576] [MD5.CDBE35EA59BC9223E4F800BD1DB82D27] [SPRF][26/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\Windows\Downloaded Program Files\dwusplay.exe [196608] [MD5.D8FB851A9FBD62352FD74283F9C14C77] [SPRF][10/06/2005] (.InstallShield Software Corporation - InstallShield Update Service Web Agent.) -- C:\Windows\Downloaded Program Files\isusweb.dll [417792] ~ Files: Scanned in 00mn 08s ---\\ Firewall Active Exception List (FirewallRules) (O87) O87 - FAEL: "{81A26D95-7D46-4F02-9049-B7B13BB540AD}" | In - Private - P6 - TRUE | .(.MysticCoder - MysticThumbs.) -- C:\Program Files\MysticCoder\MysticThumbs\MysticThumbsControlPanel.exe O87 - FAEL: "{B724DBB9-D327-44A3-97A4-4BAEC22C88DD}" | In - Private - P17 - TRUE | .(.MysticCoder - MysticThumbs.) -- C:\Program Files\MysticCoder\MysticThumbs\MysticThumbsControlPanel.exe O87 - FAEL: "{C9F239E3-7C49-426A-8056-7FAA18F11712}" | In - Private - P6 - TRUE | .(.MysticCoder - MysticThumbs.) -- C:\Program Files\MysticCoder\MysticThumbs\MysticThumbs.exe O87 - FAEL: "{350056F9-6560-4AAA-A95D-470B2ACB27E8}" | In - Private - P17 - TRUE | .(.MysticCoder - MysticThumbs.) -- C:\Program Files\MysticCoder\MysticThumbs\MysticThumbs.exe O87 - FAEL: "{FCBB768D-0E12-45FA-B04A-B7B316D0140D}" | In - Private - P6 - TRUE | .(.MysticCoder - MysticThumbs.) -- C:\Program Files\MysticCoder\MysticThumbs\MysticThumbs32.dll O87 - FAEL: "{E870D523-2379-4F6B-A9D2-BD34F7863FEE}" | In - Private - P17 - TRUE | .(.MysticCoder - MysticThumbs.) -- C:\Program Files\MysticCoder\MysticThumbs\MysticThumbs32.dll O87 - FAEL: "{BAF4B628-BB5C-4FCB-B56F-893781F666C5}" | In - Private - P6 - TRUE | .(.MysticCoder - MysticThumbs.) -- C:\Program Files\MysticCoder\MysticThumbs\MysticThumbs64.dll O87 - FAEL: "{9D967CD5-2968-4709-8DDB-FACD431E3916}" | In - Private - P17 - TRUE | .(.MysticCoder - MysticThumbs.) -- C:\Program Files\MysticCoder\MysticThumbs\MysticThumbs64.dll ~ Firewall: 170 Legitimates Filtered in 00mn 01s ---\\ Scan Additionnel (O88) Database Version : v2.11647 - (22/04/2013) Clés trouvées (Keys found) : 188 Valeurs trouvées (Values found) : 3 Dossiers trouvés (Folders found) : 30 Fichiers trouvés (Files found) : 0 [HKLM\Software\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}] =>PUP.Funmoods [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}] =>Hijacker.SmartBar [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}] =>Hijacker.SmartBar [HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.Agent [HKLM\Software\Classes\CLSID\{09B445AE-2345-4FCA-85AE-FB3626ECEBDD}] =>Hijacker.Agent [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}] =>Toolbar.Kiwee [HKLM\Software\Classes\CLSID\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}] =>Toolbar.Kiwee [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}] =>Toolbar.Kiwee [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}] =>Toolbar.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}] =>Toolbar.Agent [HKLM\Software\Classes\CLSID\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}] =>Toolbar.Agent [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}] =>Toolbar.Ask [HKLM\Software\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}] =>Toolbar.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{249d74a3-bd19-4657-b6ce-e62f480a20de}] =>Toolbar.Conduit [HKLM\Software\Classes\CLSID\{249d74a3-bd19-4657-b6ce-e62f480a20de}] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{249d74a3-bd19-4657-b6ce-e62f480a20de}] =>Toolbar.Conduit [HKLM\Software\Classes\TypeLib\{259eeb17-79aa-44df-8410-8e55f82a902a}] =>Toolbar.Kiwee [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{27100E88-8830-44ED-9D6A-CA24F3523F39}] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{27100E88-8830-44ED-9D6A-CA24F3523F39}] =>Toolbar.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}] =>Toolbar.Conduit [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{3e16a203-c0aa-4d44-acc5-38a70a8c76da}] =>Toolbar.Kiwee [HKLM\Software\Wow6432Node\Classes\Interface\{3e16a203-c0aa-4d44-acc5-38a70a8c76da}] =>Toolbar.Kiwee [HKLM\Software\Classes\CLSID\{4260e0cc-0f75-462e-88a3-1e05c248bf4c}] =>Toolbar.Kiwee [HKLM\Software\Classes\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] =>PUP.SweetIM [HKLM\Software\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>Toolbar.Agent [HKLM\Software\Classes\Interface\{5663b370-f3c3-40d1-9c46-0e800aa4d0e8}] =>Toolbar.Kiwee [HKLM\Software\Wow6432Node\Classes\Interface\{5663b370-f3c3-40d1-9c46-0e800aa4d0e8}] =>Toolbar.Kiwee [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6e15d3c4-c6fc-4f02-b130-77cc5b1f09db}] =>Toolbar.Kiwee [HKLM\Software\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87A0B80B-5BA7-4CB0-9553-105D68777D60}] =>Adware.BHO [HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}] =>Toolbar.Agent [HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>Toolbar.Agent [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0388404D-6072-4CEB-B521-8F090FEAEE57}] =>Toolbar.Agent [HKLM\Software\Classes\AppID\{a5461fca-320c-4d6f-a150-a53823ce8142}] =>Toolbar.Kiwee [HKLM\Software\Wow6432Node\Classes\AppID\{a5461fca-320c-4d6f-a150-a53823ce8142}] =>Toolbar.Kiwee [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}] =>Toolbar.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113}] =>Adware.Agent [HKLM\Software\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}] =>Adware.Agent [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}] =>Toolbar.Conduit [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{b0de3308-5d5a-470d-81b9-634fc078393b}] =>Adware.BHO [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B0DE3308-5D5A-470D-81B9-634FC078393B}] =>Adware.BHO [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}] =>PUP.Funmoods [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}] =>PUP.Funmoods [HKLM\Software\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}] =>Toolbar.Conduit [HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper [HKLM\Software\Wow6432Node\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper [HKLM\Software\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}] =>Toolbar.Babylon [HKLM\Software\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}] =>Toolbar.Agent [HKLM\Software\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9}] =>Toolbar.AskBarDis [HKLM\Software\Wow6432Node\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9}] =>Toolbar.AskBarDis [HKLM\Software\Classes\Interface\{c44feff4-ef0c-4cf7-83d0-92b4266a32b9}] =>Adware.BHO [HKLM\Software\Wow6432Node\Classes\Interface\{c44feff4-ef0c-4cf7-83d0-92b4266a32b9}] =>Adware.BHO [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}] =>Toolbar.Conduit [HKLM\Software\Classes\TypeLib\{c7403c30-3644-43d8-a82f-4bd84b9682d9}] =>Toolbar.Kiwee [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}] =>PUP.Funmoods [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CFCB809C-3A22-4616-A916-6C007BD9D920}] =>Toolbar.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CFCB809C-3A22-4616-A916-6C007BD9D920}] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CFCB809C-3A22-4616-A916-6C007BD9D920}] =>Toolbar.Agent [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}] =>Adware.IncrediBar [HKLM\Software\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}] =>Toolbar.Wajam [HKLM\Software\Wow6432Node\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}] =>Toolbar.Wajam [HKLM\Software\Classes\Interface\{db885111-f39f-4d88-9ee5-c88460b6df7b}] =>Adware.Agent [HKLM\Software\Wow6432Node\Classes\Interface\{db885111-f39f-4d88-9ee5-c88460b6df7b}] =>Adware.Agent [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}] =>Adware.Bandoo [HKLM\Software\Classes\CLSID\{E46C8196-B634-44a1-AF6E-957C64278AB1}] =>Toolbar.Babylon [HKLM\Software\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] =>Adware.Yontoo [HKLM\Software\Classes\Interface\{f131923c-381d-4e4c-a472-4a17118fd742}] =>Adware.BHO [HKLM\Software\Wow6432Node\Classes\Interface\{f131923c-381d-4e4c-a472-4a17118fd742}] =>Adware.BHO [HKLM\Software\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.Agent [HKLM\Software\Classes\AppID\contenthandler.dll] =>Toolbar.Kiwee [HKLM\Software\Classes\AppID\ieaddon.dll] =>Trojan.FakeAlert [HKLM\Software\Classes\AppID\ScriptHelper.EXE] =>Toolbar.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search] =>Toolbar.AVGSearch [HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine] =>Toolbar.Conduit [HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FileConverter_1.5 Toolbar] =>Toolbar.Agent [HKLM\Software\Classes\AVG Secure Search.BrowserWndAPI] =>Toolbar.AVGSearch [HKLM\Software\Classes\AVG Secure Search.PugiObj] =>Toolbar.AVGSearch [HKLM\Software\Classes\AVG Secure Search.PugiObj.1] =>Toolbar.AVGSearch [HKLM\Software\Classes\Conduit.Engine] =>Toolbar.Conduit [HKLM\Software\Classes\S] =>Toolbar.Agent [HKLM\Software\Classes\ScriptHelper.ScriptHelperApi] =>Toolbar.Agent [HKLM\Software\Classes\ScriptHelper.ScriptHelperApi.1] =>Toolbar.Agent [HKLM\Software\Classes\ViProtocol.ViProtocolOLE] =>Toolbar.Agent [HKLM\Software\Classes\ViProtocol.ViProtocolOLE.1] =>Toolbar.Agent [HKLM\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh] =>PUP.Funmoods [HKLM\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj] =>Adware.SearchYa [HKLM\Software\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj] =>Adware.SearchYa [HKLM\Software\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd] =>Adware.IncrediBar [HKLM\Software\Wow6432Node\Google\Chrome\Extensions\ehdmaehkiiampolokajdcelladmnopgp] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp] =>Toolbar.Wajam [HKCU\Software\Agence-Exclusive] =>Spyware.AgenceExclusive [HKLM\Software\Wow6432Node\Agence-Exclusive] =>Spyware.AgenceExclusive [HKCU\Software\AutocompleteProBHO] =>Adware.PredictAd [HKCU\Software\bProtector] =>PUP.BProtector [HKCU\Software\cacaoweb] =>PUP.CacaoWeb [HKCU\Software\conduitEngine] =>Toolbar.Conduit [HKCU\Software\AppDataLow\Software\conduitEngine] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\conduitEngine] =>Toolbar.Conduit [HKCU\Software\AppDataLow\Software\ConduitSearchScopes] =>Toolbar.Conduit [HKCU\Software\DataMngr] =>Adware.Bandoo [HKLM\Software\Wow6432Node\DataMngr] =>Adware.Bandoo [HKCU\Software\AppDataLow\Software\FileConverter_1.5] =>Toolbar.Agent [HKLM\Software\Wow6432Node\FileConverter_1.5] =>Toolbar.Agent [HKLM\Software\Wow6432Node\freeze.com] =>Adware.BHO [HKCU\Software\funkyemoticons] =>Adware.Navipromo [HKLM\Software\Wow6432Node\funkyemoticons] =>Adware.Navipromo [HKCU\Software\Iminent] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster [HKCU\Software\AppDataLow\Software\IncrediMail_MediaBar_2] =>Toolbar.Conduit [HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong [HKCU\Software\Softonic] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM [HKCU\Software\AppDataLow\Toolbar] =>Toolbar.Conduit [HKCU\Software\AppDataLow\Software\Toolbar] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Tuto4pc] =>PUP.Eorezo [HKCU\Software\Tutorials] =>Spyware.AgenceExclusive [HKCU\Software\Zugo] =>Adware.Zugo [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search] =>Toolbar.AVGSearch [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FileConverter_1.5 Toolbar] =>Toolbar.Agent [HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6E15D3C4-C6FC-4F02-B130-77CC5B1F09DB}] =>Toolbar.Kiwee [HKCU\AppEvents\Schemes\Apps\Explorer\Navigating\Old_Current] =>PUP.MediaFinder [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo [HKLM\Software\Classes\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}] =>Toolbar.ToolBand [HKLM\Software\Classes\Interface\{DB885111-F39F-4D88-9EE5-C88460B6DF7B}] =>Toolbar.ToolBand [HKLM\Software\Wow6432Node\Classes\Interface\{DB885111-F39F-4D88-9EE5-C88460B6DF7B}] =>Toolbar.ToolBand [HKLM\Software\Wow6432Node\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla] =>Toolbar.AVGSearch [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{47B614AF-B4CC-485B-B331-BE26F02ED4CC}] =>Toolbar.Babylon [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{47B614AF-B4CC-485B-B331-BE26F02ED4CC}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{47B614AF-B4CC-485B-B331-BE26F02ED4CC}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Browser Helper Object1.4] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}] =>Toolbar.Babylon [HKLM\Software\Classes\IncrediSpooler.DeltaSync] =>toolbar.DeltaSearch [HKLM\Software\Classes\IncrediSpooler.DeltaSync.1] =>toolbar.DeltaSearch [HKLM\Software\Classes\IminentMMServer.ACPlayer] =>Adware.IMBooster [HKLM\Software\Classes\IminentMMServer.ACPlayer.1] =>Adware.IMBooster [HKLM\Software\Classes\TBSB06155.IEToolbar] =>Toolbar.Agent [HKLM\Software\Classes\TBSB06155.IEToolbar.1] =>Toolbar.Agent [HKLM\Software\Classes\Toolbar3.TBSB06155] =>Toolbar.Agent [HKLM\Software\Classes\Toolbar3.TBSB06155.1] =>Toolbar.Agent [HKLM\Software\Classes\Toolbar.CT2724431] =>Toolbar.Conduit [HKLM\Software\Classes\Toolbar.CT3128284] =>Toolbar.Conduit [HKLM\Software\Classes\Toolbar.CT3196716] =>Toolbar.Conduit [HKLM\Software\Classes\Toolbar.CT3241952] =>Toolbar.Conduit [HKLM\Software\Classes\Toolbar.CT3242339] =>Toolbar.Conduit [HKLM\Software\Classes\Toolbar.CT3297966] =>Toolbar.Conduit [HKLM\Software\Classes\AppID\Iminent.MMServer.EXE] =>Adware.IMBooster [HKLM\Software\Classes\AppID\Iminent.WinCore.Aim.Plugin.DLL] =>Adware.IMBooster [HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\Arpcache\funmoods] =>PUP.Funmoods [HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\Arpcache\Wajam] =>Toolbar.Wajam [HKLM\Software\Wow6432Node\Classes\IncrediSpooler.DeltaSync] =>toolbar.DeltaSearch [HKLM\Software\Wow6432Node\Classes\IncrediSpooler.DeltaSync.1] =>toolbar.DeltaSearch [HKLM\Software\Wow6432Node\Classes\IminentMMServer.ACPlayer] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\IminentMMServer.ACPlayer.1] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\TBSB06155.IEToolbar] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\TBSB06155.IEToolbar.1] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\Toolbar3.TBSB06155] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\Toolbar3.TBSB06155.1] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\Toolbar.CT2724431] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Classes\Toolbar.CT3128284] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Classes\Toolbar.CT3196716] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Classes\Toolbar.CT3241952] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Classes\Toolbar.CT3242339] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Classes\Toolbar.CT3297966] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Classes\AppID\Iminent.MMServer.EXE] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\AppID\Iminent.WinCore.Aim.Plugin.DLL] =>Adware.IMBooster [HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{30F9B915-B755-4826-820B-08FBA6BD249D} =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar]:{30F9B915-B755-4826-820B-08FBA6BD249D} =>Toolbar.Conduit [HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{32099aac-c132-4136-9e9a-4e364a424e17} =>Toolbar.DaemonTools C:\Program Files (x86)\AutocompletePro =>Adware.PredictAd C:\Program Files (x86)\AVG Secure Search =>Toolbar.AVGSearch C:\Program Files (x86)\Babylon =>Toolbar.Babylon C:\Program Files (x86)\Conduit =>Toolbar.Conduit C:\Program Files (x86)\ConduitEngine =>Toolbar.Conduit C:\Program Files (x86)\Funmoods =>PUP.Funmoods C:\Program Files (x86)\Iminent =>Adware.IMBooster C:\Program Files (x86)\Software =>Adware.Boxore C:\Program Files (x86)\WhiteSmoke =>PUP.Whitesmoke C:\Program Files (x86)\Browser Helper Object =>Toolbar.Babylon C:\Program Files (x86)\Common Files\AVG Secure Search =>Toolbar.AVGSearch C:\ProgramData\AVG Secure Search =>Toolbar.AVGSearch C:\ProgramData\Babylon =>Toolbar.Babylon C:\ProgramData\Software =>Adware.Boxore C:\ProgramData\Trymedia =>Adware.Trymedia C:\Users\CHARLOTTE ROY\AppData\Roaming\AGI =>Toolbar.Kiwee C:\Users\CHARLOTTE ROY\AppData\Roaming\Babylon =>Toolbar.Babylon C:\Users\CHARLOTTE ROY\AppData\Roaming\cacaoweb =>PUP.CacaoWeb C:\Users\CHARLOTTE ROY\AppData\Roaming\iWin =>Adware.BHO C:\Users\CHARLOTTE ROY\AppData\Roaming\OpenCandy =>Adware.OpenCandy C:\Users\CHARLOTTE ROY\AppData\Roaming\WhiteSmoke =>PUP.Whitesmoke C:\Users\CHARLOTTE ROY\AppData\Local\AVG Secure Search =>Toolbar.AVGSearch C:\Users\CHARLOTTE ROY\AppData\Local\Conduit =>Toolbar.Conduit C:\Users\CHARLOTTE ROY\AppData\Local\ConduitEngine =>Toolbar.Conduit C:\Users\CHARLOTTE ROY\AppData\Local\Software =>Adware.Boxore C:\Users\CHARLOTTE ROY\AppData\LocalLow\AVG Secure Search =>Toolbar.AVGSearch C:\Users\CHARLOTTE ROY\AppData\LocalLow\BabylonToolbar =>Toolbar.Babylon C:\Users\CHARLOTTE ROY\AppData\LocalLow\Conduit =>Toolbar.Conduit C:\Users\CHARLOTTE ROY\AppData\LocalLow\ConduitEngine =>Toolbar.Conduit C:\Users\CHARLOTTE ROY\AppData\LocalLow\PriceGong =>Adware.PriceGong ~ Additionnel Scan: 449560 Items scanned in 00mn 37s ---\\ Product Upgrade Codes (O90) O90 - PUC: "49C22FC2963140C4A9F54ACBD6195B80" . (.IncrediMail.) -- C:\Windows\Installer\{2CF22C94-1369-4C04-9A5F-A4BC6D91B508}\ARPPRODUCTICON.exe O90 - PUC: "98A9AB0FEB99BFB48873299910F02B61" . (.Language - Support Files.) -- c:\Windows\Installer\{F0BA9A89-99BE-4BFB-8837-9299010FB216}\ARPPRODUCTICON.exe O90 - PUC: "9E2E28E4B866A8F418A4871E36CFBDDC" . (.IconHandler 64 bit.) -- c:\Windows\Installer\{4E82E2E9-668B-4F8A-814A-78E163FCDBCD}\ARPPRODUCTICON.exe O90 - PUC: "C7F4B61737161D241BFAACF9237931A0" . (.StarFilter Pro 2.) -- C:\Windows\Installer\{716B4F7C-6173-42D1-B1AF-CA9F3297130A}\ProductIcon O90 - PUC: "E384963B8270C504F8C843722B360BF1" . (.Content.) -- c:\Windows\Installer\{B369483E-0728-405C-8F8C-3427B263B01F}\ARPPRODUCTICON.exe O90 - PUC: "EF2FB048D330C734981DAA2A60AB316B" . (.Langauge.) -- c:\Windows\Installer\{840BF2FE-033D-437C-89D1-AAA206BA13B6}\ARPPRODUCTICON.exe O90 - PUC: "FBA4DEA12580F3B4F97800FC882FC50E" . (.IconHandler 32 bit.) -- c:\Windows\Installer\{1AED4ABF-0852-4B3F-9F87-00CF88F25CE0}\ARPPRODUCTICON.exe ~ Update Products: 181 Legitimates Filtered in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 0 | (ACDaemon) . (...) - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe SR - | Auto 18/12/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe SS - | Demand 13/03/2013 253656 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Demand 0 | (aspnet_state) . (...) - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe SR - | Auto 05/12/2012 2321560 | (avgfws) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2012\avgfws.exe SR - | Auto 02/11/2012 5174392 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe SR - | Auto 14/02/2012 193288 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe SR - | Auto 28/02/2006 229376 | (Bonjour Service) . (.Apple Computer, Inc..) - C:\Program Files (x86)\Bonjour\mDNSResponder.exe SS - | Demand 26/02/2009 69120 | (Boonty Games) . (.BOONTY.) - C:\Program Files (x86)\Common Files\BOONTY Shared\Service\Boonty.exe SR - | Auto 09/07/2012 773624 | (bProtector) . (.bProtector.) - C:\ProgramData\bProtector\bProtect.exe SS - | Auto 21/01/2008 27648 | C:\Windows\System32\ezsvc7.dll (ezSharedSvc) . (.EasyBits Sofware AS.) - C:\Windows\System32\svchost.exe SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe SS - | Auto 17/04/2013 135664 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 17/04/2013 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Auto 17/04/2013 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe SR - | Auto 02/06/2008 94208 | (HP Health Check Service) . (.Hewlett-Packard.) - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe SR - | Auto 11/06/2008 354840 | (IAANTMON) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe SS - | Auto 0 | (Nero BackItUp Scheduler 4.0) . (...) - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe SR - | Auto 17/12/2012 66560 | (nlsX86cc) . (.Nalpeiron Ltd..) - C:\Windows\SysWOW64\nlssrv32.exe SR - | Auto 29/06/2012 891240 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\System32\nvvsvc.exe SR - | Auto 29/06/2012 1258856 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe SR - | Auto 10/03/2010 189728 | (PSI_SVC_2) . (.Protexis Inc..) - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe SR - | Auto 30/11/2010 336824 | (PSI_SVC_2_x64) . (.arvato digital services llc.) - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe SR - | Auto 13/11/2012 1103392 | (SDScannerService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe SS - | Auto 13/11/2012 1369624 | (SDUpdateService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe SR - | Auto 13/11/2012 168384 | (SDWSCService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe SR - | Auto 22/09/2010 249136 | (SeaPort) . (.Microsoft Corporation.) - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe SS - | Demand 26/01/2010 652800 | (ServiceLayer) . (.Nokia.) - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe SR - | Auto 28/06/2012 382312 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe SS - | Auto 0 | (TuneUp.UtilitiesSvc) . (...) - C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe SR - | Auto 21/01/2008 27648 | C:\Windows\System32\uxtuneup.dll (UxTuneUp) . (.TuneUp Software.) - C:\Windows\System32\svchost.exe SR - | Auto 965296 | (vToolbarUpdater14.1.7) . (...) - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe =>Toolbar.AVGSearch SS - | Auto 21/01/2008 27648 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe SR - | Auto 21/01/2008 27648 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 02s ~ 1947 Legitimates filtered by white list End of the scan (1083 lines in 04mn 12s)(0)