SOSVirus : Dépannage PC Gratuit Forums Aide à la désinfection – Forum Virus Sécurité Clés usb infectées, fichiers et dossiers transformés en raccourcis

15 sujets de 1 à 15 (sur un total de 65)
  • Auteur
    Messages
  • Marine14
    Participant
    Nombre d'articles : 34

    Bonjour,

    Je pense avoir un virus sur mon ordinateur et plusieurs de mes clés usb puisque dès que je les connecte, mes fichiers et dossiers se transforment en raccourcis et ensuite impossible de les ouvrir.
    J’ai donc téléchargé USBFix et effectué une recherche. Si l’un de vous pouvait m’aider à comprendre le rapport et m’aiguiller pour la suite, ce serait vraiment très gentil.

    Voici le rapport :
    ############################## | UsbFix V 7.158 | [Recherche]

    Utilisateur: Maarine (Administrateur) # 16MAI2009
    Mis à jour le 02/01/2014 par El Desaparecido – Team SosVirus
    Lancé à 17:19:04 | 05/01/2014

    Site Web : http://www.usbfix.net » onclick= »window.open(this.href);return false;
    Changelog : http://www.usbfix.net/maj/ » onclick= »window.open(this.href);return false;
    Support : http://www.sosvirus.net/ » onclick= »window.open(this.href);return false;
    Upload Malware : upload_malware.php
    Contact : http://www.usbfix.net/contact/ » onclick= »window.open(this.href);return false;

    PC: Quanta (3624)
    CPU: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz
    RAM -> [Total : 3068 Mo| Free : 1484 Mo]
    Bios: Hewlett-Packard
    Boot: Normal boot

    OS: Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-Bit) Service Pack 1
    WB: Windows Internet Explorer : 8.0.6001.19088
    WB: Google Chrome : 31.0.1650.63
    WB: Safari : 533.21.1

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [Enabled]
    AV: avast! Antivirus [(!) Disabled | Updated]
    AS: Windows Defender : 1.1.1600.0
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disque fixe # 222 Go (25 Go libre(s) – 11%) [] # NTFS
    D: -> Disque fixe # 11 Go (2 Go libre(s) – 17%) [RECOVERY] # NTFS
    E: -> CD-ROM
    F: -> Disque amovible # 4 Go (3 Go libre(s) – 77%) [INTENSO] # FAT32
    G: -> Disque amovible # 4 Go (2 Go libre(s) – 62%) [] # FAT32
    H: -> Disque amovible # 4 Go (3 Go libre(s) – 76%) [] # FAT32

    ################## | Processus Actif |

    C:Windowssystem32csrss.exe (ID: 608 |ParentID: 596)
    C:Windowssystem32wininit.exe (ID: 672 |ParentID: 596)
    C:Windowssystem32csrss.exe (ID: 684 |ParentID: 664)
    C:Windowssystem32services.exe (ID: 740 |ParentID: 672)
    C:Windowssystem32lsass.exe (ID: 752 |ParentID: 672)
    C:Windowssystem32lsm.exe (ID: 760 |ParentID: 672)
    C:Windowssystem32winlogon.exe (ID: 780 |ParentID: 664)
    C:Windowssystem32svchost.exe (ID: 932 |ParentID: 740)
    C:Windowssystem32svchost.exe (ID: 1004 |ParentID: 740)
    C:WindowsSystem32svchost.exe (ID: 1040 |ParentID: 740)
    C:Windowssystem32Ati2evxx.exe (ID: 1128 |ParentID: 740)
    C:WindowsSystem32svchost.exe (ID: 1148 |ParentID: 740)
    C:WindowsSystem32svchost.exe (ID: 1184 |ParentID: 740)
    C:Windowssystem32svchost.exe (ID: 1196 |ParentID: 740)
    C:WindowsSystem32DriverStoreFileRepositorystwrt.inf_52c73ccbSTacSV.exe (ID: 1228 |ParentID: 740)
    C:Windowssystem32svchost.exe (ID: 1488 |ParentID: 740)
    C:Windowssystem32SLsvc.exe (ID: 1504 |ParentID: 740)
    C:Windowssystem32Ati2evxx.exe (ID: 1556 |ParentID: 1128)
    C:Windowssystem32svchost.exe (ID: 1584 |ParentID: 740)
    C:Windowssystem32Hpservice.exe (ID: 1648 |ParentID: 740)
    C:Windowssystem32svchost.exe (ID: 1784 |ParentID: 740)
    C:Program FilesAlwil SoftwareAvast5AvastSvc.exe (ID: 1896 |ParentID: 740)
    C:Windowssystem32WLANExt.exe (ID: 1920 |ParentID: 1184)
    C:Windowssystem32Dwm.exe (ID: 420 |ParentID: 1184)
    C:WindowsExplorer.EXE (ID: 548 |ParentID: 396)
    C:Windowssystem32taskeng.exe (ID: 1432 |ParentID: 1196)
    C:WindowsSystem32spoolsv.exe (ID: 1496 |ParentID: 740)
    C:Windowssystem32svchost.exe (ID: 836 |ParentID: 740)
    C:Windowssystem32taskeng.exe (ID: 1912 |ParentID: 1196)
    C:Program FilesSynapticsSynTPSynTPEnh.exe (ID: 2148 |ParentID: 548)
    C:Program FilesIDTWDMsttray.exe (ID: 2156 |ParentID: 548)
    C:Program FilesHewlett-PackardMediaDVDDVDAgent.exe (ID: 2168 |ParentID: 548)
    C:Program FilesHewlett-PackardTouchSmartMediaTSMAgent.exe (ID: 2176 |ParentID: 548)
    C:Program FilesHewlett-PackardTouchSmartMediaKernelCLMLCLMLSvc.exe (ID: 2260 |ParentID: 548)
    C:WindowsSystem32DriverStoreFileRepositorystwrt.inf_52c73ccbaestsrv.exe (ID: 2280 |ParentID: 740)
    C:Program FilesHewlett-PackardHP MediaSmartSmartMenu.exe (ID: 2324 |ParentID: 548)
    C:Program FilesWindows DefenderMSASCui.exe (ID: 2388 |ParentID: 548)
    C:Program FilesHewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe (ID: 2396 |ParentID: 548)
    C:Program FilesJavajre6binjusched.exe (ID: 2420 |ParentID: 548)
    C:Program FilesHPHP Software UpdatehpwuSchd2.exe (ID: 2444 |ParentID: 548)
    C:Program FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe (ID: 2468 |ParentID: 548)
    C:Program FilesGoogleQuick Search BoxGoogleQuickSearchBox.exe (ID: 2488 |ParentID: 548)
    C:Program FilesCommon FilesRealUpdate_OBrealsched.exe (ID: 2552 |ParentID: 548)
    C:Program FilesCommon FilesNikonMonitorNkMonitor.exe (ID: 2596 |ParentID: 548)
    C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe (ID: 2612 |ParentID: 548)
    C:Facemoifacemoi.exe (ID: 2632 |ParentID: 548)
    C:Program FilesiTunesiTunesHelper.exe (ID: 2648 |ParentID: 548)
    C:Program FilesAlwil SoftwareAvast5AvastUI.exe (ID: 2656 |ParentID: 548)
    C:Program FilesCommon FilesLightScribeLightScribeControlPanel.exe (ID: 2664 |ParentID: 548)
    C:Program FilesWindows LiveMessengermsnmsgr.exe (ID: 2692 |ParentID: 548)
    C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe (ID: 2708 |ParentID: 548)
    C:Facemoifacemoi.exe (ID: 2716 |ParentID: 548)
    C:Program FilesWindows Media Playerwmpnscfg.exe (ID: 2724 |ParentID: 548)
    C:UsersMaarineAppDataRoamingcacaowebcacaoweb.exe (ID: 2732 |ParentID: 548)
    C:UsersMaarineAppDataRoamingDropboxbinDropbox.exe (ID: 2740 |ParentID: 548)
    C:Program FilesBonjourmDNSResponder.exe (ID: 3216 |ParentID: 740)
    C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.exe (ID: 3408 |ParentID: 2140)
    C:Program FilesCommon FilesLightScribeLSSrvc.exe (ID: 3472 |ParentID: 740)
    C:Windowssystem32svchost.exe (ID: 3892 |ParentID: 740)
    C:Program FilesSMINSTBLService.exe (ID: 1144 |ParentID: 740)
    C:Program FilesCyberLinkShared filesRichVideo.exe (ID: 3088 |ParentID: 740)
    C:Windowssystem32svchost.exe (ID: 3164 |ParentID: 740)
    C:WindowsSystem32svchost.exe (ID: 1592 |ParentID: 740)
    C:Windowssystem32SearchIndexer.exe (ID: 3532 |ParentID: 740)
    C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 3712 |ParentID: 740)
    C:Program FilesHewlett-PackardSharedhpqwmiex.exe (ID: 1412 |ParentID: 740)
    C:Program FilesiPodbiniPodService.exe (ID: 4376 |ParentID: 740)
    C:Windowssystem32wbemwmiprvse.exe (ID: 4400 |ParentID: 932)
    C:Program FilesATI TechnologiesATI.ACECore-StaticCCC.exe (ID: 4764 |ParentID: 3408)
    C:Program FilesHewlett-PackardHP Quick Launch ButtonsCom4QLBEx.exe (ID: 5012 |ParentID: 740)
    C:Program FilesHewlett-PackardSharedhpqToaster.exe (ID: 5120 |ParentID: 932)
    C:WindowsMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe (ID: 5452 |ParentID: 740)
    c:Program FilesHewlett-PackardHP Health Checkhphc_service.exe (ID: 2580 |ParentID: 740)
    C:Program FilesSynapticsSynTPSynTPHelper.exe (ID: 3236 |ParentID: 2148)
    C:Windowssystem32conime.exe (ID: 3468 |ParentID: 2340)
    C:Windowssystem32wuauclt.exe (ID: 3188 |ParentID: 1196)
    C:Windowssystem32taskeng.exe (ID: 5244 |ParentID: 1196)
    c:program fileswindows defenderMpCmdRun.exe (ID: 2032 |ParentID: 5632)
    C:Windowssystem32WUDFHost.exe (ID: 7768 |ParentID: 1184)
    C:UsersMaarineAppDataLocalLollipopLollipop.exe (ID: 7052 |ParentID: 7092)
    C:Program FilesCommon FilesUmbrellaUmbrella.exe (ID: 2856 |ParentID: 740)
    C:Program FilesIminentWinkHandler.exe (ID: 7540 |ParentID: 740)
    C:Program FilesIminentWinkHandler.exe (ID: 8000 |ParentID: 7540)
    C:Program FilesBizzyboltupdateBizzybolt.exe (ID: 7512 |ParentID: 740)
    C:UsersMaarineAppDataLocalTempsetup__4757.exe (ID: 4676 |ParentID: 6908)
    c:progra~1optimi~1OptProCrash.exe (ID: 7600 |ParentID: 740)
    C:Windowssystem32vssvc.exe (ID: 6312 |ParentID: 740)
    C:Program FilesPricePeepPricePeepUpdater.exe (ID: 7604 |ParentID: 7896)
    C:ProgramDataWPMwprotectmanager.exe (ID: 7668 |ParentID: 740)
    C:Program FilesiSafeiSafeSvc.exe (ID: 4952 |ParentID: 740)
    C:Program FilesiSafeiSafeSvc2.exe (ID: 5256 |ParentID: 4952)
    C:Program FilesiSafeiSafeTray.exe (ID: 5996 |ParentID: 4952)
    C:WindowsSystem32svchost.exe (ID: 6840 |ParentID: 740)
    C:Windowssystem32Taskmgr.exe (ID: 10676 |ParentID: 780)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 12188 |ParentID: 548)
    C:Program FilesPricePeepPricePeepUpdater.exe (ID: 6652 |ParentID: 11692)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 6392 |ParentID: 12188)
    C:Windowssystem32SearchProtocolHost.exe (ID: 11492 |ParentID: 3532)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 8608 |ParentID: 12188)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 9092 |ParentID: 12188)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 9028 |ParentID: 12188)
    C:UsbFixGo.exe (ID: 10904 |ParentID: 11796)
    C:Windowssystem32SearchFilterHost.exe (ID: 11408 |ParentID: 3532)
    C:Windowssystem32wbemwmiprvse.exe (ID: 12000 |ParentID: 932)

    ################## | Regedit Run |

    04 – HKLM..Run : [StartCCC] « C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe » MSRun
    04 – HKLM..Run : [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
    04 – HKLM..Run : [SysTrayApp] %ProgramFiles%IDTWDMsttray.exe
    04 – HKLM..Run : [DVDAgent] « C:Program FilesHewlett-PackardMediaDVDDVDAgent.exe »
    04 – HKLM..Run : [TSMAgent] « C:Program FilesHewlett-PackardTouchSmartMediaTSMAgent.exe »
    04 – HKLM..Run : [CLMLServer for HP TouchSmart] « C:Program FilesHewlett-PackardTouchSmartMediaKernelCLMLCLMLSvc.exe »
    04 – HKLM..Run : [UCam_Menu] « C:Program FilesHewlett-PackardMediaWebcamMUITransferMUIStartMenu.exe » « C:Program FilesHewlett-PackardMediaWebcam » update « SoftwareHewlett-PackardMediaWebcam »
    04 – HKLM..Run : [SmartMenu] %ProgramFiles%Hewlett-PackardHP MediaSmartSmartMenu.exe
    04 – HKLM..Run : [UpdateLBPShortCut] « C:Program FilesCyberLinkLabelPrintMUITransferMUIStartMenu.exe » « C:Program FilesCyberLinkLabelPrint » UpdateWithCreateOnce « SoftwareCyberLinkLabelPrint2.5 »
    04 – HKLM..Run : [UpdatePSTShortCut] « C:Program FilesCyberLinkDVD SuiteMUITransferMUIStartMenu.exe » « C:Program FilesCyberLinkDVD Suite » UpdateWithCreateOnce « SoftwareCyberLinkPowerStarter »
    04 – HKLM..Run : [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
    04 – HKLM..Run : [QlbCtrl.exe] C:Program FilesHewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe /Start
    04 – HKLM..Run : [UpdateP2GoShortCut] « C:Program FilesCyberLinkPower2GoMUITransferMUIStartMenu.exe » « C:Program FilesCyberLinkPower2Go » UpdateWithCreateOnce « SOFTWARECyberLinkPower2Go6.0 »
    04 – HKLM..Run : [UpdatePDIRShortCut] « C:Program FilesCyberLinkPowerDirectorMUITransferMUIStartMenu.exe » « C:Program FilesCyberLinkPowerDirector » UpdateWithCreateOnce « SOFTWARECyberLinkPowerDirector7.0 »
    04 – HKLM..Run : [SunJavaUpdateSched] « C:Program FilesJavajre6binjusched.exe »
    04 – HKLM..Run : [HP Health Check Scheduler] c:Program FilesHewlett-PackardHP Health CheckHPHC_Scheduler.exe
    04 – HKLM..Run : [HP Software Update] C:Program FilesHpHP Software UpdateHPWuSchd2.exe
    04 – HKLM..Run : [WirelessAssistant] C:Program FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe
    04 – HKLM..Run : [Google Quick Search Box] « C:Program FilesGoogleQuick Search BoxGoogleQuickSearchBox.exe » /autorun
    04 – HKLM..Run : [AppleSyncNotifier] C:Program FilesCommon FilesAppleMobile Device SupportAppleSyncNotifier.exe
    04 – HKLM..Run : [TkBellExe] « C:Program FilesCommon FilesRealUpdate_OBrealsched.exe » -osboot
    04 – HKLM..Run : [Nikon Transfer Monitor] C:Program FilesCommon FilesNikonMonitorNkMonitor.exe
    04 – HKLM..Run : [Adobe Reader Speed Launcher] « C:Program FilesAdobeReader 10.0ReaderReader_sl.exe »
    04 – HKLM..Run : [Adobe ARM] « C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe »
    04 – HKLM..Run : [QuickTime Task] « C:Program FilesQuickTimeQTTask.exe » -atboottime
    04 – HKLM..Run : [facemoods] « C:Program Filesfacemoods.comfacemoods1.4.17.3facemoodssrv.exe » /md I
    04 – HKLM..Run : [Facemoi] c:Facemoifacemoi.exe
    04 – HKLM..Run : [iTunesHelper] « C:Program FilesiTunesiTunesHelper.exe »
    04 – HKLM..Run : [AvastUI.exe] « C:Program FilesAlwil SoftwareAvast5AvastUI.exe » /nogui
    04 – HKLM..RunOnce : [Del6273439] cmd.exe /Q /D /c del « C:UsersMaarineAppDataLocalTemp.del »
    04 – HKLM..RunOnce : []
    04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem
    04 – HKUS-1-5-19..Run : [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem
    04 – HKUS-1-5-20..Run : [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    04 – HKUS-1-5-21-2704428714-541136749-3450515838-1000..Run : [LightScribe Control Panel] C:Program FilesCommon FilesLightScribeLightScribeControlPanel.exe -hidden
    04 – HKUS-1-5-21-2704428714-541136749-3450515838-1000..Run : [HPAdvisor] C:Program FilesHewlett-PackardHP AdvisorHPAdvisor.exe autorun=AUTORUN
    04 – HKUS-1-5-21-2704428714-541136749-3450515838-1000..Run : [msnmsgr] « C:Program FilesWindows LiveMessengermsnmsgr.exe » /background
    04 – HKUS-1-5-21-2704428714-541136749-3450515838-1000..Run : [swg] « C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe »
    04 – HKUS-1-5-21-2704428714-541136749-3450515838-1000..Run : [xgqbc] « c:usersmaarineappdatalocalxgqbc.exe » xgqbc
    04 – HKUS-1-5-21-2704428714-541136749-3450515838-1000..Run : [GM4IE] C:Facemoifacemoi.exe
    04 – HKUS-1-5-21-2704428714-541136749-3450515838-1000..Run : [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe
    04 – HKUS-1-5-21-2704428714-541136749-3450515838-1000..Run : [cacaoweb] « C:UsersMaarineAppDataRoamingcacaowebcacaoweb.exe » -noplayer
    04 – HKUS-1-5-21-2704428714-541136749-3450515838-1000..Run : [SURVIVAL] wscript.exe //B « C:UsersMaarineAppDataLocalTempSURVIVAL.vbe »
    04 – HKUS-1-5-21-2704428714-541136749-3450515838-1000..Run : [Bubble Dock] « C:UsersMaarineAppDataRoamingNosibayBubble DockLBubble Dock.exe » /winstartup
    04 – HKUS-1-5-21-2704428714-541136749-3450515838-1000..Run : [Optimizer Pro] C:Program FilesOptimizer ProOptProLauncher.exe
    04 – HKUS-1-5-21-2704428714-541136749-3450515838-1000..RunOnce : [Del6273439] cmd.exe /Q /D /c del « C:UsersMaarineAppDataLocalTemp.del »

    ################## | Recherche générique |

    Présent! C:UsersMaarineAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupSURVIVAL.vbe
    Présent! C:UsersMaarineAppDataLocalTempSURVIVAL.vbe
    Présent! F:SURVIVAL.vbe
    Présent! G:SURVIVAL.vbe
    Présent! H:SURVIVAL.vbe
    Présent! F:_disk_id.lnk
    Présent! F:.lnk
    Présent! F:DVR.lnk
    Présent! F:le vampire MPS.lnk
    Présent! F:Mes Documents USB.lnk
    Présent! F:VIDEO.lnk
    Présent! F:MPS.lnk
    Présent! G:6- Scanner 8 décembre bis.lnk
    Présent! G:Vrai cadeau annie.lnk
    Présent! G:Willy.lnk
    Présent! G:Photos à imprimer.lnk
    Présent! G:20 ans Marine (2013).lnk
    Présent! G:Welcome Back Marine (26 décembre 2013).lnk
    Présent! G:MOV_0110.lnk
    Présent! G:Epreuve bureautique.lnk
    Présent! G:IMG.lnk
    Présent! G:IMG_0001.lnk
    Présent! G:IMG_0002.lnk
    Présent! G:IMG_0003.lnk
    Présent! G:IMG_0004.lnk
    Présent! G:IMG_0005.lnk
    Présent! G:IMG_0006.lnk
    Présent! G:IMG_0007.lnk
    Présent! G: (4).lnk
    Présent! H:Dreamweaver 2.lnk
    Présent! H:autorun.lnk
    Présent! H:licence.lnk
    Présent! H:mostick.lnk
    Présent! H:start.lnk
    Présent! H:la géothermie.lnk
    Présent! H:The koala from A to Z.lnk
    Présent! H:photo de koala exposé 2.lnk
    Présent! H:L’aspirateur Exposé de technologie 4e6.lnk
    Présent! H:Évolution d’un objet technique aspi.lnk
    Présent! H:Option littérature et société.lnk
    Présent! H:le vampire MPS.lnk
    Présent! H:dist.lnk
    Présent! H:Mes Documents USB.lnk
    Présent! H:Photos voyage Angleterre.lnk
    Présent! H:Anglais.lnk
    Présent! H:Noémie.lnk
    Présent! H:autorun.inf
    Présent! H:start.exe

    ################## | Registre |

    Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced|Start_ShowPrinters -> 0
    Présent! HKUS-1-5-21-2704428714-541136749-3450515838-1000SoftwareMicrosoftWindowsCurrentVersionRun|SURVIVAL
    Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|SURVIVAL
    Présent! HKUS-1-5-21-2704428714-541136749-3450515838-1000SoftwareMicrosoftWindowsCurrentVersionRun|SURVIVAL
    Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionRun|SURVIVAL

    ################## | Vaccin |

    D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    H:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.usbfix.net » onclick= »window.open(this.href);return false; – http://www.sosvirus.net » onclick= »window.open(this.href);return false; |

    Merci d’avance,

    Marine14.

    billmaximebillmaxime
    Modérateur
    Nombre d'articles : 1402

    :hello: Marine14 et :welcome: sur sosvirus

    relance usbfix et choisis suppression puis poste le rapport s’il te plaît

    • Télécharge UsbFix (de El Desaparecido) sur ton Bureau !
    • Fais clic droit dessus, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Branchez toutes vos sources de données externes à votre PC (clé USB, disque dur externe, etc…) sans les ouvrir.
    • Choisis l’option Suppression

      Note : Si UsbFix bloque à 14%, démarrer en mode sans échec. (Voir >> ICI <<)

    • Copie et Colle le contenu du rapport qui apparaît à la fin du scan dans ta réponse

    :merci2:

    Marine14
    Participant
    Nombre d'articles : 34

    Merci beaucoup de m’aider !

    Voilà le rapport de suppression :

    ############################## | UsbFix V 7.158 | [Suppression]

    Utilisateur: Maarine (Administrateur) # 16MAI2009
    Mis à jour le 02/01/2014 par El Desaparecido – Team SosVirus
    Lancé à 18:17:56 | 05/01/2014

    Site Web : http://www.usbfix.net » onclick= »window.open(this.href);return false;
    Changelog : http://www.usbfix.net/maj/ » onclick= »window.open(this.href);return false;
    Support : http://www.sosvirus.net/ » onclick= »window.open(this.href);return false;
    Upload Malware : upload_malware.php
    Contact : http://www.usbfix.net/contact/ » onclick= »window.open(this.href);return false;

    PC: Quanta (3624)
    CPU: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz
    RAM -> [Total : 3068 Mo| Free : 1351 Mo]
    Bios: Hewlett-Packard
    Boot: Normal boot

    OS: Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-Bit) Service Pack 1
    WB: Windows Internet Explorer : 8.0.6001.19088
    WB: Google Chrome : 31.0.1650.63
    WB: Safari : 533.21.1

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [Enabled]
    AV: avast! Antivirus [(!) Disabled | Updated]
    AS: Windows Defender : 1.1.1600.0
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disque fixe # 222 Go (26 Go libre(s) – 11%) [] # NTFS
    D: -> Disque fixe # 11 Go (2 Go libre(s) – 17%) [RECOVERY] # NTFS
    E: -> CD-ROM
    F: -> Disque amovible # 4 Go (3 Go libre(s) – 77%) [INTENSO] # FAT32
    G: -> Disque amovible # 4 Go (2 Go libre(s) – 62%) [] # FAT32
    H: -> Disque amovible # 4 Go (3 Go libre(s) – 76%) [] # FAT32

    ################## | Processus Stoppés |

    Stoppé! C:Program FilesAlwil SoftwareAvast5AvastSvc.exe (ID: 1896 |ParentID: 740)
    Stoppé! C:Program FilesAlwil SoftwareAvast5AvastUI.exe (ID: 2656 |ParentID: 548)
    Stoppé! C:Program FilesiSafeiSafeSvc.exe (ID: 4952 |ParentID: 740)
    Stoppé! C:Program FilesiSafeiSafeSvc2.exe (ID: 5256 |ParentID: 4952)
    Stoppé! C:Program FilesiSafeiSafeTray.exe (ID: 5996 |ParentID: 4952)
    Stoppé! C:WindowsMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe (ID: 10524 |ParentID: 740)
    Stoppé! C:Windowssystem32WUDFHost.exe (ID: 5744 |ParentID: 1184)
    Stoppé! C:Program FilesBizzyboltupdateBizzybolt.exe (ID: 8180 |ParentID: 740)
    Stoppé! C:Windowssystem32SearchIndexer.exe (ID: 12052 |ParentID: 740)
    Stoppé! C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 10860 |ParentID: 740)
    Stoppé! C:Windowssystem32taskeng.exe (ID: 10632 |ParentID: 1196)
    Stoppé! C:Windowssystem32taskeng.exe (ID: 6616 |ParentID: 1196)
    Stoppé! c:Program FilesHewlett-PackardHP Health Checkhphc_service.exe (ID: 7304 |ParentID: 740)
    Stoppé! C:WindowsSystem32spoolsv.exe (ID: 3584 |ParentID: 740)
    Stoppé! C:Windowssystem32SLsvc.exe (ID: 10244 |ParentID: 740)
    Stoppé! C:Windowssystem32NOTEPAD.EXE (ID: 11208 |ParentID: 10904)
    Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 7436 |ParentID: 10300)
    Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 7320 |ParentID: 7436)
    Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 5640 |ParentID: 7436)
    Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 7148 |ParentID: 7436)
    Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 7868 |ParentID: 7436)
    Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 8344 |ParentID: 7436)
    Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 1724 |ParentID: 7436)
    Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 11404 |ParentID: 7436)
    Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 7344 |ParentID: 7436)
    Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 11036 |ParentID: 7436)
    Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 6896 |ParentID: 7436)
    Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 6656 |ParentID: 7436)
    Stoppé! C:Program FilesGoogleChromeApplicationchrome.exe (ID: 11000 |ParentID: 7436)

    ################## | Regedit Run |

    04 – HKLM..Run : [StartCCC] « C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe » MSRun
    04 – HKLM..Run : [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
    04 – HKLM..Run : [SysTrayApp] %ProgramFiles%IDTWDMsttray.exe
    04 – HKLM..Run : [DVDAgent] « C:Program FilesHewlett-PackardMediaDVDDVDAgent.exe »
    04 – HKLM..Run : [TSMAgent] « C:Program FilesHewlett-PackardTouchSmartMediaTSMAgent.exe »
    04 – HKLM..Run : [CLMLServer for HP TouchSmart] « C:Program FilesHewlett-PackardTouchSmartMediaKernelCLMLCLMLSvc.exe »
    04 – HKLM..Run : [UCam_Menu] « C:Program FilesHewlett-PackardMediaWebcamMUITransferMUIStartMenu.exe » « C:Program FilesHewlett-PackardMediaWebcam » update « SoftwareHewlett-PackardMediaWebcam »
    04 – HKLM..Run : [SmartMenu] %ProgramFiles%Hewlett-PackardHP MediaSmartSmartMenu.exe
    04 – HKLM..Run : [UpdateLBPShortCut] « C:Program FilesCyberLinkLabelPrintMUITransferMUIStartMenu.exe » « C:Program FilesCyberLinkLabelPrint » UpdateWithCreateOnce « SoftwareCyberLinkLabelPrint2.5 »
    04 – HKLM..Run : [UpdatePSTShortCut] « C:Program FilesCyberLinkDVD SuiteMUITransferMUIStartMenu.exe » « C:Program FilesCyberLinkDVD Suite » UpdateWithCreateOnce « SoftwareCyberLinkPowerStarter »
    04 – HKLM..Run : [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
    04 – HKLM..Run : [QlbCtrl.exe] C:Program FilesHewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe /Start
    04 – HKLM..Run : [UpdateP2GoShortCut] « C:Program FilesCyberLinkPower2GoMUITransferMUIStartMenu.exe » « C:Program FilesCyberLinkPower2Go » UpdateWithCreateOnce « SOFTWARECyberLinkPower2Go6.0 »
    04 – HKLM..Run : [UpdatePDIRShortCut] « C:Program FilesCyberLinkPowerDirectorMUITransferMUIStartMenu.exe » « C:Program FilesCyberLinkPowerDirector » UpdateWithCreateOnce « SOFTWARECyberLinkPowerDirector7.0 »
    04 – HKLM..Run : [SunJavaUpdateSched] « C:Program FilesJavajre6binjusched.exe »
    04 – HKLM..Run : [HP Health Check Scheduler] c:Program FilesHewlett-PackardHP Health CheckHPHC_Scheduler.exe
    04 – HKLM..Run : [HP Software Update] C:Program FilesHpHP Software UpdateHPWuSchd2.exe
    04 – HKLM..Run : [WirelessAssistant] C:Program FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe
    04 – HKLM..Run : [Google Quick Search Box] « C:Program FilesGoogleQuick Search BoxGoogleQuickSearchBox.exe » /autorun
    04 – HKLM..Run : [AppleSyncNotifier] C:Program FilesCommon FilesAppleMobile Device SupportAppleSyncNotifier.exe
    04 – HKLM..Run : [TkBellExe] « C:Program FilesCommon FilesRealUpdate_OBrealsched.exe » -osboot
    04 – HKLM..Run : [Nikon Transfer Monitor] C:Program FilesCommon FilesNikonMonitorNkMonitor.exe
    04 – HKLM..Run : [Adobe Reader Speed Launcher] « C:Program FilesAdobeReader 10.0ReaderReader_sl.exe »
    04 – HKLM..Run : [Adobe ARM] « C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe »
    04 – HKLM..Run : [QuickTime Task] « C:Program FilesQuickTimeQTTask.exe » -atboottime
    04 – HKLM..Run : [facemoods] « C:Program Filesfacemoods.comfacemoods1.4.17.3facemoodssrv.exe » /md I
    04 – HKLM..Run : [Facemoi] c:Facemoifacemoi.exe
    04 – HKLM..Run : [iTunesHelper] « C:Program FilesiTunesiTunesHelper.exe »
    04 – HKLM..Run : [AvastUI.exe] « C:Program FilesAlwil SoftwareAvast5AvastUI.exe » /nogui
    04 – HKLM..RunOnce : [Del6273439] cmd.exe /Q /D /c del « C:UsersMaarineAppDataLocalTemp.del »
    04 – HKLM..RunOnce : []
    04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem
    04 – HKUS-1-5-19..Run : [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem
    04 – HKUS-1-5-20..Run : [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    04 – HKUS-1-5-21-2704428714-541136749-3450515838-1000..Run : [LightScribe Control Panel] C:Program FilesCommon FilesLightScribeLightScribeControlPanel.exe -hidden
    04 – HKUS-1-5-21-2704428714-541136749-3450515838-1000..Run : [HPAdvisor] C:Program FilesHewlett-PackardHP AdvisorHPAdvisor.exe autorun=AUTORUN
    04 – HKUS-1-5-21-2704428714-541136749-3450515838-1000..Run : [msnmsgr] « C:Program FilesWindows LiveMessengermsnmsgr.exe » /background
    04 – HKUS-1-5-21-2704428714-541136749-3450515838-1000..Run : [swg] « C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe »
    04 – HKUS-1-5-21-2704428714-541136749-3450515838-1000..Run : [xgqbc] « c:usersmaarineappdatalocalxgqbc.exe » xgqbc
    04 – HKUS-1-5-21-2704428714-541136749-3450515838-1000..Run : [GM4IE] C:Facemoifacemoi.exe
    04 – HKUS-1-5-21-2704428714-541136749-3450515838-1000..Run : [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe
    04 – HKUS-1-5-21-2704428714-541136749-3450515838-1000..Run : [cacaoweb] « C:UsersMaarineAppDataRoamingcacaowebcacaoweb.exe » -noplayer
    04 – HKUS-1-5-21-2704428714-541136749-3450515838-1000..Run : [SURVIVAL] wscript.exe //B « C:UsersMaarineAppDataLocalTempSURVIVAL.vbe »
    04 – HKUS-1-5-21-2704428714-541136749-3450515838-1000..Run : [Bubble Dock] « C:UsersMaarineAppDataRoamingNosibayBubble DockLBubble Dock.exe » /winstartup
    04 – HKUS-1-5-21-2704428714-541136749-3450515838-1000..Run : [Optimizer Pro] C:Program FilesOptimizer ProOptProLauncher.exe

    ################## | Recherche générique |

    Supprimé! C:UsersMaarineAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupSURVIVAL.vbe
    Supprimé! C:UsersMaarineAppDataLocalTempSURVIVAL.vbe
    Supprimé! F:SURVIVAL.vbe
    Supprimé! G:SURVIVAL.vbe
    Supprimé! H:SURVIVAL.vbe
    Supprimé! F:_disk_id.lnk
    Supprimé! F:.lnk
    Supprimé! F:DVR.lnk
    Supprimé! F:le vampire MPS.lnk
    Supprimé! F:Mes Documents USB.lnk
    Supprimé! F:VIDEO.lnk
    Supprimé! F:MPS.lnk
    Supprimé! G:6- Scanner 8 décembre bis.lnk
    Supprimé! G:Vrai cadeau annie.lnk
    Supprimé! G:Willy.lnk
    Supprimé! G:Photos à imprimer.lnk
    Supprimé! G:20 ans Marine (2013).lnk
    Supprimé! G:Welcome Back Marine (26 décembre 2013).lnk
    Supprimé! G:MOV_0110.lnk
    Supprimé! G:Epreuve bureautique.lnk
    Supprimé! G:IMG.lnk
    Supprimé! G:IMG_0001.lnk
    Supprimé! G:IMG_0002.lnk
    Supprimé! G:IMG_0003.lnk
    Supprimé! G:IMG_0004.lnk
    Supprimé! G:IMG_0005.lnk
    Supprimé! G:IMG_0006.lnk
    Supprimé! G:IMG_0007.lnk
    Supprimé! G: (4).lnk
    Supprimé! H:Dreamweaver 2.lnk
    Supprimé! H:autorun.lnk
    Supprimé! H:licence.lnk
    Supprimé! H:mostick.lnk
    Supprimé! H:start.lnk
    Supprimé! H:la géothermie.lnk
    Supprimé! H:The koala from A to Z.lnk
    Supprimé! H:photo de koala exposé 2.lnk
    Supprimé! H:L’aspirateur Exposé de technologie 4e6.lnk
    Supprimé! H:Évolution d’un objet technique aspi.lnk
    Supprimé! H:Option littérature et société.lnk
    Supprimé! H:le vampire MPS.lnk
    Supprimé! H:dist.lnk
    Supprimé! H:Mes Documents USB.lnk
    Supprimé! H:Photos voyage Angleterre.lnk
    Supprimé! H:Anglais.lnk
    Supprimé! H:Noémie.lnk

    (!) Fichiers temporaires supprimés.

    ################## | Registre |

    Réparé ! HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced|Start_ShowPrinters -> 1
    Supprimé! HKUS-1-5-21-2704428714-541136749-3450515838-1000SoftwareMicrosoftWindowsCurrentVersionRun|SURVIVAL
    Supprimé! HKUS-1-5-21-2704428714-541136749-3450515838-1000Software….Mountpoints2{7a50cfa0-de33-11e1-b258-00238b7a2958}
    Supprimé! HKUS-1-5-21-2704428714-541136749-3450515838-1000Software….Mountpoints2{b0e4d27d-d693-11de-9ec5-00238b7a2958}
    Supprimé! HKUS-1-5-21-2704428714-541136749-3450515838-1000Software….Mountpoints2{c15bc3ae-8a85-11df-ba8d-00238b7a2958}

    ################## | Listing |

    [16/05/2009 – 18:39:27 | SHD] – C:$RECYCLE.BIN
    [18/09/2006 – 22:43:36 | A | 0 Ko] – C:autoexec.bat
    [30/08/2010 – 01:23:14 | D] – C:BigFishGamesCache
    [21/01/2009 – 09:06:57 | SHD] – C:boot
    [21/01/2008 – 03:24:42 | RASH | 325 Ko] – C:bootmgr
    [18/09/2006 – 22:43:37 | N | 0 Ko] – C:config.sys
    [02/11/2006 – 14:02:03 | SHD] – C:Documents and Settings
    [07/06/2011 – 21:17:07 | D] – C:Facemoi
    [05/01/2014 – 15:13:07 | ASH | 3140832 Ko] – C:hiberfil.sys
    [16/05/2009 – 18:29:10 | D] – C:HP
    [20/01/2009 – 23:17:16 | RHD] – C:MSOCache
    [23/12/2009 – 17:50:27 | D] – C:My Music
    [05/01/2014 – 15:13:05 | ASH | 3449284 Ko] – C:pagefile.sys
    [21/01/2008 – 03:32:31 | D] – C:PerfLogs
    [22/09/2010 – 16:08:34 | D] – C:Phylogene
    [05/01/2014 – 17:05:11 | D] – C:Program Files
    [05/01/2014 – 17:04:22 | HD] – C:ProgramData
    [15/09/2009 – 10:15:42 | D] – C:SWSetup
    [05/01/2014 – 16:18:06 | SHD] – C:System Volume Information
    [16/05/2009 – 18:29:43 | D] – C:System.sav
    [19/12/2010 – 21:39:48 | D] – C:Temp
    [05/01/2014 – 18:17:57 | D] – C:UsbFix
    [05/01/2014 – 18:24:19 | A | 12 Ko | F6C0CC3D6313A93E507374031AB06A8E] – C:UsbFix [Clean 1] 16MAI2009.txt
    [05/01/2014 – 17:32:46 | N | 16 Ko | 4D025C57F5AA6D30B261BCEC8A530910] – C:UsbFix [Scan 2] 16MAI2009.txt
    [16/05/2009 – 18:27:38 | D] – C:Users
    [01/01/2014 – 01:27:07 | D] – C:Windows
    [16/05/2009 – 18:39:27 | SHD] – D:$RECYCLE.BIN
    [05/01/2014 – 17:30:37 | RASHD] – D:Autorun.inf
    [16/05/2009 – 18:28:28 | N | 0 Ko] – D:BLOCK.RIN
    [13/01/2009 – 06:05:33 | RSHD] – D:boot
    [03/10/2006 – 22:02:44 | SH | 428 Ko] – D:bootmgr
    [04/11/2008 – 16:37:42 | SH | 1 Ko] – D:Desktop.ini
    [10/09/2002 – 15:14:28 | N | 8 Ko] – D:Folder.htt
    [13/01/2009 – 06:05:50 | D] – D:HP
    [05/01/2014 – 15:16:07 | N | 0 Ko] – D:MASTER.LOG
    [13/01/2009 – 06:05:43 | RSHD] – D:PRELOAD
    [12/09/2008 – 16:17:38 | SH | 373 Ko] – D:protect.arabic
    [15/09/2008 – 14:57:58 | SH | 178 Ko] – D:protect.bulgarian
    [16/09/2002 – 13:37:48 | SH | 178 Ko] – D:protect.chinese hong kong
    [16/09/2002 – 13:37:40 | SH | 178 Ko] – D:protect.chinese simplified
    [16/09/2002 – 13:37:48 | SH | 178 Ko] – D:protect.chinese traditional
    [27/04/2006 – 15:19:40 | SH | 178 Ko] – D:protect.czech
    [03/11/2005 – 14:21:26 | SH | 177 Ko] – D:protect.danish
    [10/09/2002 – 12:56:12 | SH | 177 Ko] – D:protect.dutch
    [10/09/2002 – 12:50:18 | SH | 177 Ko] – D:protect.ed
    [22/11/2004 – 14:28:30 | SH | 177 Ko] – D:protect.english
    [03/11/2005 – 14:20:20 | SH | 177 Ko] – D:protect.finnish
    [03/11/2005 – 14:19:52 | SH | 177 Ko] – D:protect.french
    [03/11/2005 – 14:18:10 | SH | 177 Ko] – D:protect.german
    [23/11/2005 – 14:56:46 | SH | 178 Ko] – D:protect.greek
    [23/01/2006 – 08:18:00 | SH | 178 Ko] – D:protect.hebrew
    [28/08/2007 – 13:58:08 | N | 177 Ko] – D:protect.hungarian
    [03/11/2005 – 14:17:00 | SH | 177 Ko] – D:protect.italian
    [19/06/2007 – 14:22:10 | SH | 178 Ko] – D:protect.japanese
    [24/11/2005 – 10:24:44 | SH | 213 Ko] – D:protect.korean
    [03/11/2005 – 14:15:12 | SH | 177 Ko] – D:protect.norwegian
    [25/04/2006 – 13:44:10 | SH | 178 Ko] – D:protect.polish
    [03/11/2005 – 14:13:12 | SH | 177 Ko] – D:protect.portuguese
    [27/10/2005 – 18:24:10 | SH | 178 Ko] – D:protect.portuguese brazilian
    [15/09/2008 – 14:57:54 | SH | 177 Ko] – D:protect.romanian
    [28/06/2004 – 07:52:46 | SH | 207 Ko] – D:protect.russian
    [04/07/2007 – 10:46:44 | SH | 178 Ko] – D:protect.slovak
    [03/11/2005 – 14:11:46 | SH | 177 Ko] – D:protect.spanish
    [10/09/2002 – 13:15:06 | SH | 177 Ko] – D:protect.swedish
    [12/08/2003 – 09:37:30 | SH | 178 Ko] – D:protect.turkish
    [13/01/2009 – 06:05:32 | RD] – D:RECOVERY
    [13/01/2009 – 06:05:41 | RSHD] – D:SOURCES
    [28/07/2009 – 09:59:30 | SHD] – D:System Volume Information
    [13/01/2009 – 06:05:49 | D] – D:Tools
    [13/01/2009 – 06:05:41 | D] – D:WINDOWS
    [27/09/2012 – 15:56:22 | N | 0 Ko] – F:.~lock.NeWs 2.odt#
    [20/12/2012 – 15:35:30 | D] – F:Mes Documents USB
    [01/01/1980 – 00:00:00 | D] – F:DVR
    [15/04/2013 – 18:13:32 | N | 0 Ko] – F:.~lock.image art plastique.odt#
    [04/01/2014 – 14:17:08 | N | 29 Ko] – F:le vampire MPS.odt
    [16/04/2013 – 19:02:28 | N | 0 Ko] – F:_disk_id.pod
    [17/11/2012 – 14:31:40 | D] – F:VIDEO
    [25/04/2013 – 15:29:54 | N | 0 Ko] – F:.~lock.svt expo diapo.odp#
    [05/01/2014 – 17:30:38 | RASHD] – F:Autorun.inf
    [04/01/2014 – 15:54:18 | N | 247 Ko] – F:MPS.odt
    [12/06/2013 – 18:39:38 | N | 0 Ko] – F:.~lock.manine wanted.odg#
    [25/12/2011 – 21:29:00 | N | 0 Ko] – F:.nmdsdcid
    [25/12/2011 – 21:29:00 | N | 0 Ko] – F:nmdsdcid
    [05/01/2014 – 17:30:38 | RASHD] – G:Autorun.inf
    [18/11/2013 – 19:49:42 | N | 89466 Ko] – G:MOV_0110.mp4
    [22/11/2013 – 14:27:46 | D] – G:Willy
    [26/11/2013 – 10:03:22 | N | 19 Ko] – G:Epreuve bureautique.docx
    [26/11/2013 – 10:03:32 | N | 104 Ko] – G:Epreuve bureautique.pptx
    [27/11/2013 – 11:35:08 | N | 758 Ko] – G:IMG.pdf
    [27/11/2013 – 11:36:02 | N | 756 Ko] – G:IMG_0001.pdf
    [27/11/2013 – 11:36:52 | N | 1025 Ko] – G:IMG_0002.pdf
    [27/11/2013 – 11:37:36 | N | 1021 Ko] – G:IMG_0003.pdf
    [27/11/2013 – 11:41:06 | N | 1005 Ko] – G:IMG_0004.pdf
    [27/11/2013 – 11:41:58 | N | 1002 Ko] – G:IMG_0005.pdf
    [27/11/2013 – 11:42:44 | N | 759 Ko] – G:IMG_0006.pdf
    [27/11/2013 – 11:43:26 | N | 786 Ko] – G:IMG_0007.pdf
    [07/04/2012 – 14:37:14 | N | 3212 Ko] – G: (4).JPG
    [17/12/2012 – 08:55:56 | N | 18742 Ko] – G:6- Scanner 8 décembre bis.ppt
    [15/12/2013 – 13:14:48 | D] – G:Photos à imprimer
    [21/12/2013 – 14:07:26 | N | 1789 Ko] – G:Vrai cadeau annie.jpg
    [13/09/2013 – 19:21:18 | D] – G:20 ans Marine (2013)
    [27/12/2013 – 12:50:50 | D] – G:Welcome Back Marine (26 décembre 2013)
    [25/05/2009 – 13:25:26 | D] – H:dist
    [29/04/2009 – 18:15:38 | N | 35 Ko | 72BCE17F4B3ED98DE586B6B7958D7239] – H:licence.txt
    [25/05/2009 – 13:49:06 | D] – H:Mes Documents USB
    [10/04/2009 – 11:33:14 | N | 7 Ko] – H:mostick.ico
    [26/01/2010 – 11:05:12 | N | 11 Ko] – H:la géothermie.doc
    [15/06/2011 – 19:45:32 | D] – H:Photos voyage Angleterre
    [17/06/2011 – 21:27:38 | N | 6317 Ko] – H:Pictures of London ?.ppt
    [03/10/2011 – 10:11:46 | D] – H:Anglais
    [09/10/2011 – 13:48:40 | N | 10 Ko] – H:The koala from A to Z..wps
    [09/10/2011 – 15:45:12 | N | 2569 Ko] – H:photo de koala exposé 2.wps
    [18/01/2012 – 19:26:54 | N | 743 Ko] – H:L’aspirateur Exposé de technologie 4e6.wps
    [10/11/2011 – 17:04:08 | N | 140 Ko] – H:Évolution d’un objet technique aspi.ppt
    [05/01/2012 – 11:32:16 | D] – H:Noémie
    [28/11/2012 – 10:13:16 | N | 2 Ko] – H:Option littérature et société.htm
    [18/12/2013 – 16:18:20 | N | 33 Ko] – H:le vampire MPS.odt
    [05/01/2014 – 17:32:48 | RASHD] – H:Autorun.inf

    ################## | Vaccin |

    D:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    G:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
    H:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.usbfix.net » onclick= »window.open(this.href);return false; – http://www.sosvirus.net » onclick= »window.open(this.href);return false; |

    billmaximebillmaxime
    Modérateur
    Nombre d'articles : 1402

    re

    ok, on va faire 1 diagnostic de ton pc afin de voir si tout est ok :P:

    fais ceci et poste le rapport s’il te plaît

    • Télécharge ZHPDiag (de Nicolas Coolman) sur ton bureau.
    • Installe le logiciel.
    • Lance ZHPDiag, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Clique sur Configurer
    • Clique sur l’icône représentant une loupe avec un + (« Lancer le diagnostic »)

      Note : Ne pas fermer le programme même si il est indiqué qu’il ne répond plus.

    • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPDiag.txt à été créé.
    • Héberge le rapport ZHPDiag.txt sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum

    :merci2:

    Marine14
    Participant
    Nombre d'articles : 34

    Voilà le rapport :
    ~ Rapport de ZHPDiag v2014.1.2.5 – Nicolas Coolman (02/01/2014)
    ~ Lancé par Maarine (05/01/2014 18:32:10)
    ~ Adresse du Site Web http://nicolascoolman.webs.com » onclick= »window.open(this.href);return false;
    ~ Forums gratuits d’Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/ » onclick= »window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version :
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Activate by user

    —\ Navigateurs Internet
    MSIE: Internet Explorer v8.0.6001.19088
    GCIE: Google Chrome v31.0.1650.63 (Defaut)
    OBIE: Safari v5.33.21.1

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows Vista (TM) Home Premium, 32-bit Service Pack 1 (Build 6001)
    Windows Server License Manager Script : OK
    ~ Vista, OEM_SLP channel
    System Locked Preinstallation (OEM_SLP) : OK
    Windows ID Activation : OK
    ~ Windows Partial Key : WQD8Q
    Windows License : OK
    Windows Automatic Updates : OK

    —\ Logiciels de protection du système
    avast! Free Antivirus v9.0.2011
    Norton Internet Security v16.0.0.125

    —\ Logiciels d’optimisation du système

    —\ Logiciels de partage PeerToPeer

    —\ Surveillance de Logiciels
    Adobe Flash Player 10 Plugin
    Adobe Reader X – Français

    —\ Informations sur le système
    ~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
    ~ Operating System: 32 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 3068 MB (46% free)
    System Restore: Activé (Enable)
    System drive C: has 42 GB (18%) free of 222 GB

    —\ Mode de connexion au système
    ~ Computer Name: 16MAI2009
    ~ User Name: Maarine
    ~ All Users Names: Maarine, Administrateur,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Variables d’environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:UsersMaarineAppDataRoamingZHP
    ~ %AppData% : C:UsersMaarineAppDataRoaming
    ~ %Desktop% : C:UsersMaarineDesktop
    ~ %Favorites% : C:UsersMaarineFavorites
    ~ %LocalAppData% : C:UsersMaarineAppDataLocal
    ~ %StartMenu% : C:UsersMaarineAppDataRoamingMicrosoftWindowsStart Menu
    ~ %Windir% : C:Windows
    ~ %System% : C:WindowsSystem32

    —\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 42 Go of 222 Go)
    D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 11 Go)
    E: CD-ROM drive (Not Inserted)
    F: Floppy drive, Flash card reader, USB Key (Free 3 Go of 4 Go)
    G: Floppy drive, Flash card reader, USB Key (Free 2 Go of 4 Go)
    H: Floppy drive, Flash card reader, USB Key (Free 3 Go of 4 Go)

    —\ Etat du Centre de Sécurité Windows
    ~ Security Center: 38 Legitimates Filtered in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.4F554999D7D5F05DAAEBBA7B5BA1089D] – (.Microsoft Corporation – Explorateur Windows.) (.29/10/2008 – 07:29:41.) — C:WindowsExplorer.exe [2927104]
    [MD5.101BA3EA053480BB5D957EF37C06B5ED] – (.Microsoft Corporation – Application de démarrage de Windows.) (.21/01/2008 – 03:23:42.) — C:WindowsSystem32Wininit.exe [96768]
    [MD5.DE4685DE5130039FA63DA66C0F72F787] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.28/05/2011 – 07:08:58.) — C:WindowsSystem32wininet.dll [916480]
    [MD5.C2610B6BDBEFC053BBDAB4F1B965CB24] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.21/01/2008 – 03:24:49.) — C:WindowsSystem32Winlogon.exe [314880]
    [MD5.48EB99503533C27AC6135648E5474457] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.21/04/2011 – 14:16:42.) — C:Windowssystem32DriversAFD.sys [273408]
    [MD5.9C0E70031905ADBF94EDB9EA14AF943B] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.21/01/2009 – 06:37:49.) — C:Windowssystem32Driversatapi.sys [21560]
    [MD5.7ADD03E75BEB9E6DD102C3081D29840A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.21/01/2008 – 03:23:51.) — C:Windowssystem32DriversCdfs.sys [70144]
    [MD5.1EC25CEA0DE6AC4718BF89F9E1778B57] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.21/01/2008 – 03:23:02.) — C:Windowssystem32DriversCdrom.sys [67072]
    [MD5.A3E9FA213F443AC77C7746119D13FEEC] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.14/04/2011 – 15:24:14.) — C:Windowssystem32DriversDfsC.sys [75264]
    [MD5.C87B1EE051C0464491C1A7B03FA0BC99] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.21/01/2008 – 03:23:22.) — C:Windowssystem32DriversHDAudBus.sys [53760]
    [MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] – (.Microsoft Corporation – Pilote de port i8042.) (.21/01/2008 – 03:23:20.) — C:Windowssystem32Driversi8042prt.sys [54784]
    [MD5.8793643A67B42CEC66490B2A0CF92D68] – (.Microsoft Corporation – IP Network Address Translator.) (.21/01/2008 – 03:24:25.) — C:Windowssystem32DriversIpNat.sys [100864]
    [MD5.5734A0F2BE7E495F7D3ED6EFD4B9F5A1] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.29/04/2011 – 13:49:35.) — C:Windowssystem32DriversMRxSmb.sys [105984]
    [MD5.7C5FEE5B1C5728507CD96FB4A13E7A02] – (.Microsoft Corporation – MBT Transport driver.) (.21/01/2008 – 03:24:59.) — C:Windowssystem32DriversnetBT.sys [184320]
    [MD5.B4EFFE29EB4F15538FD8A9681108492D] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.21/01/2008 – 03:23:51.) — C:Windowssystem32Driversntfs.sys [1081912]
    [MD5.0FA9B5055484649D63C303FE404E5F4D] – (.Microsoft Corporation – Pilote de port parallèle.) (.02/11/2006 – 09:51:30.) — C:Windowssystem32DriversParport.sys [79360]
    [MD5.A214ADBAF4CB47DD2728859EF31F26B0] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.21/01/2008 – 03:24:55.) — C:Windowssystem32DriversRasl2tp.sys [76288]
    [MD5.FBC0BACD9C3D7F6956853F64A66E252D] – (.Microsoft Corporation – Microsoft RDP Device redirector.) (.21/01/2008 – 03:23:01.) — C:Windowssystem32Driversrdpdr.sys [248832]
    [MD5.031E6BCD53C9B2B9ACE111EAFEC347B6] – (.Microsoft Corporation – SMB Transport driver.) (.21/01/2008 – 03:25:00.) — C:Windowssystem32Driverssmb.sys [66560]
    [MD5.D09276B1FAB033CE1D40DCBDF303D10F] – (.Microsoft Corporation – TDI Translation Driver.) (.21/01/2008 – 03:24:53.) — C:Windowssystem32Driverstdx.sys [71680]
    [MD5.D8B4A53DD2769F226B3EB374374987C9] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.21/01/2008 – 03:23:21.) — C:Windowssystem32Driversvolsnap.sys [227896]
    ~ Generic Processes: Scanned in 00mn 01s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes images (My Pictures) : 1/16556
    ~ Mes musiques (My Musics) : 177/1621
    ~ Mes Videos (My Videos) : 1/14
    ~ Mes Favoris (My Favorites) : 1/120
    ~ Mes Documents (My Documents) : 1/5262
    ~ Mon Bureau (My Desktop) : 1/35
    ~ Menu demarrer (Programs) : 1/52
    ~ Hidden Files: Scanned in 00mn 07s

    —\ Processus lancés
    [MD5.AFEBF9E0B223FF04709F747C172D3540] – (.AVAST Software – avast! Antivirus.) — C:Program FilesAlwil SoftwareAvast5AvastUI.exe [3764024] [PID.2656]
    [MD5.7F0D8AD2737CA7B060E2A5605911C627] – (.Elex do Brasil Participações Ltda – YACTray.) — C:Program FilesiSafeiSafeTray.exe [599208] [PID.5996] =>Trojan.Staser
    [MD5.4B555106290BD117334E9A08761C035A] – (…) — ystem32rundll32.exe [0] [PID.11520]
    [MD5.376A9B411BF8B77D5BF84B24D0C7DACD] – (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe [863184] [PID.1244]
    [MD5.486BDC196F8914845302745A15310D62] – (.Nicolas Coolman – ZHPDiag.) — C:Program FilesZHPDiagZHPDiag.exe [8321024] [PID.8532]
    [MD5.D74884939D53612FD84AC82C59CCFE27] – (.AVAST Software – avast! Service.) — C:Program FilesAlwil SoftwareAvast5AvastSvc.exe [50344] [PID.1896]
    [MD5.2CDEAF8465CB05935EDA05759D3ADE64] – (.Elex do Brasil Participações Ltda – iSafeSvc.) — C:Program FilesiSafeiSafeSvc.exe [491688] [PID.4952] =>Trojan.Staser
    [MD5.14F2561F6B77D7524F7D3C589DDA7BF0] – (.Elex do Brasil Participações Ltda – iSafeSvc2.) — C:Program FilesiSafeiSafeSvc2.exe [777384] [PID.5256] =>Trojan.Staser
    [MD5.834A990F60FDEA9152202C4D6DC84A31] – (…) — C:Program FilesBizzyboltupdateBizzybolt.exe [66848] [PID.3480] =>PUP.Bizzybolt
    [MD5.A19B0BB5A7EB6DF2DD4A0711D36955EE] – (.Hewlett-Packard – HP Health Check Service.) — c:Program FilesHewlett-PackardHP Health Checkhphc_service.exe [94208] [PID.2388]
    [MD5.0BA91E1358AD25236863039BB2609A2E] – (.Microsoft Corporation – Service de gestion des licences Microsoft.) — C:Windowssystem32SLsvc.exe [2623488] [PID.9056]
    [MD5.5DAF7081A4BB112FA3F1915819330A3E] – (…) — C:Program FilesZHPDiagpv.exe [61440] [PID.0]
    ~ Processes Running: Scanned in 00mn 01s

    —\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
    C:UsersMaarineAppDataLocalGoogleChromeUser DataDefaultPreferences
    G1 – GCS: Preference [User DataDefault] http://www.nationzoom.com » onclick= »window.open(this.href);return false; =>Hijacker.NationZoom
    G2 – GCE: Preference [User DataDefault] [alelhddbbhepgpmgidjdcjakblofbmce] Superbe capture d’u00C3u00A9cran : capturer et annoter v.3.5.10, (Activé)
    G2 – GCE: Preference [User DataDefault] [bjeikeheijdjdfjbmknpefojickbkmom] Offerbox v.2.1.3600.135 (Désactivé) =>PUP.OfferBox
    G2 – GCE: Preference [User DataDefault] [dgbjdgnkkchgleommaaapafcigjjbnmg] Bizzybolt v.1.0.0 (Activé) =>PUP.Bizzybolt
    G2 – GCE: Preference [User DataDefault] [dhdppnagkklahjmblgdojadgbiffhejd] Deeal_fr 0.2 v.1.25.52, (Activé)
    G2 – GCE: Preference [User DataDefault] [dpicnlijpdlebkhpegfenfjpglinfdhm] OfferBox v.5.1.2514.23 (Désactivé) =>PUP.OfferBox
    G2 – GCE: Preference [User DataDefault] [eidogommnbbcgnhfjkcgjnlonijjhmjl] SocialPlus! v.2.5.4 (Désactivé)
    G2 – GCE: Preference [User DataDefault] [enggflalpipaefdpfehdcbmklnbhndfn] VDM – viedemerde.fr RSS Viewer v.1.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [faminaibgiklngmfpfbhmokfmnglamcm] PanicButton v.0.14.2.2 (Activé)
    G2 – GCE: Preference [User DataDefault] [gebbadcnkcgcfgpbmcdleckpejgopimf] cacaoweb v.1.18 (Activé) =>PUP.CacaoWeb
    G2 – GCE: Preference [User DataDefault] [gjoijgcajekmbkdmpijbkdilkddokojp] Super Mario 2 v.0.3.0.0 (Désactivé)
    G2 – GCE: Preference [User DataDefault] [gliedaffibdnbhbiaolgkdhhfbjgmhgi] Dots v.1.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [ieacoaafajmkiffjfagoekhjjbdhbojp] Super Mario v.0.6.2.0 (Désactivé)
    G2 – GCE: Preference [User DataDefault] [ifohbjbgfchkkfhphahclmkpgejiplfo] Lightning Newtab v.1.1.7.9, (Activé) =>PUP.Elex
    G2 – GCE: Preference [User DataDefault] [ihflimipbcaljfnojhhknppphnnciiif] Facemoods v.1.2.1 (Désactivé) =>Adware.Facemoods
    G2 – GCE: Preference [User DataDefault] [iknffkmlbmmhbnfhfnpopiembeecpokj] Facemoi v.2.3.0 (Désactivé) =>PUP.Facemoi
    G2 – GCE: Preference [User DataDefault] [kbjlipmgfoamgjaogmbihaffnpkpjajp] Bubble Dock v.1.0.0.130 (Désactivé) =>PUP.BubbleDock
    G2 – GCE: Preference [User DataDefault] [khcceooakamlehbimaepcldnnlnkcmfk] SaveSense v.3.5.0.0 (Activé) =>PUP.SaveSense
    G2 – GCE: Preference [User DataDefault] [kngejcchcedjdemdaeneneeahmjnpaec] Interest Recognizer for Moovida v.3.4.1545.153 (Désactivé) =>Adware.SPointer
    G2 – GCE: Preference [User DataDefault] [leahdjjpjmnamomgpojikeapflgbmjab] cacaoweb v.1.16 (Activé) =>PUP.CacaoWeb
    G2 – GCE: Preference [User DataDefault] [licjnkifamhpbaefhdpacpmihicfbomb] PricePeep v.2.2.0.7 (Activé) =>Adware.PricePeep
    G2 – GCE: Preference [User DataDefault] [nmmhkkegccagdldgiimedpiccmgmieda] Googleu00C2 Wallet v.0.0.6.0 (Activé)
    ~ Google Browser: 33 Legitimates Filtered in 00mn 03s

    —\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
    P2 – FPN: [HKLM] [@t-immersion.com/DFusionHomeWebPlugIn] – (.Total Immersion – D’Fusion @Home Web Plug-In (2.30.11563.0).) — C:Program FilesTotal ImmersionDFusionHomeWebPlugInNPDFusionWebFirefox.dll
    ~ Firefox Browser: 17 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
    R0 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.nationzoom.com » onclick= »window.open(this.href);return false; =>Hijacker.NationZoom
    R0 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.nationzoom.com » onclick= »window.open(this.href);return false; =>Hijacker.NationZoom
    R1 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Search Page = http://feed.snapdo.com » onclick= »window.open(this.href);return false; =>Hijacker.SmartBar
    R1 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.nationzoom.com » onclick= »window.open(this.href);return false; =>Hijacker.NationZoom
    R1 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.nationzoom.com » onclick= »window.open(this.href);return false; =>Hijacker.NationZoom
    R1 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Search Bar = http://feed.snapdo.com » onclick= »window.open(this.href);return false; =>Hijacker.SmartBar
    R1 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Search Page = http://www.nationzoom.com » onclick= »window.open(this.href);return false; =>Hijacker.NationZoom
    R1 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.nationzoom.com » onclick= »window.open(this.href);return false; =>Hijacker.NationZoom
    R1 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.nationzoom.com » onclick= »window.open(this.href);return false; =>Hijacker.NationZoom
    R1 – HKCUSOFTWAREMicrosoftInternet ExplorerSearch,Default_Search_URL = http://feed.snapdo.com » onclick= »window.open(this.href);return false; =>Hijacker.SmartBar
    R1 – HKCUSOFTWAREMicrosoftInternet ExplorerSearch,SearchAssistant = http://feed.snapdo.com » onclick= »window.open(this.href);return false; =>Hijacker.SmartBar
    R1 – HKLMSOFTWAREMicrosoftInternet ExplorerSearch,SearchAssistant = http://fr.gdark.com » onclick= »window.open(this.href);return false;
    ~ IE Browser: 20 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:Windowssystem32Userinit.exe,
    F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
    F2 – REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL « sysdm.cpl »
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 00s
    ~ Nombre de lignes (Lines number): 20

    —\ Browser Helper Objects de navigateur (O2)
    O2 – BHO: SaveSense – {0f21b1e5-5afc-43c9-9c66-515046e92ec2} . (.SaveSense – SaveSense for IE.) — C:Program FilesSaveSenseSaveSenseIE.dll =>PUP.SaveSense
    O2 – BHO: CrossriderApp0043960 – {11111111-1111-1111-1111-110411391160} . (.Corporate Inc – Deeal_fr 0.2 BHO.) — C:Program FilesDeeal_fr 0.2Deeal_fr 0.2-bho.dll =>PUP.CrossRider
    O2 – BHO: Bizzybolt – {13070af0-bc6c-4185-8baa-40a4cf05b323} . (.Bizzybolt – Bizzybolt.) — C:Program FilesBizzyboltBizzyboltbho.dll =>PUP.Bizzybolt
    O2 – BHO: PriceGong – {1631550F-191D-4826-B069-D9439253D926} . (.PriceGong – PriceGong Comparative Shopping Tool.) — C:Program FilesPriceGong2.5.0PriceGongIE.dll =>Adware.PriceGong
    O2 – BHO: ShoppingReport2 – {258C9770-1713-4021-8D7E-1F184A2BD754} . (.SmartShopper Networks – Pas de description.) — C:Program FilesShoppingReport2Bin2.7.34ShoppingReport.dll =>Adware.ShoppingReport
    O2 – BHO: AOL Toolbar BHO – {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} . (.AOL LLC – AOL IE Toolbar Dynamic Link Library.) — C:Program FilesAOLAOL Toolbar 5.0aoltb.dll
    O2 – BHO: (no name) – {84FF7BD6-B47F-46F8-9130-01B2696B36CB} Clé orpheline
    O2 – BHO: Interest recogniser for Moovida (powered by Spointer) – {E2A7BD67-0EAF-497f-B05B-748D7BF3C421} . (.Moovida – Interest Recognizer for Moovida.) — C:Program FilesFluendoMoovidaspointerextensionsmoovida_air_ie.dll =>Adware.SPointer
    O2 – BHO: jeuxob.fr Toolbar – {f78e6501-b9de-48b9-b86c-6da8542ccc4e} . (.Conduit Ltd. – Conduit Toolbar.) — C:Program Filesjeuxob.frtbjeux.dll =>Toolbar.Conduit
    O2 – BHO: OfferBox – {FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C} . (.Secure Digital Services Limited – OfferBox.) — C:Program FilesOfferBoxOfferBoxBHO.dll =>Adware.SPointer
    O2 – BHO: PricePeep – {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} . (.PricePeep – PricePeep.) — C:Program FilesPricePeeppricepeep.dll =>Adware.PricePeep
    ~ BHO: 46 Legitimates Filtered in 00mn 01s

    —\ Internet Explorer Toolbars (O3)
    O3 – Toolbar: AOL Toolbar – [HKLM]{DE9C389F-3316-41A7-809B-AA305ED9D922} . (.AOL LLC – AOL IE Toolbar Dynamic Link Library.) — C:Program FilesAOLAOL Toolbar 5.0aoltb.dll
    O3 – Toolbar: Hotbar – [HKLM]{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} . (.Pinball Corporation. – Hotbar.) — C:Program FilesHotbarbin11.0.78.0HostIE.dll
    O3 – Toolbar: facemoods Toolbar – [HKLM]{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} . (…) — C:Program Filesfacemoods.comfacemoods1.4.17.3facemoodsTlbr.dll =>Adware.Facemoods
    O3 – Toolbar: jeuxob.fr Toolbar – [HKLM]{f78e6501-b9de-48b9-b86c-6da8542ccc4e} . (.Conduit Ltd. – Conduit Toolbar.) — C:Program Filesjeuxob.frtbjeux.dll =>Toolbar.Conduit
    O3 – Toolbar: Google Toolbar – [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. – Google Toolbar.) — C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll =>Toolbar.Google
    O3 – Toolbar: avast! Online Security – [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software – IE Webrep plugin.) — C:Program FilesAlwil SoftwareAvast5aswWebRepIE.dll
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{DE9C389F-3316-41A7-809B-AA305ED9D922} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{F2CF5485-4E02-4F68-819C-B92DE9277049} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{F78E6501-B9DE-48B9-B86C-6DA8542CCC4E} Clé orpheline
    ~ Toolbar: Scanned in 00mn 00s

    —\ Autres liens utilisateurs (O4)
    O4 – GSDesktop [Public]: Aide et Support d’HP.lnk . (.Hewlett-Packard – HPHS Launcher.) — C:WindowsHelpOEMscriptsHPHS_Launcher.exe
    O4 – GSDesktop [Public]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe http://www.nationzoom.com » onclick= »window.open(this.href);return false; =>Hijacker.NationZoom
    O4 – GSDesktop [Public]: Guitar Pro 6.lnk . (…) — C:Program FilesGuitar Pro 6GuitarPro.exe
    O4 – GSDesktop [Public]: HP MediaSmart.lnk . (…) — C:WindowsInstaller{A7AC8E69-01FF-494E-9A2C-423B82CEA604}_E26E59D8354615EA55556B.exe
    O4 – GSDesktop [Public]: HP Total Care Advisor.lnk . (.Hewlett-Packard – HP Advisor.) — C:Program FilesHewlett-PackardHP AdvisorHPAdvisor.exe
    O4 – GSDesktop [Public]: Jeux et musique gratuits.lnk . (…) — C:Program FilesRealRealPlayerfreeoffers.rnx
    O4 – GSDesktop [Public]: Moovida.lnk . (.Fluendo Embedded – Moovida.) — C:Program FilesFluendoMoovidaMoovida.exe =>Adware.SPointer
    O4 – GSDesktop [Public]: More Great Games.lnk – Clé orpheline
    O4 – GSDesktop [Public]: My HP Games.lnk . (…) — C:Program FilesHP Gamesonplayonplay.exe
    O4 – GSDesktop [Public]: OpenOffice 4.0.1.lnk . (.Apache Software Foundation – OpenOffice 4.0.1.) — C:Program FilesOpenOffice 4programsoffice.exe
    O4 – GSDesktop [Public]: Phylogène.lnk . (.INRP – Pas de description.) — C:PhylogeneProgrammesPhylo.exe
    O4 – GSDesktop [Public]: Play Plants vs Zombies.lnk . (…) — C:Program FilesPlants vs ZombiesLaunchGame.bfg
    O4 – GSDesktop [Public]: PokerStars.fr.lnk . (.PokerStars – PokerStars Update.) — C:Program FilesPokerStars.FRPokerStarsUpdate.exe
    O4 – GSDesktop [Public]: Pour les enfants.lnk . (.EasyBits Software AS – For Kids.) — C:Program FilesEasyBits For KidsPromoezKidsReady.exe =>.EasyBits Software AS
    O4 – GSDesktop [Public]: Safari.lnk . (…) — C:WindowsInstaller{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}SafariIco.exe
    O4 – GSDesktop [Public]: YAC.lnk . (.Elex do Brasil Participações Ltda – iStart.) — C:Program FilesiSafeiStart.exe =>Trojan.Staser
    O4 – GSProgram [Public]: HP Total Care Advisor.lnk . (.Hewlett-Packard – HP Advisor.) — C:Program FilesHewlett-PackardHP AdvisorHPAdvisor.exe
    O4 – GSProgram [Public]: Moovida.lnk . (.Fluendo Embedded – Moovida.) — C:Program FilesFluendoMoovidaMoovida.exe =>Adware.SPointer
    O4 – GSProgram [Public]: More Great Games.lnk – Clé orpheline
    O4 – GSProgram [Public]: Navigateur OfferBox.lnk . (…) — C:Program FilesOfferBoxOfferBoxLauncher.exe (.not file.) =>PUP.OfferBox
    O4 – GSProgram [Public]: Pour les enfants.lnk . (.EasyBits Software AS – For Kids.) — C:Program FilesEasyBits For KidsPromoezKidsReady.exe =>.EasyBits Software AS
    O4 – GSProgram [Public]: Safari.lnk . (…) — C:WindowsInstaller{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}SafariIco.exe
    O4 – GSQuickLaunch [Maarine]: Apple Safari.lnk . (…) — C:WindowsInstaller{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}SafariIco.exe
    O4 – GSQuickLaunch [Maarine]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe http://www.nationzoom.com » onclick= »window.open(this.href);return false; =>Hijacker.NationZoom
    O4 – GSQuickLaunch [Maarine]: Guitar Pro 6.lnk . (…) — C:Program FilesGuitar Pro 6GuitarPro.exe
    O4 – GSQuickLaunch [Maarine]: HP MediaSmart Webcam.lnk . (.CyberLink Corp. – HP MediaSmart Webcam.) — C:Program FilesHewlett-PackardMediaWebcamHPMediaSmartWebcam.exe
    O4 – GSQuickLaunch [Maarine]: HP MediaSmart.lnk . (…) — C:WindowsInstaller{A7AC8E69-01FF-494E-9A2C-423B82CEA604}_3D6C77F60D97007F65EA64.exe
    O4 – GSQuickLaunch [Maarine]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe http://www.nationzoom.com » onclick= »window.open(this.href);return false; =>Hijacker.NationZoom
    O4 – GSQuickLaunch [Maarine]: PhotoScape.lnk . (…) — C:Program FilesPhotoScapePhotoScape.exe
    O4 – GSQuickLaunch [Maarine]: PokerStars.fr.lnk . (.PokerStars – PokerStars Update.) — C:Program FilesPokerStars.FRPokerStarsUpdate.exe
    O4 – GSProgram [Maarine]: Create Amazing Presentations.lnk – Clé orpheline
    O4 – GSProgram [Maarine]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe http://www.nationzoom.com » onclick= »window.open(this.href);return false; =>Hijacker.NationZoom
    O4 – GSProgram [Maarine]: Lollipop.lnk . (…) — C:UsersMaarineAppDataLocalLollipopLollipop.exe =>Adware.Lollipop
    O4 – GSSystemTools [Maarine]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe http://www.nationzoom.com » onclick= »window.open(this.href);return false; =>Hijacker.NationZoom
    O4 – GSDesktop [Maarine]: Create Amazing Presentations.lnk – Clé orpheline
    O4 – GSDesktop [Maarine]: Hôtel Mogul.lnk . (…) — C:Program FilesJeux.frHotel MogulHM.exe
    O4 – GSDesktop [Maarine]: Jane’s Zoo.lnk . (.Oberon Media Inc. – Game Launcher.) — C:Program FilesJeux.frJane’s ZooLaunch.exe
    O4 – GSDesktop [Maarine]: Jeux.fr.lnk – Clé orpheline
    O4 – GSDesktop [Maarine]: MPS.lnk . (.Microsoft Corporation – Interpréteur de commandes Windows.) — C:Windowssystem32cmd.exe =>.Microsoft Corporation
    O4 – GSDesktop [Maarine]: Objectif Examen.lnk . (.Macrovision Corporation – InstallShield.) — C:UsersMaarineAppDataRoamingMicrosoftInstaller{39853B6B-FA3D-4040-805D-957CE51C4D0D}Moto.exe1_39853B6BFA3D4040805D957CE51C4D0D.exe
    O4 – GSDesktop [Maarine]: Optimizer Pro.lnk . (.PC Utilities Pro – Optimizer Pro.) — C:Program FilesOptimizer ProOptimizerPro.exe =>PUP.OptimizerPro
    O4 – GSDesktop [Maarine]: PhotoScape.lnk . (…) — C:Program FilesPhotoScapePhotoScape.exe
    O4 – GSDesktop [Maarine]: StopPub.lnk . (…) — C:Program FilesJCA2000StopPubStopPub.exe
    ~ Global Startup: 116 Legitimates Filtered in 00mn 01s

    —\ Applications lancées au démarrage du sytème (O4)
    O4 – GSStartup [Maarine]: Dropbox.lnk . (.Dropbox, Inc. – Dropbox.) — C:UsersMaarineAppDataRoamingDropboxbinDropbox.exe =>.Dropbox
    O4 – GSStartup [Maarine]: lollipop.lnk . (…) — C:UsersMaarineAppDataLocalLollipopLollipop.exe =>Adware.Lollipop
    O4 – GSStartup [Maarine]: PricePeepUpdater.lnk . (…) — C:Program FilesPricePeepPricePeepUpdater.exe =>Adware.PricePeep
    O4 – HKLM..Run: [StartCCC] . (.Advanced Micro Devices, Inc. – Catalyst® Control Center Launcher.) — C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe =>.Advanced Micro Devices, Inc
    O4 – HKLM..Run: [SynTPEnh] . (.Synaptics, Inc. – Synaptics TouchPad Enhancements.) — C:Program FilesSynapticsSynTPSynTPEnh.exe
    O4 – HKLM..Run: [SysTrayApp] . (.IDT, Inc. – IDT PC Audio.) — C:Program FilesIDTWDMsttray.exe
    O4 – HKLM..Run: [DVDAgent] . (.CyberLink Corp. – HP DVDSmart Resident Program.) — C:Program FilesHewlett-PackardMediaDVDDVDAgent.exe
    O4 – HKLM..Run: [TSMAgent] . (.CyberLink Corp. – CyberLink PowerCinema Resident Program.) — C:Program FilesHewlett-PackardTouchSmartMediaTSMAgent.exe
    O4 – HKLM..Run: [CLMLServer for HP TouchSmart] . (.CyberLink – CyberLink MediaLibray Service.) — C:Program FilesHewlett-PackardTouchSmartMediaKernelCLMLCLMLSvc.exe
    O4 – HKLM..Run: [UCam_Menu] . (.CyberLink Corp. – MUI StartMenu Application.) — C:Program FilesHewlett-PackardMediaWebcamMUITransferMUIStartMenu.exe
    O4 – HKLM..Run: [SmartMenu] . (.Hewlett-Packard – HP MediaSmart SmartMenu.) — C:Program FilesHewlett-PackardHP MediaSmartSmartMenu.exe
    O4 – HKLM..Run: [UpdateLBPShortCut] . (.CyberLink Corp. – StartMen Application.) — C:Program FilesCyberLinkLabelPrintMUITransferMUIStartMenu.exe
    O4 – HKLM..Run: [UpdatePSTShortCut] . (.CyberLink Corp. – MUI StartMenu Application.) — C:Program FilesCyberLinkDVD SuiteMUITransferMUIStartMenu.exe
    O4 – HKLM..Run: [Windows Defender] . (.Microsoft Corporation – Windows Defender User Interface.) — C:Program FilesWindows DefenderMSASCui.exe
    O4 – HKLM..Run: [QlbCtrl.exe] . (. Hewlett-Packard Development Company, L.P. – Quick Launch Buttons.) — C:Program FilesHewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe
    O4 – HKLM..Run: [UpdateP2GoShortCut] . (.CyberLink Corp. – MUI StartMenu Application.) — C:Program FilesCyberLinkPower2GoMUITransferMUIStartMenu.exe
    O4 – HKLM..Run: [UpdatePDIRShortCut] . (.CyberLink Corp. – StartMen Application.) — C:Program FilesCyberLinkPowerDirectorMUITransferMUIStartMenu.exe
    O4 – HKLM..Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. – Java(TM) Platform SE binary.) — C:Program FilesJavajre6binjusched.exe =>.Oracle Corporation
    O4 – HKLM..Run: [HP Health Check Scheduler] . (.Hewlett-Packard – HP Health Check Scheduler.) — c:Program FilesHewlett-PackardHP Health CheckHPHC_Scheduler.exe
    O4 – HKLM..Run: [HP Software Update] . (.Hewlett-Packard – hpwuSchd Application.) — C:Program FilesHpHP Software UpdateHPWuSchd2.exe =>.Hewlett-Packard Co
    O4 – HKLM..Run: [WirelessAssistant] . (.Hewlett-Packard – HP Wireless Assistant main program.) — C:Program FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe
    O4 – HKLM..Run: [Google Quick Search Box] . (.Google Inc. – Quick Search Box.) — C:Program FilesGoogleQuick Search BoxGoogleQuickSearchBox.exe
    O4 – HKLM..Run: [AppleSyncNotifier] . (.Apple Inc. – AppleSyncNotifier.) — C:Program FilesCommon FilesAppleMobile Device SupportAppleSyncNotifier.exe
    O4 – HKLM..Run: [TkBellExe] . (.RealNetworks, Inc. – RealNetworks Scheduler.) — C:Program FilesCommon FilesRealUpdate_OBrealsched.exe =>.RealNetworks, Inc
    O4 – HKLM..Run: [Nikon Transfer Monitor] . (.Nikon Corporation – Nikon Transfer Monitor.) — C:Program FilesCommon FilesNikonMonitorNkMonitor.exe
    O4 – HKLM..Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated – Adobe Acrobat SpeedLauncher.) — C:Program FilesAdobeReader 10.0ReaderReader_sl.exe
    O4 – HKLM..Run: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
    O4 – HKLM..Run: [QuickTime Task] . (.Apple Inc. – QuickTime Task.) — C:Program FilesQuickTimeQTTask.exe
    O4 – HKLM..Run: [facemoods] C:Program Filesfacemoods.comfacemoods1.4.17.3facemoodssrv.exe (.not file.) =>Adware.Facemoods
    O4 – HKLM..Run: [Facemoi] . (.Pas de propriétaire – gm4ie MFC Application.) — c:Facemoifacemoi.exe =>PUP.Facemoi
    O4 – HKLM..Run: [iTunesHelper] . (.Apple Inc. – iTunesHelper.) — C:Program FilesiTunesiTunesHelper.exe
    O4 – HKLM..Run: [AvastUI.exe] . (.AVAST Software – avast! Antivirus.) — C:Program FilesAlwil SoftwareAvast5AvastUI.exe
    O4 – HKLM..RunOnce: [Del6273439] . (.Microsoft Corporation – Interpréteur de commandes Windows.) — C:WindowsSystem32cmd.exe =>.Microsoft Corporation
    O4 – HKCU..Run: [LightScribe Control Panel] . (.Hewlett-Packard Company – Pas de description.) — C:Program FilesCommon FilesLightScribeLightScribeControlPanel.exe
    O4 – HKCU..Run: [HPAdvisor] . (.Hewlett-Packard – HP Advisor.) — C:Program FilesHewlett-PackardHP AdvisorHPAdvisor.exe
    O4 – HKCU..Run: [msnmsgr] . (.Microsoft Corporation – Windows Live Messenger.) — C:Program FilesWindows LiveMessengermsnmsgr.exe
    O4 – HKCU..Run: [swg] . (.Google Inc. – GoogleToolbarNotifier.) — C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe =>Toolbar.Google
    O4 – HKCU..Run: [xgqbc] c:usersmaarineappdatalocalxgqbc.exe (.not file.)
    O4 – HKCU..Run: [GM4IE] . (.Pas de propriétaire – gm4ie MFC Application.) — C:Facemoifacemoi.exe =>PUP.Facemoi
    O4 – HKCU..Run: [WMPNSCFG] . (.Microsoft Corporation – Application de configuration du service Par.) — C:Program FilesWindows Media PlayerWMPNSCFG.exe =>.Microsoft Corporation
    O4 – HKCU..Run: [cacaoweb] . (…) — C:UsersMaarineAppDataRoamingcacaowebcacaoweb.exe =>PUP.CacaoWeb
    O4 – HKCU..Run: [Bubble Dock] . (.Nosibay – Bubble Dock.) — C:UsersMaarineAppDataRoamingNosibayBubble DockLBubble Dock.exe =>PUP.BubbleDock
    O4 – HKCU..Run: [Optimizer Pro] . (…) — C:Program FilesOptimizer ProOptProLauncher.exe =>PUP.OptimizerPro
    O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Volet Windows.) — C:Program FilesWindows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-19..Run: [WindowsWelcomeCenter] Clé orpheline
    O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Volet Windows.) — C:Program FilesWindows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..Run: [WindowsWelcomeCenter] Clé orpheline
    O4 – HKUSS-1-5-21-2704428714-541136749-3450515838-1000..Run: [LightScribe Control Panel] . (.Hewlett-Packard Company – Pas de description.) — C:Program FilesCommon FilesLightScribeLightScribeControlPanel.exe
    O4 – HKUSS-1-5-21-2704428714-541136749-3450515838-1000..Run: [HPAdvisor] . (.Hewlett-Packard – HP Advisor.) — C:Program FilesHewlett-PackardHP AdvisorHPAdvisor.exe
    O4 – HKUSS-1-5-21-2704428714-541136749-3450515838-1000..Run: [msnmsgr] . (.Microsoft Corporation – Windows Live Messenger.) — C:Program FilesWindows LiveMessengermsnmsgr.exe
    O4 – HKUSS-1-5-21-2704428714-541136749-3450515838-1000..Run: [swg] . (.Google Inc. – GoogleToolbarNotifier.) — C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe =>Toolbar.Google
    O4 – HKUSS-1-5-21-2704428714-541136749-3450515838-1000..Run: [xgqbc] c:usersmaarineappdatalocalxgqbc.exe (.not file.)
    O4 – HKUSS-1-5-21-2704428714-541136749-3450515838-1000..Run: [GM4IE] . (.Pas de propriétaire – gm4ie MFC Application.) — C:Facemoifacemoi.exe =>PUP.Facemoi
    O4 – HKUSS-1-5-21-2704428714-541136749-3450515838-1000..Run: [WMPNSCFG] . (.Microsoft Corporation – Application de configuration du service Par.) — C:Program FilesWindows Media PlayerWMPNSCFG.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-2704428714-541136749-3450515838-1000..Run: [cacaoweb] . (…) — C:UsersMaarineAppDataRoamingcacaowebcacaoweb.exe =>PUP.CacaoWeb
    O4 – HKUSS-1-5-21-2704428714-541136749-3450515838-1000..Run: [Bubble Dock] . (.Nosibay – Bubble Dock.) — C:UsersMaarineAppDataRoamingNosibayBubble DockLBubble Dock.exe =>PUP.BubbleDock
    O4 – HKUSS-1-5-21-2704428714-541136749-3450515838-1000..Run: [Optimizer Pro] . (…) — C:Program FilesOptimizer ProOptProLauncher.exe =>PUP.OptimizerPro
    ~ Application: Scanned in 00mn 00s

    —\ Boutons situés sur la barre d’outils principale d’Internet Explorer (O9)
    O9 – Extra button: &Envoyer à OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation – Microsoft Office OneNote Internet Explorer Add-in.) — C:Program FilesMICROS~3Office12ONBttnIE.dll
    O9 – Extra button: PokerStars.fr – {90EAE591-7E7E-434a-8E28-ECFD00071806} — C:Program FilesPokerStars.FRmain.ico (.not file.)
    O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (…) — C:Program FilesMicrosoft OfficeOffice12REFBARH.ICO
    O9 – Extra button: ClickPotato – {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} . (.Pinball Corporation – ClickPotato.) — C:Program FilesClickPotatoLitebin10.0.668.0ClickPotatoLiteSABHO.dll =>Adware.ClickPotato
    O9 – Extra button: ShopperReports – Compare product prices – {DB38E21A-0133-419d-92AD-ECDFD5244D6D} . (.SmartShopper Networks – Pas de description.) — C:Program FilesShoppingReport2Bin2.7.34ShoppingReport.dll =>Adware.ShopperReports
    O9 – Extra button: ShopperReports – Compare travel rates – {EB620C54-E229-4942-87CE-E717109FC8C6} . (.SmartShopper Networks – Pas de description.) — C:Program FilesShoppingReport2Bin2.7.34ShoppingReport.dll =>Adware.ShopperReports
    ~ IE Extra Buttons: Scanned in 00mn 01s

    —\ Objets ActiveX (Downloaded Program Files)(O16)
    O16 – DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} ((no name)) – http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab » onclick= »window.open(this.href);return false;
    O16 – DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} ((no name)) – http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab » onclick= »window.open(this.href);return false; =>Adware.MyWebSearch
    O16 – DPF: {5D6F45B3-9043-443D-A792-115447494D24} ((no name)) – http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab » onclick= »window.open(this.href);return false;
    O16 – DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} ((no name)) – http://download.divx.com/player/DivXBrowserPlugin.cab » onclick= »window.open(this.href);return false;
    O16 – DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} ((no name)) – http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab » onclick= »window.open(this.href);return false;
    O16 – DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ((no name)) – http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab » onclick= »window.open(this.href);return false;
    O16 – DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} ((no name)) – http://game10.zylom.com/activex/zylomgamesplayer.cab » onclick= »window.open(this.href);return false;
    O16 – DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} ((no name)) – http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab » onclick= »window.open(this.href);return false;
    O16 – DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} ((no name)) – http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldfr-fr.cab » onclick= »window.open(this.href);return false;
    ~ Objets ActiveX: Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{79D624D1-A6E7-45CE-BA1D-90A0E60F5F03}: DhcpNameServer = 192.168.0.254
    O17 – HKLMSystemCS1ServicesTcpip..{79D624D1-A6E7-45CE-BA1D-90A0E60F5F03}: DhcpNameServer = 192.168.0.254
    O17 – HKLMSystemCS2ServicesTcpip..{79D624D1-A6E7-45CE-BA1D-90A0E60F5F03}: DhcpNameServer = 212.27.40.241 212.27.40.240
    O17 – HKLMSystemCS3ServicesTcpip..{79D624D1-A6E7-45CE-BA1D-90A0E60F5F03}: DhcpNameServer = 212.27.40.241 212.27.40.240
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.0.254
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: wlmailhtml – {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation – Windows Live Mail.) — C:Program FilesWindows LiveMailmailcomm.dll =>.Microsoft Corporation
    O18 – Filter: text/xml – {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon Filesmicrosoft sharedOFFICE12MSOXMLMF.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
    O20 – AppInit_DLLs: . (…) – C:Program FilesOptimizer ProOptProCrash.dll =>PUP.OptimizerPro
    ~ AppInit DLL: Scanned in 00mn 00s

    —\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
    O22 – SharedTaskScheduler: Component Categories cache daemon – {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation – Bibliothèque de l’interface utilisateur du.) — C:WindowsSystem32browseui.dll
    ~ STS/SSO: Scanned in 00mn 00s

    —\ Liste des services NT non Microsoft et non désactivés (O23)
    O23 – Service: Optimizer Pro Crash Monitor (ca82e1a5) . (…) – C:Program Filesoptimi~1OptProCrash.exe =>PUP.OptimizerPro
    O23 – Service: iSafeService (iSafeService) . (.Elex do Brasil Participações Ltda – iSafeSvc.) – C:Program FilesiSafeiSafeSvc.exe =>Trojan.Staser
    O23 – Service: SaveSenseLive Service (savesenselive) (savesenselive) . (.SaveSense – SaveSenseLive Update.) – C:Program FilesSaveSenseLiveUpdateSaveSenseLive.exe =>PUP.SaveSense
    O23 – Service: SProtection (SProtection) . (.Iminent – Iminent Protection.) – C:Program FilesCommon FilesUmbrellaUmbrella.exe =>Adware.IMBooster
    O23 – Service: Update Bizzybolt (Update Bizzybolt) . (…) – C:Program FilesBizzyboltupdateBizzybolt.exe =>PUP.Bizzybolt
    O23 – Service: WinkHandler (WinkHandler) . (…) – C:Program FilesIminentWinkHandler.exe =>Adware.IMBooster
    O23 – Service: Wpm Service (Wpm) . (.Cherished Technololgy LIMITED – WPM Service.) – C:ProgramDataWPMwprotectmanager.exe =>PUP.WpManager
    O23 – Service: Power Control [2009/01/13 06:10:32] ({55662437-DA8C-40c0-AADA-2C816A897A49}) . (.CyberLink Corp. – Pas de description.) – C:Program FilesHewlett-PackardMediaDVD00.fcl
    ~ Services: 21 Legitimates Filtered in 00mn 09s

    —\ Tâches planifiées en automatique (O39)
    O39 – APT:Automatic Planified Task – C:WindowsTasksDeeal_fr 0.2-chromeinstaller.job [1930]
    O39 – APT:Automatic Planified Task – C:WindowsTasksDeeal_fr 0.2-codedownloader.job [1196]
    O39 – APT:Automatic Planified Task – C:WindowsTasksDeeal_fr 0.2-enabler.job [1096]
    O39 – APT:Automatic Planified Task – C:WindowsTasksDeeal_fr 0.2-firefoxinstaller.job [2010]
    O39 – APT:Automatic Planified Task – C:WindowsTasksDeeal_fr 0.2-updater.job [1294]
    O39 – APT:Automatic Planified Task – C:WindowsTasksSaveSenseLiveUpdateTaskMachineCore.job [918] =>PUP.SaveSense
    O39 – APT:Automatic Planified Task – C:WindowsTasksSaveSenseLiveUpdateTaskMachineUA.job [922] =>PUP.SaveSense
    [MD5.04DBFB81492ACEA9B3BFF307399B17A1] [APT] [Deeal_fr 0.2-chromeinstaller] (.Corporate Inc.) — C:Program FilesDeeal_fr 0.2Deeal_fr 0.2-chromeinstaller.exe [783872]
    [MD5.151F7CFD00FCDD316362E69584B1952F] [APT] [Deeal_fr 0.2-codedownloader] (.Corporate Inc.) — C:Program FilesDeeal_fr 0.2Deeal_fr 0.2-codedownloader.exe [522240]
    [MD5.11A1014D4CDEE26CECD3E9274B52F879] [APT] [Deeal_fr 0.2-enabler] (.Corporate Inc.) — C:Program FilesDeeal_fr 0.2Deeal_fr 0.2-enabler.exe [343552]
    [MD5.C3F03675C1EEAB1D26035320687EEE20] [APT] [Deeal_fr 0.2-firefoxinstaller] (.Corporate Inc.) — C:Program FilesDeeal_fr 0.2Deeal_fr 0.2-firefoxinstaller.exe [832512]
    [MD5.0F0F5AB9ACFF7C50B6925C87D36C958A] [APT] [Deeal_fr 0.2-updater] (.Corporate Inc.) — C:Program FilesDeeal_fr 0.2Deeal_fr 0.2-updater.exe [352768]
    [MD5.6F2939B1EC17A6631106CFD013A9CD77] [APT] [SaveSense] (…) — C:UsersMaarineAppDataRoamingSAVESE~1UPDATE~1UPDATE~1.exe [199176] =>PUP.SaveSense
    [MD5.C495D8665A32539660625182D23D5C59] [APT] [SaveSenseLiveUpdateTaskMachineCore] (.SaveSense.) — C:Program FilesSaveSenseLiveUpdateSaveSenseLive.exe [146920] =>PUP.SaveSense
    [MD5.C495D8665A32539660625182D23D5C59] [APT] [SaveSenseLiveUpdateTaskMachineUA] (.SaveSense.) — C:Program FilesSaveSenseLiveUpdateSaveSenseLive.exe [146920] =>PUP.SaveSense
    [MD5.87948212C71A773AEF4C68029BFAE924] [APT] [wp_update] (…) — C:UsersMaarineAppDataRoaming~guzsbhy.exe [493272] =>PUP.WpManager
    ~ Scheduled Task: 35 Legitimates Filtered in 00mn 02s

    —\ Pilotes lancés au démarrage du système (O41)
    O41 – Driver: (iSafeNetFilter) . (.Elex do Brasil Participações Ltda – iSafeNetFilter SDK TDI Hook Driver (WPP).) – C:Program FilesiSafeiSafeNetFilter.sys =>Trojan.Staser
    ~ Drivers: 88 Legitimates Filtered in 00mn 02s

    —\ Logiciels installés (O42)
    O42 – Logiciel: Bizzybolt – (.Bizzybolt.) [HKLM] — Bizzybolt =>PUP.Bizzybolt
    O42 – Logiciel: Deeal_fr 0.2 – (.Corporate Inc.) [HKLM] — Deeal_fr 0.2
    O42 – Logiciel: Duuqu Update Helper – (.Duuqu Group.) [HKLM] — {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} =>PUP.Duuqu
    O42 – Logiciel: FREEzeFrog – (…) [HKLM] — FREEzeFrogSA =>Adware.FreezeFrog
    O42 – Logiciel: Favorit (kfcrp) – (…) [HKLM] — kfcrp =>Adware.Favorit
    O42 – Logiciel: Fissa – (.Secure Digital Services.) [HKLM] — {4BD271AB-66E2-4D58-AF88-80FE3B0770C4} =>Adware.SPointer
    O42 – Logiciel: Iminent – (.Iminent.) [HKLM] — IMBoosterARP =>Adware.IMBooster
    O42 – Logiciel: Lollipop – (.Lollipop Network, S.L..) [HKCU] — lollipop =>Adware.Lollipop
    O42 – Logiciel: PokerStars.fr – (.PokerStars.fr.) [HKLM] — PokerStars.fr
    O42 – Logiciel: PriceGong 2.5.0 – (.PriceGong.) [HKLM] — PriceGong =>Adware.PriceGong
    O42 – Logiciel: PricePeep – (.betwikx LLC.) [HKLM] — PricePeep =>Adware.PricePeep
    O42 – Logiciel: SaveSense (remove only) – (.SaveSense.) [HKLM] — SaveSense =>PUP.SaveSense
    O42 – Logiciel: SaveSense – (…) [HKCU] — SaveSense =>PUP.SaveSense
    O42 – Logiciel: ShopperReports – (.ShopperReports.) [HKLM] — ShoppingReport2 =>Adware.ShopperReports
    O42 – Logiciel: ShopperReports – (.SmartShopper.) [HKLM] — ShopperReportsSA =>Adware.ShopperReports
    O42 – Logiciel: WPM17.8.0.3159 – (.Cherished Technololgy LIMITED.) [HKLM] — WPM =>PUP.WpManager
    O42 – Logiciel: YAC – (.ELEX DO BRASIL PARTICIPAÇÕES LTDA.) [HKLM] — iSafe =>Trojan.Staser
    O42 – Logiciel: jeuxob.fr Toolbar – (…) [HKLM] — jeuxob.fr Toolbar
    ~ Logic: 75 Legitimates Filtered in 00mn 01s

    Marine14
    Participant
    Nombre d'articles : 34

    —\ HKCU & HKLM Software Keys
    [HKCUSoftwareBizzybolt] =>PUP.Bizzybolt
    [HKCUSoftwareDuuqu] =>PUP.Duuqu
    [HKCUSoftwareFissaSearch] =>PUP.OfferBox
    [HKCUSoftwareIminentToolbar] =>Adware.IMBooster
    [HKCUSoftwareIminent] =>Adware.IMBooster
    [HKCUSoftwareInstalledBrowserExtensions] =>Adware.VidSaver
    [HKCUSoftwareMachines]
    [HKCUSoftwareOfferBox] =>PUP.OfferBox
    [HKCUSoftwareSaveSenseLive] =>PUP.SaveSense
    [HKCUSoftwareShopperReports3] =>Adware.ShopperReports
    [HKCUSoftwareShoppingReport2] =>Adware.ShoppingReport
    [HKCUSoftwareSmartbarBackup] =>Hijacker.SmartBar
    [HKCUSoftwareSmartbarLog] =>Hijacker.SmartBar
    [HKCUSoftwareV9]
    [HKCUSoftwareYahooPartnerToolbar]
    [HKCUSoftwarecacaoweb] =>PUP.CacaoWeb
    [HKCUSoftwareclickpotatolitesa] =>Adware.ClickPotato
    [HKCUSoftwarefacemoods.com] =>Adware.Facemoods
    [HKCUSoftwarefcn]
    [HKCUSoftwarefreezefrogsa] =>Adware.FreezeFrog
    [HKCUSoftwarehblitesa] =>Adware.HotBar
    [HKCUSoftwarehotbarsa]
    [HKLMSoftwareClickPotatoLite] =>Adware.ClickPotato
    [HKLMSoftwareConduit] =>Toolbar.Conduit
    [HKLMSoftwareDealPlyLive] =>PUP.DealPly
    [HKLMSoftwareDuuqu] =>PUP.Duuqu
    [HKLMSoftwareFREEzeFrog] =>Adware.FreezeFrog
    [HKLMSoftwareFissaSearch] =>PUP.OfferBox
    [HKLMSoftwareHBLite] =>Adware.HotBar
    [HKLMSoftwareIminentToolbar] =>Adware.IMBooster
    [HKLMSoftwareIminent] =>Adware.IMBooster
    [HKLMSoftwareNature]
    [HKLMSoftwareOfferBox] =>PUP.OfferBox
    [HKLMSoftwareSaveSenseLive] =>PUP.SaveSense
    [HKLMSoftwareShopperReports3] =>Adware.ShopperReports
    [HKLMSoftwareUmbrella]
    [HKLMSoftwareVBMZ] =>PUP.Duuqu
    [HKLMSoftwarefacemoods.com] =>Adware.Facemoods
    [HKLMSoftwarejeuxob.fr]
    [HKLMSoftwaresupWPM] =>PUP.WpManager
    ~ Key Software: 451 Legitimates Filtered in 00mn 01s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 05/01/2014 – 16:44:26 – [0,985] —-D C:Program FilesBizzybolt =>PUP.Bizzybolt
    O43 – CFD: 19/12/2010 – 18:28:13 – [1,722] —-D C:Program FilesClickPotatoLite =>Adware.ClickPotato
    O43 – CFD: 01/07/2011 – 21:39:27 – [0,497] —-D C:Program FilesConduit
    O43 – CFD: 05/01/2014 – 17:06:29 – [7,259] —-D C:Program FilesDeeal_fr 0.2
    O43 – CFD: 05/01/2014 – 17:07:34 – [0] —-D C:Program FilesDuuqu =>PUP.Duuqu
    O43 – CFD: 25/03/2011 – 20:58:29 – [50,849] —-D C:Program FilesFluendo =>Adware.SPointer
    O43 – CFD: 11/07/2011 – 21:48:18 – [0,819] —-D C:Program FilesFREEzeFrog =>Adware.FreezeFrog
    O43 – CFD: 03/06/2011 – 20:44:35 – [0,744] —-D C:Program FilesHBLite =>Adware.HotBar
    O43 – CFD: 28/12/2009 – 21:27:55 – [4,814] —-D C:Program FilesHotbar
    O43 – CFD: 05/01/2014 – 16:43:16 – [5,788] —-D C:Program FilesIminent =>Adware.IMBooster
    O43 – CFD: 05/01/2014 – 16:43:53 – [2,389] —-D C:Program FilesIminentToolbar =>Adware.IMBooster
    O43 – CFD: 05/01/2014 – 17:06:35 – [28,670] —-D C:Program FilesiSafe =>Trojan.Staser
    O43 – CFD: 01/07/2011 – 21:39:35 – [2,442] —-D C:Program Filesjeuxob.fr
    O43 – CFD: 28/09/2010 – 21:26:54 – [0] —-D C:Program FilesKrysMirror
    O43 – CFD: 13/11/2010 – 17:25:04 – [54,486] —-D C:Program FilesLimeWire
    O43 – CFD: 23/09/2011 – 18:07:01 – [3,102] —-D C:Program FilesOfferBox =>PUP.OfferBox
    O43 – CFD: 29/08/2010 – 23:27:52 – [48,520] —-D C:Program FilesPlants vs Zombies
    O43 – CFD: 27/06/2011 – 17:59:36 – [61,340] —-D C:Program FilesPokerStars.FR
    O43 – CFD: 07/06/2011 – 21:17:20 – [0,417] —-D C:Program FilesPriceGong =>Adware.PriceGong
    O43 – CFD: 05/01/2014 – 17:02:35 – [1,079] —-D C:Program FilesPricePeep =>Adware.PricePeep
    O43 – CFD: 05/01/2014 – 16:57:00 – [1,262] —-D C:Program FilesSaveSense =>PUP.SaveSense
    O43 – CFD: 05/01/2014 – 16:59:34 – [3,431] —-D C:Program FilesSaveSenseLive =>PUP.SaveSense
    O43 – CFD: 19/12/2010 – 18:27:49 – [2,857] —-D C:Program FilesShopperReports3 =>Adware.ShopperReports
    O43 – CFD: 26/04/2011 – 23:37:36 – [1,175] —-D C:Program FilesShoppingReport2 =>Adware.ShoppingReport
    O43 – CFD: 07/06/2011 – 21:30:22 – [0,866] —-D C:Program FilesSocialPlus
    O43 – CFD: 05/01/2014 – 16:42:54 – [2,771] —-D C:Program FilesCommon FilesUmbrella
    O43 – CFD: 28/12/2009 – 21:27:59 – [0] —-D C:ProgramData2ACA5CC3-0F83-453D-A079-1076FE1A8B65
    O43 – CFD: 29/04/2011 – 12:18:19 – [3,985] —-D C:ProgramDataClickPotatoLiteSA =>Adware.ClickPotato
    O43 – CFD: 24/08/2011 – 15:42:40 – [1,219] —-D C:ProgramDataFREEzeFrogSA =>Adware.FreezeFrog
    O43 – CFD: 04/06/2011 – 16:35:37 – [1,344] —-D C:ProgramDataHBLiteSA =>Adware.HotBar
    O43 – CFD: 29/12/2009 – 12:11:52 – [7,504] —-D C:ProgramDataHotbarSA
    O43 – CFD: 28/12/2009 – 19:26:51 – [0] —-D C:ProgramDataPipe Organ
    O43 – CFD: 28/12/2009 – 19:33:02 – [0] —-D C:ProgramDataPrintsService
    O43 – CFD: 05/01/2014 – 16:59:33 – [0,038] —-D C:ProgramDataSaveSenseLive =>PUP.SaveSense
    O43 – CFD: 05/01/2014 – 17:04:35 – [0,477] —-D C:ProgramDataWPM =>PUP.WpManager
    O43 – CFD: 05/01/2014 – 16:12:48 – [0,463] —-D C:UsersMaarineAppDataRoamingcacaoweb =>PUP.CacaoWeb
    O43 – CFD: 19/12/2010 – 18:28:13 – [0] —-D C:UsersMaarineAppDataRoamingClickPotatoLite =>Adware.ClickPotato
    O43 – CFD: 25/03/2011 – 21:00:56 – [0,024] —-D C:UsersMaarineAppDataRoamingFissaSearch =>PUP.OfferBox
    O43 – CFD: 11/07/2011 – 21:48:18 – [0] —-D C:UsersMaarineAppDataRoamingFREEzeFrog =>Adware.FreezeFrog
    O43 – CFD: 03/06/2011 – 20:44:35 – [0] —-D C:UsersMaarineAppDataRoamingHBLite =>Adware.HotBar
    O43 – CFD: 28/12/2009 – 21:27:59 – [0,075] —-D C:UsersMaarineAppDataRoamingHotbar
    O43 – CFD: 05/01/2014 – 16:43:49 – [0,259] —-D C:UsersMaarineAppDataRoamingIminentToolbar =>Adware.IMBooster
    O43 – CFD: 05/01/2014 – 18:08:15 – [16,494] —-D C:UsersMaarineAppDataRoamingiSafe =>Trojan.Staser
    O43 – CFD: 13/11/2010 – 17:23:21 – [23,546] —-D C:UsersMaarineAppDataRoamingLimeWire
    O43 – CFD: 07/06/2011 – 21:13:26 – [0,270] —-D C:UsersMaarineAppDataRoamingOfferBox =>PUP.OfferBox
    O43 – CFD: 05/01/2014 – 16:57:16 – [0,190] —-D C:UsersMaarineAppDataRoamingSaveSense =>PUP.SaveSense
    O43 – CFD: 19/12/2010 – 18:27:49 – [0] —-D C:UsersMaarineAppDataRoamingShopperReports3 =>Adware.ShopperReports
    O43 – CFD: 28/12/2009 – 21:27:57 – [0] —-D C:UsersMaarineAppDataRoamingWeatherDPA
    O43 – CFD: 05/01/2014 – 17:05:05 – [0] —-D C:UsersMaarineAppDataRoamingwp_update =>PUP.WpManager
    O43 – CFD: 05/01/2014 – 17:07:23 – [0] —-D C:UsersMaarineAppDataLocalDeeal_fr 0.2
    O43 – CFD: 05/01/2014 – 16:53:23 – [0] —-D C:UsersMaarineAppDataLocalDuuqu =>PUP.Duuqu
    O43 – CFD: 05/01/2014 – 16:42:58 – [1,196] —-D C:UsersMaarineAppDataLocalLollipop =>Adware.Lollipop
    O43 – CFD: 27/06/2011 – 18:08:56 – [0,606] —-D C:UsersMaarineAppDataLocalPokerStars.FR
    O43 – CFD: 05/01/2014 – 16:59:34 – [0] —-D C:UsersMaarineAppDataLocalSaveSenseLive =>PUP.SaveSense
    O43 – CFD: 29/08/2010 – 23:27:36 – [0,003] —-D C:UsersMaarineAppDataRoamingMicrosoftWindowsStart MenuProgramsPlants vs Zombies
    O43 – CFD: 05/01/2014 – 16:57:01 – [0,001] —-D C:UsersMaarineAppDataRoamingMicrosoftWindowsStart MenuProgramsSaveSense =>PUP.SaveSense
    ~ Program Folder: 297 Legitimates Filtered in 00mn 08s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.4D025C57F5AA6D30B261BCEC8A530910] – 05/01/2014 – 17:32:46


    . (…) — C:UsbFix [Scan 2] 16MAI2009.txt [16860]
    O44 – LFC:[MD5.72DC2E12CBEBE9F0135A6C94F21F4F33] – 05/01/2014 – 18:24:27 —A- . (…) — C:UsbFix [Clean 1] 16MAI2009.txt [18597]
    ~ Files: 22 Legitimates Filtered in 00mn 02s

    —\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – « FilterAdministratorToken »=0
    O55 – MWPS:[HKLM…PoliciesSystem] – « EnableUIADesktopToggle »=0
    ~ MWPS: 16 Legitimates Filtered in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:[MD5.F8A6018193BE629B8EA4C5D7B2452B70] – 16/09/2004 – 12:26:40 —A- . (…) — C:WindowsSystem32DriversADFUUD.SYS [12634]
    O58 – SDL:[MD5.F385467DF95D0A73775CB3B076B8B969] – 01/01/2014 – 01:27:04 —A- . (…) — C:WindowsSystem32DriversaswRvrt.sys [49944]
    O58 – SDL:[MD5.1B0662514A68C3A42E60D240C5ABEF28] – 01/01/2014 – 01:27:04 —A- . (…) — C:WindowsSystem32DriversaswVmm.sys [180248]
    O58 – SDL:[MD5.23B62471681A124889978F6295B3F4C6] – 21/01/2008 – 03:23:22 —A- . (.Emulex – Storport Miniport Driver for LightPulse HBAs.) — C:WindowsSystem32Driverselxstor.sys [342584]
    O58 – SDL:[MD5.004B2EA6CC2598EC5F0552E43CE29CEF] – 04/09/2008 – 18:47:00 —A- . (.ENE TECHNOLOGY INC. – ENE CIR Driver for eHome.) — C:WindowsSystem32Driversenecir.sys [54784]
    O58 – SDL:[MD5.BCED60D16156E428F8DF8CF27B0DF150] – 02/11/2006 – 10:50:07 —A- . (.Integrated Technology Express, Inc. – ITE IT8211 ATA/ATAPI SCSI miniport.) — C:WindowsSystem32Driversiteatapi.sys [35944]
    O58 – SDL:[MD5.06FA654504A498C30ADCA8BEC4E87E7E] – 02/11/2006 – 10:50:09 —A- . (.Integrated Technology Express, Inc. – ITE IT8212 ATA RAID SCSI miniport.) — C:WindowsSystem32Driversiteraid.sys [35944]
    O58 – SDL:[MD5.84C78B53838BDEC2B0853ADC782CD5DE] – 26/10/2008 – 21:50:56 —A- . (.IDT, Inc. – IDT PC Audio.) — C:WindowsSystem32Driversstwrt.sys [391168]
    O58 – SDL:[MD5.9224BB254F591DE4CA8D572A5F0D635C] – 21/01/2008 – 03:23:20 —A- . (.ULi Electronics Inc. – ULi SATA Controller Driver.) — C:WindowsSystem32Driversuliahci.sys [238648]
    O58 – SDL:[MD5.8514D0E5CD0534467C5FC61BE94A569F] – 02/11/2006 – 10:50:35 —A- . (.Promise Technology, Inc. – Promise Ultra/Sata Series Driver for Win2003.) — C:WindowsSystem32Driversulsata.sys [98408]
    O58 – SDL:[MD5.38C3C6E62B157A6BC46594FADA45C62B] – 21/01/2008 – 03:23:23 —A- . (.Promise Technology, Inc. – Promise SATAII150 Series Windows Drivers.) — C:WindowsSystem32Driversulsata2.sys [115816]
    O58 – SDL:[MD5.83CAFCB53201BBAC04D822F32438E244] – 10/05/2011 – 07:06:08 —A- . (.Apple, Inc. – Apple Mobile Device USB Driver.) — C:WindowsSystem32Driversusbaapl.sys [42496]
    O58 – SDL:[MD5.8AAD333C876590293F72B315E162BCC7] – 02/11/2006 – 08:09:42 —A- . (…) — C:WindowsSystem32ANSI.SYS [9029]
    O58 – SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] – 02/11/2006 – 08:09:45 —A- . (…) — C:WindowsSystem32country.sys [27097]
    O58 – SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] – 02/11/2006 – 08:09:41 —A- . (…) — C:WindowsSystem32HIMEM.SYS [4768]
    O58 – SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] – 02/11/2006 – 08:09:44 —A- . (…) — C:WindowsSystem32KEY01.SYS [42809]
    O58 – SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] – 02/11/2006 – 08:09:44 —A- . (…) — C:WindowsSystem32KEYBOARD.SYS [42537]
    O58 – SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] – 02/11/2006 – 08:09:29 —A- . (…) — C:WindowsSystem32NTDOS.SYS [27866]
    O58 – SDL:[MD5.CF9ED169FF86D935E47999E82359E898] – 02/11/2006 – 08:09:35 —A- . (…) — C:WindowsSystem32NTDOS404.SYS [29146]
    O58 – SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] – 02/11/2006 – 08:09:38 —A- . (…) — C:WindowsSystem32NTDOS411.SYS [29370]
    O58 – SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] – 02/11/2006 – 08:09:40 —A- . (…) — C:WindowsSystem32NTDOS412.SYS [29274]
    O58 – SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] – 02/11/2006 – 08:09:31 —A- . (…) — C:WindowsSystem32NTDOS804.SYS [29146]
    O58 – SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] – 02/11/2006 – 08:09:20 —A- . (…) — C:WindowsSystem32NTIO.SYS [33952]
    O58 – SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] – 02/11/2006 – 08:09:23 —A- . (…) — C:WindowsSystem32NTIO404.SYS [34672]
    O58 – SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] – 02/11/2006 – 08:09:24 —A- . (…) — C:WindowsSystem32NTIO411.SYS [35776]
    O58 – SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] – 02/11/2006 – 08:09:26 —A- . (…) — C:WindowsSystem32NTIO412.SYS [35536]
    O58 – SDL:[MD5.D86B6435729231C171432B4E77801BDB] – 02/11/2006 – 08:09:22 —A- . (…) — C:WindowsSystem32NTIO804.SYS [34672]
    ~ Drivers: 16 Legitimates Filtered in 00mn 09s

    —\ Recherche heuristique Magic.control (HSMI) (O59)
    O59 – HSMI:Heuristic Search MagicControl Infection – (…) — C:UsersMaarineAppDataLocalbranujqf_nav.dat
    O59 – HSMI:Heuristic Search MagicControl Infection – (…) — C:UsersMaarineAppDataLocalbranujqf_navps.dat
    O59 – HSMI:Heuristic Search MagicControl Infection – (…) — C:UsersMaarineAppDataLocalcxfbpmc_navps.dat
    O59 – HSMI:Heuristic Search MagicControl Infection – (…) — C:UsersMaarineAppDataLocalpactcfq_nav.dat
    O59 – HSMI:Heuristic Search MagicControl Infection – (…) — C:UsersMaarineAppDataLocalbranujqf.dat
    O59 – HSMI:Heuristic Search MagicControl Infection – (…) — C:UsersMaarineAppDataLocalbranujqf.exe
    O59 – HSMI:Heuristic Search MagicControl Infection – (…) — C:UsersMaarineAppDataLocalcxfbpmc.dat
    O59 – HSMI:Heuristic Search MagicControl Infection – (.tamponneuse – prelado.) — C:UsersMaarineAppDataLocalcxfbpmc.exe
    O59 – HSMI:Heuristic Search MagicControl Infection – (…) — C:UsersMaarineAppDataLocalpactcfq.bat
    ~ Files: Scanned in 00mn 00s

    —\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 – LFC: 02/01/2014 – 18:33:54 —A- . (…) — C:UsersMaarineAppDataLocalGoogleQuick Search Boxcache.backup [2174976]
    O61 – LFC: 02/01/2014 – 18:33:54 —A- . (…) — C:UsersMaarineAppDataLocalGoogleQuick Search Boxranking.backup [1255424]
    O61 – LFC: 02/01/2014 – 18:34:01 —A- . (…) — C:UsersMaarineAppDataRoamingiSafeeaseas.dat.new [31744] =>Trojan.Staser
    O61 – LFC: 02/01/2014 – 18:34:06 —A- . (…) — C:UsersMaarineAppDataRoamingwklnhst.dat [11336]
    O61 – LFC: 02/01/2014 – 18:34:09 —A- . (…) — C:UsersMaarineDownloadsBusiness Project (1).odt [34706]
    O61 – LFC: 02/01/2014 – 18:34:09 —A- . (…) — C:UsersMaarineDownloadsBusiness Project.odt [34706]
    O61 – LFC: 02/01/2014 – 18:34:09 —A- . (…) — C:UsersMaarineDownloadsInterviews.odt [12422]
    O61 – LFC: 05/01/2014 – 18:33:35 —A- . (…) — C:UsersMaarineAppDataLocalGDIPFONTCACHEV1.DAT [82424]
    O61 – LFC: 05/01/2014 – 18:33:35 —A- . (…) — C:UsersMaarineAppDataLocalGoogleChromeUser DataCertificate Revocation Lists [264871]
    O61 – LFC: 05/01/2014 – 18:33:54 —A- . (…) — C:UsersMaarineAppDataLocalGoogleChromeUser DataLocal State [61367]
    O61 – LFC: 05/01/2014 – 18:33:54 —A- . (…) — C:UsersMaarineAppDataLocalGoogleQuick Search Boxapp_launcher_apps.data [113664]
    O61 – LFC: 05/01/2014 – 18:33:54 —A- . (…) — C:UsersMaarineAppDataLocalGoogleQuick Search Boxapp_launcher_links.data [174080]
    O61 – LFC: 05/01/2014 – 18:33:54 —A- . (…) — C:UsersMaarineAppDataLocalGoogleQuick Search Boxcache.db [2174976]
    O61 – LFC: 05/01/2014 – 18:33:54 —A- . (…) — C:UsersMaarineAppDataLocalGoogleQuick Search Boxranking.db [1255424]
    O61 – LFC: 05/01/2014 – 18:33:54 —A- . (…) — C:UsersMaarineAppDataLocalGoogleToolbar Cache7.5.4601.54frtranslate_element.js.content [2385]
    O61 – LFC: 05/01/2014 – 18:33:54 —A- . (…) — C:UsersMaarineAppDataLocalGoogleToolbar Cache7.5.4601.54frtranslate_languages.json.content [2033]
    O61 – LFC: 05/01/2014 – 18:33:54 —A- . (…) — C:UsersMaarineAppDataLocalGoogleToolbarbroker_metrics.xml [2955]
    O61 – LFC: 05/01/2014 – 18:33:54 —A- . (…) — C:UsersMaarineAppDataLocalLollipopLollipop.exe [893960] =>Adware.Lollipop
    O61 – LFC: 05/01/2014 – 18:33:54 —A- . (…) — C:UsersMaarineAppDataLocalLollipoplogo.ico [17542] =>Adware.Lollipop
    O61 – LFC: 05/01/2014 – 18:33:54 —A- . (…) — C:UsersMaarineAppDataLocalLollipoplollipop.bat [340] =>Adware.Lollipop
    O61 – LFC: 05/01/2014 – 18:33:54 —A- . (…) — C:UsersMaarineAppDataLocalLollipoplollipop.lpd [3820] =>Adware.Lollipop
    O61 – LFC: 05/01/2014 – 18:33:54 —A- . (…) — C:UsersMaarineAppDataLocalLollipoplollipop_cfg.lpd [336406] =>Adware.Lollipop
    O61 – LFC: 05/01/2014 – 18:33:54 —A- . (…) — C:UsersMaarineAppDataLocalLollipoplollipop_ps.lpd [1549] =>Adware.Lollipop
    O61 – LFC: 05/01/2014 – 18:33:55 —A- . (…) — C:UsersMaarineAppDataLocalmoovida Aircid.txt [16] =>Adware.SPointer
    O61 – LFC: 05/01/2014 – 18:33:55 —A- . (…) — C:UsersMaarineAppDataLocalmoovida Aircountry.sxe [233479] =>Adware.SPointer
    O61 – LFC: 05/01/2014 – 18:33:55 —A- . (…) — C:UsersMaarineAppDataLocalmoovida Airhistory.db [16384] =>Adware.SPointer
    O61 – LFC: 05/01/2014 – 18:33:55 —A- . (…) — C:UsersMaarineAppDataLocalmoovida Airupdate.sxe [1226] =>Adware.SPointer
    O61 – LFC: 05/01/2014 – 18:33:55 —A- . (…) — C:UsersMaarineAppDataLocalmoovida Airupdate.xml [426] =>Adware.SPointer
    O61 – LFC: 05/01/2014 – 18:33:59 —A- . (…) — C:UsersMaarineAppDataLocalVisualBeeExeuninst.exe [78338] =>Adware.VisualBeeToolbar
    O61 – LFC: 05/01/2014 – 18:34:00 —A- . (…) — C:UsersMaarineAppDataRoamingcacaowebnpdfile.dat [186] =>PUP.CacaoWeb
    O61 – LFC: 05/01/2014 – 18:34:00 —A- . (…) — C:UsersMaarineAppDataRoamingcacaowebstorage.db [25] =>PUP.CacaoWeb
    O61 – LFC: 05/01/2014 – 18:34:01 —A- . (…) — C:UsersMaarineAppDataRoamingiSafeico1ef249aacf75053c008316116ed9e4b6.ico [26582] =>Trojan.Staser
    O61 – LFC: 05/01/2014 – 18:34:01 —A- . (…) — C:UsersMaarineAppDataRoamingiSafeico238502e36dd394dd33b7ab8ef00b8531.ico [61755] =>Trojan.Staser
    O61 – LFC: 05/01/2014 – 18:34:01 —A- . (…) — C:UsersMaarineAppDataRoamingiSafeico2fe121bddc64a3d4caa37b5fe546f4e8.ico [1078] =>Trojan.Staser
    O61 – LFC: 05/01/2014 – 18:34:01 —A- . (…) — C:UsersMaarineAppDataRoamingiSafeico485b83ae2c7174f0b6badf4d48faadd2.ico [17542] =>Trojan.Staser
    O61 – LFC: 05/01/2014 – 18:34:01 —A- . (…) — C:UsersMaarineAppDataRoamingiSafeico654c43f8c6ea9e4508cc2c25717e25e5.ico [5430] =>Trojan.Staser
    O61 – LFC: 05/01/2014 – 18:34:01 —A- . (…) — C:UsersMaarineAppDataRoamingiSafeico66354d2ebb1402ee7d27c48dce181ce5.ico [85138] =>Trojan.Staser
    O61 – LFC: 05/01/2014 – 18:34:02 —A- . (…) — C:UsersMaarineAppDataRoamingiSafeicoa45a851d65153dde72e40b74b164f35f.ico [85138] =>Trojan.Staser
    O61 – LFC: 05/01/2014 – 18:34:02 —A- . (…) — C:UsersMaarineAppDataRoamingiSafeicoa67b6288bb3774a3d47fee867442e2bc.ico [22486] =>Trojan.Staser
    O61 – LFC: 05/01/2014 – 18:34:02 —A- . (…) — C:UsersMaarineAppDataRoamingiSafeicoab6b188a4cd9c5bf6b2d10cfaa97179a.ico [1150] =>Trojan.Staser
    O61 – LFC: 05/01/2014 – 18:34:02 —A- . (…) — C:UsersMaarineAppDataRoamingiSafeicob8c74f63707a0b9b7e470bb6423944a0.ico [1150] =>Trojan.Staser
    O61 – LFC: 05/01/2014 – 18:34:02 —A- . (…) — C:UsersMaarineAppDataRoamingiSafeicoc8091692fedf95c960b66f1deaaf8386.ico [97527] =>Trojan.Staser
    O61 – LFC: 05/01/2014 – 18:34:02 —A- . (…) — C:UsersMaarineAppDataRoamingiSafeicocbd00080ff37b24fde98c474072a0e0f.ico [55773] =>Trojan.Staser
    O61 – LFC: 05/01/2014 – 18:34:02 —A- . (…) — C:UsersMaarineAppDataRoamingiSafeicoe5b4615952e8e1d4f72975d1d346437c.ico [102175] =>Trojan.Staser
    O61 – LFC: 05/01/2014 – 18:34:02 —A- . (…) — C:UsersMaarineAppDataRoamingiSafeicof0afe09371049d9e8093d63a89044d47.ico [5430] =>Trojan.Staser
    O61 – LFC: 05/01/2014 – 18:34:02 —A- . (…) — C:UsersMaarineAppDataRoamingiSafeicof63bce5be61fb98ce4302d3adfacfccd.ico [766] =>Trojan.Staser
    O61 – LFC: 05/01/2014 – 18:34:02 —A- . (.Elex do Brasil Participações Ltda.) — C:UsersMaarineAppDataRoamingiSafeupdateisafe_update_v3.8.20.exe [6432424] =>Trojan.Staser
    O61 – LFC: 05/01/2014 – 18:34:06 —A- . (…) — C:UsersMaarineAppDataRoamingZHPLog.txt [29109] =>.Nicolas Coolman
    O61 – LFC: 05/01/2014 – 18:34:06 —A- . (…) — C:UsersMaarineAppDataRoamingZHPTestsZHPDiag.txt [2869] =>.Nicolas Coolman
    O61 – LFC: 05/01/2014 – 18:34:06 —A- . (…) — C:UsersMaarineAppDataRoamingwp_updatecurrentVersion.txt [1] =>PUP.WpManager
    O61 – LFC: 05/01/2014 – 18:34:06 —A- . (…) — C:UsersMaarineAppDataRoaming~guzsbhy.exe [493272]
    O61 – LFC: 05/01/2014 – 18:34:09 —A- . (.*Rapiddown*.) — C:UsersMaarineDownloadsUsbFix.exe [176488]
    ~ 104 Fichiers temporaires (Temporary files)
    ~ 1 Fichiers cookies (Cookies files)
    ~ Files: 1148 Legitimates Filtered in 00mn 39s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: UsbFix – (.El Desaparecido – http://www.usbfix.nethttp://www.sosvirus.net.) [HKLM] — Usbfix
    O63 – Logiciel: ZHPDiag 2014 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Liste les services legacy du registre (LALS) (O64)
    O64 – Services: CurCS – 27/12/2013 – C:Program FilesiSafeiSafeKrnl.sys (iSafeKrnl) .(.Elex do Brasil Participações Ltda – iSafe Kernel Driver.) – LEGACY_ISAFEKRNL =>Trojan.Staser
    O64 – Services: CurCS – 27/12/2013 – C:Program FilesiSafeiSafeNetFilter.sys (iSafeNetFilter) .(.Elex do Brasil Participações Ltda – iSafeNetFilter SDK TDI Hook Driver (WPP).) – LEGACY_ISAFENETFILTER =>Trojan.Staser
    ~ Legacy: 125 Legitimates Filtered in 00mn 02s

    —\ Associations Shell Spawning (O67)
    O67 – Shell Spawning: [HKCU..openCommand] (.Not Key.)
    ~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — c:program filesgooglechromeapplicationchrome.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — c:program filesgooglechromeapplicationchrome.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — c:program filesinternet exploreriexplore.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Apple Inc. – Safari.) — c:program filessafarisafari.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: SearchScopes [HKCU] {10B4E706-0FB5-43BE-88B2-C3CC5CCFECC8} – (Surf Canyon) – http://search.surfcanyon.com » onclick= »window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {19A8A889-0D8E-43E5-9A15-56A283ADA300} – (Kelkoo) – http://fr.kelkoopartners.net » onclick= »window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {2B7B7EFC-C234-4532-822B-A8D74D7EF7EB} – (gdark) – http://fr.gdark.com » onclick= »window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {56256A51-B582-467e-B8D4-7786EDA79AE0} – (My Web Search) – http://www.mywebsearch.com » onclick= »window.open(this.href);return false; =>Adware.MyWebSearch
    O69 – SBI: SearchScopes [HKCU] {5FF4A236-3AE1-4747-B3BE-C65A39970202} – (AOL Recherche) – http://slirsredirect.search.aol.com » onclick= »window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {61B32A86-DAE6-4B41-A4AB-A2AA48FB0565} – (Yahoo!) – http://fr.search.yahoo.com » onclick= »window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] – (Google) – http://www.google.com » onclick= »window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {afdbddaa-5d3f-42ee-b79c-185a7020515b} – (jeuxob.fr Customized Web Search) – http://search.conduit.com » onclick= »window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {b41306c6-96d0-442a-bcc4-b0f621e82ce9} – (Fissa) – http://www.fissa.com » onclick= »window.open(this.href);return false; =>PUP.OfferBox
    O69 – SBI: SearchScopes [HKCU] {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} – (SearchTheWeb) – http://search.iminent.com » onclick= »window.open(this.href);return false; =>Adware.IMBooster
    O69 – SBI: SearchScopes [HKCU] {E08A9998-D98F-476f-8F5C-37C80FE0A4DA} – (Jeux.fr) – http://search.conduit.com » onclick= »window.open(this.href);return false;
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche particulière à la racine du système (SPRF) (O84)
    [MD5.FD9C65AA2AAA145C270B36EBA082922E] [SPRF][22/12/2010] (…) — C:UsersMaarineAppDataLocalbranujqf.dat [3336]
    [MD5.4975D75683E2CC0B9E3182BA0BCC8B1F] [SPRF][22/12/2010] (…) — C:UsersMaarineAppDataLocalbranujqf.exe [692224]
    [MD5.6410933A25965F4397EAC0A0A62F0433] [SPRF][17/12/2010] (…) — C:UsersMaarineAppDataLocalbranujqf_nav.dat [292073]
    [MD5.6FE4DC8A332368D0240C0C1E2FF225F5] [SPRF][22/12/2010] (…) — C:UsersMaarineAppDataLocalbranujqf_navps.dat [4203]
    [MD5.EF0B589D5C44781E5C557217F31F81CD] [SPRF][05/05/2010] (…) — C:UsersMaarineAppDataLocalcxfbpmc.dat [3470]
    [MD5.453D926BCAFE593F05FA4D41C7924B0E] [SPRF][05/05/2010] (.tamponneuse – prelado.) — C:UsersMaarineAppDataLocalcxfbpmc.exe [421888]
    [MD5.973449A94542F44C6CA2584BD0FBE3ED] [SPRF][05/05/2010] (…) — C:UsersMaarineAppDataLocalcxfbpmc_navps.dat [2955]
    [MD5.4D4C1057D408E9FA54F4D8F8283EA9BD] [SPRF][23/06/2013] (…) — C:UsersMaarineAppDataLocald3d9caps.dat [6836]
    [MD5.FB1749DDECA2DB45CD208624CFBB692B] [SPRF][03/10/2010] (…) — C:UsersMaarineAppDataLocalgxjclco.bat [92]
    [MD5.534D78034B774B6266F2189576F8C6E3] [SPRF][05/05/2010] (…) — C:UsersMaarineAppDataLocalkfcrp.bat [92]
    [MD5.D9112FC87DEC112A601CFA1986E4919B] [SPRF][22/12/2010] (…) — C:UsersMaarineAppDataLocalknrfjmj.bat [93]
    [MD5.632E01B45D4E0D3537CCE6003624F84F] [SPRF][25/11/2009] (…) — C:UsersMaarineAppDataLocalowgnww.exe [321536]
    [MD5.A55AA635F61005159C9EF3FA3C518572] [SPRF][06/08/2010] (…) — C:UsersMaarineAppDataLocalpactcfq.bat [91]
    [MD5.A36D577D2FEE645779B509C908263332] [SPRF][29/04/2010] (…) — C:UsersMaarineAppDataLocalpactcfq_nav.dat [332502]
    [MD5.ABDEFA6CCA60455E9640E67EFA052E2D] [SPRF][08/09/2010] (…) — C:UsersMaarineAppDataLocalvmddsj.bat [92]
    [MD5.2C7FCD1FF1E41FFAF03DD565E97C65F6] [SPRF][02/01/2014] (…) — C:UsersMaarineAppDataRoamingwklnhst.dat [11336]
    [MD5.87948212C71A773AEF4C68029BFAE924] [SPRF][05/01/2014] (.Pas de propriétaire – wp_update scheduler.) — C:UsersMaarineAppDataRoaming~guzsbhy.exe [493272] =>PUP.WpManager
    [MD5.6AABCAB9FF3FFB26EF173153B765483D] [SPRF][05/01/2014] (…) — C:UsersMaarineDesktopcacaoweb.exe [469504] =>PUP.CacaoWeb
    ~ Files: 23 Legitimates Filtered in 00mn 02s

    —\ Liste des exceptions du parefeu (FirewallRules) (O87)
    O87 – FAEL: « {8E9460AD-1D6D-4320-A93E-334CDECAB84C} » | In – Public – P6 – TRUE | .(.Lime Wire, LLC – LimeWire.) — C:Program FilesLimeWireLimeWire.exe
    O87 – FAEL: « {24A4F675-7DB0-4140-9AA7-F1A259383767} » | In – Public – P17 – TRUE | .(.Lime Wire, LLC – LimeWire.) — C:Program FilesLimeWireLimeWire.exe
    O87 – FAEL: « TCP Query User{E1BC53E6-161C-4AC6-AE04-3036D8E1A00B}C:program filesfluendomoovidamoovida.exe » | In – Public – P6 – TRUE | .(.Fluendo Embedded – Moovida.) — C:program filesfluendomoovidamoovida.exe =>Adware.SPointer
    O87 – FAEL: « UDP Query User{C1FFE696-E10B-4220-BE68-411059A974C0}C:program filesfluendomoovidamoovida.exe » | In – Public – P17 – TRUE | .(.Fluendo Embedded – Moovida.) — C:program filesfluendomoovidamoovida.exe =>Adware.SPointer
    O87 – FAEL: « TCP Query User{E205D862-02B6-4FD3-BA26-82D0BAB94424}C:usersmaarineappdataroamingcacaowebcacaoweb.exe » | In – Public – P6 – TRUE | .(…) — C:usersmaarineappdataroamingcacaowebcacaoweb.exe =>PUP.CacaoWeb
    O87 – FAEL: « UDP Query User{F6C2D4F4-83D9-431D-A2F9-640CC53C9DFC}C:usersmaarineappdataroamingcacaowebcacaoweb.exe » | In – Public – P17 – TRUE | .(…) — C:usersmaarineappdataroamingcacaowebcacaoweb.exe =>PUP.CacaoWeb
    ~ Firewall: 202 Legitimates Filtered in 00mn 02s

    —\ Enumère les codes produits des logiciels (PUC) (O90)
    O90 – PUC: « 112C48061A10E464790A9077E221B205 » . (.Moovida.) — C:WindowsInstaller{6084C211-01A1-464E-97A0-09772E122B50}ARPPRODUCTICON.exe =>Adware.SPointer
    O90 – PUC: « BA172DB42E6685D4FA8808EFB370074C » . (.Fissa.) — C:WindowsInstaller{4BD271AB-66E2-4D58-AF88-80FE3B0770C4}ARPPRODUCTICON.exe =>PUP.OfferBox
    ~ Update Products: 147 Legitimates Filtered in 00mn 00s

    —\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
    [MD5.AA54E9B868A06651B9271D93BF6776F8] [WIS][25/03/2011] (.Secure Digital Services – Moovida.) — C:WindowsInstaller1945710.msi [2633728] =>Adware.SPointer
    [MD5.B1954A21F896AA25E097683CDEB4DD8E] [WIS][25/03/2011] (.Secure Digital Services – Fissa.) — C:WindowsInstaller1945716.msi [1275392] =>Adware.SPointer
    [MD5.A4B00F9538946C89EC22D38250B68952] [WIS][13/01/2009] (.ATI – Catalyst Control Center.) — C:WindowsInstaller2761a.msi [1043968]
    [MD5.BF2728E25E93735A80C7065A83BD2188] [WIS][05/01/2014] (.Duuqu Group – Duuqu Update Helper.) — C:WindowsInstaller57414c.msi [22016] =>PUP.Duuqu
    [MD5.439E0735178094C34136EFC343AC4A7F] [WIS][28/12/2009] (.Nikon – Blank Project Template.) — C:WindowsInstaller5a8cd9.msi [8215040]
    ~ WIS: 158 Legitimates Filtered in 00mn 28s

    —\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
    SS – | Auto 27/06/2008 77824 | (AESTFilters) . (.Andrea Electronics Corporation.) – C:WindowsSystem32DriverStoreFileRepositorystwrt.inf_52c73ccbaestsrv.exe
    SS – | Auto 25/05/2011 37664 | (Apple Mobile Device) . (.Apple Inc..) – C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe
    SS – | Auto 31/12/2008 724992 | (Ati External Event Utility) . (.ATI Technologies Inc..) – C:WindowsSystem32Ati2evxx.exe
    SS – | Auto 06/04/2011 349472 | (Bonjour Service) . (.Apple Inc..) – C:Program FilesBonjourmDNSResponder.exe
    SS – | Auto 05/01/2014 143488 | C:Program Filesoptimi~1OptProCrash.exe (ca82e1a5) . (…) – C:Program FilesOptimizer ProOptProCrash.exe =>PUP.OptimizerPro
    SS – | Demand 19/11/2008 222512 | (Com4QLBEx) . (.Hewlett-Packard Development Company, L.P..) – C:Program FilesHewlett-PackardHP Quick Launch ButtonsCom4QLBEx.exe
    SS – | Demand 17/07/2009 250616 | (GameConsoleService) . (.WildTangent, Inc..) – C:Program FilesHP GamesMy HP Game ConsoleGameConsoleService.exe
    SS – | Auto 16/05/2009 133104 | (gupdate1c9d663f6690478) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
    SS – | Demand 16/05/2009 133104 | (gupdatem) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
    SS – | Demand 31/12/2013 194032 | (gusvc) . (.Google.) – C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
    SS – | Demand 23/10/2008 223232 | (hpqwmiex) . (.Hewlett-Packard Development Company, L.P..) – C:Program FilesHewlett-PackardSharedhpqwmiex.exe
    SS – | Auto 18/03/2008 19456 | (hpsrv) . (.Hewlett-Packard Corporation.) – C:WindowsSystem32Hpservice.exe
    SS – | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) – C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
    SS – | Demand 07/06/2011 820520 | (iPod Service) . (.Apple Inc..) – C:Program FilesiPodbiniPodService.exe
    SS – | Auto 09/06/2008 73728 | (LightScribeService) . (.Hewlett-Packard Company.) – C:Program FilesCommon FilesLightScribeLSSrvc.exe
    SS – | Auto 10/07/1658 0 | (Nero BackItUp Scheduler 4.0) . (…) – C:Program FilesCommon FilesNeroNero BackItUp 4NBService.exe
    SS – | Auto 17/12/2008 365952 | (Recovery Service for Windows) . (…) – C:Program FilesSMINSTBLService.exe
    SS – | Auto 15/09/2008 241734 | (RichVideo) . (…) – C:Program FilesCyberLinkShared filesRichVideo.exe
    SS – | Auto 05/01/2014 146920 | (savesenselive) . (.SaveSense.) – C:Program FilesSaveSenseLiveUpdateSaveSenseLive.exe =>PUP.SaveSense
    SS – | Demand 05/01/2014 146920 | (savesenselivem) . (.SaveSense.) – C:Program FilesSaveSenseLiveUpdateSaveSenseLive.exe =>PUP.SaveSense
    SS – | Auto 13/07/2012 160944 | (SkypeUpdate) . (.Skype Technologies.) – C:Program FilesSkypeUpdaterUpdater.exe
    SS – | Auto 16/12/2013 2905408 | (SProtection) . (.Iminent.) – C:Program FilesCommon FilesUmbrellaUmbrella.exe =>Adware.IMBooster
    SS – | Auto 26/10/2008 237657 | (STacSV) . (.IDT, Inc..) – C:WindowsSystem32DriverStoreFileRepositorystwrt.inf_52c73ccbSTacSV.exe
    SS – | Auto 16/12/2013 425792 | (WinkHandler) . (…) – C:Program FilesIminentWinkHandler.exe =>Adware.IMBooster
    SS – | Auto 05/01/2014 499856 | (Wpm) . (.Cherished Technololgy LIMITED.) – C:ProgramDataWPMwprotectmanager.exe =>PUP.WpManager

    SR – | Auto 01/01/2014 50344 | (avast! Antivirus) . (.AVAST Software.) – C:Program FilesAlwil SoftwareAvast5AvastSvc.exe
    SR – | Disabled 10/07/1658 0 | (avast! Firewall) . (…) – C:Program FilesAlwil SoftwareAvast5afwServ.exe
    SR – | Auto 21/01/2008 21504 | C:WindowsSystem32ezsvc7.dll (ezSharedSvc) . (.EasyBits Sofware AS.) – C:WindowsSystem32svchost.exe
    SR – | Auto 09/10/2008 94208 | (HP Health Check Service) . (.Hewlett-Packard.) – c:Program FilesHewlett-PackardHP Health Checkhphc_service.exe
    SR – | Auto 27/12/2013 491688 | (iSafeService) . (.Elex do Brasil Participações Ltda.) – C:Program FilesiSafeiSafeSvc.exe =>Trojan.Staser
    SR – | Auto 20/11/2013 66848 | (Update Bizzybolt) . (…) – C:Program FilesBizzyboltupdateBizzybolt.exe =>PUP.Bizzybolt
    SR – | Auto 21/01/2008 21504 | C:Program FilesWindows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SR – | Auto 21/01/2008 21504 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SR – | Auto 28/11/2008 87536 | ({55662437-DA8C-40c0-AADA-2C816A897A49}) . (.CyberLink Corp..) – C:Program FilesHewlett-PackardMediaDVD00.fcl

    ~ Services: Scanned in 00mn 31s

    —\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net » onclick= »window.open(this.href);return false;
    Run by Maarine at 05/01/2014 18:35:35

    device: opened successfully
    user: MBR read successfully

    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll acpi.sys ataport.SYS PCIIDEX.SYS msahci.sys
    C:Windowssystem32DRIVERShpdskflt.sys Hewlett-Packard Corporation Hewlett-Packard Corporation Mobile Data Protection System
    1 ntkrnlpa!IofCallDriver[0x828D420F] >> DeviceHarddisk0DR0[0x86B49AC8]
    5 hpdskflt[0x8BBAAF05] >> ntkrnlpa!IofCallDriver[0x828D420F] >> [0x86375F08]
    kernel: MBR read successfully
    user & kernel MBR OK

    ~ MBR: 15 Legitimates Filtered in 00mn 02s

    —\ Recherche d’infection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog » onclick= »window.open(this.href);return false;
    Run by Maarine at 05/01/2014 18:35:37

    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin

    ~ MBR: Scanned in 00mn 04s

    —\ Alert Messages
    WARNING : Adware.Navipromo/MagicControl found in registry or folder

    —\ Scan Additionnel (O88)
    Database Version : 13018 – (02/01/2014)
    Clés trouvées (Keys found) : 540
    Valeurs trouvées (Values found) : 6
    Dossiers trouvés (Folders found) : 71
    Fichiers trouvés (Files found) : 29

    Marine14
    Participant
    Nombre d'articles : 34

    [HKLMSoftwareGoogleChromeExtensionsbjeikeheijdjdfjbmknpefojickbkmom] =>PUP.OfferBox^
    [HKLMSoftwareGoogleChromeExtensionsdgbjdgnkkchgleommaaapafcigjjbnmg] =>PUP.Bizzybolt^
    [HKLMSoftwareGoogleChromeExtensionsdpicnlijpdlebkhpegfenfjpglinfdhm] =>PUP.OfferBox^
    [HKLMSoftwareGoogleChromeExtensionsgebbadcnkcgcfgpbmcdleckpejgopimf] =>PUP.CacaoWeb^
    [HKLMSoftwareGoogleChromeExtensionsifohbjbgfchkkfhphahclmkpgejiplfo] =>PUP.Elex^
    [HKLMSoftwareGoogleChromeExtensionsihflimipbcaljfnojhhknppphnnciiif] =>Adware.Facemoods^
    [HKLMSoftwareGoogleChromeExtensionsiknffkmlbmmhbnfhfnpopiembeecpokj] =>PUP.Facemoi^
    [HKLMSoftwareGoogleChromeExtensionskbjlipmgfoamgjaogmbihaffnpkpjajp] =>PUP.BubbleDock^
    [HKLMSoftwareGoogleChromeExtensionskhcceooakamlehbimaepcldnnlnkcmfk] =>PUP.SaveSense^
    [HKLMSoftwareGoogleChromeExtensionskngejcchcedjdemdaeneneeahmjnpaec] =>Adware.SPointer^
    [HKLMSoftwareGoogleChromeExtensionsleahdjjpjmnamomgpojikeapflgbmjab] =>PUP.CacaoWeb^
    [HKLMSoftwareGoogleChromeExtensionslicjnkifamhpbaefhdpacpmihicfbomb] =>Adware.PricePeep^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{0F21B1E5-5AFC-43C9-9C66-515046E92EC2}] =>PUP.SaveSense^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{11111111-1111-1111-1111-110411391160}] =>PUP.CrossRider^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{13070AF0-BC6C-4185-8BAA-40A4CF05B323}] =>PUP.Bizzybolt^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{1631550F-191D-4826-B069-D9439253D926}] =>Adware.PriceGong^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{258C9770-1713-4021-8D7E-1F184A2BD754}] =>Adware.ShoppingReport^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E2A7BD67-0EAF-497F-B05B-748D7BF3C421}] =>Adware.SPointer^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{F78E6501-B9DE-48B9-B86C-6DA8542CCC4E}] =>Toolbar.Conduit^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}] =>Adware.SPointer^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}] =>Adware.PricePeep^
    [HKLMSYSTEMCurrentControlSetServicesca82e1a5] =>PUP.OptimizerPro^
    [HKLMSYSTEMCurrentControlSetServicesiSafeService] =>Trojan.Staser^
    [HKLMSYSTEMCurrentControlSetServicessavesenselive) (savesenselive] =>PUP.SaveSense^
    [HKLMSYSTEMCurrentControlSetServicesSProtection] =>Adware.IMBooster^
    [HKLMSYSTEMCurrentControlSetServicesUpdate Bizzybolt] =>PUP.Bizzybolt^
    [HKLMSYSTEMCurrentControlSetServicesWinkHandler] =>Adware.IMBooster^
    [HKLMSYSTEMCurrentControlSetServicesWpm] =>PUP.WpManager^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstallBizzybolt] =>PUP.Bizzybolt^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] =>PUP.Duuqu^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstallFREEzeFrogSA] =>Adware.FreezeFrog^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstallkfcrp] =>Adware.Favorit^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{4BD271AB-66E2-4D58-AF88-80FE3B0770C4}] =>Adware.SPointer^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstallIMBoosterARP] =>Adware.IMBooster^
    [HKCUSoftwareMicrosoftWindowsCurrentVersionUninstalllollipop] =>Adware.Lollipop^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstallPriceGong] =>Adware.PriceGong^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstallPricePeep] =>Adware.PricePeep^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstallSaveSense] =>PUP.SaveSense^
    [HKCUSoftwareMicrosoftWindowsCurrentVersionUninstallSaveSense] =>PUP.SaveSense^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstallShoppingReport2] =>Adware.ShopperReports^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstallShopperReportsSA] =>Adware.ShopperReports^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstallWPM] =>PUP.WpManager^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstalliSafe] =>Trojan.Staser^
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{00A6FAF1-072E-44CF-8957-5838F569A31D}] =>Adware.MyWebSearch
    [HKLMSoftwareClassesTypeLib{02AED140-2B62-4B49-8B3B-179020CC39B9}] =>Adware.ShopperReports
    [HKLMSoftwareClassesInterface{030C9927-10FC-4169-97A2-55BECD5D88D8}] =>Adware.SmartShopper
    [HKLMSoftwareClassesTypeLib{03d7ff6e-9781-40b5-bb7f-94291a361604}] =>Adware.Hotbar
    [HKLMSoftwareClassesTypeLib{0729f461-8054-47dc-8d39-a31b61cc0119}] =>Adware.Zango
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{07b18ea1-a523-4961-b6bb-170de4475cca}] =>Adware.MyWebSearch
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{07B18EA9-A523-4961-B6BB-170DE4475CCA}] =>Adware.MyWebSearch
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{07b18eab-a523-4961-b6bb-170de4475cca}] =>Adware.MyWebSearch
    [HKLMSoftwareClassesCLSID{09325003-167C-483d-A4BA-8B3122ABB432}] =>Adware.ShopperReports
    [HKLMSoftwareClassesAppID{09C554C3-109B-483C-A06B-F14172F1A947}] =>PUP.Babylon
    [HKLMSoftwareClassesTypeLib{09C554C3-109B-483C-A06B-F14172F1A947}] =>PUP.Babylon
    [HKLMSoftwareClassesAppID{0D82ACD6-A652-4496-A298-2BDE705F4227}] =>Adware.ClickPotato
    [HKLMSoftwareClassesInterface{0EB3F101-224A-4B2B-9E5B-DF720857529C}] =>Adware.ShopperReports
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{100EB1FD-D03E-47fd-81F3-EE91287F9465}] =>Adware.ShopperReports
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{100EB1FD-D03E-47fd-81F3-EE91287F9465}] =>Adware.ShopperReports
    [HKLMSoftwareClassesCLSID{100EB1FD-D03E-47fd-81F3-EE91287F9465}] =>Adware.ShopperReports
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer
    [HKLMSoftwareClassesCLSID{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer
    [HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer
    [HKLMSoftwareClassesCLSID{14113b47-d59c-4f0f-9d10-ff1730265584}] =>Adware.Hotbar
    [HKLMSoftwareClassesCLSID{147a976f-eee1-4377-8ea7-4716e4cdd239}] =>Adware.MyWebSearch
    [HKLMSoftwareClassesTypeLib{14816CF6-426C-40D7-904C-E5600F015EC2}] =>PUP.OfferBox
    [HKLMSoftwareClassesTypeLib{148e1447-c728-48fd-beec-a7d06c5fff58}] =>Adware.Hotbar
    [HKLMSoftwareClassesInterface{15FD8424-D12A-4C51-8C6C-D5D57B80F781}] =>Adware.Hotbar
    [HKLMSoftwareClassesCLSID{1602F07D-8BF3-4c08-BDD6-DDDB1C48AEDC}] =>Adware.ClickPotato
    [HKLMSoftwareMicrosoftWindowsCurrentVersionExtPreApproved{1602F07D-8BF3-4c08-BDD6-DDDB1C48AEDC}] =>Adware.ClickPotato
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{1631550F-191D-4826-B069-D9439253D926}] =>Adware.PriceGong
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{1631550F-191D-4826-B069-D9439253D926}] =>Adware.PriceGong
    [HKLMSoftwareClassesCLSID{1631550F-191D-4826-B069-D9439253D926}] =>Adware.PriceGong
    [HKLMSoftwareClassesInterface{17BF1E05-C0E8-413C-BD1F-A481EEA3B8E9}] =>Adware.ShopperReports
    [HKLMSoftwareClassesInterface{1B97A696-5576-43AC-A73B-E1D2C78F21E8}] =>Adware.PricePeep
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}] =>Adware.MyWebSearch
    [HKLMSoftwareMicrosoftCode Store DatabaseDistribution Units{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}] =>Adware.MyWebSearch
    [HKLMSoftwareClassesCLSID{20EA9658-6BC3-4599-A87D-6371FE9295FC}] =>Adware.ShopperReports
    [HKLMSoftwareClassesInterface{21BA420E-161C-413A-B21E-4E42AE1F4226}] =>Adware.ClickPotato
    [HKLMSoftwareClassesInterface{2447e305-5e90-42a8-bd1e-0bc333b807e1}] =>Adware.Hotbar
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{25560540-9571-4d7b-9389-0f166788785a}] =>Adware.MyWebSearch
    [HKLMSoftwareClassesInterface{2557DD3F-23A0-477C-BCD8-90FD0AECC4B8}] =>Adware.Zango
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{258c9770-1713-4021-8d7e-1f184a2bd754}] =>Adware.SmartShopper
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{258c9770-1713-4021-8d7e-1f184a2bd754}] =>Adware.SmartShopper
    [HKLMSoftwareClassesCLSID{258c9770-1713-4021-8d7e-1f184a2bd754}] =>Adware.SmartShopper
    [HKLMSoftwareClassesCLSID{2721A8E5-BFDB-4562-9912-9E0531CA616C}] =>Adware.ShopperReports
    [HKLMSoftwareClassesTypeLib{282D18C0-5424-44F4-A531-55F9AC5B8FD8}] =>PUP.OfferBox
    [HKLMSoftwareClassesInterface{2893116C-A176-42B1-8794-DA8C9FC45564}] =>Adware.Zango
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{2aa2fbf8-9c76-4e97-a226-25c5f4ab6358}] =>Adware.Zango
    [HKCUSoftwareMicrosoftInternet ExplorerExplorer Bars{2aa2fbf8-9c76-4e97-a226-25c5f4ab6358}] =>Adware.Zango
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{2aa2fbf8-9c76-4e97-a226-25c5f4ab6358}] =>Adware.Zango
    [HKLMSoftwareClassesCLSID{2aa2fbf8-9c76-4e97-a226-25c5f4ab6358}] =>Adware.Zango
    [HKLMSoftwareMicrosoftInternet ExplorerExplorer Bars{2aa2fbf8-9c76-4e97-a226-25c5f4ab6358}] =>Adware.Zango
    [HKLMSoftwareClassesCLSID{2d00aa2a-69ef-487a-8a40-b3e27f07c91e}] =>Adware.Zango
    [HKLMSoftwareClassesInterface{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc}] =>Adware.MyWebSearch
    [HKLMSoftwareClassesCLSID{2f9ad413-2e0b-4a85-bb2a-cf961238262a}] =>Adware.Hotbar
    [HKLMSoftwareClassesInterface{30B15818-E110-4527-9C05-46ACE5A3460D}] =>Adware.ClickPotato
    [HKLMSoftwareClassesAppID{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}] =>Adware.PricePeep
    [HKLMSoftwareClassesCLSID{396CFC12-932D-496b-A0A8-5D7201E105E1}] =>Adware.ShopperReports
    [HKLMSoftwareClassesTypeLib{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}] =>Adware.PricePeep
    [HKLMSoftwareClassesCLSID{3C471948-F874-49F5-B338-4F214A2EE0B1}] =>Adware.iWinArcade
    [HKLMSoftwareClassesInterface{3ceb04ab-08af-45f4-81b4-70d13c1f7b85}] =>Adware.Hotbar
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{3dc201fb-e9c9-499c-a11f-23c360d7c3f8}] =>Adware.MyWebSearch
    [HKLMSoftwareClassesCLSID{3E2DFD6A-4E20-4D4C-AA8B-E1F9DBEF3C80}] =>Adware.ShopperReports
    [HKLMSoftwareClassesInterface{40ca90f3-4098-4877-ae87-23eb612b18c7}] =>Adware.Zango
    [HKLMSoftwareClassesInterface{419EDA30-6DFF-432C-B534-E15D899ABEE4}] =>Adware.ClickPotato
    [HKLMSoftwareClassesInterface{453db0c5-f41c-4d97-8dd6-cc72ecd5f699}] =>Adware.ClickPotato
    [HKLMSoftwareClassesInterface{4AFC07D0-59BB-46B8-B097-1A46E88EEF71}] =>Adware.ClickPotato
    [HKCUSoftwareMicrosoftWindowsCurrentVersionApp ManagementARPCache{4BD271AB-66E2-4D58-AF88-80FE3B0770C4}] =>PUP.OfferBox
    [HKLMSoftwareClassesInterface{4c3b62af-ca25-4fba-8405-32e44f83bb6f}] =>Adware.Zango
    [HKLMSoftwareClassesCLSID{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE}] =>Adware.Hotbar
    [HKLMSoftwareMicrosoftWindowsCurrentVersionExtPreApproved{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE}] =>Adware.Hotbar
    [HKLMSoftwareClassesAppID{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon
    [HKLMSoftwareClassesTypeLib{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon
    [HKLMSoftwareClassesCLSID{4E674574-3F0B-491d-8AE3-F90B43A34FD6}] =>Adware.Hotbar
    [HKLMSoftwareMicrosoftWindowsCurrentVersionExtPreApproved{4E674574-3F0B-491d-8AE3-F90B43A34FD6}] =>Adware.Hotbar
    [HKLMSoftwareClassesInterface{50d2fdcc-2707-49cb-8223-7fe0424909aa}] =>Adware.Hotbar
    [HKLMSoftwareClassesInterface{542FA950-C57A-4E17-B3E1-D935DFE15DEE}] =>Adware.Facemoods
    [HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{56256a51-b582-467e-b8d4-7786eda79ae0}] =>Adware.AdRotator
    [HKLMSoftwareMicrosoftInternet ExplorerSearchScopes{56256a51-b582-467e-b8d4-7786eda79ae0}] =>Adware.AdRotator
    [HKLMSoftwareClassesTypeLib{573F4ABB-A1A2-44ED-9BA9-A8DAD40AAC46}] =>Adware.ShopperReports
    [HKLMSoftwareClassesCLSID{58EFBE9C-4621-4d79-90E7-8BEE265CA951}] =>Adware.ShopperReports
    [HKLMSoftwareClassesInterface{5a635a91-c303-45c9-8db9-f759d98a3b9d}] =>Adware.Zango
    [HKLMSoftwareClassesInterface{5B035F86-41B5-40F1-AAAD-3D219F30244E}] =>Adware.Facemoods
    [HKLMSoftwareClassesAppID{5B1881D1-D9C7-46df-B041-1E593282C7D0}] =>Adware.BullseyeToolbar
    [HKLMSoftwareMicrosoftInternet ExplorerLow RightsElevationPolicy{5DB24F50-8C65-4772-9844-47FE8701BE57}] =>Toolbar.Agent
    [HKLMSoftwareClassesTypeLib{5FE0CEAE-CB69-40AF-A323-40F94257DACB}] =>Adware.ShopperReports
    [HKCUSoftwareMicrosoftWindowsCurrentVersionApp ManagementARPCache{6084C211-01A1-464E-97A0-09772E122B50}] =>Adware.SPointer
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{6084C211-01A1-464E-97A0-09772E122B50}] =>Adware.SPointer
    [HKLMSoftwareClassesCLSID{60DA826C-B1C6-4358-BDEC-4837CED45470}] =>Adware.ShopperReports
    [HKLMSoftwareClassesInterface{618aad04-921f-44c2-be38-c0818af69861}] =>Adware.Hotbar
    [HKLMSoftwareClassesCLSID{62906e60-bce2-4e1b-9ed0-8b9042ee15e4}] =>Adware.Hotbar
    [HKLMSoftwareClassesInterface{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}] =>Adware.Facemoods
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c}] =>Adware.MyWebSearch
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{64182481-4F71-486b-A045-B233BD0DA8FC}] =>Adware.Facemoods
    [HKLMSoftwareClassesCLSID{64182481-4F71-486b-A045-B233BD0DA8FC}] =>Adware.Facemoods
    [HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{64182481-4F71-486b-A045-B233BD0DA8FC}] =>Adware.Facemoods
    [HKLMSoftwareClassesInterface{6511ce4c-4722-40d0-ad3d-4afa2f50978a}] =>Adware.ShopperReports
    [HKLMSoftwareClassesInterface{65A16874-2ED0-460E-A547-5FE2EC3A13A7}] =>Adware.ShopperReports
    [HKLMSoftwareClassesInterface{6612AFDD-34AD-4B89-A236-7E6D07C3FDCD}] =>PUP.OfferBox
    [HKLMSoftwareClassesInterface{67b3becf-7b6f-42b2-99f0-f7656f89cffa}] =>Adware.Zango
    [HKLMSoftwareMicrosoftInternet ExplorerLow RightsElevationPolicy{68B81CCD-A80C-4060-8947-5AE69ED01199}] =>Adware.IMBooster
    [HKLMSoftwareMicrosoftWindowsCurrentVersionExtPreApproved{69725738-cd68-4f36-8d02-8c43722ee5da}] =>Adware.Hotbar
    [HKLMSoftwareClassesInterface{6A934270-717F-4BC3-BA59-BC9BED47A8D2}] =>Adware.Facemoods
    [HKLMSoftwareClassesCLSID{6DD76B7B-6423-4df0-9A07-84A6CAD973A0}] =>Adware.ShopperReports
    [HKLMSoftwareClassesTypeLib{6F098504-CDB1-420F-A2E6-DDC0B835FEDF}] =>Adware.Hotbar
    [HKLMSoftwareClassesAppID{7025E484-D4B0-441a-9F0B-69063BD679CE}] =>Adware.ClickPotato
    [HKLMSoftwareClassesCLSID{70880ce6-308c-4204-a89e-b266c3f7b7fa}] =>Adware.Softomate
    [HKLMSoftwareClassesCLSID{714E0876-FCEE-49CE-A429-B9AD8AEFCB56}] =>Adware.ShopperReports
    [HKLMSoftwareClassesInterface{715ffd42-4e05-4eab-9513-c8daa5395ae2}] =>Adware.Hotbar
    [HKLMSoftwareClassesInterface{71E02280-5212-45C3-B174-4D5A35DA254F}] =>Adware.ShopperReports
    [HKLMSoftwareClassesCLSID{71f731b3-008b-4052-9ea4-4145acce40c3}] =>Adware.Zango
    [HKLMSoftwareClassesInterface{741de825-a6f0-4497-9aa6-8023cf9b0fff}] =>Adware.MyWebSearch
    [HKLMSoftwareClassesInterface{74C012C4-00FB-4F04-9AFB-4AD5449D2018}] =>Adware.Facemoods
    [HKLMSoftwareClassesCLSID{74C22317-5B90-471f-9AD2-FEC049870A16}] =>Adware.ShopperReports
    [HKLMSoftwareClassesInterface{759d6f7c-8d30-45b6-abea-fa51c190eed5}] =>Adware.Hotbar
    [HKLMSoftwareClassesInterface{75BF416E-4326-45B5-8A2D-AE32D05B930B}] =>Adware.PricePeep
    [HKLMSoftwareClassesCLSID{761f6a83-f007-49e4-8eac-cdb6808ef06f}] =>PUP.Eorezo
    [HKLMSoftwareClassesCLSID{76c45b18-a29e-43ea-aaf8-af55c2e1ae17}] =>PUP.Eorezo
    [HKLMSoftwareClassesTypeLib{76d54105-99eb-4ecb-95b2-a944f50cc566}] =>Adware.Hotbar
    [HKLMSoftwareClassesCLSID{7935436E-8F14-4C84-9ECF-BEB791296619}] =>Adware.ShopperReports
    [HKLMSoftwareClassesInterface{7935436E-8F14-4C84-9ECF-BEB791296619}] =>Adware.ShopperReports
    [HKLMSoftwareClassesInterface{79B13431-CCAC-4097-8889-D0289E5E924F}] =>Adware.Facemoods
    [HKLMSoftwareClassesCLSID{7A3D6D17-9DD5-4C60-8076-D1784DABAF8C}] =>Adware.ClickPotato
    [HKLMSoftwareClassesInterface{7CF4E72E-C9C0-4CA8-A039-1F5BAD426CCE}] =>Adware.BHO
    [HKLMSoftwareClassesInterface{7e335d04-2e6e-4d0e-a921-c3d9192e7121}] =>Adware.Zango
    [HKLMSoftwareClassesCLSID{7F6CFB6A-9227-4bb8-B941-F2B067E76F51}] =>Adware.ShopperReports
    [HKLMSoftwareClassesTypeLib{814BAA91-DC22-4350-87D6-0C86E93F7F08}] =>Adware.ClickPotato
    [HKLMSoftwareClassesInterface{81B32B9F-AFDC-4F7E-8F13-E39BB8ECF638}] =>Adware.BHO
    [HKLMSoftwareClassesAppID{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D}] =>Adware.ClickPotato
    [HKLMSoftwareClassesTypeLib{8292078f-f6e9-412b-8eb1-360c05c5ece5}] =>Adware.Hotbar
    [HKLMSoftwareClassesAppID{835315FC-1BF6-4CA9-80CD-F6C158D40692}] =>Adware.PriceGong
    [HKLMSoftwareClassesInterface{83b2fe06-ba20-4f7d-96c6-6fc3a4e877d3}] =>Adware.SmartShopper
    [HKLMSoftwareClassesInterface{878ce013-7ba9-4650-a78c-b2234c0c1648}] =>Adware.Hotbar
    [HKLMSoftwareMicrosoftWindowsCurrentVersionExtPreApproved{89F88394-3828-4d03-A0CF-8203604C3DA6}] =>Adware.Hotbar
    [HKLMSoftwareClassesInterface{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}] =>Adware.ShopperReports
    [HKLMSoftwareClassesTypeLib{8B3372D0-09F0-41A5-8D9B-134E148672FB}] =>Adware.PriceGong
    [HKLMSoftwareClassesInterface{8ee46f55-1ce1-4db9-811a-68938ec7f3dd}] =>Adware.Hotbar
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}] =>Adware.Zango
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}] =>Adware.Zango
    [HKLMSoftwareClassesCLSID{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}] =>Adware.Zango
    [HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}] =>Adware.Zango
    [HKLMSoftwareClassesInterface{925C24DC-0C0B-4AE7-98F5-18252822C89C}] =>Adware.BHO
    [HKLMSoftwareClassesCLSID{96ef404c-24c7-43d0-9096-4ccc8bb7ccac}] =>PUP.Eorezo
    [HKLMSoftwareClassesCLSID{97720195-206a-42ae-8e65-260b9ba5589f}] =>PUP.Eorezo
    [HKLMSoftwareClassesCLSID{97d69524-bb57-4185-9c7f-5f05593b771a}] =>PUP.Eorezo
    [HKLMSoftwareClassesInterface{981334CB-7B8B-431F-B86D-67B7426B125B}] =>Adware.Facemoods
    [HKLMSoftwareClassesCLSID{986f7a5a-9676-47e1-8642-f41f8c3fcf82}] =>PUP.Eorezo
    [HKLMSoftwareClassesInterface{99ccfb8c-6380-4a14-8fdd-ef3e7e95335d}] =>Adware.Zango
    [HKLMSoftwareClassesInterface{99fdca0c-7380-4e9c-8d99-5dc4750334ef}] =>Adware.Zango
    [HKLMSoftwareClassesInterface{9a4a64a4-a2fb-48fa-9bba-1ac50267695d}] =>Adware.180Solutions
    [HKLMSoftwareClassesInterface{9bec9b38-bf39-4899-806e-a1c5dfeb60a2}] =>Adware.SmartShopper
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{9ff05104-b030-46fc-94b8-81276e4e27df}] =>Adware.MyWebSearch
    [HKLMSoftwareClassesCLSID{A078F691-9C07-4AF2-BF43-35E79EECF8B7}] =>Adware.Softomate
    [HKLMSoftwareMicrosoftInternet ExplorerLow RightsElevationPolicy{A078F691-9C07-4AF2-BF43-35E79EECF8B7}] =>Adware.Softomate
    [HKLMSoftwareMicrosoftWindowsCurrentVersionExtPreApproved{A078F691-9C07-4AF2-BF43-35E79EECF8B7}] =>Adware.Softomate
    [HKLMSoftwareClassesCLSID{A16AD1E9-F69A-45af-9462-B1C286708842}] =>Adware.ShopperReports
    [HKLMSoftwareClassesInterface{a1f1ecd3-4806-44c6-a869-f0dadf11c57c}] =>Adware.SmartShopper
    [HKLMSoftwareClassesCLSID{a3e67daa-da01-4da5-98be-3088b554a11e}] =>Adware.Hotbar
    [HKLMSoftwareMicrosoftWindowsCurrentVersionExtPreApproved{a3e67daa-da01-4da5-98be-3088b554a11e}] =>Adware.Hotbar
    [HKLMSoftwareClassesTypeLib{a57470de-14c7-4fcd-9d4c-e5711f24f0ed}] =>Adware.Zango
    [HKLMSoftwareClassesCLSID{A5B99E41-E157-4209-8AAC-DB003A816079}] =>Adware.BullseyeToolbar
    [HKLMSoftwareClassesInterface{a7213d71-47e1-4832-92d7-d61dfe9f231f}] =>Adware.Hotbar
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}] =>Adware.ShopperReports
    [HKCUSoftwareMicrosoftInternet ExplorerExplorer Bars{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}] =>Adware.ShopperReports
    [HKLMSoftwareClassesCLSID{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}] =>Adware.ShopperReports
    [HKLMSoftwareClassesCLSID{A7E8C343-7860-4A95-9AA8-AAF30D0F6D1E}] =>PUP.OfferBox
    [HKLMSoftwareClassesInterface{a87dfd99-cf81-4241-85ce-881e0026b686}] =>Adware.Hotbar
    [HKLMSoftwareClassesAppID{A89256AD-EC17-4a83-BEF5-4B8BC4F39306}] =>Adware.ClickPotato
    [HKLMSoftwareClassesInterface{A9379648-F6EB-4F65-A624-1C10411A15D0}] =>Adware.Facemoods
    [HKLMSoftwareClassesCLSID{AB0EE208-DF60-4fa7-A617-C4269760033E}] =>Adware.ShopperReports
    [HKLMSoftwareClassesCLSID{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5}] =>Adware.ClickPotato
    [HKLMSoftwareMicrosoftWindowsCurrentVersionExtPreApproved{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5}] =>Adware.ClickPotato
    [HKLMSoftwareClassesTypeLib{ACC62306-9A63-4864-BD2F-C8825D2D7EA6}] =>Adware.ClickPotato
    [HKLMSoftwareClassesCLSID{AD20D01C-C939-4DD2-8C55-56935A48987E}] =>Adware.BullseyeToolbar
    [HKLMSoftwareClassesAppID{AD25754E-D76C-42B3-A335-2F81478B722F}] =>Adware.BullseyeToolbar
    [HKLMSoftwareClassesTypeLib{AD25754E-D76C-42B3-A335-2F81478B722F}] =>Adware.BullseyeToolbar
    [HKLMSoftwareClassesInterface{aebf09e2-0c15-43c8-99bf-928c645d98a0}] =>Adware.ShopperReports
    [HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
    [HKLMSoftwareMicrosoftInternet ExplorerSearchScopes{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
    [HKLMSoftwareClassesTypeLib{b035ba6b-57cd-4f72-b545-65be465fcaf6}] =>Adware.SmartShopper
    [HKLMSoftwareClassesCLSID{b0cb585f-3271-4e42-88d9-ae5c9330d554}] =>Adware.Zango
    [HKLMSoftwareClassesAppID{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>PUP.Babylon
    [HKLMSoftwareClassesTypeLib{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>PUP.Babylon
    [HKLMSoftwareClassesCLSID{b18788a4-92bd-440e-a4d1-380c36531119}] =>PUP.Eorezo
    [HKLMSoftwareClassesInterface{b1d9f4b1-b9ff-463f-bf15-ab9cb26160f7}] =>Adware.Zango
    [HKLMSoftwareClassesInterface{b20d7add-989c-4bc0-a797-f6fe7998efd7}] =>Adware.Zango
    [HKLMSoftwareClassesInterface{b32966a2-f7c2-4362-a6cf-399ec8b44110}] =>Adware.SmartShopper
    [HKLMSoftwareClassesCLSID{B3DBB2D5-5F06-4EC2-904D-812ECE520509}] =>Adware.ShopperReports
    [HKLMSoftwareClassesInterface{B3DBB2D5-5F06-4EC2-904D-812ECE520509}] =>Adware.ShopperReports
    [HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{b41306c6-96d0-442a-bcc4-b0f621e82ce9}] =>PUP.OfferBox
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE}] =>Adware.ClickPotato
    [HKLMSoftwareMicrosoftInternet Explorerextensions{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE}] =>Adware.ClickPotato
    [HKLMSoftwareMicrosoftWindowsCurrentVersionExtPreApproved{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE}] =>Adware.ClickPotato
    [HKLMSoftwareClassesInterface{b5d2ed96-62f9-4c2c-956d-e425b1f67337}] =>Adware.Hotbar
    [HKLMSoftwareClassesInterface{b86d82bf-d39f-439a-a07c-43eddc6f6ea6}] =>Adware.ShopperReports
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}] =>Adware.ShopperReports
    [HKCUSoftwareMicrosoftInternet ExplorerExplorer Bars{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}] =>Adware.ShopperReports
    [HKLMSoftwareClassesCLSID{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}] =>Adware.ShopperReports
    [HKLMSoftwareClassesInterface{bfc20a15-b0ac-44cc-a25a-a7039014ba9f}] =>Adware.Zango
    [HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}] =>Adware.IMBooster
    [HKLMSoftwareMicrosoftInternet ExplorerSearchScopes{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}] =>Adware.IMBooster
    [HKLMSoftwareClassesCLSID{C1089F63-7AFC-4538-B0EB-BEA0F4225A57}] =>Adware.ShopperReports
    [HKLMSoftwareClassesInterface{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}] =>Adware.Facemoods
    [HKLMSoftwareClassesCLSID{C4A743DE-EAAC-4cd0-9BF6-378E8141868B}] =>Adware.ShopperReports
    [HKLMSoftwareMicrosoftWindowsCurrentVersionExtPreApproved{C4A743DE-EAAC-4cd0-9BF6-378E8141868B}] =>Adware.ShopperReports
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{C5428486-50A0-4A02-9D20-520B59A9F9B2}] =>Adware.ShopperReports
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{C5428486-50A0-4A02-9D20-520B59A9F9B3}] =>Adware.ShopperReports
    [HKLMSoftwareClassesTypeLib{C55CA95C-324B-451C-B2D2-6E895AA75FEC}] =>Adware.ClickPotato
    [HKLMSoftwareClassesTypeLib{c62a9e79-2b52-439b-af57-2e60bb06e86c}] =>Adware.Hotbar
    [HKLMSoftwareClassesInterface{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}] =>PUP.Babylon
    [HKLMSoftwareClassesInterface{c96b9fae-a032-4100-bb47-32ef05e28be4}] =>Adware.Hotbar
    [HKLMSoftwareClassesCLSID{C9CCBB35-D123-4a31-AFFC-9B2933132116}] =>Adware.ShopperReports
    [HKLMSoftwareClassesInterface{CA1BC665-4B6B-435C-80C1-0E12D993ED49}] =>Adware.BHO
    [HKLMSoftwareClassesCLSID{CC7BD6F1-565C-47ce-A5BB-9C935E77B59D}] =>Adware.ShopperReports
    [HKLMSoftwareClassesTypeLib{cdc73256-a88d-4642-844e-a8f20b76789c}] =>Adware.Hotbar
    [HKLMSoftwareClassesTypeLib{cdca70d8-c6a6-49ee-9bed-7429d6c477a2}] =>Adware.ShopperReports
    [HKLMSoftwareClassesInterface{cf54be1c-9359-4395-8533-1657cf209cfe}] =>Adware.MyWebSearch
    [HKLMSoftwareClassesInterface{cf82f350-e1c4-4916-ac12-ba73db60afb7}] =>Adware.Hotbar
    [HKLMSoftwareClassesCLSID{CFC16189-8A92-4a29-A940-60248385F426}] =>Adware.ShopperReports
    [HKLMSoftwareClassesInterface{d1063603-f045-475f-afbc-8cba7d5797fb}] =>Adware.Hotbar
    [HKLMSoftwareClassesTypeLib{d136987f-e1c4-4ccc-a220-893df03ec5df}] =>Adware.ShopperReports
    [HKLMSoftwareClassesAppID{D2083641-E57F-4eab-BB85-0582424F4A29}] =>Adware.Hotbar
    [HKLMSoftwareClassesCLSID{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}] =>Adware.PriceGong
    [HKLMSoftwareClassesInterface{d3a412e8-1e4b-47d2-9b12-f88291f5afbb}] =>Adware.Hotbar
    [HKLMSoftwareMicrosoftWindowsCurrentVersionExtPreApproved{D4233F04-1789-483c-A137-731E8F113DD5}] =>Adware.Hotbar
    [HKLMSoftwareClassesTypeLib{D44FD6F0-9746-484E-B5C4-C66688393872}] =>Adware.ShopperReports
    [HKLMSoftwareClassesTypeLib{d518921a-4a03-425e-9873-b9a71756821e}] =>Adware.MyWebSearch
    [HKLMSoftwareClassesInterface{D5AB027D-C91A-4324-8C78-12CF1A588C48}] =>PUP.OfferBox
    [HKLMSoftwareClassesAppID{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon
    [HKLMSoftwareClassesTypeLib{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon
    [HKLMSoftwareClassesInterface{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}] =>Adware.ShopperReports
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{D95C7240-0282-4C01-93F5-673BCA03DA86}] =>Adware.Hotbar
    [HKLMSoftwareClassesCLSID{D95C7240-0282-4C01-93F5-673BCA03DA86}] =>Adware.Hotbar
    [HKLMSoftwareMicrosoftWindowsCurrentVersionExtPreApproved{D95C7240-0282-4C01-93F5-673BCA03DA86}] =>Adware.Hotbar
    [HKLMSoftwareClassesInterface{da6305b9-0869-4235-8c1d-533a65e639e5}] =>Adware.ClickPotato
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{DB38E21A-0133-419d-92AD-ECDFD5244D6D}] =>Adware.ShopperReports
    [HKLMSoftwareMicrosoftInternet Explorerextensions{DB38E21A-0133-419d-92AD-ECDFD5244D6D}] =>Adware.ShopperReports
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}] =>Adware.BullseyeToolbar
    [HKLMSoftwareClassesCLSID{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}] =>Adware.BullseyeToolbar
    [HKLMSoftwareClassesCLSID{DCE997C8-5920-4c09-99EE-59F46634FE2C}] =>Adware.ShopperReports
    [HKLMSoftwareMicrosoftWindowsCurrentVersionExtPreApproved{DCE997C8-5920-4c09-99EE-59F46634FE2C}] =>Adware.ShopperReports
    [HKLMSoftwareClassesCLSID{DD15BCC0-5FE9-4690-A957-99FA60ED9D26}] =>Adware.SmartShopper
    [HKLMSoftwareClassesCLSID{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}] =>Adware.BullseyeToolbar
    [HKLMSoftwareClassesCLSID{DEE758B4-C3FB-4a5b-9939-848B9C77A2FB}] =>Adware.ShopperReports
    [HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{E08A9998-D98F-476f-8F5C-37C80FE0A4DA}] =>Toolbar.Conduit
    [HKLMSoftwareClassesCLSID{E12AEAB6-7D12-4c07-8E36-5892EFB4DAFB}] =>Adware.ShopperReports
    [HKLMSoftwareClassesInterface{E25DA6D6-C365-46CF-ABAF-DC5893135D7A}] =>Adware.ShopperReports
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{E2A7BD67-0EAF-497f-B05B-748D7BF3C421}] =>Adware.SPointer
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{E2A7BD67-0EAF-497f-B05B-748D7BF3C421}] =>Adware.SPointer
    [HKLMSoftwareClassesCLSID{E2A7BD67-0EAF-497f-B05B-748D7BF3C421}] =>Adware.SPointer
    [HKLMSoftwareClassesCLSID{E2F2C137-A782-4fb5-81AF-086156F5EB0A}] =>Adware.ShopperReports
    [HKLMSoftwareClassesTypeLib{e343edfc-1e6c-4cb5-aa29-e9c922641c80}] =>Adware.ShopperReports
    [HKLMSoftwareClassesInterface{E5DB89B8-5BE1-461C-A7EF-89B68211889D}] =>PUP.OfferBox
    [HKLMSoftwareClassesInterface{e6961c59-cfce-4ccd-b794-bc78db98413a}] =>Adware.ShopperReports
    [HKLMSoftwareMicrosoftInternet ExplorerLow RightsElevationPolicy{E6B969FB-6D33-48d2-9061-8BBD4899EB08}] =>Adware.IMBooster
    [HKLMSoftwareClassesCLSID{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}] =>Adware.BullseyeToolbar
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{EB620C54-E229-4942-87CE-E717109FC8C6}] =>Adware.ShopperReports
    [HKLMSoftwareMicrosoftInternet Explorerextensions{EB620C54-E229-4942-87CE-E717109FC8C6}] =>Adware.ShopperReports
    [HKLMSoftwareClassesTypeLib{ED85AEBE-F834-4088-B5D3-97EB2478A6CD}] =>PUP.OfferBox
    [HKLMSoftwareMicrosoftInternet ExplorerLow RightsElevationPolicy{EDDBB5EE-BB64-4bfc-9DBE-E7C85941335B}] =>PUP.Zwangi
    [HKLMSoftwareClassesInterface{f019aec4-4c95-46de-a107-e302473e3b9a}] =>Adware.Zango
    [HKLMSoftwareClassesInterface{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}] =>Adware.Facemoods
    [HKLMSoftwareClassesTypeLib{F1A1892C-2A6C-4817-98B4-FF81443CBA20}] =>Adware.ShopperReports
    [HKLMSoftwareClassesCLSID{F1D06C9F-51F0-4476-BEDE-5DDF91BE304E}] =>Adware.ShopperReports
    [HKLMSoftwareClassesTypeLib{f244a744-534d-4a46-855f-c0c7e9f27daa}] =>Adware.SmartShopper
    [HKLMSoftwareClassesCLSID{F3A32DF2-7413-4fb1-B575-1AC920A17B76}] =>Adware.ShopperReports
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{f78e6501-b9de-48b9-b86c-6da8542ccc4e}] =>Toolbar.Conduit
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{f78e6501-b9de-48b9-b86c-6da8542ccc4e}] =>Toolbar.Conduit
    [HKLMSoftwareClassesCLSID{f78e6501-b9de-48b9-b86c-6da8542ccc4e}] =>Toolbar.Conduit
    [HKLMSoftwareClassesInterface{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}] =>Adware.Facemoods
    [HKLMSoftwareClassesInterface{f8b4ec8a-2407-4be0-aee2-0f430d65a90d}] =>Adware.ClickPotato
    [HKLMSoftwareClassesCLSID{f9bfa98d-9935-4ea4-a05a-72c7f0778f02}] =>Adware.Hotbar
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}] =>Hijacker.Agent
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}] =>Hijacker.Agent
    [HKLMSoftwareClassesCLSID{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}] =>Hijacker.Agent
    [HKLMSoftwareClassesTypeLib{FD06B491-1EA6-4F5C-86D2-C86D3A3A3731}] =>PUP.OfferBox
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}] =>Adware.PricePeep
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}] =>Adware.PricePeep
    [HKLMSoftwareClassesCLSID{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}] =>Adware.PricePeep
    [HKLMSoftwareClassesAppIDBRNstIE.DLL] =>Adware.ClickPotato
    [HKLMSoftwareClassesAppIDCmndFF.DLL] =>Adware.ClickPotato
    [HKLMSoftwareClassesAppIDescort.dll] =>PUP.Babylon
    [HKLMSoftwareClassesAppIDescortapp.dll] =>PUP.Babylon
    [HKLMSoftwareClassesAppIDescorteng.dll] =>PUP.Babylon
    [HKLMSoftwareClassesAppIDesrv.EXE] =>PUP.Babylon
    [HKLMSoftwareClassesAppIDMenuButtonIE.DLL] =>Adware.ClickPotato
    [HKLMSoftwareClassesAppIDmozillaps.dll] =>Adware.ClickPotato
    [HKLMSoftwareClassesAppIDPltfrm.DLL] =>Adware.ClickPotato
    [HKLMSoftwareClassesAppIDPriceGongIE.DLL] =>Adware.PriceGong
    [HKLMSoftwareClassesAppIDPricePeep.DLL] =>Adware.PricePeep
    [HKCUSoftwareMicrosoftWindowsCurrentVersionApp ManagementARPCacheClickpotatoliteSA] =>Adware.ClickPotato
    [HKCUSoftwareMicrosoftWindowsCurrentVersionApp ManagementARPCachehblitesa] =>Adware.Hotbar
    [HKCUSoftwareMicrosoftWindowsCurrentVersionApp ManagementARPCacheOfferBox Browser] =>PUP.OfferBox
    [HKCUSoftwareMicrosoftWindowsCurrentVersionApp ManagementARPCachepricegong] =>Adware.PriceGong
    [HKCUSoftwareMicrosoftWindowsCurrentVersionApp ManagementARPCacheShopperReportsSA] =>Adware.ClickPotato
    [HKLMSoftwareClassescntntcntr.cntntdic] =>Adware.BHO
    [HKLMSoftwareClassescntntcntr.cntntdic.1] =>Adware.BHO
    [HKLMSoftwareClassescntntcntr.cntntdisp] =>Adware.BHO
    [HKLMSoftwareClassescntntcntr.cntntdisp.1] =>Adware.BHO
    [HKLMSoftwareClassescoresrv.coreservices] =>Adware.BHO
    [HKLMSoftwareClassescoresrv.coreservices.1] =>Adware.BHO
    [HKLMSoftwareClassescoresrv.lfgax] =>Adware.BHO
    [HKLMSoftwareClassescoresrv.lfgax.1] =>Adware.BHO
    [HKLMSoftwareClassesescort.escortIEPane] =>PUP.Funmoods
    [HKLMSoftwareClassesescort.escortIEPane.1] =>PUP.Funmoods
    [HKLMSoftwareClassesescort.escrtBtn.1] =>PUP.Babylon
    [HKLMSoftwareClassesesrv.escrtSrvc] =>Adware.Facemoods
    [HKLMSoftwareClassesesrv.escrtSrvc.1] =>Adware.BullseyeToolbar
    [HKLMSoftwareClassesFREEzeFrogAx.Info] =>Adware.FreezeFrog
    [HKLMSoftwareClassesFREEzeFrogAx.Info.1] =>Adware.FreezeFrog
    [HKLMSoftwareClassesHBLiteAx.Info] =>Adware.ShopperReports
    [HKLMSoftwareClassesHBLiteAx.Info.1] =>Adware.ShopperReports
    [HKLMSoftwareClassesHBLiteAX.UserProfiles] =>Adware.ShopperReports
    [HKLMSoftwareClassesHBLiteAX.UserProfiles.1] =>Adware.ShopperReports
    [HKLMSoftwareClasseshbmain.commband] =>Adware.BHO
    [HKLMSoftwareClasseshbmain.commband.1] =>Adware.BHO
    [HKLMSoftwareClasseshbr.hbmain] =>Adware.BHO
    [HKLMSoftwareClasseshbr.hbmain.1] =>Adware.BHO
    [HKLMSoftwareClasseshostie.bho] =>Adware.BHO
    [HKLMSoftwareClasseshostie.bho.1] =>Adware.BHO
    [HKLMSoftwareClasseshostol.mailanim] =>Adware.BHO
    [HKLMSoftwareClasseshostol.mailanim.1] =>Adware.BHO
    [HKLMSoftwareClasseshostol.webmailsend] =>Adware.BHO
    [HKLMSoftwareClasseshostol.webmailsend.1] =>Adware.BHO
    [HKLMSoftwareClassesI] =>Adware.IncrediBar
    [HKLMSoftwareClassesMenuButtonIE.ButtonIE] =>Adware.ClickPotato
    [HKLMSoftwareClassesMenuButtonIE.ButtonIE.1] =>Adware.ClickPotato
    [HKLMSoftwareClassesOfferBox.OfferBoxServer] =>PUP.OfferBox
    [HKLMSoftwareClassesOfferBox.OfferBoxServer.1] =>PUP.OfferBox
    [HKLMSoftwareClassesPriceFactorIE.PriceGongBHO] =>Adware.PriceGong
    [HKLMSoftwareClassesPriceFactorIE.PriceGongBHO.1] =>Adware.PriceGong
    [HKLMSoftwareClassesPriceGongIE.PriceGongCtrl] =>Adware.PriceGong
    [HKLMSoftwareClassesPriceGongIE.PriceGongCtrl.1] =>Adware.PriceGong
    [HKLMSoftwareClassesPricePeep.PricePeepBho] =>Adware.PricePeep
    [HKLMSoftwareClassesPricePeep.PricePeepBho.1] =>Adware.PricePeep
    [HKLMSoftwareClassessrv.coreservices] =>Adware.BHO
    [HKLMSoftwareClassessrv.coreservices.1] =>Adware.BHO
    [HKLMSoftwareClassestoolbar.htmlmenuui] =>Adware.BHO
    [HKLMSoftwareClassestoolbar.htmlmenuui.1] =>Adware.BHO
    [HKLMSoftwareClassestoolbar.toolbarctl] =>Adware.BHO
    [HKLMSoftwareClassestoolbar.toolbarctl.1] =>Adware.BHO
    [HKLMSoftwareGoogleChromeExtensionsigdhbblpcellaljokkpfhcjlagemhgjl] =>Adware.IMBooster
    [HKLMSoftwareClassesInstallerFeaturesBA172DB42E6685D4FA8808EFB370074C] =>PUP.OfferBox
    [HKLMSoftwareClassesInstallerProductsBA172DB42E6685D4FA8808EFB370074C] =>PUP.OfferBox
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ProductsBA172DB42E6685D4FA8808EFB370074C] =>PUP.OfferBox
    [HKCUSoftwarecacaoweb] =>PUP.CacaoWeb
    [HKLMSoftwareClickPotatoLite] =>Adware.ClickPotato
    [HKCUSoftwarefacemoods.com] =>Adware.Facemoods
    [HKLMSoftwarefacemoods.com] =>Adware.Facemoods
    [HKCUSoftwarefcn] =>Rogue.Multiple
    [HKCUSoftwareFissaSearch] =>PUP.OfferBox
    [HKLMSoftwareFissaSearch] =>PUP.OfferBox
    [HKLMSoftwareFREEzeFrog] =>Adware.FreezeFrog
    [HKCUSoftwareFREEzeFrogSA] =>Adware.FreezeFrog
    [HKCUSoftwarelollipop] =>Adware.Lollipop
    [HKCUSoftwareAppDataLowSoftwarehotbar] =>Adware.Hotbar
    [HKCUSoftwareHotbarSA] =>Adware.Hotbar
    [HKCUSoftwareIminent] =>Adware.IMBooster
    [HKLMSoftwareIminent] =>Adware.IMBooster
    [HKCUSoftwareOfferBox] =>PUP.OfferBox
    [HKLMSoftwareOfferBox] =>PUP.OfferBox
    [HKCUSoftwareAppDataLowSoftwarePriceGong] =>Adware.PriceGong
    [HKCUSoftwareShopperReports3] =>Adware.ShopperReports
    [HKCUSoftwareAppDataLowSoftwareShopperReports3] =>Adware.ShopperReports
    [HKLMSoftwareShopperReports3] =>Adware.ShopperReports
    [HKCUSoftwareAppDataLowSoftwareShoppingReport] =>Adware.ShopperReports
    [HKCUSoftwareSmartbarBackup] =>Hijacker.SmartBar
    [HKCUSoftwareSmartbarLog] =>Hijacker.SmartBar
    [HKCUSoftwareSpointer] =>Adware.SPointer
    [HKCUSoftwareAppDataLowToolbar] =>Toolbar.Conduit
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstallOfferBox Browser] =>PUP.OfferBox
    [HKLMSoftwareMicrosoftInternet Explorerlow rightsrundll32policyf3scrctr.dll] =>Adware.MyWebSearch
    [HKLMSoftwareMicrosoftMultimediaWMPlayerSchemesf3pss] =>Adware.MyWebSearch
    [HKLMSoftwareMicrosoftOfficeOutlookAddinsHostOL.MailAnim] =>Adware.Zango
    [HKLMSoftwareMicrosoftOfficeWordAddinsHostOL.MailAnim] =>Adware.Zango
    [HKLMSoftwareMicrosoftWindowsCurrentVersionExtPreApprovedForceRenive] =>PUP.OfferBox
    [HKLMSoftwareVBMZ] =>Toolbar.Conduit
    [HKLMSoftwareClassesInstallerFeatures112C48061A10E464790A9077E221B205] =>Adware.SPointer
    [HKLMSoftwareClassesInstallerProducts112C48061A10E464790A9077E221B205] =>Adware.SPointer
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Products112C48061A10E464790A9077E221B205] =>Adware.SPointer
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{703740C1-0F1A-4CEC-A4DF-D78DB0158477}] =>PUP.OfferBox
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{703740C1-0F1A-4CEC-A4DF-D78DB0158477}] =>PUP.OfferBox
    [HKLMSoftwareClassesCLSID{703740C1-0F1A-4CEC-A4DF-D78DB0158477}] =>PUP.OfferBox
    [HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{703740C1-0F1A-4CEC-A4DF-D78DB0158477}] =>PUP.OfferBox
    [HKLMSoftwareMicrosoftInternet ExplorerLow RightsElevationPolicy{DA8002CF-2914-493A-B7E8-79740E2E15DB}] =>PUP.Babylon
    [HKLMSoftwareMicrosoftInternet ExplorerLow RightsElevationPolicy{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}] =>Adware.Facemoods
    [HKLMSoftwareClassesCLSID{929801A8-4AEF-4D12-BE31-D85BF666452B}] =>Adware.Facemoods
    [HKLMSoftwareClassesInterface{78888F8B-D5E4-43CE-89F5-C8C18223AF64}] =>Adware.Facemoods
    [HKLMSoftwareClassesInterface{8B8558F6-DC26-4F39-8417-34B8934AA459}] =>Adware.Facemoods
    [HKLMSoftwareClassesInterface{9E393F82-2644-4AB6-B994-1AD39D6C59EE}] =>Adware.Facemoods
    [HKLMSoftwareClassesInterface{A3A2A5C0-1306-4D1A-A093-9CECA4230002}] =>Adware.Facemoods
    [HKLMSoftwareClassesTypeLib{12A5F606-B1EC-474C-83ED-95E99FD8058E}] =>Adware.Facemoods
    [HKCUSoftwareAppDataLowSoftwareCrossrider] =>PUP.CrossRider
    [HKCUSoftwareInstalledBrowserExtensions] =>PUP.CrossRider
    [HKCUSoftwareInstalledBrowserExtensions] =>PUP.CrossRider
    [HKCUSoftwareAppDataLow{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
    [HKLMSoftware{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
    [HKLMSoftwareClassesCLSID{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}] =>Adware.BrowseFox
    [HKLMSoftwareClassesprotector_dll.protectorbho] =>PUP.BProtector
    [HKLMSoftwareClassesprotector_dll.protectorbho.1] =>PUP.BProtector
    [HKLMSoftwareClassesClickPotatoLiteAx.Info] =>Adware.ClickPotato
    [HKLMSoftwareClassesClickPotatoLiteAx.Info.1] =>Adware.ClickPotato
    [HKLMSoftwareClassesClickPotatoLiteAX.UserProfiles] =>Adware.ClickPotato
    [HKLMSoftwareClassesClickPotatoLiteAX.UserProfiles.1] =>Adware.ClickPotato
    [HKLMSoftwareClassesCrossriderApp0043960.BHO] =>PUP.CrossRider
    [HKLMSoftwareClassesCrossriderApp0043960.BHO.1] =>PUP.CrossRider
    [HKLMSoftwareClassesCrossriderApp0043960.Sandbox] =>PUP.CrossRider
    [HKLMSoftwareClassesCrossriderApp0043960.Sandbox.1] =>PUP.CrossRider
    [HKLMSoftwareClassesfacemoods.dskBnd] =>Toolbar.Facemoods
    [HKLMSoftwareClassesfacemoods.dskBnd.1] =>Toolbar.Facemoods
    [HKLMSoftwareClassesfacemoods.facemoodsHlpr] =>Toolbar.Facemoods
    [HKLMSoftwareClassesfacemoods.facemoodsHlpr.1] =>Toolbar.Facemoods
    [HKLMSoftwareClassesfacemoods.xtrnl] =>Toolbar.Facemoods
    [HKLMSoftwareClassesfacemoods.xtrnl.1] =>Toolbar.Facemoods
    [HKLMSoftwareClassesfacemoodsApp.appCore] =>Toolbar.Facemoods
    [HKLMSoftwareClassesfacemoodsApp.appCore.1] =>Toolbar.Facemoods
    [HKLMSoftwareClassesHotbarAx.Info] =>Adware.HotBar
    [HKLMSoftwareClassesHotbarAx.Info.1] =>Adware.HotBar
    [HKLMSoftwareClassesHotbarAX.UserProfiles] =>Adware.HotBar
    [HKLMSoftwareClassesHotbarAX.UserProfiles.1] =>Adware.HotBar
    [HKLMSoftwareClassesHotbarWeather.WeatherController] =>Adware.HotBar
    [HKLMSoftwareClassesHotbarWeather.WeatherController.1] =>Adware.HotBar
    [HKLMSoftwareClassesesrv.iminentESrvc] =>Adware.IMBooster
    [HKLMSoftwareClassesesrv.iminentESrvc.1] =>Adware.IMBooster
    [HKLMSoftwareClassesIminent] =>Adware.IMBooster
    [HKLMSoftwareClassesiminent.iminentappCore] =>Adware.IMBooster
    [HKLMSoftwareClassesiminent.iminentappCore.1] =>Adware.IMBooster
    [HKLMSoftwareClassesiminent.iminentdskBnd] =>Adware.IMBooster
    [HKLMSoftwareClassesiminent.iminentdskBnd.1] =>Adware.IMBooster
    [HKLMSoftwareClassesiminent.iminentHlpr] =>Adware.IMBooster
    [HKLMSoftwareClassesiminent.iminentHlpr.1] =>Adware.IMBooster
    [HKLMSoftwareClassesShopperReports.AsyncReporter] =>Adware.ShopperReports
    [HKLMSoftwareClassesShopperReports.AsyncReporter.1] =>Adware.ShopperReports
    [HKLMSoftwareClassesShopperReports.CntntDic] =>Adware.ShopperReports
    [HKLMSoftwareClassesShopperReports.CntntDic.1] =>Adware.ShopperReports
    [HKLMSoftwareClassesShopperReports.CntntDisp] =>Adware.ShopperReports
    [HKLMSoftwareClassesShopperReports.CntntDisp.1] =>Adware.ShopperReports
    [HKLMSoftwareClassesShopperReports.Dwnldr] =>Adware.ShopperReports
    [HKLMSoftwareClassesShopperReports.Dwnldr.1] =>Adware.ShopperReports
    [HKLMSoftwareClassesShopperReports.HbAx] =>Adware.ShopperReports
    [HKLMSoftwareClassesShopperReports.HbAx.1] =>Adware.ShopperReports
    [HKLMSoftwareClassesShopperReports.HbGuru] =>Adware.ShopperReports
    [HKLMSoftwareClassesShopperReports.HbGuru.1] =>Adware.ShopperReports
    [HKLMSoftwareClassesShopperReports.HbInfoBand] =>Adware.ShopperReports
    [HKLMSoftwareClassesShopperReports.HbInfoBand.1] =>Adware.ShopperReports
    [HKLMSoftwareClassesShopperReports.IEButton] =>Adware.ShopperReports
    [HKLMSoftwareClassesShopperReports.IEButton.1] =>Adware.ShopperReports
    [HKLMSoftwareClassesShopperReports.IEButtonA] =>Adware.ShopperReports
    [HKLMSoftwareClassesShopperReports.IEButtonA.1] =>Adware.ShopperReports
    [HKLMSoftwareClassesShopperReports.KOPFF] =>Adware.ShopperReports
    [HKLMSoftwareClassesShopperReports.KOPFF.1] =>Adware.ShopperReports
    [HKLMSoftwareClassesShopperReports.MozillaNvgtnTrpr] =>Adware.ShopperReports
    [HKLMSoftwareClassesShopperReports.MozillaNvgtnTrpr.1] =>Adware.ShopperReports
    [HKLMSoftwareClassesShopperReports.MozillaPSExecuter] =>Adware.ShopperReports
    [HKLMSoftwareClassesShopperReports.MozillaPSExecuter.1] =>Adware.ShopperReports
    [HKLMSoftwareClassesShopperReports.ReportData] =>Adware.ShopperReports
    [HKLMSoftwareClassesShopperReports.ReportData.1] =>Adware.ShopperReports
    [HKLMSoftwareClassesShopperReports.Reporter] =>Adware.ShopperReports
    [HKLMSoftwareClassesShopperReports.Reporter.1] =>Adware.ShopperReports
    [HKLMSoftwareClassesShopperReports.RprtCtrl] =>Adware.ShopperReports
    [HKLMSoftwareClassesShopperReports.RprtCtrl.1] =>Adware.ShopperReports
    [HKLMSoftwareClassesShopperReports.Scopes] =>Adware.ShopperReports
    [HKLMSoftwareClassesShopperReports.Scopes.1] =>Adware.ShopperReports
    [HKLMSoftwareClassesShopperReports.Stock] =>Adware.ShopperReports
    [HKLMSoftwareClassesShopperReports.Stock.1] =>Adware.ShopperReports
    [HKLMSoftwareClassesShopperReports.TriggerImmidiate] =>Adware.ShopperReports
    [HKLMSoftwareClassesShopperReports.TriggerImmidiate.1] =>Adware.ShopperReports
    [HKLMSoftwareClassesShopperReports.TriggerImmidiateOrRandomTS] =>Adware.ShopperReports
    [HKLMSoftwareClassesShopperReports.TriggerImmidiateOrRandomTS.1] =>Adware.ShopperReports
    [HKLMSoftwareClassesShopperReports.TriggerOnceInDay] =>Adware.ShopperReports
    [HKLMSoftwareClassesShopperReports.TriggerOnceInDay.1] =>Adware.ShopperReports
    [HKLMSoftwareClassesShoppingReport2.HbAx] =>Adware.ShoppingReport
    [HKLMSoftwareClassesShoppingReport2.HbAx.1] =>Adware.ShoppingReport
    [HKLMSoftwareClassesShoppingReport2.HbInfoBand] =>Adware.ShoppingReport
    [HKLMSoftwareClassesShoppingReport2.HbInfoBand.1] =>Adware.ShoppingReport
    [HKLMSoftwareClassesShoppingReport2.IEButton] =>Adware.ShoppingReport
    [HKLMSoftwareClassesShoppingReport2.IEButton.1] =>Adware.ShoppingReport
    [HKLMSoftwareClassesShoppingReport2.IEButtonA] =>Adware.ShoppingReport
    [HKLMSoftwareClassesShoppingReport2.IEButtonA.1] =>Adware.ShoppingReport
    [HKLMSoftwareClassesShoppingReport2.RprtCtrl] =>Adware.ShoppingReport
    [HKLMSoftwareClassesShoppingReport2.RprtCtrl.1] =>Adware.ShoppingReport
    [HKLMSoftwareClassesMoovida.Spointer] =>Adware.SPointer
    [HKLMSoftwareClassesMoovida.Spointer.1] =>Adware.SPointer
    [HKLMSoftwareClassesMoovida.SpointerCtrl] =>Adware.SPointer
    [HKLMSoftwareClassesMoovida.SpointerCtrl.1] =>Adware.SPointer
    [HKLMSoftwareClassesMoovida.SpointerWebDisp] =>Adware.SPointer
    [HKLMSoftwareClassesMoovida.SpointerWebDisp.1] =>Adware.SPointer
    [HKLMSoftwareClassesAOLTB.AOLToolBand.1] =>Toolbar.Agent
    [HKLMSoftwareClassesToolbar.CT2545112] =>Toolbar.Conduit
    [HKLMSoftwareClassesCLSID{11111111-1111-1111-1111-110411391160}] =>PUP.CrossRider
    [HKLMSoftwareClassesCLSID{22222222-2222-2222-2222-220422392260}] =>PUP.CrossRider
    [HKLMSoftwareClassesAppIDescorTlbr.DLL] =>PUP.Funmoods
    [HKCUSoftwareMicrosoftWindowsCurrentVersionApp ManagementArpcacheHotbarSA] =>Adware.HotBar
    [HKCUSoftwareMicrosoftWindowsCurrentVersionApp ManagementArpcacheShoppingReport2] =>Adware.ShoppingReport
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstallClickPotatoLiteSA] =>Adware.ClickPotato
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstallHotbarSA] =>Adware.HotBar
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstalliminent] =>Adware.IMBooster
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInternet Settings5.0User AgentPost PlatformShopperReports 3.0.517.0] =>Adware.ShopperReports
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInternet Settings5.0User AgentPost PlatformSRS_IT_E8790474B4765B5130AD99] =>Adware.ShopperReports
    [HKLMSoftwareMicrosoftInternet ExplorerToolbar]:{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} =>Adware.Facemoods^
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun]:facemoods =>Adware.Facemoods^
    [HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun]:swg =>Toolbar.Google^
    [HKCUSoftwareMicrosoftInternet ExplorerURLSearchHooks]:{84FF7BD6-B47F-46F8-9130-01B2696B36CB} =>Adware.IMBooster
    [HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser]:{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} =>Adware.Zango
    [HKLMSoftwareMozillaFirefoxExtensions]:ClickPotatoLite@ClickPotatoLite.com =>Adware.ClickPotato
    C:UsersMaarineAppDataLocalGoogleChromeUser DataDefaultExtensionsbjeikeheijdjdfjbmknpefojickbkmom =>PUP.OfferBox^
    C:UsersMaarineAppDataLocalGoogleChromeUser DataDefaultExtensionsdgbjdgnkkchgleommaaapafcigjjbnmg =>PUP.Bizzybolt^
    C:UsersMaarineAppDataLocalGoogleChromeUser DataDefaultExtensionsdpicnlijpdlebkhpegfenfjpglinfdhm =>PUP.OfferBox^
    C:UsersMaarineAppDataLocalGoogleChromeUser DataDefaultExtensionsgebbadcnkcgcfgpbmcdleckpejgopimf =>PUP.CacaoWeb^
    C:UsersMaarineAppDataLocalGoogleChromeUser DataDefaultExtensionsifohbjbgfchkkfhphahclmkpgejiplfo =>PUP.Elex^
    C:UsersMaarineAppDataLocalGoogleChromeUser DataDefaultExtensionsihflimipbcaljfnojhhknppphnnciiif =>Adware.Facemoods^
    C:UsersMaarineAppDataLocalGoogleChromeUser DataDefaultExtensionsiknffkmlbmmhbnfhfnpopiembeecpokj =>PUP.Facemoi^
    C:UsersMaarineAppDataLocalGoogleChromeUser DataDefaultExtensionskbjlipmgfoamgjaogmbihaffnpkpjajp =>PUP.BubbleDock^
    C:UsersMaarineAppDataLocalGoogleChromeUser DataDefaultExtensionskhcceooakamlehbimaepcldnnlnkcmfk =>PUP.SaveSense^
    C:UsersMaarineAppDataLocalGoogleChromeUser DataDefaultExtensionskngejcchcedjdemdaeneneeahmjnpaec =>Adware.SPointer^
    C:UsersMaarineAppDataLocalGoogleChromeUser DataDefaultExtensionsleahdjjpjmnamomgpojikeapflgbmjab =>PUP.CacaoWeb^
    C:UsersMaarineAppDataLocalGoogleChromeUser DataDefaultExtensionslicjnkifamhpbaefhdpacpmihicfbomb =>Adware.PricePeep^
    C:Program FilesBizzybolt =>PUP.Bizzybolt^
    C:Program FilesClickPotatoLite =>Adware.ClickPotato^
    C:Program FilesDuuqu =>PUP.Duuqu^
    C:Program FilesFluendo =>Adware.SPointer^
    C:Program FilesFREEzeFrog =>Adware.FreezeFrog^
    C:Program FilesHBLite =>Adware.HotBar^
    C:Program FilesIminent =>Adware.IMBooster^
    C:Program FilesIminentToolbar =>Adware.IMBooster^
    C:Program FilesiSafe =>Trojan.Staser^
    C:Program FilesOfferBox =>PUP.OfferBox^
    C:Program FilesPriceGong =>Adware.PriceGong^
    C:Program FilesPricePeep =>Adware.PricePeep^
    C:Program FilesSaveSense =>PUP.SaveSense^
    C:Program FilesSaveSenseLive =>PUP.SaveSense^
    C:Program FilesShopperReports3 =>Adware.ShopperReports^
    C:Program FilesShoppingReport2 =>Adware.ShoppingReport^
    C:ProgramDataClickPotatoLiteSA =>Adware.ClickPotato^
    C:ProgramDataFREEzeFrogSA =>Adware.FreezeFrog^
    C:ProgramDataHBLiteSA =>Adware.HotBar^
    C:ProgramDataSaveSenseLive =>PUP.SaveSense^
    C:ProgramDataWPM =>PUP.WpManager^
    C:UsersMaarineAppDataRoamingcacaoweb =>PUP.CacaoWeb^
    C:UsersMaarineAppDataRoamingClickPotatoLite =>Adware.ClickPotato^
    C:UsersMaarineAppDataRoamingFissaSearch =>PUP.OfferBox^
    C:UsersMaarineAppDataRoamingFREEzeFrog =>Adware.FreezeFrog^
    C:UsersMaarineAppDataRoamingHBLite =>Adware.HotBar^
    C:UsersMaarineAppDataRoamingIminentToolbar =>Adware.IMBooster^
    C:UsersMaarineAppDataRoamingiSafe =>Trojan.Staser^
    C:UsersMaarineAppDataRoamingOfferBox =>PUP.OfferBox^
    C:UsersMaarineAppDataRoamingSaveSense =>PUP.SaveSense^
    C:UsersMaarineAppDataRoamingShopperReports3 =>Adware.ShopperReports^
    C:UsersMaarineAppDataRoamingwp_update =>PUP.WpManager^
    C:UsersMaarineAppDataLocalDuuqu =>PUP.Duuqu^
    C:UsersMaarineAppDataLocalLollipop =>Adware.Lollipop^
    C:UsersMaarineAppDataLocalSaveSenseLive =>PUP.SaveSense^
    C:UsersMaarineAppDataRoamingMicrosoftWindowsStart MenuProgramsSaveSense =>PUP.SaveSense^
    C:Program FilesConduit =>Toolbar.Conduit
    C:Program FilesHotbar =>Adware.Hotbar
    C:Program FilesSoftware =>Adware.Boxore
    C:Program FilesOptimizer Pro =>PUP.OptimizerPro
    C:Program FilesCommon FilesUmbrella =>Adware.IMBooster
    C:ProgramData2ACA5CC3-0F83-453D-A079-1076FE1A8B65 =>Adware.Seekmo
    C:ProgramDataHotbarSA =>Adware.Hotbar
    C:ProgramDataMicrosoftWindowsStart MenuProgramsclickpotato =>Adware.ClickPotato
    C:ProgramDataMicrosoftWindowsStart MenuProgramsHotbar =>Adware.Hotbar
    C:ProgramDataMicrosoftWindowsStart MenuProgramsMoovida =>Adware.SPointer
    C:ProgramDataMicrosoftWindowsStart MenuProgramsShopperReports =>Adware.ShopperReports
    C:UsersMaarineAppDataRoamingHotbar =>Adware.Hotbar
    C:UsersMaarineAppDataRoamingWeatherDPA =>Adware.180Solutions
    C:UsersMaarineAppDataRoamingOptimizer Pro =>PUP.OptimizerPro
    C:UsersMaarineAppDataLocalmoovida air =>Adware.SPointer
    C:UsersMaarineAppDataLocalSoftware =>Adware.Boxore
    C:UsersMaarineAppDataLocalLowConduit =>Toolbar.Conduit
    C:UsersMaarineAppDataLocalLowHotbar =>Adware.Hotbar
    C:UsersMaarineAppDataLocalLowPriceGong =>Adware.PriceGong
    C:UsersMaarineAppDataLocalLowShopperReports3 =>Adware.ShopperReports
    C:UsersMaarineAppDataLocalLowShoppingReport2 =>Adware.ShopperReports
    C:UsersMaarineAppDataLocalTempIminent =>Adware.IMBooster
    C:UsersMaarineAppDataLocalTempSmartbar =>Hijacker.SmartBar
    C:Program FilesiSafeiSafeTray.exe =>Trojan.Staser^
    C:Program FilesiSafeiSafeSvc.exe =>Trojan.Staser^
    C:Program FilesiSafeiSafeSvc2.exe =>Trojan.Staser^
    C:Program FilesBizzyboltupdateBizzybolt.exe =>PUP.Bizzybolt^
    C:WindowsTasksSaveSenseLiveUpdateTaskMachineCore.job =>PUP.SaveSense^
    C:WindowsTasksSaveSenseLiveUpdateTaskMachineUA.job =>PUP.SaveSense^
    C:UsersMaarineAppDataRoamingSAVESE~1UPDATE~1UPDATE~1.exe =>PUP.SaveSense^
    C:Program FilesSaveSenseLiveUpdateSaveSenseLive.exe =>PUP.SaveSense^
    C:UsersMaarineAppDataRoaming~guzsbhy.exe =>PUP.WpManager^
    [HKCUSoftwareBizzybolt] =>PUP.Bizzybolt^
    [HKCUSoftwareDuuqu] =>PUP.Duuqu^
    [HKCUSoftwareIminentToolbar] =>Adware.IMBooster^
    [HKCUSoftwareSaveSenseLive] =>PUP.SaveSense^
    [HKCUSoftwareShoppingReport2] =>Adware.ShoppingReport^
    [HKCUSoftwareclickpotatolitesa] =>Adware.ClickPotato^
    [HKCUSoftwarefreezefrogsa] =>Adware.FreezeFrog^
    [HKCUSoftwarehblitesa] =>Adware.HotBar^
    [HKLMSoftwareConduit] =>Toolbar.Conduit^
    [HKLMSoftwareDealPlyLive] =>PUP.DealPly^
    [HKLMSoftwareDuuqu] =>PUP.Duuqu^
    [HKLMSoftwareHBLite] =>Adware.HotBar^
    [HKLMSoftwareIminentToolbar] =>Adware.IMBooster^
    [HKLMSoftwareSaveSenseLive] =>PUP.SaveSense^
    [HKLMSoftwaresupWPM] =>PUP.WpManager^
    C:UsersMaarineDesktopcacaoweb.exe =>PUP.CacaoWeb^
    C:WindowsInstaller1945710.msi =>Adware.SPointer^
    C:WindowsInstaller1945716.msi =>Adware.SPointer^
    C:WindowsInstaller57414c.msi =>PUP.Duuqu^
    C:UsersMaarineDownloadscacaoweb.exe =>PUP.CacaoWeb
    ~ Additionnel Scan: 483217 Items scanned in 00mn 39s

    billmaximebillmaxime
    Modérateur
    Nombre d'articles : 1402

    re

    tu peux l’héberger via ce lien s’il te plaît

    http://upload.sosvirus.net/ » onclick= »window.open(this.href);return false;

    :merci2:

    Marine14
    Participant
    Nombre d'articles : 34

    —\ Récapitulatif des détections trouvées sur votre station
    ~ http://nicolascoolman.webs.com/apps/blog/show/32771797-trojan-staser » onclick= »window.open(this.href);return false; =>Trojan.Staser
    ~ http://nicolascoolman.webs.com/apps/blog/show/38533684-pup-bizzybolt » onclick= »window.open(this.href);return false; =>PUP.Bizzybolt
    ~ http://nicolascoolman.webs.com/apps/blog/show/38126906-hijacker-nationzoom » onclick= »window.open(this.href);return false; =>Hijacker.NationZoom
    ~ http://nicolascoolman.webs.com/apps/blog/show/28606910-pup-offerbox » onclick= »window.open(this.href);return false; =>PUP.OfferBox
    ~ http://nicolascoolman.webs.com/apps/blog/show/27566847-pup-cacaoweb » onclick= »window.open(this.href);return false; =>PUP.CacaoWeb
    ~ http://nicolascoolman.webs.com/apps/blog/show/33479906-pup-elex » onclick= »window.open(this.href);return false; =>PUP.Elex
    ~ http://nicolascoolman.webs.com/apps/blog/show/26764465-adware-facemoods » onclick= »window.open(this.href);return false; =>Adware.Facemoods
    ~ http://nicolascoolman.webs.com/apps/blog/show/28426583-pup-facemoi » onclick= »window.open(this.href);return false; =>PUP.Facemoi
    ~ http://nicolascoolman.webs.com/apps/blog/show/31746142-toolbar-bubbledock » onclick= »window.open(this.href);return false; =>Toolbar.BubbleDock
    ~ http://nicolascoolman.webs.com/apps/blog/show/36853930-pup-savesense » onclick= »window.open(this.href);return false; =>PUP.SaveSense
    ~ http://nicolascoolman.webs.com/apps/blog/show/27556476-adware-spointer » onclick= »window.open(this.href);return false; =>Adware.SPointer
    ~ http://nicolascoolman.webs.com/apps/blog/show/26990375-hijacker-smartbar » onclick= »window.open(this.href);return false; =>Hijacker.SmartBar
    ~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider » onclick= »window.open(this.href);return false; =>PUP.CrossRider
    ~ http://nicolascoolman.webs.com/apps/blog/show/26666995-adware-pricegong » onclick= »window.open(this.href);return false; =>Adware.PriceGong
    ~ http://nicolascoolman.webs.com/apps/blog/show/27422225-adware-shoppingreport » onclick= »window.open(this.href);return false; =>Adware.ShoppingReport
    ~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit » onclick= »window.open(this.href);return false; =>Toolbar.Conduit
    ~ http://nicolascoolman.webs.com/apps/blog/show/26630902-adware-lollipop » onclick= »window.open(this.href);return false; =>Adware.Lollipop
    ~ http://nicolascoolman.webs.com/apps/blog/show/28204239-pup-optimizerpro » onclick= »window.open(this.href);return false; =>PUP.OptimizerPro
    ~ http://nicolascoolman.webs.com/apps/blog/show/26630192-adware-clicpotato » onclick= »window.open(this.href);return false; =>Adware.ClickPotato
    ~ http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch » onclick= »window.open(this.href);return false; =>Adware.MyWebSearch
    ~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster » onclick= »window.open(this.href);return false; =>Adware.IMBooster
    ~ http://nicolascoolman.webs.com/apps/blog/show/38737316-pup-wpmanager » onclick= »window.open(this.href);return false; =>PUP.WpManager
    ~ http://nicolascoolman.webs.com/apps/blog/show/37752731-pup-duuqu » onclick= »window.open(this.href);return false; =>PUP.Duuqu
    ~ http://nicolascoolman.webs.com/apps/blog/show/28740985-adware-freeze » onclick= »window.open(this.href);return false; =>Adware.Freeze
    ~ http://nicolascoolman.webs.com/apps/blog/show/29439557-adware-favorit » onclick= »window.open(this.href);return false; =>Adware.Favorit
    ~ http://nicolascoolman.webs.com/apps/blog/show/27557062-adware-vidsaver » onclick= »window.open(this.href);return false; =>Adware.VidSaver
    ~ http://nicolascoolman.webs.com/apps/blog/show/26834113-adware-hotbar » onclick= »window.open(this.href);return false; =>Adware.Hotbar
    ~ http://nicolascoolman.webs.com/apps/blog/show/28060597-pup-dealply » onclick= »window.open(this.href);return false; =>PUP.DealPly
    ~ http://nicolascoolman.webs.com/apps/blog/show/29058830-adware-visualbeetoolbar » onclick= »window.open(this.href);return false; =>Adware.VisualBeeToolbar
    ~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon » onclick= »window.open(this.href);return false; =>PUP.Babylon
    ~ http://nicolascoolman.webs.com/apps/blog/show/28766471-adware-iwinarcade » onclick= »window.open(this.href);return false; =>Adware.iWinArcade
    ~ http://nicolascoolman.webs.com/apps/blog/show/26601630-adware-adrotator » onclick= »window.open(this.href);return false; =>Adware.AdRotator
    ~ http://nicolascoolman.webs.com/apps/blog/show/27674245-adware-bullseyetoolbar » onclick= »window.open(this.href);return false; =>Adware.BullseyeToolbar
    ~ http://nicolascoolman.webs.com/apps/blog/show/28345498-adware-softomate » onclick= »window.open(this.href);return false; =>Adware.Softomate
    ~ http://nicolascoolman.webs.com/apps/blog/show/27469224-pup-eorezo » onclick= »window.open(this.href);return false; =>PUP.EoRezo
    ~ http://nicolascoolman.webs.com/apps/blog/show/28363807-pup-zwangi » onclick= »window.open(this.href);return false; =>PUP.Zwangi
    ~ http://nicolascoolman.webs.com/apps/blog/show/27630986-pup-funmoods » onclick= »window.open(this.href);return false; =>PUP.Funmoods
    ~ http://nicolascoolman.webs.com/apps/blog/show/26898222-adware-incredibar » onclick= »window.open(this.href);return false; =>Adware.Incredibar
    ~ http://nicolascoolman.webs.com/apps/blog/show/32363262-adware-browsefox » onclick= »window.open(this.href);return false; =>Adware.BrowseFox
    ~ http://nicolascoolman.webs.com/apps/blog/show/28133096-pup-bprotector » onclick= »window.open(this.href);return false; =>PUP.BProtector
    ~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore » onclick= »window.open(this.href);return false; =>Adware.Boxore
    ~ MSI: 41 link(s) detected in 00mn 40s

    ~ 2671 Legitimates filtered by white list
    End of the scan (1571 lines in 04mn 09s)(0)

    Désolée, le rapport étant trop long j’ai dû séparer le msg …

    Petites questions, ne sachant pas au début que ma clé était infectée, je l’ai branchée sur deux autres pc, est ce que je dois effectuer les scan sur les autres pc également ?
    Et est-ce que je vais pouvoir récupérer les fichiers qui étaient sur ma clé ?

    Merci !

    Marine14
    Participant
    Nombre d'articles : 34

    Ho désolée je viens de voir ton message , je recommence et j’héberge le lien !

    billmaximebillmaxime
    Modérateur
    Nombre d'articles : 1402

    re

    ok, en attente du rapport

    :merci2:

    Marine14
    Participant
    Nombre d'articles : 34

    Voici le lien du rapport :

    http://upload.sosvirus.net/log/SosUpload.306aa1fcf4385c8abc9292635193c969.txt » onclick= »window.open(this.href);return false;

    billmaximebillmaxime
    Modérateur
    Nombre d'articles : 1402

    re

    nickel, je regarde le rapport et je reviens

    @+

    billmaximebillmaxime
    Modérateur
    Nombre d'articles : 1402

    re

    fais ceci dans l’ordre inscrit et poste les rapports s’il te plaît

    1)

    • Télécharge Adwcleaner (de Xplode) sur ton Bureau !
    • Fais clic droit dessus, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista,sinon double-clique pour XP
      1. Choisis l’option Scanner
      2. Choisis l’option Nettoyer
    • Accepte l’avertissement en cliquant sur OK

    • Accepte les avertissements/informations en cliquant sur OK
    • Copie et Colle le contenu du rapport qui apparaît au redémarrage du PC

    2)

    • Télécharge MalwareBytes Anti-Malware
    • Installe le. Décoche « Activer l’essai gratuit de Malwarebytes Anti-Malware PRO »
    • Lance Malwarebytes’ Anti-Malware.
    • Clic sur l’onglet « Mises à jours » puis sur « Rechercher des mises à jours »
    • Clic sur l’onglet « Recherche« , coche « éxécuter un examen complet » puis clic sur Rechercher

    • A la fin de l’analyse, si MBAM n’a rien trouvé :
      • Clic sur OK, le rapport s’ouvre spontanément
    • Si des menaces ont été détectées :
      • Clic sur OK puis « Afficher les résultats »
      • Choisis l’option « Supprimer la sélection« 
      • Si MBAM demande le redémarrage de Windows : Clic sur « Oui« 
      • Une fois le PC redémarré, le rapport se trouve dans l’onglet « Rapports/Logs« 
      • Sinon le rapport s’ouvre automatiquement après la suppression
      • Poste le rapport dans ta prochaine réponse

    :merci2:

    Marine14
    Participant
    Nombre d'articles : 34

    Voilà le premier rapport :
    http://upload.sosvirus.net/log/SosUpload.84cafe64e711f4d7552ed4157abbc4cd.txt » onclick= »window.open(this.href);return false;

    Par contre, j’ai dû le recommencer le nettoyage puisque la première fois, un message d’erreur c’était affiché et avait fermé le programme.

    Je télécharge le deuxième logiciel et envoie le rapport !

    Merci

15 sujets de 1 à 15 (sur un total de 65)

Vous devez être connecté pour répondre à ce sujet.