Publicité
Publicité
Format du document : text/plain
Prévisualisation
~ Rapport de ZHPDiag v2014.8.28.125 - Nicolas Coolman (28/08/2014)
~ Lancé par Stéphane (28/08/2014 15:40:42)
~ Adresse du Site Web http://nicolascoolman.fr
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program
---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17126
MFIE: Mozilla Firefox 30.0
GCIE: Google Chrome v33.0.1750.117 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista (TM) Ultimate, 64-bit Service Pack 1 (Build 6000)
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 3Q6C9
Windows License : OK
~ Windows Remaining Initializations Number : 1
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
---\\ Logiciels de protection du système
AVG 2014 v14.0.3955
Microsoft Security Client v4.5.0216.0
McAfee Security Scan Plus v3.8.150.1
Spybot - Search & Destroy v1.6.2
---\\ Logiciels d'optimisation du système
CCleaner v4.08
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 13 Plugin
---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4076 MB (27% free)
System Restore: Activé (Enable)
System drive C: has 1655 GB (89%) free of 1850 GB
---\\ Mode de connexion au système
~ Computer Name: PESTOUN-PC
~ User Name: Stéphane
~ All Users Names: UpdatusUser, Stéphane, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Stéphane\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Stéphane\AppData\Roaming\
~ %Desktop% : C:\Users\Stéphane\Desktop\
~ %Favorites% : C:\Users\Stéphane\Favorites\
~ %LocalAppData% : C:\Users\Stéphane\AppData\Local\
~ %StartMenu% : C:\Users\Stéphane\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 1655 Go of 1850 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 13 Go)
E: CD-ROM drive (Free 0 Go of 1 Go)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 41 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.16/12/2011 - 16:02:49.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.40BFD9D6EC8E174145F012246CA73CCD] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.30/05/2014 - 08:56:56.) -- C:\Windows\System32\wininet.dll [2266112]
[MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.04/03/2014 - 10:43:50.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 02:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.16/12/2011 - 16:04:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.DF8126BD41180351A093A3AD2FC8903B] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.16/12/2011 - 16:01:06.) -- C:\Windows\system32\Drivers\volsnap.sys [296320]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/40835
~ Mes musiques (My Musics) : 1/246
~ Mes Videos (My Videos) : 1/113
~ Mes Favoris (My Favorites) : 1/1197
~ Mes Documents (My Documents) : 1/54
~ Mon Bureau (My Desktop) : 1/1019
~ Menu demarrer (Programs) : 1/26
~ Hidden Files: Scanned in 00mn 08s
---\\ Processus lancés
[MD5.554A50B5310E702029D3A675459108FF] - (.Hewlett-Packard - hpsysdrv.) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768] [PID.4760]
[MD5.48C3EBD6D5E52AFCB1A0FA9B7F9802FA] - (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720] [PID.4776]
[MD5.799BCC829F48F19C5689478179060435] - (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720] [PID.4784]
[MD5.DAB55357D9CC9A76052F4472EBD5C729] - (.Apple Inc. - Apple IE DAV.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1326408] [PID.4800]
[MD5.390679F7A217A5E73D756276C40AE887] - (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480] [PID.4916]
[MD5.A2418D3C557C0A0C634DA713A8AC3789] - (.Logitech Inc. - Logitech Webcam Software.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336] [PID.5004]
[MD5.72860972F8196EBB3C896F53D2B95470] - (.Hewlett-Packard - HpqSRmon.) -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HpqSRmon.exe [150528] [PID.5064]
[MD5.550B8CB98A8FA1D7A1A7371055A38DDA] - (...) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe [265240] [PID.2420]
[MD5.B4E6C1B28AF8806008CB654C716ABAFA] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.4472]
[MD5.C8F0DCA0E032881B6C4422B502194629] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5181456] [PID.2508]
[MD5.47CB4D23AE630CA9F6B43DA6C0A083BE] - (.Pas de propriétaire - VProtect Application.) -- C:\Program Files (x86)\AVG Nation toolbar\vprot.exe [2556744] [PID.3284]
[MD5.902054D6B4292329F9594FFF24EE02DB] - (...) -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe [680984] [PID.3112]
[MD5.47833576F0BEE0AD7B45109982B769BD] - (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe [59720] [PID.1812]
[MD5.5331DC9D1C88840326F68C2C531A82A7] - (.Logitech, Inc. - Logitech Updater.) -- C:\Users\Stéphane\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LULnchr.exe [351248] [PID.4572]
[MD5.235D42833F2F89083FA70B9787899846] - (.Logitech, Inc. - Logitech Updater.) -- C:\Users\Stéphane\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe [1353232] [PID.6816]
[MD5.B1E01D636350983E94171E229C759468] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.6084]
[MD5.6E6656C6618C4B0B000267D9AF9EF743] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [859464] [PID.592]
[MD5.33BF80A2291C54DC7D7601CDEF63138E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8099328] [PID.4948]
[MD5.67A95B9D129ED5399E7965CD09CF30E7] - (.Logitech Inc. - Logitech User mode UMVPF service.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848] [PID.1356]
[MD5.F518545E5B7623AD49ABE7F8776EFA46] - (.Apple Inc. - YSLoader.exe.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [43336] [PID.1976]
[MD5.E5C581D358B62CF65776B8E4E17B9E5C] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [292424] [PID.1864]
[MD5.CA793DCC1D5F619021EF1D37CC7A831E] - (.EasyBits Software AS - Shared EasyBits services for Windows.) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232] [PID.2064]
[MD5.075CDE4F95ED6119B4BA9162876801F8] - (.PDF Complete Inc - Dispatcher.) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952] [PID.2516]
[MD5.230F0D65431489B01DFA85749DEBF625] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [378472] [PID.2700]
[MD5.D53118C165AE5D188632B6CDEEE82A1B] - (.TeamViewer GmbH - TeamViewer 8.) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [4308320] [PID.2772]
[MD5.F02A533F517EB38333CB12A9E8963773] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [136176] [PID.672]
[MD5.C0F42F23A02076B9907BD0D651EFBE33] - (...) -- C:\Program Files (x86)\BrowseSmart\updateBrowseSmart.exe [348448] [PID.588] =>PUP.BrowseSmart
[MD5.1B47EC24EA2DBB897B72538FBD61E34E] - (...) -- C:\Program Files (x86)\FindRight\updateFindRight.exe [316704] [PID.2992] =>Hijacker.FindrToolbar
[MD5.C0F42F23A02076B9907BD0D651EFBE33] - (...) -- C:\Program Files (x86)\BrowseSmart\bin\utilBrowseSmart.exe [348448] [PID.2104] =>PUP.BrowseSmart
[MD5.002D492CB24F1BBD3BA5F22FE8049A15] - (...) -- C:\Program Files (x86)\FindRight\bin\utilFindRight.exe [317728] [PID.3116] =>Hijacker.FindrToolbar
[MD5.8B2236701ACD97517B81701FA139A075] - (...) -- C:\Users\Stéphane\AppData\Roaming\VOPackage\VOsrv.exe [53760] [PID.3184] =>Adware.Downware
[MD5.96C3155C779F977E3F71459E935CFFE2] - (.AVG Secure Search - ToolbarU Application.) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe [1793536] [PID.3216] =>Toolbar.AVGSearch
[MD5.9063D0DB903AA1D72E32DE27F4714E55] - (.Pas de propriétaire - loggings Application.) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\loggingserver.exe [158536] [PID.3256] =>Toolbar.AVGSearch
[MD5.794D4B48DFB6E999537C7C3947863463] - (.Safer Networking Ltd. - Spybot-S&D Security Center integration.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368] [PID.3340]
[MD5.D75C4B4A8FE6D7FD74A7EECDBAEC729F] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [326168] [PID.3192]
[MD5.FF7E8BC3A8B90F03BD20588B5840154F] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2214504] [PID.5256]
[MD5.758C2CE427C343F780A205E28555C98D] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2656280] [PID.5228]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Stéphane\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [dlnembnfbcpjnepmfjmngjenhhajpdfd] IB Updater v.2.0.0.550, (Désactivé) =>Adware.InstallBrain
G2 - GCE: Preference [User Data\Default] [icmijdhkcgeclpfjmibnginbbkfcbpep] SearchGBY v.0.9.82 (Désactivé)
G2 - GCE: Preference [User Data\Default] [kajfghlhfkcocafkcjlajldicbikpgnp] Feven 2.2 v.12196.8751.4505, (Activé) =>PUP.CrossRider
G2 - GCE: Preference [User Data\Default] [klhlfdbffplhpkpalkmacjejfbdeefaj] SmartSaver+ 8 v.1.26.69, (Activé) =>PUP.CrossRider
G2 - GCE: Preference [User Data\Default] [lekgiimbfodefdaoofhlckefjbgpeilo] MediaPlayerEnhance v.1.26.69, (Activé) =>PUP.MediaPlayerEnhance
G2 - GCE: Preference [User Data\Default] [ndibdjnfmopecpmkdieinmbadjfpblof] AVG Nation Toolbar v.18.1.0.443 (Désactivé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)
---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 16 Legitimates Filtered in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Stéphane\AppData\Roaming\Mozilla\Firefox\Profiles\qphghzox.default\prefs.js
C:\Users\Stéphane\AppData\Roaming\Mozilla\Firefox\Profiles\qphghzox.default\user.js
M3 - MFPP: Plugins - [Stéphane] -- C:\Users\Stéphane\AppData\Roaming\Mozilla\Firefox\Profiles\qphghzox.default\searchplugins\conduit-search.xml =>Toolbar.Conduit
M3 - MFPP: Plugins - [Stéphane] -- C:\Users\Stéphane\AppData\Roaming\Mozilla\Firefox\Profiles\qphghzox.default\searchplugins\speedbit.xml
M3 - MFPP: Plugins - [Stéphane] -- C:\Users\Stéphane\AppData\Roaming\Mozilla\Firefox\Profiles\qphghzox.default\searchplugins\Web Search.xml =>Parasite.Pugi
M2 - MFEP: RegExtension {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} . (...) -- C:\Program Files (x86)\PriceGong\2.5.4\FF (.not file.) =>Adware.PriceGong
M2 - MFEP: RegExtension {e4f94d1e-2f53-401e-8885-681602c0ddd8} . (...) -- C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
M2 - MFEP: prefs.js [Stéphane - qphghzox.default\ioeeaylf@bamroztoa.net] [] SaverPrro v4.31 (..) =>PUP.SaverPro
M2 - MFEP: prefs.js [Stéphane - qphghzox.default\oay1.p@hrrajbuurso.edu] [] LucKyiCoupon v1.0 (..) =>PUP.LuckyCoupon
M2 - MFEP: prefs.js [Stéphane - qphghzox.default\{1CB94A15-4515-4A88-A296-36DDCA34AF50}] [] RechercherWeb Toolbar v1.0.0 (..)
M2 - MFEP: prefs.js [Stéphane - qphghzox.default\{94cd2cc3-083f-49ba-a218-4cda4b4829fd}] [] Value Apps v1.7.0.0 (..) =>Toolbar.Conduit
M2 - MFEP: Extension [Stéphane - qphghzox.default] {4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}
~ Firefox Browser: 15 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.trovigo.com =>Hijacker.Trovigo
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com =>PUP.Awesomehp
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com =>Hijacker.SmartBar
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com =>Hijacker.SmartBar
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.com =>Hijacker.SmartBar
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.com =>Hijacker.SmartBar
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchUrl,Default = http://feed.snapdo.com =>Hijacker.SmartBar
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com =>PUP.Awesomehp
~ IE Browser: 24 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (15514)
~ Hosts File: Scanned in 00mn 07s
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: CrossriderApp0050776 [64Bits] - {11111111-1111-1111-1111-110511071176} . (.Plus HD - Plus-HD-7.5 BHO.) -- C:\Program Files (x86)\Plus-HD-7.5\Plus-HD-7.5-bho.dll =>PUP.CrossRider
O2 - BHO: (no name) [64Bits] - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} Clé orpheline
O2 - BHO: TBSB01555 [64Bits] - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} . (.Pas de propriétaire - Internet Explorer Toolbar Engine.) -- C:\Program Files (x86)\France Toolbar\tbcore3.dll
O2 - BHO: AVG Do Not Track [64Bits] - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} Clé orpheline
~ BHO: 25 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Activeris AntiMalware.lnk . (.Activeris - Activeris AntiMalware.) -- C:\Program Files (x86)\Activeris AntiMalware\ActiverisAntiMalware.exe =>PUP.Activeris
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\Desktop [Public]: Optimizer Elite Max.lnk . (...) -- C:\Program Files (x86)\Optimizer Elite Max\Optimizer Elite Max.exe (.not file.) =>PUP.OptimizerEliteMax
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\QuickLaunch [Stéphane]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\QuickLaunch [Stéphane]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\Program [Stéphane]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\Program [Stéphane]: Search.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://feed.snapdo.com =>Hijacker.SmartBar
O4 - GS\SystemTools [Stéphane]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com =>PUP.Awesomehp
~ Global Startup: 11 Legitimates Filtered in 00mn 00s
---\\ Applications lancées au démarrage du système (O4)
O4 - GS\Startup [Stéphane]: 2YourFace_Updater.lnk . (...) -- C:\Users\Stéphane\AppData\Roaming\2YourFace\Updater.exe (.not file.) =>Adware.2YourFace
O4 - HKLM\..\Run: [hpsysdrv] . (.Hewlett-Packard - hpsysdrv.) -- c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\RunOnce: [NCPluginUpdater] . (.Hewlett-Packard - NCPluginUpdater.) -- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe
O4 - HKCU\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] . (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [AppleIEDAV] . (.Apple Inc. - Apple IE DAV.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Facebook Update] C:\Users\Stéphane\AppData\Local\Facebook\Update\FacebookUpdate.exe (.not file.)
O4 - HKCU\..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (.not file.)
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe
O4 - HKLM\..\Wow6432Node\Run: [Easybits Recovery] . (.EasyBits Software AS - Pas de description.) -- C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe =>.EasyBits Software AS
O4 - HKLM\..\Wow6432Node\Run: [LWS] . (.Logitech Inc. - Logitech Webcam Software.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe =>.Logitech Inc
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
O4 - HKLM\..\Wow6432Node\Run: [hpqSRMon] . (.Hewlett-Packard - HpqSRmon.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Wow6432Node\Run: [Magic Desktop for HP notification] . (.Easybits - Software update notification.) -- C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe
O4 - HKLM\..\Wow6432Node\Run: [fst_fr_83] C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe =>Adware.FreeSoftToday
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
O4 - HKLM\..\Wow6432Node\Run: [vProt] . (.Pas de propriétaire - VProtect Application.) -- C:\Program Files (x86)\AVG Nation toolbar\vprot.exe
O4 - HKLM\..\Wow6432Node\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe (.not file.) =>PUP.Mobogenie
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2726131679-2337646977-2205106966-1000\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKUS\S-1-5-21-2726131679-2337646977-2205106966-1000\..\Run: [ApplePhotoStreams] . (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKUS\S-1-5-21-2726131679-2337646977-2205106966-1000\..\Run: [AppleIEDAV] . (.Apple Inc. - Apple IE DAV.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
O4 - HKUS\S-1-5-21-2726131679-2337646977-2205106966-1000\..\Run: [SpybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-2726131679-2337646977-2205106966-1000\..\Run: [Facebook Update] C:\Users\Stéphane\AppData\Local\Facebook\Update\FacebookUpdate.exe (.not file.)
O4 - HKUS\S-1-5-21-2726131679-2337646977-2205106966-1000\..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (.not file.)
O4 - HKUS\S-1-5-21-2726131679-2337646977-2205106966-1000\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe
~ Application: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 [64Bits] - {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\Resources\Icons\HP.ico
O9 - Extra button: &Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: AVG Do Not Track [64Bits] - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} -- C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (.not file.)
O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.)
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{798D0E29-6AB2-4615-B22E-04D7D106DA5E}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{798D0E29-6AB2-4615-B22E-04D7D106DA5E}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{798D0E29-6AB2-4615-B22E-04D7D106DA5E}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll =>PUP.OptimizerPro
~ AppInit DLL: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Optimizer Pro Crash Monitor (70e6ca8c) . (...) - C:\Program Files (x86)\optimi~1\OptProCrashSvc.dll =>PUP.OptimizerPro
O23 - Service: Update BrowseSmart (Update BrowseSmart) . (...) - C:\Program Files (x86)\BrowseSmart\updateBrowseSmart.exe =>PUP.BrowseSmart
O23 - Service: Update Cling Clang (Update Cling Clang) . (...) - C:\Program Files (x86)\Cling Clang\updateClingClang.exe (.not file.) =>PUP.ClingClang
O23 - Service: Update FindRight (Update FindRight) . (...) - C:\Program Files (x86)\FindRight\updateFindRight.exe =>Hijacker.FindrToolbar
O23 - Service: Util BrowseSmart (Util BrowseSmart) . (...) - C:\Program Files (x86)\BrowseSmart\bin\utilBrowseSmart.exe =>PUP.BrowseSmart
O23 - Service: Util Cling Clang (Util Cling Clang) . (...) - C:\Program Files (x86)\Cling Clang\bin\utilClingClang.exe (.not file.) =>PUP.ClingClang
O23 - Service: Util FindRight (Util FindRight) . (...) - C:\Program Files (x86)\FindRight\bin\utilFindRight.exe =>Hijacker.FindrToolbar
O23 - Service: Service Component of VO (VOsrv) . (...) - C:\Users\Stéphane\AppData\Roaming\VOPackage\VOsrv.exe =>Adware.Downware
O23 - Service: (vToolbarUpdater18.1.0) . (.AVG Secure Search - ToolbarU Application.) - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe =>Toolbar.AVGSearch
O23 - Service: WajamUpdaterV3 (WajamUpdaterV3) . (...) - C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe (.not file.) =>PUP.Wajam
~ Services: 24 Legitimates Filtered in 00mn 10s
---\\ Enumère les données de BootExecute (BEX) (O34)
O34 - HKLM BootExecute: ( /sync /restart) - File not found
O34 - HKLM BootExecute: ( /sync /restart) - File not found
~ BEX: 3 Legitimates Filtered in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [Feven 2.2-firefoxinstaller] (...) -- C:\Program Files (x86)\Feven 2.2\Feven 2.2-firefoxinstaller.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [Feven 2.2-validator] (...) -- C:\Program Files (x86)\Feven 2.2\Feven 2.2-validator.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [MediaPlayerEnhance-chromeinstaller] (...) -- C:\Program Files (x86)\MediaPlayerEnhance\MediaPlayerEnhance-chromeinstaller.exe (.not file.) [0] =>PUP.MediaPlayerEnhance
[MD5.00000000000000000000000000000000] [APT] [MediaPlayerEnhance-codedownloader] (...) -- C:\Program Files (x86)\MediaPlayerEnhance\MediaPlayerEnhance-codedownloader.exe (.not file.) [0] =>PUP.MediaPlayerEnhance
[MD5.00000000000000000000000000000000] [APT] [MediaPlayerEnhance-enabler] (...) -- C:\Program Files (x86)\MediaPlayerEnhance\MediaPlayerEnhance-enabler.exe (.not file.) [0] =>PUP.MediaPlayerEnhance
[MD5.00000000000000000000000000000000] [APT] [MediaPlayerEnhance-firefoxinstaller] (...) -- C:\Program Files (x86)\MediaPlayerEnhance\MediaPlayerEnhance-firefoxinstaller.exe (.not file.) [0] =>PUP.MediaPlayerEnhance
[MD5.00000000000000000000000000000000] [APT] [MediaPlayerEnhance-updater] (...) -- C:\Program Files (x86)\MediaPlayerEnhance\MediaPlayerEnhance-updater.exe (.not file.) [0] =>PUP.MediaPlayerEnhance
[MD5.00000000000000000000000000000000] [APT] [MySearchDial] (...) -- C:\Users\Stéphane\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>Adware.MyWebSearch
[MD5.00000000000000000000000000000000] [APT] [PC Performer] (...) -- C:\Program Files (x86)\PC Performer\PCPerformer.exe (.not file.) [0] =>Rogue.PCPerformer
[MD5.00000000000000000000000000000000] [APT] [PC Performer_DEFAULT] (...) -- C:\Program Files (x86)\PC Performer\PCPerformer.exe (.not file.) [0] =>Rogue.PCPerformer
[MD5.00000000000000000000000000000000] [APT] [PC Performer_UPDATES] (...) -- C:\Program Files (x86)\PC Performer\PCPerformer.exe (.not file.) [0] =>Rogue.PCPerformer
[MD5.00000000000000000000000000000000] [APT] [Plus-HD-7.5-codedownloader] (...) -- C:\Program Files (x86)\Plus-HD-7.5\Plus-HD-7.5-codedownloader.exe (.not file.) [0] =>Adware.PlusHD
[MD5.00000000000000000000000000000000] [APT] [Plus-HD-7.5-enabler] (...) -- C:\Program Files (x86)\Plus-HD-7.5\Plus-HD-7.5-enabler.exe (.not file.) [0] =>Adware.PlusHD
[MD5.00000000000000000000000000000000] [APT] [Plus-HD-7.5-firefoxinstaller] (...) -- C:\Program Files (x86)\Plus-HD-7.5\Plus-HD-7.5-firefoxinstaller.exe (.not file.) [0] =>Adware.PlusHD
[MD5.00000000000000000000000000000000] [APT] [Plus-HD-7.5-updater] (...) -- C:\Program Files (x86)\Plus-HD-7.5\Plus-HD-7.5-updater.exe (.not file.) [0] =>Adware.PlusHD
[MD5.00000000000000000000000000000000] [APT] [Plus-HD-7.5-validator] (...) -- C:\Program Files (x86)\Plus-HD-7.5\Plus-HD-7.5-validator.exe (.not file.) [0] =>Adware.PlusHD
[MD5.00000000000000000000000000000000] [APT] [RegClean Pro] (...) -- C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe (.not file.) [0] =>Rogue.RegistryPowerCleaner
[MD5.00000000000000000000000000000000] [APT] [SmartSaver+ 8-chromeinstaller] (...) -- C:\Program Files (x86)\SmartSaver+ 8\SmartSaver+ 8-chromeinstaller.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [SmartSaver+ 8-codedownloader] (...) -- C:\Program Files (x86)\SmartSaver+ 8\SmartSaver+ 8-codedownloader.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [SmartSaver+ 8-enabler] (...) -- C:\Program Files (x86)\SmartSaver+ 8\SmartSaver+ 8-enabler.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [SmartSaver+ 8-firefoxinstaller] (...) -- C:\Program Files (x86)\SmartSaver+ 8\SmartSaver+ 8-firefoxinstaller.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [SmartSaver+ 8-updater] (...) -- C:\Program Files (x86)\SmartSaver+ 8\SmartSaver+ 8-updater.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [UpdateVO] (...) -- C:\Users\Stéphane\AppData\Roaming\VOPackage\VOPackage.exe (.not file.) [0] =>Adware.Downware
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2726131679-2337646977-2205106966-1000Core [918]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2726131679-2337646977-2205106966-1000UA [940]
O39 - APT: Feven 2.2-firefoxinstaller - (...) -- C:\Windows\Tasks\Feven 2.2-firefoxinstaller.job [2228] =>PUP.CrossRider
O39 - APT: Feven 2.2-firefoxinstaller - (...) -- C:\Windows\System32\Tasks\Feven 2.2-firefoxinstaller [2228] =>PUP.CrossRider
O39 - APT: Feven 2.2-validator - (...) -- C:\Windows\Tasks\Feven 2.2-validator.job [2390] =>PUP.CrossRider
O39 - APT: Feven 2.2-validator - (...) -- C:\Windows\System32\Tasks\Feven 2.2-validator [2390] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1068]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1072]
O39 - APT: MediaPlayerEnhance-chromeinstaller - (...) -- C:\Windows\Tasks\MediaPlayerEnhance-chromeinstaller.job [3126] =>PUP.CrossRider
O39 - APT: MediaPlayerEnhance-chromeinstaller - (...) -- C:\Windows\System32\Tasks\MediaPlayerEnhance-chromeinstaller [3126] =>PUP.CrossRider
O39 - APT: MediaPlayerEnhance-codedownloader - (...) -- C:\Windows\Tasks\MediaPlayerEnhance-codedownloader.job [1556] =>PUP.CrossRider
O39 - APT: MediaPlayerEnhance-codedownloader - (...) -- C:\Windows\System32\Tasks\MediaPlayerEnhance-codedownloader [1556] =>PUP.CrossRider
O39 - APT: MediaPlayerEnhance-enabler - (...) -- C:\Windows\Tasks\MediaPlayerEnhance-enabler.job [1454] =>PUP.CrossRider
O39 - APT: MediaPlayerEnhance-enabler - (...) -- C:\Windows\System32\Tasks\MediaPlayerEnhance-enabler [1454] =>PUP.CrossRider
O39 - APT: MediaPlayerEnhance-firefoxinstaller - (...) -- C:\Windows\Tasks\MediaPlayerEnhance-firefoxinstaller.job [2400] =>PUP.CrossRider
O39 - APT: MediaPlayerEnhance-firefoxinstaller - (...) -- C:\Windows\System32\Tasks\MediaPlayerEnhance-firefoxinstaller [2400] =>PUP.CrossRider
O39 - APT: MediaPlayerEnhance-updater - (...) -- C:\Windows\Tasks\MediaPlayerEnhance-updater.job [1600] =>PUP.CrossRider
O39 - APT: MediaPlayerEnhance-updater - (...) -- C:\Windows\System32\Tasks\MediaPlayerEnhance-updater [1600] =>PUP.CrossRider
O39 - APT: MySearchDial - (...) -- C:\Windows\Tasks\MySearchDial.job [304] =>Adware.MyWebSearch
O39 - APT: MySearchDial - (...) -- C:\Windows\System32\Tasks\MySearchDial [304] =>Adware.MyWebSearch
O39 - APT: PC Performer_DEFAULT - (...) -- C:\Windows\Tasks\PC Performer_DEFAULT.job [282] =>Rogue.PCPerformer
O39 - APT: PC Performer_DEFAULT - (...) -- C:\Windows\System32\Tasks\PC Performer_DEFAULT [282] =>Rogue.PCPerformer
O39 - APT: PC Performer_UPDATES - (...) -- C:\Windows\Tasks\PC Performer_UPDATES.job [290] =>Rogue.PCPerformer
O39 - APT: PC Performer_UPDATES - (...) -- C:\Windows\System32\Tasks\PC Performer_UPDATES [290] =>Rogue.PCPerformer
O39 - APT: Plus-HD-7.5-codedownloader - (...) -- C:\Windows\Tasks\Plus-HD-7.5-codedownloader.job [1470] =>PUP.CrossRider
O39 - APT: Plus-HD-7.5-codedownloader - (...) -- C:\Windows\System32\Tasks\Plus-HD-7.5-codedownloader [1470] =>PUP.CrossRider
O39 - APT: Plus-HD-7.5-enabler - (...) -- C:\Windows\Tasks\Plus-HD-7.5-enabler.job [1368] =>PUP.CrossRider
O39 - APT: Plus-HD-7.5-enabler - (...) -- C:\Windows\System32\Tasks\Plus-HD-7.5-enabler [1368] =>PUP.CrossRider
O39 - APT: Plus-HD-7.5-firefoxinstaller - (...) -- C:\Windows\Tasks\Plus-HD-7.5-firefoxinstaller.job [2332] =>PUP.CrossRider
O39 - APT: Plus-HD-7.5-firefoxinstaller - (...) -- C:\Windows\System32\Tasks\Plus-HD-7.5-firefoxinstaller [2332] =>PUP.CrossRider
O39 - APT: Plus-HD-7.5-updater - (...) -- C:\Windows\Tasks\Plus-HD-7.5-updater.job [1514] =>PUP.CrossRider
O39 - APT: Plus-HD-7.5-updater - (...) -- C:\Windows\System32\Tasks\Plus-HD-7.5-updater [1514] =>PUP.CrossRider
O39 - APT: Plus-HD-7.5-validator - (...) -- C:\Windows\Tasks\Plus-HD-7.5-validator.job [2398] =>Adware.PlusHD
O39 - APT: Plus-HD-7.5-validator - (...) -- C:\Windows\System32\Tasks\Plus-HD-7.5-validator [2398] =>Adware.PlusHD
O39 - APT: SmartSaver+ 8-chromeinstaller - (...) -- C:\Windows\Tasks\SmartSaver+ 8-chromeinstaller.job [3106] =>PUP.CrossRider
O39 - APT: SmartSaver+ 8-chromeinstaller - (...) -- C:\Windows\System32\Tasks\SmartSaver+ 8-chromeinstaller [3106] =>PUP.CrossRider
O39 - APT: SmartSaver+ 8-codedownloader - (...) -- C:\Windows\Tasks\SmartSaver+ 8-codedownloader.job [1482] =>PUP.CrossRider
O39 - APT: SmartSaver+ 8-codedownloader - (...) -- C:\Windows\System32\Tasks\SmartSaver+ 8-codedownloader [1482] =>PUP.CrossRider
O39 - APT: SmartSaver+ 8-enabler - (...) -- C:\Windows\Tasks\SmartSaver+ 8-enabler.job [1380] =>PUP.CrossRider
O39 - APT: SmartSaver+ 8-enabler - (...) -- C:\Windows\System32\Tasks\SmartSaver+ 8-enabler [1380] =>PUP.CrossRider
O39 - APT: SmartSaver+ 8-firefoxinstaller - (...) -- C:\Windows\Tasks\SmartSaver+ 8-firefoxinstaller.job [2424] =>PUP.CrossRider
O39 - APT: SmartSaver+ 8-firefoxinstaller - (...) -- C:\Windows\System32\Tasks\SmartSaver+ 8-firefoxinstaller [2424] =>PUP.CrossRider
O39 - APT: SmartSaver+ 8-updater - (...) -- C:\Windows\Tasks\SmartSaver+ 8-updater.job [1526] =>PUP.CrossRider
O39 - APT: SmartSaver+ 8-updater - (...) -- C:\Windows\System32\Tasks\SmartSaver+ 8-updater [1526] =>PUP.CrossRider
~ Scheduled Task: 80 Legitimates Filtered in 00mn 06s
---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: ({42e50651-9669-456e-9081-d5a836274274}w64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{42e50651-9669-456e-9081-d5a836274274}w64.sys =>PUP.LinkiDoo
~ Drivers: 78 Legitimates Filtered in 00mn 00s
---\\ Logiciels installés (O42)
O42 - Logiciel: Activeris AntiMalware - (.Activeris.) [HKLM][64Bits] -- 94EAE98D-444B-4817-858C-13DB943DF4F1_Activeris_A~741EE3A2_is1 =>PUP.Activeris
O42 - Logiciel: Feven 2.2 - (.Feven.) [HKLM][64Bits] -- Feven 2.2 =>PUP.CrossRider
O42 - Logiciel: France Toolbar - (.France Toolbar.) [HKLM][64Bits] -- France Toolbar
O42 - Logiciel: IB Updater 2.0.0.550 - (.IncrediBar.) [HKLM][64Bits] -- {336D0C35-8A85-403a-B9D2-65C292C39087}_is1 =>Adware.InstallBrain
O42 - Logiciel: MediaPlayerEnhance - (.Feven.) [HKLM][64Bits] -- MediaPlayerEnhance =>PUP.MediaPlayerEnhance
O42 - Logiciel: Plus-HD-7.5 - (.Plus HD.) [HKLM][64Bits] -- Plus-HD-7.5 =>Adware.PlusHD
O42 - Logiciel: ShopPerMaSStaer - (.ShopperMaesteR.) [HKLM][64Bits] -- {35E0D123-1F22-9AE6-F973-B7ECA46E8BFE}
O42 - Logiciel: SmartSaver+ 8 - (.smart-saverplus.) [HKLM][64Bits] -- SmartSaver+ 8 =>PUP.CrossRider
O42 - Logiciel: SweetIM for Messenger 3.7 - (.SweetIM Technologies Ltd..) [HKLM][64Bits] -- {7683B745-6060-41FD-AA75-0BBB383FEAD4} =>PUP.SweetIM
O42 - Logiciel: WPM17.8.0.3325 - (.Cherished Technololgy LIMITED.) [HKLM][64Bits] -- WPM =>PUP.WpManager
~ Logic: 53 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Activeris] =>PUP.Activeris
[HKCU\Software\BrowseSmart] =>PUP.BrowseSmart
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\FindRight] =>Hijacker.FindrToolbar
[HKCU\Software\IM]
[HKCU\Software\IncrediMail]
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\InstalledBrowserExtensions] =>Adware.VidSaver
[HKCU\Software\Optimizer Elite Max] =>PUP.OptimizerEliteMax
[HKCU\Software\Smartbar] =>Hijacker.SmartBar
[HKCU\Software\Speedbit]
[HKCU\Software\TutoTag] =>PUP.AgenceExclusive
[HKCU\Software\freesofttoday] =>Adware.FreeSoftToday
[HKCU\Software\mysearchdial] =>Adware.MyWebSearch
[HKLM\Software\IB Updater] =>Adware.InstallBrain
[HKLM\Software\InstalledBrowserExtensions] =>Adware.VidSaver
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKLM\Software\Web Assistant] =>Adware.IncrediBar
[HKLM\Software\Wow6432Node\Activeris] =>PUP.Activeris
[HKLM\Software\Wow6432Node\BrowseSmart] =>PUP.BrowseSmart
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\FREESOFTTODAY] =>Adware.FreeSoftToday
[HKLM\Software\Wow6432Node\FindRight] =>Hijacker.FindrToolbar
[HKLM\Software\Wow6432Node\IB Updater] =>Adware.InstallBrain
[HKLM\Software\Wow6432Node\InstallCore] =>Adware.InstallCore
[HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>Adware.VidSaver
[HKLM\Software\Wow6432Node\Tutorials] =>PUP.AgenceExclusive
[HKLM\Software\Wow6432Node\Web Assistant] =>Adware.IncrediBar
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager
[HKLM\Software\Wow6432Node\anset]
[HKLM\Software\Wow6432Node\mamverifier]
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab
~ Key Software: 435 Legitimates Filtered in 00mn 01s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 27/03/2014 - 12:03:42 - [] ----D C:\Program Files (x86)\Activeris AntiMalware =>PUP.Activeris
O43 - CFD: 23/02/2014 - 17:10:51 - [0] ----D C:\Program Files (x86)\BringStar =>PUP.BringStar
O43 - CFD: 22/03/2014 - 02:59:37 - [] ----D C:\Program Files (x86)\BrowseSmart =>PUP.BrowseSmart
O43 - CFD: 22/03/2014 - 00:24:43 - [0] ----D C:\Program Files (x86)\Cling Clang =>PUP.ClingClang
O43 - CFD: 08/02/2014 - 05:18:02 - [] ----D C:\Program Files (x86)\Conduit
O43 - CFD: 09/05/2014 - 14:02:46 - [] ----D C:\Program Files (x86)\Feven 2.2 =>PUP.CrossRider
O43 - CFD: 09/05/2014 - 14:02:50 - [] ----D C:\Program Files (x86)\FindRight =>Hijacker.FindrToolbar
O43 - CFD: 07/12/2013 - 14:45:39 - [] ----D C:\Program Files (x86)\France Toolbar
O43 - CFD: 09/05/2014 - 14:07:10 - [] ----D C:\Program Files (x86)\MediaPlayerEnhance =>PUP.MediaPlayerEnhance
O43 - CFD: 09/05/2014 - 14:08:17 - [] ----D C:\Program Files (x86)\Plus-HD-7.5 =>Adware.PlusHD
O43 - CFD: 09/05/2014 - 14:08:23 - [] ----D C:\Program Files (x86)\SmartSaver+ 8 =>PUP.CrossRider
O43 - CFD: 18/04/2014 - 03:59:06 - [] ----D C:\Program Files (x86)\SupTab =>PUP.SupTab
O43 - CFD: 08/02/2014 - 05:18:04 - [] ----D C:\Program Files (x86)\Uninstaller
O43 - CFD: 21/03/2014 - 23:28:05 - [] ----D C:\ProgramData\3d0693424e0c2f7f
O43 - CFD: 27/03/2014 - 12:03:41 - [] ----D C:\ProgramData\Activeris =>PUP.Activeris
O43 - CFD: 30/12/2013 - 18:20:04 - [] ----D C:\ProgramData\APN
O43 - CFD: 31/10/2013 - 12:13:42 - [] ----D C:\ProgramData\IBUpdaterService =>Adware.InstallBrain
O43 - CFD: 03/06/2014 - 06:33:52 - [] ----D C:\ProgramData\IePluginService =>PUP.IePluginService
O43 - CFD: 01/01/2012 - 18:22:04 - [] ----D C:\ProgramData\IM
O43 - CFD: 01/01/2012 - 18:21:21 - [] ----D C:\ProgramData\IncrediMail
O43 - CFD: 09/05/2014 - 14:10:41 - [] ----D C:\ProgramData\ShopPerMaSStaer
O43 - CFD: 21/08/2013 - 17:16:13 - [0] ----D C:\ProgramData\Tarma Installer =>PUP.Tarma
O43 - CFD: 10/02/2014 - 00:12:22 - [0] ----D C:\ProgramData\WPM =>PUP.WpManager
O43 - CFD: 04/05/2014 - 12:41:59 - [] ----D C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
O43 - CFD: 27/03/2014 - 12:03:49 - [] ----D C:\Users\Stéphane\AppData\Roaming\Activeris =>PUP.Activeris
O43 - CFD: 27/03/2014 - 12:08:02 - [] ----D C:\Users\Stéphane\AppData\Roaming\Optimizer Elite Max =>PUP.OptimizerEliteMax
O43 - CFD: 08/02/2014 - 05:18:12 - [] ----D C:\Users\Stéphane\AppData\Roaming\ValueApps =>Toolbar.Conduit
O43 - CFD: 25/04/2014 - 19:42:54 - [] ----D C:\Users\Stéphane\AppData\Roaming\VOPackage =>Adware.Downware
O43 - CFD: 01/01/2012 - 18:23:50 - [] ----D C:\Users\Stéphane\AppData\Local\IM
~ 71 Dossier CLSID vide (CLSID Empty Folder)
~ Program Folder: 306 Legitimates Filtered in 00mn 01s
---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.91100BA6EB2A23FD9221F21E87C9D78A] - 01/08/2014 - 18:00:50 ---A- - C:\Windows\Prefetch\UPDATEBROWSESMART.EXE-741E0032.pf =>PUP.BrowseSmart
O45 - LFCP:[MD5.225B07DCFDD2A94DA7B5D0E630A899A2] - 28/08/2014 - 14:02:18 ---A- - C:\Windows\Prefetch\UPDATEFINDRIGHT.EXE-BFADF59E.pf =>Hijacker.FindrToolbar
O45 - LFCP:[MD5.F69BBD11B917F788E7A3963A2FAE2DCA] - 28/08/2014 - 14:02:18 ---A- - C:\Windows\Prefetch\UTILBROWSESMART.EXE-25B8950A.pf =>PUP.BrowseSmart
O45 - LFCP:[MD5.6E2FEEE6FA0ACDE5941CA9E50EDAC12A] - 28/08/2014 - 14:02:18 ---A- - C:\Windows\Prefetch\UTILFINDRIGHT.EXE-0BCB0296.pf =>Hijacker.FindrToolbar
~ Prefetcher: 4 Legitimates Filtered in 00mn 00s
---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{dff1bc4b-2803-11e1-934a-806e6f6e6963}\AutoRun\command. (...) -- E:\autoplay\autoplay.exe
~ Keys: Scanned in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:29/05/2012 - 13:53:30 ---A- . (.Windows (R) Codename Longhorn DDK provider - hpvhd 64bit support driver.) -- C:\Windows\System32\Drivers\cpqdfw.sys [27456]
O58 - SDL:27/04/2010 - 18:43:50 ---A- . (...) -- C:\Windows\System32\Drivers\cqcpu.sys [24376]
O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:02/09/2005 - 01:40:26 ---A- . (...) -- C:\Windows\System32\Drivers\FBIKB_NT.Sys [4352]
O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:13/12/2012 - 13:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
O58 - SDL:24/04/2014 - 11:23:46 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{42e50651-9669-456e-9081-d5a836274274}w64.sys [61112] =>PUP.LinkiDoo
~ Drivers: 67 Legitimates Filtered in 00mn 01s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 28/08/2014 - 15:41:36 ---A- . (...) -- C:\Users\Stéphane\Downloads\ZHPCleaner.exe [1240576] =>.Nicolas Coolman
~ 25 Fichiers temporaires (Temporary files)
~ 54 Fichiers cookies (Cookies files)
~ Files: 4 Legitimates Filtered in 00mn 02s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 24/04/2014 - C:\Windows\System32\drivers\{42e50651-9669-456e-9081-d5a836274274}w64.sys ({42e50651-9669-456e-9081-d5a836274274}w64) .(.StdLib - StdLib.) - LEGACY_{42E50651-9669-456E-9081-D5A836274274}W64 =>PUP.LinkiDoo
~ Legacy: 83 Legitimates Filtered in 00mn 00s
---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com =>PUP.Awesomehp
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: prefs.js [Stéphane - qphghzox.default] user_pref("browser.search.defaultenginename", "Conduit Search");
O69 - SBI: prefs.js [Stéphane - qphghzox.default] user_pref("extensions.crossrider.bic", "1440f7d8ef68928a6449a36ab9f4a401"); =>PUP.CrossRider
O69 - SBI: SearchScopes [HKCU] {006ee092-9658-4fd6-bd8e-a21a348e59f5} - (Web Search) - http://feed.snapdo.com =>Hijacker.SmartBar
O69 - SBI: SearchScopes [HKCU] {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} [DefaultScope] - (Conduit Search) - http://www.trovigo.com =>Hijacker.Trovigo
O69 - SBI: SearchScopes [HKCU] {7F4EFF06-7032-458e-AE16-1C1D8255C28A} - (Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s
---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "547B38670606DF14AA57B0BB83F3AE4D" . (.SweetIM for Messenger 3.7.) -- C:\Windows\Installer\{7683B745-6060-41FD-AA75-0BBB383FEAD4}\ARPPRODUCTICON.exe =>PUP.SweetIM
~ Update Products: 1 Legitimates Filtered in 00mn 00s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.B144B2E367FC30C5020085DABB617B82] [WIS][01/09/2012] (.SweetIM Technologies Ltd. - SweetIM for Messenger 3.7.) -- C:\Windows\Installer\13965b.msi [3704832] =>PUP.SweetIM
[MD5.2FAFA4218BDAB366BB71603CA77D146D] [WIS][01/09/2012] (.SweetIM Technologies Ltd. - SweetPacks Toolbar for Internet Explorer 4.0.) -- C:\Windows\Installer\139662.msi [3123200] =>PUP.SweetIM
~ WIS: 2 Legitimates Filtered in 00mn 01s
---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32 =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASAPI32 =>Adware.NewPlayer
HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASMANCS =>Adware.NewPlayer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32 =>PUP.AdvancedSystemProtector
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS =>PUP.AdvancedSystemProtector
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\conduitinstaller_RASAPI32 =>Adware.Bloson
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\conduitinstaller_RASMANCS =>Adware.Bloson
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ExtensionUpdaterService_RASAPI32 =>Adware.Incredibar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ExtensionUpdaterService_RASMANCS =>Adware.Incredibar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\FindRight_RASAPI32 =>Hijacker.FindrToolbar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\FindRight_RASMANCS =>Hijacker.FindrToolbar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASAPI32 =>PUP.Babylon
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASMANCS =>PUP.Babylon
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NewPlayer_RASAPI32 =>Adware.NewPlayer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NewPlayer_RASMANCS =>Adware.NewPlayer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Savings Sidekick_RASAPI32 =>Adware.GamePlayLabs
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Savings Sidekick_RASMANCS =>Adware.GamePlayLabs
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SnapDo_RASAPI32 =>Hijacker.SmartBar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SnapDo_RASMANCS =>Hijacker.SmartBar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SweetIM_RASAPI32 =>PUP.SweetIM
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SweetIM_RASMANCS =>PUP.SweetIM
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32 =>PUP.SweetIM
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS =>PUP.SweetIM
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBrowseSmart_RASAPI32 =>PUP.BrowseSmart
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBrowseSmart_RASMANCS =>PUP.BrowseSmart
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateFindRight_RASAPI32 =>Hijacker.FindrToolbar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateFindRight_RASMANCS =>Hijacker.FindrToolbar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBrowseSmart_RASAPI32 =>PUP.BrowseSmart
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBrowseSmart_RASMANCS =>PUP.BrowseSmart
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilFindRight_RASAPI32 =>Hijacker.FindrToolbar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilFindRight_RASMANCS =>Hijacker.FindrToolbar
~ BTK: 317 Legitimates Filtered in 00mn 00s
---\\ Recherche de clés de registre CLSID (O101)
[HKCR\CLSID\{11111111-1111-1111-1111-110411411150}] (MediaPlayerEnhance) =>PUP.MediaPlayerEnhance
[HKCR\CLSID\{11111111-1111-1111-1111-110511071176}] (Plus-HD-7.5) =>Adware.PlusHD
[HKCR\CLSID\{22222222-2222-2222-2222-220422412250}] (CrossriderApp0044150.Sandbox) =>PUP.CrossRider
[HKCR\CLSID\{22222222-2222-2222-2222-220422892226}] (CrossriderApp0048926.Sandbox) =>PUP.CrossRider
[HKCR\CLSID\{22222222-2222-2222-2222-220522072276}] (CrossriderApp0050776.Sandbox) =>PUP.CrossRider
[HKCR\CLSID\{93DBF2BB-A2B3-4683-A92E-57E60751F346}] (ValueApps) =>Toolbar.Conduit
[HKCR\CLSID\{F63AAEDC-3602-49EF-AA45-262380A98980}] (Value Apps plugin) =>Toolbar.Conduit
~ BCK: 4509 Legitimates Filtered in 00mn 06s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 08/02/2014 186496 | C:\Program Files (x86)\optimi~1\OptProCrashSvc.dll (70e6ca8c) . (...) - C:\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll =>PUP.OptimizerPro
SS - | Demand 28/08/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 13/05/2014 1473792 | (avgfws) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
SS - | Auto 13/05/2014 3644432 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
SS - | Demand 28/01/2014 227904 | (GamesAppIntegrationService) . (.WildTangent.) - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 25/11/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 25/11/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 25/11/2012 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 13/05/2013 1129760 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
SS - | Demand 09/04/2014 289256 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
SS - | Demand 23/06/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 10/07/1658 0 | (Update Cling Clang) . (...) - C:\Program Files (x86)\Cling Clang\updateClingClang.exe =>PUP.ClingClang
SS - | Auto 10/07/1658 0 | (Util Cling Clang) . (...) - C:\Program Files (x86)\Cling Clang\bin\utilClingClang.exe =>PUP.ClingClang
SS - | Auto 10/07/1658 0 | (WajamUpdaterV3) . (...) - C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe =>PUP.Wajam
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 06/03/2012 148480 | (Agent) . (.Two Pilots.) - C:\Windows\VPDAgent_x64.exe
SR - | Auto 07/01/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 13/05/2014 292424 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
SR - | Auto 10/07/1658 0 | (ezSharedSvc) . (.EasyBits Software AS.) - C:\Windows\System32\ezSharedSvcHost.exe =>.EasyBits Software AS
SR - | Auto 04/11/2013 92160 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co
SR - | Auto 11/10/2010 346168 | (HPClientSvc) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
SR - | Demand 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 27136 | C:\Users\Stéphane\AppData\Local\Temp\7zS45AB\HPSLPSVC64.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Demand 06/02/2014 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 01/02/2011 326168 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 11/03/2014 23808 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 04/08/2011 1016936 | (NVSvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 04/08/2011 2214504 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
SR - | Auto 06/05/2011 1128952 | (pdfcDispatcher) . (.PDF Complete Inc.) - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 26/01/2009 1153368 | (SBSDWSCService) . (.Safer Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
SR - | Auto 30/03/2011 378472 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 07/08/2013 4308320 | (TeamViewer8) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
SR - | Auto 18/01/2012 450848 | (UMVPFSrv) . (.Logitech Inc..) - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
SR - | Auto 01/02/2011 2656280 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 21/03/2014 348448 | (Update BrowseSmart) . (...) - C:\Program Files (x86)\BrowseSmart\updateBrowseSmart.exe =>PUP.BrowseSmart
SR - | Auto 04/05/2014 316704 | (Update FindRight) . (...) - C:\Program Files (x86)\FindRight\updateFindRight.exe =>Hijacker.FindrToolbar
SR - | Auto 21/03/2014 348448 | (Util BrowseSmart) . (...) - C:\Program Files (x86)\BrowseSmart\bin\utilBrowseSmart.exe =>PUP.BrowseSmart
SR - | Auto 09/05/2014 317728 | (Util FindRight) . (...) - C:\Program Files (x86)\FindRight\bin\utilFindRight.exe =>Hijacker.FindrToolbar
SR - | Auto 23/02/2014 53760 | (VOsrv) . (...) - C:\Users\Stéphane\AppData\Roaming\VOPackage\VOsrv.exe =>Adware.Downware
SR - | Auto 28/04/2014 1793536 | (vToolbarUpdater18.1.0) . (.AVG Secure Search.) - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe =>Toolbar.AVGSearch
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 07s
---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by Stéphane at 28/08/2014 15:42:07
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s
---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Stéphane at 28/08/2014 15:42:09
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s
---\\ Scan Additionnel (O88)
Database Version : 13026 - (28/08/2014)
Clés trouvées (Keys found) : 296
Valeurs trouvées (Values found) : 12
Dossiers trouvés (Folders found) : 36
Fichiers trouvés (Files found) : 74
[HKLM\Software\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd] =>Adware.InstallBrain^
[HKLM\Software\Google\Chrome\Extensions\kajfghlhfkcocafkcjlajldicbikpgnp] =>PUP.CrossRider^
[HKLM\Software\Google\Chrome\Extensions\klhlfdbffplhpkpalkmacjejfbdeefaj] =>PUP.CrossRider^
[HKLM\Software\Google\Chrome\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo] =>PUP.MediaPlayerEnhance^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511071176}] =>PUP.CrossRider^
[HKLM\SYSTEM\CurrentControlSet\Services\70e6ca8c] =>PUP.OptimizerPro^
[HKLM\SYSTEM\CurrentControlSet\Services\Update BrowseSmart] =>PUP.BrowseSmart^
[HKLM\SYSTEM\CurrentControlSet\Services\Update Cling Clang] =>PUP.ClingClang^
[HKLM\SYSTEM\CurrentControlSet\Services\Update FindRight] =>Hijacker.FindrToolbar^
[HKLM\SYSTEM\CurrentControlSet\Services\Util BrowseSmart] =>PUP.BrowseSmart^
[HKLM\SYSTEM\CurrentControlSet\Services\Util Cling Clang] =>PUP.ClingClang^
[HKLM\SYSTEM\CurrentControlSet\Services\Util FindRight] =>Hijacker.FindrToolbar^
[HKLM\SYSTEM\CurrentControlSet\Services\VOsrv] =>Adware.Downware^
[HKLM\SYSTEM\CurrentControlSet\Services\vToolbarUpdater18.1.0] =>Toolbar.AVGSearch^
[HKLM\SYSTEM\CurrentControlSet\Services\WajamUpdaterV3] =>PUP.Wajam^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Feven 2.2-firefoxinstaller] =>PUP.CrossRider^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Feven 2.2-validator] =>PUP.CrossRider^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MediaPlayerEnhance-chromeinstaller] =>PUP.MediaPlayerEnhance^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MediaPlayerEnhance-codedownloader] =>PUP.MediaPlayerEnhance^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MediaPlayerEnhance-enabler] =>PUP.MediaPlayerEnhance^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MediaPlayerEnhance-firefoxinstaller] =>PUP.MediaPlayerEnhance^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MediaPlayerEnhance-updater] =>PUP.MediaPlayerEnhance^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MySearchDial] =>Adware.MyWebSearch^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Performer] =>Rogue.PCPerformer^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Performer_DEFAULT] =>Rogue.PCPerformer^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Performer_UPDATES] =>Rogue.PCPerformer^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-7.5-codedownloader] =>Adware.PlusHD^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-7.5-enabler] =>Adware.PlusHD^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-7.5-firefoxinstaller] =>Adware.PlusHD^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-7.5-updater] =>Adware.PlusHD^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-7.5-validator] =>Adware.PlusHD^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro] =>Rogue.RegistryPowerCleaner^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartSaver+ 8-chromeinstaller] =>PUP.CrossRider^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartSaver+ 8-codedownloader] =>PUP.CrossRider^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartSaver+ 8-enabler] =>PUP.CrossRider^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartSaver+ 8-firefoxinstaller] =>PUP.CrossRider^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartSaver+ 8-updater] =>PUP.CrossRider^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdateVO] =>Adware.Downware^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\94EAE98D-444B-4817-858C-13DB943DF4F1_Activeris_A~741EE3A2_is1] =>PUP.Activeris^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Feven 2.2] =>PUP.CrossRider^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1] =>Adware.InstallBrain^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MediaPlayerEnhance] =>PUP.MediaPlayerEnhance^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-7.5] =>Adware.PlusHD^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SmartSaver+ 8] =>PUP.CrossRider^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7683B745-6060-41FD-AA75-0BBB383FEAD4}] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WPM] =>PUP.WpManager^
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}] =>Hijacker.SmartBar
[HKLM\Software\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}] =>Adware.SocialSkinz
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1185823F-F22F-4027-80E5-4F68ACD5DE5E}] =>PUP.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}] =>Adware.PriceGong
[HKLM\Software\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011501160}] =>PUP.SpecialSavings
[HKLM\Software\Classes\Interface\{2a42d13c-d427-4787-821b-cf6973855778}] =>Adware.Agent
[HKLM\Software\Wow6432Node\Classes\Interface\{2a42d13c-d427-4787-821b-cf6973855778}] =>Adware.Agent
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}] =>PUP.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}] =>Toolbar.Agent
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}] =>PUP.Babylon
[HKLM\Software\Classes\Interface\{3d8478aa-7b88-48a9-8bcb-b85d594411ec}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{3d8478aa-7b88-48a9-8bcb-b85d594411ec}] =>Adware.SocialSkinz
[HKLM\Software\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{4897bba6-48d9-468c-8efa-846275d7701b}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{4897bba6-48d9-468c-8efa-846275d7701b}] =>Adware.SocialSkinz
[HKLM\Software\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}] =>Adware.SocialSkinz
[HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon
[HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon
[HKLM\Software\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Microsoft\Tracing\SnapDo_RASAPI32] =>Hijacker.SmartBar
[HKLM\Software\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}] =>Adware.SocialSkinz
[HKLM\Software\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}] =>Adware.SocialSkinz
[HKLM\Software\Classes\protector_dll.protectorbho.1] =>PUP.BProtector
[HKLM\Software\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Microsoft\Tracing\SnapDo_RASMANCS] =>Hijacker.SmartBar
[HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits
[HKLM\Software\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ae07101b-46d4-4a98-af68-0333ea26e113}] =>Adware.Agent
[HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>PUP.Babylon
[HKLM\Software\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}] =>Adware.SocialSkinz
[HKLM\Software\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}] =>Hijacker.Seeearch
[HKLM\Software\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}] =>Adware.SocialSkinz
[HKLM\Software\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}] =>Adware.SocialSkinz
[HKLM\Software\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}] =>Hijacker.Seeearch
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}] =>Toolbar.Conduit
[HKLM\Software\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}] =>Toolbar.Wajam
[HKLM\Software\Wow6432Node\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}] =>Toolbar.Wajam
[HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon
[HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon
[HKLM\Software\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}] =>Adware.BullseyeToolbar
[HKLM\Software\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}] =>Adware.BullseyeToolbar
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}] =>Adware.SocialSkinz
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}] =>Adware.SocialSkinz
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}] =>Adware.SocialSkinz
[HKLM\Software\Classes\AppID\escortapp.dll] =>PUP.Babylon
[HKLM\Software\Classes\AppID\escorteng.dll] =>PUP.Babylon
[HKLM\Software\Classes\AppID\esrv.EXE] =>PUP.Babylon
[HKLM\Software\Classes\protector_dll.protectorbho] =>PUP.BProtector
[HKLM\Software\Classes\AppID\ScriptHelper.EXE] =>Toolbar.AVGSearch
[HKLM\Software\Classes\AppID\TbCommonUtils.DLL] =>Toolbar.Agent
[HKLM\Software\Classes\AppID\TbHelper.EXE] =>Toolbar.Agent
[HKLM\Software\Classes\comobject.deskbarenabler] =>Toolbar.Agent
[HKLM\Software\Classes\comobject.deskbarenabler.1] =>Toolbar.Agent
[HKLM\Software\Classes\SpeedUpMyPC] =>PUP.SpeedUpMyPC
[HKLM\Software\Classes\ScriptHelper.ScriptHelperApi] =>Toolbar.AVGSearch
[HKLM\Software\Classes\ScriptHelper.ScriptHelperApi.1] =>Toolbar.AVGSearch
[HKLM\Software\Classes\TbCommonUtils.CommonUtils] =>Toolbar.Agent
[HKLM\Software\Classes\TbCommonUtils.CommonUtils.1] =>Toolbar.Agent
[HKLM\Software\Classes\URLSearchHook.ToolbarURLSearchHook] =>Toolbar.Agent
[HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook.1] =>Adware.Agent
[HKLM\Software\Classes\ViProtocol.ViProtocolOLE] =>Toolbar.AVGSearch
[HKLM\Software\Classes\ViProtocol.ViProtocolOLE.1] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd] =>Adware.IncrediBar
[HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKLM\Software\Wow6432Node\Tutorials] =>Spyware.AgenceExclusive
[HKLM\Software\Web Assistant] =>Adware.IncrediBar
[HKLM\Software\Wow6432Node\Web Assistant] =>Adware.IncrediBar
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASAPI32] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASMANCS] =>PUP.Babylon
[HKLM\Software\Classes\Prod.cap] =>PUP.Babylon
[HKLM\Software\Classes\Installer\Features\547B38670606DF14AA57B0BB83F3AE4D] =>PUP.SweetIM
[HKLM\Software\Classes\Installer\Products\547B38670606DF14AA57B0BB83F3AE4D] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\547B38670606DF14AA57B0BB83F3AE4D] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Classes\Installer\Features\547B38670606DF14AA57B0BB83F3AE4D] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Classes\Installer\Products\547B38670606DF14AA57B0BB83F3AE4D] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7683B745-6060-41FD-AA75-0BBB383FEAD4}] =>PUP.SweetIM
[HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3] =>PUP.SweetIM
[HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EE58E3C298524145B73CBBED3CAC4D3] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3] =>PUP.SweetIM
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKLM\Software\Wow6432Node\InstallCore] =>Adware.InstallCore
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Savings Sidekick_RASAPI32] =>PUP.SavingsSidekick
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Savings Sidekick_RASMANCS] =>PUP.SavingsSidekick
[HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASAPI32] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASMANCS] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof] =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}] =>Toolbar.Yahoo
[HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}] =>PUP.Babylon
[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
[HKLM\Software\Wow6432Node\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
[HKLM\Software\Classes\CrossriderApp0044150.BHO] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0044150.BHO.1] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0044150.Sandbox] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0044150.Sandbox.1] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0048926.BHO] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0048926.BHO.1] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0048926.Sandbox] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0048926.Sandbox.1] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0049012.BHO] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0049012.BHO.1] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0049012.Sandbox] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0049012.Sandbox.1] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0050776.BHO] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0050776.BHO.1] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0050776.Sandbox] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0050776.Sandbox.1] =>PUP.CrossRider
[HKLM\Software\Classes\TbHelper.TbDownloadManager] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbDownloadManager.1] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbPropertyManager] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbPropertyManager.1] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbRequest] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbRequest.1] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbTask] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbTask.1] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.ToolbarHelper] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.ToolbarHelper.1] =>Toolbar.Agent
[HKLM\Software\Classes\TBSB01555.IEToolbar] =>Toolbar.Agent
[HKLM\Software\Classes\TBSB01555.IEToolbar.1] =>Toolbar.Agent
[HKLM\Software\Classes\TBSB01555.TBSB01555] =>Toolbar.Agent
[HKLM\Software\Classes\TBSB01555.TBSB01555.3] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.TBSB01555] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.TBSB01555.1] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar.CT2724431] =>Toolbar.Conduit
[HKLM\Software\Classes\Toolbar3.ContextMenuNotifier] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.ContextMenuNotifier.1] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.CustomInternetSecurityImpl] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.CustomInternetSecurityImpl.1] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.SearchProviderManager] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.SearchProviderManager.1] =>Toolbar.Agent
[HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110411411150}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110511071176}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220422412250}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220422892226}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220522072276}] =>PUP.CrossRider
[HKLM\Software\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411411150}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0044150.BHO] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0044150.BHO.1] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0044150.Sandbox] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0044150.Sandbox.1] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0048926.BHO] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0048926.BHO.1] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0048926.Sandbox] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0048926.Sandbox.1] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0049012.BHO] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0049012.BHO.1] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0049012.Sandbox] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0049012.Sandbox.1] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0050776.BHO] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0050776.BHO.1] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0050776.Sandbox] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0050776.Sandbox.1] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\TbHelper.TbDownloadManager] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\TbHelper.TbDownloadManager.1] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\TbHelper.TbPropertyManager] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\TbHelper.TbPropertyManager.1] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\TbHelper.TbRequest] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\TbHelper.TbRequest.1] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\TbHelper.TbTask] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\TbHelper.TbTask.1] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\TbHelper.ToolbarHelper] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\TbHelper.ToolbarHelper.1] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\TBSB01555.IEToolbar] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\TBSB01555.IEToolbar.1] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\TBSB01555.TBSB01555] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\TBSB01555.TBSB01555.3] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\Toolbar3.TBSB01555] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\Toolbar3.TBSB01555.1] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\Toolbar.CT2724431] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\Toolbar3.ContextMenuNotifier] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\Toolbar3.ContextMenuNotifier.1] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\Toolbar3.CustomInternetSecurityImpl] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\Toolbar3.CustomInternetSecurityImpl.1] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\Toolbar3.SearchProviderManager] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\Toolbar3.SearchProviderManager.1] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110411411150}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110411891126}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110511071176}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220022502260}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220422412250}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220422892226}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220522072276}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\AppID\escortApp.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\escortEng.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\TbHelper.EXE] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411411150}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511071176}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536] =>PUP.SweetIM^
[HKLM\Software\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}] =>Toolbar.Conduit^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:fst_fr_83 =>Adware.FreeSoftToday^
C:\Users\Stéphane\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd =>Adware.InstallBrain^
C:\Users\Stéphane\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajfghlhfkcocafkcjlajldicbikpgnp =>PUP.CrossRider^
C:\Users\Stéphane\AppData\Local\Google\Chrome\User Data\Default\Extensions\klhlfdbffplhpkpalkmacjejfbdeefaj =>PUP.CrossRider^
C:\Users\Stéphane\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo =>PUP.MediaPlayerEnhance^
C:\Users\Stéphane\AppData\Roaming\Mozilla\Firefox\Profiles\EP: RegExtension {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} . (...) -- C:\extensions\Program Files (x86)\PriceGong\2.5.4\FF (.not file.) =>Adware.PriceGong^
C:\Users\Stéphane\AppData\Roaming\Mozilla\Firefox\Profiles\qphghzox.default\extensions\ioeeaylf@bamroztoa.net =>PUP.SaverPro^
C:\Users\Stéphane\AppData\Roaming\Mozilla\Firefox\Profiles\qphghzox.default\extensions\oay1.p@hrrajbuurso.edu =>PUP.LuckyCoupon^
C:\Users\Stéphane\AppData\Roaming\Mozilla\Firefox\Profiles\qphghzox.default\extensions\{94cd2cc3-083f-49ba-a218-4cda4b4829fd} =>Toolbar.Conduit^
C:\Program Files (x86)\Activeris AntiMalware =>PUP.Activeris^
C:\Program Files (x86)\BringStar =>PUP.BringStar^
C:\Program Files (x86)\BrowseSmart =>PUP.BrowseSmart^
C:\Program Files (x86)\Cling Clang =>PUP.ClingClang^
C:\Program Files (x86)\Feven 2.2 =>PUP.CrossRider^
C:\Program Files (x86)\FindRight =>Hijacker.FindrToolbar^
C:\Program Files (x86)\MediaPlayerEnhance =>PUP.MediaPlayerEnhance^
C:\Program Files (x86)\Plus-HD-7.5 =>Adware.PlusHD^
C:\Program Files (x86)\SmartSaver+ 8 =>PUP.CrossRider^
C:\Program Files (x86)\SupTab =>PUP.SupTab^
C:\ProgramData\Activeris =>PUP.Activeris^
C:\ProgramData\IBUpdaterService =>Adware.InstallBrain^
C:\ProgramData\IePluginService =>PUP.IePluginService^
C:\ProgramData\Tarma Installer =>PUP.Tarma^
C:\ProgramData\WPM =>PUP.WpManager^
C:\Users\Stéphane\AppData\Roaming\Activeris =>PUP.Activeris^
C:\Users\Stéphane\AppData\Roaming\Optimizer Elite Max =>PUP.OptimizerEliteMax^
C:\Users\Stéphane\AppData\Roaming\ValueApps =>Toolbar.Conduit^
C:\Users\Stéphane\AppData\Roaming\VOPackage =>Adware.Downware^
C:\Program Files (x86)\Conduit =>Toolbar.Conduit
C:\Program Files (x86)\France Toolbar =>Toolbar.France
C:\Program Files (x86)\Optimizer Pro =>PUP.OptimizerPro
C:\Program Files (x86)\Common Files\AVG Secure Search =>Toolbar.AVGSearch
C:\ProgramData\AVG Secure Search =>Toolbar.AVGSearch
C:\Users\Stéphane\AppData\LocalLow\Conduit =>Toolbar.Conduit
C:\Users\Stéphane\AppData\LocalLow\SweetIM =>PUP.SweetIM
C:\Users\Stéphane\AppData\LocalLow\Toolbar4 =>Toolbar.Conduit
C:\Users\Stéphane\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof =>Toolbar.AVGSearch
C:\Program Files (x86)\BrowseSmart\updateBrowseSmart.exe =>PUP.BrowseSmart^
C:\Program Files (x86)\FindRight\updateFindRight.exe =>Hijacker.FindrToolbar^
C:\Program Files (x86)\BrowseSmart\bin\utilBrowseSmart.exe =>PUP.BrowseSmart^
C:\Program Files (x86)\FindRight\bin\utilFindRight.exe =>Hijacker.FindrToolbar^
C:\Users\Stéphane\AppData\Roaming\VOPackage\VOsrv.exe =>Adware.Downware^
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe =>Toolbar.AVGSearch^
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\loggingserver.exe =>Toolbar.AVGSearch^
C:\Windows\Tasks\Feven 2.2-firefoxinstaller.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\Feven 2.2-firefoxinstaller =>PUP.CrossRider^
C:\Windows\Tasks\Feven 2.2-validator.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\Feven 2.2-validator =>PUP.CrossRider^
C:\Windows\Tasks\MediaPlayerEnhance-chromeinstaller.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\MediaPlayerEnhance-chromeinstaller =>PUP.CrossRider^
C:\Windows\Tasks\MediaPlayerEnhance-codedownloader.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\MediaPlayerEnhance-codedownloader =>PUP.CrossRider^
C:\Windows\Tasks\MediaPlayerEnhance-enabler.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\MediaPlayerEnhance-enabler =>PUP.CrossRider^
C:\Windows\Tasks\MediaPlayerEnhance-firefoxinstaller.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\MediaPlayerEnhance-firefoxinstaller =>PUP.CrossRider^
C:\Windows\Tasks\MediaPlayerEnhance-updater.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\MediaPlayerEnhance-updater =>PUP.CrossRider^
C:\Windows\Tasks\MySearchDial.job =>Adware.MyWebSearch^
C:\Windows\System32\Tasks\MySearchDial =>Adware.MyWebSearch^
C:\Windows\Tasks\PC Performer_DEFAULT.job =>Rogue.PCPerformer^
C:\Windows\System32\Tasks\PC Performer_DEFAULT =>Rogue.PCPerformer^
C:\Windows\Tasks\PC Performer_UPDATES.job =>Rogue.PCPerformer^
C:\Windows\System32\Tasks\PC Performer_UPDATES =>Rogue.PCPerformer^
C:\Windows\Tasks\Plus-HD-7.5-codedownloader.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\Plus-HD-7.5-codedownloader =>PUP.CrossRider^
C:\Windows\Tasks\Plus-HD-7.5-enabler.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\Plus-HD-7.5-enabler =>PUP.CrossRider^
C:\Windows\Tasks\Plus-HD-7.5-firefoxinstaller.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\Plus-HD-7.5-firefoxinstaller =>PUP.CrossRider^
C:\Windows\Tasks\Plus-HD-7.5-updater.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\Plus-HD-7.5-updater =>PUP.CrossRider^
C:\Windows\Tasks\Plus-HD-7.5-validator.job =>Adware.PlusHD^
C:\Windows\System32\Tasks\Plus-HD-7.5-validator =>Adware.PlusHD^
C:\Windows\Tasks\SmartSaver+ 8-chromeinstaller.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\SmartSaver+ 8-chromeinstaller =>PUP.CrossRider^
C:\Windows\Tasks\SmartSaver+ 8-codedownloader.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\SmartSaver+ 8-codedownloader =>PUP.CrossRider^
C:\Windows\Tasks\SmartSaver+ 8-enabler.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\SmartSaver+ 8-enabler =>PUP.CrossRider^
C:\Windows\Tasks\SmartSaver+ 8-firefoxinstaller.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\SmartSaver+ 8-firefoxinstaller =>PUP.CrossRider^
C:\Windows\Tasks\SmartSaver+ 8-updater.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\SmartSaver+ 8-updater =>PUP.CrossRider^
[HKCU\Software\Activeris] =>PUP.Activeris^
[HKCU\Software\BrowseSmart] =>PUP.BrowseSmart^
[HKCU\Software\Conduit] =>Toolbar.Conduit^
[HKCU\Software\FindRight] =>Hijacker.FindrToolbar^
[HKCU\Software\Optimizer Elite Max] =>PUP.OptimizerEliteMax^
[HKCU\Software\Smartbar] =>Hijacker.SmartBar^
[HKCU\Software\TutoTag] =>PUP.AgenceExclusive^
[HKCU\Software\freesofttoday] =>Adware.FreeSoftToday^
[HKCU\Software\mysearchdial] =>Adware.MyWebSearch^
[HKLM\Software\IB Updater] =>Adware.InstallBrain^
[HKLM\Software\Wow6432Node\Activeris] =>PUP.Activeris^
[HKLM\Software\Wow6432Node\BrowseSmart] =>PUP.BrowseSmart^
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit^
[HKLM\Software\Wow6432Node\FREESOFTTODAY] =>Adware.FreeSoftToday^
[HKLM\Software\Wow6432Node\FindRight] =>Hijacker.FindrToolbar^
[HKLM\Software\Wow6432Node\IB Updater] =>Adware.InstallBrain^
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager^
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab^
C:\Windows\Installer\13965b.msi =>PUP.SweetIM^
C:\Windows\Installer\139662.msi =>PUP.SweetIM^
[HKCR\CLSID\{11111111-1111-1111-1111-110411411150}] (MediaPlayerEnhance) =>PUP.MediaPlayerEnhance^
[HKCR\CLSID\{11111111-1111-1111-1111-110511071176}] (Plus-HD-7.5) =>Adware.PlusHD^
[HKCR\CLSID\{22222222-2222-2222-2222-220422412250}] (CrossriderApp0044150.Sandbox) =>PUP.CrossRider^
[HKCR\CLSID\{22222222-2222-2222-2222-220422892226}] (CrossriderApp0048926.Sandbox) =>PUP.CrossRider^
[HKCR\CLSID\{22222222-2222-2222-2222-220522072276}] (CrossriderApp0050776.Sandbox) =>PUP.CrossRider^
[HKCR\CLSID\{93DBF2BB-A2B3-4683-A92E-57E60751F346}] (ValueApps) =>Toolbar.Conduit^
[HKCR\CLSID\{F63AAEDC-3602-49EF-AA45-262380A98980}] (Value Apps plugin) =>Toolbar.Conduit^
~ Additionnel Scan: 369104 Items scanned in 00mn 45s
---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/g2-google-chrome-extensions/ =>.Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects de navigateur (O2)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer Toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Clé de registre Shell MountPoints2 (MPKS) (O51)
~ AMI: 6 Legitimates Filtered in 00mn 00s
---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.fr/pup-browsesmart =>PUP.BrowseSmart
http://nicolascoolman.fr/hijacker-findrtoolbar =>Hijacker.FindrToolbar
http://nicolascoolman.fr/adware-downware =>Adware.Downware
http://nicolascoolman.fr/adware-installbrain =>Adware.InstallBrain
http://nicolascoolman.fr/pup-crossrider =>PUP.CrossRider
http://nicolascoolman.fr/toolbar-conduit =>Toolbar.Conduit
http://nicolascoolman.fr/parasite-pugi =>Parasite.Pugi
http://nicolascoolman.fr/adware-pricegong =>Adware.PriceGong
http://nicolascoolman.fr/hijacker-trovigo =>Hijacker.Trovigo
http://nicolascoolman.fr/pup-awesomehp =>PUP.Awesomehp
http://nicolascoolman.fr/hijacker-smartbar =>Hijacker.SmartBar
http://nicolascoolman.fr/pup-activeris =>PUP.Activeris
http://nicolascoolman.fr/pup-optimizerelitemax =>PUP.OptimizerEliteMax
http://nicolascoolman.fr/adware-2yourface =>Adware.2YourFace
http://nicolascoolman.fr/adware-freesofttoday =>Adware.FreeSoftToday
http://nicolascoolman.fr/pup-mobogenie =>PUP.Mobogenie
http://nicolascoolman.fr/pup-optimizerpro =>PUP.OptimizerPro
http://nicolascoolman.fr/41095379-pup-clingclang =>PUP.ClingClang
http://nicolascoolman.fr/pup-wajam =>PUP.Wajam
http://nicolascoolman.fr/adware-mywebsearch =>Adware.MyWebSearch
http://nicolascoolman.fr/adware-plushd =>Adware.PlusHD
http://nicolascoolman.fr/rogue-registrypowercleaner =>Rogue.RegistryPowerCleaner
http://nicolascoolman.fr/pup-linkidoo =>PUP.LinkiDoo
http://nicolascoolman.fr/pup-sweetim =>PUP.SweetIM
http://nicolascoolman.fr/pup-wpmanager =>PUP.WpManager
http://nicolascoolman.fr/adware-installcore =>Adware.InstallCore
http://nicolascoolman.fr/adware-vidsaver =>Adware.VidSaver
http://nicolascoolman.fr/spyware-agenceexclusive =>PUP.AgenceExclusive
http://nicolascoolman.fr/pup-tarma =>PUP.Tarma
http://nicolascoolman.fr/adware-incredibar =>Adware.IncrediBar
http://nicolascoolman.fr/pup-suptab =>PUP.SupTab
http://nicolascoolman.fr/41973881-pup-bringstar =>PUP.BringStar
http://nicolascoolman.fr/pup-mypcbackup =>PUP.MyPCBackup
http://nicolascoolman.fr/pup-advancedsystemprotector =>PUP.AdvancedSystemProtector
http://nicolascoolman.fr/adware-bloson =>Adware.Bloson
http://nicolascoolman.fr/pup-babylon =>PUP.Babylon
http://nicolascoolman.fr/pup-specialsavings =>Adware.GamePlayLabs
http://nicolascoolman.fr/adware-socialskinz =>Adware.SocialSkinz
http://nicolascoolman.fr/pup-specialsavings =>PUP.SpecialSavings
http://nicolascoolman.fr/pup-v9software =>PUP.V9Software
http://nicolascoolman.fr/pup-bprotector =>PUP.BProtector
http://nicolascoolman.fr/pup-toparcadehits =>PUP.ToparcadeHits
http://nicolascoolman.fr/adware-bullseyetoolbar =>Adware.BullseyeToolbar
http://nicolascoolman.fr/pup-funmoods =>PUP.Funmoods
~ MSI: 44 link(s) detected in 00mn 00s
~ 1101 Legitimates filtered by white list
End of the scan (1222 lines in 02mn 13s)(0)
~ Lancé par Stéphane (28/08/2014 15:40:42)
~ Adresse du Site Web http://nicolascoolman.fr
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program
---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17126
MFIE: Mozilla Firefox 30.0
GCIE: Google Chrome v33.0.1750.117 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista (TM) Ultimate, 64-bit Service Pack 1 (Build 6000)
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 3Q6C9
Windows License : OK
~ Windows Remaining Initializations Number : 1
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
---\\ Logiciels de protection du système
AVG 2014 v14.0.3955
Microsoft Security Client v4.5.0216.0
McAfee Security Scan Plus v3.8.150.1
Spybot - Search & Destroy v1.6.2
---\\ Logiciels d'optimisation du système
CCleaner v4.08
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 13 Plugin
---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4076 MB (27% free)
System Restore: Activé (Enable)
System drive C: has 1655 GB (89%) free of 1850 GB
---\\ Mode de connexion au système
~ Computer Name: PESTOUN-PC
~ User Name: Stéphane
~ All Users Names: UpdatusUser, Stéphane, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Stéphane\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Stéphane\AppData\Roaming\
~ %Desktop% : C:\Users\Stéphane\Desktop\
~ %Favorites% : C:\Users\Stéphane\Favorites\
~ %LocalAppData% : C:\Users\Stéphane\AppData\Local\
~ %StartMenu% : C:\Users\Stéphane\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 1655 Go of 1850 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 13 Go)
E: CD-ROM drive (Free 0 Go of 1 Go)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 41 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.16/12/2011 - 16:02:49.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.40BFD9D6EC8E174145F012246CA73CCD] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.30/05/2014 - 08:56:56.) -- C:\Windows\System32\wininet.dll [2266112]
[MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.04/03/2014 - 10:43:50.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 02:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.16/12/2011 - 16:04:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.DF8126BD41180351A093A3AD2FC8903B] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.16/12/2011 - 16:01:06.) -- C:\Windows\system32\Drivers\volsnap.sys [296320]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/40835
~ Mes musiques (My Musics) : 1/246
~ Mes Videos (My Videos) : 1/113
~ Mes Favoris (My Favorites) : 1/1197
~ Mes Documents (My Documents) : 1/54
~ Mon Bureau (My Desktop) : 1/1019
~ Menu demarrer (Programs) : 1/26
~ Hidden Files: Scanned in 00mn 08s
---\\ Processus lancés
[MD5.554A50B5310E702029D3A675459108FF] - (.Hewlett-Packard - hpsysdrv.) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768] [PID.4760]
[MD5.48C3EBD6D5E52AFCB1A0FA9B7F9802FA] - (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720] [PID.4776]
[MD5.799BCC829F48F19C5689478179060435] - (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720] [PID.4784]
[MD5.DAB55357D9CC9A76052F4472EBD5C729] - (.Apple Inc. - Apple IE DAV.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1326408] [PID.4800]
[MD5.390679F7A217A5E73D756276C40AE887] - (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480] [PID.4916]
[MD5.A2418D3C557C0A0C634DA713A8AC3789] - (.Logitech Inc. - Logitech Webcam Software.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336] [PID.5004]
[MD5.72860972F8196EBB3C896F53D2B95470] - (.Hewlett-Packard - HpqSRmon.) -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HpqSRmon.exe [150528] [PID.5064]
[MD5.550B8CB98A8FA1D7A1A7371055A38DDA] - (...) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe [265240] [PID.2420]
[MD5.B4E6C1B28AF8806008CB654C716ABAFA] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.4472]
[MD5.C8F0DCA0E032881B6C4422B502194629] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5181456] [PID.2508]
[MD5.47CB4D23AE630CA9F6B43DA6C0A083BE] - (.Pas de propriétaire - VProtect Application.) -- C:\Program Files (x86)\AVG Nation toolbar\vprot.exe [2556744] [PID.3284]
[MD5.902054D6B4292329F9594FFF24EE02DB] - (...) -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe [680984] [PID.3112]
[MD5.47833576F0BEE0AD7B45109982B769BD] - (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe [59720] [PID.1812]
[MD5.5331DC9D1C88840326F68C2C531A82A7] - (.Logitech, Inc. - Logitech Updater.) -- C:\Users\Stéphane\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LULnchr.exe [351248] [PID.4572]
[MD5.235D42833F2F89083FA70B9787899846] - (.Logitech, Inc. - Logitech Updater.) -- C:\Users\Stéphane\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe [1353232] [PID.6816]
[MD5.B1E01D636350983E94171E229C759468] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.6084]
[MD5.6E6656C6618C4B0B000267D9AF9EF743] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [859464] [PID.592]
[MD5.33BF80A2291C54DC7D7601CDEF63138E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8099328] [PID.4948]
[MD5.67A95B9D129ED5399E7965CD09CF30E7] - (.Logitech Inc. - Logitech User mode UMVPF service.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848] [PID.1356]
[MD5.F518545E5B7623AD49ABE7F8776EFA46] - (.Apple Inc. - YSLoader.exe.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [43336] [PID.1976]
[MD5.E5C581D358B62CF65776B8E4E17B9E5C] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [292424] [PID.1864]
[MD5.CA793DCC1D5F619021EF1D37CC7A831E] - (.EasyBits Software AS - Shared EasyBits services for Windows.) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232] [PID.2064]
[MD5.075CDE4F95ED6119B4BA9162876801F8] - (.PDF Complete Inc - Dispatcher.) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952] [PID.2516]
[MD5.230F0D65431489B01DFA85749DEBF625] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [378472] [PID.2700]
[MD5.D53118C165AE5D188632B6CDEEE82A1B] - (.TeamViewer GmbH - TeamViewer 8.) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [4308320] [PID.2772]
[MD5.F02A533F517EB38333CB12A9E8963773] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [136176] [PID.672]
[MD5.C0F42F23A02076B9907BD0D651EFBE33] - (...) -- C:\Program Files (x86)\BrowseSmart\updateBrowseSmart.exe [348448] [PID.588] =>PUP.BrowseSmart
[MD5.1B47EC24EA2DBB897B72538FBD61E34E] - (...) -- C:\Program Files (x86)\FindRight\updateFindRight.exe [316704] [PID.2992] =>Hijacker.FindrToolbar
[MD5.C0F42F23A02076B9907BD0D651EFBE33] - (...) -- C:\Program Files (x86)\BrowseSmart\bin\utilBrowseSmart.exe [348448] [PID.2104] =>PUP.BrowseSmart
[MD5.002D492CB24F1BBD3BA5F22FE8049A15] - (...) -- C:\Program Files (x86)\FindRight\bin\utilFindRight.exe [317728] [PID.3116] =>Hijacker.FindrToolbar
[MD5.8B2236701ACD97517B81701FA139A075] - (...) -- C:\Users\Stéphane\AppData\Roaming\VOPackage\VOsrv.exe [53760] [PID.3184] =>Adware.Downware
[MD5.96C3155C779F977E3F71459E935CFFE2] - (.AVG Secure Search - ToolbarU Application.) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe [1793536] [PID.3216] =>Toolbar.AVGSearch
[MD5.9063D0DB903AA1D72E32DE27F4714E55] - (.Pas de propriétaire - loggings Application.) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\loggingserver.exe [158536] [PID.3256] =>Toolbar.AVGSearch
[MD5.794D4B48DFB6E999537C7C3947863463] - (.Safer Networking Ltd. - Spybot-S&D Security Center integration.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368] [PID.3340]
[MD5.D75C4B4A8FE6D7FD74A7EECDBAEC729F] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [326168] [PID.3192]
[MD5.FF7E8BC3A8B90F03BD20588B5840154F] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2214504] [PID.5256]
[MD5.758C2CE427C343F780A205E28555C98D] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2656280] [PID.5228]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Stéphane\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [dlnembnfbcpjnepmfjmngjenhhajpdfd] IB Updater v.2.0.0.550, (Désactivé) =>Adware.InstallBrain
G2 - GCE: Preference [User Data\Default] [icmijdhkcgeclpfjmibnginbbkfcbpep] SearchGBY v.0.9.82 (Désactivé)
G2 - GCE: Preference [User Data\Default] [kajfghlhfkcocafkcjlajldicbikpgnp] Feven 2.2 v.12196.8751.4505, (Activé) =>PUP.CrossRider
G2 - GCE: Preference [User Data\Default] [klhlfdbffplhpkpalkmacjejfbdeefaj] SmartSaver+ 8 v.1.26.69, (Activé) =>PUP.CrossRider
G2 - GCE: Preference [User Data\Default] [lekgiimbfodefdaoofhlckefjbgpeilo] MediaPlayerEnhance v.1.26.69, (Activé) =>PUP.MediaPlayerEnhance
G2 - GCE: Preference [User Data\Default] [ndibdjnfmopecpmkdieinmbadjfpblof] AVG Nation Toolbar v.18.1.0.443 (Désactivé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)
---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 16 Legitimates Filtered in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Stéphane\AppData\Roaming\Mozilla\Firefox\Profiles\qphghzox.default\prefs.js
C:\Users\Stéphane\AppData\Roaming\Mozilla\Firefox\Profiles\qphghzox.default\user.js
M3 - MFPP: Plugins - [Stéphane] -- C:\Users\Stéphane\AppData\Roaming\Mozilla\Firefox\Profiles\qphghzox.default\searchplugins\conduit-search.xml =>Toolbar.Conduit
M3 - MFPP: Plugins - [Stéphane] -- C:\Users\Stéphane\AppData\Roaming\Mozilla\Firefox\Profiles\qphghzox.default\searchplugins\speedbit.xml
M3 - MFPP: Plugins - [Stéphane] -- C:\Users\Stéphane\AppData\Roaming\Mozilla\Firefox\Profiles\qphghzox.default\searchplugins\Web Search.xml =>Parasite.Pugi
M2 - MFEP: RegExtension {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} . (...) -- C:\Program Files (x86)\PriceGong\2.5.4\FF (.not file.) =>Adware.PriceGong
M2 - MFEP: RegExtension {e4f94d1e-2f53-401e-8885-681602c0ddd8} . (...) -- C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
M2 - MFEP: prefs.js [Stéphane - qphghzox.default\ioeeaylf@bamroztoa.net] [] SaverPrro v4.31 (..) =>PUP.SaverPro
M2 - MFEP: prefs.js [Stéphane - qphghzox.default\oay1.p@hrrajbuurso.edu] [] LucKyiCoupon v1.0 (..) =>PUP.LuckyCoupon
M2 - MFEP: prefs.js [Stéphane - qphghzox.default\{1CB94A15-4515-4A88-A296-36DDCA34AF50}] [] RechercherWeb Toolbar v1.0.0 (..)
M2 - MFEP: prefs.js [Stéphane - qphghzox.default\{94cd2cc3-083f-49ba-a218-4cda4b4829fd}] [] Value Apps v1.7.0.0 (..) =>Toolbar.Conduit
M2 - MFEP: Extension [Stéphane - qphghzox.default] {4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}
~ Firefox Browser: 15 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.trovigo.com =>Hijacker.Trovigo
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com =>PUP.Awesomehp
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com =>Hijacker.SmartBar
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com =>Hijacker.SmartBar
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.com =>Hijacker.SmartBar
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.com =>Hijacker.SmartBar
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchUrl,Default = http://feed.snapdo.com =>Hijacker.SmartBar
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com =>PUP.Awesomehp
~ IE Browser: 24 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (15514)
~ Hosts File: Scanned in 00mn 07s
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: CrossriderApp0050776 [64Bits] - {11111111-1111-1111-1111-110511071176} . (.Plus HD - Plus-HD-7.5 BHO.) -- C:\Program Files (x86)\Plus-HD-7.5\Plus-HD-7.5-bho.dll =>PUP.CrossRider
O2 - BHO: (no name) [64Bits] - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} Clé orpheline
O2 - BHO: TBSB01555 [64Bits] - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} . (.Pas de propriétaire - Internet Explorer Toolbar Engine.) -- C:\Program Files (x86)\France Toolbar\tbcore3.dll
O2 - BHO: AVG Do Not Track [64Bits] - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} Clé orpheline
~ BHO: 25 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Activeris AntiMalware.lnk . (.Activeris - Activeris AntiMalware.) -- C:\Program Files (x86)\Activeris AntiMalware\ActiverisAntiMalware.exe =>PUP.Activeris
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\Desktop [Public]: Optimizer Elite Max.lnk . (...) -- C:\Program Files (x86)\Optimizer Elite Max\Optimizer Elite Max.exe (.not file.) =>PUP.OptimizerEliteMax
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\QuickLaunch [Stéphane]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\QuickLaunch [Stéphane]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\Program [Stéphane]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\Program [Stéphane]: Search.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://feed.snapdo.com =>Hijacker.SmartBar
O4 - GS\SystemTools [Stéphane]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com =>PUP.Awesomehp
~ Global Startup: 11 Legitimates Filtered in 00mn 00s
---\\ Applications lancées au démarrage du système (O4)
O4 - GS\Startup [Stéphane]: 2YourFace_Updater.lnk . (...) -- C:\Users\Stéphane\AppData\Roaming\2YourFace\Updater.exe (.not file.) =>Adware.2YourFace
O4 - HKLM\..\Run: [hpsysdrv] . (.Hewlett-Packard - hpsysdrv.) -- c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\RunOnce: [NCPluginUpdater] . (.Hewlett-Packard - NCPluginUpdater.) -- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe
O4 - HKCU\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] . (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [AppleIEDAV] . (.Apple Inc. - Apple IE DAV.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Facebook Update] C:\Users\Stéphane\AppData\Local\Facebook\Update\FacebookUpdate.exe (.not file.)
O4 - HKCU\..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (.not file.)
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe
O4 - HKLM\..\Wow6432Node\Run: [Easybits Recovery] . (.EasyBits Software AS - Pas de description.) -- C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe =>.EasyBits Software AS
O4 - HKLM\..\Wow6432Node\Run: [LWS] . (.Logitech Inc. - Logitech Webcam Software.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe =>.Logitech Inc
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
O4 - HKLM\..\Wow6432Node\Run: [hpqSRMon] . (.Hewlett-Packard - HpqSRmon.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Wow6432Node\Run: [Magic Desktop for HP notification] . (.Easybits - Software update notification.) -- C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe
O4 - HKLM\..\Wow6432Node\Run: [fst_fr_83] C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe =>Adware.FreeSoftToday
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
O4 - HKLM\..\Wow6432Node\Run: [vProt] . (.Pas de propriétaire - VProtect Application.) -- C:\Program Files (x86)\AVG Nation toolbar\vprot.exe
O4 - HKLM\..\Wow6432Node\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe (.not file.) =>PUP.Mobogenie
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2726131679-2337646977-2205106966-1000\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKUS\S-1-5-21-2726131679-2337646977-2205106966-1000\..\Run: [ApplePhotoStreams] . (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKUS\S-1-5-21-2726131679-2337646977-2205106966-1000\..\Run: [AppleIEDAV] . (.Apple Inc. - Apple IE DAV.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
O4 - HKUS\S-1-5-21-2726131679-2337646977-2205106966-1000\..\Run: [SpybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-2726131679-2337646977-2205106966-1000\..\Run: [Facebook Update] C:\Users\Stéphane\AppData\Local\Facebook\Update\FacebookUpdate.exe (.not file.)
O4 - HKUS\S-1-5-21-2726131679-2337646977-2205106966-1000\..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (.not file.)
O4 - HKUS\S-1-5-21-2726131679-2337646977-2205106966-1000\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe
~ Application: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 [64Bits] - {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\Resources\Icons\HP.ico
O9 - Extra button: &Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: AVG Do Not Track [64Bits] - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} -- C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (.not file.)
O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.)
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{798D0E29-6AB2-4615-B22E-04D7D106DA5E}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{798D0E29-6AB2-4615-B22E-04D7D106DA5E}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{798D0E29-6AB2-4615-B22E-04D7D106DA5E}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll =>PUP.OptimizerPro
~ AppInit DLL: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Optimizer Pro Crash Monitor (70e6ca8c) . (...) - C:\Program Files (x86)\optimi~1\OptProCrashSvc.dll =>PUP.OptimizerPro
O23 - Service: Update BrowseSmart (Update BrowseSmart) . (...) - C:\Program Files (x86)\BrowseSmart\updateBrowseSmart.exe =>PUP.BrowseSmart
O23 - Service: Update Cling Clang (Update Cling Clang) . (...) - C:\Program Files (x86)\Cling Clang\updateClingClang.exe (.not file.) =>PUP.ClingClang
O23 - Service: Update FindRight (Update FindRight) . (...) - C:\Program Files (x86)\FindRight\updateFindRight.exe =>Hijacker.FindrToolbar
O23 - Service: Util BrowseSmart (Util BrowseSmart) . (...) - C:\Program Files (x86)\BrowseSmart\bin\utilBrowseSmart.exe =>PUP.BrowseSmart
O23 - Service: Util Cling Clang (Util Cling Clang) . (...) - C:\Program Files (x86)\Cling Clang\bin\utilClingClang.exe (.not file.) =>PUP.ClingClang
O23 - Service: Util FindRight (Util FindRight) . (...) - C:\Program Files (x86)\FindRight\bin\utilFindRight.exe =>Hijacker.FindrToolbar
O23 - Service: Service Component of VO (VOsrv) . (...) - C:\Users\Stéphane\AppData\Roaming\VOPackage\VOsrv.exe =>Adware.Downware
O23 - Service: (vToolbarUpdater18.1.0) . (.AVG Secure Search - ToolbarU Application.) - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe =>Toolbar.AVGSearch
O23 - Service: WajamUpdaterV3 (WajamUpdaterV3) . (...) - C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe (.not file.) =>PUP.Wajam
~ Services: 24 Legitimates Filtered in 00mn 10s
---\\ Enumère les données de BootExecute (BEX) (O34)
O34 - HKLM BootExecute: ( /sync /restart) - File not found
O34 - HKLM BootExecute: ( /sync /restart) - File not found
~ BEX: 3 Legitimates Filtered in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [Feven 2.2-firefoxinstaller] (...) -- C:\Program Files (x86)\Feven 2.2\Feven 2.2-firefoxinstaller.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [Feven 2.2-validator] (...) -- C:\Program Files (x86)\Feven 2.2\Feven 2.2-validator.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [MediaPlayerEnhance-chromeinstaller] (...) -- C:\Program Files (x86)\MediaPlayerEnhance\MediaPlayerEnhance-chromeinstaller.exe (.not file.) [0] =>PUP.MediaPlayerEnhance
[MD5.00000000000000000000000000000000] [APT] [MediaPlayerEnhance-codedownloader] (...) -- C:\Program Files (x86)\MediaPlayerEnhance\MediaPlayerEnhance-codedownloader.exe (.not file.) [0] =>PUP.MediaPlayerEnhance
[MD5.00000000000000000000000000000000] [APT] [MediaPlayerEnhance-enabler] (...) -- C:\Program Files (x86)\MediaPlayerEnhance\MediaPlayerEnhance-enabler.exe (.not file.) [0] =>PUP.MediaPlayerEnhance
[MD5.00000000000000000000000000000000] [APT] [MediaPlayerEnhance-firefoxinstaller] (...) -- C:\Program Files (x86)\MediaPlayerEnhance\MediaPlayerEnhance-firefoxinstaller.exe (.not file.) [0] =>PUP.MediaPlayerEnhance
[MD5.00000000000000000000000000000000] [APT] [MediaPlayerEnhance-updater] (...) -- C:\Program Files (x86)\MediaPlayerEnhance\MediaPlayerEnhance-updater.exe (.not file.) [0] =>PUP.MediaPlayerEnhance
[MD5.00000000000000000000000000000000] [APT] [MySearchDial] (...) -- C:\Users\Stéphane\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>Adware.MyWebSearch
[MD5.00000000000000000000000000000000] [APT] [PC Performer] (...) -- C:\Program Files (x86)\PC Performer\PCPerformer.exe (.not file.) [0] =>Rogue.PCPerformer
[MD5.00000000000000000000000000000000] [APT] [PC Performer_DEFAULT] (...) -- C:\Program Files (x86)\PC Performer\PCPerformer.exe (.not file.) [0] =>Rogue.PCPerformer
[MD5.00000000000000000000000000000000] [APT] [PC Performer_UPDATES] (...) -- C:\Program Files (x86)\PC Performer\PCPerformer.exe (.not file.) [0] =>Rogue.PCPerformer
[MD5.00000000000000000000000000000000] [APT] [Plus-HD-7.5-codedownloader] (...) -- C:\Program Files (x86)\Plus-HD-7.5\Plus-HD-7.5-codedownloader.exe (.not file.) [0] =>Adware.PlusHD
[MD5.00000000000000000000000000000000] [APT] [Plus-HD-7.5-enabler] (...) -- C:\Program Files (x86)\Plus-HD-7.5\Plus-HD-7.5-enabler.exe (.not file.) [0] =>Adware.PlusHD
[MD5.00000000000000000000000000000000] [APT] [Plus-HD-7.5-firefoxinstaller] (...) -- C:\Program Files (x86)\Plus-HD-7.5\Plus-HD-7.5-firefoxinstaller.exe (.not file.) [0] =>Adware.PlusHD
[MD5.00000000000000000000000000000000] [APT] [Plus-HD-7.5-updater] (...) -- C:\Program Files (x86)\Plus-HD-7.5\Plus-HD-7.5-updater.exe (.not file.) [0] =>Adware.PlusHD
[MD5.00000000000000000000000000000000] [APT] [Plus-HD-7.5-validator] (...) -- C:\Program Files (x86)\Plus-HD-7.5\Plus-HD-7.5-validator.exe (.not file.) [0] =>Adware.PlusHD
[MD5.00000000000000000000000000000000] [APT] [RegClean Pro] (...) -- C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe (.not file.) [0] =>Rogue.RegistryPowerCleaner
[MD5.00000000000000000000000000000000] [APT] [SmartSaver+ 8-chromeinstaller] (...) -- C:\Program Files (x86)\SmartSaver+ 8\SmartSaver+ 8-chromeinstaller.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [SmartSaver+ 8-codedownloader] (...) -- C:\Program Files (x86)\SmartSaver+ 8\SmartSaver+ 8-codedownloader.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [SmartSaver+ 8-enabler] (...) -- C:\Program Files (x86)\SmartSaver+ 8\SmartSaver+ 8-enabler.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [SmartSaver+ 8-firefoxinstaller] (...) -- C:\Program Files (x86)\SmartSaver+ 8\SmartSaver+ 8-firefoxinstaller.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [SmartSaver+ 8-updater] (...) -- C:\Program Files (x86)\SmartSaver+ 8\SmartSaver+ 8-updater.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [UpdateVO] (...) -- C:\Users\Stéphane\AppData\Roaming\VOPackage\VOPackage.exe (.not file.) [0] =>Adware.Downware
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2726131679-2337646977-2205106966-1000Core [918]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2726131679-2337646977-2205106966-1000UA [940]
O39 - APT: Feven 2.2-firefoxinstaller - (...) -- C:\Windows\Tasks\Feven 2.2-firefoxinstaller.job [2228] =>PUP.CrossRider
O39 - APT: Feven 2.2-firefoxinstaller - (...) -- C:\Windows\System32\Tasks\Feven 2.2-firefoxinstaller [2228] =>PUP.CrossRider
O39 - APT: Feven 2.2-validator - (...) -- C:\Windows\Tasks\Feven 2.2-validator.job [2390] =>PUP.CrossRider
O39 - APT: Feven 2.2-validator - (...) -- C:\Windows\System32\Tasks\Feven 2.2-validator [2390] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1068]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1072]
O39 - APT: MediaPlayerEnhance-chromeinstaller - (...) -- C:\Windows\Tasks\MediaPlayerEnhance-chromeinstaller.job [3126] =>PUP.CrossRider
O39 - APT: MediaPlayerEnhance-chromeinstaller - (...) -- C:\Windows\System32\Tasks\MediaPlayerEnhance-chromeinstaller [3126] =>PUP.CrossRider
O39 - APT: MediaPlayerEnhance-codedownloader - (...) -- C:\Windows\Tasks\MediaPlayerEnhance-codedownloader.job [1556] =>PUP.CrossRider
O39 - APT: MediaPlayerEnhance-codedownloader - (...) -- C:\Windows\System32\Tasks\MediaPlayerEnhance-codedownloader [1556] =>PUP.CrossRider
O39 - APT: MediaPlayerEnhance-enabler - (...) -- C:\Windows\Tasks\MediaPlayerEnhance-enabler.job [1454] =>PUP.CrossRider
O39 - APT: MediaPlayerEnhance-enabler - (...) -- C:\Windows\System32\Tasks\MediaPlayerEnhance-enabler [1454] =>PUP.CrossRider
O39 - APT: MediaPlayerEnhance-firefoxinstaller - (...) -- C:\Windows\Tasks\MediaPlayerEnhance-firefoxinstaller.job [2400] =>PUP.CrossRider
O39 - APT: MediaPlayerEnhance-firefoxinstaller - (...) -- C:\Windows\System32\Tasks\MediaPlayerEnhance-firefoxinstaller [2400] =>PUP.CrossRider
O39 - APT: MediaPlayerEnhance-updater - (...) -- C:\Windows\Tasks\MediaPlayerEnhance-updater.job [1600] =>PUP.CrossRider
O39 - APT: MediaPlayerEnhance-updater - (...) -- C:\Windows\System32\Tasks\MediaPlayerEnhance-updater [1600] =>PUP.CrossRider
O39 - APT: MySearchDial - (...) -- C:\Windows\Tasks\MySearchDial.job [304] =>Adware.MyWebSearch
O39 - APT: MySearchDial - (...) -- C:\Windows\System32\Tasks\MySearchDial [304] =>Adware.MyWebSearch
O39 - APT: PC Performer_DEFAULT - (...) -- C:\Windows\Tasks\PC Performer_DEFAULT.job [282] =>Rogue.PCPerformer
O39 - APT: PC Performer_DEFAULT - (...) -- C:\Windows\System32\Tasks\PC Performer_DEFAULT [282] =>Rogue.PCPerformer
O39 - APT: PC Performer_UPDATES - (...) -- C:\Windows\Tasks\PC Performer_UPDATES.job [290] =>Rogue.PCPerformer
O39 - APT: PC Performer_UPDATES - (...) -- C:\Windows\System32\Tasks\PC Performer_UPDATES [290] =>Rogue.PCPerformer
O39 - APT: Plus-HD-7.5-codedownloader - (...) -- C:\Windows\Tasks\Plus-HD-7.5-codedownloader.job [1470] =>PUP.CrossRider
O39 - APT: Plus-HD-7.5-codedownloader - (...) -- C:\Windows\System32\Tasks\Plus-HD-7.5-codedownloader [1470] =>PUP.CrossRider
O39 - APT: Plus-HD-7.5-enabler - (...) -- C:\Windows\Tasks\Plus-HD-7.5-enabler.job [1368] =>PUP.CrossRider
O39 - APT: Plus-HD-7.5-enabler - (...) -- C:\Windows\System32\Tasks\Plus-HD-7.5-enabler [1368] =>PUP.CrossRider
O39 - APT: Plus-HD-7.5-firefoxinstaller - (...) -- C:\Windows\Tasks\Plus-HD-7.5-firefoxinstaller.job [2332] =>PUP.CrossRider
O39 - APT: Plus-HD-7.5-firefoxinstaller - (...) -- C:\Windows\System32\Tasks\Plus-HD-7.5-firefoxinstaller [2332] =>PUP.CrossRider
O39 - APT: Plus-HD-7.5-updater - (...) -- C:\Windows\Tasks\Plus-HD-7.5-updater.job [1514] =>PUP.CrossRider
O39 - APT: Plus-HD-7.5-updater - (...) -- C:\Windows\System32\Tasks\Plus-HD-7.5-updater [1514] =>PUP.CrossRider
O39 - APT: Plus-HD-7.5-validator - (...) -- C:\Windows\Tasks\Plus-HD-7.5-validator.job [2398] =>Adware.PlusHD
O39 - APT: Plus-HD-7.5-validator - (...) -- C:\Windows\System32\Tasks\Plus-HD-7.5-validator [2398] =>Adware.PlusHD
O39 - APT: SmartSaver+ 8-chromeinstaller - (...) -- C:\Windows\Tasks\SmartSaver+ 8-chromeinstaller.job [3106] =>PUP.CrossRider
O39 - APT: SmartSaver+ 8-chromeinstaller - (...) -- C:\Windows\System32\Tasks\SmartSaver+ 8-chromeinstaller [3106] =>PUP.CrossRider
O39 - APT: SmartSaver+ 8-codedownloader - (...) -- C:\Windows\Tasks\SmartSaver+ 8-codedownloader.job [1482] =>PUP.CrossRider
O39 - APT: SmartSaver+ 8-codedownloader - (...) -- C:\Windows\System32\Tasks\SmartSaver+ 8-codedownloader [1482] =>PUP.CrossRider
O39 - APT: SmartSaver+ 8-enabler - (...) -- C:\Windows\Tasks\SmartSaver+ 8-enabler.job [1380] =>PUP.CrossRider
O39 - APT: SmartSaver+ 8-enabler - (...) -- C:\Windows\System32\Tasks\SmartSaver+ 8-enabler [1380] =>PUP.CrossRider
O39 - APT: SmartSaver+ 8-firefoxinstaller - (...) -- C:\Windows\Tasks\SmartSaver+ 8-firefoxinstaller.job [2424] =>PUP.CrossRider
O39 - APT: SmartSaver+ 8-firefoxinstaller - (...) -- C:\Windows\System32\Tasks\SmartSaver+ 8-firefoxinstaller [2424] =>PUP.CrossRider
O39 - APT: SmartSaver+ 8-updater - (...) -- C:\Windows\Tasks\SmartSaver+ 8-updater.job [1526] =>PUP.CrossRider
O39 - APT: SmartSaver+ 8-updater - (...) -- C:\Windows\System32\Tasks\SmartSaver+ 8-updater [1526] =>PUP.CrossRider
~ Scheduled Task: 80 Legitimates Filtered in 00mn 06s
---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: ({42e50651-9669-456e-9081-d5a836274274}w64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{42e50651-9669-456e-9081-d5a836274274}w64.sys =>PUP.LinkiDoo
~ Drivers: 78 Legitimates Filtered in 00mn 00s
---\\ Logiciels installés (O42)
O42 - Logiciel: Activeris AntiMalware - (.Activeris.) [HKLM][64Bits] -- 94EAE98D-444B-4817-858C-13DB943DF4F1_Activeris_A~741EE3A2_is1 =>PUP.Activeris
O42 - Logiciel: Feven 2.2 - (.Feven.) [HKLM][64Bits] -- Feven 2.2 =>PUP.CrossRider
O42 - Logiciel: France Toolbar - (.France Toolbar.) [HKLM][64Bits] -- France Toolbar
O42 - Logiciel: IB Updater 2.0.0.550 - (.IncrediBar.) [HKLM][64Bits] -- {336D0C35-8A85-403a-B9D2-65C292C39087}_is1 =>Adware.InstallBrain
O42 - Logiciel: MediaPlayerEnhance - (.Feven.) [HKLM][64Bits] -- MediaPlayerEnhance =>PUP.MediaPlayerEnhance
O42 - Logiciel: Plus-HD-7.5 - (.Plus HD.) [HKLM][64Bits] -- Plus-HD-7.5 =>Adware.PlusHD
O42 - Logiciel: ShopPerMaSStaer - (.ShopperMaesteR.) [HKLM][64Bits] -- {35E0D123-1F22-9AE6-F973-B7ECA46E8BFE}
O42 - Logiciel: SmartSaver+ 8 - (.smart-saverplus.) [HKLM][64Bits] -- SmartSaver+ 8 =>PUP.CrossRider
O42 - Logiciel: SweetIM for Messenger 3.7 - (.SweetIM Technologies Ltd..) [HKLM][64Bits] -- {7683B745-6060-41FD-AA75-0BBB383FEAD4} =>PUP.SweetIM
O42 - Logiciel: WPM17.8.0.3325 - (.Cherished Technololgy LIMITED.) [HKLM][64Bits] -- WPM =>PUP.WpManager
~ Logic: 53 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Activeris] =>PUP.Activeris
[HKCU\Software\BrowseSmart] =>PUP.BrowseSmart
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\FindRight] =>Hijacker.FindrToolbar
[HKCU\Software\IM]
[HKCU\Software\IncrediMail]
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\InstalledBrowserExtensions] =>Adware.VidSaver
[HKCU\Software\Optimizer Elite Max] =>PUP.OptimizerEliteMax
[HKCU\Software\Smartbar] =>Hijacker.SmartBar
[HKCU\Software\Speedbit]
[HKCU\Software\TutoTag] =>PUP.AgenceExclusive
[HKCU\Software\freesofttoday] =>Adware.FreeSoftToday
[HKCU\Software\mysearchdial] =>Adware.MyWebSearch
[HKLM\Software\IB Updater] =>Adware.InstallBrain
[HKLM\Software\InstalledBrowserExtensions] =>Adware.VidSaver
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKLM\Software\Web Assistant] =>Adware.IncrediBar
[HKLM\Software\Wow6432Node\Activeris] =>PUP.Activeris
[HKLM\Software\Wow6432Node\BrowseSmart] =>PUP.BrowseSmart
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\FREESOFTTODAY] =>Adware.FreeSoftToday
[HKLM\Software\Wow6432Node\FindRight] =>Hijacker.FindrToolbar
[HKLM\Software\Wow6432Node\IB Updater] =>Adware.InstallBrain
[HKLM\Software\Wow6432Node\InstallCore] =>Adware.InstallCore
[HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>Adware.VidSaver
[HKLM\Software\Wow6432Node\Tutorials] =>PUP.AgenceExclusive
[HKLM\Software\Wow6432Node\Web Assistant] =>Adware.IncrediBar
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager
[HKLM\Software\Wow6432Node\anset]
[HKLM\Software\Wow6432Node\mamverifier]
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab
~ Key Software: 435 Legitimates Filtered in 00mn 01s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 27/03/2014 - 12:03:42 - [] ----D C:\Program Files (x86)\Activeris AntiMalware =>PUP.Activeris
O43 - CFD: 23/02/2014 - 17:10:51 - [0] ----D C:\Program Files (x86)\BringStar =>PUP.BringStar
O43 - CFD: 22/03/2014 - 02:59:37 - [] ----D C:\Program Files (x86)\BrowseSmart =>PUP.BrowseSmart
O43 - CFD: 22/03/2014 - 00:24:43 - [0] ----D C:\Program Files (x86)\Cling Clang =>PUP.ClingClang
O43 - CFD: 08/02/2014 - 05:18:02 - [] ----D C:\Program Files (x86)\Conduit
O43 - CFD: 09/05/2014 - 14:02:46 - [] ----D C:\Program Files (x86)\Feven 2.2 =>PUP.CrossRider
O43 - CFD: 09/05/2014 - 14:02:50 - [] ----D C:\Program Files (x86)\FindRight =>Hijacker.FindrToolbar
O43 - CFD: 07/12/2013 - 14:45:39 - [] ----D C:\Program Files (x86)\France Toolbar
O43 - CFD: 09/05/2014 - 14:07:10 - [] ----D C:\Program Files (x86)\MediaPlayerEnhance =>PUP.MediaPlayerEnhance
O43 - CFD: 09/05/2014 - 14:08:17 - [] ----D C:\Program Files (x86)\Plus-HD-7.5 =>Adware.PlusHD
O43 - CFD: 09/05/2014 - 14:08:23 - [] ----D C:\Program Files (x86)\SmartSaver+ 8 =>PUP.CrossRider
O43 - CFD: 18/04/2014 - 03:59:06 - [] ----D C:\Program Files (x86)\SupTab =>PUP.SupTab
O43 - CFD: 08/02/2014 - 05:18:04 - [] ----D C:\Program Files (x86)\Uninstaller
O43 - CFD: 21/03/2014 - 23:28:05 - [] ----D C:\ProgramData\3d0693424e0c2f7f
O43 - CFD: 27/03/2014 - 12:03:41 - [] ----D C:\ProgramData\Activeris =>PUP.Activeris
O43 - CFD: 30/12/2013 - 18:20:04 - [] ----D C:\ProgramData\APN
O43 - CFD: 31/10/2013 - 12:13:42 - [] ----D C:\ProgramData\IBUpdaterService =>Adware.InstallBrain
O43 - CFD: 03/06/2014 - 06:33:52 - [] ----D C:\ProgramData\IePluginService =>PUP.IePluginService
O43 - CFD: 01/01/2012 - 18:22:04 - [] ----D C:\ProgramData\IM
O43 - CFD: 01/01/2012 - 18:21:21 - [] ----D C:\ProgramData\IncrediMail
O43 - CFD: 09/05/2014 - 14:10:41 - [] ----D C:\ProgramData\ShopPerMaSStaer
O43 - CFD: 21/08/2013 - 17:16:13 - [0] ----D C:\ProgramData\Tarma Installer =>PUP.Tarma
O43 - CFD: 10/02/2014 - 00:12:22 - [0] ----D C:\ProgramData\WPM =>PUP.WpManager
O43 - CFD: 04/05/2014 - 12:41:59 - [] ----D C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
O43 - CFD: 27/03/2014 - 12:03:49 - [] ----D C:\Users\Stéphane\AppData\Roaming\Activeris =>PUP.Activeris
O43 - CFD: 27/03/2014 - 12:08:02 - [] ----D C:\Users\Stéphane\AppData\Roaming\Optimizer Elite Max =>PUP.OptimizerEliteMax
O43 - CFD: 08/02/2014 - 05:18:12 - [] ----D C:\Users\Stéphane\AppData\Roaming\ValueApps =>Toolbar.Conduit
O43 - CFD: 25/04/2014 - 19:42:54 - [] ----D C:\Users\Stéphane\AppData\Roaming\VOPackage =>Adware.Downware
O43 - CFD: 01/01/2012 - 18:23:50 - [] ----D C:\Users\Stéphane\AppData\Local\IM
~ 71 Dossier CLSID vide (CLSID Empty Folder)
~ Program Folder: 306 Legitimates Filtered in 00mn 01s
---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.91100BA6EB2A23FD9221F21E87C9D78A] - 01/08/2014 - 18:00:50 ---A- - C:\Windows\Prefetch\UPDATEBROWSESMART.EXE-741E0032.pf =>PUP.BrowseSmart
O45 - LFCP:[MD5.225B07DCFDD2A94DA7B5D0E630A899A2] - 28/08/2014 - 14:02:18 ---A- - C:\Windows\Prefetch\UPDATEFINDRIGHT.EXE-BFADF59E.pf =>Hijacker.FindrToolbar
O45 - LFCP:[MD5.F69BBD11B917F788E7A3963A2FAE2DCA] - 28/08/2014 - 14:02:18 ---A- - C:\Windows\Prefetch\UTILBROWSESMART.EXE-25B8950A.pf =>PUP.BrowseSmart
O45 - LFCP:[MD5.6E2FEEE6FA0ACDE5941CA9E50EDAC12A] - 28/08/2014 - 14:02:18 ---A- - C:\Windows\Prefetch\UTILFINDRIGHT.EXE-0BCB0296.pf =>Hijacker.FindrToolbar
~ Prefetcher: 4 Legitimates Filtered in 00mn 00s
---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{dff1bc4b-2803-11e1-934a-806e6f6e6963}\AutoRun\command. (...) -- E:\autoplay\autoplay.exe
~ Keys: Scanned in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:29/05/2012 - 13:53:30 ---A- . (.Windows (R) Codename Longhorn DDK provider - hpvhd 64bit support driver.) -- C:\Windows\System32\Drivers\cpqdfw.sys [27456]
O58 - SDL:27/04/2010 - 18:43:50 ---A- . (...) -- C:\Windows\System32\Drivers\cqcpu.sys [24376]
O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:02/09/2005 - 01:40:26 ---A- . (...) -- C:\Windows\System32\Drivers\FBIKB_NT.Sys [4352]
O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:13/12/2012 - 13:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
O58 - SDL:24/04/2014 - 11:23:46 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{42e50651-9669-456e-9081-d5a836274274}w64.sys [61112] =>PUP.LinkiDoo
~ Drivers: 67 Legitimates Filtered in 00mn 01s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 28/08/2014 - 15:41:36 ---A- . (...) -- C:\Users\Stéphane\Downloads\ZHPCleaner.exe [1240576] =>.Nicolas Coolman
~ 25 Fichiers temporaires (Temporary files)
~ 54 Fichiers cookies (Cookies files)
~ Files: 4 Legitimates Filtered in 00mn 02s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 24/04/2014 - C:\Windows\System32\drivers\{42e50651-9669-456e-9081-d5a836274274}w64.sys ({42e50651-9669-456e-9081-d5a836274274}w64) .(.StdLib - StdLib.) - LEGACY_{42E50651-9669-456E-9081-D5A836274274}W64 =>PUP.LinkiDoo
~ Legacy: 83 Legitimates Filtered in 00mn 00s
---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html>
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: prefs.js [Stéphane - qphghzox.default] user_pref("browser.search.defaultenginename", "Conduit Search");
O69 - SBI: prefs.js [Stéphane - qphghzox.default] user_pref("extensions.crossrider.bic", "1440f7d8ef68928a6449a36ab9f4a401"); =>PUP.CrossRider
O69 - SBI: SearchScopes [HKCU] {006ee092-9658-4fd6-bd8e-a21a348e59f5} - (Web Search) - http://feed.snapdo.com =>Hijacker.SmartBar
O69 - SBI: SearchScopes [HKCU] {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} [DefaultScope] - (Conduit Search) - http://www.trovigo.com =>Hijacker.Trovigo
O69 - SBI: SearchScopes [HKCU] {7F4EFF06-7032-458e-AE16-1C1D8255C28A} - (Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s
---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "547B38670606DF14AA57B0BB83F3AE4D" . (.SweetIM for Messenger 3.7.) -- C:\Windows\Installer\{7683B745-6060-41FD-AA75-0BBB383FEAD4}\ARPPRODUCTICON.exe =>PUP.SweetIM
~ Update Products: 1 Legitimates Filtered in 00mn 00s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.B144B2E367FC30C5020085DABB617B82] [WIS][01/09/2012] (.SweetIM Technologies Ltd. - SweetIM for Messenger 3.7.) -- C:\Windows\Installer\13965b.msi [3704832] =>PUP.SweetIM
[MD5.2FAFA4218BDAB366BB71603CA77D146D] [WIS][01/09/2012] (.SweetIM Technologies Ltd. - SweetPacks Toolbar for Internet Explorer 4.0.) -- C:\Windows\Installer\139662.msi [3123200] =>PUP.SweetIM
~ WIS: 2 Legitimates Filtered in 00mn 01s
---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32 =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASAPI32 =>Adware.NewPlayer
HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASMANCS =>Adware.NewPlayer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32 =>PUP.AdvancedSystemProtector
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS =>PUP.AdvancedSystemProtector
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\conduitinstaller_RASAPI32 =>Adware.Bloson
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\conduitinstaller_RASMANCS =>Adware.Bloson
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ExtensionUpdaterService_RASAPI32 =>Adware.Incredibar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ExtensionUpdaterService_RASMANCS =>Adware.Incredibar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\FindRight_RASAPI32 =>Hijacker.FindrToolbar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\FindRight_RASMANCS =>Hijacker.FindrToolbar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASAPI32 =>PUP.Babylon
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASMANCS =>PUP.Babylon
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NewPlayer_RASAPI32 =>Adware.NewPlayer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NewPlayer_RASMANCS =>Adware.NewPlayer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Savings Sidekick_RASAPI32 =>Adware.GamePlayLabs
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Savings Sidekick_RASMANCS =>Adware.GamePlayLabs
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SnapDo_RASAPI32 =>Hijacker.SmartBar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SnapDo_RASMANCS =>Hijacker.SmartBar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SweetIM_RASAPI32 =>PUP.SweetIM
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SweetIM_RASMANCS =>PUP.SweetIM
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32 =>PUP.SweetIM
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS =>PUP.SweetIM
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBrowseSmart_RASAPI32 =>PUP.BrowseSmart
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBrowseSmart_RASMANCS =>PUP.BrowseSmart
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateFindRight_RASAPI32 =>Hijacker.FindrToolbar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateFindRight_RASMANCS =>Hijacker.FindrToolbar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBrowseSmart_RASAPI32 =>PUP.BrowseSmart
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBrowseSmart_RASMANCS =>PUP.BrowseSmart
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilFindRight_RASAPI32 =>Hijacker.FindrToolbar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilFindRight_RASMANCS =>Hijacker.FindrToolbar
~ BTK: 317 Legitimates Filtered in 00mn 00s
---\\ Recherche de clés de registre CLSID (O101)
[HKCR\CLSID\{11111111-1111-1111-1111-110411411150}] (MediaPlayerEnhance) =>PUP.MediaPlayerEnhance
[HKCR\CLSID\{11111111-1111-1111-1111-110511071176}] (Plus-HD-7.5) =>Adware.PlusHD
[HKCR\CLSID\{22222222-2222-2222-2222-220422412250}] (CrossriderApp0044150.Sandbox) =>PUP.CrossRider
[HKCR\CLSID\{22222222-2222-2222-2222-220422892226}] (CrossriderApp0048926.Sandbox) =>PUP.CrossRider
[HKCR\CLSID\{22222222-2222-2222-2222-220522072276}] (CrossriderApp0050776.Sandbox) =>PUP.CrossRider
[HKCR\CLSID\{93DBF2BB-A2B3-4683-A92E-57E60751F346}] (ValueApps) =>Toolbar.Conduit
[HKCR\CLSID\{F63AAEDC-3602-49EF-AA45-262380A98980}] (Value Apps plugin) =>Toolbar.Conduit
~ BCK: 4509 Legitimates Filtered in 00mn 06s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 08/02/2014 186496 | C:\Program Files (x86)\optimi~1\OptProCrashSvc.dll (70e6ca8c) . (...) - C:\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll =>PUP.OptimizerPro
SS - | Demand 28/08/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 13/05/2014 1473792 | (avgfws) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
SS - | Auto 13/05/2014 3644432 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
SS - | Demand 28/01/2014 227904 | (GamesAppIntegrationService) . (.WildTangent.) - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 25/11/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 25/11/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 25/11/2012 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 13/05/2013 1129760 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
SS - | Demand 09/04/2014 289256 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
SS - | Demand 23/06/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 10/07/1658 0 | (Update Cling Clang) . (...) - C:\Program Files (x86)\Cling Clang\updateClingClang.exe =>PUP.ClingClang
SS - | Auto 10/07/1658 0 | (Util Cling Clang) . (...) - C:\Program Files (x86)\Cling Clang\bin\utilClingClang.exe =>PUP.ClingClang
SS - | Auto 10/07/1658 0 | (WajamUpdaterV3) . (...) - C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe =>PUP.Wajam
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 06/03/2012 148480 | (Agent) . (.Two Pilots.) - C:\Windows\VPDAgent_x64.exe
SR - | Auto 07/01/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 13/05/2014 292424 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
SR - | Auto 10/07/1658 0 | (ezSharedSvc) . (.EasyBits Software AS.) - C:\Windows\System32\ezSharedSvcHost.exe =>.EasyBits Software AS
SR - | Auto 04/11/2013 92160 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co
SR - | Auto 11/10/2010 346168 | (HPClientSvc) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
SR - | Demand 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 27136 | C:\Users\Stéphane\AppData\Local\Temp\7zS45AB\HPSLPSVC64.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Demand 06/02/2014 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 01/02/2011 326168 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 11/03/2014 23808 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 04/08/2011 1016936 | (NVSvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 04/08/2011 2214504 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
SR - | Auto 06/05/2011 1128952 | (pdfcDispatcher) . (.PDF Complete Inc.) - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 26/01/2009 1153368 | (SBSDWSCService) . (.Safer Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
SR - | Auto 30/03/2011 378472 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 07/08/2013 4308320 | (TeamViewer8) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
SR - | Auto 18/01/2012 450848 | (UMVPFSrv) . (.Logitech Inc..) - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
SR - | Auto 01/02/2011 2656280 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 21/03/2014 348448 | (Update BrowseSmart) . (...) - C:\Program Files (x86)\BrowseSmart\updateBrowseSmart.exe =>PUP.BrowseSmart
SR - | Auto 04/05/2014 316704 | (Update FindRight) . (...) - C:\Program Files (x86)\FindRight\updateFindRight.exe =>Hijacker.FindrToolbar
SR - | Auto 21/03/2014 348448 | (Util BrowseSmart) . (...) - C:\Program Files (x86)\BrowseSmart\bin\utilBrowseSmart.exe =>PUP.BrowseSmart
SR - | Auto 09/05/2014 317728 | (Util FindRight) . (...) - C:\Program Files (x86)\FindRight\bin\utilFindRight.exe =>Hijacker.FindrToolbar
SR - | Auto 23/02/2014 53760 | (VOsrv) . (...) - C:\Users\Stéphane\AppData\Roaming\VOPackage\VOsrv.exe =>Adware.Downware
SR - | Auto 28/04/2014 1793536 | (vToolbarUpdater18.1.0) . (.AVG Secure Search.) - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe =>Toolbar.AVGSearch
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 07s
---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by Stéphane at 28/08/2014 15:42:07
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s
---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Stéphane at 28/08/2014 15:42:09
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s
---\\ Scan Additionnel (O88)
Database Version : 13026 - (28/08/2014)
Clés trouvées (Keys found) : 296
Valeurs trouvées (Values found) : 12
Dossiers trouvés (Folders found) : 36
Fichiers trouvés (Files found) : 74
[HKLM\Software\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd] =>Adware.InstallBrain^
[HKLM\Software\Google\Chrome\Extensions\kajfghlhfkcocafkcjlajldicbikpgnp] =>PUP.CrossRider^
[HKLM\Software\Google\Chrome\Extensions\klhlfdbffplhpkpalkmacjejfbdeefaj] =>PUP.CrossRider^
[HKLM\Software\Google\Chrome\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo] =>PUP.MediaPlayerEnhance^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511071176}] =>PUP.CrossRider^
[HKLM\SYSTEM\CurrentControlSet\Services\70e6ca8c] =>PUP.OptimizerPro^
[HKLM\SYSTEM\CurrentControlSet\Services\Update BrowseSmart] =>PUP.BrowseSmart^
[HKLM\SYSTEM\CurrentControlSet\Services\Update Cling Clang] =>PUP.ClingClang^
[HKLM\SYSTEM\CurrentControlSet\Services\Update FindRight] =>Hijacker.FindrToolbar^
[HKLM\SYSTEM\CurrentControlSet\Services\Util BrowseSmart] =>PUP.BrowseSmart^
[HKLM\SYSTEM\CurrentControlSet\Services\Util Cling Clang] =>PUP.ClingClang^
[HKLM\SYSTEM\CurrentControlSet\Services\Util FindRight] =>Hijacker.FindrToolbar^
[HKLM\SYSTEM\CurrentControlSet\Services\VOsrv] =>Adware.Downware^
[HKLM\SYSTEM\CurrentControlSet\Services\vToolbarUpdater18.1.0] =>Toolbar.AVGSearch^
[HKLM\SYSTEM\CurrentControlSet\Services\WajamUpdaterV3] =>PUP.Wajam^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Feven 2.2-firefoxinstaller] =>PUP.CrossRider^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Feven 2.2-validator] =>PUP.CrossRider^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MediaPlayerEnhance-chromeinstaller] =>PUP.MediaPlayerEnhance^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MediaPlayerEnhance-codedownloader] =>PUP.MediaPlayerEnhance^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MediaPlayerEnhance-enabler] =>PUP.MediaPlayerEnhance^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MediaPlayerEnhance-firefoxinstaller] =>PUP.MediaPlayerEnhance^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MediaPlayerEnhance-updater] =>PUP.MediaPlayerEnhance^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MySearchDial] =>Adware.MyWebSearch^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Performer] =>Rogue.PCPerformer^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Performer_DEFAULT] =>Rogue.PCPerformer^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Performer_UPDATES] =>Rogue.PCPerformer^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-7.5-codedownloader] =>Adware.PlusHD^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-7.5-enabler] =>Adware.PlusHD^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-7.5-firefoxinstaller] =>Adware.PlusHD^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-7.5-updater] =>Adware.PlusHD^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-7.5-validator] =>Adware.PlusHD^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro] =>Rogue.RegistryPowerCleaner^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartSaver+ 8-chromeinstaller] =>PUP.CrossRider^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartSaver+ 8-codedownloader] =>PUP.CrossRider^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartSaver+ 8-enabler] =>PUP.CrossRider^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartSaver+ 8-firefoxinstaller] =>PUP.CrossRider^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartSaver+ 8-updater] =>PUP.CrossRider^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdateVO] =>Adware.Downware^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\94EAE98D-444B-4817-858C-13DB943DF4F1_Activeris_A~741EE3A2_is1] =>PUP.Activeris^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Feven 2.2] =>PUP.CrossRider^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1] =>Adware.InstallBrain^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MediaPlayerEnhance] =>PUP.MediaPlayerEnhance^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-7.5] =>Adware.PlusHD^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SmartSaver+ 8] =>PUP.CrossRider^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7683B745-6060-41FD-AA75-0BBB383FEAD4}] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WPM] =>PUP.WpManager^
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}] =>Hijacker.SmartBar
[HKLM\Software\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}] =>Adware.SocialSkinz
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1185823F-F22F-4027-80E5-4F68ACD5DE5E}] =>PUP.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}] =>Adware.PriceGong
[HKLM\Software\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011501160}] =>PUP.SpecialSavings
[HKLM\Software\Classes\Interface\{2a42d13c-d427-4787-821b-cf6973855778}] =>Adware.Agent
[HKLM\Software\Wow6432Node\Classes\Interface\{2a42d13c-d427-4787-821b-cf6973855778}] =>Adware.Agent
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}] =>PUP.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}] =>Toolbar.Agent
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}] =>PUP.Babylon
[HKLM\Software\Classes\Interface\{3d8478aa-7b88-48a9-8bcb-b85d594411ec}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{3d8478aa-7b88-48a9-8bcb-b85d594411ec}] =>Adware.SocialSkinz
[HKLM\Software\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{4897bba6-48d9-468c-8efa-846275d7701b}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{4897bba6-48d9-468c-8efa-846275d7701b}] =>Adware.SocialSkinz
[HKLM\Software\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}] =>Adware.SocialSkinz
[HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon
[HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon
[HKLM\Software\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Microsoft\Tracing\SnapDo_RASAPI32] =>Hijacker.SmartBar
[HKLM\Software\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}] =>Adware.SocialSkinz
[HKLM\Software\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}] =>Adware.SocialSkinz
[HKLM\Software\Classes\protector_dll.protectorbho.1] =>PUP.BProtector
[HKLM\Software\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Microsoft\Tracing\SnapDo_RASMANCS] =>Hijacker.SmartBar
[HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits
[HKLM\Software\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ae07101b-46d4-4a98-af68-0333ea26e113}] =>Adware.Agent
[HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>PUP.Babylon
[HKLM\Software\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}] =>Adware.SocialSkinz
[HKLM\Software\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}] =>Hijacker.Seeearch
[HKLM\Software\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}] =>Adware.SocialSkinz
[HKLM\Software\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}] =>Adware.SocialSkinz
[HKLM\Software\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}] =>Hijacker.Seeearch
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}] =>Toolbar.Conduit
[HKLM\Software\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}] =>Toolbar.Wajam
[HKLM\Software\Wow6432Node\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}] =>Toolbar.Wajam
[HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon
[HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon
[HKLM\Software\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}] =>Adware.BullseyeToolbar
[HKLM\Software\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}] =>Adware.BullseyeToolbar
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}] =>Adware.SocialSkinz
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}] =>Adware.SocialSkinz
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}] =>Adware.SocialSkinz
[HKLM\Software\Classes\AppID\escortapp.dll] =>PUP.Babylon
[HKLM\Software\Classes\AppID\escorteng.dll] =>PUP.Babylon
[HKLM\Software\Classes\AppID\esrv.EXE] =>PUP.Babylon
[HKLM\Software\Classes\protector_dll.protectorbho] =>PUP.BProtector
[HKLM\Software\Classes\AppID\ScriptHelper.EXE] =>Toolbar.AVGSearch
[HKLM\Software\Classes\AppID\TbCommonUtils.DLL] =>Toolbar.Agent
[HKLM\Software\Classes\AppID\TbHelper.EXE] =>Toolbar.Agent
[HKLM\Software\Classes\comobject.deskbarenabler] =>Toolbar.Agent
[HKLM\Software\Classes\comobject.deskbarenabler.1] =>Toolbar.Agent
[HKLM\Software\Classes\SpeedUpMyPC] =>PUP.SpeedUpMyPC
[HKLM\Software\Classes\ScriptHelper.ScriptHelperApi] =>Toolbar.AVGSearch
[HKLM\Software\Classes\ScriptHelper.ScriptHelperApi.1] =>Toolbar.AVGSearch
[HKLM\Software\Classes\TbCommonUtils.CommonUtils] =>Toolbar.Agent
[HKLM\Software\Classes\TbCommonUtils.CommonUtils.1] =>Toolbar.Agent
[HKLM\Software\Classes\URLSearchHook.ToolbarURLSearchHook] =>Toolbar.Agent
[HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook.1] =>Adware.Agent
[HKLM\Software\Classes\ViProtocol.ViProtocolOLE] =>Toolbar.AVGSearch
[HKLM\Software\Classes\ViProtocol.ViProtocolOLE.1] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd] =>Adware.IncrediBar
[HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKLM\Software\Wow6432Node\Tutorials] =>Spyware.AgenceExclusive
[HKLM\Software\Web Assistant] =>Adware.IncrediBar
[HKLM\Software\Wow6432Node\Web Assistant] =>Adware.IncrediBar
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASAPI32] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASMANCS] =>PUP.Babylon
[HKLM\Software\Classes\Prod.cap] =>PUP.Babylon
[HKLM\Software\Classes\Installer\Features\547B38670606DF14AA57B0BB83F3AE4D] =>PUP.SweetIM
[HKLM\Software\Classes\Installer\Products\547B38670606DF14AA57B0BB83F3AE4D] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\547B38670606DF14AA57B0BB83F3AE4D] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Classes\Installer\Features\547B38670606DF14AA57B0BB83F3AE4D] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Classes\Installer\Products\547B38670606DF14AA57B0BB83F3AE4D] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7683B745-6060-41FD-AA75-0BBB383FEAD4}] =>PUP.SweetIM
[HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3] =>PUP.SweetIM
[HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EE58E3C298524145B73CBBED3CAC4D3] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3] =>PUP.SweetIM
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKLM\Software\Wow6432Node\InstallCore] =>Adware.InstallCore
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Savings Sidekick_RASAPI32] =>PUP.SavingsSidekick
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Savings Sidekick_RASMANCS] =>PUP.SavingsSidekick
[HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASAPI32] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASMANCS] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof] =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}] =>Toolbar.Yahoo
[HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}] =>PUP.Babylon
[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
[HKLM\Software\Wow6432Node\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
[HKLM\Software\Classes\CrossriderApp0044150.BHO] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0044150.BHO.1] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0044150.Sandbox] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0044150.Sandbox.1] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0048926.BHO] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0048926.BHO.1] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0048926.Sandbox] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0048926.Sandbox.1] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0049012.BHO] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0049012.BHO.1] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0049012.Sandbox] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0049012.Sandbox.1] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0050776.BHO] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0050776.BHO.1] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0050776.Sandbox] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0050776.Sandbox.1] =>PUP.CrossRider
[HKLM\Software\Classes\TbHelper.TbDownloadManager] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbDownloadManager.1] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbPropertyManager] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbPropertyManager.1] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbRequest] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbRequest.1] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbTask] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbTask.1] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.ToolbarHelper] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.ToolbarHelper.1] =>Toolbar.Agent
[HKLM\Software\Classes\TBSB01555.IEToolbar] =>Toolbar.Agent
[HKLM\Software\Classes\TBSB01555.IEToolbar.1] =>Toolbar.Agent
[HKLM\Software\Classes\TBSB01555.TBSB01555] =>Toolbar.Agent
[HKLM\Software\Classes\TBSB01555.TBSB01555.3] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.TBSB01555] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.TBSB01555.1] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar.CT2724431] =>Toolbar.Conduit
[HKLM\Software\Classes\Toolbar3.ContextMenuNotifier] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.ContextMenuNotifier.1] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.CustomInternetSecurityImpl] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.CustomInternetSecurityImpl.1] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.SearchProviderManager] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.SearchProviderManager.1] =>Toolbar.Agent
[HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110411411150}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110511071176}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220422412250}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220422892226}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220522072276}] =>PUP.CrossRider
[HKLM\Software\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411411150}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0044150.BHO] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0044150.BHO.1] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0044150.Sandbox] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0044150.Sandbox.1] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0048926.BHO] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0048926.BHO.1] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0048926.Sandbox] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0048926.Sandbox.1] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0049012.BHO] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0049012.BHO.1] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0049012.Sandbox] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0049012.Sandbox.1] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0050776.BHO] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0050776.BHO.1] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0050776.Sandbox] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0050776.Sandbox.1] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\TbHelper.TbDownloadManager] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\TbHelper.TbDownloadManager.1] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\TbHelper.TbPropertyManager] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\TbHelper.TbPropertyManager.1] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\TbHelper.TbRequest] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\TbHelper.TbRequest.1] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\TbHelper.TbTask] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\TbHelper.TbTask.1] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\TbHelper.ToolbarHelper] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\TbHelper.ToolbarHelper.1] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\TBSB01555.IEToolbar] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\TBSB01555.IEToolbar.1] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\TBSB01555.TBSB01555] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\TBSB01555.TBSB01555.3] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\Toolbar3.TBSB01555] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\Toolbar3.TBSB01555.1] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\Toolbar.CT2724431] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\Toolbar3.ContextMenuNotifier] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\Toolbar3.ContextMenuNotifier.1] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\Toolbar3.CustomInternetSecurityImpl] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\Toolbar3.CustomInternetSecurityImpl.1] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\Toolbar3.SearchProviderManager] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\Toolbar3.SearchProviderManager.1] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110411411150}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110411891126}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110511071176}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220022502260}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220422412250}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220422892226}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220522072276}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\AppID\escortApp.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\escortEng.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\TbHelper.EXE] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411411150}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511071176}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536] =>PUP.SweetIM^
[HKLM\Software\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}] =>Toolbar.Conduit^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:fst_fr_83 =>Adware.FreeSoftToday^
C:\Users\Stéphane\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd =>Adware.InstallBrain^
C:\Users\Stéphane\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajfghlhfkcocafkcjlajldicbikpgnp =>PUP.CrossRider^
C:\Users\Stéphane\AppData\Local\Google\Chrome\User Data\Default\Extensions\klhlfdbffplhpkpalkmacjejfbdeefaj =>PUP.CrossRider^
C:\Users\Stéphane\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo =>PUP.MediaPlayerEnhance^
C:\Users\Stéphane\AppData\Roaming\Mozilla\Firefox\Profiles\EP: RegExtension {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} . (...) -- C:\extensions\Program Files (x86)\PriceGong\2.5.4\FF (.not file.) =>Adware.PriceGong^
C:\Users\Stéphane\AppData\Roaming\Mozilla\Firefox\Profiles\qphghzox.default\extensions\ioeeaylf@bamroztoa.net =>PUP.SaverPro^
C:\Users\Stéphane\AppData\Roaming\Mozilla\Firefox\Profiles\qphghzox.default\extensions\oay1.p@hrrajbuurso.edu =>PUP.LuckyCoupon^
C:\Users\Stéphane\AppData\Roaming\Mozilla\Firefox\Profiles\qphghzox.default\extensions\{94cd2cc3-083f-49ba-a218-4cda4b4829fd} =>Toolbar.Conduit^
C:\Program Files (x86)\Activeris AntiMalware =>PUP.Activeris^
C:\Program Files (x86)\BringStar =>PUP.BringStar^
C:\Program Files (x86)\BrowseSmart =>PUP.BrowseSmart^
C:\Program Files (x86)\Cling Clang =>PUP.ClingClang^
C:\Program Files (x86)\Feven 2.2 =>PUP.CrossRider^
C:\Program Files (x86)\FindRight =>Hijacker.FindrToolbar^
C:\Program Files (x86)\MediaPlayerEnhance =>PUP.MediaPlayerEnhance^
C:\Program Files (x86)\Plus-HD-7.5 =>Adware.PlusHD^
C:\Program Files (x86)\SmartSaver+ 8 =>PUP.CrossRider^
C:\Program Files (x86)\SupTab =>PUP.SupTab^
C:\ProgramData\Activeris =>PUP.Activeris^
C:\ProgramData\IBUpdaterService =>Adware.InstallBrain^
C:\ProgramData\IePluginService =>PUP.IePluginService^
C:\ProgramData\Tarma Installer =>PUP.Tarma^
C:\ProgramData\WPM =>PUP.WpManager^
C:\Users\Stéphane\AppData\Roaming\Activeris =>PUP.Activeris^
C:\Users\Stéphane\AppData\Roaming\Optimizer Elite Max =>PUP.OptimizerEliteMax^
C:\Users\Stéphane\AppData\Roaming\ValueApps =>Toolbar.Conduit^
C:\Users\Stéphane\AppData\Roaming\VOPackage =>Adware.Downware^
C:\Program Files (x86)\Conduit =>Toolbar.Conduit
C:\Program Files (x86)\France Toolbar =>Toolbar.France
C:\Program Files (x86)\Optimizer Pro =>PUP.OptimizerPro
C:\Program Files (x86)\Common Files\AVG Secure Search =>Toolbar.AVGSearch
C:\ProgramData\AVG Secure Search =>Toolbar.AVGSearch
C:\Users\Stéphane\AppData\LocalLow\Conduit =>Toolbar.Conduit
C:\Users\Stéphane\AppData\LocalLow\SweetIM =>PUP.SweetIM
C:\Users\Stéphane\AppData\LocalLow\Toolbar4 =>Toolbar.Conduit
C:\Users\Stéphane\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof =>Toolbar.AVGSearch
C:\Program Files (x86)\BrowseSmart\updateBrowseSmart.exe =>PUP.BrowseSmart^
C:\Program Files (x86)\FindRight\updateFindRight.exe =>Hijacker.FindrToolbar^
C:\Program Files (x86)\BrowseSmart\bin\utilBrowseSmart.exe =>PUP.BrowseSmart^
C:\Program Files (x86)\FindRight\bin\utilFindRight.exe =>Hijacker.FindrToolbar^
C:\Users\Stéphane\AppData\Roaming\VOPackage\VOsrv.exe =>Adware.Downware^
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe =>Toolbar.AVGSearch^
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\loggingserver.exe =>Toolbar.AVGSearch^
C:\Windows\Tasks\Feven 2.2-firefoxinstaller.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\Feven 2.2-firefoxinstaller =>PUP.CrossRider^
C:\Windows\Tasks\Feven 2.2-validator.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\Feven 2.2-validator =>PUP.CrossRider^
C:\Windows\Tasks\MediaPlayerEnhance-chromeinstaller.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\MediaPlayerEnhance-chromeinstaller =>PUP.CrossRider^
C:\Windows\Tasks\MediaPlayerEnhance-codedownloader.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\MediaPlayerEnhance-codedownloader =>PUP.CrossRider^
C:\Windows\Tasks\MediaPlayerEnhance-enabler.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\MediaPlayerEnhance-enabler =>PUP.CrossRider^
C:\Windows\Tasks\MediaPlayerEnhance-firefoxinstaller.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\MediaPlayerEnhance-firefoxinstaller =>PUP.CrossRider^
C:\Windows\Tasks\MediaPlayerEnhance-updater.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\MediaPlayerEnhance-updater =>PUP.CrossRider^
C:\Windows\Tasks\MySearchDial.job =>Adware.MyWebSearch^
C:\Windows\System32\Tasks\MySearchDial =>Adware.MyWebSearch^
C:\Windows\Tasks\PC Performer_DEFAULT.job =>Rogue.PCPerformer^
C:\Windows\System32\Tasks\PC Performer_DEFAULT =>Rogue.PCPerformer^
C:\Windows\Tasks\PC Performer_UPDATES.job =>Rogue.PCPerformer^
C:\Windows\System32\Tasks\PC Performer_UPDATES =>Rogue.PCPerformer^
C:\Windows\Tasks\Plus-HD-7.5-codedownloader.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\Plus-HD-7.5-codedownloader =>PUP.CrossRider^
C:\Windows\Tasks\Plus-HD-7.5-enabler.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\Plus-HD-7.5-enabler =>PUP.CrossRider^
C:\Windows\Tasks\Plus-HD-7.5-firefoxinstaller.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\Plus-HD-7.5-firefoxinstaller =>PUP.CrossRider^
C:\Windows\Tasks\Plus-HD-7.5-updater.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\Plus-HD-7.5-updater =>PUP.CrossRider^
C:\Windows\Tasks\Plus-HD-7.5-validator.job =>Adware.PlusHD^
C:\Windows\System32\Tasks\Plus-HD-7.5-validator =>Adware.PlusHD^
C:\Windows\Tasks\SmartSaver+ 8-chromeinstaller.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\SmartSaver+ 8-chromeinstaller =>PUP.CrossRider^
C:\Windows\Tasks\SmartSaver+ 8-codedownloader.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\SmartSaver+ 8-codedownloader =>PUP.CrossRider^
C:\Windows\Tasks\SmartSaver+ 8-enabler.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\SmartSaver+ 8-enabler =>PUP.CrossRider^
C:\Windows\Tasks\SmartSaver+ 8-firefoxinstaller.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\SmartSaver+ 8-firefoxinstaller =>PUP.CrossRider^
C:\Windows\Tasks\SmartSaver+ 8-updater.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\SmartSaver+ 8-updater =>PUP.CrossRider^
[HKCU\Software\Activeris] =>PUP.Activeris^
[HKCU\Software\BrowseSmart] =>PUP.BrowseSmart^
[HKCU\Software\Conduit] =>Toolbar.Conduit^
[HKCU\Software\FindRight] =>Hijacker.FindrToolbar^
[HKCU\Software\Optimizer Elite Max] =>PUP.OptimizerEliteMax^
[HKCU\Software\Smartbar] =>Hijacker.SmartBar^
[HKCU\Software\TutoTag] =>PUP.AgenceExclusive^
[HKCU\Software\freesofttoday] =>Adware.FreeSoftToday^
[HKCU\Software\mysearchdial] =>Adware.MyWebSearch^
[HKLM\Software\IB Updater] =>Adware.InstallBrain^
[HKLM\Software\Wow6432Node\Activeris] =>PUP.Activeris^
[HKLM\Software\Wow6432Node\BrowseSmart] =>PUP.BrowseSmart^
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit^
[HKLM\Software\Wow6432Node\FREESOFTTODAY] =>Adware.FreeSoftToday^
[HKLM\Software\Wow6432Node\FindRight] =>Hijacker.FindrToolbar^
[HKLM\Software\Wow6432Node\IB Updater] =>Adware.InstallBrain^
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager^
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab^
C:\Windows\Installer\13965b.msi =>PUP.SweetIM^
C:\Windows\Installer\139662.msi =>PUP.SweetIM^
[HKCR\CLSID\{11111111-1111-1111-1111-110411411150}] (MediaPlayerEnhance) =>PUP.MediaPlayerEnhance^
[HKCR\CLSID\{11111111-1111-1111-1111-110511071176}] (Plus-HD-7.5) =>Adware.PlusHD^
[HKCR\CLSID\{22222222-2222-2222-2222-220422412250}] (CrossriderApp0044150.Sandbox) =>PUP.CrossRider^
[HKCR\CLSID\{22222222-2222-2222-2222-220422892226}] (CrossriderApp0048926.Sandbox) =>PUP.CrossRider^
[HKCR\CLSID\{22222222-2222-2222-2222-220522072276}] (CrossriderApp0050776.Sandbox) =>PUP.CrossRider^
[HKCR\CLSID\{93DBF2BB-A2B3-4683-A92E-57E60751F346}] (ValueApps) =>Toolbar.Conduit^
[HKCR\CLSID\{F63AAEDC-3602-49EF-AA45-262380A98980}] (Value Apps plugin) =>Toolbar.Conduit^
~ Additionnel Scan: 369104 Items scanned in 00mn 45s
---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/g2-google-chrome-extensions/ =>.Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects de navigateur (O2)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer Toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Clé de registre Shell MountPoints2 (MPKS) (O51)
~ AMI: 6 Legitimates Filtered in 00mn 00s
---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.fr/pup-browsesmart =>PUP.BrowseSmart
http://nicolascoolman.fr/hijacker-findrtoolbar =>Hijacker.FindrToolbar
http://nicolascoolman.fr/adware-downware =>Adware.Downware
http://nicolascoolman.fr/adware-installbrain =>Adware.InstallBrain
http://nicolascoolman.fr/pup-crossrider =>PUP.CrossRider
http://nicolascoolman.fr/toolbar-conduit =>Toolbar.Conduit
http://nicolascoolman.fr/parasite-pugi =>Parasite.Pugi
http://nicolascoolman.fr/adware-pricegong =>Adware.PriceGong
http://nicolascoolman.fr/hijacker-trovigo =>Hijacker.Trovigo
http://nicolascoolman.fr/pup-awesomehp =>PUP.Awesomehp
http://nicolascoolman.fr/hijacker-smartbar =>Hijacker.SmartBar
http://nicolascoolman.fr/pup-activeris =>PUP.Activeris
http://nicolascoolman.fr/pup-optimizerelitemax =>PUP.OptimizerEliteMax
http://nicolascoolman.fr/adware-2yourface =>Adware.2YourFace
http://nicolascoolman.fr/adware-freesofttoday =>Adware.FreeSoftToday
http://nicolascoolman.fr/pup-mobogenie =>PUP.Mobogenie
http://nicolascoolman.fr/pup-optimizerpro =>PUP.OptimizerPro
http://nicolascoolman.fr/41095379-pup-clingclang =>PUP.ClingClang
http://nicolascoolman.fr/pup-wajam =>PUP.Wajam
http://nicolascoolman.fr/adware-mywebsearch =>Adware.MyWebSearch
http://nicolascoolman.fr/adware-plushd =>Adware.PlusHD
http://nicolascoolman.fr/rogue-registrypowercleaner =>Rogue.RegistryPowerCleaner
http://nicolascoolman.fr/pup-linkidoo =>PUP.LinkiDoo
http://nicolascoolman.fr/pup-sweetim =>PUP.SweetIM
http://nicolascoolman.fr/pup-wpmanager =>PUP.WpManager
http://nicolascoolman.fr/adware-installcore =>Adware.InstallCore
http://nicolascoolman.fr/adware-vidsaver =>Adware.VidSaver
http://nicolascoolman.fr/spyware-agenceexclusive =>PUP.AgenceExclusive
http://nicolascoolman.fr/pup-tarma =>PUP.Tarma
http://nicolascoolman.fr/adware-incredibar =>Adware.IncrediBar
http://nicolascoolman.fr/pup-suptab =>PUP.SupTab
http://nicolascoolman.fr/41973881-pup-bringstar =>PUP.BringStar
http://nicolascoolman.fr/pup-mypcbackup =>PUP.MyPCBackup
http://nicolascoolman.fr/pup-advancedsystemprotector =>PUP.AdvancedSystemProtector
http://nicolascoolman.fr/adware-bloson =>Adware.Bloson
http://nicolascoolman.fr/pup-babylon =>PUP.Babylon
http://nicolascoolman.fr/pup-specialsavings =>Adware.GamePlayLabs
http://nicolascoolman.fr/adware-socialskinz =>Adware.SocialSkinz
http://nicolascoolman.fr/pup-specialsavings =>PUP.SpecialSavings
http://nicolascoolman.fr/pup-v9software =>PUP.V9Software
http://nicolascoolman.fr/pup-bprotector =>PUP.BProtector
http://nicolascoolman.fr/pup-toparcadehits =>PUP.ToparcadeHits
http://nicolascoolman.fr/adware-bullseyetoolbar =>Adware.BullseyeToolbar
http://nicolascoolman.fr/pup-funmoods =>PUP.Funmoods
~ MSI: 44 link(s) detected in 00mn 00s
~ 1101 Legitimates filtered by white list
End of the scan (1222 lines in 02mn 13s)(0)