Publicité
Publicité
Format du document : text/plain
Prévisualisation
Rapport de ZHPDiag v2013.5.29.157 par Nicolas Coolman, Update du 29/05/2013
Run by modesta at 25/05/2013 12:25:26
WebSite: http://nicolascoolman.webs.com
State : Version � jour.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Deactivate by program
---\\ Web Browser
MSIE: Internet Explorer v10.0.9200.16576
MFIE: Mozilla Firefox 21.0 (Defaut)
---\\ Windows Product Information
~ Langage: Fran�ais
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 3Q6C9
Windows License : OK
~ Windows Remaining Initializations Number : 2
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System Protection
avast! Free Antivirus v8.0.1489.0
Spybot - Search & Destroy v1.6.2
Windows Defender W7
---\\ System Optimizer
CCleaner v4.00 =>Piriform Ltd
---\\ Peer To Peer (P2P)
Pando Media Booster v2.6.0.8
�Torrent v3.2.3.28705 =>P2P.�Torrent
---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.5 MUI
Java 7 Update 21
---\\ System Information
~ Processor: AMD64 Family 16 Model 6 Stepping 2, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2812 MB (42% free)
System Restore: Activ� (Enable)
System drive C: has 76 GB (26%) free of 284 GB
---\\ Logged in mode
~ Computer Name: MODESTA-PC
~ User Name: modesta
~ All Users Names: postgres, modesta, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\modesta\AppData\Roaming\
~ %Desktop% : C:\Users\modesta\Desktop\
~ %Favorites% : C:\Users\modesta\Favorites\
~ %LocalAppData% : C:\Users\modesta\AppData\Local\
~ %StartMenu% : C:\Users\modesta\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 76 Go of 284 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 0 Go of 13 Go)
E:\ Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
F:\ CD-ROM drive (Not Inserted)
G:\ CD-ROM drive (Not Inserted)
H:\ CD-ROM drive (Not Inserted)
I:\ CD-ROM drive (Not Inserted)
J:\ CD-ROM drive (Not Inserted)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified
~ Security Center: 37 Legitimates Filtered in 00mn 00s
---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de d�marrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.27A9000C534AA9BADC9EE74940F50C6D] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.05/04/2013 - 07:52:14.) -- C:\Windows\System32\wininet.dll [2242048]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d�ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioth�que de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du syst�me de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parall�le.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 01s
---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 2/22
~ Mes musiques (My Musics) : 2/165
~ Mes Videos (My Videos) : 2/43
~ Mes Favoris (My Favorites) : 1/67
~ Mes Documents (My Documents) : 2/1938
~ Mon Bureau (My Desktop) : 2/22947
~ Menu demarrer (Programs) : 1/50
~ Hidden Files: Scanned in 00mn 53s
---\\ Processus lanc�s
[MD5.349AB4F70E2AC44970894E7F03E1576E] - (.Huawei Technologies Co., Ltd. - DataCardMonitor MFC Application.) -- C:\ProgramData\DatacardService\DCSHelper.exe [236384] [PID.2132]
[MD5.019D774B725DCFD9A188F07764A32214] - (. Hewlett-Packard Development Company, L.P. - Quick Launch Buttons.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe [322104] [PID.3184]
[MD5.DFABD45F0D7665E88C617A6FC93F57EC] - (...) -- C:\Program Files (x86)\Orange\Orange Cl� 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\IEWLauncher.exe [251344] [PID.3680]
[MD5.BAA1780D73BFA212D97851FCD43F1DA3] - (...) -- C:\Program Files (x86)\Orange\Orange Cl� 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\HSSModule.exe [419280] [PID.4036]
[MD5.3F11B20D12D89365D7721BDC860CE5F0] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968] [PID.3160]
[MD5.0DE3C7622EC33126579B1742260F08C2] - (.Pas de propri�taire - HpqToaster Module.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe [632888] [PID.4776]
[MD5.95110A1C5A1D228AC1DDF6AB67D00BEB] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [920472] [PID.3648]
[MD5.6FC79A950476A5F539EEB65F9097C0A8] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [17304] [PID.3824]
[MD5.23AA0FDCBDD87D0B78092798C68312D8] - (.Adobe Systems, Inc. - Adobe Flash Player 11.7 r700.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe [1855880] [PID.4868]
[MD5.68B8D980999DC76367F23F390E8D9E35] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7417344] [PID.3436]
[MD5.28D6701C710AD7BA3CB95E75F8F1A9AA] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808] [PID.1448]
[MD5.F401929EE0CC92BFE7F15161CA535383] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55184] [PID.1568]
[MD5.C34411A244029F1C08687F7C752C4563] - (.Hewlett-Packard Company - LightScribe Service.) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728] [PID.2112]
[MD5.ACC93675D78D1C07DAD09D7837F2397A] - (.PostgreSQL Global Development Group - pg_ctl - starts/stops/restarts the PostgreS.) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [65536] [PID.2272]
[MD5.498EB62A160674E793FA40FD65390625] - (.Pas de propri�taire - RichVideo Module.) -- C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152] [PID.2292]
[MD5.D78830C645884DB617C50B264BFFEBA2] - (.PostgreSQL Global Development Group - PostgreSQL Server.) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe [3690496] [PID.2356]
[MD5.E5C796B621F6FBA8616511063D7F0FFE] - (.StarWind Software - StarWind iSCSI Target (Alcohol Edition).) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [370688] [PID.2380]
[MD5.794D4B48DFB6E999537C7C3947863463] - (.Safer Networking Ltd. - Spybot-S&D Security Center integration.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368] [PID.2552]
[MD5.9B7EDD3FE7C211C36E921D34D18A3A0A] - (.Hewlett-Packard Company - HP Software Framework WMI Service.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [1001376] [PID.1608]
[MD5.F9A79C5B27037821112C50A9C8FB367A] - (.Hewlett-Packard Development Company, L.P. - Com for QLB application.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [228408] [PID.4532]
[MD5.1BBBF640BC0E0B750537BAECE8D66C18] - (.Nero AG - NeroUpdate.) -- C:\Program Files (x86)\Nero\Update\NASvc.exe [641832] [PID.3560]
[MD5.3BA7C1D05B9262D332822C75E68709ED] - (.Sunbelt Software - Sunbelt Software Anti Malware Service.) -- C:\Program Files (x86)\Ascentive\Spyware Striker\SBAMSvc.exe [980264] [PID.3564]
~ Processes Running: Scanned in 00mn 02s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\modesta\AppData\Roaming\Mozilla\Firefox\Profiles\et9kzzm3.default\prefs.js
C:\Users\modesta\AppData\Roaming\Mozilla\Firefox\Profiles\et9kzzm3.default\user.js
C:\Users\modesta\AppData\Roaming\Mozilla\Firefox\Profiles\tkx0l4k9.default\prefs.js (.not file.)
C:\Users\modesta\AppData\Roaming\Mozilla\Firefox\Profiles\tkx0l4k9.default\user.js
M3 - MFPP: Plugins - [modesta] -- C:\Users\modesta\AppData\Roaming\Mozilla\Firefox\Profiles\et9kzzm3.default\searchplugins\askcom.xml
M3 - MFPP: Plugins - [modesta] -- C:\Users\modesta\AppData\Roaming\Mozilla\Firefox\Profiles\et9kzzm3.default\searchplugins\delta.xml
M3 - MFPP: Plugins - [modesta] -- C:\Users\modesta\AppData\Roaming\Mozilla\Firefox\Profiles\et9kzzm3.default\searchplugins\SweetIM Search.xml =>PUP.SweetIM
M3 - MFPP: Plugins - [modesta] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\avg-secure-search.xml
M3 - MFPP: Plugins - [modesta] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\babylon.xml =>Toolbar.Babylon
P2 - FPN:Firefox Plugin Navigator . (.vShare.tv - vShare.tv plug-in.) -- C:\Program Files (x86)\Mozilla Firefox\Plugins\npvsharetvplg.dll =>PUP.VShareRedir
~ Firefox Browser: 16 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.flux-hacks.com
R3 - URLSearchHook: free-downloads.net Toolbar [64Bits] - {ecdee021-0d17-467f-a1ff-c7a115230949} . (.Conduit Ltd. - Conduit Toolbar.) (5, 3, 4, 2) -- C:\Program Files (x86)\free-downloads.net\tbfree.dll =>Toolbar.Conduit
R3 - URLSearchHook: (no name) [64Bits] - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} . (.Conduit Ltd. - Conduit Toolbar.) (No version) -- (.not file.) =>Toolbar.Conduit
~ IE Browser: 18 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 0
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: IE5BarLauncherBHO Class [64Bits] - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} . (.VShare Inc. - This is a module that is required for the o.) -- C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll =>PUP.VShareRedir
O2 - BHO: free-downloads.net Toolbar [64Bits] - {ecdee021-0d17-467f-a1ff-c7a115230949} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files (x86)\free-downloads.net\tbfree.dll =>Toolbar.Conduit
O2 - BHO: DVDVideoSoft.WebPageAdjuster [64Bits] - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} . (.DVDVideoSoft Ltd. - DVDVideoSoft IE Extension.) -- C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
~ BHO: 12 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Cl� orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (.not file.)
O4 - HKCU\..\Run: [SpybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AlcoholAutomount] . (.Alcohol Soft Development Team - Alcohol Virtual Drive Auto-mount Service.) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\modesta\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [Spotify] C:\Users\modesta\AppData\Roaming\Spotify\Spotify.exe (.not file.)
O4 - HKCU\..\Run: [Performance Center] . (.Ascentive - Ascentive Performance Center.) -- C:\Program Files (x86)\Ascentive\Performance Center\APCMain.exe
O4 - HKCU\..\Run: [Spyware Striker Pro] . (.Ascentive - Spyware Striker Pro Application.) -- C:\Program Files (x86)\Ascentive\Spyware Striker\SpywareStriker.exe
O4 - HKCU\..\Run: [WLAN Optimizer] C:\Users\modesta\Desktop\WLAN Optimizer.exe (.not file.)
O4 - HKCU\..\Run: [Akamai NetSession Interface] C:\Users\modesta\AppData\Local\Akamai\netsession_win.exe (.not file.)
O4 - HKCU\..\Run: [Mobile Partner] Cl� orpheline
O4 - HKCU\..\Run: [Windows Live] C:\Users\modesta\AppData\Local\Temp\winini.exe (.not file.)
O4 - HKCU\..\Run: [HKCU] . (.Microsoft Corporation - Processus h�te pour les services Windows.) -- C:\WinDir\svchost.exe
O4 - HKCU\..\Run: [ESL Wire] . (.Turtle Entertainment GmbH - ESL Wire Gaming Client.) -- C:\Program Files\EslWire\wire.exe
O4 - HKCU\..\Run: [Pando Media Booster] . (.Pas de propri�taire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_Plugin.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [QlbCtrl.exe] . (. Hewlett-Packard Development Company, L.P. - Quick Launch Buttons.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
O4 - HKLM\..\Wow6432Node\Run: [Easybits Recovery] . (.EasyBits Software AS - Pas de description.) -- C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Wow6432Node\Run: [WirelessAssistant] . (.Hewlett-Packard Company - HP Wireless Assistant Main Program.) -- C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Wow6432Node\Run: [PWRISOVM.EXE] . (.Power Software Ltd - PowerISO Virtual Drive Manager.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.exe
O4 - HKLM\..\Wow6432Node\Run: [Start_Icon225_IEWLauncher] . (...) -- C:\Program Files (x86)\Orange\Orange Cl� 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\IEWLauncher.exe
O4 - HKLM\..\Wow6432Node\Run: [Start_Update] . (.Pas de propri�taire - Orange Updater.) -- C:\Program Files (x86)\Orange\Orange Cl� 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\UpdteApp.exe
O4 - HKLM\..\Wow6432Node\Run: [Start_Statistics] . (...) -- C:\Program Files (x86)\Orange\Orange Cl� 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\OrangeStats.exe
O4 - HKLM\..\Wow6432Node\Run: [Start_SMSNotifier] . (.Pas de propri�taire - Notifier Orange.) -- C:\Program Files (x86)\Orange\Orange Cl� 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\SmsNotifier.exe
O4 - HKLM\..\Wow6432Node\Run: [Start_HSSModule] . (...) -- C:\Program Files (x86)\Orange\Orange Cl� 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\HSSModule.exe
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [HKLM] . (.Microsoft Corporation - Processus h�te pour les services Windows.) -- C:\WinDir\svchost.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst� Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Wow6432Node\Run: [AMD AVT] . (.Microsoft Corporation - Interpr�teur de commandes Windows.) -- C:\Windows\System32\Cmd.exe
O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\policies\Explorer\Run: [Policies] . (.Microsoft Corporation - Processus h�te pour les services Windows.) -- C:\WinDir\svchost.exe
O4 - HKCU\..\policies\Explorer\Run: [Policies] . (.Microsoft Corporation - Processus h�te pour les services Windows.) -- C:\WinDir\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-3600749335-942430350-662760979-1003\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-21-3600749335-942430350-662760979-1003\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - �diteur de caract�res priv�s.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe
O4 - GS\Desktop: ASIO4ALL v2 Instruction Manual.lnk . (...) -- C:\Program Files (x86)\ASIO4ALL v2\ASIO4ALL v2 Instruction Manual.pdf (.not file.)
O4 - GS\Desktop: ASIO4ALL v2 Off-Line Settings.lnk . (...) -- C:\Program Files (x86)\ASIO4ALL v2\a4apanel.exe (.not file.)
O4 - GS\Desktop: Audacity.lnk . (...) -- C:\Program Files\MultimediaTools\Audacity\audacity.exe
O4 - GS\Desktop: Bandicam.lnk . (...) -- C:\Program Files (x86)\Bandicam\bdcam.exe (.not file.)
O4 - GS\Desktop: Collab.lnk . (.Image-Line bvba - Collab executable.) -- C:\Program Files (x86)\Image-Line\Collab\Collab.exe
O4 - GS\Desktop: Cool Audio Video Converter.lnk . (...) -- C:\Program Files (x86)\Cool Audio Video Converter\Cool Audio Video Converter.exe (.not file.)
O4 - GS\Desktop: Crossfire Europe.lnk . (.TODO: - CF_SGI.) -- C:\SG Interactive\Crossfire Europe\CF_SGIN.exe
O4 - GS\Desktop: GameCenter.lnk . (.Cyanide - GameCenter.) -- C:\Program Files (x86)\Cyanide\GameCenter\GameCenter.exe
O4 - GS\Desktop: Installation de PMU Poker.lnk . (...) -- C:\Program Files (x86)\Mozilla Firefox\PMUPoker_Installer\SmartInstaller.exe (.not file.)
O4 - GS\Desktop: Installeur de World of Warcraft.lnk - Cl� orpheline
O4 - GS\Desktop: iTuner.lnk . (.Pyxsys - Pas de description.) -- C:\Program Files (x86)\OOBOX\Music\iTuner\XTuner2.exe
O4 - GS\Desktop: LimeWire 5.5.10.lnk . (...) -- C:\Program Files (x86)\LimeWire\LimeWire.exe (.not file.)
O4 - GS\Desktop: PhotoFiltre.lnk . (.Antonio Da Cruz - PhotoFiltre.) -- C:\Program Files (x86)\PhotoFiltre\photofiltre.exe
O4 - GS\Desktop: PMU Poker.lnk . (...) -- C:\Programs\PMU\PMU.exe (.not file.)
O4 - GS\Desktop: Super Mp3 Recorder Professional.lnk . (...) -- C:\Program Files (x86)\Admiresoft\Super Mp3 Recorder Professional\smrpro.exe
O4 - GS\Desktop: Teamspeak 2 RC2.lnk . (.Dominating Bytes Design - The TeamSpeak 2 client.) -- C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe
O4 - GS\Desktop: Tunatic.lnk . (.Wildbits - Tunatic 1.0.1b.) -- C:\Program Files (x86)\Tunatic\tunatic.exe
O4 - GS\Desktop: Virtual DJ Trial.lnk . (.Atomix Productions - VirtualDJ.) -- C:\Program Files (x86)\VirtualDJ\virtualdj_trial.exe
O4 - GS\TaskBar: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - Global Startup: C:\Users\modesta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chat-Land site de chat et de rencontre gratuit.URL . (...) -- C:\Users\modesta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chat-Land site de chat et de rencontre gratuit.URL =>Hijacker.ChercheUS
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\modesta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Chat-Land site de chat et de rencontre gratuit.URL . (...) -- C:\Users\modesta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Chat-Land site de chat et de rencontre gratuit.URL =>Hijacker.ChercheUS
O4 - GS\QuickLaunch: Easy Audio Cutter.lnk . (.Koyote Soft - Pas de description.) -- C:\Program Files (x86)\Free Audio Pack\Easy Audio Cutter\AudioCutter.exe
O4 - GS\QuickLaunch: Free CD Ripper.lnk . (.Koyote Soft - FreeCDRipper.) -- C:\Program Files (x86)\Free Audio Pack\Free CD Ripper\FreeCDRipper.exe
O4 - GS\QuickLaunch: Free Mp3 Wma Converter.lnk . (.Koyote Soft - Free Audio Converter.) -- C:\Program Files (x86)\Free Audio Pack\FreeConverter\FreeConverter.exe
O4 - GS\QuickLaunch: Jouer � HP Games.lnk . (...) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsole-wt.exe (.not file.)
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: PokerStars.fr.lnk . (.PokerStars - PokerStars Update.) -- C:\Program Files (x86)\PokerStars.FR\PokerStarsUpdate.exe
O4 - GS\QuickLaunch: Spybot - Search & Destroy.lnk . (.Safer Networking Limited - Spybot - Search & Destroy.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
O4 - GS\QuickLaunch: Xilisoft Video to Audio Converter.lnk . (...) -- C:\Program Files (x86)\Xilisoft\Video to Audio Converter\vcloader.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
O4 - GS\SendTo: Xfire Ami(e).lnk . (...) -- C:\Program Files (x86)\Xfire\Xfire.exe (.not file.)
O4 - GS\Desktop: ALBUMS - Raccourci.lnk . (...) -- C:\Users\modesta\Desktop\HIPHOPISDREAM\ALBUMS
O4 - Global Startup: C:\Users\modesta\Desktop\cccmarche.url . (...) -- C:\Users\modesta\Desktop\cccmarche.url
O4 - Global Startup: C:\Users\modesta\Desktop\cnetfrance.url . (...) -- C:\Users\modesta\Desktop\cnetfrance.url
O4 - GS\Desktop: Crossfire Europe.lnk . (.Neowiz Games - Crossfire Patcher.) -- C:\SG Interactive\Crossfire Europe\patcher_cf.exe
O4 - Global Startup: C:\Users\modesta\Desktop\Facebook.url . (...) -- C:\Users\modesta\Desktop\Facebook.url
O4 - GS\Desktop: Free Mp3 Wma Converter.lnk . (.Koyote Soft - Free Audio Converter.) -- C:\Program Files (x86)\Free Audio Pack\FreeConverter\FreeConverter.exe
O4 - Global Startup: C:\Users\modesta\Desktop\PC.url . (...) -- C:\Users\modesta\Desktop\PC.url
O4 - GS\Desktop: Reason.lnk . (.Propellerhead Software AB - Reason program file.) -- C:\Program Files (x86)\Propellerhead\Reason\Reason.exe
O4 - GS\Desktop: ReCycle.lnk . (.Propellerhead Software AB - ReCycle Program File.) -- C:\Program Files (x86)\Propellerhead\ReCycle\ReCycle.exe
O4 - GS\Desktop: SpyHunter.lnk . (...) -- C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe (.not file.) =>Crapware.SpyHunter
O4 - GS\Desktop: VirtualDJ Home FREE.lnk . (.Atomix Productions - VirtualDJ.) -- C:\Program Files (x86)\VirtualDJ\virtualdj_home.exe
~ Global Startup: Scanned in 00mn 02s
---\\ Boutons situ�s sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Free YouTube Download [64Bits] - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} . (...) -- C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\dvdvideosoft.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKCU\...\Domains] *.chat-land.org =>Hijacker.ChercheUS
~ IE Zone Confiance: Scanned in 00mn 04s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{75728A8F-5917-406F-A6DB-FA5BD6410464}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{B86F66EB-44E0-4145-8B54-36BA2F4839B6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E582CE4B-ABFA-4A20-8251-A614A5B4AD1C}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{75728A8F-5917-406F-A6DB-FA5BD6410464}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{B86F66EB-44E0-4145-8B54-36BA2F4839B6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{E582CE4B-ABFA-4A20-8251-A614A5B4AD1C}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{75728A8F-5917-406F-A6DB-FA5BD6410464}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{B86F66EB-44E0-4145-8B54-36BA2F4839B6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{E582CE4B-ABFA-4A20-8251-A614A5B4AD1C}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) . (.PostgreSQL Global Development Group - pg_ctl - starts/stops/restarts the PostgreS.) - C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) . (.StarWind Software - StarWind iSCSI Target (Alcohol Edition).) - C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
~ Services: 18 Legitimates Filtered in 00mn 12s
---\\ T�ches planifi�es en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SmartPCFix Task.job [380]
[MD5.00000000000000000000000000000000] [APT] [SmartPCFix Task] (...) -- C:\Program Files (x86)\SmartPCFix\SmartPCFix.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{00B6A442-52CD-4A5A-9332-55523E2F4088}] (...) -- C:\Program Files (x86)\ManyCam 2.4\uninstall.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{0167CEC1-7073-4F51-83C0-F19F6E417C2F}] (...) -- C:\Program Files (x86)\ManyCam 2.4\ManyCam.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{07C9D1E0-167A-42BD-8AEE-6C84482DAED8}] (...) -- C:\Program Files (x86)\ManyCam 2.4\ManyCam.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{08ACE16C-0362-433E-A0E4-C7837DFB8B2E}] (...) -- C:\Program Files (x86)\ManyCam 2.4\ManyCam.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{0A832D6B-998F-4836-B8F3-8C954FF6CB57}] (...) -- C:\Program Files (x86)\ManyCam 2.4\ManyCam.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{0ED07BB4-7D3F-477D-9A3C-C1B13FCDCA84}] (...) -- G:\Setup.exe (.not file.) [0]
[MD5.B186735BDC45649FD172D18E3F6B7DB9] [APT] [{16F4C069-B88C-47F7-BFFC-5ECBFF8D837A}] (...) -- C:\Program Files (x86)\Propellerhead\ReCycle\unins000.exe [691481]
[MD5.EB906EDD7889FBE6829EFEDBEC53A3DC] [APT] [{3F59FBF4-5E7E-40FC-9363-090CA4C292F5}] (...) -- C:\Program Files (x86)\PENDULO Studios\RUNAWAY 2 - The dream of the turtle\runaway2.exe [2543616]
[MD5.00000000000000000000000000000000] [APT] [{3FBD547C-8DDE-4618-8119-FDBAF2872833}] (...) -- C:\Program Files (x86)\ManyCam 2.4\ManyCam.exe (.not file.) [0]
[MD5.B73A3A0A4983610ABAD6454C09BA6F19] [APT] [{49F28A68-CD56-4F9F-BBE7-D3828E2E0D1D}] (.TODO:.) -- C:\SG Interactive\Crossfire Europe\CF_SGIN.exe [2216752]
[MD5.00000000000000000000000000000000] [APT] [{54BF14C3-36AF-4BEE-90CA-7BA896DE2EA1}] (...) -- C:\Program Files (x86)\ManyCam 2.4\ManyCam.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{5CB4C33B-D517-4CB0-A65A-83A47A6E0F65}] (...) -- C:\Program Files (x86)\sweetpacks bundle uninstaller\uninstaller.exe (.not file.) [0] =>PUP.SweetIM
[MD5.B73A3A0A4983610ABAD6454C09BA6F19] [APT] [{8B2A43B6-9213-4FD0-999A-BED41845A40E}] (.TODO:.) -- C:\SG Interactive\Crossfire Europe\CF_SGIN.exe [2216752]
[MD5.00000000000000000000000000000000] [APT] [{AA21DD51-728E-473B-8D80-1990991281F9}] (...) -- C:\Program Files (x86)\ManyCam 2.4\ManyCam.exe (.not file.) [0]
[MD5.EB906EDD7889FBE6829EFEDBEC53A3DC] [APT] [{B4E14F8B-ABEC-46AD-8B3F-0C351B0F9965}] (...) -- C:\Program Files (x86)\PENDULO Studios\RUNAWAY 2 - The dream of the turtle\runaway2.exe [2543616]
[MD5.EB906EDD7889FBE6829EFEDBEC53A3DC] [APT] [{BCD169D0-5B76-4238-A278-9D103A124947}] (...) -- C:\Program Files (x86)\PENDULO Studios\RUNAWAY 2 - The dream of the turtle\runaway2.exe [2543616]
[MD5.00000000000000000000000000000000] [APT] [{C1E6C74A-E4A1-4842-9EB2-4B7E15BE9572}] (...) -- C:\Program Files (x86)\ManyCam 2.4\ManyCam.exe (.not file.) [0]
[MD5.EB906EDD7889FBE6829EFEDBEC53A3DC] [APT] [{C351A5CC-89AB-433B-8378-0D6C39776CC4}] (...) -- C:\Program Files (x86)\PENDULO Studios\RUNAWAY 2 - The dream of the turtle\runaway2.exe [2543616]
[MD5.EB906EDD7889FBE6829EFEDBEC53A3DC] [APT] [{C5F77096-F998-4DE1-9256-615A44D40874}] (...) -- C:\Program Files (x86)\PENDULO Studios\RUNAWAY 2 - The dream of the turtle\runaway2.exe [2543616]
[MD5.00000000000000000000000000000000] [APT] [{CA7F1355-2B46-409D-BAC0-1231A4DDD877}] (...) -- G:\DirectX\dxsetup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{CBD660F3-E00D-47C2-801F-0B931D991A7E}] (...) -- C:\Users\modesta\Downloads\rkfree_setup.exe (.not file.) [0]
[MD5.B73A3A0A4983610ABAD6454C09BA6F19] [APT] [{D1853B27-F8B0-4D07-BDBB-2D76A44378EC}] (.TODO:.) -- C:\SG Interactive\Crossfire Europe\CF_SGIN.exe [2216752]
[MD5.00000000000000000000000000000000] [APT] [{DC981EEA-92B1-4BE8-A9FC-188EF765D676}] (...) -- C:\Users\modesta\Downloads\rk_uninstall.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{E19C652B-E3E7-4B1E-A874-D2C7112A4337}] (...) -- C:\Program Files (x86)\ManyCam 2.4\ManyCam.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{FCFCD9F7-18D0-4D88-B613-DC2635F375C2}] (...) -- C:\Program Files (x86)\ManyCam 2.4\ManyCam.exe (.not file.) [0]
[MD5.EB906EDD7889FBE6829EFEDBEC53A3DC] [APT] [{FD3054B5-5079-451D-AECB-2A2478BEE9EE}] (...) -- C:\Program Files (x86)\PENDULO Studios\RUNAWAY 2 - The dream of the turtle\runaway2.exe [2543616]
~ Scheduled Task: 47 Legitimates Filtered in 00mn 08s
---\\ Pilotes lanc�s au d�marrage (O41)
O41 - Driver: (appdrv01) . (.Protection Technology - Application Driver (01).) - C:\Windows\System32\Drivers\appdrv01.sys
~ Drivers: 69 Legitimates Filtered in 00mn 00s
---\\ Logiciels install�s (O42)
O42 - Logiciel: Audiggle version 3.0.0.1 - (.Audiggle LTD.) [HKLM][64Bits] -- {FCAD9ED0-C00F-45FA-91DB-F89140EFAB3A}_is1
O42 - Logiciel: Golden Keylogger - (...) [HKCU][64Bits] -- GKL2
O42 - Logiciel: Lexicon Alpha Driver - (.Lexicon.) [HKLM][64Bits] -- Lexicon Alpha Driver
O42 - Logiciel: Lexicon Pantheon VST Plug-in (remove only) - (...) [HKLM][64Bits] -- LexiconStudio
O42 - Logiciel: Performance Center - (.Ascentive.) [HKLM][64Bits] -- {BB05BD70-4605-4829-93FC-AD80D8CC5B66}
O42 - Logiciel: PokerStars.fr - (.PokerStars.fr.) [HKLM][64Bits] -- PokerStars.fr
O42 - Logiciel: SpyHunter - (.Enigma Software Group USA, LLC.) [HKLM][64Bits] -- {BCD55450-77AC-4347-B24F-654B1189F8D4} =>Crapware.SpyHunter
O42 - Logiciel: Spyware Striker - (.Ascentive.) [HKLM][64Bits] -- {E8B0BD86-073B-4D7E-B0F1-CC37E70014D4}
O42 - Logiciel: free-downloads.net Toolbar - (...) [HKLM][64Bits] -- free-downloads.net Toolbar
O42 - Logiciel: vShare.tv plugin 1.3 - (.vShare.tv, Inc..) [HKLM][64Bits] -- vShare.tv plugin =>PUP.VShareRedir
~ Logic: 202 Legitimates Filtered in 00mn 02s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\59688debd3aed42]
[HKCU\Software\AV2MP3]
[HKCU\Software\AppDataLow\Software\ConduitSearchScopes]
[HKCU\Software\AppDataLow\Software\ShopperReports3] =>Adware.ShopperReports
[HKCU\Software\AppDataLow\Software\ShoppingReport2] =>Adware.ShoppingReport
[HKCU\Software\AppDataLow\Software\Smartbar] =>Hijacker.SmartBar
[HKCU\Software\AppDataLow\Software\free-downloads.net]
[HKCU\Software\AppDataLow\Toolbar]
[HKCU\Software\Ascentive]
[HKCU\Software\Audiggle LTD]
[HKCU\Software\BI]
[HKCU\Software\CFLoader]
[HKCU\Software\DataMngr] =>PUP.Datamngr
[HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr
[HKCU\Software\Guy]
[HKCU\Software\Hacked]
[HKCU\Software\IGearSettings]
[HKCU\Software\IM]
[HKCU\Software\ImInstaller]
[HKCU\Software\Iminent] =>Adware.IMBooster
[HKCU\Software\IncrediMail]
[HKCU\Software\Lexicon]
[HKCU\Software\MusicBrainz]
[HKCU\Software\Nohope92]
[HKCU\Software\OfferBox] =>PUP.OfferBox
[HKCU\Software\PMU]
[HKCU\Software\PartoucheFR]
[HKCU\Software\PatchPoker]
[HKCU\Software\Prodipe]
[HKCU\Software\ShopperReports3] =>Adware.ShopperReports
[HKCU\Software\Softonic]
[HKCU\Software\StartSearch] =>PUP.StartSearch
[HKCU\Software\freeTVRadio] =>Adware.SPointer
[HKCU\Software\freezefrogsa] =>Adware.FreezeFrog
[HKCU\Software\vShare.tv] =>PUP.VShareRedir
[HKLM\Software\Tarma Installer] =>Toolbar.Tarma
[HKLM\Software\Wow6432Node\59688debd3aed42]
[HKLM\Software\Wow6432Node\Ascentive]
[HKLM\Software\Wow6432Node\ClickPotatoLite] =>Adware.ClickPotato
[HKLM\Software\Wow6432Node\DataMngr] =>PUP.Datamngr
[HKLM\Software\Wow6432Node\FE42DAC9]
[HKLM\Software\Wow6432Node\FREEzeFrog] =>Adware.FreezeFrog
[HKLM\Software\Wow6432Node\Guy]
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\InstallPedia]
[HKLM\Software\Wow6432Node\MusicBrainz]
[HKLM\Software\Wow6432Node\OfferBox] =>PUP.OfferBox
[HKLM\Software\Wow6432Node\Phoenix]
[HKLM\Software\Wow6432Node\Prodipe]
[HKLM\Software\Wow6432Node\QuestScan] =>Adware.QuestScan
[HKLM\Software\Wow6432Node\ShopperReports3] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Z8Games]
[HKLM\Software\Wow6432Node\free-downloads.net]
~ Key Software: 428 Legitimates Filtered in 00mn 02s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 23/03/2012 - 22:23:13 - [155,563] ----D C:\Program Files (x86)\Ascentive
O43 - CFD: 01/12/2011 - 08:58:30 - [2,554] ----D C:\Program Files (x86)\Audiggle
O43 - CFD: 31/08/2011 - 21:19:14 - [3,815] ----D C:\Program Files (x86)\free-downloads.net
O43 - CFD: 24/05/2013 - 17:59:14 - [0,057] ----D C:\Program Files (x86)\freeTVRadio =>Adware.SPointer
O43 - CFD: 06/02/2013 - 22:53:18 - [0,188] ----D C:\Program Files (x86)\InstallPedia
O43 - CFD: 06/07/2012 - 17:28:11 - [2,214] ----D C:\Program Files (x86)\Lexicon
O43 - CFD: 06/06/2012 - 17:43:25 - [0,000] ----D C:\Program Files (x86)\LimeWire
O43 - CFD: 02/07/2010 - 13:06:55 - [6,205] ----D C:\Program Files (x86)\OOBOX
O43 - CFD: 25/06/2010 - 02:23:10 - [0] ----D C:\Program Files (x86)\poker
O43 - CFD: 21/12/2012 - 20:51:15 - [142,675] ----D C:\Program Files (x86)\PokerStars.FR
O43 - CFD: 17/11/2010 - 21:05:02 - [2,590] ----D C:\Program Files (x86)\PokerTracker 3
O43 - CFD: 09/07/2010 - 22:29:42 - [1,031] ----D C:\Program Files (x86)\Shareaza
O43 - CFD: 14/08/2010 - 23:05:06 - [1,516] ----D C:\Program Files (x86)\ShopperReports3 =>Adware.ShopperReports
O43 - CFD: 11/05/2013 - 15:27:47 - [1,277] ----D C:\Program Files (x86)\SoulseekQt =>P2P.SoulSeek
O43 - CFD: 11/04/2013 - 16:04:29 - [0] ----D C:\Program Files (x86)\SweetIM =>PUP.SweetIM
O43 - CFD: 03/04/2013 - 14:21:51 - [0] ----D C:\Program Files (x86)\TornTV.com =>Hijacker.TornTV
O43 - CFD: 28/08/2011 - 18:41:22 - [0,566] ----D C:\Program Files (x86)\vShare.tv plugin =>PUP.VShareRedir
O43 - CFD: 02/01/2013 - 17:56:56 - [12,169] ----D C:\Program Files (x86)\Wi-Fi Modem
O43 - CFD: 20/05/2013 - 20:33:49 - [114,342] ----D C:\Program Files (x86)\Z8Games
O43 - CFD: 23/03/2012 - 22:24:09 - [38,630] ----D C:\ProgramData\Ascentive
O43 - CFD: 03/04/2013 - 14:18:57 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon
O43 - CFD: 02/11/2011 - 22:08:20 - [0] ----D C:\ProgramData\BabylonUpdater =>Toolbar.Babylon
O43 - CFD: 26/12/2010 - 17:23:43 - [9,892] ----D C:\ProgramData\ClickPotatoLiteSA =>Adware.ClickPotato
O43 - CFD: 31/08/2011 - 12:25:11 - [1,152] ----D C:\ProgramData\FREEzeFrogSA =>Adware.FreezeFrog
O43 - CFD: 03/04/2013 - 14:29:46 - [1,199] ----D C:\ProgramData\Tarma Installer =>Toolbar.Tarma
O43 - CFD: 03/09/2010 - 12:42:27 - [0,053] ----D C:\ProgramData\WSG32
O43 - CFD: 14/08/2010 - 23:05:24 - [0] ----D C:\Users\modesta\AppData\Roaming\ClickPotatoLite =>Adware.ClickPotato
O43 - CFD: 25/10/2010 - 03:14:24 - [0,001] ----D C:\Users\modesta\AppData\Roaming\fr.barrierepoker.air.D043989C8F5E91300BF71855036B28F854BB8613.1
O43 - CFD: 25/08/2011 - 15:13:01 - [0,001] ----D C:\Users\modesta\AppData\Roaming\freeTVRadio =>Adware.SPointer
O43 - CFD: 01/12/2011 - 09:26:18 - [0] ----D C:\Users\modesta\AppData\Roaming\MusicBrainz
O43 - CFD: 08/06/2012 - 20:27:45 - [0,000] ----D C:\Users\modesta\AppData\Roaming\OfferBox =>PUP.OfferBox
O43 - CFD: 22/02/2013 - 14:41:06 - [55,274] ----D C:\Users\modesta\AppData\Roaming\OpenCandy =>Adware.OpenCandy
O43 - CFD: 12/09/2010 - 14:55:24 - [9,333] ----D C:\Users\modesta\AppData\Roaming\Partouche Poker
O43 - CFD: 12/09/2010 - 14:55:55 - [0] ----D C:\Users\modesta\AppData\Roaming\PokerAcademyPro2
O43 - CFD: 09/07/2010 - 22:28:38 - [0,014] ----D C:\Users\modesta\AppData\Roaming\Shareaza
O43 - CFD: 14/08/2010 - 23:05:06 - [0] ----D C:\Users\modesta\AppData\Roaming\ShopperReports3 =>Adware.ShopperReports
O43 - CFD: 29/03/2013 - 18:10:38 - [0,020] RSH-D C:\Users\modesta\AppData\Roaming\WinDir
O43 - CFD: 11/03/2013 - 21:03:21 - [0,165] ----D C:\Users\modesta\AppData\Local\APN
O43 - CFD: 01/12/2011 - 09:00:28 - [0,001] ----D C:\Users\modesta\AppData\Local\Audiggle_LTD
O43 - CFD: 10/01/2013 - 19:10:26 - [0,001] ----D C:\Users\modesta\AppData\Local\Comet
O43 - CFD: 15/05/2013 - 00:44:44 - [0,001] ----D C:\Users\modesta\AppData\Local\DarkOS
O43 - CFD: 31/08/2011 - 21:31:10 - [0,201] ----D C:\Users\modesta\AppData\Local\freetvradio Air =>Adware.SPointer
O43 - CFD: 08/04/2013 - 19:53:00 - [0,001] ----D C:\Users\modesta\AppData\Local\GNHacks
O43 - CFD: 16/02/2013 - 18:33:12 - [0,006] ----D C:\Users\modesta\AppData\Local\Injector
O43 - CFD: 30/04/2013 - 03:47:06 - [0,001] ----D C:\Users\modesta\AppData\Local\kokicrossfireinjector
O43 - CFD: 09/03/2013 - 21:29:33 - [0,001] ----D C:\Users\modesta\AppData\Local\MetreInjector
O43 - CFD: 08/05/2013 - 06:00:51 - [3,604] ----D C:\Users\modesta\AppData\Local\PokerStars.FR
O43 - CFD: 08/07/2010 - 23:59:45 - [0,029] ----D C:\Users\modesta\AppData\Local\Shareaza
O43 - CFD: 29/01/2012 - 21:15:36 - [0,001] ----D C:\Users\modesta\AppData\Local\Team_CP9_Injector_V1
O43 - CFD: 06/07/2012 - 17:28:11 - [0,001] ----D C:\Users\modesta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lexicon
O43 - CFD: 25/05/2013 - 10:42:11 - [0,005] ----D C:\Users\modesta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter =>Crapware.SpyHunter
O43 - CFD: 03/04/2013 - 14:17:24 - [0,002] ----D C:\Users\modesta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com =>Hijacker.TornTV
~ 152 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 533 Legitimates Filtered in 01mn 14s
---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 25/05/2013 - 09:47:50 ---A- . (...) -- C:\autoexec.bat [0]
O44 - LFC:[MD5.D1D2669795A3201D600538F73800C098] - 18/05/2013 - 15:06:12 ---A- . (...) -- C:\Windows\SysNative\atiumd6a.cap [2818784]
O44 - LFC:[MD5.D1D2669795A3201D600538F73800C098] - 18/05/2013 - 15:06:12 RSHAD . (...) -- C:\Windows\System32\atiumd6a.cap [2818784]
O44 - LFC:[MD5.611149ECD6E52335B18DEA7D436C9343] - 18/05/2013 - 15:06:10 ---A- . (...) -- C:\Windows\atiogl.xml [38177]
O44 - LFC:[MD5.B0081A234F487A125AC131C11ADAA421] - 18/05/2013 - 15:06:09 ---A- . (...) -- C:\Windows\SysNative\atiicdxx.dat [618823]
O44 - LFC:[MD5.B0081A234F487A125AC131C11ADAA421] - 18/05/2013 - 15:06:09 RSHAD . (...) -- C:\Windows\System32\atiicdxx.dat [618823]
O44 - LFC:[MD5.AA27B62D140EDC715F575A70F8843838] - 17/05/2013 - 10:26:02 ---A- . (...) -- C:\Windows\start.sdat [209920]
O44 - LFC:[MD5.52930983B27C17ED48CE93A440560923] - 15/05/2013 - 04:36:11 ---A- . (...) -- C:\Windows\SysNative\atiapfxx.blb [245944]
O44 - LFC:[MD5.64A0869F18560CD529120ADE00155C3E] - 15/05/2013 - 04:36:11 ---A- . (...) -- C:\Windows\SysNative\atipblag.dat [3917]
O44 - LFC:[MD5.7C163EDE63854539828F5B2C1BC529FD] - 15/05/2013 - 04:36:11 ---A- . (...) -- C:\Windows\SysNative\ativvsva.dat [157144]
O44 - LFC:[MD5.219D7091DD1D93728392337FE9C7ADD6] - 15/05/2013 - 04:36:11 ---A- . (...) -- C:\Windows\SysNative\ativvsvl.dat [204952]
O44 - LFC:[MD5.52930983B27C17ED48CE93A440560923] - 15/05/2013 - 04:36:11 ---A- . (...) -- C:\Windows\System32\atiapfxx.blb [245944]
O44 - LFC:[MD5.64A0869F18560CD529120ADE00155C3E] - 15/05/2013 - 04:36:11 ---A- . (...) -- C:\Windows\System32\atipblag.dat [3917]
O44 - LFC:[MD5.7C163EDE63854539828F5B2C1BC529FD] - 15/05/2013 - 04:36:11 ---A- . (...) -- C:\Windows\System32\ativvsva.dat [157144]
O44 - LFC:[MD5.219D7091DD1D93728392337FE9C7ADD6] - 15/05/2013 - 04:36:11 ---A- . (...) -- C:\Windows\System32\ativvsvl.dat [204952]
O44 - LFC:[MD5.2BD357F2A8CBB722F19091DA27DB0B34] - 15/05/2013 - 04:33:04 ---A- . (...) -- C:\Windows\RUNAWAY2.INI [59]
~ Files: 143 Legitimates Filtered in 00mn 11s
---\\ Derniers fichiers cr��s dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.07AEE80105BD9AB0C12083C183C151D8] - 25/05/2013 - 01:15:55 ---A- - C:\Windows\Prefetch\BOOST.EXE-927029AA.pf
O45 - LFCP:[MD5.ADD9E70DAA5229E4EABAAC0B4D796EA8] - 25/05/2013 - 07:57:57 ---A- - C:\Windows\Prefetch\HSSMODULE.EXE-8E1C6C21.pf
O45 - LFCP:[MD5.DA23EF216E64E4E981665A1B63F892C2] - 25/05/2013 - 07:57:57 ---A- - C:\Windows\Prefetch\ORANGESTATS.EXE-2BF4E09C.pf
O45 - LFCP:[MD5.2E9246DE864B89703721F799227EE2E9] - 25/05/2013 - 07:57:57 ---A- - C:\Windows\Prefetch\SMSNOTIFIER.EXE-5BAA7EDC.pf
O45 - LFCP:[MD5.D3838FCEA5EF2A3006BF9A4EBBC4F30C] - 25/05/2013 - 07:57:57 ---A- - C:\Windows\Prefetch\UPDTEAPP.EXE-D0F4B5C4.pf
O45 - LFCP:[MD5.A35FB7871026AFAB3670C7D399C2C8FA] - 25/05/2013 - 07:58:23 ---A- - C:\Windows\Prefetch\DBUS-DAEMON.EXE-9EC36370.pf
O45 - LFCP:[MD5.3DA522BAF1AE928895E81A258B010A40] - 25/05/2013 - 08:02:36 ---A- - C:\Windows\Prefetch\PATCHER_CF.EXE-2E8B1AFA.pf
O45 - LFCP:[MD5.04CB0D7758ACD4BE2169D4267DFEE254] - 25/05/2013 - 08:02:50 ---A- - C:\Windows\Prefetch\CF_SGI.EXE-413EE366.pf
O45 - LFCP:[MD5.E7305C5C79D292F4E12C8C7C0D6E48CA] - 25/05/2013 - 08:03:00 ---A- - C:\Windows\Prefetch\HGWC.EXE-E846B28C.pf
O45 - LFCP:[MD5.CD64939899F26329E73BB1356B3593D9] - 25/05/2013 - 08:03:11 ---A- - C:\Windows\Prefetch\CROSSFIRE.EXE-1734A2D7.pf
O45 - LFCP:[MD5.A18D65E50F5C964F3458FCEB7A38961F] - 25/05/2013 - 08:03:14 ---A- - C:\Windows\Prefetch\XTRAP.XT-D0CB15BB.pf
O45 - LFCP:[MD5.895418CAD1D85162F26DEF9EA014D082] - 25/05/2013 - 09:34:36 ---A- - C:\Windows\Prefetch\SPYHUNTER-INSTALLER.EXE-D087A74E.pf =>Crapware.SpyHunter
O45 - LFCP:[MD5.185A8042930F662812C75327190CCD5B] - 25/05/2013 - 09:41:19 ---A- - C:\Windows\Prefetch\WISECUSTOMCALLA32.EXE-D6A47D72.pf =>Crapware.SpyHunter
O45 - LFCP:[MD5.9C18BA5C9F3BDC0796D7F79E6A2DB3D6] - 25/05/2013 - 09:41:32 ---A- - C:\Windows\Prefetch\WISECUSTOMCALLA31.EXE-C34EC2ED.pf =>Crapware.SpyHunter
O45 - LFCP:[MD5.07B5C1328BCB5755CEA946B414A874B2] - 25/05/2013 - 09:42:02 ---A- - C:\Windows\Prefetch\WISECUSTOMCALLA33.EXE-E9FA37F7.pf =>Crapware.SpyHunter
O45 - LFCP:[MD5.A1608E7C11069940B053D0A7068E3A38] - 25/05/2013 - 09:42:04 ---A- - C:\Windows\Prefetch\WISECUSTOMCALLA34.EXE-FD4FF27C.pf =>Crapware.SpyHunter
O45 - LFCP:[MD5.F7D002632EDDB6B3FF89C408AEEAD66D] - 25/05/2013 - 09:42:20 ---A- - C:\Windows\Prefetch\WISECUSTOMCALLA37.EXE-3751220B.pf =>Crapware.SpyHunter
O45 - LFCP:[MD5.2078C94E4CDAE0BCE480E97245E0A318] - 25/05/2013 - 09:47:44 ---A- - C:\Windows\Prefetch\SPYHUNTER4.EXE-7BD5E907.pf =>Crapware.SpyHunter
O45 - LFCP:[MD5.AA7B900413D5E8BFA2D450E13C730384] - 25/05/2013 - 10:02:17 ---A- - C:\Windows\Prefetch\RUNAWAY2.EXE-AD20D29A.pf
~ Prefetcher: 111 Legitimates Filtered in 00mn 01s
---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{0a62c182-b49b-11e1-bf69-c80aa92458ab}\AutoRun\command. (...) -- K:\Setup.exe (.not file.)
O51 - MPSK:{18d4ce97-8840-11df-ab00-c80aa92458ab}\AutoRun\command. (...) -- G:\Launcher.exe (.not file.)
O51 - MPSK:{22a9dfaa-7101-11e2-9aa7-c80aa92458ab}\AutoRun\command. (...) -- K:\AutoRun.exe (.not file.)
O51 - MPSK:{22a9dfb1-7101-11e2-9aa7-c80aa92458ab}\AutoRun\command. (...) -- K:\AutoRun.exe (.not file.)
O51 - MPSK:{3f79c2a8-a39e-11df-8561-c80aa92458ab}\AutoRun\command. (...) -- H:\Autorun.exe (.not file.)
O51 - MPSK:{5131fc1b-546b-11e2-90a6-c80aa92458ab}\AutoRun\command. (...) -- K:\AutoRun.exe (.not file.)
O51 - MPSK:{5131fc22-546b-11e2-90a6-c80aa92458ab}\AutoRun\command. (...) -- K:\AutoRun.exe (.not file.)
O51 - MPSK:{557efeed-b66a-11e1-96c7-c80aa92458ab}\AutoRun\command. (...) -- K:\Setup.exe (.not file.)
O51 - MPSK:{557efeff-b66a-11e1-96c7-c80aa92458ab}\AutoRun\command. (...) -- K:\Setup.exe (.not file.)
O51 - MPSK:{5c099320-7258-11df-b08d-c80aa92458ab}\AutoRun\command. (...) -- H:\Launcher.exe (.not file.)
O51 - MPSK:{ab18219d-eab1-11df-93bb-c80aa92458ab}\AutoRun\command. (...) -- H:\autorun.exe (.not file.)
O51 - MPSK:{ab1821cc-eab1-11df-93bb-c80aa92458ab}\AutoRun\command. (...) -- I:\SETUP.exe (.not file.)
O51 - MPSK:{f2e3cc01-9609-11e0-b73e-c80aa92458ab}\AutoRun\command. (...) -- J:\KODAK_Software_Downloader.exe (.not file.)
O51 - MPSK:{f3131c0a-6d67-11e1-b911-c80aa92458ab}\AutoRun\command. (...) -- J:\Setup.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [491088]
O58 - SDL:[MD5.ACEA6D0C2BFC5DA45FA570668E904C29] - 07/05/2004 - 14:31:46 ---A- . (.Service & Quality Technology. - Universal Serial Bus Camera Driver.) -- C:\Windows\SysWOW64\drivers\Camd905c.sys [24382]
O58 - SDL:[MD5.67F389181B6B5B3910381657754124B4] - 06/07/2012 - 16:18:18 ---A- . (...) -- C:\Windows\SysWOW64\audcon.sys [2892]
~ Drivers: Scanned in 00mn 00s
---\\ Derniers fichiers modifi�s ou cr�es (Utilisateur) (O61)
O61 - LFC: 23/05/2013 - 12:59:36 ---A- C:\Users\modesta\AppData\Local\PMB Files\4ucz6kpocahnrp7lijjez73qfevgpzgu.pando [17372] =>P2P.Pando
O61 - LFC: 23/05/2013 - 17:38:44 ---A- C:\Users\modesta\AppData\Local\PMB Files\34\57\3457F1F653CD3802883777EA8EB3354DAFE6E7BC.ct2 [326] =>P2P.Pando
O61 - LFC: 23/05/2013 - 17:39:40 ---A- C:\Users\modesta\AppData\Local\PMB Files\34\57\3457F1F653CD3802883777EA8EB3354DAFE6E7BC.dat [105] =>P2P.Pando
O61 - LFC: 23/05/2013 - 18:56:56 ---A- C:\Users\modesta\Documents\Cross Fire\Replay\CFReplay20130523_0000VLX.cfr [2320262]
O61 - LFC: 23/05/2013 - 20:17:12 ---A- C:\Users\modesta\Documents\Cross Fire\Replay\CFReplay20130523_0000h4ckkkk.cfr [1741119]
O61 - LFC: 23/05/2013 - 20:22:27 ---A- C:\Users\modesta\Documents\Cross Fire\Replay\CFReplay20130523_0000.cfr [847295]
O61 - LFC: 24/05/2013 - 03:45:09 ---A- C:\Users\modesta\Documents\Cross Fire\Replay\CFReplay20130524_0000snp.cfr [5072711]
O61 - LFC: 24/05/2013 - 04:24:56 ---A- C:\Users\modesta\Documents\Cross Fire\Replay\CFReplay20130524_0000SNP222.cfr [2676743]
O61 - LFC: 24/05/2013 - 15:06:03 ---A- C:\Users\modesta\Documents\Cross Fire\Replay\CFReplay20130524_0000ESPANA30.cfr [7886773]
O61 - LFC: 24/05/2013 - 16:49:48 ---A- C:\Users\modesta\Documents\Cross Fire\Replay\CFReplay20130524_0000.cfr [4003229]
O61 - LFC: 25/05/2013 - 00:40:15 ---A- C:\Users\modesta\Downloads\avast_free_antivirus_setup.exe [117478104]
O61 - LFC: 25/05/2013 - 01:07:35 ---A- C:\Users\modesta\AppData\Local\GDIPFONTCACHEV1.DAT [99400]
O61 - LFC: 25/05/2013 - 07:57:22 ---A- C:\Users\modesta\AppData\Local\PMB Files\cert\secmod.db [16384] =>P2P.Pando
O61 - LFC: 25/05/2013 - 08:01:45 ---A- C:\Users\modesta\AppData\Local\PMB Files\34\57\3457F1F653CD3802883777EA8EB3354DAFE6E7BC.ct1 [326] =>P2P.Pando
O61 - LFC: 25/05/2013 - 08:04:05 ---A- C:\Users\modesta\Documents\Cross Fire\SaveIdData.dat [28]
O61 - LFC: 25/05/2013 - 08:09:32 ---A- C:\Users\modesta\Documents\Cross Fire\System.dat [94]
O61 - LFC: 25/05/2013 - 08:13:09 ---A- C:\Users\modesta\AppData\Local\PMB Files\pando.save [10430] =>P2P.Pando
O61 - LFC: 25/05/2013 - 08:13:15 ---A- C:\Users\modesta\AppData\Local\PMB Files\cert\cert8.db [65536] =>P2P.Pando
O61 - LFC: 25/05/2013 - 08:13:15 ---A- C:\Users\modesta\AppData\Local\PMB Files\cert\key3.db [16384] =>P2P.Pando
O61 - LFC: 25/05/2013 - 09:33:44 ---A- C:\Users\modesta\Downloads\SpyHunter-Installer.exe [726464] =>Crapware.SpyHunter
O61 - LFC: 25/05/2013 - 09:42:10 R--A- C:\Users\modesta\AppData\Roaming\Microsoft\Installer\{BCD55450-77AC-4347-B24F-654B1189F8D4}\Icon1226A4C5.exe [110080]
O61 - LFC: 25/05/2013 - 09:42:10 R--A- C:\Users\modesta\AppData\Roaming\Microsoft\Installer\{BCD55450-77AC-4347-B24F-654B1189F8D4}\IconD7F16134.exe [110080]
O61 - LFC: 25/05/2013 - 09:42:10 R--A- C:\Users\modesta\AppData\Roaming\Microsoft\Installer\{BCD55450-77AC-4347-B24F-654B1189F8D4}\IconF7A21AF7.exe [110080]
O61 - LFC: 25/05/2013 - 09:42:12 R--A- C:\Users\modesta\AppData\Roaming\Microsoft\Installer\{BCD55450-77AC-4347-B24F-654B1189F8D4}\WISBCD5545077AC4347B24F654B1189F8D4_4_13_6_4253.MST [61440]
~ 2 Fichiers temporaires (Temporary files)
~ Files: 57 Legitimates Filtered in 01mn 19s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 01/11/2010 - C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys (WinRing0_1_2_0) .(.OpenLibSys.org - WinRing0.) - LEGACY_WINRING0_1_2_0
O64 - Services: CurCS - ??\??\???? - Pas de propri�taire (X6va005) .(...) - LEGACY_X6VA005
O64 - Services: CurCS - ??\??\???? - Pas de propri�taire (X6va006) .(...) - LEGACY_X6VA006
O64 - Services: CurCS - ??\??\???? - Pas de propri�taire (X6va007) .(...) - LEGACY_X6VA007
O64 - Services: CurCS - ??\??\???? - Pas de propri�taire (XFDriver64) .(...) - LEGACY_XFDRIVER64
~ Legacy: 141 Legitimates Filtered in 00mn 01s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: C:\Users\modesta\AppData\Roaming\Mozilla\Firefox\Profiles\et9kzzm3.default\searchplugins\askcom.xml
O69 - SBI: prefs.js [modesta - et9kzzm3.default] user_pref("browser.search.defaultenginename", "SweetIM Search"); =>PUP.SweetIM
O69 - SBI: prefs.js [modesta - et9kzzm3.default] user_pref("extensions.delta.admin", false);
O69 - SBI: prefs.js [modesta - et9kzzm3.default] user_pref("extensions.delta.aflt", "babsst");
O69 - SBI: prefs.js [modesta - et9kzzm3.default] user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
O69 - SBI: prefs.js [modesta - et9kzzm3.default] user_pref("extensions.delta.autoRvrt", "false");
O69 - SBI: prefs.js [modesta - et9kzzm3.default] user_pref("extensions.delta.dfltLng", "en");
O69 - SBI: prefs.js [modesta - et9kzzm3.default] user_pref("extensions.delta.excTlbr", false);
O69 - SBI: prefs.js [modesta - et9kzzm3.default] user_pref("extensions.delta.id", "20f79613000000000000c217fec5460e");
O69 - SBI: prefs.js [modesta - et9kzzm3.default] user_pref("extensions.delta.instlDay", "15798");
O69 - SBI: prefs.js [modesta - et9kzzm3.default] user_pref("extensions.delta.instlRef", "sst");
O69 - SBI: prefs.js [modesta - et9kzzm3.default] user_pref("extensions.delta.newTab", false);
O69 - SBI: prefs.js [modesta - et9kzzm3.default] user_pref("extensions.delta.prdct", "delta");
O69 - SBI: prefs.js [modesta - et9kzzm3.default] user_pref("extensions.delta.prtnrId", "delta");
O69 - SBI: prefs.js [modesta - et9kzzm3.default] user_pref("extensions.delta.rvrt", "false");
O69 - SBI: prefs.js [modesta - et9kzzm3.default] user_pref("extensions.delta.smplGrp", "none");
O69 - SBI: prefs.js [modesta - et9kzzm3.default] user_pref("extensions.delta.tlbrId", "base");
O69 - SBI: prefs.js [modesta - et9kzzm3.default] user_pref("extensions.delta.tlbrSrchUrl", "");
O69 - SBI: prefs.js [modesta - et9kzzm3.default] user_pref("extensions.delta.vrsn", "1.8.10.0");
O69 - SBI: prefs.js [modesta - et9kzzm3.default] user_pref("extensions.delta.vrsnTs", "1.8.10.014:20:08");
O69 - SBI: prefs.js [modesta - et9kzzm3.default] user_pref("extensions.delta.vrsni", "1.8.10.0");
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Delta Search) - http://www.delta-search.com =>Toolbar.DeltaSearch
O69 - SBI: SearchScopes [HKCU] {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - (Ask Search) - http://websearch.ask.com
O69 - SBI: SearchScopes [HKCU] {332AEE21-26D4-429D-BB31-EB1FEC7799AC} - (Web Search) - http://startsear.ch
O69 - SBI: SearchScopes [HKCU] {3CAFC3C0-DFF5-4E7D-92EC-7CAF0A57EBA6} - (Yahoo! Search) - http://fr.search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {4B8C28A7-A9BC-45F8-990D-21499EED643C} - (QuestScan) - http://www.questscan.com =>Adware.QuestScan
O69 - SBI: SearchScopes [HKCU] {95B7759C-8C7F-4BF1-B163-73684A933233} [DefaultScope] - (AVG Secure Search) - http://isearch.avg.com =>Toolbar.AVGSearch
O69 - SBI: SearchScopes [HKCU] {9D5BD211-422C-4164-9298-BB4186A30F31} - (Live Search) - http://search.live.com
O69 - SBI: SearchScopes [HKCU] {D6311C12-96AD-4063-B4B1-6C5C53A19E3B} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {4B8C28A7-A9BC-45F8-990D-21499EED643C} - (QuestScan) - http://www.questscan.com =>Adware.QuestScan
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {4B8C28A7-A9BC-45F8-990D-21499EED643C} - (QuestScan) - http://www.questscan.com =>Adware.QuestScan
~ Keys: Scanned in 00mn 00s
---\\ Crack & Keygen Files (O82)
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\FreeDrumKits.net - Over 1500 Loops and Samples Kit\Noise Kit 5\Crackle 1.wav
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\FreeDrumKits.net - Over 1500 Loops and Samples Kit\Noise Kit 5\Crackle 2.wav
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\KeyGen RECYCLE\air.nfo
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\KeyGen RECYCLE\file_id.diz
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\KeyGen RECYCLE\Keygen.exe
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\KeyGen RECYCLE\lien recycle hotfile.url
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\KeyGen RECYCLE\Setup.exe
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\REASON 5.0\REASON_5_KEYGEN.EXE
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\recycle2.1.2\Keygen.exe
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\IMG1_WaveLab.jpg
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\IMG2_WaveLab.jpg
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\Readme!.txt
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Extra\Wavpack Plugin\ReadMe.txt
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Extra\Wavpack Plugin\Wavpack4Wlab6 Setup.msi
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\Data\Help\Deutsch\WaveLab.chm
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\Data\Help\Deutsch\WaveLab.pdf
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\Data\Help\Deutsch\WaveLab_61_Addendum.pdf
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\Data\Help\English\WaveLab.chm
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\Data\Help\English\WaveLab.pdf
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\Data\Help\English\WaveLab_61_Addendum.pdf
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\Data\Help\French\WaveLab.chm
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\Data\Help\French\WaveLab.pdf
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\Data\Help\French\WaveLab_61_Addendum.pdf
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\Data\Help\HelpMap.txt
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\Data\Help\Japanese\WaveLab.chm
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\Data\Help\Japanese\WaveLab.pdf
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\Data\Help\Japanese\WaveLab_61_Addendum_JP.pdf
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\ReadMe.htm
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\Setup.exe
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\wl6emu.exe
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install notes!.txt
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Setup.exe
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH].rar
C:\Users\modesta\Desktop\Propellerheads.Reason.v5.0.HYBRID.DVDR-AiRISO\air-reason5kgn\REASON_5_KEYGEN.EXE
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\FreeDrumKits.net - Over 1500 Loops and Samples Kit\Noise Kit 5\Crackle 1.wav
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\FreeDrumKits.net - Over 1500 Loops and Samples Kit\Noise Kit 5\Crackle 2.wav
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\KeyGen RECYCLE\air.nfo
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\KeyGen RECYCLE\file_id.diz
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\KeyGen RECYCLE\Keygen.exe
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\KeyGen RECYCLE\lien recycle hotfile.url
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\KeyGen RECYCLE\Setup.exe
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\REASON 5.0\REASON_5_KEYGEN.EXE
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\recycle2.1.2\Keygen.exe
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\IMG1_WaveLab.jpg
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\IMG2_WaveLab.jpg
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\Readme!.txt
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Extra\Wavpack Plugin\ReadMe.txt
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Extra\Wavpack Plugin\Wavpack4Wlab6 Setup.msi
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\Data\Help\Deutsch\WaveLab.chm
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\Data\Help\Deutsch\WaveLab.pdf
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\Data\Help\Deutsch\WaveLab_61_Addendum.pdf
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\Data\Help\English\WaveLab.chm
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\Data\Help\English\WaveLab.pdf
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\Data\Help\English\WaveLab_61_Addendum.pdf
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\Data\Help\French\WaveLab.chm
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\Data\Help\French\WaveLab.pdf
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\Data\Help\French\WaveLab_61_Addendum.pdf
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\Data\Help\HelpMap.txt
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\Data\Help\Japanese\WaveLab.chm
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\Data\Help\Japanese\WaveLab.pdf
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\Data\Help\Japanese\WaveLab_61_Addendum_JP.pdf
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\ReadMe.htm
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\Setup.exe
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\wl6emu.exe
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install notes!.txt
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Setup.exe
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH].rar
C:\Users\modesta\Desktop\Propellerheads.Reason.v5.0.HYBRID.DVDR-AiRISO\air-reason5kgn\REASON_5_KEYGEN.EXE
~ Files: Scanned in 02mn 36s
---\\ Recherche particuliere � la racine de certains dossiers (O84)
[MD5.98E1D63A539CA25A7614165126AD2906] [SPRF][25/05/2013] (...) -- C:\Users\modesta\AppData\Local\Temp\sh4plist.dat [68]
[MD5.C8152A75A027AD99E291F71FFAEA5176] [SPRF][25/05/2013] (...) -- C:\Users\modesta\AppData\Local\Temp\SHSetup.exe [46317136]
[MD5.7016022B752CD87DAB83EFC2C4C6BC96] [SPRF][15/11/2012] (...) -- C:\Users\modesta\AppData\Roaming\wklnhst.dat [1080]
[MD5.9EA98C83B286CA4FB8C5189B8F90B689] [SPRF][30/04/2012] (.NirSoft - WirelessKeyView.) -- C:\Users\modesta\Desktop\WirelessKeyView.exe [123904]
~ Files: Scanned in 00mn 04s
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{0226B77E-02C4-462F-B9BE-88F9B26DFCA7}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\LimeWire\LimeWire.exe (.not file.)
O87 - FAEL: "{F4BE2A9C-91EF-452C-A61F-2521FA435541}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\LimeWire\LimeWire.exe (.not file.)
O87 - FAEL: "{DC9BEE83-5E2F-4EEE-8167-18EB1CB23473}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\Sierra Entertainment\World in Conflict\wic.exe (.not file.)
O87 - FAEL: "{BA9249EA-0585-4078-90C8-7BD50AB1DDC8}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\Sierra Entertainment\World in Conflict\wic.exe (.not file.)
O87 - FAEL: "{939E4EB3-1484-4AA1-8536-A53C7C33A324}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\Sierra Entertainment\World in Conflict\wic_online.exe (.not file.)
O87 - FAEL: "{B2F7B8F4-38CE-437A-8E23-437A239D4D38}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\Sierra Entertainment\World in Conflict\wic_online.exe (.not file.)
O87 - FAEL: "{FE83C912-4726-43F0-A500-2ECAF065317F}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\Sierra Entertainment\World in Conflict\wic_ds.exe (.not file.)
O87 - FAEL: "{EA0D54B6-8DB1-418B-910D-C2CF8DBFD3DA}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\Sierra Entertainment\World in Conflict\wic_ds.exe (.not file.)
O87 - FAEL: "TCP Query User{76C319FE-1CEA-4314-B24A-4F5D1399A055}C:\program files (x86)\limewire\limewire.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\limewire\limewire.exe (.not file.)
O87 - FAEL: "UDP Query User{45428802-E481-4C75-A775-09BA377198AB}C:\program files (x86)\limewire\limewire.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\limewire\limewire.exe (.not file.)
O87 - FAEL: "TCP Query User{7B482AA8-B297-4C4F-B187-0604ECA0E033}C:\program files (x86)\pokertracker 3\camfrog video chat\camfrog video chat.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\pokertracker 3\camfrog video chat\camfrog video chat.exe (.not file.)
O87 - FAEL: "UDP Query User{719CB486-32B5-42AD-9406-655BCDB3BBB2}C:\program files (x86)\pokertracker 3\camfrog video chat\camfrog video chat.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\pokertracker 3\camfrog video chat\camfrog video chat.exe (.not file.)
O87 - FAEL: "TCP Query User{CA51A11E-1791-4E48-B41B-BE95D7BB887A}C:\program files (x86)\musicbrainz picard\picard.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\musicbrainz picard\picard.exe (.not file.)
O87 - FAEL: "UDP Query User{39657016-D93D-4A01-933A-22026DEDFBEC}C:\program files (x86)\musicbrainz picard\picard.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\musicbrainz picard\picard.exe (.not file.)
O87 - FAEL: "TCP Query User{68CD20F0-A418-4091-8D3B-942082827D33}C:\users\modesta\appdata\local\akamai\netsession_win.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\modesta\appdata\local\akamai\netsession_win.exe (.not file.)
O87 - FAEL: "UDP Query User{241E7CA5-23E6-413D-A264-8ABE3AF5D38B}C:\users\modesta\appdata\local\akamai\netsession_win.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\modesta\appdata\local\akamai\netsession_win.exe (.not file.)
O87 - FAEL: "TCP Query User{C41DD321-49FE-444F-8B80-2AF28468B511}C:\aeriagames\wolfteam-fr\wolfteam.bin" |In - Public - P6 - TRUE | .(...) -- C:\aeriagames\wolfteam-fr\wolfteam.bin (.not file.)
O87 - FAEL: "UDP Query User{569F16D5-F427-423B-A01C-21E0F5DE8946}C:\aeriagames\wolfteam-fr\wolfteam.bin" |In - Public - P17 - TRUE | .(...) -- C:\aeriagames\wolfteam-fr\wolfteam.bin (.not file.)
O87 - FAEL: "TCP Query User{BEF5B89E-78B2-4482-9394-064C898762AA}C:\users\modesta\appdata\local\akamai\netsession_win.exe" |In - Private - P6 - TRUE | .(...) -- C:\users\modesta\appdata\local\akamai\netsession_win.exe (.not file.)
O87 - FAEL: "UDP Query User{BA92A843-B0E1-4332-A996-EA9C6FB455E0}C:\users\modesta\appdata\local\akamai\netsession_win.exe" |In - Private - P17 - TRUE | .(...) -- C:\users\modesta\appdata\local\akamai\netsession_win.exe (.not file.)
O87 - FAEL: "{C9AAED7F-8283-4248-94D3-98B888D6C83F}" |In - Public - P6 - TRUE | .(...) -- C:\Users\modesta\Desktop\crossfire_downloader.exe (.not file.)
O87 - FAEL: "{A87A0A41-13BD-4C78-A054-650F532B56A7}" |In - Public - P17 - TRUE | .(...) -- C:\Users\modesta\Desktop\crossfire_downloader.exe (.not file.)
O87 - FAEL: "{A1F923EA-6701-4A86-B877-6E9734745E0C}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\Z8Games\CrossFire\CF_G4box.exe (.not file.)
O87 - FAEL: "{82808796-6E91-42C9-BFF3-96727AAB1E15}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\Z8Games\CrossFire\CF_G4box.exe (.not file.)
O87 - FAEL: "TCP Query User{9E32F00F-4B2E-483F-BE86-D0ED90911155}C:\program files (x86)\soulseekqt\soulseekqt.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\soulseekqt\soulseekqt.exe (.not file.) =>P2P.SoulSeek
O87 - FAEL: "UDP Query User{4AA9D3FA-6190-4F9E-984F-F63374B9FA8F}C:\program files (x86)\soulseekqt\soulseekqt.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\soulseekqt\soulseekqt.exe (.not file.) =>P2P.SoulSeek
O87 - FAEL: "TCP Query User{5FF97416-28F4-4C85-A46E-368F8FDF25B8}C:\program files\xfire2\xfire.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files\xfire2\xfire.exe (.not file.)
O87 - FAEL: "UDP Query User{86A9269F-AA4E-4EAB-9C10-8D63851E0217}C:\program files\xfire2\xfire.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files\xfire2\xfire.exe (.not file.)
O87 - FAEL: "{99938C8C-758A-4BA0-B920-21CFE3081C3C}" |In - Public - P6 - TRUE | .(...) -- C:\Windows\System32\dmwu.exe (.not file.)
O87 - FAEL: "{2F42313D-3F66-4DB5-B4C6-63A945484031}" |In - Public - P17 - TRUE | .(...) -- C:\Windows\System32\dmwu.exe (.not file.)
O87 - FAEL: "{1DDC509B-AE2B-4F1B-BD3D-898F79BCEE7B}" |In - None - P17 - TRUE | .(...) -- C:\Users\modesta\Downloads\eTypeSetup.exe (.not file.)
O87 - FAEL: "{78FC0A18-B7B5-44DC-9C60-253B79708360}" |Out - None - P17 - TRUE | .(...) -- C:\Users\modesta\Downloads\eTypeSetup.exe (.not file.)
O87 - FAEL: "{6CAE1305-C374-4091-91EA-987ADDC7C70A}" | In - Public - P6 - TRUE | .(.Neowiz Games - Crossfire Patcher.) -- C:\SG Interactive\Crossfire Europe\patcher_cf.exe
O87 - FAEL: "{BFB9AFC2-738D-4FE7-AF24-032B79C18FB6}" | In - Public - P17 - TRUE | .(.Neowiz Games - Crossfire Patcher.) -- C:\SG Interactive\Crossfire Europe\patcher_cf.exe
O87 - FAEL: "{8457D48B-4061-4D04-8E8A-3345098AAD17}" | In - Domain - P6 - FALSE | .(.Neowiz Games - Crossfire Patcher.) -- C:\SG Interactive\Crossfire Europe\patcher_cf.exe
O87 - FAEL: "{1FD19848-CE04-44DA-B2DC-AB67A6425847}" | In - Domain - P17 - FALSE | .(.Neowiz Games - Crossfire Patcher.) -- C:\SG Interactive\Crossfire Europe\patcher_cf.exe
O87 - FAEL: "{6213C1D2-8C18-4A5E-85EC-5F86CF69A86F}" |In - Public - P6 - TRUE | .(...) -- C:\SG Interactive\Project Blackout\PBlackout.exe (.not file.)
O87 - FAEL: "{76037287-AA0F-44F8-966A-463EE9DEEDD1}" |In - Public - P17 - TRUE | .(...) -- C:\SG Interactive\Project Blackout\PBlackout.exe (.not file.)
~ Firewall: 308 Legitimates Filtered in 00mn 01s
---\\ Scan Additionnel (O88)
Database Version : v2.12362 - (29/05/2013)
Cl�s trouv�es (Keys found) : 344
Valeurs trouv�es (Values found) : 3
Dossiers trouv�s (Folders found) : 27
Fichiers trouv�s (Files found) : 2
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj] =>PUP.VShareRedir
[HKLM\Software\Classes\Interface\{3f607e46-0d3c-4442-b1de-de7fa4768f5c}] =>Adware.RecordNRip
[HKLM\Software\Wow6432Node\Classes\Interface\{3f607e46-0d3c-4442-b1de-de7fa4768f5c}] =>Adware.RecordNRip
[HKLM\Software\Classes\TypeLib\{93e3d79c-0786-48ff-9329-93bc9f6dc2b3}] =>Adware.RecordNRip
[HKLM\Software\Classes\Interface\{fe0273d1-99df-4ac0-87d5-1371c6271785}] =>Adware.RecordNRip
[HKLM\Software\Wow6432Node\Classes\Interface\{fe0273d1-99df-4ac0-87d5-1371c6271785}] =>Adware.RecordNRip
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}] =>Toolbar.AskTBar
[HKLM\Software\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}] =>Adware.IMBooster
[HKLM\Software\Classes\TypeLib\{02AED140-2B62-4B49-8B3B-179020CC39B9}] =>Adware.ShopperReports
[HKLM\Software\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}] =>Adware.IMBooster
[HKLM\Software\Classes\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227}] =>Adware.ClickPotato
[HKLM\Software\Wow6432Node\Classes\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227}] =>Adware.ClickPotato
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}] =>Adware.Yontoo
[HKLM\Software\Classes\AppID\{11C27351-716B-4052-9361-E3B0A3F8221C}] =>Adware.ClickPotato
[HKLM\Software\Wow6432Node\Classes\AppID\{11C27351-716B-4052-9361-E3B0A3F8221C}] =>Adware.ClickPotato
[HKLM\Software\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}] =>PUP.RewardsArcade
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}] =>Toolbar.Ask
[HKLM\Software\Classes\Interface\{17BF1E05-C0E8-413C-BD1F-A481EEA3B8E9}] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\Interface\{17BF1E05-C0E8-413C-BD1F-A481EEA3B8E9}] =>Adware.ShopperReports
[HKLM\Software\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}] =>Adware.Yontoo
[HKLM\Software\Classes\Interface\{21BA420E-161C-413A-B21E-4E42AE1F4226}] =>Adware.ClickPotato
[HKLM\Software\Wow6432Node\Classes\Interface\{21BA420E-161C-413A-B21E-4E42AE1F4226}] =>Adware.ClickPotato
[HKLM\Software\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}] =>PUP.VShareRedir
[HKLM\Software\Wow6432Node\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}] =>PUP.VShareRedir
[HKLM\Software\Classes\Interface\{453db0c5-f41c-4d97-8dd6-cc72ecd5f699}] =>Adware.ClickPotato
[HKLM\Software\Wow6432Node\Classes\Interface\{453db0c5-f41c-4d97-8dd6-cc72ecd5f699}] =>Adware.ClickPotato
[HKLM\Software\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{4AFC07D0-59BB-46B8-B097-1A46E88EEF71}] =>Adware.ClickPotato
[HKLM\Software\Wow6432Node\Classes\Interface\{4AFC07D0-59BB-46B8-B097-1A46E88EEF71}] =>Adware.ClickPotato
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}] =>Adware.QuestScan
[HKLM\Software\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{6511ce4c-4722-40d0-ad3d-4afa2f50978a}] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\Interface\{6511ce4c-4722-40d0-ad3d-4afa2f50978a}] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-cd68-4f36-8d02-8c43722ee5da}] =>Adware.Hotbar
[HKLM\Software\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}] =>Adware.SocialSkinz
[HKLM\Software\Classes\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE}] =>Adware.ClickPotato
[HKLM\Software\Wow6432Node\Classes\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE}] =>Adware.ClickPotato
[HKLM\Software\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}] =>PUP.RewardsArcade
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}] =>PUP.VShareRedir
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}] =>PUP.VShareRedir
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}] =>PUP.VShareRedir
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}] =>PUP.VShareRedir
[HKLM\Software\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}] =>PUP.VShareRedir
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}] =>PUP.VShareRedir
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}] =>PUP.VShareRedir
[HKLM\Software\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}] =>PUP.RewardsArcade
[HKLM\Software\Classes\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D}] =>Adware.ClickPotato
[HKLM\Software\Wow6432Node\Classes\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D}] =>Adware.ClickPotato
[HKLM\Software\Classes\Interface\{83b2fe06-ba20-4f7d-96c6-6fc3a4e877d3}] =>Adware.SmartShopper
[HKLM\Software\Wow6432Node\Classes\Interface\{83b2fe06-ba20-4f7d-96c6-6fc3a4e877d3}] =>Adware.SmartShopper
[HKLM\Software\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89F88394-3828-4d03-A0CF-8203604C3DA6}] =>Adware.Hotbar
[HKLM\Software\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}] =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}] =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{9bec9b38-bf39-4899-806e-a1c5dfeb60a2}] =>Adware.SmartShopper
[HKLM\Software\Wow6432Node\Classes\Interface\{9bec9b38-bf39-4899-806e-a1c5dfeb60a2}] =>Adware.SmartShopper
[HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}] =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}] =>Adware.Softomate
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}] =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}] =>Adware.ShopperReports
[HKLM\Software\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306}] =>Adware.ClickPotato
[HKLM\Software\Wow6432Node\Classes\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306}] =>Adware.ClickPotato
[HKLM\Software\Classes\TypeLib\{ACC62306-9A63-4864-BD2F-C8825D2D7EA6}] =>Adware.ClickPotato
[HKLM\Software\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}] =>PUP.RewardsArcade
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{b32966a2-f7c2-4362-a6cf-399ec8b44110}] =>Adware.SmartShopper
[HKLM\Software\Wow6432Node\Classes\Interface\{b32966a2-f7c2-4362-a6cf-399ec8b44110}] =>Adware.SmartShopper
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE}] =>Adware.ClickPotato
[HKLM\Software\Classes\Interface\{b86d82bf-d39f-439a-a07c-43eddc6f6ea6}] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\Interface\{b86d82bf-d39f-439a-a07c-43eddc6f6ea6}] =>Adware.ShopperReports
[HKLM\Software\Classes\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}] =>Adware.ShopperReports
[HKLM\Software\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4233F04-1789-483c-A137-731E8F113DD5}] =>Adware.Hotbar
[HKLM\Software\Classes\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288}] =>PUP.Dealio
[HKLM\Software\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{da6305b9-0869-4235-8c1d-533a65e639e5}] =>Adware.ClickPotato
[HKLM\Software\Wow6432Node\Classes\Interface\{da6305b9-0869-4235-8c1d-533a65e639e5}] =>Adware.ClickPotato
[HKLM\Software\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{e6961c59-cfce-4ccd-b794-bc78db98413a}] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\Interface\{e6961c59-cfce-4ccd-b794-bc78db98413a}] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{f8b4ec8a-2407-4be0-aee2-0f430d65a90d}] =>Adware.ClickPotato
[HKLM\Software\Wow6432Node\Classes\Interface\{f8b4ec8a-2407-4be0-aee2-0f430d65a90d}] =>Adware.ClickPotato
[HKLM\Software\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}] =>Adware.SocialSkinz
[HKLM\Software\Classes\AppID\BRNstIE.DLL] =>Adware.ClickPotato
[HKLM\Software\Classes\AppID\CmndFF.DLL] =>Adware.ClickPotato
[HKLM\Software\Classes\AppID\mozillaps.dll] =>Adware.ClickPotato
[HKLM\Software\Classes\AppID\Pltfrm.DLL] =>Adware.ClickPotato
[HKLM\Software\Classes\MyNewsBarLauncher.IE5BarLauncher] =>PUP.VShareRedir
[HKLM\Software\Classes\MyNewsBarLauncher.IE5BarLauncher.1] =>PUP.VShareRedir
[HKLM\Software\Classes\MyNewsBarLauncher.IE5BarLauncherBHO] =>PUP.VShareRedir
[HKLM\Software\Classes\MyNewsBarLauncher.IE5BarLauncherBHO.1] =>PUP.VShareRedir
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom] =>PUP.OfferBox
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\paoponfhfdfnjgddpnpjkambkcgdaaib] =>Toolbar.Conduit
[HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader
[HKLM\Software\Wow6432Node\ClickPotatoLite] =>Adware.ClickPotato
[HKCU\Software\AppDataLow\Software\ConduitSearchScopes] =>Toolbar.Conduit
[HKCU\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\DataMngr] =>Adware.Bandoo
[HKCU\Software\DataMngr_Toolbar] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\FE42DAC9] =>Toolbar.Agent
[HKCU\Software\freetvradio] =>Adware.SPointer
[HKLM\Software\Wow6432Node\FREEzeFrog] =>Adware.FreezeFrog
[HKCU\Software\FREEzeFrogSA] =>Adware.FreezeFrog
[HKCU\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\InstallPedia] =>Adware.InstallPedia
[HKCU\Software\OfferBox] =>PUP.OfferBox
[HKLM\Software\Wow6432Node\OfferBox] =>PUP.OfferBox
[HKLM\Software\Wow6432Node\QuestScan] =>Adware.QuestScan
[HKCU\Software\ShopperReports3] =>Adware.ShopperReports
[HKCU\Software\AppDataLow\Software\ShopperReports3] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\ShopperReports3] =>Adware.ShopperReports
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\StartSearch] =>Hijacker.Agent
[HKLM\Software\Tarma Installer] =>Toolbar.Tarma
[HKCU\Software\AppDataLow\Toolbar] =>Toolbar.Conduit
[HKCU\Software\vShare.tv] =>PUP.VShareRedir
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Babylon_RASAPI32] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Babylon_RASMANCS] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Iminent_RASAPI32] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Iminent_RASMANCS] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASAPI32] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASMANCS] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP] =>Adware.IMBooster
[HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\offerbox_RASAPI32] =>PUP.OfferBox
[HKLM\Software\Wow6432Node\Microsoft\Tracing\offerbox_RASMANCS] =>PUP.OfferBox
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>Toolbar.Agent
[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF] =>PUP.Dealio
[HKLM\Software\Classes\Interface\{E6961C59-CFCE-4CCD-B794-BC78DB98413A}] =>Adware.SmartShopper
[HKLM\Software\Wow6432Node\Classes\Interface\{E6961C59-CFCE-4CCD-B794-BC78DB98413A}] =>Adware.SmartShopper
[HKLM\Software\Classes\Interface\{DA6305B9-0869-4235-8C1D-533A65E639E5}] =>Adware.SmartShopper
[HKLM\Software\Wow6432Node\Classes\Interface\{DA6305B9-0869-4235-8C1D-533A65E639E5}] =>Adware.SmartShopper
[HKLM\Software\Classes\Interface\{B86D82BF-D39F-439A-A07C-43EDDC6F6EA6}] =>Adware.SmartShopper
[HKLM\Software\Wow6432Node\Classes\Interface\{B86D82BF-D39F-439A-A07C-43EDDC6F6EA6}] =>Adware.SmartShopper
[HKLM\Software\Classes\Interface\{9BEC9B38-BF39-4899-806E-A1C5DFEB60A2}] =>Adware.SmartShopper
[HKLM\Software\Wow6432Node\Classes\Interface\{9BEC9B38-BF39-4899-806E-A1C5DFEB60A2}] =>Adware.SmartShopper
[HKLM\Software\Classes\Interface\{6511CE4C-4722-40D0-AD3D-4AFA2F50978A}] =>Adware.SmartShopper
[HKLM\Software\Wow6432Node\Classes\Interface\{6511CE4C-4722-40D0-AD3D-4AFA2F50978A}] =>Adware.SmartShopper
[HKLM\Software\Classes\Interface\{453DB0C5-F41C-4D97-8DD6-CC72ECD5F699}] =>Adware.SmartShopper
[HKLM\Software\Wow6432Node\Classes\Interface\{453DB0C5-F41C-4D97-8DD6-CC72ECD5F699}] =>Adware.SmartShopper
[HKLM\Software\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASAPI32] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASMANCS] =>Toolbar.Conduit
[HKLM\Software\Classes\ClickPotatoLiteAx.Info] =>Adware.ClickPotato
[HKLM\Software\Classes\ClickPotatoLiteAx.Info.1] =>Adware.ClickPotato
[HKLM\Software\Classes\ClickPotatoLiteAX.UserProfiles] =>Adware.ClickPotato
[HKLM\Software\Classes\ClickPotatoLiteAX.UserProfiles.1] =>Adware.ClickPotato
[HKLM\Software\Classes\ShopperReports.AsyncReporter] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.AsyncReporter.1] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.CntntDic] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.CntntDic.1] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.CntntDisp] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.CntntDisp.1] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.Dwnldr] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.Dwnldr.1] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.HbAx] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.HbAx.1] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.HbGuru] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.HbGuru.1] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.HbInfoBand] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.HbInfoBand.1] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.IEButton] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.IEButton.1] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.IEButtonA] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.IEButtonA.1] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.KOPFF] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.KOPFF.1] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.MozillaNvgtnTrpr] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.MozillaNvgtnTrpr.1] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.MozillaPSExecuter] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.MozillaPSExecuter.1] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.ReportData] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.ReportData.1] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.Reporter] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.Reporter.1] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.RprtCtrl] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.RprtCtrl.1] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.Scopes] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.Scopes.1] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.Stock] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.Stock.1] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.TriggerImmidiate] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.TriggerImmidiate.1] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.TriggerImmidiateOrRandomTS] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.TriggerImmidiateOrRandomTS.1] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.TriggerOnceInDay] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.TriggerOnceInDay.1] =>Adware.ShopperReports
[HKLM\Software\Classes\Toolbar.CT1098640] =>Toolbar.Conduit
[HKLM\Software\Classes\Toolbar.CT2633954] =>Toolbar.Conduit
[HKLM\Software\Classes\Toolbar.CT2643111] =>Toolbar.Conduit
[HKLM\Software\Classes\Toolbar.CT2851639] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\ClickPotatoLiteAx.Info] =>Adware.ClickPotato
[HKLM\Software\Wow6432Node\Classes\ClickPotatoLiteAx.Info.1] =>Adware.ClickPotato
[HKLM\Software\Wow6432Node\Classes\ClickPotatoLiteAX.UserProfiles] =>Adware.ClickPotato
[HKLM\Software\Wow6432Node\Classes\ClickPotatoLiteAX.UserProfiles.1] =>Adware.ClickPotato
[HKLM\Software\Wow6432Node\Classes\ShopperReports.AsyncReporter] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.AsyncReporter.1] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.CntntDic] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.CntntDic.1] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.CntntDisp] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.CntntDisp.1] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.Dwnldr] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.Dwnldr.1] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.HbAx] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.HbAx.1] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.HbGuru] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.HbGuru.1] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.HbInfoBand] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.HbInfoBand.1] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.IEButton] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.IEButton.1] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.IEButtonA] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.IEButtonA.1] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.KOPFF] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.KOPFF.1] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.MozillaNvgtnTrpr] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.MozillaNvgtnTrpr.1] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.MozillaPSExecuter] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.MozillaPSExecuter.1] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.ReportData] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.ReportData.1] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.Reporter] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.Reporter.1] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.RprtCtrl] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.RprtCtrl.1] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.Scopes] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.Scopes.1] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.Stock] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.Stock.1] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.TriggerImmidiate] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.TriggerImmidiate.1] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.TriggerImmidiateOrRandomTS] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.TriggerImmidiateOrRandomTS.1] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.TriggerOnceInDay] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.TriggerOnceInDay.1] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\Toolbar.CT1098640] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\Toolbar.CT2633954] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\Toolbar.CT2643111] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\Toolbar.CT2851639] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow]:*.chat-land.org =>Hijacker.ChercheUS
[HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Adware.AskSBAR
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]:HKCU =>Trojan.Agent
C:\Program Files (x86)\freeTVRadio =>Adware.SPointer
C:\Program Files (x86)\InstallPedia =>Adware.InstallPedia
C:\Program Files (x86)\ShopperReports3 =>Adware.ShopperReports
C:\Program Files (x86)\SweetIM =>PUP.SweetIM
C:\Program Files (x86)\vShare.tv plugin =>PUP.VShareRedir
C:\Program Files (x86)\torntv.com =>Hijacker.TornTV
C:\Program Files (x86)\Optimizer Pro =>PUP.OptimizerPro
C:\Program Files (x86)\Mozilla Firefox\Extensions\{f0e1168a-b4b5-484c-b77e-0d28e6b64096} =>Adware.QuestScan
C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com =>Toolbar.Babylon
C:\ProgramData\Babylon =>Toolbar.Babylon
C:\ProgramData\BabylonUpdater =>Toolbar.Babylon
C:\ProgramData\ClickPotatoLiteSA =>Adware.ClickPotato
C:\ProgramData\FREEzeFrogSA =>Adware.FreezeFrog
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\clickpotato =>Adware.ClickPotato
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports =>Adware.ShopperReports
C:\Users\modesta\AppData\Roaming\ClickPotatoLite =>Adware.ClickPotato
C:\Users\modesta\AppData\Roaming\freeTVRadio =>Adware.SPointer
C:\Users\modesta\AppData\Roaming\OfferBox =>PUP.OfferBox
C:\Users\modesta\AppData\Roaming\OpenCandy =>Adware.OpenCandy
C:\Users\modesta\AppData\Roaming\ShopperReports3 =>Adware.ShopperReports
C:\Users\modesta\AppData\Local\Conduit =>Toolbar.Conduit
C:\Users\modesta\AppData\Local\freetvradio Air =>Adware.SPointer
C:\Users\modesta\AppData\Local\Bundled software uninstaller =>Adware.MegaSearch
C:\Users\modesta\AppData\LocalLow\Conduit =>Toolbar.Conduit
C:\Users\modesta\AppData\LocalLow\facemoods.com =>Adware.Facemoods
C:\Users\modesta\AppData\LocalLow\ShopperReports3 =>Adware.ShopperReports
C:\Users\modesta\AppData\LocalLow\ShoppingReport2 =>Adware.ShopperReports
C:\Users\modesta\AppData\Roaming\Mozilla\Firefox\Profiles\et9kzzm3.default\SearchPlugins\SweetIM Search.xml =>PUP.SweetIM
C:\Users\modesta\Desktop\SpyHunter.lnk =>Crapware.SpyHunter
~ Additionnel Scan: 443640 Items scanned in 01mn 02s
---\\ Product Upgrade Codes (O90)
O90 - PUC: "C454EEF3BEF8A2843ABE9E6D175E0774" . (.Sunbelt.) -- C:\Windows\Installer\{3FEE454C-8FEB-482A-A3EB-E9D671E57047}\ARPPRODUCTICON.exe
~ Update Products: 155 Legitimates Filtered in 00mn 00s
---\\ Random Export Key (O91)
[HKCU\Software\59688debd3aed42\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKCU\Software\59688debd3aed42\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:version="2.6.1125.80"
[HKCU\Software\59688debd3aed42] =>Toolbar.Babylon^
[HKLM\Software\Wow6432Node\59688debd3aed42] => Cl� orpheline
~ Export Key Software: Scanned in 00mn 00s
---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 02/03/2009 89600 | (AESTFilters) . (.Andrea Electronics Corporation.) - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
SR - | Auto 16/11/2012 238080 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 16/11/2012 361984 | (AMD FUEL Service) . (.Advanced Micro Devices, Inc..) - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
SS - | Auto 29/06/2010 551896 | (appdrvrem01) . (.Protection Technology.) - C:\Windows\System32\appdrvrem01.exe
SR - | Auto 24/05/2012 55184 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 09/05/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Demand 05/05/2009 228408 | (Com4QLBEx) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
SR - | Auto 663056 | (EslWireHelper) . (...) - C:\Program Files\EslWire\service\WireHelperSvc.exe
SS - | Auto 14/07/2009 27136 | C:\Windows\System32\ezsvc7.dll (ezSharedSvc) . (.EasyBits Sofware AS.) - C:\Windows\System32\svchost.exe
SS - | Demand 0 | (GameConsoleService) . (...) - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
SR - | Auto 27/09/2012 86528 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
SR - | Demand 10/08/2012 1001376 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
SR - | Auto 346976 | (HWDeviceService64.exe) . (...) - C:\ProgramData\DatacardService\HWDeviceService64.exe
SS - | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SR - | Auto 04/03/2011 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SS - | Demand 10/06/2010 253808 | (maconfservice) . (.CybelSoft.) - C:\Program Files (x86)\ma-config.com\maconfservice.exe
SR - | Auto 23/09/2011 641832 | (NAUpdate) . (.Nero AG.) - C:\Program Files (x86)\Nero\Update\NASvc.exe
SS - | Demand ??\??\???? 0 | (npggsvc) . (.INCA Internet Co., Ltd..) - C:\Windows\system32\GameMon.des
SR - | Auto 10/12/2009 65536 | (pgsql-8.3) . (.PostgreSQL Global Development Group.) - C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
SR - | Auto 247152 | (RichVideo) . (...) - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
SR - | Auto 06/06/2009 980264 | (SBAMSvc) . (.Sunbelt Software.) - C:\Program Files (x86)\Ascentive\Spyware Striker\SBAMSvc.exe
SR - | Auto 26/01/2009 1153368 | (SBSDWSCService) . (.Safer Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
SS - | Auto 08/01/2013 161536 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 22/07/2009 240128 | (STacSV) . (.IDT, Inc..) - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
SR - | Auto 23/12/2009 370688 | (StarWindServiceAE) . (.StarWind Software.) - C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Demand 0 | (X6va005) . (...) - C:\Users\modesta\AppData\Local\Temp\00513BD.tmp
SS - | Demand 0 | (X6va006) . (...) - C:\Users\modesta\AppData\Local\Temp\006B932.tmp
SS - | Demand 0 | (X6va007) . (...) - C:\Users\modesta\AppData\Local\Temp\0072523.tmp
~ Services: Scanned in 00mn 02s
---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
~ MBR: 1 Legitimates Filtered in 00mn 02s
---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by modesta at 25/05/2013 12:34:12
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
~ 2228 Legitimates filtered by white list
End of the scan (1280 lines in 08mn 45s)(68)
Run by modesta at 25/05/2013 12:25:26
WebSite: http://nicolascoolman.webs.com
State : Version � jour.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Deactivate by program
---\\ Web Browser
MSIE: Internet Explorer v10.0.9200.16576
MFIE: Mozilla Firefox 21.0 (Defaut)
---\\ Windows Product Information
~ Langage: Fran�ais
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 3Q6C9
Windows License : OK
~ Windows Remaining Initializations Number : 2
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System Protection
avast! Free Antivirus v8.0.1489.0
Spybot - Search & Destroy v1.6.2
Windows Defender W7
---\\ System Optimizer
CCleaner v4.00 =>Piriform Ltd
---\\ Peer To Peer (P2P)
Pando Media Booster v2.6.0.8
�Torrent v3.2.3.28705 =>P2P.�Torrent
---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.5 MUI
Java 7 Update 21
---\\ System Information
~ Processor: AMD64 Family 16 Model 6 Stepping 2, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2812 MB (42% free)
System Restore: Activ� (Enable)
System drive C: has 76 GB (26%) free of 284 GB
---\\ Logged in mode
~ Computer Name: MODESTA-PC
~ User Name: modesta
~ All Users Names: postgres, modesta, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\modesta\AppData\Roaming\
~ %Desktop% : C:\Users\modesta\Desktop\
~ %Favorites% : C:\Users\modesta\Favorites\
~ %LocalAppData% : C:\Users\modesta\AppData\Local\
~ %StartMenu% : C:\Users\modesta\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 76 Go of 284 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 0 Go of 13 Go)
E:\ Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
F:\ CD-ROM drive (Not Inserted)
G:\ CD-ROM drive (Not Inserted)
H:\ CD-ROM drive (Not Inserted)
I:\ CD-ROM drive (Not Inserted)
J:\ CD-ROM drive (Not Inserted)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified
~ Security Center: 37 Legitimates Filtered in 00mn 00s
---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de d�marrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.27A9000C534AA9BADC9EE74940F50C6D] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.05/04/2013 - 07:52:14.) -- C:\Windows\System32\wininet.dll [2242048]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d�ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioth�que de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du syst�me de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parall�le.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 01s
---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 2/22
~ Mes musiques (My Musics) : 2/165
~ Mes Videos (My Videos) : 2/43
~ Mes Favoris (My Favorites) : 1/67
~ Mes Documents (My Documents) : 2/1938
~ Mon Bureau (My Desktop) : 2/22947
~ Menu demarrer (Programs) : 1/50
~ Hidden Files: Scanned in 00mn 53s
---\\ Processus lanc�s
[MD5.349AB4F70E2AC44970894E7F03E1576E] - (.Huawei Technologies Co., Ltd. - DataCardMonitor MFC Application.) -- C:\ProgramData\DatacardService\DCSHelper.exe [236384] [PID.2132]
[MD5.019D774B725DCFD9A188F07764A32214] - (. Hewlett-Packard Development Company, L.P. - Quick Launch Buttons.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe [322104] [PID.3184]
[MD5.DFABD45F0D7665E88C617A6FC93F57EC] - (...) -- C:\Program Files (x86)\Orange\Orange Cl� 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\IEWLauncher.exe [251344] [PID.3680]
[MD5.BAA1780D73BFA212D97851FCD43F1DA3] - (...) -- C:\Program Files (x86)\Orange\Orange Cl� 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\HSSModule.exe [419280] [PID.4036]
[MD5.3F11B20D12D89365D7721BDC860CE5F0] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968] [PID.3160]
[MD5.0DE3C7622EC33126579B1742260F08C2] - (.Pas de propri�taire - HpqToaster Module.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe [632888] [PID.4776]
[MD5.95110A1C5A1D228AC1DDF6AB67D00BEB] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [920472] [PID.3648]
[MD5.6FC79A950476A5F539EEB65F9097C0A8] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [17304] [PID.3824]
[MD5.23AA0FDCBDD87D0B78092798C68312D8] - (.Adobe Systems, Inc. - Adobe Flash Player 11.7 r700.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe [1855880] [PID.4868]
[MD5.68B8D980999DC76367F23F390E8D9E35] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7417344] [PID.3436]
[MD5.28D6701C710AD7BA3CB95E75F8F1A9AA] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808] [PID.1448]
[MD5.F401929EE0CC92BFE7F15161CA535383] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55184] [PID.1568]
[MD5.C34411A244029F1C08687F7C752C4563] - (.Hewlett-Packard Company - LightScribe Service.) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728] [PID.2112]
[MD5.ACC93675D78D1C07DAD09D7837F2397A] - (.PostgreSQL Global Development Group - pg_ctl - starts/stops/restarts the PostgreS.) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [65536] [PID.2272]
[MD5.498EB62A160674E793FA40FD65390625] - (.Pas de propri�taire - RichVideo Module.) -- C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152] [PID.2292]
[MD5.D78830C645884DB617C50B264BFFEBA2] - (.PostgreSQL Global Development Group - PostgreSQL Server.) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe [3690496] [PID.2356]
[MD5.E5C796B621F6FBA8616511063D7F0FFE] - (.StarWind Software - StarWind iSCSI Target (Alcohol Edition).) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [370688] [PID.2380]
[MD5.794D4B48DFB6E999537C7C3947863463] - (.Safer Networking Ltd. - Spybot-S&D Security Center integration.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368] [PID.2552]
[MD5.9B7EDD3FE7C211C36E921D34D18A3A0A] - (.Hewlett-Packard Company - HP Software Framework WMI Service.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [1001376] [PID.1608]
[MD5.F9A79C5B27037821112C50A9C8FB367A] - (.Hewlett-Packard Development Company, L.P. - Com for QLB application.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [228408] [PID.4532]
[MD5.1BBBF640BC0E0B750537BAECE8D66C18] - (.Nero AG - NeroUpdate.) -- C:\Program Files (x86)\Nero\Update\NASvc.exe [641832] [PID.3560]
[MD5.3BA7C1D05B9262D332822C75E68709ED] - (.Sunbelt Software - Sunbelt Software Anti Malware Service.) -- C:\Program Files (x86)\Ascentive\Spyware Striker\SBAMSvc.exe [980264] [PID.3564]
~ Processes Running: Scanned in 00mn 02s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\modesta\AppData\Roaming\Mozilla\Firefox\Profiles\et9kzzm3.default\prefs.js
C:\Users\modesta\AppData\Roaming\Mozilla\Firefox\Profiles\et9kzzm3.default\user.js
C:\Users\modesta\AppData\Roaming\Mozilla\Firefox\Profiles\tkx0l4k9.default\prefs.js (.not file.)
C:\Users\modesta\AppData\Roaming\Mozilla\Firefox\Profiles\tkx0l4k9.default\user.js
M3 - MFPP: Plugins - [modesta] -- C:\Users\modesta\AppData\Roaming\Mozilla\Firefox\Profiles\et9kzzm3.default\searchplugins\askcom.xml
M3 - MFPP: Plugins - [modesta] -- C:\Users\modesta\AppData\Roaming\Mozilla\Firefox\Profiles\et9kzzm3.default\searchplugins\delta.xml
M3 - MFPP: Plugins - [modesta] -- C:\Users\modesta\AppData\Roaming\Mozilla\Firefox\Profiles\et9kzzm3.default\searchplugins\SweetIM Search.xml =>PUP.SweetIM
M3 - MFPP: Plugins - [modesta] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\avg-secure-search.xml
M3 - MFPP: Plugins - [modesta] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\babylon.xml =>Toolbar.Babylon
P2 - FPN:Firefox Plugin Navigator . (.vShare.tv - vShare.tv plug-in.) -- C:\Program Files (x86)\Mozilla Firefox\Plugins\npvsharetvplg.dll =>PUP.VShareRedir
~ Firefox Browser: 16 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.flux-hacks.com
R3 - URLSearchHook: free-downloads.net Toolbar [64Bits] - {ecdee021-0d17-467f-a1ff-c7a115230949} . (.Conduit Ltd. - Conduit Toolbar.) (5, 3, 4, 2) -- C:\Program Files (x86)\free-downloads.net\tbfree.dll =>Toolbar.Conduit
R3 - URLSearchHook: (no name) [64Bits] - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} . (.Conduit Ltd. - Conduit Toolbar.) (No version) -- (.not file.) =>Toolbar.Conduit
~ IE Browser: 18 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 0
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: IE5BarLauncherBHO Class [64Bits] - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} . (.VShare Inc. - This is a module that is required for the o.) -- C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll =>PUP.VShareRedir
O2 - BHO: free-downloads.net Toolbar [64Bits] - {ecdee021-0d17-467f-a1ff-c7a115230949} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files (x86)\free-downloads.net\tbfree.dll =>Toolbar.Conduit
O2 - BHO: DVDVideoSoft.WebPageAdjuster [64Bits] - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} . (.DVDVideoSoft Ltd. - DVDVideoSoft IE Extension.) -- C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
~ BHO: 12 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Cl� orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (.not file.)
O4 - HKCU\..\Run: [SpybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AlcoholAutomount] . (.Alcohol Soft Development Team - Alcohol Virtual Drive Auto-mount Service.) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\modesta\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [Spotify] C:\Users\modesta\AppData\Roaming\Spotify\Spotify.exe (.not file.)
O4 - HKCU\..\Run: [Performance Center] . (.Ascentive - Ascentive Performance Center.) -- C:\Program Files (x86)\Ascentive\Performance Center\APCMain.exe
O4 - HKCU\..\Run: [Spyware Striker Pro] . (.Ascentive - Spyware Striker Pro Application.) -- C:\Program Files (x86)\Ascentive\Spyware Striker\SpywareStriker.exe
O4 - HKCU\..\Run: [WLAN Optimizer] C:\Users\modesta\Desktop\WLAN Optimizer.exe (.not file.)
O4 - HKCU\..\Run: [Akamai NetSession Interface] C:\Users\modesta\AppData\Local\Akamai\netsession_win.exe (.not file.)
O4 - HKCU\..\Run: [Mobile Partner] Cl� orpheline
O4 - HKCU\..\Run: [Windows Live] C:\Users\modesta\AppData\Local\Temp\winini.exe (.not file.)
O4 - HKCU\..\Run: [HKCU] . (.Microsoft Corporation - Processus h�te pour les services Windows.) -- C:\WinDir\svchost.exe
O4 - HKCU\..\Run: [ESL Wire] . (.Turtle Entertainment GmbH - ESL Wire Gaming Client.) -- C:\Program Files\EslWire\wire.exe
O4 - HKCU\..\Run: [Pando Media Booster] . (.Pas de propri�taire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_Plugin.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [QlbCtrl.exe] . (. Hewlett-Packard Development Company, L.P. - Quick Launch Buttons.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
O4 - HKLM\..\Wow6432Node\Run: [Easybits Recovery] . (.EasyBits Software AS - Pas de description.) -- C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Wow6432Node\Run: [WirelessAssistant] . (.Hewlett-Packard Company - HP Wireless Assistant Main Program.) -- C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Wow6432Node\Run: [PWRISOVM.EXE] . (.Power Software Ltd - PowerISO Virtual Drive Manager.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.exe
O4 - HKLM\..\Wow6432Node\Run: [Start_Icon225_IEWLauncher] . (...) -- C:\Program Files (x86)\Orange\Orange Cl� 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\IEWLauncher.exe
O4 - HKLM\..\Wow6432Node\Run: [Start_Update] . (.Pas de propri�taire - Orange Updater.) -- C:\Program Files (x86)\Orange\Orange Cl� 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\UpdteApp.exe
O4 - HKLM\..\Wow6432Node\Run: [Start_Statistics] . (...) -- C:\Program Files (x86)\Orange\Orange Cl� 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\OrangeStats.exe
O4 - HKLM\..\Wow6432Node\Run: [Start_SMSNotifier] . (.Pas de propri�taire - Notifier Orange.) -- C:\Program Files (x86)\Orange\Orange Cl� 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\SmsNotifier.exe
O4 - HKLM\..\Wow6432Node\Run: [Start_HSSModule] . (...) -- C:\Program Files (x86)\Orange\Orange Cl� 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\HSSModule.exe
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [HKLM] . (.Microsoft Corporation - Processus h�te pour les services Windows.) -- C:\WinDir\svchost.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst� Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Wow6432Node\Run: [AMD AVT] . (.Microsoft Corporation - Interpr�teur de commandes Windows.) -- C:\Windows\System32\Cmd.exe
O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\policies\Explorer\Run: [Policies] . (.Microsoft Corporation - Processus h�te pour les services Windows.) -- C:\WinDir\svchost.exe
O4 - HKCU\..\policies\Explorer\Run: [Policies] . (.Microsoft Corporation - Processus h�te pour les services Windows.) -- C:\WinDir\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-3600749335-942430350-662760979-1003\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-21-3600749335-942430350-662760979-1003\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - �diteur de caract�res priv�s.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe
O4 - GS\Desktop: ASIO4ALL v2 Instruction Manual.lnk . (...) -- C:\Program Files (x86)\ASIO4ALL v2\ASIO4ALL v2 Instruction Manual.pdf (.not file.)
O4 - GS\Desktop: ASIO4ALL v2 Off-Line Settings.lnk . (...) -- C:\Program Files (x86)\ASIO4ALL v2\a4apanel.exe (.not file.)
O4 - GS\Desktop: Audacity.lnk . (...) -- C:\Program Files\MultimediaTools\Audacity\audacity.exe
O4 - GS\Desktop: Bandicam.lnk . (...) -- C:\Program Files (x86)\Bandicam\bdcam.exe (.not file.)
O4 - GS\Desktop: Collab.lnk . (.Image-Line bvba - Collab executable.) -- C:\Program Files (x86)\Image-Line\Collab\Collab.exe
O4 - GS\Desktop: Cool Audio Video Converter.lnk . (...) -- C:\Program Files (x86)\Cool Audio Video Converter\Cool Audio Video Converter.exe (.not file.)
O4 - GS\Desktop: Crossfire Europe.lnk . (.TODO:
O4 - GS\Desktop: GameCenter.lnk . (.Cyanide - GameCenter.) -- C:\Program Files (x86)\Cyanide\GameCenter\GameCenter.exe
O4 - GS\Desktop: Installation de PMU Poker.lnk . (...) -- C:\Program Files (x86)\Mozilla Firefox\PMUPoker_Installer\SmartInstaller.exe (.not file.)
O4 - GS\Desktop: Installeur de World of Warcraft.lnk - Cl� orpheline
O4 - GS\Desktop: iTuner.lnk . (.Pyxsys - Pas de description.) -- C:\Program Files (x86)\OOBOX\Music\iTuner\XTuner2.exe
O4 - GS\Desktop: LimeWire 5.5.10.lnk . (...) -- C:\Program Files (x86)\LimeWire\LimeWire.exe (.not file.)
O4 - GS\Desktop: PhotoFiltre.lnk . (.Antonio Da Cruz - PhotoFiltre.) -- C:\Program Files (x86)\PhotoFiltre\photofiltre.exe
O4 - GS\Desktop: PMU Poker.lnk . (...) -- C:\Programs\PMU\PMU.exe (.not file.)
O4 - GS\Desktop: Super Mp3 Recorder Professional.lnk . (...) -- C:\Program Files (x86)\Admiresoft\Super Mp3 Recorder Professional\smrpro.exe
O4 - GS\Desktop: Teamspeak 2 RC2.lnk . (.Dominating Bytes Design - The TeamSpeak 2 client.) -- C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe
O4 - GS\Desktop: Tunatic.lnk . (.Wildbits - Tunatic 1.0.1b.) -- C:\Program Files (x86)\Tunatic\tunatic.exe
O4 - GS\Desktop: Virtual DJ Trial.lnk . (.Atomix Productions - VirtualDJ.) -- C:\Program Files (x86)\VirtualDJ\virtualdj_trial.exe
O4 - GS\TaskBar: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - Global Startup: C:\Users\modesta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chat-Land site de chat et de rencontre gratuit.URL . (...) -- C:\Users\modesta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chat-Land site de chat et de rencontre gratuit.URL =>Hijacker.ChercheUS
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\modesta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Chat-Land site de chat et de rencontre gratuit.URL . (...) -- C:\Users\modesta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Chat-Land site de chat et de rencontre gratuit.URL =>Hijacker.ChercheUS
O4 - GS\QuickLaunch: Easy Audio Cutter.lnk . (.Koyote Soft - Pas de description.) -- C:\Program Files (x86)\Free Audio Pack\Easy Audio Cutter\AudioCutter.exe
O4 - GS\QuickLaunch: Free CD Ripper.lnk . (.Koyote Soft - FreeCDRipper.) -- C:\Program Files (x86)\Free Audio Pack\Free CD Ripper\FreeCDRipper.exe
O4 - GS\QuickLaunch: Free Mp3 Wma Converter.lnk . (.Koyote Soft - Free Audio Converter.) -- C:\Program Files (x86)\Free Audio Pack\FreeConverter\FreeConverter.exe
O4 - GS\QuickLaunch: Jouer � HP Games.lnk . (...) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsole-wt.exe (.not file.)
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: PokerStars.fr.lnk . (.PokerStars - PokerStars Update.) -- C:\Program Files (x86)\PokerStars.FR\PokerStarsUpdate.exe
O4 - GS\QuickLaunch: Spybot - Search & Destroy.lnk . (.Safer Networking Limited - Spybot - Search & Destroy.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
O4 - GS\QuickLaunch: Xilisoft Video to Audio Converter.lnk . (...) -- C:\Program Files (x86)\Xilisoft\Video to Audio Converter\vcloader.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
O4 - GS\SendTo: Xfire Ami(e).lnk . (...) -- C:\Program Files (x86)\Xfire\Xfire.exe (.not file.)
O4 - GS\Desktop: ALBUMS - Raccourci.lnk . (...) -- C:\Users\modesta\Desktop\HIPHOPISDREAM\ALBUMS
O4 - Global Startup: C:\Users\modesta\Desktop\cccmarche.url . (...) -- C:\Users\modesta\Desktop\cccmarche.url
O4 - Global Startup: C:\Users\modesta\Desktop\cnetfrance.url . (...) -- C:\Users\modesta\Desktop\cnetfrance.url
O4 - GS\Desktop: Crossfire Europe.lnk . (.Neowiz Games - Crossfire Patcher.) -- C:\SG Interactive\Crossfire Europe\patcher_cf.exe
O4 - Global Startup: C:\Users\modesta\Desktop\Facebook.url . (...) -- C:\Users\modesta\Desktop\Facebook.url
O4 - GS\Desktop: Free Mp3 Wma Converter.lnk . (.Koyote Soft - Free Audio Converter.) -- C:\Program Files (x86)\Free Audio Pack\FreeConverter\FreeConverter.exe
O4 - Global Startup: C:\Users\modesta\Desktop\PC.url . (...) -- C:\Users\modesta\Desktop\PC.url
O4 - GS\Desktop: Reason.lnk . (.Propellerhead Software AB - Reason program file.) -- C:\Program Files (x86)\Propellerhead\Reason\Reason.exe
O4 - GS\Desktop: ReCycle.lnk . (.Propellerhead Software AB - ReCycle Program File.) -- C:\Program Files (x86)\Propellerhead\ReCycle\ReCycle.exe
O4 - GS\Desktop: SpyHunter.lnk . (...) -- C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe (.not file.) =>Crapware.SpyHunter
O4 - GS\Desktop: VirtualDJ Home FREE.lnk . (.Atomix Productions - VirtualDJ.) -- C:\Program Files (x86)\VirtualDJ\virtualdj_home.exe
~ Global Startup: Scanned in 00mn 02s
---\\ Boutons situ�s sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Free YouTube Download [64Bits] - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} . (...) -- C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\dvdvideosoft.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKCU\...\Domains] *.chat-land.org =>Hijacker.ChercheUS
~ IE Zone Confiance: Scanned in 00mn 04s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{75728A8F-5917-406F-A6DB-FA5BD6410464}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{B86F66EB-44E0-4145-8B54-36BA2F4839B6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E582CE4B-ABFA-4A20-8251-A614A5B4AD1C}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{75728A8F-5917-406F-A6DB-FA5BD6410464}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{B86F66EB-44E0-4145-8B54-36BA2F4839B6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{E582CE4B-ABFA-4A20-8251-A614A5B4AD1C}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{75728A8F-5917-406F-A6DB-FA5BD6410464}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{B86F66EB-44E0-4145-8B54-36BA2F4839B6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{E582CE4B-ABFA-4A20-8251-A614A5B4AD1C}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) . (.PostgreSQL Global Development Group - pg_ctl - starts/stops/restarts the PostgreS.) - C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) . (.StarWind Software - StarWind iSCSI Target (Alcohol Edition).) - C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
~ Services: 18 Legitimates Filtered in 00mn 12s
---\\ T�ches planifi�es en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SmartPCFix Task.job [380]
[MD5.00000000000000000000000000000000] [APT] [SmartPCFix Task] (...) -- C:\Program Files (x86)\SmartPCFix\SmartPCFix.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{00B6A442-52CD-4A5A-9332-55523E2F4088}] (...) -- C:\Program Files (x86)\ManyCam 2.4\uninstall.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{0167CEC1-7073-4F51-83C0-F19F6E417C2F}] (...) -- C:\Program Files (x86)\ManyCam 2.4\ManyCam.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{07C9D1E0-167A-42BD-8AEE-6C84482DAED8}] (...) -- C:\Program Files (x86)\ManyCam 2.4\ManyCam.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{08ACE16C-0362-433E-A0E4-C7837DFB8B2E}] (...) -- C:\Program Files (x86)\ManyCam 2.4\ManyCam.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{0A832D6B-998F-4836-B8F3-8C954FF6CB57}] (...) -- C:\Program Files (x86)\ManyCam 2.4\ManyCam.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{0ED07BB4-7D3F-477D-9A3C-C1B13FCDCA84}] (...) -- G:\Setup.exe (.not file.) [0]
[MD5.B186735BDC45649FD172D18E3F6B7DB9] [APT] [{16F4C069-B88C-47F7-BFFC-5ECBFF8D837A}] (...) -- C:\Program Files (x86)\Propellerhead\ReCycle\unins000.exe [691481]
[MD5.EB906EDD7889FBE6829EFEDBEC53A3DC] [APT] [{3F59FBF4-5E7E-40FC-9363-090CA4C292F5}] (...) -- C:\Program Files (x86)\PENDULO Studios\RUNAWAY 2 - The dream of the turtle\runaway2.exe [2543616]
[MD5.00000000000000000000000000000000] [APT] [{3FBD547C-8DDE-4618-8119-FDBAF2872833}] (...) -- C:\Program Files (x86)\ManyCam 2.4\ManyCam.exe (.not file.) [0]
[MD5.B73A3A0A4983610ABAD6454C09BA6F19] [APT] [{49F28A68-CD56-4F9F-BBE7-D3828E2E0D1D}] (.TODO:
[MD5.00000000000000000000000000000000] [APT] [{54BF14C3-36AF-4BEE-90CA-7BA896DE2EA1}] (...) -- C:\Program Files (x86)\ManyCam 2.4\ManyCam.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{5CB4C33B-D517-4CB0-A65A-83A47A6E0F65}] (...) -- C:\Program Files (x86)\sweetpacks bundle uninstaller\uninstaller.exe (.not file.) [0] =>PUP.SweetIM
[MD5.B73A3A0A4983610ABAD6454C09BA6F19] [APT] [{8B2A43B6-9213-4FD0-999A-BED41845A40E}] (.TODO:
[MD5.00000000000000000000000000000000] [APT] [{AA21DD51-728E-473B-8D80-1990991281F9}] (...) -- C:\Program Files (x86)\ManyCam 2.4\ManyCam.exe (.not file.) [0]
[MD5.EB906EDD7889FBE6829EFEDBEC53A3DC] [APT] [{B4E14F8B-ABEC-46AD-8B3F-0C351B0F9965}] (...) -- C:\Program Files (x86)\PENDULO Studios\RUNAWAY 2 - The dream of the turtle\runaway2.exe [2543616]
[MD5.EB906EDD7889FBE6829EFEDBEC53A3DC] [APT] [{BCD169D0-5B76-4238-A278-9D103A124947}] (...) -- C:\Program Files (x86)\PENDULO Studios\RUNAWAY 2 - The dream of the turtle\runaway2.exe [2543616]
[MD5.00000000000000000000000000000000] [APT] [{C1E6C74A-E4A1-4842-9EB2-4B7E15BE9572}] (...) -- C:\Program Files (x86)\ManyCam 2.4\ManyCam.exe (.not file.) [0]
[MD5.EB906EDD7889FBE6829EFEDBEC53A3DC] [APT] [{C351A5CC-89AB-433B-8378-0D6C39776CC4}] (...) -- C:\Program Files (x86)\PENDULO Studios\RUNAWAY 2 - The dream of the turtle\runaway2.exe [2543616]
[MD5.EB906EDD7889FBE6829EFEDBEC53A3DC] [APT] [{C5F77096-F998-4DE1-9256-615A44D40874}] (...) -- C:\Program Files (x86)\PENDULO Studios\RUNAWAY 2 - The dream of the turtle\runaway2.exe [2543616]
[MD5.00000000000000000000000000000000] [APT] [{CA7F1355-2B46-409D-BAC0-1231A4DDD877}] (...) -- G:\DirectX\dxsetup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{CBD660F3-E00D-47C2-801F-0B931D991A7E}] (...) -- C:\Users\modesta\Downloads\rkfree_setup.exe (.not file.) [0]
[MD5.B73A3A0A4983610ABAD6454C09BA6F19] [APT] [{D1853B27-F8B0-4D07-BDBB-2D76A44378EC}] (.TODO:
[MD5.00000000000000000000000000000000] [APT] [{DC981EEA-92B1-4BE8-A9FC-188EF765D676}] (...) -- C:\Users\modesta\Downloads\rk_uninstall.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{E19C652B-E3E7-4B1E-A874-D2C7112A4337}] (...) -- C:\Program Files (x86)\ManyCam 2.4\ManyCam.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{FCFCD9F7-18D0-4D88-B613-DC2635F375C2}] (...) -- C:\Program Files (x86)\ManyCam 2.4\ManyCam.exe (.not file.) [0]
[MD5.EB906EDD7889FBE6829EFEDBEC53A3DC] [APT] [{FD3054B5-5079-451D-AECB-2A2478BEE9EE}] (...) -- C:\Program Files (x86)\PENDULO Studios\RUNAWAY 2 - The dream of the turtle\runaway2.exe [2543616]
~ Scheduled Task: 47 Legitimates Filtered in 00mn 08s
---\\ Pilotes lanc�s au d�marrage (O41)
O41 - Driver: (appdrv01) . (.Protection Technology - Application Driver (01).) - C:\Windows\System32\Drivers\appdrv01.sys
~ Drivers: 69 Legitimates Filtered in 00mn 00s
---\\ Logiciels install�s (O42)
O42 - Logiciel: Audiggle version 3.0.0.1 - (.Audiggle LTD.) [HKLM][64Bits] -- {FCAD9ED0-C00F-45FA-91DB-F89140EFAB3A}_is1
O42 - Logiciel: Golden Keylogger - (...) [HKCU][64Bits] -- GKL2
O42 - Logiciel: Lexicon Alpha Driver - (.Lexicon.) [HKLM][64Bits] -- Lexicon Alpha Driver
O42 - Logiciel: Lexicon Pantheon VST Plug-in (remove only) - (...) [HKLM][64Bits] -- LexiconStudio
O42 - Logiciel: Performance Center - (.Ascentive.) [HKLM][64Bits] -- {BB05BD70-4605-4829-93FC-AD80D8CC5B66}
O42 - Logiciel: PokerStars.fr - (.PokerStars.fr.) [HKLM][64Bits] -- PokerStars.fr
O42 - Logiciel: SpyHunter - (.Enigma Software Group USA, LLC.) [HKLM][64Bits] -- {BCD55450-77AC-4347-B24F-654B1189F8D4} =>Crapware.SpyHunter
O42 - Logiciel: Spyware Striker - (.Ascentive.) [HKLM][64Bits] -- {E8B0BD86-073B-4D7E-B0F1-CC37E70014D4}
O42 - Logiciel: free-downloads.net Toolbar - (...) [HKLM][64Bits] -- free-downloads.net Toolbar
O42 - Logiciel: vShare.tv plugin 1.3 - (.vShare.tv, Inc..) [HKLM][64Bits] -- vShare.tv plugin =>PUP.VShareRedir
~ Logic: 202 Legitimates Filtered in 00mn 02s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\59688debd3aed42]
[HKCU\Software\AV2MP3]
[HKCU\Software\AppDataLow\Software\ConduitSearchScopes]
[HKCU\Software\AppDataLow\Software\ShopperReports3] =>Adware.ShopperReports
[HKCU\Software\AppDataLow\Software\ShoppingReport2] =>Adware.ShoppingReport
[HKCU\Software\AppDataLow\Software\Smartbar] =>Hijacker.SmartBar
[HKCU\Software\AppDataLow\Software\free-downloads.net]
[HKCU\Software\AppDataLow\Toolbar]
[HKCU\Software\Ascentive]
[HKCU\Software\Audiggle LTD]
[HKCU\Software\BI]
[HKCU\Software\CFLoader]
[HKCU\Software\DataMngr] =>PUP.Datamngr
[HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr
[HKCU\Software\Guy]
[HKCU\Software\Hacked]
[HKCU\Software\IGearSettings]
[HKCU\Software\IM]
[HKCU\Software\ImInstaller]
[HKCU\Software\Iminent] =>Adware.IMBooster
[HKCU\Software\IncrediMail]
[HKCU\Software\Lexicon]
[HKCU\Software\MusicBrainz]
[HKCU\Software\Nohope92]
[HKCU\Software\OfferBox] =>PUP.OfferBox
[HKCU\Software\PMU]
[HKCU\Software\PartoucheFR]
[HKCU\Software\PatchPoker]
[HKCU\Software\Prodipe]
[HKCU\Software\ShopperReports3] =>Adware.ShopperReports
[HKCU\Software\Softonic]
[HKCU\Software\StartSearch] =>PUP.StartSearch
[HKCU\Software\freeTVRadio] =>Adware.SPointer
[HKCU\Software\freezefrogsa] =>Adware.FreezeFrog
[HKCU\Software\vShare.tv] =>PUP.VShareRedir
[HKLM\Software\Tarma Installer] =>Toolbar.Tarma
[HKLM\Software\Wow6432Node\59688debd3aed42]
[HKLM\Software\Wow6432Node\Ascentive]
[HKLM\Software\Wow6432Node\ClickPotatoLite] =>Adware.ClickPotato
[HKLM\Software\Wow6432Node\DataMngr] =>PUP.Datamngr
[HKLM\Software\Wow6432Node\FE42DAC9]
[HKLM\Software\Wow6432Node\FREEzeFrog] =>Adware.FreezeFrog
[HKLM\Software\Wow6432Node\Guy]
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\InstallPedia]
[HKLM\Software\Wow6432Node\MusicBrainz]
[HKLM\Software\Wow6432Node\OfferBox] =>PUP.OfferBox
[HKLM\Software\Wow6432Node\Phoenix]
[HKLM\Software\Wow6432Node\Prodipe]
[HKLM\Software\Wow6432Node\QuestScan] =>Adware.QuestScan
[HKLM\Software\Wow6432Node\ShopperReports3] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Z8Games]
[HKLM\Software\Wow6432Node\free-downloads.net]
~ Key Software: 428 Legitimates Filtered in 00mn 02s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 23/03/2012 - 22:23:13 - [155,563] ----D C:\Program Files (x86)\Ascentive
O43 - CFD: 01/12/2011 - 08:58:30 - [2,554] ----D C:\Program Files (x86)\Audiggle
O43 - CFD: 31/08/2011 - 21:19:14 - [3,815] ----D C:\Program Files (x86)\free-downloads.net
O43 - CFD: 24/05/2013 - 17:59:14 - [0,057] ----D C:\Program Files (x86)\freeTVRadio =>Adware.SPointer
O43 - CFD: 06/02/2013 - 22:53:18 - [0,188] ----D C:\Program Files (x86)\InstallPedia
O43 - CFD: 06/07/2012 - 17:28:11 - [2,214] ----D C:\Program Files (x86)\Lexicon
O43 - CFD: 06/06/2012 - 17:43:25 - [0,000] ----D C:\Program Files (x86)\LimeWire
O43 - CFD: 02/07/2010 - 13:06:55 - [6,205] ----D C:\Program Files (x86)\OOBOX
O43 - CFD: 25/06/2010 - 02:23:10 - [0] ----D C:\Program Files (x86)\poker
O43 - CFD: 21/12/2012 - 20:51:15 - [142,675] ----D C:\Program Files (x86)\PokerStars.FR
O43 - CFD: 17/11/2010 - 21:05:02 - [2,590] ----D C:\Program Files (x86)\PokerTracker 3
O43 - CFD: 09/07/2010 - 22:29:42 - [1,031] ----D C:\Program Files (x86)\Shareaza
O43 - CFD: 14/08/2010 - 23:05:06 - [1,516] ----D C:\Program Files (x86)\ShopperReports3 =>Adware.ShopperReports
O43 - CFD: 11/05/2013 - 15:27:47 - [1,277] ----D C:\Program Files (x86)\SoulseekQt =>P2P.SoulSeek
O43 - CFD: 11/04/2013 - 16:04:29 - [0] ----D C:\Program Files (x86)\SweetIM =>PUP.SweetIM
O43 - CFD: 03/04/2013 - 14:21:51 - [0] ----D C:\Program Files (x86)\TornTV.com =>Hijacker.TornTV
O43 - CFD: 28/08/2011 - 18:41:22 - [0,566] ----D C:\Program Files (x86)\vShare.tv plugin =>PUP.VShareRedir
O43 - CFD: 02/01/2013 - 17:56:56 - [12,169] ----D C:\Program Files (x86)\Wi-Fi Modem
O43 - CFD: 20/05/2013 - 20:33:49 - [114,342] ----D C:\Program Files (x86)\Z8Games
O43 - CFD: 23/03/2012 - 22:24:09 - [38,630] ----D C:\ProgramData\Ascentive
O43 - CFD: 03/04/2013 - 14:18:57 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon
O43 - CFD: 02/11/2011 - 22:08:20 - [0] ----D C:\ProgramData\BabylonUpdater =>Toolbar.Babylon
O43 - CFD: 26/12/2010 - 17:23:43 - [9,892] ----D C:\ProgramData\ClickPotatoLiteSA =>Adware.ClickPotato
O43 - CFD: 31/08/2011 - 12:25:11 - [1,152] ----D C:\ProgramData\FREEzeFrogSA =>Adware.FreezeFrog
O43 - CFD: 03/04/2013 - 14:29:46 - [1,199] ----D C:\ProgramData\Tarma Installer =>Toolbar.Tarma
O43 - CFD: 03/09/2010 - 12:42:27 - [0,053] ----D C:\ProgramData\WSG32
O43 - CFD: 14/08/2010 - 23:05:24 - [0] ----D C:\Users\modesta\AppData\Roaming\ClickPotatoLite =>Adware.ClickPotato
O43 - CFD: 25/10/2010 - 03:14:24 - [0,001] ----D C:\Users\modesta\AppData\Roaming\fr.barrierepoker.air.D043989C8F5E91300BF71855036B28F854BB8613.1
O43 - CFD: 25/08/2011 - 15:13:01 - [0,001] ----D C:\Users\modesta\AppData\Roaming\freeTVRadio =>Adware.SPointer
O43 - CFD: 01/12/2011 - 09:26:18 - [0] ----D C:\Users\modesta\AppData\Roaming\MusicBrainz
O43 - CFD: 08/06/2012 - 20:27:45 - [0,000] ----D C:\Users\modesta\AppData\Roaming\OfferBox =>PUP.OfferBox
O43 - CFD: 22/02/2013 - 14:41:06 - [55,274] ----D C:\Users\modesta\AppData\Roaming\OpenCandy =>Adware.OpenCandy
O43 - CFD: 12/09/2010 - 14:55:24 - [9,333] ----D C:\Users\modesta\AppData\Roaming\Partouche Poker
O43 - CFD: 12/09/2010 - 14:55:55 - [0] ----D C:\Users\modesta\AppData\Roaming\PokerAcademyPro2
O43 - CFD: 09/07/2010 - 22:28:38 - [0,014] ----D C:\Users\modesta\AppData\Roaming\Shareaza
O43 - CFD: 14/08/2010 - 23:05:06 - [0] ----D C:\Users\modesta\AppData\Roaming\ShopperReports3 =>Adware.ShopperReports
O43 - CFD: 29/03/2013 - 18:10:38 - [0,020] RSH-D C:\Users\modesta\AppData\Roaming\WinDir
O43 - CFD: 11/03/2013 - 21:03:21 - [0,165] ----D C:\Users\modesta\AppData\Local\APN
O43 - CFD: 01/12/2011 - 09:00:28 - [0,001] ----D C:\Users\modesta\AppData\Local\Audiggle_LTD
O43 - CFD: 10/01/2013 - 19:10:26 - [0,001] ----D C:\Users\modesta\AppData\Local\Comet
O43 - CFD: 15/05/2013 - 00:44:44 - [0,001] ----D C:\Users\modesta\AppData\Local\DarkOS
O43 - CFD: 31/08/2011 - 21:31:10 - [0,201] ----D C:\Users\modesta\AppData\Local\freetvradio Air =>Adware.SPointer
O43 - CFD: 08/04/2013 - 19:53:00 - [0,001] ----D C:\Users\modesta\AppData\Local\GNHacks
O43 - CFD: 16/02/2013 - 18:33:12 - [0,006] ----D C:\Users\modesta\AppData\Local\Injector
O43 - CFD: 30/04/2013 - 03:47:06 - [0,001] ----D C:\Users\modesta\AppData\Local\kokicrossfireinjector
O43 - CFD: 09/03/2013 - 21:29:33 - [0,001] ----D C:\Users\modesta\AppData\Local\MetreInjector
O43 - CFD: 08/05/2013 - 06:00:51 - [3,604] ----D C:\Users\modesta\AppData\Local\PokerStars.FR
O43 - CFD: 08/07/2010 - 23:59:45 - [0,029] ----D C:\Users\modesta\AppData\Local\Shareaza
O43 - CFD: 29/01/2012 - 21:15:36 - [0,001] ----D C:\Users\modesta\AppData\Local\Team_CP9_Injector_V1
O43 - CFD: 06/07/2012 - 17:28:11 - [0,001] ----D C:\Users\modesta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lexicon
O43 - CFD: 25/05/2013 - 10:42:11 - [0,005] ----D C:\Users\modesta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter =>Crapware.SpyHunter
O43 - CFD: 03/04/2013 - 14:17:24 - [0,002] ----D C:\Users\modesta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com =>Hijacker.TornTV
~ 152 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 533 Legitimates Filtered in 01mn 14s
---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 25/05/2013 - 09:47:50 ---A- . (...) -- C:\autoexec.bat [0]
O44 - LFC:[MD5.D1D2669795A3201D600538F73800C098] - 18/05/2013 - 15:06:12 ---A- . (...) -- C:\Windows\SysNative\atiumd6a.cap [2818784]
O44 - LFC:[MD5.D1D2669795A3201D600538F73800C098] - 18/05/2013 - 15:06:12 RSHAD . (...) -- C:\Windows\System32\atiumd6a.cap [2818784]
O44 - LFC:[MD5.611149ECD6E52335B18DEA7D436C9343] - 18/05/2013 - 15:06:10 ---A- . (...) -- C:\Windows\atiogl.xml [38177]
O44 - LFC:[MD5.B0081A234F487A125AC131C11ADAA421] - 18/05/2013 - 15:06:09 ---A- . (...) -- C:\Windows\SysNative\atiicdxx.dat [618823]
O44 - LFC:[MD5.B0081A234F487A125AC131C11ADAA421] - 18/05/2013 - 15:06:09 RSHAD . (...) -- C:\Windows\System32\atiicdxx.dat [618823]
O44 - LFC:[MD5.AA27B62D140EDC715F575A70F8843838] - 17/05/2013 - 10:26:02 ---A- . (...) -- C:\Windows\start.sdat [209920]
O44 - LFC:[MD5.52930983B27C17ED48CE93A440560923] - 15/05/2013 - 04:36:11 ---A- . (...) -- C:\Windows\SysNative\atiapfxx.blb [245944]
O44 - LFC:[MD5.64A0869F18560CD529120ADE00155C3E] - 15/05/2013 - 04:36:11 ---A- . (...) -- C:\Windows\SysNative\atipblag.dat [3917]
O44 - LFC:[MD5.7C163EDE63854539828F5B2C1BC529FD] - 15/05/2013 - 04:36:11 ---A- . (...) -- C:\Windows\SysNative\ativvsva.dat [157144]
O44 - LFC:[MD5.219D7091DD1D93728392337FE9C7ADD6] - 15/05/2013 - 04:36:11 ---A- . (...) -- C:\Windows\SysNative\ativvsvl.dat [204952]
O44 - LFC:[MD5.52930983B27C17ED48CE93A440560923] - 15/05/2013 - 04:36:11 ---A- . (...) -- C:\Windows\System32\atiapfxx.blb [245944]
O44 - LFC:[MD5.64A0869F18560CD529120ADE00155C3E] - 15/05/2013 - 04:36:11 ---A- . (...) -- C:\Windows\System32\atipblag.dat [3917]
O44 - LFC:[MD5.7C163EDE63854539828F5B2C1BC529FD] - 15/05/2013 - 04:36:11 ---A- . (...) -- C:\Windows\System32\ativvsva.dat [157144]
O44 - LFC:[MD5.219D7091DD1D93728392337FE9C7ADD6] - 15/05/2013 - 04:36:11 ---A- . (...) -- C:\Windows\System32\ativvsvl.dat [204952]
O44 - LFC:[MD5.2BD357F2A8CBB722F19091DA27DB0B34] - 15/05/2013 - 04:33:04 ---A- . (...) -- C:\Windows\RUNAWAY2.INI [59]
~ Files: 143 Legitimates Filtered in 00mn 11s
---\\ Derniers fichiers cr��s dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.07AEE80105BD9AB0C12083C183C151D8] - 25/05/2013 - 01:15:55 ---A- - C:\Windows\Prefetch\BOOST.EXE-927029AA.pf
O45 - LFCP:[MD5.ADD9E70DAA5229E4EABAAC0B4D796EA8] - 25/05/2013 - 07:57:57 ---A- - C:\Windows\Prefetch\HSSMODULE.EXE-8E1C6C21.pf
O45 - LFCP:[MD5.DA23EF216E64E4E981665A1B63F892C2] - 25/05/2013 - 07:57:57 ---A- - C:\Windows\Prefetch\ORANGESTATS.EXE-2BF4E09C.pf
O45 - LFCP:[MD5.2E9246DE864B89703721F799227EE2E9] - 25/05/2013 - 07:57:57 ---A- - C:\Windows\Prefetch\SMSNOTIFIER.EXE-5BAA7EDC.pf
O45 - LFCP:[MD5.D3838FCEA5EF2A3006BF9A4EBBC4F30C] - 25/05/2013 - 07:57:57 ---A- - C:\Windows\Prefetch\UPDTEAPP.EXE-D0F4B5C4.pf
O45 - LFCP:[MD5.A35FB7871026AFAB3670C7D399C2C8FA] - 25/05/2013 - 07:58:23 ---A- - C:\Windows\Prefetch\DBUS-DAEMON.EXE-9EC36370.pf
O45 - LFCP:[MD5.3DA522BAF1AE928895E81A258B010A40] - 25/05/2013 - 08:02:36 ---A- - C:\Windows\Prefetch\PATCHER_CF.EXE-2E8B1AFA.pf
O45 - LFCP:[MD5.04CB0D7758ACD4BE2169D4267DFEE254] - 25/05/2013 - 08:02:50 ---A- - C:\Windows\Prefetch\CF_SGI.EXE-413EE366.pf
O45 - LFCP:[MD5.E7305C5C79D292F4E12C8C7C0D6E48CA] - 25/05/2013 - 08:03:00 ---A- - C:\Windows\Prefetch\HGWC.EXE-E846B28C.pf
O45 - LFCP:[MD5.CD64939899F26329E73BB1356B3593D9] - 25/05/2013 - 08:03:11 ---A- - C:\Windows\Prefetch\CROSSFIRE.EXE-1734A2D7.pf
O45 - LFCP:[MD5.A18D65E50F5C964F3458FCEB7A38961F] - 25/05/2013 - 08:03:14 ---A- - C:\Windows\Prefetch\XTRAP.XT-D0CB15BB.pf
O45 - LFCP:[MD5.895418CAD1D85162F26DEF9EA014D082] - 25/05/2013 - 09:34:36 ---A- - C:\Windows\Prefetch\SPYHUNTER-INSTALLER.EXE-D087A74E.pf =>Crapware.SpyHunter
O45 - LFCP:[MD5.185A8042930F662812C75327190CCD5B] - 25/05/2013 - 09:41:19 ---A- - C:\Windows\Prefetch\WISECUSTOMCALLA32.EXE-D6A47D72.pf =>Crapware.SpyHunter
O45 - LFCP:[MD5.9C18BA5C9F3BDC0796D7F79E6A2DB3D6] - 25/05/2013 - 09:41:32 ---A- - C:\Windows\Prefetch\WISECUSTOMCALLA31.EXE-C34EC2ED.pf =>Crapware.SpyHunter
O45 - LFCP:[MD5.07B5C1328BCB5755CEA946B414A874B2] - 25/05/2013 - 09:42:02 ---A- - C:\Windows\Prefetch\WISECUSTOMCALLA33.EXE-E9FA37F7.pf =>Crapware.SpyHunter
O45 - LFCP:[MD5.A1608E7C11069940B053D0A7068E3A38] - 25/05/2013 - 09:42:04 ---A- - C:\Windows\Prefetch\WISECUSTOMCALLA34.EXE-FD4FF27C.pf =>Crapware.SpyHunter
O45 - LFCP:[MD5.F7D002632EDDB6B3FF89C408AEEAD66D] - 25/05/2013 - 09:42:20 ---A- - C:\Windows\Prefetch\WISECUSTOMCALLA37.EXE-3751220B.pf =>Crapware.SpyHunter
O45 - LFCP:[MD5.2078C94E4CDAE0BCE480E97245E0A318] - 25/05/2013 - 09:47:44 ---A- - C:\Windows\Prefetch\SPYHUNTER4.EXE-7BD5E907.pf =>Crapware.SpyHunter
O45 - LFCP:[MD5.AA7B900413D5E8BFA2D450E13C730384] - 25/05/2013 - 10:02:17 ---A- - C:\Windows\Prefetch\RUNAWAY2.EXE-AD20D29A.pf
~ Prefetcher: 111 Legitimates Filtered in 00mn 01s
---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{0a62c182-b49b-11e1-bf69-c80aa92458ab}\AutoRun\command. (...) -- K:\Setup.exe (.not file.)
O51 - MPSK:{18d4ce97-8840-11df-ab00-c80aa92458ab}\AutoRun\command. (...) -- G:\Launcher.exe (.not file.)
O51 - MPSK:{22a9dfaa-7101-11e2-9aa7-c80aa92458ab}\AutoRun\command. (...) -- K:\AutoRun.exe (.not file.)
O51 - MPSK:{22a9dfb1-7101-11e2-9aa7-c80aa92458ab}\AutoRun\command. (...) -- K:\AutoRun.exe (.not file.)
O51 - MPSK:{3f79c2a8-a39e-11df-8561-c80aa92458ab}\AutoRun\command. (...) -- H:\Autorun.exe (.not file.)
O51 - MPSK:{5131fc1b-546b-11e2-90a6-c80aa92458ab}\AutoRun\command. (...) -- K:\AutoRun.exe (.not file.)
O51 - MPSK:{5131fc22-546b-11e2-90a6-c80aa92458ab}\AutoRun\command. (...) -- K:\AutoRun.exe (.not file.)
O51 - MPSK:{557efeed-b66a-11e1-96c7-c80aa92458ab}\AutoRun\command. (...) -- K:\Setup.exe (.not file.)
O51 - MPSK:{557efeff-b66a-11e1-96c7-c80aa92458ab}\AutoRun\command. (...) -- K:\Setup.exe (.not file.)
O51 - MPSK:{5c099320-7258-11df-b08d-c80aa92458ab}\AutoRun\command. (...) -- H:\Launcher.exe (.not file.)
O51 - MPSK:{ab18219d-eab1-11df-93bb-c80aa92458ab}\AutoRun\command. (...) -- H:\autorun.exe (.not file.)
O51 - MPSK:{ab1821cc-eab1-11df-93bb-c80aa92458ab}\AutoRun\command. (...) -- I:\SETUP.exe (.not file.)
O51 - MPSK:{f2e3cc01-9609-11e0-b73e-c80aa92458ab}\AutoRun\command. (...) -- J:\KODAK_Software_Downloader.exe (.not file.)
O51 - MPSK:{f3131c0a-6d67-11e1-b911-c80aa92458ab}\AutoRun\command. (...) -- J:\Setup.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [491088]
O58 - SDL:[MD5.ACEA6D0C2BFC5DA45FA570668E904C29] - 07/05/2004 - 14:31:46 ---A- . (.Service & Quality Technology. - Universal Serial Bus Camera Driver.) -- C:\Windows\SysWOW64\drivers\Camd905c.sys [24382]
O58 - SDL:[MD5.67F389181B6B5B3910381657754124B4] - 06/07/2012 - 16:18:18 ---A- . (...) -- C:\Windows\SysWOW64\audcon.sys [2892]
~ Drivers: Scanned in 00mn 00s
---\\ Derniers fichiers modifi�s ou cr�es (Utilisateur) (O61)
O61 - LFC: 23/05/2013 - 12:59:36 ---A- C:\Users\modesta\AppData\Local\PMB Files\4ucz6kpocahnrp7lijjez73qfevgpzgu.pando [17372] =>P2P.Pando
O61 - LFC: 23/05/2013 - 17:38:44 ---A- C:\Users\modesta\AppData\Local\PMB Files\34\57\3457F1F653CD3802883777EA8EB3354DAFE6E7BC.ct2 [326] =>P2P.Pando
O61 - LFC: 23/05/2013 - 17:39:40 ---A- C:\Users\modesta\AppData\Local\PMB Files\34\57\3457F1F653CD3802883777EA8EB3354DAFE6E7BC.dat [105] =>P2P.Pando
O61 - LFC: 23/05/2013 - 18:56:56 ---A- C:\Users\modesta\Documents\Cross Fire\Replay\CFReplay20130523_0000VLX.cfr [2320262]
O61 - LFC: 23/05/2013 - 20:17:12 ---A- C:\Users\modesta\Documents\Cross Fire\Replay\CFReplay20130523_0000h4ckkkk.cfr [1741119]
O61 - LFC: 23/05/2013 - 20:22:27 ---A- C:\Users\modesta\Documents\Cross Fire\Replay\CFReplay20130523_0000.cfr [847295]
O61 - LFC: 24/05/2013 - 03:45:09 ---A- C:\Users\modesta\Documents\Cross Fire\Replay\CFReplay20130524_0000snp.cfr [5072711]
O61 - LFC: 24/05/2013 - 04:24:56 ---A- C:\Users\modesta\Documents\Cross Fire\Replay\CFReplay20130524_0000SNP222.cfr [2676743]
O61 - LFC: 24/05/2013 - 15:06:03 ---A- C:\Users\modesta\Documents\Cross Fire\Replay\CFReplay20130524_0000ESPANA30.cfr [7886773]
O61 - LFC: 24/05/2013 - 16:49:48 ---A- C:\Users\modesta\Documents\Cross Fire\Replay\CFReplay20130524_0000.cfr [4003229]
O61 - LFC: 25/05/2013 - 00:40:15 ---A- C:\Users\modesta\Downloads\avast_free_antivirus_setup.exe [117478104]
O61 - LFC: 25/05/2013 - 01:07:35 ---A- C:\Users\modesta\AppData\Local\GDIPFONTCACHEV1.DAT [99400]
O61 - LFC: 25/05/2013 - 07:57:22 ---A- C:\Users\modesta\AppData\Local\PMB Files\cert\secmod.db [16384] =>P2P.Pando
O61 - LFC: 25/05/2013 - 08:01:45 ---A- C:\Users\modesta\AppData\Local\PMB Files\34\57\3457F1F653CD3802883777EA8EB3354DAFE6E7BC.ct1 [326] =>P2P.Pando
O61 - LFC: 25/05/2013 - 08:04:05 ---A- C:\Users\modesta\Documents\Cross Fire\SaveIdData.dat [28]
O61 - LFC: 25/05/2013 - 08:09:32 ---A- C:\Users\modesta\Documents\Cross Fire\System.dat [94]
O61 - LFC: 25/05/2013 - 08:13:09 ---A- C:\Users\modesta\AppData\Local\PMB Files\pando.save [10430] =>P2P.Pando
O61 - LFC: 25/05/2013 - 08:13:15 ---A- C:\Users\modesta\AppData\Local\PMB Files\cert\cert8.db [65536] =>P2P.Pando
O61 - LFC: 25/05/2013 - 08:13:15 ---A- C:\Users\modesta\AppData\Local\PMB Files\cert\key3.db [16384] =>P2P.Pando
O61 - LFC: 25/05/2013 - 09:33:44 ---A- C:\Users\modesta\Downloads\SpyHunter-Installer.exe [726464] =>Crapware.SpyHunter
O61 - LFC: 25/05/2013 - 09:42:10 R--A- C:\Users\modesta\AppData\Roaming\Microsoft\Installer\{BCD55450-77AC-4347-B24F-654B1189F8D4}\Icon1226A4C5.exe [110080]
O61 - LFC: 25/05/2013 - 09:42:10 R--A- C:\Users\modesta\AppData\Roaming\Microsoft\Installer\{BCD55450-77AC-4347-B24F-654B1189F8D4}\IconD7F16134.exe [110080]
O61 - LFC: 25/05/2013 - 09:42:10 R--A- C:\Users\modesta\AppData\Roaming\Microsoft\Installer\{BCD55450-77AC-4347-B24F-654B1189F8D4}\IconF7A21AF7.exe [110080]
O61 - LFC: 25/05/2013 - 09:42:12 R--A- C:\Users\modesta\AppData\Roaming\Microsoft\Installer\{BCD55450-77AC-4347-B24F-654B1189F8D4}\WISBCD5545077AC4347B24F654B1189F8D4_4_13_6_4253.MST [61440]
~ 2 Fichiers temporaires (Temporary files)
~ Files: 57 Legitimates Filtered in 01mn 19s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 01/11/2010 - C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys (WinRing0_1_2_0) .(.OpenLibSys.org - WinRing0.) - LEGACY_WINRING0_1_2_0
O64 - Services: CurCS - ??\??\???? - Pas de propri�taire (X6va005) .(...) - LEGACY_X6VA005
O64 - Services: CurCS - ??\??\???? - Pas de propri�taire (X6va006) .(...) - LEGACY_X6VA006
O64 - Services: CurCS - ??\??\???? - Pas de propri�taire (X6va007) .(...) - LEGACY_X6VA007
O64 - Services: CurCS - ??\??\???? - Pas de propri�taire (XFDriver64) .(...) - LEGACY_XFDRIVER64
~ Legacy: 141 Legitimates Filtered in 00mn 01s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: C:\Users\modesta\AppData\Roaming\Mozilla\Firefox\Profiles\et9kzzm3.default\searchplugins\askcom.xml
O69 - SBI: prefs.js [modesta - et9kzzm3.default] user_pref("browser.search.defaultenginename", "SweetIM Search"); =>PUP.SweetIM
O69 - SBI: prefs.js [modesta - et9kzzm3.default] user_pref("extensions.delta.admin", false);
O69 - SBI: prefs.js [modesta - et9kzzm3.default] user_pref("extensions.delta.aflt", "babsst");
O69 - SBI: prefs.js [modesta - et9kzzm3.default] user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
O69 - SBI: prefs.js [modesta - et9kzzm3.default] user_pref("extensions.delta.autoRvrt", "false");
O69 - SBI: prefs.js [modesta - et9kzzm3.default] user_pref("extensions.delta.dfltLng", "en");
O69 - SBI: prefs.js [modesta - et9kzzm3.default] user_pref("extensions.delta.excTlbr", false);
O69 - SBI: prefs.js [modesta - et9kzzm3.default] user_pref("extensions.delta.id", "20f79613000000000000c217fec5460e");
O69 - SBI: prefs.js [modesta - et9kzzm3.default] user_pref("extensions.delta.instlDay", "15798");
O69 - SBI: prefs.js [modesta - et9kzzm3.default] user_pref("extensions.delta.instlRef", "sst");
O69 - SBI: prefs.js [modesta - et9kzzm3.default] user_pref("extensions.delta.newTab", false);
O69 - SBI: prefs.js [modesta - et9kzzm3.default] user_pref("extensions.delta.prdct", "delta");
O69 - SBI: prefs.js [modesta - et9kzzm3.default] user_pref("extensions.delta.prtnrId", "delta");
O69 - SBI: prefs.js [modesta - et9kzzm3.default] user_pref("extensions.delta.rvrt", "false");
O69 - SBI: prefs.js [modesta - et9kzzm3.default] user_pref("extensions.delta.smplGrp", "none");
O69 - SBI: prefs.js [modesta - et9kzzm3.default] user_pref("extensions.delta.tlbrId", "base");
O69 - SBI: prefs.js [modesta - et9kzzm3.default] user_pref("extensions.delta.tlbrSrchUrl", "");
O69 - SBI: prefs.js [modesta - et9kzzm3.default] user_pref("extensions.delta.vrsn", "1.8.10.0");
O69 - SBI: prefs.js [modesta - et9kzzm3.default] user_pref("extensions.delta.vrsnTs", "1.8.10.014:20:08");
O69 - SBI: prefs.js [modesta - et9kzzm3.default] user_pref("extensions.delta.vrsni", "1.8.10.0");
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Delta Search) - http://www.delta-search.com =>Toolbar.DeltaSearch
O69 - SBI: SearchScopes [HKCU] {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - (Ask Search) - http://websearch.ask.com
O69 - SBI: SearchScopes [HKCU] {332AEE21-26D4-429D-BB31-EB1FEC7799AC} - (Web Search) - http://startsear.ch
O69 - SBI: SearchScopes [HKCU] {3CAFC3C0-DFF5-4E7D-92EC-7CAF0A57EBA6} - (Yahoo! Search) - http://fr.search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {4B8C28A7-A9BC-45F8-990D-21499EED643C} - (QuestScan) - http://www.questscan.com =>Adware.QuestScan
O69 - SBI: SearchScopes [HKCU] {95B7759C-8C7F-4BF1-B163-73684A933233} [DefaultScope] - (AVG Secure Search) - http://isearch.avg.com =>Toolbar.AVGSearch
O69 - SBI: SearchScopes [HKCU] {9D5BD211-422C-4164-9298-BB4186A30F31} - (Live Search) - http://search.live.com
O69 - SBI: SearchScopes [HKCU] {D6311C12-96AD-4063-B4B1-6C5C53A19E3B} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {4B8C28A7-A9BC-45F8-990D-21499EED643C} - (QuestScan) - http://www.questscan.com =>Adware.QuestScan
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {4B8C28A7-A9BC-45F8-990D-21499EED643C} - (QuestScan) - http://www.questscan.com =>Adware.QuestScan
~ Keys: Scanned in 00mn 00s
---\\ Crack & Keygen Files (O82)
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\FreeDrumKits.net - Over 1500 Loops and Samples Kit\Noise Kit 5\Crackle 1.wav
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\FreeDrumKits.net - Over 1500 Loops and Samples Kit\Noise Kit 5\Crackle 2.wav
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\KeyGen RECYCLE\air.nfo
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\KeyGen RECYCLE\file_id.diz
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\KeyGen RECYCLE\Keygen.exe
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\KeyGen RECYCLE\lien recycle hotfile.url
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\KeyGen RECYCLE\Setup.exe
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\REASON 5.0\REASON_5_KEYGEN.EXE
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\recycle2.1.2\Keygen.exe
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\IMG1_WaveLab.jpg
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\IMG2_WaveLab.jpg
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\Readme!.txt
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Extra\Wavpack Plugin\ReadMe.txt
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Extra\Wavpack Plugin\Wavpack4Wlab6 Setup.msi
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\Data\Help\Deutsch\WaveLab.chm
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\Data\Help\Deutsch\WaveLab.pdf
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\Data\Help\Deutsch\WaveLab_61_Addendum.pdf
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\Data\Help\English\WaveLab.chm
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\Data\Help\English\WaveLab.pdf
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\Data\Help\English\WaveLab_61_Addendum.pdf
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\Data\Help\French\WaveLab.chm
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\Data\Help\French\WaveLab.pdf
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\Data\Help\French\WaveLab_61_Addendum.pdf
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\Data\Help\HelpMap.txt
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\Data\Help\Japanese\WaveLab.chm
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\Data\Help\Japanese\WaveLab.pdf
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\Data\Help\Japanese\WaveLab_61_Addendum_JP.pdf
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\ReadMe.htm
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\Setup.exe
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\wl6emu.exe
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install notes!.txt
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Setup.exe
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH].rar
C:\Users\modesta\Desktop\Propellerheads.Reason.v5.0.HYBRID.DVDR-AiRISO\air-reason5kgn\REASON_5_KEYGEN.EXE
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\FreeDrumKits.net - Over 1500 Loops and Samples Kit\Noise Kit 5\Crackle 1.wav
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\FreeDrumKits.net - Over 1500 Loops and Samples Kit\Noise Kit 5\Crackle 2.wav
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\KeyGen RECYCLE\air.nfo
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\KeyGen RECYCLE\file_id.diz
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\KeyGen RECYCLE\Keygen.exe
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\KeyGen RECYCLE\lien recycle hotfile.url
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\KeyGen RECYCLE\Setup.exe
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\REASON 5.0\REASON_5_KEYGEN.EXE
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\recycle2.1.2\Keygen.exe
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\IMG1_WaveLab.jpg
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\IMG2_WaveLab.jpg
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\Readme!.txt
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Extra\Wavpack Plugin\ReadMe.txt
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Extra\Wavpack Plugin\Wavpack4Wlab6 Setup.msi
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\Data\Help\Deutsch\WaveLab.chm
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\Data\Help\Deutsch\WaveLab.pdf
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\Data\Help\Deutsch\WaveLab_61_Addendum.pdf
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\Data\Help\English\WaveLab.chm
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\Data\Help\English\WaveLab.pdf
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\Data\Help\English\WaveLab_61_Addendum.pdf
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\Data\Help\French\WaveLab.chm
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\Data\Help\French\WaveLab.pdf
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\Data\Help\French\WaveLab_61_Addendum.pdf
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\Data\Help\HelpMap.txt
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\Data\Help\Japanese\WaveLab.chm
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\Data\Help\Japanese\WaveLab.pdf
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\Data\Help\Japanese\WaveLab_61_Addendum_JP.pdf
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\ReadMe.htm
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\Setup.exe
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install\wl6emu.exe
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Install notes!.txt
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH]\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR)\WaveLab 6.1.1_Setup\Setup.exe
C:\Users\modesta\Desktop\HIPHOPISDREAM\00000.nico.com c le taf tupepatest\UTILITAIRE\Steinberg WaveLab 6.1.1.353 (Cracked by TEAM AiR) [RH]\SWL.6.1.1.353_[RH].rar
C:\Users\modesta\Desktop\Propellerheads.Reason.v5.0.HYBRID.DVDR-AiRISO\air-reason5kgn\REASON_5_KEYGEN.EXE
~ Files: Scanned in 02mn 36s
---\\ Recherche particuliere � la racine de certains dossiers (O84)
[MD5.98E1D63A539CA25A7614165126AD2906] [SPRF][25/05/2013] (...) -- C:\Users\modesta\AppData\Local\Temp\sh4plist.dat [68]
[MD5.C8152A75A027AD99E291F71FFAEA5176] [SPRF][25/05/2013] (...) -- C:\Users\modesta\AppData\Local\Temp\SHSetup.exe [46317136]
[MD5.7016022B752CD87DAB83EFC2C4C6BC96] [SPRF][15/11/2012] (...) -- C:\Users\modesta\AppData\Roaming\wklnhst.dat [1080]
[MD5.9EA98C83B286CA4FB8C5189B8F90B689] [SPRF][30/04/2012] (.NirSoft - WirelessKeyView.) -- C:\Users\modesta\Desktop\WirelessKeyView.exe [123904]
~ Files: Scanned in 00mn 04s
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{0226B77E-02C4-462F-B9BE-88F9B26DFCA7}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\LimeWire\LimeWire.exe (.not file.)
O87 - FAEL: "{F4BE2A9C-91EF-452C-A61F-2521FA435541}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\LimeWire\LimeWire.exe (.not file.)
O87 - FAEL: "{DC9BEE83-5E2F-4EEE-8167-18EB1CB23473}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\Sierra Entertainment\World in Conflict\wic.exe (.not file.)
O87 - FAEL: "{BA9249EA-0585-4078-90C8-7BD50AB1DDC8}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\Sierra Entertainment\World in Conflict\wic.exe (.not file.)
O87 - FAEL: "{939E4EB3-1484-4AA1-8536-A53C7C33A324}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\Sierra Entertainment\World in Conflict\wic_online.exe (.not file.)
O87 - FAEL: "{B2F7B8F4-38CE-437A-8E23-437A239D4D38}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\Sierra Entertainment\World in Conflict\wic_online.exe (.not file.)
O87 - FAEL: "{FE83C912-4726-43F0-A500-2ECAF065317F}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\Sierra Entertainment\World in Conflict\wic_ds.exe (.not file.)
O87 - FAEL: "{EA0D54B6-8DB1-418B-910D-C2CF8DBFD3DA}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\Sierra Entertainment\World in Conflict\wic_ds.exe (.not file.)
O87 - FAEL: "TCP Query User{76C319FE-1CEA-4314-B24A-4F5D1399A055}C:\program files (x86)\limewire\limewire.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\limewire\limewire.exe (.not file.)
O87 - FAEL: "UDP Query User{45428802-E481-4C75-A775-09BA377198AB}C:\program files (x86)\limewire\limewire.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\limewire\limewire.exe (.not file.)
O87 - FAEL: "TCP Query User{7B482AA8-B297-4C4F-B187-0604ECA0E033}C:\program files (x86)\pokertracker 3\camfrog video chat\camfrog video chat.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\pokertracker 3\camfrog video chat\camfrog video chat.exe (.not file.)
O87 - FAEL: "UDP Query User{719CB486-32B5-42AD-9406-655BCDB3BBB2}C:\program files (x86)\pokertracker 3\camfrog video chat\camfrog video chat.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\pokertracker 3\camfrog video chat\camfrog video chat.exe (.not file.)
O87 - FAEL: "TCP Query User{CA51A11E-1791-4E48-B41B-BE95D7BB887A}C:\program files (x86)\musicbrainz picard\picard.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\musicbrainz picard\picard.exe (.not file.)
O87 - FAEL: "UDP Query User{39657016-D93D-4A01-933A-22026DEDFBEC}C:\program files (x86)\musicbrainz picard\picard.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\musicbrainz picard\picard.exe (.not file.)
O87 - FAEL: "TCP Query User{68CD20F0-A418-4091-8D3B-942082827D33}C:\users\modesta\appdata\local\akamai\netsession_win.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\modesta\appdata\local\akamai\netsession_win.exe (.not file.)
O87 - FAEL: "UDP Query User{241E7CA5-23E6-413D-A264-8ABE3AF5D38B}C:\users\modesta\appdata\local\akamai\netsession_win.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\modesta\appdata\local\akamai\netsession_win.exe (.not file.)
O87 - FAEL: "TCP Query User{C41DD321-49FE-444F-8B80-2AF28468B511}C:\aeriagames\wolfteam-fr\wolfteam.bin" |In - Public - P6 - TRUE | .(...) -- C:\aeriagames\wolfteam-fr\wolfteam.bin (.not file.)
O87 - FAEL: "UDP Query User{569F16D5-F427-423B-A01C-21E0F5DE8946}C:\aeriagames\wolfteam-fr\wolfteam.bin" |In - Public - P17 - TRUE | .(...) -- C:\aeriagames\wolfteam-fr\wolfteam.bin (.not file.)
O87 - FAEL: "TCP Query User{BEF5B89E-78B2-4482-9394-064C898762AA}C:\users\modesta\appdata\local\akamai\netsession_win.exe" |In - Private - P6 - TRUE | .(...) -- C:\users\modesta\appdata\local\akamai\netsession_win.exe (.not file.)
O87 - FAEL: "UDP Query User{BA92A843-B0E1-4332-A996-EA9C6FB455E0}C:\users\modesta\appdata\local\akamai\netsession_win.exe" |In - Private - P17 - TRUE | .(...) -- C:\users\modesta\appdata\local\akamai\netsession_win.exe (.not file.)
O87 - FAEL: "{C9AAED7F-8283-4248-94D3-98B888D6C83F}" |In - Public - P6 - TRUE | .(...) -- C:\Users\modesta\Desktop\crossfire_downloader.exe (.not file.)
O87 - FAEL: "{A87A0A41-13BD-4C78-A054-650F532B56A7}" |In - Public - P17 - TRUE | .(...) -- C:\Users\modesta\Desktop\crossfire_downloader.exe (.not file.)
O87 - FAEL: "{A1F923EA-6701-4A86-B877-6E9734745E0C}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\Z8Games\CrossFire\CF_G4box.exe (.not file.)
O87 - FAEL: "{82808796-6E91-42C9-BFF3-96727AAB1E15}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\Z8Games\CrossFire\CF_G4box.exe (.not file.)
O87 - FAEL: "TCP Query User{9E32F00F-4B2E-483F-BE86-D0ED90911155}C:\program files (x86)\soulseekqt\soulseekqt.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\soulseekqt\soulseekqt.exe (.not file.) =>P2P.SoulSeek
O87 - FAEL: "UDP Query User{4AA9D3FA-6190-4F9E-984F-F63374B9FA8F}C:\program files (x86)\soulseekqt\soulseekqt.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\soulseekqt\soulseekqt.exe (.not file.) =>P2P.SoulSeek
O87 - FAEL: "TCP Query User{5FF97416-28F4-4C85-A46E-368F8FDF25B8}C:\program files\xfire2\xfire.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files\xfire2\xfire.exe (.not file.)
O87 - FAEL: "UDP Query User{86A9269F-AA4E-4EAB-9C10-8D63851E0217}C:\program files\xfire2\xfire.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files\xfire2\xfire.exe (.not file.)
O87 - FAEL: "{99938C8C-758A-4BA0-B920-21CFE3081C3C}" |In - Public - P6 - TRUE | .(...) -- C:\Windows\System32\dmwu.exe (.not file.)
O87 - FAEL: "{2F42313D-3F66-4DB5-B4C6-63A945484031}" |In - Public - P17 - TRUE | .(...) -- C:\Windows\System32\dmwu.exe (.not file.)
O87 - FAEL: "{1DDC509B-AE2B-4F1B-BD3D-898F79BCEE7B}" |In - None - P17 - TRUE | .(...) -- C:\Users\modesta\Downloads\eTypeSetup.exe (.not file.)
O87 - FAEL: "{78FC0A18-B7B5-44DC-9C60-253B79708360}" |Out - None - P17 - TRUE | .(...) -- C:\Users\modesta\Downloads\eTypeSetup.exe (.not file.)
O87 - FAEL: "{6CAE1305-C374-4091-91EA-987ADDC7C70A}" | In - Public - P6 - TRUE | .(.Neowiz Games - Crossfire Patcher.) -- C:\SG Interactive\Crossfire Europe\patcher_cf.exe
O87 - FAEL: "{BFB9AFC2-738D-4FE7-AF24-032B79C18FB6}" | In - Public - P17 - TRUE | .(.Neowiz Games - Crossfire Patcher.) -- C:\SG Interactive\Crossfire Europe\patcher_cf.exe
O87 - FAEL: "{8457D48B-4061-4D04-8E8A-3345098AAD17}" | In - Domain - P6 - FALSE | .(.Neowiz Games - Crossfire Patcher.) -- C:\SG Interactive\Crossfire Europe\patcher_cf.exe
O87 - FAEL: "{1FD19848-CE04-44DA-B2DC-AB67A6425847}" | In - Domain - P17 - FALSE | .(.Neowiz Games - Crossfire Patcher.) -- C:\SG Interactive\Crossfire Europe\patcher_cf.exe
O87 - FAEL: "{6213C1D2-8C18-4A5E-85EC-5F86CF69A86F}" |In - Public - P6 - TRUE | .(...) -- C:\SG Interactive\Project Blackout\PBlackout.exe (.not file.)
O87 - FAEL: "{76037287-AA0F-44F8-966A-463EE9DEEDD1}" |In - Public - P17 - TRUE | .(...) -- C:\SG Interactive\Project Blackout\PBlackout.exe (.not file.)
~ Firewall: 308 Legitimates Filtered in 00mn 01s
---\\ Scan Additionnel (O88)
Database Version : v2.12362 - (29/05/2013)
Cl�s trouv�es (Keys found) : 344
Valeurs trouv�es (Values found) : 3
Dossiers trouv�s (Folders found) : 27
Fichiers trouv�s (Files found) : 2
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj] =>PUP.VShareRedir
[HKLM\Software\Classes\Interface\{3f607e46-0d3c-4442-b1de-de7fa4768f5c}] =>Adware.RecordNRip
[HKLM\Software\Wow6432Node\Classes\Interface\{3f607e46-0d3c-4442-b1de-de7fa4768f5c}] =>Adware.RecordNRip
[HKLM\Software\Classes\TypeLib\{93e3d79c-0786-48ff-9329-93bc9f6dc2b3}] =>Adware.RecordNRip
[HKLM\Software\Classes\Interface\{fe0273d1-99df-4ac0-87d5-1371c6271785}] =>Adware.RecordNRip
[HKLM\Software\Wow6432Node\Classes\Interface\{fe0273d1-99df-4ac0-87d5-1371c6271785}] =>Adware.RecordNRip
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}] =>Toolbar.AskTBar
[HKLM\Software\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}] =>Adware.IMBooster
[HKLM\Software\Classes\TypeLib\{02AED140-2B62-4B49-8B3B-179020CC39B9}] =>Adware.ShopperReports
[HKLM\Software\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}] =>Adware.IMBooster
[HKLM\Software\Classes\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227}] =>Adware.ClickPotato
[HKLM\Software\Wow6432Node\Classes\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227}] =>Adware.ClickPotato
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}] =>Adware.Yontoo
[HKLM\Software\Classes\AppID\{11C27351-716B-4052-9361-E3B0A3F8221C}] =>Adware.ClickPotato
[HKLM\Software\Wow6432Node\Classes\AppID\{11C27351-716B-4052-9361-E3B0A3F8221C}] =>Adware.ClickPotato
[HKLM\Software\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}] =>PUP.RewardsArcade
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}] =>Toolbar.Ask
[HKLM\Software\Classes\Interface\{17BF1E05-C0E8-413C-BD1F-A481EEA3B8E9}] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\Interface\{17BF1E05-C0E8-413C-BD1F-A481EEA3B8E9}] =>Adware.ShopperReports
[HKLM\Software\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}] =>Adware.Yontoo
[HKLM\Software\Classes\Interface\{21BA420E-161C-413A-B21E-4E42AE1F4226}] =>Adware.ClickPotato
[HKLM\Software\Wow6432Node\Classes\Interface\{21BA420E-161C-413A-B21E-4E42AE1F4226}] =>Adware.ClickPotato
[HKLM\Software\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}] =>PUP.VShareRedir
[HKLM\Software\Wow6432Node\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}] =>PUP.VShareRedir
[HKLM\Software\Classes\Interface\{453db0c5-f41c-4d97-8dd6-cc72ecd5f699}] =>Adware.ClickPotato
[HKLM\Software\Wow6432Node\Classes\Interface\{453db0c5-f41c-4d97-8dd6-cc72ecd5f699}] =>Adware.ClickPotato
[HKLM\Software\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{4AFC07D0-59BB-46B8-B097-1A46E88EEF71}] =>Adware.ClickPotato
[HKLM\Software\Wow6432Node\Classes\Interface\{4AFC07D0-59BB-46B8-B097-1A46E88EEF71}] =>Adware.ClickPotato
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}] =>Adware.QuestScan
[HKLM\Software\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{6511ce4c-4722-40d0-ad3d-4afa2f50978a}] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\Interface\{6511ce4c-4722-40d0-ad3d-4afa2f50978a}] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-cd68-4f36-8d02-8c43722ee5da}] =>Adware.Hotbar
[HKLM\Software\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}] =>Adware.SocialSkinz
[HKLM\Software\Classes\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE}] =>Adware.ClickPotato
[HKLM\Software\Wow6432Node\Classes\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE}] =>Adware.ClickPotato
[HKLM\Software\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}] =>PUP.RewardsArcade
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}] =>PUP.VShareRedir
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}] =>PUP.VShareRedir
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}] =>PUP.VShareRedir
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}] =>PUP.VShareRedir
[HKLM\Software\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}] =>PUP.VShareRedir
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}] =>PUP.VShareRedir
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}] =>PUP.VShareRedir
[HKLM\Software\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}] =>PUP.RewardsArcade
[HKLM\Software\Classes\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D}] =>Adware.ClickPotato
[HKLM\Software\Wow6432Node\Classes\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D}] =>Adware.ClickPotato
[HKLM\Software\Classes\Interface\{83b2fe06-ba20-4f7d-96c6-6fc3a4e877d3}] =>Adware.SmartShopper
[HKLM\Software\Wow6432Node\Classes\Interface\{83b2fe06-ba20-4f7d-96c6-6fc3a4e877d3}] =>Adware.SmartShopper
[HKLM\Software\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89F88394-3828-4d03-A0CF-8203604C3DA6}] =>Adware.Hotbar
[HKLM\Software\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}] =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}] =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{9bec9b38-bf39-4899-806e-a1c5dfeb60a2}] =>Adware.SmartShopper
[HKLM\Software\Wow6432Node\Classes\Interface\{9bec9b38-bf39-4899-806e-a1c5dfeb60a2}] =>Adware.SmartShopper
[HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}] =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}] =>Adware.Softomate
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}] =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}] =>Adware.ShopperReports
[HKLM\Software\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306}] =>Adware.ClickPotato
[HKLM\Software\Wow6432Node\Classes\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306}] =>Adware.ClickPotato
[HKLM\Software\Classes\TypeLib\{ACC62306-9A63-4864-BD2F-C8825D2D7EA6}] =>Adware.ClickPotato
[HKLM\Software\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}] =>PUP.RewardsArcade
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{b32966a2-f7c2-4362-a6cf-399ec8b44110}] =>Adware.SmartShopper
[HKLM\Software\Wow6432Node\Classes\Interface\{b32966a2-f7c2-4362-a6cf-399ec8b44110}] =>Adware.SmartShopper
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE}] =>Adware.ClickPotato
[HKLM\Software\Classes\Interface\{b86d82bf-d39f-439a-a07c-43eddc6f6ea6}] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\Interface\{b86d82bf-d39f-439a-a07c-43eddc6f6ea6}] =>Adware.ShopperReports
[HKLM\Software\Classes\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}] =>Adware.ShopperReports
[HKLM\Software\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4233F04-1789-483c-A137-731E8F113DD5}] =>Adware.Hotbar
[HKLM\Software\Classes\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288}] =>PUP.Dealio
[HKLM\Software\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{da6305b9-0869-4235-8c1d-533a65e639e5}] =>Adware.ClickPotato
[HKLM\Software\Wow6432Node\Classes\Interface\{da6305b9-0869-4235-8c1d-533a65e639e5}] =>Adware.ClickPotato
[HKLM\Software\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{e6961c59-cfce-4ccd-b794-bc78db98413a}] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\Interface\{e6961c59-cfce-4ccd-b794-bc78db98413a}] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{f8b4ec8a-2407-4be0-aee2-0f430d65a90d}] =>Adware.ClickPotato
[HKLM\Software\Wow6432Node\Classes\Interface\{f8b4ec8a-2407-4be0-aee2-0f430d65a90d}] =>Adware.ClickPotato
[HKLM\Software\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}] =>Adware.SocialSkinz
[HKLM\Software\Classes\AppID\BRNstIE.DLL] =>Adware.ClickPotato
[HKLM\Software\Classes\AppID\CmndFF.DLL] =>Adware.ClickPotato
[HKLM\Software\Classes\AppID\mozillaps.dll] =>Adware.ClickPotato
[HKLM\Software\Classes\AppID\Pltfrm.DLL] =>Adware.ClickPotato
[HKLM\Software\Classes\MyNewsBarLauncher.IE5BarLauncher] =>PUP.VShareRedir
[HKLM\Software\Classes\MyNewsBarLauncher.IE5BarLauncher.1] =>PUP.VShareRedir
[HKLM\Software\Classes\MyNewsBarLauncher.IE5BarLauncherBHO] =>PUP.VShareRedir
[HKLM\Software\Classes\MyNewsBarLauncher.IE5BarLauncherBHO.1] =>PUP.VShareRedir
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom] =>PUP.OfferBox
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\paoponfhfdfnjgddpnpjkambkcgdaaib] =>Toolbar.Conduit
[HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader
[HKLM\Software\Wow6432Node\ClickPotatoLite] =>Adware.ClickPotato
[HKCU\Software\AppDataLow\Software\ConduitSearchScopes] =>Toolbar.Conduit
[HKCU\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\DataMngr] =>Adware.Bandoo
[HKCU\Software\DataMngr_Toolbar] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\FE42DAC9] =>Toolbar.Agent
[HKCU\Software\freetvradio] =>Adware.SPointer
[HKLM\Software\Wow6432Node\FREEzeFrog] =>Adware.FreezeFrog
[HKCU\Software\FREEzeFrogSA] =>Adware.FreezeFrog
[HKCU\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\InstallPedia] =>Adware.InstallPedia
[HKCU\Software\OfferBox] =>PUP.OfferBox
[HKLM\Software\Wow6432Node\OfferBox] =>PUP.OfferBox
[HKLM\Software\Wow6432Node\QuestScan] =>Adware.QuestScan
[HKCU\Software\ShopperReports3] =>Adware.ShopperReports
[HKCU\Software\AppDataLow\Software\ShopperReports3] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\ShopperReports3] =>Adware.ShopperReports
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\StartSearch] =>Hijacker.Agent
[HKLM\Software\Tarma Installer] =>Toolbar.Tarma
[HKCU\Software\AppDataLow\Toolbar] =>Toolbar.Conduit
[HKCU\Software\vShare.tv] =>PUP.VShareRedir
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Babylon_RASAPI32] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Babylon_RASMANCS] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Iminent_RASAPI32] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Iminent_RASMANCS] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASAPI32] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASMANCS] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP] =>Adware.IMBooster
[HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\offerbox_RASAPI32] =>PUP.OfferBox
[HKLM\Software\Wow6432Node\Microsoft\Tracing\offerbox_RASMANCS] =>PUP.OfferBox
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>Toolbar.Agent
[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF] =>PUP.Dealio
[HKLM\Software\Classes\Interface\{E6961C59-CFCE-4CCD-B794-BC78DB98413A}] =>Adware.SmartShopper
[HKLM\Software\Wow6432Node\Classes\Interface\{E6961C59-CFCE-4CCD-B794-BC78DB98413A}] =>Adware.SmartShopper
[HKLM\Software\Classes\Interface\{DA6305B9-0869-4235-8C1D-533A65E639E5}] =>Adware.SmartShopper
[HKLM\Software\Wow6432Node\Classes\Interface\{DA6305B9-0869-4235-8C1D-533A65E639E5}] =>Adware.SmartShopper
[HKLM\Software\Classes\Interface\{B86D82BF-D39F-439A-A07C-43EDDC6F6EA6}] =>Adware.SmartShopper
[HKLM\Software\Wow6432Node\Classes\Interface\{B86D82BF-D39F-439A-A07C-43EDDC6F6EA6}] =>Adware.SmartShopper
[HKLM\Software\Classes\Interface\{9BEC9B38-BF39-4899-806E-A1C5DFEB60A2}] =>Adware.SmartShopper
[HKLM\Software\Wow6432Node\Classes\Interface\{9BEC9B38-BF39-4899-806E-A1C5DFEB60A2}] =>Adware.SmartShopper
[HKLM\Software\Classes\Interface\{6511CE4C-4722-40D0-AD3D-4AFA2F50978A}] =>Adware.SmartShopper
[HKLM\Software\Wow6432Node\Classes\Interface\{6511CE4C-4722-40D0-AD3D-4AFA2F50978A}] =>Adware.SmartShopper
[HKLM\Software\Classes\Interface\{453DB0C5-F41C-4D97-8DD6-CC72ECD5F699}] =>Adware.SmartShopper
[HKLM\Software\Wow6432Node\Classes\Interface\{453DB0C5-F41C-4D97-8DD6-CC72ECD5F699}] =>Adware.SmartShopper
[HKLM\Software\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASAPI32] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASMANCS] =>Toolbar.Conduit
[HKLM\Software\Classes\ClickPotatoLiteAx.Info] =>Adware.ClickPotato
[HKLM\Software\Classes\ClickPotatoLiteAx.Info.1] =>Adware.ClickPotato
[HKLM\Software\Classes\ClickPotatoLiteAX.UserProfiles] =>Adware.ClickPotato
[HKLM\Software\Classes\ClickPotatoLiteAX.UserProfiles.1] =>Adware.ClickPotato
[HKLM\Software\Classes\ShopperReports.AsyncReporter] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.AsyncReporter.1] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.CntntDic] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.CntntDic.1] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.CntntDisp] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.CntntDisp.1] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.Dwnldr] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.Dwnldr.1] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.HbAx] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.HbAx.1] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.HbGuru] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.HbGuru.1] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.HbInfoBand] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.HbInfoBand.1] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.IEButton] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.IEButton.1] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.IEButtonA] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.IEButtonA.1] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.KOPFF] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.KOPFF.1] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.MozillaNvgtnTrpr] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.MozillaNvgtnTrpr.1] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.MozillaPSExecuter] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.MozillaPSExecuter.1] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.ReportData] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.ReportData.1] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.Reporter] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.Reporter.1] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.RprtCtrl] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.RprtCtrl.1] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.Scopes] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.Scopes.1] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.Stock] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.Stock.1] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.TriggerImmidiate] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.TriggerImmidiate.1] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.TriggerImmidiateOrRandomTS] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.TriggerImmidiateOrRandomTS.1] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.TriggerOnceInDay] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.TriggerOnceInDay.1] =>Adware.ShopperReports
[HKLM\Software\Classes\Toolbar.CT1098640] =>Toolbar.Conduit
[HKLM\Software\Classes\Toolbar.CT2633954] =>Toolbar.Conduit
[HKLM\Software\Classes\Toolbar.CT2643111] =>Toolbar.Conduit
[HKLM\Software\Classes\Toolbar.CT2851639] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\ClickPotatoLiteAx.Info] =>Adware.ClickPotato
[HKLM\Software\Wow6432Node\Classes\ClickPotatoLiteAx.Info.1] =>Adware.ClickPotato
[HKLM\Software\Wow6432Node\Classes\ClickPotatoLiteAX.UserProfiles] =>Adware.ClickPotato
[HKLM\Software\Wow6432Node\Classes\ClickPotatoLiteAX.UserProfiles.1] =>Adware.ClickPotato
[HKLM\Software\Wow6432Node\Classes\ShopperReports.AsyncReporter] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.AsyncReporter.1] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.CntntDic] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.CntntDic.1] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.CntntDisp] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.CntntDisp.1] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.Dwnldr] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.Dwnldr.1] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.HbAx] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.HbAx.1] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.HbGuru] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.HbGuru.1] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.HbInfoBand] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.HbInfoBand.1] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.IEButton] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.IEButton.1] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.IEButtonA] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.IEButtonA.1] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.KOPFF] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.KOPFF.1] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.MozillaNvgtnTrpr] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.MozillaNvgtnTrpr.1] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.MozillaPSExecuter] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.MozillaPSExecuter.1] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.ReportData] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.ReportData.1] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.Reporter] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.Reporter.1] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.RprtCtrl] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.RprtCtrl.1] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.Scopes] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.Scopes.1] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.Stock] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.Stock.1] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.TriggerImmidiate] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.TriggerImmidiate.1] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.TriggerImmidiateOrRandomTS] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.TriggerImmidiateOrRandomTS.1] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.TriggerOnceInDay] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\ShopperReports.TriggerOnceInDay.1] =>Adware.ShopperReports
[HKLM\Software\Wow6432Node\Classes\Toolbar.CT1098640] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\Toolbar.CT2633954] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\Toolbar.CT2643111] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\Toolbar.CT2851639] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow]:*.chat-land.org =>Hijacker.ChercheUS
[HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Adware.AskSBAR
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]:HKCU =>Trojan.Agent
C:\Program Files (x86)\freeTVRadio =>Adware.SPointer
C:\Program Files (x86)\InstallPedia =>Adware.InstallPedia
C:\Program Files (x86)\ShopperReports3 =>Adware.ShopperReports
C:\Program Files (x86)\SweetIM =>PUP.SweetIM
C:\Program Files (x86)\vShare.tv plugin =>PUP.VShareRedir
C:\Program Files (x86)\torntv.com =>Hijacker.TornTV
C:\Program Files (x86)\Optimizer Pro =>PUP.OptimizerPro
C:\Program Files (x86)\Mozilla Firefox\Extensions\{f0e1168a-b4b5-484c-b77e-0d28e6b64096} =>Adware.QuestScan
C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com =>Toolbar.Babylon
C:\ProgramData\Babylon =>Toolbar.Babylon
C:\ProgramData\BabylonUpdater =>Toolbar.Babylon
C:\ProgramData\ClickPotatoLiteSA =>Adware.ClickPotato
C:\ProgramData\FREEzeFrogSA =>Adware.FreezeFrog
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\clickpotato =>Adware.ClickPotato
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports =>Adware.ShopperReports
C:\Users\modesta\AppData\Roaming\ClickPotatoLite =>Adware.ClickPotato
C:\Users\modesta\AppData\Roaming\freeTVRadio =>Adware.SPointer
C:\Users\modesta\AppData\Roaming\OfferBox =>PUP.OfferBox
C:\Users\modesta\AppData\Roaming\OpenCandy =>Adware.OpenCandy
C:\Users\modesta\AppData\Roaming\ShopperReports3 =>Adware.ShopperReports
C:\Users\modesta\AppData\Local\Conduit =>Toolbar.Conduit
C:\Users\modesta\AppData\Local\freetvradio Air =>Adware.SPointer
C:\Users\modesta\AppData\Local\Bundled software uninstaller =>Adware.MegaSearch
C:\Users\modesta\AppData\LocalLow\Conduit =>Toolbar.Conduit
C:\Users\modesta\AppData\LocalLow\facemoods.com =>Adware.Facemoods
C:\Users\modesta\AppData\LocalLow\ShopperReports3 =>Adware.ShopperReports
C:\Users\modesta\AppData\LocalLow\ShoppingReport2 =>Adware.ShopperReports
C:\Users\modesta\AppData\Roaming\Mozilla\Firefox\Profiles\et9kzzm3.default\SearchPlugins\SweetIM Search.xml =>PUP.SweetIM
C:\Users\modesta\Desktop\SpyHunter.lnk =>Crapware.SpyHunter
~ Additionnel Scan: 443640 Items scanned in 01mn 02s
---\\ Product Upgrade Codes (O90)
O90 - PUC: "C454EEF3BEF8A2843ABE9E6D175E0774" . (.Sunbelt.) -- C:\Windows\Installer\{3FEE454C-8FEB-482A-A3EB-E9D671E57047}\ARPPRODUCTICON.exe
~ Update Products: 155 Legitimates Filtered in 00mn 00s
---\\ Random Export Key (O91)
[HKCU\Software\59688debd3aed42\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKCU\Software\59688debd3aed42\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:version="2.6.1125.80"
[HKCU\Software\59688debd3aed42] =>Toolbar.Babylon^
[HKLM\Software\Wow6432Node\59688debd3aed42] => Cl� orpheline
~ Export Key Software: Scanned in 00mn 00s
---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 02/03/2009 89600 | (AESTFilters) . (.Andrea Electronics Corporation.) - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
SR - | Auto 16/11/2012 238080 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 16/11/2012 361984 | (AMD FUEL Service) . (.Advanced Micro Devices, Inc..) - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
SS - | Auto 29/06/2010 551896 | (appdrvrem01) . (.Protection Technology.) - C:\Windows\System32\appdrvrem01.exe
SR - | Auto 24/05/2012 55184 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 09/05/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Demand 05/05/2009 228408 | (Com4QLBEx) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
SR - | Auto 663056 | (EslWireHelper) . (...) - C:\Program Files\EslWire\service\WireHelperSvc.exe
SS - | Auto 14/07/2009 27136 | C:\Windows\System32\ezsvc7.dll (ezSharedSvc) . (.EasyBits Sofware AS.) - C:\Windows\System32\svchost.exe
SS - | Demand 0 | (GameConsoleService) . (...) - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
SR - | Auto 27/09/2012 86528 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
SR - | Demand 10/08/2012 1001376 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
SR - | Auto 346976 | (HWDeviceService64.exe) . (...) - C:\ProgramData\DatacardService\HWDeviceService64.exe
SS - | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SR - | Auto 04/03/2011 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SS - | Demand 10/06/2010 253808 | (maconfservice) . (.CybelSoft.) - C:\Program Files (x86)\ma-config.com\maconfservice.exe
SR - | Auto 23/09/2011 641832 | (NAUpdate) . (.Nero AG.) - C:\Program Files (x86)\Nero\Update\NASvc.exe
SS - | Demand ??\??\???? 0 | (npggsvc) . (.INCA Internet Co., Ltd..) - C:\Windows\system32\GameMon.des
SR - | Auto 10/12/2009 65536 | (pgsql-8.3) . (.PostgreSQL Global Development Group.) - C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
SR - | Auto 247152 | (RichVideo) . (...) - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
SR - | Auto 06/06/2009 980264 | (SBAMSvc) . (.Sunbelt Software.) - C:\Program Files (x86)\Ascentive\Spyware Striker\SBAMSvc.exe
SR - | Auto 26/01/2009 1153368 | (SBSDWSCService) . (.Safer Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
SS - | Auto 08/01/2013 161536 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 22/07/2009 240128 | (STacSV) . (.IDT, Inc..) - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
SR - | Auto 23/12/2009 370688 | (StarWindServiceAE) . (.StarWind Software.) - C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Demand 0 | (X6va005) . (...) - C:\Users\modesta\AppData\Local\Temp\00513BD.tmp
SS - | Demand 0 | (X6va006) . (...) - C:\Users\modesta\AppData\Local\Temp\006B932.tmp
SS - | Demand 0 | (X6va007) . (...) - C:\Users\modesta\AppData\Local\Temp\0072523.tmp
~ Services: Scanned in 00mn 02s
---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
~ MBR: 1 Legitimates Filtered in 00mn 02s
---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by modesta at 25/05/2013 12:34:12
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
~ 2228 Legitimates filtered by white list
End of the scan (1280 lines in 08mn 45s)(68)