cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Script ZHPFix
[MD5.914DD3E29EA44E15BAAFE3D7EB3ACDE6] - (.Corporate Inc - Pricora 12.0 exe.) -- C:\Program Files (x86)\Pricora 12.0\Pricora 12.0-nova.exe [589824] [PID.2280] =>Adware.Pricora
G0 - GCSP: Preference [User Data\Default][HomePage] http://www.trovi.com =>Hijacker.TroviCom
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Store v.0.2 (Activ�)
G2 - GCE: Preference [User Data\Default] [booedmolknjekdopkepjjeckmjkdpfgl] Extutil v.0.1 (Activ�) =>PUP.Manager
G2 - GCE: Preference [User Data\Default] [flpcjncodpafbgdpnkljologafpionhb] Managera v.0.1 (Activ�) =>PUP.Manager
G2 - GCE: Preference [User Data\Default] [gfnkhcooecjmgnbcigmnhealjobfoapd] Pricora 12.0 v.1.26.6, (D�sactiv�) =>Adware.Pricora
G2 - GCE: Preference [User Data\Default] [jciglgneppjfgjnjdooppgbiefagdfpc] Media View v.1.1 (D�sactiv�) =>PUP.MediaViewer
G2 - EXT: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfnkhcooecjmgnbcigmnhealjobfoapd [Pricora 12.0] =>Adware.Pricora
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com =>Hijacker.TroviCom
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:13828 =>Hijacker.Proxy
O2 - BHO: WebexpEnhancedV1alpha828 [64Bits] - {066808d3-3b9c-4b35-8657-2d344aadc219} Orphan key =>PUP.WebexpEnhanced
O2 - BHO: CrossriderApp0054618 [64Bits] - {11111111-1111-1111-1111-110511461118} Orphan key =>PUP.CrossRider
O2 - BHO: CrossriderApp0058173 [64Bits] - {11111111-1111-1111-1111-110511811173} . (.Corporate Inc - Pricora 12.0 BHO.) -- C:\Program Files (x86)\Pricora 12.0\Pricora 12.0-bho.dll =>PUP.CrossRider
O2 - BHO: MediaViewV1alpha8509 [64Bits] - {50ef2a11-cb5b-47ad-969f-239873093ca6} . (...) -- C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha8509\ie\MediaViewV1alpha8509.dll (.not file.) =>PUP.MediaViewer
O2 - BHO: AmiExt IE plugin [64Bits] - {5A60B6BB-FA81-4EFA-AB9C-A820E2143736} Orphan key =>Adware.FlashEnhancer
O2 - BHO: LyricsContainer [64Bits] - {77e880b5-cae7-4928-8507-ec2e5007e73e} Orphan key =>Adware.AddLyrics
O4 - GS\Desktop [UpdatusUser]: Free Mahjong Games.lnk . (...) -- C:\Users\Admin\AppData\Local\WebPlayer\Free Mahjong Games\WebPlayer.exe (.not file.) =>Adware.SocialSkinz
O4 - GS\Desktop [UpdatusUser]: Online Weather.lnk . (...) -- C:\Users\Admin\AppData\Local\WebPlayer\Online Weather\WebPlayer.exe (.not file.) =>Adware.SocialSkinz
O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no
O23 - Service: RrFilterService64 (RrFilterService64) . (...) - c:\Program Files\RrFilter\RrFilterService64.exe =>PUP.SupraSavings
O23 - Service: SupraSavingsService64 (SupraSavingsService64) . (...) - C:\Program Files (x86)\898DEBAE-54F2-4102-AE1C-A02B2223833C\SupraSavingsService64.exe =>PUP.SupraSavings
O23 - Service: Update sizlsearch (Update sizlsearch) . (...) - C:\Program Files (x86)\sizlsearch\updatesizlsearch.exe (.not file.) =>PUP.SizlSearch
O23 - Service: vxlsnyaiet64 (vxlsnyaiet64) . (...) - C:\Program Files\003\vxlsnyaiet64.exe =>PUP.AdPeak
O23 - Service: yewimmxqbs64 (yewimmxqbs64) . (...) - C:\Program Files\002\yewimmxqbs64.exe =>PUP.AdPeak
[MD5.00000000000000000000000000000000] [APT] [couponsupport-S-649636217] (...) -- c:\support\couponsupport.exe (.not file.) [0]
[MD5.8834CD0757268CCB44FA32DA4582D18A] [APT] [fec3efde-451b-433b-805b-d4e7bfd155d6-1] (.Corporate Inc.) -- C:\Program Files (x86)\Pricora 12.0\Pricora 12.0-codedownloader.exe [508416] =>Adware.Pricora
[MD5.44C69D224C39F97188E8B4DBB2894307] [APT] [fec3efde-451b-433b-805b-d4e7bfd155d6-2] (.Corporate Inc.) -- C:\Program Files (x86)\Pricora 12.0\fec3efde-451b-433b-805b-d4e7bfd155d6-2.exe [360960] =>Adware.Pricora
[MD5.25D5CCBC3B90D2F1B027D231A135DB19] [APT] [fec3efde-451b-433b-805b-d4e7bfd155d6-3] (.Corporate Inc.) -- C:\Program Files (x86)\Pricora 12.0\fec3efde-451b-433b-805b-d4e7bfd155d6-3.exe [1896448] =>Adware.Pricora
[MD5.816AFDDDE902A5644EC42B9021DD5C55] [APT] [fec3efde-451b-433b-805b-d4e7bfd155d6-4] (.Corporate Inc.) -- C:\Program Files (x86)\Pricora 12.0\fec3efde-451b-433b-805b-d4e7bfd155d6-4.exe [834048] =>Adware.Pricora
[MD5.9FC63DF1B9E75277092F630457942A11] [APT] [fec3efde-451b-433b-805b-d4e7bfd155d6-5] (.Corporate Inc.) -- C:\Program Files (x86)\Pricora 12.0\fec3efde-451b-433b-805b-d4e7bfd155d6-5.exe [457216] =>Adware.Pricora
[MD5.8834CD0757268CCB44FA32DA4582D18A] [APT] [fec3efde-451b-433b-805b-d4e7bfd155d6-6] (.Corporate Inc.) -- C:\Program Files (x86)\Pricora 12.0\Pricora 12.0-novainstaller.exe [508416] =>Adware.Pricora
[MD5.914DD3E29EA44E15BAAFE3D7EB3ACDE6] [APT] [fec3efde-451b-433b-805b-d4e7bfd155d6-7] (.Corporate Inc.) -- C:\Program Files (x86)\Pricora 12.0\Pricora 12.0-nova.exe [589824] =>Adware.Pricora
[MD5.00000000000000000000000000000000] [APT] [FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl] (...) -- C:\Users\Admin\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl\MinibarChrome.exe (.not file.) [0] =>PUP.Minibar
[MD5.D7EA62FFD7DE85440D4A843DB6854368] [APT] [TaskUserUpdate_wp] (...) -- C:\Users\Admin\AppData\Roaming\~kdgjlln.exe [492208]
[MD5.AF41E43D2D93D702E00FF126EA2445CE] [APT] [G2MUpdateTask-S-1-5-21-360417949-1793152847-187633173-1000] (.Citrix Online, a division of Citrix Systems.) -- C:\Users\Admin\AppData\Local\Citrix\GoToMeeting\1468\g2mupdate.exe [40304]
[MD5.5D40396F076D9751150E975EE90DB1BE] [APT] [{5F2700F5-44C1-47E4-A59D-6E454F24DCA7}] (...) -- C:\Users\Admin\Documents\Downloads\Programs\VobSub_2.23_2.exe [734160]
[MD5.4E8E2064279440DC2462C90BD9E9C780] [APT] [{E338CBB9-4E12-47FC-906D-AF1D4005D31D}] (...) -- C:\Users\Admin\Downloads\Readiris pro v11 Corporate Edition\Readiris Pro 11.exe [148663400]
[MD5.106A835404373F15295C059FFBBC8BAC] [SPRF][25/06/2012] (.Adobe Systems, Inc. - ImageReady Droplet.) -- C:\Users\Admin\Desktop\Faire JPEG (qualit� 60).exe [107835]
O39 - APT: couponsupport-S-649636217 - (...) -- C:\Windows\Tasks\couponsupport-S-649636217.job [356]
O39 - APT: fec3efde-451b-433b-805b-d4e7bfd155d6-1 - (.Corporate Inc.) -- C:\Windows\Tasks\fec3efde-451b-433b-805b-d4e7bfd155d6-1.job [1402] =>PUP.CrossRider
O39 - APT: fec3efde-451b-433b-805b-d4e7bfd155d6-1 - (.Corporate Inc.) -- C:\Windows\System32\Tasks\fec3efde-451b-433b-805b-d4e7bfd155d6-1 [1402] =>PUP.CrossRider
O39 - APT: fec3efde-451b-433b-805b-d4e7bfd155d6-2 - (.Corporate Inc.) -- C:\Windows\Tasks\fec3efde-451b-433b-805b-d4e7bfd155d6-2.job [1360] =>PUP.CrossRider
O39 - APT: fec3efde-451b-433b-805b-d4e7bfd155d6-2 - (.Corporate Inc.) -- C:\Windows\System32\Tasks\fec3efde-451b-433b-805b-d4e7bfd155d6-2 [1360] =>PUP.CrossRider
O39 - APT: fec3efde-451b-433b-805b-d4e7bfd155d6-3 - (.Corporate Inc.) -- C:\Windows\Tasks\fec3efde-451b-433b-805b-d4e7bfd155d6-3.job [3454] =>PUP.CrossRider
O39 - APT: fec3efde-451b-433b-805b-d4e7bfd155d6-3 - (.Corporate Inc.) -- C:\Windows\System32\Tasks\fec3efde-451b-433b-805b-d4e7bfd155d6-3 [3454] =>PUP.CrossRider
O39 - APT: fec3efde-451b-433b-805b-d4e7bfd155d6-4 - (.Corporate Inc.) -- C:\Windows\Tasks\fec3efde-451b-433b-805b-d4e7bfd155d6-4.job [2198] =>PUP.CrossRider
O39 - APT: fec3efde-451b-433b-805b-d4e7bfd155d6-4 - (.Corporate Inc.) -- C:\Windows\System32\Tasks\fec3efde-451b-433b-805b-d4e7bfd155d6-4 [2198] =>PUP.CrossRider
O39 - APT: fec3efde-451b-433b-805b-d4e7bfd155d6-5 - (.Corporate Inc.) -- C:\Windows\Tasks\fec3efde-451b-433b-805b-d4e7bfd155d6-5.job [1486] =>PUP.CrossRider
O39 - APT: fec3efde-451b-433b-805b-d4e7bfd155d6-5 - (.Corporate Inc.) -- C:\Windows\System32\Tasks\fec3efde-451b-433b-805b-d4e7bfd155d6-5 [1486] =>PUP.CrossRider
O39 - APT: fec3efde-451b-433b-805b-d4e7bfd155d6-6 - (.Corporate Inc.) -- C:\Windows\Tasks\fec3efde-451b-433b-805b-d4e7bfd155d6-6.job [1410] =>PUP.CrossRider
O39 - APT: fec3efde-451b-433b-805b-d4e7bfd155d6-6 - (.Corporate Inc.) -- C:\Windows\System32\Tasks\fec3efde-451b-433b-805b-d4e7bfd155d6-6 [1410] =>PUP.CrossRider
O39 - APT: fec3efde-451b-433b-805b-d4e7bfd155d6-7 - (.Corporate Inc.) -- C:\Windows\Tasks\fec3efde-451b-433b-805b-d4e7bfd155d6-7.job [1348] =>PUP.CrossRider
O39 - APT: fec3efde-451b-433b-805b-d4e7bfd155d6-7 - (.Corporate Inc.) -- C:\Windows\System32\Tasks\fec3efde-451b-433b-805b-d4e7bfd155d6-7 [1348] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\LookForWord Update.job [416] =>Adware.Adware.AddLyrics
O39 - APT: - (..) -- C:\Windows\Tasks\LookForWord_wd.job [418] =>Adware.Adware.AddLyrics
O39 - APT: - (..) -- C:\Windows\Tasks\OpenCandyHelperA3369ABF24C74D15A38B790CA040CBD7.job [704] =>Adware.OpenCandy
O39 - APT: - (..) -- C:\Windows\System32\Tasks\OpenCandyHelperA3369ABF24C74D15A38B790CA040CBD7 [704] =>Adware.OpenCandy
O39 - APT: - (..) -- C:\Windows\Tasks\OpenCandyHelperRun78F18283478540AEAB6EBA45DBDF37AA.job [704] =>Adware.OpenCandy
O39 - APT: - (..) -- C:\Windows\System32\Tasks\OpenCandyHelperRun78F18283478540AEAB6EBA45DBDF37AA [704] =>Adware.OpenCandy
O39 - APT: G2MUpdateTask-S-1-5-21-360417949-1793152847-187633173-1000 - (.Citrix Online, a division of Citrix Systems.) -- C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-360417949-1793152847-187633173-1000.job [562]
O39 - APT: G2MUpdateTask-S-1-5-21-360417949-1793152847-187633173-1000 - (.Citrix Online, a division of Citrix Systems.) -- C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-360417949-1793152847-187633173-1000 [562]
O41 - Driver: ({0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw64.sys =>PUP.LinkiDoo
O41 - Driver: ({0782648b-1717-4fef-ac58-8cb3ce03adb3}w64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}w64.sys =>PUP.LinkiDoo
O42 - Logiciel: LookForWord - (.LookForWord software.) [HKLM][64Bits] -- d1ccf305-8959-4b14-aa3e-dcc00369f13c =>Adware.Adware.AddLyrics
O42 - Logiciel: Media View - (.Media View.) [HKLM][64Bits] -- MediaViewV1alpha8509 =>PUP.MediaViewer
O42 - Logiciel: Pricora 12.0 - (.Corporate Inc.) [HKLM][64Bits] -- Pricora 12.0 =>Adware.Pricora
O42 - Logiciel: EvJO Photo-Image Resizer v2.5 - (.EvJOSoft.com.) [HKLM][64Bits] -- EvJO Photo-Image Resizer_is1
O42 - Logiciel: FXOrder2Go - (...) [HKLM][64Bits] -- FXOrder2Go
O42 - Logiciel: Getfiles Download App - (.Getfiles.) [HKLM][64Bits] -- Getfiles Download App
O42 - Logiciel: NetPanel - (.Gemius SA..) [HKLM][64Bits] -- NetPanel
O42 - Logiciel: SimpleTV 0.4.6 r - (.SergeyVS.) [HKLM][64Bits] -- {290A2821-B1F8-4565-B49A-25F349A5B5CB}_is1
O43 - CFD: 26/06/2013 - 19:48:32 - [] ----D C:\Program Files (x86)\ChrisTV Online
O43 - CFD: 15/06/2014 - 15:18:25 - [] ----D C:\Program Files (x86)\CopySafe PDF Reader
O43 - CFD: 26/07/2014 - 13:24:57 - [] ----D C:\Program Files (x86)\Getfiles Download App
O43 - CFD: 29/01/2013 - 10:36:28 - [] RSHAD C:\Program Files (x86)\Golden Filter Premium
O43 - CFD: 25/05/2014 - 14:57:48 - [0] ----D C:\Program Files (x86)\OneFloorApp
O43 - CFD: 03/11/2013 - 20:24:12 - [] ----D C:\ProgramData\Gecko Software
O43 - CFD: 13/03/2013 - 10:15:12 - [] ----D C:\ProgramData\NetPanel
O43 - CFD: 03/11/2013 - 20:02:23 - [] ----D C:\ProgramData\TS Suppor
O43 - CFD: 27/01/2013 - 23:10:32 - [] ----D C:\Users\Admin\AppData\Roaming\oald8
O43 - CFD: 14/01/2013 - 11:44:11 - [] ----D C:\Users\Admin\AppData\Local\Hippo Studios
O43 - CFD: 27/01/2013 - 23:10:30 - [] ----D C:\Users\Admin\AppData\Local\oald8
O43 - CFD: 11/05/2014 - 00:15:09 - [] ----D C:\Users\Admin\AppData\Local\TB
O44 - LFC:[MD5.FCFE9D58BA07A93CB8B3DB3A3EECB73F] - 17/07/2014 - 11:19:58 ---A- . (.MetaQuotes Software Corp. - MetaViewer.) -- C:\Windows\System32\MetaViewer64.dll [4007128]
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)

HKCU\Software\124]
[HKCU\Software\AppDataLow\Software\Getfiles Download App]
[HKCU\Software\Cheese]
[HKCU\Software\ChrisTV Online]
[HKCU\Software\NetPanel]
[HKCU\Software\Paper]
[HKCU\Software\SimpleTV by SergeyVS#3]
[HKCU\Software\TS Support]
[HKCU\Software\TeachingDriving]
[HKCU\Software\npvr]
[HKLM\Software\898DEBAE-54F2-4102-AE1C-A02B2223833C]
[HKLM\Software\Wow6432Node\NPVR]
HKLM\Software\Wow6432Node\Teaching Driving Ltd]

[HKCU\Software\AmiExt] =>Adware.FlashEnhancer
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKCU\Software\AppDataLow\Software\LookForWord] =>Adware.Adware.AddLyrics
[HKCU\Software\AppDataLow\Software\LyricsTube] =>Adware.AddLyrics
[HKCU\Software\AppDataLow\Software\Pricora 12.0] =>Adware.Pricora
[HKCU\Software\AppDataLow\Software\suprasavings] =>PUP.SupraSavings
[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}]
[HKCU\Software\Deeal] =>PUP.DeealFr
[HKCU\Software\InstalledBrowserExtensions] =>Adware.VidSaver
[HKCU\Software\SearchProtectINT] =>PUP.SearchProtect
[HKLM\Software\InstalledBrowserExtensions] =>Adware.VidSaver
[HKLM\Software\LevelQualityWatcher] =>PUP.LevelQualityWatcher
[HKLM\Software\RrFilter] =>PUP.SupraSavings
[HKLM\Software\Supra Savings] =>PUP.SupraSavings
[HKLM\Software\SupraSavings ] =>PUP.SupraSavings
[HKLM\Software\Wow6432Node\AmiExt] =>Adware.FlashEnhancer
[HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>Adware.VidSaver
[HKLM\Software\Wow6432Node\RrFilter] =>PUP.SupraSavings
[HKLM\Software\Wow6432Node\SupraSavings] =>PUP.SupraSavings
[HKLM\Software\Wow6432Node\Webexp Enhanced] =>PUP.WebexpEnhanced
[HKLM\Software\Wow6432Node\WebexpEnhancedV1] =>PUP.WebexpEnhanced
[HKLM\Software\Wow6432Node\flash-Enhancer] =>Adware.FlashEnhancer
[HKLM\Software\rrsavings] =>PUP.SupraSavings
[HKLM\Software\suprasavings] =>PUP.SupraSavings
O43 - CFD: 26/07/2014 - 13:36:10 - [] ----D C:\Program Files (x86)\LyricsContainer-soft =>Adware.AddLyrics
O43 - CFD: 11/05/2014 - 10:58:20 - [] ----D C:\Program Files (x86)\MyPC Backup =>PUP.MyPCBackup
O43 - CFD: 17/06/2014 - 12:24:04 - [] ----D C:\Program Files (x86)\Pricora 12.0 =>Adware.Pricora
O43 - CFD: 11/05/2014 - 00:47:35 - [0] ----D C:\Program Files (x86)\ShoppingChip =>Adware.ShoppingChip
O43 - CFD: 24/05/2014 - 23:41:56 - [0] ----D C:\Users\Admin\AppData\Roaming\Nosibay =>PUP.BubbleDock
O43 - CFD: 25/07/2014 - 16:41:15 - [] ----D C:\Users\Admin\AppData\Roaming\wp_update =>PUP.WpManager
O43 - CFD: 16/06/2014 - 22:18:32 - [] ----D C:\Program Files (x86)\Candleworks
O43 - CFD: 19/11/2013 - 19:27:45 - [] ----D C:\Program Files (x86)\PSupport
McAfee Security Scan Plus v3.8.150.1
G2 - GCE: Preference [User Data\Default] [bopakagnckmlgajfccecajhnimjiiedh] McAfee Security Scan+ v.3.8.141.12 (D�sactiv�)
G2 - EXT: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [McAfee Security Scan+]
O2 - BHO: MSS+ Identifier [64Bits] - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} . (.McAfee, Inc. - Quick Browser Identifier for MSS+ Tool.) -- C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
O23 - Service: NPVR Recording Service (NPVR Recording Service) . (...) - C:\Program Files (x86)\NPVR\NRecord.exe (.not file.)
[MD5.9EB925EDC8CF1C3D06E50E9348B54A0A] [APT] [FacebookUpdateTaskUserS-1-5-21-360417949-1793152847-187633173-1000Core] (.Facebook Inc..) -- C:\Users\Admin\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096]
[MD5.9EB925EDC8CF1C3D06E50E9348B54A0A] [APT] [FacebookUpdateTaskUserS-1-5-21-360417949-1793152847-187633173-1000UA] (.Facebook Inc..) -- C:\Users\Admin\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096]
[MD5.00000000000000000000000000000000] [APT] [{07ACD641-C71A-40DE-898F-296EB0EFAC21}] (...) -- I:\AurInst\Setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{0A638AEE-7FB5-4835-9F4C-60870E80F553}] (...) -- F:\HolyQuran2004Cd1\HolyQuran2004Cd1.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{0F86ABA9-E83A-4981-A6F1-93A7343DCCBC}] (...) -- C:\Users\Admin\Documents\Downloads\Programs\VobSub_2.23.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{4C262AE3-4852-45B0-AEBA-B7BE5E422739}] (...) -- F:\INSTALL\_SETUP.exe (.not file.) [0]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-360417949-1793152847-187633173-1000Core - (.Facebook Inc..) -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-360417949-1793152847-187633173-1000Core.job [1074]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-360417949-1793152847-187633173-1000Core - (.Facebook Inc..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-360417949-1793152847-187633173-1000Core [1074]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-360417949-1793152847-187633173-1000UA - (.Facebook Inc..) -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-360417949-1793152847-187633173-1000UA.job [1096]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-360417949-1793152847-187633173-1000UA - (.Facebook Inc..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-360417949-1793152847-187633173-1000UA [1096]
O42 - Logiciel: McAfee Security Scan Plus - (.McAfee, Inc..) [HKLM][64Bits] -- McAfee Security Scan
[HKCU\Software\Systweak]
[HKLM\Software\Wow6432Node\Systweak]
O43 - CFD: 02/07/2014 - 19:09:03 - [] ----D C:\ProgramData\McAfee Security Scan
O43 - CFD: 03/11/2013 - 20:26:26 - [0] ----D C:\ProgramData\TNT-HF
O43 - CFD: 25/05/2014 - 14:58:42 - [] ----D C:\Users\Admin\AppData\Roaming\Systweak
O43 - CFD: 10/06/2014 - 13:50:24 - [0] ----D C:\Users\Admin\AppData\Local\PackageAware
O43 - CFD: 12/06/2014 - 21:38:30 - [0] ----D C:\Users\Admin\AppData\Local\TS Support
SS - | Demand 09/04/2014 289256 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
SS - | Demand 10/07/1658 0 | (WinRing0_1_2_0) . (...) - C:\Users\Admin\AppData\Local\Temp\tmp95E0.tmp

O58 - SDL:24/04/2014 - 11:36:02 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw64.sys [61120] =>PUP.LinkiDoo
O58 - SDL:24/04/2014 - 11:26:30 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}w64.sys [61120] =>PUP.LinkiDoo
O64 - Services: CurCS - 24/04/2014 - C:\Windows\System32\drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw64.sys ({0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw64) .(.StdLib - StdLib.) - LEGACY_{0782648B-1717-4FEF-AC58-8CB3CE03ADB3}GW64 =>PUP.LinkiDoo
O64 - Services: CurCS - 24/04/2014 - C:\Windows\System32\drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}w64.sys ({0782648b-1717-4fef-ac58-8cb3ce03adb3}w64) .(.StdLib - StdLib.) - LEGACY_{0782648B-1717-4FEF-AC58-8CB3CE03ADB3}W64 =>PUP.LinkiDoo
[MD5.D7EA62FFD7DE85440D4A843DB6854368] [SPRF][06/12/2013] (.No owner - wp_update scheduler.) -- C:\Users\Admin\AppData\Roaming\~kdgjlln.exe [492208] =>PUP.WpManager
[MD5.D5C247CB9CE88C4A3F857CA98B08843F] [WIS][10/05/2014] (.RrFilter - RrFilter.) -- C:\Windows\Installer\3907e3.msi [1355776] =>PUP.SupraSavings
[MD5.591FC87958AC32BAA3A2AB436E2255AE] [WIS][10/05/2014] (.Linkury Inc. - Yahoo Community Smartbar (by Linkury).) -- C:\Windows\Installer\c8513.msi [9535488] =>Hijacker.SmartBar
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32 =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\InstTracker_RASAPI32 =>Adware.PredictAd
HKLM\SOFTWARE\Microsoft\Tracing\InstTracker_RASMANCS =>Adware.PredictAd
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\addlyrics1050_RASAPI32 =>Adware.AddLyrics
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\addlyrics1050_RASMANCS =>Adware.AddLyrics
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32 =>PUP.AdvancedSystemProtector
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS =>PUP.AdvancedSystemProtector
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BabMaint_RASAPI32 =>Hijacker.BabSolution
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BabMaint_RASMANCS =>Hijacker.BabSolution
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bubble Dock BSetup_RASAPI32 =>PUP.BubbleDock
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bubble Dock BSetup_RASMANCS =>PUP.BubbleDock
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bubble Dock Update_RASAPI32 =>PUP.BubbleDock
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bubble Dock Update_RASMANCS =>PUP.BubbleDock
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bubble Dock_RASAPI32 =>PUP.BubbleDock
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bubble Dock_RASMANCS =>PUP.BubbleDock
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ConstaSurf_RASAPI32 =>PUP.ConstaSurf
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ConstaSurf_RASMANCS =>PUP.ConstaSurf
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ConstaSurf_Setup_RASAPI32 =>PUP.ConstaSurf
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ConstaSurf_Setup_RASMANCS =>PUP.ConstaSurf
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\deeal_RASAPI32 =>PUP.DeealFr
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\deeal_RASMANCS =>PUP.DeealFr
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Deeal_uk 0_RASAPI32 =>PUP.DeealFr
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Deeal_uk 0_RASMANCS =>PUP.DeealFr
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ExpressFiles_RASAPI32 =>Adware.ExpressFiles
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ExpressFiles_RASMANCS =>Adware.ExpressFiles
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\HQ-Video-Pro-1_RASAPI32 =>PUP.CrossRider
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\HQ-Video-Pro-1_RASMANCS =>PUP.CrossRider
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\IminentSetup_2509-9f33b5cf_RASAPI32 =>Adware.IMBooster
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\IminentSetup_2509-9f33b5cf_RASMANCS =>Adware.IMBooster
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\IminentUninstall_RASAPI32 =>Adware.IMBooster
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\IminentUninstall_RASMANCS =>Adware.IMBooster
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LatestDLMgr_RASAPI32 =>Adware.OpenCandy
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LatestDLMgr_RASMANCS =>Adware.OpenCandy
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASAPI32 =>Adware.Bloson
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASMANCS =>Adware.Bloson
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Mysearchdial_0506-d4dbdd2b_RASAPI32 =>Adware.MyWebSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Mysearchdial_0506-d4dbdd2b_RASMANCS =>Adware.MyWebSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MYSEAR~1_RASAPI32 =>Adware.MyWebSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MYSEAR~1_RASMANCS =>Adware.MyWebSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\OptimizerPro_RASAPI32 =>PUP.OptimizerPro
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\OptimizerPro_RASMANCS =>PUP.OptimizerPro
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\OptProStart_RASAPI32 =>PUP.OptimizerPro
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\OptProStart_RASMANCS =>PUP.OptimizerPro
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Pricora 12_RASAPI32 =>Adware.Pricora
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Pricora 12_RASMANCS =>Adware.Pricora
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchProtectINT_RASAPI32 =>PUP.SearchProtect
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchProtectINT_RASMANCS =>PUP.SearchProtect
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchProtection_RASAPI32 =>PUP.SearchProtect
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchProtection_RASMANCS =>PUP.SearchProtect
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\sizlsearch_ad_RASAPI32 =>PUP.SizlSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\sizlsearch_ad_RASMANCS =>PUP.SizlSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\sizlsearch_RASAPI32 =>PUP.SizlSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\sizlsearch_RASMANCS =>PUP.SizlSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\sizlsearch_Setup_RASAPI32 =>PUP.SizlSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\sizlsearch_Setup_RASMANCS =>PUP.SizlSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\speedupmypc_RASAPI32 =>PUP.SpeedUpMyPC
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\speedupmypc_RASMANCS =>PUP.SpeedUpMyPC
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\TornTV_RASAPI32 =>Hijacker.TornTV
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\TornTV_RASMANCS =>Hijacker.TornTV
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Uninstall Bubble Dock_RASAPI32 =>PUP.BubbleDock
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Uninstall Bubble Dock_RASMANCS =>PUP.BubbleDock
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateConstaSurf_RASAPI32 =>PUP.ConstaSurf
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateConstaSurf_RASMANCS =>PUP.ConstaSurf
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatesizlsearch_RASAPI32 =>PUP.SizlSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatesizlsearch_RASMANCS =>PUP.SizlSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilConstaSurf_RASAPI32 =>PUP.ConstaSurf
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilConstaSurf_RASMANCS =>PUP.ConstaSurf
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilsizlsearch_RASAPI32 =>PUP.SizlSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilsizlsearch_RASMANCS =>PUP.SizlSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamUpdaterV2_RASAPI32 =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamUpdaterV2_RASMANCS =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wajam_2207-6c14163c_RASAPI32 =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wajam_2207-6c14163c_RASMANCS =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WBrowserProtect_RASAPI32 =>Hijacker.Eazel
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WBrowserProtect_RASMANCS =>Hijacker.Eazel
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\webcake_2205-a3f0f0d9-1944_RASAPI32 =>Adware.WebCake
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\webcake_2205-a3f0f0d9-1944_RASMANCS =>Adware.WebCake
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wp_update_RASAPI32 =>PUP.WpManager
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wp_update_RASMANCS =>PUP.WpManager
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooDesktop_RASAPI32 =>Adware.Yontoo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooDesktop_RASMANCS =>Adware.Yontoo
[HKCR\CLSID\{11111111-1111-1111-1111-110511811173}] (Pricora 12.0) =>Adware.Pricora
[HKCR\CLSID\{22222222-2222-2222-2222-220522462218}] (CrossriderApp0054618.Sandbox) =>PUP.CrossRider
[HKCR\CLSID\{22222222-2222-2222-2222-220522812273}] (CrossriderApp0058173.Sandbox) =>PUP.CrossRider
[HKCR\CLSID\{A5549017-B9A9-86FF-CF1B-73E6A23A9F8A}] (ShoppingChip) =>Adware.ShoppingChip
SS - | Auto 25/06/2014 172544 | (SupraSavingsService64) . (...) - C:\Program Files (x86)\898DEBAE-54F2-4102-AE1C-A02B2223833C\SupraSavingsService64.exe =>PUP.SupraSavings
SS - | Auto 10/07/1658 0 | (Update sizlsearch) . (...) - C:\Program Files (x86)\sizlsearch\updatesizlsearch.exe =>PUP.SizlSearch
SR - | Auto 06/03/2014 171008 | (RrFilterService64) . (...) - c:\Program Files\RrFilter\RrFilterService64.exe =>PUP.SupraSavings
SR - | Auto 23/05/2014 706560 | (vxlsnyaiet64) . (...) - C:\Program Files\003\vxlsnyaiet64.exe =>PUP.AdPeak
SR - | Auto 10/05/2014 706560 | (yewimmxqbs64) . (...) - C:\Program Files\002\yewimmxqbs64.exe =>PUP.AdPeak
SS - | Auto 10/07/1658 0 | (NPVR Recording Service) . (...) - C:\Program Files (x86)\NPVR\NRecord.exe
SR - | Auto 15/06/2014 361552 | (CSHelper) . (.ArtistScope Pty Ltd.) - C:\Program Files\Common Files\ArtistScope\CSHelper64.exe
HKLM\Software\Wow6432Node\CandleWorks]
[HKLM\Software\Google\Chrome\Extensions\booedmolknjekdopkepjjeckmjkdpfgl] =>PUP.Manager^
[HKLM\Software\Google\Chrome\Extensions\flpcjncodpafbgdpnkljologafpionhb] =>PUP.Manager^
[HKLM\Software\Google\Chrome\Extensions\gfnkhcooecjmgnbcigmnhealjobfoapd] =>Adware.Pricora^
[HKLM\Software\Google\Chrome\Extensions\jciglgneppjfgjnjdooppgbiefagdfpc] =>PUP.MediaViewer^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{066808D3-3B9C-4B35-8657-2D344AADC219}] =>PUP.WebexpEnhanced^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511461118}] =>PUP.CrossRider^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511811173}] =>PUP.CrossRider^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{50EF2A11-CB5B-47AD-969F-239873093CA6}] =>PUP.MediaViewer^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5A60B6BB-FA81-4EFA-AB9C-A820E2143736}] =>Adware.FlashEnhancer^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77E880B5-CAE7-4928-8507-EC2E5007E73E}] =>Adware.AddLyrics^
[HKLM\SYSTEM\CurrentControlSet\Services\RrFilterService64] =>PUP.SupraSavings^
[HKLM\SYSTEM\CurrentControlSet\Services\SupraSavingsService64] =>PUP.SupraSavings^
[HKLM\SYSTEM\CurrentControlSet\Services\Update sizlsearch] =>PUP.SizlSearch^
[HKLM\SYSTEM\CurrentControlSet\Services\vxlsnyaiet64] =>PUP.AdPeak^
[HKLM\SYSTEM\CurrentControlSet\Services\yewimmxqbs64] =>PUP.AdPeak^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\d1ccf305-8959-4b14-aa3e-dcc00369f13c] =>Adware.Adware.AddLyrics^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MediaViewV1alpha8509] =>PUP.MediaViewer^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pricora 12.0] =>Adware.Pricora^
[HKLM\Software\Wow6432Node\Microsoft\Tracing\speedupmypc_RASMANCS] =>PUP.SpeedUpMyPC
[HKLM\Software\Classes\SpeedUpMyPC] =>PUP.SpeedUpMyPC
[HKLM\Software\Wow6432Node\Microsoft\Tracing\speedupmypc_RASAPI32] =>PUP.SpeedUpMyPC
[HKLM\Software\Wow6432Node\Microsoft\Tracing\optimizerpro_RASMANCS] =>PUP.OptimizerPro
[HKLM\Software\Wow6432Node\Microsoft\Tracing\optimizerpro_RASAPI32] =>PUP.OptimizerPro
[HKLM\Software\Wow6432Node\Microsoft\Tracing\optprostart_RASMANCS] =>PUP.OptimizerPro
[HKLM\Software\Wow6432Node\Microsoft\Tracing\optprostart_RASAPI32] =>PUP.OptimizerPro
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider
[HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>PUP.CrossRider
[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
[HKLM\Software\Wow6432Node\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
[HKLM\Software\Classes\CrossriderApp0054618.BHO] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0054618.BHO.1] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0054618.Sandbox] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0054618.Sandbox.1] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0058173.BHO] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0058173.BHO.1] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0058173.Sandbox] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0058173.Sandbox.1] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110511461118}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110511811173}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220522462218}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220522812273}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0054618.BHO] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0054618.BHO.1] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0054618.Sandbox] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0054618.Sandbox.1] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0058173.BHO] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0058173.BHO.1] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0058173.Sandbox] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0058173.Sandbox.1] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110511811173}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220522462218}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220522812273}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511461118}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511811173}] =>PUP.CrossRider
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\booedmolknjekdopkepjjeckmjkdpfgl =>PUP.Manager^
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\flpcjncodpafbgdpnkljologafpionhb =>PUP.Manager^
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfnkhcooecjmgnbcigmnhealjobfoapd =>Adware.Pricora^
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jciglgneppjfgjnjdooppgbiefagdfpc =>PUP.MediaViewer^
C:\Program Files (x86)\LyricsContainer-soft =>Adware.AddLyrics^
C:\Program Files (x86)\MyPC Backup =>PUP.MyPCBackup^
C:\Program Files (x86)\Pricora 12.0 =>Adware.Pricora^
C:\Program Files (x86)\ShoppingChip =>Adware.ShoppingChip^
C:\Users\Admin\AppData\Roaming\Nosibay =>PUP.BubbleDock^
C:\Users\Admin\AppData\Roaming\wp_update =>PUP.WpManager^
C:\Program Files (x86)\Pricora 12.0\Pricora 12.0-nova.exe =>Adware.Pricora^
O2 - BHO: WebexpEnhancedV1alpha828 [64Bits] - {066808d3-3b9c-4b35-8657-2d344aadc219} Orphan key =>PUP.WebexpEnhanced^
O2 - BHO: CrossriderApp0054618 [64Bits] - {11111111-1111-1111-1111-110511461118} Orphan key =>PUP.CrossRider^
O2 - BHO: AmiExt IE plugin [64Bits] - {5A60B6BB-FA81-4EFA-AB9C-A820E2143736} Orphan key =>Adware.FlashEnhancer^
O2 - BHO: LyricsContainer [64Bits] - {77e880b5-cae7-4928-8507-ec2e5007e73e} Orphan key =>Adware.AddLyrics^
C:\Program Files (x86)\Pricora 12.0\Pricora 12.0-codedownloader.exe =>Adware.Pricora^
C:\Program Files (x86)\Pricora 12.0\fec3efde-451b-433b-805b-d4e7bfd155d6-2.exe =>Adware.Pricora^
C:\Program Files (x86)\Pricora 12.0\fec3efde-451b-433b-805b-d4e7bfd155d6-3.exe =>Adware.Pricora^
C:\Program Files (x86)\Pricora 12.0\fec3efde-451b-433b-805b-d4e7bfd155d6-4.exe =>Adware.Pricora^
C:\Program Files (x86)\Pricora 12.0\fec3efde-451b-433b-805b-d4e7bfd155d6-5.exe =>Adware.Pricora^
C:\Program Files (x86)\Pricora 12.0\Pricora 12.0-novainstaller.exe =>Adware.Pricora^
C:\Windows\Tasks\fec3efde-451b-433b-805b-d4e7bfd155d6-1.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\fec3efde-451b-433b-805b-d4e7bfd155d6-1 =>PUP.CrossRider^
C:\Windows\Tasks\fec3efde-451b-433b-805b-d4e7bfd155d6-2.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\fec3efde-451b-433b-805b-d4e7bfd155d6-2 =>PUP.CrossRider^
C:\Windows\Tasks\fec3efde-451b-433b-805b-d4e7bfd155d6-3.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\fec3efde-451b-433b-805b-d4e7bfd155d6-3 =>PUP.CrossRider^
C:\Windows\Tasks\fec3efde-451b-433b-805b-d4e7bfd155d6-4.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\fec3efde-451b-433b-805b-d4e7bfd155d6-4 =>PUP.CrossRider^
C:\Windows\Tasks\fec3efde-451b-433b-805b-d4e7bfd155d6-5.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\fec3efde-451b-433b-805b-d4e7bfd155d6-5 =>PUP.CrossRider^
C:\Windows\Tasks\fec3efde-451b-433b-805b-d4e7bfd155d6-6.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\fec3efde-451b-433b-805b-d4e7bfd155d6-6 =>PUP.CrossRider^
C:\Windows\Tasks\fec3efde-451b-433b-805b-d4e7bfd155d6-7.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\fec3efde-451b-433b-805b-d4e7bfd155d6-7 =>PUP.CrossRider^
C:\Windows\Tasks\LookForWord Update.job =>Adware.Adware.AddLyrics^
C:\Windows\Tasks\LookForWord_wd.job =>Adware.Adware.AddLyrics^
C:\Windows\Tasks\OpenCandyHelperA3369ABF24C74D15A38B790CA040CBD7.job =>Adware.OpenCandy^
C:\Windows\System32\Tasks\OpenCandyHelperA3369ABF24C74D15A38B790CA040CBD7 =>Adware.OpenCandy^
C:\Windows\Tasks\OpenCandyHelperRun78F18283478540AEAB6EBA45DBDF37AA.job =>Adware.OpenCandy^
C:\Windows\System32\Tasks\OpenCandyHelperRun78F18283478540AEAB6EBA45DBDF37AA =>Adware.OpenCandy^
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
[HKCU\Software\AmiExt] =>Adware.FlashEnhancer^
[HKCU\Software\AppDataLow\Software\LookForWord] =>Adware.Adware.AddLyrics^
[HKCU\Software\AppDataLow\Software\LyricsTube] =>Adware.AddLyrics^
[HKCU\Software\AppDataLow\Software\Pricora 12.0] =>Adware.Pricora^
[HKCU\Software\AppDataLow\Software\suprasavings] =>PUP.SupraSavings^
[HKCU\Software\Deeal] =>PUP.DeealFr^
[HKCU\Software\SearchProtectINT] =>PUP.SearchProtect^
[HKLM\Software\LevelQualityWatcher] =>PUP.LevelQualityWatcher^
[HKLM\Software\RrFilter] =>PUP.SupraSavings^
[HKLM\Software\Supra Savings] =>PUP.SupraSavings^
[HKLM\Software\SupraSavings ] =>PUP.SupraSavings^
[HKLM\Software\Wow6432Node\AmiExt] =>Adware.FlashEnhancer^
[HKLM\Software\Wow6432Node\RrFilter] =>PUP.SupraSavings^
[HKLM\Software\Wow6432Node\SupraSavings] =>PUP.SupraSavings^
[HKLM\Software\Wow6432Node\Webexp Enhanced] =>PUP.WebexpEnhanced^
[HKLM\Software\Wow6432Node\WebexpEnhancedV1] =>PUP.WebexpEnhanced^
[HKLM\Software\Wow6432Node\flash-Enhancer] =>Adware.FlashEnhancer^
[HKLM\Software\rrsavings] =>PUP.SupraSavings^
[HKLM\Software\suprasavings] =>PUP.SupraSavings^
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\dlLogic_RASAPI32
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\dlLogic_RASMANCS
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyDeltaTB_RASAPI32
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyDeltaTB_RASMANCS
C:\Users\Admin\AppData\Roaming\~kdgjlln.exe =>PUP.WpManager^
C:\Windows\Installer\3907e3.msi =>PUP.SupraSavings^
C:\Windows\Installer\c8513.msi =>Hijacker.SmartBar^
[HKCR\CLSID\{11111111-1111-1111-1111-110511811173}] (Pricora 12.0) =>Adware.Pricora^
[HKCR\CLSID\{22222222-2222-2222-2222-220522462218}] (CrossriderApp0054618.Sandbox) =>PUP.CrossRider^
[HKCR\CLSID\{22222222-2222-2222-2222-220522812273}] (CrossriderApp0058173.Sandbox) =>PUP.CrossRider^
[HKCR\CLSID\{A5549017-B9A9-86FF-CF1B-73E6A23A9F8A}] (ShoppingChip) =>Adware.ShoppingChip^
C:\Users\Admin\AppData\Local\Temp\FreeMahjong.exe =>Adware.MegaSearch
C:\Users\Admin\AppData\Local\Temp\OnlineWeatherSetup.exe =>Adware.MegaSearch
C:\Users\Admin\AppData\Local\Temp\UpdateCheckerSetup.exe =>Adware.MegaSearch
O43 - CFD: 11/05/2014 - 00:15:09 - [] ----D C:\Users\Admin\AppData\Local\CRE
C:\Users\Admin\AppData\Local\Temp\dlLogic.exe
C:\Users\Admin\AppData\Local\Temp\GCVerifier.dll
C:\Users\Admin\AppData\Local\Temp\nsf90C7.exe
C:\Users\Admin\AppData\Local\Temp\nsk5FD2.exe
C:\Users\Admin\AppData\Local\Temp\nsp589F.exe
C:\Users\Admin\AppData\Local\Temp\nsp8C24.exe
C:\Users\Admin\AppData\Local\Temp\nsu85DC.exe
C:\Users\Admin\AppData\Local\Temp\nsw294.exe
C:\Users\Admin\AppData\Local\Temp\nsz5C38.exe
C:\Users\Admin\AppData\Local\Temp\SearchProtectINT.exe
C:\Users\Admin\AppData\Local\Temp\sp-downloader.exe





EmptyFlash
EmptyTemp
EmptyClsid
Emptyprefetch
FirewallRaz
Proxyfix
SysRestore

Publicité


Signaler le contenu de ce document

Publicité