cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2015.4.28.44 - Nicolas Coolman (28/04/2015)
~ Lancé par Proprietaire (30/04/2015 14:24:45)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17728

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_COA_SLP channel
Windows ID Activation : OK
~ Windows Partial Key : BYWPM
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)

---\\ Logiciels de protection du système
Microsoft Security Client v4.7.0205.0
Spybot - Search & Destroy v1.6.2
Windows Defender W7 (Deactivate)

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4061 MB (50% free)
System Restore: Activé (Enable)
System drive C: has 35 GB (22%) free of 156 GB

---\\ Mode de connexion au système
~ Computer Name: PROPRIETAIRE-PC
~ User Name: Proprietaire
~ All Users Names: Proprietaire, HomeGroupUser$, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Proprietaire\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Proprietaire\AppData\Roaming\
~ %Desktop% : D:\Proprietaire\Desktop\
~ %Favorites% : D:\Proprietaire\Favorites\
~ %LocalAppData% : C:\Users\Proprietaire\AppData\Local\
~ %StartMenu% : C:\Users\Proprietaire\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 35 Go of 156 Go)
D: Hard drive, Flash drive, Thumb drive (Free 208 Go of 310 Go)
E: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.77B35D0FC22A2D2EAC8D07C3F9784DBF] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.13/03/2015 - 03:45:57.) -- C:\Windows\System32\wininet.dll [2358784]
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.17/07/2014 - 03:07:24.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 07:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.70988118145F5F10EF24720B97F35F65] - (.Microsoft Corporation - TDI Translation Driver.) (.11/11/2014 - 02:46:26.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/9
~ Mes musiques (My Musics) : 3/85
~ Mes Favoris (My Favorites) : 1/31
~ Mes Documents (My Documents) : 1/153
~ Mon Bureau (My Desktop) : 1/3996
~ Menu demarrer (Programs) : 1/37
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lancés
[MD5.3ACC2560DDC26922A726F5CFDA60E84F] - (.BitTorrent Inc. - BitTorrent.) -- C:\Users\Proprietaire\AppData\Roaming\BitTorrent\BitTorrent.exe [1443160] [PID.1752] =>P2P.BitTorrent
[MD5.D1AAF28F39E00E4962EB80CCF32D48DB] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144] [PID.4696]
[MD5.D6E2ED7F1F7BE7CCB8676491BF950B57] - (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Proprietaire\AppData\Local\Akamai\netsession_win.exe [4673432] [PID.4960]
[MD5.54B01132240C2352E8F6F327833CC6CC] - (.Pay By Ads LTD - Pas de description.) -- C:\Program Files (x86)\StartPoint\startpoint\1.3.23.0\startpoint.exe [644376] [PID.4548] =>PUP.StartPoint
[MD5.F7A721620FD1148ACCF8A8641DE114C5] - (.Bogdan Sharkov - Clownfish for Skype.) -- C:\Program Files (x86)\Clownfish\Clownfish.exe [1332480] [PID.5256]
[MD5.5D35B924C53CD39471281FFBCC68A9B3] - (.Visicom Media Inc. - ManyCam Virtual Webcam.) -- C:\Program Files (x86)\ManyCam\ManyCam.exe [10182440] [PID.5268]
[MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - (.Microsoft Corporation - COM Surrogate.) -- C:\Windows\SysWOW64\DllHost.exe [7168] [PID.5588]
[MD5.55D9D5D626A1E30D286FDA5A58F9AF98] - (.Crossbrowse - Crossbrowse.) -- C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe [637440] [PID.6036] =>PUP.CrossBrowse
[MD5.5AEBF6FA9805C9101220AA4FB4FA17E7] - (.ASUS - HControlUser.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016] [PID.6064]
[MD5.EBA7FEB924D04E718870B6E1E07D2465] - (.ASUS - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [8493624] [PID.6080]
[MD5.8ABADC0AD4E00A6BBB4B458200DBF536] - (.Visicom Media Inc. - Anti-phishing Domain Advisor (Powered by Pa.) -- C:\ProgramData\MyStart Anti-phishing Domain Advisor\MyStart_antiphishing.exe [235072] [PID.6112] =>Adware.VisicomAntiPhishing
[MD5.3A73A486FC500596C0DC29937A8E4CB9] - (.Super PC Tools Ltd - Fix PC problems and optimize performance.) -- C:\ProgramData\{e1846fcd-5f08-d495-e184-46fcd5f0bf35}\hqghumeaylnlf.exe [5945968] [PID.5776] =>PUP.SuperPCTools
[MD5.764AA3A66DC1573FE32B8826A9A19C6C] - (.The Document Foundation - LibreOffice.) -- C:\Program Files (x86)\LibreOffice 4.0\program\soffice.exe [57752] [PID.3392]
[MD5.717B78FF0545ABA5C18E098C7AEC0210] - (.The Document Foundation - LibreOffice.) -- C:\Program Files (x86)\LibreOffice 4.0\program\soffice.bin [678400] [PID.3100]
[MD5.84AE75DC96E7CE95F71A2F25259B5F69] - (.PC Utilities Software Limited - OptimizerPro – Clean up your PC.) -- C:\ProgramData\{30ba1e4c-e470-7546-30ba-a1e4ce477933}\Of_FR-I3-OptimizerPro_chk_0_237.exe [5945336] [PID.3120] =>PUP.OptimizerPro
[MD5.B3581F426DC500A51091CDD5BACF0454] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe [815288] [PID.5736]
[MD5.5420880623BD70F2EB6BB62C43620590] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8204800] [PID.7588]
[MD5.18E5C2F937F9DEB8C282DF66A3761925] - (.ASUS - ASLDR Service.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [84536] [PID.1168]
[MD5.1F79342D9EB530A48742F651E570983A] - (.Microsoft Corporation - Updates Skype Click to Call.) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176] [PID.1608]
[MD5.E4938E0A376CF0B9D989EE5C0A146891] - (.Microsoft Corporation - Phone Number Recognition (PNR) module.) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520] [PID.1788]
[MD5.206F37183C8ED63D5F086348653C910A] - (.Freemake - FreemakeUtilsService.) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032] [PID.1868]
[MD5.1010B0553A030B4EBC0D0C00DD9B52D5] - (.Corporate Inc - winservice86 exe.) -- C:\Program Files (x86)\winservice86\ad7f33aa-5b98-444f-bb11-17bb5c480c66.exe [373152] [PID.1984] =>PUP.CrossRider
[MD5.A434FB7C05F244E8E46C23F8075082ED] - (.ASUS - HControl.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe [178744] [PID.2008]
[MD5.D62088F1C4E7B3477AD2A5F8F5C6DEF3] - (.Pas de propriétaire - Atouch64.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe [301624] [PID.2044]
[MD5.83BB030C71C9727DCFB2737005772C4E] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe [232264] [PID.1056]
[MD5.00989DE555FD3CDBFBBF0C720CB98478] - (.Gambali OEM Software - Pas de description.) -- C:\ProgramData\SmartPurple\Gambali.exe [1813680] [PID.2096] =>PUP.Gambali
[MD5.CC709FA63D5A536A2F8275C0CEA39070] - (.XTab system - ProtectSvc.exe.) -- C:\Program Files (x86)\XTab\ProtectService.exe [158816] [PID.2220]
[MD5.807FE1E77FFEE1E4BAA349B2CCD85B41] - (...) -- C:\Users\Proprietaire\AppData\Roaming\ABC95400-1430339194-81DF-3252-485B39406703\jnshDA38.tmp [114176] [PID.2604]
[MD5.F7B88F767A5DBC29C1FD37B1F4A6E9A5] - (.Pas de propriétaire - Application.) -- C:\ProgramData\SmartPurple\SmartPurple.exe [342016] [PID.2704]
[MD5.3ADDFB46B8F65D32C7138133A008FF5E] - (...) -- C:\Users\Proprietaire\AppData\Roaming\ABC95400-1430339194-81DF-3252-485B39406703\nso207.tmp [163328] [PID.2948]
[MD5.4635935FC972C582632BF45C26BFCB0E] - (...) -- C:\Windows\SysWOW64\srvany.exe [8192] [PID.2976]
[MD5.794D4B48DFB6E999537C7C3947863463] - (.Safer Networking Ltd. - Spybot-S&D Security Center integration.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368] [PID.3380]
[MD5.149126216A694E6BA84E92ECA77AAE3B] - (.ASUS - ATKOSD.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe [2488888] [PID.3480]
[MD5.4A7C441D99D86704D194E7678873B95D] - (.ASUS - WDC.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe [174648] [PID.3504]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Proprietaire\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 14 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com =>Hijacker.SmartBar
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com =>Hijacker.SmartBar
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.oursurfing.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oursurfing.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.com =>Hijacker.SmartBar
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.com =>Hijacker.SmartBar
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchUrl,Default = http://feed.snapdo.com =>Hijacker.SmartBar
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = http://www.qvo6.com =>Hijacker.Qvo6
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.oursurfing.com
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oursurfing.com
~ IE Browser: 25 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (23)
~ Hosts File: Scanned in 00mn 00s



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: 583e31c01eeb0132f0d1712b8d7ccf2e0064755 [64Bits] - {11111111-1111-1111-1111-110611471155} . (...) -- C:\Program Files (x86)\winservice86\winservice86-bho.dll (.not file.) =>PUP.CrossRider
O2 - BHO: IETabPage Class [64Bits] - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} . (.Thinknice Co. Limited - SupTab setup package.) -- C:\Program Files (x86)\XTab\SupTab.dll =>PUP.SupTab
~ BHO: 13 Legitimates Filtered in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Program [Public]: Webplayer.lnk . (...) -- C:\Program Files (x86)\Webplayer\Webplayer.exe =>Adware.SocialSkinz
O4 - GS\QuickLaunch [Proprietaire]: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\Proprietaire\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O4 - GS\QuickLaunch [Proprietaire]: Crossbrowse.lnk . (.Crossbrowse - Crossbrowse.) -- C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe =>PUP.CrossBrowse
O4 - GS\TaskBar [Proprietaire]: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\Proprietaire\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
~ Global Startup: 7 Legitimates Filtered in 00mn 01s



---\\ Applications lancées au démarrage du système (O4)
O4 - GS\Startup [Proprietaire]: crossbrowse.lnk . (.Crossbrowse - Crossbrowse.) -- C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe =>PUP.CrossBrowse
O4 - GS\Startup [Proprietaire]: hqghumeaylnlf.lnk . (.Super PC Tools Ltd - Fix PC problems and optimize performance.) -- C:\ProgramData\{e1846fcd-5f08-d495-e184-46fcd5f0bf35}\hqghumeaylnlf.exe =>PUP.SuperPCTools
O4 - GS\Startup [Proprietaire]: Of_FR-I3-OptimizerPro_chk_0_237.lnk . (.PC Utilities Software Limited - OptimizerPro – Clean up your PC.) -- C:\ProgramData\{30ba1e4c-e470-7546-30ba-a1e4ce477933}\Of_FR-I3-OptimizerPro_chk_0_237.exe =>PUP.OptimizerPro
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ETDWare] . (.ELAN Microelectronic Corp. - ETD Control Center.) -- C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- C:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKCU\..\Run: [Facebook Update] C:\Users\Proprietaire\AppData\Local\Facebook\Update\FacebookUpdate.exe (.not file.)
O4 - HKCU\..\Run: [BitTorrent] . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\Proprietaire\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O4 - HKCU\..\Run: [NextLive] . (.NewNextDotMe - NewNext Helper Engine.) -- C:\Users\Proprietaire\AppData\Roaming\newnext.me\nengine.dll =>PUP.NextLive
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Proprietaire\AppData\Local\Akamai\netsession_win.exe
O4 - HKCU\..\Run: [Clownfish] . (.Bogdan Sharkov - Clownfish for Skype.) -- C:\Program Files (x86)\Clownfish\Clownfish.exe
O4 - HKCU\..\Run: [ManyCam] . (.Visicom Media Inc. - ManyCam Virtual Webcam.) -- C:\Program Files (x86)\ManyCam\ManyCam.exe
O4 - HKCU\..\Run: [WindApp] C:\Users\Proprietaire\AppData\Roaming\Store\WindApp\WindApp.exe (.not file.) =>PUP.Nosibay
O4 - HKCU\..\Run: [Selection Tools] C:\Users\Proprietaire\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe (.not file.) =>PUP.Nosibay
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_E2A8721B832B77B47A1D4F17681D0BEE] . (.Crossbrowse - Crossbrowse.) -- C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe =>PUP.CrossBrowse
O4 - HKLM\..\Wow6432Node\Run: [HControlUser] . (.ASUS - HControlUser.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Wow6432Node\Run: [ATKOSD2] . (.ASUS - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Wow6432Node\Run: [MyStart Anti-phishing Domain Advisor] . (.Visicom Media Inc. - Anti-phishing Domain Advisor (Powered by Pa.) -- C:\ProgramData\MyStart Anti-phishing Domain Advisor\MyStart_antiphishing.exe =>Adware.VisicomAntiPhishing
O4 - HKLM\..\Wow6432Node\Run: [Search Protection] C:\ProgramData\Search Protection\SearchProtection.exe (.not file.) =>PUP.SearchProtect
O4 - HKLM\..\Wow6432Node\Run: [AnyProtect Scanner] C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe (.not file.) =>PUP.AnyProtect
O4 - HKLM\..\Wow6432Node\Run: [gmsd_fr_481] Clé orpheline =>PUP.CrossRider
O4 - HKLM\..\Wow6432Node\Run: [gmsd_fr_474] Clé orpheline =>PUP.CrossRider
O4 - HKLM\..\Wow6432Node\Run: [gmsd_fr_486] Clé orpheline =>PUP.CrossRider
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1149933176-4076447556-626080455-1000\..\Run: [Facebook Update] C:\Users\Proprietaire\AppData\Local\Facebook\Update\FacebookUpdate.exe (.not file.)
O4 - HKUS\S-1-5-21-1149933176-4076447556-626080455-1000\..\Run: [BitTorrent] . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\Proprietaire\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O4 - HKUS\S-1-5-21-1149933176-4076447556-626080455-1000\..\Run: [NextLive] . (.NewNextDotMe - NewNext Helper Engine.) -- C:\Users\Proprietaire\AppData\Roaming\newnext.me\nengine.dll =>PUP.NextLive
O4 - HKUS\S-1-5-21-1149933176-4076447556-626080455-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-1149933176-4076447556-626080455-1000\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Proprietaire\AppData\Local\Akamai\netsession_win.exe
O4 - HKUS\S-1-5-21-1149933176-4076447556-626080455-1000\..\Run: [Clownfish] . (.Bogdan Sharkov - Clownfish for Skype.) -- C:\Program Files (x86)\Clownfish\Clownfish.exe
O4 - HKUS\S-1-5-21-1149933176-4076447556-626080455-1000\..\Run: [ManyCam] . (.Visicom Media Inc. - ManyCam Virtual Webcam.) -- C:\Program Files (x86)\ManyCam\ManyCam.exe
O4 - HKUS\S-1-5-21-1149933176-4076447556-626080455-1000\..\Run: [WindApp] C:\Users\Proprietaire\AppData\Roaming\Store\WindApp\WindApp.exe (.not file.) =>PUP.Nosibay
O4 - HKUS\S-1-5-21-1149933176-4076447556-626080455-1000\..\Run: [Selection Tools] C:\Users\Proprietaire\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe (.not file.) =>PUP.Nosibay
O4 - HKUS\S-1-5-21-1149933176-4076447556-626080455-1000\..\Run: [GoogleChromeAutoLaunch_E2A8721B832B77B47A1D4F17681D0BEE] . (.Crossbrowse - Crossbrowse.) -- C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe =>PUP.CrossBrowse
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Skype Click to Call settings [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKCU\...\Domains] http.aeriagames.com
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{E345197B-156E-4C49-BCA0-25BE9AD2C5DA}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{E345197B-156E-4C49-BCA0-25BE9AD2C5DA}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{E345197B-156E-4C49-BCA0-25BE9AD2C5DA}: DhcpNameServer = 80.10.46.232 80.10.46.232
O17 - HKLM\System\CS2\Services\Tcpip\..\{E345197B-156E-4C49-BCA0-25BE9AD2C5DA}: DhcpDomain = orange-hotspot.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.Client Connect LTD - Search Protect.) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll =>PUP.SearchProtect
~ AppInit DLL: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Search Protect Service (CltMngSvc) . (.Client Connect LTD - Search Protect.) - C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe =>PUP.SearchProtect
O23 - Service: Gambali (Gambali) . (.Gambali OEM Software - Pas de description.) - C:\ProgramData\SmartPurple\Gambali.exe =>PUP.Gambali
O23 - Service: IHProtect Service (IHProtect Service) . (.XTab system - ProtectSvc.exe.) - C:\Program Files (x86)\XTab\ProtectService.exe =>Adware.AgentODR
O23 - Service: Storage MB (rorikewu) . (...) - C:\Users\Proprietaire\AppData\Roaming\ABC95400-1430339194-81DF-3252-485B39406703\jnshDA38.tmp
O23 - Service: SmartPurple (SmartPurple) . (.Pas de propriétaire - Application.) - C:\ProgramData\SmartPurple\SmartPurple.exe
O23 - Service: Colour Scheme Hit (tydomybi) . (...) - C:\Users\Proprietaire\AppData\Roaming\ABC95400-1430339194-81DF-3252-485B39406703\nso207.tmp
O23 - Service: Update GreyGray (Update GreyGray) . (...) - C:\Program Files (x86)\GreyGray\updateGreyGray.exe (.not file.) =>PUP.GreyGray
O23 - Service: WIN-srvGA (WIN-srvGA) . (...) - C:\Windows\SysWOW64\srvany.exe
~ Services: 12 Legitimates Filtered in 00mn 08s



---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [5aba926d-25d2-4a2f-9c93-178df6a11891-1] (...) -- C:\Program Files (x86)\winservice86\winservice86-codedownloader.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [5aba926d-25d2-4a2f-9c93-178df6a11891-11] (...) -- C:\Program Files (x86)\winservice86\5aba926d-25d2-4a2f-9c93-178df6a11891-11.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [5aba926d-25d2-4a2f-9c93-178df6a11891-4] (...) -- C:\Program Files (x86)\winservice86\5aba926d-25d2-4a2f-9c93-178df6a11891-4.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [5aba926d-25d2-4a2f-9c93-178df6a11891-5] (...) -- C:\Program Files (x86)\winservice86\5aba926d-25d2-4a2f-9c93-178df6a11891-5.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [5aba926d-25d2-4a2f-9c93-178df6a11891-5_user] (...) -- C:\Program Files (x86)\winservice86\5aba926d-25d2-4a2f-9c93-178df6a11891-5.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [5aba926d-25d2-4a2f-9c93-178df6a11891-6] (...) -- C:\Program Files (x86)\winservice86\5aba926d-25d2-4a2f-9c93-178df6a11891-6.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [5aba926d-25d2-4a2f-9c93-178df6a11891-7] (...) -- C:\Program Files (x86)\winservice86\5aba926d-25d2-4a2f-9c93-178df6a11891-7.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [6d04f2bb-633f-4e0a-a4b3-530b3b3da7b3] (...) -- C:\Program Files (x86)\winservice86\6d04f2bb-633f-4e0a-a4b3-530b3b3da7b3.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [721bec50-90c3-42e5-9ee9-a7a3f064a495] (...) -- C:\Program Files (x86)\winservice86\721bec50-90c3-42e5-9ee9-a7a3f064a495.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-1-6] (...) -- C:\Program Files (x86)\winservice86\a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-1-6.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-1-7] (...) -- C:\Program Files (x86)\winservice86\a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-1-7.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-10_user] (...) -- C:\Program Files (x86)\winservice86\a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-10.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-12] (...) -- C:\Program Files (x86)\winservice86\a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-12.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-5] (...) -- C:\Program Files (x86)\winservice86\a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-5.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-5_user] (...) -- C:\Program Files (x86)\winservice86\a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-5.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-6] (...) -- C:\Program Files (x86)\winservice86\a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-6.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-7] (...) -- C:\Program Files (x86)\winservice86\a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-7.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [a62014e3-bad8-4b48-bf82-9772a676629c-1] (...) -- C:\Program Files (x86)\winservice86\winservice86-codedownloader.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [a62014e3-bad8-4b48-bf82-9772a676629c-11] (...) -- C:\Program Files (x86)\winservice86\a62014e3-bad8-4b48-bf82-9772a676629c-11.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [a62014e3-bad8-4b48-bf82-9772a676629c-4] (...) -- C:\Program Files (x86)\winservice86\a62014e3-bad8-4b48-bf82-9772a676629c-4.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [a62014e3-bad8-4b48-bf82-9772a676629c-5] (...) -- C:\Program Files (x86)\winservice86\a62014e3-bad8-4b48-bf82-9772a676629c-5.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [a62014e3-bad8-4b48-bf82-9772a676629c-5_user] (...) -- C:\Program Files (x86)\winservice86\a62014e3-bad8-4b48-bf82-9772a676629c-5.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [a62014e3-bad8-4b48-bf82-9772a676629c-6] (...) -- C:\Program Files (x86)\winservice86\a62014e3-bad8-4b48-bf82-9772a676629c-6.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [a62014e3-bad8-4b48-bf82-9772a676629c-7] (...) -- C:\Program Files (x86)\winservice86\a62014e3-bad8-4b48-bf82-9772a676629c-7.exe (.not file.) [0] =>PUP.CrossRider
[MD5.1010B0553A030B4EBC0D0C00DD9B52D5] [APT] [ad7f33aa-5b98-444f-bb11-17bb5c480c66] (.Corporate Inc.) -- C:\Program Files (x86)\winservice86\ad7f33aa-5b98-444f-bb11-17bb5c480c66.exe [373152] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [APSnotifierPP1] (...) -- C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe (.not file.) [0] =>PUP.AnyProtect
[MD5.00000000000000000000000000000000] [APT] [APSnotifierPP2] (...) -- C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe (.not file.) [0] =>PUP.AnyProtect
[MD5.00000000000000000000000000000000] [APT] [APSnotifierPP3] (...) -- C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe (.not file.) [0] =>PUP.AnyProtect
[MD5.A2A78C3C6C9E03733B0668079710FFF4] [APT] [avaavaevy] (...) -- C:\Users\Proprietaire\AppData\Local\avaavaevy\avaavaevy.exe [2135552] =>PUP.SearchProtect
[MD5.00000000000000000000000000000000] [APT] [avaavaxvyy] (...) -- C:\Users\Proprietaire\AppData\Local\avaavaxvyy\avaavaxvyy.exe (.not file.) [0] =>Adware.Pirrit
[MD5.00000000000000000000000000000000] [APT] [avaavxvyex] (...) -- C:\Users\Proprietaire\AppData\Local\avaavxvyex\avaavxvyex.exe (.not file.) [0] =>Adware.Pirrit
[MD5.00000000000000000000000000000000] [APT] [avaxvbxvgx] (...) -- C:\Users\Proprietaire\AppData\Local\avaxvbxvgx\avaxvbxvgx.exe (.not file.) [0] =>Adware.Pirrit
[MD5.A0BB20D973618C5A4D8F5B768114672F] [APT] [avayvaxvaa] (...) -- C:\Users\Proprietaire\AppData\Local\avayvaxvaa\avayvaxvaa.exe [2132992] =>Adware.Pirrit
[MD5.BB17BCF355B790BF81670C0CA87BA2EC] [APT] [avayvaxxvae] (...) -- C:\Users\Proprietaire\AppData\Local\avayvaxxvae\avayvaxxvae.exe [2136064] =>Adware.Pirrit
[MD5.0C933868B86589BCF344E115E25A23DF] [APT] [avayvxvaxc] (...) -- C:\Users\Proprietaire\AppData\Local\avayvxvaxc\avayvxvaxc.exe [2562048] =>Adware.Pirrit
[MD5.C34968C46A99BBD6248D30F9F1B778C2] [APT] [BoxSoftwareUpdate] (...) -- C:\ProgramData\BoxUpdChk\updchk.exe [177152] =>PUP.SoftwareUp
[MD5.00000000000000000000000000000000] [APT] [cbd6b99d-5071-4681-815b-5687dc2cf47f-1-6] (...) -- C:\Program Files (x86)\winservice86\cbd6b99d-5071-4681-815b-5687dc2cf47f-1-6.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [cbd6b99d-5071-4681-815b-5687dc2cf47f-1-7] (...) -- C:\Program Files (x86)\winservice86\cbd6b99d-5071-4681-815b-5687dc2cf47f-1-7.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [cbd6b99d-5071-4681-815b-5687dc2cf47f-10_user] (...) -- C:\Program Files (x86)\winservice86\cbd6b99d-5071-4681-815b-5687dc2cf47f-10.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [cbd6b99d-5071-4681-815b-5687dc2cf47f-12] (...) -- C:\Program Files (x86)\winservice86\cbd6b99d-5071-4681-815b-5687dc2cf47f-12.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [cbd6b99d-5071-4681-815b-5687dc2cf47f-5] (...) -- C:\Program Files (x86)\winservice86\cbd6b99d-5071-4681-815b-5687dc2cf47f-5.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [cbd6b99d-5071-4681-815b-5687dc2cf47f-5_user] (...) -- C:\Program Files (x86)\winservice86\cbd6b99d-5071-4681-815b-5687dc2cf47f-5.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [cbd6b99d-5071-4681-815b-5687dc2cf47f-6] (...) -- C:\Program Files (x86)\winservice86\cbd6b99d-5071-4681-815b-5687dc2cf47f-6.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [cbd6b99d-5071-4681-815b-5687dc2cf47f-7] (...) -- C:\Program Files (x86)\winservice86\cbd6b99d-5071-4681-815b-5687dc2cf47f-7.exe (.not file.) [0] =>PUP.CrossRider
[MD5.4E7CE9FC67C17A24DFA08C7AF560A1F9] [APT] [Crossbrowse] (...) -- C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe [1818200] =>PUP.CrossBrowse
[MD5.00000000000000000000000000000000] [APT] [Digital Sites] (...) -- C:\Users\Proprietaire\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>Hijacker.DSite
[MD5.00000000000000000000000000000000] [APT] [DoctorPC_Popup] (...) -- C:\Program Files (x86)\Doctor PC\Splash.exe (.not file.) [0] =>PUP.DoctorPC
[MD5.00000000000000000000000000000000] [APT] [DoctorPC_Start] (...) -- C:\Program Files (x86)\Doctor PC\DoctorPC.exe (.not file.) [0] =>PUP.DoctorPC
[MD5.3A1D89B89C9D62951957F0839578DD9B] [APT] [F50UH3fClJb6mMFuOmWePy8RI] (...) -- C:\Users\Proprietaire\AppData\Roaming\F50UH3fClJb6mMFuOmWePy8RI.exe [1579520]
[MD5.3A1D89B89C9D62951957F0839578DD9B] [APT] [iiJKwi6iO47FgqA7JBuz] (...) -- C:\Users\Proprietaire\AppData\Roaming\iiJKwi6iO47FgqA7JBuz.exe [1579520]
[MD5.00000000000000000000000000000000] [APT] [LaunchPreSignup] (...) -- C:\Program Files (x86)\OLBPre\OLBPre.exe (.not file.) [0] =>PUP.MyPCBackup
[MD5.00000000000000000000000000000000] [APT] [LaunchSignup] (...) -- C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe (.not file.) [0] =>PUP.MyPCBackup
[MD5.00000000000000000000000000000000] [APT] [MaxComputerCleaner_Start] (...) -- C:\Program Files (x86)\Max Computer Cleaner\MaxComputerCleaner.exe (.not file.) [0]
[MD5.9986A45EAC29A2BF7381D658350A6D85] [APT] [n1cgGqDKvSTAz6p] (...) -- C:\Users\Proprietaire\AppData\Roaming\iz2l7tY\3hNkAfr.exe [7496]
[MD5.00000000000000000000000000000000] [APT] [Pricora 2.0-chromeinstaller] (...) -- C:\Program Files (x86)\Pricora 2.0\Pricora 2.0-chromeinstaller.exe (.not file.) [0] =>Adware.Pricora
[MD5.00000000000000000000000000000000] [APT] [Pricora 2.0-codedownloader] (...) -- C:\Program Files (x86)\Pricora 2.0\Pricora 2.0-codedownloader.exe (.not file.) [0] =>Adware.Pricora
[MD5.00000000000000000000000000000000] [APT] [Pricora 2.0-enabler] (...) -- C:\Program Files (x86)\Pricora 2.0\Pricora 2.0-enabler.exe (.not file.) [0] =>Adware.Pricora
[MD5.00000000000000000000000000000000] [APT] [Pricora 2.0-firefoxinstaller] (...) -- C:\Program Files (x86)\Pricora 2.0\Pricora 2.0-firefoxinstaller.exe (.not file.) [0] =>Adware.Pricora
[MD5.00000000000000000000000000000000] [APT] [Pricora 2.0-updater] (...) -- C:\Program Files (x86)\Pricora 2.0\Pricora 2.0-updater.exe (.not file.) [0] =>Adware.Pricora
[MD5.00000000000000000000000000000000] [APT] [ProPCCleaner_Popup] (...) -- C:\Program Files (x86)\Pro PC Cleaner\Splash.exe (.not file.) [0] =>PUP.DoctorPC
[MD5.00000000000000000000000000000000] [APT] [ProPCCleaner_Start] (...) -- C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe (.not file.) [0] =>PUP.DoctorPC
[MD5.7A89177D2D3163773748AC335C0EFE73] [APT] [Rocket Updater] (...) -- C:\Users\Proprietaire\AppData\Roaming\ROCKET~1\UPDATE~1\UPDATE~1.exe [95232] =>PUP.RockTurner
[MD5.092689149C24F71D74A3076CCF92132D] [APT] [SaveSense] (...) -- C:\Users\Proprietaire\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.exe [195072] =>PUP.CrossRider
[MD5.54B01132240C2352E8F6F327833CC6CC] [APT] [StartPoint] (.Pay By Ads LTD.) -- C:\Program Files (x86)\StartPoint\startpoint\1.3.23.0\startpoint.exe [644376] =>PUP.StartPoint
[MD5.3D2C74662F19D1B1F795991CF89C1EC0] [APT] [StartPoint Updater] (.Pay By Ads LTD.) -- C:\Program Files (x86)\StartPoint\startpoint\1.3.23.0\startup.exe [448280] =>PUP.StartPoint
[MD5.D7EA62FFD7DE85440D4A843DB6854368] [APT] [TaskUserUpdate_wp] (...) -- C:\Users\Proprietaire\AppData\Roaming\~lhnwmbp.exe [492208] =>PUP.WpManager
[MD5.00000000000000000000000000000000] [APT] [temp_b0a5a83e-48d6-4747-b918-a68e5d09e50a-1-6] (...) -- C:\Program Files (x86)\winservice86\b0a5a83e-48d6-4747-b918-a68e5d09e50a-1-6.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [temp_b0a5a83e-48d6-4747-b918-a68e5d09e50a-6] (...) -- C:\Program Files (x86)\winservice86\b0a5a83e-48d6-4747-b918-a68e5d09e50a-6.exe (.not file.) [0] =>PUP.CrossRider
[MD5.90E36865A87406BFDEBB89F9A07103F6] [APT] [vXQyWSotLQddX8P] (...) -- C:\Users\Proprietaire\AppData\Roaming\zqTzBtX\wB0BIYL.exe [39752]
[MD5.BD2B3806854FEE15E76CB2CE662028DA] [APT] [WIN-fdfEfEfAfC] (...) -- C:\Users\Proprietaire\AppData\Roaming\~ecdjdbt.exe [667648]
[MD5.7FEB50B8DC6F2F2AAE77F8E3451A2531] [APT] [WIN-GGfIfEGCfEGbGffIfCfEGC] (...) -- C:\Users\Proprietaire\AppData\Roaming\~mlyyiwp.exe [667648]
[MD5.1F43457D589ACEE3C6C56ED78381C3DB] [APT] [z8PGFk9g4iSQbJj] (...) -- C:\Users\Proprietaire\AppData\Roaming\miF5GMs\7Q1R6cL.exe [31560]
[MD5.00000000000000000000000000000000] [APT] [{24AFE595-2E06-407C-8CE6-0CA0A0B1956A}] (...) -- D:\Proprietaire\Downloads\Big City Adventure Sydneyé Australia\Big City Adventure - Sydney Australia.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{2FC3F03E-5860-4FF6-90CD-5EDCD3FDB7D4}] (...) -- C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe (.not file.) [0]
[MD5.1087BE1ED3E4CF8BAC3DFB8BCF76FACF] [APT] [{AE757508-2AE5-4DFB-A9F0-901B1EDACF28}] (.Skytech Co., Ltd..) -- C:\Users\Proprietaire\AppData\Roaming\omiga-plus\UninstallManager.exe [1891840] =>Hijacker.OmigaPlus
[MD5.00000000000000000000000000000000] [APT] [{E09CA9D3-0893-44CA-8B30-C4E300A69A2A}] (...) -- C:\Users\Proprietaire\AppData\Roaming\oursurfing\UninstallManager.exe (.not file.) [0]
[MD5.EDD1DA5AAD33F412BB29D7FBF8E17CE2] [APT] [{F4590320-1FC8-4865-A50E-3528858E83DC}] (.Client Connect LTD.) -- C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe [240400] =>PUP.SearchProtect
[MD5.00000000000000000000000000000000] [APT] [{F939C63E-881C-4B08-BEA3-02B4A0398AC6}] (...) -- D:\Proprietaire\Downloads\Big City Adventure Sydneyé Australia\Big City Adventure - Sydney Australia.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{FD07FF09-C9E2-4701-9C5C-B2C64507A8A7}] (...) -- C:\Users\Proprietaire\AppData\Roaming\oursurfing\UninstallManager.exe (.not file.) [0]
[MD5.C1948DD9CC3599A76EF15080280E49E8] [APT] [{FDAE8E2D-EEF1-4A38-8568-F85AB8C02F44}] (...) -- C:\Users\Proprietaire\AppData\Roaming\.minecraft\minecraft launcher\Uninstall.exe [69266]
O39 - APT: 5aba926d-25d2-4a2f-9c93-178df6a11891-1 - (...) -- C:\Windows\Tasks\5aba926d-25d2-4a2f-9c93-178df6a11891-1.job [2764] =>PUP.CrossRider
O39 - APT: 5aba926d-25d2-4a2f-9c93-178df6a11891-1 - (...) -- C:\Windows\System32\Tasks\5aba926d-25d2-4a2f-9c93-178df6a11891-1 [2764] =>PUP.CrossRider
O39 - APT: 5aba926d-25d2-4a2f-9c93-178df6a11891-11 - (...) -- C:\Windows\Tasks\5aba926d-25d2-4a2f-9c93-178df6a11891-11.job [4492] =>PUP.CrossRider
O39 - APT: 5aba926d-25d2-4a2f-9c93-178df6a11891-11 - (...) -- C:\Windows\System32\Tasks\5aba926d-25d2-4a2f-9c93-178df6a11891-11 [4492] =>PUP.CrossRider
O39 - APT: 5aba926d-25d2-4a2f-9c93-178df6a11891-4 - (...) -- C:\Windows\Tasks\5aba926d-25d2-4a2f-9c93-178df6a11891-4.job [3466] =>PUP.CrossRider
O39 - APT: 5aba926d-25d2-4a2f-9c93-178df6a11891-4 - (...) -- C:\Windows\System32\Tasks\5aba926d-25d2-4a2f-9c93-178df6a11891-4 [3466] =>PUP.CrossRider
O39 - APT: 5aba926d-25d2-4a2f-9c93-178df6a11891-5 - (...) -- C:\Windows\Tasks\5aba926d-25d2-4a2f-9c93-178df6a11891-5.job [2442] =>PUP.CrossRider
O39 - APT: 5aba926d-25d2-4a2f-9c93-178df6a11891-5 - (...) -- C:\Windows\System32\Tasks\5aba926d-25d2-4a2f-9c93-178df6a11891-5 [2442] =>PUP.CrossRider
O39 - APT: 5aba926d-25d2-4a2f-9c93-178df6a11891-5_user - (...) -- C:\Windows\Tasks\5aba926d-25d2-4a2f-9c93-178df6a11891-5_user.job [2442] =>PUP.CrossRider
O39 - APT: 5aba926d-25d2-4a2f-9c93-178df6a11891-5_user - (...) -- C:\Windows\System32\Tasks\5aba926d-25d2-4a2f-9c93-178df6a11891-5_user [2442] =>PUP.CrossRider
O39 - APT: 5aba926d-25d2-4a2f-9c93-178df6a11891-6 - (...) -- C:\Windows\Tasks\5aba926d-25d2-4a2f-9c93-178df6a11891-6.job [3466] =>PUP.CrossRider
O39 - APT: 5aba926d-25d2-4a2f-9c93-178df6a11891-6 - (...) -- C:\Windows\System32\Tasks\5aba926d-25d2-4a2f-9c93-178df6a11891-6 [3466] =>PUP.CrossRider
O39 - APT: 5aba926d-25d2-4a2f-9c93-178df6a11891-7 - (...) -- C:\Windows\Tasks\5aba926d-25d2-4a2f-9c93-178df6a11891-7.job [3130] =>PUP.CrossRider
O39 - APT: 5aba926d-25d2-4a2f-9c93-178df6a11891-7 - (...) -- C:\Windows\System32\Tasks\5aba926d-25d2-4a2f-9c93-178df6a11891-7 [3130] =>PUP.CrossRider
O39 - APT: 6d04f2bb-633f-4e0a-a4b3-530b3b3da7b3 - (...) -- C:\Windows\Tasks\6d04f2bb-633f-4e0a-a4b3-530b3b3da7b3.job [626]
O39 - APT: 6d04f2bb-633f-4e0a-a4b3-530b3b3da7b3 - (...) -- C:\Windows\System32\Tasks\6d04f2bb-633f-4e0a-a4b3-530b3b3da7b3 [626]
O39 - APT: 721bec50-90c3-42e5-9ee9-a7a3f064a495 - (...) -- C:\Windows\Tasks\721bec50-90c3-42e5-9ee9-a7a3f064a495.job [1460]
O39 - APT: 721bec50-90c3-42e5-9ee9-a7a3f064a495 - (...) -- C:\Windows\System32\Tasks\721bec50-90c3-42e5-9ee9-a7a3f064a495 [1460]
O39 - APT: a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-1-6 - (...) -- C:\Windows\Tasks\a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-1-6.job [3134]
O39 - APT: a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-1-6 - (...) -- C:\Windows\System32\Tasks\a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-1-6 [3134]
O39 - APT: a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-1-7 - (...) -- C:\Windows\Tasks\a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-1-7.job [3470]
O39 - APT: a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-1-7 - (...) -- C:\Windows\System32\Tasks\a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-1-7 [3470]
O39 - APT: a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-10_user - (...) -- C:\Windows\Tasks\a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-10_user.job [2108]
O39 - APT: a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-10_user - (...) -- C:\Windows\System32\Tasks\a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-10_user [2108]
O39 - APT: a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-12 - (...) -- C:\Windows\Tasks\a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-12.job [4120]
O39 - APT: a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-12 - (...) -- C:\Windows\System32\Tasks\a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-12 [4120]
O39 - APT: a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-5 - (...) -- C:\Windows\Tasks\a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-5.job [2442] =>PUP.CrossRider
O39 - APT: a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-5 - (...) -- C:\Windows\System32\Tasks\a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-5 [2442] =>PUP.CrossRider
O39 - APT: a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-5_user - (...) -- C:\Windows\Tasks\a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-5_user.job [2442] =>PUP.CrossRider
O39 - APT: a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-5_user - (...) -- C:\Windows\System32\Tasks\a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-5_user [2442] =>PUP.CrossRider
O39 - APT: a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-6 - (...) -- C:\Windows\Tasks\a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-6.job [5514] =>PUP.CrossRider
O39 - APT: a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-6 - (...) -- C:\Windows\System32\Tasks\a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-6 [5514] =>PUP.CrossRider
O39 - APT: a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-7 - (...) -- C:\Windows\Tasks\a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-7.job [5178] =>PUP.CrossRider
O39 - APT: a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-7 - (...) -- C:\Windows\System32\Tasks\a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-7 [5178] =>PUP.CrossRider
O39 - APT: a62014e3-bad8-4b48-bf82-9772a676629c-1 - (...) -- C:\Windows\Tasks\a62014e3-bad8-4b48-bf82-9772a676629c-1.job [3108] =>PUP.CrossRider
O39 - APT: a62014e3-bad8-4b48-bf82-9772a676629c-1 - (...) -- C:\Windows\System32\Tasks\a62014e3-bad8-4b48-bf82-9772a676629c-1 [3108] =>PUP.CrossRider
O39 - APT: a62014e3-bad8-4b48-bf82-9772a676629c-11 - (...) -- C:\Windows\Tasks\a62014e3-bad8-4b48-bf82-9772a676629c-11.job [5180] =>PUP.CrossRider
O39 - APT: a62014e3-bad8-4b48-bf82-9772a676629c-11 - (...) -- C:\Windows\System32\Tasks\a62014e3-bad8-4b48-bf82-9772a676629c-11 [5180] =>PUP.CrossRider
O39 - APT: a62014e3-bad8-4b48-bf82-9772a676629c-4 - (...) -- C:\Windows\Tasks\a62014e3-bad8-4b48-bf82-9772a676629c-4.job [4154] =>PUP.CrossRider
O39 - APT: a62014e3-bad8-4b48-bf82-9772a676629c-4 - (...) -- C:\Windows\System32\Tasks\a62014e3-bad8-4b48-bf82-9772a676629c-4 [4154] =>PUP.CrossRider
O39 - APT: a62014e3-bad8-4b48-bf82-9772a676629c-5 - (...) -- C:\Windows\Tasks\a62014e3-bad8-4b48-bf82-9772a676629c-5.job [2442] =>PUP.CrossRider
O39 - APT: a62014e3-bad8-4b48-bf82-9772a676629c-5 - (...) -- C:\Windows\System32\Tasks\a62014e3-bad8-4b48-bf82-9772a676629c-5 [2442] =>PUP.CrossRider
O39 - APT: a62014e3-bad8-4b48-bf82-9772a676629c-5_user - (...) -- C:\Windows\Tasks\a62014e3-bad8-4b48-bf82-9772a676629c-5_user.job [2442] =>PUP.CrossRider
O39 - APT: a62014e3-bad8-4b48-bf82-9772a676629c-5_user - (...) -- C:\Windows\System32\Tasks\a62014e3-bad8-4b48-bf82-9772a676629c-5_user [2442] =>PUP.CrossRider
O39 - APT: a62014e3-bad8-4b48-bf82-9772a676629c-6 - (...) -- C:\Windows\Tasks\a62014e3-bad8-4b48-bf82-9772a676629c-6.job [4154] =>PUP.CrossRider
O39 - APT: a62014e3-bad8-4b48-bf82-9772a676629c-6 - (...) -- C:\Windows\System32\Tasks\a62014e3-bad8-4b48-bf82-9772a676629c-6 [4154] =>PUP.CrossRider
O39 - APT: a62014e3-bad8-4b48-bf82-9772a676629c-7 - (...) -- C:\Windows\Tasks\a62014e3-bad8-4b48-bf82-9772a676629c-7.job [3810] =>PUP.CrossRider
O39 - APT: a62014e3-bad8-4b48-bf82-9772a676629c-7 - (...) -- C:\Windows\System32\Tasks\a62014e3-bad8-4b48-bf82-9772a676629c-7 [3810] =>PUP.CrossRider
O39 - APT: ad7f33aa-5b98-444f-bb11-17bb5c480c66 - (.Corporate Inc.) -- C:\Windows\Tasks\ad7f33aa-5b98-444f-bb11-17bb5c480c66.job [1424] =>PUP.CrossRider
O39 - APT: ad7f33aa-5b98-444f-bb11-17bb5c480c66 - (.Corporate Inc.) -- C:\Windows\System32\Tasks\ad7f33aa-5b98-444f-bb11-17bb5c480c66 [1424] =>PUP.CrossRider
O39 - APT: APSnotifierPP1 - (...) -- C:\Windows\Tasks\APSnotifierPP1.job [378] =>PUP.AnyProtect
O39 - APT: APSnotifierPP1 - (...) -- C:\Windows\System32\Tasks\APSnotifierPP1 [378] =>PUP.AnyProtect
O39 - APT: APSnotifierPP2 - (...) -- C:\Windows\Tasks\APSnotifierPP2.job [376] =>PUP.AnyProtect
O39 - APT: APSnotifierPP2 - (...) -- C:\Windows\System32\Tasks\APSnotifierPP2 [376] =>PUP.AnyProtect
O39 - APT: APSnotifierPP3 - (...) -- C:\Windows\Tasks\APSnotifierPP3.job [376] =>PUP.AnyProtect
O39 - APT: APSnotifierPP3 - (...) -- C:\Windows\System32\Tasks\APSnotifierPP3 [376] =>PUP.AnyProtect
O39 - APT: Crossbrowse - (...) -- C:\Windows\Tasks\Crossbrowse.job [1070] =>PUP.CrossBrowse
O39 - APT: Crossbrowse - (...) -- C:\Windows\System32\Tasks\Crossbrowse [1070] =>PUP.CrossBrowse
O39 - APT: Digital Sites - (...) -- C:\Windows\Tasks\Digital Sites.job [312] =>Hijacker.DSite
O39 - APT: Digital Sites - (...) -- C:\Windows\System32\Tasks\Digital Sites [312] =>Hijacker.DSite
O39 - APT: F50UH3fClJb6mMFuOmWePy8RI - (...) -- C:\Windows\Tasks\F50UH3fClJb6mMFuOmWePy8RI.job [1050]
O39 - APT: F50UH3fClJb6mMFuOmWePy8RI - (...) -- C:\Windows\System32\Tasks\F50UH3fClJb6mMFuOmWePy8RI [1050]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1149933176-4076447556-626080455-1000Core [934]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1149933176-4076447556-626080455-1000UA [956]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]
O39 - APT: iiJKwi6iO47FgqA7JBuz - (...) -- C:\Windows\Tasks\iiJKwi6iO47FgqA7JBuz.job [1040]
O39 - APT: iiJKwi6iO47FgqA7JBuz - (...) -- C:\Windows\System32\Tasks\iiJKwi6iO47FgqA7JBuz [1040]
O39 - APT: Pricora 2.0-chromeinstaller - (...) -- C:\Windows\Tasks\Pricora 2.0-chromeinstaller.job [3106] =>PUP.CrossRider
O39 - APT: Pricora 2.0-chromeinstaller - (...) -- C:\Windows\System32\Tasks\Pricora 2.0-chromeinstaller [3106] =>PUP.CrossRider
O39 - APT: Pricora 2.0-codedownloader - (...) -- C:\Windows\Tasks\Pricora 2.0-codedownloader.job [1478] =>PUP.CrossRider
O39 - APT: Pricora 2.0-codedownloader - (...) -- C:\Windows\System32\Tasks\Pricora 2.0-codedownloader [1478] =>PUP.CrossRider
O39 - APT: Pricora 2.0-enabler - (...) -- C:\Windows\Tasks\Pricora 2.0-enabler.job [1356] =>PUP.CrossRider
O39 - APT: Pricora 2.0-enabler - (...) -- C:\Windows\System32\Tasks\Pricora 2.0-enabler [1356] =>PUP.CrossRider
O39 - APT: Pricora 2.0-firefoxinstaller - (...) -- C:\Windows\Tasks\Pricora 2.0-firefoxinstaller.job [2298] =>PUP.CrossRider
O39 - APT: Pricora 2.0-firefoxinstaller - (...) -- C:\Windows\System32\Tasks\Pricora 2.0-firefoxinstaller [2298] =>PUP.CrossRider
O39 - APT: Pricora 2.0-updater - (...) -- C:\Windows\Tasks\Pricora 2.0-updater.job [2402] =>PUP.CrossRider
O39 - APT: Pricora 2.0-updater - (...) -- C:\Windows\System32\Tasks\Pricora 2.0-updater [2402] =>PUP.CrossRider
O39 - APT: Rocket Updater - (...) -- C:\Windows\Tasks\Rocket Updater.job [312] =>PUP.RockTurner
O39 - APT: Rocket Updater - (...) -- C:\Windows\System32\Tasks\Rocket Updater [312] =>PUP.RockTurner
O39 - APT: SaveSense - (...) -- C:\Windows\Tasks\SaveSense.job [312] =>Hijacker.iHaveNet
O39 - APT: SaveSense - (...) -- C:\Windows\System32\Tasks\SaveSense [312] =>PUP.CrossRider
~ Scheduled Task: 180 Legitimates Filtered in 00mn 06s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (cfjcyaks) . (. - .) - C:\Windows\system32\drivers\cfjcyaks.sys (.not file.)
O41 - Driver: (innfd_1_10_0_14) . (. - .) - C:\Windows\System32\drivers\innfd_1_10_0_14.sys (.not file.)
~ Drivers: 72 Legitimates Filtered in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: Crossbrowse - (.The Crossbrowse Authors.) [HKLM][64Bits] -- Crossbrowse =>PUP.CrossBrowse
O42 - Logiciel: Deeal - (.Kreapixel inc..) [HKLM][64Bits] -- Deeal =>PUP.DeealFr
O42 - Logiciel: FileParade bundle uninstaller - (.FileParade.) [HKLM][64Bits] -- FileParade bundle uninstaller =>PUP.FileParadeBundle
O42 - Logiciel: Search Protect - (.Client Connect LTD.) [HKLM][64Bits] -- SearchProtect =>PUP.SearchProtect
O42 - Logiciel: SmartPurple - (...) [HKLM][64Bits] -- SmartPurple
O42 - Logiciel: Webplayer - (.Kreapixel.) [HKLM][64Bits] -- {F750DB0E-D452-3108-63C9-FE16BC686741} =>Adware.SocialSkinz
~ Logic: 32 Legitimates Filtered in 00mn 02s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN PIP]
[HKCU\Software\AnyProtect] =>PUP.AnyProtect
[HKCU\Software\ArenaHD] =>PUP.CrossRider
[HKCU\Software\Boneloaf]
[HKCU\Software\Boxore] =>Adware.Boxore
[HKCU\Software\CinemaPlus-3.2cV29.04-nv-ie] =>PUP.CrossRider
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\CrossBrowser] =>PUP.CrossBrowser
[HKCU\Software\Crossbrowse] =>PUP.CrossBrowse
[HKCU\Software\DoctorPCConfig]
[HKCU\Software\DoctorPCLanguage]
[HKCU\Software\Duuqu] =>PUP.Duuqu
[HKCU\Software\F50UH3fClJb6mMFuOmWePy8RI]
[HKCU\Software\FileAdvisor]
[HKCU\Software\FixKorea]
[HKCU\Software\Freejam]
[HKCU\Software\HQVideo_7.1dV29.04-nv-ie]
[HKCU\Software\HighDefAction] =>PUP.CrossRider
[HKCU\Software\IM]
[HKCU\Software\Iminent] =>Adware.IMBooster
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\InstalledBrowserExtensions] =>PUP.BrowserExtensions
[HKCU\Software\InstalledThirdPartyPrograms]
[HKCU\Software\Linkey] =>PUP.LinkeySearch
[HKCU\Software\MaxComputerCleanerLanguage]
[HKCU\Software\NLDT]
[HKCU\Software\OB]
[HKCU\Software\Rocket Browser] =>PUP.RockTurner
[HKCU\Software\RocketUpdater] =>PUP.RockTurner
[HKCU\Software\SaveSenseLive] =>PUP.CrossRider
[HKCU\Software\SaveSense] =>PUP.CrossRider
[HKCU\Software\Smartbar] =>Hijacker.SmartBar
[HKCU\Software\Smartly Dressed Games]
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\Store] =>PUP.Nosibay
[HKCU\Software\Super Optimizer] =>PUP.SuperOptimizer
[HKCU\Software\TutoTag] =>PUP.AgenceExclusive
[HKCU\Software\WTools] =>PUP.Nosibay
[HKCU\Software\YorkNewCin] =>PUP.CrossRider
[HKCU\Software\iLivid] =>Adware.Bandoo
[HKCU\Software\iiJKwi6iO47FgqA7JBuz]
[HKCU\Software\lollipop] =>Adware.Lollipop
[HKCU\Software\winservice86-nv-ie] =>PUP.CrossRider
[HKLM\Software\ArenaHD] =>PUP.CrossRider
[HKLM\Software\DomaIQ] =>Adware.DomaIQ
[HKLM\Software\HighDefAction] =>PUP.CrossRider
[HKLM\Software\InstalledThirdPartyPrograms]
[HKLM\Software\SmartPurpleConf]
[HKLM\Software\WebBar] =>PUP.WebBar
[HKLM\Software\Wow6432Node\36c54063-462c-201a-69dc-e3561c9ffdca] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\433fd46f-0349-4552-8b1b-5fb005415d20] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\4d22abd1-a7e5-4b21-ab85-cfcc03fa623b] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\937610c9-5ad7-4acf-a425-13f8a15c563b] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\971bbd6c-f848-4ae2-9434-b893b6d0f4f1] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\ArenaHD] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Boxore] =>Adware.Boxore
[HKLM\Software\Wow6432Node\Duuqu] =>PUP.Duuqu
[HKLM\Software\Wow6432Node\Feven 1.7] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\HighDefAction] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Infonaut_1.10.0.14] =>PUP.Infonaut
[HKLM\Software\Wow6432Node\Pro PC Cleaner] =>PUP.DoctorPC
[HKLM\Software\Wow6432Node\SP Global] =>PUP.AdvancedSystemProtector
[HKLM\Software\Wow6432Node\SPPDCOM] =>Rogue.PCSpeedUp
[HKLM\Software\Wow6432Node\SaveSenseLive] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\SmartPurpleConf]
[HKLM\Software\Wow6432Node\SupDp] =>PUP.SupTab
[HKLM\Software\Wow6432Node\SystemK] =>PUP.SystemK
[HKLM\Software\Wow6432Node\Tutorials] =>PUP.AgenceExclusive
[HKLM\Software\Wow6432Node\WinU]
[HKLM\Software\Wow6432Node\YorkNewCin] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\d9134df2-3e89-48db-896f-4bdbdd26724b] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager
[HKLM\Software\Wow6432Node\troll]
[HKLM\Software\YorkNewCin] =>PUP.CrossRider
~ Key Software: 345 Legitimates Filtered in 00mn 02s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 01/03/2015 - 20:44:30 - [] ----D C:\Program Files (x86)\732c5602-885d-4b9d-9083-372cdd2690b0
O43 - CFD: 27/01/2015 - 22:11:52 - [] ----D C:\Program Files (x86)\AskPartnerNetwork =>Toolbar.AskBar
O43 - CFD: 29/04/2015 - 22:24:53 - [] ----D C:\Program Files (x86)\Crossbrowse =>PUP.CrossBrowse
O43 - CFD: 28/08/2014 - 18:50:54 - [] ----D C:\Program Files (x86)\Deeal =>PUP.DeealFr
O43 - CFD: 27/12/2013 - 11:35:19 - [] ----D C:\Program Files (x86)\Duuqu =>PUP.Duuqu
O43 - CFD: 02/03/2015 - 01:49:47 - [] ----D C:\Program Files (x86)\Movies App =>PUP.CrossRider
O43 - CFD: 28/12/2013 - 10:28:55 - [0] ----D C:\Program Files (x86)\PSupport
O43 - CFD: 27/12/2013 - 11:40:19 - [] ----D C:\Program Files (x86)\SaveSenseLive =>PUP.CrossRider
O43 - CFD: 27/12/2013 - 11:16:50 - [0] ----D C:\Program Files (x86)\ShoppingChip =>Adware.ShoppingChip
O43 - CFD: 08/03/2014 - 15:35:23 - [] ----D C:\Program Files (x86)\TF2 lan edition
O43 - CFD: 24/04/2015 - 09:06:26 - [] ----D C:\Program Files (x86)\winservice86 =>PUP.CrossRider
O43 - CFD: 30/04/2015 - 10:42:27 - [] ----D C:\Program Files (x86)\XTab
O43 - CFD: 25/03/2015 - 21:11:32 - [] ----D C:\ProgramData\05aaabf9150243ab97605a4c8a7b05cd
O43 - CFD: 27/12/2013 - 11:16:50 - [] ----D C:\ProgramData\20dbaee1f035ba7f
O43 - CFD: 16/04/2015 - 19:42:30 - [] ----D C:\ProgramData\a26c304000007dd1
O43 - CFD: 16/01/2014 - 09:45:48 - [] ----D C:\ProgramData\APN
O43 - CFD: 22/11/2014 - 18:02:37 - [] ----D C:\ProgramData\atjs
O43 - CFD: 02/11/2013 - 20:35:00 - [] ----D C:\ProgramData\BoxUpdChk =>Adware.Boxore
O43 - CFD: 15/02/2015 - 20:33:51 - [] ----D C:\ProgramData\e880d3a000002a8e
O43 - CFD: 24/04/2015 - 09:04:16 - [] ----D C:\ProgramData\ea786f5100001637
O43 - CFD: 30/01/2015 - 21:28:06 - [] ----D C:\ProgramData\MailUpdate =>PUP.MailUpdate
O43 - CFD: 27/12/2013 - 01:35:30 - [] ----D C:\ProgramData\SaveSenseLive =>PUP.CrossRider
O43 - CFD: 28/12/2013 - 10:28:55 - [0] ----D C:\ProgramData\ShoppingChip =>Adware.ShoppingChip
O43 - CFD: 25/03/2015 - 21:12:47 - [] ----D C:\ProgramData\SmartPurple
O43 - CFD: 30/01/2015 - 21:14:56 - [] ----D C:\ProgramData\WindowsMangerProtect =>PUP.Fuyu
O43 - CFD: 31/12/2013 - 11:52:45 - [] ----D C:\ProgramData\WPM =>PUP.WpManager
O43 - CFD: 16/04/2015 - 17:36:08 - [] ----D C:\ProgramData\{30ba1e4c-e470-7546-30ba-a1e4ce477933}
O43 - CFD: 22/04/2015 - 20:40:06 - [] ----D C:\ProgramData\{cad414b3-e111-05f9-cad4-414b3e1152cf}
O43 - CFD: 29/04/2015 - 21:15:34 - [] ----D C:\ProgramData\{e1846fcd-5f08-d495-e184-46fcd5f0bf35}
O43 - CFD: 29/04/2015 - 22:25:28 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse =>PUP.CrossBrowse
O43 - CFD: 30/05/2014 - 21:55:12 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileParade bundle uninstaller =>PUP.FileParadeBundle
O43 - CFD: 12/04/2011 - 11:27:52 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 07/03/2014 - 23:34:18 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TF2 lan edition
O43 - CFD: 30/04/2015 - 09:37:34 - [] ----D C:\Users\Proprietaire\AppData\Roaming\ABC95400-1430339194-81DF-3252-485B39406703
O43 - CFD: 30/04/2015 - 00:09:44 - [] ----D C:\Users\Proprietaire\AppData\Roaming\ABC95400-1430345383-81DF-3252-485B39406703
O43 - CFD: 29/04/2015 - 23:22:24 - [] -SH-D C:\Users\Proprietaire\AppData\Roaming\AnyProtectEx =>PUP.AnyProtect
O43 - CFD: 30/04/2015 - 14:14:18 - [] ----D C:\Users\Proprietaire\AppData\Roaming\betadeeal =>PUP.DeealFr
O43 - CFD: 25/11/2014 - 17:13:40 - [] ----D C:\Users\Proprietaire\AppData\Roaming\Ej65MUB
O43 - CFD: 29/04/2015 - 21:20:06 - [] ----D C:\Users\Proprietaire\AppData\Roaming\iz2l7tY
O43 - CFD: 30/04/2015 - 14:07:55 - [] ----D C:\Users\Proprietaire\AppData\Roaming\MailUpdate =>PUP.MailUpdate
O43 - CFD: 29/04/2015 - 21:20:10 - [] ----D C:\Users\Proprietaire\AppData\Roaming\miF5GMs
O43 - CFD: 30/09/2013 - 20:44:27 - [0] -SH-D C:\Users\Proprietaire\AppData\Roaming\msgr
O43 - CFD: 30/04/2015 - 14:10:05 - [] ----D C:\Users\Proprietaire\AppData\Roaming\newnext.me =>PUP.NextLive
O43 - CFD: 08/02/2015 - 16:54:44 - [] ----D C:\Users\Proprietaire\AppData\Roaming\omiga-plus =>Hijacker.OmigaPlus
O43 - CFD: 05/07/2014 - 20:11:50 - [] ----D C:\Users\Proprietaire\AppData\Roaming\RocketUpdater =>PUP.RockTurner
O43 - CFD: 27/12/2013 - 01:35:22 - [] ----D C:\Users\Proprietaire\AppData\Roaming\SaveSense =>PUP.CrossRider
O43 - CFD: 09/03/2014 - 11:45:43 - [] ----D C:\Users\Proprietaire\AppData\Roaming\steamvr
O43 - CFD: 30/04/2015 - 14:08:49 - [0] ----D C:\Users\Proprietaire\AppData\Roaming\Store =>PUP.Nosibay
O43 - CFD: 30/04/2015 - 14:14:20 - [] ----D C:\Users\Proprietaire\AppData\Roaming\winservices =>Trojan.Inject.RRE
O43 - CFD: 16/04/2015 - 17:32:07 - [] ----D C:\Users\Proprietaire\AppData\Roaming\wp_update =>PUP.WpManager
O43 - CFD: 30/04/2015 - 14:09:07 - [0] ----D C:\Users\Proprietaire\AppData\Roaming\WTools =>PUP.Nosibay
O43 - CFD: 29/04/2015 - 21:20:10 - [] ----D C:\Users\Proprietaire\AppData\Roaming\zqTzBtX
O43 - CFD: 29/04/2015 - 22:29:30 - [] ----D C:\Users\Proprietaire\AppData\Local\ABC95400-1430346568-81DF-3252-485B39406703
O43 - CFD: 30/04/2015 - 14:21:27 - [] ----D C:\Users\Proprietaire\AppData\Local\avaavaevy =>PUP.SearchProtect
O43 - CFD: 19/03/2015 - 00:13:20 - [] ----D C:\Users\Proprietaire\AppData\Local\avayvaxvaa =>PUP.SearchProtect
O43 - CFD: 24/03/2015 - 00:34:52 - [] ----D C:\Users\Proprietaire\AppData\Local\avayvaxxvae =>PUP.SearchProtect
O43 - CFD: 01/03/2015 - 23:36:52 - [] ----D C:\Users\Proprietaire\AppData\Local\avayvxvaxc =>PUP.SearchProtect
O43 - CFD: 29/04/2015 - 22:25:40 - [] ----D C:\Users\Proprietaire\AppData\Local\Crossbrowse =>PUP.CrossBrowse
O43 - CFD: 01/03/2015 - 20:30:11 - [] ----D C:\Users\Proprietaire\AppData\Local\CrossBrowser =>PUP.CrossBrowser
O43 - CFD: 04/04/2015 - 15:05:09 - [] ----D C:\Users\Proprietaire\AppData\Local\CSO
O43 - CFD: 01/03/2015 - 11:24:40 - [] ----D C:\Users\Proprietaire\AppData\Local\Doctor_PC =>PUP.DoctorPC
O43 - CFD: 24/09/2013 - 20:44:26 - [0] ----D C:\Users\Proprietaire\AppData\Local\DProtect =>Trojan.Staser
O43 - CFD: 27/12/2013 - 01:30:50 - [] ----D C:\Users\Proprietaire\AppData\Local\Duuqu =>PUP.Duuqu
O43 - CFD: 09/12/2014 - 18:04:10 - [] ----D C:\Users\Proprietaire\AppData\Local\EdgeOfReality
O43 - CFD: 06/12/2014 - 13:27:35 - [] -SH-D C:\Users\Proprietaire\AppData\Local\EmieBrowserModeList
O43 - CFD: 31/12/2013 - 11:52:15 - [] ----D C:\Users\Proprietaire\AppData\Local\genienext =>PUP.NextLive
O43 - CFD: 31/12/2013 - 11:53:13 - [0] ----D C:\Users\Proprietaire\AppData\Local\Lollipop =>Adware.Lollipop
O43 - CFD: 30/04/2015 - 10:31:38 - [] ----D C:\Users\Proprietaire\AppData\Local\Max_Computer_Cleaner
O43 - CFD: 08/10/2013 - 21:19:49 - [] ----D C:\Users\Proprietaire\AppData\Local\mystart_ad =>Spyware.VMNToolbar
O43 - CFD: 01/03/2015 - 11:21:33 - [] ----D C:\Users\Proprietaire\AppData\Local\Pro_PC_Cleaner =>PUP.DoctorPC
O43 - CFD: 05/07/2014 - 20:30:13 - [] ----D C:\Users\Proprietaire\AppData\Local\Rocket =>PUP.RockTurner
O43 - CFD: 27/12/2013 - 01:35:30 - [] ----D C:\Users\Proprietaire\AppData\Local\SaveSenseLive =>PUP.CrossRider
O43 - CFD: 30/04/2015 - 10:49:19 - [] ----D C:\Users\Proprietaire\AppData\Local\SmartWeb =>PUP.SmartWeb
~ Program Folder: 279 Legitimates Filtered in 00mn 01s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.2CBD6D22499EB13A2666F62EF33D00E2] - 15/04/2015 - 14:28:10 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [16303]
O44 - LFC:[MD5.021DCD10DE423A7F05705B4E293F7BC4] - 19/04/2015 - 09:54:01 ---A- . (...) -- C:\Windows\wininit.ini [33687]
O44 - LFC:[MD5.11569CCAC4AA43E6F3E54C2F6BFEF9E2] - 30/04/2015 - 09:47:36 ---A- . (...) -- C:\END [8]
O44 - LFC:[MD5.4E2016A439674264D57E00A24F1763CE] - 30/04/2015 - 13:04:37 ---A- . (...) -- C:\Windows\System32\GambaliOff.ini [9040] =>PUP.Gambali
~ Files: 132 Legitimates Filtered in 00mn 03s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - bitguard.exe - tasklist.exe =>PUP.BitGuard
O50 - IFEO:Image File Execution Options - bprotect.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - bpsvc.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - browserdefender.exe - tasklist.exe =>Hijacker.Eazel
O50 - IFEO:Image File Execution Options - browserprotect.exe - tasklist.exe =>Hijacker.Eazel
O50 - IFEO:Image File Execution Options - browsersafeguard.exe - tasklist.exe =>PUP.BrowserSafeguard
O50 - IFEO:Image File Execution Options - dprotectsvc.exe - tasklist.exe =>Trojan.Staser
O50 - IFEO:Image File Execution Options - jumpflip - tasklist.exe =>PUP.JumpFlip
O50 - IFEO:Image File Execution Options - protectedsearch.exe - tasklist.exe =>Spyware.ProtectedSearch
O50 - IFEO:Image File Execution Options - searchinstaller.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - searchprotection.exe - tasklist.exe =>Toolbar.Conduit
O50 - IFEO:Image File Execution Options - searchprotector.exe - tasklist.exe =>PUP.SearchProtect
O50 - IFEO:Image File Execution Options - searchsettings.exe - tasklist.exe =>Adware.SearchSettings
O50 - IFEO:Image File Execution Options - searchsettings64.exe - tasklist.exe =>Adware.SearchSettings
O50 - IFEO:Image File Execution Options - snapdo.exe - tasklist.exe =>Hijacker.SmartBar
O50 - IFEO:Image File Execution Options - stinst32.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - stinst64.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - umbrella.exe - tasklist.exe =>Adware.IMBooster
O50 - IFEO:Image File Execution Options - utiljumpflip.exe - tasklist.exe =>PUP.JumpFlip
O50 - IFEO:Image File Execution Options - volaro - tasklist.exe =>Trojan.Vonteera
O50 - IFEO:Image File Execution Options - vonteera - tasklist.exe =>Trojan.Vonteera
O50 - IFEO:Image File Execution Options - websteroids.exe - tasklist.exe =>PUP.TubeDimmer
O50 - IFEO:Image File Execution Options - websteroidsservice.exe - tasklist.exe =>PUP.TubeDimmer
~ IFEO: Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:09/08/2007 - 00:21:00 ---A- . (.Pas de propriétaire - ATK0100 ACPI Utility.) -- C:\Windows\System32\Drivers\ATK64AMD.sys [13680]
O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:21/09/2013 - 14:39:01 ---A- . (.ELAN Microelectronic Corp. - ETD Control Center.) -- C:\Windows\System32\Drivers\ETD.sys [112128]
O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:29/12/2014 - 04:56:08 ---A- . (.Visicom Media Inc. - ManyCam Virtual Microphone.) -- C:\Windows\System32\Drivers\mcaudrv_x64.sys [35992]
O58 - SDL:29/12/2014 - 05:07:36 ---A- . (.Visicom Media Inc. - ManyCam Virtual Webcam Driver.) -- C:\Windows\System32\Drivers\mcvidrv.sys [49304]
O58 - SDL:11/10/2012 - 04:08:10 ---A- . (.ManyCam LLC - ManyCam Virtual Webcam.) -- C:\Windows\System32\Drivers\mcvidrv_x64.sys [44928]
O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
~ Drivers: 52 Legitimates Filtered in 00mn 01s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 10/01/1746 - C:\Windows\system32\drivers\SPPD.sys (SPPD) .(...) - LEGACY_SPPD =>Rogue.PCSpeedUp
~ Legacy: 81 Legitimates Filtered in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Crossbrowse - Crossbrowse.) -- C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe =>PUP.CrossBrowse
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Crossbrowse - Crossbrowse.) -- C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe =>PUP.CrossBrowse
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} - (Trovi search) - http://www.oursurfing.com
O69 - SBI: SearchScopes [HKCU] {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} - (Trovi) - http://www.oursurfing.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.oursurfing.com
O69 - SBI: SearchScopes [HKCU] {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} [DefaultScope] - (e) - http://www.oursurfing.com
O69 - SBI: SearchScopes [HKCU] {31090377-0740-419E-BEFC-A56E50500D5B} - () - http://www.oursurfing.com
O69 - SBI: SearchScopes [HKCU] {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} - (Search The Web) - http://www.oursurfing.com =>Adware.IMBooster
O69 - SBI: SearchScopes [HKCU] {77AA745B-F4F8-45DA-9B14-61D2D95054C8} - (WSE Rocket) - http://www.oursurfing.com =>PUP.RockTurner
O69 - SBI: SearchScopes [HKCU] {80c554b9-c7f8-4a21-9471-06d606da78a2} - (Bing) - http://www.oursurfing.com
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} - () - http://www.oursurfing.com
O69 - SBI: SearchScopes [HKCU] {E733165D-CBCF-4FDA-883E-ADEF965B476C} - (Google) - http://www.oursurfing.com
O69 - SBI: SearchScopes [HKCU] {F5217C02-2B2E-40F6-8415-177394C8D9AC} - (Search The Web (Start Point)) - http://www.oursurfing.com =>Adware.IMBooster
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.9B54764EC966F1F6AC6218CA59B93ECD] [SPRF][21/09/2013] (...) -- C:\ProgramData\ntuser.dat [262144]
[MD5.2D6790D88ED13A4ACD83A1FFB1571AD1] [SPRF][28/07/2014] (...) -- C:\ProgramData\uninstall_Deeal.exe [431104] =>PUP.DeealFr
[MD5.5BB38A91B175AF871D5351CC2C534904] [SPRF][30/09/2014] (...) -- C:\ProgramData\uninstall_Winservices.exe [431104] =>Trojan.Inject.RRE
[MD5.3A1D89B89C9D62951957F0839578DD9B] [SPRF][20/04/2015] (...) -- C:\Users\Proprietaire\AppData\Roaming\F50UH3fClJb6mMFuOmWePy8RI.exe [1579520]
[MD5.3A1D89B89C9D62951957F0839578DD9B] [SPRF][20/04/2015] (...) -- C:\Users\Proprietaire\AppData\Roaming\iiJKwi6iO47FgqA7JBuz.exe [1579520]
[MD5.BD2B3806854FEE15E76CB2CE662028DA] [SPRF][28/08/2014] (.Pas de propriétaire - betadeeal service scheduler.) -- C:\Users\Proprietaire\AppData\Roaming\~ecdjdbt.exe [667648] =>PUP.DeealFr
[MD5.D7EA62FFD7DE85440D4A843DB6854368] [SPRF][06/12/2013] (.Pas de propriétaire - wp_update scheduler.) -- C:\Users\Proprietaire\AppData\Roaming\~lhnwmbp.exe [492208] =>PUP.WpManager
[MD5.7FEB50B8DC6F2F2AAE77F8E3451A2531] [SPRF][01/10/2014] (.Pas de propriétaire - winservices service scheduler.) -- C:\Users\Proprietaire\AppData\Roaming\~mlyyiwp.exe [667648] =>Trojan.Inject.RRE
[MD5.BAB2DE5742F802D6E66D12BB6DF6322F] [SPRF][14/03/2015] (...) -- D:\Proprietaire\Desktop\Launcher Ascentia 3.3.exe [290705]
~ Files: 9 Legitimates Filtered in 00mn 00s



---\\ Recherche d'infection Rogue (SRI) (O86)
O43 - CFD: 25/03/2015 - 21:11:32 - [] ----D C:\ProgramData\05aaabf9150243ab97605a4c8a7b05cd
~ Files: Scanned in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{A49F52E9-2686-4455-B58C-A20606430A49}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\Proprietaire\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{87EEB901-FE85-4927-A9A2-D4403B39D4EB}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\Proprietaire\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{09187410-0DA7-4025-A527-D0BB0B37D520}" | In - None - P17 - TRUE | .(.Crossbrowse - Crossbrowse.) -- C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe =>PUP.CrossBrowse
~ Firewall: 3 Legitimates Filtered in 00mn 06s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.D3BA316235F09DB374B8C0BD742D1363] [WIS][27/12/2013] (.Kreapixel - Webplayer.) -- C:\Windows\Installer\bc3184b.msi [21504] =>Adware.SocialSkinz
~ WIS: 1 Legitimates Filtered in 00mn 00s



---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32 =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\StormWatch_RASAPI32 =>PUP.StormWatch
HKLM\SOFTWARE\Microsoft\Tracing\StormWatch_RASMANCS =>PUP.StormWatch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32 =>PUP.AdvancedSystemProtector
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS =>PUP.AdvancedSystemProtector
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\FileOpenerPro_Installer_RASAPI32 =>Adware.InstallCore
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\FileOpenerPro_Installer_RASMANCS =>Adware.InstallCore
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GreenerWeb_RASAPI32 =>PUP.GreenerWeb
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GreenerWeb_RASMANCS =>PUP.GreenerWeb
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Iminent_RASAPI32 =>Adware.IMBooster
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Iminent_RASMANCS =>Adware.IMBooster
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MegaBrowse_RASAPI32 =>PUP.MegaBrowse
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MegaBrowse_RASMANCS =>PUP.MegaBrowse
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NetCrawl_RASAPI32 =>PUP.NetCrawl
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NetCrawl_RASMANCS =>PUP.NetCrawl
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\RockTurner_RASAPI32 =>PUP.RockTurner
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\RockTurner_RASMANCS =>PUP.RockTurner
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\sizlsearch_RASAPI32 =>PUP.SizlSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\sizlsearch_RASMANCS =>PUP.SizlSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Smartbar_RASAPI32 =>Hijacker.SmartBar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Smartbar_RASMANCS =>Hijacker.SmartBar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateGreenerWeb_RASAPI32 =>PUP.GreenerWeb
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateGreenerWeb_RASMANCS =>PUP.GreenerWeb
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateGreyGray_RASAPI32 =>PUP.GreyGray
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateGreyGray_RASMANCS =>PUP.GreyGray
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateMegaBrowse_RASAPI32 =>PUP.MegaBrowse
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateMegaBrowse_RASMANCS =>PUP.MegaBrowse
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateNetCrawl_RASAPI32 =>PUP.NetCrawl
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateNetCrawl_RASMANCS =>PUP.NetCrawl
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateRockTurner_RASAPI32 =>PUP.RockTurner
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateRockTurner_RASMANCS =>PUP.RockTurner
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatesizlsearch_RASAPI32 =>PUP.SizlSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatesizlsearch_RASMANCS =>PUP.SizlSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateSquirrelWeb_RASAPI32 =>PUP.SquirrelWeb
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateSquirrelWeb_RASMANCS =>PUP.SquirrelWeb
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateStormVade_RASAPI32 =>PUP.StormVade
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateStormVade_RASMANCS =>PUP.StormVade
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilMegaBrowse_RASAPI32 =>PUP.MegaBrowse
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilMegaBrowse_RASMANCS =>PUP.MegaBrowse
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilStormVade_RASAPI32 =>PUP.StormVade
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilStormVade_RASMANCS =>PUP.StormVade
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32 =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS =>PUP.Wajam
~ BTK: 183 Legitimates Filtered in 00mn 00s



---\\ Recherche de clés de registre CLSID (O101)
[HKCR\CLSID\{11111111-1111-1111-1111-110311711180}] (Plus-HD-3.5) =>Adware.PlusHD
[HKCR\CLSID\{11111111-1111-1111-1111-110611471155}] (winservice86) =>PUP.CrossRider
[HKCR\CLSID\{22222222-2222-2222-2222-220322712280}] (CrossriderApp0037180.Sandbox) =>PUP.CrossRider
[HKCR\CLSID\{ccb24e92-62c4-4c53-95d2-65f9eed476bc}] (MyStart Toolbar) =>Spyware.VMNToolbar
[HKCR\CLSID\{FC7522A5-53C8-5FD6-6F9C-92B35D09F5DE}] (ShoppingChip) =>Adware.ShoppingChip
~ BCK: 4293 Legitimates Filtered in 00mn 13s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 22/07/1658 0 | (EasyAntiCheat) . (.EasyAntiCheat Ltd.) - C:\Windows\system32\EasyAntiCheat.exe
SS - | Demand 11/04/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Auto 18/02/2015 315488 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 14/04/2015 836288 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SS - | Auto 22/07/1658 0 | (Update GreyGray) . (...) - C:\Program Files (x86)\GreyGray\updateGreyGray.exe =>PUP.GreyGray
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 15/06/2009 84536 | (ASLDRService) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
SR - | Auto 04/03/2015 2951440 | (CltMngSvc) . (.Client Connect LTD.) - C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe =>PUP.SearchProtect
SR - | Auto 03/12/2014 108032 | (Freemake Improver) . (.Freemake.) - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
SR - | Auto 23/03/2015 1813680 | (Gambali) . (.Gambali OEM Software.) - C:\ProgramData\SmartPurple\Gambali.exe =>PUP.Gambali
SR - | Auto 11/04/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SR - | Auto 20/04/2015 158816 | (IHProtect Service) . (.XTab system.) - C:\Program Files (x86)\XTab\ProtectService.exe =>Adware.AgentODR
SR - | Auto 30/01/2015 23784 | (MsMpSvc) . (.Microsoft Corporation.) - C:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 29/04/2015 114176 | (rorikewu) . (...) - C:\Users\Proprietaire\AppData\Roaming\ABC95400-1430339194-81DF-3252-485B39406703\jnshDA38.tmp
SR - | Auto 26/01/2009 1153368 | (SBSDWSCService) . (.Safer Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
SR - | Auto 25/03/2015 342016 | (SmartPurple) . (...) - C:\ProgramData\SmartPurple\SmartPurple.exe
SR - | Auto 30/04/2015 163328 | (tydomybi) . (...) - C:\Users\Proprietaire\AppData\Roaming\ABC95400-1430339194-81DF-3252-485B39406703\nso207.tmp
SR - | Auto 18/04/2003 8192 | (WIN-srvGA) . (...) - C:\Windows\SysWOW64\srvany.exe
SR - | Auto 22/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 15s



---\\ Scan Additionnel (O88)
Database Version : 13008 - (28/04/2015)
Clés trouvées (Keys found) : 152
Valeurs trouvées (Values found) : 9
Dossiers trouvés (Folders found) : 48
Fichiers trouvés (Files found) : 139

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611471155}] =>PUP.CrossRider^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}] =>PUP.SupTab^
[HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc] =>PUP.SearchProtect^
[HKLM\SYSTEM\CurrentControlSet\Services\Gambali] =>PUP.Gambali^
[HKLM\SYSTEM\CurrentControlSet\Services\IHProtect Service] =>Adware.AgentODR^
[HKLM\SYSTEM\CurrentControlSet\Services\Update GreyGray] =>PUP.GreyGray^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Crossbrowse] =>PUP.CrossBrowse^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Deeal] =>PUP.DeealFr^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\FileParade bundle uninstaller] =>PUP.FileParadeBundle^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect] =>PUP.SearchProtect^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F750DB0E-D452-3108-63C9-FE16BC686741}] =>Adware.SocialSkinz^
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}] =>Hijacker.SmartBar
[HKLM\Software\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}] =>PUP.RewardsArcade
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer
[HKLM\Software\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}] =>PUP.ToolbarCleaner
[HKLM\Software\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}] =>PUP.RewardsArcade
[HKLM\Software\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}] =>PUP.Wajam
[HKLM\Software\Wow6432Node\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}] =>PUP.Wajam
[HKLM\Software\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade
[HKLM\Software\Classes\AppID\esrv.EXE] =>PUP.Babylon
[HKLM\Software\Classes\SpeedUpMyPC] =>PUP.SpeedUpMyPC
[HKCU\Software\APN PIP] =>Toolbar.Ask
[HKCU\Software\Boxore] =>Adware.Boxore
[HKLM\Software\Wow6432Node\Boxore] =>Adware.Boxore
[HKCU\Software\lollipop] =>Adware.Lollipop
[HKCU\Software\ilivid] =>Adware.Bandoo
[HKCU\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\SP Global] =>PUP.AdvancedSystemProtector
[HKLM\Software\Wow6432Node\Tutorials] =>Spyware.AgenceExclusive
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Iminent_RASAPI32] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Iminent_RASMANCS] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP] =>Adware.IMBooster
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo] =>PUP.Elex
[HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
[HKLM\Software\Wow6432Node\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
[HKLM\Software\Classes\CrossriderApp0040594.BHO] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0040594.BHO.1] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0040594.Sandbox] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0040594.Sandbox.1] =>PUP.CrossRider
[HKCU\Software\Classes\keepmysearch] =>Adware.MyWebSearch
[HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110311711180}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110611471155}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220322712280}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220622472255}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311711180}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0040594.BHO] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0040594.BHO.1] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0040594.Sandbox] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0040594.Sandbox.1] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110611471155}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220322712280}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220622472255}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611471155}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}] =>Adware.Bandoo^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:BitTorrent =>P2P.BitTorrent^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:MyStart Anti-phishing Domain Advisor =>Adware.VisicomAntiPhishing^
C:\Program Files (x86)\AskPartnerNetwork =>Toolbar.AskBar^
C:\Program Files (x86)\Crossbrowse =>PUP.CrossBrowse^
C:\Program Files (x86)\Deeal =>PUP.DeealFr^
C:\Program Files (x86)\Duuqu =>PUP.Duuqu^
C:\Program Files (x86)\Movies App =>PUP.CrossRider^
C:\Program Files (x86)\SaveSenseLive =>PUP.CrossRider^
C:\Program Files (x86)\ShoppingChip =>Adware.ShoppingChip^
C:\Program Files (x86)\winservice86 =>PUP.CrossRider^
C:\ProgramData\BoxUpdChk =>Adware.Boxore^
C:\ProgramData\MailUpdate =>PUP.MailUpdate^
C:\ProgramData\SaveSenseLive =>PUP.CrossRider^
C:\ProgramData\ShoppingChip =>Adware.ShoppingChip^
C:\ProgramData\WindowsMangerProtect =>PUP.Fuyu^
C:\ProgramData\WPM =>PUP.WpManager^
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse =>PUP.CrossBrowse^
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileParade bundle uninstaller =>PUP.FileParadeBundle^
C:\Users\Proprietaire\AppData\Roaming\AnyProtectEx =>PUP.AnyProtect^
C:\Users\Proprietaire\AppData\Roaming\betadeeal =>PUP.DeealFr^
C:\Users\Proprietaire\AppData\Roaming\MailUpdate =>PUP.MailUpdate^
C:\Users\Proprietaire\AppData\Roaming\newnext.me =>PUP.NextLive^
C:\Users\Proprietaire\AppData\Roaming\omiga-plus =>Hijacker.OmigaPlus^
C:\Users\Proprietaire\AppData\Roaming\RocketUpdater =>PUP.RockTurner^
C:\Users\Proprietaire\AppData\Roaming\SaveSense =>PUP.CrossRider^
C:\Users\Proprietaire\AppData\Roaming\Store =>PUP.Nosibay^
C:\Users\Proprietaire\AppData\Roaming\winservices =>Trojan.Inject.RRE^
C:\Users\Proprietaire\AppData\Roaming\wp_update =>PUP.WpManager^
C:\Users\Proprietaire\AppData\Roaming\WTools =>PUP.Nosibay^
C:\Users\Proprietaire\AppData\Local\avaavaevy =>PUP.SearchProtect^
C:\Users\Proprietaire\AppData\Local\avayvaxvaa =>PUP.SearchProtect^
C:\Users\Proprietaire\AppData\Local\avayvaxxvae =>PUP.SearchProtect^
C:\Users\Proprietaire\AppData\Local\avayvxvaxc =>PUP.SearchProtect^
C:\Users\Proprietaire\AppData\Local\Crossbrowse =>PUP.CrossBrowse^
C:\Users\Proprietaire\AppData\Local\CrossBrowser =>PUP.CrossBrowser^
C:\Users\Proprietaire\AppData\Local\Doctor_PC =>PUP.DoctorPC^
C:\Users\Proprietaire\AppData\Local\DProtect =>Trojan.Staser^
C:\Users\Proprietaire\AppData\Local\Duuqu =>PUP.Duuqu^
C:\Users\Proprietaire\AppData\Local\genienext =>PUP.NextLive^
C:\Users\Proprietaire\AppData\Local\Lollipop =>Adware.Lollipop^
C:\Users\Proprietaire\AppData\Local\mystart_ad =>Spyware.VMNToolbar^
C:\Users\Proprietaire\AppData\Local\Pro_PC_Cleaner =>PUP.DoctorPC^
C:\Users\Proprietaire\AppData\Local\Rocket =>PUP.RockTurner^
C:\Users\Proprietaire\AppData\Local\SaveSenseLive =>PUP.CrossRider^
C:\Users\Proprietaire\AppData\Local\SmartWeb =>PUP.SmartWeb^
C:\Program Files (x86)\SearchProtect =>Toolbar.Conduit
C:\Program Files (x86)\Software =>Adware.Boxore
C:\Users\Proprietaire\AppData\Local\SearchProtect =>Toolbar.Conduit
C:\Users\Proprietaire\AppData\LocalLow\Conduit =>Toolbar.Conduit
C:\Users\Proprietaire\AppData\Local\Temp\eIntaller =>PUP.eSafeSecurity
C:\Users\Proprietaire\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent^
C:\Program Files (x86)\StartPoint\startpoint\1.3.23.0\startpoint.exe =>PUP.StartPoint^
C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe =>PUP.CrossBrowse^
C:\ProgramData\MyStart Anti-phishing Domain Advisor\MyStart_antiphishing.exe =>Adware.VisicomAntiPhishing^
C:\ProgramData\{e1846fcd-5f08-d495-e184-46fcd5f0bf35}\hqghumeaylnlf.exe =>PUP.SuperPCTools^
C:\ProgramData\{30ba1e4c-e470-7546-30ba-a1e4ce477933}\Of_FR-I3-OptimizerPro_chk_0_237.exe =>PUP.OptimizerPro^
C:\Program Files (x86)\winservice86\ad7f33aa-5b98-444f-bb11-17bb5c480c66.exe =>PUP.CrossRider^
C:\ProgramData\SmartPurple\Gambali.exe =>PUP.Gambali^
C:\Users\Proprietaire\AppData\Local\avaavaevy\avaavaevy.exe =>PUP.SearchProtect^
C:\Users\Proprietaire\AppData\Local\avayvaxvaa\avayvaxvaa.exe =>Adware.Pirrit^
C:\Users\Proprietaire\AppData\Local\avayvaxxvae\avayvaxxvae.exe =>Adware.Pirrit^
C:\Users\Proprietaire\AppData\Local\avayvxvaxc\avayvxvaxc.exe =>Adware.Pirrit^
C:\ProgramData\BoxUpdChk\updchk.exe =>PUP.SoftwareUp^
C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe =>PUP.CrossBrowse^
C:\Users\Proprietaire\AppData\Roaming\ROCKET~1\UPDATE~1\UPDATE~1.exe =>PUP.RockTurner^
C:\Users\Proprietaire\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.exe =>PUP.CrossRider^
C:\Program Files (x86)\StartPoint\startpoint\1.3.23.0\startup.exe =>PUP.StartPoint^
C:\Users\Proprietaire\AppData\Roaming\~lhnwmbp.exe =>PUP.WpManager^
C:\Users\Proprietaire\AppData\Roaming\omiga-plus\UninstallManager.exe =>Hijacker.OmigaPlus^
C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe =>PUP.SearchProtect^
C:\Windows\Tasks\5aba926d-25d2-4a2f-9c93-178df6a11891-1.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\5aba926d-25d2-4a2f-9c93-178df6a11891-1 =>PUP.CrossRider^
C:\Windows\Tasks\5aba926d-25d2-4a2f-9c93-178df6a11891-11.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\5aba926d-25d2-4a2f-9c93-178df6a11891-11 =>PUP.CrossRider^
C:\Windows\Tasks\5aba926d-25d2-4a2f-9c93-178df6a11891-4.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\5aba926d-25d2-4a2f-9c93-178df6a11891-4 =>PUP.CrossRider^
C:\Windows\Tasks\5aba926d-25d2-4a2f-9c93-178df6a11891-5.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\5aba926d-25d2-4a2f-9c93-178df6a11891-5 =>PUP.CrossRider^
C:\Windows\Tasks\5aba926d-25d2-4a2f-9c93-178df6a11891-5_user.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\5aba926d-25d2-4a2f-9c93-178df6a11891-5_user =>PUP.CrossRider^
C:\Windows\Tasks\5aba926d-25d2-4a2f-9c93-178df6a11891-6.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\5aba926d-25d2-4a2f-9c93-178df6a11891-6 =>PUP.CrossRider^
C:\Windows\Tasks\5aba926d-25d2-4a2f-9c93-178df6a11891-7.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\5aba926d-25d2-4a2f-9c93-178df6a11891-7 =>PUP.CrossRider^
C:\Windows\Tasks\a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-5.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-5 =>PUP.CrossRider^
C:\Windows\Tasks\a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-5_user.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-5_user =>PUP.CrossRider^
C:\Windows\Tasks\a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-6.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-6 =>PUP.CrossRider^
C:\Windows\Tasks\a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-7.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-7 =>PUP.CrossRider^
C:\Windows\Tasks\a62014e3-bad8-4b48-bf82-9772a676629c-1.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\a62014e3-bad8-4b48-bf82-9772a676629c-1 =>PUP.CrossRider^
C:\Windows\Tasks\a62014e3-bad8-4b48-bf82-9772a676629c-11.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\a62014e3-bad8-4b48-bf82-9772a676629c-11 =>PUP.CrossRider^
C:\Windows\Tasks\a62014e3-bad8-4b48-bf82-9772a676629c-4.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\a62014e3-bad8-4b48-bf82-9772a676629c-4 =>PUP.CrossRider^
C:\Windows\Tasks\a62014e3-bad8-4b48-bf82-9772a676629c-5.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\a62014e3-bad8-4b48-bf82-9772a676629c-5 =>PUP.CrossRider^
C:\Windows\Tasks\a62014e3-bad8-4b48-bf82-9772a676629c-5_user.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\a62014e3-bad8-4b48-bf82-9772a676629c-5_user =>PUP.CrossRider^
C:\Windows\Tasks\a62014e3-bad8-4b48-bf82-9772a676629c-6.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\a62014e3-bad8-4b48-bf82-9772a676629c-6 =>PUP.CrossRider^
C:\Windows\Tasks\a62014e3-bad8-4b48-bf82-9772a676629c-7.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\a62014e3-bad8-4b48-bf82-9772a676629c-7 =>PUP.CrossRider^
C:\Windows\Tasks\ad7f33aa-5b98-444f-bb11-17bb5c480c66.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\ad7f33aa-5b98-444f-bb11-17bb5c480c66 =>PUP.CrossRider^
C:\Windows\Tasks\APSnotifierPP1.job =>PUP.AnyProtect^
C:\Windows\System32\Tasks\APSnotifierPP1 =>PUP.AnyProtect^
C:\Windows\Tasks\APSnotifierPP2.job =>PUP.AnyProtect^
C:\Windows\System32\Tasks\APSnotifierPP2 =>PUP.AnyProtect^
C:\Windows\Tasks\APSnotifierPP3.job =>PUP.AnyProtect^
C:\Windows\System32\Tasks\APSnotifierPP3 =>PUP.AnyProtect^
C:\Windows\Tasks\Crossbrowse.job =>PUP.CrossBrowse^
C:\Windows\System32\Tasks\Crossbrowse =>PUP.CrossBrowse^
C:\Windows\Tasks\Digital Sites.job =>Hijacker.DSite^
C:\Windows\System32\Tasks\Digital Sites =>Hijacker.DSite^
C:\Windows\Tasks\Pricora 2.0-chromeinstaller.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\Pricora 2.0-chromeinstaller =>PUP.CrossRider^
C:\Windows\Tasks\Pricora 2.0-codedownloader.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\Pricora 2.0-codedownloader =>PUP.CrossRider^
C:\Windows\Tasks\Pricora 2.0-enabler.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\Pricora 2.0-enabler =>PUP.CrossRider^
C:\Windows\Tasks\Pricora 2.0-firefoxinstaller.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\Pricora 2.0-firefoxinstaller =>PUP.CrossRider^
C:\Windows\Tasks\Pricora 2.0-updater.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\Pricora 2.0-updater =>PUP.CrossRider^
C:\Windows\Tasks\Rocket Updater.job =>PUP.RockTurner^
C:\Windows\System32\Tasks\Rocket Updater =>PUP.RockTurner^
C:\Windows\Tasks\SaveSense.job =>Hijacker.iHaveNet^
C:\Windows\System32\Tasks\SaveSense =>PUP.CrossRider^
[HKCU\Software\AnyProtect] =>PUP.AnyProtect^
[HKCU\Software\ArenaHD] =>PUP.CrossRider^
[HKCU\Software\CinemaPlus-3.2cV29.04-nv-ie] =>PUP.CrossRider^
[HKCU\Software\Conduit] =>Toolbar.Conduit^
[HKCU\Software\CrossBrowser] =>PUP.CrossBrowser^
[HKCU\Software\Crossbrowse] =>PUP.CrossBrowse^
[HKCU\Software\Duuqu] =>PUP.Duuqu^
[HKCU\Software\HighDefAction] =>PUP.CrossRider^
[HKCU\Software\Linkey] =>PUP.LinkeySearch^
[HKCU\Software\Rocket Browser] =>PUP.RockTurner^
[HKCU\Software\RocketUpdater] =>PUP.RockTurner^
[HKCU\Software\SaveSenseLive] =>PUP.CrossRider^
[HKCU\Software\SaveSense] =>PUP.CrossRider^
[HKCU\Software\Smartbar] =>Hijacker.SmartBar^
[HKCU\Software\Store] =>PUP.Nosibay^
[HKCU\Software\Super Optimizer] =>PUP.SuperOptimizer^
[HKCU\Software\TutoTag] =>PUP.AgenceExclusive^
[HKCU\Software\WTools] =>PUP.Nosibay^
[HKCU\Software\YorkNewCin] =>PUP.CrossRider^
[HKCU\Software\iLivid] =>Adware.Bandoo^
[HKCU\Software\winservice86-nv-ie] =>PUP.CrossRider^
[HKLM\Software\ArenaHD] =>PUP.CrossRider^
[HKLM\Software\DomaIQ] =>Adware.DomaIQ^
[HKLM\Software\HighDefAction] =>PUP.CrossRider^
[HKLM\Software\WebBar] =>PUP.WebBar^
[HKLM\Software\Wow6432Node\36c54063-462c-201a-69dc-e3561c9ffdca] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\433fd46f-0349-4552-8b1b-5fb005415d20] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\4d22abd1-a7e5-4b21-ab85-cfcc03fa623b] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\937610c9-5ad7-4acf-a425-13f8a15c563b] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\971bbd6c-f848-4ae2-9434-b893b6d0f4f1] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\ArenaHD] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\Duuqu] =>PUP.Duuqu^
[HKLM\Software\Wow6432Node\Feven 1.7] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\HighDefAction] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\Infonaut_1.10.0.14] =>PUP.Infonaut^
[HKLM\Software\Wow6432Node\Pro PC Cleaner] =>PUP.DoctorPC^
[HKLM\Software\Wow6432Node\SPPDCOM] =>Rogue.PCSpeedUp^
[HKLM\Software\Wow6432Node\SaveSenseLive] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\SupDp] =>PUP.SupTab^
[HKLM\Software\Wow6432Node\SystemK] =>PUP.SystemK^
[HKLM\Software\Wow6432Node\YorkNewCin] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\d9134df2-3e89-48db-896f-4bdbdd26724b] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab^
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager^
[HKLM\Software\YorkNewCin] =>PUP.CrossRider^
C:\ProgramData\uninstall_Deeal.exe =>PUP.DeealFr^
C:\ProgramData\uninstall_Winservices.exe =>Trojan.Inject.RRE^
C:\Users\Proprietaire\AppData\Roaming\~ecdjdbt.exe =>PUP.DeealFr^
C:\Users\Proprietaire\AppData\Roaming\~mlyyiwp.exe =>Trojan.Inject.RRE^
C:\Windows\Installer\bc3184b.msi =>Adware.SocialSkinz^
[HKCR\CLSID\{11111111-1111-1111-1111-110311711180}] (Plus-HD-3.5) =>Adware.PlusHD^
[HKCR\CLSID\{11111111-1111-1111-1111-110611471155}] (winservice86) =>PUP.CrossRider^
[HKCR\CLSID\{22222222-2222-2222-2222-220322712280}] (CrossriderApp0037180.Sandbox) =>PUP.CrossRider^
[HKCR\CLSID\{ccb24e92-62c4-4c53-95d2-65f9eed476bc}] (MyStart Toolbar) =>Spyware.VMNToolbar^
[HKCR\CLSID\{FC7522A5-53C8-5FD6-6F9C-92B35D09F5DE}] (ShoppingChip) =>Adware.ShoppingChip^
C:\Users\Proprietaire\AppData\Local\Temp\SearchProtectINT.exe =>Toolbar.Conduit
~ Additionnel Scan: 320752 Items scanned in 03mn 53s



---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects de navigateur (O2)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ http://nicolascoolman.fr/o50-image-file-execution-options-zhpdiag/ =>.Image File Execution Options (IFEO) (O50)
~ AMI: 4 Legitimates Filtered in 00mn 00s



---\\ Récapitulatif des détections trouvées sur votre station
http://www.nicolascoolman.fr/blog/ =>PUP.StartPoint
http://www.nicolascoolman.fr/blog/ =>PUP.CrossBrowse
http://www.nicolascoolman.fr/blog/ =>Adware.VisicomAntiPhishing
http://www.nicolascoolman.fr/blog/ =>PUP.SuperPCTools
http://nicolascoolman.fr/pup-optimizerpro =>PUP.OptimizerPro
http://nicolascoolman.fr/pup-crossrider =>PUP.CrossRider
http://www.nicolascoolman.fr/blog/ =>PUP.Gambali
http://nicolascoolman.fr/hijacker-smartbar =>Hijacker.SmartBar
http://nicolascoolman.fr/hijacker-qvo6 =>Hijacker.Qvo6
http://nicolascoolman.fr/pup-suptab =>PUP.SupTab
http://nicolascoolman.fr/adware-socialskinz =>Adware.SocialSkinz
http://nicolascoolman.fr/pup-nextlive =>PUP.NextLive
http://www.nicolascoolman.fr/blog/ =>PUP.Nosibay
http://nicolascoolman.fr/pup-searchprotect =>PUP.SearchProtect
http://nicolascoolman.fr/pup-anyprotect =>PUP.AnyProtect
http://www.nicolascoolman.fr/blog/ =>Adware.AgentODR
http://nicolascoolman.fr/pup-greygray =>PUP.GreyGray
http://www.nicolascoolman.fr/blog/ =>Adware.Pirrit
http://www.nicolascoolman.fr/blog/ =>PUP.SoftwareUp
http://nicolascoolman.fr/hijacker-dsite =>Hijacker.DSite
http://www.nicolascoolman.fr/blog/ =>PUP.DoctorPC
http://nicolascoolman.fr/pup-mypcbackup =>PUP.MyPCBackup
http://nicolascoolman.fr/adware-pricora =>Adware.Pricora
http://nicolascoolman.fr/pup-rockturner =>PUP.RockTurner
http://nicolascoolman.fr/pup-wpmanager =>PUP.WpManager
http://nicolascoolman.fr/hijacker-omigaplus =>Hijacker.OmigaPlus
http://nicolascoolman.fr/hijacker-ihavenet =>Hijacker.iHaveNet
http://www.nicolascoolman.fr/blog/ =>PUP.DeealFr
http://www.nicolascoolman.fr/blog/ =>PUP.FileParadeBundle
http://nicolascoolman.fr/adware-boxore =>Adware.Boxore
http://nicolascoolman.fr/toolbar-conduit =>Toolbar.Conduit
http://www.nicolascoolman.fr/blog/ =>PUP.CrossBrowser
http://nicolascoolman.fr/pup-duuqu =>PUP.Duuqu
http://nicolascoolman.fr/adware-imbooster =>Adware.IMBooster
http://nicolascoolman.fr/adware-installcore =>Adware.InstallCore
http://www.nicolascoolman.fr/blog/ =>PUP.BrowserExtensions
http://nicolascoolman.fr/pup-linkeysearch =>PUP.LinkeySearch
http://www.nicolascoolman.fr/blog/ =>PUP.SuperOptimizer
http://nicolascoolman.fr/spyware-agenceexclusive =>PUP.AgenceExclusive
http://nicolascoolman.fr/adware-bandoo =>Adware.Bandoo
http://nicolascoolman.fr/adware-lollipop =>Adware.Lollipop
http://nicolascoolman.fr/adware-domaiq =>Adware.DomaIQ
http://www.nicolascoolman.fr/blog/ =>PUP.WebBar
http://www.nicolascoolman.fr/blog/ =>PUP.Infonaut
http://nicolascoolman.fr/pup-advancedsystemprotector =>PUP.AdvancedSystemProtector
http://nicolascoolman.fr/rogue-pcspeedup =>Rogue.PCSpeedUp
http://nicolascoolman.fr/pup-systemk =>PUP.SystemK
http://www.nicolascoolman.fr/blog/ =>Toolbar.AskBar
http://nicolascoolman.fr/adware-shoppingchip =>Adware.ShoppingChip
http://www.nicolascoolman.fr/blog/ =>PUP.MailUpdate
http://www.nicolascoolman.fr/blog/ =>PUP.Fuyu
http://www.nicolascoolman.fr/blog/ =>Trojan.Inject.RRE
http://nicolascoolman.fr/trojan-staser =>Trojan.Staser
http://nicolascoolman.fr/spyware-vmntoolbar =>Spyware.VMNToolbar
http://nicolascoolman.fr/pup-smartwebsearch =>PUP.SmartWeb
http://nicolascoolman.fr/pup-bitguard =>PUP.BitGuard
http://nicolascoolman.fr/hijacker-eazel =>Hijacker.Eazel
http://nicolascoolman.fr/pup-browsersafeguard =>PUP.BrowserSafeguard
http://nicolascoolman.fr/pup-jumpflip =>PUP.JumpFlip
http://nicolascoolman.fr/spyware-protectedsearch =>Spyware.ProtectedSearch
http://nicolascoolman.fr/adware-searchsettings =>Adware.SearchSettings
http://nicolascoolman.fr/trojan-vonteera =>Trojan.Vonteera
http://nicolascoolman.fr/pup-tubedimmer =>PUP.TubeDimmer
http://www.nicolascoolman.fr/blog/ =>PUP.StormWatch
http://nicolascoolman.fr/pup-greenerweb =>PUP.GreenerWeb
http://nicolascoolman.fr/pup-megabrowse =>PUP.MegaBrowse
http://nicolascoolman.fr/pup-netcrawl =>PUP.NetCrawl
http://nicolascoolman.fr/pup-sizlsearch =>PUP.SizlSearch
http://www.nicolascoolman.fr/blog/ =>PUP.SquirrelWeb
http://www.nicolascoolman.fr/blog/ =>PUP.StormVade
http://nicolascoolman.fr/pup-wajam =>PUP.Wajam
http://nicolascoolman.fr/adware-plushd =>Adware.PlusHD
http://nicolascoolman.fr/pup-rewardsarcade =>PUP.RewardsArcade
http://nicolascoolman.fr/adware-spointer =>Adware.SPointer
http://nicolascoolman.fr/pup-toolbarcleaner =>PUP.ToolbarCleaner
http://nicolascoolman.fr/pup-babylon =>PUP.Babylon
http://www.nicolascoolman.fr/blog/ =>PUP.SpeedUpMyPC
http://nicolascoolman.fr/toolbar-ask =>Toolbar.Ask
http://nicolascoolman.fr/adware-pricegong =>Adware.PriceGong
http://www.nicolascoolman.fr/blog/ =>Spyware.AgenceExclusive
http://nicolascoolman.fr/pup-tarma =>PUP.Tarma
http://nicolascoolman.fr/pup-elex =>PUP.Elex
http://nicolascoolman.fr/adware-mywebsearch =>Adware.MyWebSearch
http://nicolascoolman.fr/pup-esafesecurity =>PUP.eSafeSecurity
~ MSI: 84 link(s) detected in 00mn 00s



~ 1261 Legitimates filtered by white list
End of the scan (1333 lines in 05mn 04s)(0.10)

Publicité


Signaler le contenu de ce document

Publicité