cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2014.5.8.57 - Nicolas Coolman (08/05/2014)
~ Lancé par asus (08/05/2014 21:22:31)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v9.0.8112.16421

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : PV9HW
Windows License : OK
~ Windows Remaining Initializations Number : 4
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
Microsoft Security Client v4.4.0304.0
Windows Defender W7

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 13 ActiveX

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3071 MB (35% free)
System Restore: Activé (Enable)
System drive C: has 270 GB (90%) free of 298 GB

---\\ Mode de connexion au système
~ Computer Name: ASUS-PC
~ User Name: asus
~ All Users Names: UpdatusUser, asus, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\asus\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\asus\AppData\Roaming\
~ %Desktop% : C:\Users\asus\Desktop\
~ %Favorites% : C:\Users\asus\Favorites\
~ %LocalAppData% : C:\Users\asus\AppData\Local\
~ %StartMenu% : C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 270 Go of 298 Go)
D: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: Modified
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: Modified
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: Modified
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: Modified
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoResolveSearch: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSetProgramAccessAndDefaults: Modified =>PUA.StartShow
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowNetConn: Modified
~ Security Center: 46 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.AC4C51EB24AA95B77F705AB159189E24] - (.Microsoft Corporation - Explorateur Windows.) (.20/11/2010 - 14:24:45.) -- C:\Windows\Explorer.exe [2872320]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.56932FF02302B2A294A2221FF7FF1F06] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.01/05/2014 - 18:40:48.) -- C:\Windows\System32\wininet.dll [1392128]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 12:06:41.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 01s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/13
~ Mes Favoris (My Favorites) : 1/26
~ Mes Documents (My Documents) : 1/15
~ Mon Bureau (My Desktop) : 1/6
~ Menu demarrer (Programs) : 1/32
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lancés
[MD5.385B043F340AB3A8DF69F66C4F5886AF] - (...) -- C:\Program Files (x86)\SelectionTool-soft\SelectionTool_wd.exe [93696] [PID.2260]
[MD5.DC12AAAE925C0211E4668B9C90BDD2BA] - (.Systweak - Advanced System Protector.) -- C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe [6600048] [PID.2300] =>PUP.AdvancedSystemProtector
[MD5.9BB700669BC5CBD162989B9051BC0BFD] - (.GenTechnologies Apps, LLC - Movie Mode.) -- C:\ProgramData\MovieMode\up\2.6.78\MovieMode.exe [152720] [PID.2648] =>PUP.MovieMode
[MD5.3737F673D161849BB20B0551D87851CA] - (...) -- C:\Users\asus\AppData\Local\PirritSuggestor\PirritDesktop.exe [191320] [PID.956] =>PUP.PirritSuggestor
[MD5.1FF7D6C9A6BABBC31441D93395109C90] - (...) -- C:\Users\asus\AppData\Local\fst_fr_170\upfst_fr_170.exe [3267568] [PID.4568] =>Adware.FreeSoftToday
[MD5.2E35CE78141C99D2E0E88DCCDE89FB99] - (.Pas de propriétaire - Printer Device Monitor.) -- C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe [660136] [PID.4964]
[MD5.50131BFA7FD0C6029E611DBA35AA7E4D] - (.Lexmark International Inc. - Lexmark Fast Pics Application.) -- C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe [107176] [PID.4992]
[MD5.7AFF1C22E8BC6D8181053FC3590FD0F2] - (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.exe [718208] [PID.5016]
[MD5.6DBF73D20C7532592C5749381A3C24DE] - (...) -- C:\Users\asus\AppData\Roaming\cacaoweb\cacaoweb.exe [489984] [PID.1172] =>PUP.CacaoWeb
[MD5.9AE58A7E8B7FDDE752E3D10EE3843A4D] - (...) -- C:\Program Files (x86)\fst_fr_170\fst_fr_170.exe [3985392] [PID.4568] =>Adware.FreeSoftToday
[MD5.2214FCB2ADDCCA4C6A85A3A814EC6FD0] - (.Software Updater - Software Updater.) -- C:\Program Files (x86)\Software Updater\SoftwareUpdater.exe [1934016] [PID.4632] =>PUP.Eorezo
[MD5.DF45594CBD8FE78C46DFB15C4E134BD0] - (.Aedge Performance BCN SL - OfferBox.) -- C:\Program Files (x86)\OfferBox\OfferBox.exe [8627008] [PID.4128] =>PUP.OfferBox
[MD5.41986D0C4D94AF7824F3A3A8D30424BC] - (.Pas de propriétaire - Printer Card Transfer Monitor.) -- C:\Program Files (x86) (x86)\Lexmark 2600 Series\lxdnMsdMon.exe [25256] [PID.4516]
[MD5.542459D16B416D054161007FC9B1246E] - (.Google Inc. - Google Chrome.) -- C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe [841032] [PID.7612]
[MD5.9EAD738E517B633B5375FBAB5695E7D4] - (.Pas de propriétaire - srptm.) -- C:\Users\asus\AppData\Local\LPT\srptm.exe [23072] [PID.9324] =>Adware.Incredibar
[MD5.CCD09CA21C1946AF24834512BD9A6FCA] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7873536] [PID.8676]
[MD5.5A19667A580B1CE886EAF968B9743F45] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [383264] [PID.780]
[MD5.E91C669DB45EC0F1D18185A9B7006E44] - (.Cherished Technololgy LIMITED - IePlugin Service.) -- C:\ProgramData\IePluginService\PluginService.exe [705136] [PID.1508] =>Trojan.SProtector
[MD5.6BA8985C841A5D1E94D91B81AF764229] - (.Cherished Technololgy LIMITED - WPM Service.) -- C:\ProgramData\WPM\wprotectmanager.exe [496640] [PID.1636] =>PUP.WpManager
[MD5.9B7B8F61A11A05617DC379D0860E32A5] - (.Pas de propriétaire - srpts.) -- C:\Program Files (x86)\LPT\srpts.exe [37920] [PID.1976] =>Adware.Incredibar
[MD5.3D8B851E7EFCDC130E4B301BDDE10099] - (.PriceMeter - PriceMeterLiveUpdate Update.) -- C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe [150504] [PID.2272] =>PUP.PriceMeter
[MD5.A80DF9092BE0CBBFB749E215897767D0] - (.GenTechnologies Apps, LLC - Movie Mode Service.) -- C:\ProgramData\MovieMode\up\2.6.78\MovieModeService.exe [66704] [PID.3024] =>PUP.MovieMode
[MD5.AF312DBE00F2210800373E64EF2804BD] - (...) -- C:\Users\asus\AppData\Local\PirritSuggestor\PirritService.exe [52568] [PID.2488] =>PUP.PirritSuggestor
[MD5.F660D12105DB68684762BE0E8581026A] - (...) -- C:\Program Files (x86)\Pirrit\AutoUpdater.exe [59904] [PID.2588] =>PUP.PirritSuggestor
[MD5.D61DB8A9C0F154F13AA4E5C95C486CB0] - (...) -- C:\Program Files\V-bates\ExtensionUpdaterService.exe [209408] [PID.1568] =>Adware.Incredibar
[MD5.834C2634C3AE7F4DE56A1548C5375685] - (.Wajam Internet Technologies Inc. - Wajam Internet Enhancer Service.) -- C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe [210432] [PID.2880] =>PUP.Wajam
[MD5.3F918D0A7AEEEBDECFCB28C4A1B8FC65] - (...) -- C:\Program Files (x86)\WinRST\WinRST.exe [59904] [PID.2384] =>PUP.WinRST
[MD5.4789E020D2617046862D1790FC235FF6] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1260320] [PID.3464]
[MD5.53711E93F5FDA357CCB4FAC10B4AA6A5] - (.Wajam Internet Technologies Inc. - Wajam Internet Enhancer.) -- C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancer.exe [73728] [PID.8336] =>PUP.Wajam
[MD5.EC4BEBF4A67891F87CEFA15CA5A13408] - (...) -- C:\Program Files (x86)\SelectionTool-soft\SelectionTool157.exe [196096] [PID.7396]
~ Processes Running: Scanned in 00mn 07s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Google Drive v.6.3 (Activé)
G2 - GCE: Preference [User Data\Default] [ejocekekgcaldnmjngfdbmbeebcekelc] SPOTS - A better way to start v.0.1.38, (Désactivé)
G2 - GCE: Preference [User Data\Default] [hnabdehiamfmckjabaejlcjopbcnfkmh] PriceDowNNloadEEra v.2.4 (Activé) =>PUP.PriceDownloader
G2 - GCE: Preference [User Data\Default] [leahdjjpjmnamomgpojikeapflgbmjab] cacaoweb v.1.16 (Désactivé) =>PUP.CacaoWeb
G2 - GCE: Preference [User Data\Default] [mfffpogegjflfpflabcdkioaeobkgjik] GaiaAuthExtension v.0.0.1, (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)
G2 - GCE: Preference [User Data\Default] [pelmeidfhdlhlbjimpabfcbnnojbboma] Quick Start v.3.2.3, (Désactivé) =>PUP.QuickStart

---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 22 Legitimates Filtered in 00mn 02s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.com =>Hijacker.SmartBar
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com =>Adware.MyWebSearch
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com =>Adware.MyWebSearch
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com =>Hijacker.SmartBar
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com =>Hijacker.Qone8
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qone8.com =>Hijacker.Qone8
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com =>Hijacker.SmartBar
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.qone8.com =>Hijacker.Qone8
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com =>Hijacker.Qone8
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qone8.com =>Hijacker.Qone8
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.com =>Hijacker.SmartBar
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.com =>Hijacker.SmartBar
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.qone8.com =>Hijacker.Qone8
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com =>Hijacker.Qone8
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qone8.com =>Hijacker.Qone8
~ IE Browser: 24 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://127.0.0.1:9880 =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
O1 - Hosts: 216.239.32.20 google.com
O1 - Hosts: 216.239.32.20 google.com www.google.ad
O1 - Hosts: 216.239.32.20 google.com www.google.ae
O1 - Hosts: 216.239.32.20 google.com www.google.com.af
O1 - Hosts: 216.239.32.20 google.com www.google.com.ag
O1 - Hosts: 216.239.32.20 google.com www.google.com.ai
O1 - Hosts: 216.239.32.20 google.com www.google.al
O1 - Hosts: 216.239.32.20 google.com www.google.am
O1 - Hosts: 216.239.32.20 google.com www.google.co.ao
O1 - Hosts: 216.239.32.20 google.com www.google.com.ar
O1 - Hosts: 216.239.32.20 google.com www.google.as
O1 - Hosts: 216.239.32.20 google.com www.google.at
O1 - Hosts: 216.239.32.20 google.com www.google.com.au
O1 - Hosts: 216.239.32.20 google.com www.google.az
O1 - Hosts: 216.239.32.20 google.com www.google.ba
O1 - Hosts: 216.239.32.20 google.com www.google.com.bd
O1 - Hosts: 216.239.32.20 google.com www.google.be
O1 - Hosts: 216.239.32.20 google.com www.google.bf
O1 - Hosts: 216.239.32.20 google.com www.google.bg
O1 - Hosts: 216.239.32.20 google.com www.google.com.bh
O1 - Hosts: 216.239.32.20 google.com www.google.bi
O1 - Hosts: 216.239.32.20 google.com www.google.bj
O1 - Hosts: 216.239.32.20 google.com www.google.com.bn
O1 - Hosts: 216.239.32.20 google.com www.google.com.bo
O1 - Hosts: 216.239.32.20 google.com www.google.com.br
O1 - Hosts: 216.239.32.20 google.com www.google.bs
O1 - Hosts: 216.239.32.20 google.com www.google.bt
O1 - Hosts: 216.239.32.20 google.com www.google.co.bw
O1 - Hosts: 216.239.32.20 google.com www.google.by
O1 - Hosts: 216.239.32.20 google.com www.google.com.bz
O1 - Hosts: 216.239.32.20 google.com www.google.ca
O1 - Hosts: 216.239.32.20 google.com www.google.cd
O1 - Hosts: 216.239.32.20 google.com www.google.cf
O1 - Hosts: 216.239.32.20 google.com www.google.cg
O1 - Hosts: 216.239.32.20 google.com www.google.ch
O1 - Hosts: 216.239.32.20 google.com www.google.ci
O1 - Hosts: 216.239.32.20 google.com www.google.co.ck
O1 - Hosts: 216.239.32.20 google.com www.google.cl
O1 - Hosts: 216.239.32.20 google.com www.google.cm
O1 - Hosts: 216.239.32.20 google.com www.google.cn
O1 - Hosts: 216.239.32.20 google.com www.google.com.co
O1 - Hosts: 216.239.32.20 google.com www.google.co.cr
O1 - Hosts: 216.239.32.20 google.com www.google.com.cu
O1 - Hosts: 216.239.32.20 google.com www.google.cv
O1 - Hosts: 216.239.32.20 google.com www.google.com.cy
O1 - Hosts: 216.239.32.20 google.com www.google.cz
O1 - Hosts: 216.239.32.20 google.com www.google.de
O1 - Hosts: 216.239.32.20 google.com www.google.dj
O1 - Hosts: 216.239.32.20 google.com www.google.dk
O1 - Hosts: 216.239.32.20 google.com www.google.dm
O1 - Hosts: 216.239.32.20 google.com www.google.com.do
O1 - Hosts: 216.239.32.20 google.com www.google.dz
O1 - Hosts: 216.239.32.20 google.com www.google.com.ec
O1 - Hosts: 216.239.32.20 google.com www.google.ee
O1 - Hosts: 216.239.32.20 google.com www.google.com.eg
O1 - Hosts: 216.239.32.20 google.com www.google.es
O1 - Hosts: 216.239.32.20 google.com www.google.com.et
O1 - Hosts: 216.239.32.20 google.com www.google.fi
O1 - Hosts: 216.239.32.20 google.com www.google.com.fj
O1 - Hosts: 216.239.32.20 google.com www.google.fm
O1 - Hosts: 216.239.32.20 google.com www.google.fr
O1 - Hosts: 216.239.32.20 google.com www.google.ga
O1 - Hosts: 216.239.32.20 google.com www.google.ge
O1 - Hosts: 216.239.32.20 google.com www.google.gg
O1 - Hosts: 216.239.32.20 google.com www.google.com.gh
O1 - Hosts: 216.239.32.20 google.com www.google.com.gi
O1 - Hosts: 216.239.32.20 google.com www.google.gl
O1 - Hosts: 216.239.32.20 google.com www.google.gm
O1 - Hosts: 216.239.32.20 google.com www.google.gp
O1 - Hosts: 216.239.32.20 google.com www.google.gr
O1 - Hosts: 216.239.32.20 google.com www.google.com.gt
O1 - Hosts: 216.239.32.20 google.com www.google.gy
O1 - Hosts: 216.239.32.20 google.com www.google.com.hk
O1 - Hosts: 216.239.32.20 google.com www.google.hn
O1 - Hosts: 216.239.32.20 google.com www.google.hr
O1 - Hosts: 216.239.32.20 google.com www.google.ht
O1 - Hosts: 216.239.32.20 google.com www.google.hu
O1 - Hosts: 216.239.32.20 google.com www.google.co.id
O1 - Hosts: 216.239.32.20 google.com www.google.ie
O1 - Hosts: 216.239.32.20 google.com www.google.co.il
O1 - Hosts: 216.239.32.20 google.com www.google.im
O1 - Hosts: 216.239.32.20 google.com www.google.co.in
O1 - Hosts: 216.239.32.20 google.com www.google.iq
O1 - Hosts: 216.239.32.20 google.com www.google.is
O1 - Hosts: 216.239.32.20 google.com www.google.it
O1 - Hosts: 216.239.32.20 google.com www.google.je
O1 - Hosts: 216.239.32.20 google.com www.google.com.jm
O1 - Hosts: 216.239.32.20 google.com www.google.jo
O1 - Hosts: 216.239.32.20 google.com www.google.co.jp
O1 - Hosts: 216.239.32.20 google.com www.google.co.ke
O1 - Hosts: 216.239.32.20 google.com www.google.com.kh
O1 - Hosts: 216.239.32.20 google.com www.google.ki
O1 - Hosts: 216.239.32.20 google.com www.google.kg
O1 - Hosts: 216.239.32.20 google.com www.google.co.kr
O1 - Hosts: 216.239.32.20 google.com www.google.com.kw
O1 - Hosts: 216.239.32.20 google.com www.google.kz
O1 - Hosts: 216.239.32.20 google.com www.google.la
O1 - Hosts: 216.239.32.20 google.com www.google.com.lb
O1 - Hosts: 216.239.32.20 google.com www.google.li
[...]
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 214



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: CrossriderApp0054253 [64Bits] - {11111111-1111-1111-1111-110511421153} . (.Freeven - Freeven pro 1.2 BHO.) -- C:\Program Files (x86)\Freeven pro 1.2\Freeven pro 1.2-bho.dll =>PUP.CrossRider
O2 - BHO: V-bates Helper [64Bits] - {21EAF666-26B3-4a3c-ABD0-CA2F5A326744} . (...) -- C:\Program Files\V-bates\Extension32.dll =>Adware.Incredibar
O2 - BHO: SmartbarInternetExplorerBHOEngine [64Bits] - {31ad400d-1b06-4e33-a59a-90c2c140cba0} . (...) -- mscoree.dll (.not file.) =>Hijacker.SmartBar
O2 - BHO: IETabPage Class [64Bits] - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} . (.Thinknice Co. Limited - SupTab setup package.) -- C:\Program Files (x86)\SupTab\SupTab.dll =>PUP.SupTab
O2 - BHO: sAaviinshop [64Bits] - {BF75E54F-2F7A-4EE0-88BB-41DCD2D0D156} . (...) -- C:\ProgramData\sAaviinshop\6L8VbIl.dll =>PUP.SavinShop
O2 - BHO: IEExtension.Extension [64Bits] - {d40c654d-7c51-4eb3-95b2-1e23905c2a2d} . (...) -- mscoree.dll (.not file.)
~ BHO: 16 Legitimates Filtered in 00mn 01s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Snap.Do - [HKLM]{ae07101b-46d4-4a98-af68-0333ea26e113} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{1017A80C-6F09-4548-A84D-EDD6AC9525F0} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: NewPlayer.lnk . (...) -- C:\Program Files (x86)\NewPlayer\NewPlayer.exe =>Adware.NewPlayer
O4 - GS\Program [Public]: OfferBox.lnk . (.Aedge Performance BCN SL - OfferBox.) -- C:\Program Files (x86)\OfferBox\OfferBox.exe =>PUP.OfferBox
O4 - GS\QuickLaunch [asus]: PC Cleaner.lnk . (...) -- C:\Program Files (x86)\PC Cleaner\PCCleaner.exe (.not file.) =>USP.PCCleaner
O4 - GS\Program [asus]: Search.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe http://feed.snapdo.com =>Hijacker.SmartBar
~ Global Startup: 5 Legitimates Filtered in 00mn 07s



---\\ Applications lancées au démarrage du système (O4)
O4 - GS\Startup [Public]: SoftwareUpdater.lnk . (.Software Updater - Software Updater.) -- C:\Program Files (x86)\Software Updater\SoftwareUpdater.exe =>PUP.Eorezo
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [lxdnmon.exe] . (.Pas de propriétaire - Printer Device Monitor.) -- C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe
O4 - HKLM\..\Run: [EzPrint] . (.Lexmark International Inc. - Lexmark Fast Pics Application.) -- C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe
O4 - HKCU\..\Run: [OfficeSyncProcess] . (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.exe
O4 - HKCU\..\Run: [cacaoweb] . (...) -- C:\Users\asus\AppData\Roaming\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb
O4 - HKCU\..\Run: [Bubble Dock] . (.Nosibay - Bubble Dock.) -- C:\Users\asus\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe =>PUP.BubbleDock
O4 - HKCU\..\Run: [Browser Tab Search by Askx64] C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\BrowserTabSearch\msbloader64.exe (.not file.) =>PUP.MoviesToolbar
O4 - HKCU\..\Run: [Browser Infrastructure Helper] . (.Smartbar - Smartbar.) -- C:\Users\asus\AppData\Local\Smartbar\Application\SnapDo.exe =>Hijacker.SmartBar
O4 - HKLM\..\Wow6432Node\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe (.not file.) =>PUP.Mobogenie
O4 - HKLM\..\Wow6432Node\Run: [fst_fr_170] . (...) -- C:\Program Files (x86)\fst_fr_170\fst_fr_170.exe =>Adware.FreeSoftToday
O4 - HKLM\..\Wow6432Node\Run: [offerbox] . (.Aedge Performance BCN SL - OfferBox.) -- C:\Program Files (x86)\OfferBox\OfferBox.exe =>PUP.OfferBox
O4 - HKLM\..\Wow6432Node\Run: [lxdnmon.exe] . (.Pas de propriétaire - Printer Device Monitor.) -- C:\Program Files (x86) (x86)\Lexmark 2600 Series\lxdnmon.exe
O4 - HKLM\..\Wow6432Node\Run: [lxdnamon] . (...) -- C:\Program Files (x86) (x86)\Lexmark 2600 Series\lxdnamon.exe
O4 - HKLM\..\Wow6432Node\Run: [EzPrint] . (.Lexmark International Inc. - Lexmark Fast Pics Application.) -- C:\Program Files (x86) (x86)\Lexmark 2600 Series\ezprint.exe
O4 - HKLM\..\Wow6432Node\RunOnce: [upfst_fr_170.exe] . (...) -- C:\Users\asus\AppData\Local\fst_fr_170\upfst_fr_170.exe =>Adware.FreeSoftToday
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3865638134-2310788458-2055670615-1000\..\Run: [OfficeSyncProcess] . (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.exe
O4 - HKUS\S-1-5-21-3865638134-2310788458-2055670615-1000\..\Run: [cacaoweb] . (...) -- C:\Users\asus\AppData\Roaming\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb
O4 - HKUS\S-1-5-21-3865638134-2310788458-2055670615-1000\..\Run: [Bubble Dock] . (.Nosibay - Bubble Dock.) -- C:\Users\asus\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe =>PUP.BubbleDock
O4 - HKUS\S-1-5-21-3865638134-2310788458-2055670615-1000\..\Run: [Browser Tab Search by Askx64] C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\BrowserTabSearch\msbloader64.exe (.not file.) =>PUP.MoviesToolbar
O4 - HKUS\S-1-5-21-3865638134-2310788458-2055670615-1000\..\Run: [Browser Infrastructure Helper] . (.Smartbar - Smartbar.) -- C:\Users\asus\AppData\Local\Smartbar\Application\SnapDo.exe =>Hijacker.SmartBar
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{5BFEF337-06FD-47BE-B3D1-5F4C4484E85E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{5BFEF337-06FD-47BE-B3D1-5F4C4484E85E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{5BFEF337-06FD-47BE-B3D1-5F4C4484E85E}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.Skytech Co., Ltd. - Skytech.) - C:\Program Files (x86)\SupTab\SearchProtect64.dll =>PUP.SupTab
~ AppInit DLL: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Service Google Update (gupdate) (gupdate) . (...) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (.not file.)
O23 - Service: IePlugin Service (IePluginService) . (.Cherished Technololgy LIMITED - IePlugin Service.) - C:\ProgramData\IePluginService\PluginService.exe =>Trojan.SProtector
O23 - Service: LPT System Updater Service (LPTSystemUpdater) . (.Pas de propriétaire - srpts.) - C:\Program Files (x86)\LPT\srpts.exe =>Adware.Incredibar
O23 - Service: Movie Mode (MovieMode) . (.GenTechnologies Apps, LLC - Movie Mode Service.) - C:\ProgramData\MovieMode\up\2.6.78\MovieModeService.exe =>PUP.MovieMode
O23 - Service: NewPlayer Updater Service (NewPlayerUpdaterService) . (.Pas de propriétaire - NewPlayerUpdaterService.) - C:\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe =>Adware.NewPlayer
O23 - Service: PirritDesktop (PirritDesktop) . (...) - C:\Users\asus\AppData\Local\PirritSuggestor\PirritService.exe =>PUP.PirritSuggestor
O23 - Service: PirritUpdater (PirritUpdater) . (...) - C:\Program Files (x86)\Pirrit\AutoUpdater.exe =>PUP.PirritSuggestor
O23 - Service: PriceMeterLiveUpdate Service (pricemeterliveUpdate) (pricemeterliveUpdate) . (.PriceMeter - PriceMeterLiveUpdate Update.) - C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe =>PUP.PriceMeter
O23 - Service: SelectionTool (SelectionTool) . (...) - C:\Program Files (x86)\SelectionTool-soft\SelectionTool157.exe
O23 - Service: V-bates Updater (V-bates Updater) . (...) - C:\Program Files\V-bates\ExtensionUpdaterService.exe =>Adware.Incredibar
O23 - Service: Wajam Internet Enhancer Service (Wajam Internet Enhancer Service) . (.Wajam Internet Technologies Inc. - Wajam Internet Enhancer Service.) - C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe =>PUP.Wajam
O23 - Service: WinRST (WinRST) . (...) - C:\Program Files (x86)\WinRST\WinRST.exe =>PUP.WinRST
O23 - Service: Wpm Service (Wpm) . (.Cherished Technololgy LIMITED - WPM Service.) - C:\ProgramData\WPM\wprotectmanager.exe =>PUP.WpManager
~ Services: 18 Legitimates Filtered in 00mn 06s



---\\ Tâches planifiées en automatique (O39)
[MD5.801C74158B846ED240233CA8FAC07461] [APT] [9fb77cad-fe80-4845-9628-2b66036ee0f2-1] (.Freeven.) -- C:\Program Files (x86)\Freeven pro 1.2\Freeven pro 1.2-codedownloader.exe [482152] =>PUP.Freeven
[MD5.F0106D18D2786F9F1D2C89F745CFCAE9] [APT] [9fb77cad-fe80-4845-9628-2b66036ee0f2-2] (.Freeven.) -- C:\Program Files (x86)\Freeven pro 1.2\9fb77cad-fe80-4845-9628-2b66036ee0f2-2.exe [338792] =>PUP.Freeven
[MD5.1FC0589E6D6879A4CC2335CBEEFC0687] [APT] [9fb77cad-fe80-4845-9628-2b66036ee0f2-3] (.Freeven.) -- C:\Program Files (x86)\Freeven pro 1.2\9fb77cad-fe80-4845-9628-2b66036ee0f2-3.exe [1865576] =>PUP.Freeven
[MD5.12AE210FD7F106855E0A56B6360408C2] [APT] [9fb77cad-fe80-4845-9628-2b66036ee0f2-4] (.Freeven.) -- C:\Program Files (x86)\Freeven pro 1.2\9fb77cad-fe80-4845-9628-2b66036ee0f2-4.exe [801128] =>PUP.Freeven
[MD5.C01FE604FDACF9FD558B19917D4E8C57] [APT] [9fb77cad-fe80-4845-9628-2b66036ee0f2-5] (.Freeven.) -- C:\Program Files (x86)\Freeven pro 1.2\9fb77cad-fe80-4845-9628-2b66036ee0f2-5.exe [325992] =>PUP.Freeven
[MD5.DC12AAAE925C0211E4668B9C90BDD2BA] [APT] [Advanced System Protector_startup] (.Systweak.) -- C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe [6600048] =>PUP.AdvancedSystemProtector
[MD5.00000000000000000000000000000000] [APT] [APSnotifierPP1] (...) -- C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe (.not file.) [0] =>PUP.AnyProtect
[MD5.00000000000000000000000000000000] [APT] [APSnotifierPP2] (...) -- C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe (.not file.) [0] =>PUP.AnyProtect
[MD5.00000000000000000000000000000000] [APT] [APSnotifierPP3] (...) -- C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe (.not file.) [0] =>PUP.AnyProtect
[MD5.07605ABEB10FC533881C91F19DECF69A] [APT] [AutoKMS] (...) -- C:\Windows\AutoKMS\AutoKMS.exe [1923584] =>Trojan.Keygen
[MD5.00000000000000000000000000000000] [APT] [Express FilesUpdate] (...) -- C:\Program Files (x86)\ExpressFiles\EFUpdater.exe (.not file.) [0] =>Adware.ExpressFiles
[MD5.E4F815680844A22F663273FBFEBBF52D] [APT] [FF Watcher {0B917540-3050-4590-9C64-034BD18AF409}] (...) -- C:\Program Files\V-bates\PrefHelper.exe [336384] =>Adware.Incredibar
[MD5.EF46205D284DFFE5AC49866003E24123] [APT] [FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl] (.Sien SA.) -- C:\Users\asus\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl\MinibarChrome.exe [869184] =>PUP.Minibar
[MD5.6611F0E57AA3223FA798BE3F6D1DF458] [APT] [MySearchDial] (...) -- C:\Users\asus\AppData\Roaming\MySearchDial\UpdateProc\UpdateTask.exe [104960] =>Adware.MyWebSearch
[MD5.C96477FF16BB1B3885D125B2D4CB870B] [APT] [pricemeterdownloader] (.PriceMeter.) -- C:\Users\asus\AppData\Local\PriceMeter\pricemeterd.exe [370184] =>PUP.PriceMeter
[MD5.3D8B851E7EFCDC130E4B301BDDE10099] [APT] [PriceMeterLiveUpdateUpdateTaskMachineCore] (.PriceMeter.) -- C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe [150504] =>PUP.PriceMeter
[MD5.3D8B851E7EFCDC130E4B301BDDE10099] [APT] [PriceMeterLiveUpdateUpdateTaskMachineUA] (.PriceMeter.) -- C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe [150504] =>PUP.PriceMeter
[MD5.731D5021CC80657598F954A9007AFD94] [APT] [PriceMeterUpdater] (...) -- C:\Users\asus\AppData\Roaming\PriceMeterUpdater\UpdateProc\UpdateTask.exe [110592] =>PUP.PriceMeter
[MD5.208F31C7823091F6925266C1906A27B1] [APT] [SelectionTool Update] (...) -- C:\Program Files (x86)\SelectionTool-soft\STupd.exe [321536]
[MD5.385B043F340AB3A8DF69F66C4F5886AF] [APT] [SelectionTool_wd] (...) -- C:\Program Files (x86)\SelectionTool-soft\SelectionTool_wd.exe [93696]
O39 - APT: 9fb77cad-fe80-4845-9628-2b66036ee0f2-1 - (.Freeven.) -- C:\Windows\Tasks\9fb77cad-fe80-4845-9628-2b66036ee0f2-1.job [1398] =>PUP.CrossRider
O39 - APT: 9fb77cad-fe80-4845-9628-2b66036ee0f2-1 - (.Freeven.) -- C:\Windows\System32\Tasks\9fb77cad-fe80-4845-9628-2b66036ee0f2-1 [1398] =>PUP.CrossRider
O39 - APT: 9fb77cad-fe80-4845-9628-2b66036ee0f2-2 - (.Freeven.) -- C:\Windows\Tasks\9fb77cad-fe80-4845-9628-2b66036ee0f2-2.job [1370] =>PUP.CrossRider
O39 - APT: 9fb77cad-fe80-4845-9628-2b66036ee0f2-2 - (.Freeven.) -- C:\Windows\System32\Tasks\9fb77cad-fe80-4845-9628-2b66036ee0f2-2 [1370] =>PUP.CrossRider
O39 - APT: 9fb77cad-fe80-4845-9628-2b66036ee0f2-3 - (.Freeven.) -- C:\Windows\Tasks\9fb77cad-fe80-4845-9628-2b66036ee0f2-3.job [2412] =>PUP.CrossRider
O39 - APT: 9fb77cad-fe80-4845-9628-2b66036ee0f2-3 - (.Freeven.) -- C:\Windows\System32\Tasks\9fb77cad-fe80-4845-9628-2b66036ee0f2-3 [2412] =>PUP.CrossRider
O39 - APT: 9fb77cad-fe80-4845-9628-2b66036ee0f2-4 - (.Freeven.) -- C:\Windows\Tasks\9fb77cad-fe80-4845-9628-2b66036ee0f2-4.job [2132] =>PUP.CrossRider
O39 - APT: 9fb77cad-fe80-4845-9628-2b66036ee0f2-4 - (.Freeven.) -- C:\Windows\System32\Tasks\9fb77cad-fe80-4845-9628-2b66036ee0f2-4 [2132] =>PUP.CrossRider
O39 - APT: 9fb77cad-fe80-4845-9628-2b66036ee0f2-5 - (.Freeven.) -- C:\Windows\Tasks\9fb77cad-fe80-4845-9628-2b66036ee0f2-5.job [1482] =>PUP.CrossRider
O39 - APT: 9fb77cad-fe80-4845-9628-2b66036ee0f2-5 - (.Freeven.) -- C:\Windows\System32\Tasks\9fb77cad-fe80-4845-9628-2b66036ee0f2-5 [1482] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: APSnotifierPP1 - (...) -- C:\Windows\Tasks\APSnotifierPP1.job [382] =>PUP.AnyProtect
O39 - APT: APSnotifierPP1 - (...) -- C:\Windows\System32\Tasks\APSnotifierPP1 [382] =>PUP.AnyProtect
O39 - APT: APSnotifierPP2 - (...) -- C:\Windows\Tasks\APSnotifierPP2.job [378] =>PUP.AnyProtect
O39 - APT: APSnotifierPP2 - (...) -- C:\Windows\System32\Tasks\APSnotifierPP2 [378] =>PUP.AnyProtect
O39 - APT: APSnotifierPP3 - (...) -- C:\Windows\Tasks\APSnotifierPP3.job [378] =>PUP.AnyProtect
O39 - APT: APSnotifierPP3 - (...) -- C:\Windows\System32\Tasks\APSnotifierPP3 [378] =>PUP.AnyProtect
O39 - APT: AutoKMS - (...) -- C:\Windows\Tasks\AutoKMS.job [268] =>Trojan.Keygen
O39 - APT: AutoKMS - (...) -- C:\Windows\System32\Tasks\AutoKMS [268] =>Trojan.Keygen
O39 - APT: FF Watcher {0B917540-3050-4590-9C64-034BD18AF409} - (...) -- C:\Windows\Tasks\FF Watcher {0B917540-3050-4590-9C64-034BD18AF409}.job [280]
O39 - APT: FF Watcher {0B917540-3050-4590-9C64-034BD18AF409} - (...) -- C:\Windows\System32\Tasks\FF Watcher {0B917540-3050-4590-9C64-034BD18AF409} [280]
O39 - APT: MySearchDial - (...) -- C:\Windows\Tasks\MySearchDial.job [304] =>Adware.MyWebSearch
O39 - APT: MySearchDial - (...) -- C:\Windows\System32\Tasks\MySearchDial [304] =>Adware.MyWebSearch
O39 - APT: PriceMeterLiveUpdateUpdateTaskMachineCore - (.PriceMeter.) -- C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job [958] =>PUP.PriceMeter
O39 - APT: PriceMeterLiveUpdateUpdateTaskMachineCore - (.PriceMeter.) -- C:\Windows\System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore [958] =>PUP.PriceMeter
O39 - APT: PriceMeterLiveUpdateUpdateTaskMachineUA - (.PriceMeter.) -- C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job [962] =>PUP.PriceMeter
O39 - APT: PriceMeterLiveUpdateUpdateTaskMachineUA - (.PriceMeter.) -- C:\Windows\System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA [962] =>PUP.PriceMeter
O39 - APT: PriceMeterUpdater - (...) -- C:\Windows\Tasks\PriceMeterUpdater.job [314] =>PUP.PriceMeter
O39 - APT: PriceMeterUpdater - (...) -- C:\Windows\System32\Tasks\PriceMeterUpdater [314] =>PUP.PriceMeter
O39 - APT: SelectionTool Update - (...) -- C:\Windows\Tasks\SelectionTool Update.job [406]
O39 - APT: SelectionTool Update - (...) -- C:\Windows\System32\Tasks\SelectionTool Update [406]
O39 - APT: SelectionTool_wd - (...) -- C:\Windows\Tasks\SelectionTool_wd.job [412]
O39 - APT: SelectionTool_wd - (...) -- C:\Windows\System32\Tasks\SelectionTool_wd [412]
~ Scheduled Task: 49 Legitimates Filtered in 00mn 09s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: ({552199fb-9890-4055-9aaf-b2f6d51d46e9}w64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{552199fb-9890-4055-9aaf-b2f6d51d46e9}w64.sys =>PUP.LinkiDoo
~ Drivers: 66 Legitimates Filtered in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: Advanced System Protector - (.Systweak Software.) [HKLM][64Bits] -- 00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1 =>PUP.AdvancedSystemProtector
O42 - Logiciel: Freeven pro 1.2 - (.Freeven.) [HKLM][64Bits] -- Freeven pro 1.2 =>PUP.Freeven
O42 - Logiciel: Iminent - (.Iminent.) [HKLM][64Bits] -- IMBoosterARP =>Adware.IMBooster
O42 - Logiciel: LPT System Updater Service - (.LPT.) [HKLM][64Bits] -- {BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24} =>Adware.IncrediBar
O42 - Logiciel: Movie Mode - (.GenTechnologies Apps, LLC.) [HKLM][64Bits] -- MovieMode =>PUP.MovieMode
O42 - Logiciel: My 7 CustoBox - (.Http://www.My7Vision.Fr.) [HKLM][64Bits] -- {C1942FF7-ACAA-42AF-BF1D-9A5440401AA6}_is1
O42 - Logiciel: Mysearchdial - (.Mysearchdial.) [HKLM][64Bits] -- mysearchdial =>Adware.MyWebSearch
O42 - Logiciel: NewPlayer - (...) [HKLM][64Bits] -- NewPlayer =>Adware.NewPlayer
O42 - Logiciel: SelectionTool - (.SelectionTool Software.) [HKLM][64Bits] -- 9288f417-7d88-4ac0-89eb-7c81559e985e
O42 - Logiciel: Update for PriceMeter - (.Update for PriceMeter.) [HKCU][64Bits] -- PriceMeterUpdater =>PUP.PriceMeter
O42 - Logiciel: V-bates 2.0.0.438 - (.Southstarco.) [HKLM][64Bits] -- {21EAF666-26B3-4a3c-ABD0-CA2F5A326744}_is1 =>Adware.Incredibar
O42 - Logiciel: VO Package - (...) [HKLM][64Bits] -- VOPackage =>Adware.Downware
O42 - Logiciel: WPM17.8.0.3442 - (.Cherished Technololgy LIMITED.) [HKLM][64Bits] -- WPM =>PUP.WpManager
O42 - Logiciel: Wajam - (.Wajam.) [HKLM][64Bits] -- Wajam =>PUP.Wajam
O42 - Logiciel: fst_fr_170 - (.free_soft_today.) [HKLM][64Bits] -- fst_fr_170_is1 =>Adware.FreeSoftToday
O42 - Logiciel: fst_fr_26 - (.FREESOFTTODAY.) [HKLM][64Bits] -- fst_fr_26_is1 =>Adware.FreeSoftToday
O42 - Logiciel: sAaviinshop - (.SiaaveiNshoop.) [HKLM][64Bits] -- {70BD2558-27DA-8B02-02D0-D8704ECD2EDF} =>PUP.SavinShop
~ Logic: 35 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AnyProtect] =>PUP.AnyProtect
[HKCU\Software\ExpressFiles] =>Adware.ExpressFiles
[HKCU\Software\Iminent] =>Adware.IMBooster
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\InstalledBrowserExtensions] =>Adware.VidSaver
[HKCU\Software\OB]
[HKCU\Software\OfferBox] =>PUP.OfferBox
[HKCU\Software\PriceMeter] =>PUP.PriceMeter
[HKCU\Software\SmartbarBackup] =>Hijacker.SmartBar
[HKCU\Software\SmartbarLog] =>Hijacker.SmartBar
[HKCU\Software\Smartbar] =>Hijacker.SmartBar
[HKCU\Software\TutoTag] =>AgenceExclusive
[HKCU\Software\Tutorials] =>AgenceExclusive
[HKCU\Software\Wajam] =>PUP.Wajam
[HKCU\Software\WinkHandler] =>Adware.IMBooster
[HKCU\Software\cacaoweb] =>PUP.CacaoWeb
[HKCU\Software\freesofttoday] =>Adware.FreeSoftToday
[HKCU\Software\lollipop] =>Adware.Lollipop
[HKCU\Software\mysearchdial] =>Adware.MyWebSearch
[HKLM\Software\InstalledBrowserExtensions] =>Adware.VidSaver
[HKLM\Software\V-bates] =>Adware.Incredibar
[HKLM\Software\Wow6432Node\DealPlyLive] =>PUP.DealPly
[HKLM\Software\Wow6432Node\ExpressFiles] =>Adware.ExpressFiles
[HKLM\Software\Wow6432Node\FREESOFTTODAY] =>Adware.FreeSoftToday
[HKLM\Software\Wow6432Node\IePlugin]
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\InstallCore] =>Adware.InstallCore
[HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>Adware.VidSaver
[HKLM\Software\Wow6432Node\MaxPower]
[HKLM\Software\Wow6432Node\MySearchDial] =>Adware.MyWebSearch
[HKLM\Software\Wow6432Node\RST]
[HKLM\Software\Wow6432Node\Tutorials] =>AgenceExclusive
[HKLM\Software\Wow6432Node\Umbrella]
[HKLM\Software\Wow6432Node\V-bates] =>Adware.Incredibar
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager
[HKLM\Software\Wow6432Node\free_soft_today] =>Adware.FreeSoftToday
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager
~ Key Software: 217 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 07/10/2008 - 00:14:41 - [] ----D C:\Program Files (x86)\Advanced System Protector =>PUP.AdvancedSystemProtector
O43 - CFD: 07/10/2008 - 00:37:10 - [] ----D C:\Program Files (x86)\Freeven pro 1.2 =>PUP.Freeven
O43 - CFD: 07/10/2008 - 01:58:50 - [] ----D C:\Program Files (x86)\fst_fr_170 =>Adware.FreeSoftToday
O43 - CFD: 07/10/2008 - 00:14:41 - [] ----D C:\Program Files (x86)\fst_fr_26 =>Adware.FreeSoftToday
O43 - CFD: 07/10/2008 - 00:18:49 - [] ----D C:\Program Files (x86)\HQTotal1.2
O43 - CFD: 01/05/2014 - 17:03:37 - [] ----D C:\Program Files (x86)\LPT =>Adware.Incredibar
O43 - CFD: 13/01/2014 - 19:35:12 - [] ----D C:\Program Files (x86)\My 7 CustoBox
O43 - CFD: 07/10/2008 - 01:58:08 - [] ----D C:\Program Files (x86)\Mysearchdial =>Adware.MyWebSearch
O43 - CFD: 07/10/2008 - 00:37:09 - [] ----D C:\Program Files (x86)\NewPlayer =>Adware.NewPlayer
O43 - CFD: 29/04/2014 - 17:29:12 - [] ----D C:\Program Files (x86)\OfferBox =>PUP.OfferBox
O43 - CFD: 07/10/2008 - 00:32:46 - [] ----D C:\Program Files (x86)\RegClean Pro =>Rogue.RegistryPowerCleaner
O43 - CFD: 07/10/2008 - 00:18:48 - [] ----D C:\Program Files (x86)\SaveClicker =>PUP.SaveClicker
O43 - CFD: 07/10/2008 - 00:14:40 - [] ----D C:\Program Files (x86)\SelectionTool-soft
O43 - CFD: 07/10/2008 - 00:04:31 - [] ----D C:\Program Files (x86)\Supporter =>PUP.SaveClicker
O43 - CFD: 29/03/2014 - 20:27:33 - [] ----D C:\Program Files (x86)\SupTab =>PUP.SupTab
O43 - CFD: 07/10/2008 - 00:14:42 - [] ----D C:\Program Files (x86)\Wajam =>PUP.Wajam
O43 - CFD: 30/03/2014 - 19:16:46 - [] ----D C:\Program Files (x86)\WinRST =>PUP.WinRST
O43 - CFD: 29/04/2014 - 17:28:29 - [] ----D C:\Program Files (x86)\Common Files\Umbrella
O43 - CFD: 07/10/2008 - 00:41:39 - [] ----D C:\ProgramData\96ff9d90da9b675f
O43 - CFD: 30/03/2014 - 17:53:00 - [0] ----D C:\ProgramData\BitGuard =>PUP.BitGuard
O43 - CFD: 30/03/2014 - 17:53:00 - [0] ----D C:\ProgramData\Browser Manager
O43 - CFD: 30/03/2014 - 17:53:01 - [0] ----D C:\ProgramData\BrowserProtect =>Hijacker.Eazel
O43 - CFD: 15/04/2014 - 13:35:21 - [] ----D C:\ProgramData\IePluginService =>Trojan.SProtector
O43 - CFD: 07/10/2008 - 00:11:22 - [] ----D C:\ProgramData\MovieMode =>PUP.MovieMode
O43 - CFD: 07/10/2008 - 00:41:37 - [] ----D C:\ProgramData\sAaviinshop =>PUP.SavinShop
O43 - CFD: 07/10/2008 - 00:18:46 - [] ----D C:\ProgramData\SaveClicker =>PUP.SaveClicker
O43 - CFD: 29/03/2014 - 20:27:21 - [] ----D C:\ProgramData\WPM =>PUP.WpManager
O43 - CFD: 07/10/2008 - 00:58:02 - [0] ----D C:\Users\asus\AppData\Roaming\Activeris =>PUP.Activeris
O43 - CFD: 08/05/2014 - 20:44:09 - [] ----D C:\Users\asus\AppData\Roaming\cacaoweb =>PUP.CacaoWeb
O43 - CFD: 29/04/2014 - 17:28:00 - [] ----D C:\Users\asus\AppData\Roaming\driver
O43 - CFD: 30/03/2014 - 17:31:45 - [] ----D C:\Users\asus\AppData\Roaming\ExpressFiles =>Adware.ExpressFiles
O43 - CFD: 08/05/2014 - 14:38:27 - [] ----D C:\Users\asus\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
O43 - CFD: 07/10/2008 - 01:58:08 - [] ----D C:\Users\asus\AppData\Roaming\mysearchdial =>Adware.MyWebSearch
O43 - CFD: 29/04/2014 - 17:29:16 - [] ----D C:\Users\asus\AppData\Roaming\OfferBox =>PUP.OfferBox
O43 - CFD: 07/10/2008 - 00:13:54 - [] ----D C:\Users\asus\AppData\Roaming\PriceMeterUpdater =>PUP.PriceMeter
O43 - CFD: 29/03/2014 - 20:27:31 - [] ----D C:\Users\asus\AppData\Roaming\SupTab =>PUP.SupTab
O43 - CFD: 29/04/2014 - 17:29:29 - [] ----D C:\Users\asus\AppData\Roaming\VOPackage =>Adware.Downware
O43 - CFD: 07/10/2008 - 00:39:26 - [] ----D C:\Users\asus\AppData\Local\com
O43 - CFD: 08/05/2014 - 15:39:49 - [] ----D C:\Users\asus\AppData\Local\fst_fr_170 =>Adware.FreeSoftToday
O43 - CFD: 07/10/2008 - 01:31:52 - [] ----D C:\Users\asus\AppData\Local\fst_fr_26 =>Adware.FreeSoftToday
O43 - CFD: 05/04/2014 - 21:27:27 - [0] ----D C:\Users\asus\AppData\Local\Lollipop =>Adware.Lollipop
O43 - CFD: 29/04/2014 - 17:45:08 - [] ----D C:\Users\asus\AppData\Local\LPT =>Adware.Incredibar
O43 - CFD: 08/05/2014 - 20:56:46 - [] ----D C:\Users\asus\AppData\Local\MovieMode =>PUP.MovieMode
O43 - CFD: 07/10/2008 - 00:37:48 - [] ----D C:\Users\asus\AppData\Local\newplayer =>Adware.NewPlayer
O43 - CFD: 07/10/2008 - 00:14:42 - [] ----D C:\Users\asus\AppData\Local\PriceMeter =>PUP.PriceMeter
O43 - CFD: 29/04/2014 - 17:45:03 - [] ----D C:\Users\asus\AppData\Local\Smartbar =>Hijacker.SmartBar
O43 - CFD: 30/03/2014 - 19:16:50 - [0] ----D C:\Users\asus\AppData\Local\WinRST =>PUP.WinRST
O43 - CFD: 07/10/2008 - 00:14:41 - [] ----D C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceMeter =>PUP.PriceMeter
O43 - CFD: 07/10/2008 - 00:14:41 - [] ----D C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage =>Adware.Downware
~ Program Folder: 156 Legitimates Filtered in 00mn 01s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.4B333D3CC96AE66BD754329FD2989EE2] - 01/05/2014 - 18:40:47 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [72822]
O44 - LFC:[MD5.8DF678FD93646AED6724FD7DE4294DC7] - 01/05/2014 - 18:43:00 ---A- . (...) -- C:\Windows\IE9_main.log [4599]
O44 - LFC:[MD5.C236A8735A48B165A2A7724357DBE332] - 03/05/2014 - 14:26:21 ---A- . (...) -- C:\Windows\System32\RacRules.xml [105559]
O44 - LFC:[MD5.5EC92F0EAE3CA59F647C3CA5AA7CB053] - 03/05/2014 - 14:26:29 ---A- . (...) -- C:\Windows\System32\systemsf.ebd [347904]
O44 - LFC:[MD5.5C18CD22BE4628865FCB63337A6E5EF6] - 03/05/2014 - 14:26:35 ---A- . (...) -- C:\Windows\System32\ScavengeSpace.xml [10429]
O44 - LFC:[MD5.4FD50C55D8BF9F3AF5F4306FBB8839FD] - 03/05/2014 - 14:32:01 ---A- . (...) -- C:\lxdn.log [600]
O44 - LFC:[MD5.3A42C362161C7EAB1B672A2E2BBABBDC] - 03/05/2014 - 14:54:13 ---A- . (...) -- C:\Windows\System32\LXDNinst.dll [528384]
O44 - LFC:[MD5.40707F4E1D40B8D163D508DA1541D13C] - 03/05/2014 - 14:54:13 ---A- . (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\System32\LXDNhcp.dll [672256]
O44 - LFC:[MD5.C64A2460DFF515A6C356886EDDBD0CD4] - 03/05/2014 - 14:54:38 ---A- . (...) -- C:\Windows\System32\LexFiles.ulf [16629]
O44 - LFC:[MD5.AC705DD883AB3E34D20BE0B516B4D832] - 24/04/2014 - 11:19:46 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{552199fb-9890-4055-9aaf-b2f6d51d46e9}w64.sys [61112] =>PUP.LinkiDoo
O44 - LFC:[MD5.14B3A55E048392DA9D3131F2EED071FE] - 29/04/2014 - 16:59:32 ---A- . (...) -- C:\lxdncomx.log [180]
~ Files: 991 Legitimates Filtered in 01mn 58s



---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\Microsoft Office\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\Microsoft Office\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - bitguard.exe - tasklist.exe =>PUP.BitGuard
O50 - IFEO:Image File Execution Options - bprotect.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - bpsvc.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - browsemngr.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - browserdefender.exe - tasklist.exe =>Hijacker.Eazel
O50 - IFEO:Image File Execution Options - browsermngr.exe - tasklist.exe =>PUP.Babylon
O50 - IFEO:Image File Execution Options - browserprotect.exe - tasklist.exe =>Hijacker.Eazel
O50 - IFEO:Image File Execution Options - browsersafeguard.exe - tasklist.exe =>PUP.BrowserSafeguard
O50 - IFEO:Image File Execution Options - bundlesweetimsetup.exe - tasklist.exe =>PUP.SweetIM
O50 - IFEO:Image File Execution Options - cltmngsvc.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - DatamngrCoordinator.exe - tasklist.exe =>PUP.Datamngr
O50 - IFEO:Image File Execution Options - delta babylon.exe - tasklist.exe =>PUP.Babylon
O50 - IFEO:Image File Execution Options - delta tb.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - delta2.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - deltainstaller.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - deltasetup.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - deltatb.exe - tasklist.exe =>Toolbar.DeltaSearch
O50 - IFEO:Image File Execution Options - deltatb_2501-c733154b.exe - tasklist.exe =>Toolbar.DeltaSearch
O50 - IFEO:Image File Execution Options - dprotectsvc.exe - tasklist.exe =>Trojan.Staser
O50 - IFEO:Image File Execution Options - iminentsetup.exe - tasklist.exe =>Adware.IMBooster
O50 - IFEO:Image File Execution Options - protectedsearch.exe - tasklist.exe =>Spyware.ProtectedSearch
O50 - IFEO:Image File Execution Options - rjatydimofu.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - searchprotection.exe - tasklist.exe =>Toolbar.Conduit
O50 - IFEO:Image File Execution Options - searchprotector.exe - tasklist.exe =>Toolbar.Conduit
O50 - IFEO:Image File Execution Options - snapdo.exe - tasklist.exe =>Hijacker.SmartBar
O50 - IFEO:Image File Execution Options - stinst32.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - stinst64.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - sweetimsetup.exe - tasklist.exe =>PUP.SweetIM
O50 - IFEO:Image File Execution Options - tbdelta.exetoolbar783881609.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - utiljumpflip.exe - tasklist.exe =>PUP.JumpFlip
~ IFEO: Scanned in 00mn 00s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{fefd17cc-d138-11e3-a9a5-002354810931}\AutoRun\command. (...) -- E:\iLinker.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "RunLogonScriptSync"=1
O55 - MWPS:[HKLM\...\Policies\System] - "SynchronousMachineGroupPolicy"=0
O55 - MWPS:[HKLM\...\Policies\System] - "SynchronousUserGroupPolicy"=0
~ MWPS: 20 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "LinkResolveIgnoreLinkInfo"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoResolveSearch"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoResolveTrack"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 8 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:09/08/2007 - 00:21:00 ---A- . (.Pas de propriétaire - ATK0100 ACPI Utility.) -- C:\Windows\System32\Drivers\ATK64AMD.sys [13680]
O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:18/11/2006 - 12:07:48 ---A- . (.REDC - RICOH xD SM Driver.) -- C:\Windows\System32\Drivers\rixdpx64.sys [55296]
O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:24/04/2014 - 11:19:46 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{552199fb-9890-4055-9aaf-b2f6d51d46e9}w64.sys [61112] =>PUP.LinkiDoo
~ Drivers: 48 Legitimates Filtered in 00mn 01s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 24/04/2014 - C:\Windows\System32\drivers\{552199fb-9890-4055-9aaf-b2f6d51d46e9}w64.sys ({552199fb-9890-4055-9aaf-b2f6d51d46e9}w64) .(.StdLib - StdLib.) - LEGACY_{552199FB-9890-4055-9AAF-B2F6D51D46E9}W64 =>PUP.LinkiDoo
~ Legacy: 71 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://start.qone8.com =>Hijacker.Qone8
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {006ee092-9658-4fd6-bd8e-a21a348e59f5} [DefaultScope] - (Web Search) - http://feed.snapdo.com =>Hijacker.SmartBar
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {006ee092-9658-4fd6-bd8e-a21a348e59f5} [DefaultScope] - (Web Search) - http://feed.snapdo.com =>Hijacker.SmartBar
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {006ee092-9658-4fd6-bd8e-a21a348e59f5} [DefaultScope] - (Web Search) - http://feed.snapdo.com =>Hijacker.SmartBar
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.6DBF73D20C7532592C5749381A3C24DE] [SPRF][08/05/2014] (...) -- C:\Users\asus\Desktop\cacaoweb.exe [489984] =>PUP.CacaoWeb
~ Files: 1 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.09D232ED38DC5023D3E61A6B890144EC] [WIS][29/04/2014] (.ReSoft Ltd. - Snap.Do.) -- C:\Windows\Installer\526ede.msi [10108928] =>Hijacker.SmartBar
[MD5.0018C0854FB76747B5FCECD34856186D] [WIS][08/04/2014] (.LPT - LPT System Updater Service.) -- C:\Windows\Installer\526ee3.msi [1892352] =>Adware.IncrediBar
~ WIS: 2 Legitimates Filtered in 00mn 01s



---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32 =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\MovieMode64_RASAPI32 =>PUP.MovieMode
HKLM\SOFTWARE\Microsoft\Tracing\MovieMode64_RASMANCS =>PUP.MovieMode
HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASAPI32 =>Adware.NewPlayer
HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASMANCS =>Adware.NewPlayer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ActiverisAntiMalware_RASAPI32 =>PUP.Activeris
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ActiverisAntiMalware_RASMANCS =>PUP.Activeris
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32 =>PUP.AdvancedSystemProtector
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS =>PUP.AdvancedSystemProtector
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AnyProtectScannerSetup_RASAPI32 =>PUP.AnyProtect
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AnyProtectScannerSetup_RASMANCS =>PUP.AnyProtect
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bubble Dock AddonsUI_RASAPI32 =>PUP.BubbleDock
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bubble Dock AddonsUI_RASMANCS =>PUP.BubbleDock
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bubble Dock BSetup_RASAPI32 =>PUP.BubbleDock
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bubble Dock BSetup_RASMANCS =>PUP.BubbleDock
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bubble Dock Update_RASAPI32 =>PUP.BubbleDock
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bubble Dock Update_RASMANCS =>PUP.BubbleDock
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bubble Dock_RASAPI32 =>PUP.BubbleDock
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bubble Dock_RASMANCS =>PUP.BubbleDock
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ExpressFiles_RASAPI32 =>Adware.ExpressFiles
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ExpressFiles_RASMANCS =>Adware.ExpressFiles
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Freeven pro 1_RASAPI32 =>PUP.Freeven
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Freeven pro 1_RASMANCS =>PUP.Freeven
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\fst_fr_170_RASAPI32 =>Adware.FreeSoftToday
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\fst_fr_170_RASMANCS =>Adware.FreeSoftToday
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Iminent_RASAPI32 =>Adware.IMBooster
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Iminent_RASMANCS =>Adware.IMBooster
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InstallManagerR_RASAPI32 =>PUP.Manager
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InstallManagerR_RASMANCS =>PUP.Manager
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Install_BubbleDock_FR_RASAPI32 =>PUP.BubbleDock
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Install_BubbleDock_FR_RASMANCS =>PUP.BubbleDock
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Lollipop_RASAPI32 =>Adware.Lollipop
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Lollipop_RASMANCS =>Adware.Lollipop
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Mobogenie_RASAPI32 =>PUP.Mobogenie
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Mobogenie_RASMANCS =>PUP.Mobogenie
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MovieModeService_RASAPI32 =>PUP.MovieMode
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MovieModeService_RASMANCS =>PUP.MovieMode
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MovieMode_RASAPI32 =>PUP.MovieMode
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MovieMode_RASMANCS =>PUP.MovieMode
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MySearchDial_RASAPI32 =>Adware.MyWebSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MySearchDial_RASMANCS =>Adware.MyWebSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NewPlayer_RASAPI32 =>Adware.NewPlayer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NewPlayer_RASMANCS =>Adware.NewPlayer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\OfferBoxUpdateService_RASAPI32 =>PUP.OfferBox
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\OfferBoxUpdateService_RASMANCS =>PUP.OfferBox
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\offerbox_RASAPI32 =>PUP.OfferBox
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\offerbox_RASMANCS =>PUP.OfferBox
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\OptimizerPro_RASAPI32 =>PUP.OptimizerPro
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\OptimizerPro_RASMANCS =>PUP.OptimizerPro
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\OptProStart_RASAPI32 =>PUP.OptimizerPro
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\OptProStart_RASMANCS =>PUP.OptimizerPro
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PCSpeedMaximizer_RASAPI32 =>Rogue.PCSpeedMaximizer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PCSpeedMaximizer_RASMANCS =>Rogue.PCSpeedMaximizer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PirritDesktop_RASAPI32 =>PUP.PirritSuggestor
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PirritDesktop_RASMANCS =>PUP.PirritSuggestor
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PirritSuggestor_InstallMonetizer_RASAPI32 =>PUP.PirritSuggestor
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PirritSuggestor_InstallMonetizer_RASMANCS =>PUP.PirritSuggestor
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\pricemeterd_RASAPI32 =>PUP.PriceMeter
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\pricemeterd_RASMANCS =>PUP.PriceMeter
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftwareUpdater_RASAPI32 =>PUP.Eorezo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftwareUpdater_RASMANCS =>PUP.Eorezo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\speedupmypc_RASAPI32 =>PUP.SpeedUpMyPC
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\speedupmypc_RASMANCS =>PUP.SpeedUpMyPC
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SupTab_RASAPI32 =>PUP.SupTab
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SupTab_RASMANCS =>PUP.SupTab
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Uninstall Bubble Dock_RASAPI32 =>PUP.BubbleDock
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Uninstall Bubble Dock_RASMANCS =>PUP.BubbleDock
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\upfst_fr_170_RASAPI32 =>Adware.FreeSoftToday
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\upfst_fr_170_RASMANCS =>Adware.FreeSoftToday
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\upfst_fr_26_RASAPI32 =>Adware.FreeSoftToday
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\upfst_fr_26_RASMANCS =>Adware.FreeSoftToday
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\VOPackage_RASAPI32 =>Adware.Downware
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\VOPackage_RASMANCS =>Adware.Downware
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancerService_RASAPI32 =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancerService_RASMANCS =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32 =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wajam_download_RASAPI32 =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wajam_download_RASMANCS =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wajam_install_RASAPI32 =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wajam_install_RASMANCS =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wpm_RASAPI32 =>PUP.WpManager
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wpm_RASMANCS =>PUP.WpManager
~ BTK: 373 Legitimates Filtered in 00mn 00s



---\\ Recherche de clés de registre CLSID (O101)
[HKCR\CLSID\{11111111-1111-1111-1111-110511421153}] (Freeven pro 1.2) =>PUP.Freeven
[HKCR\CLSID\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] (V-bates) =>Adware.Incredibar
[HKCR\CLSID\{22222222-2222-2222-2222-220522422253}] (CrossriderApp0054253.Sandbox) =>PUP.CrossRider
[HKCR\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}] (SmartbarInternetExplorerBHOEngine) =>Hijacker.SmartBar
[HKCR\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}] (Snap.Do) =>Hijacker.SmartBar
~ BCK: 4290 Legitimates Filtered in 00mn 07s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 02/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 10/07/1658 0 | (gupdate) . (...) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 10/07/1658 0 | (gupdatem) . (...) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Auto 20/06/2013 336704 | (OfferBox update service) . (.Aedge Performance BCN SL.) - C:\Program Files (x86)\OfferBox\OfferBoxUpdateService.exe =>PUP.OfferBox
SS - | Auto 30/03/2014 150504 | (pricemeterliveUpdate) . (.PriceMeter.) - C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe =>PUP.PriceMeter
SS - | Demand 30/03/2014 150504 | (pricemeterliveUpdatem) . (.PriceMeter.) - C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe =>PUP.PriceMeter
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 11/04/2014 705136 | (IePluginService) . (.Cherished Technololgy LIMITED.) - C:\ProgramData\IePluginService\PluginService.exe =>Trojan.SProtector
SR - | Auto 08/04/2014 37920 | (LPTSystemUpdater) . (...) - C:\Program Files (x86)\LPT\srpts.exe =>Adware.Incredibar
SR - | Auto 28/11/2007 1039872 | (lxdn_device) . (...) - C:\Windows\system32\lxdncoms.exe
SR - | Auto 06/10/2008 66704 | (MovieMode) . (.GenTechnologies Apps, LLC.) - C:\ProgramData\MovieMode\up\2.6.78\MovieModeService.exe =>PUP.MovieMode
SR - | Auto 23/10/2013 23808 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 16/04/2014 11776 | (NewPlayerUpdaterService) . (...) - C:\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe =>Adware.NewPlayer
SR - | Auto 18/01/2013 884512 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 26/02/2013 1260320 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 20/02/2014 52568 | (PirritDesktop) . (...) - C:\Users\asus\AppData\Local\PirritSuggestor\PirritService.exe =>PUP.PirritSuggestor
SR - | Auto 20/02/2014 59904 | (PirritUpdater) . (...) - C:\Program Files (x86)\Pirrit\AutoUpdater.exe =>PUP.PirritSuggestor
SR - | Auto 17/03/2014 196096 | (SelectionTool) . (...) - C:\Program Files (x86)\SelectionTool-soft\SelectionTool157.exe
SR - | Auto 18/01/2013 383264 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 28/01/2014 209408 | (V-bates Updater) . (...) - C:\Program Files\V-bates\ExtensionUpdaterService.exe =>Adware.Incredibar
SR - | Auto 28/03/2014 210432 | (Wajam Internet Enhancer Service) . (.Wajam Internet Technologies Inc..) - C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe =>PUP.Wajam
SR - | Auto 26/02/2014 59904 | (WinRST) . (...) - C:\Program Files (x86)\WinRST\WinRST.exe =>PUP.WinRST
SR - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 29/03/2014 496640 | (Wpm) . (.Cherished Technololgy LIMITED.) - C:\ProgramData\WPM\wprotectmanager.exe =>PUP.WpManager
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 09s



---\\ Scan Additionnel (O88)
Database Version : 13045 - (08/05/2014)
Clés trouvées (Keys found) : 135
Valeurs trouvées (Values found) : 8
Dossiers trouvés (Folders found) : 50
Fichiers trouvés (Files found) : 102

[HKLM\Software\Google\Chrome\Extensions\hnabdehiamfmckjabaejlcjopbcnfkmh] =>PUP.PriceDownloader^
[HKLM\Software\Google\Chrome\Extensions\leahdjjpjmnamomgpojikeapflgbmjab] =>PUP.CacaoWeb^
[HKLM\Software\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma] =>PUP.QuickStart^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511421153}] =>PUP.CrossRider^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}] =>Adware.Incredibar^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}] =>Hijacker.SmartBar^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}] =>PUP.SupTab^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF75E54F-2F7A-4EE0-88BB-41DCD2D0D156}] =>PUP.SavinShop^
[HKLM\SYSTEM\CurrentControlSet\Services\IePluginService] =>Trojan.SProtector^
[HKLM\SYSTEM\CurrentControlSet\Services\LPTSystemUpdater] =>Adware.Incredibar^
[HKLM\SYSTEM\CurrentControlSet\Services\MovieMode] =>PUP.MovieMode^
[HKLM\SYSTEM\CurrentControlSet\Services\NewPlayerUpdaterService] =>Adware.NewPlayer^
[HKLM\SYSTEM\CurrentControlSet\Services\PirritDesktop] =>PUP.PirritSuggestor^
[HKLM\SYSTEM\CurrentControlSet\Services\PirritUpdater] =>PUP.PirritSuggestor^
[HKLM\SYSTEM\CurrentControlSet\Services\pricemeterliveUpdate) (pricemeterliveUpdate] =>PUP.PriceMeter^
[HKLM\SYSTEM\CurrentControlSet\Services\V-bates Updater] =>Adware.Incredibar^
[HKLM\SYSTEM\CurrentControlSet\Services\Wajam Internet Enhancer Service] =>PUP.Wajam^
[HKLM\SYSTEM\CurrentControlSet\Services\WinRST] =>PUP.WinRST^
[HKLM\SYSTEM\CurrentControlSet\Services\Wpm] =>PUP.WpManager^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1] =>PUP.AdvancedSystemProtector^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Freeven pro 1.2] =>PUP.Freeven^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP] =>Adware.IMBooster^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}] =>Adware.IncrediBar^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MovieMode] =>PUP.MovieMode^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\mysearchdial] =>Adware.MyWebSearch^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\NewPlayer] =>Adware.NewPlayer^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\PriceMeterUpdater] =>PUP.PriceMeter^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}_is1] =>Adware.Incredibar^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage] =>Adware.Downware^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WPM] =>PUP.WpManager^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Wajam] =>PUP.Wajam^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\fst_fr_170_is1] =>Adware.FreeSoftToday^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\fst_fr_26_is1] =>Adware.FreeSoftToday^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{70BD2558-27DA-8B02-02D0-D8704ECD2EDF}] =>PUP.SavinShop^
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}] =>Hijacker.SmartBar
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}] =>Hijacker.SmartBar
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0EE02110-967B-4256-ACA6-BC8AC7CB7E61}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer
[HKLM\Software\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}] =>Toolbar.Expresso
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}] =>Toolbar.Agent
[HKLM\Software\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}] =>Toolbar.Agent
[HKLM\Software\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}] =>Hijacker.SmartBar
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}] =>Adware.IMBooster
[HKLM\Software\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}] =>Hijacker.SmartBar
[HKLM\Software\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}] =>Hijacker.SmartBar
[HKLM\Software\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}] =>Hijacker.SmartBar
[HKLM\Software\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Toolbar.Ask
[HKLM\Software\Classes\Interface\{8216BD4A-4DC2-4DCE-9AFF-C86C5ACC6757}] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\Interface\{8216BD4A-4DC2-4DCE-9AFF-C86C5ACC6757}] =>PUP.Babylon
[HKLM\Software\Classes\TypeLib\{8ABB9FA2-0740-4AD9-8F54-1192254B3CF4}] =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}] =>Toolbar.Expresso
[HKLM\Software\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}] =>Toolbar.Expresso
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}] =>Adware.Bandoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113}] =>Adware.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ae07101b-46d4-4a98-af68-0333ea26e113}] =>Adware.Agent
[HKLM\Software\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}] =>Adware.Agent
[HKLM\Software\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}] =>Toolbar.Agent
[HKLM\Software\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}] =>Hijacker.SmartBar
[HKLM\Software\Classes\Interface\{D4D390BE-98E6-4633-AD1B-B18B54BE5E76}] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\Interface\{D4D390BE-98E6-4633-AD1B-B18B54BE5E76}] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}] =>Adware.IMBooster
[HKLM\Software\Classes\AppID\esrv.EXE] =>PUP.Babylon
[HKLM\Software\Classes\AppID\Extension.DLL] =>Toolbar.Expresso
[HKLM\Software\Classes\Extension.ExtensionHelperObject] =>Toolbar.Expresso
[HKLM\Software\Classes\Extension.ExtensionHelperObject.1] =>Toolbar.Expresso
[HKLM\Software\Classes\OfferBoxUI.TheBoxCtrl] =>PUP.OfferBox
[HKLM\Software\Classes\OfferBoxUI.TheBoxCtrl.1] =>PUP.OfferBox
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl] =>Adware.IMBooster
[HKCU\Software\cacaoweb] =>PUP.CacaoWeb
[HKCU\Software\lollipop] =>Adware.Lollipop
[HKCU\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKCU\Software\OfferBox] =>PUP.OfferBox
[HKLM\Software\Wow6432Node\OfferBox] =>PUP.OfferBox
[HKCU\Software\SmartbarBackup] =>Hijacker.SmartBar
[HKCU\Software\SmartbarLog] =>Hijacker.SmartBar
[HKCU\Software\Tutorials] =>Spyware.AgenceExclusive
[HKLM\Software\Wow6432Node\Tutorials] =>Spyware.AgenceExclusive
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Iminent_RASAPI32] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Iminent_RASMANCS] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Tracing\optprostart_RASMANCS] =>PUP.OptimizerPro
[HKLM\Software\Wow6432Node\Microsoft\Tracing\optprostart_RASAPI32] =>PUP.OptimizerPro
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\OfferBox] =>PUP.OfferBox
[HKLM\Software\Wow6432Node\Microsoft\Tracing\offerbox_RASAPI32] =>PUP.OfferBox
[HKLM\Software\Wow6432Node\Microsoft\Tracing\offerbox_RASMANCS] =>PUP.OfferBox
[HKLM\Software\Wow6432Node\Microsoft\Tracing\OfferBoxUpdateService_RASAPI32] =>PUP.OfferBox
[HKLM\Software\Wow6432Node\Microsoft\Tracing\OfferBoxUpdateService_RASMANCS] =>PUP.OfferBox
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKLM\Software\Wow6432Node\InstallCore] =>Adware.InstallCore
[HKLM\Software\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}] =>Adware.Agent
[HKLM\Software\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}] =>Adware.MagniPic
[HKLM\Software\Wow6432Node\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}] =>Adware.MagniPic
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider
[HKCU\Software\SoftwareUpdater] =>Hijacker.Eazel
[HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>PUP.CrossRider
[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
[HKLM\Software\Wow6432Node\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Mobogenie_RASAPI32] =>PUP.Mobogenie
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Mobogenie_RASMANCS] =>PUP.Mobogenie
[HKLM\Software\Wow6432Node\Microsoft\Tracing\optimizerpro_RASAPI32] =>PUP.OptimizerPro
[HKLM\Software\Wow6432Node\Microsoft\Tracing\optimizerpro_RASMANCS] =>PUP.OptimizerPro
[HKLM\Software\Wow6432Node\Microsoft\Tracing\speedupmypc_RASAPI32] =>PUP.SpeedUpMyPC
[HKLM\Software\Wow6432Node\Microsoft\Tracing\speedupmypc_RASMANCS] =>PUP.SpeedUpMyPC
[HKLM\Software\Classes\TypeLib\{F126C9FC-9299-40F2-BD42-C59023AD1E7F}] =>PUP.GetNow
[HKLM\Software\Classes\Interface\{237FDFDB-3722-470E-8BA8-90196DABE967}] =>PUP.GetNow
[HKLM\Software\Wow6432Node\Classes\Interface\{237FDFDB-3722-470E-8BA8-90196DABE967}] =>PUP.GetNow
[HKLM\Software\Classes\CrossriderApp0054253.BHO] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0054253.BHO.1] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0054253.Sandbox] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0054253.Sandbox.1] =>PUP.CrossRider
[HKLM\Software\Classes\Iminent] =>Adware.IMBooster
[HKLM\Software\Classes\esrv.mysearchdialESrvc] =>Adware.MyWebSearch
[HKLM\Software\Classes\esrv.mysearchdialESrvc.1] =>Adware.MyWebSearch
[HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110511421153}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220522422253}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0054253.BHO] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0054253.BHO.1] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0054253.Sandbox] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0054253.Sandbox.1] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\esrv.mysearchdialESrvc] =>Adware.MyWebSearch
[HKLM\Software\Wow6432Node\Classes\esrv.mysearchdialESrvc.1] =>Adware.MyWebSearch
[HKLM\Software\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110511421153}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220522422253}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511421153}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488}] =>Adware.Bandoo^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:cacaoweb =>PUP.CacaoWeb^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:mobilegeni daemon =>PUP.Mobogenie^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]:upfst_fr_170.exe =>Adware.FreeSoftToday^
C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnabdehiamfmckjabaejlcjopbcnfkmh =>PUP.PriceDownloader^
C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\leahdjjpjmnamomgpojikeapflgbmjab =>PUP.CacaoWeb^
C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma =>PUP.QuickStart^
C:\Program Files (x86)\Advanced System Protector =>PUP.AdvancedSystemProtector^
C:\Program Files (x86)\Freeven pro 1.2 =>PUP.Freeven^
C:\Program Files (x86)\fst_fr_170 =>Adware.FreeSoftToday^
C:\Program Files (x86)\fst_fr_26 =>Adware.FreeSoftToday^
C:\Program Files (x86)\LPT =>Adware.Incredibar^
C:\Program Files (x86)\Mysearchdial =>Adware.MyWebSearch^
C:\Program Files (x86)\NewPlayer =>Adware.NewPlayer^
C:\Program Files (x86)\OfferBox =>PUP.OfferBox^
C:\Program Files (x86)\RegClean Pro =>Rogue.RegistryPowerCleaner^
C:\Program Files (x86)\SaveClicker =>PUP.SaveClicker^
C:\Program Files (x86)\Supporter =>PUP.SaveClicker^
C:\Program Files (x86)\SupTab =>PUP.SupTab^
C:\Program Files (x86)\Wajam =>PUP.Wajam^
C:\Program Files (x86)\WinRST =>PUP.WinRST^
C:\ProgramData\BitGuard =>PUP.BitGuard^
C:\ProgramData\BrowserProtect =>Hijacker.Eazel^
C:\ProgramData\IePluginService =>Trojan.SProtector^
C:\ProgramData\MovieMode =>PUP.MovieMode^
C:\ProgramData\sAaviinshop =>PUP.SavinShop^
C:\ProgramData\SaveClicker =>PUP.SaveClicker^
C:\ProgramData\WPM =>PUP.WpManager^
C:\Users\asus\AppData\Roaming\Activeris =>PUP.Activeris^
C:\Users\asus\AppData\Roaming\cacaoweb =>PUP.CacaoWeb^
C:\Users\asus\AppData\Roaming\ExpressFiles =>Adware.ExpressFiles^
C:\Users\asus\AppData\Roaming\mysearchdial =>Adware.MyWebSearch^
C:\Users\asus\AppData\Roaming\OfferBox =>PUP.OfferBox^
C:\Users\asus\AppData\Roaming\PriceMeterUpdater =>PUP.PriceMeter^
C:\Users\asus\AppData\Roaming\SupTab =>PUP.SupTab^
C:\Users\asus\AppData\Roaming\VOPackage =>Adware.Downware^
C:\Users\asus\AppData\Local\fst_fr_170 =>Adware.FreeSoftToday^
C:\Users\asus\AppData\Local\fst_fr_26 =>Adware.FreeSoftToday^
C:\Users\asus\AppData\Local\Lollipop =>Adware.Lollipop^
C:\Users\asus\AppData\Local\LPT =>Adware.Incredibar^
C:\Users\asus\AppData\Local\MovieMode =>PUP.MovieMode^
C:\Users\asus\AppData\Local\newplayer =>Adware.NewPlayer^
C:\Users\asus\AppData\Local\PriceMeter =>PUP.PriceMeter^
C:\Users\asus\AppData\Local\Smartbar =>Hijacker.SmartBar^
C:\Users\asus\AppData\Local\WinRST =>PUP.WinRST^
C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceMeter =>PUP.PriceMeter^
C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage =>Adware.Downware^
C:\Program Files (x86)\Amazon Browser Bar =>Toolbar.Amazon
C:\Program Files (x86)\Common Files\Umbrella =>Adware.IMBooster
C:\ProgramData\Browser Manager =>PUP.Babylon
C:\Users\asus\AppData\Local\Amazon Browser Bar =>Toolbar.Amazon
C:\Users\asus\AppData\LocalLow\Smartbar =>Hijacker.SmartBar
C:\Users\asus\AppData\Local\Temp\Iminent =>Adware.IMBooster
C:\Users\asus\AppData\Local\Temp\Smartbar =>Hijacker.SmartBar
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSetProgramAccessAndDefaults: Modified =>PUA.StartShow^
C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe =>PUP.AdvancedSystemProtector^
C:\ProgramData\MovieMode\up\2.6.78\MovieMode.exe =>PUP.MovieMode^
C:\Users\asus\AppData\Local\PirritSuggestor\PirritDesktop.exe =>PUP.PirritSuggestor^
C:\Users\asus\AppData\Local\fst_fr_170\upfst_fr_170.exe =>Adware.FreeSoftToday^
C:\Users\asus\AppData\Roaming\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb^
C:\Program Files (x86)\fst_fr_170\fst_fr_170.exe =>Adware.FreeSoftToday^
C:\Program Files (x86)\Software Updater\SoftwareUpdater.exe =>PUP.Eorezo^
C:\Program Files (x86)\OfferBox\OfferBox.exe =>PUP.OfferBox^
C:\Users\asus\AppData\Local\LPT\srptm.exe =>Adware.Incredibar^
C:\ProgramData\IePluginService\PluginService.exe =>Trojan.SProtector^
C:\ProgramData\WPM\wprotectmanager.exe =>PUP.WpManager^
C:\Program Files (x86)\LPT\srpts.exe =>Adware.Incredibar^
C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe =>PUP.PriceMeter^
C:\ProgramData\MovieMode\up\2.6.78\MovieModeService.exe =>PUP.MovieMode^
C:\Users\asus\AppData\Local\PirritSuggestor\PirritService.exe =>PUP.PirritSuggestor^
C:\Program Files (x86)\Pirrit\AutoUpdater.exe =>PUP.PirritSuggestor^
C:\Program Files\V-bates\ExtensionUpdaterService.exe =>Adware.Incredibar^
C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe =>PUP.Wajam^
C:\Program Files (x86)\WinRST\WinRST.exe =>PUP.WinRST^
C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancer.exe =>PUP.Wajam^
C:\Program Files (x86)\Freeven pro 1.2\Freeven pro 1.2-codedownloader.exe =>PUP.Freeven^
C:\Program Files (x86)\Freeven pro 1.2\9fb77cad-fe80-4845-9628-2b66036ee0f2-2.exe =>PUP.Freeven^
C:\Program Files (x86)\Freeven pro 1.2\9fb77cad-fe80-4845-9628-2b66036ee0f2-3.exe =>PUP.Freeven^
C:\Program Files (x86)\Freeven pro 1.2\9fb77cad-fe80-4845-9628-2b66036ee0f2-4.exe =>PUP.Freeven^
C:\Program Files (x86)\Freeven pro 1.2\9fb77cad-fe80-4845-9628-2b66036ee0f2-5.exe =>PUP.Freeven^
C:\Windows\AutoKMS\AutoKMS.exe =>Trojan.Keygen^
C:\Program Files\V-bates\PrefHelper.exe =>Adware.Incredibar^
C:\Users\asus\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl\MinibarChrome.exe =>PUP.Minibar^
C:\Users\asus\AppData\Roaming\MySearchDial\UpdateProc\UpdateTask.exe =>Adware.MyWebSearch^
C:\Users\asus\AppData\Local\PriceMeter\pricemeterd.exe =>PUP.PriceMeter^
C:\Users\asus\AppData\Roaming\PriceMeterUpdater\UpdateProc\UpdateTask.exe =>PUP.PriceMeter^
C:\Windows\Tasks\9fb77cad-fe80-4845-9628-2b66036ee0f2-1.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\9fb77cad-fe80-4845-9628-2b66036ee0f2-1 =>PUP.CrossRider^
C:\Windows\Tasks\9fb77cad-fe80-4845-9628-2b66036ee0f2-2.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\9fb77cad-fe80-4845-9628-2b66036ee0f2-2 =>PUP.CrossRider^
C:\Windows\Tasks\9fb77cad-fe80-4845-9628-2b66036ee0f2-3.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\9fb77cad-fe80-4845-9628-2b66036ee0f2-3 =>PUP.CrossRider^
C:\Windows\Tasks\9fb77cad-fe80-4845-9628-2b66036ee0f2-4.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\9fb77cad-fe80-4845-9628-2b66036ee0f2-4 =>PUP.CrossRider^
C:\Windows\Tasks\9fb77cad-fe80-4845-9628-2b66036ee0f2-5.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\9fb77cad-fe80-4845-9628-2b66036ee0f2-5 =>PUP.CrossRider^
C:\Windows\Tasks\APSnotifierPP1.job =>PUP.AnyProtect^
C:\Windows\System32\Tasks\APSnotifierPP1 =>PUP.AnyProtect^
C:\Windows\Tasks\APSnotifierPP2.job =>PUP.AnyProtect^
C:\Windows\System32\Tasks\APSnotifierPP2 =>PUP.AnyProtect^
C:\Windows\Tasks\APSnotifierPP3.job =>PUP.AnyProtect^
C:\Windows\System32\Tasks\APSnotifierPP3 =>PUP.AnyProtect^
C:\Windows\Tasks\AutoKMS.job =>Trojan.Keygen^
C:\Windows\System32\Tasks\AutoKMS =>Trojan.Keygen^
C:\Windows\Tasks\MySearchDial.job =>Adware.MyWebSearch^
C:\Windows\System32\Tasks\MySearchDial =>Adware.MyWebSearch^
C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job =>PUP.PriceMeter^
C:\Windows\System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore =>PUP.PriceMeter^
C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job =>PUP.PriceMeter^
C:\Windows\System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA =>PUP.PriceMeter^
C:\Windows\Tasks\PriceMeterUpdater.job =>PUP.PriceMeter^
C:\Windows\System32\Tasks\PriceMeterUpdater =>PUP.PriceMeter^
[HKCU\Software\AnyProtect] =>PUP.AnyProtect^
[HKCU\Software\ExpressFiles] =>Adware.ExpressFiles^
[HKCU\Software\PriceMeter] =>PUP.PriceMeter^
[HKCU\Software\Smartbar] =>Hijacker.SmartBar^
[HKCU\Software\Wajam] =>PUP.Wajam^
[HKCU\Software\WinkHandler] =>Adware.IMBooster^
[HKCU\Software\freesofttoday] =>Adware.FreeSoftToday^
[HKCU\Software\mysearchdial] =>Adware.MyWebSearch^
[HKLM\Software\V-bates] =>Adware.Incredibar^
[HKLM\Software\Wow6432Node\DealPlyLive] =>PUP.DealPly^
[HKLM\Software\Wow6432Node\ExpressFiles] =>Adware.ExpressFiles^
[HKLM\Software\Wow6432Node\FREESOFTTODAY] =>Adware.FreeSoftToday^
[HKLM\Software\Wow6432Node\MySearchDial] =>Adware.MyWebSearch^
[HKLM\Software\Wow6432Node\V-bates] =>Adware.Incredibar^
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager^
[HKLM\Software\Wow6432Node\free_soft_today] =>Adware.FreeSoftToday^
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab^
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager^
C:\Users\asus\Desktop\cacaoweb.exe =>PUP.CacaoWeb^
C:\Windows\Installer\526ede.msi =>Hijacker.SmartBar^
C:\Windows\Installer\526ee3.msi =>Adware.IncrediBar^
[HKCR\CLSID\{11111111-1111-1111-1111-110511421153}] (Freeven pro 1.2) =>PUP.Freeven^
[HKCR\CLSID\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] (V-bates) =>Adware.Incredibar^
[HKCR\CLSID\{22222222-2222-2222-2222-220522422253}] (CrossriderApp0054253.Sandbox) =>PUP.CrossRider^
[HKCR\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}] (SmartbarInternetExplorerBHOEngine) =>Hijacker.SmartBar^
[HKCR\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}] (Snap.Do) =>Hijacker.SmartBar^
C:\Users\asus\AppData\Local\Temp\OB.exe =>PUP.OfferBox
C:\Users\asus\AppData\Local\Temp\BundleSweetIMSetup.exe =>PUP.SweetIM
C:\Users\asus\AppData\Local\Temp\MybabylonTB.exe =>PUP.SweetIM
C:\Users\asus\AppData\Local\Temp\nsb7591.exe =>Toolbar.Conduit
C:\Users\asus\AppData\Local\Temp\nsd20C1.exe =>Toolbar.Conduit
C:\Users\asus\AppData\Local\Temp\nsdF52C.exe =>Toolbar.Conduit
C:\Users\asus\AppData\Local\Temp\nsiF06A.exe =>Toolbar.Conduit
C:\Users\asus\AppData\Local\Temp\nsy2499.exe =>Toolbar.Conduit
C:\Users\asus\AppData\Local\Temp\spidentifierimpl.exe =>Toolbar.Conduit
C:\Users\asus\AppData\Local\Temp\SPSetup.exe =>Toolbar.Conduit
~ Additionnel Scan: 190433 Items scanned in 03mn 03s



---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.webs.com/apps/blog/show/34077727-pua-startshow =>PUA.StartShow
http://nicolascoolman.byethost7.com/wordpress/pup-advancedsystemprotector/ =>PUP.AdvancedSystemProtector
http://nicolascoolman.webs.com/apps/blog/show/41590424-pup-pirritsuggestor =>PUP.PirritSuggestor
http://nicolascoolman.byethost7.com/wordpress/adware-freesofttoday/ =>Adware.FreeSoftToday
http://nicolascoolman.byethost7.com/wordpress/pup-cacaoweb/ =>PUP.CacaoWeb
http://nicolascoolman.byethost7.com/wordpress/pup-eorezo/ =>PUP.Eorezo
http://nicolascoolman.byethost7.com/wordpress/pup-offerbox/ =>PUP.OfferBox
http://nicolascoolman.byethost7.com/wordpress/adware-incredibar/ =>Adware.Incredibar
http://nicolascoolman.byethost7.com/wordpress/trojan-sprotector/ =>Trojan.SProtector
http://nicolascoolman.byethost7.com/wordpress/pup-wpmanager/ =>PUP.WpManager
http://nicolascoolman.webs.com/apps/blog/show/41981105-pup-pricemeter =>PUP.PriceMeter
http://nicolascoolman.byethost7.com/wordpress/pup-wajam/ =>PUP.Wajam
http://nicolascoolman.webs.com/apps/blog/show/41962558-pup-quickstart =>PUP.QuickStart
http://nicolascoolman.byethost7.com/wordpress/hijacker-smartbar/ =>Hijacker.SmartBar
http://nicolascoolman.byethost7.com/wordpress/adware-mywebsearch/ =>Adware.MyWebSearch
http://nicolascoolman.webs.com/apps/blog/show/33262880-hijacker-qone8 =>Hijacker.Qone8
http://nicolascoolman.byethost7.com/wordpress/hijacker-proxy/ =>Hijacker.Proxy
http://nicolascoolman.byethost7.com/wordpress/pup-crossrider/ =>PUP.CrossRider
http://nicolascoolman.byethost7.com/wordpress/pup-suptab/ =>PUP.SupTab
http://nicolascoolman.webs.com/apps/blog/show/29956939-usp-pccleaner =>USP.PCCleaner
http://nicolascoolman.byethost7.com/wordpress/pup-bubbledock/ =>PUP.BubbleDock
http://nicolascoolman.webs.com/apps/blog/show/33744863-pup-moviestoolbar =>PUP.MoviesToolbar
http://nicolascoolman.byethost7.com/wordpress/pup-mobogenie/ =>PUP.Mobogenie
http://nicolascoolman.byethost7.com/wordpress/pup-anyprotect/ =>PUP.AnyProtect
http://nicolascoolman.webs.com/apps/blog/show/26753274-adware-expressfiles =>Adware.ExpressFiles
http://nicolascoolman.webs.com/apps/blog/show/34407192-pup-minibar =>PUP.Minibar
http://nicolascoolman.byethost7.com/wordpress/pup-linkidoo/ =>PUP.LinkiDoo
http://nicolascoolman.byethost7.com/wordpress/adware-imbooster/ =>Adware.IMBooster
http://nicolascoolman.webs.com/apps/blog/show/26690384-adware-downware =>Adware.Downware
http://nicolascoolman.byethost7.com/wordpress/adware-installcore =>Adware.InstallCore
http://nicolascoolman.byethost7.com/wordpress/adware-vidsaver/ =>Adware.VidSaver
http://nicolascoolman.byethost7.com/wordpress/spyware-agenceexclusive/ =>AgenceExclusive
http://nicolascoolman.byethost7.com/wordpress/adware-lollipop/ =>Adware.Lollipop
http://nicolascoolman.byethost7.com/wordpress/pup-dealply/ =>PUP.DealPly
http://nicolascoolman.webs.com/apps/blog/show/29295819-rogue-registrypowercleaner =>Rogue.RegistryPowerCleaner
http://nicolascoolman.webs.com/apps/blog/show/41737185-pup-saveclicker =>PUP.SaveClicker
http://nicolascoolman.webs.com/apps/blog/show/32979753-pup-bitguard =>PUP.BitGuard
http://nicolascoolman.byethost7.com/wordpress/hijacker-eazel/ =>Hijacker.Eazel
http://nicolascoolman.webs.com/apps/blog/show/41903075-pup-activeris =>PUP.Activeris
http://nicolascoolman.byethost7.com/wordpress/pup-babylon/ =>PUP.Babylon
http://nicolascoolman.webs.com/apps/blog/show/32799788-pup-browsersafeguard =>PUP.BrowserSafeguard
http://nicolascoolman.byethost7.com/wordpress/pup-sweetim/ =>PUP.SweetIM
http://nicolascoolman.byethost7.com/wordpress/pup-datamngr =>PUP.Datamngr
http://nicolascoolman.byethost7.com/wordpress/toolbar-deltasearch/ =>Toolbar.DeltaSearch
http://nicolascoolman.byethost7.com/wordpress/trojan-staser/ =>Trojan.Staser
http://nicolascoolman.webs.com/apps/blog/show/33367156-spyware-protectedsearch =>Spyware.ProtectedSearch
http://nicolascoolman.byethost7.com/wordpress/toolbar-conduit/ =>Toolbar.Conduit
http://nicolascoolman.byethost7.com/wordpress/pup-mypcbackup/ =>PUP.MyPCBackup
http://nicolascoolman.byethost7.com/wordpress/pup-manager/ =>PUP.Manager
http://nicolascoolman.byethost7.com/wordpress/pup-optimizerpro/ =>PUP.OptimizerPro
http://nicolascoolman.byethost7.com/wordpress/rogue-pcspeedmaximizer/ =>Rogue.PCSpeedMaximizer
http://nicolascoolman.byethost7.com/wordpress/adware-spointer/ =>Adware.SPointer
http://nicolascoolman.byethost7.com/wordpress/toolbar-ask/ =>Toolbar.Ask
http://nicolascoolman.byethost7.com/wordpress/adware-bandoo/ =>Adware.Bandoo
http://nicolascoolman.webs.com/apps/blog/show/26632189-adware-magnipic =>Adware.MagniPic
http://nicolascoolman.byethost7.com/wordpress/pup-getnow/ =>PUP.GetNow
~ MSI: 56 link(s) detected in 00mn 00s



~ 1740 Legitimates filtered by white list
End of the scan (1230 lines in 06mn 20s)(0)

Publicité


Signaler le contenu de ce document

Publicité