cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Report of ZHPDiag v2015.3.23.32 - Nicolas Coolman (23/03/2015)
~ Launched by Administrateur (26/03/2015 09:35:45)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Web forum address : http://forum.nicolascoolman.fr
~ Translated by
~ Version State : Updated version.
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Not Found


---\\ Internet browsers
MSIE: Internet Explorer v7.0.5730.13 (Defaut)
MFIE: Mozilla Firefox 33.0.2
GCIE: Google Chrome v3.0.195.27

---\\ Windows product information
~ Langage: Anglais
Windows Automatic Updates : OK
Windows Genuine Advantage : KO
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)

---\\ System protection software
Avast Free Antivirus v10.0.2208

---\\ System optimization software

---\\ Sharing software PeerToPeer

---\\ Surveillance software
Adobe Flash Player 15 Plugin
Adobe Reader 9.1 - Français
Java 7 Update 67

---\\ Information on the system
~ Processor: x86 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1954 MB (64% free)
System Restore: Activé (Enable)
System drive C: has 76 GB (77%) free of 98 GB

---\\ Connection to the system mode
~ Computer Name: SWEET-E1B6225B1
~ User Name: Administrateur
~ All Users Names: SUPPORT_388945a0, HelpAssistant, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : \ZHP\
~ %AppData% : \
~ %Desktop% : \
~ %Favorites% : \
~ %LocalAppData% : \
~ %StartMenu% : \
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 76 Go of 98 Go)
D: Hard drive, Flash drive, Thumb drive (Free 97 Go of 98 Go)
E: Hard drive, Flash drive, Thumb drive (Free 146 Go of 146 Go)
F: Hard drive, Flash drive, Thumb drive (Free 119 Go of 124 Go)
G: CD-ROM drive (Not Inserted)
H: CD-ROM drive (Not Inserted)



---\\ State of the Windows Security Center
~ Security Center: 41 Legitimates Filtered in 00mn 00s



---\\ Search Generic System Files
[MD5.BFBBBFE0913E6C9706F97598A6588B8F] - (.Microsoft Corporation - Explorateur Windows.) (.27/09/2008 - 11:24:52.) -- C:\WINDOWS\Explorer.exe [1573888]
[MD5.90B16FF3ACEC94B95BA95AA686442A47] - (.Microsoft Corporation - Internet Extensions for Win32.) (.27/09/2008 - 11:27:20.) -- C:\WINDOWS\system32\wininet.dll [879616]
[MD5.4BB6301D634C857A5089E8B24C5555E4] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.27/09/2008 - 11:27:21.) -- C:\WINDOWS\system32\Winlogon.exe [593408]
[MD5.744B88B93D2A58A1EB84C11D48CA85C8] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/07/2008 - 12:44:47.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.4B0A100EAF5C49EF3CCA8C641431EACC] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.02/05/2008 - 11:49:39.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.32ECB7D3C03532B4460E09E960A3B72E] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.30/07/2008 - 13:09:57.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [455936]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.A0857C97770034FD2AF17DC4014B5ABD] - (.Microsoft Corporation - NT File System Driver.) (.22/04/2008 - 14:45:52.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [576384]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.27/09/2008 - 11:31:20.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.27/09/2008 - 00:58:26.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.27/09/2008 - 02:58:26.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 00s



---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 0/0
~ Mes musiques (My Musics) : 0/0
~ Mes Videos (My Videos) : 0/0
~ Mes Favoris (My Favorites) : 0/0
~ Mes Documents (My Documents) : 0/0
~ Mon Bureau (My Desktop) : 0/0
~ Menu demarrer (Programs) : 0/0
~ Hidden Files: Scanned in 00mn 00s



---\\ Process running
[MD5.EF6B4B38332C4EB7B74C0A1CB7094E83] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8188928] [PID.3472]
~ Processes Running: Scanned in 00mn 00s



---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@GamingWonderland.com/Plugin] - (.Mindspark - Mindspark Toolbar Platform Plugin Stub for 32-bit Windows.) -- C:\Program Files\GamingWonderland\bar\1.bin\NPgtStub.dll =>Adware.MyWebSearch
P2 - FPN: [HKLM] [@Zwinky_5q.com/Plugin] - (...) -- C:\Program Files\Zwinky_5q\bar\1.bin\NP5qStub.dll (.not file.) =>Adware.MyClearSearch
~ Firefox Browser: 19 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.findamo.com
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (...) (No version) -- (.not file.)
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 0
~ IE Browser: 13 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
~ Proxy management: Scanned in 00mn 00s



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (20)
~ Hosts File: Scanned in 00mn 00s



---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [CNAP2 Launcher] . (.CANON INC. - Canon Advanced Printing Technology Printer.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNAP2LAK.exe =>.Canon Inc
O4 - HKLM\..\Run: [IMJPMIG8.1] . (.Microsoft Corporation - Microsoft IME.) -- C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe
O4 - HKLM\..\Run: [MSPY2002] . (...) -- C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
O4 - HKLM\..\Run: [PHIME2002ASync] . (.Microsoft Corporation - 微軟新注音輸入法 2002a.) -- C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
O4 - HKLM\..\Run: [PHIME2002A] . (.Microsoft Corporation - 微軟新注音輸入法 2002a.) -- C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [HSPALauncher] . (.No owner - HSDPALauncher MFC Application.) -- C:\Program Files\HSPA USB Modem\HSPALauncher.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] . (.Elaborate Bytes AG - Virtual CloneDrive Daemon.) -- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe =>.Elaborate Bytes AG
O4 - HKLM\..\Run: [Search Protection] C:\Documents and Settings\All Users\Application Data\Search Protection\SearchProtection.exe (.not file.) =>PUP.SearchProtect
O4 - HKLM\..\Run: [AntiWormUpdate] . (.AutoIt Team - AutoIt v3 Script.) -- C:\Google\AutoIt3.exe
O4 - HKLM\..\Run: [AntiUsbWorm] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\WINDOWS\system32\cmd.exe =>.Microsoft Corporation
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKCU\..\Run: [WinMover] C:\Program Files\WinMover\WinMover.exe (.not file.)
O4 - HKCU\..\Run: [BitComet] C:\Program Files\BitComet\BitComet.exe (.not file.) =>P2P.BitComet
O4 - HKCU\..\Run: [Torntv Downloader] C:\Program Files\TornTV.com\Torntv Downloader.exe (.not file.) =>Hijacker.TornTV
O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AntiWormUpdate] . (.AutoIt Team - AutoIt v3 Script.) -- C:\Google\AutoIt3.exe
O4 - HKCU\..\Run: [AntiUsbWorm] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\WINDOWS\system32\cmd.exe =>.Microsoft Corporation
O4 - HKUS\.DEFAULT\..\RunOnce: [JkDefrag] rundll32 advpack.dll,LaunchINFSection JKDEFRAG.INF,RunOnce,1,N
O4 - HKUS\.DEFAULT\..\RunOnce: [SweetRegistry] rundll32 advpack.dll,LaunchINFSection SweetReg.inf,PerUserStub
O4 - HKUS\S-1-5-18\..\RunOnce: [JkDefrag] rundll32 advpack.dll,LaunchINFSection JKDEFRAG.INF,RunOnce,1,N
O4 - HKUS\S-1-5-18\..\RunOnce: [SweetRegistry] rundll32 advpack.dll,LaunchINFSection SweetReg.inf,PerUserStub
O4 - HKUS\S-1-5-21-1757981266-823518204-1417001333-500\..\Run: [WinMover] C:\Program Files\WinMover\WinMover.exe (.not file.)
O4 - HKUS\S-1-5-21-1757981266-823518204-1417001333-500\..\Run: [BitComet] C:\Program Files\BitComet\BitComet.exe (.not file.) =>P2P.BitComet
O4 - HKUS\S-1-5-21-1757981266-823518204-1417001333-500\..\Run: [Torntv Downloader] C:\Program Files\TornTV.com\Torntv Downloader.exe (.not file.) =>Hijacker.TornTV
O4 - HKUS\S-1-5-21-1757981266-823518204-1417001333-500\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1757981266-823518204-1417001333-500\..\Run: [AntiWormUpdate] . (.AutoIt Team - AutoIt v3 Script.) -- C:\Google\AutoIt3.exe
O4 - HKUS\S-1-5-21-1757981266-823518204-1417001333-500\..\Run: [AntiUsbWorm] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\WINDOWS\system32\cmd.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s



---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -- Orphan key
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Orphan key
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0FAA266-3D85-4830-B979-D1A213F2BA80}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B9E5345-9EE9-4FAE-A46B-10EDBF606768}: DhcpNameServer = 192.168.2.1 192.168.2.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B9E5345-9EE9-4FAE-A46B-10EDBF606768}: DhcpDomain = univ-bouira.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{B0FAA266-3D85-4830-B979-D1A213F2BA80}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{2B9E5345-9EE9-4FAE-A46B-10EDBF606768}: DhcpNameServer = 192.168.2.1 192.168.2.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{2B9E5345-9EE9-4FAE-A46B-10EDBF606768}: DhcpDomain = univ-bouira.local
O17 - HKLM\System\CS2\Services\Tcpip\..\{B0FAA266-3D85-4830-B979-D1A213F2BA80}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{2B9E5345-9EE9-4FAE-A46B-10EDBF606768}: DhcpNameServer = 192.168.2.1 192.168.2.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{2B9E5345-9EE9-4FAE-A46B-10EDBF606768}: DhcpDomain = univ-bouira.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.2
~ Domain: Scanned in 00mn 00s



---\\ Extra protocols (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\system32\igfxdev.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Windows Genuine Advantage Notifications.) -- C:\WINDOWS\system32\WgaLogon.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: GamingWonderlandService (GamingWonderlandService) . (.COMPANYVERS_NAME - PRODUCTVERS_TITLE.) - C:\Program Files\GamingWonderland\bar\1.bin\gtbarsvc.exe =>Adware.MyWebSearch
O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) . (.globalUpdate - globalUpdate Update.) - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe =>PUP.GlobalUpdate
O23 - Service: ZwinkyService (Zwinky_5qService) . (...) - C:\Program Files\ZWINKY~2\bar\1.bin\5qbarsvc.exe (.not file.) =>Adware.MyClearSearch
~ Services: 9 Legitimates Filtered in 00mn 02s



---\\ Session Manager Key (AppCertDlls,KnownDLLs) (O36)
O36 - AppCertDlls: (x64) . (...) -- c:\program files\settings manager\systemk\x64\sysapcrt.dll (Not file) =>PUP.SystemK
~ Keys: Scanned in 00mn 00s



---\\ Task Planned Automatically (039)
O39 - APT: - (..) -- C:\WINDOWS\Tasks\907abe7c-b433-48b1-8469-7f5d35d1c066-1.job [1498] =>PUP.CrossRider
O39 - APT: - (..) -- C:\WINDOWS\Tasks\907abe7c-b433-48b1-8469-7f5d35d1c066-4.job [2502] =>PUP.CrossRider
O39 - APT: - (..) -- C:\WINDOWS\Tasks\907abe7c-b433-48b1-8469-7f5d35d1c066-5.job [1426] =>PUP.CrossRider
O39 - APT: - (..) -- C:\WINDOWS\Tasks\907abe7c-b433-48b1-8469-7f5d35d1c066-6.job [1496] =>PUP.CrossRider
O39 - APT: - (..) -- C:\WINDOWS\Tasks\907abe7c-b433-48b1-8469-7f5d35d1c066-7.job [1434] =>PUP.CrossRider
O39 - APT: - (..) -- C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job [910] =>PUP.GlobalUpdate
O39 - APT: - (..) -- C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job [914] =>PUP.GlobalUpdate
~ Scheduled Task: 10 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader
[HKCU\Software\Apps Hat] =>PUP.CrossRider
[HKCU\Software\BitComet] =>P2P.BitComet
[HKCU\Software\Crossrider] =>PUP.CrossRider
[HKCU\Software\Goobzo] =>PUP.Goobzo
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\InstalledBrowserExtensions] =>PUP.BrowserExtensions
[HKCU\Software\OB]
[HKCU\Software\PriceGong] =>Adware.PriceGong
[HKCU\Software\SMADΔV]
[HKCU\Software\SOG]
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\Torntv V9.0] =>Hijacker.TornTV
[HKCU\Software\Zwinky_5q] =>Adware.MyClearSearch
[HKLM\Software\Apps Hat] =>PUP.CrossRider
[HKLM\Software\Conduit] =>Toolbar.Conduit
[HKLM\Software\Goobzo] =>PUP.Goobzo
[HKLM\Software\InstalledBrowserExtensions] =>PUP.BrowserExtensions
[HKLM\Software\SiteSee]
[HKLM\Software\SystemK] =>PUP.SystemK
[HKLM\Software\Torntv V9.0] =>Hijacker.TornTV
[HKLM\Software\Zwinky_5q] =>Adware.MyClearSearch
~ Key Software: 260 Legitimates Filtered in 00mn 00s



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 25/02/2015 - 14:52:56 - [] ----D C:\Program Files\Apps Hat =>PUP.CrossRider
O43 - CFD: 15/06/2014 - 13:59:09 - [] ----D C:\Program Files\Linkey =>PUP.LinkeySearch
O43 - CFD: 15/07/2014 - 09:53:57 - [0] ----D C:\Program Files\SiteLookup =>PUP.SiteLookup
O43 - CFD: 30/06/2014 - 10:00:44 - [0] ----D C:\Documents and Settings\All Users\Application Data\GOOBZO =>PUP.Goobzo
O43 - CFD: 18/09/2013 - 13:48:00 - [] R---D C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Jeux
O43 - CFD: 24/06/2014 - 12:54:08 - [] ----D C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Windows Sweet
~ Program Folder: 123 Legitimates Filtered in 00mn 00s



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.433EB556F82B5D65E0082F9FE146B1EC] - 22/03/2015 - 13:54:05 ---A- . (...) -- C:\WINDOWS\ntbtlog.txt [540322]
O44 - LFC:[MD5.B14793C4FD4AA506817C4084C41BF966] - 26/03/2015 - 09:27:09 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.D1BF33C97E5E338D7A9FD0ADEA7D4342] - 26/03/2015 - 09:27:10 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
~ Files: 14 Legitimates Filtered in 00mn 02s



---\\ Operations and functions at Windows Explorer startup (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Export authorized application key (O47)
O47 - AAKE:Key Export SP - "C:\Program Files\BitComet\BitComet.exe" [Enabled] .(...) -- C:\Program Files\BitComet\BitComet.exe (.not file.) =>P2P.BitComet
~ Keys Export: 32 Legitimates Filtered in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - jumpflip - tasklist.exe =>PUP.JumpFlip
O50 - IFEO:Image File Execution Options - volaro - tasklist.exe =>Trojan.Vonteera
O50 - IFEO:Image File Execution Options - vonteera - tasklist.exe =>Trojan.Vonteera
~ IFEO: Scanned in 00mn 00s



---\\ MountPoints2 Shell Key (MPSK) (O51)
O51 - MPSK:{089fb43d-2125-11e3-a93c-b84f35d96e8f}\AutoRun\command. (...) -- J:\SysAnti.exe (.not file.)
O51 - MPSK:{37b0a484-6c93-11e3-a9db-fcd05cbfb488}\AutoRun\command. (...) -- I:\autorun.exe (.not file.)
O51 - MPSK:{b43c1502-6c9c-11e3-a9dc-f142df58c288}\AutoRun\command. (...) -- I:\autorun.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=1
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=1
~ MWPS: 7 Legitimates Filtered in 00mn 00s



---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "ForceClassicControlPanel"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "LinkResolveIgnoreLinkInfo"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDesktopCleanupWizard"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoInstrumentation"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoRecentDocsHistory"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoRecentDocsMenu"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoResolveSearch"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoResolveTrack"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoSMBalloonTip"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoSMConfigurePrograms"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoSMHelp"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoStartMenuMFUprogramsList"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoWelcomeScreen"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "CDRAutoRun"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "HideRunAsVerb"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoCDBurning"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDesktopCleanupWizard"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoInstrumentation"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoNetConnectDisconnect"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoRecentDocsHistory"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoRemoteRecursiveEvents"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoResolveTrack"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoStartMenuMFUprogramsList"=1
~ MWPE Keys: 31 Legitimates Filtered in 00mn 00s



---\\ System Drivers List (SDL) (O58)
O58 - SDL:13/01/2015 - 08:12:42 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswHwid.sys [24184] =>.ALWIL Software
O58 - SDL:13/01/2015 - 08:12:42 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:13/01/2015 - 08:12:42 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswVmm.sys [206248] =>.ALWIL Software
O58 - SDL:27/09/2008 - 11:31:20 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:27/09/2008 - 11:31:20 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4912]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27916]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [34000]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 49 Legitimates Filtered in 00mn 01s



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ List all legacy services(LALS) (O64)
O64 - Services: CurCS - 13/01/2015 - C:\WINDOWS\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 24/06/2014 - C:\Program Files\GamingWonderland\bar\1.bin\gtbarsvc.exe (GamingWonderlandService) .(.COMPANYVERS_NAME - PRODUCTVERS_TITLE.) - LEGACY_GAMINGWONDERLANDSERVICE =>Adware.MyWebSearch
O64 - Services: CurCS - 30/06/2014 - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe (globalUpdate) .(.globalUpdate - globalUpdate Update.) - LEGACY_GLOBALUPDATE =>PUP.GlobalUpdate
O64 - Services: CurCS - 01/11/1745 - C:\Program Files\ZWINKY~2\bar\1.bin\5qbarsvc.exe (Zwinky_5qService) .(...) - LEGACY_ZWINKY_5QSERVICE =>Adware.MyClearSearch
~ Legacy: 124 Legitimates Filtered in 00mn 00s



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (.not file.)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {06B469CF-CDC2-47F4-81A9-8EA6E8506E45} - (Google) - http://www.google.fr
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Bueno Search) - http://www.buenosearch.com =>PUP.BuenoSearch
O69 - SBI: SearchScopes [HKCU] {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} - (SecureSearch) - http://securedsearch2.lavasoft.com
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} - (default-search.net) - http://www.default-search.net =>Hijacker.Browsers
O69 - SBI: SearchScopes [HKCU] {afdbddaa-5d3f-42ee-b79c-185a7020515b} - (Softonic France FF Customized Web Search) - http://search.conduit.com =>Toolbar.Conduit
O69 - SBI: SearchScopes [HKCU] {db6cc009-8c54-4efd-a265-f1da7fdcbb6b} [DefaultScope] - (Search The Web) - http://www.findamo.com =>Adware.IMBooster
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {06B469CF-CDC2-47F4-81A9-8EA6E8506E45} [DefaultScope] - (Google) - http://www.google.fr
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {06B469CF-CDC2-47F4-81A9-8EA6E8506E45} [DefaultScope] - (Google) - http://www.google.fr
~ Keys: Scanned in 00mn 00s



---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.C37C1B3F6505BD3A7F5AAE8B71973902] [SPRF][14/04/2008] (...) -- \Bootfont.bin [4952]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][02/01/1601] (...) -- \pagefile.sys [2145386496]
[MD5.C37C1B3F6505BD3A7F5AAE8B71973902] [SPRF][14/04/2008] (...) -- \Bootfont.bin [4952]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][02/01/1601] (...) -- \pagefile.sys [2145386496]
~ Files: 4 Legitimates Filtered in 00mn 00s



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{076a9b45-de24-4cdf-89be-716c279b3b55}] (Zwinky_5q HTML) =>Adware.MyClearSearch
[HKCR\CLSID\{11111111-1111-1111-1111-110411851159}] (Apps Hat) =>PUP.CrossRider
[HKCR\CLSID\{22222222-2222-2222-2222-220422852259}] (CrossriderApp0048559.Sandbox) =>PUP.CrossRider
[HKCR\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}] (globalUpdate Update Plugin) =>PUP.GlobalUpdate
[HKCR\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}] (globalUpdate.OneClickProcessLauncher) =>PUP.GlobalUpdate
[HKCR\CLSID\{A00289B5-2C16-4EC7-9780-2B56977ADC65}] (Zwinky_5q HTML Menu) =>Adware.MyClearSearch
[HKCR\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}] (globalUpdate Update Plugin) =>PUP.GlobalUpdate
~ BCK: 4895 Legitimates Filtered in 00mn 11s



---\\ Scan Additionnel (O88)
Database Version : 13008 - (23/03/2015)
Clés trouvées (Keys found) : 11
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 4
Fichiers trouvés (Files found) : 32

[HKLM\SYSTEM\CurrentControlSet\Services\GamingWonderlandService] =>Adware.MyWebSearch^
[HKLM\SYSTEM\CurrentControlSet\Services\globalUpdate) (globalUpdate] =>PUP.GlobalUpdate^
[HKLM\SYSTEM\CurrentControlSet\Services\Zwinky_5qService] =>Adware.MyClearSearch^
[HKLM\Software\Classes\CrossriderApp0048559.BHO] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0048559.BHO.1] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0048559.Sandbox] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0048559.Sandbox.1] =>PUP.CrossRider
[HKLM\Software\Classes\Toolbar.CT2207610] =>Toolbar.Conduit
[HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110411851159}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220422852259}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}] =>Adware.Bandoo^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:Search Protection =>PUP.SearchProtect^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:BitComet =>P2P.BitComet^
C:\Program Files\Apps Hat =>PUP.CrossRider^
C:\Program Files\Linkey =>PUP.LinkeySearch^
C:\Program Files\SiteLookup =>PUP.SiteLookup^
C:\Documents and Settings\All Users\Application Data\GOOBZO =>PUP.Goobzo^
C:\WINDOWS\Tasks\907abe7c-b433-48b1-8469-7f5d35d1c066-1.job =>PUP.CrossRider^
C:\WINDOWS\Tasks\907abe7c-b433-48b1-8469-7f5d35d1c066-4.job =>PUP.CrossRider^
C:\WINDOWS\Tasks\907abe7c-b433-48b1-8469-7f5d35d1c066-5.job =>PUP.CrossRider^
C:\WINDOWS\Tasks\907abe7c-b433-48b1-8469-7f5d35d1c066-6.job =>PUP.CrossRider^
C:\WINDOWS\Tasks\907abe7c-b433-48b1-8469-7f5d35d1c066-7.job =>PUP.CrossRider^
C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job =>PUP.GlobalUpdate^
C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job =>PUP.GlobalUpdate^
[HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader^
[HKCU\Software\Apps Hat] =>PUP.CrossRider^
[HKCU\Software\BitComet] =>P2P.BitComet^
[HKCU\Software\Crossrider] =>PUP.CrossRider^
[HKCU\Software\Goobzo] =>PUP.Goobzo^
[HKCU\Software\InstallCore] =>Adware.InstallCore^
[HKCU\Software\InstalledBrowserExtensions] =>PUP.BrowserExtensions^
[HKCU\Software\PriceGong] =>Adware.PriceGong^
[HKCU\Software\Softonic] =>Toolbar.Conduit^
[HKCU\Software\Torntv V9.0] =>Hijacker.TornTV^
[HKCU\Software\Zwinky_5q] =>Adware.MyClearSearch^
[HKLM\Software\Apps Hat] =>PUP.CrossRider^
[HKLM\Software\Conduit] =>Toolbar.Conduit^
[HKLM\Software\Goobzo] =>PUP.Goobzo^
[HKLM\Software\InstalledBrowserExtensions] =>PUP.BrowserExtensions^
[HKLM\Software\SystemK] =>PUP.SystemK^
[HKLM\Software\Torntv V9.0] =>Hijacker.TornTV^
[HKLM\Software\Zwinky_5q] =>Adware.MyClearSearch^
[HKCR\CLSID\{076a9b45-de24-4cdf-89be-716c279b3b55}] (Zwinky_5q HTML) =>Adware.MyClearSearch^
[HKCR\CLSID\{11111111-1111-1111-1111-110411851159}] (Apps Hat) =>PUP.CrossRider^
[HKCR\CLSID\{22222222-2222-2222-2222-220422852259}] (CrossriderApp0048559.Sandbox) =>PUP.CrossRider^
[HKCR\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}] (globalUpdate Update Plugin) =>PUP.GlobalUpdate^
[HKCR\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}] (globalUpdate.OneClickProcessLauncher) =>PUP.GlobalUpdate^
[HKCR\CLSID\{A00289B5-2C16-4EC7-9780-2B56977ADC65}] (Zwinky_5q HTML Menu) =>Adware.MyClearSearch^
[HKCR\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}] (globalUpdate Update Plugin) =>PUP.GlobalUpdate^
~ Additionnel Scan: 182581 Items scanned in 00mn 23s



---\\ Additional information about modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Auto loading programs from Registry and folders (O4)
~ http://nicolascoolman.fr/o50-image-file-execution-options-zhpdiag/ =>.Image File Execution Options (IFEO) (O50)
~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.MountPoints2 Shell Key (MPSK) (O51)
~ AMI: 4 Legitimates Filtered in 00mn 00s



---\\ Summary of the detections found on your workstation
http://nicolascoolman.fr/adware-mywebsearch =>Adware.MyWebSearch
http://nicolascoolman.fr/28456964-adware-myclearsearch =>Adware.MyClearSearch
http://nicolascoolman.fr/pup-searchprotect =>PUP.SearchProtect
http://nicolascoolman.fr/hijacker-torntv =>Hijacker.TornTV
http://nicolascoolman.fr/pup-globalupdate =>PUP.GlobalUpdate
http://nicolascoolman.fr/pup-systemk =>PUP.SystemK
http://nicolascoolman.fr/pup-crossrider =>PUP.CrossRider
http://nicolascoolman.fr/pup-1clickdownloader =>PUP.1ClickDownloader
http://www.nicolascoolman.fr/blog/ =>PUP.Goobzo
http://nicolascoolman.fr/adware-installcore =>Adware.InstallCore
http://www.nicolascoolman.fr/blog/ =>PUP.BrowserExtensions
http://nicolascoolman.fr/adware-pricegong =>Adware.PriceGong
http://nicolascoolman.fr/toolbar-conduit =>Toolbar.Conduit
http://nicolascoolman.fr/pup-linkeysearch =>PUP.LinkeySearch
http://www.nicolascoolman.fr/blog/ =>PUP.SiteLookup
http://nicolascoolman.fr/pup-jumpflip =>PUP.JumpFlip
http://nicolascoolman.fr/trojan-vonteera =>Trojan.Vonteera
http://nicolascoolman.fr/pup-buenosearch =>PUP.BuenoSearch
http://nicolascoolman.fr/hijacker-browsers =>Hijacker.Browsers
http://nicolascoolman.fr/adware-imbooster =>Adware.IMBooster
http://nicolascoolman.fr/adware-bandoo =>Adware.Bandoo
~ MSI: 21 link(s) detected in 00mn 00s



~ 848 Legitimates filtered by white list
End of the scan (559 lines in 00mn 55s)(0.4)

Publicité


Signaler le contenu de ce document

Publicité