Se débarrasser de Flipora...! comment ?
petitjaune
Messages postés
5
Date d'inscription
Statut
Membre
Dernière intervention
-
Malekal_morte- Messages postés 180304 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention -
Malekal_morte- Messages postés 180304 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention -
Bonjour,
J'aimerai me débarrasser de Static.Flipora, virus qu'à contracté ma femme sur notre PC, en répondant à une fausse invitation.
On ne trouve que des fausses pages sur le net pour résoudre ce problème. Ou alors le "fameux" logiciel SpyHunter 4 qui est bidón comme tout le monde le sait !
Merci de votre aide.
J'aimerai me débarrasser de Static.Flipora, virus qu'à contracté ma femme sur notre PC, en répondant à une fausse invitation.
On ne trouve que des fausses pages sur le net pour résoudre ce problème. Ou alors le "fameux" logiciel SpyHunter 4 qui est bidón comme tout le monde le sait !
Merci de votre aide.
A voir également:
- Se débarrasser de Flipora...! comment ?
- Comment se débarrasser de mcafee - Guide
- Comment se débarrasser de copilot - Accueil - Intelligence artificielle
- Comment se débarrasser des publicités - Guide
- Comment se débarrasser du rond bleu sur whatsapp - Guide
- Comment se débarrasser de l'alerte mcafee ? - Accueil - Piratage
9 réponses
Sugel, merci mille fois, cela a marché !!! quel niveau !
ET merci de vos conseils, je suis enfin débarassé de la "chose"...
Et je vais dire à ma femme qu'elle ne "contracte" plus ce genre de bebête (hé hé) sur le net !!!
Encore merci, et un grans bonjour depuis le Chili, d'où votre aide est encoreplus appréciable, vu que personne n'y connait rien à ce genre de problème...!
ET merci de vos conseils, je suis enfin débarassé de la "chose"...
Et je vais dire à ma femme qu'elle ne "contracte" plus ce genre de bebête (hé hé) sur le net !!!
Encore merci, et un grans bonjour depuis le Chili, d'où votre aide est encoreplus appréciable, vu que personne n'y connait rien à ce genre de problème...!
virus qu'à contracté ma femme
à la première lecture, j'ai pensé "la pauvre !"
c'est bon, je me tais ;-)
à la première lecture, j'ai pensé "la pauvre !"
c'est bon, je me tais ;-)
Bonjour,
> Téléchargez ICI ZHPDiag.
> Double-cliquez sur ZHPDiag.exe puis suivez les étapes de l'installation.
> Cochez la case "Exécuter ZHPDiag" à la fin de l'installation puis cliquez sur [Terminer].
> L'installation est terminée, 3 icônes sont créées sur votre bureau.
> Double-cliquez sur le raccourci portant le nom "ZHPDiag" qui se trouve normalement sur votre bureau.
> Choisissez l'option "Lancer le diagnostic" (une loupe).
> ZHPDiag va alors analyser le contenu de votre ordinateur à la recherche d'informations sur votre système d'exploitation, la base de registre...
> A la fin de l'analyse, un rapport est créé directement sur votre bureau, il se nomme ZHPDiag.txt.
> Allez a cette adresse, et cliquez sur parcourir, sélectionnez le fichier généré précédemment, et cliquez sur"Envoyer le fichier", puis récupérez l'adresse générée et postez la sur le forum.
> Téléchargez ICI ZHPDiag.
> Double-cliquez sur ZHPDiag.exe puis suivez les étapes de l'installation.
> Cochez la case "Exécuter ZHPDiag" à la fin de l'installation puis cliquez sur [Terminer].
> L'installation est terminée, 3 icônes sont créées sur votre bureau.
> Double-cliquez sur le raccourci portant le nom "ZHPDiag" qui se trouve normalement sur votre bureau.
> Choisissez l'option "Lancer le diagnostic" (une loupe).
> ZHPDiag va alors analyser le contenu de votre ordinateur à la recherche d'informations sur votre système d'exploitation, la base de registre...
> A la fin de l'analyse, un rapport est créé directement sur votre bureau, il se nomme ZHPDiag.txt.
> Allez a cette adresse, et cliquez sur parcourir, sélectionnez le fichier généré précédemment, et cliquez sur"Envoyer le fichier", puis récupérez l'adresse générée et postez la sur le forum.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Re,
J'ai fait le scan proposé. Voici l'adresse générée.
Merci de votre aide encore, j'espère que je vais trouver une solution sans avoir à reformater le système...!
https://pjjoint.malekal.com/files.php?id=ZHPDiag_20130626_e10g513s12d8
J'ai fait le scan proposé. Voici l'adresse générée.
Merci de votre aide encore, j'espère que je vais trouver une solution sans avoir à reformater le système...!
https://pjjoint.malekal.com/files.php?id=ZHPDiag_20130626_e10g513s12d8
- Ferme toutes tes applications en cours
- Lance ZHPFix via le raccourci sur ton Bureau, (Si tu es sous Vista ou Windows 7 n'oublie pas clic droit ==> en tant qu'administrateur")
- Si tu ne l'as pas, télécharge le depuis ce lien: https://www.zebulon.fr/telechargements/securite/systeme/zhpfix.html
- Copie/colle les lignes en gras suivantes:
SysRestore
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified
[MD5.5545056898CE2AF20C44702E102A0C20] - (.No hay proprietario - Search Settings.) -- C:\Program Files (x86)\SearchSettings\SearchSettings.exe [153880] [PID.3812] =>Adware.SearchSettings
O4 - HKCU\..\Run: [Search Settings] . (.No hay proprietario - Search Settings.) -- C:\Program Files (x86)\SearchSettings\SearchSettings.exe =>Adware.SearchSettings
O4 - HKUS\S-1-5-21-483404760-522950025-832698278-1000\..\Run: [Search Settings] . (.No hay proprietario - Search Settings.) -- C:\Program Files (x86)\SearchSettings\SearchSettings.exe =>Adware.SearchSettings
O43 - CFD: 10-06-2013 - 14:42:55 - [0,309] ----D C:\Program Files (x86)\SearchSettings =>Adware.SearchSettings
[MD5.C8152A75A027AD99E291F71FFAEA5176] [SPRF][21-06-2013] (...) -- C:\Users\Ka y JP\AppData\Local\Temp\SHSetup.exe [46317136]
[HKLM\Software\Classes\TypeLib\{937936af-28ca-4973-b8ae-f250406149a2}] =>Adware.BHO
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Associations]:bak_Application =>Hijacker.Agent
O4 - HKLM\..\Wow6432Node\Run: [Search Protection] C:\ProgramData\Search Protection\SearchProtection.exe (.not file.) =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{115ccbae-27b0-47c3-ba42-bab708424393}] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\Interface\{115ccbae-27b0-47c3-ba42-bab708424393}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://static.flipora.com
R3 - URLSearchHook: Flip - Connect with Friends [64Bits] - {4DA729A4-684A-4034-A45B-6D56CEAAE92B} . (.No hay proprietario - Flip - Connect with friends.) (2.0.0.1) -- C:\Program Files (x86)\Discovery Tools\ietb.dll
O2 - BHO: Flip BHO [64Bits] - {63E60077-EDE9-427a-BAD0-2ED15FADA0A8} . (.No hay proprietario - Flip - Connect with friends.) -- C:\Program Files (x86)\Discovery Tools\ietb.dll
O4 - HKCU\..\Run: [SpeedConnectStartUp] Llave huérfana
O4 - HKUS\S-1-5-21-483404760-522950025-832698278-1000\..\Run: [SpeedConnectStartUp] Llave huérfana
O4 - GS\Desktop: Papelera de reciclaje - Acceso directo.lnk - Llave huérfana
[MD5.E2CCF45E655AAF5D1AB8731FB0241A50] [APT] [{6EC7C180-E1CB-49AE-AB1F-18BA12D3FBE7}] (...) -- C:\Windows\MyFreeWeather\uninstall.exe [473600]
O42 - Logiciel: Discovery Tools - (...) [HKLM][64Bits] -- Discovery Tools
O42 - Logiciel: MyFreeWeather 2.24 - (.MicroSmarts LLC.) [HKLM][64Bits] -- Myfreeweather2.10
[HKCU\Software\AppDataLow\Software\Infoaxe]
[HKCU\Software\MyWeather]
[HKCU\Software\infoaxe]
O43 - CFD: 10-06-2013 - 14:42:55 - [0,661] ----D C:\Program Files (x86)\Discovery Tools
O43 - CFD: 13-11-2011 - 10:33:39 - [1,880] ----D C:\Program Files (x86)\MyFreeWeather
O43 - CFD: 23-12-2010 - 11:49:27 - [0,004] ----D C:\Users\Ka y JP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyFreeWeather
O44 - LFC:[MD5.B4B116C190A3156778BE8E325B61C5CF] - 22-06-2013 - 9:50:58 ---A- . (...) -- C:\AT-Cuarentena [210]
O44 - LFC:[MD5.004FF9A96AA7AB91AF16D85A8DF23A4F] - 22-06-2013 - 22:00:14 ---A- . (...) -- C:\AT-Destroyer.txt [14186]
O69 - SBI: SearchScopes [HKCU] infoaxe_google [DefaultScope] - (Web Search) - http://static.flipora.com
[HKLM\Software\Wow6432Node\ALA]
O43 - CFD: 09-03-2011 - 16:22:34 - [2,293] ----D C:\Program Files (x86)\ALA
FirewallRAZ
EmptyCLSID
EmptyTemp
EmptyFlash
Et colle les dans l'espace libre de ZHP Fix,
puis clique sur GO.
Poste le rapport dans ton prochain message.
Voila !
Comment se manifeste ce malware ?
JE te conseille de désinstaller Ad-Aware Browsing Protection, sui est obsolète et ralenti ton PC, ainsi que PCTools, de Symantec, qui a lui aussi pris un coup de vieux ;-)
- Lance ZHPFix via le raccourci sur ton Bureau, (Si tu es sous Vista ou Windows 7 n'oublie pas clic droit ==> en tant qu'administrateur")
- Si tu ne l'as pas, télécharge le depuis ce lien: https://www.zebulon.fr/telechargements/securite/systeme/zhpfix.html
- Copie/colle les lignes en gras suivantes:
SysRestore
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified
[MD5.5545056898CE2AF20C44702E102A0C20] - (.No hay proprietario - Search Settings.) -- C:\Program Files (x86)\SearchSettings\SearchSettings.exe [153880] [PID.3812] =>Adware.SearchSettings
O4 - HKCU\..\Run: [Search Settings] . (.No hay proprietario - Search Settings.) -- C:\Program Files (x86)\SearchSettings\SearchSettings.exe =>Adware.SearchSettings
O4 - HKUS\S-1-5-21-483404760-522950025-832698278-1000\..\Run: [Search Settings] . (.No hay proprietario - Search Settings.) -- C:\Program Files (x86)\SearchSettings\SearchSettings.exe =>Adware.SearchSettings
O43 - CFD: 10-06-2013 - 14:42:55 - [0,309] ----D C:\Program Files (x86)\SearchSettings =>Adware.SearchSettings
[MD5.C8152A75A027AD99E291F71FFAEA5176] [SPRF][21-06-2013] (...) -- C:\Users\Ka y JP\AppData\Local\Temp\SHSetup.exe [46317136]
[HKLM\Software\Classes\TypeLib\{937936af-28ca-4973-b8ae-f250406149a2}] =>Adware.BHO
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Associations]:bak_Application =>Hijacker.Agent
O4 - HKLM\..\Wow6432Node\Run: [Search Protection] C:\ProgramData\Search Protection\SearchProtection.exe (.not file.) =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{115ccbae-27b0-47c3-ba42-bab708424393}] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Classes\Interface\{115ccbae-27b0-47c3-ba42-bab708424393}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://static.flipora.com
R3 - URLSearchHook: Flip - Connect with Friends [64Bits] - {4DA729A4-684A-4034-A45B-6D56CEAAE92B} . (.No hay proprietario - Flip - Connect with friends.) (2.0.0.1) -- C:\Program Files (x86)\Discovery Tools\ietb.dll
O2 - BHO: Flip BHO [64Bits] - {63E60077-EDE9-427a-BAD0-2ED15FADA0A8} . (.No hay proprietario - Flip - Connect with friends.) -- C:\Program Files (x86)\Discovery Tools\ietb.dll
O4 - HKCU\..\Run: [SpeedConnectStartUp] Llave huérfana
O4 - HKUS\S-1-5-21-483404760-522950025-832698278-1000\..\Run: [SpeedConnectStartUp] Llave huérfana
O4 - GS\Desktop: Papelera de reciclaje - Acceso directo.lnk - Llave huérfana
[MD5.E2CCF45E655AAF5D1AB8731FB0241A50] [APT] [{6EC7C180-E1CB-49AE-AB1F-18BA12D3FBE7}] (...) -- C:\Windows\MyFreeWeather\uninstall.exe [473600]
O42 - Logiciel: Discovery Tools - (...) [HKLM][64Bits] -- Discovery Tools
O42 - Logiciel: MyFreeWeather 2.24 - (.MicroSmarts LLC.) [HKLM][64Bits] -- Myfreeweather2.10
[HKCU\Software\AppDataLow\Software\Infoaxe]
[HKCU\Software\MyWeather]
[HKCU\Software\infoaxe]
O43 - CFD: 10-06-2013 - 14:42:55 - [0,661] ----D C:\Program Files (x86)\Discovery Tools
O43 - CFD: 13-11-2011 - 10:33:39 - [1,880] ----D C:\Program Files (x86)\MyFreeWeather
O43 - CFD: 23-12-2010 - 11:49:27 - [0,004] ----D C:\Users\Ka y JP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyFreeWeather
O44 - LFC:[MD5.B4B116C190A3156778BE8E325B61C5CF] - 22-06-2013 - 9:50:58 ---A- . (...) -- C:\AT-Cuarentena [210]
O44 - LFC:[MD5.004FF9A96AA7AB91AF16D85A8DF23A4F] - 22-06-2013 - 22:00:14 ---A- . (...) -- C:\AT-Destroyer.txt [14186]
O69 - SBI: SearchScopes [HKCU] infoaxe_google [DefaultScope] - (Web Search) - http://static.flipora.com
[HKLM\Software\Wow6432Node\ALA]
O43 - CFD: 09-03-2011 - 16:22:34 - [2,293] ----D C:\Program Files (x86)\ALA
FirewallRAZ
EmptyCLSID
EmptyTemp
EmptyFlash
Et colle les dans l'espace libre de ZHP Fix,
puis clique sur GO.
Poste le rapport dans ton prochain message.
Voila !
Comment se manifeste ce malware ?
JE te conseille de désinstaller Ad-Aware Browsing Protection, sui est obsolète et ralenti ton PC, ainsi que PCTools, de Symantec, qui a lui aussi pris un coup de vieux ;-)
Sugel, merci je vais rebooter mon PC et je vous dit si cela a marché !!!
Voilà le rapport:
Rapport de ZHPFix 2013.6.12.3 par Nicolas Coolman, Update du 12/06/2013
Fichier d'export Registre : C:\ZHP\ZHPExportRegistry-26-06-2013-11-39-48.txt
Run by Ka y JP at 26-06-2013 11:39:47
High Elevated Privileges : OK
Windows 7 Business Edition, 64-bit Service Pack 1 (Build 7601)
========== Programa(s) informático(s) ==========
AUSENTE Uninstall Process: c:\program files (x86)\discovery tools\uninst.exe
AUSENTE Uninstall Process: c:\windows\myfreeweather\uninstall.exe
========== Procesos de Memória ==========
SUPRIMIDO Memory Process: C:\Program Files (x86)\SearchSettings\SearchSettings.exe
SUPRIMIDO Memory Process: C:\Users\Ka y JP\AppData\Local\Temp\SHSetup.exe
SUPRIMIDO Memory Process: C:\Windows\MyFreeWeather\uninstall.exe
========== Llaves del Registro ==========
SUPRIMIDO [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Discovery Tools]
SUPRIMIDO [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Myfreeweather2.10]
SUPRIMIDO Key: HKLM\Software\Classes\TypeLib\{937936af-28ca-4973-b8ae-f250406149a2}
SUPRIMIDO Key*: HKLM\Software\Classes\Interface\{115ccbae-27b0-47c3-ba42-bab708424393}
AUSENTE Key: HKLM\Software\Wow6432Node\Classes\Interface\{115ccbae-27b0-47c3-ba42-bab708424393}
SUPRIMIDO Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
SUPRIMIDO Key: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
SUPRIMIDO Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
SUPRIMIDO Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
SUPRIMIDO Key: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
AUSENTE Key: CLSID BHO: {63E60077-EDE9-427a-BAD0-2ED15FADA0A8}
AUSENTE Key: HKCU\Software\AppDataLow\Software\Infoaxe
SUPRIMIDO Key: HKCU\Software\MyWeather
SUPRIMIDO Key: HKCU\Software\infoaxe
SUPRIMIDO Key: HKLM\Software\Wow6432Node\ALA
========== Valores del Registro ==========
SUPRIMADA RunValue: Search Settings
AUSENTE RunValue: Search Settings
SUPRIMADA [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Associations]:bak_Application
SUPRIMADA RunValue: Search Protection
AUSENTE URLSearchHook: {4DA729A4-684A-4034-A45B-6D56CEAAE92B}
SUPRIMADA RunValue: SpeedConnectStartUp
AUSENTE RunValue: SpeedConnectStartUp
Ningúna valor presente en la llave de registro "Standard Profile" FirewallRaz :
Ningúna valor presente en la llave de registro "Domain Profile" FirewallRaz :
========== Elemento(s) de dato del Registro ==========
SUPRIMADA Explorer Association Data Application: http://www.helpmeopen.com/?n=app&ext=%s
SUPRIMADA R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page
========== Carpetas ==========
SUPRIMIDO Folder: C:\Users\Ka y JP\AppData\Local\{0812024E-14DC-4C30-B3DA-A5218DBD7161}
SUPRIMIDO Folder: C:\Users\Ka y JP\AppData\Local\{1468928F-D93A-4029-BD40-4AF1C177EB30}
SUPRIMIDO Folder: C:\Users\Ka y JP\AppData\Local\{15E26FCE-E260-482B-A22F-B86D1BD619DC}
SUPRIMIDO Folder: C:\Users\Ka y JP\AppData\Local\{17DA4BE0-4248-434E-86E6-1D2EC687251E}
SUPRIMIDO Folder: C:\Users\Ka y JP\AppData\Local\{31C1EB50-0817-406B-9601-262666BFC017}
SUPRIMIDO Folder: C:\Users\Ka y JP\AppData\Local\{36EAFC9C-EB90-4E13-B7D5-52900BC0F8BC}
SUPRIMIDO Folder: C:\Users\Ka y JP\AppData\Local\{4637CCA4-26CF-4CC3-8869-713C4F8E52C2}
SUPRIMIDO Folder: C:\Users\Ka y JP\AppData\Local\{481DC877-DDDA-4417-BEBD-D635151950C0}
SUPRIMIDO Folder: C:\Users\Ka y JP\AppData\Local\{4977C9D4-C6C2-48A1-808E-A279D8D9CB0F}
SUPRIMIDO Folder: C:\Users\Ka y JP\AppData\Local\{5CE02F80-584C-4106-9E60-74A4B54E6A3C}
SUPRIMIDO Folder: C:\Users\Ka y JP\AppData\Local\{720DE92C-BDF3-4A2C-866D-9A48C106A28E}
SUPRIMIDO Folder: C:\Users\Ka y JP\AppData\Local\{75A42995-4DDC-4D2B-BEBD-0D4A63EC2884}
SUPRIMIDO Folder: C:\Users\Ka y JP\AppData\Local\{76565519-EAD4-47D4-B9FB-F06C89B18835}
SUPRIMIDO Folder: C:\Users\Ka y JP\AppData\Local\{7F7E0E8C-F907-426C-B6AB-6DAE39BFBEF2}
SUPRIMIDO Folder: C:\Users\Ka y JP\AppData\Local\{80AB65E4-0F72-451D-883E-3F01AD9458EF}
SUPRIMIDO Folder: C:\Users\Ka y JP\AppData\Local\{8529B1AB-07EE-4156-8C4E-4A36ED5CF786}
SUPRIMIDO Folder: C:\Users\Ka y JP\AppData\Local\{8E0CE9C7-0CE9-4C28-9AF2-C74E4F3453C7}
SUPRIMIDO Folder: C:\Users\Ka y JP\AppData\Local\{922B3C77-5988-4EA5-BA54-B53C65264D97}
SUPRIMIDO Folder: C:\Users\Ka y JP\AppData\Local\{94AC5EB1-A5E3-4B93-AB91-DE39442F46EC}
SUPRIMIDO Folder: C:\Users\Ka y JP\AppData\Local\{A81EC784-2A50-486E-A781-38E44BAC3E66}
SUPRIMIDO Folder: C:\Users\Ka y JP\AppData\Local\{B55E5958-60E7-4C8F-8583-9CDD0BB76BC1}
SUPRIMIDO Folder: C:\Users\Ka y JP\AppData\Local\{C4CEB65C-83C9-4F6F-8E75-580B90D6D423}
SUPRIMIDO Folder: C:\Users\Ka y JP\AppData\Local\{CCC40A7C-DCDB-4F94-BE3D-ABB88F9D3001}
SUPRIMIDO Folder: C:\Users\Ka y JP\AppData\Local\{DAEFCFC9-1290-4777-AB8F-27D53B64CEF8}
SUPRIMIDO Folder: C:\Users\Ka y JP\AppData\Local\{ECB7A0D1-3B1D-4D29-B821-3A91F03CB47C}
SUPRIMIDO Folder: C:\Users\Ka y JP\AppData\Local\{F1C1528B-20D5-481E-9971-ECEC1A14D4C3}
SUPRIMIDO Folder: C:\Users\Ka y JP\AppData\Local\{F234C13A-AB02-4E16-A901-3B269291555D}
DELETED Window Temporary
DELETED Flash Cookies
========== Archivos ==========
SUPRIMIDO File***: c:\program files (x86)\searchsettings\searchsettings.exe
AUSENTE File: c:\program files (x86)\searchsettings\searchsettings.exe
SUPRIMIDO File***: c:\users\ka y jp\appdata\local\temp\shsetup.exe
AUSENTE File: c:\programdata\search protection\searchprotection.exe
SUPRIMIDO File: c:\users\ka y jp\desktop\papelera de reciclaje - acceso directo.lnk
SUPRIMIDO File: c:\windows\myfreeweather\uninstall.exe
SUPRIMIDO File: c:\at-cuarentena
SUPRIMIDO File: c:\at-destroyer.txt
DELETED Window Temporary
DELETED Flash Cookies
========== Tarea planeada ==========
SUPRIMIDA Task: {6EC7C180-E1CB-49AE-AB1F-18BA12D3FBE7}
========== ==========
Punto de restauración del sistema creado con éxito
========== Recapitulativo ==========
3 : Procesos de Memória
15 : Llaves del Registro
9 : Valores del Registro
2 : Elemento(s) de dato del Registro
29 : Carpetas
10 : Archivos
2 : Programa(s) informático(s)
1 : Tarea planeada
1 :
End of clean in 08mn 37s
========== Registro Archivos ==========
C:\ZHP\ZHPFix[R1].txt - 26-06-2013 11:39:48 [6414]
Voilà le rapport:
Rapport de ZHPFix 2013.6.12.3 par Nicolas Coolman, Update du 12/06/2013
Fichier d'export Registre : C:\ZHP\ZHPExportRegistry-26-06-2013-11-39-48.txt
Run by Ka y JP at 26-06-2013 11:39:47
High Elevated Privileges : OK
Windows 7 Business Edition, 64-bit Service Pack 1 (Build 7601)
========== Programa(s) informático(s) ==========
AUSENTE Uninstall Process: c:\program files (x86)\discovery tools\uninst.exe
AUSENTE Uninstall Process: c:\windows\myfreeweather\uninstall.exe
========== Procesos de Memória ==========
SUPRIMIDO Memory Process: C:\Program Files (x86)\SearchSettings\SearchSettings.exe
SUPRIMIDO Memory Process: C:\Users\Ka y JP\AppData\Local\Temp\SHSetup.exe
SUPRIMIDO Memory Process: C:\Windows\MyFreeWeather\uninstall.exe
========== Llaves del Registro ==========
SUPRIMIDO [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Discovery Tools]
SUPRIMIDO [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Myfreeweather2.10]
SUPRIMIDO Key: HKLM\Software\Classes\TypeLib\{937936af-28ca-4973-b8ae-f250406149a2}
SUPRIMIDO Key*: HKLM\Software\Classes\Interface\{115ccbae-27b0-47c3-ba42-bab708424393}
AUSENTE Key: HKLM\Software\Wow6432Node\Classes\Interface\{115ccbae-27b0-47c3-ba42-bab708424393}
SUPRIMIDO Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
SUPRIMIDO Key: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
SUPRIMIDO Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
SUPRIMIDO Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
SUPRIMIDO Key: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
AUSENTE Key: CLSID BHO: {63E60077-EDE9-427a-BAD0-2ED15FADA0A8}
AUSENTE Key: HKCU\Software\AppDataLow\Software\Infoaxe
SUPRIMIDO Key: HKCU\Software\MyWeather
SUPRIMIDO Key: HKCU\Software\infoaxe
SUPRIMIDO Key: HKLM\Software\Wow6432Node\ALA
========== Valores del Registro ==========
SUPRIMADA RunValue: Search Settings
AUSENTE RunValue: Search Settings
SUPRIMADA [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Associations]:bak_Application
SUPRIMADA RunValue: Search Protection
AUSENTE URLSearchHook: {4DA729A4-684A-4034-A45B-6D56CEAAE92B}
SUPRIMADA RunValue: SpeedConnectStartUp
AUSENTE RunValue: SpeedConnectStartUp
Ningúna valor presente en la llave de registro "Standard Profile" FirewallRaz :
Ningúna valor presente en la llave de registro "Domain Profile" FirewallRaz :
========== Elemento(s) de dato del Registro ==========
SUPRIMADA Explorer Association Data Application: http://www.helpmeopen.com/?n=app&ext=%s
SUPRIMADA R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page
========== Carpetas ==========
SUPRIMIDO Folder: C:\Users\Ka y JP\AppData\Local\{0812024E-14DC-4C30-B3DA-A5218DBD7161}
SUPRIMIDO Folder: C:\Users\Ka y JP\AppData\Local\{1468928F-D93A-4029-BD40-4AF1C177EB30}
SUPRIMIDO Folder: C:\Users\Ka y JP\AppData\Local\{15E26FCE-E260-482B-A22F-B86D1BD619DC}
SUPRIMIDO Folder: C:\Users\Ka y JP\AppData\Local\{17DA4BE0-4248-434E-86E6-1D2EC687251E}
SUPRIMIDO Folder: C:\Users\Ka y JP\AppData\Local\{31C1EB50-0817-406B-9601-262666BFC017}
SUPRIMIDO Folder: C:\Users\Ka y JP\AppData\Local\{36EAFC9C-EB90-4E13-B7D5-52900BC0F8BC}
SUPRIMIDO Folder: C:\Users\Ka y JP\AppData\Local\{4637CCA4-26CF-4CC3-8869-713C4F8E52C2}
SUPRIMIDO Folder: C:\Users\Ka y JP\AppData\Local\{481DC877-DDDA-4417-BEBD-D635151950C0}
SUPRIMIDO Folder: C:\Users\Ka y JP\AppData\Local\{4977C9D4-C6C2-48A1-808E-A279D8D9CB0F}
SUPRIMIDO Folder: C:\Users\Ka y JP\AppData\Local\{5CE02F80-584C-4106-9E60-74A4B54E6A3C}
SUPRIMIDO Folder: C:\Users\Ka y JP\AppData\Local\{720DE92C-BDF3-4A2C-866D-9A48C106A28E}
SUPRIMIDO Folder: C:\Users\Ka y JP\AppData\Local\{75A42995-4DDC-4D2B-BEBD-0D4A63EC2884}
SUPRIMIDO Folder: C:\Users\Ka y JP\AppData\Local\{76565519-EAD4-47D4-B9FB-F06C89B18835}
SUPRIMIDO Folder: C:\Users\Ka y JP\AppData\Local\{7F7E0E8C-F907-426C-B6AB-6DAE39BFBEF2}
SUPRIMIDO Folder: C:\Users\Ka y JP\AppData\Local\{80AB65E4-0F72-451D-883E-3F01AD9458EF}
SUPRIMIDO Folder: C:\Users\Ka y JP\AppData\Local\{8529B1AB-07EE-4156-8C4E-4A36ED5CF786}
SUPRIMIDO Folder: C:\Users\Ka y JP\AppData\Local\{8E0CE9C7-0CE9-4C28-9AF2-C74E4F3453C7}
SUPRIMIDO Folder: C:\Users\Ka y JP\AppData\Local\{922B3C77-5988-4EA5-BA54-B53C65264D97}
SUPRIMIDO Folder: C:\Users\Ka y JP\AppData\Local\{94AC5EB1-A5E3-4B93-AB91-DE39442F46EC}
SUPRIMIDO Folder: C:\Users\Ka y JP\AppData\Local\{A81EC784-2A50-486E-A781-38E44BAC3E66}
SUPRIMIDO Folder: C:\Users\Ka y JP\AppData\Local\{B55E5958-60E7-4C8F-8583-9CDD0BB76BC1}
SUPRIMIDO Folder: C:\Users\Ka y JP\AppData\Local\{C4CEB65C-83C9-4F6F-8E75-580B90D6D423}
SUPRIMIDO Folder: C:\Users\Ka y JP\AppData\Local\{CCC40A7C-DCDB-4F94-BE3D-ABB88F9D3001}
SUPRIMIDO Folder: C:\Users\Ka y JP\AppData\Local\{DAEFCFC9-1290-4777-AB8F-27D53B64CEF8}
SUPRIMIDO Folder: C:\Users\Ka y JP\AppData\Local\{ECB7A0D1-3B1D-4D29-B821-3A91F03CB47C}
SUPRIMIDO Folder: C:\Users\Ka y JP\AppData\Local\{F1C1528B-20D5-481E-9971-ECEC1A14D4C3}
SUPRIMIDO Folder: C:\Users\Ka y JP\AppData\Local\{F234C13A-AB02-4E16-A901-3B269291555D}
DELETED Window Temporary
DELETED Flash Cookies
========== Archivos ==========
SUPRIMIDO File***: c:\program files (x86)\searchsettings\searchsettings.exe
AUSENTE File: c:\program files (x86)\searchsettings\searchsettings.exe
SUPRIMIDO File***: c:\users\ka y jp\appdata\local\temp\shsetup.exe
AUSENTE File: c:\programdata\search protection\searchprotection.exe
SUPRIMIDO File: c:\users\ka y jp\desktop\papelera de reciclaje - acceso directo.lnk
SUPRIMIDO File: c:\windows\myfreeweather\uninstall.exe
SUPRIMIDO File: c:\at-cuarentena
SUPRIMIDO File: c:\at-destroyer.txt
DELETED Window Temporary
DELETED Flash Cookies
========== Tarea planeada ==========
SUPRIMIDA Task: {6EC7C180-E1CB-49AE-AB1F-18BA12D3FBE7}
========== ==========
Punto de restauración del sistema creado con éxito
========== Recapitulativo ==========
3 : Procesos de Memória
15 : Llaves del Registro
9 : Valores del Registro
2 : Elemento(s) de dato del Registro
29 : Carpetas
10 : Archivos
2 : Programa(s) informático(s)
1 : Tarea planeada
1 :
End of clean in 08mn 37s
========== Registro Archivos ==========
C:\ZHP\ZHPFix[R1].txt - 26-06-2013 11:39:48 [6414]
Passe le sujet en résolu.
Aussi, je vous conseille un peu de lecture, histoire que cela n'arrive plus :P
Savoir utiliser son PC et bonnes habitudes sur internet
Cordialement, Sugel.
Aussi, je vous conseille un peu de lecture, histoire que cela n'arrive plus :P
Savoir utiliser son PC et bonnes habitudes sur internet
Cordialement, Sugel.
~ Rapport de ZHPDiag v2013.12.3.6 - Nicolas Coolman (03/12/2013)
~ Lancé par user (04/12/2013 11:10:41)
~ Adresse du Site Web https://nicolascoolman.webs.com/
~ Forums gratuits d'Assistance à la désinfection : https://nicolascoolman.webs.com/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16736
MFIE: Mozilla Firefox 25.0.1 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
System - Enable Open file C:\Users\user\AppData\Roaming\ZHP\Licence.txt =>.Nicolas Coolman
---\\ Logiciels de protection du système
Avira Free Antivirus v14.0.1.749
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee Security Scan Plus v3.8.130.10
Windows Defender W7
---\\ Logiciels d'optimisation du système
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader X
---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 37 Stepping 5, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3766 MB (46% free)
System Restore: Activé (Enable)
System drive C: has 163 GB (36%) free of 448 GB
---\\ Mode de connexion au système
~ Computer Name: USER-PC
~ User Name: user
~ All Users Names: user, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\user\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\user\AppData\Roaming\
~ %Desktop% : C:\Users\user\Desktop\
~ %Favorites% : C:\Users\user\Favorites\
~ %LocalAppData% : C:\Users\user\AppData\Local\
~ %StartMenu% : C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 163 Go of 448 Go)
D: CD-ROM drive (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.14/07/2011 - 06:30:29.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.9706C99DAEBE3FEAC811B239617E98C4] - (.Microsoft Corporation - Internet Extensions for Win32.) (.12/10/2013 - 09:45:20.) -- C:\Windows\System32\wininet.dll [2241536]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.21/11/2010 - 04:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 02:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.14/07/2011 - 06:33:59.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 05s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/5048
~ Mes Videos (My Videos) : 1/56
~ Mes Favoris (My Favorites) : 1/21
~ Mes Documents (My Documents) : 1/1214
~ Mon Bureau (My Desktop) : 1/2755
~ Menu demarrer (Programs) : 1/22
~ Hidden Files: Scanned in 00mn 16s
---\\ Processus lancés
[MD5.A824317EA303679481EF1039A5D66212] - (.Dritek System Inc. - Launch Manager Worker.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe [343632] [PID.1972]
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.1660]
[MD5.58485642DAB6D898FB8BD29952DB4B3D] - (.PIXELA CORPORATION - Pas de description.) -- C:\Program Files (x86)\PIXELA\Everio MediaBrowser 3\MBCameraMonitor.exe [542064] [PID.2724]
[MD5.3CB07566302BCEEB898DE270A0BEC175] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352] [PID.2368]
[MD5.0D360F06B168A6F37ACA9D9F958245DA] - (.NTI Corporation - Acer Backup Manager.) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280] [PID.1860]
[MD5.9ABC4E3B00CFA3A47D5569F5B49FE42F] - (.Dritek System Inc. - Launch Manager.) -- C:\Program Files (x86)\Launch Manager\LManager.exe [1103440] [PID.2808]
[MD5.D474767D4805CEF801AF6D4AEED1F9E3] - (.CyberLink Corp. - clear.fi Movie Resident Program.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448] [PID.1168]
[MD5.4C976D5913FF84FBF3ED55F8855641B1] - (.Ask - Ask Updater.) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1568976] [PID.2896]
[MD5.7C4AE21DB35F7AF697370EC068C4943E] - (.Nero AG - Nero BackItUp.) -- C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1234216] [PID.464]
[MD5.B412B75E55FEA30E780185B002D3AE14] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576] [PID.2792]
[MD5.D6264E83183E3E3D96F9B05AABE5E347] - (.Microsoft Corporation - Microsoft Word.) -- C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.exe [1423008] [PID.4212]
[MD5.5AA4DF6CD3C96086955064BEC1CD0C9B] - (.Adobe Systems Incorporated - Adobe Reader.) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe [1431256] [PID.4616]
[MD5.534A3CB0847BA114F0D8A5F2BB2EF6D0] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe [887432] [PID.7128]
[MD5.077D59BA0FD4007E841B6C670862B065] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.1648]
[MD5.E0B173F23D873286169995D66B9E3CDF] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [18544] [PID.4620]
[MD5.EB68851F020D35293EADAADEB18B8220] - (.Adobe Systems, Inc. - Adobe Flash Player 11.9 r900.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe [1862536] [PID.744]
[MD5.DC01B5913305D514041A48D44E4326ED] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8277504] [PID.6360]
[MD5.0D1E15010057B8426583A99CB179A6C4] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376] [PID.1232]
[MD5.3927397AC60D943DAF8808AFFED582B7] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65192] [PID.1360]
[MD5.FDE9C7030FB1E9E2715E113EE6A10F90] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376] [PID.1384]
[MD5.A6B41F3044B2C099BBB5531CAA0551D5] - (.Canal+ Active - CanalPlus.VOD.Service.) -- C:\Program Files (x86)\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe [188416] [PID.1404]
[MD5.9DD3A22F804697606C2B7FF9E912FF6B] - (.Dritek System Inc. - Dritek WMI Service.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe [353360] [PID.1916]
[MD5.21ACFD2B4BF6C0F4D9080A437E400E88] - (.Dritek System Inc. - Launch Manager utility process.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe [418896] [PID.1980]
[MD5.C9B2D1D3F86FD3673EF847DEF73B6F9E] - (.Acer Incorporated - Global Registration Service.) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [36456] [PID.2000]
[MD5.B705C7097F9A0EC941D02DCE7C7D426C] - (.Acer Incorporated - Updater Service.) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe [244624] [PID.2040]
[MD5.DBC1136A62BD4DECC3632DF650284C2E] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [268824] [PID.1272]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.1492]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.1740]
[MD5.1873214666F6F0A883742DF91FBC48C9] - (.NTI Corporation - Backup Manager Module.) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832] [PID.2236]
[MD5.48543D304F54C8997462208555662BA4] - (.Avira Operations GmbH & Co. KG - AntiVir WebGuard Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.exe [1164360] [PID.3888]
[MD5.FDDD64C15E7E4F6E23AB36B35D165FFE] - (.Canal+ Distribution - CanalPlayService.exe.) -- C:\Program Files (x86)\Lecteur CANALPLAY\CanalPlayService.exe [928624] [PID.3968]
[MD5.6B24D1C3096DE796D15571079EA5E98C] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13336] [PID.2404]
[MD5.E4534BCCDD1EA7A7A256BB9D6688A5FC] - (.Nero AG - NeroUpdate.) -- C:\Program Files (x86)\Nero\Update\NASvc.exe [490280] [PID.3720]
[MD5.7466809E6DA561D60C2F1CE8EDE3C73F] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2320920] [PID.2816]
~ Processes Running: Scanned in 00mn 07s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2fnhc14x.default\prefs.js
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2fnhc14x.default\user.js
M3 - MFPP: Plugins - [user] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2fnhc14x.default\searchplugins\delta.xml =>Toolbar.DeltaSearch
M3 - MFPP: Plugins - [user] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2fnhc14x.default\searchplugins\infoaxe.xml
M3 - MFPP: Plugins - [user] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2fnhc14x.default\searchplugins\SearchTheWeb.xml
M3 - MFPP: Plugins - [user] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\babylon.xml =>PUP.Babylon
M3 - MFPP: Plugins - [user] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\SearchTheWeb.xml
M2 - MFEP: prefs.js [user - 2fnhc14x.default\{3EB3C1FE-4FED-4ef7-A78C-6616E2521FB5}] [] Connect with friends and discover the best of the Web v (..)
M2 - MFEP: prefs.js [user - 2fnhc14x.default\{C9B68337-E93A-44EA-94DC-CB300EC06444}] [] IMinent Toolbar v5.30.4 (..) =>Adware.IMBooster
~ Firefox Browser: 11 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://kogoa.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://kogoa.com
~ IE Browser: 14 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Ask Toolbar BHO [64Bits] - {D4027C7F-154A-4066-A1AD-4243D8127440} . (.Ask - Avira SearchFree Toolbar.) -- C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll =>Toolbar.Ask
~ BHO: 9 Legitimates Filtered in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Acheter en ligne.lnk . (...) -- C:\Program Files (x86)\Accessory Store\StartUrl.exe (.not file.)
O4 - GS\Desktop [Public]: Everio MediaBrowser 3 Player.lnk . (.PIXELA CORPORATION - Everio MediaBrowser 3 Player.) -- C:\Program Files (x86)\PIXELA\Everio MediaBrowser 3\AVCHDPlayer.exe
O4 - GS\Desktop [Public]: Everio MediaBrowser 3.lnk . (.PIXELA CORPORATION - Pas de description.) -- C:\Program Files (x86)\PIXELA\Everio MediaBrowser 3\MediaBrowser.exe
O4 - GS\Desktop [Public]: Lecteur CANALPLAY.lnk . (.Canal+ Distribution - CanalPlayer.exe.) -- C:\Program Files (x86)\Lecteur CANALPLAY\CanalPlayer.exe
O4 - GS\Desktop [Public]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. - McAfee.) -- C:\Program Files\McAfee Security Scan\3.8.130\McUICnt.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [user]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [user]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [user]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [user]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [user]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [user]: Everio MediaBrowser 3 - Raccourci (2).lnk . (...) -- C:\Users\user\Desktop\doc recup 2\Videos\Everio MediaBrowser 3
O4 - GS\Desktop [user]: Everio MediaBrowser 3 - Raccourci.lnk . (...) -- C:\Users\user\Desktop\doc recup 2\Documents\Everio MediaBrowser 3
~ Global Startup: 75 Legitimates Filtered in 00mn 06s
---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: Device Monitor 3.lnk . (.PIXELA CORPORATION - Pas de description.) -- C:\Program Files (x86)\PIXELA\Everio MediaBrowser 3\MBCameraMonitor.exe
O4 - GS\Startup [Public]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. - McAfee Security Scanner Scheduler.) -- C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe (.not file.)
O4 - HKLM\..\Run: [Power Management] . (.Acer Incorporated - ePowerTray.) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_Plugin.exe
O4 - HKLM\..\Wow6432Node\Run: [Norton Online Backup] . (.Symantec Corporation - Norton Online Backup Service.) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [BackupManagerTray] . (.NTI Corporation - Acer Backup Manager.) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
O4 - HKLM\..\Wow6432Node\Run: [LManager] . (.Dritek System Inc. - Launch Manager.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Wow6432Node\Run: [SuiteTray] . (.Egis Technology Inc. - SuiteTray.) -- C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
O4 - HKLM\..\Wow6432Node\Run: [ArcadeMovieService] . (.CyberLink Corp. - clear.fi Movie Resident Program.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
O4 - HKLM\..\Wow6432Node\Run: [ApnUpdater] . (.Ask - Ask Updater.) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
O4 - HKLM\..\Wow6432Node\Run: [CANAL+ CANALSAT A LA DEMANDE] . (.Canal+ - Lancer CANAL+ CANALSAT A LA DEMANDE.) -- C:\Program Files (x86)\Canal+\CANAL+ CANALSAT A LA DEMANDE\Launcher.exe
O4 - HKLM\..\Wow6432Node\Run: [MajTutorials] C:\Program Files (x86)\Tuto4pc 1.0.1\tuto4pc_fr_16.exe (.not file.) =>PUP.Eorezo
O4 - HKLM\..\Wow6432Node\Run: [NBAgent] . (.Nero AG - Nero BackItUp.) -- C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
O4 - HKLM\..\Wow6432Node\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Wow6432Node\Run: [CanalPlayer] . (.Canal+ Distribution - CanalPlayer.exe.) -- C:\Program Files (x86)\Lecteur CANALPLAY\CanalPlayer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Installateur Windows®.) -- C:\Windows\System32\msiexec.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Installateur Windows®.) -- C:\Windows\System32\msiexec.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Installateur Windows®.) -- C:\Windows\System32\msiexec.exe
O4 - HKUS\S-1-5-21-635281213-3562986156-590498857-1000\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_Plugin.exe
~ Application: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.)
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKCU\...\Domains] *.canalplay.com
O15 - Trusted Zone: [HKCU\...\Domains] *.canalplusactive.com
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C50C275-EEA8-4D6C-800F-7190C52E66E0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E1E84A5-2ABF-4777-B348-7BFEC72C70B1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{7C50C275-EEA8-4D6C-800F-7190C52E66E0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{9E1E84A5-2ABF-4777-B348-7BFEC72C70B1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{7C50C275-EEA8-4D6C-800F-7190C52E66E0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{9E1E84A5-2ABF-4777-B348-7BFEC72C70B1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\AutoKMS.job [268]
[MD5.00000000000000000000000000000000] [APT] [AutoKMS] (...) -- C:\Windows\AutoKMS\AutoKMS.exe (.not file.) [0] =>Trojan.Keygen
[MD5.AC8A678DF2941F76D2E0794BF71688E3] [APT] [Scheduled Update for Ask Toolbar] (...) -- C:\Program Files (x86)\Ask.com\UpdateTask.exe [136400] =>Toolbar.Ask
~ Scheduled Task: 17 Legitimates Filtered in 00mn 12s
---\\ Logiciels installés (O42)
O42 - Logiciel: Ask Toolbar - (.Ask.com.) [HKLM][64Bits] -- {86D4B82A-ABED-442A-BE86-96357B70F4FE} =>Toolbar.Ask
O42 - Logiciel: IMinent Toolbar - (.IMinent.) [HKLM][64Bits] -- {A76AA284-E52D-47E6-9E4F-B85DBF8E35C3} =>Adware.IMBooster
O42 - Logiciel: Iminent - (.Iminent.) [HKLM][64Bits] -- {A6E71E28-43CB-423E-B415-B7C00D77902E} =>Adware.IMBooster
~ Logic: 44 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\5908fd9b03fe540] =>Hijacker.Eazel
[HKCU\Software\APN]
[HKCU\Software\Ask.com]
[HKCU\Software\AskToolbar]
[HKCU\Software\BabSolution] =>Hijacker.BabSolution
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\Somoto] =>Adware.MegaSearch
[HKCU\Software\TutoTag] =>Spyware.AgenceExclusive
[HKCU\Software\Tutorials] =>Spyware.AgenceExclusive
[HKLM\Software\Wow6432Node\5908fd9b03fe540] =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\APN]
[HKLM\Software\Wow6432Node\AskToolbar]
[HKLM\Software\Wow6432Node\Babylon] =>PUP.Babylon
[HKLM\Software\Wow6432Node\DataMngr] =>PUP.Datamngr
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
~ Key Software: 335 Legitimates Filtered in 00mn 01s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 14/09/2012 - 09:42:56 - [4,395] ----D C:\Program Files (x86)\Ask.com
O43 - CFD: 18/10/2012 - 21:48:21 - [0,707] ----D C:\Program Files (x86)\TUTO4PC =>PUP.Eorezo
O43 - CFD: 10/03/2013 - 16:54:34 - [0] ----D C:\ProgramData\Babylon =>PUP.Babylon
O43 - CFD: 18/08/2013 - 14:38:36 - [0] ----D C:\ProgramData\Iminent =>Adware.IMBooster
O43 - CFD: 18/08/2013 - 14:41:21 - [0] ----D C:\Users\user\AppData\Roaming\Iminent =>Adware.IMBooster
O43 - CFD: 30/07/2013 - 15:16:37 - [0] ----D C:\Users\user\AppData\Roaming\main
O43 - CFD: 14/09/2012 - 09:42:42 - [0,941] ----D C:\Users\user\AppData\Local\AskToolbar
~ 365 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 543 Legitimates Filtered in 01mn 17s
---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.DBAA0C650C9549DC5C599D1E81DEDAAD] - 05/04/2011 - 12:26:26 ---A- . (.ELAN Microelectronics Corp. - ETD Kernel Center.) -- C:\Windows\System32\Drivers\ETD.sys [142632]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
~ Drivers: 17 Legitimates Filtered in 00mn 07s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("avg.install.userHPSettings", "http://www.delta-search.com/?affID=119370&tt=070313_9111gen&babsrc=HP_ss&mntrId=26a043910[...] =>Toolbar.DeltaSearch
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("avg.install.userSPSettings", "Delta Search");
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("browser.search.defaultthis.engineName", "Web Search");
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.BabylonToolbar.admin", false); =>PUP.Babylon
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.BabylonToolbar.aflt", "babsst"); =>PUP.Babylon
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}"); =>PUP.Babylon
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.BabylonToolbar.autoRvrt", "false"); =>PUP.Babylon
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.BabylonToolbar.dfltLng", "fr"); =>PUP.Babylon
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.BabylonToolbar.excTlbr", false); =>PUP.Babylon
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.BabylonToolbar.ffxUnstlRst", true); =>PUP.Babylon
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.BabylonToolbar.id", "26a04391000000000000beb70da616e4"); =>PUP.Babylon
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.BabylonToolbar.instlDay", "15935"); =>PUP.Babylon
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.BabylonToolbar.instlRef", "sst"); =>PUP.Babylon
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.BabylonToolbar.newTab", false); =>PUP.Babylon
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); =>PUP.Babylon
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); =>PUP.Babylon
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.BabylonToolbar.rvrt", "false"); =>PUP.Babylon
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.BabylonToolbar.smplGrp", "none"); =>PUP.Babylon
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.BabylonToolbar.tlbrId", "base"); =>PUP.Babylon
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://search.babylon.com/?babsrc=TB_def&mntrId=26a04391000000000000beb70da616[...] =>PUP.Babylon
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.BabylonToolbar.vrsn", "1.8.24.5"); =>PUP.Babylon
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.BabylonToolbar.vrsnTs", "1.8.24.512:45:11"); =>PUP.Babylon
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.BabylonToolbar.vrsni", "1.8.24.5"); =>PUP.Babylon
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.BabylonToolbar_i.babExt", ""); =>PUP.Babylon
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.BabylonToolbar_i.babTrack", "affID=123896&tsp=4978"); =>PUP.Babylon
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.BabylonToolbar_i.newTab", true); =>PUP.Babylon
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.BabylonToolbar_i.newTabUrl", "http://www.delta-search.com/?affID=119370&tt=070313_9111gen&babsrc=NT_ss&mntrI[...] =>PUP.Babylon
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); =>PUP.Babylon
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.delta.admin", false);
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.delta.aflt", "babsst");
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.delta.autoRvrt", "false");
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.delta.dfltLng", "en");
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.delta.excTlbr", false);
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.delta.id", "26a04391000000000000beb70da616e4");
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.delta.instlDay", "15774");
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.delta.instlRef", "sst");
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.delta.newTab", false);
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.delta.prdct", "delta");
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.delta.prtnrId", "delta");
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.delta.rvrt", "false");
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.delta.smplGrp", "none");
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.delta.tlbrId", "base");
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.delta.tlbrSrchUrl", "");
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.delta.vrsn", "1.8.10.0");
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.delta.vrsnTs", "1.8.10.016:54:45");
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.delta.vrsni", "1.8.10.0");
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Delta Search) - http://www.delta-search.com =>Toolbar.DeltaSearch
O69 - SBI: SearchScopes [HKCU] {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} [DefaultScope] - (SearchTheWeb) - http://search.iminent.com =>Adware.IMBooster
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.B28C334C03CEE7C5E829C43AE75DAE5A] [SPRF][14/04/2013] (.Ask.com - AskIC Dynamic Link Library.) -- C:\Users\user\AppData\Local\Temp\AskSLib.dll [248008]
[MD5.920824782CA93D44F4401E61114E5757] [SPRF][24/10/2013] (...) -- C:\Users\user\AppData\Local\Temp\EB36.tmpcrt.dll [6656]
[MD5.863939AF7B01E46FBB65595A009DB9E9] [SPRF][24/10/2013] (...) -- C:\Users\user\AppData\Local\Temp\EBE3.tmpcrt.dll [7168]
[MD5.2D10A980CC1539C4CA29387E82267B4D] [SPRF][16/09/2013] (.Somoto Ltd. - FLV Player.) -- C:\Users\user\AppData\Local\Temp\FLVPlayerSetup.exe [279752] =>Adware.MegaSearch
[MD5.AEF3400641A03972B2377B2C1622B950] [SPRF][14/09/2012] (...) -- C:\Users\user\AppData\Local\Temp\install_flashplayer11x32ax_gtbd_chrd_dn_aih.bat [213]
[MD5.681A102F479ED965D006B5E825884A66] [SPRF][31/07/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\user\AppData\Local\Temp\uninst1.exe [339536] =>PUP.Babylon
[MD5.2A665235EE16982136845E78789E69DC] [SPRF][14/09/2012] (.Iminent - Iminent Setup.) -- C:\Users\user\Desktop\20120702IminentSetup.exe [825976] =>Adware.IMBooster
~ Files: 10 Legitimates Filtered in 00mn 04s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{3FFDC17D-F445-4FB8-A7E6-6DCC9088C75E}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\Iminent\Iminent.exe (.not file.) =>Adware.IMBooster
O87 - FAEL: "{25EFC49D-5E2D-4A59-913A-D89E289847E3}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (.not file.) =>Adware.IMBooster
~ Firewall: 205 Legitimates Filtered in 00mn 01s
---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "482AA67AD25E6E74E9F48BD5FBE8533C" . (.IMinent Toolbar.) -- C:\Documents and Settings\CATA\My Documents\My Received Files\icon.ico =>Adware.IMBooster
O90 - PUC: "82E17E6ABC34E3244B517B0CD07709E2" . (.Iminent.) -- C:\Windows\Installer\{A6E71E28-43CB-423E-B415-B7C00D77902E}\imbooster.ico =>Adware.IMBooster
O90 - PUC: "A28B4D68DEBAA244EB686953B7074FEF" . (.Avira SearchFree Toolbar plus Web Protection.) -- c:\program files (x86)\ask.com\cb_6cf6.ico =>Toolbar.Avira
~ Update Products: 458 Legitimates Filtered in 00mn 00s
---\\ Export de clés de registre aléatoires (O91)
[HKCU\Software\5908fd9b03fe540\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\5908fd9b03fe540\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:version="2.6.1095.52" =>Hijacker.Eazel
[HKCU\Software\5908fd9b03fe540] =>PUP.Babylon^
[HKLM\Software\Wow6432Node\5908fd9b03fe540] => Clé orpheline
~ Export Key Software: Scanned in 00mn 00s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.384D0D94B59B93157E0A2C5A32DB4754] [WIS][14/10/2011] (.esobi Inc. - newsXpresso.) -- C:\Windows\Installer\148d6b.msi [5219328]
[MD5.2A71ED886C0F766CB1A01C1146FA78FC] [WIS][14/09/2012] (.Iminent - Iminent.) -- C:\Windows\Installer\d38ee.msi [8949760] =>Adware.IMBooster
[MD5.A672E4C77ED7CCC851575B10B46CC8AD] [WIS][14/09/2012] (.IMinent - IMinent Toolbar.) -- C:\Windows\Installer\d38f3.msi [1019392] =>Adware.IMBooster
~ WIS: 461 Legitimates Filtered in 02mn 01s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 24/10/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 21/06/2011 173424 | (EgisTec Ticket Service) . (.Egis Technology Inc..) - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
SS - | Demand 14/09/2012 655624 | (FLEXnet Licensing Service) . (.Acresso Software Inc..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Demand 06/09/2013 288776 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe
SS - | Demand 15/11/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 18/12/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 27/11/2013 440376 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
SR - | Auto 27/11/2013 440376 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 27/11/2013 1164360 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.exe
SR - | Auto 06/07/2010 188416 | (CanalPlus.VOD) . (.Canal+ Active.) - C:\Program Files (x86)\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe
SR - | Auto 01/07/2011 353360 | (DsiWMIService) . (.Dritek System Inc..) - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
SR - | Auto 02/08/2011 872552 | (ePowerSvc) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
SR - | Auto 30/05/2011 36456 | (GREGService) . (.Acer Incorporated.) - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
SR - | Auto 13/04/2010 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 22/04/2011 244624 | (Live Updater Service) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
SR - | Auto 18/03/2010 268824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 25/03/2010 490280 | (NAUpdate) . (.Nero AG.) - C:\Program Files (x86)\Nero\Update\NASvc.exe
SR - | Auto 01/06/2010 2804568 | (NOBU) . (.Symantec Corporation.) - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
SR - | Auto 24/04/2011 256832 | (NTI IScheduleSvc) . (.NTI Corporation.) - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
SR - | Demand 21/02/2013 928624 | (Service CANALPLAY) . (.Canal+ Distribution.) - C:\Program Files (x86)\Lecteur CANALPLAY\CanalPlayService.exe
SR - | Auto 18/03/2010 2320920 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 02mn 08s
---\\ Scan Additionnel (O88)
Database Version : 13007 - (03/12/2013)
Clés trouvées (Keys found) : 242
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 11
Fichiers trouvés (Files found) : 14
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.Ask^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}] =>Toolbar.Ask^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}] =>Adware.IMBooster^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A6E71E28-43CB-423E-B415-B7C00D77902E}] =>Adware.IMBooster^
[HKLM\Software\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}] =>Adware.IMBooster
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>PUP.Babylon
[HKLM\Software\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] =>Toolbar.Ask
[HKLM\Software\Classes\Interface\{2a42d13c-d427-4787-821b-cf6973855778}] =>Adware.Agent
[HKLM\Software\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{3d8478aa-7b88-48a9-8bcb-b85d594411ec}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{3d8478aa-7b88-48a9-8bcb-b85d594411ec}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{4897bba6-48d9-468c-8efa-846275d7701b}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}] =>PUP.RewardsArcade
[HKLM\Software\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}] =>PUP.RewardsArcade
[HKLM\Software\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}] =>Toolbar.Ask
[HKLM\Software\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Toolbar.Ask
[HKLM\Software\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}] =>Toolbar.Ask
[HKLM\Software\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}] =>Toolbar.Ask
[HKLM\Software\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}] =>Adware.SocialSkinz
[HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}] =>Toolbar.Ask
[HKLM\Software\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}] =>PUP.RewardsArcade
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Toolbar.Ask
[HKLM\Software\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}] =>Toolbar.Ask
[HKLM\Software\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}] =>Adware.SocialSkinz
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}] =>PUP.RewardsArcade
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.Avira
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.Avira
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.Avira
[HKLM\Software\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}] =>Adware.BullseyeToolbar
[HKLM\Software\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}] =>Adware.BullseyeToolbar
[HKLM\Software\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade
[HKLM\Software\Classes\AppID\GenericAskToolbar.DLL] =>Toolbar.Ask
[HKLM\Software\Classes\AppID\TbCommonUtils.DLL] =>Toolbar.Agent
[HKLM\Software\Classes\AppID\TbHelper.EXE] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASMANCS] =>Toolbar.Bing
[HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd] =>Toolbar.Ask
[HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7] =>Toolbar.Ask
[HKLM\Software\Classes\Installer\Features\482AA67AD25E6E74E9F48BD5FBE8533C] =>Adw
~ Lancé par user (04/12/2013 11:10:41)
~ Adresse du Site Web https://nicolascoolman.webs.com/
~ Forums gratuits d'Assistance à la désinfection : https://nicolascoolman.webs.com/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16736
MFIE: Mozilla Firefox 25.0.1 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
System - Enable Open file C:\Users\user\AppData\Roaming\ZHP\Licence.txt =>.Nicolas Coolman
---\\ Logiciels de protection du système
Avira Free Antivirus v14.0.1.749
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee Security Scan Plus v3.8.130.10
Windows Defender W7
---\\ Logiciels d'optimisation du système
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader X
---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 37 Stepping 5, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3766 MB (46% free)
System Restore: Activé (Enable)
System drive C: has 163 GB (36%) free of 448 GB
---\\ Mode de connexion au système
~ Computer Name: USER-PC
~ User Name: user
~ All Users Names: user, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\user\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\user\AppData\Roaming\
~ %Desktop% : C:\Users\user\Desktop\
~ %Favorites% : C:\Users\user\Favorites\
~ %LocalAppData% : C:\Users\user\AppData\Local\
~ %StartMenu% : C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 163 Go of 448 Go)
D: CD-ROM drive (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.14/07/2011 - 06:30:29.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.9706C99DAEBE3FEAC811B239617E98C4] - (.Microsoft Corporation - Internet Extensions for Win32.) (.12/10/2013 - 09:45:20.) -- C:\Windows\System32\wininet.dll [2241536]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.21/11/2010 - 04:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 02:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.14/07/2011 - 06:33:59.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 05s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/5048
~ Mes Videos (My Videos) : 1/56
~ Mes Favoris (My Favorites) : 1/21
~ Mes Documents (My Documents) : 1/1214
~ Mon Bureau (My Desktop) : 1/2755
~ Menu demarrer (Programs) : 1/22
~ Hidden Files: Scanned in 00mn 16s
---\\ Processus lancés
[MD5.A824317EA303679481EF1039A5D66212] - (.Dritek System Inc. - Launch Manager Worker.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe [343632] [PID.1972]
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.1660]
[MD5.58485642DAB6D898FB8BD29952DB4B3D] - (.PIXELA CORPORATION - Pas de description.) -- C:\Program Files (x86)\PIXELA\Everio MediaBrowser 3\MBCameraMonitor.exe [542064] [PID.2724]
[MD5.3CB07566302BCEEB898DE270A0BEC175] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352] [PID.2368]
[MD5.0D360F06B168A6F37ACA9D9F958245DA] - (.NTI Corporation - Acer Backup Manager.) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280] [PID.1860]
[MD5.9ABC4E3B00CFA3A47D5569F5B49FE42F] - (.Dritek System Inc. - Launch Manager.) -- C:\Program Files (x86)\Launch Manager\LManager.exe [1103440] [PID.2808]
[MD5.D474767D4805CEF801AF6D4AEED1F9E3] - (.CyberLink Corp. - clear.fi Movie Resident Program.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448] [PID.1168]
[MD5.4C976D5913FF84FBF3ED55F8855641B1] - (.Ask - Ask Updater.) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1568976] [PID.2896]
[MD5.7C4AE21DB35F7AF697370EC068C4943E] - (.Nero AG - Nero BackItUp.) -- C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1234216] [PID.464]
[MD5.B412B75E55FEA30E780185B002D3AE14] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576] [PID.2792]
[MD5.D6264E83183E3E3D96F9B05AABE5E347] - (.Microsoft Corporation - Microsoft Word.) -- C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.exe [1423008] [PID.4212]
[MD5.5AA4DF6CD3C96086955064BEC1CD0C9B] - (.Adobe Systems Incorporated - Adobe Reader.) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe [1431256] [PID.4616]
[MD5.534A3CB0847BA114F0D8A5F2BB2EF6D0] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe [887432] [PID.7128]
[MD5.077D59BA0FD4007E841B6C670862B065] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.1648]
[MD5.E0B173F23D873286169995D66B9E3CDF] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [18544] [PID.4620]
[MD5.EB68851F020D35293EADAADEB18B8220] - (.Adobe Systems, Inc. - Adobe Flash Player 11.9 r900.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe [1862536] [PID.744]
[MD5.DC01B5913305D514041A48D44E4326ED] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8277504] [PID.6360]
[MD5.0D1E15010057B8426583A99CB179A6C4] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376] [PID.1232]
[MD5.3927397AC60D943DAF8808AFFED582B7] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65192] [PID.1360]
[MD5.FDE9C7030FB1E9E2715E113EE6A10F90] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376] [PID.1384]
[MD5.A6B41F3044B2C099BBB5531CAA0551D5] - (.Canal+ Active - CanalPlus.VOD.Service.) -- C:\Program Files (x86)\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe [188416] [PID.1404]
[MD5.9DD3A22F804697606C2B7FF9E912FF6B] - (.Dritek System Inc. - Dritek WMI Service.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe [353360] [PID.1916]
[MD5.21ACFD2B4BF6C0F4D9080A437E400E88] - (.Dritek System Inc. - Launch Manager utility process.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe [418896] [PID.1980]
[MD5.C9B2D1D3F86FD3673EF847DEF73B6F9E] - (.Acer Incorporated - Global Registration Service.) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [36456] [PID.2000]
[MD5.B705C7097F9A0EC941D02DCE7C7D426C] - (.Acer Incorporated - Updater Service.) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe [244624] [PID.2040]
[MD5.DBC1136A62BD4DECC3632DF650284C2E] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [268824] [PID.1272]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.1492]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.1740]
[MD5.1873214666F6F0A883742DF91FBC48C9] - (.NTI Corporation - Backup Manager Module.) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832] [PID.2236]
[MD5.48543D304F54C8997462208555662BA4] - (.Avira Operations GmbH & Co. KG - AntiVir WebGuard Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.exe [1164360] [PID.3888]
[MD5.FDDD64C15E7E4F6E23AB36B35D165FFE] - (.Canal+ Distribution - CanalPlayService.exe.) -- C:\Program Files (x86)\Lecteur CANALPLAY\CanalPlayService.exe [928624] [PID.3968]
[MD5.6B24D1C3096DE796D15571079EA5E98C] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13336] [PID.2404]
[MD5.E4534BCCDD1EA7A7A256BB9D6688A5FC] - (.Nero AG - NeroUpdate.) -- C:\Program Files (x86)\Nero\Update\NASvc.exe [490280] [PID.3720]
[MD5.7466809E6DA561D60C2F1CE8EDE3C73F] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2320920] [PID.2816]
~ Processes Running: Scanned in 00mn 07s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2fnhc14x.default\prefs.js
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2fnhc14x.default\user.js
M3 - MFPP: Plugins - [user] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2fnhc14x.default\searchplugins\delta.xml =>Toolbar.DeltaSearch
M3 - MFPP: Plugins - [user] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2fnhc14x.default\searchplugins\infoaxe.xml
M3 - MFPP: Plugins - [user] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2fnhc14x.default\searchplugins\SearchTheWeb.xml
M3 - MFPP: Plugins - [user] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\babylon.xml =>PUP.Babylon
M3 - MFPP: Plugins - [user] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\SearchTheWeb.xml
M2 - MFEP: prefs.js [user - 2fnhc14x.default\{3EB3C1FE-4FED-4ef7-A78C-6616E2521FB5}] [] Connect with friends and discover the best of the Web v (..)
M2 - MFEP: prefs.js [user - 2fnhc14x.default\{C9B68337-E93A-44EA-94DC-CB300EC06444}] [] IMinent Toolbar v5.30.4 (..) =>Adware.IMBooster
~ Firefox Browser: 11 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://kogoa.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://kogoa.com
~ IE Browser: 14 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Ask Toolbar BHO [64Bits] - {D4027C7F-154A-4066-A1AD-4243D8127440} . (.Ask - Avira SearchFree Toolbar.) -- C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll =>Toolbar.Ask
~ BHO: 9 Legitimates Filtered in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Acheter en ligne.lnk . (...) -- C:\Program Files (x86)\Accessory Store\StartUrl.exe (.not file.)
O4 - GS\Desktop [Public]: Everio MediaBrowser 3 Player.lnk . (.PIXELA CORPORATION - Everio MediaBrowser 3 Player.) -- C:\Program Files (x86)\PIXELA\Everio MediaBrowser 3\AVCHDPlayer.exe
O4 - GS\Desktop [Public]: Everio MediaBrowser 3.lnk . (.PIXELA CORPORATION - Pas de description.) -- C:\Program Files (x86)\PIXELA\Everio MediaBrowser 3\MediaBrowser.exe
O4 - GS\Desktop [Public]: Lecteur CANALPLAY.lnk . (.Canal+ Distribution - CanalPlayer.exe.) -- C:\Program Files (x86)\Lecteur CANALPLAY\CanalPlayer.exe
O4 - GS\Desktop [Public]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. - McAfee.) -- C:\Program Files\McAfee Security Scan\3.8.130\McUICnt.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [user]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [user]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [user]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [user]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [user]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [user]: Everio MediaBrowser 3 - Raccourci (2).lnk . (...) -- C:\Users\user\Desktop\doc recup 2\Videos\Everio MediaBrowser 3
O4 - GS\Desktop [user]: Everio MediaBrowser 3 - Raccourci.lnk . (...) -- C:\Users\user\Desktop\doc recup 2\Documents\Everio MediaBrowser 3
~ Global Startup: 75 Legitimates Filtered in 00mn 06s
---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: Device Monitor 3.lnk . (.PIXELA CORPORATION - Pas de description.) -- C:\Program Files (x86)\PIXELA\Everio MediaBrowser 3\MBCameraMonitor.exe
O4 - GS\Startup [Public]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. - McAfee Security Scanner Scheduler.) -- C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe (.not file.)
O4 - HKLM\..\Run: [Power Management] . (.Acer Incorporated - ePowerTray.) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_Plugin.exe
O4 - HKLM\..\Wow6432Node\Run: [Norton Online Backup] . (.Symantec Corporation - Norton Online Backup Service.) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [BackupManagerTray] . (.NTI Corporation - Acer Backup Manager.) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
O4 - HKLM\..\Wow6432Node\Run: [LManager] . (.Dritek System Inc. - Launch Manager.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Wow6432Node\Run: [SuiteTray] . (.Egis Technology Inc. - SuiteTray.) -- C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
O4 - HKLM\..\Wow6432Node\Run: [ArcadeMovieService] . (.CyberLink Corp. - clear.fi Movie Resident Program.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
O4 - HKLM\..\Wow6432Node\Run: [ApnUpdater] . (.Ask - Ask Updater.) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
O4 - HKLM\..\Wow6432Node\Run: [CANAL+ CANALSAT A LA DEMANDE] . (.Canal+ - Lancer CANAL+ CANALSAT A LA DEMANDE.) -- C:\Program Files (x86)\Canal+\CANAL+ CANALSAT A LA DEMANDE\Launcher.exe
O4 - HKLM\..\Wow6432Node\Run: [MajTutorials] C:\Program Files (x86)\Tuto4pc 1.0.1\tuto4pc_fr_16.exe (.not file.) =>PUP.Eorezo
O4 - HKLM\..\Wow6432Node\Run: [NBAgent] . (.Nero AG - Nero BackItUp.) -- C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
O4 - HKLM\..\Wow6432Node\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Wow6432Node\Run: [CanalPlayer] . (.Canal+ Distribution - CanalPlayer.exe.) -- C:\Program Files (x86)\Lecteur CANALPLAY\CanalPlayer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Installateur Windows®.) -- C:\Windows\System32\msiexec.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Installateur Windows®.) -- C:\Windows\System32\msiexec.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Installateur Windows®.) -- C:\Windows\System32\msiexec.exe
O4 - HKUS\S-1-5-21-635281213-3562986156-590498857-1000\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_Plugin.exe
~ Application: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.)
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKCU\...\Domains] *.canalplay.com
O15 - Trusted Zone: [HKCU\...\Domains] *.canalplusactive.com
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C50C275-EEA8-4D6C-800F-7190C52E66E0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E1E84A5-2ABF-4777-B348-7BFEC72C70B1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{7C50C275-EEA8-4D6C-800F-7190C52E66E0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{9E1E84A5-2ABF-4777-B348-7BFEC72C70B1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{7C50C275-EEA8-4D6C-800F-7190C52E66E0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{9E1E84A5-2ABF-4777-B348-7BFEC72C70B1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\AutoKMS.job [268]
[MD5.00000000000000000000000000000000] [APT] [AutoKMS] (...) -- C:\Windows\AutoKMS\AutoKMS.exe (.not file.) [0] =>Trojan.Keygen
[MD5.AC8A678DF2941F76D2E0794BF71688E3] [APT] [Scheduled Update for Ask Toolbar] (...) -- C:\Program Files (x86)\Ask.com\UpdateTask.exe [136400] =>Toolbar.Ask
~ Scheduled Task: 17 Legitimates Filtered in 00mn 12s
---\\ Logiciels installés (O42)
O42 - Logiciel: Ask Toolbar - (.Ask.com.) [HKLM][64Bits] -- {86D4B82A-ABED-442A-BE86-96357B70F4FE} =>Toolbar.Ask
O42 - Logiciel: IMinent Toolbar - (.IMinent.) [HKLM][64Bits] -- {A76AA284-E52D-47E6-9E4F-B85DBF8E35C3} =>Adware.IMBooster
O42 - Logiciel: Iminent - (.Iminent.) [HKLM][64Bits] -- {A6E71E28-43CB-423E-B415-B7C00D77902E} =>Adware.IMBooster
~ Logic: 44 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\5908fd9b03fe540] =>Hijacker.Eazel
[HKCU\Software\APN]
[HKCU\Software\Ask.com]
[HKCU\Software\AskToolbar]
[HKCU\Software\BabSolution] =>Hijacker.BabSolution
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\Somoto] =>Adware.MegaSearch
[HKCU\Software\TutoTag] =>Spyware.AgenceExclusive
[HKCU\Software\Tutorials] =>Spyware.AgenceExclusive
[HKLM\Software\Wow6432Node\5908fd9b03fe540] =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\APN]
[HKLM\Software\Wow6432Node\AskToolbar]
[HKLM\Software\Wow6432Node\Babylon] =>PUP.Babylon
[HKLM\Software\Wow6432Node\DataMngr] =>PUP.Datamngr
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
~ Key Software: 335 Legitimates Filtered in 00mn 01s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 14/09/2012 - 09:42:56 - [4,395] ----D C:\Program Files (x86)\Ask.com
O43 - CFD: 18/10/2012 - 21:48:21 - [0,707] ----D C:\Program Files (x86)\TUTO4PC =>PUP.Eorezo
O43 - CFD: 10/03/2013 - 16:54:34 - [0] ----D C:\ProgramData\Babylon =>PUP.Babylon
O43 - CFD: 18/08/2013 - 14:38:36 - [0] ----D C:\ProgramData\Iminent =>Adware.IMBooster
O43 - CFD: 18/08/2013 - 14:41:21 - [0] ----D C:\Users\user\AppData\Roaming\Iminent =>Adware.IMBooster
O43 - CFD: 30/07/2013 - 15:16:37 - [0] ----D C:\Users\user\AppData\Roaming\main
O43 - CFD: 14/09/2012 - 09:42:42 - [0,941] ----D C:\Users\user\AppData\Local\AskToolbar
~ 365 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 543 Legitimates Filtered in 01mn 17s
---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.DBAA0C650C9549DC5C599D1E81DEDAAD] - 05/04/2011 - 12:26:26 ---A- . (.ELAN Microelectronics Corp. - ETD Kernel Center.) -- C:\Windows\System32\Drivers\ETD.sys [142632]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
~ Drivers: 17 Legitimates Filtered in 00mn 07s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("avg.install.userHPSettings", "http://www.delta-search.com/?affID=119370&tt=070313_9111gen&babsrc=HP_ss&mntrId=26a043910[...] =>Toolbar.DeltaSearch
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("avg.install.userSPSettings", "Delta Search");
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("browser.search.defaultthis.engineName", "Web Search");
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.BabylonToolbar.admin", false); =>PUP.Babylon
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.BabylonToolbar.aflt", "babsst"); =>PUP.Babylon
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}"); =>PUP.Babylon
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.BabylonToolbar.autoRvrt", "false"); =>PUP.Babylon
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.BabylonToolbar.dfltLng", "fr"); =>PUP.Babylon
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.BabylonToolbar.excTlbr", false); =>PUP.Babylon
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.BabylonToolbar.ffxUnstlRst", true); =>PUP.Babylon
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.BabylonToolbar.id", "26a04391000000000000beb70da616e4"); =>PUP.Babylon
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.BabylonToolbar.instlDay", "15935"); =>PUP.Babylon
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.BabylonToolbar.instlRef", "sst"); =>PUP.Babylon
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.BabylonToolbar.newTab", false); =>PUP.Babylon
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); =>PUP.Babylon
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); =>PUP.Babylon
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.BabylonToolbar.rvrt", "false"); =>PUP.Babylon
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.BabylonToolbar.smplGrp", "none"); =>PUP.Babylon
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.BabylonToolbar.tlbrId", "base"); =>PUP.Babylon
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://search.babylon.com/?babsrc=TB_def&mntrId=26a04391000000000000beb70da616[...] =>PUP.Babylon
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.BabylonToolbar.vrsn", "1.8.24.5"); =>PUP.Babylon
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.BabylonToolbar.vrsnTs", "1.8.24.512:45:11"); =>PUP.Babylon
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.BabylonToolbar.vrsni", "1.8.24.5"); =>PUP.Babylon
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.BabylonToolbar_i.babExt", ""); =>PUP.Babylon
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.BabylonToolbar_i.babTrack", "affID=123896&tsp=4978"); =>PUP.Babylon
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.BabylonToolbar_i.newTab", true); =>PUP.Babylon
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.BabylonToolbar_i.newTabUrl", "http://www.delta-search.com/?affID=119370&tt=070313_9111gen&babsrc=NT_ss&mntrI[...] =>PUP.Babylon
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); =>PUP.Babylon
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.delta.admin", false);
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.delta.aflt", "babsst");
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.delta.autoRvrt", "false");
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.delta.dfltLng", "en");
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.delta.excTlbr", false);
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.delta.id", "26a04391000000000000beb70da616e4");
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.delta.instlDay", "15774");
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.delta.instlRef", "sst");
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.delta.newTab", false);
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.delta.prdct", "delta");
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.delta.prtnrId", "delta");
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.delta.rvrt", "false");
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.delta.smplGrp", "none");
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.delta.tlbrId", "base");
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.delta.tlbrSrchUrl", "");
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.delta.vrsn", "1.8.10.0");
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.delta.vrsnTs", "1.8.10.016:54:45");
O69 - SBI: prefs.js [user - 2fnhc14x.default] user_pref("extensions.delta.vrsni", "1.8.10.0");
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Delta Search) - http://www.delta-search.com =>Toolbar.DeltaSearch
O69 - SBI: SearchScopes [HKCU] {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} [DefaultScope] - (SearchTheWeb) - http://search.iminent.com =>Adware.IMBooster
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.B28C334C03CEE7C5E829C43AE75DAE5A] [SPRF][14/04/2013] (.Ask.com - AskIC Dynamic Link Library.) -- C:\Users\user\AppData\Local\Temp\AskSLib.dll [248008]
[MD5.920824782CA93D44F4401E61114E5757] [SPRF][24/10/2013] (...) -- C:\Users\user\AppData\Local\Temp\EB36.tmpcrt.dll [6656]
[MD5.863939AF7B01E46FBB65595A009DB9E9] [SPRF][24/10/2013] (...) -- C:\Users\user\AppData\Local\Temp\EBE3.tmpcrt.dll [7168]
[MD5.2D10A980CC1539C4CA29387E82267B4D] [SPRF][16/09/2013] (.Somoto Ltd. - FLV Player.) -- C:\Users\user\AppData\Local\Temp\FLVPlayerSetup.exe [279752] =>Adware.MegaSearch
[MD5.AEF3400641A03972B2377B2C1622B950] [SPRF][14/09/2012] (...) -- C:\Users\user\AppData\Local\Temp\install_flashplayer11x32ax_gtbd_chrd_dn_aih.bat [213]
[MD5.681A102F479ED965D006B5E825884A66] [SPRF][31/07/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\user\AppData\Local\Temp\uninst1.exe [339536] =>PUP.Babylon
[MD5.2A665235EE16982136845E78789E69DC] [SPRF][14/09/2012] (.Iminent - Iminent Setup.) -- C:\Users\user\Desktop\20120702IminentSetup.exe [825976] =>Adware.IMBooster
~ Files: 10 Legitimates Filtered in 00mn 04s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{3FFDC17D-F445-4FB8-A7E6-6DCC9088C75E}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\Iminent\Iminent.exe (.not file.) =>Adware.IMBooster
O87 - FAEL: "{25EFC49D-5E2D-4A59-913A-D89E289847E3}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (.not file.) =>Adware.IMBooster
~ Firewall: 205 Legitimates Filtered in 00mn 01s
---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "482AA67AD25E6E74E9F48BD5FBE8533C" . (.IMinent Toolbar.) -- C:\Documents and Settings\CATA\My Documents\My Received Files\icon.ico =>Adware.IMBooster
O90 - PUC: "82E17E6ABC34E3244B517B0CD07709E2" . (.Iminent.) -- C:\Windows\Installer\{A6E71E28-43CB-423E-B415-B7C00D77902E}\imbooster.ico =>Adware.IMBooster
O90 - PUC: "A28B4D68DEBAA244EB686953B7074FEF" . (.Avira SearchFree Toolbar plus Web Protection.) -- c:\program files (x86)\ask.com\cb_6cf6.ico =>Toolbar.Avira
~ Update Products: 458 Legitimates Filtered in 00mn 00s
---\\ Export de clés de registre aléatoires (O91)
[HKCU\Software\5908fd9b03fe540\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\5908fd9b03fe540\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:version="2.6.1095.52" =>Hijacker.Eazel
[HKCU\Software\5908fd9b03fe540] =>PUP.Babylon^
[HKLM\Software\Wow6432Node\5908fd9b03fe540] => Clé orpheline
~ Export Key Software: Scanned in 00mn 00s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.384D0D94B59B93157E0A2C5A32DB4754] [WIS][14/10/2011] (.esobi Inc. - newsXpresso.) -- C:\Windows\Installer\148d6b.msi [5219328]
[MD5.2A71ED886C0F766CB1A01C1146FA78FC] [WIS][14/09/2012] (.Iminent - Iminent.) -- C:\Windows\Installer\d38ee.msi [8949760] =>Adware.IMBooster
[MD5.A672E4C77ED7CCC851575B10B46CC8AD] [WIS][14/09/2012] (.IMinent - IMinent Toolbar.) -- C:\Windows\Installer\d38f3.msi [1019392] =>Adware.IMBooster
~ WIS: 461 Legitimates Filtered in 02mn 01s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 24/10/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 21/06/2011 173424 | (EgisTec Ticket Service) . (.Egis Technology Inc..) - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
SS - | Demand 14/09/2012 655624 | (FLEXnet Licensing Service) . (.Acresso Software Inc..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Demand 06/09/2013 288776 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe
SS - | Demand 15/11/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 18/12/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 27/11/2013 440376 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
SR - | Auto 27/11/2013 440376 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 27/11/2013 1164360 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.exe
SR - | Auto 06/07/2010 188416 | (CanalPlus.VOD) . (.Canal+ Active.) - C:\Program Files (x86)\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe
SR - | Auto 01/07/2011 353360 | (DsiWMIService) . (.Dritek System Inc..) - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
SR - | Auto 02/08/2011 872552 | (ePowerSvc) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
SR - | Auto 30/05/2011 36456 | (GREGService) . (.Acer Incorporated.) - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
SR - | Auto 13/04/2010 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 22/04/2011 244624 | (Live Updater Service) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
SR - | Auto 18/03/2010 268824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 25/03/2010 490280 | (NAUpdate) . (.Nero AG.) - C:\Program Files (x86)\Nero\Update\NASvc.exe
SR - | Auto 01/06/2010 2804568 | (NOBU) . (.Symantec Corporation.) - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
SR - | Auto 24/04/2011 256832 | (NTI IScheduleSvc) . (.NTI Corporation.) - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
SR - | Demand 21/02/2013 928624 | (Service CANALPLAY) . (.Canal+ Distribution.) - C:\Program Files (x86)\Lecteur CANALPLAY\CanalPlayService.exe
SR - | Auto 18/03/2010 2320920 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 02mn 08s
---\\ Scan Additionnel (O88)
Database Version : 13007 - (03/12/2013)
Clés trouvées (Keys found) : 242
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 11
Fichiers trouvés (Files found) : 14
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.Ask^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}] =>Toolbar.Ask^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}] =>Adware.IMBooster^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A6E71E28-43CB-423E-B415-B7C00D77902E}] =>Adware.IMBooster^
[HKLM\Software\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}] =>Adware.IMBooster
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>PUP.Babylon
[HKLM\Software\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] =>Toolbar.Ask
[HKLM\Software\Classes\Interface\{2a42d13c-d427-4787-821b-cf6973855778}] =>Adware.Agent
[HKLM\Software\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{3d8478aa-7b88-48a9-8bcb-b85d594411ec}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{3d8478aa-7b88-48a9-8bcb-b85d594411ec}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{4897bba6-48d9-468c-8efa-846275d7701b}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}] =>PUP.RewardsArcade
[HKLM\Software\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}] =>PUP.RewardsArcade
[HKLM\Software\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}] =>Toolbar.Ask
[HKLM\Software\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Toolbar.Ask
[HKLM\Software\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}] =>Toolbar.Ask
[HKLM\Software\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}] =>Toolbar.Ask
[HKLM\Software\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}] =>Adware.SocialSkinz
[HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}] =>Toolbar.Ask
[HKLM\Software\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}] =>PUP.RewardsArcade
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Toolbar.Ask
[HKLM\Software\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}] =>Toolbar.Ask
[HKLM\Software\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}] =>Adware.SocialSkinz
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}] =>PUP.RewardsArcade
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.Avira
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.Avira
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.Avira
[HKLM\Software\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}] =>Adware.SocialSkinz
[HKLM\Software\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}] =>Adware.BullseyeToolbar
[HKLM\Software\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}] =>Adware.BullseyeToolbar
[HKLM\Software\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade
[HKLM\Software\Classes\AppID\GenericAskToolbar.DLL] =>Toolbar.Ask
[HKLM\Software\Classes\AppID\TbCommonUtils.DLL] =>Toolbar.Agent
[HKLM\Software\Classes\AppID\TbHelper.EXE] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASMANCS] =>Toolbar.Bing
[HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd] =>Toolbar.Ask
[HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7] =>Toolbar.Ask
[HKLM\Software\Classes\Installer\Features\482AA67AD25E6E74E9F48BD5FBE8533C] =>Adw
