Publicité
Publicité
Format du document : text/plain
Prévisualisation
~ Rapport de ZHPDiag v2014.6.28.99 - Nicolas Coolman (28/06/2014)
~ Lancé par Audrey (29/06/2014 13:08:48)
~ Adresse du Site Web http://nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16921
MFIE: Mozilla Firefox 30.0 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows 8, 64-bit (Build 9200)
Windows Server License Manager Script : OK
~ Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : 9KT7T
Windows License : OK
~ Windows Remaining Initializations Number : 997
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Logiciels de protection du système
Norton Internet Security v21.3.0.12
McAfee Security Scan Plus v3.8.150.1
Windows Defender W8 (Deactivate)
---\\ Logiciels d'optimisation du système
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 13 Plugin
Java 7 Update 55
---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3977 MB (24% free)
System Restore: Activé (Enable)
System drive C: has 702 GB (80%) free of 870 GB
---\\ Mode de connexion au système
~ Computer Name: PC-AUDREY
~ User Name: Audrey
~ All Users Names: HomeGroupUser$, Audrey, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Audrey\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Audrey\AppData\Roaming\
~ %Desktop% : C:\Users\Audrey\Desktop\
~ %Favorites% : C:\Users\Audrey\Favorites\
~ %LocalAppData% : C:\Users\Audrey\AppData\Local\
~ %StartMenu% : C:\Users\Audrey\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 702 Go of 870 Go)
D: Hard drive, Flash drive, Thumb drive (Free 42 Go of 60 Go)
E: CD-ROM drive (Free 0 Go of 7 Go)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 46 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Explorateur Windows.) (.01/06/2013 - 12:34:21.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Application de démarrage de Windows.) (.26/07/2012 - 04:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.73AB92A1AA104EAF08B7AEA27B10C5CD] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.24/05/2014 - 03:47:54.) -- C:\Windows\System32\wininet.dll [2239488]
[MD5.75DD70A14145499C9F7D903CF9A8C91B] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.12/04/2014 - 10:10:31.) -- C:\Windows\System32\Winlogon.exe [578048]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Bibliothèque de licences.) (.26/07/2012 - 04:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.7C0E0EDF18D6CC565D7BFBB451709FA5] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.04/09/2013 - 04:11:23.) -- C:\Windows\system32\Drivers\AFD.sys [576512]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 06:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26/07/2012 - 03:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26/07/2012 - 03:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.431141C6859990824D17F71C30A78728] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.16/01/2014 - 00:42:58.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/09/2012 - 07:08:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Pilote de port i8042.) (.26/07/2012 - 03:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.26/07/2012 - 03:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.7A761AEE58658378BBA45D360F874CB0] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.27/02/2014 - 00:18:55.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.26/07/2012 - 03:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.7BE3EDFFA3216F989A6BDCB14795DD08] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.27/01/2014 - 04:39:40.) -- C:\Windows\system32\Drivers\ntfs.sys [1939288]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Pilote de port parallèle.) (.26/07/2012 - 03:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26/07/2012 - 03:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.26/07/2012 - 03:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 06:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.01/06/2013 - 12:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/3
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 0/0
~ Mes Favoris (My Favorites) : 1/7
~ Mes Documents (My Documents) : 1/2084
~ Mon Bureau (My Desktop) : 3/7754
~ Menu demarrer (Programs) : 1/30
~ Hidden Files: Scanned in 00mn 01s
---\\ Processus lancés
[MD5.DC12AAAE925C0211E4668B9C90BDD2BA] - (.Systweak - Advanced System Protector.) -- C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe [6600048] [PID.4560] =>PUP.AdvancedSystemProtector
[MD5.EABAB863E4451B22CA44A4919E59D2B8] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [110144] [PID.1924]
[MD5.0966408A384E8B0FE57B0008E18D561C] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192] [PID.2808]
[MD5.F19743FA0223E465A09EEDA296CA4943] - (.CyberLink Corp. - CyberLink YouCam Service.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [263128] [PID.1916]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.2792]
[MD5.FAA41A278E698C7D0D2D4312AC18CE21] - (.TODO: - TODO: .) -- C:\Program Files (x86)\PHotkey\HCSynApi.exe [345608] [PID.5508]
[MD5.1305F77D8B17AA4C516263D6F8013836] - (.Symantec Corporation - Norton Internet Security.) -- C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe [276376] [PID.4592]
[MD5.E4EC610A452D55110E1BCB659BE9F245] - (...) -- C:\Program Files (x86)\Rock Turner\bin\RockTurner.BrowserAdapter.exe [96544] [PID.7252] =>PUP.RockTurner
[MD5.1DE6BBA90F15B803E4B7968BC9F21CD3] - (.Cool Mirage - Free TV Downloader.) -- C:\Program Files (x86)\1clickmoviedownloader.com\FreeTVDownloader.exe [2702328] [PID.30096]
[MD5.B1E01D636350983E94171E229C759468] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.32620]
[MD5.4F87179386948D61FBF74B0DDF265170] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [18544] [PID.32708]
[MD5.038053B5DB6B0DCFB32B7682334B7625] - (.Adobe Systems, Inc. - Adobe Flash Player 13.0 r0.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe [1863856] [PID.32172]
[MD5.3DD5FB1B7D48D2233CDCAD7FF5EC045F] - (.Nicolas Coolman - ZHPDiag.) -- C:\Users\Audrey\Desktop\ZHPDiag\ZHPDiag.exe [8072192] [PID.28844]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Preferences
---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 0 Legitimates Filtered in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\jjmdqc1z.default\prefs.js
M3 - MFPP: Plugins - [Audrey] -- C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\jjmdqc1z.default\searchplugins\ask-search.xml
M3 - MFPP: Plugins - [Audrey] -- C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\jjmdqc1z.default\searchplugins\conduit-search.xml =>Toolbar.Conduit
M3 - MFPP: Plugins - [Audrey] -- C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\jjmdqc1z.default\searchplugins\default-search.xml =>Hijacker.Browsers
M3 - MFPP: Plugins - [Audrey] -- C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\jjmdqc1z.default\searchplugins\Mysearchdial.xml =>Adware.MyWebSearch
M3 - MFPP: Plugins - [Audrey] -- C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\jjmdqc1z.default\searchplugins\Speedial.xml =>Adware.SearchYa
M2 - MFEP: prefs.js [Audrey - jjmdqc1z.default\{1ED03F15-1006-1C66-CCA5-15A00B80A7B7}] [] Settings Manager v5.0.0.12791 (..) =>PUP.SystemK
M2 - MFEP: prefs.js [Audrey - jjmdqc1z.default\{fa95f577-07cb-4470-ac90-e843f5f83c52}] [] Speedial v5.0.0.12791 (..) =>Adware.SearchYa
~ Firefox Browser: 13 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
R3 - URLSearchHook: SiteFinder [64Bits] - {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} . (.Site Finder - Site Finder Toolbar.) (1.0.0.0) -- C:\Program Files (x86)\SiteFinder\SiteFinder.dll =>Adware.ShoppingReport
~ IE Browser: 18 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: CrossriderApp0051382 [64Bits] - {11111111-1111-1111-1111-110511131182} . (.installdaddy - 1ClickMovie-Download V9.0 BHO.) -- C:\Program Files (x86)\1ClickMovie-Download V9.0\1ClickMovie-Download V9.0-bho.dll =>PUP.CrossRider
O2 - BHO: IETabPage Class [64Bits] - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} . (.Thinknice Co. Limited - SupTab setup package.) -- C:\Program Files (x86)\SupTab\SupTab.dll =>PUP.SupTab
~ BHO: 19 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Norton Toolbar - [HKLM]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} . (.Symantec Corporation - coIEPlugIn.) -- C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coIEPlg.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
O4 - GS\Program [Public]: MEDIONhome.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
O4 - GS\Program [Public]: Welcome.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
O4 - GS\QuickLaunch [Audrey]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
O4 - GS\QuickLaunch [Audrey]: SpeedUpMyPC.lnk . (.SpeedUpMyPC - Uniblue SpeedUpMyPC.) -- C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sump.exe =>PUP.SpeedUpMyPC
O4 - GS\TaskBar [Audrey]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
O4 - GS\Program [Audrey]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
~ Global Startup: 9 Legitimates Filtered in 00mn 01s
---\\ Applications lancées au démarrage du système (O4)
O4 - GS\Startup [Audrey]: MyPC Backup.lnk . (.MyPCBackup.com - MyPC Backup.) -- C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe =>PUP.MyPCBackup
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [RtHDVBg_Dolby] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
O4 - HKLM\..\Run: [BTMTrayAgent] . (.Motorola Solutions, Inc. - Bluetooth Shell Extension.) -- C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Audrey\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILHE.exe =>.Epson Seiko Corporation
O4 - HKCU\..\Run: [Lync] . (.Microsoft Corporation - Microsoft Lync.) -- C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe
O4 - HKLM\..\Wow6432Node\Run: [CLMLServer_For_P2G8] . (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
O4 - HKLM\..\Wow6432Node\Run: [CLVirtualDrive] . (.CyberLink Corp. - CyberLink Virtual Drive.) -- C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
O4 - HKLM\..\Wow6432Node\Run: [YouCam Service] . (.CyberLink Corp. - CyberLink YouCam Service.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
O4 - HKLM\..\Wow6432Node\Run: [CanonQuickMenu] . (.CANON INC. - Canon Quick Menu.) -- C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.exe
O4 - HKLM\..\Wow6432Node\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe (.not file.) =>PUP.Mobogenie
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKUS\S-1-5-21-3450407988-1697823270-3064364597-1001\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Audrey\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-3450407988-1697823270-3064364597-1001\..\Run: [EPLTarget\P0000000000000000] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILHE.exe =>.Epson Seiko Corporation
O4 - HKUS\S-1-5-21-3450407988-1697823270-3064364597-1001\..\Run: [Lync] . (.Microsoft Corporation - Microsoft Lync.) -- C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
O4 - HKUS\S-1-5-21-3450407988-1697823270-3064364597-1001\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe
~ Application: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: eBay.fr [64Bits] - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} . (...) -- C:\Windows\system32\OOBE\info\Icon\eBay.ico =>Toolbar.eBay
O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Lync Click to Call [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\lync.exe (.not file.)
O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{378F4834-05FF-4B54-9634-0F261119180A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{378F4834-05FF-4B54-9634-0F261119180A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807583E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.Skytech Co., Ltd. - Skytech.) - C:\Program Files (x86)\SupTab\SearchProtect64.dll =>PUP.SearchProtect
~ AppInit DLL: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Computer Backup (MyPC Backup) (BackupStack) . (.Just Develop It - Backup Stack.) - C:\Program Files (x86)\MyPC Backup\BackupStack.exe =>PUP.MyPCBackup
O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) . (.globalUpdate - globalUpdate Update.) - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: IePlugin Services (IePluginServices) . (.Cherished Technololgy LIMITED - IePlugin Service.) - C:\ProgramData\IePluginServices\PluginService.exe =>Trojan.SProtector
O23 - Service: nuttkoqiez64 (nuttkoqiez64) . (...) - C:\Program Files\003\nuttkoqiez64.exe =>PUP.AdPeak
O23 - Service: SupraSavingsService64 (SupraSavingsService64) . (...) - C:\Program Files (x86)\88B73655-05CA-442E-8ABF-97FD96D79AC9\SupraSavingsService64.exe =>PUP.SupraSavings
O23 - Service: Update Rock Turner (Update Rock Turner) . (...) - C:\Program Files (x86)\Rock Turner\updateRockTurner.exe =>PUP.RockTurner
O23 - Service: Util Rock Turner (Util Rock Turner) . (...) - C:\Program Files (x86)\Rock Turner\bin\utilRockTurner.exe =>PUP.RockTurner
~ Services: 29 Legitimates Filtered in 00mn 08s
---\\ Clés Session Manager (AppCertDlls,KnownDLLs) (O36)
O36 - AppCertDlls: (x64) . (...) -- C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll =>PUP.SystemK
~ Keys: Scanned in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
[MD5.208D4340A1B5E1B5F9C4E5BF0F00C6EF] [APT] [778b13f2-c15f-477c-b94a-493347511055-1] (.installdaddy.) -- C:\Program Files (x86)\1ClickMovie-Download V9.0\1ClickMovie-Download V9.0-codedownloader.exe [565120]
[MD5.17F3484ACAF76842D655B397B3FCC1E7] [APT] [778b13f2-c15f-477c-b94a-493347511055-11] (.installdaddy.) -- C:\Program Files (x86)\1ClickMovie-Download V9.0\778b13f2-c15f-477c-b94a-493347511055-11.exe [1975680]
[MD5.399EBE2DDE07E1A3196E63B23F985897] [APT] [778b13f2-c15f-477c-b94a-493347511055-2] (.installdaddy.) -- C:\Program Files (x86)\1ClickMovie-Download V9.0\778b13f2-c15f-477c-b94a-493347511055-2.exe [411008]
[MD5.014F55850EA12FD936B9A9599F1119B0] [APT] [778b13f2-c15f-477c-b94a-493347511055-4] (.installdaddy.) -- C:\Program Files (x86)\1ClickMovie-Download V9.0\778b13f2-c15f-477c-b94a-493347511055-4.exe [895872]
[MD5.F15D39CADF06263D6A67BA4A73E38CE1] [APT] [778b13f2-c15f-477c-b94a-493347511055-5] (.installdaddy.) -- C:\Program Files (x86)\1ClickMovie-Download V9.0\778b13f2-c15f-477c-b94a-493347511055-5.exe [506240]
[MD5.F15D39CADF06263D6A67BA4A73E38CE1] [APT] [778b13f2-c15f-477c-b94a-493347511055-5_user] (.installdaddy.) -- C:\Program Files (x86)\1ClickMovie-Download V9.0\778b13f2-c15f-477c-b94a-493347511055-5.exe [506240]
[MD5.DC12AAAE925C0211E4668B9C90BDD2BA] [APT] [Advanced System Protector_startup] (.Systweak.) -- C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe [6600048] =>PUP.AdvancedSystemProtector
[MD5.38755468B06EFBD48747341405969188] [APT] [RegClean Pro] (.Systweak Inc.) -- C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [7911768] =>Rogue.RegistryPowerCleaner
[MD5.38755468B06EFBD48747341405969188] [APT] [RegClean Pro_DEFAULT] (.Systweak Inc.) -- C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [7911768] =>Rogue.RegistryPowerCleaner
[MD5.38755468B06EFBD48747341405969188] [APT] [RegClean Pro_UPDATES] (.Systweak Inc.) -- C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [7911768] =>Rogue.RegistryPowerCleaner
[MD5.7F57B243ED1D2E8C29905FA3092E2E93] [APT] [Speedial] (...) -- C:\Users\Audrey\AppData\Roaming\Speedial\UPDATE~1\UPDATE~1.exe [99840] =>Adware.SearchYa
[MD5.8F96BB27036090754B997ACBE55398E9] [APT] [SpeedUpMyPC] (.SpeedUpMyPC.) -- C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sump.exe [395608] =>PUP.SpeedUpMyPC
O39 - APT: 778b13f2-c15f-477c-b94a-493347511055-1 - (.installdaddy.) -- C:\Windows\Tasks\778b13f2-c15f-477c-b94a-493347511055-1.job [1694] =>PUP.CrossRider
O39 - APT: 778b13f2-c15f-477c-b94a-493347511055-1 - (.installdaddy.) -- C:\Windows\System32\Tasks\778b13f2-c15f-477c-b94a-493347511055-1 [1694] =>PUP.CrossRider
O39 - APT: 778b13f2-c15f-477c-b94a-493347511055-11 - (.installdaddy.) -- C:\Windows\Tasks\778b13f2-c15f-477c-b94a-493347511055-11.job [3846]
O39 - APT: 778b13f2-c15f-477c-b94a-493347511055-11 - (.installdaddy.) -- C:\Windows\System32\Tasks\778b13f2-c15f-477c-b94a-493347511055-11 [3846]
O39 - APT: 778b13f2-c15f-477c-b94a-493347511055-2 - (.installdaddy.) -- C:\Windows\Tasks\778b13f2-c15f-477c-b94a-493347511055-2.job [1402] =>PUP.CrossRider
O39 - APT: 778b13f2-c15f-477c-b94a-493347511055-2 - (.installdaddy.) -- C:\Windows\System32\Tasks\778b13f2-c15f-477c-b94a-493347511055-2 [1402] =>PUP.CrossRider
O39 - APT: 778b13f2-c15f-477c-b94a-493347511055-4 - (.installdaddy.) -- C:\Windows\Tasks\778b13f2-c15f-477c-b94a-493347511055-4.job [2382] =>PUP.CrossRider
O39 - APT: 778b13f2-c15f-477c-b94a-493347511055-4 - (.installdaddy.) -- C:\Windows\System32\Tasks\778b13f2-c15f-477c-b94a-493347511055-4 [2382] =>PUP.CrossRider
O39 - APT: 778b13f2-c15f-477c-b94a-493347511055-5 - (.installdaddy.) -- C:\Windows\Tasks\778b13f2-c15f-477c-b94a-493347511055-5.job [1512] =>PUP.CrossRider
O39 - APT: 778b13f2-c15f-477c-b94a-493347511055-5 - (.installdaddy.) -- C:\Windows\System32\Tasks\778b13f2-c15f-477c-b94a-493347511055-5 [1512] =>PUP.CrossRider
O39 - APT: 778b13f2-c15f-477c-b94a-493347511055-5_user - (.installdaddy.) -- C:\Windows\Tasks\778b13f2-c15f-477c-b94a-493347511055-5_user.job [1532]
O39 - APT: 778b13f2-c15f-477c-b94a-493347511055-5_user - (.installdaddy.) -- C:\Windows\System32\Tasks\778b13f2-c15f-477c-b94a-493347511055-5_user [1532]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: - (..) -- C:\Windows\Tasks\EPSON XP-212 213 Series Invitation {4605E4F8-BB29-4E83-8107-B279FEB2F095}.job [753]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\EPSON XP-212 213 Series Invitation {4605E4F8-BB29-4E83-8107-B279FEB2F095} [753]
O39 - APT: - (..) -- C:\Windows\Tasks\EPSON XP-212 213 Series Update {4605E4F8-BB29-4E83-8107-B279FEB2F095}.job [939]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\EPSON XP-212 213 Series Update {4605E4F8-BB29-4E83-8107-B279FEB2F095} [939]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3450407988-1697823270-3064364597-1001Core [930]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3450407988-1697823270-3064364597-1001UA [952]
O39 - APT: - (..) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job [962]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore [962]
O39 - APT: - (..) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job [966]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA [966]
O39 - APT: RegClean Pro_DEFAULT - (.Systweak Inc.) -- C:\Windows\Tasks\RegClean Pro_DEFAULT.job [298] =>Rogue.RegistryPowerCleaner
O39 - APT: RegClean Pro_DEFAULT - (.Systweak Inc.) -- C:\Windows\System32\Tasks\RegClean Pro_DEFAULT [298] =>Rogue.RegistryPowerCleaner
O39 - APT: RegClean Pro_UPDATES - (.Systweak Inc.) -- C:\Windows\Tasks\RegClean Pro_UPDATES.job [306] =>Rogue.RegistryPowerCleaner
O39 - APT: RegClean Pro_UPDATES - (.Systweak Inc.) -- C:\Windows\System32\Tasks\RegClean Pro_UPDATES [306] =>Rogue.RegistryPowerCleaner
O39 - APT: Speedial - (...) -- C:\Windows\Tasks\Speedial.job [316] =>Hijacker.iHaveNet
O39 - APT: Speedial - (...) -- C:\Windows\System32\Tasks\Speedial [316] =>Adware.SearchYa
O39 - APT: SpeedUpMyPC - (.SpeedUpMyPC.) -- C:\Windows\Tasks\SpeedUpMyPC.job [280] =>PUP.SpeedUpMyPC
O39 - APT: SpeedUpMyPC - (.SpeedUpMyPC.) -- C:\Windows\System32\Tasks\SpeedUpMyPC [280] =>PUP.SpeedUpMyPC
O39 - APT: - (..) -- C:\Windows\System32\Tasks\spmonitor [358]
~ Scheduled Task: 49 Legitimates Filtered in 00mn 05s
---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (cbvlypsv) . (. - .) - C:\Windows\system32\drivers\cbvlypsv.sys (.not file.)
O41 - Driver: (netfilter64) . (.NetFilterSDK.com - NetFilter SDK WFP Driver (WPP).) - C:\Windows\System32\drivers\netfilter64.sys
O41 - Driver: ({2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64.sys =>PUP.LinkiDoo
O41 - Driver: ({8ce1c375-1e13-43f7-a4fd-6530f47c4fde}Gw64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{8ce1c375-1e13-43f7-a4fd-6530f47c4fde}Gw64.sys =>PUP.LinkiDoo
O41 - Driver: ({8ce1c375-1e13-43f7-a4fd-6530f47c4fde}w64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{8ce1c375-1e13-43f7-a4fd-6530f47c4fde}w64.sys =>PUP.LinkiDoo
~ Drivers: 64 Legitimates Filtered in 00mn 00s
---\\ Logiciels installés (O42)
O42 - Logiciel: Advanced System Protector - (.Systweak Software.) [HKLM][64Bits] -- 00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1 =>PUP.AdvancedSystemProtector
O42 - Logiciel: Ask Toolbar - (.APN, LLC.) [HKLM][64Bits] -- {4F524A2D-5637-4300-76A7-A758B70C0C02} =>Toolbar.Avira
O42 - Logiciel: Buzzdock - (.Alactro LLC.) [HKLM][64Bits] -- {ac225167-00fc-452d-94c5-bb93600e7d9a}
O42 - Logiciel: MyPC Backup - (.MyPC Backup.) [HKLM][64Bits] -- MyPC Backup =>PUP.MyPCBackup
O42 - Logiciel: Mysearchdial - (.Mysearchdial.) [HKLM][64Bits] -- mysearchdial =>Adware.MyWebSearch
O42 - Logiciel: Plus-HD-1.3 - (.Plus HD.) [HKLM][64Bits] -- Plus-HD-1.3 =>Adware.PlusHD
O42 - Logiciel: RegClean Pro - (.Systweak Inc.) [HKLM][64Bits] -- RegClean Pro_is1 =>Rogue.RegistryPowerCleaner
O42 - Logiciel: Rock Turner - (.Rock Turner.) [HKLM][64Bits] -- Rock Turner =>PUP.RockTurner
O42 - Logiciel: SiteFinder - (.SiteFinder.) [HKLM][64Bits] -- SiteFinder =>Adware.ShoppingReport
O42 - Logiciel: Speedial - (.Speedial.) [HKLM][64Bits] -- Speedial =>Adware.SearchYa
~ Logic: 31 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader
[HKCU\Software\ASKHomePage]
[HKCU\Software\AskPartnerNetwork]
[HKCU\Software\BabSolution] =>Hijacker.BabSolution
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\Delta]
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\InstalledBrowserExtensions] =>Adware.VidSaver
[HKCU\Software\Linkey] =>PUP.LinkeySearch
[HKCU\Software\Rock Turner] =>PUP.RockTurner
[HKCU\Software\SP22]
[HKCU\Software\SystemK] =>PUP.SystemK
[HKCU\Software\mysearchdial] =>Adware.MyWebSearch
[HKCU\Software\speedial] =>Adware.SearchYa
[HKLM\Software\88B73655-05CA-442E-8ABF-97FD96D79AC9]
[HKLM\Software\InstalledBrowserExtensions] =>Adware.VidSaver
[HKLM\Software\Supra Savings] =>PUP.SupraSavings
[HKLM\Software\SupraSavings ] =>PUP.SupraSavings
[HKLM\Software\Wow6432Node\1ClickMovie-Download V9.0]
[HKLM\Software\Wow6432Node\AskPartnerNetwork]
[HKLM\Software\Wow6432Node\Delta]
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\InstallCore] =>Adware.InstallCore
[HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>Adware.VidSaver
[HKLM\Software\Wow6432Node\Rock Turner] =>PUP.RockTurner
[HKLM\Software\Wow6432Node\SupDp] =>PUP.SupTab
[HKLM\Software\Wow6432Node\SupraSavings] =>PUP.SupraSavings
[HKLM\Software\Wow6432Node\SystemK] =>PUP.SystemK
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager
[HKLM\Software\Wow6432Node\eSafeSecControl] =>PUP.eSafeSecurity
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab
[HKLM\Software\suprasavings] =>PUP.SupraSavings
~ Key Software: 333 Legitimates Filtered in 00mn 01s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 29/06/2014 - 12:21:08 - [] ----D C:\Program Files (x86)\1ClickMovie-Download V9.0
O43 - CFD: 29/06/2014 - 12:16:08 - [] ----D C:\Program Files (x86)\1clickmoviedownloader.com
O43 - CFD: 28/06/2014 - 13:01:36 - [] ----D C:\Program Files (x86)\88B73655-05CA-442E-8ABF-97FD96D79AC9
O43 - CFD: 29/06/2014 - 00:57:34 - [] ----D C:\Program Files (x86)\Advanced System Protector =>PUP.AdvancedSystemProtector
O43 - CFD: 11/05/2014 - 14:16:13 - [] ----D C:\Program Files (x86)\AskPartnerNetwork
O43 - CFD: 27/04/2014 - 13:36:12 - [] ----D C:\Program Files (x86)\Linkey =>PUP.LinkeySearch
O43 - CFD: 18/11/2013 - 12:42:50 - [] ----D C:\Program Files (x86)\MyPC Backup =>PUP.MyPCBackup
O43 - CFD: 25/04/2014 - 20:31:57 - [] ----D C:\Program Files (x86)\Mysearchdial =>Adware.MyWebSearch
O43 - CFD: 18/05/2014 - 11:41:12 - [] ----D C:\Program Files (x86)\Plus-HD-1.3 =>Adware.PlusHD
O43 - CFD: 25/04/2014 - 20:32:59 - [] ----D C:\Program Files (x86)\RegClean Pro =>Rogue.RegistryPowerCleaner
O43 - CFD: 29/06/2014 - 00:57:38 - [] ----D C:\Program Files (x86)\Rock Turner =>PUP.RockTurner
O43 - CFD: 26/04/2014 - 00:27:57 - [] ----D C:\Program Files (x86)\Settings Manager =>PUP.SystemK
O43 - CFD: 26/04/2014 - 11:42:40 - [] ----D C:\Program Files (x86)\SiteFinder =>Adware.ShoppingReport
O43 - CFD: 26/04/2014 - 11:42:41 - [0] ----D C:\Program Files (x86)\SiteRecommend
O43 - CFD: 01/06/2014 - 17:29:49 - [] ----D C:\Program Files (x86)\Speedial =>Adware.SearchYa
O43 - CFD: 28/06/2014 - 13:10:54 - [] ----D C:\Program Files (x86)\SupTab =>PUP.SupTab
O43 - CFD: 11/05/2014 - 14:16:04 - [] ----D C:\ProgramData\APN
O43 - CFD: 11/05/2014 - 14:16:13 - [] ----D C:\ProgramData\AskPartnerNetwork
O43 - CFD: 18/09/2013 - 20:22:36 - [0] ----D C:\ProgramData\Babylon =>PUP.Babylon
O43 - CFD: 18/09/2013 - 20:22:53 - [] ----D C:\ProgramData\DSearchLink =>Toolbar.DeltaSearch
O43 - CFD: 07/12/2013 - 22:51:00 - [] ----D C:\ProgramData\eSafe =>PUP.eSafeSecurity
O43 - CFD: 28/06/2014 - 13:13:11 - [] ----D C:\ProgramData\IePluginServices =>Trojan.SProtector
O43 - CFD: 08/06/2014 - 12:57:33 - [] ----D C:\ProgramData\systemk =>PUP.SystemK
O43 - CFD: 29/06/2014 - 12:57:29 - [] ----D C:\ProgramData\WindowsProtectManger =>PUP.Fuyu
O43 - CFD: 07/12/2013 - 23:00:35 - [0] -SH-D C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
O43 - CFD: 07/12/2013 - 23:00:36 - [0] -SH-D C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 - CFD: 18/09/2013 - 20:22:36 - [] ----D C:\Users\Audrey\AppData\Roaming\Babylon =>PUP.Babylon
O43 - CFD: 25/04/2014 - 20:31:57 - [] ----D C:\Users\Audrey\AppData\Roaming\mysearchdial =>Adware.MyWebSearch
O43 - CFD: 24/11/2013 - 21:08:20 - [] ----D C:\Users\Audrey\AppData\Roaming\OpenCandy =>Adware.OpenCandy
O43 - CFD: 15/09/2013 - 12:03:48 - [] ----D C:\Users\Audrey\AppData\Roaming\Reg
O43 - CFD: 26/04/2014 - 00:28:52 - [0] ----D C:\Users\Audrey\AppData\Roaming\SimilarSites
O43 - CFD: 01/06/2014 - 17:30:10 - [] ----D C:\Users\Audrey\AppData\Roaming\Speedial =>Adware.SearchYa
O43 - CFD: 28/06/2014 - 13:10:49 - [0] ----D C:\Users\Audrey\AppData\Roaming\SupTab =>PUP.SupTab
O43 - CFD: 28/06/2014 - 12:37:53 - [] ----D C:\Users\Audrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1clickmoviedownloader.com =>PUP.SoftwareEngine
O43 - CFD: 11/11/2013 - 13:06:33 - [] ----D C:\Users\Audrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup =>PUP.MyPCBackup
~ Program Folder: 204 Legitimates Filtered in 00mn 01s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.93E7FA131B9AF0AF62D112AB19D31264] - 15/06/2014 - 17:58:33 ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml [387268]
O44 - LFC:[MD5.15E1A091E907EB0B62902F9C4AC03305] - 18/06/2014 - 16:31:20 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{8ce1c375-1e13-43f7-a4fd-6530f47c4fde}w64.sys [61120] =>PUP.LinkiDoo
O44 - LFC:[MD5.9FE9CA6AB890639162A100EAC704EA83] - 26/06/2014 - 18:55:13 ---A- . (...) -- C:\Windows\win.ini [269]
~ Files: 47 Legitimates Filtered in 00mn 02s
---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.16E8F431A66094AF34C05D012F12B6A7] - 06/06/2014 - 19:46:30 ---A- - C:\Windows\Prefetch\FILETYPEHELPER.EXE-9451393B.pf =>PUP.FileTypeHelper
O45 - LFCP:[MD5.CFB89532BE8116B3DDAE67D9BD7E19E8] - 22/06/2014 - 14:41:44 ---A- - C:\Windows\Prefetch\MYPC BACKUP.EXE-EFC95E5E.pf =>PUP.MyPCBackup
O45 - LFCP:[MD5.E035271772EDCE2F63A2CFD34EB2100E] - 01/06/2014 - 16:26:29 ---A- - C:\Windows\Prefetch\ROCKTURNER.EXE-A3507E9F.pf =>PUP.RockTurner
O45 - LFCP:[MD5.0EEA87F21E615FDB164FA6B87CCF1873] - 26/06/2014 - 18:55:13 ---A- - C:\Windows\Prefetch\ROCKTURNER.PURBROWSE64.EXE-5AD5AE84.pf =>PUP.RockTurner
O45 - LFCP:[MD5.EEBDC0E5B0D1AF9053C5E2877D842EF5] - 22/09/2013 - 09:30:29 ---A- - C:\Windows\Prefetch\SOFTONICDOWNLOADER_POUR_CURSE-B0B4513B.pf =>Toolbar.Conduit
O45 - LFCP:[MD5.1FE046C7FC95717EDE227BDC1A6FA208] - 25/04/2014 - 19:51:46 ---A- - C:\Windows\Prefetch\SOFTONICDOWNLOADER_POUR_LES-S-1F6519A6.pf =>Toolbar.Conduit
O45 - LFCP:[MD5.F60F8047E48CDF6E3CBBCB76C9D3FF71] - 11/11/2013 - 12:07:54 ---A- - C:\Windows\Prefetch\SPEEDUPMYPC-STANDALONE-SETUP.-88D7DA95.pf =>PUP.SpeedUpMyPC
O45 - LFCP:[MD5.CAAC37D44833CEBBD60A2CE4614FCBD2] - 28/06/2014 - 12:01:46 ---A- - C:\Windows\Prefetch\SUPRASAVINGSSERVICE64.EXE-60B96A9C.pf =>PUP.SupraSavings
O45 - LFCP:[MD5.D18B5B5AAD0E908C7B7173CB9D574079] - 29/04/2014 - 14:44:41 ---A- - C:\Windows\Prefetch\WISEENHANCE.PURBROWSE64.EXE-DDFD8CCA.pf =>PUP.WiseEnhance
~ Prefetcher: 9 Legitimates Filtered in 00mn 00s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - bitguard.exe - tasklist.exe =>PUP.BitGuard
O50 - IFEO:Image File Execution Options - bprotect.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - bpsvc.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - browserdefender.exe - tasklist.exe =>Hijacker.Eazel
O50 - IFEO:Image File Execution Options - browserprotect.exe - tasklist.exe =>Hijacker.Eazel
O50 - IFEO:Image File Execution Options - browsersafeguard.exe - tasklist.exe =>PUP.BrowserSafeguard
O50 - IFEO:Image File Execution Options - dprotectsvc.exe - tasklist.exe =>Trojan.Staser
O50 - IFEO:Image File Execution Options - jumpflip - tasklist.exe =>PUP.JumpFlip
O50 - IFEO:Image File Execution Options - protectedsearch.exe - tasklist.exe =>Spyware.ProtectedSearch
O50 - IFEO:Image File Execution Options - searchinstaller.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - searchprotection.exe - tasklist.exe =>PUP.SearchProtect
O50 - IFEO:Image File Execution Options - searchprotector.exe - tasklist.exe =>PUP.SearchProtect
O50 - IFEO:Image File Execution Options - searchsettings.exe - tasklist.exe =>Adware.SearchSettings
O50 - IFEO:Image File Execution Options - searchsettings64.exe - tasklist.exe =>Adware.SearchSettings
O50 - IFEO:Image File Execution Options - snapdo.exe - tasklist.exe =>Hijacker.SmartBar
O50 - IFEO:Image File Execution Options - stinst32.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - stinst64.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - umbrella.exe - tasklist.exe =>Adware.IMBooster
O50 - IFEO:Image File Execution Options - utiljumpflip.exe - tasklist.exe =>PUP.JumpFlip
O50 - IFEO:Image File Execution Options - volaro - tasklist.exe =>Trojan.Vonteera
O50 - IFEO:Image File Execution Options - vonteera - tasklist.exe =>Trojan.Vonteera
O50 - IFEO:Image File Execution Options - websteroids.exe - tasklist.exe =>PUP.TubeDimmer
O50 - IFEO:Image File Execution Options - websteroidsservice.exe - tasklist.exe =>PUP.TubeDimmer
~ IFEO: Scanned in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "ConfirmFileDelete"=1
~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:13/09/2012 - 04:35:08 ---A- . (.Windows (R) Win 7 DDK provider - Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapt.) -- C:\Windows\System32\Drivers\AmpPal.sys [162344]
O58 - SDL:12/06/2014 - 20:05:34 ---A- . (.NetFilterSDK.com - NetFilter SDK WFP Driver (WPP).) -- C:\Windows\System32\Drivers\netfilter64.sys [46376]
O58 - SDL:22/01/2014 - 07:52:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [108800]
O58 - SDL:22/01/2014 - 07:52:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [206080]
O58 - SDL:26/07/2012 - 06:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]
O58 - SDL:24/04/2014 - 11:32:28 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64.sys [61120] =>PUP.LinkiDoo
O58 - SDL:22/05/2014 - 17:24:44 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{8ce1c375-1e13-43f7-a4fd-6530f47c4fde}Gw64.sys [61120] =>PUP.LinkiDoo
O58 - SDL:18/06/2014 - 16:31:20 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{8ce1c375-1e13-43f7-a4fd-6530f47c4fde}w64.sys [61120] =>PUP.LinkiDoo
~ Drivers: 57 Legitimates Filtered in 00mn 01s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 22/06/2014 - 13:09:29 ---A- . (...) -- C:\Users\Audrey\Desktop\Jeux\WOW p\Utils\libcef.dll [23950848]
O61 - LFC: 22/06/2014 - 13:09:29 ---A- . (.The ICU Project.) -- C:\Users\Audrey\Desktop\Jeux\WOW p\Utils\icudt.dll [9956864]
O61 - LFC: 23/06/2014 - 13:09:28 ---A- . (...) -- C:\Users\Audrey\AppData\Local\Microsoft\Windows\Sqm\Manifest\Sqm10242.bin [283312]
O61 - LFC: 29/06/2014 - 13:09:29 ---A- . (...) -- C:\Users\Audrey\Desktop\ZHPDiag\unins000.exe [694736] =>.Nicolas Coolman
~ 763 Fichiers temporaires (Temporary files)
~ 78 Fichiers cookies (Cookies files)
~ Files: 23 Legitimates Filtered in 00mn 01s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe http://aartemis.com =>PUP.AArtemis
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: prefs.js [Audrey - jjmdqc1z.default] user_pref("extensions.crossrider.bic", "146e7302836ba71dbe88c8ffc29ef8b6"); =>PUP.CrossRider
O69 - SBI: SearchScopes [HKCU] {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} - (Speedial) - http://speedial.com =>Adware.SearchYa
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {08C0FD10-DBDC-4A29-BD6F-C807D7F5379F} - (Search the web (Softonic)) - http://search.softonic.com =>Adware.IMBooster
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (DaleSearch) - http://www.dalesearch.com =>Hijacker.Dalesearch
O69 - SBI: SearchScopes [HKCU] {31090377-0740-419E-BEFC-A56E50500D5B} - (Mysearchdial) - http://start.mysearchdial.com =>Adware.MyWebSearch
O69 - SBI: SearchScopes [HKCU] {33BB0A4E-99AF-4226-BDF6-49120163DE86} [DefaultScope] - (omiga-plus) - http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
O69 - SBI: SearchScopes [HKCU] {733B0CFC-3B91-4908-A056-0DBA6F36DF87} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {77AA745B-F4F8-45DA-9B14-61D2D95054C8} - (Conduit Search) - http://search.conduit.com
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} - (default-search.net) - http://www.default-search.net =>Hijacker.Browsers
O69 - SBI: SearchScopes [HKCU] {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} - (Norton Safe Search) - http://nortonsafe.search.ask.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.738F985D8DFB0FD60DB50C9F7A57007A] [SPRF][07/12/2013] (...) -- C:\ProgramData\ntuser.dat [262144]
~ Files: 2 Legitimates Filtered in 00mn 00s
---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "CDD2089BDF3544D48AD194CD08446841" . (.Software Updater.) -- C:\Windows\Installer\{B9802DDC-53FD-4D44-A81D-49DC80448614}\icon.ico =>PUP.Eorezo
O90 - PUC: "D2A425F473650034677A7A857BC0C020" . (.Ask Toolbar.) -- C:\Windows\Installer\{4F524A2D-5637-4300-76A7-A758B70C0C02}\ToolbarIcon.exe =>Toolbar.Ask
~ Update Products: 2 Legitimates Filtered in 00mn 00s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.CAFF4EC5F93485EAD6320A3A4F2AD718] [WIS][22/05/2014] (.APN, LLC - Ask Toolbar.) -- C:\Windows\Installer\286d064.msi [469504] =>Toolbar.Avira
~ WIS: 1 Legitimates Filtered in 00mn 03s
---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32 =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS =>PUP.MyPCBackup
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32 =>PUP.AdvancedSystemProtector
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS =>PUP.AdvancedSystemProtector
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\JFileManager_RASAPI32 =>PUP.JFileManager
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\JFileManager_RASMANCS =>PUP.JFileManager
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\RockTurner_RASAPI32 =>PUP.RockTurner
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\RockTurner_RASMANCS =>PUP.RockTurner
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateRockTurner_RASAPI32 =>PUP.RockTurner
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateRockTurner_RASMANCS =>PUP.RockTurner
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateWiseEnhance_RASAPI32 =>PUP.WiseEnhance
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateWiseEnhance_RASMANCS =>PUP.WiseEnhance
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilRockTurner_RASAPI32 =>PUP.RockTurner
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilRockTurner_RASMANCS =>PUP.RockTurner
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilWiseEnhance_RASAPI32 =>PUP.WiseEnhance
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilWiseEnhance_RASMANCS =>PUP.WiseEnhance
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WiseEnhance_RASAPI32 =>PUP.WiseEnhance
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WiseEnhance_RASMANCS =>PUP.WiseEnhance
~ BTK: 75 Legitimates Filtered in 00mn 00s
---\\ Recherche de clés de registre CLSID (O101)
[HKCR\CLSID\{11111111-1111-1111-1111-110311121157}] (Plus-HD-1.3) =>Adware.PlusHD
[HKCR\CLSID\{22222222-2222-2222-2222-220322122257}] (CrossriderApp0031257.Sandbox) =>PUP.CrossRider
[HKCR\CLSID\{22222222-2222-2222-2222-220522132282}] (CrossriderApp0051382.Sandbox) =>PUP.CrossRider
[HKCR\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1}] (SystemK Module) =>PUP.SystemK
~ BCK: 5019 Legitimates Filtered in 00mn 11s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 17/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Disabled 10/07/1658 166352 | (APNMCP) . (...) - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
SS - | Disabled 10/07/1658 0 | (CltMngSvc) . (...) - C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe =>PUP.SearchProtect
SS - | Demand 22/10/2012 277024 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 11/03/2013 316376 | (CyberLink PowerDVD 10 MS Service) . (.CyberLink.) - C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
SS - | Auto 29/06/2014 68608 | (globalUpdate) . (.globalUpdate.) - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
SS - | Demand 29/06/2014 68608 | (globalUpdatem) . (.globalUpdate.) - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
SS - | Demand 09/04/2014 289256 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
SS - | Demand 22/06/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 24/09/2012 272176 | (MyWiFiDHCPDNS) . (...) - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
SS - | Demand 20/09/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/09/2012 731688 | (AMPPALR3) . (.Intel Corporation.) - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
SR - | Auto 19/09/2013 38440 | (BackupStack) . (.Just Develop It.) - C:\Program Files (x86)\MyPC Backup\BackupStack.exe =>PUP.MyPCBackup
SR - | Auto 13/12/2012 1120784 | (Bluetooth Device Monitor) . (.Motorola Solutions, Inc..) - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
SR - | Auto 03/12/2012 1148864 | (Bluetooth OBEX Service) . (.Motorola Solutions, Inc..) - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
SR - | Auto 15/08/2012 135984 | (BTHSSecurityMgr) . (.Intel(R) Corporation.) - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
SR - | Auto 11/03/2013 74712 | (CyberLink PowerDVD 10 MS Monitor Service) . (.CyberLink.) - C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
SR - | Auto 24/09/2012 617776 | (EvtEng) . (.Intel(R) Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
SR - | System 25/05/2014 36240 | (F06DEFF2-5B9C-490D-910F-35D3A9119622) . (.Aztec Media Inc.) - C:\Program Files (x86)\Settings Manager\systemk\x64\systemkmgrc1.cfg =>PUP.SystemK
SR - | Auto 21/11/2013 101888 | (Freemake Improver) . (.Freemake.) - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
SR - | Auto 21/11/2013 9216 | (FreemakeVideoCapture) . (.Ellora Assets Corp..) - C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
SR - | Auto 19/01/2013 160256 | (GFNEXSrv) . (...) - C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
SR - | Auto 16/08/2012 7168 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 08/05/2014 704112 | (IePluginServices) . (.Cherished Technololgy LIMITED.) - C:\ProgramData\IePluginServices\PluginService.exe =>Trojan.SProtector
SR - | Auto 28/03/2012 140456 | (IJPLMSVC) . (...) - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.exe
SR - | Auto 20/04/2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 17/07/2012 165760 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 17/07/2012 276864 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 11/05/2014 276376 | (NIS) . (.Symantec Corporation.) - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe
SR - | Auto 28/06/2014 706560 | (nuttkoqiez64) . (...) - C:\Program Files\003\nuttkoqiez64.exe =>PUP.AdPeak
SR - | Auto 24/09/2012 149296 | (RegSrvc) . (.Intel(R) Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
SR - | Auto 19/08/2010 386344 | (RichVideo64) . (...) - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
SR - | Auto 25/06/2014 172544 | (SupraSavingsService64) . (...) - C:\Program Files (x86)\88B73655-05CA-442E-8ABF-97FD96D79AC9\SupraSavingsService64.exe =>PUP.SupraSavings
SR - | Auto 30/08/2013 2100024 | (TuneUp.UtilitiesSvc) . (.TuneUp Software.) - C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
SR - | Auto 17/07/2012 364416 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 26/06/2014 318752 | (Update Rock Turner) . (...) - C:\Program Files (x86)\Rock Turner\updateRockTurner.exe =>PUP.RockTurner
SR - | Auto 26/06/2014 318752 | (Util Rock Turner) . (...) - C:\Program Files (x86)\Rock Turner\bin\utilRockTurner.exe =>PUP.RockTurner
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 24/09/2012 1153840 | (ZeroConfigService) . (.Intel® Corporation.) - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
~ Services: Scanned in 00mn 16s
---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by Audrey at 29/06/2014 13:10:52
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s
---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Audrey at 29/06/2014 13:10:54
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s
---\\ Scan Additionnel (O88)
Database Version : 13026 - (28/06/2014)
Clés trouvées (Keys found) : 75
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 31
Fichiers trouvés (Files found) : 56
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511131182}] =>PUP.CrossRider^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}] =>PUP.SupTab^
[HKLM\SYSTEM\CurrentControlSet\Services\MyPC Backup) (BackupStack] =>PUP.MyPCBackup^
[HKLM\SYSTEM\CurrentControlSet\Services\IePluginServices] =>Trojan.SProtector^
[HKLM\SYSTEM\CurrentControlSet\Services\nuttkoqiez64] =>PUP.AdPeak^
[HKLM\SYSTEM\CurrentControlSet\Services\SupraSavingsService64] =>PUP.SupraSavings^
[HKLM\SYSTEM\CurrentControlSet\Services\Update Rock Turner] =>PUP.RockTurner^
[HKLM\SYSTEM\CurrentControlSet\Services\Util Rock Turner] =>PUP.RockTurner^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1] =>PUP.AdvancedSystemProtector^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4F524A2D-5637-4300-76A7-A758B70C0C02}] =>Toolbar.Avira^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup] =>PUP.MyPCBackup^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\mysearchdial] =>Adware.MyWebSearch^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-1.3] =>Adware.PlusHD^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1] =>Rogue.RegistryPowerCleaner^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Rock Turner] =>PUP.RockTurner^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SiteFinder] =>Adware.ShoppingReport^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Speedial] =>Adware.SearchYa^
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>PUP.Babylon
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Classes\SpeedUpMyPC] =>PUP.SpeedUpMyPC
[HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKLM\Software\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}] =>PUP.Funmoods
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}] =>Toolbar.Conduit
[HKLM\Software\Classes\Prod.cap] =>PUP.Babylon
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}] =>Toolbar.Ask
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKLM\Software\Wow6432Node\InstallCore] =>Adware.InstallCore
[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\delta.deltadskBnd] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\eSafeSecControl] =>PUP.eSafeSecurity
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider
[HKCU\Software\AskPartnerNetwork] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\AskPartnerNetwork] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1] =>PUP.SpeedUpMyPC
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo] =>PUP.Elex
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc] =>PUP.eSafeSecurity
[HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0031257.BHO] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0031257.BHO.1] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0031257.Sandbox] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0031257.Sandbox.1] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0051382.BHO] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0051382.BHO.1] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0051382.Sandbox] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0051382.Sandbox.1] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110311121157}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110511131182}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220322122257}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220522132282}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311121157}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0031257.BHO] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0031257.BHO.1] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0031257.Sandbox] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0031257.Sandbox.1] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0051382.BHO] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0051382.BHO.1] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0051382.Sandbox] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0051382.Sandbox.1] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\delta.deltadskBnd] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110311121157}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110511131182}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220322122257}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220522132282}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311121157}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511131182}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}] =>Adware.Bandoo^
[HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]:{CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} =>Adware.ShoppingReport^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:mobilegeni daemon =>PUP.Mobogenie^
C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\jjmdqc1z.default\extensions\{1ED03F15-1006-1C66-CCA5-15A00B80A7B7} =>PUP.SystemK^
C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\jjmdqc1z.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52} =>Adware.SearchYa^
C:\Program Files (x86)\Advanced System Protector =>PUP.AdvancedSystemProtector^
C:\Program Files (x86)\Linkey =>PUP.LinkeySearch^
C:\Program Files (x86)\MyPC Backup =>PUP.MyPCBackup^
C:\Program Files (x86)\Mysearchdial =>Adware.MyWebSearch^
C:\Program Files (x86)\Plus-HD-1.3 =>Adware.PlusHD^
C:\Program Files (x86)\RegClean Pro =>Rogue.RegistryPowerCleaner^
C:\Program Files (x86)\Rock Turner =>PUP.RockTurner^
C:\Program Files (x86)\Settings Manager =>PUP.SystemK^
C:\Program Files (x86)\SiteFinder =>Adware.ShoppingReport^
C:\Program Files (x86)\Speedial =>Adware.SearchYa^
C:\Program Files (x86)\SupTab =>PUP.SupTab^
C:\ProgramData\Babylon =>PUP.Babylon^
C:\ProgramData\DSearchLink =>Toolbar.DeltaSearch^
C:\ProgramData\eSafe =>PUP.eSafeSecurity^
C:\ProgramData\IePluginServices =>Trojan.SProtector^
C:\ProgramData\systemk =>PUP.SystemK^
C:\ProgramData\WindowsProtectManger =>PUP.Fuyu^
C:\Users\Audrey\AppData\Roaming\Babylon =>PUP.Babylon^
C:\Users\Audrey\AppData\Roaming\mysearchdial =>Adware.MyWebSearch^
C:\Users\Audrey\AppData\Roaming\OpenCandy =>Adware.OpenCandy^
C:\Users\Audrey\AppData\Roaming\Speedial =>Adware.SearchYa^
C:\Users\Audrey\AppData\Roaming\SupTab =>PUP.SupTab^
C:\Users\Audrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1clickmoviedownloader.com =>PUP.SoftwareEngine^
C:\Users\Audrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup =>PUP.MyPCBackup^
C:\Program Files (x86)\AskPartnerNetwork =>Toolbar.Ask
C:\ProgramData\AskPartnerNetwork =>Toolbar.Ask
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro =>Rogue.RegistryPowerCleaner
C:\Users\Audrey\AppData\Roaming\SimilarSites =>Adware.SimilarSites
C:\Users\Audrey\AppData\Local\Temp\Iminent =>Adware.IMBooster
C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe =>PUP.AdvancedSystemProtector^
C:\Program Files (x86)\Rock Turner\bin\RockTurner.BrowserAdapter.exe =>PUP.RockTurner^
C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe =>Rogue.RegistryPowerCleaner^
C:\Users\Audrey\AppData\Roaming\Speedial\UPDATE~1\UPDATE~1.exe =>Adware.SearchYa^
C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sump.exe =>PUP.SpeedUpMyPC^
C:\Windows\Tasks\778b13f2-c15f-477c-b94a-493347511055-1.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\778b13f2-c15f-477c-b94a-493347511055-1 =>PUP.CrossRider^
C:\Windows\Tasks\778b13f2-c15f-477c-b94a-493347511055-2.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\778b13f2-c15f-477c-b94a-493347511055-2 =>PUP.CrossRider^
C:\Windows\Tasks\778b13f2-c15f-477c-b94a-493347511055-4.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\778b13f2-c15f-477c-b94a-493347511055-4 =>PUP.CrossRider^
C:\Windows\Tasks\778b13f2-c15f-477c-b94a-493347511055-5.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\778b13f2-c15f-477c-b94a-493347511055-5 =>PUP.CrossRider^
C:\Windows\Tasks\RegClean Pro_DEFAULT.job =>Rogue.RegistryPowerCleaner^
C:\Windows\System32\Tasks\RegClean Pro_DEFAULT =>Rogue.RegistryPowerCleaner^
C:\Windows\Tasks\RegClean Pro_UPDATES.job =>Rogue.RegistryPowerCleaner^
C:\Windows\System32\Tasks\RegClean Pro_UPDATES =>Rogue.RegistryPowerCleaner^
C:\Windows\Tasks\Speedial.job =>Hijacker.iHaveNet^
C:\Windows\System32\Tasks\Speedial =>Adware.SearchYa^
C:\Windows\Tasks\SpeedUpMyPC.job =>PUP.SpeedUpMyPC^
C:\Windows\System32\Tasks\SpeedUpMyPC =>PUP.SpeedUpMyPC^
[HKCU\Software\BabSolution] =>Hijacker.BabSolution^
[HKCU\Software\Conduit] =>Toolbar.Conduit^
[HKCU\Software\Linkey] =>PUP.LinkeySearch^
[HKCU\Software\Rock Turner] =>PUP.RockTurner^
[HKCU\Software\SystemK] =>PUP.SystemK^
[HKCU\Software\mysearchdial] =>Adware.MyWebSearch^
[HKCU\Software\speedial] =>Adware.SearchYa^
[HKLM\Software\Supra Savings] =>PUP.SupraSavings^
[HKLM\Software\SupraSavings ] =>PUP.SupraSavings^
[HKLM\Software\Wow6432Node\Rock Turner] =>PUP.RockTurner^
[HKLM\Software\Wow6432Node\SupDp] =>PUP.SupTab^
[HKLM\Software\Wow6432Node\SupraSavings] =>PUP.SupraSavings^
[HKLM\Software\Wow6432Node\SystemK] =>PUP.SystemK^
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager^
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab^
[HKLM\Software\suprasavings] =>PUP.SupraSavings^
C:\Windows\Installer\286d064.msi =>Toolbar.Avira^
[HKCR\CLSID\{11111111-1111-1111-1111-110311121157}] (Plus-HD-1.3) =>Adware.PlusHD^
[HKCR\CLSID\{22222222-2222-2222-2222-220322122257}] (CrossriderApp0031257.Sandbox) =>PUP.CrossRider^
[HKCR\CLSID\{22222222-2222-2222-2222-220522132282}] (CrossriderApp0051382.Sandbox) =>PUP.CrossRider^
[HKCR\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1}] (SystemK Module) =>PUP.SystemK^
C:\Users\Audrey\AppData\Local\Temp\uninst1.exe =>PUP.Babylon
C:\Users\Audrey\AppData\Local\Temp\nse5AC8.exe =>Toolbar.Conduit
C:\Users\Audrey\AppData\Local\Temp\nsl1F16.exe =>Toolbar.Conduit
C:\Users\Audrey\AppData\Local\Temp\nspDA4B.exe =>Toolbar.Conduit
C:\Users\Audrey\AppData\Local\Temp\nsv1C95.exe =>Toolbar.Conduit
C:\Users\Audrey\AppData\Local\Temp\nsv5CAE.exe =>Toolbar.Conduit
C:\Users\Audrey\AppData\Local\Temp\SPSetup.exe =>Toolbar.Conduit
~ Additionnel Scan: 287822 Items scanned in 00mn 50s
---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects de navigateur (O2)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer Toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ http://nicolascoolman.fr/o50-image-file-execution-options-zhpdiag/ =>.Image File Execution Options (IFEO) (O50)
~ AMI: 5 Legitimates Filtered in 00mn 00s
---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.fr/pup-advancedsystemprotector =>PUP.AdvancedSystemProtector
http://nicolascoolman.fr/pup-rockturner =>PUP.RockTurner
http://nicolascoolman.fr/toolbar-conduit =>Toolbar.Conduit
http://nicolascoolman.fr/hijacker-browsers =>Hijacker.Browsers
http://nicolascoolman.fr/adware-mywebsearch =>Adware.MyWebSearch
http://nicolascoolman.fr/adware-searchya =>Adware.SearchYa
http://nicolascoolman.fr/pup-systemk =>PUP.SystemK
http://nicolascoolman.fr/hijacker-omigaplus =>Hijacker.OmigaPlus
http://nicolascoolman.fr/adware-shoppingreport =>Adware.ShoppingReport
http://nicolascoolman.fr/pup-crossrider =>PUP.CrossRider
http://nicolascoolman.fr/pup-suptab =>PUP.SupTab
http://nicolascoolman.fr/pup-mypcbackup =>PUP.MyPCBackup
http://nicolascoolman.fr/pup-mobogenie =>PUP.Mobogenie
http://nicolascoolman.fr/pup-searchprotect =>PUP.SearchProtect
http://nicolascoolman.fr/trojan-sprotector =>Trojan.SProtector
http://nicolascoolman.fr/pup-adpeak =>PUP.AdPeak
http://nicolascoolman.fr/pup-suprasavings =>PUP.SupraSavings
http://nicolascoolman.fr/rogue-registrypowercleaner =>Rogue.RegistryPowerCleaner
http://nicolascoolman.fr/hijacker-ihavenet =>Hijacker.iHaveNet
http://nicolascoolman.fr/pup-linkidoo =>PUP.LinkiDoo
http://nicolascoolman.fr/adware-plushd =>Adware.PlusHD
http://nicolascoolman.fr/pup-1clickdownloader =>PUP.1ClickDownloader
http://nicolascoolman.fr/hijacker-babsolution =>Hijacker.BabSolution
http://nicolascoolman.fr/adware-installcore =>Adware.InstallCore
http://nicolascoolman.fr/adware-vidsaver =>Adware.VidSaver
http://nicolascoolman.fr/pup-linkeysearch =>PUP.LinkeySearch
http://nicolascoolman.fr/adware-imbooster =>Adware.IMBooster
http://nicolascoolman.fr/pup-wpmanager =>PUP.WpManager
http://nicolascoolman.fr/pup-esafesecurity =>PUP.eSafeSecurity
http://nicolascoolman.fr/pup-babylon =>PUP.Babylon
http://nicolascoolman.fr/toolbar-deltasearch =>Toolbar.DeltaSearch
http://nicolascoolman.fr/adware-opencandy =>Adware.OpenCandy
http://nicolascoolman.fr/pup-softwareengine =>PUP.SoftwareEngine
http://nicolascoolman.fr/pup-wiseenhance =>PUP.WiseEnhance
http://nicolascoolman.fr/pup-bitguard =>PUP.BitGuard
http://nicolascoolman.fr/hijacker-eazel =>Hijacker.Eazel
http://nicolascoolman.fr/pup-browsersafeguard =>PUP.BrowserSafeguard
http://nicolascoolman.fr/trojan-staser =>Trojan.Staser
http://nicolascoolman.fr/pup-jumpflip =>PUP.JumpFlip
http://nicolascoolman.fr/spyware-protectedsearch =>Spyware.ProtectedSearch
http://nicolascoolman.fr/adware-searchsettings =>Adware.SearchSettings
http://nicolascoolman.fr/hijacker-smartbar =>Hijacker.SmartBar
http://nicolascoolman.fr/trojan-vonteera =>Trojan.Vonteera
http://nicolascoolman.fr/pup-tubedimmer =>PUP.TubeDimmer
http://nicolascoolman.fr/pup-aartemis =>PUP.AArtemis
http://nicolascoolman.fr/hijacker-dalesearch =>Hijacker.Dalesearch
http://nicolascoolman.fr/pup-eorezo =>PUP.Eorezo
http://nicolascoolman.fr/toolbar-ask =>Toolbar.Ask
http://nicolascoolman.fr/pup-jfilemanager =>PUP.JFileManager
http://nicolascoolman.fr/pup-v9software =>PUP.V9Software
http://nicolascoolman.fr/pup-funmoods =>PUP.Funmoods
http://nicolascoolman.fr/pup-elex =>PUP.Elex
http://nicolascoolman.fr/adware-bandoo =>Adware.Bandoo
http://nicolascoolman.fr/adware-similarsites =>Adware.SimilarSites
~ MSI: 54 link(s) detected in 00mn 00s
~ 885 Legitimates filtered by white list
End of the scan (924 lines in 02mn 58s)(0)
~ Lancé par Audrey (29/06/2014 13:08:48)
~ Adresse du Site Web http://nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16921
MFIE: Mozilla Firefox 30.0 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows 8, 64-bit (Build 9200)
Windows Server License Manager Script : OK
~ Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : 9KT7T
Windows License : OK
~ Windows Remaining Initializations Number : 997
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Logiciels de protection du système
Norton Internet Security v21.3.0.12
McAfee Security Scan Plus v3.8.150.1
Windows Defender W8 (Deactivate)
---\\ Logiciels d'optimisation du système
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 13 Plugin
Java 7 Update 55
---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3977 MB (24% free)
System Restore: Activé (Enable)
System drive C: has 702 GB (80%) free of 870 GB
---\\ Mode de connexion au système
~ Computer Name: PC-AUDREY
~ User Name: Audrey
~ All Users Names: HomeGroupUser$, Audrey, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Audrey\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Audrey\AppData\Roaming\
~ %Desktop% : C:\Users\Audrey\Desktop\
~ %Favorites% : C:\Users\Audrey\Favorites\
~ %LocalAppData% : C:\Users\Audrey\AppData\Local\
~ %StartMenu% : C:\Users\Audrey\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 702 Go of 870 Go)
D: Hard drive, Flash drive, Thumb drive (Free 42 Go of 60 Go)
E: CD-ROM drive (Free 0 Go of 7 Go)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 46 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Explorateur Windows.) (.01/06/2013 - 12:34:21.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Application de démarrage de Windows.) (.26/07/2012 - 04:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.73AB92A1AA104EAF08B7AEA27B10C5CD] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.24/05/2014 - 03:47:54.) -- C:\Windows\System32\wininet.dll [2239488]
[MD5.75DD70A14145499C9F7D903CF9A8C91B] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.12/04/2014 - 10:10:31.) -- C:\Windows\System32\Winlogon.exe [578048]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Bibliothèque de licences.) (.26/07/2012 - 04:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.7C0E0EDF18D6CC565D7BFBB451709FA5] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.04/09/2013 - 04:11:23.) -- C:\Windows\system32\Drivers\AFD.sys [576512]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 06:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26/07/2012 - 03:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26/07/2012 - 03:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.431141C6859990824D17F71C30A78728] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.16/01/2014 - 00:42:58.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/09/2012 - 07:08:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Pilote de port i8042.) (.26/07/2012 - 03:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.26/07/2012 - 03:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.7A761AEE58658378BBA45D360F874CB0] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.27/02/2014 - 00:18:55.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.26/07/2012 - 03:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.7BE3EDFFA3216F989A6BDCB14795DD08] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.27/01/2014 - 04:39:40.) -- C:\Windows\system32\Drivers\ntfs.sys [1939288]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Pilote de port parallèle.) (.26/07/2012 - 03:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26/07/2012 - 03:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.26/07/2012 - 03:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 06:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.01/06/2013 - 12:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/3
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 0/0
~ Mes Favoris (My Favorites) : 1/7
~ Mes Documents (My Documents) : 1/2084
~ Mon Bureau (My Desktop) : 3/7754
~ Menu demarrer (Programs) : 1/30
~ Hidden Files: Scanned in 00mn 01s
---\\ Processus lancés
[MD5.DC12AAAE925C0211E4668B9C90BDD2BA] - (.Systweak - Advanced System Protector.) -- C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe [6600048] [PID.4560] =>PUP.AdvancedSystemProtector
[MD5.EABAB863E4451B22CA44A4919E59D2B8] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [110144] [PID.1924]
[MD5.0966408A384E8B0FE57B0008E18D561C] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192] [PID.2808]
[MD5.F19743FA0223E465A09EEDA296CA4943] - (.CyberLink Corp. - CyberLink YouCam Service.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [263128] [PID.1916]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.2792]
[MD5.FAA41A278E698C7D0D2D4312AC18CE21] - (.TODO:
[MD5.1305F77D8B17AA4C516263D6F8013836] - (.Symantec Corporation - Norton Internet Security.) -- C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe [276376] [PID.4592]
[MD5.E4EC610A452D55110E1BCB659BE9F245] - (...) -- C:\Program Files (x86)\Rock Turner\bin\RockTurner.BrowserAdapter.exe [96544] [PID.7252] =>PUP.RockTurner
[MD5.1DE6BBA90F15B803E4B7968BC9F21CD3] - (.Cool Mirage - Free TV Downloader.) -- C:\Program Files (x86)\1clickmoviedownloader.com\FreeTVDownloader.exe [2702328] [PID.30096]
[MD5.B1E01D636350983E94171E229C759468] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.32620]
[MD5.4F87179386948D61FBF74B0DDF265170] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [18544] [PID.32708]
[MD5.038053B5DB6B0DCFB32B7682334B7625] - (.Adobe Systems, Inc. - Adobe Flash Player 13.0 r0.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe [1863856] [PID.32172]
[MD5.3DD5FB1B7D48D2233CDCAD7FF5EC045F] - (.Nicolas Coolman - ZHPDiag.) -- C:\Users\Audrey\Desktop\ZHPDiag\ZHPDiag.exe [8072192] [PID.28844]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Preferences
---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 0 Legitimates Filtered in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\jjmdqc1z.default\prefs.js
M3 - MFPP: Plugins - [Audrey] -- C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\jjmdqc1z.default\searchplugins\ask-search.xml
M3 - MFPP: Plugins - [Audrey] -- C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\jjmdqc1z.default\searchplugins\conduit-search.xml =>Toolbar.Conduit
M3 - MFPP: Plugins - [Audrey] -- C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\jjmdqc1z.default\searchplugins\default-search.xml =>Hijacker.Browsers
M3 - MFPP: Plugins - [Audrey] -- C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\jjmdqc1z.default\searchplugins\Mysearchdial.xml =>Adware.MyWebSearch
M3 - MFPP: Plugins - [Audrey] -- C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\jjmdqc1z.default\searchplugins\Speedial.xml =>Adware.SearchYa
M2 - MFEP: prefs.js [Audrey - jjmdqc1z.default\{1ED03F15-1006-1C66-CCA5-15A00B80A7B7}] [] Settings Manager v5.0.0.12791 (..) =>PUP.SystemK
M2 - MFEP: prefs.js [Audrey - jjmdqc1z.default\{fa95f577-07cb-4470-ac90-e843f5f83c52}] [] Speedial v5.0.0.12791 (..) =>Adware.SearchYa
~ Firefox Browser: 13 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
R3 - URLSearchHook: SiteFinder [64Bits] - {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} . (.Site Finder - Site Finder Toolbar.) (1.0.0.0) -- C:\Program Files (x86)\SiteFinder\SiteFinder.dll =>Adware.ShoppingReport
~ IE Browser: 18 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: CrossriderApp0051382 [64Bits] - {11111111-1111-1111-1111-110511131182} . (.installdaddy - 1ClickMovie-Download V9.0 BHO.) -- C:\Program Files (x86)\1ClickMovie-Download V9.0\1ClickMovie-Download V9.0-bho.dll =>PUP.CrossRider
O2 - BHO: IETabPage Class [64Bits] - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} . (.Thinknice Co. Limited - SupTab setup package.) -- C:\Program Files (x86)\SupTab\SupTab.dll =>PUP.SupTab
~ BHO: 19 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Norton Toolbar - [HKLM]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} . (.Symantec Corporation - coIEPlugIn.) -- C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coIEPlg.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
O4 - GS\Program [Public]: MEDIONhome.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
O4 - GS\Program [Public]: Welcome.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
O4 - GS\QuickLaunch [Audrey]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
O4 - GS\QuickLaunch [Audrey]: SpeedUpMyPC.lnk . (.SpeedUpMyPC - Uniblue SpeedUpMyPC.) -- C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sump.exe =>PUP.SpeedUpMyPC
O4 - GS\TaskBar [Audrey]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
O4 - GS\Program [Audrey]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
~ Global Startup: 9 Legitimates Filtered in 00mn 01s
---\\ Applications lancées au démarrage du système (O4)
O4 - GS\Startup [Audrey]: MyPC Backup.lnk . (.MyPCBackup.com - MyPC Backup.) -- C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe =>PUP.MyPCBackup
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [RtHDVBg_Dolby] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
O4 - HKLM\..\Run: [BTMTrayAgent] . (.Motorola Solutions, Inc. - Bluetooth Shell Extension.) -- C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Audrey\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILHE.exe =>.Epson Seiko Corporation
O4 - HKCU\..\Run: [Lync] . (.Microsoft Corporation - Microsoft Lync.) -- C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe
O4 - HKLM\..\Wow6432Node\Run: [CLMLServer_For_P2G8] . (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
O4 - HKLM\..\Wow6432Node\Run: [CLVirtualDrive] . (.CyberLink Corp. - CyberLink Virtual Drive.) -- C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
O4 - HKLM\..\Wow6432Node\Run: [YouCam Service] . (.CyberLink Corp. - CyberLink YouCam Service.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
O4 - HKLM\..\Wow6432Node\Run: [CanonQuickMenu] . (.CANON INC. - Canon Quick Menu.) -- C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.exe
O4 - HKLM\..\Wow6432Node\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe (.not file.) =>PUP.Mobogenie
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKUS\S-1-5-21-3450407988-1697823270-3064364597-1001\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Audrey\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-3450407988-1697823270-3064364597-1001\..\Run: [EPLTarget\P0000000000000000] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILHE.exe =>.Epson Seiko Corporation
O4 - HKUS\S-1-5-21-3450407988-1697823270-3064364597-1001\..\Run: [Lync] . (.Microsoft Corporation - Microsoft Lync.) -- C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
O4 - HKUS\S-1-5-21-3450407988-1697823270-3064364597-1001\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe
~ Application: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: eBay.fr [64Bits] - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} . (...) -- C:\Windows\system32\OOBE\info\Icon\eBay.ico =>Toolbar.eBay
O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Lync Click to Call [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\lync.exe (.not file.)
O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{378F4834-05FF-4B54-9634-0F261119180A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{378F4834-05FF-4B54-9634-0F261119180A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807583E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.Skytech Co., Ltd. - Skytech.) - C:\Program Files (x86)\SupTab\SearchProtect64.dll =>PUP.SearchProtect
~ AppInit DLL: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Computer Backup (MyPC Backup) (BackupStack) . (.Just Develop It - Backup Stack.) - C:\Program Files (x86)\MyPC Backup\BackupStack.exe =>PUP.MyPCBackup
O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) . (.globalUpdate - globalUpdate Update.) - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: IePlugin Services (IePluginServices) . (.Cherished Technololgy LIMITED - IePlugin Service.) - C:\ProgramData\IePluginServices\PluginService.exe =>Trojan.SProtector
O23 - Service: nuttkoqiez64 (nuttkoqiez64) . (...) - C:\Program Files\003\nuttkoqiez64.exe =>PUP.AdPeak
O23 - Service: SupraSavingsService64 (SupraSavingsService64) . (...) - C:\Program Files (x86)\88B73655-05CA-442E-8ABF-97FD96D79AC9\SupraSavingsService64.exe =>PUP.SupraSavings
O23 - Service: Update Rock Turner (Update Rock Turner) . (...) - C:\Program Files (x86)\Rock Turner\updateRockTurner.exe =>PUP.RockTurner
O23 - Service: Util Rock Turner (Util Rock Turner) . (...) - C:\Program Files (x86)\Rock Turner\bin\utilRockTurner.exe =>PUP.RockTurner
~ Services: 29 Legitimates Filtered in 00mn 08s
---\\ Clés Session Manager (AppCertDlls,KnownDLLs) (O36)
O36 - AppCertDlls: (x64) . (...) -- C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll =>PUP.SystemK
~ Keys: Scanned in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
[MD5.208D4340A1B5E1B5F9C4E5BF0F00C6EF] [APT] [778b13f2-c15f-477c-b94a-493347511055-1] (.installdaddy.) -- C:\Program Files (x86)\1ClickMovie-Download V9.0\1ClickMovie-Download V9.0-codedownloader.exe [565120]
[MD5.17F3484ACAF76842D655B397B3FCC1E7] [APT] [778b13f2-c15f-477c-b94a-493347511055-11] (.installdaddy.) -- C:\Program Files (x86)\1ClickMovie-Download V9.0\778b13f2-c15f-477c-b94a-493347511055-11.exe [1975680]
[MD5.399EBE2DDE07E1A3196E63B23F985897] [APT] [778b13f2-c15f-477c-b94a-493347511055-2] (.installdaddy.) -- C:\Program Files (x86)\1ClickMovie-Download V9.0\778b13f2-c15f-477c-b94a-493347511055-2.exe [411008]
[MD5.014F55850EA12FD936B9A9599F1119B0] [APT] [778b13f2-c15f-477c-b94a-493347511055-4] (.installdaddy.) -- C:\Program Files (x86)\1ClickMovie-Download V9.0\778b13f2-c15f-477c-b94a-493347511055-4.exe [895872]
[MD5.F15D39CADF06263D6A67BA4A73E38CE1] [APT] [778b13f2-c15f-477c-b94a-493347511055-5] (.installdaddy.) -- C:\Program Files (x86)\1ClickMovie-Download V9.0\778b13f2-c15f-477c-b94a-493347511055-5.exe [506240]
[MD5.F15D39CADF06263D6A67BA4A73E38CE1] [APT] [778b13f2-c15f-477c-b94a-493347511055-5_user] (.installdaddy.) -- C:\Program Files (x86)\1ClickMovie-Download V9.0\778b13f2-c15f-477c-b94a-493347511055-5.exe [506240]
[MD5.DC12AAAE925C0211E4668B9C90BDD2BA] [APT] [Advanced System Protector_startup] (.Systweak.) -- C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe [6600048] =>PUP.AdvancedSystemProtector
[MD5.38755468B06EFBD48747341405969188] [APT] [RegClean Pro] (.Systweak Inc.) -- C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [7911768] =>Rogue.RegistryPowerCleaner
[MD5.38755468B06EFBD48747341405969188] [APT] [RegClean Pro_DEFAULT] (.Systweak Inc.) -- C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [7911768] =>Rogue.RegistryPowerCleaner
[MD5.38755468B06EFBD48747341405969188] [APT] [RegClean Pro_UPDATES] (.Systweak Inc.) -- C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [7911768] =>Rogue.RegistryPowerCleaner
[MD5.7F57B243ED1D2E8C29905FA3092E2E93] [APT] [Speedial] (...) -- C:\Users\Audrey\AppData\Roaming\Speedial\UPDATE~1\UPDATE~1.exe [99840] =>Adware.SearchYa
[MD5.8F96BB27036090754B997ACBE55398E9] [APT] [SpeedUpMyPC] (.SpeedUpMyPC.) -- C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sump.exe [395608] =>PUP.SpeedUpMyPC
O39 - APT: 778b13f2-c15f-477c-b94a-493347511055-1 - (.installdaddy.) -- C:\Windows\Tasks\778b13f2-c15f-477c-b94a-493347511055-1.job [1694] =>PUP.CrossRider
O39 - APT: 778b13f2-c15f-477c-b94a-493347511055-1 - (.installdaddy.) -- C:\Windows\System32\Tasks\778b13f2-c15f-477c-b94a-493347511055-1 [1694] =>PUP.CrossRider
O39 - APT: 778b13f2-c15f-477c-b94a-493347511055-11 - (.installdaddy.) -- C:\Windows\Tasks\778b13f2-c15f-477c-b94a-493347511055-11.job [3846]
O39 - APT: 778b13f2-c15f-477c-b94a-493347511055-11 - (.installdaddy.) -- C:\Windows\System32\Tasks\778b13f2-c15f-477c-b94a-493347511055-11 [3846]
O39 - APT: 778b13f2-c15f-477c-b94a-493347511055-2 - (.installdaddy.) -- C:\Windows\Tasks\778b13f2-c15f-477c-b94a-493347511055-2.job [1402] =>PUP.CrossRider
O39 - APT: 778b13f2-c15f-477c-b94a-493347511055-2 - (.installdaddy.) -- C:\Windows\System32\Tasks\778b13f2-c15f-477c-b94a-493347511055-2 [1402] =>PUP.CrossRider
O39 - APT: 778b13f2-c15f-477c-b94a-493347511055-4 - (.installdaddy.) -- C:\Windows\Tasks\778b13f2-c15f-477c-b94a-493347511055-4.job [2382] =>PUP.CrossRider
O39 - APT: 778b13f2-c15f-477c-b94a-493347511055-4 - (.installdaddy.) -- C:\Windows\System32\Tasks\778b13f2-c15f-477c-b94a-493347511055-4 [2382] =>PUP.CrossRider
O39 - APT: 778b13f2-c15f-477c-b94a-493347511055-5 - (.installdaddy.) -- C:\Windows\Tasks\778b13f2-c15f-477c-b94a-493347511055-5.job [1512] =>PUP.CrossRider
O39 - APT: 778b13f2-c15f-477c-b94a-493347511055-5 - (.installdaddy.) -- C:\Windows\System32\Tasks\778b13f2-c15f-477c-b94a-493347511055-5 [1512] =>PUP.CrossRider
O39 - APT: 778b13f2-c15f-477c-b94a-493347511055-5_user - (.installdaddy.) -- C:\Windows\Tasks\778b13f2-c15f-477c-b94a-493347511055-5_user.job [1532]
O39 - APT: 778b13f2-c15f-477c-b94a-493347511055-5_user - (.installdaddy.) -- C:\Windows\System32\Tasks\778b13f2-c15f-477c-b94a-493347511055-5_user [1532]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: - (..) -- C:\Windows\Tasks\EPSON XP-212 213 Series Invitation {4605E4F8-BB29-4E83-8107-B279FEB2F095}.job [753]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\EPSON XP-212 213 Series Invitation {4605E4F8-BB29-4E83-8107-B279FEB2F095} [753]
O39 - APT: - (..) -- C:\Windows\Tasks\EPSON XP-212 213 Series Update {4605E4F8-BB29-4E83-8107-B279FEB2F095}.job [939]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\EPSON XP-212 213 Series Update {4605E4F8-BB29-4E83-8107-B279FEB2F095} [939]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3450407988-1697823270-3064364597-1001Core [930]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3450407988-1697823270-3064364597-1001UA [952]
O39 - APT: - (..) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job [962]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore [962]
O39 - APT: - (..) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job [966]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA [966]
O39 - APT: RegClean Pro_DEFAULT - (.Systweak Inc.) -- C:\Windows\Tasks\RegClean Pro_DEFAULT.job [298] =>Rogue.RegistryPowerCleaner
O39 - APT: RegClean Pro_DEFAULT - (.Systweak Inc.) -- C:\Windows\System32\Tasks\RegClean Pro_DEFAULT [298] =>Rogue.RegistryPowerCleaner
O39 - APT: RegClean Pro_UPDATES - (.Systweak Inc.) -- C:\Windows\Tasks\RegClean Pro_UPDATES.job [306] =>Rogue.RegistryPowerCleaner
O39 - APT: RegClean Pro_UPDATES - (.Systweak Inc.) -- C:\Windows\System32\Tasks\RegClean Pro_UPDATES [306] =>Rogue.RegistryPowerCleaner
O39 - APT: Speedial - (...) -- C:\Windows\Tasks\Speedial.job [316] =>Hijacker.iHaveNet
O39 - APT: Speedial - (...) -- C:\Windows\System32\Tasks\Speedial [316] =>Adware.SearchYa
O39 - APT: SpeedUpMyPC - (.SpeedUpMyPC.) -- C:\Windows\Tasks\SpeedUpMyPC.job [280] =>PUP.SpeedUpMyPC
O39 - APT: SpeedUpMyPC - (.SpeedUpMyPC.) -- C:\Windows\System32\Tasks\SpeedUpMyPC [280] =>PUP.SpeedUpMyPC
O39 - APT: - (..) -- C:\Windows\System32\Tasks\spmonitor [358]
~ Scheduled Task: 49 Legitimates Filtered in 00mn 05s
---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (cbvlypsv) . (. - .) - C:\Windows\system32\drivers\cbvlypsv.sys (.not file.)
O41 - Driver: (netfilter64) . (.NetFilterSDK.com - NetFilter SDK WFP Driver (WPP).) - C:\Windows\System32\drivers\netfilter64.sys
O41 - Driver: ({2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64.sys =>PUP.LinkiDoo
O41 - Driver: ({8ce1c375-1e13-43f7-a4fd-6530f47c4fde}Gw64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{8ce1c375-1e13-43f7-a4fd-6530f47c4fde}Gw64.sys =>PUP.LinkiDoo
O41 - Driver: ({8ce1c375-1e13-43f7-a4fd-6530f47c4fde}w64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{8ce1c375-1e13-43f7-a4fd-6530f47c4fde}w64.sys =>PUP.LinkiDoo
~ Drivers: 64 Legitimates Filtered in 00mn 00s
---\\ Logiciels installés (O42)
O42 - Logiciel: Advanced System Protector - (.Systweak Software.) [HKLM][64Bits] -- 00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1 =>PUP.AdvancedSystemProtector
O42 - Logiciel: Ask Toolbar - (.APN, LLC.) [HKLM][64Bits] -- {4F524A2D-5637-4300-76A7-A758B70C0C02} =>Toolbar.Avira
O42 - Logiciel: Buzzdock - (.Alactro LLC.) [HKLM][64Bits] -- {ac225167-00fc-452d-94c5-bb93600e7d9a}
O42 - Logiciel: MyPC Backup - (.MyPC Backup.) [HKLM][64Bits] -- MyPC Backup =>PUP.MyPCBackup
O42 - Logiciel: Mysearchdial - (.Mysearchdial.) [HKLM][64Bits] -- mysearchdial =>Adware.MyWebSearch
O42 - Logiciel: Plus-HD-1.3 - (.Plus HD.) [HKLM][64Bits] -- Plus-HD-1.3 =>Adware.PlusHD
O42 - Logiciel: RegClean Pro - (.Systweak Inc.) [HKLM][64Bits] -- RegClean Pro_is1 =>Rogue.RegistryPowerCleaner
O42 - Logiciel: Rock Turner - (.Rock Turner.) [HKLM][64Bits] -- Rock Turner =>PUP.RockTurner
O42 - Logiciel: SiteFinder - (.SiteFinder.) [HKLM][64Bits] -- SiteFinder =>Adware.ShoppingReport
O42 - Logiciel: Speedial - (.Speedial.) [HKLM][64Bits] -- Speedial =>Adware.SearchYa
~ Logic: 31 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader
[HKCU\Software\ASKHomePage]
[HKCU\Software\AskPartnerNetwork]
[HKCU\Software\BabSolution] =>Hijacker.BabSolution
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\Delta]
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\InstalledBrowserExtensions] =>Adware.VidSaver
[HKCU\Software\Linkey] =>PUP.LinkeySearch
[HKCU\Software\Rock Turner] =>PUP.RockTurner
[HKCU\Software\SP22]
[HKCU\Software\SystemK] =>PUP.SystemK
[HKCU\Software\mysearchdial] =>Adware.MyWebSearch
[HKCU\Software\speedial] =>Adware.SearchYa
[HKLM\Software\88B73655-05CA-442E-8ABF-97FD96D79AC9]
[HKLM\Software\InstalledBrowserExtensions] =>Adware.VidSaver
[HKLM\Software\Supra Savings] =>PUP.SupraSavings
[HKLM\Software\SupraSavings ] =>PUP.SupraSavings
[HKLM\Software\Wow6432Node\1ClickMovie-Download V9.0]
[HKLM\Software\Wow6432Node\AskPartnerNetwork]
[HKLM\Software\Wow6432Node\Delta]
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\InstallCore] =>Adware.InstallCore
[HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>Adware.VidSaver
[HKLM\Software\Wow6432Node\Rock Turner] =>PUP.RockTurner
[HKLM\Software\Wow6432Node\SupDp] =>PUP.SupTab
[HKLM\Software\Wow6432Node\SupraSavings] =>PUP.SupraSavings
[HKLM\Software\Wow6432Node\SystemK] =>PUP.SystemK
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager
[HKLM\Software\Wow6432Node\eSafeSecControl] =>PUP.eSafeSecurity
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab
[HKLM\Software\suprasavings] =>PUP.SupraSavings
~ Key Software: 333 Legitimates Filtered in 00mn 01s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 29/06/2014 - 12:21:08 - [] ----D C:\Program Files (x86)\1ClickMovie-Download V9.0
O43 - CFD: 29/06/2014 - 12:16:08 - [] ----D C:\Program Files (x86)\1clickmoviedownloader.com
O43 - CFD: 28/06/2014 - 13:01:36 - [] ----D C:\Program Files (x86)\88B73655-05CA-442E-8ABF-97FD96D79AC9
O43 - CFD: 29/06/2014 - 00:57:34 - [] ----D C:\Program Files (x86)\Advanced System Protector =>PUP.AdvancedSystemProtector
O43 - CFD: 11/05/2014 - 14:16:13 - [] ----D C:\Program Files (x86)\AskPartnerNetwork
O43 - CFD: 27/04/2014 - 13:36:12 - [] ----D C:\Program Files (x86)\Linkey =>PUP.LinkeySearch
O43 - CFD: 18/11/2013 - 12:42:50 - [] ----D C:\Program Files (x86)\MyPC Backup =>PUP.MyPCBackup
O43 - CFD: 25/04/2014 - 20:31:57 - [] ----D C:\Program Files (x86)\Mysearchdial =>Adware.MyWebSearch
O43 - CFD: 18/05/2014 - 11:41:12 - [] ----D C:\Program Files (x86)\Plus-HD-1.3 =>Adware.PlusHD
O43 - CFD: 25/04/2014 - 20:32:59 - [] ----D C:\Program Files (x86)\RegClean Pro =>Rogue.RegistryPowerCleaner
O43 - CFD: 29/06/2014 - 00:57:38 - [] ----D C:\Program Files (x86)\Rock Turner =>PUP.RockTurner
O43 - CFD: 26/04/2014 - 00:27:57 - [] ----D C:\Program Files (x86)\Settings Manager =>PUP.SystemK
O43 - CFD: 26/04/2014 - 11:42:40 - [] ----D C:\Program Files (x86)\SiteFinder =>Adware.ShoppingReport
O43 - CFD: 26/04/2014 - 11:42:41 - [0] ----D C:\Program Files (x86)\SiteRecommend
O43 - CFD: 01/06/2014 - 17:29:49 - [] ----D C:\Program Files (x86)\Speedial =>Adware.SearchYa
O43 - CFD: 28/06/2014 - 13:10:54 - [] ----D C:\Program Files (x86)\SupTab =>PUP.SupTab
O43 - CFD: 11/05/2014 - 14:16:04 - [] ----D C:\ProgramData\APN
O43 - CFD: 11/05/2014 - 14:16:13 - [] ----D C:\ProgramData\AskPartnerNetwork
O43 - CFD: 18/09/2013 - 20:22:36 - [0] ----D C:\ProgramData\Babylon =>PUP.Babylon
O43 - CFD: 18/09/2013 - 20:22:53 - [] ----D C:\ProgramData\DSearchLink =>Toolbar.DeltaSearch
O43 - CFD: 07/12/2013 - 22:51:00 - [] ----D C:\ProgramData\eSafe =>PUP.eSafeSecurity
O43 - CFD: 28/06/2014 - 13:13:11 - [] ----D C:\ProgramData\IePluginServices =>Trojan.SProtector
O43 - CFD: 08/06/2014 - 12:57:33 - [] ----D C:\ProgramData\systemk =>PUP.SystemK
O43 - CFD: 29/06/2014 - 12:57:29 - [] ----D C:\ProgramData\WindowsProtectManger =>PUP.Fuyu
O43 - CFD: 07/12/2013 - 23:00:35 - [0] -SH-D C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
O43 - CFD: 07/12/2013 - 23:00:36 - [0] -SH-D C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 - CFD: 18/09/2013 - 20:22:36 - [] ----D C:\Users\Audrey\AppData\Roaming\Babylon =>PUP.Babylon
O43 - CFD: 25/04/2014 - 20:31:57 - [] ----D C:\Users\Audrey\AppData\Roaming\mysearchdial =>Adware.MyWebSearch
O43 - CFD: 24/11/2013 - 21:08:20 - [] ----D C:\Users\Audrey\AppData\Roaming\OpenCandy =>Adware.OpenCandy
O43 - CFD: 15/09/2013 - 12:03:48 - [] ----D C:\Users\Audrey\AppData\Roaming\Reg
O43 - CFD: 26/04/2014 - 00:28:52 - [0] ----D C:\Users\Audrey\AppData\Roaming\SimilarSites
O43 - CFD: 01/06/2014 - 17:30:10 - [] ----D C:\Users\Audrey\AppData\Roaming\Speedial =>Adware.SearchYa
O43 - CFD: 28/06/2014 - 13:10:49 - [0] ----D C:\Users\Audrey\AppData\Roaming\SupTab =>PUP.SupTab
O43 - CFD: 28/06/2014 - 12:37:53 - [] ----D C:\Users\Audrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1clickmoviedownloader.com =>PUP.SoftwareEngine
O43 - CFD: 11/11/2013 - 13:06:33 - [] ----D C:\Users\Audrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup =>PUP.MyPCBackup
~ Program Folder: 204 Legitimates Filtered in 00mn 01s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.93E7FA131B9AF0AF62D112AB19D31264] - 15/06/2014 - 17:58:33 ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml [387268]
O44 - LFC:[MD5.15E1A091E907EB0B62902F9C4AC03305] - 18/06/2014 - 16:31:20 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{8ce1c375-1e13-43f7-a4fd-6530f47c4fde}w64.sys [61120] =>PUP.LinkiDoo
O44 - LFC:[MD5.9FE9CA6AB890639162A100EAC704EA83] - 26/06/2014 - 18:55:13 ---A- . (...) -- C:\Windows\win.ini [269]
~ Files: 47 Legitimates Filtered in 00mn 02s
---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.16E8F431A66094AF34C05D012F12B6A7] - 06/06/2014 - 19:46:30 ---A- - C:\Windows\Prefetch\FILETYPEHELPER.EXE-9451393B.pf =>PUP.FileTypeHelper
O45 - LFCP:[MD5.CFB89532BE8116B3DDAE67D9BD7E19E8] - 22/06/2014 - 14:41:44 ---A- - C:\Windows\Prefetch\MYPC BACKUP.EXE-EFC95E5E.pf =>PUP.MyPCBackup
O45 - LFCP:[MD5.E035271772EDCE2F63A2CFD34EB2100E] - 01/06/2014 - 16:26:29 ---A- - C:\Windows\Prefetch\ROCKTURNER.EXE-A3507E9F.pf =>PUP.RockTurner
O45 - LFCP:[MD5.0EEA87F21E615FDB164FA6B87CCF1873] - 26/06/2014 - 18:55:13 ---A- - C:\Windows\Prefetch\ROCKTURNER.PURBROWSE64.EXE-5AD5AE84.pf =>PUP.RockTurner
O45 - LFCP:[MD5.EEBDC0E5B0D1AF9053C5E2877D842EF5] - 22/09/2013 - 09:30:29 ---A- - C:\Windows\Prefetch\SOFTONICDOWNLOADER_POUR_CURSE-B0B4513B.pf =>Toolbar.Conduit
O45 - LFCP:[MD5.1FE046C7FC95717EDE227BDC1A6FA208] - 25/04/2014 - 19:51:46 ---A- - C:\Windows\Prefetch\SOFTONICDOWNLOADER_POUR_LES-S-1F6519A6.pf =>Toolbar.Conduit
O45 - LFCP:[MD5.F60F8047E48CDF6E3CBBCB76C9D3FF71] - 11/11/2013 - 12:07:54 ---A- - C:\Windows\Prefetch\SPEEDUPMYPC-STANDALONE-SETUP.-88D7DA95.pf =>PUP.SpeedUpMyPC
O45 - LFCP:[MD5.CAAC37D44833CEBBD60A2CE4614FCBD2] - 28/06/2014 - 12:01:46 ---A- - C:\Windows\Prefetch\SUPRASAVINGSSERVICE64.EXE-60B96A9C.pf =>PUP.SupraSavings
O45 - LFCP:[MD5.D18B5B5AAD0E908C7B7173CB9D574079] - 29/04/2014 - 14:44:41 ---A- - C:\Windows\Prefetch\WISEENHANCE.PURBROWSE64.EXE-DDFD8CCA.pf =>PUP.WiseEnhance
~ Prefetcher: 9 Legitimates Filtered in 00mn 00s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - bitguard.exe - tasklist.exe =>PUP.BitGuard
O50 - IFEO:Image File Execution Options - bprotect.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - bpsvc.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - browserdefender.exe - tasklist.exe =>Hijacker.Eazel
O50 - IFEO:Image File Execution Options - browserprotect.exe - tasklist.exe =>Hijacker.Eazel
O50 - IFEO:Image File Execution Options - browsersafeguard.exe - tasklist.exe =>PUP.BrowserSafeguard
O50 - IFEO:Image File Execution Options - dprotectsvc.exe - tasklist.exe =>Trojan.Staser
O50 - IFEO:Image File Execution Options - jumpflip - tasklist.exe =>PUP.JumpFlip
O50 - IFEO:Image File Execution Options - protectedsearch.exe - tasklist.exe =>Spyware.ProtectedSearch
O50 - IFEO:Image File Execution Options - searchinstaller.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - searchprotection.exe - tasklist.exe =>PUP.SearchProtect
O50 - IFEO:Image File Execution Options - searchprotector.exe - tasklist.exe =>PUP.SearchProtect
O50 - IFEO:Image File Execution Options - searchsettings.exe - tasklist.exe =>Adware.SearchSettings
O50 - IFEO:Image File Execution Options - searchsettings64.exe - tasklist.exe =>Adware.SearchSettings
O50 - IFEO:Image File Execution Options - snapdo.exe - tasklist.exe =>Hijacker.SmartBar
O50 - IFEO:Image File Execution Options - stinst32.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - stinst64.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - umbrella.exe - tasklist.exe =>Adware.IMBooster
O50 - IFEO:Image File Execution Options - utiljumpflip.exe - tasklist.exe =>PUP.JumpFlip
O50 - IFEO:Image File Execution Options - volaro - tasklist.exe =>Trojan.Vonteera
O50 - IFEO:Image File Execution Options - vonteera - tasklist.exe =>Trojan.Vonteera
O50 - IFEO:Image File Execution Options - websteroids.exe - tasklist.exe =>PUP.TubeDimmer
O50 - IFEO:Image File Execution Options - websteroidsservice.exe - tasklist.exe =>PUP.TubeDimmer
~ IFEO: Scanned in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "ConfirmFileDelete"=1
~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:13/09/2012 - 04:35:08 ---A- . (.Windows (R) Win 7 DDK provider - Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapt.) -- C:\Windows\System32\Drivers\AmpPal.sys [162344]
O58 - SDL:12/06/2014 - 20:05:34 ---A- . (.NetFilterSDK.com - NetFilter SDK WFP Driver (WPP).) -- C:\Windows\System32\Drivers\netfilter64.sys [46376]
O58 - SDL:22/01/2014 - 07:52:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [108800]
O58 - SDL:22/01/2014 - 07:52:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [206080]
O58 - SDL:26/07/2012 - 06:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]
O58 - SDL:24/04/2014 - 11:32:28 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64.sys [61120] =>PUP.LinkiDoo
O58 - SDL:22/05/2014 - 17:24:44 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{8ce1c375-1e13-43f7-a4fd-6530f47c4fde}Gw64.sys [61120] =>PUP.LinkiDoo
O58 - SDL:18/06/2014 - 16:31:20 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{8ce1c375-1e13-43f7-a4fd-6530f47c4fde}w64.sys [61120] =>PUP.LinkiDoo
~ Drivers: 57 Legitimates Filtered in 00mn 01s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 22/06/2014 - 13:09:29 ---A- . (...) -- C:\Users\Audrey\Desktop\Jeux\WOW p\Utils\libcef.dll [23950848]
O61 - LFC: 22/06/2014 - 13:09:29 ---A- . (.The ICU Project.) -- C:\Users\Audrey\Desktop\Jeux\WOW p\Utils\icudt.dll [9956864]
O61 - LFC: 23/06/2014 - 13:09:28 ---A- . (...) -- C:\Users\Audrey\AppData\Local\Microsoft\Windows\Sqm\Manifest\Sqm10242.bin [283312]
O61 - LFC: 29/06/2014 - 13:09:29 ---A- . (...) -- C:\Users\Audrey\Desktop\ZHPDiag\unins000.exe [694736] =>.Nicolas Coolman
~ 763 Fichiers temporaires (Temporary files)
~ 78 Fichiers cookies (Cookies files)
~ Files: 23 Legitimates Filtered in 00mn 01s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: prefs.js [Audrey - jjmdqc1z.default] user_pref("extensions.crossrider.bic", "146e7302836ba71dbe88c8ffc29ef8b6"); =>PUP.CrossRider
O69 - SBI: SearchScopes [HKCU] {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} - (Speedial) - http://speedial.com =>Adware.SearchYa
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {08C0FD10-DBDC-4A29-BD6F-C807D7F5379F} - (Search the web (Softonic)) - http://search.softonic.com =>Adware.IMBooster
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (DaleSearch) - http://www.dalesearch.com =>Hijacker.Dalesearch
O69 - SBI: SearchScopes [HKCU] {31090377-0740-419E-BEFC-A56E50500D5B} - (Mysearchdial) - http://start.mysearchdial.com =>Adware.MyWebSearch
O69 - SBI: SearchScopes [HKCU] {33BB0A4E-99AF-4226-BDF6-49120163DE86} [DefaultScope] - (omiga-plus) - http://isearch.omiga-plus.com =>Hijacker.OmigaPlus
O69 - SBI: SearchScopes [HKCU] {733B0CFC-3B91-4908-A056-0DBA6F36DF87} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {77AA745B-F4F8-45DA-9B14-61D2D95054C8} - (Conduit Search) - http://search.conduit.com
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} - (default-search.net) - http://www.default-search.net =>Hijacker.Browsers
O69 - SBI: SearchScopes [HKCU] {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} - (Norton Safe Search) - http://nortonsafe.search.ask.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.738F985D8DFB0FD60DB50C9F7A57007A] [SPRF][07/12/2013] (...) -- C:\ProgramData\ntuser.dat [262144]
~ Files: 2 Legitimates Filtered in 00mn 00s
---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "CDD2089BDF3544D48AD194CD08446841" . (.Software Updater.) -- C:\Windows\Installer\{B9802DDC-53FD-4D44-A81D-49DC80448614}\icon.ico =>PUP.Eorezo
O90 - PUC: "D2A425F473650034677A7A857BC0C020" . (.Ask Toolbar.) -- C:\Windows\Installer\{4F524A2D-5637-4300-76A7-A758B70C0C02}\ToolbarIcon.exe =>Toolbar.Ask
~ Update Products: 2 Legitimates Filtered in 00mn 00s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.CAFF4EC5F93485EAD6320A3A4F2AD718] [WIS][22/05/2014] (.APN, LLC - Ask Toolbar.) -- C:\Windows\Installer\286d064.msi [469504] =>Toolbar.Avira
~ WIS: 1 Legitimates Filtered in 00mn 03s
---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32 =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS =>PUP.MyPCBackup
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32 =>PUP.AdvancedSystemProtector
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS =>PUP.AdvancedSystemProtector
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\JFileManager_RASAPI32 =>PUP.JFileManager
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\JFileManager_RASMANCS =>PUP.JFileManager
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\RockTurner_RASAPI32 =>PUP.RockTurner
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\RockTurner_RASMANCS =>PUP.RockTurner
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateRockTurner_RASAPI32 =>PUP.RockTurner
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateRockTurner_RASMANCS =>PUP.RockTurner
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateWiseEnhance_RASAPI32 =>PUP.WiseEnhance
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateWiseEnhance_RASMANCS =>PUP.WiseEnhance
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilRockTurner_RASAPI32 =>PUP.RockTurner
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilRockTurner_RASMANCS =>PUP.RockTurner
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilWiseEnhance_RASAPI32 =>PUP.WiseEnhance
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilWiseEnhance_RASMANCS =>PUP.WiseEnhance
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WiseEnhance_RASAPI32 =>PUP.WiseEnhance
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WiseEnhance_RASMANCS =>PUP.WiseEnhance
~ BTK: 75 Legitimates Filtered in 00mn 00s
---\\ Recherche de clés de registre CLSID (O101)
[HKCR\CLSID\{11111111-1111-1111-1111-110311121157}] (Plus-HD-1.3) =>Adware.PlusHD
[HKCR\CLSID\{22222222-2222-2222-2222-220322122257}] (CrossriderApp0031257.Sandbox) =>PUP.CrossRider
[HKCR\CLSID\{22222222-2222-2222-2222-220522132282}] (CrossriderApp0051382.Sandbox) =>PUP.CrossRider
[HKCR\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1}] (SystemK Module) =>PUP.SystemK
~ BCK: 5019 Legitimates Filtered in 00mn 11s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 17/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Disabled 10/07/1658 166352 | (APNMCP) . (...) - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
SS - | Disabled 10/07/1658 0 | (CltMngSvc) . (...) - C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe =>PUP.SearchProtect
SS - | Demand 22/10/2012 277024 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 11/03/2013 316376 | (CyberLink PowerDVD 10 MS Service) . (.CyberLink.) - C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
SS - | Auto 29/06/2014 68608 | (globalUpdate) . (.globalUpdate.) - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
SS - | Demand 29/06/2014 68608 | (globalUpdatem) . (.globalUpdate.) - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
SS - | Demand 09/04/2014 289256 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
SS - | Demand 22/06/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 24/09/2012 272176 | (MyWiFiDHCPDNS) . (...) - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
SS - | Demand 20/09/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/09/2012 731688 | (AMPPALR3) . (.Intel Corporation.) - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
SR - | Auto 19/09/2013 38440 | (BackupStack) . (.Just Develop It.) - C:\Program Files (x86)\MyPC Backup\BackupStack.exe =>PUP.MyPCBackup
SR - | Auto 13/12/2012 1120784 | (Bluetooth Device Monitor) . (.Motorola Solutions, Inc..) - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
SR - | Auto 03/12/2012 1148864 | (Bluetooth OBEX Service) . (.Motorola Solutions, Inc..) - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
SR - | Auto 15/08/2012 135984 | (BTHSSecurityMgr) . (.Intel(R) Corporation.) - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
SR - | Auto 11/03/2013 74712 | (CyberLink PowerDVD 10 MS Monitor Service) . (.CyberLink.) - C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
SR - | Auto 24/09/2012 617776 | (EvtEng) . (.Intel(R) Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
SR - | System 25/05/2014 36240 | (F06DEFF2-5B9C-490D-910F-35D3A9119622) . (.Aztec Media Inc.) - C:\Program Files (x86)\Settings Manager\systemk\x64\systemkmgrc1.cfg =>PUP.SystemK
SR - | Auto 21/11/2013 101888 | (Freemake Improver) . (.Freemake.) - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
SR - | Auto 21/11/2013 9216 | (FreemakeVideoCapture) . (.Ellora Assets Corp..) - C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
SR - | Auto 19/01/2013 160256 | (GFNEXSrv) . (...) - C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
SR - | Auto 16/08/2012 7168 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 08/05/2014 704112 | (IePluginServices) . (.Cherished Technololgy LIMITED.) - C:\ProgramData\IePluginServices\PluginService.exe =>Trojan.SProtector
SR - | Auto 28/03/2012 140456 | (IJPLMSVC) . (...) - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.exe
SR - | Auto 20/04/2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 17/07/2012 165760 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 17/07/2012 276864 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 11/05/2014 276376 | (NIS) . (.Symantec Corporation.) - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe
SR - | Auto 28/06/2014 706560 | (nuttkoqiez64) . (...) - C:\Program Files\003\nuttkoqiez64.exe =>PUP.AdPeak
SR - | Auto 24/09/2012 149296 | (RegSrvc) . (.Intel(R) Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
SR - | Auto 19/08/2010 386344 | (RichVideo64) . (...) - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
SR - | Auto 25/06/2014 172544 | (SupraSavingsService64) . (...) - C:\Program Files (x86)\88B73655-05CA-442E-8ABF-97FD96D79AC9\SupraSavingsService64.exe =>PUP.SupraSavings
SR - | Auto 30/08/2013 2100024 | (TuneUp.UtilitiesSvc) . (.TuneUp Software.) - C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
SR - | Auto 17/07/2012 364416 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 26/06/2014 318752 | (Update Rock Turner) . (...) - C:\Program Files (x86)\Rock Turner\updateRockTurner.exe =>PUP.RockTurner
SR - | Auto 26/06/2014 318752 | (Util Rock Turner) . (...) - C:\Program Files (x86)\Rock Turner\bin\utilRockTurner.exe =>PUP.RockTurner
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 24/09/2012 1153840 | (ZeroConfigService) . (.Intel® Corporation.) - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
~ Services: Scanned in 00mn 16s
---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by Audrey at 29/06/2014 13:10:52
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s
---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Audrey at 29/06/2014 13:10:54
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s
---\\ Scan Additionnel (O88)
Database Version : 13026 - (28/06/2014)
Clés trouvées (Keys found) : 75
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 31
Fichiers trouvés (Files found) : 56
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511131182}] =>PUP.CrossRider^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}] =>PUP.SupTab^
[HKLM\SYSTEM\CurrentControlSet\Services\MyPC Backup) (BackupStack] =>PUP.MyPCBackup^
[HKLM\SYSTEM\CurrentControlSet\Services\IePluginServices] =>Trojan.SProtector^
[HKLM\SYSTEM\CurrentControlSet\Services\nuttkoqiez64] =>PUP.AdPeak^
[HKLM\SYSTEM\CurrentControlSet\Services\SupraSavingsService64] =>PUP.SupraSavings^
[HKLM\SYSTEM\CurrentControlSet\Services\Update Rock Turner] =>PUP.RockTurner^
[HKLM\SYSTEM\CurrentControlSet\Services\Util Rock Turner] =>PUP.RockTurner^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1] =>PUP.AdvancedSystemProtector^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4F524A2D-5637-4300-76A7-A758B70C0C02}] =>Toolbar.Avira^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup] =>PUP.MyPCBackup^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\mysearchdial] =>Adware.MyWebSearch^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-1.3] =>Adware.PlusHD^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1] =>Rogue.RegistryPowerCleaner^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Rock Turner] =>PUP.RockTurner^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SiteFinder] =>Adware.ShoppingReport^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Speedial] =>Adware.SearchYa^
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>PUP.Babylon
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Classes\SpeedUpMyPC] =>PUP.SpeedUpMyPC
[HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKLM\Software\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}] =>PUP.Funmoods
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}] =>Toolbar.Conduit
[HKLM\Software\Classes\Prod.cap] =>PUP.Babylon
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}] =>Toolbar.Ask
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKLM\Software\Wow6432Node\InstallCore] =>Adware.InstallCore
[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\delta.deltadskBnd] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\eSafeSecControl] =>PUP.eSafeSecurity
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider
[HKCU\Software\AskPartnerNetwork] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\AskPartnerNetwork] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1] =>PUP.SpeedUpMyPC
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo] =>PUP.Elex
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc] =>PUP.eSafeSecurity
[HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0031257.BHO] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0031257.BHO.1] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0031257.Sandbox] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0031257.Sandbox.1] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0051382.BHO] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0051382.BHO.1] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0051382.Sandbox] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0051382.Sandbox.1] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110311121157}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110511131182}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220322122257}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220522132282}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311121157}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0031257.BHO] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0031257.BHO.1] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0031257.Sandbox] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0031257.Sandbox.1] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0051382.BHO] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0051382.BHO.1] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0051382.Sandbox] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0051382.Sandbox.1] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\delta.deltadskBnd] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110311121157}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110511131182}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220322122257}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220522132282}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311121157}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511131182}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}] =>Adware.Bandoo^
[HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]:{CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} =>Adware.ShoppingReport^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:mobilegeni daemon =>PUP.Mobogenie^
C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\jjmdqc1z.default\extensions\{1ED03F15-1006-1C66-CCA5-15A00B80A7B7} =>PUP.SystemK^
C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\jjmdqc1z.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52} =>Adware.SearchYa^
C:\Program Files (x86)\Advanced System Protector =>PUP.AdvancedSystemProtector^
C:\Program Files (x86)\Linkey =>PUP.LinkeySearch^
C:\Program Files (x86)\MyPC Backup =>PUP.MyPCBackup^
C:\Program Files (x86)\Mysearchdial =>Adware.MyWebSearch^
C:\Program Files (x86)\Plus-HD-1.3 =>Adware.PlusHD^
C:\Program Files (x86)\RegClean Pro =>Rogue.RegistryPowerCleaner^
C:\Program Files (x86)\Rock Turner =>PUP.RockTurner^
C:\Program Files (x86)\Settings Manager =>PUP.SystemK^
C:\Program Files (x86)\SiteFinder =>Adware.ShoppingReport^
C:\Program Files (x86)\Speedial =>Adware.SearchYa^
C:\Program Files (x86)\SupTab =>PUP.SupTab^
C:\ProgramData\Babylon =>PUP.Babylon^
C:\ProgramData\DSearchLink =>Toolbar.DeltaSearch^
C:\ProgramData\eSafe =>PUP.eSafeSecurity^
C:\ProgramData\IePluginServices =>Trojan.SProtector^
C:\ProgramData\systemk =>PUP.SystemK^
C:\ProgramData\WindowsProtectManger =>PUP.Fuyu^
C:\Users\Audrey\AppData\Roaming\Babylon =>PUP.Babylon^
C:\Users\Audrey\AppData\Roaming\mysearchdial =>Adware.MyWebSearch^
C:\Users\Audrey\AppData\Roaming\OpenCandy =>Adware.OpenCandy^
C:\Users\Audrey\AppData\Roaming\Speedial =>Adware.SearchYa^
C:\Users\Audrey\AppData\Roaming\SupTab =>PUP.SupTab^
C:\Users\Audrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1clickmoviedownloader.com =>PUP.SoftwareEngine^
C:\Users\Audrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup =>PUP.MyPCBackup^
C:\Program Files (x86)\AskPartnerNetwork =>Toolbar.Ask
C:\ProgramData\AskPartnerNetwork =>Toolbar.Ask
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro =>Rogue.RegistryPowerCleaner
C:\Users\Audrey\AppData\Roaming\SimilarSites =>Adware.SimilarSites
C:\Users\Audrey\AppData\Local\Temp\Iminent =>Adware.IMBooster
C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe =>PUP.AdvancedSystemProtector^
C:\Program Files (x86)\Rock Turner\bin\RockTurner.BrowserAdapter.exe =>PUP.RockTurner^
C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe =>Rogue.RegistryPowerCleaner^
C:\Users\Audrey\AppData\Roaming\Speedial\UPDATE~1\UPDATE~1.exe =>Adware.SearchYa^
C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sump.exe =>PUP.SpeedUpMyPC^
C:\Windows\Tasks\778b13f2-c15f-477c-b94a-493347511055-1.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\778b13f2-c15f-477c-b94a-493347511055-1 =>PUP.CrossRider^
C:\Windows\Tasks\778b13f2-c15f-477c-b94a-493347511055-2.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\778b13f2-c15f-477c-b94a-493347511055-2 =>PUP.CrossRider^
C:\Windows\Tasks\778b13f2-c15f-477c-b94a-493347511055-4.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\778b13f2-c15f-477c-b94a-493347511055-4 =>PUP.CrossRider^
C:\Windows\Tasks\778b13f2-c15f-477c-b94a-493347511055-5.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\778b13f2-c15f-477c-b94a-493347511055-5 =>PUP.CrossRider^
C:\Windows\Tasks\RegClean Pro_DEFAULT.job =>Rogue.RegistryPowerCleaner^
C:\Windows\System32\Tasks\RegClean Pro_DEFAULT =>Rogue.RegistryPowerCleaner^
C:\Windows\Tasks\RegClean Pro_UPDATES.job =>Rogue.RegistryPowerCleaner^
C:\Windows\System32\Tasks\RegClean Pro_UPDATES =>Rogue.RegistryPowerCleaner^
C:\Windows\Tasks\Speedial.job =>Hijacker.iHaveNet^
C:\Windows\System32\Tasks\Speedial =>Adware.SearchYa^
C:\Windows\Tasks\SpeedUpMyPC.job =>PUP.SpeedUpMyPC^
C:\Windows\System32\Tasks\SpeedUpMyPC =>PUP.SpeedUpMyPC^
[HKCU\Software\BabSolution] =>Hijacker.BabSolution^
[HKCU\Software\Conduit] =>Toolbar.Conduit^
[HKCU\Software\Linkey] =>PUP.LinkeySearch^
[HKCU\Software\Rock Turner] =>PUP.RockTurner^
[HKCU\Software\SystemK] =>PUP.SystemK^
[HKCU\Software\mysearchdial] =>Adware.MyWebSearch^
[HKCU\Software\speedial] =>Adware.SearchYa^
[HKLM\Software\Supra Savings] =>PUP.SupraSavings^
[HKLM\Software\SupraSavings ] =>PUP.SupraSavings^
[HKLM\Software\Wow6432Node\Rock Turner] =>PUP.RockTurner^
[HKLM\Software\Wow6432Node\SupDp] =>PUP.SupTab^
[HKLM\Software\Wow6432Node\SupraSavings] =>PUP.SupraSavings^
[HKLM\Software\Wow6432Node\SystemK] =>PUP.SystemK^
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager^
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab^
[HKLM\Software\suprasavings] =>PUP.SupraSavings^
C:\Windows\Installer\286d064.msi =>Toolbar.Avira^
[HKCR\CLSID\{11111111-1111-1111-1111-110311121157}] (Plus-HD-1.3) =>Adware.PlusHD^
[HKCR\CLSID\{22222222-2222-2222-2222-220322122257}] (CrossriderApp0031257.Sandbox) =>PUP.CrossRider^
[HKCR\CLSID\{22222222-2222-2222-2222-220522132282}] (CrossriderApp0051382.Sandbox) =>PUP.CrossRider^
[HKCR\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1}] (SystemK Module) =>PUP.SystemK^
C:\Users\Audrey\AppData\Local\Temp\uninst1.exe =>PUP.Babylon
C:\Users\Audrey\AppData\Local\Temp\nse5AC8.exe =>Toolbar.Conduit
C:\Users\Audrey\AppData\Local\Temp\nsl1F16.exe =>Toolbar.Conduit
C:\Users\Audrey\AppData\Local\Temp\nspDA4B.exe =>Toolbar.Conduit
C:\Users\Audrey\AppData\Local\Temp\nsv1C95.exe =>Toolbar.Conduit
C:\Users\Audrey\AppData\Local\Temp\nsv5CAE.exe =>Toolbar.Conduit
C:\Users\Audrey\AppData\Local\Temp\SPSetup.exe =>Toolbar.Conduit
~ Additionnel Scan: 287822 Items scanned in 00mn 50s
---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects de navigateur (O2)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer Toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ http://nicolascoolman.fr/o50-image-file-execution-options-zhpdiag/ =>.Image File Execution Options (IFEO) (O50)
~ AMI: 5 Legitimates Filtered in 00mn 00s
---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.fr/pup-advancedsystemprotector =>PUP.AdvancedSystemProtector
http://nicolascoolman.fr/pup-rockturner =>PUP.RockTurner
http://nicolascoolman.fr/toolbar-conduit =>Toolbar.Conduit
http://nicolascoolman.fr/hijacker-browsers =>Hijacker.Browsers
http://nicolascoolman.fr/adware-mywebsearch =>Adware.MyWebSearch
http://nicolascoolman.fr/adware-searchya =>Adware.SearchYa
http://nicolascoolman.fr/pup-systemk =>PUP.SystemK
http://nicolascoolman.fr/hijacker-omigaplus =>Hijacker.OmigaPlus
http://nicolascoolman.fr/adware-shoppingreport =>Adware.ShoppingReport
http://nicolascoolman.fr/pup-crossrider =>PUP.CrossRider
http://nicolascoolman.fr/pup-suptab =>PUP.SupTab
http://nicolascoolman.fr/pup-mypcbackup =>PUP.MyPCBackup
http://nicolascoolman.fr/pup-mobogenie =>PUP.Mobogenie
http://nicolascoolman.fr/pup-searchprotect =>PUP.SearchProtect
http://nicolascoolman.fr/trojan-sprotector =>Trojan.SProtector
http://nicolascoolman.fr/pup-adpeak =>PUP.AdPeak
http://nicolascoolman.fr/pup-suprasavings =>PUP.SupraSavings
http://nicolascoolman.fr/rogue-registrypowercleaner =>Rogue.RegistryPowerCleaner
http://nicolascoolman.fr/hijacker-ihavenet =>Hijacker.iHaveNet
http://nicolascoolman.fr/pup-linkidoo =>PUP.LinkiDoo
http://nicolascoolman.fr/adware-plushd =>Adware.PlusHD
http://nicolascoolman.fr/pup-1clickdownloader =>PUP.1ClickDownloader
http://nicolascoolman.fr/hijacker-babsolution =>Hijacker.BabSolution
http://nicolascoolman.fr/adware-installcore =>Adware.InstallCore
http://nicolascoolman.fr/adware-vidsaver =>Adware.VidSaver
http://nicolascoolman.fr/pup-linkeysearch =>PUP.LinkeySearch
http://nicolascoolman.fr/adware-imbooster =>Adware.IMBooster
http://nicolascoolman.fr/pup-wpmanager =>PUP.WpManager
http://nicolascoolman.fr/pup-esafesecurity =>PUP.eSafeSecurity
http://nicolascoolman.fr/pup-babylon =>PUP.Babylon
http://nicolascoolman.fr/toolbar-deltasearch =>Toolbar.DeltaSearch
http://nicolascoolman.fr/adware-opencandy =>Adware.OpenCandy
http://nicolascoolman.fr/pup-softwareengine =>PUP.SoftwareEngine
http://nicolascoolman.fr/pup-wiseenhance =>PUP.WiseEnhance
http://nicolascoolman.fr/pup-bitguard =>PUP.BitGuard
http://nicolascoolman.fr/hijacker-eazel =>Hijacker.Eazel
http://nicolascoolman.fr/pup-browsersafeguard =>PUP.BrowserSafeguard
http://nicolascoolman.fr/trojan-staser =>Trojan.Staser
http://nicolascoolman.fr/pup-jumpflip =>PUP.JumpFlip
http://nicolascoolman.fr/spyware-protectedsearch =>Spyware.ProtectedSearch
http://nicolascoolman.fr/adware-searchsettings =>Adware.SearchSettings
http://nicolascoolman.fr/hijacker-smartbar =>Hijacker.SmartBar
http://nicolascoolman.fr/trojan-vonteera =>Trojan.Vonteera
http://nicolascoolman.fr/pup-tubedimmer =>PUP.TubeDimmer
http://nicolascoolman.fr/pup-aartemis =>PUP.AArtemis
http://nicolascoolman.fr/hijacker-dalesearch =>Hijacker.Dalesearch
http://nicolascoolman.fr/pup-eorezo =>PUP.Eorezo
http://nicolascoolman.fr/toolbar-ask =>Toolbar.Ask
http://nicolascoolman.fr/pup-jfilemanager =>PUP.JFileManager
http://nicolascoolman.fr/pup-v9software =>PUP.V9Software
http://nicolascoolman.fr/pup-funmoods =>PUP.Funmoods
http://nicolascoolman.fr/pup-elex =>PUP.Elex
http://nicolascoolman.fr/adware-bandoo =>Adware.Bandoo
http://nicolascoolman.fr/adware-similarsites =>Adware.SimilarSites
~ MSI: 54 link(s) detected in 00mn 00s
~ 885 Legitimates filtered by white list
End of the scan (924 lines in 02mn 58s)(0)