cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2015.3.1.25 - Nicolas Coolman (01/03/2015)
~ Lancé par Julie (04/03/2015 20:53:53)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17633
GCIE: Google Chrome v35.0.1916.153 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)

---\\ Logiciels de protection du système
Windows Defender W7 (Activate)

---\\ Logiciels d'optimisation du système
CCleaner v4.19

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 11 ActiveX
Adobe Reader 9.1 MUI

---\\ Informations sur le système
~ Processor: AMD64 Family 16 Model 5 Stepping 3, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Sans échec avec prise en charge du réseau (Fail-safe with network boot)
Total RAM: 4093 MB (71% free)
System Restore: Activé (Enable)
System drive C: has 136 GB (30%) free of 446 GB

---\\ Mode de connexion au système
~ Computer Name: JULIE-PC
~ User Name: Julie
~ All Users Names: Julie, HomeGroupUser$, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Julie\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Julie\AppData\Roaming\
~ %Desktop% : C:\Users\Julie\Desktop\
~ %Favorites% : C:\Users\Julie\Favorites\
~ %LocalAppData% : C:\Users\Julie\AppData\Local\
~ %StartMenu% : C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 136 Go of 446 Go)
D: CD-ROM drive (Not Inserted)
E: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 46 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.9DFE41A69DF70AAB75CB5BA8C1109EA2] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.12/01/2015 - 02:27:32.) -- C:\Windows\System32\wininet.dll [2358272]
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.17/07/2014 - 03:07:24.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 07:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.70988118145F5F10EF24720B97F35F65] - (.Microsoft Corporation - TDI Translation Driver.) (.11/11/2014 - 02:46:26.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/673
~ Mes musiques (My Musics) : 7/676
~ Mes Videos (My Videos) : 1/341
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 1/319
~ Mon Bureau (My Desktop) : 1/119878
~ Menu demarrer (Programs) : 1/33
~ Hidden Files: Scanned in 01mn 27s



---\\ Processus lancés
[MD5.A5FCD42334CCC682DA1882A54338686C] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488] [PID.1968]
[MD5.1ADAB4A9071A474CAC06509EB901E820] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8182784] [PID.356]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Google Drive v.6.4 (Activé)
G2 - GCE: Preference [User Data\Default] [mfffpogegjflfpflabcdkioaeobkgjik] GaiaAuthExtension v.0.0.1, (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [oilkkkefbalmbfppgjmgjoefbclebkce] Vosteran New Tab v.0.3.9, (Désactivé) =>PUP.Vosteran
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 18 Legitimates Filtered in 00mn 01s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com =>Hijacker.WebsSearches
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com =>PUP.StartSearch
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com =>Hijacker.WebsSearches
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com =>PUP.StartSearch
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com =>PUP.StartSearch
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com =>PUP.StartSearch
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com =>PUP.StartSearch
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com =>PUP.StartSearch
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com =>PUP.StartSearch
~ IE Browser: 24 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>; =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 00s



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: IETabPage Class [64Bits] - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} . (.Thinknice Co. Limited - SupTab setup package.) -- C:\Program Files (x86)\XTab\SupTab.dll =>PUP.SupTab
O2 - BHO: AliBar BHO [64Bits] - {E4E012DC-1925-48E9-8010-2D195574642A} . (.B1 - AliTab.) -- C:\Program Files (x86)\Internet Explorer\alitab.dll
~ BHO: 3 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Julie]: Continue Live Installation.lnk . (...) -- C:\Users\Julie\AppData\Local\Temp\ICReinstall_nso5C1B.tmp \RR (.not file.) =>PUP.ContinueLiveInstallation
~ Global Startup: 1 Legitimates Filtered in 00mn 03s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe (.not file.)
O4 - HKLM\..\Run: [ASUS WebStorage] . (...) -- C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] . (.Microsoft Corporation - Gestionnaire pour appareils Windows Mobile.) -- C:\Windows\WindowsMobile\wmdcBase.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [EADM] . (.Electronic Arts - Origin.) -- C:\Program Files (x86)\Origin\Origin.exe
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Pense-bête.) -- C:\Windows\System32\StikyNot.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Julie\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328_1\amd64] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe =>.Microsoft Corporation
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl9] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
O4 - HKLM\..\Wow6432Node\Run: [UpdateLBPShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Wow6432Node\Run: [UpdateP2GoShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Wow6432Node\Run: [Boingo Wi-Fi] . (...) -- C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [ATKOSD2] . (.ASUS - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Wow6432Node\Run: [ATKMEDIA] . (.ASUS - ATK Media.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Wow6432Node\Run: [HControlUser] . (.ASUS - HControlUser.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Wow6432Node\Run: [Wireless Console 3] . (.Pas de propriétaire - Wireless Console 3.) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Wow6432Node\Run: [VirtualCloneDrive] . (.Elaborate Bytes AG - Virtual CloneDrive Daemon.) -- C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe =>.Elaborate Bytes AG
O4 - HKLM\..\Wow6432Node\Run: [fst_fr_198] Clé orpheline =>Adware.FreeSoftToday
O4 - HKLM\..\Wow6432Node\Run: [fst_fr_204] Clé orpheline =>Adware.FreeSoftToday
O4 - HKLM\..\Wow6432Node\Run: [fst_fr_329] Clé orpheline =>Adware.FreeSoftToday
O4 - HKLM\..\Wow6432Node\Run: [mwyyntm1ndi1zdz] . (...) -- C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz.exe
O4 - HKLM\..\Wow6432Node\Run: [CrashMon] . (...) -- C:\Program Files (x86)\Umtayyznhndq1ntz\mtuyntm5ndy1yjy.exe
O4 - HKLM\..\Wow6432Node\Run: [gmsd_fr_272] Clé orpheline =>PUP.CrossRider
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2260667975-2093317924-844148320-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2260667975-2093317924-844148320-1000\..\Run: [EADM] . (.Electronic Arts - Origin.) -- C:\Program Files (x86)\Origin\Origin.exe
O4 - HKUS\S-1-5-21-2260667975-2093317924-844148320-1000\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Pense-bête.) -- C:\Windows\System32\StikyNot.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2260667975-2093317924-844148320-1000\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
O4 - HKUS\S-1-5-21-2260667975-2093317924-844148320-1000\..\RunOnce: [Uninstall C:\Users\Julie\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328_1\amd64] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{24681B55-DD78-4798-82E5-07C66BCF59ED}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{24681B55-DD78-4798-82E5-07C66BCF59ED}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{24681B55-DD78-4798-82E5-07C66BCF59ED}: NameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Hit Receive (duroxezy) . (...) - C:\Users\Julie\AppData\Roaming\000000A7-1425456290-8000-9A15-485B39E7878A\jnslE780.tmp
O23 - Service: DeltaFix (fc67e7a0) . (...) - c:\Program Files (x86)\DeltaFix\DeltaFix.dll
O23 - Service: GlobalUpdater (GlobalUpdater) . (...) - C:\Program Files (x86)\Common Files\IMGUpdater\IMGUpdater.exe (.not file.) =>PUP.IMGUpdater
O23 - Service: IHProtect Service (IHProtect Service) . (.XTab system - ProtectSvc.exe.) - C:\Program Files (x86)\XTab\ProtectService.exe =>Adware.AgentODR
O23 - Service: Country Code LAN (qyjegese) . (...) - C:\Users\Julie\AppData\Roaming\000000A7-1425456290-8000-9A15-485B39E7878A\nslACFA.tmpfs
O23 - Service: SProtection (SProtection) . (...) - C:\Program Files (x86)\Common Files\Umbrella\Umbrella250.exe (.not file.)
O23 - Service: Universal Updater Service (UniversalUpdater) . (.Pas de propriétaire - Universal Updater.) - C:\Program Files (x86)\Umtayyznhndq1ntz\mwmyzjmzngu1mdy.exe =>PUP.UniversalUpdater
O23 - Service: WindowsMangerProtect Service (WindowsMangerProtect) . (.SysTool PasSame LIMITED - Windows SysTool Service.) - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe =>PUP.Fuyu
~ Services: 11 Legitimates Filtered in 00mn 05s



---\\ Tâches planifiées en automatique (O39)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: - (..) -- C:\Windows\Tasks\APSnotifierPP1.job [378] =>PUP.AnyProtect
O39 - APT: - (..) -- C:\Windows\System32\Tasks\APSnotifierPP1 [378] =>PUP.AnyProtect
O39 - APT: - (..) -- C:\Windows\Tasks\APSnotifierPP2.job [376] =>PUP.AnyProtect
O39 - APT: - (..) -- C:\Windows\System32\Tasks\APSnotifierPP2 [376] =>PUP.AnyProtect
O39 - APT: - (..) -- C:\Windows\Tasks\APSnotifierPP3.job [376] =>PUP.AnyProtect
O39 - APT: - (..) -- C:\Windows\System32\Tasks\APSnotifierPP3 [376] =>PUP.AnyProtect
O39 - APT: - (..) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job [958] =>PUP.GlobalUpdate
O39 - APT: - (..) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore [958] =>PUP.GlobalUpdate
O39 - APT: - (..) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job [962] =>PUP.GlobalUpdate
O39 - APT: - (..) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA [962] =>PUP.GlobalUpdate
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1078]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1082]
O39 - APT: - (..) -- C:\Windows\Tasks\GS_Booster-S-576482620.job [476] =>PUP.GSBooster
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GS_Booster-S-576482620 [476] =>PUP.GSBooster
O39 - APT: - (..) -- C:\Windows\Tasks\MKXXQHhrPMvvR7iz.job [1004]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\MKXXQHhrPMvvR7iz [1004]
O39 - APT: - (..) -- C:\Windows\Tasks\PennyBee.job [292] =>PUP.PaybyAds
O39 - APT: - (..) -- C:\Windows\System32\Tasks\PennyBee [292] =>PUP.PaybyAds
O39 - APT: - (..) -- C:\Windows\Tasks\WSE_Astromenda.job [292] =>PUP.Astromenda
O39 - APT: - (..) -- C:\Windows\System32\Tasks\WSE_Astromenda [292] =>PUP.Astromenda
O39 - APT: - (..) -- C:\Windows\Tasks\YEIRI.job [1336]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\YEIRI [1336]
~ Scheduled Task: 13 Legitimates Filtered in 00mn 00s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (mwiynzm4ndy1yjz) . (.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) - C:\Windows\System32\drivers\mwiynzm4ndy1yjz.sys
O41 - Driver: (qrnfd_1_10_0_9) . (. - .) - C:\Windows\System32\drivers\qrnfd_1_10_0_9.sys (.not file.)
O41 - Driver: (ttnfd) . (. - .) - C:\Windows\System32\drivers\ttnfd.sys (.not file.) =>TTNFD|PUP.TermTutor
~ Drivers: 75 Legitimates Filtered in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: Browser AdBlocker - (.Browser AdBlocker.) [HKLM][64Bits] -- {37476589-E48E-439E-A706-56189E2ED4C4}_is1 =>PUP.Adblocker
O42 - Logiciel: Doctor PC - (.Doctor PC.) [HKLM][64Bits] -- {97AFC0CA-0B1F-423A-B662-BBD0694FADC9} =>PUP.DoctorPC
O42 - Logiciel: GS_Booster - (.GS_Booster.) [HKLM][64Bits] -- S-576482620 =>PUP.GSBooster
O42 - Logiciel: GS_Sustainer - (.Genuine P Software.) [HKLM][64Bits] -- {12DA0E6F-5543-440C-BAA2-28BF01070AFA}{fc67e7a0} =>PUP.GSBooster
O42 - Logiciel: GoSave - (...) [HKLM][64Bits] -- {C87834EB-A2A0-B9D4-AA9A-C263D1191051} =>PUP.GoSave
O42 - Logiciel: Salus - (.Salus.) [HKLM][64Bits] -- Salus =>PUP.Salus
O42 - Logiciel: Yahoo Community Smartbar Engine - (.Linkury Inc..) [HKCU][64Bits] -- {d051e590-e9c6-4640-84ac-a0ebad2461f8}
O42 - Logiciel: YoutubeAdBlocke - (...) [HKLM][64Bits] -- {4820778D-AB0D-6D18-C316-52A6A0E1D507} =>PUP.YouTubeAdBlock
~ Logic: 36 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Active@ File Preview]
[HKCU\Software\AnyProtect] =>PUP.AnyProtect
[HKCU\Software\BoBrowser] =>PUP.BoBrowser
[HKCU\Software\Cool Mirage Ltd]
[HKCU\Software\DoctorPCConfig]
[HKCU\Software\DoctorPCLanguage]
[HKCU\Software\GUPPY]
[HKCU\Software\Gameo] =>PUP.Gameo
[HKCU\Software\GoldenGate]
[HKCU\Software\I - Cinema-nv-ie] =>PUP.CrossRider
[HKCU\Software\I-Cinema]
[HKCU\Software\ICSW]
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\InstalledBrowserExtensions] =>PUP.BrowserExtensions
[HKCU\Software\MKXXQHhrPMvvR7iz]
[HKCU\Software\Maxiget] =>PUP.Maxiget
[HKCU\Software\PennyBee] =>PUP.PaybyAds
[HKCU\Software\SmartSaver+ 3-nv-ie] =>PUP.CrossRider
[HKCU\Software\SmartSaver+3] =>PUP.CrossRider
[HKCU\Software\Store] =>PUP.Nosibay
[HKCU\Software\TutoTag] =>PUP.AgenceExclusive
[HKCU\Software\UpdateChecker] =>Adware.Boxore
[HKCU\Software\Vosteran Browser] =>PUP.Vosteran
[HKCU\Software\WTools] =>PUP.Nosibay
[HKCU\Software\YEIRI]
[HKLM\Software\88B73655-05CA-442E-8ABF-97FD96D79AC9] =>PUP.CrossRider
[HKLM\Software\InstalledBrowserExtensions] =>PUP.BrowserExtensions
[HKLM\Software\Maxiget] =>PUP.Maxiget
[HKLM\Software\SupraSavings ] =>PUP.SupraSavings
[HKLM\Software\Wow6432Node\Clara]
[HKLM\Software\Wow6432Node\ErrorLists-nova-agent]
[HKLM\Software\Wow6432Node\GS_Booster] =>PUP.GSBooster
[HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>PUP.BrowserExtensions
[HKLM\Software\Wow6432Node\MaxPower]
[HKLM\Software\Wow6432Node\Media_Play_AIR+] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\QuickRef_1.10.0.9] =>PUP.QuickRef
[HKLM\Software\Wow6432Node\SupDp] =>PUP.SupTab
[HKLM\Software\Wow6432Node\TermTutor] =>PUP.TermTutor
[HKLM\Software\Wow6432Node\Tutorials] =>PUP.AgenceExclusive
[HKLM\Software\Wow6432Node\Universal]
[HKLM\Software\Wow6432Node\anset]
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab
~ Key Software: 282 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 04/03/2015 - 13:06:43 - [] ----D C:\Program Files (x86)\50Couoponns
O43 - CFD: 12/07/2014 - 14:46:51 - [] ----D C:\Program Files (x86)\88B73655-05CA-442E-8ABF-97FD96D79AC9
O43 - CFD: 18/10/2014 - 17:17:23 - [] ----D C:\Program Files (x86)\A Game of Thrones
O43 - CFD: 09/03/2014 - 19:10:17 - [] ----D C:\Program Files (x86)\Boxore =>Adware.Boxore
O43 - CFD: 14/11/2014 - 09:40:31 - [] ----D C:\Program Files (x86)\DeltaFix
O43 - CFD: 01/08/2014 - 21:10:26 - [0] ----D C:\Program Files (x86)\doewNlaoaditkeep =>PUP.DownloadItKeep
O43 - CFD: 04/03/2015 - 13:06:58 - [] ----D C:\Program Files (x86)\ExSttraCouupon =>PUP.ExtraCoupon
O43 - CFD: 04/03/2015 - 18:40:55 - [] ----D C:\Program Files (x86)\GoSave =>PUP.GoSave
O43 - CFD: 14/01/2015 - 21:56:22 - [0] ----D C:\Program Files (x86)\GreaatSave4U =>PUP.GreatSave4U
O43 - CFD: 14/11/2014 - 08:54:02 - [0] ----D C:\Program Files (x86)\GS_Booster =>PUP.GSBooster
O43 - CFD: 04/03/2015 - 13:10:58 - [0] ----D C:\Program Files (x86)\GU Player =>PUP.GUPlayer
O43 - CFD: 30/07/2014 - 08:32:56 - [0] ----D C:\Program Files (x86)\Isaaveur
O43 - CFD: 14/01/2015 - 21:56:26 - [0] ----D C:\Program Files (x86)\JonniCOOupon =>PUP.JoniCoupon
O43 - CFD: 04/03/2015 - 11:56:35 - [0] ----D C:\Program Files (x86)\Maxiget =>PUP.Maxiget
O43 - CFD: 04/03/2015 - 13:10:58 - [0] ----D C:\Program Files (x86)\Mountain Bike
O43 - CFD: 04/03/2015 - 12:46:18 - [] ----D C:\Program Files (x86)\OfferBoulevard
O43 - CFD: 04/03/2015 - 09:03:23 - [] ----D C:\Program Files (x86)\Smwyyntm1ndi1zdz
O43 - CFD: 04/03/2015 - 09:03:14 - [] ----D C:\Program Files (x86)\Umtayyznhndq1ntz
O43 - CFD: 04/03/2015 - 09:03:30 - [] ----D C:\Program Files (x86)\XTab
O43 - CFD: 04/03/2015 - 18:40:33 - [] ----D C:\Program Files (x86)\YoutubeAdBlocke =>PUP.YouTubeAdBlock
O43 - CFD: 24/02/2015 - 18:20:56 - [] ----D C:\ProgramData\1749093203260982817
O43 - CFD: 04/03/2015 - 13:19:40 - [] ----D C:\ProgramData\18460700536bc621
O43 - CFD: 10/11/2014 - 18:19:37 - [] ----D C:\ProgramData\Browser AdBlocker =>PUP.Adblocker
O43 - CFD: 14/01/2015 - 21:56:39 - [0] ----D C:\ProgramData\CoupExtension =>PUP.CoupExtension
O43 - CFD: 14/01/2015 - 21:56:35 - [0] ----D C:\ProgramData\DealExpress =>PUP.DealExpress
O43 - CFD: 02/08/2014 - 07:16:23 - [0] ----D C:\ProgramData\doewNlaoaditkeep =>PUP.DownloadItKeep
O43 - CFD: 26/10/2014 - 14:21:16 - [] ----D C:\ProgramData\GoSave =>PUP.GoSave
O43 - CFD: 14/01/2015 - 22:01:40 - [0] ----D C:\ProgramData\GreaatSave4U =>PUP.GreatSave4U
O43 - CFD: 30/07/2014 - 08:37:41 - [0] ----D C:\ProgramData\Isaaveur
O43 - CFD: 14/01/2015 - 22:01:40 - [0] ----D C:\ProgramData\JonniCOOupon =>PUP.JoniCoupon
O43 - CFD: 14/01/2015 - 21:56:44 - [0] ----D C:\ProgramData\SaveLots =>PUP.SaveLots
O43 - CFD: 14/01/2015 - 21:56:31 - [0] ----D C:\ProgramData\ShopDrop =>PUP.ShopDrop
O43 - CFD: 04/03/2015 - 09:02:25 - [] ----D C:\ProgramData\WindowsMangerProtect =>PUP.Fuyu
O43 - CFD: 26/10/2014 - 14:21:42 - [] ----D C:\ProgramData\YoutubeAdBlocke =>PUP.YouTubeAdBlock
O43 - CFD: 14/07/2009 - 08:44:38 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 04/03/2015 - 09:56:57 - [] ----D C:\Users\Julie\AppData\Roaming\000000A7-1425456290-8000-9A15-485B39E7878A
O43 - CFD: 04/03/2015 - 10:24:16 - [] -SH-D C:\Users\Julie\AppData\Roaming\AnyProtectEx =>PUP.AnyProtect
O43 - CFD: 04/03/2014 - 19:04:38 - [] ----D C:\Users\Julie\AppData\Roaming\Cool Mirage Ltd
O43 - CFD: 04/03/2015 - 11:15:18 - [] ----D C:\Users\Julie\AppData\Roaming\Doctor PC =>PUP.DoctorPC
O43 - CFD: 14/01/2015 - 21:54:16 - [] ----D C:\Users\Julie\AppData\Roaming\Gameo =>PUP.Gameo
O43 - CFD: 14/01/2015 - 21:43:43 - [] --H-D C:\Users\Julie\AppData\Roaming\GoldenGate
O43 - CFD: 04/03/2015 - 09:01:26 - [] ----D C:\Users\Julie\AppData\Roaming\Maxiget =>PUP.Maxiget
O43 - CFD: 04/03/2015 - 11:58:25 - [] ----D C:\Users\Julie\AppData\Roaming\PennyBee =>PUP.PaybyAds
O43 - CFD: 04/03/2015 - 12:07:05 - [0] ----D C:\Users\Julie\AppData\Roaming\Store =>PUP.Nosibay
O43 - CFD: 04/03/2015 - 11:57:12 - [0] ----D C:\Users\Julie\AppData\Roaming\WTools =>PUP.Nosibay
O43 - CFD: 04/03/2015 - 12:42:01 - [] ----D C:\Users\Julie\AppData\Local\000000A7-1425460296-8000-9A15-485B39E7878A
O43 - CFD: 14/01/2015 - 21:45:38 - [] ----D C:\Users\Julie\AppData\Local\1745666
O43 - CFD: 04/03/2015 - 13:08:02 - [] ----D C:\Users\Julie\AppData\Local\BreakingNewsAlert =>PUP.BreakingNewsAlert
O43 - CFD: 01/08/2014 - 21:01:48 - [] ----D C:\Users\Julie\AppData\Local\com
O43 - CFD: 04/03/2015 - 11:15:39 - [] ----D C:\Users\Julie\AppData\Local\Doctor_PC =>PUP.DoctorPC
O43 - CFD: 17/12/2014 - 12:21:35 - [] -SH-D C:\Users\Julie\AppData\Local\EmieBrowserModeList
O43 - CFD: 14/01/2015 - 21:43:36 - [] ----D C:\Users\Julie\AppData\Local\Gameo =>PUP.Gameo
O43 - CFD: 04/03/2015 - 09:09:25 - [] ----D C:\Users\Julie\AppData\Local\Maxiget =>PUP.Maxiget
O43 - CFD: 04/03/2015 - 12:46:04 - [] ----D C:\Users\Julie\AppData\Local\SmartWeb =>PUP.SmartWeb
O43 - CFD: 14/01/2015 - 21:54:51 - [] ----D C:\Users\Julie\AppData\Local\Vosteran =>PUP.Vosteran
O43 - CFD: 04/03/2015 - 11:50:41 - [] ----D C:\Users\Julie\AppData\Local\ZombieNews
~ Program Folder: 223 Legitimates Filtered in 00mn 03s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.2E2FE8C94F0222958067C3FC501B3ADA] - 04/03/2015 - 09:25:25 ---A- . (...) -- C:\Windows\System32\BasementDusterOff.ini [8544]
O44 - LFC:[MD5.FA316DF29063B460FE3A0B9E96B3E94A] - 04/03/2015 - 09:57:08 ---A- . (...) -- C:\Windows\patsearch.bin [2138]
O44 - LFC:[MD5.EFD17FACCF57EE9C08AACB09B5650243] - 04/03/2015 - 12:36:41 ---A- . (...) -- C:\Windows\System32\ServiceFilter.ini [1632]
O44 - LFC:[MD5.1E0444E7A2132BA11711DAF946970037] - 04/03/2015 - 12:37:03 ---A- . (...) -- C:\Windows\System32\AutoRunFilter.ini [2462]
O44 - LFC:[MD5.E4BBAB01F5D5AFFB4243E8F51C944F3F] - 04/03/2015 - 20:37:39 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [19056]
O44 - LFC:[MD5.E4BBAB01F5D5AFFB4243E8F51C944F3F] - 04/03/2015 - 20:37:39 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [19056]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 04/03/2015 - 20:49:49 ---A- . (...) -- C:\83D1.tmp [0]
O44 - LFC:[MD5.5B27F0A9DF1F270CB964BDC0DEB23C47] - 04/03/2015 - 20:50:39 ---A- . (...) -- C:\Windows\ntbtlog.txt [75480]
~ Files: 19 Legitimates Filtered in 00mn 08s



---\\ Clé de registre Shell MountPoints2 (MPSK) (O51)
O51 - MPSK:{7367fc64-cc3e-11e3-9631-485b39e7878a}\AutoRun\command. (...) -- E:\SETUP.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:08/09/2010 - 19:39:32 ---A- . (.ELAN Microelectronic Corp. - ETD Control Center.) -- C:\Windows\System32\Drivers\ETD.sys [129024]
O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:20/07/2009 - 10:29:39 ---A- . (.Pas de propriétaire - Keyboard Filter Driver.) -- C:\Windows\System32\Drivers\kbfiltr.sys [15416]
O58 - SDL:18/06/2009 - 20:18:10 ---A- . (.Windows (R) Win 7 DDK provider - ASUS CopyProtect driver.) -- C:\Windows\System32\Drivers\lullaby.sys [15928]
O58 - SDL:16/01/2015 - 04:07:32 ---A- . (.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) -- C:\Windows\System32\Drivers\mwiynzm4ndy1yjz.sys [59720]
O58 - SDL:05/06/2009 - 11:15:55 ---A- . (.Pas de propriétaire - USBCAMD for Sonix UVC.) -- C:\Windows\System32\Drivers\sncduvc.sys [42176]
O58 - SDL:05/06/2009 - 11:15:57 ---A- . (.Pas de propriétaire - UVC Camera Streaming Driver.) -- C:\Windows\System32\Drivers\snp2uvc.sys [1806400]
O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
~ Drivers: 62 Legitimates Filtered in 00mn 04s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 16/01/2015 - C:\Windows\System32\drivers\mwiynzm4ndy1yjz.sys (mwiynzm4ndy1yjz) .(.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) - LEGACY_MWIYNZM4NDY1YJZ
~ Legacy: 82 Legitimates Filtered in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {E733165D-CBCF-4FDA-883E-ADEF965B476C} [DefaultScope] - (Google) - http://www.mystartsearch.com =>PUP.StartSearch
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.1FE339E72FE03A27DD9D5A9A357CFE7D] [SPRF][24/12/2009] (...) -- C:\ProgramData\FullRemove.exe [131368]
[MD5.4352D88A78AA39750BF70CD6F27BCAA5] [SPRF][04/03/2015] (...) -- C:\Users\Julie\AppData\Roaming\appdataFr2.bin [4]
[MD5.113AF1AE40783E590DF436BE4C2B740B] [SPRF][03/02/2015] (.Doctor PC - This installer database contains the logic and data required to install Doctor PC..) -- C:\Users\Julie\AppData\Roaming\DoctorPCSetup.exe [5000286] =>PUP.DoctorPC
[MD5.C2FCBE38F2FA69C7EDB24DB49434BDC3] [SPRF][12/02/2015] (...) -- C:\Users\Julie\AppData\Roaming\MKXXQHhrPMvvR7iz.exe [1668608]
[MD5.E567015A8172BA0AADAE7DE105EC5E11] [SPRF][04/03/2015] (.smart-saverplus - SmartSaver+ 3 exe.) -- C:\Users\Julie\AppData\Roaming\YEIRI.exe [1813464] =>PUP.CrossRider
~ Files: 5 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.48F4ED2CA5EF5FC1B82A8B284F2834C8] [WIS][03/02/2015] (.Doctor PC - Doctor PC.) -- C:\Windows\Installer\a008ce.msi [761856] =>PUP.DoctorPC
[MD5.D00B3BC54F48609DD9D41ADB2744894D] [WIS][11/06/2014] (.LPT - LPT System Updater Service.) -- C:\Windows\Installer\bd773.msi [2052096] =>Adware.IncrediBar
~ WIS: 2 Legitimates Filtered in 00mn 09s



---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32 =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASAPI32 =>Adware.NewPlayer
HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASMANCS =>Adware.NewPlayer
HKLM\SOFTWARE\Microsoft\Tracing\Torntv Downloader_RASAPI32 =>Hijacker.TornTV
HKLM\SOFTWARE\Microsoft\Tracing\Torntv Downloader_RASMANCS =>Hijacker.TornTV
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\IminentUninstall_RASAPI32 =>Adware.IMBooster
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\IminentUninstall_RASMANCS =>Adware.IMBooster
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_0702-81cfb2ef_RASAPI32 =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_0702-81cfb2ef_RASMANCS =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_RASAPI32 =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_RASMANCS =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_Setup_RASAPI32 =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_Setup_RASMANCS =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\playnowradio_RASAPI32 =>PUP.PlayNowRadio
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\playnowradio_RASMANCS =>PUP.PlayNowRadio
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatemelondrea_RASAPI32 =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatemelondrea_RASMANCS =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateWebSpades_RASAPI32 =>PUP.WebSpades
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateWebSpades_RASMANCS =>PUP.WebSpades
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilDealKeeper_RASAPI32 =>PUP.DealKeeper
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilDealKeeper_RASMANCS =>PUP.DealKeeper
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilmelondrea_RASAPI32 =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilmelondrea_RASMANCS =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilWebSpades_RASAPI32 =>PUP.WebSpades
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilWebSpades_RASMANCS =>PUP.WebSpades
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamUpdaterV3_RASAPI32 =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamUpdaterV3_RASMANCS =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WebSpades_RASAPI32 =>PUP.WebSpades
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WebSpades_RASMANCS =>PUP.WebSpades
~ BTK: 187 Legitimates Filtered in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 04/06/2014 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 08/12/2009 379520 | (AFBAgent) . (.ASUSTeK Computer Inc..) - C:\Windows\system32\FBAgent.exe
SS - | Auto 30/03/2010 202752 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SS - | Auto 16/06/2009 84536 | (ASLDRService) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
SS - | Auto 15/12/2009 96896 | (ATKGFNEXSrv) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
SS - | Auto 04/03/2015 103424 | (duroxezy) . (...) - C:\Users\Julie\AppData\Roaming\000000A7-1425456290-8000-9A15-485B39E7878A\jnslE780.tmp
SS - | Auto 14/11/2014 3906048 | (fc67e7a0) . (...) - c:\Program Files (x86)\DeltaFix\DeltaFix.dll
SS - | Auto 22/07/1658 0 | (GlobalUpdater) . (...) - C:\Program Files (x86)\Common Files\IMGUpdater\IMGUpdater.exe =>PUP.IMGUpdater
SS - | Demand 08/06/2010 182768 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Auto 16/01/2015 158896 | (IHProtect Service) . (.XTab system.) - C:\Program Files (x86)\XTab\ProtectService.exe =>Adware.AgentODR
SS - | Auto 04/03/2015 122880 | (qyjegese) . (...) - C:\Users\Julie\AppData\Roaming\000000A7-1425456290-8000-9A15-485B39E7878A\nslACFA.tmpfs
SS - | Auto 14/12/2010 501336 | (Serveur Média) . (.PacketVideo.) - C:\Program Files (x86)\Serveur Media\twonkymediaserverwatchdog.exe
SS - | Auto 22/07/1658 0 | (SProtection) . (...) - C:\Program Files (x86)\Common Files\Umbrella\Umbrella250.exe
SS - | Auto 04/03/2015 702976 | (UniversalUpdater) . (...) - C:\Program Files (x86)\Umtayyznhndq1ntz\mwmyzjmzngu1mdy.exe =>PUP.UniversalUpdater
SS - | Auto 04/03/2015 493712 | (WindowsMangerProtect) . (.SysTool PasSame LIMITED.) - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe =>PUP.Fuyu
SS - | Auto 22/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SS - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 19s



---\\ Scan Additionnel (O88)
Database Version : 13008 - (01/03/2015)
Clés trouvées (Keys found) : 34
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 35
Fichiers trouvés (Files found) : 42

[HKLM\Software\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce] =>PUP.Vosteran^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}] =>PUP.SupTab^
[HKLM\SYSTEM\CurrentControlSet\Services\GlobalUpdater] =>PUP.IMGUpdater^
[HKLM\SYSTEM\CurrentControlSet\Services\IHProtect Service] =>Adware.AgentODR^
[HKLM\SYSTEM\CurrentControlSet\Services\UniversalUpdater] =>PUP.UniversalUpdater^
[HKLM\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect] =>PUP.Fuyu^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1] =>PUP.Adblocker^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{97AFC0CA-0B1F-423A-B662-BBD0694FADC9}] =>PUP.DoctorPC^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\S-576482620] =>PUP.GSBooster^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{fc67e7a0}] =>PUP.GSBooster^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}] =>PUP.GoSave^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Salus] =>PUP.Salus^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}] =>PUP.YouTubeAdBlock^
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Wow6432Node\Tutorials] =>Spyware.AgenceExclusive
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP] =>Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect] =>Toolbar.Conduit
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKLM\Software\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}] =>Adware.Agent
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider
[HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>PUP.CrossRider
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E4E012DC-1925-48E9-8010-2D195574642A}] =>Hijacker.SearchB1org
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E4E012DC-1925-48E9-8010-2D195574642A}] =>Hijacker.SearchB1org
[HKLM\Software\Classes\CLSID\{E4E012DC-1925-48E9-8010-2D195574642A}] =>Hijacker.SearchB1org
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E4E012DC-1925-48E9-8010-2D195574642A}] =>Hijacker.SearchB1org
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E4E012DC-1925-48E9-8010-2D195574642A}] =>Hijacker.SearchB1org
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar] =>Adware.IMBooster
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:fst_fr_198 =>Adware.FreeSoftToday^
C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce =>PUP.Vosteran^
C:\Program Files (x86)\Boxore =>Adware.Boxore^
C:\Program Files (x86)\doewNlaoaditkeep =>PUP.DownloadItKeep^
C:\Program Files (x86)\ExSttraCouupon =>PUP.ExtraCoupon^
C:\Program Files (x86)\GoSave =>PUP.GoSave^
C:\Program Files (x86)\GreaatSave4U =>PUP.GreatSave4U^
C:\Program Files (x86)\GS_Booster =>PUP.GSBooster^
C:\Program Files (x86)\GU Player =>PUP.GUPlayer^
C:\Program Files (x86)\JonniCOOupon =>PUP.JoniCoupon^
C:\Program Files (x86)\Maxiget =>PUP.Maxiget^
C:\Program Files (x86)\YoutubeAdBlocke =>PUP.YouTubeAdBlock^
C:\ProgramData\Browser AdBlocker =>PUP.Adblocker^
C:\ProgramData\CoupExtension =>PUP.CoupExtension^
C:\ProgramData\DealExpress =>PUP.DealExpress^
C:\ProgramData\doewNlaoaditkeep =>PUP.DownloadItKeep^
C:\ProgramData\GoSave =>PUP.GoSave^
C:\ProgramData\GreaatSave4U =>PUP.GreatSave4U^
C:\ProgramData\JonniCOOupon =>PUP.JoniCoupon^
C:\ProgramData\SaveLots =>PUP.SaveLots^
C:\ProgramData\ShopDrop =>PUP.ShopDrop^
C:\ProgramData\WindowsMangerProtect =>PUP.Fuyu^
C:\ProgramData\YoutubeAdBlocke =>PUP.YouTubeAdBlock^
C:\Users\Julie\AppData\Roaming\AnyProtectEx =>PUP.AnyProtect^
C:\Users\Julie\AppData\Roaming\Doctor PC =>PUP.DoctorPC^
C:\Users\Julie\AppData\Roaming\Gameo =>PUP.Gameo^
C:\Users\Julie\AppData\Roaming\Maxiget =>PUP.Maxiget^
C:\Users\Julie\AppData\Roaming\PennyBee =>PUP.PaybyAds^
C:\Users\Julie\AppData\Roaming\Store =>PUP.Nosibay^
C:\Users\Julie\AppData\Roaming\WTools =>PUP.Nosibay^
C:\Users\Julie\AppData\Local\BreakingNewsAlert =>PUP.BreakingNewsAlert^
C:\Users\Julie\AppData\Local\Doctor_PC =>PUP.DoctorPC^
C:\Users\Julie\AppData\Local\Gameo =>PUP.Gameo^
C:\Users\Julie\AppData\Local\Maxiget =>PUP.Maxiget^
C:\Users\Julie\AppData\Local\SmartWeb =>PUP.SmartWeb^
C:\Users\Julie\AppData\Local\Vosteran =>PUP.Vosteran^
C:\Windows\Tasks\APSnotifierPP1.job =>PUP.AnyProtect^
C:\Windows\System32\Tasks\APSnotifierPP1 =>PUP.AnyProtect^
C:\Windows\Tasks\APSnotifierPP2.job =>PUP.AnyProtect^
C:\Windows\System32\Tasks\APSnotifierPP2 =>PUP.AnyProtect^
C:\Windows\Tasks\APSnotifierPP3.job =>PUP.AnyProtect^
C:\Windows\System32\Tasks\APSnotifierPP3 =>PUP.AnyProtect^
C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job =>PUP.GlobalUpdate^
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore =>PUP.GlobalUpdate^
C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job =>PUP.GlobalUpdate^
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA =>PUP.GlobalUpdate^
C:\Windows\Tasks\GS_Booster-S-576482620.job =>PUP.GSBooster^
C:\Windows\System32\Tasks\GS_Booster-S-576482620 =>PUP.GSBooster^
C:\Windows\Tasks\PennyBee.job =>PUP.PaybyAds^
C:\Windows\System32\Tasks\PennyBee =>PUP.PaybyAds^
C:\Windows\Tasks\WSE_Astromenda.job =>PUP.Astromenda^
C:\Windows\System32\Tasks\WSE_Astromenda =>PUP.Astromenda^
[HKCU\Software\AnyProtect] =>PUP.AnyProtect^
[HKCU\Software\BoBrowser] =>PUP.BoBrowser^
[HKCU\Software\Gameo] =>PUP.Gameo^
[HKCU\Software\I - Cinema-nv-ie] =>PUP.CrossRider^
[HKCU\Software\Maxiget] =>PUP.Maxiget^
[HKCU\Software\PennyBee] =>PUP.PaybyAds^
[HKCU\Software\SmartSaver+ 3-nv-ie] =>PUP.CrossRider^
[HKCU\Software\SmartSaver+3] =>PUP.CrossRider^
[HKCU\Software\Store] =>PUP.Nosibay^
[HKCU\Software\TutoTag] =>PUP.AgenceExclusive^
[HKCU\Software\UpdateChecker] =>Adware.Boxore^
[HKCU\Software\Vosteran Browser] =>PUP.Vosteran^
[HKCU\Software\WTools] =>PUP.Nosibay^
[HKLM\Software\88B73655-05CA-442E-8ABF-97FD96D79AC9] =>PUP.CrossRider^
[HKLM\Software\Maxiget] =>PUP.Maxiget^
[HKLM\Software\SupraSavings ] =>PUP.SupraSavings^
[HKLM\Software\Wow6432Node\GS_Booster] =>PUP.GSBooster^
[HKLM\Software\Wow6432Node\Media_Play_AIR+] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\QuickRef_1.10.0.9] =>PUP.QuickRef^
[HKLM\Software\Wow6432Node\SupDp] =>PUP.SupTab^
[HKLM\Software\Wow6432Node\TermTutor] =>PUP.TermTutor^
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab^
C:\Users\Julie\AppData\Roaming\DoctorPCSetup.exe =>PUP.DoctorPC^
C:\Users\Julie\AppData\Roaming\YEIRI.exe =>PUP.CrossRider^
C:\Windows\Installer\a008ce.msi =>PUP.DoctorPC^
C:\Windows\Installer\bd773.msi =>Adware.IncrediBar^
~ Additionnel Scan: 273499 Items scanned in 00mn 47s



---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/g2-google-chrome-extensions/ =>.Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects de navigateur (O2)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer Toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Clé de registre Shell MountPoints2 (MPSK) (O51)
~ AMI: 6 Legitimates Filtered in 00mn 00s



---\\ Récapitulatif des détections trouvées sur votre station
http://www.nicolascoolman.fr/blog/ =>PUP.Vosteran
http://nicolascoolman.fr/hijacker-webssearches =>Hijacker.WebsSearches
http://nicolascoolman.fr/pup-startsearch =>PUP.StartSearch
http://nicolascoolman.fr/hijacker-proxy =>Hijacker.Proxy
http://nicolascoolman.fr/pup-suptab =>PUP.SupTab
http://www.nicolascoolman.fr/blog/ =>PUP.ContinueLiveInstallation
http://nicolascoolman.fr/adware-freesofttoday =>Adware.FreeSoftToday
http://nicolascoolman.fr/pup-crossrider =>PUP.CrossRider
http://nicolascoolman.fr/pup-imgupdater =>PUP.IMGUpdater
http://www.nicolascoolman.fr/blog/ =>Adware.AgentODR
http://www.nicolascoolman.fr/blog/ =>PUP.UniversalUpdater
http://www.nicolascoolman.fr/blog/ =>PUP.Fuyu
http://nicolascoolman.fr/pup-anyprotect =>PUP.AnyProtect
http://nicolascoolman.fr/pup-globalupdate =>PUP.GlobalUpdate
http://www.nicolascoolman.fr/blog/ =>PUP.GSBooster
http://nicolascoolman.fr/pup-paybyads =>PUP.PaybyAds
http://nicolascoolman.fr/pup-astromenda =>PUP.Astromenda
http://www.nicolascoolman.fr/blog/ =>TTNFD|PUP.TermTutor
http://www.nicolascoolman.fr/blog/ =>PUP.Adblocker
http://www.nicolascoolman.fr/blog/ =>PUP.DoctorPC
http://www.nicolascoolman.fr/blog/ =>PUP.GoSave
http://www.nicolascoolman.fr/blog/ =>PUP.Salus
http://nicolascoolman.fr/35828469-pup-youtubeadblocker- =>PUP.YouTubeAdBlock
http://www.nicolascoolman.fr/blog/ =>PUP.BoBrowser
http://www.nicolascoolman.fr/blog/ =>PUP.Gameo
http://nicolascoolman.fr/adware-installcore =>Adware.InstallCore
http://www.nicolascoolman.fr/blog/ =>PUP.BrowserExtensions
http://www.nicolascoolman.fr/blog/ =>PUP.Maxiget
http://www.nicolascoolman.fr/blog/ =>PUP.Nosibay
http://nicolascoolman.fr/spyware-agenceexclusive =>PUP.AgenceExclusive
http://nicolascoolman.fr/adware-boxore =>Adware.Boxore
http://nicolascoolman.fr/pup-suprasavings =>PUP.SupraSavings
http://www.nicolascoolman.fr/blog/ =>PUP.QuickRef
http://www.nicolascoolman.fr/blog/ =>PUP.TermTutor
http://www.nicolascoolman.fr/blog/ =>PUP.DownloadItKeep
http://www.nicolascoolman.fr/blog/ =>PUP.ExtraCoupon
http://www.nicolascoolman.fr/blog/ =>PUP.GreatSave4U
http://www.nicolascoolman.fr/blog/ =>PUP.GUPlayer
http://www.nicolascoolman.fr/blog/ =>PUP.JoniCoupon
http://www.nicolascoolman.fr/blog/ =>PUP.CoupExtension
http://www.nicolascoolman.fr/blog/ =>PUP.DealExpress
http://www.nicolascoolman.fr/blog/ =>PUP.SaveLots
http://www.nicolascoolman.fr/blog/ =>PUP.ShopDrop
http://www.nicolascoolman.fr/blog/ =>PUP.BreakingNewsAlert
http://nicolascoolman.fr/pup-smartwebsearch =>PUP.SmartWeb
http://nicolascoolman.fr/adware-incredibar =>Adware.IncrediBar
http://nicolascoolman.fr/pup-mypcbackup =>PUP.MyPCBackup
http://www.nicolascoolman.fr/blog/ =>Adware.NewPlayer
http://nicolascoolman.fr/hijacker-torntv =>Hijacker.TornTV
http://nicolascoolman.fr/adware-imbooster =>Adware.IMBooster
http://nicolascoolman.fr/pup-melondrea =>PUP.Melondrea
http://nicolascoolman.fr/pup-playnowradio =>PUP.PlayNowRadio
http://nicolascoolman.fr/pup-webspades =>PUP.WebSpades
http://nicolascoolman.fr/pup-dealkeeper =>PUP.DealKeeper
http://nicolascoolman.fr/pup-wajam =>PUP.Wajam
http://nicolascoolman.fr/pup-v9software =>PUP.V9Software
http://www.nicolascoolman.fr/blog/ =>Spyware.AgenceExclusive
http://nicolascoolman.fr/toolbar-conduit =>Toolbar.Conduit
http://www.nicolascoolman.fr/blog/ =>Adware.Agent
http://nicolascoolman.fr/30703839-hijacker-searchb1org =>Hijacker.SearchB1org
~ MSI: 60 link(s) detected in 00mn 00s



---\\ Alert Messages
WARNING : Hijacker Proxy found, Clean with ZHPCleaner Tool

~ 835 Legitimates filtered by white list
End of the scan (772 lines in 03mn 30s)(0.6)

Publicité


Signaler le contenu de ce document

Publicité