Script ZHPFix ShortcutFix Lignes indésirables M2 - MFEP: prefs.js [Jean Claude - fy25jj3b.default\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com] [] The weDownload Manager v (..) =>PUP.weDownloadManager R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com =>Hijacker.SmartBar R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com =>Hijacker.SmartBar R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.nationzoom.com =>Hijacker.NationZoom R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nationzoom.com =>Hijacker.NationZoom R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.com =>Hijacker.SmartBar R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.com =>Hijacker.SmartBar R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.nationzoom.com =>Hijacker.NationZoom R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nationzoom.com =>Hijacker.NationZoom O20 - AppInit_DLLs: . (...) - C:\Program Files (x86)\MOVIES~1\Datamngr\x64\mgrldr.dll (.not file.) =>PUP.Datamngr O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Deeal_fr 0.2-chromeinstaller.job [1946] => PUP.DeealFr O39 - APT:Automatic Planified Task - C:\Windows\Tasks\The weDownload Manager-codedownloader.job [1582] =>PUP.weDownloadManager O39 - APT:Automatic Planified Task - C:\Windows\Tasks\The weDownload Manager-firefoxinstaller.job [2576] =>PUP.weDownloadManager [MD5.64A52DA2B81C2E6DD902D4BF10E3DBB1] [APT] [The weDownload Manager-codedownloader] (.weDownload.) -- C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-codedownloader.exe [553984] =>PUP.weDownloadManager [MD5.C5ACBCA9BCE48F850D37FCFC317734DA] [APT] [The weDownload Manager-firefoxinstaller] (.weDownload.) -- C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-firefoxinstaller.exe [932352] =>PUP.weDownloadManager O42 - Logiciel: WPM17.8.0.3159 - (.Cherished Technololgy LIMITED.) [HKLM][64Bits] -- WPM =>PUP.WpManager [HKCU\Software\BI] => Infection Web (Adware.MegaSearch) [HKCU\Software\InstallCore] =>Adware.InstallCore [HKCU\Software\Smartbar] =>Hijacker.SmartBar [HKCU\Software\SweetIM] =>PUP.SweetIM [HKCU\Software\WeDlMngr] =>PUP.weDownloadManager [HKLM\Software\Wow6432Node\Deeal_fr 0.2] => PUP.DeealFr [HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster [HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM [HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager O43 - CFD: 08/12/2013 - 10:58:40 - [0,788] ----D C:\Program Files (x86)\Deeal_fr 0.2 => PUP.DeealFr O43 - CFD: 28/12/2013 - 12:23:13 - [0] ----D C:\Program Files (x86)\IminentToolbar =>Adware.IMBooster O43 - CFD: 28/12/2013 - 12:26:04 - [0,015] ----D C:\Program Files (x86)\MyPC Backup =>PUP.MyPCBackup O43 - CFD: 08/12/2013 - 12:18:57 - [0,478] ----D C:\ProgramData\WPM =>PUP.WpManager O43 - CFD: 28/12/2013 - 12:21:31 - [0,259] ----D C:\Users\Utilisateur\AppData\Roaming\IminentToolbar =>Adware.IMBooster O43 - CFD: 08/12/2013 - 10:18:42 - [0,996] ----D C:\Users\Utilisateur\AppData\Roaming\speedtest4354 => Adware.ScriptHost O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.nationzoom.com =>Hijacker.NationZoom O69 - SBI: SearchScopes [HKCU] {006ee092-9658-4fd6-bd8e-a21a348e59f5} - (Web Search) - http://feed.snapdo.com =>Hijacker.SmartBar SS - | Disabled 08/12/2013 499856 | (Wpm) . (.Cherished Technololgy LIMITED.) - C:\ProgramData\WPM\wprotectmanager.exe =>PUP.WpManager [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WPM] =>PUP.WpManager^ [HKLM\Software\Classes\Interface\{3f607e46-0d3c-4442-b1de-de7fa4768f5c}] =>Adware.RecordNRip [HKLM\Software\Wow6432Node\Classes\Interface\{3f607e46-0d3c-4442-b1de-de7fa4768f5c}] =>Adware.RecordNRip [HKLM\Software\Classes\TypeLib\{93e3d79c-0786-48ff-9329-93bc9f6dc2b3}] =>Adware.RecordNRip [HKLM\Software\Classes\Interface\{fe0273d1-99df-4ac0-87d5-1371c6271785}] =>Adware.RecordNRip [HKLM\Software\Wow6432Node\Classes\Interface\{fe0273d1-99df-4ac0-87d5-1371c6271785}] =>Adware.RecordNRip [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}] =>Hijacker.SmartBar [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}] =>Hijacker.SmartBar [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}] =>Adware.IMBooster [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}] =>Adware.Bandoo [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}] =>Adware.Bandoo [HKLM\Software\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}] =>Adware.Agent [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster [HKCU\Software\SweetIM] =>PUP.SweetIM [HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM [HKCU\Software\InstallCore] =>Adware.InstallCore [HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47] =>Adware.IMBooster [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856] =>Adware.IMBooster [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494] =>Adware.IMBooster [HKCU\Software\BI] =>Adware.MegaSearch [HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{84FF7BD6-B47F-46F8-9130-01B2696B36CB} =>Adware.IMBooster C:\Users\Utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\fy25jj3b.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com =>PUP.weDownloadManager^ C:\Program Files (x86)\IminentToolbar =>Adware.IMBooster^ C:\Program Files (x86)\MyPC Backup =>PUP.MyPCBackup^ C:\ProgramData\WPM =>PUP.WpManager^ C:\Users\Utilisateur\AppData\Roaming\IminentToolbar =>Adware.IMBooster^ C:\Windows\Tasks\The weDownload Manager-codedownloader.job =>PUP.weDownloadManager^ C:\Windows\Tasks\The weDownload Manager-firefoxinstaller.job =>PUP.weDownloadManager^ C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-codedownloader.exe =>PUP.weDownloadManager^ C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-firefoxinstaller.exe =>PUP.weDownloadManager^ [HKCU\Software\Smartbar] =>Hijacker.SmartBar^ [HKCU\Software\WeDlMngr] =>PUP.weDownloadManager^ [HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager^ O3 - Toolbar: (no name) - [HKLM]{ae07101b-46d4-4a98-af68-0333ea26e113} Clé orpheline => Toolbar.Agent O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll =>Toolbar.Google O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline => Toolbar.Google O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google O4 - HKUS\S-1-5-21-3428673392-3501539999-226193709-1001\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google [HKCU\Software\APN DTX] => Toolbar.Ask [HKCU\Software\Conduit] =>Toolbar.Conduit [HKCU\Software\Softonic] =>Toolbar.Conduit O69 - SBI: SearchScopes [HKCU] {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} [DefaultScope] - (Conduit Search) - http://search.conduit.com => Toolbar.Conduit* [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A047FE02-C91C-41CB-898C-4ED21B86025A}] =>Toolbar.Orange [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}] =>Toolbar.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C9A6357B-25CC-4BCF-96C1-78736985D412}] =>Toolbar.Orange [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C9A6357B-25CC-4BCF-96C1-78736985D412}] =>Toolbar.Orange [HKLM\Software\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}] =>Toolbar.Wajam [HKLM\Software\Wow6432Node\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}] =>Toolbar.Wajam [HKLM\Software\Classes\SearchBar.Client] =>Toolbar.Agent [HKCU\Software\APN DTX] =>Toolbar.Ask [HKCU\Software\Softonic] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D970ED5-3EDA-438D-BFFD-715931E2775B}] =>Toolbar.Sorcim [HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^ [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:swg =>Toolbar.Google^ [HKCU\Software\Conduit] =>Toolbar.Conduit^ Lignes superflues et inutiles : O4 - GS\Desktop [Public]: IncrediMail.lnk . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe => Messaging.Incredimail O4 - GS\Program [Public]: Desktop.lnk - Clé orpheline => Orphean Key not necessary O4 - GS\Program [Public]: IncrediMail.lnk . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe => Messaging.Incredimail O42 - Logiciel: IncrediMail - (.IncrediMail.) [HKLM][64Bits] -- {2CF22C94-1369-4C04-9A5F-A4BC6D91B508} => Messaging.Incredimail O42 - Logiciel: IncrediMail 2.0 - (.IncrediMail Ltd..) [HKLM][64Bits] -- IncrediMail => Messaging.Incredimail [HKCU\Software\IM] => Messaging.IncrediMail [HKCU\Software\IncrediMail] => Messaging.Incredimail O43 - CFD: 21/10/2013 - 17:40:41 - [48,475] ----D C:\Program Files (x86)\GUM9727.tmp => Google Inc - Google Update Manager O43 - CFD: 25/01/2014 - 14:34:48 - [26,257] ----D C:\Program Files (x86)\IncrediMail => Messaging.Incredimail O43 - CFD: 25/01/2014 - 14:35:23 - [0] ----D C:\ProgramData\IM => Messaging.IncrediMail O43 - CFD: 25/01/2014 - 14:34:48 - [6,735] ----D C:\ProgramData\IncrediMail => Messaging.Incredimail O43 - CFD: 25/01/2014 - 14:56:40 - [12,714] ----D C:\Users\Utilisateur\AppData\Local\IM => Messaging.IncrediMail O87 - FAEL: "TCP Query User{EC99A826-234F-4D06-BBD9-74F35EFA331F}F:\install\setup.exe" |In - Private - P6 - TRUE | .(...) -- F:\install\setup.exe (.not file.) => Fichier absent O87 - FAEL: "UDP Query User{10803573-EA90-4F51-B409-863AFB7A3E9E}F:\install\setup.exe" |In - Private - P17 - TRUE | .(...) -- F:\install\setup.exe (.not file.) => Fichier absent O87 - FAEL: "{800B3AA1-0CF1-41E1-94BD-01AB9B1AA2E9}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe => Messaging.Incredimail O87 - FAEL: "{5AF8A807-7410-481E-A58C-3DCF1EC54099}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe => Messaging.Incredimail O87 - FAEL: "{E8E7B094-78A9-4D29-80EF-FABF31B68E9B}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe => Messaging.Incredimail O87 - FAEL: "{D35C9CDC-954D-40ED-9270-B2009CE50FB9}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe => Messaging.Incredimail O87 - FAEL: "{B0689297-8897-4948-8CCC-B3A78A6BADC2}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe => Messaging.Incredimail O87 - FAEL: "{EEE26358-97EF-49E5-B2C2-67E423516AF0}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe => Messaging.Incredimail O87 - FAEL: "{705A80E6-1888-43B3-B347-9141531D2EDD}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe => Messaging.Incredimail O87 - FAEL: "{74DB4EFD-D673-43FD-A419-64F8CA1D6A4A}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe => Messaging.Incredimail O87 - FAEL: "{3DFA17AC-F489-42FE-A14B-3A7E2871809E}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe => Messaging.Incredimail O87 - FAEL: "{57541F30-D190-4DFD-ADFD-7754823AE05C}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe => Messaging.Incredimail O90 - PUC: "49C22FC2963140C4A9F54ACBD6195B80" . (.IncrediMail.) -- C:\WINDOWS\Installer\{2CF22C94-1369-4C04-9A5F-A4BC6D91B508}\ARPPRODUCTICON.exe => Messaging.Incredimail [MD5.C84C35B3ED26F11A04F50874B40AA5E8] [WIS][25/01/2014] (.IncrediMail - IncrediMail.) -- C:\Windows\Installer\1de5a0ed.msi [2687488] => Messaging.Incredimail Optimisation du démarrage :