~ Rapport de ZHPDiag v2014.8.30.126 - Nicolas Coolman (30/08/2014) ~ Lancé par Antonin (31/08/2014 15:10:47) ~ Adresse du Site Web http://nicolascoolman.fr ~ Adresse du Forum http://forum.nicolascoolman.fr ~ Traduit par Nicolas Coolman ~ Etat de la version : Version à jour. ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Activate by user ---\\ Navigateurs Internet MSIE: Internet Explorer v10.0.9200.17054 (Defaut) MFIE: Mozilla Firefox 31.0 GCIE: Google Chrome v36.0.1985.143 ---\\ Informations sur les produits Windows ~ Langage: Français Windows 8, 64-bit (Build 9200) Windows Server License Manager Script : OK ~ Windows(R) Operating System, OEM_DM channel Windows ID Activation : OK ~ Windows Partial Key : 2WCMG Windows License : OK ~ Windows Remaining Initializations Number : 1000 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ Logiciels de protection du système Avira AntiVir Personal - Free Antivirus v10.2.0.703 Windows Defender W8 (Activate) ---\\ Logiciels d'optimisation du système ---\\ Logiciels de partage PeerToPeer µTorrent v2.2.1 =>P2P.µTorrent ---\\ Surveillance de Logiciels Adobe Flash Player 14 Plugin ---\\ Informations sur le système ~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 6013 MB (60% free) System Restore: Activé (Enable) System drive C: has 2 GB (0%) free of 918 GB ---\\ Mode de connexion au système ~ Computer Name: ANTO ~ User Name: Antonin ~ All Users Names: HomeGroupUser$, ASPNET, Antonin, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Users\Antonin\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\Antonin\AppData\Roaming\ ~ %Desktop% : C:\Users\Antonin\Desktop\ ~ %Favorites% : C:\Users\Antonin\Favorites\ ~ %LocalAppData% : C:\Users\Antonin\AppData\Local\ ~ %StartMenu% : C:\Users\Antonin\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 2 Go of 918 Go) D: Floppy drive, Flash card reader, USB Key (Not Inserted) E: CD-ROM drive (Free 0 Go of 1 Go) F: CD-ROM drive (Not Inserted) X: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go) Y: Hard drive, Flash drive, Thumb drive (Free 0 Go of 12 Go) ---\\ Etat du Centre de Sécurité Windows [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified ~ Security Center: 41 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Explorateur Windows.) (.01/06/2013 - 12:34:21.) -- C:\Windows\Explorer.exe [2391280] [MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Application de démarrage de Windows.) (.26/07/2012 - 04:08:50.) -- C:\Windows\System32\Wininit.exe [132608] [MD5.A56400B83371EAD36B9E62FAF0546595] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.24/07/2014 - 13:10:54.) -- C:\Windows\System32\wininet.dll [2240000] [MD5.75DD70A14145499C9F7D903CF9A8C91B] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.12/04/2014 - 10:10:31.) -- C:\Windows\System32\Winlogon.exe [578048] [MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Bibliothèque de licences.) (.26/07/2012 - 04:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408] [MD5.FE7FB9612D354EB41DF4F0FF5D6FB259] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.29/05/2014 - 23:24:46.) -- C:\Windows\system32\Drivers\AFD.sys [576512] [MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 06:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840] [MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26/07/2012 - 03:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544] [MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26/07/2012 - 03:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080] [MD5.431141C6859990824D17F71C30A78728] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.16/01/2014 - 00:42:58.) -- C:\Windows\system32\Drivers\DfsC.sys [118784] [MD5.58CC013EFA9893057160EDA018D8ADCE] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.15/07/2014 - 23:51:05.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168] [MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Pilote de port i8042.) (.26/07/2012 - 03:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640] [MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.26/07/2012 - 03:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920] [MD5.7A761AEE58658378BBA45D360F874CB0] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.27/02/2014 - 00:18:55.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688] [MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.26/07/2012 - 03:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776] [MD5.7BE3EDFFA3216F989A6BDCB14795DD08] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.27/01/2014 - 04:39:40.) -- C:\Windows\system32\Drivers\ntfs.sys [1939288] [MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Pilote de port parallèle.) (.26/07/2012 - 03:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984] [MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26/07/2012 - 03:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928] [MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.26/07/2012 - 03:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712] [MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 06:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248] [MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.01/06/2013 - 12:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 2/2333 ~ Mes musiques (My Musics) : 8/500 ~ Mes Videos (My Videos) : 2/7 ~ Mes Favoris (My Favorites) : 1/5 ~ Mes Documents (My Documents) : 2/4680 ~ Mon Bureau (My Desktop) : 2/28246 ~ Menu demarrer (Programs) : 1/77 ~ Hidden Files: Scanned in 00mn 58s ---\\ Processus lancés [MD5.EDD1A749C084E741F7A5EBDF53E4320D] - (...) -- C:\Program Files (x86)\ver3LyricsMonkey\F9LyricsMonkeyk.exe [100864] [PID.4532] =>Adware.AddLyrics [MD5.44FE94FCDF97E574B6986C5A81758628] - (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840] [PID.4664] [MD5.6FA1F6B8090F04D581E16212886BD861] - (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\Antonin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168] [PID.5876] [MD5.D2E3E6D94A9E1CFA1561D9C748136FD0] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.5956] [MD5.22DA0DDAF1BF9E0FB5C705319024429B] - (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe [399224] [PID.3512] =>P2P.BitTorrent [MD5.10F36FB8CD6218CD7F818268E0F3F9C6] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.2220] [MD5.5F1D48DA2F2B6B9C3F323E9D8FA0C40D] - (.SoftThinks - Dell - Dell Backup And Recovery Update Launcher.) -- C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.exe [493072] [PID.2076] [MD5.01BA1BFF15EA668E973F2086621345EC] - (.SoftThinks - Dell - Dell Backup And Recovery Toaster.) -- C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.exe [4134928] [PID.2440] [MD5.02F8883595A2B3D7FFA11C71EAC68473] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [18544] [PID.7904] [MD5.192FFD3F99A0847740670AE711CB455A] - (.Adobe Systems, Inc. - Adobe Flash Player 14.0 r0.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe [1869488] [PID.7936] [MD5.4DB86C18B5A0917430882542B22CADE5] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8100352] [PID.3872] ~ Processes Running: Scanned in 00mn 01s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\Antonin\AppData\Local\Google\Chrome\User Data\Default\Preferences G0 - GCSP: Preference [User Data\Default][HomePage] http://start.mysearchdial.com =>Adware.MyWebSearch G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Google Drive v.6.3 (Activé) G2 - GCE: Preference [User Data\Default] [bfjoipapblchnffofegpknjcaonplmpe] LyricsMonkey v.1.175.0.0 (Activé) =>Adware.AddLyrics G2 - GCE: Preference [User Data\Default] [jpmbfleldcgkldadpdinhjjopdfpjfjp] Wajam v.1.34 (Activé) =>PUP.Wajam G2 - GCE: Preference [User Data\Default] [kmendfapggjehodndflmmgagdbamhnfd] CryptoTokenExtension v.0.0.1 (Activé) G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé) G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé) G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé) G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé) G2 - GCE: Preference [User Data\Default] [paoponfhfdfnjgddpnpjkambkcgdaaib] uTorrentBar_FR v.10.31.4.510, (Désactivé) =>P2P.µTorrent G2 - GCE: Preference [User Data\Default] [pflphaooapbgpeakohlggbpidpppgdff] MySearchDial v.9.4.24, (Activé) =>Adware.MyWebSearch ---\\ Liste des dossiers d'extension Google Chrome ~ Google Lines Browser: 22 Legitimates Filtered in 00mn 01s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\Antonin\AppData\Roaming\Mozilla\Firefox\Profiles\eb85kg11.default\prefs.js C:\Users\Antonin\AppData\Roaming\Mozilla\Firefox\Profiles\eb85kg11.default\user.js M3 - MFPP: Plugins - [Antonin] -- C:\Users\Antonin\AppData\Roaming\Mozilla\Firefox\Profiles\eb85kg11.default\searchplugins\delta.xml =>Toolbar.DeltaSearch M3 - MFPP: Plugins - [Antonin] -- C:\Users\Antonin\AppData\Roaming\Mozilla\Firefox\Profiles\eb85kg11.default\searchplugins\holasearch.xml =>Hijacker.HolaSearch M3 - MFPP: Plugins - [Antonin] -- C:\Users\Antonin\AppData\Roaming\Mozilla\Firefox\Profiles\eb85kg11.default\searchplugins\Mysearchdial.xml =>Adware.MyWebSearch M2 - MFEP: RegExtension {5a95a9e0-59dd-4314-bd84-4d18ca83a0e2} . (...) -- C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi =>PUP.Wajam M2 - MFEP: RegExtension {B4286FE0-93E9-AFAF-3B77-1C4DA6B4B71A} . (...) -- C:\Program Files (x86)\ver3LyricsMonkey\175.xpi =>Adware.AddLyrics ~ Firefox Browser: 9 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com =>Adware.MyWebSearch R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com =>Adware.MyWebSearch R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com =>Adware.MyWebSearch R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = http://start.mysearchdial.com =>Adware.MyWebSearch R3 - URLSearchHook: uTorrentBar_FR Toolbar [64Bits] - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} . (.Conduit Ltd. - Conduit Toolbar.) (6.17.1.25) -- C:\Program Files (x86)\uTorrentBar_FR\prxtbuTor.dll =>Toolbar.Conduit ~ IE Browser: 19 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:14283;https=127.0.0.1:14283 =>Hijacker.Proxy R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hôte est sain (The hosts file is clean) (21) ~ Hosts File: Scanned in 00mn 00s ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: uTorrentBar_FR [64Bits] - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files (x86)\uTorrentBar_FR\prxtbuTor.dll =>Toolbar.Conduit O2 - BHO: CrossriderApp0035329 [64Bits] - {11111111-1111-1111-1111-110311531129} . (.Corporate Inc - Pricora BHO.) -- C:\Program Files (x86)\Pricora\Pricora-bho.dll =>PUP.CrossRider O2 - BHO: CrossriderApp0037180 [64Bits] - {11111111-1111-1111-1111-110311711180} . (.Plus HD - Plus-HD-3.5 BHO.) -- C:\Program Files (x86)\Plus-HD-3.5\Plus-HD-3.5-bho.dll =>PUP.CrossRider O2 - BHO: LyricsMonkey [64Bits] - {6FFE48D5-BD61-56FE-1D51-5CC49EE107FD} . (...) -- C:\Program Files (x86)\ver3LyricsMonkey\175.dll =>Adware.AddLyrics O2 - BHO: Wajam IE BHO [64Bits] - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} . (.Wajam - Wajam Internet Explorer Add-on.) -- C:\Program Files (x86)\Wajam\IE\priam_bho.dll =>PUP.Wajam O2 - BHO: mysearchdial Helper Object [64Bits] - {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} . (.Ironsource Israel (2011) LTD - Pas de description.) -- C:\Program Files (x86)\Mysearchdial\1.8.21.0\bh\mysearchdial.dll =>Adware.MyWebSearch ~ BHO: 7 Legitimates Filtered in 00mn 01s ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar\WebBrowser: (no name) - [HKCU]{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\QuickLaunch [Antonin]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent ~ Global Startup: 1 Legitimates Filtered in 00mn 14s ---\\ Applications lancées au démarrage du système (O4) O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe =>.Realtek Semiconductor Corp O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [NvBackend] . (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe O4 - HKLM\..\Run: [ShadowPlay] . (.NVIDIA Corporation - NVIDIA Capture Server Proxy.) -- C:\Windows\system32\nvspcap64.dll O4 - HKCU\..\Run: [StartMenuX] . (.OrdinarySoft - StartMenuX.) -- C:\Program Files\Start Menu X\StartMenuX.exe O4 - HKCU\..\Run: [Vidalia] . (...) -- C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe O4 - HKCU\..\Run: [BrowserChoice] . (.Microsoft Corporation - Choix de navigateur .) -- C:\Windows\BrowserChoice\browserchoice.exe O4 - HKCU\..\Run: [cacaoweb] . (...) -- C:\Users\Antonin\AppData\Roaming\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb O4 - HKCU\..\Run: [Xvid] . (...) -- C:\Program Files (x86)\Xvid\CheckUpdate.exe O4 - HKCU\..\Run: [Viber] . (.Pas de propriétaire - Viber.) -- C:\Users\Antonin\AppData\Local\Viber\Viber.exe O4 - HKCU\..\Run: [Software updater] . (...) -- C:\Users\Antonin\AppData\Roaming\FreeSoftwareUpdater\updater.exe =>PUP.Eorezo O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd O4 - HKCU\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\Antonin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe O4 - HKCU\..\Run: [Spotify] . (.Spotify Ltd - Spotify.) -- C:\Users\Antonin\AppData\Roaming\Spotify\spotify.exe O4 - HKCU\..\Run: [BackgroundContainerV2] . (.ClientConnect Ltd. - Background Container.) -- C:\Users\Antonin\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll =>PUP.Babylon O4 - HKLM\..\Wow6432Node\Run: [IMSS] . (.Intel Corporation - PIcon startup utility.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe O4 - HKLM\..\Wow6432Node\Run: [CLMLServer_For_P2G8] . (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe O4 - HKLM\..\Wow6432Node\Run: [CLVirtualDrive] . (.CyberLink Corp. - CyberLink Virtual Drive.) -- C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe O4 - HKLM\..\Wow6432Node\Run: [LogMeIn Hamachi Ui] . (.LogMeIn Inc. - Hamachi Client Application.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe O4 - HKUS\S-1-5-21\..\Run: [resource] en-ca.dll O4 - HKUS\S-1-5-21\..\RunOnce: [resource] en-ca.dll O4 - HKUS\S-1-5-21-3926586298-3546280007-207576825-1001\..\Run: [StartMenuX] . (.OrdinarySoft - StartMenuX.) -- C:\Program Files\Start Menu X\StartMenuX.exe O4 - HKUS\S-1-5-21-3926586298-3546280007-207576825-1001\..\Run: [Vidalia] . (...) -- C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe O4 - HKUS\S-1-5-21-3926586298-3546280007-207576825-1001\..\Run: [BrowserChoice] . (.Microsoft Corporation - Choix de navigateur .) -- C:\Windows\BrowserChoice\browserchoice.exe O4 - HKUS\S-1-5-21-3926586298-3546280007-207576825-1001\..\Run: [cacaoweb] . (...) -- C:\Users\Antonin\AppData\Roaming\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb O4 - HKUS\S-1-5-21-3926586298-3546280007-207576825-1001\..\Run: [Xvid] . (...) -- C:\Program Files (x86)\Xvid\CheckUpdate.exe O4 - HKUS\S-1-5-21-3926586298-3546280007-207576825-1001\..\Run: [Viber] . (.Pas de propriétaire - Viber.) -- C:\Users\Antonin\AppData\Local\Viber\Viber.exe O4 - HKUS\S-1-5-21-3926586298-3546280007-207576825-1001\..\Run: [Software updater] . (...) -- C:\Users\Antonin\AppData\Roaming\FreeSoftwareUpdater\updater.exe =>PUP.Eorezo O4 - HKUS\S-1-5-21-3926586298-3546280007-207576825-1001\..\Run: [uTorrent] . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent O4 - HKUS\S-1-5-21-3926586298-3546280007-207576825-1001\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd O4 - HKUS\S-1-5-21-3926586298-3546280007-207576825-1001\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\Antonin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe O4 - HKUS\S-1-5-21-3926586298-3546280007-207576825-1001\..\Run: [Spotify] . (.Spotify Ltd - Spotify.) -- C:\Users\Antonin\AppData\Roaming\Spotify\spotify.exe O4 - HKUS\S-1-5-21-3926586298-3546280007-207576825-1001\..\Run: [BackgroundContainerV2] . (.ClientConnect Ltd. - Background Container.) -- C:\Users\Antonin\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll =>PUP.Babylon ~ Application: Scanned in 00mn 02s ---\\ Site dans la Zone de confiance d'Internet Explorer (O15) O15 - Trusted Zone: [HKCU\...\Domains] *.clonewarsadventures.com O15 - Trusted Zone: [HKCU\...\Domains] *.freerealms.com O15 - Trusted Zone: [HKCU\...\Domains] *.soe.com O15 - Trusted Zone: [HKCU\...\Domains] *.sony.com ~ IE Zone Confiance: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{7812467F-DFDE-44D2-B610-024B87CDFEA6}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{7812467F-DFDE-44D2-B610-024B87CDFEA6}: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - AppInit_DLLs: . (...) - C:\Program Files (x86)\NVIDIA~1\3DVISI~1\NVSTIN~1.dll (.not file.) ~ AppInit DLL: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Lyrics-Monkey (LyricsMonkey) . (...) - C:\Program Files (x86)\ver3LyricsMonkey\D8LyricsMonkeyNq175.exe =>Adware.AddLyrics O23 - Service: WajamUpdaterV3 (WajamUpdaterV3) . (.Wajam - Auto-updater.) - C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe =>PUP.Wajam ~ Services: 28 Legitimates Filtered in 00mn 03s ---\\ Tâches planifiées en automatique (O39) [MD5.63821FA112A22F1441A7EF5CDFC699B0] [APT] [LyricsMonkey Update] (...) -- C:\Program Files (x86)\ver3LyricsMonkey\i4LyricsMonkeyC82.exe [423424] =>Adware.AddLyrics [MD5.EDD1A749C084E741F7A5EBDF53E4320D] [APT] [LyricsMonkey_wd] (...) -- C:\Program Files (x86)\ver3LyricsMonkey\F9LyricsMonkeyk.exe [100864] =>Adware.AddLyrics [MD5.7D6CDDF14256D0EBC06D61EEE50C0187] [APT] [MySearchDial] (...) -- C:\Users\Antonin\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.exe [109056] =>Adware.MyWebSearch [MD5.7523811CF1F40671DE79560F08491EF6] [APT] [Plus-HD-3.5-chromeinstaller] (.Plus HD.) -- C:\Program Files (x86)\Plus-HD-3.5\Plus-HD-3.5-chromeinstaller.exe [788328] =>Adware.PlusHD [MD5.91888B4CF5529E4A559D002AFD18C913] [APT] [Plus-HD-3.5-codedownloader] (.Plus HD.) -- C:\Program Files (x86)\Plus-HD-3.5\Plus-HD-3.5-codedownloader.exe [526696] =>Adware.PlusHD [MD5.CE28FD2020E68A8CE8F649D310DD0D18] [APT] [Plus-HD-3.5-enabler] (.Plus HD.) -- C:\Program Files (x86)\Plus-HD-3.5\Plus-HD-3.5-enabler.exe [348008] =>Adware.PlusHD [MD5.AEF27CFC81B98171C97D13E2D03ED4C2] [APT] [Plus-HD-3.5-firefoxinstaller] (.Plus HD.) -- C:\Program Files (x86)\Plus-HD-3.5\Plus-HD-3.5-firefoxinstaller.exe [836968] =>Adware.PlusHD [MD5.036AABD4A440D4DF92DCC260D0136811] [APT] [Plus-HD-3.5-updater] (.Plus HD.) -- C:\Program Files (x86)\Plus-HD-3.5\Plus-HD-3.5-updater.exe [357224] =>Adware.PlusHD [MD5.DAA7EAAEEB67125192A16FCCE7EEDD9D] [APT] [Pricora-codedownloader] (.Corporate Inc.) -- C:\Program Files (x86)\Pricora\Pricora-codedownloader.exe [476672] =>Adware.Pricora [MD5.3E581AAF131FCB652DF45813D57844BF] [APT] [Pricora-enabler] (.Corporate Inc.) -- C:\Program Files (x86)\Pricora\Pricora-enabler.exe [346624] =>Adware.Pricora [MD5.D724F163E9FE2848318E0807B3CE563D] [APT] [Pricora-firefoxinstaller] (.Corporate Inc.) -- C:\Program Files (x86)\Pricora\Pricora-firefoxinstaller.exe [722432] =>Adware.Pricora [MD5.38D5A3A91582699F43193E3D754DECE9] [APT] [Pricora-updater] (.Corporate Inc.) -- C:\Program Files (x86)\Pricora\Pricora-updater.exe [362496] =>Adware.Pricora [MD5.5A8222C703B4A34F2227A652A49A2827] [APT] [{32F74D4D-6D42-48C3-A6B4-B4247CB7B06F}] (.Tarma Software Research Pty Ltd.) -- C:\PROGRA~3\TARMAI~1\{889DF~1\Setup.exe [227984] =>PUP.Tarma [MD5.00000000000000000000000000000000] [APT] [{6B335B48-9B9D-43A9-A169-26985EEAD4CF}] (...) -- C:\Users\Antonin\Desktop\Conquest Frontier Wars\CQSetup.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{87807A94-3258-4C46-8914-DEA719775204}] (...) -- F:\Autorun.exe (.not file.) [0] [MD5.86D94FF30C97690BC871910DECA537FC] [APT] [{AF72D99D-CB71-4062-9919-62E0ED9C7ED4}] (...) -- C:\Program Files (x86)\DC Universe\uninstaller.exe [103078] O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GlaryInitialize [338] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1076] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1080] O39 - APT: LyricsMonkey Update - (...) -- C:\Windows\Tasks\LyricsMonkey Update.job [438] =>Adware.AddLyrics O39 - APT: LyricsMonkey Update - (...) -- C:\Windows\System32\Tasks\LyricsMonkey Update [438] =>Adware.AddLyrics O39 - APT: LyricsMonkey_wd - (...) -- C:\Windows\Tasks\LyricsMonkey_wd.job [418] =>Adware.AddLyrics O39 - APT: LyricsMonkey_wd - (...) -- C:\Windows\System32\Tasks\LyricsMonkey_wd [418] =>Adware.AddLyrics O39 - APT: MySearchDial - (...) -- C:\Windows\Tasks\MySearchDial.job [310] =>Adware.MyWebSearch O39 - APT: MySearchDial - (...) -- C:\Windows\System32\Tasks\MySearchDial [310] =>Adware.MyWebSearch O39 - APT: - (..) -- C:\Windows\Tasks\ParetoLogic Registration3.job [482] =>PUP.Paretologic O39 - APT: - (..) -- C:\Windows\System32\Tasks\ParetoLogic Registration3 [482] =>PUP.Paretologic O39 - APT: Plus-HD-3.5-chromeinstaller - (.Plus HD.) -- C:\Windows\Tasks\Plus-HD-3.5-chromeinstaller.job [1956] =>PUP.CrossRider O39 - APT: Plus-HD-3.5-chromeinstaller - (.Plus HD.) -- C:\Windows\System32\Tasks\Plus-HD-3.5-chromeinstaller [1956] =>PUP.CrossRider O39 - APT: Plus-HD-3.5-codedownloader - (.Plus HD.) -- C:\Windows\Tasks\Plus-HD-3.5-codedownloader.job [1212] =>PUP.CrossRider O39 - APT: Plus-HD-3.5-codedownloader - (.Plus HD.) -- C:\Windows\System32\Tasks\Plus-HD-3.5-codedownloader [1212] =>PUP.CrossRider O39 - APT: Plus-HD-3.5-enabler - (.Plus HD.) -- C:\Windows\Tasks\Plus-HD-3.5-enabler.job [1112] =>PUP.CrossRider O39 - APT: Plus-HD-3.5-enabler - (.Plus HD.) -- C:\Windows\System32\Tasks\Plus-HD-3.5-enabler [1112] =>PUP.CrossRider O39 - APT: Plus-HD-3.5-firefoxinstaller - (.Plus HD.) -- C:\Windows\Tasks\Plus-HD-3.5-firefoxinstaller.job [2086] =>PUP.CrossRider O39 - APT: Plus-HD-3.5-firefoxinstaller - (.Plus HD.) -- C:\Windows\System32\Tasks\Plus-HD-3.5-firefoxinstaller [2086] =>PUP.CrossRider O39 - APT: Plus-HD-3.5-updater - (.Plus HD.) -- C:\Windows\Tasks\Plus-HD-3.5-updater.job [1310] =>PUP.CrossRider O39 - APT: Plus-HD-3.5-updater - (.Plus HD.) -- C:\Windows\System32\Tasks\Plus-HD-3.5-updater [1310] =>PUP.CrossRider O39 - APT: Pricora-codedownloader - (.Corporate Inc.) -- C:\Windows\Tasks\Pricora-codedownloader.job [1188] =>PUP.CrossRider O39 - APT: Pricora-codedownloader - (.Corporate Inc.) -- C:\Windows\System32\Tasks\Pricora-codedownloader [1188] =>PUP.CrossRider O39 - APT: Pricora-enabler - (.Corporate Inc.) -- C:\Windows\Tasks\Pricora-enabler.job [1088] =>PUP.CrossRider O39 - APT: Pricora-enabler - (.Corporate Inc.) -- C:\Windows\System32\Tasks\Pricora-enabler [1088] =>PUP.CrossRider O39 - APT: Pricora-firefoxinstaller - (.Corporate Inc.) -- C:\Windows\Tasks\Pricora-firefoxinstaller.job [1812] =>PUP.CrossRider O39 - APT: Pricora-firefoxinstaller - (.Corporate Inc.) -- C:\Windows\System32\Tasks\Pricora-firefoxinstaller [1812] =>PUP.CrossRider O39 - APT: Pricora-updater - (.Corporate Inc.) -- C:\Windows\Tasks\Pricora-updater.job [1184] =>PUP.CrossRider O39 - APT: Pricora-updater - (.Corporate Inc.) -- C:\Windows\System32\Tasks\Pricora-updater [1184] =>PUP.CrossRider ~ Scheduled Task: 53 Legitimates Filtered in 00mn 05s ---\\ Pilotes lancés au démarrage du système (O41) O41 - Driver: (bmuragxh) . (. - .) - C:\Windows\system32\drivers\bmuragxh.sys (.not file.) O41 - Driver: (eyxglwhu) . (. - .) - C:\Windows\system32\drivers\eyxglwhu.sys (.not file.) O41 - Driver: (gpsqvoxj) . (. - .) - C:\Windows\system32\drivers\gpsqvoxj.sys (.not file.) O41 - Driver: (klhccrvp) . (. - .) - C:\Windows\system32\drivers\klhccrvp.sys (.not file.) ~ Drivers: 48 Legitimates Filtered in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: Baron Samedi's Submods Compilation V5.0 - (...) [HKLM][64Bits] -- Baron Samedi's Submods Compilation V5.0 O42 - Logiciel: LyricsMonkey - (.LyricsMonkey-software.) [HKLM][64Bits] -- AF0CC7D1-6F6D-5C24-8CD3-BAEF22DC0B98 =>Adware.AddLyrics O42 - Logiciel: Mysearchdial - (.Mysearchdial.) [HKLM][64Bits] -- mysearchdial =>Adware.MyWebSearch O42 - Logiciel: ParetoLogic PC Health Advisor - (.ParetoLogic, Inc..) [HKLM][64Bits] -- {3CBF3EBB-235D-4c29-A68B-2BB1F428586E} =>Rogue.PCHealthAdvisor O42 - Logiciel: Plus-HD-3.5 - (.Plus HD.) [HKLM][64Bits] -- Plus-HD-3.5 =>Adware.PlusHD O42 - Logiciel: Pricora - (.Corporate Inc.) [HKLM][64Bits] -- Pricora =>Adware.Pricora O42 - Logiciel: Wajam - (.Wajam.) [HKLM][64Bits] -- Wajam =>PUP.Wajam O42 - Logiciel: Webplayer - (.Kreapixel.) [HKLM][64Bits] -- Webplayer =>Adware.SocialSkinz O42 - Logiciel: Yontoo 1.12.02 - (.Yontoo LLC.) [HKLM][64Bits] -- {889DF117-14D1-44EE-9F31-C5FB5D47F68B} =>Adware.Yontoo ~ Logic: 33 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\5c2da8fb46dbf13] =>Hijacker.Eazel [HKCU\Software\BabSolution] =>Hijacker.BabSolution [HKCU\Software\Conduit] =>Toolbar.Conduit [HKCU\Software\Delta] [HKCU\Software\Fever Pitch] [HKCU\Software\Iminent] =>Adware.IMBooster [HKCU\Software\InstallCore] =>Adware.InstallCore [HKCU\Software\InstalledBrowserExtensions] =>Adware.VidSaver [HKCU\Software\InstalledThirdPartyPrograms] [HKCU\Software\ParetoLogic] =>PUP.Paretologic [HKCU\Software\Softonic] =>Toolbar.Conduit [HKCU\Software\Tbccint_HKLM] =>Toolbar.Conduit [HKCU\Software\Wajam] =>PUP.Wajam [HKCU\Software\cacaoweb] =>PUP.CacaoWeb [HKCU\Software\delta LTD] [HKCU\Software\holasearch LTD] =>Hijacker.HolaSearch [HKCU\Software\mysearchdial.com] =>Adware.MyWebSearch [HKCU\Software\mysearchdial] =>Adware.MyWebSearch [HKLM\Software\InstalledThirdPartyPrograms] [HKLM\Software\Tarma Installer] =>PUP.Tarma [HKLM\Software\Wow6432Node\5c2da8fb46dbf13] =>Hijacker.Eazel [HKLM\Software\Wow6432Node\Babylon] =>PUP.Babylon [HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Delta] [HKLM\Software\Wow6432Node\Fever Pitch] [HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster [HKLM\Software\Wow6432Node\InstallCore] =>Adware.InstallCore [HKLM\Software\Wow6432Node\ParetoLogic] =>PUP.Paretologic [HKLM\Software\Wow6432Node\babylontoolbar] =>PUP.Babylon ~ Key Software: 416 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 21/08/2013 - 21:33:20 - [] ----D C:\Program Files (x86)\Conduit O43 - CFD: 11/06/2013 - 22:29:54 - [] ----D C:\Program Files (x86)\DC Universe O43 - CFD: 04/08/2014 - 00:44:28 - [0] ----D C:\Program Files (x86)\Lyrics_Monkey =>Adware.AddLyrics O43 - CFD: 08/12/2013 - 20:39:01 - [] ----D C:\Program Files (x86)\Mysearchdial =>Adware.MyWebSearch O43 - CFD: 22/03/2014 - 21:19:41 - [] ----D C:\Program Files (x86)\ParetoLogic =>PUP.Paretologic O43 - CFD: 08/12/2013 - 20:39:48 - [] ----D C:\Program Files (x86)\Plus-HD-3.5 =>Adware.PlusHD O43 - CFD: 02/07/2013 - 01:16:01 - [] ----D C:\Program Files (x86)\Pricora =>Adware.Pricora O43 - CFD: 04/08/2014 - 00:44:32 - [] ----D C:\Program Files (x86)\ver3LyricsMonkey =>Adware.AddLyrics O43 - CFD: 22/02/2014 - 19:08:22 - [] ----D C:\Program Files (x86)\Wajam =>PUP.Wajam O43 - CFD: 03/11/2013 - 16:28:16 - [0] ----D C:\Program Files (x86)\Yontoo =>Adware.Yontoo O43 - CFD: 22/03/2014 - 21:17:58 - [] ----D C:\Program Files (x86)\Common Files\ParetoLogic =>PUP.Paretologic O43 - CFD: 01/02/2013 - 15:34:58 - [0] ----D C:\ProgramData\Babylon =>PUP.Babylon O43 - CFD: 10/11/2013 - 16:58:01 - [] ----D C:\ProgramData\Conduit O43 - CFD: 11/06/2013 - 22:30:21 - [] ----D C:\ProgramData\IBUpdaterService =>Adware.InstallBrain O43 - CFD: 22/03/2014 - 21:17:58 - [] ----D C:\ProgramData\ParetoLogic =>PUP.Paretologic O43 - CFD: 21/08/2013 - 21:34:46 - [] ----D C:\ProgramData\Tarma Installer =>PUP.Tarma O43 - CFD: 01/02/2013 - 15:34:58 - [] ----D C:\Users\Antonin\AppData\Roaming\Babylon =>PUP.Babylon O43 - CFD: 21/05/2013 - 01:51:44 - [] ----D C:\Users\Antonin\AppData\Roaming\cacaoweb =>PUP.CacaoWeb O43 - CFD: 08/12/2013 - 20:39:31 - [] ----D C:\Users\Antonin\AppData\Roaming\mysearchdial =>Adware.MyWebSearch O43 - CFD: 12/11/2013 - 00:53:36 - [] ----D C:\Users\Antonin\AppData\Roaming\OpenCandy =>Adware.OpenCandy O43 - CFD: 22/03/2014 - 21:02:11 - [] ----D C:\Users\Antonin\AppData\Roaming\ParetoLogic =>PUP.Paretologic O43 - CFD: 10/10/2013 - 21:01:35 - [] ----D C:\Users\Antonin\AppData\Roaming\Reg O43 - CFD: 04/05/2014 - 02:30:10 - [] ----D C:\Users\Antonin\AppData\Local\Conduit O43 - CFD: 14/11/2013 - 19:54:39 - [] ----D C:\Users\Antonin\AppData\Local\Wajam =>PUP.Wajam O43 - CFD: 22/03/2014 - 21:17:58 - [] ----D C:\Users\Antonin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic =>PUP.Paretologic O43 - CFD: 14/11/2013 - 19:54:39 - [] ----D C:\Users\Antonin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam =>PUP.Wajam ~ Program Folder: 254 Legitimates Filtered in 00mn 00s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.F899139DF5E1059396431415E770C6DD] - 23/08/2014 - 02:47:36 ---A- . (...) -- C:\Windows\System32\HRUPPROG.TXT [3] O44 - LFC:[MD5.A5E8144E2439F8F47CE19904F690A324] - 27/08/2014 - 00:48:42 ---A- . (...) -- C:\HttpProxy_36_120500_1409096921.dmp [4325348] ~ Files: 36 Legitimates Filtered in 02mn 01s ---\\ Clé de registre Shell MountPoints2 (MPKS) (O51) O51 - MPSK:{943baf7d-2e2a-11e2-be65-806e6f6e6963}\AutoRun\command. (...) -- E:\Launcher\LAUNCHER.exe O51 - MPSK:{a504452c-90e7-11e2-be98-7845c42d6109}\AutoRun\command. (...) -- F:\autorun.exe (.not file.) ~ Keys: Scanned in 00mn 02s ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 17 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:21/07/2011 - 12:15:15 ---A- . (.Avira GmbH - Avira Minifilter Driver.) -- C:\Windows\System32\Drivers\avgntflt.sys [88288] O58 - SDL:21/07/2011 - 12:15:16 ---A- . (.Avira GmbH - Avira Driver for Security Enhancement.) -- C:\Windows\System32\Drivers\avipbb.sys [123784] O58 - SDL:09/01/2014 - 13:22:10 ---A- . (.Pas de propriétaire - Generic USB Driver.) -- C:\Windows\System32\Drivers\DisplayLinkUsbIo_x64_7.4.53134.0.sys [46384] O58 - SDL:19/02/2014 - 20:08:53 ---A- . (.Pas de propriétaire - Generic USB Driver.) -- C:\Windows\System32\Drivers\DisplayLinkUsbIo_x64_7.5.52277.0.sys [46384] O58 - SDL:19/09/2012 - 10:02:08 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [102368] O58 - SDL:19/09/2012 - 10:02:06 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [203104] O58 - SDL:26/07/2012 - 06:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960] O58 - SDL:13/12/2012 - 12:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784] O58 - SDL:25/11/2002 - 04:46:16 ---A- . (.Syncrosoft GmbH - SynasUSB.sys.) -- C:\Windows\SysWOW64\drivers\SynasUSB.sys [16896] ~ Drivers: 63 Legitimates Filtered in 00mn 02s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: prefs.js [Antonin - eb85kg11.default] user_pref("CT2851639_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1384095499381,\"isWithState\"[...] O69 - SBI: prefs.js [Antonin - eb85kg11.default] user_pref("avg.install.userHPSettings", "http://www.yd.delta-search.com/?affID=119531&tt=030213_yd&babsrc=HP_ss&mntrId=744f0acb000[...] =>Toolbar.DeltaSearch O69 - SBI: prefs.js [Antonin - eb85kg11.default] user_pref("avg.install.userSPSettings", "Delta Search"); O69 - SBI: prefs.js [Antonin - eb85kg11.default] user_pref("extensions.BabylonToolbar_i.newTab", true); =>PUP.Babylon O69 - SBI: prefs.js [Antonin - eb85kg11.default] user_pref("extensions.crossrider.bic", "13f9c854d50512f404f9c42768437f5b"); =>PUP.CrossRider O69 - SBI: prefs.js [Antonin - eb85kg11.default] user_pref("extensions.delta.admin", false); O69 - SBI: prefs.js [Antonin - eb85kg11.default] user_pref("extensions.delta.aflt", "babsst"); O69 - SBI: prefs.js [Antonin - eb85kg11.default] user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); O69 - SBI: prefs.js [Antonin - eb85kg11.default] user_pref("extensions.delta.autoRvrt", "false"); O69 - SBI: prefs.js [Antonin - eb85kg11.default] user_pref("extensions.delta.bbDpng", "21"); O69 - SBI: prefs.js [Antonin - eb85kg11.default] user_pref("extensions.delta.cntry", "FR"); O69 - SBI: prefs.js [Antonin - eb85kg11.default] user_pref("extensions.delta.dfltLng", "fr"); O69 - SBI: prefs.js [Antonin - eb85kg11.default] user_pref("extensions.delta.excTlbr", false); O69 - SBI: prefs.js [Antonin - eb85kg11.default] user_pref("extensions.delta.ffxUnstlRst", true); O69 - SBI: prefs.js [Antonin - eb85kg11.default] user_pref("extensions.delta.hdrMd5", "5D3F6AF2067E164E69930F47414D224A"); O69 - SBI: prefs.js [Antonin - eb85kg11.default] user_pref("extensions.delta.id", "744f0acb0000000000001a942302292f"); O69 - SBI: prefs.js [Antonin - eb85kg11.default] user_pref("extensions.delta.instlDay", "15938"); O69 - SBI: prefs.js [Antonin - eb85kg11.default] user_pref("extensions.delta.instlRef", "sst"); O69 - SBI: prefs.js [Antonin - eb85kg11.default] user_pref("extensions.delta.lastVrsnTs", "1.8.24.521:27:30"); O69 - SBI: prefs.js [Antonin - eb85kg11.default] user_pref("extensions.delta.newTab", false); O69 - SBI: prefs.js [Antonin - eb85kg11.default] user_pref("extensions.delta.prdct", "delta"); O69 - SBI: prefs.js [Antonin - eb85kg11.default] user_pref("extensions.delta.prtnrId", "delta"); O69 - SBI: prefs.js [Antonin - eb85kg11.default] user_pref("extensions.delta.rvrt", "false"); O69 - SBI: prefs.js [Antonin - eb85kg11.default] user_pref("extensions.delta.sg", "azb"); O69 - SBI: prefs.js [Antonin - eb85kg11.default] user_pref("extensions.delta.smplGrp", "none"); O69 - SBI: prefs.js [Antonin - eb85kg11.default] user_pref("extensions.delta.tlbrId", "base"); O69 - SBI: prefs.js [Antonin - eb85kg11.default] user_pref("extensions.delta.tlbrSrchUrl", ""); O69 - SBI: prefs.js [Antonin - eb85kg11.default] user_pref("extensions.delta.vrsn", "1.8.24.5"); O69 - SBI: prefs.js [Antonin - eb85kg11.default] user_pref("extensions.delta.vrsnTs", "1.8.24.521:27:30"); O69 - SBI: prefs.js [Antonin - eb85kg11.default] user_pref("extensions.delta.vrsni", "1.8.24.5"); O69 - SBI: prefs.js [Antonin - eb85kg11.default] user_pref("extensions.delta_i.babExt", ""); O69 - SBI: prefs.js [Antonin - eb85kg11.default] user_pref("extensions.delta_i.babTrack", "affID=119357&tt=200813_245&tsp=4981"); O69 - SBI: prefs.js [Antonin - eb85kg11.default] user_pref("extensions.delta_i.srcExt", "ss"); O69 - SBI: prefs.js [Antonin - eb85kg11.default] user_pref("extensions.mysearchdial.aflt", "telemsd1103"); =>Adware.MyWebSearch O69 - SBI: prefs.js [Antonin - eb85kg11.default] user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}"); =>Adware.MyWebSearch O69 - SBI: prefs.js [Antonin - eb85kg11.default] user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzuyB0AyBzytCzyyEyCtCyDtCyCtD0A0C0BtN0D0Tzu0SyBtDzztN1L2XzutBtFtBtFtCyEtFtCt[...] =>Adware.MyWebSearch O69 - SBI: prefs.js [Antonin - eb85kg11.default] user_pref("extensions.mysearchdial.cr", "489327111"); =>Adware.MyWebSearch O69 - SBI: prefs.js [Antonin - eb85kg11.default] user_pref("extensions.mysearchdial.dfltLng", ""); =>Adware.MyWebSearch O69 - SBI: prefs.js [Antonin - eb85kg11.default] user_pref("extensions.mysearchdial.dfltSrch", true); =>Adware.MyWebSearch O69 - SBI: prefs.js [Antonin - eb85kg11.default] user_pref("extensions.mysearchdial.dnsErr", true); =>Adware.MyWebSearch O69 - SBI: prefs.js [Antonin - eb85kg11.default] user_pref("extensions.mysearchdial.excTlbr", false); =>Adware.MyWebSearch O69 - SBI: prefs.js [Antonin - eb85kg11.default] user_pref("extensions.mysearchdial.hmpg", true); =>Adware.MyWebSearch O69 - SBI: prefs.js [Antonin - eb85kg11.default] user_pref("extensions.mysearchdial.hmpgUrl", "http://start.mysearchdial.com/?f=1&a=telemsd1103&cd=2XzuyEtN2Y1L1QzuyB0AyBzytCzyyEyC[...] =>Adware.MyWebSearch O69 - SBI: prefs.js [Antonin - eb85kg11.default] user_pref("extensions.mysearchdial.id", "7A79194615160ACB"); =>Adware.MyWebSearch O69 - SBI: prefs.js [Antonin - eb85kg11.default] user_pref("extensions.mysearchdial.instlDay", "16047"); =>Adware.MyWebSearch O69 - SBI: prefs.js [Antonin - eb85kg11.default] user_pref("extensions.mysearchdial.instlRef", ""); =>Adware.MyWebSearch O69 - SBI: prefs.js [Antonin - eb85kg11.default] user_pref("extensions.mysearchdial.newTabUrl", "http://start.mysearchdial.com/?f=2&a=telemsd1103&cd=2XzuyEtN2Y1L1QzuyB0AyBzytCzyyE[...] =>Adware.MyWebSearch O69 - SBI: prefs.js [Antonin - eb85kg11.default] user_pref("extensions.mysearchdial.prdct", "mysearchdial"); =>Adware.MyWebSearch O69 - SBI: prefs.js [Antonin - eb85kg11.default] user_pref("extensions.mysearchdial.prtnrId", "mysearchdial"); =>Adware.MyWebSearch O69 - SBI: prefs.js [Antonin - eb85kg11.default] user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial"); =>Adware.MyWebSearch O69 - SBI: prefs.js [Antonin - eb85kg11.default] user_pref("extensions.mysearchdial.tlbrId", "base"); =>Adware.MyWebSearch O69 - SBI: prefs.js [Antonin - eb85kg11.default] user_pref("extensions.mysearchdial.tlbrSrchUrl", "http://start.mysearchdial.com/?f=3&a=telemsd1103&cd=2XzuyEtN2Y1L1QzuyB0AyBzytCzy[...] =>Adware.MyWebSearch O69 - SBI: prefs.js [Antonin - eb85kg11.default] user_pref("extensions.mysearchdial.vrsn", "1.8.21.0"); =>Adware.MyWebSearch O69 - SBI: prefs.js [Antonin - eb85kg11.default] user_pref("extensions.mysearchdial.vrsni", "1.8.21.0"); =>Adware.MyWebSearch O69 - SBI: prefs.js [Antonin - eb85kg11.default] user_pref("extensions.mysearchdial_i.hmpg", true); =>Adware.MyWebSearch O69 - SBI: prefs.js [Antonin - eb85kg11.default] user_pref("extensions.mysearchdial_i.newTab", false); =>Adware.MyWebSearch O69 - SBI: prefs.js [Antonin - eb85kg11.default] user_pref("extensions.mysearchdial_i.smplGrp", "none"); =>Adware.MyWebSearch O69 - SBI: prefs.js [Antonin - eb85kg11.default] user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.019:38:55"); =>Adware.MyWebSearch O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Delta Search) - http://www1.delta-search.com =>Toolbar.DeltaSearch O69 - SBI: SearchScopes [HKCU] {404342F6-0A50-4F06-A8C4-D626F39A8B66} - (uTorrentBar_FR Customized Web Search) - http://search.conduit.com =>P2P.µTorrent O69 - SBI: SearchScopes [HKCU] {9EE9E19A-E9B9-4AAD-A6EB-236A26B21FF2} [DefaultScope] - (Mysearchdial) - http://start.mysearchdial.com =>Adware.MyWebSearch ~ Keys: Scanned in 00mn 00s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.92E3B0B99E736893DE05E03CD55802F1] [SPRF][09/01/2014] (.Keen Software House - Space Engineers.) -- C:\Users\Antonin\Desktop\SpaceEngineers.exe [2165656] ~ Files: 2 Legitimates Filtered in 00mn 03s ---\\ Liste des exceptions du parefeu (FirewallRules) (O87) O87 - FAEL: "TCP Query User{25E069AD-BA4C-43CC-A6BC-E21B3FF11659}C:\users\antonin\downloads\utorrent.exe" | In - Private - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\users\antonin\downloads\utorrent.exe =>P2P.BitTorrent O87 - FAEL: "UDP Query User{D3A00E27-D054-42C7-84D1-DA7F2C5B5CB1}C:\users\antonin\downloads\utorrent.exe" | In - Private - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\users\antonin\downloads\utorrent.exe =>P2P.BitTorrent O87 - FAEL: "{F9AC0662-069C-4D83-8ACF-4B291EFD4BB0}" | In - Public - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\users\antonin\downloads\utorrent.exe =>P2P.BitTorrent O87 - FAEL: "{B1164A34-1AF3-4FD8-8CDF-68812E77E28D}" | In - Public - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\users\antonin\downloads\utorrent.exe =>P2P.BitTorrent O87 - FAEL: "{D03EC011-5889-416F-B55D-BDD752AC5F69}" | In - None - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent O87 - FAEL: "{653C8C06-72C1-4D1F-B4B0-CE1B02CA25A0}" | In - None - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent ~ Firewall: 6 Legitimates Filtered in 00mn 08s ---\\ Export de clés de registre aléatoires (O91) [HKCU\Software\5c2da8fb46dbf13\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel [HKCU\Software\5c2da8fb46dbf13\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:version="2.6.1095.52" =>Hijacker.Eazel [HKCU\Software\5c2da8fb46dbf13] =>PUP.Babylon^ [HKLM\Software\Wow6432Node\5c2da8fb46dbf13] => Clé orpheline => Clé orpheline => Clé orpheline => Clé orpheline ~ Export Key Software: Scanned in 00mn 00s ---\\ Recherche de clés de registre Tracing (O100) HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Iminent_RASAPI32 =>Adware.IMBooster HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Iminent_RASMANCS =>Adware.IMBooster ~ BTK: 70 Legitimates Filtered in 00mn 00s ---\\ Recherche de clés de registre CLSID (O101) [HKCR\CLSID\{11111111-1111-1111-1111-110311711180}] (Plus-HD-3.5) =>Adware.PlusHD [HKCR\CLSID\{22222222-2222-2222-2222-220322712280}] (CrossriderApp0037180.Sandbox) =>PUP.CrossRider ~ BCK: 5004 Legitimates Filtered in 00mn 05s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 08/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Demand 06/10/2012 277024 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe SS - | Auto 19/06/2012 173056 | (DellDigitalDelivery) . (.Dell Products, LP..) - c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe SS - | Auto 21/08/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 21/08/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 22/10/2004 73728 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe SS - | Demand 30/07/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe SR - | Auto 18/11/2009 98208 | (AERTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe SR - | Auto 21/04/2011 136360 | (AntiVirSchedulerService) . (.Avira GmbH.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe SR - | Auto 21/07/2011 269480 | (AntiVirService) . (.Avira GmbH.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe SR - | Auto 12/02/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SR - | Auto 29/11/2013 9936176 | (DisplayLinkService) . (.DisplayLink Corp..) - C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe SR - | Auto 21/07/2014 2544976 | (Hamachi2Svc) . (.LogMeIn Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe SR - | Auto 22/08/2014 9216 | (HiPatchService) . (.Hi-Rez Studios.) - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe SR - | Auto 09/07/2012 7168 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe SR - | Auto 19/06/2012 634632 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - c:\Program Files\Intel\iCLS Client\HeciServer.exe SR - | Demand 26/05/2014 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SR - | Auto 19/07/2012 166720 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe SR - | Auto 16/07/2014 377616 | (LMIGuardianSvc) . (.LogMeIn, Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe SR - | Auto 19/07/2012 277824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe SR - | Auto 03/08/2014 161280 | (LyricsMonkey) . (...) - C:\Program Files (x86)\ver3LyricsMonkey\D8LyricsMonkeyNq175.exe =>Adware.AddLyrics SR - | Auto 30/04/2014 1617696 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe SR - | Auto 30/04/2014 21007192 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe SR - | Auto 20/05/2014 927520 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe SR - | Auto 25/04/2012 254512 | (RichVideo) . (...) - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe SR - | Auto 10/10/2013 1915408 | (SftService) . (.SoftThinks SAS.) - C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe SR - | Auto 16/11/2012 63400 | (StartMenuXService) . (.OrdinarySoft.) - C:\Program Files\Start Menu X\StartMenuXService.exe SR - | Auto 20/05/2014 413128 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe SR - | Auto 14/12/2012 3467768 | (TeamViewer8) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe SR - | Auto 19/07/2012 365376 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe SR - | Auto 11/11/2013 114176 | (WajamUpdaterV3) . (.Wajam.) - C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe =>PUP.Wajam SR - | Auto 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation SR - | Demand 26/07/2012 30208 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 19/06/2012 77824 | (ZAtheros Wlan Agent) . (.Atheros.) - C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe ~ Services: Scanned in 00mn 06s ---\\ Scan Additionnel (O88) Database Version : 13026 - (30/08/2014) Clés trouvées (Keys found) : 253 Valeurs trouvées (Values found) : 2 Dossiers trouvés (Folders found) : 36 Fichiers trouvés (Files found) : 66 [HKLM\Software\Google\Chrome\Extensions\bfjoipapblchnffofegpknjcaonplmpe] =>Adware.AddLyrics^ [HKLM\Software\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp] =>PUP.Wajam^ [HKLM\Software\Google\Chrome\Extensions\paoponfhfdfnjgddpnpjkambkcgdaaib] =>P2P.µTorrent^ [HKLM\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff] =>Adware.MyWebSearch^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}] =>Toolbar.Conduit^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311531129}] =>PUP.CrossRider^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311711180}] =>PUP.CrossRider^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6FFE48D5-BD61-56FE-1D51-5CC49EE107FD}] =>Adware.AddLyrics^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}] =>PUP.Wajam^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}] =>Adware.MyWebSearch^ [HKLM\SYSTEM\CurrentControlSet\Services\LyricsMonkey] =>Adware.AddLyrics^ [HKLM\SYSTEM\CurrentControlSet\Services\WajamUpdaterV3] =>PUP.Wajam^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\AF0CC7D1-6F6D-5C24-8CD3-BAEF22DC0B98] =>Adware.AddLyrics^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\mysearchdial] =>Adware.MyWebSearch^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}] =>Rogue.PCHealthAdvisor^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-3.5] =>Adware.PlusHD^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pricora] =>Adware.Pricora^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Wajam] =>PUP.Wajam^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Webplayer] =>Adware.SocialSkinz^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}] =>Adware.Yontoo^ [HKLM\Software\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}] =>Adware.IMBooster [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}] =>Toolbar.Conduit [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}] =>Adware.IMBooster [HKLM\Software\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}] =>Toolbar.Wajam [HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>PUP.Babylon [HKLM\Software\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}] =>Adware.IMBooster [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>PUP.Babylon [HKLM\Software\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}] =>PUP.RewardsArcade [HKCU\Software\delta LTD] =>Toolbar.DeltaSearch [HKLM\Software\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}] =>PUP.RewardsArcade [HKLM\Software\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}] =>Toolbar.Wajam [HKLM\Software\Wow6432Node\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}] =>Toolbar.Wajam [HKLM\Software\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade [HKLM\Software\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}] =>Toolbar.Wajam [HKLM\Software\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}] =>Toolbar.Wajam [HKLM\Software\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}] =>PUP.RewardsArcade [HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon [HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon [HKLM\Software\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}] =>Toolbar.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}] =>Toolbar.Agent [HKLM\Software\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}] =>PUP.RewardsArcade [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}] =>PUP.RewardsArcade [HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>PUP.Babylon [HKLM\Software\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}] =>PUP.RewardsArcade [HKLM\Software\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}] =>Adware.Yontoo [HKLM\Software\Wow6432Node\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}] =>Adware.Yontoo [HKLM\Software\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}] =>PUP.RewardsArcade [HKLM\Software\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}] =>Toolbar.Wajam [HKLM\Software\Wow6432Node\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}] =>Toolbar.Wajam [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D6533F74-218B-41BE-9D91-5BD471FECFFD}] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D6533F74-218B-41BE-9D91-5BD471FECFFD}] =>Toolbar.Conduit [HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon [HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon [HKLM\Software\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}] =>PUP.RewardsArcade [HKLM\Software\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}] =>PUP.RewardsArcade [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] =>Adware.Yontoo [HKLM\Software\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade [HKLM\Software\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade [HKLM\Software\Classes\AppID\escort.dll] =>PUP.Babylon [HKLM\Software\Classes\AppID\escortapp.dll] =>PUP.Babylon [HKLM\Software\Classes\AppID\escorteng.dll] =>PUP.Babylon [HKLM\Software\Classes\AppID\esrv.EXE] =>PUP.Babylon [HKLM\Software\Classes\escort.escortIEPane] =>PUP.Funmoods [HKLM\Software\Classes\escort.escortIEPane.1] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp] =>Toolbar.Wajam [HKLM\Software\Wow6432Node\Google\Chrome\Extensions\paoponfhfdfnjgddpnpjkambkcgdaaib] =>Toolbar.Conduit [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater] =>Toolbar.Wajam [HKLM\Software\Wow6432Node\BabylonToolbar] =>PUP.Babylon [HKCU\Software\cacaoweb] =>PUP.CacaoWeb [HKCU\Software\AppDataLow\Software\ConduitSearchScopes] =>Toolbar.Conduit [HKCU\Software\DataMngr] =>Adware.Bandoo [HKLM\Software\Wow6432Node\DataMngr] =>Adware.Bandoo [HKCU\Software\Iminent] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster [HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong [HKCU\Software\Softonic] =>Toolbar.Conduit [HKLM\Software\Tarma Installer] =>PUP.Tarma [HKCU\Software\AppDataLow\Toolbar] =>Toolbar.Conduit [HKCU\Software\AppDataLow\Software\uTorrentBar_FR] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\uTorrentBar_FR] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Microsoft\Tracing\Iminent_RASAPI32] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Microsoft\Tracing\Iminent_RASMANCS] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP] =>Adware.IMBooster [HKLM\Software\Classes\Prod.cap] =>PUP.Babylon [HKLM\Software\Classes\AppID\priam_bho.DLL] =>Toolbar.Wajam [HKCU\Software\InstallCore] =>Adware.InstallCore [HKLM\Software\Wow6432Node\InstallCore] =>Adware.InstallCore [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma [HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch [HKLM\Software\Wow6432Node\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch [HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider [HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider [HKCU\Software\ParetoLogic] =>PUP.Paretologic [HKLM\Software\Wow6432Node\ParetoLogic] =>PUP.Paretologic [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}] =>Rogue.PCHealthAdvisor [HKLM\Software\Wow6432Node\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff] =>Adware.MyWebSearch [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3004627E-F8E9-4E8B-909D-316753CBA923}] =>Adware.MyWebSearch [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3004627E-F8E9-4E8B-909D-316753CBA923}] =>Adware.MyWebSearch [HKLM\Software\Wow6432Node\Google\Chrome\Extensions\fagpjgjmoaccgkkpjeoinehnoaimnbla] =>Hijacker.HolaSearch [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Pricora] =>Adware.Pricora [HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider [HKLM\Software\Classes\CrossriderApp0035329.BHO] =>PUP.CrossRider [HKLM\Software\Classes\CrossriderApp0035329.BHO.1] =>PUP.CrossRider [HKLM\Software\Classes\CrossriderApp0035329.Sandbox] =>PUP.CrossRider [HKLM\Software\Classes\CrossriderApp0035329.Sandbox.1] =>PUP.CrossRider [HKLM\Software\Classes\CrossriderApp0037180.BHO] =>PUP.CrossRider [HKLM\Software\Classes\CrossriderApp0037180.BHO.1] =>PUP.CrossRider [HKLM\Software\Classes\CrossriderApp0037180.Sandbox] =>PUP.CrossRider [HKLM\Software\Classes\CrossriderApp0037180.Sandbox.1] =>PUP.CrossRider [HKLM\Software\Classes\esrv.mysearchdialESrvc] =>Adware.MyWebSearch [HKLM\Software\Classes\esrv.mysearchdialESrvc.1] =>Adware.MyWebSearch [HKLM\Software\Classes\mysearchdial.mysearchdialappCore] =>Adware.MyWebSearch [HKLM\Software\Classes\mysearchdial.mysearchdialappCore.1] =>Adware.MyWebSearch [HKLM\Software\Classes\mysearchdial.mysearchdialdskBnd] =>Adware.MyWebSearch [HKLM\Software\Classes\mysearchdial.mysearchdialdskBnd.1] =>Adware.MyWebSearch [HKLM\Software\Classes\mysearchdial.mysearchdialHlpr] =>Adware.MyWebSearch [HKLM\Software\Classes\mysearchdial.mysearchdialHlpr.1] =>Adware.MyWebSearch [HKLM\Software\Classes\Toolbar.CT2851639] =>Toolbar.Conduit [HKLM\Software\Classes\wajam.WajamBHO] =>PUP.Wajam [HKLM\Software\Classes\wajam.WajamBHO.1] =>PUP.Wajam [HKLM\Software\Classes\wajam.WajamDownloader] =>PUP.Wajam [HKLM\Software\Classes\wajam.WajamDownloader.1] =>PUP.Wajam [HKLM\Software\Classes\YontooIEClient.Api] =>Adware.Yontoo [HKLM\Software\Classes\YontooIEClient.Api.1] =>Adware.Yontoo [HKLM\Software\Classes\YontooIEClient.Layers] =>Adware.Yontoo [HKLM\Software\Classes\YontooIEClient.Layers.1] =>Adware.Yontoo [HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110311711180}] =>PUP.CrossRider [HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220322712280}] =>PUP.CrossRider [HKLM\Software\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods [HKLM\Software\Classes\AppID\YontooIEClient.DLL] =>Adware.Yontoo [HKLM\Software\Wow6432Node\Classes\CrossriderApp0035329.BHO] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CrossriderApp0035329.BHO.1] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CrossriderApp0035329.Sandbox] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CrossriderApp0035329.Sandbox.1] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CrossriderApp0037180.BHO] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CrossriderApp0037180.BHO.1] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CrossriderApp0037180.Sandbox] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CrossriderApp0037180.Sandbox.1] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\escort.escortIEPane] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\escort.escortIEPane.1] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\esrv.mysearchdialESrvc] =>Adware.MyWebSearch [HKLM\Software\Wow6432Node\Classes\esrv.mysearchdialESrvc.1] =>Adware.MyWebSearch [HKLM\Software\Wow6432Node\Classes\mysearchdial.mysearchdialappCore] =>Adware.MyWebSearch [HKLM\Software\Wow6432Node\Classes\mysearchdial.mysearchdialappCore.1] =>Adware.MyWebSearch [HKLM\Software\Wow6432Node\Classes\mysearchdial.mysearchdialdskBnd] =>Adware.MyWebSearch [HKLM\Software\Wow6432Node\Classes\mysearchdial.mysearchdialdskBnd.1] =>Adware.MyWebSearch [HKLM\Software\Wow6432Node\Classes\mysearchdial.mysearchdialHlpr] =>Adware.MyWebSearch [HKLM\Software\Wow6432Node\Classes\mysearchdial.mysearchdialHlpr.1] =>Adware.MyWebSearch [HKLM\Software\Wow6432Node\Classes\Toolbar.CT2851639] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Classes\wajam.WajamBHO] =>PUP.Wajam [HKLM\Software\Wow6432Node\Classes\wajam.WajamBHO.1] =>PUP.Wajam [HKLM\Software\Wow6432Node\Classes\wajam.WajamDownloader] =>PUP.Wajam [HKLM\Software\Wow6432Node\Classes\wajam.WajamDownloader.1] =>PUP.Wajam [HKLM\Software\Wow6432Node\Classes\YontooIEClient.Api] =>Adware.Yontoo [HKLM\Software\Wow6432Node\Classes\YontooIEClient.Api.1] =>Adware.Yontoo [HKLM\Software\Wow6432Node\Classes\YontooIEClient.Layers] =>Adware.Yontoo [HKLM\Software\Wow6432Node\Classes\YontooIEClient.Layers.1] =>Adware.Yontoo [HKLM\Software\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110311531129}] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110311711180}] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220322532229}] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220322712280}] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\AppID\escort.DLL] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\AppID\escortApp.DLL] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\AppID\escortEng.DLL] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\AppID\YontooIEClient.DLL] =>Adware.Yontoo [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311531129}] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311711180}] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}] =>Toolbar.Conduit^ [HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]:{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} =>Toolbar.Conduit^ [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:cacaoweb =>PUP.CacaoWeb^ C:\Users\Antonin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfjoipapblchnffofegpknjcaonplmpe =>Adware.AddLyrics^ C:\Users\Antonin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp =>PUP.Wajam^ C:\Users\Antonin\AppData\Local\Google\Chrome\User Data\Default\Extensions\paoponfhfdfnjgddpnpjkambkcgdaaib =>P2P.µTorrent^ C:\Users\Antonin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff =>Adware.MyWebSearch^ C:\Users\Antonin\AppData\Roaming\Mozilla\Firefox\Profiles\EP: RegExtension {5a95a9e0-59dd-4314-bd84-4d18ca83a0e2} . (...) -- C:\extensions\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi =>PUP.Wajam^ C:\Users\Antonin\AppData\Roaming\Mozilla\Firefox\Profiles\EP: RegExtension {B4286FE0-93E9-AFAF-3B77-1C4DA6B4B71A} . (...) -- C:\extensions\Program Files (x86)\ver3LyricsMonkey\175.xpi =>Adware.AddLyrics^ C:\Program Files (x86)\Lyrics_Monkey =>Adware.AddLyrics^ C:\Program Files (x86)\Mysearchdial =>Adware.MyWebSearch^ C:\Program Files (x86)\ParetoLogic =>PUP.Paretologic^ C:\Program Files (x86)\Plus-HD-3.5 =>Adware.PlusHD^ C:\Program Files (x86)\Pricora =>Adware.Pricora^ C:\Program Files (x86)\ver3LyricsMonkey =>Adware.AddLyrics^ C:\Program Files (x86)\Wajam =>PUP.Wajam^ C:\Program Files (x86)\Yontoo =>Adware.Yontoo^ C:\Program Files (x86)\Common Files\ParetoLogic =>PUP.Paretologic^ C:\ProgramData\Babylon =>PUP.Babylon^ C:\ProgramData\IBUpdaterService =>Adware.InstallBrain^ C:\ProgramData\ParetoLogic =>PUP.Paretologic^ C:\ProgramData\Tarma Installer =>PUP.Tarma^ C:\Users\Antonin\AppData\Roaming\Babylon =>PUP.Babylon^ C:\Users\Antonin\AppData\Roaming\cacaoweb =>PUP.CacaoWeb^ C:\Users\Antonin\AppData\Roaming\mysearchdial =>Adware.MyWebSearch^ C:\Users\Antonin\AppData\Roaming\OpenCandy =>Adware.OpenCandy^ C:\Users\Antonin\AppData\Roaming\ParetoLogic =>PUP.Paretologic^ C:\Users\Antonin\AppData\Local\Wajam =>PUP.Wajam^ C:\Users\Antonin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic =>PUP.Paretologic^ C:\Users\Antonin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam =>PUP.Wajam^ C:\Program Files (x86)\Conduit =>Toolbar.Conduit C:\Program Files (x86)\uTorrentBar_FR =>Toolbar.Conduit C:\ProgramData\Conduit =>Toolbar.Conduit C:\Users\Antonin\AppData\Local\Conduit =>Toolbar.Conduit C:\Users\Antonin\AppData\LocalLow\Conduit =>Toolbar.Conduit C:\Users\Antonin\AppData\LocalLow\PriceGong =>Adware.PriceGong C:\Users\Antonin\AppData\LocalLow\uTorrentBar_FR =>Toolbar.Conduit C:\Users\Antonin\AppData\LocalLow\holasearch =>Hijacker.HolaSearch C:\Users\Antonin\AppData\Local\Temp\uTorrentBar_FR =>Toolbar.Conduit C:\Program Files (x86)\ver3LyricsMonkey\F9LyricsMonkeyk.exe =>Adware.AddLyrics^ C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent^ C:\Program Files (x86)\ver3LyricsMonkey\i4LyricsMonkeyC82.exe =>Adware.AddLyrics^ C:\Users\Antonin\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.exe =>Adware.MyWebSearch^ C:\Program Files (x86)\Plus-HD-3.5\Plus-HD-3.5-chromeinstaller.exe =>Adware.PlusHD^ C:\Program Files (x86)\Plus-HD-3.5\Plus-HD-3.5-codedownloader.exe =>Adware.PlusHD^ C:\Program Files (x86)\Plus-HD-3.5\Plus-HD-3.5-enabler.exe =>Adware.PlusHD^ C:\Program Files (x86)\Plus-HD-3.5\Plus-HD-3.5-firefoxinstaller.exe =>Adware.PlusHD^ C:\Program Files (x86)\Plus-HD-3.5\Plus-HD-3.5-updater.exe =>Adware.PlusHD^ C:\Program Files (x86)\Pricora\Pricora-codedownloader.exe =>Adware.Pricora^ C:\Program Files (x86)\Pricora\Pricora-enabler.exe =>Adware.Pricora^ C:\Program Files (x86)\Pricora\Pricora-firefoxinstaller.exe =>Adware.Pricora^ C:\Program Files (x86)\Pricora\Pricora-updater.exe =>Adware.Pricora^ C:\PROGRA~3\TARMAI~1\{889DF~1\Setup.exe =>PUP.Tarma^ C:\Windows\Tasks\LyricsMonkey Update.job =>Adware.AddLyrics^ C:\Windows\System32\Tasks\LyricsMonkey Update =>Adware.AddLyrics^ C:\Windows\Tasks\LyricsMonkey_wd.job =>Adware.AddLyrics^ C:\Windows\System32\Tasks\LyricsMonkey_wd =>Adware.AddLyrics^ C:\Windows\Tasks\MySearchDial.job =>Adware.MyWebSearch^ C:\Windows\System32\Tasks\MySearchDial =>Adware.MyWebSearch^ C:\Windows\Tasks\ParetoLogic Registration3.job =>PUP.Paretologic^ C:\Windows\System32\Tasks\ParetoLogic Registration3 =>PUP.Paretologic^ C:\Windows\Tasks\Plus-HD-3.5-chromeinstaller.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\Plus-HD-3.5-chromeinstaller =>PUP.CrossRider^ C:\Windows\Tasks\Plus-HD-3.5-codedownloader.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\Plus-HD-3.5-codedownloader =>PUP.CrossRider^ C:\Windows\Tasks\Plus-HD-3.5-enabler.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\Plus-HD-3.5-enabler =>PUP.CrossRider^ C:\Windows\Tasks\Plus-HD-3.5-firefoxinstaller.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\Plus-HD-3.5-firefoxinstaller =>PUP.CrossRider^ C:\Windows\Tasks\Plus-HD-3.5-updater.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\Plus-HD-3.5-updater =>PUP.CrossRider^ C:\Windows\Tasks\Pricora-codedownloader.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\Pricora-codedownloader =>PUP.CrossRider^ C:\Windows\Tasks\Pricora-enabler.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\Pricora-enabler =>PUP.CrossRider^ C:\Windows\Tasks\Pricora-firefoxinstaller.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\Pricora-firefoxinstaller =>PUP.CrossRider^ C:\Windows\Tasks\Pricora-updater.job =>PUP.CrossRider^ C:\Windows\System32\Tasks\Pricora-updater =>PUP.CrossRider^ [HKCU\Software\BabSolution] =>Hijacker.BabSolution^ [HKCU\Software\Conduit] =>Toolbar.Conduit^ [HKCU\Software\Tbccint_HKLM] =>Toolbar.Conduit^ [HKCU\Software\Wajam] =>PUP.Wajam^ [HKCU\Software\holasearch LTD] =>Hijacker.HolaSearch^ [HKCU\Software\mysearchdial.com] =>Adware.MyWebSearch^ [HKCU\Software\mysearchdial] =>Adware.MyWebSearch^ [HKLM\Software\Wow6432Node\Babylon] =>PUP.Babylon^ [HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit^ [HKLM\Software\Wow6432Node\babylontoolbar] =>PUP.Babylon^ [HKCU\Software\5c2da8fb46dbf13\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel^ [HKCU\Software\5c2da8fb46dbf13] =>PUP.Babylon^^ [HKCR\CLSID\{11111111-1111-1111-1111-110311711180}] (Plus-HD-3.5) =>Adware.PlusHD^ [HKCR\CLSID\{22222222-2222-2222-2222-220322712280}] (CrossriderApp0037180.Sandbox) =>PUP.CrossRider^ C:\Users\Antonin\Downloads\cacaoweb.exe =>PUP.CacaoWeb C:\Users\Antonin\AppData\Local\Temp\uninst1.exe =>PUP.Babylon C:\Users\Antonin\Downloads\flvmplayer.exe =>PUP.Offerware C:\Users\Antonin\AppData\Local\Temp\IminentSetup.exe =>Adware.IMBooster C:\Users\Antonin\AppData\Local\Temp\WajamIM.EXE =>Toolbar.Wajam C:\Users\Antonin\AppData\Local\Temp\wajam_download.exe =>Toolbar.Wajam C:\Users\Antonin\AppData\Local\Temp\tbuTor.dll =>Toolbar.Conduit C:\Users\Antonin\AppData\Local\Temp\v116712546.561.exe =>Toolbar.Conduit ~ Additionnel Scan: 379411 Items scanned in 01mn 28s ---\\ Informations complémentaires sur les modules ~ http://nicolascoolman.fr/g0-page-de-demarrage-google-chrome/ =>.Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) ~ http://nicolascoolman.fr/g2-google-chrome-extensions/ =>.Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5) ~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects de navigateur (O2) ~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer Toolbars (O3) ~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4) ~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Clé de registre Shell MountPoints2 (MPKS) (O51) ~ AMI: 7 Legitimates Filtered in 00mn 00s ---\\ Récapitulatif des détections trouvées sur votre station http://nicolascoolman.fr/adware-addlyrics =>Adware.AddLyrics http://nicolascoolman.fr/adware-mywebsearch =>Adware.MyWebSearch http://nicolascoolman.fr/pup-wajam =>PUP.Wajam http://nicolascoolman.fr/toolbar-deltasearch =>Toolbar.DeltaSearch http://nicolascoolman.fr/hijacker-holasearch =>Hijacker.HolaSearch http://nicolascoolman.fr/toolbar-conduit =>Toolbar.Conduit http://nicolascoolman.fr/hijacker-proxy =>Hijacker.Proxy http://nicolascoolman.fr/pup-crossrider =>PUP.CrossRider http://nicolascoolman.fr/pup-cacaoweb =>PUP.CacaoWeb http://nicolascoolman.fr/pup-eorezo =>PUP.Eorezo http://nicolascoolman.fr/pup-babylon =>PUP.Babylon http://nicolascoolman.fr/adware-plushd =>Adware.PlusHD http://nicolascoolman.fr/adware-pricora =>Adware.Pricora http://nicolascoolman.fr/pup-tarma =>PUP.Tarma http://nicolascoolman.fr/30068076-pup-paretologic =>PUP.Paretologic http://nicolascoolman.fr/adware-socialskinz =>Adware.SocialSkinz http://nicolascoolman.fr/adware-yontoo =>Adware.Yontoo http://nicolascoolman.fr/hijacker-eazel =>Hijacker.Eazel http://nicolascoolman.fr/hijacker-babsolution =>Hijacker.BabSolution http://nicolascoolman.fr/adware-imbooster =>Adware.IMBooster http://nicolascoolman.fr/adware-installcore =>Adware.InstallCore http://nicolascoolman.fr/adware-vidsaver =>Adware.VidSaver http://nicolascoolman.fr/adware-installbrain =>Adware.InstallBrain http://nicolascoolman.fr/adware-opencandy =>Adware.OpenCandy http://nicolascoolman.fr/pup-rewardsarcade =>PUP.RewardsArcade http://nicolascoolman.fr/pup-funmoods =>PUP.Funmoods http://nicolascoolman.fr/adware-bandoo =>Adware.Bandoo http://nicolascoolman.fr/adware-pricegong =>Adware.PriceGong http://nicolascoolman.fr/pup-offerware =>PUP.Offerware ~ MSI: 29 link(s) detected in 00mn 00s ~ 917 Legitimates filtered by white list End of the scan (1066 lines in 05mn 42s)(0)