cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2015.4.1.34 - Nicolas Coolman (29/03/2015)
~ Lancé par Oxfam (4/04/2015 20:54:29)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17691
GCIE: Google Chrome v41.0.2272.101 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_COA_NSLP channel
Windows ID Activation : OK
~ Windows Partial Key : 2Q883
Windows License : OK
~ Windows Remaining Initializations Number : 4
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 7 Home Premium, 32-bit Service Pack 1 (Build 7601)

---\\ Logiciels de protection du système
Microsoft Security Client v4.7.0205.0
McAfee Security Scan Plus v3.8.150.1
Windows Defender W7 (Deactivate)

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 17 NPAPI

---\\ Informations sur le système
~ Processor: x86 Family 15 Model 4 Stepping 1, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1015 MB (27% free)
System Restore: Activé (Enable)
System drive C: has 45 GB (61%) free of 74 GB

---\\ Mode de connexion au système
~ Computer Name: OXFAM-PC
~ User Name: Oxfam
~ All Users Names: Oxfam, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Oxfam\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Oxfam\AppData\Roaming\
~ %Desktop% : C:\Users\Oxfam\Desktop\
~ %Favorites% : C:\Users\Oxfam\Favorites\
~ %LocalAppData% : C:\Users\Oxfam\AppData\Local\
~ %StartMenu% : C:\Users\Oxfam\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 45 Go of 74 Go)



---\\ Etat du Centre de Sécurité Windows
~ Security Center: 38 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.EA6EA6912F27F05C61D8D747517EB47E] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.20/02/2015 - 02:01:25.) -- C:\Windows\System32\wininet.dll [1888256]
[MD5.52449FD429D6053B78AE564DEF303870] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.17/07/2014 - 02:39:27.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 13:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.D0B388DA1D111A34366E04EB4A5DD156] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 07:36:07.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 09:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 09:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 10:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 09:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.7FE680A3DFA421C4A8E4879AE4C5AAB0] - (.Microsoft Corporation - TDI Translation Driver.) (.11/11/2014 - 02:32:14.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 13:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/7
~ Mes musiques (My Musics) : 3/13
~ Mes Favoris (My Favorites) : 1/18
~ Mes Documents (My Documents) : 5/12
~ Mon Bureau (My Desktop) : 1/7
~ Menu demarrer (Programs) : 1/25
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lancés
[MD5.154FC7D23359AA86D6CD312EFFBAFB80] - (...) -- C:\Program Files\ver3Re-markit\p2Re-markiti.exe [157696] [PID.2028] =>PUP.ReMarkIt
[MD5.B195FB0F48664405611B3F7A1CD9BD0A] - (...) -- C:\Users\Oxfam\AppData\Local\fst_be_71\upfst_be_71.exe [3353080] [PID.2884] =>Adware.FreeSoftToday
[MD5.9CF2961B1CA9FAEE7CD2604B6B808A70] - (...) -- C:\Program Files\fst_be_71\fst_be_71.exe [3981256] [PID.2884] =>Adware.FreeSoftToday
[MD5.10F60394D2438A6A494BAC8C78A093AC] - (.BitTorrent Inc. - µTorrent.) -- C:\Users\Oxfam\AppData\Roaming\uTorrent\uTorrent.exe [1940560] [PID.3052] =>P2P.BitTorrent
[MD5.F5A0554F655C566EB946841E6E7AE061] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [30877280] [PID.3068]
[MD5.3D558E2572EDF52FAD098AF2534B4E20] - (.McAfee, Inc. - McAfee Security Scanner Scheduler.) -- C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe [279456] [PID.3084]
[MD5.F217EF2EA31D8F73504B1CD2F9787D9D] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [809288] [PID.2824]
[MD5.6076B562F7848DED4CDB128B485B6132] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8195072] [PID.5324]
~ Processes Running: Scanned in 00mn 02s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Oxfam\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 10 Legitimates Filtered in 00mn 21s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
M2 - MFEP: RegExtension {D0911945-1BD3-7B06-16BA-6632545B4D82} . (...) -- C:\Program Files\ver3Re-markit\177.xpi (.not file.) =>PUP.ReMarkIt
~ Firefox Browser: 7 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com =>Hijacker.SmartBar
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.com =>Hijacker.SmartBar
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.com =>Hijacker.SmartBar
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchUrl,Default = http://feed.snapdo.com =>Hijacker.SmartBar
~ IE Browser: 8 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - [HKLM]{ae07101b-46d4-4a98-af68-0333ea26e113} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: PC Scan & Repair by Reimage.lnk . (.Reimage® - Reimage Downloader.) -- C:\Program Files\Reimage\Reimage Repair\ReimageRepair.exe =>Rogue.ReimageRepair
O4 - GS\QuickLaunch [Oxfam]: Launch Internet Explorer Browser.lnk . (...) -- C:\Program Files\Internet Explorer\iexplore.exe (.not file.)
O4 - GS\QuickLaunch [Oxfam]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Oxfam\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Desktop [Oxfam]: Sync Folder.lnk . (.MyPCBackup.com - MyPC Backup.) -- C:\Program Files\MyPC Backup\MyPC Backup.exe =>PUP.MyPCBackup
O4 - GS\Desktop [Oxfam]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Oxfam\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 5 Legitimates Filtered in 00mn 03s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [fst_be_71] . (...) -- C:\Program Files\fst_be_71\fst_be_71.exe =>Adware.FreeSoftToday
O4 - HKLM\..\RunOnce: [upfst_be_71.exe] . (...) -- C:\Users\Oxfam\AppData\Local\fst_be_71\upfst_be_71.exe =>Adware.FreeSoftToday
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Oxfam\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-4012300947-3697021486-594176658-1001\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Oxfam\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKUS\S-1-5-21-4012300947-3697021486-594176658-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3599F56B-04D4-4DF6-A1F6-FC7AB0EF5ED0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3599F56B-04D4-4DF6-A1F6-FC7AB0EF5ED0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{3599F56B-04D4-4DF6-A1F6-FC7AB0EF5ED0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Computer Backup (MyPC Backup) (BackupStack) . (.Just Develop It - Backup Stack.) - C:\Program Files\MyPC Backup\BackupStack.exe =>PUP.MyPCBackup
O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) . (...) - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe (.not file.) =>PUP.GlobalUpdate
O23 - Service: IePlugin Services (IePluginServices) . (...) - C:\ProgramData\IePluginServices\PluginService.exe (.not file.) =>PUP.IePluginService
O23 - Service: MixVideoPlayer Updater Service (MixVideoPlayerUpdaterService) . (.Pas de propriétaire - MixVideoPlayerUpdaterService.) - C:\Program Files\MixVideoPlayer\MixVideoPlayerUpdaterService.exe =>PUP.MixVideoPlayer
O23 - Service: Quick Ref 1.10.0.12 Client Service (qrsvc_1.10.0.12) . (.Quick Ref - Quick Ref Client Service.) - C:\Program Files\QuickRef_1.10.0.12\Service\qrsvc.exe =>PUP.QuickRef
O23 - Service: rcores (rcores) . (...) - C:\Windows\rcore.exe
O23 - Service: Registry Helper Service (Registry Helper Service) . (.SafeApp Software, LLC - Registry Helper Service.) - C:\Program Files\Registry Helper\RegistryHelperService.exe =>PUP.RegistryHelper
O23 - Service: Reimage Real Time Protector (ReimageRealTimeProtector) . (.Reimage® - Reimage Real Time Protection.) - C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe =>Rogue.ReimageRepair
O23 - Service: Util ClearThink (Util ClearThink) . (...) - C:\Program Files\ClearThink\bin\utilClearThink.exe (.not file.) =>PUP.ClearThink
~ Services: 8 Legitimates Filtered in 00mn 06s



---\\ Tâches planifiées en automatique (O39)
[MD5.614FCDFA59448C537A10C7CDA9621CD4] [APT] [05e33f54-447a-49b2-b630-1080916afd3f-1-6] (.InstallMoonV21.03.) -- C:\Program Files\GoHDV21.03\05e33f54-447a-49b2-b630-1080916afd3f-1-6.exe [1408512] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [05e33f54-447a-49b2-b630-1080916afd3f-1-7] (...) -- C:\Program Files\GoHDV21.03\05e33f54-447a-49b2-b630-1080916afd3f-1-7.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [05e33f54-447a-49b2-b630-1080916afd3f-10_user] (...) -- C:\Program Files\GoHDV21.03\05e33f54-447a-49b2-b630-1080916afd3f-10.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [05e33f54-447a-49b2-b630-1080916afd3f-5] (...) -- C:\Program Files\GoHDV21.03\05e33f54-447a-49b2-b630-1080916afd3f-5.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [05e33f54-447a-49b2-b630-1080916afd3f-5_user] (...) -- C:\Program Files\GoHDV21.03\05e33f54-447a-49b2-b630-1080916afd3f-5.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [ASP] (...) -- C:\Program Files\RCP\systweakasp.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [LaunchSignup] (...) -- C:\Program Files\MyPC Backup\Signup Wizard.exe (.not file.) [0] =>PUP.MyPCBackup
[MD5.00000000000000000000000000000000] [APT] [Re-markit Update] (...) -- C:\Program Files\ver3Re-markit\H9Re-markiti73.exe (.not file.) [0] =>PUP.ReMarkIt
[MD5.154FC7D23359AA86D6CD312EFFBAFB80] [APT] [Re-markit_wd] (...) -- C:\Program Files\ver3Re-markit\p2Re-markiti.exe [157696] =>PUP.ReMarkIt
[MD5.04F11302AB2AF61EFA696D8EDF6EE757] [APT] [ReimageUpdater] (.Reimage®.) -- C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [6079848] =>Rogue.ReimageRepair
[MD5.00000000000000000000000000000000] [APT] [{2851FCBD-EB51-4B73-8D45-A5A98CCD8D25}] (...) -- C:\Program Files\MixVideoPlayer\BrowserWeb.exe (.not file.) [0] =>PUP.MixVideoPlayer
[MD5.00000000000000000000000000000000] [APT] [{B4781871-25BF-4D5F-B423-D63BE8B0A34E}] (...) -- C:\ProgramData\TVWizard\uninstall.exe (.not file.) [0] =>PUP.TVWizard
O39 - APT: 05e33f54-447a-49b2-b630-1080916afd3f-1-6 - (.InstallMoonV21.03.) -- C:\Windows\Tasks\05e33f54-447a-49b2-b630-1080916afd3f-1-6.job [3104]
O39 - APT: 05e33f54-447a-49b2-b630-1080916afd3f-1-6 - (.InstallMoonV21.03.) -- C:\Windows\System32\Tasks\05e33f54-447a-49b2-b630-1080916afd3f-1-6 [3104]
O39 - APT: 05e33f54-447a-49b2-b630-1080916afd3f-1-7 - (...) -- C:\Windows\Tasks\05e33f54-447a-49b2-b630-1080916afd3f-1-7.job [3440]
O39 - APT: 05e33f54-447a-49b2-b630-1080916afd3f-1-7 - (...) -- C:\Windows\System32\Tasks\05e33f54-447a-49b2-b630-1080916afd3f-1-7 [3440]
O39 - APT: 05e33f54-447a-49b2-b630-1080916afd3f-10_user - (...) -- C:\Windows\Tasks\05e33f54-447a-49b2-b630-1080916afd3f-10_user.job [2078]
O39 - APT: 05e33f54-447a-49b2-b630-1080916afd3f-10_user - (...) -- C:\Windows\System32\Tasks\05e33f54-447a-49b2-b630-1080916afd3f-10_user [2078]
O39 - APT: 05e33f54-447a-49b2-b630-1080916afd3f-5 - (...) -- C:\Windows\Tasks\05e33f54-447a-49b2-b630-1080916afd3f-5.job [2756] =>PUP.CrossRider
O39 - APT: 05e33f54-447a-49b2-b630-1080916afd3f-5 - (...) -- C:\Windows\System32\Tasks\05e33f54-447a-49b2-b630-1080916afd3f-5 [2756] =>PUP.CrossRider
O39 - APT: 05e33f54-447a-49b2-b630-1080916afd3f-5_user - (...) -- C:\Windows\Tasks\05e33f54-447a-49b2-b630-1080916afd3f-5_user.job [2756] =>PUP.CrossRider
O39 - APT: 05e33f54-447a-49b2-b630-1080916afd3f-5_user - (...) -- C:\Windows\System32\Tasks\05e33f54-447a-49b2-b630-1080916afd3f-5_user [2756] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: - (..) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job [934] =>PUP.GlobalUpdate
O39 - APT: - (..) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore [934] =>PUP.GlobalUpdate
O39 - APT: - (..) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job [938] =>PUP.GlobalUpdate
O39 - APT: - (..) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA [938] =>PUP.GlobalUpdate
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1050]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1054]
O39 - APT: Re-markit Update - (...) -- C:\Windows\Tasks\Re-markit Update.job [382] =>PUP.ReMarkIt
O39 - APT: Re-markit Update - (...) -- C:\Windows\System32\Tasks\Re-markit Update [382] =>PUP.ReMarkIt
O39 - APT: Re-markit_wd - (...) -- C:\Windows\Tasks\Re-markit_wd.job [362] =>PUP.ReMarkIt
O39 - APT: Re-markit_wd - (...) -- C:\Windows\System32\Tasks\Re-markit_wd [362] =>PUP.ReMarkIt
O39 - APT: - (..) -- C:\Windows\Tasks\YOFBLUNJ.job [1686]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\YOFBLUNJ [1686]
~ Scheduled Task: 40 Legitimates Filtered in 00mn 07s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (qrnfd_1_10_0_12) . (.Quick Ref - Quick Ref Driver x86.) - C:\Windows\System32\drivers\qrnfd_1_10_0_12.sys =>PUP.QuickRef
O41 - Driver: (qrnfd_1_10_0_9) . (. - .) - C:\Windows\System32\drivers\qrnfd_1_10_0_9.sys (.not file.)
O41 - Driver: (ssnfd_1_10_0_5) . (. - .) - C:\Windows\System32\drivers\ssnfd_1_10_0_5.sys (.not file.)
O41 - Driver: ({77f6a904-58d8-47e1-b07f-da8c7e56f35d}Gw) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{77f6a904-58d8-47e1-b07f-da8c7e56f35d}Gw.sys =>PUP.LinkiDoo
O41 - Driver: ({868f5d1e-b683-49ca-9434-597bf061a27a}Gw) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{868f5d1e-b683-49ca-9434-597bf061a27a}Gw.sys =>PUP.LinkiDoo
O41 - Driver: ({bcd08fc8-cb56-41a3-8b19-3c556687a504}Gw) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{bcd08fc8-cb56-41a3-8b19-3c556687a504}Gw.sys =>PUP.LinkiDoo
O41 - Driver: ({bcd08fc8-cb56-41a3-8b19-3c556687a504}w) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{bcd08fc8-cb56-41a3-8b19-3c556687a504}w.sys =>PUP.LinkiDoo
O41 - Driver: ({c5e48979-bd7f-4cf7-9b73-2482a67a4f37}w) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}w.sys =>PUP.LinkiDoo
~ Drivers: 84 Legitimates Filtered in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: Quick Ref 1.10.0.12 - (.Quick Ref.) [HKLM] -- QuickRef_1.10.0.12 =>PUP.QuickRef
O42 - Logiciel: Re-markit - (.Re-markit-software.) [HKLM] -- 469D2168-53C8-B49B-538E-2AF6B6AEDED1 =>PUP.ReMarkIt
O42 - Logiciel: Reimage Repair - (.Reimage.) [HKLM] -- Reimage Repair =>Rogue.ReimageRepair
~ Logic: 14 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader
[HKCU\Software\Browser]
[HKCU\Software\Cinema Video 1.8V21.03-nv-ie]
[HKCU\Software\CoinisRS] =>Adware.InstallCore
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\Corez]
[HKCU\Software\Gameo] =>PUP.Gameo
[HKCU\Software\Genesis] =>PUP.Genesis
[HKCU\Software\GoHDV21.03-nv-ie] =>PUP.CrossRider
[HKCU\Software\HD4Good-nv-ie]
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\InstalledBrowserExtensions] =>PUP.BrowserExtensions
[HKCU\Software\Internet Speed Checker-nv-ie] =>PUP.InternetSpeedChecker
[HKCU\Software\Linkey] =>PUP.LinkeySearch
[HKCU\Software\MediaPv2.6-nv-ie]
[HKCU\Software\Popajar] =>Toolbar.Conduit
[HKCU\Software\ProductSetup] =>Adware.InstallCore
[HKCU\Software\Reg]
[HKCU\Software\Reimage] =>Rogue.ReimageRepair
[HKCU\Software\Smartbar] =>Hijacker.SmartBar
[HKCU\Software\SmileysWeLove] =>Adware.SmileyBar
[HKCU\Software\TornTv Downloader] =>Hijacker.TornTV
[HKCU\Software\TutoTag] =>PUP.AgenceExclusive
[HKCU\Software\Tutorials] =>PUP.AgenceExclusive
[HKCU\Software\Vuupc] =>PUP.VuuPC
[HKCU\Software\_CrossriderRegNamePlaceHolder_] =>PUP.CrossRider
[HKCU\Software\freesofttoday] =>Adware.FreeSoftToday
[HKCU\Software\reimagerepair] =>Rogue.ReimageRepair
[HKCU\Software\test]
[HKLM\Software\AdGazelle] =>PUP.AdGazelle
[HKLM\Software\Conduit] =>Toolbar.Conduit
[HKLM\Software\FREESOFTTODAY] =>Adware.FreeSoftToday
[HKLM\Software\GoHDV21.03-nv-ie] =>PUP.CrossRider
[HKLM\Software\GoHDV21.03] =>PUP.CrossRider
[HKLM\Software\InstalledBrowserExtensions] =>PUP.BrowserExtensions
[HKLM\Software\Linkey] =>PUP.LinkeySearch
[HKLM\Software\MaxPower]
[HKLM\Software\PJ]
[HKLM\Software\QuickRef_1.10.0.9] =>PUP.QuickRef
[HKLM\Software\Reg]
[HKLM\Software\Reimage] =>Rogue.ReimageRepair
[HKLM\Software\SearchSnacks_1.10.0.5] =>PUP.SearchSnacks
[HKLM\Software\SmdmF] =>PUP.SystemK
[HKLM\Software\SpeedBrowser] =>PUP.SpeedBrowser
[HKLM\Software\TheTorntv V10-nv] =>Hijacker.TornTV
[HKLM\Software\Tutorials] =>PUP.AgenceExclusive
[HKLM\Software\WinPj]
[HKLM\Software\videos MediaPlay-Air-nv] =>PUP.CrossRider
~ Key Software: 163 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 22/03/2015 - 02:21:48 - [] ----D C:\Program Files\fst_be_71 =>Adware.FreeSoftToday
O43 - CFD: 22/03/2015 - 02:24:14 - [] ----D C:\Program Files\GoHDV21.03 =>PUP.CrossRider
O43 - CFD: 27/03/2015 - 21:27:27 - [] ----D C:\Program Files\MyPC Backup =>PUP.MyPCBackup
O43 - CFD: 1/04/2015 - 10:12:39 - [] ----D C:\Program Files\QuickRef_1.10.0.12 =>PUP.QuickRef
O43 - CFD: 27/03/2015 - 19:42:08 - [] ----D C:\Program Files\QuickRef_1.10.0.9 =>PUP.QuickRef
O43 - CFD: 28/03/2015 - 01:02:39 - [] ----D C:\Program Files\Reimage =>Rogue.ReimageRepair
O43 - CFD: 27/03/2015 - 19:41:04 - [] ----D C:\Program Files\ver3Re-markit =>PUP.ReMarkIt
O43 - CFD: 27/03/2015 - 17:34:29 - [] ----D C:\ProgramData\AruuDER
O43 - CFD: 24/03/2015 - 00:09:45 - [] ----D C:\ProgramData\Browser
O43 - CFD: 13/03/2015 - 02:31:02 - [] ----D C:\ProgramData\iaploegiodapdjgcjcgnhilcllopjadg
O43 - CFD: 28/03/2015 - 01:57:59 - [] ----D C:\ProgramData\IePluginServices =>PUP.IePluginService
O43 - CFD: 28/03/2015 - 01:09:49 - [] ----D C:\ProgramData\Reimage Protector =>Rogue.ReimageRepair
O43 - CFD: 28/03/2015 - 01:00:40 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair =>Rogue.ReimageRepair
O43 - CFD: 14/07/2009 - 11:00:22 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 12/03/2015 - 22:10:48 - [] ----D C:\Users\Oxfam\AppData\Roaming\06A99EB0-1425680217-11D9-BBDA-796B79070012
O43 - CFD: 9/03/2015 - 09:55:26 - [] -SH-D C:\Users\Oxfam\AppData\Roaming\AnyProtectEx =>PUP.AnyProtect
O43 - CFD: 23/03/2015 - 01:16:04 - [] ----D C:\Users\Oxfam\AppData\Roaming\DriverAgent =>PUP.DriverAgent
O43 - CFD: 8/03/2015 - 03:09:32 - [0] ----D C:\Users\Oxfam\AppData\Roaming\rightbackup
O43 - CFD: 19/08/2014 - 01:40:18 - [] ----D C:\Users\Oxfam\AppData\Roaming\Shortcut
O43 - CFD: 22/03/2015 - 03:20:11 - [] ----D C:\Users\Oxfam\AppData\Roaming\smileyswelove =>Adware.SmileyBar
O43 - CFD: 12/03/2015 - 22:10:58 - [] ----D C:\Users\Oxfam\AppData\Local\06A99EB0-1425684429-11D9-BBDA-796B79070012
O43 - CFD: 21/08/2014 - 18:46:33 - [] ----D C:\Users\Oxfam\AppData\Local\com
O43 - CFD: 7/03/2015 - 21:55:40 - [] -SH-D C:\Users\Oxfam\AppData\Local\EmieBrowserModeList
O43 - CFD: 4/04/2015 - 19:40:56 - [] ----D C:\Users\Oxfam\AppData\Local\fst_be_71 =>Adware.FreeSoftToday
O43 - CFD: 29/03/2015 - 15:09:04 - [] ----D C:\Users\Oxfam\AppData\Local\Gameo =>PUP.Gameo
O43 - CFD: 9/03/2015 - 09:51:09 - [] ----D C:\Users\Oxfam\AppData\Local\Pay-By-Ads =>PUP.PaybyAds
O43 - CFD: 19/08/2014 - 01:40:13 - [0] ----D C:\Users\Oxfam\AppData\Local\Sparta
O43 - CFD: 24/03/2015 - 14:21:02 - [] ----D C:\Users\Oxfam\AppData\Local\speed browser =>PUP.SpeedBrowser
~ Program Folder: 130 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 21/03/2015 - 00:34:07 RSHA- . (...) -- C:\IO.SYS [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 21/03/2015 - 00:34:07 RSHA- . (...) -- C:\MSDOS.SYS [0]
O44 - LFC:[MD5.A443DFC2F6CC55DF6EEAE635F231819F] - 21/03/2015 - 06:53:04 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{868f5d1e-b683-49ca-9434-597bf061a27a}Gw.sys [43144] =>PUP.LinkiDoo
O44 - LFC:[MD5.5A8C573A51236BEAE6C591B289BC093E] - 22/03/2015 - 00:58:40 ---A- . (.Pas de propriétaire - Registry Optimizer.) -- C:\Windows\System32\roboot.exe [18168]
O44 - LFC:[MD5.86854294F564096698036236459E28DE] - 22/03/2015 - 19:57:16 ---A- . (...) -- C:\Windows\rcore.exe [4687360]
O44 - LFC:[MD5.26D70F1E52F762842DF3875DA719583A] - 24/03/2015 - 21:26:13 ---A- . (...) -- C:\Windows\System32\029B560A371F4E00AB32838EBC01B9E7 [4]
O44 - LFC:[MD5.473802244078DC7213CF7C3F47115F48] - 26/03/2015 - 19:44:40 ---A- . (.Quick Ref - Quick Ref Driver x86.) -- C:\Windows\System32\Drivers\qrnfd_1_10_0_12.sys [52720] =>PUP.QuickRef
O44 - LFC:[MD5.7D754659139D0719413EEE8E3D5BBD4D] - 26/03/2015 - 20:18:38 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{77f6a904-58d8-47e1-b07f-da8c7e56f35d}Gw.sys [43160] =>PUP.LinkiDoo
O44 - LFC:[MD5.15AE74A68D004C8BA3A2EB793A92C5CC] - 27/03/2015 - 21:10:43 ----- . (...) -- C:\bootsqm.dat [3272]
O44 - LFC:[MD5.65A6E9C6171A703BC62DC4968A9CC7D8] - 28/03/2015 - 00:13:00 ---A- . (...) -- C:\Windows\Reimage.ini [165] =>Rogue.ReimageRepair
O44 - LFC:[MD5.406E76BE63C65E0BF4B263156320254E] - 3/04/2015 - 23:35:11 ---A- . (...) -- C:\Windows\System32\ScannerSettings [464]
O44 - LFC:[MD5.078C09019067B0B1772A487081BDC1D5] - 4/04/2015 - 00:09:27 ---A- . (...) -- C:\Windows\System32\ScanResults.xml [9418]
~ Files: 140 Legitimates Filtered in 00mn 06s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.BE386874CD5B80E4AAF73BF888A9FAB6] - 4/04/2015 - 18:40:06 ---A- - C:\Windows\Prefetch\BACKUPSTACK.EXE-97682A25.pf =>PUP.MyPCBackup
O45 - LFCP:[MD5.6AD75501C09516067A3A61F2D0AE97CF] - 6/03/2015 - 22:56:05 ---A- - C:\Windows\Prefetch\CLEARTHINK.BOAS.EXE-B2F91348.pf =>PUP.ClearThink
O45 - LFCP:[MD5.70FA9E3D5A355D317EBE634766736233] - 6/03/2015 - 22:27:00 ---A- - C:\Windows\Prefetch\CLEARTHINK.BOASHELPER.EXE-FA6465A0.pf =>PUP.ClearThink
O45 - LFCP:[MD5.EEF6DB39BA6C14A46943579C3583D9E0] - 6/03/2015 - 22:55:59 ---A- - C:\Windows\Prefetch\CLEARTHINK.BOASPRT.EXE-CA340BC6.pf =>PUP.ClearThink
O45 - LFCP:[MD5.605A168385A10F11065B431193369BEE] - 22/03/2015 - 00:25:27 ---A- - C:\Windows\Prefetch\CLEARTHINK.BROWSERADAPTER.EXE-46897978.pf =>PUP.ClearThink
O45 - LFCP:[MD5.07902AC5B4337BAD156FB6A48328609B] - 22/03/2015 - 00:25:27 ---A- - C:\Windows\Prefetch\CLEARTHINK.EXPEXT.EXE-DD5673C5.pf =>PUP.ClearThink
O45 - LFCP:[MD5.29DC5364D7FF39AE390D23444C257653] - 21/03/2015 - 14:08:59 ---A- - C:\Windows\Prefetch\CLEARTHINK.PURBROWSE.EXE-306E9034.pf =>PUP.ClearThink
O45 - LFCP:[MD5.9D189DCDE93686494BA7920A2BC1BC3F] - 4/04/2015 - 18:39:08 ---A- - C:\Windows\Prefetch\FST_BE_71.EXE-13FECD7A.pf =>Adware.FreeSoftToday
O45 - LFCP:[MD5.89616229155138564209699CB62549F5] - 19/03/2015 - 13:50:26 ---A- - C:\Windows\Prefetch\H9RE-MARKITI73.EXE-A88E0EFA.pf =>PUP.ReMarkIt
O45 - LFCP:[MD5.5B80E65840504162DD065A0152A56612] - 27/03/2015 - 15:14:02 ---A- - C:\Windows\Prefetch\MYPC BACKUP.EXE-2654E8AC.pf =>PUP.MyPCBackup
O45 - LFCP:[MD5.4475E70680E87054EB015E8AE678BC5F] - 6/03/2015 - 22:13:07 ---A- - C:\Windows\Prefetch\PACKAGE_QUICKREF_P_INSTALLER_-A6DC2C60.pf =>PUP.QuickRef
O45 - LFCP:[MD5.40E6B70F85BECCEF67CD6A15111309C3] - 6/03/2015 - 22:12:58 ---A- - C:\Windows\Prefetch\PACKAGE_QUICKREF_P_INSTALLER_-B0909BE2.pf =>PUP.QuickRef
O45 - LFCP:[MD5.F71B6D023AB329FD2A666FF10A9ED8D3] - 6/03/2015 - 22:15:29 ---A- - C:\Windows\Prefetch\QUICKREF_P.EXE-A75B9850.pf =>PUP.QuickRef
O45 - LFCP:[MD5.7E5D2630988CCEEB15699F9F1E362B06] - 6/03/2015 - 22:15:16 ---A- - C:\Windows\Prefetch\QUICKREF_P_SOFT_PARTNER.EXE-2C1097AC.pf =>PUP.QuickRef
O45 - LFCP:[MD5.A7421D6B989E31BA980A963905588CF3] - 6/03/2015 - 22:15:18 ---A- - C:\Windows\Prefetch\QUICKREF_P_SOFT_PARTNER.TMP-B455EC36.pf =>PUP.QuickRef
O45 - LFCP:[MD5.BFA973C0A329229F0CA8D10836BFD5B9] - 6/03/2015 - 14:57:12 ---A- - C:\Windows\Prefetch\SIGNUP WIZARD.EXE-4C83F7E4.pf =>PUP.MyPCBackup
O45 - LFCP:[MD5.C4E6111AB50C27F6BD0F52FE12A0736A] - 22/03/2015 - 01:21:06 ---A- - C:\Windows\Prefetch\UPDATECLEARTHINK.EXE-5BFC01A7.pf =>PUP.ClearThink
O45 - LFCP:[MD5.CBF7C5AD4AF1C5002D574BE927B57405] - 4/04/2015 - 18:40:56 ---A- - C:\Windows\Prefetch\UPFST_BE_71.EXE-79B1FB9F.pf =>Adware.FreeSoftToday
O45 - LFCP:[MD5.56440D7D7240936FE50AAD65F3549A53] - 22/03/2015 - 00:45:28 ---A- - C:\Windows\Prefetch\UTILCLEARTHINK.EXE-FD0291AF.pf =>PUP.ClearThink
~ Prefetcher: 19 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:14/07/2009 - 02:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:13/07/2009 - 23:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:26/03/2015 - 19:44:40 ---A- . (.Quick Ref - Quick Ref Driver x86.) -- C:\Windows\System32\Drivers\qrnfd_1_10_0_12.sys [52720] =>PUP.QuickRef
O58 - SDL:8/04/2003 - 09:30:48 ---A- . (.Analog Devices, Inc. - SoundMAX Stub Driver.) -- C:\Windows\System32\Drivers\smsens.sys [3744]
O58 - SDL:15/04/2004 - 10:20:36 ---A- . (.Analog Devices, Inc. - SoundMAX Integrated Digital Audio.) -- C:\Windows\System32\Drivers\smwdm.sys [612416]
O58 - SDL:14/07/2009 - 02:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:16/07/2014 - 17:42:28 ---A- . (.Corsica - Web Instrumentation Driver.) -- C:\Windows\System32\Drivers\webinstr.sys [51336]
O58 - SDL:26/03/2015 - 20:18:38 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{77f6a904-58d8-47e1-b07f-da8c7e56f35d}Gw.sys [43160] =>PUP.LinkiDoo
O58 - SDL:21/03/2015 - 06:53:04 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{868f5d1e-b683-49ca-9434-597bf061a27a}Gw.sys [43144] =>PUP.LinkiDoo
O58 - SDL:12/03/2015 - 13:08:34 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{bcd08fc8-cb56-41a3-8b19-3c556687a504}Gw.sys [43192] =>PUP.LinkiDoo
O58 - SDL:5/03/2015 - 23:05:32 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{bcd08fc8-cb56-41a3-8b19-3c556687a504}w.sys [43192] =>PUP.LinkiDoo
O58 - SDL:18/08/2014 - 06:00:28 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}w.sys [52368] =>PUP.LinkiDoo
O58 - SDL:13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 22:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 22:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 22:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 22:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 22:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 22:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 22:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 22:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 22:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 22:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 22:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 22:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 68 Legitimates Filtered in 00mn 05s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 1/04/2015 - 20:55:46 ---A- . (...) -- C:\Users\Oxfam\AppData\Local\fst_be_71\Download\majmp_gentleeu.exe [7793184] =>Adware.FreeSoftToday
O61 - LFC: 2/04/2015 - 20:55:46 ---A- . (...) -- C:\Users\Oxfam\AppData\Local\fst_be_71\Download\setup_recover_rec_be_19.exe [2106660] =>Adware.FreeSoftToday
O61 - LFC: 28/03/2015 - 20:55:47 ---A- . (...) -- C:\Users\Oxfam\AppData\Local\Microsoft\Windows\1036\StructuredQuerySchema.bin [330752]
O61 - LFC: 28/03/2015 - 20:56:47 ---A- . (...) -- C:\Users\Oxfam\Downloads\DriverTurboSetup (1).exe [254216] =>PUP.DriverTurbo
O61 - LFC: 28/03/2015 - 20:57:01 ---A- . (...) -- C:\Users\Oxfam\Downloads\DriverTurboSetup.exe [254216] =>PUP.DriverTurbo
O61 - LFC: 28/03/2015 - 20:57:15 ---A- . (.Google.) -- C:\Users\Oxfam\Downloads\software_removal_tool.exe [4441416]
O61 - LFC: 3/04/2015 - 20:55:46 ---A- . (...) -- C:\Users\Oxfam\AppData\Local\fst_be_71\Download\setup_recover_rec_be_20.exe [2107995] =>Adware.FreeSoftToday
O61 - LFC: 31/03/2015 - 20:55:46 ---A- . (...) -- C:\Users\Oxfam\AppData\Local\Google\Chrome\User Data\nacl_validation_cache.bin [200]
O61 - LFC: 4/04/2015 - 20:55:46 ---A- . (...) -- C:\Users\Oxfam\AppData\Local\Google\Chrome\User Data\ev_hashes_whitelist.bin [1113849]
~ 5069 Fichiers temporaires (Temporary files)
~ 63 Fichiers cookies (Cookies files)
~ Files: 99 Legitimates Filtered in 01mn 33s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 26/03/2015 - C:\Windows\System32\drivers\qrnfd_1_10_0_12.sys (qrnfd_1_10_0_12) .(.Quick Ref - Quick Ref Driver x86.) - LEGACY_QRNFD_1_10_0_12 =>PUP.QuickRef
O64 - Services: CurCS - 13/07/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
O64 - Services: CurCS - 16/07/2014 - C:\Windows\system32\Drivers\webinstr.sys (webinstr) .(.Corsica - Web Instrumentation Driver.) - LEGACY_WEBINSTR
O64 - Services: CurCS - 26/03/2015 - C:\Windows\System32\drivers\{77f6a904-58d8-47e1-b07f-da8c7e56f35d}Gw.sys ({77f6a904-58d8-47e1-b07f-da8c7e56f35d}Gw) .(.StdLib - StdLib.) - LEGACY_{77F6A904-58D8-47E1-B07F-DA8C7E56F35D}GW =>PUP.LinkiDoo
O64 - Services: CurCS - 21/03/2015 - C:\Windows\System32\drivers\{868f5d1e-b683-49ca-9434-597bf061a27a}Gw.sys ({868f5d1e-b683-49ca-9434-597bf061a27a}Gw) .(.StdLib - StdLib.) - LEGACY_{868F5D1E-B683-49CA-9434-597BF061A27A}GW =>PUP.LinkiDoo
O64 - Services: CurCS - 12/03/2015 - C:\Windows\System32\drivers\{bcd08fc8-cb56-41a3-8b19-3c556687a504}Gw.sys ({bcd08fc8-cb56-41a3-8b19-3c556687a504}Gw) .(.StdLib - StdLib.) - LEGACY_{BCD08FC8-CB56-41A3-8B19-3C556687A504}GW =>PUP.LinkiDoo
O64 - Services: CurCS - 5/03/2015 - C:\Windows\System32\drivers\{bcd08fc8-cb56-41a3-8b19-3c556687a504}w.sys ({bcd08fc8-cb56-41a3-8b19-3c556687a504}w) .(.StdLib - StdLib.) - LEGACY_{BCD08FC8-CB56-41A3-8B19-3C556687A504}W =>PUP.LinkiDoo
O64 - Services: CurCS - 18/08/2014 - C:\Windows\System32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}w.sys ({c5e48979-bd7f-4cf7-9b73-2482a67a4f37}w) .(.StdLib - StdLib.) - LEGACY_{C5E48979-BD7F-4CF7-9B73-2482A67A4F37}W =>PUP.LinkiDoo
~ Legacy: 137 Legitimates Filtered in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Not Key.)
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} - (Trovi) - http://www.trovi.com =>Hijacker.TroviCom
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.26098CC6BC2F6E06000AA5F43BC686BC] [SPRF][24/03/2015] (...) -- C:\ProgramData\Setup.exe [1498256]
~ Files: 1 Legitimates Filtered in 00mn 03s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{997A363D-B86D-48E2-854E-BCC123E24907}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Oxfam\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{9C1B2AEE-59CE-4982-849F-DB4BA3E94A38}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Oxfam\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 02s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.64BC02760640108F4AF7CCFA900503C5] [WIS][13/02/2012] (.Microsoft Corporation - Bing Bar.) -- C:\Windows\Installer\ba7fb6.msi [475136] =>Toolbar.Bing
~ WIS: 1 Legitimates Filtered in 00mn 00s



---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32 =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\BrowserGoodUntemp_RASAPI32 =>PUP.BrowserGood
HKLM\SOFTWARE\Microsoft\Tracing\BrowserGoodUntemp_RASMANCS =>PUP.BrowserGood
HKLM\SOFTWARE\Microsoft\Tracing\ClearThinkSetup_RASAPI32 =>PUP.ClearThink
HKLM\SOFTWARE\Microsoft\Tracing\ClearThinkSetup_RASMANCS =>PUP.ClearThink
HKLM\SOFTWARE\Microsoft\Tracing\ClearThinkUntemp_RASAPI32 =>PUP.ClearThink
HKLM\SOFTWARE\Microsoft\Tracing\ClearThinkUntemp_RASMANCS =>PUP.ClearThink
HKLM\SOFTWARE\Microsoft\Tracing\ClearThink_RASAPI32 =>PUP.ClearThink
HKLM\SOFTWARE\Microsoft\Tracing\ClearThink_RASMANCS =>PUP.ClearThink
HKLM\SOFTWARE\Microsoft\Tracing\ClearThink_Setup_RASAPI32 =>PUP.ClearThink
HKLM\SOFTWARE\Microsoft\Tracing\ClearThink_Setup_RASMANCS =>PUP.ClearThink
HKLM\SOFTWARE\Microsoft\Tracing\fst_be_71_RASAPI32 =>Adware.FreeSoftToday
HKLM\SOFTWARE\Microsoft\Tracing\fst_be_71_RASMANCS =>Adware.FreeSoftToday
HKLM\SOFTWARE\Microsoft\Tracing\ild_istartsurf_RASAPI32 =>PUP.Istart
HKLM\SOFTWARE\Microsoft\Tracing\ild_istartsurf_RASMANCS =>PUP.Istart
HKLM\SOFTWARE\Microsoft\Tracing\OptProStart_RASAPI32 =>PUP.OptimizerPro
HKLM\SOFTWARE\Microsoft\Tracing\OptProStart_RASMANCS =>PUP.OptimizerPro
HKLM\SOFTWARE\Microsoft\Tracing\PCSUSpeedTest_RASAPI32 =>Adware.ScriptHost
HKLM\SOFTWARE\Microsoft\Tracing\PCSUSpeedTest_RASMANCS =>Adware.ScriptHost
HKLM\SOFTWARE\Microsoft\Tracing\SearchSnacksAutoUpdateClient_RASAPI32 =>PUP.SearchSnacks
HKLM\SOFTWARE\Microsoft\Tracing\SearchSnacksAutoUpdateClient_RASMANCS =>PUP.SearchSnacks
HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32 =>Hijacker.SmartBar
HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS =>Hijacker.SmartBar
HKLM\SOFTWARE\Microsoft\Tracing\SupTab_ns_v5_RASAPI32 =>PUP.SupTab
HKLM\SOFTWARE\Microsoft\Tracing\SupTab_ns_v5_RASMANCS =>PUP.SupTab
HKLM\SOFTWARE\Microsoft\Tracing\TheTorntv V10-codedownloader_RASAPI32 =>Hijacker.TornTV
HKLM\SOFTWARE\Microsoft\Tracing\TheTorntv V10-codedownloader_RASMANCS =>Hijacker.TornTV
HKLM\SOFTWARE\Microsoft\Tracing\updateBrowserGood_RASAPI32 =>PUP.BrowserGood
HKLM\SOFTWARE\Microsoft\Tracing\updateBrowserGood_RASMANCS =>PUP.BrowserGood
HKLM\SOFTWARE\Microsoft\Tracing\updateClearThink_RASAPI32 =>PUP.ClearThink
HKLM\SOFTWARE\Microsoft\Tracing\updateClearThink_RASMANCS =>PUP.ClearThink
HKLM\SOFTWARE\Microsoft\Tracing\updateWebSpades_RASAPI32 =>PUP.WebSpades
HKLM\SOFTWARE\Microsoft\Tracing\updateWebSpades_RASMANCS =>PUP.WebSpades
HKLM\SOFTWARE\Microsoft\Tracing\upfst_be_71_RASAPI32 =>Adware.FreeSoftToday
HKLM\SOFTWARE\Microsoft\Tracing\upfst_be_71_RASMANCS =>Adware.FreeSoftToday
HKLM\SOFTWARE\Microsoft\Tracing\utilBrowserGood_RASAPI32 =>PUP.BrowserGood
HKLM\SOFTWARE\Microsoft\Tracing\utilBrowserGood_RASMANCS =>PUP.BrowserGood
HKLM\SOFTWARE\Microsoft\Tracing\utilClearThink_RASAPI32 =>PUP.ClearThink
HKLM\SOFTWARE\Microsoft\Tracing\utilClearThink_RASMANCS =>PUP.ClearThink
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\VOPackage_RASAPI32 =>Adware.Downware
HKLM\SOFTWARE\Microsoft\Tracing\VOPackage_RASMANCS =>Adware.Downware
HKLM\SOFTWARE\Microsoft\Tracing\Vuupc_setup_RASAPI32 =>PUP.VuuPC
HKLM\SOFTWARE\Microsoft\Tracing\Vuupc_setup_RASMANCS =>PUP.VuuPC
HKLM\SOFTWARE\Microsoft\Tracing\WebSpades_RASAPI32 =>PUP.WebSpades
HKLM\SOFTWARE\Microsoft\Tracing\WebSpades_RASMANCS =>PUP.WebSpades
HKLM\SOFTWARE\Microsoft\Tracing\WebSpades_Setup_RASAPI32 =>PUP.WebSpades
HKLM\SOFTWARE\Microsoft\Tracing\WebSpades_Setup_RASMANCS =>PUP.WebSpades
HKLM\SOFTWARE\Microsoft\Tracing\wpm_ns_v20_RASAPI32 =>PUP.WpManager
HKLM\SOFTWARE\Microsoft\Tracing\wpm_ns_v20_RASMANCS =>PUP.WpManager
~ BTK: 178 Legitimates Filtered in 00mn 00s



---\\ Recherche de clés de registre CLSID (O101)
[HKCR\CLSID\{3FC12491-896D-F84D-76E1-69E44FBDB9E8}] (Re-markit) =>PUP.ReMarkIt
[HKCR\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}] (Linkey) =>PUP.LinkeySearch
[HKCR\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}] (globalUpdate Update Plugin) =>PUP.GlobalUpdate
[HKCR\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}] (globalUpdate.OneClickProcessLauncher) =>PUP.GlobalUpdate
[HKCR\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}] (globalUpdate Update Plugin) =>PUP.GlobalUpdate
~ BCK: 4457 Legitimates Filtered in 00mn 18s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 28/03/2015 268464 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 22/07/1658 0 | (globalUpdate) . (...) - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe =>PUP.GlobalUpdate
SS - | Demand 22/07/1658 0 | (globalUpdatem) . (...) - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe =>PUP.GlobalUpdate
SS - | Auto 27/03/2015 107848 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 27/03/2015 107848 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Auto 22/07/1658 0 | (IePluginServices) . (...) - C:\ProgramData\IePluginServices\PluginService.exe =>PUP.IePluginService
SS - | Demand 9/04/2014 235696 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
SS - | Auto 11/12/2014 315496 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Auto 22/07/1658 0 | (Util ClearThink) . (...) - C:\Program Files\ClearThink\bin\utilClearThink.exe =>PUP.ClearThink
SS - | Demand 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/11/2014 53320 | (BackupStack) . (.Just Develop It.) - C:\Program Files\MyPC Backup\BackupStack.exe =>PUP.MyPCBackup
SR - | Auto 17/03/2015 11776 | (MixVideoPlayerUpdaterService) . (...) - C:\Program Files\MixVideoPlayer\MixVideoPlayerUpdaterService.exe =>PUP.MixVideoPlayer
SR - | Auto 30/01/2015 22184 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 26/03/2015 278592 | (qrsvc_1.10.0.12) . (.Quick Ref.) - C:\Program Files\QuickRef_1.10.0.12\Service\qrsvc.exe =>PUP.QuickRef
SR - | Auto 12/03/2015 4687360 | (rcores) . (...) - C:\Windows\rcore.exe
SR - | Auto 26/01/2014 84328 | (Registry Helper Service) . (.SafeApp Software, LLC.) - C:\Program Files\Registry Helper\RegistryHelperService.exe =>PUP.RegistryHelper
SR - | Auto 14/01/2015 6079848 | (ReimageRealTimeProtector) . (.Reimage®.) - C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe =>Rogue.ReimageRepair
SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 24s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
~ MBR: 1 Legitimates Filtered in 00mn 02s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Oxfam at 4/04/2015 20:58:11
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : 13008 - (29/03/2015)
Clés trouvées (Keys found) : 35
Valeurs trouvées (Values found) : 7
Dossiers trouvés (Folders found) : 19
Fichiers trouvés (Files found) : 54

[HKLM\SYSTEM\CurrentControlSet\Services\MyPC Backup) (BackupStack] =>PUP.MyPCBackup^
[HKLM\SYSTEM\CurrentControlSet\Services\globalUpdate) (globalUpdate] =>PUP.GlobalUpdate^
[HKLM\SYSTEM\CurrentControlSet\Services\IePluginServices] =>PUP.IePluginService^
[HKLM\SYSTEM\CurrentControlSet\Services\MixVideoPlayerUpdaterService] =>PUP.MixVideoPlayer^
[HKLM\SYSTEM\CurrentControlSet\Services\qrsvc_1.10.0.12] =>PUP.QuickRef^
[HKLM\SYSTEM\CurrentControlSet\Services\Registry Helper Service] =>PUP.RegistryHelper^
[HKLM\SYSTEM\CurrentControlSet\Services\ReimageRealTimeProtector] =>Rogue.ReimageRepair^
[HKLM\SYSTEM\CurrentControlSet\Services\Util ClearThink] =>PUP.ClearThink^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\QuickRef_1.10.0.12] =>PUP.QuickRef^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\469D2168-53C8-B49B-538E-2AF6B6AEDED1] =>PUP.ReMarkIt^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Reimage Repair] =>Rogue.ReimageRepair^
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}] =>Hijacker.SmartBar
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}] =>Hijacker.SmartBar
[HKLM\Software\Microsoft\Tracing\SnapDo_RASAPI32] =>Hijacker.SmartBar
[HKLM\Software\Microsoft\Tracing\SnapDo_RASMANCS] =>Hijacker.SmartBar
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113}] =>Adware.Agent
[HKLM\Software\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}] =>Adware.Agent
[HKLM\Software\Classes\SpeedUpMyPC] =>PUP.SpeedUpMyPC
[HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader
[HKCU\Software\Tutorials] =>Spyware.AgenceExclusive
[HKLM\Software\Tutorials] =>Spyware.AgenceExclusive
[HKLM\Software\Microsoft\Tracing\optprostart_RASMANCS] =>PUP.OptimizerPro
[HKLM\Software\Microsoft\Tracing\optprostart_RASAPI32] =>PUP.OptimizerPro
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider
[HKCU\Software\Reimage] =>Rogue.ReimageRepair
[HKLM\Software\Reimage] =>Rogue.ReimageRepair
[HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
[HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
[HKLM\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}] =>Adware.BrowseFox
[HKCU\Software\Classes\keepmysearch] =>Adware.MyWebSearch
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}] =>Adware.Bandoo^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:fst_be_71 =>Adware.FreeSoftToday^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]:upfst_be_71.exe =>Adware.FreeSoftToday^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent =>P2P.BitTorrent^
C:\Users\Oxfam\AppData\Roaming\Mozilla\Firefox\Profiles\EP: RegExtension {D0911945-1BD3-7B06-16BA-6632545B4D82} . (...) -- C:\extensions\Program Files\ver3Re-markit\177.xpi (.not file.) =>PUP.ReMarkIt^
C:\Program Files\fst_be_71 =>Adware.FreeSoftToday^
C:\Program Files\GoHDV21.03 =>PUP.CrossRider^
C:\Program Files\MyPC Backup =>PUP.MyPCBackup^
C:\Program Files\QuickRef_1.10.0.12 =>PUP.QuickRef^
C:\Program Files\QuickRef_1.10.0.9 =>PUP.QuickRef^
C:\Program Files\Reimage =>Rogue.ReimageRepair^
C:\Program Files\ver3Re-markit =>PUP.ReMarkIt^
C:\ProgramData\IePluginServices =>PUP.IePluginService^
C:\ProgramData\Reimage Protector =>Rogue.ReimageRepair^
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair =>Rogue.ReimageRepair^
C:\Users\Oxfam\AppData\Roaming\AnyProtectEx =>PUP.AnyProtect^
C:\Users\Oxfam\AppData\Roaming\DriverAgent =>PUP.DriverAgent^
C:\Users\Oxfam\AppData\Roaming\smileyswelove =>Adware.SmileyBar^
C:\Users\Oxfam\AppData\Local\fst_be_71 =>Adware.FreeSoftToday^
C:\Users\Oxfam\AppData\Local\Gameo =>PUP.Gameo^
C:\Users\Oxfam\AppData\Local\Pay-By-Ads =>PUP.PaybyAds^
C:\Users\Oxfam\AppData\Local\speed browser =>PUP.SpeedBrowser^
C:\Program Files\SearchProtect =>Toolbar.Conduit
C:\Program Files\ver3Re-markit\p2Re-markiti.exe =>PUP.ReMarkIt^
C:\Users\Oxfam\AppData\Local\fst_be_71\upfst_be_71.exe =>Adware.FreeSoftToday^
C:\Program Files\fst_be_71\fst_be_71.exe =>Adware.FreeSoftToday^
C:\Users\Oxfam\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent^
C:\Program Files\GoHDV21.03\05e33f54-447a-49b2-b630-1080916afd3f-1-6.exe =>PUP.CrossRider^
C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe =>Rogue.ReimageRepair^
C:\Windows\Tasks\05e33f54-447a-49b2-b630-1080916afd3f-5.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\05e33f54-447a-49b2-b630-1080916afd3f-5 =>PUP.CrossRider^
C:\Windows\Tasks\05e33f54-447a-49b2-b630-1080916afd3f-5_user.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\05e33f54-447a-49b2-b630-1080916afd3f-5_user =>PUP.CrossRider^
C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job =>PUP.GlobalUpdate^
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore =>PUP.GlobalUpdate^
C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job =>PUP.GlobalUpdate^
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA =>PUP.GlobalUpdate^
C:\Windows\Tasks\Re-markit Update.job =>PUP.ReMarkIt^
C:\Windows\System32\Tasks\Re-markit Update =>PUP.ReMarkIt^
C:\Windows\Tasks\Re-markit_wd.job =>PUP.ReMarkIt^
C:\Windows\System32\Tasks\Re-markit_wd =>PUP.ReMarkIt^
[HKCU\Software\CoinisRS] =>Adware.InstallCore^
[HKCU\Software\Conduit] =>Toolbar.Conduit^
[HKCU\Software\Gameo] =>PUP.Gameo^
[HKCU\Software\Genesis] =>PUP.Genesis^
[HKCU\Software\GoHDV21.03-nv-ie] =>PUP.CrossRider^
[HKCU\Software\Internet Speed Checker-nv-ie] =>PUP.InternetSpeedChecker^
[HKCU\Software\Linkey] =>PUP.LinkeySearch^
[HKCU\Software\Popajar] =>Toolbar.Conduit^
[HKCU\Software\ProductSetup] =>Adware.InstallCore^
[HKCU\Software\Smartbar] =>Hijacker.SmartBar^
[HKCU\Software\SmileysWeLove] =>Adware.SmileyBar^
[HKCU\Software\TornTv Downloader] =>Hijacker.TornTV^
[HKCU\Software\TutoTag] =>PUP.AgenceExclusive^
[HKCU\Software\Vuupc] =>PUP.VuuPC^
[HKCU\Software\_CrossriderRegNamePlaceHolder_] =>PUP.CrossRider^
[HKCU\Software\freesofttoday] =>Adware.FreeSoftToday^
[HKCU\Software\reimagerepair] =>Rogue.ReimageRepair^
[HKLM\Software\AdGazelle] =>PUP.AdGazelle^
[HKLM\Software\Conduit] =>Toolbar.Conduit^
[HKLM\Software\FREESOFTTODAY] =>Adware.FreeSoftToday^
[HKLM\Software\GoHDV21.03-nv-ie] =>PUP.CrossRider^
[HKLM\Software\GoHDV21.03] =>PUP.CrossRider^
[HKLM\Software\Linkey] =>PUP.LinkeySearch^
[HKLM\Software\QuickRef_1.10.0.9] =>PUP.QuickRef^
[HKLM\Software\SearchSnacks_1.10.0.5] =>PUP.SearchSnacks^
[HKLM\Software\SmdmF] =>PUP.SystemK^
[HKLM\Software\SpeedBrowser] =>PUP.SpeedBrowser^
[HKLM\Software\TheTorntv V10-nv] =>Hijacker.TornTV^
[HKLM\Software\videos MediaPlay-Air-nv] =>PUP.CrossRider^
C:\Windows\Installer\ba7fb6.msi =>Toolbar.Bing^
[HKCR\CLSID\{3FC12491-896D-F84D-76E1-69E44FBDB9E8}] (Re-markit) =>PUP.ReMarkIt^
[HKCR\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}] (Linkey) =>PUP.LinkeySearch^
[HKCR\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}] (globalUpdate Update Plugin) =>PUP.GlobalUpdate^
[HKCR\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}] (globalUpdate.OneClickProcessLauncher) =>PUP.GlobalUpdate^
[HKCR\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}] (globalUpdate Update Plugin) =>PUP.GlobalUpdate^
C:\Windows\Reimage.ini =>Rogue.ReimageRepair
~ Additionnel Scan: 207304 Items scanned in 02mn 20s



---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer Toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ AMI: 3 Legitimates Filtered in 00mn 00s



---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.fr/pup-remarkit =>PUP.ReMarkIt
http://nicolascoolman.fr/adware-freesofttoday =>Adware.FreeSoftToday
http://nicolascoolman.fr/hijacker-smartbar =>Hijacker.SmartBar
http://nicolascoolman.fr/rogue-reimagerepair =>Rogue.ReimageRepair
http://nicolascoolman.fr/pup-mypcbackup =>PUP.MyPCBackup
http://nicolascoolman.fr/pup-globalupdate =>PUP.GlobalUpdate
http://www.nicolascoolman.fr/blog/ =>PUP.IePluginService
http://www.nicolascoolman.fr/blog/ =>PUP.MixVideoPlayer
http://www.nicolascoolman.fr/blog/ =>PUP.QuickRef
http://www.nicolascoolman.fr/blog/ =>PUP.RegistryHelper
http://www.nicolascoolman.fr/blog/ =>PUP.ClearThink
http://nicolascoolman.fr/pup-crossrider =>PUP.CrossRider
http://nicolascoolman.fr/pup-tvwizard =>PUP.TVWizard
http://nicolascoolman.fr/pup-linkidoo =>PUP.LinkiDoo
http://nicolascoolman.fr/pup-1clickdownloader =>PUP.1ClickDownloader
http://nicolascoolman.fr/adware-installcore =>Adware.InstallCore
http://nicolascoolman.fr/toolbar-conduit =>Toolbar.Conduit
http://www.nicolascoolman.fr/blog/ =>PUP.Gameo
http://nicolascoolman.fr/pup-genesis =>PUP.Genesis
http://www.nicolascoolman.fr/blog/ =>PUP.BrowserExtensions
http://nicolascoolman.fr/pup-internetspeedchecker =>PUP.InternetSpeedChecker
http://nicolascoolman.fr/pup-linkeysearch =>PUP.LinkeySearch
http://nicolascoolman.fr/adware-smileybar =>Adware.SmileyBar
http://nicolascoolman.fr/hijacker-torntv =>Hijacker.TornTV
http://nicolascoolman.fr/spyware-agenceexclusive =>PUP.AgenceExclusive
http://nicolascoolman.fr/pup-vuupc =>PUP.VuuPC
http://www.nicolascoolman.fr/blog/ =>PUP.AdGazelle
http://www.nicolascoolman.fr/blog/ =>PUP.SearchSnacks
http://nicolascoolman.fr/pup-systemk =>PUP.SystemK
http://www.nicolascoolman.fr/blog/ =>PUP.SpeedBrowser
http://nicolascoolman.fr/pup-anyprotect =>PUP.AnyProtect
http://www.nicolascoolman.fr/blog/ =>PUP.DriverAgent
http://nicolascoolman.fr/pup-paybyads =>PUP.PaybyAds
http://www.nicolascoolman.fr/blog/ =>PUP.DriverTurbo
http://nicolascoolman.fr/hijacker-trovicom =>Hijacker.TroviCom
http://www.nicolascoolman.fr/blog/ =>PUP.BrowserGood
http://www.nicolascoolman.fr/blog/ =>PUP.Istart
http://nicolascoolman.fr/pup-optimizerpro =>PUP.OptimizerPro
http://nicolascoolman.fr/adware-scripthost =>Adware.ScriptHost
http://nicolascoolman.fr/pup-suptab =>PUP.SupTab
http://nicolascoolman.fr/pup-webspades =>PUP.WebSpades
http://nicolascoolman.fr/adware-downware =>Adware.Downware
http://nicolascoolman.fr/pup-wpmanager =>PUP.WpManager
http://www.nicolascoolman.fr/blog/ =>Adware.Agent
http://www.nicolascoolman.fr/blog/ =>PUP.SpeedUpMyPC
http://www.nicolascoolman.fr/blog/ =>Spyware.AgenceExclusive
http://nicolascoolman.fr/adware-browsefox =>Adware.BrowseFox
http://nicolascoolman.fr/adware-mywebsearch =>Adware.MyWebSearch
http://nicolascoolman.fr/adware-bandoo =>Adware.Bandoo
~ MSI: 49 link(s) detected in 00mn 00s



~ 980 Legitimates filtered by white list
End of the scan (837 lines in 06mn 05s)(0.10)

Publicité


Signaler le contenu de ce document

Publicité