Publicité
Publicité
Format du document : text/plain
Prévisualisation
Script ZHPFix
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application
G2 - GCE: Preference [User Data\Default] [afjegdojkkoghnbiollpogeeimocanmk] SupraSavings v.5.0, (Activ�) =>PUP.SupraSavings
G2 - GCE: Preference [User Data\Default] [cjcmpicjhnkfmkehehaanpfijomlhbbp] BetterDeals-11 v.1.26.37, (Activ�) =>PUP.BetterDeals
G2 - EXT: C:\Users\alexandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\afjegdojkkoghnbiollpogeeimocanmk [SupraSavings] =>PUP.SupraSavings
G2 - EXT: C:\Users\alexandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjcmpicjhnkfmkehehaanpfijomlhbbp [BetterDeals-11] =>PUP.BetterDeals
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com =>Hijacker.SmartBar
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com =>Hijacker.WebsSearches
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com =>Hijacker.SmartBar
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com =>Hijacker.WebsSearches
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com =>Hijacker.WebsSearches
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.com =>Hijacker.SmartBar
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.com =>Hijacker.SmartBar
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com =>Hijacker.WebsSearches
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com =>Hijacker.WebsSearches
O2 - BHO: 2rs3 [64Bits] - {10AD2C61-0898-4348-8600-14A342F22AC3} . (...) -- C:\Program Files (x86)\SupraSavings\2rs3.dll =>PUP.SupraSavings
O2 - BHO: CrossriderApp0044136 [64Bits] - {11111111-1111-1111-1111-110411411136} . (.BetterDeals - BetterDeals-11 BHO.) -- C:\Program Files (x86)\BetterDeals-11\BetterDeals-11-bho.dll =>PUP.BetterDeals
O2 - BHO: IETabPage Class [64Bits] - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} . (.Thinknice Co. Limited - SupTab setup package.) -- C:\Program Files (x86)\SupTab\SupTab.dll =>PUP.SupTab
O2 - BHO: (no name) [64Bits] - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} Cl� orpheline
O2 - BHO: ShopperProBHO [64Bits] - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} Cl� orpheline =>PUP.ShopperPro
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://istart.webssearches.com =>Hijacker.WebsSearches
O4 - GS\Program [alexandra]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com =>Hijacker.WebsSearches
O4 - HKLM\..\Wow6432Node\Run: [fst_fr_174] Cl� orpheline =>Adware.FreeSoftToday
O4 - HKLM\..\Wow6432Node\Run: [stv_fr_4] Cl� orpheline =>PUP.Eorezo
O23 - Service: IePlugin Service (IePluginService) . (.Cherished Technololgy LIMITED - IePlugin Service.) - C:\ProgramData\IePluginService\PluginService.exe =>Trojan.SProtector
O23 - Service: xmkysecqun64 (xmkysecqun64) . (...) - C:\Program Files\003\xmkysecqun64.exe =>PUP.AdPeak
[MD5.4C5049D5A43D54C13CEA8E96D79F7B10] [APT] [BetterDeals-11-chromeinstaller] (.BetterDeals.) -- C:\Program Files (x86)\BetterDeals-11\BetterDeals-11-chromeinstaller.exe [471040] =>PUP.BetterDeals
[MD5.00000000000000000000000000000000] [APT] [BetterDeals-11-codedownloader] (...) -- C:\Program Files (x86)\BetterDeals-11\BetterDeals-11-codedownloader.exe (.not file.) [0] =>PUP.BetterDeals
[MD5.00000000000000000000000000000000] [APT] [BetterDeals-11-enabler] (...) -- C:\Program Files (x86)\BetterDeals-11\BetterDeals-11-enabler.exe (.not file.) [0] =>PUP.BetterDeals
[MD5.62CE19EC0BA5FE66B523ACF961460994] [APT] [BetterDeals-11-firefoxinstaller] (.BetterDeals.) -- C:\Program Files (x86)\BetterDeals-11\BetterDeals-11-firefoxinstaller.exe [732160] =>PUP.BetterDeals
[MD5.00000000000000000000000000000000] [APT] [BetterDeals-11-updater] (...) -- C:\Program Files (x86)\BetterDeals-11\BetterDeals-11-updater.exe (.not file.) [0] =>PUP.BetterDeals
[MD5.CE43EA83E0B7430F2AD06C97573E1EE8] [APT] [{8F9BBAB5-2309-41C7-B13D-D70794A3760E}] (.Skytech Co., Ltd..) -- C:\Users\alexandra\AppData\Roaming\webssearches\UninstallManager.exe [664184] =>Hijacker.WebsSearches
[MD5.DF09CE7364209197CFC73EE28F611C0E] [APT] [{AAA4C2A4-A289-414F-9E5E-8C5F1D24DF7E}] (...) -- C:\Program Files (x86)\BetterDeals-11\Uninstall.exe [115200] =>PUP.BetterDeals
O39 - APT: BetterDeals-11-chromeinstaller - (.BetterDeals.) -- C:\Windows\Tasks\BetterDeals-11-chromeinstaller.job [1996] =>PUP.BetterDeals
O39 - APT: BetterDeals-11-chromeinstaller - (.BetterDeals.) -- C:\Windows\System32\Tasks\BetterDeals-11-chromeinstaller [1996] =>PUP.BetterDeals
O39 - APT: BetterDeals-11-codedownloader - (...) -- C:\Windows\Tasks\BetterDeals-11-codedownloader.job [1282] =>PUP.BetterDeals
O39 - APT: BetterDeals-11-codedownloader - (...) -- C:\Windows\System32\Tasks\BetterDeals-11-codedownloader [1282] =>PUP.BetterDeals
O39 - APT: BetterDeals-11-enabler - (...) -- C:\Windows\Tasks\BetterDeals-11-enabler.job [1182] =>PUP.BetterDeals
O39 - APT: BetterDeals-11-enabler - (...) -- C:\Windows\System32\Tasks\BetterDeals-11-enabler [1182] =>PUP.BetterDeals
O39 - APT: BetterDeals-11-firefoxinstaller - (.BetterDeals.) -- C:\Windows\Tasks\BetterDeals-11-firefoxinstaller.job [1920] =>PUP.BetterDeals
O39 - APT: BetterDeals-11-firefoxinstaller - (.BetterDeals.) -- C:\Windows\System32\Tasks\BetterDeals-11-firefoxinstaller [1920] =>PUP.BetterDeals
O39 - APT: BetterDeals-11-updater - (...) -- C:\Windows\Tasks\BetterDeals-11-updater.job [1376] =>PUP.BetterDeals
O39 - APT: BetterDeals-11-updater - (...) -- C:\Windows\System32\Tasks\BetterDeals-11-updater [1376] =>PUP.BetterDeals
O42 - Logiciel: BetterDeals-11 - (.BetterDeals.) [HKLM][64Bits] -- BetterDeals-11 =>PUP.BetterDeals
O42 - Logiciel: SupraSavings - (.SupraSavings.) [HKLM][64Bits] -- {E6B105B8-1F65-4428-9397-1DFD8A03B94D} =>PUP.SupraSavings
O42 - Logiciel: webssearches uninstaller - (.webssearches.) [HKLM][64Bits] -- webssearches uninstaller =>Hijacker.WebsSearches
[HKCU\Software\AnyProtect] =>PUP.AnyProtect
[HKCU\Software\AppDataLow\Software\BetterDeals-11] =>PUP.BetterDeals
[HKCU\Software\AppDataLow\Software\Supra Savings] =>PUP.SupraSavings
[HKCU\Software\AppDataLow\Software\suprasavings] =>PUP.SupraSavings
[HKCU\Software\Goobzo] =>PUP.Goobzo
[HKCU\Software\InstalledBrowserExtensions] =>Adware.VidSaver
[HKCU\Software\SmartbarBackup] =>Hijacker.SmartBar
[HKCU\Software\SmartbarLog] =>Hijacker.SmartBar
[HKCU\Software\SupraSavings] =>PUP.SupraSavings
[HKCU\Software\TutoTag] =>AgenceExclusive
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\LevelQualityWatcher] =>PUP.LevelQualityWatcher
[HKLM\Software\Pirrit] =>PUP.PirritSuggestor
[HKLM\Software\Wow6432Node\AGENCE-EXCLUSIVE] =>PUP.AgenceExcusive
[HKLM\Software\Wow6432Node\FreeSoftToDay] =>Adware.FreeSoftToday
[HKLM\Software\Wow6432Node\Goobzo] =>PUP.Goobzo
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Pirrit] =>PUP.PirritSuggestor
[HKLM\Software\Wow6432Node\Tutorials] =>AgenceExclusive
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager
[HKLM\Software\Wow6432Node\webssearchesSoftware] =>Hijacker.WebsSearches
[HKLM\Software\suprasavings] =>PUP.SupraSavings
O43 - CFD: 05/05/2014 - 16:19:17 - [] ----D C:\Program Files (x86)\BetterDeals-11 =>PUP.BetterDeals
O43 - CFD: 05/05/2014 - 18:48:42 - [0] ----D C:\Program Files (x86)\IminentToolbar =>Adware.IMBooster
O43 - CFD: 06/05/2014 - 19:55:22 - [] ----D C:\Program Files (x86)\ShopperPro =>PUP.ShopperPro
O43 - CFD: 07/05/2014 - 13:15:53 - [] ----D C:\Program Files (x86)\SupraSavings =>PUP.SupraSavings
O43 - CFD: 05/05/2014 - 16:22:09 - [] ----D C:\Program Files (x86)\SupTab =>PUP.SupTab
O43 - CFD: 05/05/2014 - 16:22:04 - [] ----D C:\ProgramData\IePluginService =>Trojan.SProtector
O43 - CFD: 05/05/2014 - 16:21:57 - [] ----D C:\ProgramData\WPM =>PUP.WpManager
O43 - CFD: 05/05/2014 - 18:45:50 - [] ----D C:\Users\alexandra\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
O43 - CFD: 05/05/2014 - 18:46:08 - [] ----D C:\Users\alexandra\AppData\Roaming\IminentToolbar =>Adware.IMBooster
O43 - CFD: 06/05/2014 - 19:51:32 - [0] ----D C:\Users\alexandra\AppData\Roaming\Nosibay =>PUP.BubbleDock
O43 - CFD: 05/05/2014 - 16:22:04 - [] ----D C:\Users\alexandra\AppData\Roaming\SupTab =>PUP.SupTab
O43 - CFD: 05/05/2014 - 17:09:47 - [] ----D C:\Users\alexandra\AppData\Roaming\webssearches =>Hijacker.WebsSearches
O44 - LFC:[MD5.13014E17D8DB6432FAB9BB94E01BDBF2] - 05/05/2014 - 15:57:35 ---A- . (.System Speedup - System Speedup.) -- C:\Windows\System32\roboot64.exe [19544] =>PUP.SystemSpeedup
O45 - LFCP:[MD5.7384263410CA7148591047AC541AEA10] - 05/05/2014 - 16:11:43 ---A- - C:\Windows\Prefetch\ANYPROTECT.EXE-53752276.pf =>PUP.AnyProtect
O45 - LFCP:[MD5.C9FB921F09E651220A6A6BBDE5DC1B5D] - 05/05/2014 - 16:08:45 ---A- - C:\Windows\Prefetch\ANYPROTECTSCANNERSETUP.EXE-C9249105.pf =>PUP.AnyProtect
O45 - LFCP:[MD5.42D6479E9D029F217E35D71E0DEACA8D] - 09/05/2014 - 15:16:10 ---A- - C:\Windows\Prefetch\BETTERDEALS-11-CHROMEINSTALLE-0494B93C.pf =>PUP.BetterDeals
O45 - LFCP:[MD5.D88843E2584FBA13D9F51D11FA309771] - 09/05/2014 - 15:17:01 ---A- - C:\Windows\Prefetch\BETTERDEALS-11-FIREFOXINSTALL-CA48FBE5.pf =>PUP.BetterDeals
O45 - LFCP:[MD5.F652CDFF9709F95C9E54E26615751FB2] - 06/05/2014 - 14:55:04 ---A- - C:\Windows\Prefetch\BUBBLE DOCK.EXE-152A2876.pf =>PUP.BubbleDock
O45 - LFCP:[MD5.A7005385E2E5F8C1A7E11C59D528D07A] - 05/05/2014 - 17:45:12 ---A- - C:\Windows\Prefetch\BUBBLEDOCK_FR_0210-6F5BB19E.E-0608E3D8.pf =>PUP.BubbleDock
O45 - LFCP:[MD5.09A69E3EDAF03D536F49130F2CB06C49] - 05/05/2014 - 17:46:06 ---A- - C:\Windows\Prefetch\IMINENTMINIBARIE.EXE-3D2AC70F.pf =>PUP.Minibar
O45 - LFCP:[MD5.AA80412A1B6FFC12B110C27E98D63E08] - 05/05/2014 - 17:48:47 ---A- - C:\Windows\Prefetch\IMINENTUNINSTALL.EXE-9087B9EC.pf =>Adware.IMBooster
O45 - LFCP:[MD5.5CAF3581BD6CBE777CD995D8BE6D08A7] - 05/05/2014 - 17:45:49 ---A- - C:\Windows\Prefetch\MINIBARFIREFOX.EXE-13B02DDC.pf =>PUP.Minibar
O45 - LFCP:[MD5.2C658F80F68AE492757F657A30863240] - 05/05/2014 - 16:17:28 ---A- - C:\Windows\Prefetch\PACKAGE_STARTERTV_INSTALLER_M-6A4AAD96.pf =>Adware.StarterTV
O45 - LFCP:[MD5.23C9B9B68D3F4845BA2D8A659C63EF62] - 05/05/2014 - 15:57:04 ---A- - C:\Windows\Prefetch\PIRRITSUGGESTOR_0104-1D309B60-42496B75.pf =>PUP.PirritSuggestor
O45 - LFCP:[MD5.FA2C59208DF75FF174A149E3F66098DE] - 05/05/2014 - 16:18:04 ---A- - C:\Windows\Prefetch\SETUP_AGEX_STARTERTV_FR_20.TM-B4E68277.pf =>Adware.StarterTV
O45 - LFCP:[MD5.D78444448757551F9A4FAB3D473EA75D] - 06/05/2014 - 18:55:20 ---A- - C:\Windows\Prefetch\SHOPPERPRO.EXE-538C1137.pf =>PUP.ShopperPro
O45 - LFCP:[MD5.FD2C7013DF8A639A4E7285148CE0BD11] - 05/05/2014 - 15:18:01 ---A- - C:\Windows\Prefetch\SPEEDUPMYPC-STANDALONE-SETUP.-7D7E904C.pf =>PUP.SpeedUpMyPC
O45 - LFCP:[MD5.F28BFD0CD40A3AA59C456F02C8A73D5D] - 05/05/2014 - 15:17:20 ---A- - C:\Windows\Prefetch\SPEEDUPMYPC.TMP-DC77516F.pf =>PUP.SpeedUpMyPC
O45 - LFCP:[MD5.1ADB6055CA8D183EEA111CE1B2AEACED] - 05/05/2014 - 15:16:25 ---A- - C:\Windows\Prefetch\SPEEDUPMYPC_CP_FR_1704-0FC507-AA7BD169.pf =>PUP.SpeedUpMyPC
O45 - LFCP:[MD5.B9875CE7028006A2B3EEA04EF5B6C3B7] - 06/05/2014 - 18:50:02 ---A- - C:\Windows\Prefetch\UNINSTALL BUBBLE DOCK.EXE-C0750425.pf =>PUP.BubbleDock
O45 - LFCP:[MD5.6F1A9FA69B52B29891310B1DEC437A20] - 06/05/2014 - 18:49:52 ---A- - C:\Windows\Prefetch\UNINSTALL BUBBLE DOCK.EXE-C9D94608.pf =>PUP.BubbleDock
O45 - LFCP:[MD5.C9F3192B53B447A3AC0BE2D33EAD8B84] - 05/05/2014 - 16:13:04 ---A- - C:\Windows\Prefetch\UPFST_FR_174.EXE-CE9A80CC.pf =>Adware.FreeSoftToday
O45 - LFCP:[MD5.7CE5A45CF4202C60B54A06776BAA2755] - 05/05/2014 - 15:57:08 ---A- - C:\Windows\Prefetch\VOPACKAGE.EXE-FA63595D.pf =>Adware.Downware
O50 - IFEO:Image File Execution Options - DatamngrCoordinator.exe - tasklist.exe =>PUP.Datamngr
O58 - SDL:18/03/2014 - 15:12:04 ---A- . (.SecureAssist - WFP driver.) -- C:\Windows\System32\Drivers\SAWFP64.sys [41768] =>PUP.SupraSavings
O61 - LFC: 05/05/2014 - 17:38:19 ---A- . (...) -- C:\Users\alexandra\AppData\Local\Temp\Install_3391\shopperprojs.exe [2328584] =>PUP.ShopperPro
O61 - LFC: 05/05/2014 - 17:38:19 ---A- . (...) -- C:\Users\alexandra\AppData\Local\Temp\fullpackage_temp1399299324\tmp\SupTab.exe [2871304] =>PUP.SupTab
O61 - LFC: 05/05/2014 - 17:38:19 ---A- . (.Cherished Technololgy LIMITED.) -- C:\Users\alexandra\AppData\Local\Temp\fullpackage_temp1399299324\tmp\wpm.exe [566272] =>PUP.WpManager
O61 - LFC: 05/05/2014 - 17:38:19 ---A- . (.Nosibay.) -- C:\Users\alexandra\AppData\Local\Temp\n1717\BubbleDock_FR_0210-6f5bb19e.exe [372856] =>PUP.BubbleDock
O61 - LFC: 05/05/2014 - 17:38:19 ---A- . (.SIEN.) -- C:\Users\alexandra\AppData\Local\Temp\n1717\Iminent_1712-b2fcad5e.exe [2167160] =>Adware.IMBooster
O61 - LFC: 05/05/2014 - 17:38:19 ---A- . (.Uniblue Systems Limited.) -- C:\Users\alexandra\AppData\Local\Temp\is-AGUTE.tmp\SpeedUpMyPC-standalone-setup.exe [19166848] =>PUP.SpeedUpMyPC
O61 - LFC: 05/05/2014 - 17:38:20 ---A- . (...) -- C:\Users\alexandra\AppData\Local\Temp\n3367\snapdo_YAEN_0804-53e50a96.exe [10919456] =>Hijacker.SmartBar
O61 - LFC: 05/05/2014 - 17:38:20 ---A- . (...) -- C:\Users\alexandra\AppData\Local\Temp\n474\VOPackage.exe [296161] =>Adware.Downware
O61 - LFC: 05/05/2014 - 17:38:20 ---A- . (...) -- C:\Users\alexandra\AppData\Local\Temp\n5114\speedupmypc_CP_FR_1704-0fc50740.exe [123462] =>PUP.SpeedUpMyPC
O61 - LFC: 05/05/2014 - 17:38:20 ---A- . (...) -- C:\Users\alexandra\AppData\Local\Temp\n5114\suprasavings_2703-e3e04064.exe [1391718] =>PUP.SupraSavings
O61 - LFC: 05/05/2014 - 17:38:20 ---A- . (.Elbftouegt.) -- C:\Users\alexandra\AppData\Local\Temp\n5114\BetterDeals_3110-0b85a6f6.exe [5442865] =>PUP.BetterDeals
O61 - LFC: 05/05/2014 - 17:38:20 ---A- . (.GOOBZO.) -- C:\Users\alexandra\AppData\Local\Temp\SAINST\engine.dll [2275176] =>PUP.Goobzo
O61 - LFC: 05/05/2014 - 17:38:20 ---A- . (.GOOBZO.) -- C:\Users\alexandra\AppData\Local\Temp\SAINST\helper.dll [199528] =>PUP.Goobzo
O61 - LFC: 05/05/2014 - 17:38:20 ---A- . (.Pirrit Solutions.) -- C:\Users\alexandra\AppData\Local\Temp\n474\PirritSuggestor_0104-1d309b60.exe [4448304] =>PUP.PirritSuggestor
O61 - LFC: 05/05/2014 - 17:38:20 ---A- . (.Wish Application.) -- C:\Users\alexandra\AppData\Local\Temp\n5114\webssearches_2204-4f51fbbc.exe [596120] =>Hijacker.WebsSearches
O61 - LFC: 05/05/2014 - 17:38:21 ---A- . (.GOOBZO.) -- C:\Users\alexandra\AppData\Local\Temp\SAINST\Res.dll [392552] =>PUP.Goobzo
O61 - LFC: 05/05/2014 - 17:38:21 ---A- . (.GOOBZO.) -- C:\Users\alexandra\AppData\Local\Temp\SAINST\YouTubeAccelerator.exe [2218856] =>PUP.Goobzo
O61 - LFC: 05/05/2014 - 17:38:21 ---A- . (.GOOBZO.) -- C:\Users\alexandra\AppData\Local\Temp\SAINST\YouTubeAcceleratorService.exe [1502056] =>PUP.Goobzo
O61 - LFC: 05/05/2014 - 17:38:21 ---A- . (.GOOBZO.) -- C:\Users\alexandra\AppData\Local\Temp\SAINST\ipc.dll [284520] =>PUP.Goobzo
O61 - LFC: 05/05/2014 - 17:38:21 ---A- . (.GOOBZO.) -- C:\Users\alexandra\AppData\Local\Temp\SAINST\lspinst.exe [1420136] =>PUP.Goobzo
O61 - LFC: 05/05/2014 - 17:38:21 ---A- . (.GOOBZO.) -- C:\Users\alexandra\AppData\Local\Temp\SAINST\lspinst2.exe [1653608] =>PUP.Goobzo
O61 - LFC: 05/05/2014 - 17:38:21 ---A- . (.GOOBZO.) -- C:\Users\alexandra\AppData\Local\Temp\SAINST\testlsp.exe [1485672] =>PUP.Goobzo
O61 - LFC: 05/05/2014 - 17:38:21 ---A- . (.GOOBZO.) -- C:\Users\alexandra\AppData\Local\Temp\SAINST\xmldb.dll [189800] =>PUP.Goobzo
O61 - LFC: 05/05/2014 - 17:38:21 ---A- . (.GOOBZO.) -- C:\Users\alexandra\AppData\Local\Temp\SAINST\ytalsp.dll [177512] =>PUP.Goobzo
O61 - LFC: 05/05/2014 - 17:38:21 ---A- . (.Goobzo.) -- C:\Users\alexandra\AppData\Local\Temp\SAINST\updater.exe [726888] =>PUP.Goobzo
O61 - LFC: 05/05/2014 - 17:38:22 ---A- . (...) -- C:\Users\alexandra\AppData\Local\Temp\smartbar\GuidCreator.dll [7680] =>Hijacker.SmartBar
O61 - LFC: 05/05/2014 - 17:38:22 ---A- . (.Uniblue Systems Limited.) -- C:\Users\alexandra\AppData\Local\Temp\speedupmypc.exe [1278312] =>PUP.SpeedUpMyPC
O61 - LFC: 05/05/2014 - 17:38:32 ---A- . (.Sien SA.) -- C:\Users\alexandra\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl\minibarchrome.exe [869184] =>PUP.Minibar
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://istart.webssearches.com =>Hijacker.WebsSearches
O69 - SBI: SearchScopes [HKCU] {006ee092-9658-4fd6-bd8e-a21a348e59f5} - (Web Search) - http://feed.snapdo.com =>Hijacker.SmartBar
O90 - PUC: "8B501B6E56F182443979D1DFA8309BD4" . (.SupraSavings.) -- c:\WINDOWS\Installer\{E6B105B8-1F65-4428-9397-1DFD8A03B94D}\icon64.ico =>PUP.SupraSavings
[MD5.9D0767859EE938C0C4FAC30693109843] [WIS][07/05/2014] (.SupraSavings - SupraSavings.) -- C:\Windows\Installer\66f4acd.msi [3162112] =>PUP.SupraSavings
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32 =>PUP.AdvancedSystemProtector
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS =>PUP.AdvancedSystemProtector
[HKCR\CLSID\{11111111-1111-1111-1111-110411411136}] (BetterDeals-11) =>PUP.BetterDeals
[HKCR\CLSID\{22222222-2222-2222-2222-220422412236}] (CrossriderApp0044136.Sandbox) =>PUP.CrossRider
SR - | Auto 11/04/2014 705136 | (IePluginService) . (.Cherished Technololgy LIMITED.) - C:\ProgramData\IePluginService\PluginService.exe =>Trojan.SProtector
SR - | Auto 05/05/2014 706560 | (xmkysecqun64) . (...) - C:\Program Files\003\xmkysecqun64.exe =>PUP.AdPeak
[HKLM\Software\Google\Chrome\Extensions\afjegdojkkoghnbiollpogeeimocanmk] =>PUP.SupraSavings^
[HKLM\Software\Google\Chrome\Extensions\cjcmpicjhnkfmkehehaanpfijomlhbbp] =>PUP.BetterDeals^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3}] =>PUP.SupraSavings^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411411136}] =>PUP.BetterDeals^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}] =>PUP.SupTab^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}] =>PUP.ShopperPro^
[HKLM\SYSTEM\CurrentControlSet\Services\IePluginService] =>Trojan.SProtector^
[HKLM\SYSTEM\CurrentControlSet\Services\xmkysecqun64] =>PUP.AdPeak^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BetterDeals-11] =>PUP.BetterDeals^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E6B105B8-1F65-4428-9397-1DFD8A03B94D}] =>PUP.SupraSavings^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\webssearches uninstaller] =>Hijacker.WebsSearches^
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}] =>Hijacker.SmartBar
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Agence-Exclusive] =>Spyware.AgenceExclusive
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKCU\Software\SmartbarBackup] =>Hijacker.SmartBar
[HKCU\Software\SmartbarLog] =>Hijacker.SmartBar
[HKLM\Software\Wow6432Node\Tutorials] =>Spyware.AgenceExclusive
[HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider
[HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\Classes\SpeedUpMyPC] =>PUP.SpeedUpMyPC
[HKLM\Software\Classes\CrossriderApp0044136.BHO] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0044136.BHO.1] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0044136.Sandbox] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0044136.Sandbox.1] =>PUP.CrossRider
[HKLM\Software\Classes\Iminent] =>Adware.IMBooster
[HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110411411136}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220422412236}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0044136.BHO] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0044136.BHO.1] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0044136.Sandbox] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0044136.Sandbox.1] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110411411136}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220422412236}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411411136}] =>PUP.CrossRider
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:fst_fr_174 =>Adware.FreeSoftToday^
C:\Users\alexandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\afjegdojkkoghnbiollpogeeimocanmk =>PUP.SupraSavings^
C:\Users\alexandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjcmpicjhnkfmkehehaanpfijomlhbbp =>PUP.BetterDeals^
C:\Program Files (x86)\BetterDeals-11 =>PUP.BetterDeals^
C:\Program Files (x86)\IminentToolbar =>Adware.IMBooster^
C:\Program Files (x86)\ShopperPro =>PUP.ShopperPro^
C:\Program Files (x86)\SupraSavings =>PUP.SupraSavings^
C:\Program Files (x86)\SupTab =>PUP.SupTab^
C:\ProgramData\IePluginService =>Trojan.SProtector^
C:\ProgramData\WPM =>PUP.WpManager^
C:\Users\alexandra\AppData\Roaming\IminentToolbar =>Adware.IMBooster^
C:\Users\alexandra\AppData\Roaming\Nosibay =>PUP.BubbleDock^
C:\Users\alexandra\AppData\Roaming\SupTab =>PUP.SupTab^
C:\Users\alexandra\AppData\Roaming\webssearches =>Hijacker.WebsSearches^
C:\Users\alexandra\AppData\Local\Installer =>Adware.InstallPedia
C:\Users\alexandra\AppData\Local\Temp\Iminent =>Adware.IMBooster
C:\Users\alexandra\AppData\Local\Temp\Smartbar =>Hijacker.SmartBar
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application^
C:\Program Files (x86)\BetterDeals-11\BetterDeals-11-chromeinstaller.exe =>PUP.BetterDeals^
C:\Program Files (x86)\BetterDeals-11\BetterDeals-11-firefoxinstaller.exe =>PUP.BetterDeals^
C:\Users\alexandra\AppData\Roaming\webssearches\UninstallManager.exe =>Hijacker.WebsSearches^
C:\Program Files (x86)\BetterDeals-11\Uninstall.exe =>PUP.BetterDeals^
C:\Windows\Tasks\BetterDeals-11-chromeinstaller.job =>PUP.BetterDeals^
C:\Windows\System32\Tasks\BetterDeals-11-chromeinstaller =>PUP.BetterDeals^
C:\Windows\Tasks\BetterDeals-11-codedownloader.job =>PUP.BetterDeals^
C:\Windows\System32\Tasks\BetterDeals-11-codedownloader =>PUP.BetterDeals^
C:\Windows\Tasks\BetterDeals-11-enabler.job =>PUP.BetterDeals^
C:\Windows\System32\Tasks\BetterDeals-11-enabler =>PUP.BetterDeals^
C:\Windows\Tasks\BetterDeals-11-firefoxinstaller.job =>PUP.BetterDeals^
C:\Windows\System32\Tasks\BetterDeals-11-firefoxinstaller =>PUP.BetterDeals^
C:\Windows\Tasks\BetterDeals-11-updater.job =>PUP.BetterDeals^
C:\Windows\System32\Tasks\BetterDeals-11-updater =>PUP.BetterDeals^
[HKCU\Software\AnyProtect] =>PUP.AnyProtect^
[HKCU\Software\AppDataLow\Software\BetterDeals-11] =>PUP.BetterDeals^
[HKCU\Software\AppDataLow\Software\Supra Savings] =>PUP.SupraSavings^
[HKCU\Software\AppDataLow\Software\suprasavings] =>PUP.SupraSavings^
[HKCU\Software\Goobzo] =>PUP.Goobzo^
[HKCU\Software\SupraSavings] =>PUP.SupraSavings^
[HKLM\Software\LevelQualityWatcher] =>PUP.LevelQualityWatcher^
[HKLM\Software\Pirrit] =>PUP.PirritSuggestor^
[HKLM\Software\Wow6432Node\AGENCE-EXCLUSIVE] =>PUP.AgenceExcusive^
[HKLM\Software\Wow6432Node\FreeSoftToDay] =>Adware.FreeSoftToday^
[HKLM\Software\Wow6432Node\Goobzo] =>PUP.Goobzo^
[HKLM\Software\Wow6432Node\Pirrit] =>PUP.PirritSuggestor^
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager^
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab^
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager^
[HKLM\Software\Wow6432Node\webssearchesSoftware] =>Hijacker.WebsSearches^
[HKLM\Software\suprasavings] =>PUP.SupraSavings^
C:\Windows\Installer\66f4acd.msi =>PUP.SupraSavings^
[HKCR\CLSID\{11111111-1111-1111-1111-110411411136}] (BetterDeals-11) =>PUP.BetterDeals^
[HKCR\CLSID\{22222222-2222-2222-2222-220422412236}] (CrossriderApp0044136.Sandbox) =>PUP.CrossRider^
O45 - LFCP:[MD5.EBE036C3640E75F5A176C6D5F33EF58F] - 05/05/2014 - 15:56:55 ---A- - C:\Windows\Prefetch\SEARCHPROTECT_2111-1A12A8CE.E-3EEEC216.pf =>Toolbar.Conduit
O61 - LFC: 05/05/2014 - 17:38:20 ---A- . (.Conduit.) -- C:\Users\alexandra\AppData\Local\Temp\n474\searchprotect_2111-1a12a8ce.exe [66368] =>Toolbar.Conduit
C:\Users\alexandra\AppData\Local\Temp\nsc16AD.exe =>Toolbar.Conduit
C:\Users\alexandra\AppData\Local\Temp\nsq34BE.exe =>Toolbar.Conduit
C:\Users\alexandra\AppData\Local\Temp\nssBE28.exe =>Toolbar.Conduit
C:\Users\alexandra\AppData\Local\Temp\nstC0E8.exe =>Toolbar.Conduit
C:\Users\alexandra\AppData\Local\Temp\nsv11F9.exe =>Toolbar.Conduit
http://nicolascoolman.byethost7.com/wordpress/toolbar-conduit/ =>Toolbar.Conduit
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
[MD5.2A3FB4C98F139038E23330D2439DB8A4] - (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\alexandra\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096] [PID.3916]
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R3 - URLSearchHook: (no name) [64Bits] - {e4f7b179-a3f6-47d8-9832-cb7b2627312a} . (.Microsoft Corporation - Navigateur Internet.) (No version) -- (.not file.)
[HKCU\Software\InstalledThirdPartyPrograms]
[HKCU\Software\systweak]
[HKLM\Software\InstalledThirdPartyPrograms]
[HKLM\Software\Wow6432Node\systweak]
O43 - CFD: 05/05/2014 - 17:17:39 - [0] ----D C:\Program Files (x86)\predm
O43 - CFD: 05/05/2014 - 17:23:42 - [] ----D C:\Users\alexandra\AppData\Roaming\systweak
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
G1 - GCS: Preference [User Data\Default] None
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1
O44 - LFC:[MD5.2B2ACEEAA42B3AFA1BA86587F0191D90] - 05/05/2014 - 08:28:05 ---A- . (...) -- C:\Windows\System32\nbspkrs.ico [17454]
FirewallRaz
PROXYFix
EmptyTemp
EmptyFlash
EmptyClsid
SysRestore
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application
G2 - GCE: Preference [User Data\Default] [afjegdojkkoghnbiollpogeeimocanmk] SupraSavings v.5.0, (Activ�) =>PUP.SupraSavings
G2 - GCE: Preference [User Data\Default] [cjcmpicjhnkfmkehehaanpfijomlhbbp] BetterDeals-11 v.1.26.37, (Activ�) =>PUP.BetterDeals
G2 - EXT: C:\Users\alexandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\afjegdojkkoghnbiollpogeeimocanmk [SupraSavings] =>PUP.SupraSavings
G2 - EXT: C:\Users\alexandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjcmpicjhnkfmkehehaanpfijomlhbbp [BetterDeals-11] =>PUP.BetterDeals
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com =>Hijacker.SmartBar
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com =>Hijacker.WebsSearches
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com =>Hijacker.SmartBar
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com =>Hijacker.WebsSearches
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com =>Hijacker.WebsSearches
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.com =>Hijacker.SmartBar
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.com =>Hijacker.SmartBar
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com =>Hijacker.WebsSearches
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com =>Hijacker.WebsSearches
O2 - BHO: 2rs3 [64Bits] - {10AD2C61-0898-4348-8600-14A342F22AC3} . (...) -- C:\Program Files (x86)\SupraSavings\2rs3.dll =>PUP.SupraSavings
O2 - BHO: CrossriderApp0044136 [64Bits] - {11111111-1111-1111-1111-110411411136} . (.BetterDeals - BetterDeals-11 BHO.) -- C:\Program Files (x86)\BetterDeals-11\BetterDeals-11-bho.dll =>PUP.BetterDeals
O2 - BHO: IETabPage Class [64Bits] - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} . (.Thinknice Co. Limited - SupTab setup package.) -- C:\Program Files (x86)\SupTab\SupTab.dll =>PUP.SupTab
O2 - BHO: (no name) [64Bits] - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} Cl� orpheline
O2 - BHO: ShopperProBHO [64Bits] - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} Cl� orpheline =>PUP.ShopperPro
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://istart.webssearches.com =>Hijacker.WebsSearches
O4 - GS\Program [alexandra]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com =>Hijacker.WebsSearches
O4 - HKLM\..\Wow6432Node\Run: [fst_fr_174] Cl� orpheline =>Adware.FreeSoftToday
O4 - HKLM\..\Wow6432Node\Run: [stv_fr_4] Cl� orpheline =>PUP.Eorezo
O23 - Service: IePlugin Service (IePluginService) . (.Cherished Technololgy LIMITED - IePlugin Service.) - C:\ProgramData\IePluginService\PluginService.exe =>Trojan.SProtector
O23 - Service: xmkysecqun64 (xmkysecqun64) . (...) - C:\Program Files\003\xmkysecqun64.exe =>PUP.AdPeak
[MD5.4C5049D5A43D54C13CEA8E96D79F7B10] [APT] [BetterDeals-11-chromeinstaller] (.BetterDeals.) -- C:\Program Files (x86)\BetterDeals-11\BetterDeals-11-chromeinstaller.exe [471040] =>PUP.BetterDeals
[MD5.00000000000000000000000000000000] [APT] [BetterDeals-11-codedownloader] (...) -- C:\Program Files (x86)\BetterDeals-11\BetterDeals-11-codedownloader.exe (.not file.) [0] =>PUP.BetterDeals
[MD5.00000000000000000000000000000000] [APT] [BetterDeals-11-enabler] (...) -- C:\Program Files (x86)\BetterDeals-11\BetterDeals-11-enabler.exe (.not file.) [0] =>PUP.BetterDeals
[MD5.62CE19EC0BA5FE66B523ACF961460994] [APT] [BetterDeals-11-firefoxinstaller] (.BetterDeals.) -- C:\Program Files (x86)\BetterDeals-11\BetterDeals-11-firefoxinstaller.exe [732160] =>PUP.BetterDeals
[MD5.00000000000000000000000000000000] [APT] [BetterDeals-11-updater] (...) -- C:\Program Files (x86)\BetterDeals-11\BetterDeals-11-updater.exe (.not file.) [0] =>PUP.BetterDeals
[MD5.CE43EA83E0B7430F2AD06C97573E1EE8] [APT] [{8F9BBAB5-2309-41C7-B13D-D70794A3760E}] (.Skytech Co., Ltd..) -- C:\Users\alexandra\AppData\Roaming\webssearches\UninstallManager.exe [664184] =>Hijacker.WebsSearches
[MD5.DF09CE7364209197CFC73EE28F611C0E] [APT] [{AAA4C2A4-A289-414F-9E5E-8C5F1D24DF7E}] (...) -- C:\Program Files (x86)\BetterDeals-11\Uninstall.exe [115200] =>PUP.BetterDeals
O39 - APT: BetterDeals-11-chromeinstaller - (.BetterDeals.) -- C:\Windows\Tasks\BetterDeals-11-chromeinstaller.job [1996] =>PUP.BetterDeals
O39 - APT: BetterDeals-11-chromeinstaller - (.BetterDeals.) -- C:\Windows\System32\Tasks\BetterDeals-11-chromeinstaller [1996] =>PUP.BetterDeals
O39 - APT: BetterDeals-11-codedownloader - (...) -- C:\Windows\Tasks\BetterDeals-11-codedownloader.job [1282] =>PUP.BetterDeals
O39 - APT: BetterDeals-11-codedownloader - (...) -- C:\Windows\System32\Tasks\BetterDeals-11-codedownloader [1282] =>PUP.BetterDeals
O39 - APT: BetterDeals-11-enabler - (...) -- C:\Windows\Tasks\BetterDeals-11-enabler.job [1182] =>PUP.BetterDeals
O39 - APT: BetterDeals-11-enabler - (...) -- C:\Windows\System32\Tasks\BetterDeals-11-enabler [1182] =>PUP.BetterDeals
O39 - APT: BetterDeals-11-firefoxinstaller - (.BetterDeals.) -- C:\Windows\Tasks\BetterDeals-11-firefoxinstaller.job [1920] =>PUP.BetterDeals
O39 - APT: BetterDeals-11-firefoxinstaller - (.BetterDeals.) -- C:\Windows\System32\Tasks\BetterDeals-11-firefoxinstaller [1920] =>PUP.BetterDeals
O39 - APT: BetterDeals-11-updater - (...) -- C:\Windows\Tasks\BetterDeals-11-updater.job [1376] =>PUP.BetterDeals
O39 - APT: BetterDeals-11-updater - (...) -- C:\Windows\System32\Tasks\BetterDeals-11-updater [1376] =>PUP.BetterDeals
O42 - Logiciel: BetterDeals-11 - (.BetterDeals.) [HKLM][64Bits] -- BetterDeals-11 =>PUP.BetterDeals
O42 - Logiciel: SupraSavings - (.SupraSavings.) [HKLM][64Bits] -- {E6B105B8-1F65-4428-9397-1DFD8A03B94D} =>PUP.SupraSavings
O42 - Logiciel: webssearches uninstaller - (.webssearches.) [HKLM][64Bits] -- webssearches uninstaller =>Hijacker.WebsSearches
[HKCU\Software\AnyProtect] =>PUP.AnyProtect
[HKCU\Software\AppDataLow\Software\BetterDeals-11] =>PUP.BetterDeals
[HKCU\Software\AppDataLow\Software\Supra Savings] =>PUP.SupraSavings
[HKCU\Software\AppDataLow\Software\suprasavings] =>PUP.SupraSavings
[HKCU\Software\Goobzo] =>PUP.Goobzo
[HKCU\Software\InstalledBrowserExtensions] =>Adware.VidSaver
[HKCU\Software\SmartbarBackup] =>Hijacker.SmartBar
[HKCU\Software\SmartbarLog] =>Hijacker.SmartBar
[HKCU\Software\SupraSavings] =>PUP.SupraSavings
[HKCU\Software\TutoTag] =>AgenceExclusive
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\LevelQualityWatcher] =>PUP.LevelQualityWatcher
[HKLM\Software\Pirrit] =>PUP.PirritSuggestor
[HKLM\Software\Wow6432Node\AGENCE-EXCLUSIVE] =>PUP.AgenceExcusive
[HKLM\Software\Wow6432Node\FreeSoftToDay] =>Adware.FreeSoftToday
[HKLM\Software\Wow6432Node\Goobzo] =>PUP.Goobzo
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Pirrit] =>PUP.PirritSuggestor
[HKLM\Software\Wow6432Node\Tutorials] =>AgenceExclusive
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager
[HKLM\Software\Wow6432Node\webssearchesSoftware] =>Hijacker.WebsSearches
[HKLM\Software\suprasavings] =>PUP.SupraSavings
O43 - CFD: 05/05/2014 - 16:19:17 - [] ----D C:\Program Files (x86)\BetterDeals-11 =>PUP.BetterDeals
O43 - CFD: 05/05/2014 - 18:48:42 - [0] ----D C:\Program Files (x86)\IminentToolbar =>Adware.IMBooster
O43 - CFD: 06/05/2014 - 19:55:22 - [] ----D C:\Program Files (x86)\ShopperPro =>PUP.ShopperPro
O43 - CFD: 07/05/2014 - 13:15:53 - [] ----D C:\Program Files (x86)\SupraSavings =>PUP.SupraSavings
O43 - CFD: 05/05/2014 - 16:22:09 - [] ----D C:\Program Files (x86)\SupTab =>PUP.SupTab
O43 - CFD: 05/05/2014 - 16:22:04 - [] ----D C:\ProgramData\IePluginService =>Trojan.SProtector
O43 - CFD: 05/05/2014 - 16:21:57 - [] ----D C:\ProgramData\WPM =>PUP.WpManager
O43 - CFD: 05/05/2014 - 18:45:50 - [] ----D C:\Users\alexandra\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
O43 - CFD: 05/05/2014 - 18:46:08 - [] ----D C:\Users\alexandra\AppData\Roaming\IminentToolbar =>Adware.IMBooster
O43 - CFD: 06/05/2014 - 19:51:32 - [0] ----D C:\Users\alexandra\AppData\Roaming\Nosibay =>PUP.BubbleDock
O43 - CFD: 05/05/2014 - 16:22:04 - [] ----D C:\Users\alexandra\AppData\Roaming\SupTab =>PUP.SupTab
O43 - CFD: 05/05/2014 - 17:09:47 - [] ----D C:\Users\alexandra\AppData\Roaming\webssearches =>Hijacker.WebsSearches
O44 - LFC:[MD5.13014E17D8DB6432FAB9BB94E01BDBF2] - 05/05/2014 - 15:57:35 ---A- . (.System Speedup - System Speedup.) -- C:\Windows\System32\roboot64.exe [19544] =>PUP.SystemSpeedup
O45 - LFCP:[MD5.7384263410CA7148591047AC541AEA10] - 05/05/2014 - 16:11:43 ---A- - C:\Windows\Prefetch\ANYPROTECT.EXE-53752276.pf =>PUP.AnyProtect
O45 - LFCP:[MD5.C9FB921F09E651220A6A6BBDE5DC1B5D] - 05/05/2014 - 16:08:45 ---A- - C:\Windows\Prefetch\ANYPROTECTSCANNERSETUP.EXE-C9249105.pf =>PUP.AnyProtect
O45 - LFCP:[MD5.42D6479E9D029F217E35D71E0DEACA8D] - 09/05/2014 - 15:16:10 ---A- - C:\Windows\Prefetch\BETTERDEALS-11-CHROMEINSTALLE-0494B93C.pf =>PUP.BetterDeals
O45 - LFCP:[MD5.D88843E2584FBA13D9F51D11FA309771] - 09/05/2014 - 15:17:01 ---A- - C:\Windows\Prefetch\BETTERDEALS-11-FIREFOXINSTALL-CA48FBE5.pf =>PUP.BetterDeals
O45 - LFCP:[MD5.F652CDFF9709F95C9E54E26615751FB2] - 06/05/2014 - 14:55:04 ---A- - C:\Windows\Prefetch\BUBBLE DOCK.EXE-152A2876.pf =>PUP.BubbleDock
O45 - LFCP:[MD5.A7005385E2E5F8C1A7E11C59D528D07A] - 05/05/2014 - 17:45:12 ---A- - C:\Windows\Prefetch\BUBBLEDOCK_FR_0210-6F5BB19E.E-0608E3D8.pf =>PUP.BubbleDock
O45 - LFCP:[MD5.09A69E3EDAF03D536F49130F2CB06C49] - 05/05/2014 - 17:46:06 ---A- - C:\Windows\Prefetch\IMINENTMINIBARIE.EXE-3D2AC70F.pf =>PUP.Minibar
O45 - LFCP:[MD5.AA80412A1B6FFC12B110C27E98D63E08] - 05/05/2014 - 17:48:47 ---A- - C:\Windows\Prefetch\IMINENTUNINSTALL.EXE-9087B9EC.pf =>Adware.IMBooster
O45 - LFCP:[MD5.5CAF3581BD6CBE777CD995D8BE6D08A7] - 05/05/2014 - 17:45:49 ---A- - C:\Windows\Prefetch\MINIBARFIREFOX.EXE-13B02DDC.pf =>PUP.Minibar
O45 - LFCP:[MD5.2C658F80F68AE492757F657A30863240] - 05/05/2014 - 16:17:28 ---A- - C:\Windows\Prefetch\PACKAGE_STARTERTV_INSTALLER_M-6A4AAD96.pf =>Adware.StarterTV
O45 - LFCP:[MD5.23C9B9B68D3F4845BA2D8A659C63EF62] - 05/05/2014 - 15:57:04 ---A- - C:\Windows\Prefetch\PIRRITSUGGESTOR_0104-1D309B60-42496B75.pf =>PUP.PirritSuggestor
O45 - LFCP:[MD5.FA2C59208DF75FF174A149E3F66098DE] - 05/05/2014 - 16:18:04 ---A- - C:\Windows\Prefetch\SETUP_AGEX_STARTERTV_FR_20.TM-B4E68277.pf =>Adware.StarterTV
O45 - LFCP:[MD5.D78444448757551F9A4FAB3D473EA75D] - 06/05/2014 - 18:55:20 ---A- - C:\Windows\Prefetch\SHOPPERPRO.EXE-538C1137.pf =>PUP.ShopperPro
O45 - LFCP:[MD5.FD2C7013DF8A639A4E7285148CE0BD11] - 05/05/2014 - 15:18:01 ---A- - C:\Windows\Prefetch\SPEEDUPMYPC-STANDALONE-SETUP.-7D7E904C.pf =>PUP.SpeedUpMyPC
O45 - LFCP:[MD5.F28BFD0CD40A3AA59C456F02C8A73D5D] - 05/05/2014 - 15:17:20 ---A- - C:\Windows\Prefetch\SPEEDUPMYPC.TMP-DC77516F.pf =>PUP.SpeedUpMyPC
O45 - LFCP:[MD5.1ADB6055CA8D183EEA111CE1B2AEACED] - 05/05/2014 - 15:16:25 ---A- - C:\Windows\Prefetch\SPEEDUPMYPC_CP_FR_1704-0FC507-AA7BD169.pf =>PUP.SpeedUpMyPC
O45 - LFCP:[MD5.B9875CE7028006A2B3EEA04EF5B6C3B7] - 06/05/2014 - 18:50:02 ---A- - C:\Windows\Prefetch\UNINSTALL BUBBLE DOCK.EXE-C0750425.pf =>PUP.BubbleDock
O45 - LFCP:[MD5.6F1A9FA69B52B29891310B1DEC437A20] - 06/05/2014 - 18:49:52 ---A- - C:\Windows\Prefetch\UNINSTALL BUBBLE DOCK.EXE-C9D94608.pf =>PUP.BubbleDock
O45 - LFCP:[MD5.C9F3192B53B447A3AC0BE2D33EAD8B84] - 05/05/2014 - 16:13:04 ---A- - C:\Windows\Prefetch\UPFST_FR_174.EXE-CE9A80CC.pf =>Adware.FreeSoftToday
O45 - LFCP:[MD5.7CE5A45CF4202C60B54A06776BAA2755] - 05/05/2014 - 15:57:08 ---A- - C:\Windows\Prefetch\VOPACKAGE.EXE-FA63595D.pf =>Adware.Downware
O50 - IFEO:Image File Execution Options - DatamngrCoordinator.exe - tasklist.exe =>PUP.Datamngr
O58 - SDL:18/03/2014 - 15:12:04 ---A- . (.SecureAssist - WFP driver.) -- C:\Windows\System32\Drivers\SAWFP64.sys [41768] =>PUP.SupraSavings
O61 - LFC: 05/05/2014 - 17:38:19 ---A- . (...) -- C:\Users\alexandra\AppData\Local\Temp\Install_3391\shopperprojs.exe [2328584] =>PUP.ShopperPro
O61 - LFC: 05/05/2014 - 17:38:19 ---A- . (...) -- C:\Users\alexandra\AppData\Local\Temp\fullpackage_temp1399299324\tmp\SupTab.exe [2871304] =>PUP.SupTab
O61 - LFC: 05/05/2014 - 17:38:19 ---A- . (.Cherished Technololgy LIMITED.) -- C:\Users\alexandra\AppData\Local\Temp\fullpackage_temp1399299324\tmp\wpm.exe [566272] =>PUP.WpManager
O61 - LFC: 05/05/2014 - 17:38:19 ---A- . (.Nosibay.) -- C:\Users\alexandra\AppData\Local\Temp\n1717\BubbleDock_FR_0210-6f5bb19e.exe [372856] =>PUP.BubbleDock
O61 - LFC: 05/05/2014 - 17:38:19 ---A- . (.SIEN.) -- C:\Users\alexandra\AppData\Local\Temp\n1717\Iminent_1712-b2fcad5e.exe [2167160] =>Adware.IMBooster
O61 - LFC: 05/05/2014 - 17:38:19 ---A- . (.Uniblue Systems Limited.) -- C:\Users\alexandra\AppData\Local\Temp\is-AGUTE.tmp\SpeedUpMyPC-standalone-setup.exe [19166848] =>PUP.SpeedUpMyPC
O61 - LFC: 05/05/2014 - 17:38:20 ---A- . (...) -- C:\Users\alexandra\AppData\Local\Temp\n3367\snapdo_YAEN_0804-53e50a96.exe [10919456] =>Hijacker.SmartBar
O61 - LFC: 05/05/2014 - 17:38:20 ---A- . (...) -- C:\Users\alexandra\AppData\Local\Temp\n474\VOPackage.exe [296161] =>Adware.Downware
O61 - LFC: 05/05/2014 - 17:38:20 ---A- . (...) -- C:\Users\alexandra\AppData\Local\Temp\n5114\speedupmypc_CP_FR_1704-0fc50740.exe [123462] =>PUP.SpeedUpMyPC
O61 - LFC: 05/05/2014 - 17:38:20 ---A- . (...) -- C:\Users\alexandra\AppData\Local\Temp\n5114\suprasavings_2703-e3e04064.exe [1391718] =>PUP.SupraSavings
O61 - LFC: 05/05/2014 - 17:38:20 ---A- . (.Elbftouegt.) -- C:\Users\alexandra\AppData\Local\Temp\n5114\BetterDeals_3110-0b85a6f6.exe [5442865] =>PUP.BetterDeals
O61 - LFC: 05/05/2014 - 17:38:20 ---A- . (.GOOBZO.) -- C:\Users\alexandra\AppData\Local\Temp\SAINST\engine.dll [2275176] =>PUP.Goobzo
O61 - LFC: 05/05/2014 - 17:38:20 ---A- . (.GOOBZO.) -- C:\Users\alexandra\AppData\Local\Temp\SAINST\helper.dll [199528] =>PUP.Goobzo
O61 - LFC: 05/05/2014 - 17:38:20 ---A- . (.Pirrit Solutions.) -- C:\Users\alexandra\AppData\Local\Temp\n474\PirritSuggestor_0104-1d309b60.exe [4448304] =>PUP.PirritSuggestor
O61 - LFC: 05/05/2014 - 17:38:20 ---A- . (.Wish Application.) -- C:\Users\alexandra\AppData\Local\Temp\n5114\webssearches_2204-4f51fbbc.exe [596120] =>Hijacker.WebsSearches
O61 - LFC: 05/05/2014 - 17:38:21 ---A- . (.GOOBZO.) -- C:\Users\alexandra\AppData\Local\Temp\SAINST\Res.dll [392552] =>PUP.Goobzo
O61 - LFC: 05/05/2014 - 17:38:21 ---A- . (.GOOBZO.) -- C:\Users\alexandra\AppData\Local\Temp\SAINST\YouTubeAccelerator.exe [2218856] =>PUP.Goobzo
O61 - LFC: 05/05/2014 - 17:38:21 ---A- . (.GOOBZO.) -- C:\Users\alexandra\AppData\Local\Temp\SAINST\YouTubeAcceleratorService.exe [1502056] =>PUP.Goobzo
O61 - LFC: 05/05/2014 - 17:38:21 ---A- . (.GOOBZO.) -- C:\Users\alexandra\AppData\Local\Temp\SAINST\ipc.dll [284520] =>PUP.Goobzo
O61 - LFC: 05/05/2014 - 17:38:21 ---A- . (.GOOBZO.) -- C:\Users\alexandra\AppData\Local\Temp\SAINST\lspinst.exe [1420136] =>PUP.Goobzo
O61 - LFC: 05/05/2014 - 17:38:21 ---A- . (.GOOBZO.) -- C:\Users\alexandra\AppData\Local\Temp\SAINST\lspinst2.exe [1653608] =>PUP.Goobzo
O61 - LFC: 05/05/2014 - 17:38:21 ---A- . (.GOOBZO.) -- C:\Users\alexandra\AppData\Local\Temp\SAINST\testlsp.exe [1485672] =>PUP.Goobzo
O61 - LFC: 05/05/2014 - 17:38:21 ---A- . (.GOOBZO.) -- C:\Users\alexandra\AppData\Local\Temp\SAINST\xmldb.dll [189800] =>PUP.Goobzo
O61 - LFC: 05/05/2014 - 17:38:21 ---A- . (.GOOBZO.) -- C:\Users\alexandra\AppData\Local\Temp\SAINST\ytalsp.dll [177512] =>PUP.Goobzo
O61 - LFC: 05/05/2014 - 17:38:21 ---A- . (.Goobzo.) -- C:\Users\alexandra\AppData\Local\Temp\SAINST\updater.exe [726888] =>PUP.Goobzo
O61 - LFC: 05/05/2014 - 17:38:22 ---A- . (...) -- C:\Users\alexandra\AppData\Local\Temp\smartbar\GuidCreator.dll [7680] =>Hijacker.SmartBar
O61 - LFC: 05/05/2014 - 17:38:22 ---A- . (.Uniblue Systems Limited.) -- C:\Users\alexandra\AppData\Local\Temp\speedupmypc.exe [1278312] =>PUP.SpeedUpMyPC
O61 - LFC: 05/05/2014 - 17:38:32 ---A- . (.Sien SA.) -- C:\Users\alexandra\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl\minibarchrome.exe [869184] =>PUP.Minibar
O68 - StartMenuInternet:
O69 - SBI: SearchScopes [HKCU] {006ee092-9658-4fd6-bd8e-a21a348e59f5} - (Web Search) - http://feed.snapdo.com =>Hijacker.SmartBar
O90 - PUC: "8B501B6E56F182443979D1DFA8309BD4" . (.SupraSavings.) -- c:\WINDOWS\Installer\{E6B105B8-1F65-4428-9397-1DFD8A03B94D}\icon64.ico =>PUP.SupraSavings
[MD5.9D0767859EE938C0C4FAC30693109843] [WIS][07/05/2014] (.SupraSavings - SupraSavings.) -- C:\Windows\Installer\66f4acd.msi [3162112] =>PUP.SupraSavings
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32 =>PUP.AdvancedSystemProtector
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS =>PUP.AdvancedSystemProtector
[HKCR\CLSID\{11111111-1111-1111-1111-110411411136}] (BetterDeals-11) =>PUP.BetterDeals
[HKCR\CLSID\{22222222-2222-2222-2222-220422412236}] (CrossriderApp0044136.Sandbox) =>PUP.CrossRider
SR - | Auto 11/04/2014 705136 | (IePluginService) . (.Cherished Technololgy LIMITED.) - C:\ProgramData\IePluginService\PluginService.exe =>Trojan.SProtector
SR - | Auto 05/05/2014 706560 | (xmkysecqun64) . (...) - C:\Program Files\003\xmkysecqun64.exe =>PUP.AdPeak
[HKLM\Software\Google\Chrome\Extensions\afjegdojkkoghnbiollpogeeimocanmk] =>PUP.SupraSavings^
[HKLM\Software\Google\Chrome\Extensions\cjcmpicjhnkfmkehehaanpfijomlhbbp] =>PUP.BetterDeals^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3}] =>PUP.SupraSavings^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411411136}] =>PUP.BetterDeals^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}] =>PUP.SupTab^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}] =>PUP.ShopperPro^
[HKLM\SYSTEM\CurrentControlSet\Services\IePluginService] =>Trojan.SProtector^
[HKLM\SYSTEM\CurrentControlSet\Services\xmkysecqun64] =>PUP.AdPeak^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BetterDeals-11] =>PUP.BetterDeals^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E6B105B8-1F65-4428-9397-1DFD8A03B94D}] =>PUP.SupraSavings^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\webssearches uninstaller] =>Hijacker.WebsSearches^
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}] =>Hijacker.SmartBar
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Agence-Exclusive] =>Spyware.AgenceExclusive
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKCU\Software\SmartbarBackup] =>Hijacker.SmartBar
[HKCU\Software\SmartbarLog] =>Hijacker.SmartBar
[HKLM\Software\Wow6432Node\Tutorials] =>Spyware.AgenceExclusive
[HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider
[HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\Classes\SpeedUpMyPC] =>PUP.SpeedUpMyPC
[HKLM\Software\Classes\CrossriderApp0044136.BHO] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0044136.BHO.1] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0044136.Sandbox] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0044136.Sandbox.1] =>PUP.CrossRider
[HKLM\Software\Classes\Iminent] =>Adware.IMBooster
[HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110411411136}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220422412236}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0044136.BHO] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0044136.BHO.1] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0044136.Sandbox] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0044136.Sandbox.1] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110411411136}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220422412236}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411411136}] =>PUP.CrossRider
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:fst_fr_174 =>Adware.FreeSoftToday^
C:\Users\alexandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\afjegdojkkoghnbiollpogeeimocanmk =>PUP.SupraSavings^
C:\Users\alexandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjcmpicjhnkfmkehehaanpfijomlhbbp =>PUP.BetterDeals^
C:\Program Files (x86)\BetterDeals-11 =>PUP.BetterDeals^
C:\Program Files (x86)\IminentToolbar =>Adware.IMBooster^
C:\Program Files (x86)\ShopperPro =>PUP.ShopperPro^
C:\Program Files (x86)\SupraSavings =>PUP.SupraSavings^
C:\Program Files (x86)\SupTab =>PUP.SupTab^
C:\ProgramData\IePluginService =>Trojan.SProtector^
C:\ProgramData\WPM =>PUP.WpManager^
C:\Users\alexandra\AppData\Roaming\IminentToolbar =>Adware.IMBooster^
C:\Users\alexandra\AppData\Roaming\Nosibay =>PUP.BubbleDock^
C:\Users\alexandra\AppData\Roaming\SupTab =>PUP.SupTab^
C:\Users\alexandra\AppData\Roaming\webssearches =>Hijacker.WebsSearches^
C:\Users\alexandra\AppData\Local\Installer =>Adware.InstallPedia
C:\Users\alexandra\AppData\Local\Temp\Iminent =>Adware.IMBooster
C:\Users\alexandra\AppData\Local\Temp\Smartbar =>Hijacker.SmartBar
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application^
C:\Program Files (x86)\BetterDeals-11\BetterDeals-11-chromeinstaller.exe =>PUP.BetterDeals^
C:\Program Files (x86)\BetterDeals-11\BetterDeals-11-firefoxinstaller.exe =>PUP.BetterDeals^
C:\Users\alexandra\AppData\Roaming\webssearches\UninstallManager.exe =>Hijacker.WebsSearches^
C:\Program Files (x86)\BetterDeals-11\Uninstall.exe =>PUP.BetterDeals^
C:\Windows\Tasks\BetterDeals-11-chromeinstaller.job =>PUP.BetterDeals^
C:\Windows\System32\Tasks\BetterDeals-11-chromeinstaller =>PUP.BetterDeals^
C:\Windows\Tasks\BetterDeals-11-codedownloader.job =>PUP.BetterDeals^
C:\Windows\System32\Tasks\BetterDeals-11-codedownloader =>PUP.BetterDeals^
C:\Windows\Tasks\BetterDeals-11-enabler.job =>PUP.BetterDeals^
C:\Windows\System32\Tasks\BetterDeals-11-enabler =>PUP.BetterDeals^
C:\Windows\Tasks\BetterDeals-11-firefoxinstaller.job =>PUP.BetterDeals^
C:\Windows\System32\Tasks\BetterDeals-11-firefoxinstaller =>PUP.BetterDeals^
C:\Windows\Tasks\BetterDeals-11-updater.job =>PUP.BetterDeals^
C:\Windows\System32\Tasks\BetterDeals-11-updater =>PUP.BetterDeals^
[HKCU\Software\AnyProtect] =>PUP.AnyProtect^
[HKCU\Software\AppDataLow\Software\BetterDeals-11] =>PUP.BetterDeals^
[HKCU\Software\AppDataLow\Software\Supra Savings] =>PUP.SupraSavings^
[HKCU\Software\AppDataLow\Software\suprasavings] =>PUP.SupraSavings^
[HKCU\Software\Goobzo] =>PUP.Goobzo^
[HKCU\Software\SupraSavings] =>PUP.SupraSavings^
[HKLM\Software\LevelQualityWatcher] =>PUP.LevelQualityWatcher^
[HKLM\Software\Pirrit] =>PUP.PirritSuggestor^
[HKLM\Software\Wow6432Node\AGENCE-EXCLUSIVE] =>PUP.AgenceExcusive^
[HKLM\Software\Wow6432Node\FreeSoftToDay] =>Adware.FreeSoftToday^
[HKLM\Software\Wow6432Node\Goobzo] =>PUP.Goobzo^
[HKLM\Software\Wow6432Node\Pirrit] =>PUP.PirritSuggestor^
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager^
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab^
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager^
[HKLM\Software\Wow6432Node\webssearchesSoftware] =>Hijacker.WebsSearches^
[HKLM\Software\suprasavings] =>PUP.SupraSavings^
C:\Windows\Installer\66f4acd.msi =>PUP.SupraSavings^
[HKCR\CLSID\{11111111-1111-1111-1111-110411411136}] (BetterDeals-11) =>PUP.BetterDeals^
[HKCR\CLSID\{22222222-2222-2222-2222-220422412236}] (CrossriderApp0044136.Sandbox) =>PUP.CrossRider^
O45 - LFCP:[MD5.EBE036C3640E75F5A176C6D5F33EF58F] - 05/05/2014 - 15:56:55 ---A- - C:\Windows\Prefetch\SEARCHPROTECT_2111-1A12A8CE.E-3EEEC216.pf =>Toolbar.Conduit
O61 - LFC: 05/05/2014 - 17:38:20 ---A- . (.Conduit.) -- C:\Users\alexandra\AppData\Local\Temp\n474\searchprotect_2111-1a12a8ce.exe [66368] =>Toolbar.Conduit
C:\Users\alexandra\AppData\Local\Temp\nsc16AD.exe =>Toolbar.Conduit
C:\Users\alexandra\AppData\Local\Temp\nsq34BE.exe =>Toolbar.Conduit
C:\Users\alexandra\AppData\Local\Temp\nssBE28.exe =>Toolbar.Conduit
C:\Users\alexandra\AppData\Local\Temp\nstC0E8.exe =>Toolbar.Conduit
C:\Users\alexandra\AppData\Local\Temp\nsv11F9.exe =>Toolbar.Conduit
http://nicolascoolman.byethost7.com/wordpress/toolbar-conduit/ =>Toolbar.Conduit
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
[MD5.2A3FB4C98F139038E23330D2439DB8A4] - (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\alexandra\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096] [PID.3916]
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R3 - URLSearchHook: (no name) [64Bits] - {e4f7b179-a3f6-47d8-9832-cb7b2627312a} . (.Microsoft Corporation - Navigateur Internet.) (No version) -- (.not file.)
[HKCU\Software\InstalledThirdPartyPrograms]
[HKCU\Software\systweak]
[HKLM\Software\InstalledThirdPartyPrograms]
[HKLM\Software\Wow6432Node\systweak]
O43 - CFD: 05/05/2014 - 17:17:39 - [0] ----D C:\Program Files (x86)\predm
O43 - CFD: 05/05/2014 - 17:23:42 - [] ----D C:\Users\alexandra\AppData\Roaming\systweak
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
G1 - GCS: Preference [User Data\Default] None
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1
O44 - LFC:[MD5.2B2ACEEAA42B3AFA1BA86587F0191D90] - 05/05/2014 - 08:28:05 ---A- . (...) -- C:\Windows\System32\nbspkrs.ico [17454]
FirewallRaz
PROXYFix
EmptyTemp
EmptyFlash
EmptyClsid
SysRestore