Vous pensez être infecté, des pubs s'affichent quand vous naviguez sur internet ?
Perte de données, ralentissement système, virus USB ?
Désinfectez votre ordinateur gratuitement !
  • Avatar du membre
  • Avatar du membre
#25827
Bonjour,

Je pense avoir un virus sur mon ordinateur et plusieurs de mes clés usb puisque dès que je les connecte, mes fichiers et dossiers se transforment en raccourcis et ensuite impossible de les ouvrir.
J'ai donc téléchargé USBFix et effectué une recherche. Si l'un de vous pouvait m'aider à  comprendre le rapport et m'aiguiller pour la suite, ce serait vraiment très gentil.

Voici le rapport :
############################## | UsbFix V 7.158 | [Recherche]

Utilisateur: Maarine (Administrateur) # 16MAI2009
Mis à  jour le 02/01/2014 par El Desaparecido - Team SosVirus
Lancé à  17:19:04 | 05/01/2014

Site Web : http://www.usbfix.net" onclick="window.open(this.href);return false;
Changelog : http://www.usbfix.net/maj/" onclick="window.open(this.href);return false;
Support : http://www.sosvirus.net/" onclick="window.open(this.href);return false;
Upload Malware : http://www.sosvirus.net/upload_malware.php" onclick="window.open(this.href);return false;
Contact : http://www.usbfix.net/contact/" onclick="window.open(this.href);return false;

PC: Quanta (3624)
CPU: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz
RAM -> [Total : 3068 Mo| Free : 1484 Mo]
Bios: Hewlett-Packard
Boot: Normal boot

OS: Microsoft® Windows Vistaâ„¢ à‰dition Familiale Premium (6.0.6001 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 8.0.6001.19088
WB: Google Chrome : 31.0.1650.63
WB: Safari : 533.21.1

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
AS: Windows Defender : 1.1.1600.0
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 222 Go (25 Go libre(s) - 11%) [] # NTFS
D:\ -> Disque fixe # 11 Go (2 Go libre(s) - 17%) [RECOVERY] # NTFS
E:\ -> CD-ROM
F:\ -> Disque amovible # 4 Go (3 Go libre(s) - 77%) [INTENSO] # FAT32
G:\ -> Disque amovible # 4 Go (2 Go libre(s) - 62%) [] # FAT32
H:\ -> Disque amovible # 4 Go (3 Go libre(s) - 76%) [] # FAT32

################## | Processus Actif |

C:\Windows\system32\csrss.exe (ID: 608 |ParentID: 596)
C:\Windows\system32\wininit.exe (ID: 672 |ParentID: 596)
C:\Windows\system32\csrss.exe (ID: 684 |ParentID: 664)
C:\Windows\system32\services.exe (ID: 740 |ParentID: 672)
C:\Windows\system32\lsass.exe (ID: 752 |ParentID: 672)
C:\Windows\system32\lsm.exe (ID: 760 |ParentID: 672)
C:\Windows\system32\winlogon.exe (ID: 780 |ParentID: 664)
C:\Windows\system32\svchost.exe (ID: 932 |ParentID: 740)
C:\Windows\system32\svchost.exe (ID: 1004 |ParentID: 740)
C:\Windows\System32\svchost.exe (ID: 1040 |ParentID: 740)
C:\Windows\system32\Ati2evxx.exe (ID: 1128 |ParentID: 740)
C:\Windows\System32\svchost.exe (ID: 1148 |ParentID: 740)
C:\Windows\System32\svchost.exe (ID: 1184 |ParentID: 740)
C:\Windows\system32\svchost.exe (ID: 1196 |ParentID: 740)
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\STacSV.exe (ID: 1228 |ParentID: 740)
C:\Windows\system32\svchost.exe (ID: 1488 |ParentID: 740)
C:\Windows\system32\SLsvc.exe (ID: 1504 |ParentID: 740)
C:\Windows\system32\Ati2evxx.exe (ID: 1556 |ParentID: 1128)
C:\Windows\system32\svchost.exe (ID: 1584 |ParentID: 740)
C:\Windows\system32\Hpservice.exe (ID: 1648 |ParentID: 740)
C:\Windows\system32\svchost.exe (ID: 1784 |ParentID: 740)
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ID: 1896 |ParentID: 740)
C:\Windows\system32\WLANExt.exe (ID: 1920 |ParentID: 1184)
C:\Windows\system32\Dwm.exe (ID: 420 |ParentID: 1184)
C:\Windows\Explorer.EXE (ID: 548 |ParentID: 396)
C:\Windows\system32\taskeng.exe (ID: 1432 |ParentID: 1196)
C:\Windows\System32\spoolsv.exe (ID: 1496 |ParentID: 740)
C:\Windows\system32\svchost.exe (ID: 836 |ParentID: 740)
C:\Windows\system32\taskeng.exe (ID: 1912 |ParentID: 1196)
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ID: 2148 |ParentID: 548)
C:\Program Files\IDT\WDM\sttray.exe (ID: 2156 |ParentID: 548)
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (ID: 2168 |ParentID: 548)
C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (ID: 2176 |ParentID: 548)
C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (ID: 2260 |ParentID: 548)
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\aestsrv.exe (ID: 2280 |ParentID: 740)
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (ID: 2324 |ParentID: 548)
C:\Program Files\Windows Defender\MSASCui.exe (ID: 2388 |ParentID: 548)
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe (ID: 2396 |ParentID: 548)
C:\Program Files\Java\jre6\bin\jusched.exe (ID: 2420 |ParentID: 548)
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (ID: 2444 |ParentID: 548)
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (ID: 2468 |ParentID: 548)
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (ID: 2488 |ParentID: 548)
C:\Program Files\Common Files\Real\Update_OB\realsched.exe (ID: 2552 |ParentID: 548)
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (ID: 2596 |ParentID: 548)
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (ID: 2612 |ParentID: 548)
C:\Facemoi\facemoi.exe (ID: 2632 |ParentID: 548)
C:\Program Files\iTunes\iTunesHelper.exe (ID: 2648 |ParentID: 548)
C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ID: 2656 |ParentID: 548)
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (ID: 2664 |ParentID: 548)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe (ID: 2692 |ParentID: 548)
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (ID: 2708 |ParentID: 548)
C:\Facemoi\facemoi.exe (ID: 2716 |ParentID: 548)
C:\Program Files\Windows Media Player\wmpnscfg.exe (ID: 2724 |ParentID: 548)
C:\Users\Maarine\AppData\Roaming\cacaoweb\cacaoweb.exe (ID: 2732 |ParentID: 548)
C:\Users\Maarine\AppData\Roaming\Dropbox\bin\Dropbox.exe (ID: 2740 |ParentID: 548)
C:\Program Files\Bonjour\mDNSResponder.exe (ID: 3216 |ParentID: 740)
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ID: 3408 |ParentID: 2140)
C:\Program Files\Common Files\LightScribe\LSSrvc.exe (ID: 3472 |ParentID: 740)
C:\Windows\system32\svchost.exe (ID: 3892 |ParentID: 740)
C:\Program Files\SMINST\BLService.exe (ID: 1144 |ParentID: 740)
C:\Program Files\CyberLink\Shared files\RichVideo.exe (ID: 3088 |ParentID: 740)
C:\Windows\system32\svchost.exe (ID: 3164 |ParentID: 740)
C:\Windows\System32\svchost.exe (ID: 1592 |ParentID: 740)
C:\Windows\system32\SearchIndexer.exe (ID: 3532 |ParentID: 740)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 3712 |ParentID: 740)
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (ID: 1412 |ParentID: 740)
C:\Program Files\iPod\bin\iPodService.exe (ID: 4376 |ParentID: 740)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 4400 |ParentID: 932)
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ID: 4764 |ParentID: 3408)
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (ID: 5012 |ParentID: 740)
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe (ID: 5120 |ParentID: 932)
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (ID: 5452 |ParentID: 740)
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (ID: 2580 |ParentID: 740)
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (ID: 3236 |ParentID: 2148)
C:\Windows\system32\conime.exe (ID: 3468 |ParentID: 2340)
C:\Windows\system32\wuauclt.exe (ID: 3188 |ParentID: 1196)
C:\Windows\system32\taskeng.exe (ID: 5244 |ParentID: 1196)
c:\program files\windows defender\MpCmdRun.exe (ID: 2032 |ParentID: 5632)
C:\Windows\system32\WUDFHost.exe (ID: 7768 |ParentID: 1184)
C:\Users\Maarine\AppData\Local\Lollipop\Lollipop.exe (ID: 7052 |ParentID: 7092)
C:\Program Files\Common Files\Umbrella\Umbrella.exe (ID: 2856 |ParentID: 740)
C:\Program Files\Iminent\WinkHandler.exe (ID: 7540 |ParentID: 740)
C:\Program Files\Iminent\WinkHandler.exe (ID: 8000 |ParentID: 7540)
C:\Program Files\Bizzybolt\updateBizzybolt.exe (ID: 7512 |ParentID: 740)
C:\Users\Maarine\AppData\Local\Temp\setup__4757.exe (ID: 4676 |ParentID: 6908)
c:\progra~1\optimi~1\OptProCrash.exe (ID: 7600 |ParentID: 740)
C:\Windows\system32\vssvc.exe (ID: 6312 |ParentID: 740)
C:\Program Files\PricePeep\PricePeepUpdater.exe (ID: 7604 |ParentID: 7896)
C:\ProgramData\WPM\wprotectmanager.exe (ID: 7668 |ParentID: 740)
C:\Program Files\iSafe\iSafeSvc.exe (ID: 4952 |ParentID: 740)
C:\Program Files\iSafe\iSafeSvc2.exe (ID: 5256 |ParentID: 4952)
C:\Program Files\iSafe\iSafeTray.exe (ID: 5996 |ParentID: 4952)
C:\Windows\System32\svchost.exe (ID: 6840 |ParentID: 740)
C:\Windows\system32\Taskmgr.exe (ID: 10676 |ParentID: 780)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 12188 |ParentID: 548)
C:\Program Files\PricePeep\PricePeepUpdater.exe (ID: 6652 |ParentID: 11692)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 6392 |ParentID: 12188)
C:\Windows\system32\SearchProtocolHost.exe (ID: 11492 |ParentID: 3532)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 8608 |ParentID: 12188)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 9092 |ParentID: 12188)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 9028 |ParentID: 12188)
C:\UsbFix\Go.exe (ID: 10904 |ParentID: 11796)
C:\Windows\system32\SearchFilterHost.exe (ID: 11408 |ParentID: 3532)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 12000 |ParentID: 932)

################## | Regedit Run |

04 - HKLM\..\Run : [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\..\Run : [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
04 - HKLM\..\Run : [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
04 - HKLM\..\Run : [DVDAgent] "C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe"
04 - HKLM\..\Run : [TSMAgent] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
04 - HKLM\..\Run : [CLMLServer for HP TouchSmart] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
04 - HKLM\..\Run : [UCam_Menu] "C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
04 - HKLM\..\Run : [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
04 - HKLM\..\Run : [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
04 - HKLM\..\Run : [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
04 - HKLM\..\Run : [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
04 - HKLM\..\Run : [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
04 - HKLM\..\Run : [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
04 - HKLM\..\Run : [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
04 - HKLM\..\Run : [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
04 - HKLM\..\Run : [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
04 - HKLM\..\Run : [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
04 - HKLM\..\Run : [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
04 - HKLM\..\Run : [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
04 - HKLM\..\Run : [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
04 - HKLM\..\Run : [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
04 - HKLM\..\Run : [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
04 - HKLM\..\Run : [facemoods] "C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe" /md I
04 - HKLM\..\Run : [Facemoi] c:\Facemoi\facemoi.exe
04 - HKLM\..\Run : [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
04 - HKLM\..\Run : [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
04 - HKLM\..\RunOnce : [Del6273439] cmd.exe /Q /D /c del "C:\Users\Maarine\AppData\Local\Temp\0.del"
04 - HKLM\..\RunOnce : []
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
04 - HKU\S-1-5-19\..\Run : [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
04 - HKU\S-1-5-20\..\Run : [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 - HKU\S-1-5-21-2704428714-541136749-3450515838-1000\..\Run : [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
04 - HKU\S-1-5-21-2704428714-541136749-3450515838-1000\..\Run : [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
04 - HKU\S-1-5-21-2704428714-541136749-3450515838-1000\..\Run : [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
04 - HKU\S-1-5-21-2704428714-541136749-3450515838-1000\..\Run : [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
04 - HKU\S-1-5-21-2704428714-541136749-3450515838-1000\..\Run : [xgqbc] "c:\users\maarine\appdata\local\xgqbc.exe" xgqbc
04 - HKU\S-1-5-21-2704428714-541136749-3450515838-1000\..\Run : [GM4IE] C:\Facemoi\facemoi.exe
04 - HKU\S-1-5-21-2704428714-541136749-3450515838-1000\..\Run : [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
04 - HKU\S-1-5-21-2704428714-541136749-3450515838-1000\..\Run : [cacaoweb] "C:\Users\Maarine\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer
04 - HKU\S-1-5-21-2704428714-541136749-3450515838-1000\..\Run : [SURVIVAL] wscript.exe //B "C:\Users\Maarine\AppData\Local\Temp\SURVIVAL.vbe"
04 - HKU\S-1-5-21-2704428714-541136749-3450515838-1000\..\Run : [Bubble Dock] "C:\Users\Maarine\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe" /winstartup
04 - HKU\S-1-5-21-2704428714-541136749-3450515838-1000\..\Run : [Optimizer Pro] C:\Program Files\Optimizer Pro\OptProLauncher.exe
04 - HKU\S-1-5-21-2704428714-541136749-3450515838-1000\..\RunOnce : [Del6273439] cmd.exe /Q /D /c del "C:\Users\Maarine\AppData\Local\Temp\0.del"

################## | Recherche générique |

Présent! C:\Users\Maarine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SURVIVAL.vbe
Présent! C:\Users\Maarine\AppData\Local\Temp\SURVIVAL.vbe
Présent! F:\SURVIVAL.vbe
Présent! G:\SURVIVAL.vbe
Présent! H:\SURVIVAL.vbe
Présent! F:\_disk_id.lnk
Présent! F:\.lnk
Présent! F:\DVR.lnk
Présent! F:\le vampire MPS.lnk
Présent! F:\Mes Documents USB.lnk
Présent! F:\VIDEO.lnk
Présent! F:\MPS.lnk
Présent! G:\6- Scanner 8 décembre bis.lnk
Présent! G:\Vrai cadeau annie.lnk
Présent! G:\Willy.lnk
Présent! G:\Photos à  imprimer.lnk
Présent! G:\20 ans Marine (2013).lnk
Présent! G:\Welcome Back Marine (26 décembre 2013).lnk
Présent! G:\MOV_0110.lnk
Présent! G:\Epreuve bureautique.lnk
Présent! G:\IMG.lnk
Présent! G:\IMG_0001.lnk
Présent! G:\IMG_0002.lnk
Présent! G:\IMG_0003.lnk
Présent! G:\IMG_0004.lnk
Présent! G:\IMG_0005.lnk
Présent! G:\IMG_0006.lnk
Présent! G:\IMG_0007.lnk
Présent! G:\0 (4).lnk
Présent! H:\Dreamweaver 2.lnk
Présent! H:\autorun.lnk
Présent! H:\licence.lnk
Présent! H:\mostick.lnk
Présent! H:\start.lnk
Présent! H:\la géothermie.lnk
Présent! H:\The koala from A to Z.lnk
Présent! H:\photo de koala exposé 2.lnk
Présent! H:\L'aspirateur Exposé de technologie 4e6.lnk
Présent! H:\à‰volution d‚un objet technique aspi.lnk
Présent! H:\Option littérature et société.lnk
Présent! H:\le vampire MPS.lnk
Présent! H:\dist.lnk
Présent! H:\Mes Documents USB.lnk
Présent! H:\Photos voyage Angleterre.lnk
Présent! H:\Anglais.lnk
Présent! H:\Noémie.lnk
Présent! H:\autorun.inf
Présent! H:\start.exe

################## | Registre |

Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowPrinters -> 0
Présent! HKU\S-1-5-21-2704428714-541136749-3450515838-1000\Software\Microsoft\Windows\CurrentVersion\Run|SURVIVAL
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|SURVIVAL
Présent! HKU\S-1-5-21-2704428714-541136749-3450515838-1000\Software\Microsoft\Windows\CurrentVersion\Run|SURVIVAL
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|SURVIVAL

################## | Vaccin |

D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
H:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net" onclick="window.open(this.href);return false; - http://www.sosvirus.net" onclick="window.open(this.href);return false; |


Merci d'avance,

Marine14.
#25832
:hello: Marine14 et :welcome: sur sosvirus

relance usbfix et choisis suppression puis poste le rapport s'il te plaît
  • Télécharge UsbFix (de El Desaparecido) sur ton Bureau !
  • Fais clic droit dessus, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
  • Branchez toutes vos sources de données externes à  votre PC (clé USB, disque dur externe, etc...) sans les ouvrir.
  • Choisis l'option Suppression

    Note : Si UsbFix bloque à  14%, démarrer en mode sans échec. (Voir >> ICI <<)

    Image
  • Copie et Colle le contenu du rapport qui apparaît à  la fin du scan dans ta réponse
:merci2:
#25842
Merci beaucoup de m'aider !

Voilà  le rapport de suppression :

############################## | UsbFix V 7.158 | [Suppression]

Utilisateur: Maarine (Administrateur) # 16MAI2009
Mis à  jour le 02/01/2014 par El Desaparecido - Team SosVirus
Lancé à  18:17:56 | 05/01/2014

Site Web : http://www.usbfix.net" onclick="window.open(this.href);return false;
Changelog : http://www.usbfix.net/maj/" onclick="window.open(this.href);return false;
Support : http://www.sosvirus.net/" onclick="window.open(this.href);return false;
Upload Malware : http://www.sosvirus.net/upload_malware.php" onclick="window.open(this.href);return false;
Contact : http://www.usbfix.net/contact/" onclick="window.open(this.href);return false;

PC: Quanta (3624)
CPU: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz
RAM -> [Total : 3068 Mo| Free : 1351 Mo]
Bios: Hewlett-Packard
Boot: Normal boot

OS: Microsoft® Windows Vistaâ„¢ à‰dition Familiale Premium (6.0.6001 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 8.0.6001.19088
WB: Google Chrome : 31.0.1650.63
WB: Safari : 533.21.1

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
AS: Windows Defender : 1.1.1600.0
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 222 Go (26 Go libre(s) - 11%) [] # NTFS
D:\ -> Disque fixe # 11 Go (2 Go libre(s) - 17%) [RECOVERY] # NTFS
E:\ -> CD-ROM
F:\ -> Disque amovible # 4 Go (3 Go libre(s) - 77%) [INTENSO] # FAT32
G:\ -> Disque amovible # 4 Go (2 Go libre(s) - 62%) [] # FAT32
H:\ -> Disque amovible # 4 Go (3 Go libre(s) - 76%) [] # FAT32

################## | Processus Stoppés |

Stoppé! C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ID: 1896 |ParentID: 740)
Stoppé! C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ID: 2656 |ParentID: 548)
Stoppé! C:\Program Files\iSafe\iSafeSvc.exe (ID: 4952 |ParentID: 740)
Stoppé! C:\Program Files\iSafe\iSafeSvc2.exe (ID: 5256 |ParentID: 4952)
Stoppé! C:\Program Files\iSafe\iSafeTray.exe (ID: 5996 |ParentID: 4952)
Stoppé! C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (ID: 10524 |ParentID: 740)
Stoppé! C:\Windows\system32\WUDFHost.exe (ID: 5744 |ParentID: 1184)
Stoppé! C:\Program Files\Bizzybolt\updateBizzybolt.exe (ID: 8180 |ParentID: 740)
Stoppé! C:\Windows\system32\SearchIndexer.exe (ID: 12052 |ParentID: 740)
Stoppé! C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 10860 |ParentID: 740)
Stoppé! C:\Windows\system32\taskeng.exe (ID: 10632 |ParentID: 1196)
Stoppé! C:\Windows\system32\taskeng.exe (ID: 6616 |ParentID: 1196)
Stoppé! c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (ID: 7304 |ParentID: 740)
Stoppé! C:\Windows\System32\spoolsv.exe (ID: 3584 |ParentID: 740)
Stoppé! C:\Windows\system32\SLsvc.exe (ID: 10244 |ParentID: 740)
Stoppé! C:\Windows\system32\NOTEPAD.EXE (ID: 11208 |ParentID: 10904)
Stoppé! C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 7436 |ParentID: 10300)
Stoppé! C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 7320 |ParentID: 7436)
Stoppé! C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 5640 |ParentID: 7436)
Stoppé! C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 7148 |ParentID: 7436)
Stoppé! C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 7868 |ParentID: 7436)
Stoppé! C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 8344 |ParentID: 7436)
Stoppé! C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 1724 |ParentID: 7436)
Stoppé! C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 11404 |ParentID: 7436)
Stoppé! C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 7344 |ParentID: 7436)
Stoppé! C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 11036 |ParentID: 7436)
Stoppé! C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 6896 |ParentID: 7436)
Stoppé! C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 6656 |ParentID: 7436)
Stoppé! C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 11000 |ParentID: 7436)

################## | Regedit Run |

04 - HKLM\..\Run : [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\..\Run : [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
04 - HKLM\..\Run : [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
04 - HKLM\..\Run : [DVDAgent] "C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe"
04 - HKLM\..\Run : [TSMAgent] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
04 - HKLM\..\Run : [CLMLServer for HP TouchSmart] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
04 - HKLM\..\Run : [UCam_Menu] "C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
04 - HKLM\..\Run : [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
04 - HKLM\..\Run : [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
04 - HKLM\..\Run : [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
04 - HKLM\..\Run : [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
04 - HKLM\..\Run : [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
04 - HKLM\..\Run : [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
04 - HKLM\..\Run : [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
04 - HKLM\..\Run : [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
04 - HKLM\..\Run : [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
04 - HKLM\..\Run : [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
04 - HKLM\..\Run : [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
04 - HKLM\..\Run : [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
04 - HKLM\..\Run : [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
04 - HKLM\..\Run : [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
04 - HKLM\..\Run : [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
04 - HKLM\..\Run : [facemoods] "C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe" /md I
04 - HKLM\..\Run : [Facemoi] c:\Facemoi\facemoi.exe
04 - HKLM\..\Run : [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
04 - HKLM\..\Run : [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
04 - HKLM\..\RunOnce : [Del6273439] cmd.exe /Q /D /c del "C:\Users\Maarine\AppData\Local\Temp\0.del"
04 - HKLM\..\RunOnce : []
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
04 - HKU\S-1-5-19\..\Run : [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
04 - HKU\S-1-5-20\..\Run : [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 - HKU\S-1-5-21-2704428714-541136749-3450515838-1000\..\Run : [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
04 - HKU\S-1-5-21-2704428714-541136749-3450515838-1000\..\Run : [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
04 - HKU\S-1-5-21-2704428714-541136749-3450515838-1000\..\Run : [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
04 - HKU\S-1-5-21-2704428714-541136749-3450515838-1000\..\Run : [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
04 - HKU\S-1-5-21-2704428714-541136749-3450515838-1000\..\Run : [xgqbc] "c:\users\maarine\appdata\local\xgqbc.exe" xgqbc
04 - HKU\S-1-5-21-2704428714-541136749-3450515838-1000\..\Run : [GM4IE] C:\Facemoi\facemoi.exe
04 - HKU\S-1-5-21-2704428714-541136749-3450515838-1000\..\Run : [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
04 - HKU\S-1-5-21-2704428714-541136749-3450515838-1000\..\Run : [cacaoweb] "C:\Users\Maarine\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer
04 - HKU\S-1-5-21-2704428714-541136749-3450515838-1000\..\Run : [SURVIVAL] wscript.exe //B "C:\Users\Maarine\AppData\Local\Temp\SURVIVAL.vbe"
04 - HKU\S-1-5-21-2704428714-541136749-3450515838-1000\..\Run : [Bubble Dock] "C:\Users\Maarine\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe" /winstartup
04 - HKU\S-1-5-21-2704428714-541136749-3450515838-1000\..\Run : [Optimizer Pro] C:\Program Files\Optimizer Pro\OptProLauncher.exe

################## | Recherche générique |

Supprimé! C:\Users\Maarine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SURVIVAL.vbe
Supprimé! C:\Users\Maarine\AppData\Local\Temp\SURVIVAL.vbe
Supprimé! F:\SURVIVAL.vbe
Supprimé! G:\SURVIVAL.vbe
Supprimé! H:\SURVIVAL.vbe
Supprimé! F:\_disk_id.lnk
Supprimé! F:\.lnk
Supprimé! F:\DVR.lnk
Supprimé! F:\le vampire MPS.lnk
Supprimé! F:\Mes Documents USB.lnk
Supprimé! F:\VIDEO.lnk
Supprimé! F:\MPS.lnk
Supprimé! G:\6- Scanner 8 décembre bis.lnk
Supprimé! G:\Vrai cadeau annie.lnk
Supprimé! G:\Willy.lnk
Supprimé! G:\Photos à  imprimer.lnk
Supprimé! G:\20 ans Marine (2013).lnk
Supprimé! G:\Welcome Back Marine (26 décembre 2013).lnk
Supprimé! G:\MOV_0110.lnk
Supprimé! G:\Epreuve bureautique.lnk
Supprimé! G:\IMG.lnk
Supprimé! G:\IMG_0001.lnk
Supprimé! G:\IMG_0002.lnk
Supprimé! G:\IMG_0003.lnk
Supprimé! G:\IMG_0004.lnk
Supprimé! G:\IMG_0005.lnk
Supprimé! G:\IMG_0006.lnk
Supprimé! G:\IMG_0007.lnk
Supprimé! G:\0 (4).lnk
Supprimé! H:\Dreamweaver 2.lnk
Supprimé! H:\autorun.lnk
Supprimé! H:\licence.lnk
Supprimé! H:\mostick.lnk
Supprimé! H:\start.lnk
Supprimé! H:\la géothermie.lnk
Supprimé! H:\The koala from A to Z.lnk
Supprimé! H:\photo de koala exposé 2.lnk
Supprimé! H:\L'aspirateur Exposé de technologie 4e6.lnk
Supprimé! H:\à‰volution d&#130;un objet technique aspi.lnk
Supprimé! H:\Option littérature et société.lnk
Supprimé! H:\le vampire MPS.lnk
Supprimé! H:\dist.lnk
Supprimé! H:\Mes Documents USB.lnk
Supprimé! H:\Photos voyage Angleterre.lnk
Supprimé! H:\Anglais.lnk
Supprimé! H:\Noémie.lnk

(!) Fichiers temporaires supprimés.

################## | Registre |

Réparé ! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowPrinters -> 1
Supprimé! HKU\S-1-5-21-2704428714-541136749-3450515838-1000\Software\Microsoft\Windows\CurrentVersion\Run|SURVIVAL
Supprimé! HKU\S-1-5-21-2704428714-541136749-3450515838-1000\Software\.\.\.\.\Mountpoints2\{7a50cfa0-de33-11e1-b258-00238b7a2958}
Supprimé! HKU\S-1-5-21-2704428714-541136749-3450515838-1000\Software\.\.\.\.\Mountpoints2\{b0e4d27d-d693-11de-9ec5-00238b7a2958}
Supprimé! HKU\S-1-5-21-2704428714-541136749-3450515838-1000\Software\.\.\.\.\Mountpoints2\{c15bc3ae-8a85-11df-ba8d-00238b7a2958}

################## | Listing |

[16/05/2009 - 18:39:27 | SHD] - C:\$RECYCLE.BIN
[18/09/2006 - 22:43:36 | A | 0 Ko] - C:\autoexec.bat
[30/08/2010 - 01:23:14 | D] - C:\BigFishGamesCache
[21/01/2009 - 09:06:57 | SHD] - C:\boot
[21/01/2008 - 03:24:42 | RASH | 325 Ko] - C:\bootmgr
[18/09/2006 - 22:43:37 | N | 0 Ko] - C:\config.sys
[02/11/2006 - 14:02:03 | SHD] - C:\Documents and Settings
[07/06/2011 - 21:17:07 | D] - C:\Facemoi
[05/01/2014 - 15:13:07 | ASH | 3140832 Ko] - C:\hiberfil.sys
[16/05/2009 - 18:29:10 | D] - C:\HP
[20/01/2009 - 23:17:16 | RHD] - C:\MSOCache
[23/12/2009 - 17:50:27 | D] - C:\My Music
[05/01/2014 - 15:13:05 | ASH | 3449284 Ko] - C:\pagefile.sys
[21/01/2008 - 03:32:31 | D] - C:\PerfLogs
[22/09/2010 - 16:08:34 | D] - C:\Phylogene
[05/01/2014 - 17:05:11 | D] - C:\Program Files
[05/01/2014 - 17:04:22 | HD] - C:\ProgramData
[15/09/2009 - 10:15:42 | D] - C:\SWSetup
[05/01/2014 - 16:18:06 | SHD] - C:\System Volume Information
[16/05/2009 - 18:29:43 | D] - C:\System.sav
[19/12/2010 - 21:39:48 | D] - C:\Temp
[05/01/2014 - 18:17:57 | D] - C:\UsbFix
[05/01/2014 - 18:24:19 | A | 12 Ko | F6C0CC3D6313A93E507374031AB06A8E] - C:\UsbFix [Clean 1] 16MAI2009.txt
[05/01/2014 - 17:32:46 | N | 16 Ko | 4D025C57F5AA6D30B261BCEC8A530910] - C:\UsbFix [Scan 2] 16MAI2009.txt
[16/05/2009 - 18:27:38 | D] - C:\Users
[01/01/2014 - 01:27:07 | D] - C:\Windows
[16/05/2009 - 18:39:27 | SHD] - D:\$RECYCLE.BIN
[05/01/2014 - 17:30:37 | RASHD] - D:\Autorun.inf
[16/05/2009 - 18:28:28 | N | 0 Ko] - D:\BLOCK.RIN
[13/01/2009 - 06:05:33 | RSHD] - D:\boot
[03/10/2006 - 22:02:44 | SH | 428 Ko] - D:\bootmgr
[04/11/2008 - 16:37:42 | SH | 1 Ko] - D:\Desktop.ini
[10/09/2002 - 15:14:28 | N | 8 Ko] - D:\Folder.htt
[13/01/2009 - 06:05:50 | D] - D:\HP
[05/01/2014 - 15:16:07 | N | 0 Ko] - D:\MASTER.LOG
[13/01/2009 - 06:05:43 | RSHD] - D:\PRELOAD
[12/09/2008 - 16:17:38 | SH | 373 Ko] - D:\protect.arabic
[15/09/2008 - 14:57:58 | SH | 178 Ko] - D:\protect.bulgarian
[16/09/2002 - 13:37:48 | SH | 178 Ko] - D:\protect.chinese hong kong
[16/09/2002 - 13:37:40 | SH | 178 Ko] - D:\protect.chinese simplified
[16/09/2002 - 13:37:48 | SH | 178 Ko] - D:\protect.chinese traditional
[27/04/2006 - 15:19:40 | SH | 178 Ko] - D:\protect.czech
[03/11/2005 - 14:21:26 | SH | 177 Ko] - D:\protect.danish
[10/09/2002 - 12:56:12 | SH | 177 Ko] - D:\protect.dutch
[10/09/2002 - 12:50:18 | SH | 177 Ko] - D:\protect.ed
[22/11/2004 - 14:28:30 | SH | 177 Ko] - D:\protect.english
[03/11/2005 - 14:20:20 | SH | 177 Ko] - D:\protect.finnish
[03/11/2005 - 14:19:52 | SH | 177 Ko] - D:\protect.french
[03/11/2005 - 14:18:10 | SH | 177 Ko] - D:\protect.german
[23/11/2005 - 14:56:46 | SH | 178 Ko] - D:\protect.greek
[23/01/2006 - 08:18:00 | SH | 178 Ko] - D:\protect.hebrew
[28/08/2007 - 13:58:08 | N | 177 Ko] - D:\protect.hungarian
[03/11/2005 - 14:17:00 | SH | 177 Ko] - D:\protect.italian
[19/06/2007 - 14:22:10 | SH | 178 Ko] - D:\protect.japanese
[24/11/2005 - 10:24:44 | SH | 213 Ko] - D:\protect.korean
[03/11/2005 - 14:15:12 | SH | 177 Ko] - D:\protect.norwegian
[25/04/2006 - 13:44:10 | SH | 178 Ko] - D:\protect.polish
[03/11/2005 - 14:13:12 | SH | 177 Ko] - D:\protect.portuguese
[27/10/2005 - 18:24:10 | SH | 178 Ko] - D:\protect.portuguese brazilian
[15/09/2008 - 14:57:54 | SH | 177 Ko] - D:\protect.romanian
[28/06/2004 - 07:52:46 | SH | 207 Ko] - D:\protect.russian
[04/07/2007 - 10:46:44 | SH | 178 Ko] - D:\protect.slovak
[03/11/2005 - 14:11:46 | SH | 177 Ko] - D:\protect.spanish
[10/09/2002 - 13:15:06 | SH | 177 Ko] - D:\protect.swedish
[12/08/2003 - 09:37:30 | SH | 178 Ko] - D:\protect.turkish
[13/01/2009 - 06:05:32 | RD] - D:\RECOVERY
[13/01/2009 - 06:05:41 | RSHD] - D:\SOURCES
[28/07/2009 - 09:59:30 | SHD] - D:\System Volume Information
[13/01/2009 - 06:05:49 | D] - D:\Tools
[13/01/2009 - 06:05:41 | D] - D:\WINDOWS
[27/09/2012 - 15:56:22 | N | 0 Ko] - F:\.~lock.NeWs 2.odt#
[20/12/2012 - 15:35:30 | D] - F:\Mes Documents USB
[01/01/1980 - 00:00:00 | D] - F:\DVR
[15/04/2013 - 18:13:32 | N | 0 Ko] - F:\.~lock.image art plastique.odt#
[04/01/2014 - 14:17:08 | N | 29 Ko] - F:\le vampire MPS.odt
[16/04/2013 - 19:02:28 | N | 0 Ko] - F:\_disk_id.pod
[17/11/2012 - 14:31:40 | D] - F:\VIDEO
[25/04/2013 - 15:29:54 | N | 0 Ko] - F:\.~lock.svt expo diapo.odp#
[05/01/2014 - 17:30:38 | RASHD] - F:\Autorun.inf
[04/01/2014 - 15:54:18 | N | 247 Ko] - F:\MPS.odt
[12/06/2013 - 18:39:38 | N | 0 Ko] - F:\.~lock.manine wanted.odg#
[25/12/2011 - 21:29:00 | N | 0 Ko] - F:\.nmdsdcid
[25/12/2011 - 21:29:00 | N | 0 Ko] - F:\nmdsdcid
[05/01/2014 - 17:30:38 | RASHD] - G:\Autorun.inf
[18/11/2013 - 19:49:42 | N | 89466 Ko] - G:\MOV_0110.mp4
[22/11/2013 - 14:27:46 | D] - G:\Willy
[26/11/2013 - 10:03:22 | N | 19 Ko] - G:\Epreuve bureautique.docx
[26/11/2013 - 10:03:32 | N | 104 Ko] - G:\Epreuve bureautique.pptx
[27/11/2013 - 11:35:08 | N | 758 Ko] - G:\IMG.pdf
[27/11/2013 - 11:36:02 | N | 756 Ko] - G:\IMG_0001.pdf
[27/11/2013 - 11:36:52 | N | 1025 Ko] - G:\IMG_0002.pdf
[27/11/2013 - 11:37:36 | N | 1021 Ko] - G:\IMG_0003.pdf
[27/11/2013 - 11:41:06 | N | 1005 Ko] - G:\IMG_0004.pdf
[27/11/2013 - 11:41:58 | N | 1002 Ko] - G:\IMG_0005.pdf
[27/11/2013 - 11:42:44 | N | 759 Ko] - G:\IMG_0006.pdf
[27/11/2013 - 11:43:26 | N | 786 Ko] - G:\IMG_0007.pdf
[07/04/2012 - 14:37:14 | N | 3212 Ko] - G:\0 (4).JPG
[17/12/2012 - 08:55:56 | N | 18742 Ko] - G:\6- Scanner 8 décembre bis.ppt
[15/12/2013 - 13:14:48 | D] - G:\Photos à  imprimer
[21/12/2013 - 14:07:26 | N | 1789 Ko] - G:\Vrai cadeau annie.jpg
[13/09/2013 - 19:21:18 | D] - G:\20 ans Marine (2013)
[27/12/2013 - 12:50:50 | D] - G:\Welcome Back Marine (26 décembre 2013)
[25/05/2009 - 13:25:26 | D] - H:\dist
[29/04/2009 - 18:15:38 | N | 35 Ko | 72BCE17F4B3ED98DE586B6B7958D7239] - H:\licence.txt
[25/05/2009 - 13:49:06 | D] - H:\Mes Documents USB
[10/04/2009 - 11:33:14 | N | 7 Ko] - H:\mostick.ico
[26/01/2010 - 11:05:12 | N | 11 Ko] - H:\la géothermie.doc
[15/06/2011 - 19:45:32 | D] - H:\Photos voyage Angleterre
[17/06/2011 - 21:27:38 | N | 6317 Ko] - H:\Pictures of London ?.ppt
[03/10/2011 - 10:11:46 | D] - H:\Anglais
[09/10/2011 - 13:48:40 | N | 10 Ko] - H:\The koala from A to Z..wps
[09/10/2011 - 15:45:12 | N | 2569 Ko] - H:\photo de koala exposé 2.wps
[18/01/2012 - 19:26:54 | N | 743 Ko] - H:\L'aspirateur Exposé de technologie 4e6.wps
[10/11/2011 - 17:04:08 | N | 140 Ko] - H:\à‰volution d&#130;un objet technique aspi.ppt
[05/01/2012 - 11:32:16 | D] - H:\Noémie
[28/11/2012 - 10:13:16 | N | 2 Ko] - H:\Option littérature et société.htm
[18/12/2013 - 16:18:20 | N | 33 Ko] - H:\le vampire MPS.odt
[05/01/2014 - 17:32:48 | RASHD] - H:\Autorun.inf

################## | Vaccin |

D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
F:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
H:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net" onclick="window.open(this.href);return false; - http://www.sosvirus.net" onclick="window.open(this.href);return false; |
#25843
re

ok, on va faire 1 diagnostic de ton pc afin de voir si tout est ok :P:

fais ceci et poste le rapport s'il te plaît
  • Télécharge ZHPDiag (de Nicolas Coolman) sur ton bureau.
  • Installe le logiciel.
  • Lance ZHPDiag, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
  • Clique sur Configurer
  • Clique sur l'icône représentant une loupe avec un + ( Lancer le diagnostic »)

    Note : Ne pas fermer le programme même si il est indiqué qu'il ne répond plus.

    Image
  • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPDiag.txt à  été créé.
  • Héberge le rapport ZHPDiag.txt sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum
:merci2:
#25845
Voilà  le rapport :
~ Rapport de ZHPDiag v2014.1.2.5 - Nicolas Coolman (02/01/2014)
~ Lancé par Maarine (05/01/2014 18:32:10)
~ Adresse du Site Web http://nicolascoolman.webs.com" onclick="window.open(this.href);return false;
~ Forums gratuits d'Assistance à  la désinfection : http://nicolascoolman.webs.com/apps/links/" onclick="window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v8.0.6001.19088
GCIE: Google Chrome v31.0.1650.63 (Defaut)
OBIE: Safari v5.33.21.1

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista (TM) Home Premium, 32-bit Service Pack 1 (Build 6001)
Windows Server License Manager Script : OK
~ Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : WQD8Q
Windows License : OK
Windows Automatic Updates : OK

---\\ Logiciels de protection du système
avast! Free Antivirus v9.0.2011
Norton Internet Security v16.0.0.125

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 10 Plugin
Adobe Reader X - Français

---\\ Informations sur le système
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3068 MB (46% free)
System Restore: Activé (Enable)
System drive C: has 42 GB (18%) free of 222 GB

---\\ Mode de connexion au système
~ Computer Name: 16MAI2009
~ User Name: Maarine
~ All Users Names: Maarine, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Maarine\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Maarine\AppData\Roaming\
~ %Desktop% : C:\Users\Maarine\Desktop\
~ %Favorites% : C:\Users\Maarine\Favorites\
~ %LocalAppData% : C:\Users\Maarine\AppData\Local\
~ %StartMenu% : C:\Users\Maarine\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 42 Go of 222 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 11 Go)
E: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Free 3 Go of 4 Go)
G: Floppy drive, Flash card reader, USB Key (Free 2 Go of 4 Go)
H: Floppy drive, Flash card reader, USB Key (Free 3 Go of 4 Go)



---\\ Etat du Centre de Sécurité Windows
~ Security Center: 38 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.4F554999D7D5F05DAAEBBA7B5BA1089D] - (.Microsoft Corporation - Explorateur Windows.) (.29/10/2008 - 07:29:41.) -- C:\Windows\Explorer.exe [2927104]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 - 03:23:42.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.DE4685DE5130039FA63DA66C0F72F787] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.28/05/2011 - 07:08:58.) -- C:\Windows\System32\wininet.dll [916480]
[MD5.C2610B6BDBEFC053BBDAB4F1B965CB24] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.21/01/2008 - 03:24:49.) -- C:\Windows\System32\Winlogon.exe [314880]
[MD5.48EB99503533C27AC6135648E5474457] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:16:42.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.9C0E70031905ADBF94EDB9EA14AF943B] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.21/01/2009 - 06:37:49.) -- C:\Windows\system32\Drivers\atapi.sys [21560]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:23:51.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.1EC25CEA0DE6AC4718BF89F9E1778B57] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/01/2008 - 03:23:02.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.A3E9FA213F443AC77C7746119D13FEEC] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:24:14.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.C87B1EE051C0464491C1A7B03FA0BC99] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/01/2008 - 03:23:22.) -- C:\Windows\system32\Drivers\HDAudBus.sys [53760]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:23:20.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:24:25.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.5734A0F2BE7E495F7D3ED6EFD4B9F5A1] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 13:49:35.) -- C:\Windows\system32\Drivers\MRxSmb.sys [105984]
[MD5.7C5FEE5B1C5728507CD96FB4A13E7A02] - (.Microsoft Corporation - MBT Transport driver.) (.21/01/2008 - 03:24:59.) -- C:\Windows\system32\Drivers\netBT.sys [184320]
[MD5.B4EFFE29EB4F15538FD8A9681108492D] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.21/01/2008 - 03:23:51.) -- C:\Windows\system32\Drivers\ntfs.sys [1081912]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 09:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/01/2008 - 03:24:55.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.FBC0BACD9C3D7F6956853F64A66E252D] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/01/2008 - 03:23:01.) -- C:\Windows\system32\Drivers\rdpdr.sys [248832]
[MD5.031E6BCD53C9B2B9ACE111EAFEC347B6] - (.Microsoft Corporation - SMB Transport driver.) (.21/01/2008 - 03:25:00.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.D09276B1FAB033CE1D40DCBDF303D10F] - (.Microsoft Corporation - TDI Translation Driver.) (.21/01/2008 - 03:24:53.) -- C:\Windows\system32\Drivers\tdx.sys [71680]
[MD5.D8B4A53DD2769F226B3EB374374987C9] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/01/2008 - 03:23:21.) -- C:\Windows\system32\Drivers\volsnap.sys [227896]
~ Generic Processes: Scanned in 00mn 01s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/16556
~ Mes musiques (My Musics) : 177/1621
~ Mes Videos (My Videos) : 1/14
~ Mes Favoris (My Favorites) : 1/120
~ Mes Documents (My Documents) : 1/5262
~ Mon Bureau (My Desktop) : 1/35
~ Menu demarrer (Programs) : 1/52
~ Hidden Files: Scanned in 00mn 07s



---\\ Processus lancés
[MD5.AFEBF9E0B223FF04709F747C172D3540] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3764024] [PID.2656]
[MD5.7F0D8AD2737CA7B060E2A5605911C627] - (.Elex do Brasil Participaçàµes Ltda - YACTray.) -- C:\Program Files\iSafe\iSafeTray.exe [599208] [PID.5996] =>Trojan.Staser
[MD5.4B555106290BD117334E9A08761C035A] - (...) -- ystem32\rundll32.exe [0] [PID.11520]
[MD5.376A9B411BF8B77D5BF84B24D0C7DACD] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [863184] [PID.1244]
[MD5.486BDC196F8914845302745A15310D62] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8321024] [PID.8532]
[MD5.D74884939D53612FD84AC82C59CCFE27] - (.AVAST Software - avast! Service.) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344] [PID.1896]
[MD5.2CDEAF8465CB05935EDA05759D3ADE64] - (.Elex do Brasil Participaçàµes Ltda - iSafeSvc.) -- C:\Program Files\iSafe\iSafeSvc.exe [491688] [PID.4952] =>Trojan.Staser
[MD5.14F2561F6B77D7524F7D3C589DDA7BF0] - (.Elex do Brasil Participaçàµes Ltda - iSafeSvc2.) -- C:\Program Files\iSafe\iSafeSvc2.exe [777384] [PID.5256] =>Trojan.Staser
[MD5.834A990F60FDEA9152202C4D6DC84A31] - (...) -- C:\Program Files\Bizzybolt\updateBizzybolt.exe [66848] [PID.3480] =>PUP.Bizzybolt
[MD5.A19B0BB5A7EB6DF2DD4A0711D36955EE] - (.Hewlett-Packard - HP Health Check Service.) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208] [PID.2388]
[MD5.0BA91E1358AD25236863039BB2609A2E] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [2623488] [PID.9056]
[MD5.5DAF7081A4BB112FA3F1915819330A3E] - (...) -- C:\Program Files\ZHPDiag\pv.exe [61440] [PID.0]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Maarine\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] http://www.nationzoom.com" onclick="window.open(this.href);return false; =>Hijacker.NationZoom
G2 - GCE: Preference [User Data\Default] [alelhddbbhepgpmgidjdcjakblofbmce] Superbe capture d'\u00C3\u00A9cran : capturer et annoter v.3.5.10, (Activé)
G2 - GCE: Preference [User Data\Default] [bjeikeheijdjdfjbmknpefojickbkmom] Offerbox v.2.1.3600.135 (Désactivé) =>PUP.OfferBox
G2 - GCE: Preference [User Data\Default] [dgbjdgnkkchgleommaaapafcigjjbnmg] Bizzybolt v.1.0.0 (Activé) =>PUP.Bizzybolt
G2 - GCE: Preference [User Data\Default] [dhdppnagkklahjmblgdojadgbiffhejd] Deeal_fr 0.2 v.1.25.52, (Activé)
G2 - GCE: Preference [User Data\Default] [dpicnlijpdlebkhpegfenfjpglinfdhm] OfferBox v.5.1.2514.23 (Désactivé) =>PUP.OfferBox
G2 - GCE: Preference [User Data\Default] [eidogommnbbcgnhfjkcgjnlonijjhmjl] SocialPlus! v.2.5.4 (Désactivé)
G2 - GCE: Preference [User Data\Default] [enggflalpipaefdpfehdcbmklnbhndfn] VDM - viedemerde.fr RSS Viewer v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [faminaibgiklngmfpfbhmokfmnglamcm] PanicButton v.0.14.2.2 (Activé)
G2 - GCE: Preference [User Data\Default] [gebbadcnkcgcfgpbmcdleckpejgopimf] cacaoweb v.1.18 (Activé) =>PUP.CacaoWeb
G2 - GCE: Preference [User Data\Default] [gjoijgcajekmbkdmpijbkdilkddokojp] Super Mario 2 v.0.3.0.0 (Désactivé)
G2 - GCE: Preference [User Data\Default] [gliedaffibdnbhbiaolgkdhhfbjgmhgi] Dots v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [ieacoaafajmkiffjfagoekhjjbdhbojp] Super Mario v.0.6.2.0 (Désactivé)
G2 - GCE: Preference [User Data\Default] [ifohbjbgfchkkfhphahclmkpgejiplfo] Lightning Newtab v.1.1.7.9, (Activé) =>PUP.Elex
G2 - GCE: Preference [User Data\Default] [ihflimipbcaljfnojhhknppphnnciiif] Facemoods v.1.2.1 (Désactivé) =>Adware.Facemoods
G2 - GCE: Preference [User Data\Default] [iknffkmlbmmhbnfhfnpopiembeecpokj] Facemoi v.2.3.0 (Désactivé) =>PUP.Facemoi
G2 - GCE: Preference [User Data\Default] [kbjlipmgfoamgjaogmbihaffnpkpjajp] Bubble Dock v.1.0.0.130 (Désactivé) =>PUP.BubbleDock
G2 - GCE: Preference [User Data\Default] [khcceooakamlehbimaepcldnnlnkcmfk] SaveSense v.3.5.0.0 (Activé) =>PUP.SaveSense
G2 - GCE: Preference [User Data\Default] [kngejcchcedjdemdaeneneeahmjnpaec] Interest Recognizer for Moovida v.3.4.1545.153 (Désactivé) =>Adware.SPointer
G2 - GCE: Preference [User Data\Default] [leahdjjpjmnamomgpojikeapflgbmjab] cacaoweb v.1.16 (Activé) =>PUP.CacaoWeb
G2 - GCE: Preference [User Data\Default] [licjnkifamhpbaefhdpacpmihicfbomb] PricePeep v.2.2.0.7 (Activé) =>Adware.PricePeep
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google\u00C2 Wallet v.0.0.6.0 (Activé)
~ Google Browser: 33 Legitimates Filtered in 00mn 03s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@t-immersion.com/DFusionHomeWebPlugIn] - (.Total Immersion - D'Fusion @Home Web Plug-In (2.30.11563.0).) -- C:\Program Files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll
~ Firefox Browser: 17 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nationzoom.com" onclick="window.open(this.href);return false; =>Hijacker.NationZoom
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nationzoom.com" onclick="window.open(this.href);return false; =>Hijacker.NationZoom
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com" onclick="window.open(this.href);return false; =>Hijacker.SmartBar
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nationzoom.com" onclick="window.open(this.href);return false; =>Hijacker.NationZoom
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nationzoom.com" onclick="window.open(this.href);return false; =>Hijacker.NationZoom
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com" onclick="window.open(this.href);return false; =>Hijacker.SmartBar
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.nationzoom.com" onclick="window.open(this.href);return false; =>Hijacker.NationZoom
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nationzoom.com" onclick="window.open(this.href);return false; =>Hijacker.NationZoom
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nationzoom.com" onclick="window.open(this.href);return false; =>Hijacker.NationZoom
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.com" onclick="window.open(this.href);return false; =>Hijacker.SmartBar
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.com" onclick="window.open(this.href);return false; =>Hijacker.SmartBar
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://fr.gdark.com" onclick="window.open(this.href);return false;
~ IE Browser: 20 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\Userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: SaveSense - {0f21b1e5-5afc-43c9-9c66-515046e92ec2} . (.SaveSense - SaveSense for IE.) -- C:\Program Files\SaveSense\SaveSenseIE.dll =>PUP.SaveSense
O2 - BHO: CrossriderApp0043960 - {11111111-1111-1111-1111-110411391160} . (.Corporate Inc - Deeal_fr 0.2 BHO.) -- C:\Program Files\Deeal_fr 0.2\Deeal_fr 0.2-bho.dll =>PUP.CrossRider
O2 - BHO: Bizzybolt - {13070af0-bc6c-4185-8baa-40a4cf05b323} . (.Bizzybolt - Bizzybolt.) -- C:\Program Files\Bizzybolt\Bizzyboltbho.dll =>PUP.Bizzybolt
O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} . (.PriceGong - PriceGong Comparative Shopping Tool.) -- C:\Program Files\PriceGong\2.5.0\PriceGongIE.dll =>Adware.PriceGong
O2 - BHO: ShoppingReport2 - {258C9770-1713-4021-8D7E-1F184A2BD754} . (.SmartShopper Networks - Pas de description.) -- C:\Program Files\ShoppingReport2\Bin\2.7.34\ShoppingReport.dll =>Adware.ShoppingReport
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} . (.AOL LLC - AOL IE Toolbar Dynamic Link Library.) -- C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} Clé orpheline
O2 - BHO: Interest recogniser for Moovida (powered by Spointer) - {E2A7BD67-0EAF-497f-B05B-748D7BF3C421} . (.Moovida - Interest Recognizer for Moovida.) -- C:\Program Files\Fluendo\Moovida\spointer\extensions\moovida_air_ie.dll =>Adware.SPointer
O2 - BHO: jeuxob.fr Toolbar - {f78e6501-b9de-48b9-b86c-6da8542ccc4e} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\jeuxob.fr\tbjeux.dll =>Toolbar.Conduit
O2 - BHO: OfferBox - {FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C} . (.Secure Digital Services Limited - OfferBox.) -- C:\Program Files\OfferBox\OfferBoxBHO.dll =>Adware.SPointer
O2 - BHO: PricePeep - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} . (.PricePeep - PricePeep.) -- C:\Program Files\PricePeep\pricepeep.dll =>Adware.PricePeep
~ BHO: 46 Legitimates Filtered in 00mn 01s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: AOL Toolbar - [HKLM]{DE9C389F-3316-41A7-809B-AA305ED9D922} . (.AOL LLC - AOL IE Toolbar Dynamic Link Library.) -- C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Hotbar - [HKLM]{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} . (.Pinball Corporation. - Hotbar.) -- C:\Program Files\Hotbar\bin\11.0.78.0\HostIE.dll
O3 - Toolbar: facemoods Toolbar - [HKLM]{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} . (...) -- C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll =>Adware.Facemoods
O3 - Toolbar: jeuxob.fr Toolbar - [HKLM]{f78e6501-b9de-48b9-b86c-6da8542ccc4e} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\jeuxob.fr\tbjeux.dll =>Toolbar.Conduit
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{DE9C389F-3316-41A7-809B-AA305ED9D922} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{F2CF5485-4E02-4F68-819C-B92DE9277049} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{F78E6501-B9DE-48B9-B86C-6DA8542CCC4E} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Aide et Support d'HP.lnk . (.Hewlett-Packard - HPHS Launcher.) -- C:\Windows\Help\OEM\scripts\HPHS_Launcher.exe
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe http://www.nationzoom.com" onclick="window.open(this.href);return false; =>Hijacker.NationZoom
O4 - GS\Desktop [Public]: Guitar Pro 6.lnk . (...) -- C:\Program Files\Guitar Pro 6\GuitarPro.exe
O4 - GS\Desktop [Public]: HP MediaSmart.lnk . (...) -- C:\Windows\Installer\{A7AC8E69-01FF-494E-9A2C-423B82CEA604}\_E26E59D8354615EA55556B.exe
O4 - GS\Desktop [Public]: HP Total Care Advisor.lnk . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - GS\Desktop [Public]: Jeux et musique gratuits.lnk . (...) -- C:\Program Files\Real\RealPlayer\freeoffers.rnx
O4 - GS\Desktop [Public]: Moovida.lnk . (.Fluendo Embedded - Moovida.) -- C:\Program Files\Fluendo\Moovida\Moovida.exe =>Adware.SPointer
O4 - GS\Desktop [Public]: More Great Games.lnk - Clé orpheline
O4 - GS\Desktop [Public]: My HP Games.lnk . (...) -- C:\Program Files\HP Games\onplay\onplay.exe
O4 - GS\Desktop [Public]: OpenOffice 4.0.1.lnk . (.Apache Software Foundation - OpenOffice 4.0.1.) -- C:\Program Files\OpenOffice 4\program\soffice.exe
O4 - GS\Desktop [Public]: Phylogène.lnk . (.INRP - Pas de description.) -- C:\Phylogene\Programmes\Phylo.exe
O4 - GS\Desktop [Public]: Play Plants vs Zombies.lnk . (...) -- C:\Program Files\Plants vs Zombies\LaunchGame.bfg
O4 - GS\Desktop [Public]: PokerStars.fr.lnk . (.PokerStars - PokerStars Update.) -- C:\Program Files\PokerStars.FR\PokerStarsUpdate.exe
O4 - GS\Desktop [Public]: Pour les enfants.lnk . (.EasyBits Software AS - For Kids.) -- C:\Program Files\EasyBits For Kids\Promo\ezKidsReady.exe =>.EasyBits Software AS
O4 - GS\Desktop [Public]: Safari.lnk . (...) -- C:\Windows\Installer\{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}\SafariIco.exe
O4 - GS\Desktop [Public]: YAC.lnk . (.Elex do Brasil Participaçàµes Ltda - iStart.) -- C:\Program Files\iSafe\iStart.exe =>Trojan.Staser
O4 - GS\Program [Public]: HP Total Care Advisor.lnk . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - GS\Program [Public]: Moovida.lnk . (.Fluendo Embedded - Moovida.) -- C:\Program Files\Fluendo\Moovida\Moovida.exe =>Adware.SPointer
O4 - GS\Program [Public]: More Great Games.lnk - Clé orpheline
O4 - GS\Program [Public]: Navigateur OfferBox.lnk . (...) -- C:\Program Files\OfferBox\OfferBoxLauncher.exe (.not file.) =>PUP.OfferBox
O4 - GS\Program [Public]: Pour les enfants.lnk . (.EasyBits Software AS - For Kids.) -- C:\Program Files\EasyBits For Kids\Promo\ezKidsReady.exe =>.EasyBits Software AS
O4 - GS\Program [Public]: Safari.lnk . (...) -- C:\Windows\Installer\{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}\SafariIco.exe
O4 - GS\QuickLaunch [Maarine]: Apple Safari.lnk . (...) -- C:\Windows\Installer\{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}\SafariIco.exe
O4 - GS\QuickLaunch [Maarine]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe http://www.nationzoom.com" onclick="window.open(this.href);return false; =>Hijacker.NationZoom
O4 - GS\QuickLaunch [Maarine]: Guitar Pro 6.lnk . (...) -- C:\Program Files\Guitar Pro 6\GuitarPro.exe
O4 - GS\QuickLaunch [Maarine]: HP MediaSmart Webcam.lnk . (.CyberLink Corp. - HP MediaSmart Webcam.) -- C:\Program Files\Hewlett-Packard\Media\Webcam\HPMediaSmartWebcam.exe
O4 - GS\QuickLaunch [Maarine]: HP MediaSmart.lnk . (...) -- C:\Windows\Installer\{A7AC8E69-01FF-494E-9A2C-423B82CEA604}\_3D6C77F60D97007F65EA64.exe
O4 - GS\QuickLaunch [Maarine]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.nationzoom.com" onclick="window.open(this.href);return false; =>Hijacker.NationZoom
O4 - GS\QuickLaunch [Maarine]: PhotoScape.lnk . (...) -- C:\Program Files\PhotoScape\PhotoScape.exe
O4 - GS\QuickLaunch [Maarine]: PokerStars.fr.lnk . (.PokerStars - PokerStars Update.) -- C:\Program Files\PokerStars.FR\PokerStarsUpdate.exe
O4 - GS\Program [Maarine]: Create Amazing Presentations.lnk - Clé orpheline
O4 - GS\Program [Maarine]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.nationzoom.com" onclick="window.open(this.href);return false; =>Hijacker.NationZoom
O4 - GS\Program [Maarine]: Lollipop.lnk . (...) -- C:\Users\Maarine\AppData\Local\Lollipop\Lollipop.exe =>Adware.Lollipop
O4 - GS\SystemTools [Maarine]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.nationzoom.com" onclick="window.open(this.href);return false; =>Hijacker.NationZoom
O4 - GS\Desktop [Maarine]: Create Amazing Presentations.lnk - Clé orpheline
O4 - GS\Desktop [Maarine]: Hôtel Mogul.lnk . (...) -- C:\Program Files\Jeux.fr\Hotel Mogul\HM.exe
O4 - GS\Desktop [Maarine]: Jane&#130;s Zoo.lnk . (.Oberon Media Inc. - Game Launcher.) -- C:\Program Files\Jeux.fr\Jane&#130;s Zoo\Launch.exe
O4 - GS\Desktop [Maarine]: Jeux.fr.lnk - Clé orpheline
O4 - GS\Desktop [Maarine]: MPS.lnk . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe =>.Microsoft Corporation
O4 - GS\Desktop [Maarine]: Objectif Examen.lnk . (.Macrovision Corporation - InstallShield.) -- C:\Users\Maarine\AppData\Roaming\Microsoft\Installer\{39853B6B-FA3D-4040-805D-957CE51C4D0D}\Moto.exe1_39853B6BFA3D4040805D957CE51C4D0D.exe
O4 - GS\Desktop [Maarine]: Optimizer Pro.lnk . (.PC Utilities Pro - Optimizer Pro.) -- C:\Program Files\Optimizer Pro\OptimizerPro.exe =>PUP.OptimizerPro
O4 - GS\Desktop [Maarine]: PhotoScape.lnk . (...) -- C:\Program Files\PhotoScape\PhotoScape.exe
O4 - GS\Desktop [Maarine]: StopPub.lnk . (...) -- C:\Program Files\JCA2000\StopPub\StopPub.exe
~ Global Startup: 116 Legitimates Filtered in 00mn 01s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Maarine]: Dropbox.lnk . (.Dropbox, Inc. - Dropbox.) -- C:\Users\Maarine\AppData\Roaming\Dropbox\bin\Dropbox.exe =>.Dropbox
O4 - GS\Startup [Maarine]: lollipop.lnk . (...) -- C:\Users\Maarine\AppData\Local\Lollipop\Lollipop.exe =>Adware.Lollipop
O4 - GS\Startup [Maarine]: PricePeepUpdater.lnk . (...) -- C:\Program Files\PricePeep\PricePeepUpdater.exe =>Adware.PricePeep
O4 - HKLM\..\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [DVDAgent] . (.CyberLink Corp. - HP DVDSmart Resident Program.) -- C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
O4 - HKLM\..\Run: [TSMAgent] . (.CyberLink Corp. - CyberLink PowerCinema Resident Program.) -- C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] . (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
O4 - HKLM\..\Run: [UCam_Menu] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [SmartMenu] . (.Hewlett-Packard - HP MediaSmart SmartMenu.) -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
O4 - HKLM\..\Run: [UpdateLBPShortCut] . (.CyberLink Corp. - StartMen Application.) -- C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [UpdatePSTShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] . (. Hewlett-Packard Development Company, L.P. - Quick Launch Buttons.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
O4 - HKLM\..\Run: [UpdateP2GoShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [UpdatePDIRShortCut] . (.CyberLink Corp. - StartMen Application.) -- C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [HP Health Check Scheduler] . (.Hewlett-Packard - HP Health Check Scheduler.) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [WirelessAssistant] . (.Hewlett-Packard - HP Wireless Assistant main program.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Google Quick Search Box] . (.Google Inc. - Quick Search Box.) -- C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] . (.Apple Inc. - AppleSyncNotifier.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe =>.RealNetworks, Inc
O4 - HKLM\..\Run: [Nikon Transfer Monitor] . (.Nikon Corporation - Nikon Transfer Monitor.) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
O4 - HKLM\..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe (.not file.) =>Adware.Facemoods
O4 - HKLM\..\Run: [Facemoi] . (.Pas de propriétaire - gm4ie MFC Application.) -- c:\Facemoi\facemoi.exe =>PUP.Facemoi
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
O4 - HKLM\..\RunOnce: [Del6273439] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\System32\cmd.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
O4 - HKCU\..\Run: [HPAdvisor] . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKCU\..\Run: [xgqbc] c:\users\maarine\appdata\local\xgqbc.exe (.not file.)
O4 - HKCU\..\Run: [GM4IE] . (.Pas de propriétaire - gm4ie MFC Application.) -- C:\Facemoi\facemoi.exe =>PUP.Facemoi
O4 - HKCU\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [cacaoweb] . (...) -- C:\Users\Maarine\AppData\Roaming\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb
O4 - HKCU\..\Run: [Bubble Dock] . (.Nosibay - Bubble Dock.) -- C:\Users\Maarine\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe =>PUP.BubbleDock
O4 - HKCU\..\Run: [Optimizer Pro] . (...) -- C:\Program Files\Optimizer Pro\OptProLauncher.exe =>PUP.OptimizerPro
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-21-2704428714-541136749-3450515838-1000\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
O4 - HKUS\S-1-5-21-2704428714-541136749-3450515838-1000\..\Run: [HPAdvisor] . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKUS\S-1-5-21-2704428714-541136749-3450515838-1000\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKUS\S-1-5-21-2704428714-541136749-3450515838-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKUS\S-1-5-21-2704428714-541136749-3450515838-1000\..\Run: [xgqbc] c:\users\maarine\appdata\local\xgqbc.exe (.not file.)
O4 - HKUS\S-1-5-21-2704428714-541136749-3450515838-1000\..\Run: [GM4IE] . (.Pas de propriétaire - gm4ie MFC Application.) -- C:\Facemoi\facemoi.exe =>PUP.Facemoi
O4 - HKUS\S-1-5-21-2704428714-541136749-3450515838-1000\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2704428714-541136749-3450515838-1000\..\Run: [cacaoweb] . (...) -- C:\Users\Maarine\AppData\Roaming\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb
O4 - HKUS\S-1-5-21-2704428714-541136749-3450515838-1000\..\Run: [Bubble Dock] . (.Nosibay - Bubble Dock.) -- C:\Users\Maarine\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe =>PUP.BubbleDock
O4 - HKUS\S-1-5-21-2704428714-541136749-3450515838-1000\..\Run: [Optimizer Pro] . (...) -- C:\Program Files\Optimizer Pro\OptProLauncher.exe =>PUP.OptimizerPro
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer à  OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars.fr - {90EAE591-7E7E-434a-8E28-ECFD00071806} -- C:\Program Files\PokerStars.FR\main.ico (.not file.)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: ClickPotato - {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} . (.Pinball Corporation - ClickPotato.) -- C:\Program Files\ClickPotatoLite\bin\10.0.668.0\ClickPotatoLiteSABHO.dll =>Adware.ClickPotato
O9 - Extra button: ShopperReports - Compare product prices - {DB38E21A-0133-419d-92AD-ECDFD5244D6D} . (.SmartShopper Networks - Pas de description.) -- C:\Program Files\ShoppingReport2\Bin\2.7.34\ShoppingReport.dll =>Adware.ShopperReports
O9 - Extra button: ShopperReports - Compare travel rates - {EB620C54-E229-4942-87CE-E717109FC8C6} . (.SmartShopper Networks - Pas de description.) -- C:\Program Files\ShoppingReport2\Bin\2.7.34\ShoppingReport.dll =>Adware.ShopperReports
~ IE Extra Buttons: Scanned in 00mn 01s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} ((no name)) - http://upload.facebook.com/controls/200 ... oader5.cab" onclick="window.open(this.href);return false;
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} ((no name)) - http://ak.exe.imgfarm.com/images/nocach ... .0.1.1.cab" onclick="window.open(this.href);return false; =>Adware.MyWebSearch
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} ((no name)) - http://messenger.zone.msn.com/FR-FR/a-U ... E_UNO1.cab" onclick="window.open(this.href);return false;
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} ((no name)) - http://download.divx.com/player/DivXBrowserPlugin.cab" onclick="window.open(this.href);return false;
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} ((no name)) - http://upload.facebook.com/controls/200 ... ader55.cab" onclick="window.open(this.href);return false;
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ((no name)) - http://fpdownload.macromedia.com/get/fl ... rashim.cab" onclick="window.open(this.href);return false;
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} ((no name)) - http://game10.zylom.com/activex/zylomgamesplayer.cab" onclick="window.open(this.href);return false;
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} ((no name)) - http://messenger.zone.msn.com/binary/Me ... b56907.cab" onclick="window.open(this.href);return false;
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} ((no name)) - http://gfx1.hotmail.com/mail/w4/pr01/ph ... dfr-fr.cab" onclick="window.open(this.href);return false;
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{79D624D1-A6E7-45CE-BA1D-90A0E60F5F03}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{79D624D1-A6E7-45CE-BA1D-90A0E60F5F03}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{79D624D1-A6E7-45CE-BA1D-90A0E60F5F03}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS3\Services\Tcpip\..\{79D624D1-A6E7-45CE-BA1D-90A0E60F5F03}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - C:\Program Files\Optimizer Pro\OptProCrash.dll =>PUP.OptimizerPro
~ AppInit DLL: Scanned in 00mn 00s



---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Optimizer Pro Crash Monitor (ca82e1a5) . (...) - C:\Program Files\optimi~1\OptProCrash.exe =>PUP.OptimizerPro
O23 - Service: iSafeService (iSafeService) . (.Elex do Brasil Participaçàµes Ltda - iSafeSvc.) - C:\Program Files\iSafe\iSafeSvc.exe =>Trojan.Staser
O23 - Service: SaveSenseLive Service (savesenselive) (savesenselive) . (.SaveSense - SaveSenseLive Update.) - C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe =>PUP.SaveSense
O23 - Service: SProtection (SProtection) . (.Iminent - Iminent Protection.) - C:\Program Files\Common Files\Umbrella\Umbrella.exe =>Adware.IMBooster
O23 - Service: Update Bizzybolt (Update Bizzybolt) . (...) - C:\Program Files\Bizzybolt\updateBizzybolt.exe =>PUP.Bizzybolt
O23 - Service: WinkHandler (WinkHandler) . (...) - C:\Program Files\Iminent\WinkHandler.exe =>Adware.IMBooster
O23 - Service: Wpm Service (Wpm) . (.Cherished Technololgy LIMITED - WPM Service.) - C:\ProgramData\WPM\wprotectmanager.exe =>PUP.WpManager
O23 - Service: Power Control [2009/01/13 06:10:32] ({55662437-DA8C-40c0-AADA-2C816A897A49}) . (.CyberLink Corp. - Pas de description.) - C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl
~ Services: 21 Legitimates Filtered in 00mn 09s



---\\ Tà¢ches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Deeal_fr 0.2-chromeinstaller.job [1930]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Deeal_fr 0.2-codedownloader.job [1196]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Deeal_fr 0.2-enabler.job [1096]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Deeal_fr 0.2-firefoxinstaller.job [2010]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Deeal_fr 0.2-updater.job [1294]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job [918] =>PUP.SaveSense
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job [922] =>PUP.SaveSense
[MD5.04DBFB81492ACEA9B3BFF307399B17A1] [APT] [Deeal_fr 0.2-chromeinstaller] (.Corporate Inc.) -- C:\Program Files\Deeal_fr 0.2\Deeal_fr 0.2-chromeinstaller.exe [783872]
[MD5.151F7CFD00FCDD316362E69584B1952F] [APT] [Deeal_fr 0.2-codedownloader] (.Corporate Inc.) -- C:\Program Files\Deeal_fr 0.2\Deeal_fr 0.2-codedownloader.exe [522240]
[MD5.11A1014D4CDEE26CECD3E9274B52F879] [APT] [Deeal_fr 0.2-enabler] (.Corporate Inc.) -- C:\Program Files\Deeal_fr 0.2\Deeal_fr 0.2-enabler.exe [343552]
[MD5.C3F03675C1EEAB1D26035320687EEE20] [APT] [Deeal_fr 0.2-firefoxinstaller] (.Corporate Inc.) -- C:\Program Files\Deeal_fr 0.2\Deeal_fr 0.2-firefoxinstaller.exe [832512]
[MD5.0F0F5AB9ACFF7C50B6925C87D36C958A] [APT] [Deeal_fr 0.2-updater] (.Corporate Inc.) -- C:\Program Files\Deeal_fr 0.2\Deeal_fr 0.2-updater.exe [352768]
[MD5.6F2939B1EC17A6631106CFD013A9CD77] [APT] [SaveSense] (...) -- C:\Users\Maarine\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.exe [199176] =>PUP.SaveSense
[MD5.C495D8665A32539660625182D23D5C59] [APT] [SaveSenseLiveUpdateTaskMachineCore] (.SaveSense.) -- C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe [146920] =>PUP.SaveSense
[MD5.C495D8665A32539660625182D23D5C59] [APT] [SaveSenseLiveUpdateTaskMachineUA] (.SaveSense.) -- C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe [146920] =>PUP.SaveSense
[MD5.87948212C71A773AEF4C68029BFAE924] [APT] [wp_update] (...) -- C:\Users\Maarine\AppData\Roaming\~guzsbhy.exe [493272] =>PUP.WpManager
~ Scheduled Task: 35 Legitimates Filtered in 00mn 02s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (iSafeNetFilter) . (.Elex do Brasil Participaçàµes Ltda - iSafeNetFilter SDK TDI Hook Driver (WPP).) - C:\Program Files\iSafe\iSafeNetFilter.sys =>Trojan.Staser
~ Drivers: 88 Legitimates Filtered in 00mn 02s



---\\ Logiciels installés (O42)
O42 - Logiciel: Bizzybolt - (.Bizzybolt.) [HKLM] -- Bizzybolt =>PUP.Bizzybolt
O42 - Logiciel: Deeal_fr 0.2 - (.Corporate Inc.) [HKLM] -- Deeal_fr 0.2
O42 - Logiciel: Duuqu Update Helper - (.Duuqu Group.) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} =>PUP.Duuqu
O42 - Logiciel: FREEzeFrog - (...) [HKLM] -- FREEzeFrogSA =>Adware.FreezeFrog
O42 - Logiciel: Favorit (kfcrp) - (...) [HKLM] -- kfcrp =>Adware.Favorit
O42 - Logiciel: Fissa - (.Secure Digital Services.) [HKLM] -- {4BD271AB-66E2-4D58-AF88-80FE3B0770C4} =>Adware.SPointer
O42 - Logiciel: Iminent - (.Iminent.) [HKLM] -- IMBoosterARP =>Adware.IMBooster
O42 - Logiciel: Lollipop - (.Lollipop Network, S.L..) [HKCU] -- lollipop =>Adware.Lollipop
O42 - Logiciel: PokerStars.fr - (.PokerStars.fr.) [HKLM] -- PokerStars.fr
O42 - Logiciel: PriceGong 2.5.0 - (.PriceGong.) [HKLM] -- PriceGong =>Adware.PriceGong
O42 - Logiciel: PricePeep - (.betwikx LLC.) [HKLM] -- PricePeep =>Adware.PricePeep
O42 - Logiciel: SaveSense (remove only) - (.SaveSense.) [HKLM] -- SaveSense =>PUP.SaveSense
O42 - Logiciel: SaveSense - (...) [HKCU] -- SaveSense =>PUP.SaveSense
O42 - Logiciel: ShopperReports - (.ShopperReports.) [HKLM] -- ShoppingReport2 =>Adware.ShopperReports
O42 - Logiciel: ShopperReports - (.SmartShopper.) [HKLM] -- ShopperReportsSA =>Adware.ShopperReports
O42 - Logiciel: WPM17.8.0.3159 - (.Cherished Technololgy LIMITED.) [HKLM] -- WPM =>PUP.WpManager
O42 - Logiciel: YAC - (.ELEX DO BRASIL PARTICIPAà‡à•ES LTDA.) [HKLM] -- iSafe =>Trojan.Staser
O42 - Logiciel: jeuxob.fr Toolbar - (...) [HKLM] -- jeuxob.fr Toolbar
~ Logic: 75 Legitimates Filtered in 00mn 01s
#25846
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Bizzybolt] =>PUP.Bizzybolt
[HKCU\Software\Duuqu] =>PUP.Duuqu
[HKCU\Software\FissaSearch] =>PUP.OfferBox
[HKCU\Software\IminentToolbar] =>Adware.IMBooster
[HKCU\Software\Iminent] =>Adware.IMBooster
[HKCU\Software\InstalledBrowserExtensions] =>Adware.VidSaver
[HKCU\Software\Machines]
[HKCU\Software\OfferBox] =>PUP.OfferBox
[HKCU\Software\SaveSenseLive] =>PUP.SaveSense
[HKCU\Software\ShopperReports3] =>Adware.ShopperReports
[HKCU\Software\ShoppingReport2] =>Adware.ShoppingReport
[HKCU\Software\SmartbarBackup] =>Hijacker.SmartBar
[HKCU\Software\SmartbarLog] =>Hijacker.SmartBar
[HKCU\Software\V9]
[HKCU\Software\YahooPartnerToolbar]
[HKCU\Software\cacaoweb] =>PUP.CacaoWeb
[HKCU\Software\clickpotatolitesa] =>Adware.ClickPotato
[HKCU\Software\facemoods.com] =>Adware.Facemoods
[HKCU\Software\fcn]
[HKCU\Software\freezefrogsa] =>Adware.FreezeFrog
[HKCU\Software\hblitesa] =>Adware.HotBar
[HKCU\Software\hotbarsa]
[HKLM\Software\ClickPotatoLite] =>Adware.ClickPotato
[HKLM\Software\Conduit] =>Toolbar.Conduit
[HKLM\Software\DealPlyLive] =>PUP.DealPly
[HKLM\Software\Duuqu] =>PUP.Duuqu
[HKLM\Software\FREEzeFrog] =>Adware.FreezeFrog
[HKLM\Software\FissaSearch] =>PUP.OfferBox
[HKLM\Software\HBLite] =>Adware.HotBar
[HKLM\Software\IminentToolbar] =>Adware.IMBooster
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\Nature]
[HKLM\Software\OfferBox] =>PUP.OfferBox
[HKLM\Software\SaveSenseLive] =>PUP.SaveSense
[HKLM\Software\ShopperReports3] =>Adware.ShopperReports
[HKLM\Software\Umbrella]
[HKLM\Software\VBMZ] =>PUP.Duuqu
[HKLM\Software\facemoods.com] =>Adware.Facemoods
[HKLM\Software\jeuxob.fr]
[HKLM\Software\supWPM] =>PUP.WpManager
~ Key Software: 451 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 05/01/2014 - 16:44:26 - [0,985] ----D C:\Program Files\Bizzybolt =>PUP.Bizzybolt
O43 - CFD: 19/12/2010 - 18:28:13 - [1,722] ----D C:\Program Files\ClickPotatoLite =>Adware.ClickPotato
O43 - CFD: 01/07/2011 - 21:39:27 - [0,497] ----D C:\Program Files\Conduit
O43 - CFD: 05/01/2014 - 17:06:29 - [7,259] ----D C:\Program Files\Deeal_fr 0.2
O43 - CFD: 05/01/2014 - 17:07:34 - [0] ----D C:\Program Files\Duuqu =>PUP.Duuqu
O43 - CFD: 25/03/2011 - 20:58:29 - [50,849] ----D C:\Program Files\Fluendo =>Adware.SPointer
O43 - CFD: 11/07/2011 - 21:48:18 - [0,819] ----D C:\Program Files\FREEzeFrog =>Adware.FreezeFrog
O43 - CFD: 03/06/2011 - 20:44:35 - [0,744] ----D C:\Program Files\HBLite =>Adware.HotBar
O43 - CFD: 28/12/2009 - 21:27:55 - [4,814] ----D C:\Program Files\Hotbar
O43 - CFD: 05/01/2014 - 16:43:16 - [5,788] ----D C:\Program Files\Iminent =>Adware.IMBooster
O43 - CFD: 05/01/2014 - 16:43:53 - [2,389] ----D C:\Program Files\IminentToolbar =>Adware.IMBooster
O43 - CFD: 05/01/2014 - 17:06:35 - [28,670] ----D C:\Program Files\iSafe =>Trojan.Staser
O43 - CFD: 01/07/2011 - 21:39:35 - [2,442] ----D C:\Program Files\jeuxob.fr
O43 - CFD: 28/09/2010 - 21:26:54 - [0] ----D C:\Program Files\KrysMirror
O43 - CFD: 13/11/2010 - 17:25:04 - [54,486] ----D C:\Program Files\LimeWire
O43 - CFD: 23/09/2011 - 18:07:01 - [3,102] ----D C:\Program Files\OfferBox =>PUP.OfferBox
O43 - CFD: 29/08/2010 - 23:27:52 - [48,520] ----D C:\Program Files\Plants vs Zombies
O43 - CFD: 27/06/2011 - 17:59:36 - [61,340] ----D C:\Program Files\PokerStars.FR
O43 - CFD: 07/06/2011 - 21:17:20 - [0,417] ----D C:\Program Files\PriceGong =>Adware.PriceGong
O43 - CFD: 05/01/2014 - 17:02:35 - [1,079] ----D C:\Program Files\PricePeep =>Adware.PricePeep
O43 - CFD: 05/01/2014 - 16:57:00 - [1,262] ----D C:\Program Files\SaveSense =>PUP.SaveSense
O43 - CFD: 05/01/2014 - 16:59:34 - [3,431] ----D C:\Program Files\SaveSenseLive =>PUP.SaveSense
O43 - CFD: 19/12/2010 - 18:27:49 - [2,857] ----D C:\Program Files\ShopperReports3 =>Adware.ShopperReports
O43 - CFD: 26/04/2011 - 23:37:36 - [1,175] ----D C:\Program Files\ShoppingReport2 =>Adware.ShoppingReport
O43 - CFD: 07/06/2011 - 21:30:22 - [0,866] ----D C:\Program Files\SocialPlus
O43 - CFD: 05/01/2014 - 16:42:54 - [2,771] ----D C:\Program Files\Common Files\Umbrella
O43 - CFD: 28/12/2009 - 21:27:59 - [0] ----D C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
O43 - CFD: 29/04/2011 - 12:18:19 - [3,985] ----D C:\ProgramData\ClickPotatoLiteSA =>Adware.ClickPotato
O43 - CFD: 24/08/2011 - 15:42:40 - [1,219] ----D C:\ProgramData\FREEzeFrogSA =>Adware.FreezeFrog
O43 - CFD: 04/06/2011 - 16:35:37 - [1,344] ----D C:\ProgramData\HBLiteSA =>Adware.HotBar
O43 - CFD: 29/12/2009 - 12:11:52 - [7,504] ----D C:\ProgramData\HotbarSA
O43 - CFD: 28/12/2009 - 19:26:51 - [0] ----D C:\ProgramData\Pipe Organ
O43 - CFD: 28/12/2009 - 19:33:02 - [0] ----D C:\ProgramData\PrintsService
O43 - CFD: 05/01/2014 - 16:59:33 - [0,038] ----D C:\ProgramData\SaveSenseLive =>PUP.SaveSense
O43 - CFD: 05/01/2014 - 17:04:35 - [0,477] ----D C:\ProgramData\WPM =>PUP.WpManager
O43 - CFD: 05/01/2014 - 16:12:48 - [0,463] ----D C:\Users\Maarine\AppData\Roaming\cacaoweb =>PUP.CacaoWeb
O43 - CFD: 19/12/2010 - 18:28:13 - [0] ----D C:\Users\Maarine\AppData\Roaming\ClickPotatoLite =>Adware.ClickPotato
O43 - CFD: 25/03/2011 - 21:00:56 - [0,024] ----D C:\Users\Maarine\AppData\Roaming\FissaSearch =>PUP.OfferBox
O43 - CFD: 11/07/2011 - 21:48:18 - [0] ----D C:\Users\Maarine\AppData\Roaming\FREEzeFrog =>Adware.FreezeFrog
O43 - CFD: 03/06/2011 - 20:44:35 - [0] ----D C:\Users\Maarine\AppData\Roaming\HBLite =>Adware.HotBar
O43 - CFD: 28/12/2009 - 21:27:59 - [0,075] ----D C:\Users\Maarine\AppData\Roaming\Hotbar
O43 - CFD: 05/01/2014 - 16:43:49 - [0,259] ----D C:\Users\Maarine\AppData\Roaming\IminentToolbar =>Adware.IMBooster
O43 - CFD: 05/01/2014 - 18:08:15 - [16,494] ----D C:\Users\Maarine\AppData\Roaming\iSafe =>Trojan.Staser
O43 - CFD: 13/11/2010 - 17:23:21 - [23,546] ----D C:\Users\Maarine\AppData\Roaming\LimeWire
O43 - CFD: 07/06/2011 - 21:13:26 - [0,270] ----D C:\Users\Maarine\AppData\Roaming\OfferBox =>PUP.OfferBox
O43 - CFD: 05/01/2014 - 16:57:16 - [0,190] ----D C:\Users\Maarine\AppData\Roaming\SaveSense =>PUP.SaveSense
O43 - CFD: 19/12/2010 - 18:27:49 - [0] ----D C:\Users\Maarine\AppData\Roaming\ShopperReports3 =>Adware.ShopperReports
O43 - CFD: 28/12/2009 - 21:27:57 - [0] ----D C:\Users\Maarine\AppData\Roaming\WeatherDPA
O43 - CFD: 05/01/2014 - 17:05:05 - [0] ----D C:\Users\Maarine\AppData\Roaming\wp_update =>PUP.WpManager
O43 - CFD: 05/01/2014 - 17:07:23 - [0] ----D C:\Users\Maarine\AppData\Local\Deeal_fr 0.2
O43 - CFD: 05/01/2014 - 16:53:23 - [0] ----D C:\Users\Maarine\AppData\Local\Duuqu =>PUP.Duuqu
O43 - CFD: 05/01/2014 - 16:42:58 - [1,196] ----D C:\Users\Maarine\AppData\Local\Lollipop =>Adware.Lollipop
O43 - CFD: 27/06/2011 - 18:08:56 - [0,606] ----D C:\Users\Maarine\AppData\Local\PokerStars.FR
O43 - CFD: 05/01/2014 - 16:59:34 - [0] ----D C:\Users\Maarine\AppData\Local\SaveSenseLive =>PUP.SaveSense
O43 - CFD: 29/08/2010 - 23:27:36 - [0,003] ----D C:\Users\Maarine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plants vs Zombies
O43 - CFD: 05/01/2014 - 16:57:01 - [0,001] ----D C:\Users\Maarine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense =>PUP.SaveSense
~ Program Folder: 297 Legitimates Filtered in 00mn 08s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.4D025C57F5AA6D30B261BCEC8A530910] - 05/01/2014 - 17:32:46 ----- . (...) -- C:\UsbFix [Scan 2] 16MAI2009.txt [16860]
O44 - LFC:[MD5.72DC2E12CBEBE9F0135A6C94F21F4F33] - 05/01/2014 - 18:24:27 ---A- . (...) -- C:\UsbFix [Clean 1] 16MAI2009.txt [18597]
~ Files: 22 Legitimates Filtered in 00mn 02s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.F8A6018193BE629B8EA4C5D7B2452B70] - 16/09/2004 - 12:26:40 ---A- . (...) -- C:\Windows\System32\Drivers\ADFUUD.SYS [12634]
O58 - SDL:[MD5.F385467DF95D0A73775CB3B076B8B969] - 01/01/2014 - 01:27:04 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944]
O58 - SDL:[MD5.1B0662514A68C3A42E60D240C5ABEF28] - 01/01/2014 - 01:27:04 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180248]
O58 - SDL:[MD5.23B62471681A124889978F6295B3F4C6] - 21/01/2008 - 03:23:22 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [342584]
O58 - SDL:[MD5.004B2EA6CC2598EC5F0552E43CE29CEF] - 04/09/2008 - 18:47:00 ---A- . (.ENE TECHNOLOGY INC. - ENE CIR Driver for eHome.) -- C:\Windows\System32\Drivers\enecir.sys [54784]
O58 - SDL:[MD5.BCED60D16156E428F8DF8CF27B0DF150] - 02/11/2006 - 10:50:07 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\System32\Drivers\iteatapi.sys [35944]
O58 - SDL:[MD5.06FA654504A498C30ADCA8BEC4E87E7E] - 02/11/2006 - 10:50:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\System32\Drivers\iteraid.sys [35944]
O58 - SDL:[MD5.84C78B53838BDEC2B0853ADC782CD5DE] - 26/10/2008 - 21:50:56 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt.sys [391168]
O58 - SDL:[MD5.9224BB254F591DE4CA8D572A5F0D635C] - 21/01/2008 - 03:23:20 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\System32\Drivers\uliahci.sys [238648]
O58 - SDL:[MD5.8514D0E5CD0534467C5FC61BE94A569F] - 02/11/2006 - 10:50:35 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\System32\Drivers\ulsata.sys [98408]
O58 - SDL:[MD5.38C3C6E62B157A6BC46594FADA45C62B] - 21/01/2008 - 03:23:23 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\Windows\System32\Drivers\ulsata2.sys [115816]
O58 - SDL:[MD5.83CAFCB53201BBAC04D822F32438E244] - 10/05/2011 - 07:06:08 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl.sys [42496]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 02/11/2006 - 08:09:45 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 02/11/2006 - 08:09:41 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 02/11/2006 - 08:09:44 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 02/11/2006 - 08:09:44 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 02/11/2006 - 08:09:29 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 02/11/2006 - 08:09:35 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 02/11/2006 - 08:09:38 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 02/11/2006 - 08:09:40 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 02/11/2006 - 08:09:31 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 02/11/2006 - 08:09:20 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 02/11/2006 - 08:09:23 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 02/11/2006 - 08:09:24 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 02/11/2006 - 08:09:26 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 02/11/2006 - 08:09:22 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 16 Legitimates Filtered in 00mn 09s



---\\ Recherche heuristique Magic.control (HSMI) (O59)
O59 - HSMI:Heuristic Search MagicControl Infection - (...) -- C:\Users\Maarine\AppData\Local\branujqf_nav.dat
O59 - HSMI:Heuristic Search MagicControl Infection - (...) -- C:\Users\Maarine\AppData\Local\branujqf_navps.dat
O59 - HSMI:Heuristic Search MagicControl Infection - (...) -- C:\Users\Maarine\AppData\Local\cxfbpmc_navps.dat
O59 - HSMI:Heuristic Search MagicControl Infection - (...) -- C:\Users\Maarine\AppData\Local\pactcfq_nav.dat
O59 - HSMI:Heuristic Search MagicControl Infection - (...) -- C:\Users\Maarine\AppData\Local\branujqf.dat
O59 - HSMI:Heuristic Search MagicControl Infection - (...) -- C:\Users\Maarine\AppData\Local\branujqf.exe
O59 - HSMI:Heuristic Search MagicControl Infection - (...) -- C:\Users\Maarine\AppData\Local\cxfbpmc.dat
O59 - HSMI:Heuristic Search MagicControl Infection - (.tamponneuse - prelado.) -- C:\Users\Maarine\AppData\Local\cxfbpmc.exe
O59 - HSMI:Heuristic Search MagicControl Infection - (...) -- C:\Users\Maarine\AppData\Local\pactcfq.bat
~ Files: Scanned in 00mn 00s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 02/01/2014 - 18:33:54 ---A- . (...) -- C:\Users\Maarine\AppData\Local\Google\Quick Search Box\cache.backup [2174976]
O61 - LFC: 02/01/2014 - 18:33:54 ---A- . (...) -- C:\Users\Maarine\AppData\Local\Google\Quick Search Box\ranking.backup [1255424]
O61 - LFC: 02/01/2014 - 18:34:01 ---A- . (...) -- C:\Users\Maarine\AppData\Roaming\iSafe\eas\eas.dat.new [31744] =>Trojan.Staser
O61 - LFC: 02/01/2014 - 18:34:06 ---A- . (...) -- C:\Users\Maarine\AppData\Roaming\wklnhst.dat [11336]
O61 - LFC: 02/01/2014 - 18:34:09 ---A- . (...) -- C:\Users\Maarine\Downloads\Business Project (1).odt [34706]
O61 - LFC: 02/01/2014 - 18:34:09 ---A- . (...) -- C:\Users\Maarine\Downloads\Business Project.odt [34706]
O61 - LFC: 02/01/2014 - 18:34:09 ---A- . (...) -- C:\Users\Maarine\Downloads\Interviews.odt [12422]
O61 - LFC: 05/01/2014 - 18:33:35 ---A- . (...) -- C:\Users\Maarine\AppData\Local\GDIPFONTCACHEV1.DAT [82424]
O61 - LFC: 05/01/2014 - 18:33:35 ---A- . (...) -- C:\Users\Maarine\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [264871]
O61 - LFC: 05/01/2014 - 18:33:54 ---A- . (...) -- C:\Users\Maarine\AppData\Local\Google\Chrome\User Data\Local State [61367]
O61 - LFC: 05/01/2014 - 18:33:54 ---A- . (...) -- C:\Users\Maarine\AppData\Local\Google\Quick Search Box\app_launcher_apps.data [113664]
O61 - LFC: 05/01/2014 - 18:33:54 ---A- . (...) -- C:\Users\Maarine\AppData\Local\Google\Quick Search Box\app_launcher_links.data [174080]
O61 - LFC: 05/01/2014 - 18:33:54 ---A- . (...) -- C:\Users\Maarine\AppData\Local\Google\Quick Search Box\cache.db [2174976]
O61 - LFC: 05/01/2014 - 18:33:54 ---A- . (...) -- C:\Users\Maarine\AppData\Local\Google\Quick Search Box\ranking.db [1255424]
O61 - LFC: 05/01/2014 - 18:33:54 ---A- . (...) -- C:\Users\Maarine\AppData\Local\Google\Toolbar Cache\7.5.4601.54\fr\translate_element.js.content [2385]
O61 - LFC: 05/01/2014 - 18:33:54 ---A- . (...) -- C:\Users\Maarine\AppData\Local\Google\Toolbar Cache\7.5.4601.54\fr\translate_languages.json.content [2033]
O61 - LFC: 05/01/2014 - 18:33:54 ---A- . (...) -- C:\Users\Maarine\AppData\Local\Google\Toolbar\broker_metrics.xml [2955]
O61 - LFC: 05/01/2014 - 18:33:54 ---A- . (...) -- C:\Users\Maarine\AppData\Local\Lollipop\Lollipop.exe [893960] =>Adware.Lollipop
O61 - LFC: 05/01/2014 - 18:33:54 ---A- . (...) -- C:\Users\Maarine\AppData\Local\Lollipop\logo.ico [17542] =>Adware.Lollipop
O61 - LFC: 05/01/2014 - 18:33:54 ---A- . (...) -- C:\Users\Maarine\AppData\Local\Lollipop\lollipop.bat [340] =>Adware.Lollipop
O61 - LFC: 05/01/2014 - 18:33:54 ---A- . (...) -- C:\Users\Maarine\AppData\Local\Lollipop\lollipop.lpd [3820] =>Adware.Lollipop
O61 - LFC: 05/01/2014 - 18:33:54 ---A- . (...) -- C:\Users\Maarine\AppData\Local\Lollipop\lollipop_cfg.lpd [336406] =>Adware.Lollipop
O61 - LFC: 05/01/2014 - 18:33:54 ---A- . (...) -- C:\Users\Maarine\AppData\Local\Lollipop\lollipop_ps.lpd [1549] =>Adware.Lollipop
O61 - LFC: 05/01/2014 - 18:33:55 ---A- . (...) -- C:\Users\Maarine\AppData\Local\moovida Air\cid.txt [16] =>Adware.SPointer
O61 - LFC: 05/01/2014 - 18:33:55 ---A- . (...) -- C:\Users\Maarine\AppData\Local\moovida Air\country.sxe [233479] =>Adware.SPointer
O61 - LFC: 05/01/2014 - 18:33:55 ---A- . (...) -- C:\Users\Maarine\AppData\Local\moovida Air\history.db [16384] =>Adware.SPointer
O61 - LFC: 05/01/2014 - 18:33:55 ---A- . (...) -- C:\Users\Maarine\AppData\Local\moovida Air\update.sxe [1226] =>Adware.SPointer
O61 - LFC: 05/01/2014 - 18:33:55 ---A- . (...) -- C:\Users\Maarine\AppData\Local\moovida Air\update.xml [426] =>Adware.SPointer
O61 - LFC: 05/01/2014 - 18:33:59 ---A- . (...) -- C:\Users\Maarine\AppData\Local\VisualBeeExe\uninst.exe [78338] =>Adware.VisualBeeToolbar
O61 - LFC: 05/01/2014 - 18:34:00 ---A- . (...) -- C:\Users\Maarine\AppData\Roaming\cacaoweb\npdfile.dat [186] =>PUP.CacaoWeb
O61 - LFC: 05/01/2014 - 18:34:00 ---A- . (...) -- C:\Users\Maarine\AppData\Roaming\cacaoweb\storage.db [25] =>PUP.CacaoWeb
O61 - LFC: 05/01/2014 - 18:34:01 ---A- . (...) -- C:\Users\Maarine\AppData\Roaming\iSafe\ico\1ef249aacf75053c008316116ed9e4b6.ico [26582] =>Trojan.Staser
O61 - LFC: 05/01/2014 - 18:34:01 ---A- . (...) -- C:\Users\Maarine\AppData\Roaming\iSafe\ico\238502e36dd394dd33b7ab8ef00b8531.ico [61755] =>Trojan.Staser
O61 - LFC: 05/01/2014 - 18:34:01 ---A- . (...) -- C:\Users\Maarine\AppData\Roaming\iSafe\ico\2fe121bddc64a3d4caa37b5fe546f4e8.ico [1078] =>Trojan.Staser
O61 - LFC: 05/01/2014 - 18:34:01 ---A- . (...) -- C:\Users\Maarine\AppData\Roaming\iSafe\ico\485b83ae2c7174f0b6badf4d48faadd2.ico [17542] =>Trojan.Staser
O61 - LFC: 05/01/2014 - 18:34:01 ---A- . (...) -- C:\Users\Maarine\AppData\Roaming\iSafe\ico\654c43f8c6ea9e4508cc2c25717e25e5.ico [5430] =>Trojan.Staser
O61 - LFC: 05/01/2014 - 18:34:01 ---A- . (...) -- C:\Users\Maarine\AppData\Roaming\iSafe\ico\66354d2ebb1402ee7d27c48dce181ce5.ico [85138] =>Trojan.Staser
O61 - LFC: 05/01/2014 - 18:34:02 ---A- . (...) -- C:\Users\Maarine\AppData\Roaming\iSafe\ico\a45a851d65153dde72e40b74b164f35f.ico [85138] =>Trojan.Staser
O61 - LFC: 05/01/2014 - 18:34:02 ---A- . (...) -- C:\Users\Maarine\AppData\Roaming\iSafe\ico\a67b6288bb3774a3d47fee867442e2bc.ico [22486] =>Trojan.Staser
O61 - LFC: 05/01/2014 - 18:34:02 ---A- . (...) -- C:\Users\Maarine\AppData\Roaming\iSafe\ico\ab6b188a4cd9c5bf6b2d10cfaa97179a.ico [1150] =>Trojan.Staser
O61 - LFC: 05/01/2014 - 18:34:02 ---A- . (...) -- C:\Users\Maarine\AppData\Roaming\iSafe\ico\b8c74f63707a0b9b7e470bb6423944a0.ico [1150] =>Trojan.Staser
O61 - LFC: 05/01/2014 - 18:34:02 ---A- . (...) -- C:\Users\Maarine\AppData\Roaming\iSafe\ico\c8091692fedf95c960b66f1deaaf8386.ico [97527] =>Trojan.Staser
O61 - LFC: 05/01/2014 - 18:34:02 ---A- . (...) -- C:\Users\Maarine\AppData\Roaming\iSafe\ico\cbd00080ff37b24fde98c474072a0e0f.ico [55773] =>Trojan.Staser
O61 - LFC: 05/01/2014 - 18:34:02 ---A- . (...) -- C:\Users\Maarine\AppData\Roaming\iSafe\ico\e5b4615952e8e1d4f72975d1d346437c.ico [102175] =>Trojan.Staser
O61 - LFC: 05/01/2014 - 18:34:02 ---A- . (...) -- C:\Users\Maarine\AppData\Roaming\iSafe\ico\f0afe09371049d9e8093d63a89044d47.ico [5430] =>Trojan.Staser
O61 - LFC: 05/01/2014 - 18:34:02 ---A- . (...) -- C:\Users\Maarine\AppData\Roaming\iSafe\ico\f63bce5be61fb98ce4302d3adfacfccd.ico [766] =>Trojan.Staser
O61 - LFC: 05/01/2014 - 18:34:02 ---A- . (.Elex do Brasil Participaçàµes Ltda.) -- C:\Users\Maarine\AppData\Roaming\iSafe\update\isafe_update_v3.8.20.exe [6432424] =>Trojan.Staser
O61 - LFC: 05/01/2014 - 18:34:06 ---A- . (...) -- C:\Users\Maarine\AppData\Roaming\ZHP\Log.txt [29109] =>.Nicolas Coolman
O61 - LFC: 05/01/2014 - 18:34:06 ---A- . (...) -- C:\Users\Maarine\AppData\Roaming\ZHP\TestsZHPDiag.txt [2869] =>.Nicolas Coolman
O61 - LFC: 05/01/2014 - 18:34:06 ---A- . (...) -- C:\Users\Maarine\AppData\Roaming\wp_update\currentVersion.txt [1] =>PUP.WpManager
O61 - LFC: 05/01/2014 - 18:34:06 ---A- . (...) -- C:\Users\Maarine\AppData\Roaming\~guzsbhy.exe [493272]
O61 - LFC: 05/01/2014 - 18:34:09 ---A- . (.*Rapiddown*.) -- C:\Users\Maarine\Downloads\UsbFix.exe [176488]
~ 104 Fichiers temporaires (Temporary files)
~ 1 Fichiers cookies (Cookies files)
~ Files: 1148 Legitimates Filtered in 00mn 39s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: UsbFix - (.El Desaparecido - http://www.usbfix.net" onclick="window.open(this.href);return false; - http://www.sosvirus.net" onclick="window.open(this.href);return false;.) [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 27/12/2013 - C:\Program Files\iSafe\iSafeKrnl.sys (iSafeKrnl) .(.Elex do Brasil Participaçàµes Ltda - iSafe Kernel Driver.) - LEGACY_ISAFEKRNL =>Trojan.Staser
O64 - Services: CurCS - 27/12/2013 - C:\Program Files\iSafe\iSafeNetFilter.sys (iSafeNetFilter) .(.Elex do Brasil Participaçàµes Ltda - iSafeNetFilter SDK TDI Hook Driver (WPP).) - LEGACY_ISAFENETFILTER =>Trojan.Staser
~ Legacy: 125 Legitimates Filtered in 00mn 02s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <chrome.exe> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- c:\program files\google\chrome\application\chrome.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- c:\program files\google\chrome\application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- c:\program files\internet explorer\iexplore.exe
O68 - StartMenuInternet: <Safari.exe> <Safari>[HKLM\..\Shell\open\Command] (.Apple Inc. - Safari.) -- c:\program files\safari\safari.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {10B4E706-0FB5-43BE-88B2-C3CC5CCFECC8} - (Surf Canyon) - http://search.surfcanyon.com" onclick="window.open(this.href);return false;
O69 - SBI: SearchScopes [HKCU] {19A8A889-0D8E-43E5-9A15-56A283ADA300} - (Kelkoo) - http://fr.kelkoopartners.net" onclick="window.open(this.href);return false;
O69 - SBI: SearchScopes [HKCU] {2B7B7EFC-C234-4532-822B-A8D74D7EF7EB} - (gdark) - http://fr.gdark.com" onclick="window.open(this.href);return false;
O69 - SBI: SearchScopes [HKCU] {56256A51-B582-467e-B8D4-7786EDA79AE0} - (My Web Search) - http://www.mywebsearch.com" onclick="window.open(this.href);return false; =>Adware.MyWebSearch
O69 - SBI: SearchScopes [HKCU] {5FF4A236-3AE1-4747-B3BE-C65A39970202} - (AOL Recherche) - http://slirsredirect.search.aol.com" onclick="window.open(this.href);return false;
O69 - SBI: SearchScopes [HKCU] {61B32A86-DAE6-4B41-A4AB-A2AA48FB0565} - (Yahoo!) - http://fr.search.yahoo.com" onclick="window.open(this.href);return false;
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - http://www.google.com" onclick="window.open(this.href);return false;
O69 - SBI: SearchScopes [HKCU] {afdbddaa-5d3f-42ee-b79c-185a7020515b} - (jeuxob.fr Customized Web Search) - http://search.conduit.com" onclick="window.open(this.href);return false;
O69 - SBI: SearchScopes [HKCU] {b41306c6-96d0-442a-bcc4-b0f621e82ce9} - (Fissa) - http://www.fissa.com" onclick="window.open(this.href);return false; =>PUP.OfferBox
O69 - SBI: SearchScopes [HKCU] {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} - (SearchTheWeb) - http://search.iminent.com" onclick="window.open(this.href);return false; =>Adware.IMBooster
O69 - SBI: SearchScopes [HKCU] {E08A9998-D98F-476f-8F5C-37C80FE0A4DA} - (Jeux.fr) - http://search.conduit.com" onclick="window.open(this.href);return false;
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à  la racine du système (SPRF) (O84)
[MD5.FD9C65AA2AAA145C270B36EBA082922E] [SPRF][22/12/2010] (...) -- C:\Users\Maarine\AppData\Local\branujqf.dat [3336]
[MD5.4975D75683E2CC0B9E3182BA0BCC8B1F] [SPRF][22/12/2010] (...) -- C:\Users\Maarine\AppData\Local\branujqf.exe [692224]
[MD5.6410933A25965F4397EAC0A0A62F0433] [SPRF][17/12/2010] (...) -- C:\Users\Maarine\AppData\Local\branujqf_nav.dat [292073]
[MD5.6FE4DC8A332368D0240C0C1E2FF225F5] [SPRF][22/12/2010] (...) -- C:\Users\Maarine\AppData\Local\branujqf_navps.dat [4203]
[MD5.EF0B589D5C44781E5C557217F31F81CD] [SPRF][05/05/2010] (...) -- C:\Users\Maarine\AppData\Local\cxfbpmc.dat [3470]
[MD5.453D926BCAFE593F05FA4D41C7924B0E] [SPRF][05/05/2010] (.tamponneuse - prelado.) -- C:\Users\Maarine\AppData\Local\cxfbpmc.exe [421888]
[MD5.973449A94542F44C6CA2584BD0FBE3ED] [SPRF][05/05/2010] (...) -- C:\Users\Maarine\AppData\Local\cxfbpmc_navps.dat [2955]
[MD5.4D4C1057D408E9FA54F4D8F8283EA9BD] [SPRF][23/06/2013] (...) -- C:\Users\Maarine\AppData\Local\d3d9caps.dat [6836]
[MD5.FB1749DDECA2DB45CD208624CFBB692B] [SPRF][03/10/2010] (...) -- C:\Users\Maarine\AppData\Local\gxjclco.bat [92]
[MD5.534D78034B774B6266F2189576F8C6E3] [SPRF][05/05/2010] (...) -- C:\Users\Maarine\AppData\Local\kfcrp.bat [92]
[MD5.D9112FC87DEC112A601CFA1986E4919B] [SPRF][22/12/2010] (...) -- C:\Users\Maarine\AppData\Local\knrfjmj.bat [93]
[MD5.632E01B45D4E0D3537CCE6003624F84F] [SPRF][25/11/2009] (...) -- C:\Users\Maarine\AppData\Local\owgnww.exe [321536]
[MD5.A55AA635F61005159C9EF3FA3C518572] [SPRF][06/08/2010] (...) -- C:\Users\Maarine\AppData\Local\pactcfq.bat [91]
[MD5.A36D577D2FEE645779B509C908263332] [SPRF][29/04/2010] (...) -- C:\Users\Maarine\AppData\Local\pactcfq_nav.dat [332502]
[MD5.ABDEFA6CCA60455E9640E67EFA052E2D] [SPRF][08/09/2010] (...) -- C:\Users\Maarine\AppData\Local\vmddsj.bat [92]
[MD5.2C7FCD1FF1E41FFAF03DD565E97C65F6] [SPRF][02/01/2014] (...) -- C:\Users\Maarine\AppData\Roaming\wklnhst.dat [11336]
[MD5.87948212C71A773AEF4C68029BFAE924] [SPRF][05/01/2014] (.Pas de propriétaire - wp_update scheduler.) -- C:\Users\Maarine\AppData\Roaming\~guzsbhy.exe [493272] =>PUP.WpManager
[MD5.6AABCAB9FF3FFB26EF173153B765483D] [SPRF][05/01/2014] (...) -- C:\Users\Maarine\Desktop\cacaoweb.exe [469504] =>PUP.CacaoWeb
~ Files: 23 Legitimates Filtered in 00mn 02s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{8E9460AD-1D6D-4320-A93E-334CDECAB84C}" | In - Public - P6 - TRUE | .(.Lime Wire, LLC - LimeWire.) -- C:\Program Files\LimeWire\LimeWire.exe
O87 - FAEL: "{24A4F675-7DB0-4140-9AA7-F1A259383767}" | In - Public - P17 - TRUE | .(.Lime Wire, LLC - LimeWire.) -- C:\Program Files\LimeWire\LimeWire.exe
O87 - FAEL: "TCP Query User{E1BC53E6-161C-4AC6-AE04-3036D8E1A00B}C:\program files\fluendo\moovida\moovida.exe" | In - Public - P6 - TRUE | .(.Fluendo Embedded - Moovida.) -- C:\program files\fluendo\moovida\moovida.exe =>Adware.SPointer
O87 - FAEL: "UDP Query User{C1FFE696-E10B-4220-BE68-411059A974C0}C:\program files\fluendo\moovida\moovida.exe" | In - Public - P17 - TRUE | .(.Fluendo Embedded - Moovida.) -- C:\program files\fluendo\moovida\moovida.exe =>Adware.SPointer
O87 - FAEL: "TCP Query User{E205D862-02B6-4FD3-BA26-82D0BAB94424}C:\users\maarine\appdata\roaming\cacaoweb\cacaoweb.exe" | In - Public - P6 - TRUE | .(...) -- C:\users\maarine\appdata\roaming\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb
O87 - FAEL: "UDP Query User{F6C2D4F4-83D9-431D-A2F9-640CC53C9DFC}C:\users\maarine\appdata\roaming\cacaoweb\cacaoweb.exe" | In - Public - P17 - TRUE | .(...) -- C:\users\maarine\appdata\roaming\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb
~ Firewall: 202 Legitimates Filtered in 00mn 02s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "112C48061A10E464790A9077E221B205" . (.Moovida.) -- C:\Windows\Installer\{6084C211-01A1-464E-97A0-09772E122B50}\ARPPRODUCTICON.exe =>Adware.SPointer
O90 - PUC: "BA172DB42E6685D4FA8808EFB370074C" . (.Fissa.) -- C:\Windows\Installer\{4BD271AB-66E2-4D58-AF88-80FE3B0770C4}\ARPPRODUCTICON.exe =>PUP.OfferBox
~ Update Products: 147 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.AA54E9B868A06651B9271D93BF6776F8] [WIS][25/03/2011] (.Secure Digital Services - Moovida.) -- C:\Windows\Installer\1945710.msi [2633728] =>Adware.SPointer
[MD5.B1954A21F896AA25E097683CDEB4DD8E] [WIS][25/03/2011] (.Secure Digital Services - Fissa.) -- C:\Windows\Installer\1945716.msi [1275392] =>Adware.SPointer
[MD5.A4B00F9538946C89EC22D38250B68952] [WIS][13/01/2009] (.ATI - Catalyst Control Center.) -- C:\Windows\Installer\2761a.msi [1043968]
[MD5.BF2728E25E93735A80C7065A83BD2188] [WIS][05/01/2014] (.Duuqu Group - Duuqu Update Helper.) -- C:\Windows\Installer\57414c.msi [22016] =>PUP.Duuqu
[MD5.439E0735178094C34136EFC343AC4A7F] [WIS][28/12/2009] (.Nikon - Blank Project Template.) -- C:\Windows\Installer\5a8cd9.msi [8215040]
~ WIS: 158 Legitimates Filtered in 00mn 28s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 27/06/2008 77824 | (AESTFilters) . (.Andrea Electronics Corporation.) - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\aestsrv.exe
SS - | Auto 25/05/2011 37664 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SS - | Auto 31/12/2008 724992 | (Ati External Event Utility) . (.ATI Technologies Inc..) - C:\Windows\System32\Ati2evxx.exe
SS - | Auto 06/04/2011 349472 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SS - | Auto 05/01/2014 143488 | C:\Program Files\optimi~1\OptProCrash.exe (ca82e1a5) . (...) - C:\Program Files\Optimizer Pro\OptProCrash.exe =>PUP.OptimizerPro
SS - | Demand 19/11/2008 222512 | (Com4QLBEx) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
SS - | Demand 17/07/2009 250616 | (GameConsoleService) . (.WildTangent, Inc..) - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
SS - | Auto 16/05/2009 133104 | (gupdate1c9d663f6690478) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 16/05/2009 133104 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 31/12/2013 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 23/10/2008 223232 | (hpqwmiex) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
SS - | Auto 18/03/2008 19456 | (hpsrv) . (.Hewlett-Packard Corporation.) - C:\Windows\System32\Hpservice.exe
SS - | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SS - | Demand 07/06/2011 820520 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Auto 09/06/2008 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
SS - | Auto 10/07/1658 0 | (Nero BackItUp Scheduler 4.0) . (...) - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
SS - | Auto 17/12/2008 365952 | (Recovery Service for Windows) . (...) - C:\Program Files\SMINST\BLService.exe
SS - | Auto 15/09/2008 241734 | (RichVideo) . (...) - C:\Program Files\CyberLink\Shared files\RichVideo.exe
SS - | Auto 05/01/2014 146920 | (savesenselive) . (.SaveSense.) - C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe =>PUP.SaveSense
SS - | Demand 05/01/2014 146920 | (savesenselivem) . (.SaveSense.) - C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe =>PUP.SaveSense
SS - | Auto 13/07/2012 160944 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Auto 16/12/2013 2905408 | (SProtection) . (.Iminent.) - C:\Program Files\Common Files\Umbrella\Umbrella.exe =>Adware.IMBooster
SS - | Auto 26/10/2008 237657 | (STacSV) . (.IDT, Inc..) - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\STacSV.exe
SS - | Auto 16/12/2013 425792 | (WinkHandler) . (...) - C:\Program Files\Iminent\WinkHandler.exe =>Adware.IMBooster
SS - | Auto 05/01/2014 499856 | (Wpm) . (.Cherished Technololgy LIMITED.) - C:\ProgramData\WPM\wprotectmanager.exe =>PUP.WpManager

SR - | Auto 01/01/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
SR - | Disabled 10/07/1658 0 | (avast! Firewall) . (...) - C:\Program Files\Alwil Software\Avast5\afwServ.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\System32\ezsvc7.dll (ezSharedSvc) . (.EasyBits Sofware AS.) - C:\Windows\System32\svchost.exe
SR - | Auto 09/10/2008 94208 | (HP Health Check Service) . (.Hewlett-Packard.) - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
SR - | Auto 27/12/2013 491688 | (iSafeService) . (.Elex do Brasil Participaçàµes Ltda.) - C:\Program Files\iSafe\iSafeSvc.exe =>Trojan.Staser
SR - | Auto 20/11/2013 66848 | (Update Bizzybolt) . (...) - C:\Program Files\Bizzybolt\updateBizzybolt.exe =>PUP.Bizzybolt
SR - | Auto 21/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 28/11/2008 87536 | ({55662437-DA8C-40c0-AADA-2C816A897A49}) . (.CyberLink Corp..) - C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl

~ Services: Scanned in 00mn 31s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net" onclick="window.open(this.href);return false;
Run by Maarine at 05/01/2014 18:35:35

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll acpi.sys ataport.SYS PCIIDEX.SYS msahci.sys
C:\Windows\system32\DRIVERS\hpdskflt.sys Hewlett-Packard Corporation Hewlett-Packard Corporation Mobile Data Protection System
1 ntkrnlpa!IofCallDriver[0x828D420F] >> \Device\Harddisk0\DR0[0x86B49AC8]
5 hpdskflt[0x8BBAAF05] >> ntkrnlpa!IofCallDriver[0x828D420F] >> [0x86375F08]
kernel: MBR read successfully
user & kernel MBR OK

~ MBR: 15 Legitimates Filtered in 00mn 02s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog" onclick="window.open(this.href);return false;
Run by Maarine at 05/01/2014 18:35:37

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 04s



---\\ Alert Messages
WARNING : Adware.Navipromo/MagicControl found in registry or folder


---\\ Scan Additionnel (O88)
Database Version : 13018 - (02/01/2014)
Clés trouvées (Keys found) : 540
Valeurs trouvées (Values found) : 6
Dossiers trouvés (Folders found) : 71
Fichiers trouvés (Files found) : 29
#25847
[HKLM\Software\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom] =>PUP.OfferBox^
[HKLM\Software\Google\Chrome\Extensions\dgbjdgnkkchgleommaaapafcigjjbnmg] =>PUP.Bizzybolt^
[HKLM\Software\Google\Chrome\Extensions\dpicnlijpdlebkhpegfenfjpglinfdhm] =>PUP.OfferBox^
[HKLM\Software\Google\Chrome\Extensions\gebbadcnkcgcfgpbmcdleckpejgopimf] =>PUP.CacaoWeb^
[HKLM\Software\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo] =>PUP.Elex^
[HKLM\Software\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif] =>Adware.Facemoods^
[HKLM\Software\Google\Chrome\Extensions\iknffkmlbmmhbnfhfnpopiembeecpokj] =>PUP.Facemoi^
[HKLM\Software\Google\Chrome\Extensions\kbjlipmgfoamgjaogmbihaffnpkpjajp] =>PUP.BubbleDock^
[HKLM\Software\Google\Chrome\Extensions\khcceooakamlehbimaepcldnnlnkcmfk] =>PUP.SaveSense^
[HKLM\Software\Google\Chrome\Extensions\kngejcchcedjdemdaeneneeahmjnpaec] =>Adware.SPointer^
[HKLM\Software\Google\Chrome\Extensions\leahdjjpjmnamomgpojikeapflgbmjab] =>PUP.CacaoWeb^
[HKLM\Software\Google\Chrome\Extensions\licjnkifamhpbaefhdpacpmihicfbomb] =>Adware.PricePeep^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F21B1E5-5AFC-43C9-9C66-515046E92EC2}] =>PUP.SaveSense^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411391160}] =>PUP.CrossRider^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13070AF0-BC6C-4185-8BAA-40A4CF05B323}] =>PUP.Bizzybolt^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}] =>Adware.PriceGong^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{258C9770-1713-4021-8D7E-1F184A2BD754}] =>Adware.ShoppingReport^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E2A7BD67-0EAF-497F-B05B-748D7BF3C421}] =>Adware.SPointer^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F78E6501-B9DE-48B9-B86C-6DA8542CCC4E}] =>Toolbar.Conduit^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}] =>Adware.SPointer^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}] =>Adware.PricePeep^
[HKLM\SYSTEM\CurrentControlSet\Services\ca82e1a5] =>PUP.OptimizerPro^
[HKLM\SYSTEM\CurrentControlSet\Services\iSafeService] =>Trojan.Staser^
[HKLM\SYSTEM\CurrentControlSet\Services\savesenselive) (savesenselive] =>PUP.SaveSense^
[HKLM\SYSTEM\CurrentControlSet\Services\SProtection] =>Adware.IMBooster^
[HKLM\SYSTEM\CurrentControlSet\Services\Update Bizzybolt] =>PUP.Bizzybolt^
[HKLM\SYSTEM\CurrentControlSet\Services\WinkHandler] =>Adware.IMBooster^
[HKLM\SYSTEM\CurrentControlSet\Services\Wpm] =>PUP.WpManager^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Bizzybolt] =>PUP.Bizzybolt^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] =>PUP.Duuqu^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\FREEzeFrogSA] =>Adware.FreezeFrog^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\kfcrp] =>Adware.Favorit^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4BD271AB-66E2-4D58-AF88-80FE3B0770C4}] =>Adware.SPointer^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP] =>Adware.IMBooster^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\lollipop] =>Adware.Lollipop^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong] =>Adware.PriceGong^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep] =>Adware.PricePeep^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SaveSense] =>PUP.SaveSense^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SaveSense] =>PUP.SaveSense^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport2] =>Adware.ShopperReports^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ShopperReportsSA] =>Adware.ShopperReports^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WPM] =>PUP.WpManager^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\iSafe] =>Trojan.Staser^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}] =>Adware.MyWebSearch
[HKLM\Software\Classes\TypeLib\{02AED140-2B62-4B49-8B3B-179020CC39B9}] =>Adware.ShopperReports
[HKLM\Software\Classes\Interface\{030C9927-10FC-4169-97A2-55BECD5D88D8}] =>Adware.SmartShopper
[HKLM\Software\Classes\TypeLib\{03d7ff6e-9781-40b5-bb7f-94291a361604}] =>Adware.Hotbar
[HKLM\Software\Classes\TypeLib\{0729f461-8054-47dc-8d39-a31b61cc0119}] =>Adware.Zango
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca}] =>Adware.MyWebSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}] =>Adware.MyWebSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca}] =>Adware.MyWebSearch
[HKLM\Software\Classes\CLSID\{09325003-167C-483d-A4BA-8B3122ABB432}] =>Adware.ShopperReports
[HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>PUP.Babylon
[HKLM\Software\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}] =>PUP.Babylon
[HKLM\Software\Classes\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227}] =>Adware.ClickPotato
[HKLM\Software\Classes\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C}] =>Adware.ShopperReports
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47fd-81F3-EE91287F9465}] =>Adware.ShopperReports
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{100EB1FD-D03E-47fd-81F3-EE91287F9465}] =>Adware.ShopperReports
[HKLM\Software\Classes\CLSID\{100EB1FD-D03E-47fd-81F3-EE91287F9465}] =>Adware.ShopperReports
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer
[HKLM\Software\Classes\CLSID\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer
[HKLM\Software\Classes\CLSID\{14113b47-d59c-4f0f-9d10-ff1730265584}] =>Adware.Hotbar
[HKLM\Software\Classes\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239}] =>Adware.MyWebSearch
[HKLM\Software\Classes\TypeLib\{14816CF6-426C-40D7-904C-E5600F015EC2}] =>PUP.OfferBox
[HKLM\Software\Classes\TypeLib\{148e1447-c728-48fd-beec-a7d06c5fff58}] =>Adware.Hotbar
[HKLM\Software\Classes\Interface\{15FD8424-D12A-4C51-8C6C-D5D57B80F781}] =>Adware.Hotbar
[HKLM\Software\Classes\CLSID\{1602F07D-8BF3-4c08-BDD6-DDDB1C48AEDC}] =>Adware.ClickPotato
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602F07D-8BF3-4c08-BDD6-DDDB1C48AEDC}] =>Adware.ClickPotato
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}] =>Adware.PriceGong
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}] =>Adware.PriceGong
[HKLM\Software\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}] =>Adware.PriceGong
[HKLM\Software\Classes\Interface\{17BF1E05-C0E8-413C-BD1F-A481EEA3B8E9}] =>Adware.ShopperReports
[HKLM\Software\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}] =>Adware.PricePeep
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}] =>Adware.MyWebSearch
[HKLM\Software\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}] =>Adware.MyWebSearch
[HKLM\Software\Classes\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}] =>Adware.ShopperReports
[HKLM\Software\Classes\Interface\{21BA420E-161C-413A-B21E-4E42AE1F4226}] =>Adware.ClickPotato
[HKLM\Software\Classes\Interface\{2447e305-5e90-42a8-bd1e-0bc333b807e1}] =>Adware.Hotbar
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a}] =>Adware.MyWebSearch
[HKLM\Software\Classes\Interface\{2557DD3F-23A0-477C-BCD8-90FD0AECC4B8}] =>Adware.Zango
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{258c9770-1713-4021-8d7e-1f184a2bd754}] =>Adware.SmartShopper
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{258c9770-1713-4021-8d7e-1f184a2bd754}] =>Adware.SmartShopper
[HKLM\Software\Classes\CLSID\{258c9770-1713-4021-8d7e-1f184a2bd754}] =>Adware.SmartShopper
[HKLM\Software\Classes\CLSID\{2721A8E5-BFDB-4562-9912-9E0531CA616C}] =>Adware.ShopperReports
[HKLM\Software\Classes\TypeLib\{282D18C0-5424-44F4-A531-55F9AC5B8FD8}] =>PUP.OfferBox
[HKLM\Software\Classes\Interface\{2893116C-A176-42B1-8794-DA8C9FC45564}] =>Adware.Zango
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2aa2fbf8-9c76-4e97-a226-25c5f4ab6358}] =>Adware.Zango
[HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\{2aa2fbf8-9c76-4e97-a226-25c5f4ab6358}] =>Adware.Zango
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2aa2fbf8-9c76-4e97-a226-25c5f4ab6358}] =>Adware.Zango
[HKLM\Software\Classes\CLSID\{2aa2fbf8-9c76-4e97-a226-25c5f4ab6358}] =>Adware.Zango
[HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{2aa2fbf8-9c76-4e97-a226-25c5f4ab6358}] =>Adware.Zango
[HKLM\Software\Classes\CLSID\{2d00aa2a-69ef-487a-8a40-b3e27f07c91e}] =>Adware.Zango
[HKLM\Software\Classes\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc}] =>Adware.MyWebSearch
[HKLM\Software\Classes\CLSID\{2f9ad413-2e0b-4a85-bb2a-cf961238262a}] =>Adware.Hotbar
[HKLM\Software\Classes\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}] =>Adware.ClickPotato
[HKLM\Software\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}] =>Adware.PricePeep
[HKLM\Software\Classes\CLSID\{396CFC12-932D-496b-A0A8-5D7201E105E1}] =>Adware.ShopperReports
[HKLM\Software\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}] =>Adware.PricePeep
[HKLM\Software\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}] =>Adware.iWinArcade
[HKLM\Software\Classes\Interface\{3ceb04ab-08af-45f4-81b4-70d13c1f7b85}] =>Adware.Hotbar
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8}] =>Adware.MyWebSearch
[HKLM\Software\Classes\CLSID\{3E2DFD6A-4E20-4D4C-AA8B-E1F9DBEF3C80}] =>Adware.ShopperReports
[HKLM\Software\Classes\Interface\{40ca90f3-4098-4877-ae87-23eb612b18c7}] =>Adware.Zango
[HKLM\Software\Classes\Interface\{419EDA30-6DFF-432C-B534-E15D899ABEE4}] =>Adware.ClickPotato
[HKLM\Software\Classes\Interface\{453db0c5-f41c-4d97-8dd6-cc72ecd5f699}] =>Adware.ClickPotato
[HKLM\Software\Classes\Interface\{4AFC07D0-59BB-46B8-B097-1A46E88EEF71}] =>Adware.ClickPotato
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4BD271AB-66E2-4D58-AF88-80FE3B0770C4}] =>PUP.OfferBox
[HKLM\Software\Classes\Interface\{4c3b62af-ca25-4fba-8405-32e44f83bb6f}] =>Adware.Zango
[HKLM\Software\Classes\CLSID\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE}] =>Adware.Hotbar
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE}] =>Adware.Hotbar
[HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon
[HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon
[HKLM\Software\Classes\CLSID\{4E674574-3F0B-491d-8AE3-F90B43A34FD6}] =>Adware.Hotbar
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4E674574-3F0B-491d-8AE3-F90B43A34FD6}] =>Adware.Hotbar
[HKLM\Software\Classes\Interface\{50d2fdcc-2707-49cb-8223-7fe0424909aa}] =>Adware.Hotbar
[HKLM\Software\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}] =>Adware.Facemoods
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0}] =>Adware.AdRotator
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0}] =>Adware.AdRotator
[HKLM\Software\Classes\TypeLib\{573F4ABB-A1A2-44ED-9BA9-A8DAD40AAC46}] =>Adware.ShopperReports
[HKLM\Software\Classes\CLSID\{58EFBE9C-4621-4d79-90E7-8BEE265CA951}] =>Adware.ShopperReports
[HKLM\Software\Classes\Interface\{5a635a91-c303-45c9-8db9-f759d98a3b9d}] =>Adware.Zango
[HKLM\Software\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}] =>Adware.Facemoods
[HKLM\Software\Classes\AppID\{5B1881D1-D9C7-46df-B041-1E593282C7D0}] =>Adware.BullseyeToolbar
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5DB24F50-8C65-4772-9844-47FE8701BE57}] =>Toolbar.Agent
[HKLM\Software\Classes\TypeLib\{5FE0CEAE-CB69-40AF-A323-40F94257DACB}] =>Adware.ShopperReports
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{6084C211-01A1-464E-97A0-09772E122B50}] =>Adware.SPointer
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6084C211-01A1-464E-97A0-09772E122B50}] =>Adware.SPointer
[HKLM\Software\Classes\CLSID\{60DA826C-B1C6-4358-BDEC-4837CED45470}] =>Adware.ShopperReports
[HKLM\Software\Classes\Interface\{618aad04-921f-44c2-be38-c0818af69861}] =>Adware.Hotbar
[HKLM\Software\Classes\CLSID\{62906e60-bce2-4e1b-9ed0-8b9042ee15e4}] =>Adware.Hotbar
[HKLM\Software\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}] =>Adware.Facemoods
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c}] =>Adware.MyWebSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486b-A045-B233BD0DA8FC}] =>Adware.Facemoods
[HKLM\Software\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}] =>Adware.Facemoods
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}] =>Adware.Facemoods
[HKLM\Software\Classes\Interface\{6511ce4c-4722-40d0-ad3d-4afa2f50978a}] =>Adware.ShopperReports
[HKLM\Software\Classes\Interface\{65A16874-2ED0-460E-A547-5FE2EC3A13A7}] =>Adware.ShopperReports
[HKLM\Software\Classes\Interface\{6612AFDD-34AD-4B89-A236-7E6D07C3FDCD}] =>PUP.OfferBox
[HKLM\Software\Classes\Interface\{67b3becf-7b6f-42b2-99f0-f7656f89cffa}] =>Adware.Zango
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-cd68-4f36-8d02-8c43722ee5da}] =>Adware.Hotbar
[HKLM\Software\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}] =>Adware.Facemoods
[HKLM\Software\Classes\CLSID\{6DD76B7B-6423-4df0-9A07-84A6CAD973A0}] =>Adware.ShopperReports
[HKLM\Software\Classes\TypeLib\{6F098504-CDB1-420F-A2E6-DDC0B835FEDF}] =>Adware.Hotbar
[HKLM\Software\Classes\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE}] =>Adware.ClickPotato
[HKLM\Software\Classes\CLSID\{70880ce6-308c-4204-a89e-b266c3f7b7fa}] =>Adware.Softomate
[HKLM\Software\Classes\CLSID\{714E0876-FCEE-49CE-A429-B9AD8AEFCB56}] =>Adware.ShopperReports
[HKLM\Software\Classes\Interface\{715ffd42-4e05-4eab-9513-c8daa5395ae2}] =>Adware.Hotbar
[HKLM\Software\Classes\Interface\{71E02280-5212-45C3-B174-4D5A35DA254F}] =>Adware.ShopperReports
[HKLM\Software\Classes\CLSID\{71f731b3-008b-4052-9ea4-4145acce40c3}] =>Adware.Zango
[HKLM\Software\Classes\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff}] =>Adware.MyWebSearch
[HKLM\Software\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}] =>Adware.Facemoods
[HKLM\Software\Classes\CLSID\{74C22317-5B90-471f-9AD2-FEC049870A16}] =>Adware.ShopperReports
[HKLM\Software\Classes\Interface\{759d6f7c-8d30-45b6-abea-fa51c190eed5}] =>Adware.Hotbar
[HKLM\Software\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}] =>Adware.PricePeep
[HKLM\Software\Classes\CLSID\{761f6a83-f007-49e4-8eac-cdb6808ef06f}] =>PUP.Eorezo
[HKLM\Software\Classes\CLSID\{76c45b18-a29e-43ea-aaf8-af55c2e1ae17}] =>PUP.Eorezo
[HKLM\Software\Classes\TypeLib\{76d54105-99eb-4ecb-95b2-a944f50cc566}] =>Adware.Hotbar
[HKLM\Software\Classes\CLSID\{7935436E-8F14-4C84-9ECF-BEB791296619}] =>Adware.ShopperReports
[HKLM\Software\Classes\Interface\{7935436E-8F14-4C84-9ECF-BEB791296619}] =>Adware.ShopperReports
[HKLM\Software\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}] =>Adware.Facemoods
[HKLM\Software\Classes\CLSID\{7A3D6D17-9DD5-4C60-8076-D1784DABAF8C}] =>Adware.ClickPotato
[HKLM\Software\Classes\Interface\{7CF4E72E-C9C0-4CA8-A039-1F5BAD426CCE}] =>Adware.BHO
[HKLM\Software\Classes\Interface\{7e335d04-2e6e-4d0e-a921-c3d9192e7121}] =>Adware.Zango
[HKLM\Software\Classes\CLSID\{7F6CFB6A-9227-4bb8-B941-F2B067E76F51}] =>Adware.ShopperReports
[HKLM\Software\Classes\TypeLib\{814BAA91-DC22-4350-87D6-0C86E93F7F08}] =>Adware.ClickPotato
[HKLM\Software\Classes\Interface\{81B32B9F-AFDC-4F7E-8F13-E39BB8ECF638}] =>Adware.BHO
[HKLM\Software\Classes\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D}] =>Adware.ClickPotato
[HKLM\Software\Classes\TypeLib\{8292078f-f6e9-412b-8eb1-360c05c5ece5}] =>Adware.Hotbar
[HKLM\Software\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}] =>Adware.PriceGong
[HKLM\Software\Classes\Interface\{83b2fe06-ba20-4f7d-96c6-6fc3a4e877d3}] =>Adware.SmartShopper
[HKLM\Software\Classes\Interface\{878ce013-7ba9-4650-a78c-b2234c0c1648}] =>Adware.Hotbar
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89F88394-3828-4d03-A0CF-8203604C3DA6}] =>Adware.Hotbar
[HKLM\Software\Classes\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}] =>Adware.ShopperReports
[HKLM\Software\Classes\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB}] =>Adware.PriceGong
[HKLM\Software\Classes\Interface\{8ee46f55-1ce1-4db9-811a-68938ec7f3dd}] =>Adware.Hotbar
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}] =>Adware.Zango
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}] =>Adware.Zango
[HKLM\Software\Classes\CLSID\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}] =>Adware.Zango
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}] =>Adware.Zango
[HKLM\Software\Classes\Interface\{925C24DC-0C0B-4AE7-98F5-18252822C89C}] =>Adware.BHO
[HKLM\Software\Classes\CLSID\{96ef404c-24c7-43d0-9096-4ccc8bb7ccac}] =>PUP.Eorezo
[HKLM\Software\Classes\CLSID\{97720195-206a-42ae-8e65-260b9ba5589f}] =>PUP.Eorezo
[HKLM\Software\Classes\CLSID\{97d69524-bb57-4185-9c7f-5f05593b771a}] =>PUP.Eorezo
[HKLM\Software\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}] =>Adware.Facemoods
[HKLM\Software\Classes\CLSID\{986f7a5a-9676-47e1-8642-f41f8c3fcf82}] =>PUP.Eorezo
[HKLM\Software\Classes\Interface\{99ccfb8c-6380-4a14-8fdd-ef3e7e95335d}] =>Adware.Zango
[HKLM\Software\Classes\Interface\{99fdca0c-7380-4e9c-8d99-5dc4750334ef}] =>Adware.Zango
[HKLM\Software\Classes\Interface\{9a4a64a4-a2fb-48fa-9bba-1ac50267695d}] =>Adware.180Solutions
[HKLM\Software\Classes\Interface\{9bec9b38-bf39-4899-806e-a1c5dfeb60a2}] =>Adware.SmartShopper
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df}] =>Adware.MyWebSearch
[HKLM\Software\Classes\CLSID\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}] =>Adware.Softomate
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}] =>Adware.Softomate
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}] =>Adware.Softomate
[HKLM\Software\Classes\CLSID\{A16AD1E9-F69A-45af-9462-B1C286708842}] =>Adware.ShopperReports
[HKLM\Software\Classes\Interface\{a1f1ecd3-4806-44c6-a869-f0dadf11c57c}] =>Adware.SmartShopper
[HKLM\Software\Classes\CLSID\{a3e67daa-da01-4da5-98be-3088b554a11e}] =>Adware.Hotbar
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a3e67daa-da01-4da5-98be-3088b554a11e}] =>Adware.Hotbar
[HKLM\Software\Classes\TypeLib\{a57470de-14c7-4fcd-9d4c-e5711f24f0ed}] =>Adware.Zango
[HKLM\Software\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}] =>Adware.BullseyeToolbar
[HKLM\Software\Classes\Interface\{a7213d71-47e1-4832-92d7-d61dfe9f231f}] =>Adware.Hotbar
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}] =>Adware.ShopperReports
[HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}] =>Adware.ShopperReports
[HKLM\Software\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}] =>Adware.ShopperReports
[HKLM\Software\Classes\CLSID\{A7E8C343-7860-4A95-9AA8-AAF30D0F6D1E}] =>PUP.OfferBox
[HKLM\Software\Classes\Interface\{a87dfd99-cf81-4241-85ce-881e0026b686}] =>Adware.Hotbar
[HKLM\Software\Classes\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306}] =>Adware.ClickPotato
[HKLM\Software\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}] =>Adware.Facemoods
[HKLM\Software\Classes\CLSID\{AB0EE208-DF60-4fa7-A617-C4269760033E}] =>Adware.ShopperReports
[HKLM\Software\Classes\CLSID\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5}] =>Adware.ClickPotato
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5}] =>Adware.ClickPotato
[HKLM\Software\Classes\TypeLib\{ACC62306-9A63-4864-BD2F-C8825D2D7EA6}] =>Adware.ClickPotato
[HKLM\Software\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}] =>Adware.BullseyeToolbar
[HKLM\Software\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}] =>Adware.BullseyeToolbar
[HKLM\Software\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}] =>Adware.BullseyeToolbar
[HKLM\Software\Classes\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0}] =>Adware.ShopperReports
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
[HKLM\Software\Classes\TypeLib\{b035ba6b-57cd-4f72-b545-65be465fcaf6}] =>Adware.SmartShopper
[HKLM\Software\Classes\CLSID\{b0cb585f-3271-4e42-88d9-ae5c9330d554}] =>Adware.Zango
[HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>PUP.Babylon
[HKLM\Software\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>PUP.Babylon
[HKLM\Software\Classes\CLSID\{b18788a4-92bd-440e-a4d1-380c36531119}] =>PUP.Eorezo
[HKLM\Software\Classes\Interface\{b1d9f4b1-b9ff-463f-bf15-ab9cb26160f7}] =>Adware.Zango
[HKLM\Software\Classes\Interface\{b20d7add-989c-4bc0-a797-f6fe7998efd7}] =>Adware.Zango
[HKLM\Software\Classes\Interface\{b32966a2-f7c2-4362-a6cf-399ec8b44110}] =>Adware.SmartShopper
[HKLM\Software\Classes\CLSID\{B3DBB2D5-5F06-4EC2-904D-812ECE520509}] =>Adware.ShopperReports
[HKLM\Software\Classes\Interface\{B3DBB2D5-5F06-4EC2-904D-812ECE520509}] =>Adware.ShopperReports
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{b41306c6-96d0-442a-bcc4-b0f621e82ce9}] =>PUP.OfferBox
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE}] =>Adware.ClickPotato
[HKLM\Software\Microsoft\Internet Explorer\extensions\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE}] =>Adware.ClickPotato
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE}] =>Adware.ClickPotato
[HKLM\Software\Classes\Interface\{b5d2ed96-62f9-4c2c-956d-e425b1f67337}] =>Adware.Hotbar
[HKLM\Software\Classes\Interface\{b86d82bf-d39f-439a-a07c-43eddc6f6ea6}] =>Adware.ShopperReports
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}] =>Adware.ShopperReports
[HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}] =>Adware.ShopperReports
[HKLM\Software\Classes\CLSID\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}] =>Adware.ShopperReports
[HKLM\Software\Classes\Interface\{bfc20a15-b0ac-44cc-a25a-a7039014ba9f}] =>Adware.Zango
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}] =>Adware.IMBooster
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}] =>Adware.IMBooster
[HKLM\Software\Classes\CLSID\{C1089F63-7AFC-4538-B0EB-BEA0F4225A57}] =>Adware.ShopperReports
[HKLM\Software\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}] =>Adware.Facemoods
[HKLM\Software\Classes\CLSID\{C4A743DE-EAAC-4cd0-9BF6-378E8141868B}] =>Adware.ShopperReports
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C4A743DE-EAAC-4cd0-9BF6-378E8141868B}] =>Adware.ShopperReports
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2}] =>Adware.ShopperReports
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3}] =>Adware.ShopperReports
[HKLM\Software\Classes\TypeLib\{C55CA95C-324B-451C-B2D2-6E895AA75FEC}] =>Adware.ClickPotato
[HKLM\Software\Classes\TypeLib\{c62a9e79-2b52-439b-af57-2e60bb06e86c}] =>Adware.Hotbar
[HKLM\Software\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}] =>PUP.Babylon
[HKLM\Software\Classes\Interface\{c96b9fae-a032-4100-bb47-32ef05e28be4}] =>Adware.Hotbar
[HKLM\Software\Classes\CLSID\{C9CCBB35-D123-4a31-AFFC-9B2933132116}] =>Adware.ShopperReports
[HKLM\Software\Classes\Interface\{CA1BC665-4B6B-435C-80C1-0E12D993ED49}] =>Adware.BHO
[HKLM\Software\Classes\CLSID\{CC7BD6F1-565C-47ce-A5BB-9C935E77B59D}] =>Adware.ShopperReports
[HKLM\Software\Classes\TypeLib\{cdc73256-a88d-4642-844e-a8f20b76789c}] =>Adware.Hotbar
[HKLM\Software\Classes\TypeLib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2}] =>Adware.ShopperReports
[HKLM\Software\Classes\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe}] =>Adware.MyWebSearch
[HKLM\Software\Classes\Interface\{cf82f350-e1c4-4916-ac12-ba73db60afb7}] =>Adware.Hotbar
[HKLM\Software\Classes\CLSID\{CFC16189-8A92-4a29-A940-60248385F426}] =>Adware.ShopperReports
[HKLM\Software\Classes\Interface\{d1063603-f045-475f-afbc-8cba7d5797fb}] =>Adware.Hotbar
[HKLM\Software\Classes\TypeLib\{d136987f-e1c4-4ccc-a220-893df03ec5df}] =>Adware.ShopperReports
[HKLM\Software\Classes\AppID\{D2083641-E57F-4eab-BB85-0582424F4A29}] =>Adware.Hotbar
[HKLM\Software\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}] =>Adware.PriceGong
[HKLM\Software\Classes\Interface\{d3a412e8-1e4b-47d2-9b12-f88291f5afbb}] =>Adware.Hotbar
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4233F04-1789-483c-A137-731E8F113DD5}] =>Adware.Hotbar
[HKLM\Software\Classes\TypeLib\{D44FD6F0-9746-484E-B5C4-C66688393872}] =>Adware.ShopperReports
[HKLM\Software\Classes\TypeLib\{d518921a-4a03-425e-9873-b9a71756821e}] =>Adware.MyWebSearch
[HKLM\Software\Classes\Interface\{D5AB027D-C91A-4324-8C78-12CF1A588C48}] =>PUP.OfferBox
[HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon
[HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon
[HKLM\Software\Classes\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}] =>Adware.ShopperReports
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D95C7240-0282-4C01-93F5-673BCA03DA86}] =>Adware.Hotbar
[HKLM\Software\Classes\CLSID\{D95C7240-0282-4C01-93F5-673BCA03DA86}] =>Adware.Hotbar
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D95C7240-0282-4C01-93F5-673BCA03DA86}] =>Adware.Hotbar
[HKLM\Software\Classes\Interface\{da6305b9-0869-4235-8c1d-533a65e639e5}] =>Adware.ClickPotato
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB38E21A-0133-419d-92AD-ECDFD5244D6D}] =>Adware.ShopperReports
[HKLM\Software\Microsoft\Internet Explorer\extensions\{DB38E21A-0133-419d-92AD-ECDFD5244D6D}] =>Adware.ShopperReports
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}] =>Adware.BullseyeToolbar
[HKLM\Software\Classes\CLSID\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}] =>Adware.BullseyeToolbar
[HKLM\Software\Classes\CLSID\{DCE997C8-5920-4c09-99EE-59F46634FE2C}] =>Adware.ShopperReports
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DCE997C8-5920-4c09-99EE-59F46634FE2C}] =>Adware.ShopperReports
[HKLM\Software\Classes\CLSID\{DD15BCC0-5FE9-4690-A957-99FA60ED9D26}] =>Adware.SmartShopper
[HKLM\Software\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}] =>Adware.BullseyeToolbar
[HKLM\Software\Classes\CLSID\{DEE758B4-C3FB-4a5b-9939-848B9C77A2FB}] =>Adware.ShopperReports
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E08A9998-D98F-476f-8F5C-37C80FE0A4DA}] =>Toolbar.Conduit
[HKLM\Software\Classes\CLSID\{E12AEAB6-7D12-4c07-8E36-5892EFB4DAFB}] =>Adware.ShopperReports
[HKLM\Software\Classes\Interface\{E25DA6D6-C365-46CF-ABAF-DC5893135D7A}] =>Adware.ShopperReports
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2A7BD67-0EAF-497f-B05B-748D7BF3C421}] =>Adware.SPointer
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E2A7BD67-0EAF-497f-B05B-748D7BF3C421}] =>Adware.SPointer
[HKLM\Software\Classes\CLSID\{E2A7BD67-0EAF-497f-B05B-748D7BF3C421}] =>Adware.SPointer
[HKLM\Software\Classes\CLSID\{E2F2C137-A782-4fb5-81AF-086156F5EB0A}] =>Adware.ShopperReports
[HKLM\Software\Classes\TypeLib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80}] =>Adware.ShopperReports
[HKLM\Software\Classes\Interface\{E5DB89B8-5BE1-461C-A7EF-89B68211889D}] =>PUP.OfferBox
[HKLM\Software\Classes\Interface\{e6961c59-cfce-4ccd-b794-bc78db98413a}] =>Adware.ShopperReports
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}] =>Adware.IMBooster
[HKLM\Software\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}] =>Adware.BullseyeToolbar
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB620C54-E229-4942-87CE-E717109FC8C6}] =>Adware.ShopperReports
[HKLM\Software\Microsoft\Internet Explorer\extensions\{EB620C54-E229-4942-87CE-E717109FC8C6}] =>Adware.ShopperReports
[HKLM\Software\Classes\TypeLib\{ED85AEBE-F834-4088-B5D3-97EB2478A6CD}] =>PUP.OfferBox
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EDDBB5EE-BB64-4bfc-9DBE-E7C85941335B}] =>PUP.Zwangi
[HKLM\Software\Classes\Interface\{f019aec4-4c95-46de-a107-e302473e3b9a}] =>Adware.Zango
[HKLM\Software\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}] =>Adware.Facemoods
[HKLM\Software\Classes\TypeLib\{F1A1892C-2A6C-4817-98B4-FF81443CBA20}] =>Adware.ShopperReports
[HKLM\Software\Classes\CLSID\{F1D06C9F-51F0-4476-BEDE-5DDF91BE304E}] =>Adware.ShopperReports
[HKLM\Software\Classes\TypeLib\{f244a744-534d-4a46-855f-c0c7e9f27daa}] =>Adware.SmartShopper
[HKLM\Software\Classes\CLSID\{F3A32DF2-7413-4fb1-B575-1AC920A17B76}] =>Adware.ShopperReports
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{f78e6501-b9de-48b9-b86c-6da8542ccc4e}] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{f78e6501-b9de-48b9-b86c-6da8542ccc4e}] =>Toolbar.Conduit
[HKLM\Software\Classes\CLSID\{f78e6501-b9de-48b9-b86c-6da8542ccc4e}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}] =>Adware.Facemoods
[HKLM\Software\Classes\Interface\{f8b4ec8a-2407-4be0-aee2-0f430d65a90d}] =>Adware.ClickPotato
[HKLM\Software\Classes\CLSID\{f9bfa98d-9935-4ea4-a05a-72c7f0778f02}] =>Adware.Hotbar
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}] =>Hijacker.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}] =>Hijacker.Agent
[HKLM\Software\Classes\CLSID\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}] =>Hijacker.Agent
[HKLM\Software\Classes\TypeLib\{FD06B491-1EA6-4F5C-86D2-C86D3A3A3731}] =>PUP.OfferBox
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}] =>Adware.PricePeep
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}] =>Adware.PricePeep
[HKLM\Software\Classes\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}] =>Adware.PricePeep
[HKLM\Software\Classes\AppID\BRNstIE.DLL] =>Adware.ClickPotato
[HKLM\Software\Classes\AppID\CmndFF.DLL] =>Adware.ClickPotato
[HKLM\Software\Classes\AppID\escort.dll] =>PUP.Babylon
[HKLM\Software\Classes\AppID\escortapp.dll] =>PUP.Babylon
[HKLM\Software\Classes\AppID\escorteng.dll] =>PUP.Babylon
[HKLM\Software\Classes\AppID\esrv.EXE] =>PUP.Babylon
[HKLM\Software\Classes\AppID\MenuButtonIE.DLL] =>Adware.ClickPotato
[HKLM\Software\Classes\AppID\mozillaps.dll] =>Adware.ClickPotato
[HKLM\Software\Classes\AppID\Pltfrm.DLL] =>Adware.ClickPotato
[HKLM\Software\Classes\AppID\PriceGongIE.DLL] =>Adware.PriceGong
[HKLM\Software\Classes\AppID\PricePeep.DLL] =>Adware.PricePeep
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ClickpotatoliteSA] =>Adware.ClickPotato
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\hblitesa] =>Adware.Hotbar
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\OfferBox Browser] =>PUP.OfferBox
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\pricegong] =>Adware.PriceGong
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ShopperReportsSA] =>Adware.ClickPotato
[HKLM\Software\Classes\cntntcntr.cntntdic] =>Adware.BHO
[HKLM\Software\Classes\cntntcntr.cntntdic.1] =>Adware.BHO
[HKLM\Software\Classes\cntntcntr.cntntdisp] =>Adware.BHO
[HKLM\Software\Classes\cntntcntr.cntntdisp.1] =>Adware.BHO
[HKLM\Software\Classes\coresrv.coreservices] =>Adware.BHO
[HKLM\Software\Classes\coresrv.coreservices.1] =>Adware.BHO
[HKLM\Software\Classes\coresrv.lfgax] =>Adware.BHO
[HKLM\Software\Classes\coresrv.lfgax.1] =>Adware.BHO
[HKLM\Software\Classes\escort.escortIEPane] =>PUP.Funmoods
[HKLM\Software\Classes\escort.escortIEPane.1] =>PUP.Funmoods
[HKLM\Software\Classes\escort.escrtBtn.1] =>PUP.Babylon
[HKLM\Software\Classes\esrv.escrtSrvc] =>Adware.Facemoods
[HKLM\Software\Classes\esrv.escrtSrvc.1] =>Adware.BullseyeToolbar
[HKLM\Software\Classes\FREEzeFrogAx.Info] =>Adware.FreezeFrog
[HKLM\Software\Classes\FREEzeFrogAx.Info.1] =>Adware.FreezeFrog
[HKLM\Software\Classes\HBLiteAx.Info] =>Adware.ShopperReports
[HKLM\Software\Classes\HBLiteAx.Info.1] =>Adware.ShopperReports
[HKLM\Software\Classes\HBLiteAX.UserProfiles] =>Adware.ShopperReports
[HKLM\Software\Classes\HBLiteAX.UserProfiles.1] =>Adware.ShopperReports
[HKLM\Software\Classes\hbmain.commband] =>Adware.BHO
[HKLM\Software\Classes\hbmain.commband.1] =>Adware.BHO
[HKLM\Software\Classes\hbr.hbmain] =>Adware.BHO
[HKLM\Software\Classes\hbr.hbmain.1] =>Adware.BHO
[HKLM\Software\Classes\hostie.bho] =>Adware.BHO
[HKLM\Software\Classes\hostie.bho.1] =>Adware.BHO
[HKLM\Software\Classes\hostol.mailanim] =>Adware.BHO
[HKLM\Software\Classes\hostol.mailanim.1] =>Adware.BHO
[HKLM\Software\Classes\hostol.webmailsend] =>Adware.BHO
[HKLM\Software\Classes\hostol.webmailsend.1] =>Adware.BHO
[HKLM\Software\Classes\I] =>Adware.IncrediBar
[HKLM\Software\Classes\MenuButtonIE.ButtonIE] =>Adware.ClickPotato
[HKLM\Software\Classes\MenuButtonIE.ButtonIE.1] =>Adware.ClickPotato
[HKLM\Software\Classes\OfferBox.OfferBoxServer] =>PUP.OfferBox
[HKLM\Software\Classes\OfferBox.OfferBoxServer.1] =>PUP.OfferBox
[HKLM\Software\Classes\PriceFactorIE.PriceGongBHO] =>Adware.PriceGong
[HKLM\Software\Classes\PriceFactorIE.PriceGongBHO.1] =>Adware.PriceGong
[HKLM\Software\Classes\PriceGongIE.PriceGongCtrl] =>Adware.PriceGong
[HKLM\Software\Classes\PriceGongIE.PriceGongCtrl.1] =>Adware.PriceGong
[HKLM\Software\Classes\PricePeep.PricePeepBho] =>Adware.PricePeep
[HKLM\Software\Classes\PricePeep.PricePeepBho.1] =>Adware.PricePeep
[HKLM\Software\Classes\srv.coreservices] =>Adware.BHO
[HKLM\Software\Classes\srv.coreservices.1] =>Adware.BHO
[HKLM\Software\Classes\toolbar.htmlmenuui] =>Adware.BHO
[HKLM\Software\Classes\toolbar.htmlmenuui.1] =>Adware.BHO
[HKLM\Software\Classes\toolbar.toolbarctl] =>Adware.BHO
[HKLM\Software\Classes\toolbar.toolbarctl.1] =>Adware.BHO
[HKLM\Software\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl] =>Adware.IMBooster
[HKLM\Software\Classes\Installer\Features\BA172DB42E6685D4FA8808EFB370074C] =>PUP.OfferBox
[HKLM\Software\Classes\Installer\Products\BA172DB42E6685D4FA8808EFB370074C] =>PUP.OfferBox
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BA172DB42E6685D4FA8808EFB370074C] =>PUP.OfferBox
[HKCU\Software\cacaoweb] =>PUP.CacaoWeb
[HKLM\Software\ClickPotatoLite] =>Adware.ClickPotato
[HKCU\Software\facemoods.com] =>Adware.Facemoods
[HKLM\Software\facemoods.com] =>Adware.Facemoods
[HKCU\Software\fcn] =>Rogue.Multiple
[HKCU\Software\FissaSearch] =>PUP.OfferBox
[HKLM\Software\FissaSearch] =>PUP.OfferBox
[HKLM\Software\FREEzeFrog] =>Adware.FreezeFrog
[HKCU\Software\FREEzeFrogSA] =>Adware.FreezeFrog
[HKCU\Software\lollipop] =>Adware.Lollipop
[HKCU\Software\AppDataLow\Software\hotbar] =>Adware.Hotbar
[HKCU\Software\HotbarSA] =>Adware.Hotbar
[HKCU\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKCU\Software\OfferBox] =>PUP.OfferBox
[HKLM\Software\OfferBox] =>PUP.OfferBox
[HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong
[HKCU\Software\ShopperReports3] =>Adware.ShopperReports
[HKCU\Software\AppDataLow\Software\ShopperReports3] =>Adware.ShopperReports
[HKLM\Software\ShopperReports3] =>Adware.ShopperReports
[HKCU\Software\AppDataLow\Software\ShoppingReport] =>Adware.ShopperReports
[HKCU\Software\SmartbarBackup] =>Hijacker.SmartBar
[HKCU\Software\SmartbarLog] =>Hijacker.SmartBar
[HKCU\Software\Spointer] =>Adware.SPointer
[HKCU\Software\AppDataLow\Toolbar] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\OfferBox Browser] =>PUP.OfferBox
[HKLM\Software\Microsoft\Internet Explorer\low rights\rundll32policy\f3scrctr.dll] =>Adware.MyWebSearch
[HKLM\Software\Microsoft\Multimedia\WMPlayer\Schemes\f3pss] =>Adware.MyWebSearch
[HKLM\Software\Microsoft\Office\Outlook\Addins\HostOL.MailAnim] =>Adware.Zango
[HKLM\Software\Microsoft\Office\Word\Addins\HostOL.MailAnim] =>Adware.Zango
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\ForceRenive] =>PUP.OfferBox
[HKLM\Software\VBMZ] =>Toolbar.Conduit
[HKLM\Software\Classes\Installer\Features\112C48061A10E464790A9077E221B205] =>Adware.SPointer
[HKLM\Software\Classes\Installer\Products\112C48061A10E464790A9077E221B205] =>Adware.SPointer
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\112C48061A10E464790A9077E221B205] =>Adware.SPointer
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{703740C1-0F1A-4CEC-A4DF-D78DB0158477}] =>PUP.OfferBox
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{703740C1-0F1A-4CEC-A4DF-D78DB0158477}] =>PUP.OfferBox
[HKLM\Software\Classes\CLSID\{703740C1-0F1A-4CEC-A4DF-D78DB0158477}] =>PUP.OfferBox
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{703740C1-0F1A-4CEC-A4DF-D78DB0158477}] =>PUP.OfferBox
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DA8002CF-2914-493A-B7E8-79740E2E15DB}] =>PUP.Babylon
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}] =>Adware.Facemoods
[HKLM\Software\Classes\CLSID\{929801A8-4AEF-4D12-BE31-D85BF666452B}] =>Adware.Facemoods
[HKLM\Software\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}] =>Adware.Facemoods
[HKLM\Software\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}] =>Adware.Facemoods
[HKLM\Software\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}] =>Adware.Facemoods
[HKLM\Software\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}] =>Adware.Facemoods
[HKLM\Software\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}] =>Adware.Facemoods
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider
[HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
[HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
[HKLM\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}] =>Adware.BrowseFox
[HKLM\Software\Classes\protector_dll.protectorbho] =>PUP.BProtector
[HKLM\Software\Classes\protector_dll.protectorbho.1] =>PUP.BProtector
[HKLM\Software\Classes\ClickPotatoLiteAx.Info] =>Adware.ClickPotato
[HKLM\Software\Classes\ClickPotatoLiteAx.Info.1] =>Adware.ClickPotato
[HKLM\Software\Classes\ClickPotatoLiteAX.UserProfiles] =>Adware.ClickPotato
[HKLM\Software\Classes\ClickPotatoLiteAX.UserProfiles.1] =>Adware.ClickPotato
[HKLM\Software\Classes\CrossriderApp0043960.BHO] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0043960.BHO.1] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0043960.Sandbox] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0043960.Sandbox.1] =>PUP.CrossRider
[HKLM\Software\Classes\facemoods.dskBnd] =>Toolbar.Facemoods
[HKLM\Software\Classes\facemoods.dskBnd.1] =>Toolbar.Facemoods
[HKLM\Software\Classes\facemoods.facemoodsHlpr] =>Toolbar.Facemoods
[HKLM\Software\Classes\facemoods.facemoodsHlpr.1] =>Toolbar.Facemoods
[HKLM\Software\Classes\facemoods.xtrnl] =>Toolbar.Facemoods
[HKLM\Software\Classes\facemoods.xtrnl.1] =>Toolbar.Facemoods
[HKLM\Software\Classes\facemoodsApp.appCore] =>Toolbar.Facemoods
[HKLM\Software\Classes\facemoodsApp.appCore.1] =>Toolbar.Facemoods
[HKLM\Software\Classes\HotbarAx.Info] =>Adware.HotBar
[HKLM\Software\Classes\HotbarAx.Info.1] =>Adware.HotBar
[HKLM\Software\Classes\HotbarAX.UserProfiles] =>Adware.HotBar
[HKLM\Software\Classes\HotbarAX.UserProfiles.1] =>Adware.HotBar
[HKLM\Software\Classes\HotbarWeather.WeatherController] =>Adware.HotBar
[HKLM\Software\Classes\HotbarWeather.WeatherController.1] =>Adware.HotBar
[HKLM\Software\Classes\esrv.iminentESrvc] =>Adware.IMBooster
[HKLM\Software\Classes\esrv.iminentESrvc.1] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent] =>Adware.IMBooster
[HKLM\Software\Classes\iminent.iminentappCore] =>Adware.IMBooster
[HKLM\Software\Classes\iminent.iminentappCore.1] =>Adware.IMBooster
[HKLM\Software\Classes\iminent.iminentdskBnd] =>Adware.IMBooster
[HKLM\Software\Classes\iminent.iminentdskBnd.1] =>Adware.IMBooster
[HKLM\Software\Classes\iminent.iminentHlpr] =>Adware.IMBooster
[HKLM\Software\Classes\iminent.iminentHlpr.1] =>Adware.IMBooster
[HKLM\Software\Classes\ShopperReports.AsyncReporter] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.AsyncReporter.1] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.CntntDic] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.CntntDic.1] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.CntntDisp] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.CntntDisp.1] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.Dwnldr] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.Dwnldr.1] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.HbAx] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.HbAx.1] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.HbGuru] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.HbGuru.1] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.HbInfoBand] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.HbInfoBand.1] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.IEButton] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.IEButton.1] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.IEButtonA] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.IEButtonA.1] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.KOPFF] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.KOPFF.1] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.MozillaNvgtnTrpr] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.MozillaNvgtnTrpr.1] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.MozillaPSExecuter] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.MozillaPSExecuter.1] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.ReportData] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.ReportData.1] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.Reporter] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.Reporter.1] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.RprtCtrl] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.RprtCtrl.1] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.Scopes] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.Scopes.1] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.Stock] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.Stock.1] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.TriggerImmidiate] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.TriggerImmidiate.1] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.TriggerImmidiateOrRandomTS] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.TriggerImmidiateOrRandomTS.1] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.TriggerOnceInDay] =>Adware.ShopperReports
[HKLM\Software\Classes\ShopperReports.TriggerOnceInDay.1] =>Adware.ShopperReports
[HKLM\Software\Classes\ShoppingReport2.HbAx] =>Adware.ShoppingReport
[HKLM\Software\Classes\ShoppingReport2.HbAx.1] =>Adware.ShoppingReport
[HKLM\Software\Classes\ShoppingReport2.HbInfoBand] =>Adware.ShoppingReport
[HKLM\Software\Classes\ShoppingReport2.HbInfoBand.1] =>Adware.ShoppingReport
[HKLM\Software\Classes\ShoppingReport2.IEButton] =>Adware.ShoppingReport
[HKLM\Software\Classes\ShoppingReport2.IEButton.1] =>Adware.ShoppingReport
[HKLM\Software\Classes\ShoppingReport2.IEButtonA] =>Adware.ShoppingReport
[HKLM\Software\Classes\ShoppingReport2.IEButtonA.1] =>Adware.ShoppingReport
[HKLM\Software\Classes\ShoppingReport2.RprtCtrl] =>Adware.ShoppingReport
[HKLM\Software\Classes\ShoppingReport2.RprtCtrl.1] =>Adware.ShoppingReport
[HKLM\Software\Classes\Moovida.Spointer] =>Adware.SPointer
[HKLM\Software\Classes\Moovida.Spointer.1] =>Adware.SPointer
[HKLM\Software\Classes\Moovida.SpointerCtrl] =>Adware.SPointer
[HKLM\Software\Classes\Moovida.SpointerCtrl.1] =>Adware.SPointer
[HKLM\Software\Classes\Moovida.SpointerWebDisp] =>Adware.SPointer
[HKLM\Software\Classes\Moovida.SpointerWebDisp.1] =>Adware.SPointer
[HKLM\Software\Classes\AOLTB.AOLToolBand.1] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar.CT2545112] =>Toolbar.Conduit
[HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110411391160}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220422392260}] =>PUP.CrossRider
[HKLM\Software\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\Arpcache\HotbarSA] =>Adware.HotBar
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\Arpcache\ShoppingReport2] =>Adware.ShoppingReport
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ClickPotatoLiteSA] =>Adware.ClickPotato
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\HotbarSA] =>Adware.HotBar
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\iminent] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\ShopperReports 3.0.517.0] =>Adware.ShopperReports
[HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790474B4765B5130AD99] =>Adware.ShopperReports
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} =>Adware.Facemoods^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:facemoods =>Adware.Facemoods^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:swg =>Toolbar.Google^
[HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{84FF7BD6-B47F-46F8-9130-01B2696B36CB} =>Adware.IMBooster
[HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} =>Adware.Zango
[HKLM\Software\Mozilla\Firefox\Extensions]:ClickPotatoLite@ClickPotatoLite.com =>Adware.ClickPotato
C:\Users\Maarine\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjeikeheijdjdfjbmknpefojickbkmom =>PUP.OfferBox^
C:\Users\Maarine\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgbjdgnkkchgleommaaapafcigjjbnmg =>PUP.Bizzybolt^
C:\Users\Maarine\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpicnlijpdlebkhpegfenfjpglinfdhm =>PUP.OfferBox^
C:\Users\Maarine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebbadcnkcgcfgpbmcdleckpejgopimf =>PUP.CacaoWeb^
C:\Users\Maarine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo =>PUP.Elex^
C:\Users\Maarine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif =>Adware.Facemoods^
C:\Users\Maarine\AppData\Local\Google\Chrome\User Data\Default\Extensions\iknffkmlbmmhbnfhfnpopiembeecpokj =>PUP.Facemoi^
C:\Users\Maarine\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbjlipmgfoamgjaogmbihaffnpkpjajp =>PUP.BubbleDock^
C:\Users\Maarine\AppData\Local\Google\Chrome\User Data\Default\Extensions\khcceooakamlehbimaepcldnnlnkcmfk =>PUP.SaveSense^
C:\Users\Maarine\AppData\Local\Google\Chrome\User Data\Default\Extensions\kngejcchcedjdemdaeneneeahmjnpaec =>Adware.SPointer^
C:\Users\Maarine\AppData\Local\Google\Chrome\User Data\Default\Extensions\leahdjjpjmnamomgpojikeapflgbmjab =>PUP.CacaoWeb^
C:\Users\Maarine\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb =>Adware.PricePeep^
C:\Program Files\Bizzybolt =>PUP.Bizzybolt^
C:\Program Files\ClickPotatoLite =>Adware.ClickPotato^
C:\Program Files\Duuqu =>PUP.Duuqu^
C:\Program Files\Fluendo =>Adware.SPointer^
C:\Program Files\FREEzeFrog =>Adware.FreezeFrog^
C:\Program Files\HBLite =>Adware.HotBar^
C:\Program Files\Iminent =>Adware.IMBooster^
C:\Program Files\IminentToolbar =>Adware.IMBooster^
C:\Program Files\iSafe =>Trojan.Staser^
C:\Program Files\OfferBox =>PUP.OfferBox^
C:\Program Files\PriceGong =>Adware.PriceGong^
C:\Program Files\PricePeep =>Adware.PricePeep^
C:\Program Files\SaveSense =>PUP.SaveSense^
C:\Program Files\SaveSenseLive =>PUP.SaveSense^
C:\Program Files\ShopperReports3 =>Adware.ShopperReports^
C:\Program Files\ShoppingReport2 =>Adware.ShoppingReport^
C:\ProgramData\ClickPotatoLiteSA =>Adware.ClickPotato^
C:\ProgramData\FREEzeFrogSA =>Adware.FreezeFrog^
C:\ProgramData\HBLiteSA =>Adware.HotBar^
C:\ProgramData\SaveSenseLive =>PUP.SaveSense^
C:\ProgramData\WPM =>PUP.WpManager^
C:\Users\Maarine\AppData\Roaming\cacaoweb =>PUP.CacaoWeb^
C:\Users\Maarine\AppData\Roaming\ClickPotatoLite =>Adware.ClickPotato^
C:\Users\Maarine\AppData\Roaming\FissaSearch =>PUP.OfferBox^
C:\Users\Maarine\AppData\Roaming\FREEzeFrog =>Adware.FreezeFrog^
C:\Users\Maarine\AppData\Roaming\HBLite =>Adware.HotBar^
C:\Users\Maarine\AppData\Roaming\IminentToolbar =>Adware.IMBooster^
C:\Users\Maarine\AppData\Roaming\iSafe =>Trojan.Staser^
C:\Users\Maarine\AppData\Roaming\OfferBox =>PUP.OfferBox^
C:\Users\Maarine\AppData\Roaming\SaveSense =>PUP.SaveSense^
C:\Users\Maarine\AppData\Roaming\ShopperReports3 =>Adware.ShopperReports^
C:\Users\Maarine\AppData\Roaming\wp_update =>PUP.WpManager^
C:\Users\Maarine\AppData\Local\Duuqu =>PUP.Duuqu^
C:\Users\Maarine\AppData\Local\Lollipop =>Adware.Lollipop^
C:\Users\Maarine\AppData\Local\SaveSenseLive =>PUP.SaveSense^
C:\Users\Maarine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense =>PUP.SaveSense^
C:\Program Files\Conduit =>Toolbar.Conduit
C:\Program Files\Hotbar =>Adware.Hotbar
C:\Program Files\Software =>Adware.Boxore
C:\Program Files\Optimizer Pro =>PUP.OptimizerPro
C:\Program Files\Common Files\Umbrella =>Adware.IMBooster
C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 =>Adware.Seekmo
C:\ProgramData\HotbarSA =>Adware.Hotbar
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\clickpotato =>Adware.ClickPotato
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar =>Adware.Hotbar
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moovida =>Adware.SPointer
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports =>Adware.ShopperReports
C:\Users\Maarine\AppData\Roaming\Hotbar =>Adware.Hotbar
C:\Users\Maarine\AppData\Roaming\WeatherDPA =>Adware.180Solutions
C:\Users\Maarine\AppData\Roaming\Optimizer Pro =>PUP.OptimizerPro
C:\Users\Maarine\AppData\Local\moovida air =>Adware.SPointer
C:\Users\Maarine\AppData\Local\Software =>Adware.Boxore
C:\Users\Maarine\AppData\LocalLow\Conduit =>Toolbar.Conduit
C:\Users\Maarine\AppData\LocalLow\Hotbar =>Adware.Hotbar
C:\Users\Maarine\AppData\LocalLow\PriceGong =>Adware.PriceGong
C:\Users\Maarine\AppData\LocalLow\ShopperReports3 =>Adware.ShopperReports
C:\Users\Maarine\AppData\LocalLow\ShoppingReport2 =>Adware.ShopperReports
C:\Users\Maarine\AppData\Local\Temp\Iminent =>Adware.IMBooster
C:\Users\Maarine\AppData\Local\Temp\Smartbar =>Hijacker.SmartBar
C:\Program Files\iSafe\iSafeTray.exe =>Trojan.Staser^
C:\Program Files\iSafe\iSafeSvc.exe =>Trojan.Staser^
C:\Program Files\iSafe\iSafeSvc2.exe =>Trojan.Staser^
C:\Program Files\Bizzybolt\updateBizzybolt.exe =>PUP.Bizzybolt^
C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job =>PUP.SaveSense^
C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job =>PUP.SaveSense^
C:\Users\Maarine\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.exe =>PUP.SaveSense^
C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe =>PUP.SaveSense^
C:\Users\Maarine\AppData\Roaming\~guzsbhy.exe =>PUP.WpManager^
[HKCU\Software\Bizzybolt] =>PUP.Bizzybolt^
[HKCU\Software\Duuqu] =>PUP.Duuqu^
[HKCU\Software\IminentToolbar] =>Adware.IMBooster^
[HKCU\Software\SaveSenseLive] =>PUP.SaveSense^
[HKCU\Software\ShoppingReport2] =>Adware.ShoppingReport^
[HKCU\Software\clickpotatolitesa] =>Adware.ClickPotato^
[HKCU\Software\freezefrogsa] =>Adware.FreezeFrog^
[HKCU\Software\hblitesa] =>Adware.HotBar^
[HKLM\Software\Conduit] =>Toolbar.Conduit^
[HKLM\Software\DealPlyLive] =>PUP.DealPly^
[HKLM\Software\Duuqu] =>PUP.Duuqu^
[HKLM\Software\HBLite] =>Adware.HotBar^
[HKLM\Software\IminentToolbar] =>Adware.IMBooster^
[HKLM\Software\SaveSenseLive] =>PUP.SaveSense^
[HKLM\Software\supWPM] =>PUP.WpManager^
C:\Users\Maarine\Desktop\cacaoweb.exe =>PUP.CacaoWeb^
C:\Windows\Installer\1945710.msi =>Adware.SPointer^
C:\Windows\Installer\1945716.msi =>Adware.SPointer^
C:\Windows\Installer\57414c.msi =>PUP.Duuqu^
C:\Users\Maarine\Downloads\cacaoweb.exe =>PUP.CacaoWeb
~ Additionnel Scan: 483217 Items scanned in 00mn 39s
#25850
---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blo ... jan-staser" onclick="window.open(this.href);return false; =>Trojan.Staser
~ http://nicolascoolman.webs.com/apps/blo ... -bizzybolt" onclick="window.open(this.href);return false; =>PUP.Bizzybolt
~ http://nicolascoolman.webs.com/apps/blo ... nationzoom" onclick="window.open(this.href);return false; =>Hijacker.NationZoom
~ http://nicolascoolman.webs.com/apps/blo ... p-offerbox" onclick="window.open(this.href);return false; =>PUP.OfferBox
~ http://nicolascoolman.webs.com/apps/blo ... p-cacaoweb" onclick="window.open(this.href);return false; =>PUP.CacaoWeb
~ http://nicolascoolman.webs.com/apps/blo ... 6-pup-elex" onclick="window.open(this.href);return false; =>PUP.Elex
~ http://nicolascoolman.webs.com/apps/blo ... -facemoods" onclick="window.open(this.href);return false; =>Adware.Facemoods
~ http://nicolascoolman.webs.com/apps/blo ... up-facemoi" onclick="window.open(this.href);return false; =>PUP.Facemoi
~ http://nicolascoolman.webs.com/apps/blo ... bubbledock" onclick="window.open(this.href);return false; =>Toolbar.BubbleDock
~ http://nicolascoolman.webs.com/apps/blo ... -savesense" onclick="window.open(this.href);return false; =>PUP.SaveSense
~ http://nicolascoolman.webs.com/apps/blo ... e-spointer" onclick="window.open(this.href);return false; =>Adware.SPointer
~ http://nicolascoolman.webs.com/apps/blo ... r-smartbar" onclick="window.open(this.href);return false; =>Hijacker.SmartBar
~ http://nicolascoolman.webs.com/apps/blo ... crossrider" onclick="window.open(this.href);return false; =>PUP.CrossRider
~ http://nicolascoolman.webs.com/apps/blo ... -pricegong" onclick="window.open(this.href);return false; =>Adware.PriceGong
~ http://nicolascoolman.webs.com/apps/blo ... pingreport" onclick="window.open(this.href);return false; =>Adware.ShoppingReport
~ http://nicolascoolman.webs.com/apps/blo ... ar-conduit" onclick="window.open(this.href);return false; =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blo ... e-lollipop" onclick="window.open(this.href);return false; =>Adware.Lollipop
~ http://nicolascoolman.webs.com/apps/blo ... timizerpro" onclick="window.open(this.href);return false; =>PUP.OptimizerPro
~ http://nicolascoolman.webs.com/apps/blo ... clicpotato" onclick="window.open(this.href);return false; =>Adware.ClickPotato
~ http://nicolascoolman.webs.com/apps/blo ... ywebsearch" onclick="window.open(this.href);return false; =>Adware.MyWebSearch
~ http://nicolascoolman.webs.com/apps/blo ... -imbooster" onclick="window.open(this.href);return false; =>Adware.IMBooster
~ http://nicolascoolman.webs.com/apps/blo ... -wpmanager" onclick="window.open(this.href);return false; =>PUP.WpManager
~ http://nicolascoolman.webs.com/apps/blo ... -pup-duuqu" onclick="window.open(this.href);return false; =>PUP.Duuqu
~ http://nicolascoolman.webs.com/apps/blo ... are-freeze" onclick="window.open(this.href);return false; =>Adware.Freeze
~ http://nicolascoolman.webs.com/apps/blo ... re-favorit" onclick="window.open(this.href);return false; =>Adware.Favorit
~ http://nicolascoolman.webs.com/apps/blo ... e-vidsaver" onclick="window.open(this.href);return false; =>Adware.VidSaver
~ http://nicolascoolman.webs.com/apps/blo ... are-hotbar" onclick="window.open(this.href);return false; =>Adware.Hotbar
~ http://nicolascoolman.webs.com/apps/blo ... up-dealply" onclick="window.open(this.href);return false; =>PUP.DealPly
~ http://nicolascoolman.webs.com/apps/blo ... beetoolbar" onclick="window.open(this.href);return false; =>Adware.VisualBeeToolbar
~ http://nicolascoolman.webs.com/apps/blo ... ar-babylon" onclick="window.open(this.href);return false; =>PUP.Babylon
~ http://nicolascoolman.webs.com/apps/blo ... iwinarcade" onclick="window.open(this.href);return false; =>Adware.iWinArcade
~ http://nicolascoolman.webs.com/apps/blo ... -adrotator" onclick="window.open(this.href);return false; =>Adware.AdRotator
~ http://nicolascoolman.webs.com/apps/blo ... eyetoolbar" onclick="window.open(this.href);return false; =>Adware.BullseyeToolbar
~ http://nicolascoolman.webs.com/apps/blo ... -softomate" onclick="window.open(this.href);return false; =>Adware.Softomate
~ http://nicolascoolman.webs.com/apps/blo ... pup-eorezo" onclick="window.open(this.href);return false; =>PUP.EoRezo
~ http://nicolascoolman.webs.com/apps/blo ... pup-zwangi" onclick="window.open(this.href);return false; =>PUP.Zwangi
~ http://nicolascoolman.webs.com/apps/blo ... p-funmoods" onclick="window.open(this.href);return false; =>PUP.Funmoods
~ http://nicolascoolman.webs.com/apps/blo ... incredibar" onclick="window.open(this.href);return false; =>Adware.Incredibar
~ http://nicolascoolman.webs.com/apps/blo ... -browsefox" onclick="window.open(this.href);return false; =>Adware.BrowseFox
~ http://nicolascoolman.webs.com/apps/blo ... bprotector" onclick="window.open(this.href);return false; =>PUP.BProtector
~ http://nicolascoolman.webs.com/apps/blo ... are-boxore" onclick="window.open(this.href);return false; =>Adware.Boxore
~ MSI: 41 link(s) detected in 00mn 40s



~ 2671 Legitimates filtered by white list
End of the scan (1571 lines in 04mn 09s)(0)

Désolée, le rapport étant trop long j'ai dà» séparer le msg ...

Petites questions, ne sachant pas au début que ma clé était infectée, je l'ai branchée sur deux autres pc, est ce que je dois effectuer les scan sur les autres pc également ?
Et est-ce que je vais pouvoir récupérer les fichiers qui étaient sur ma clé ?

Merci !
  • 1
  • 2
  • 3
  • 4
  • 5
  • 7

bonsoir oki pour la fermeture je m'en charge car[…]

how to clean junk files

Hello don't use this program , it's a bullshit :)

Bonjour https://www.aht.li/3213847/AdsFix.exe b[…]

De rien Bon WE :)