cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2015.6.4.54 - Nicolas Coolman (31/05/2015)
~ Lancé par Utisateur (04/06/2015 23:33:18)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17801
MFIE: Mozilla Firefox 38.0.5
OBIE: Wacom WebTabletPlugin for Internet Explorer and Netscape v2.1.0.7

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_COA_NSLP channel
Windows ID Activation : OK
~ Windows Partial Key : CMBGX
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)

---\\ Logiciels de protection du système
Microsoft Security Client v4.8.0204.0
McAfee Security Scan Plus v3.8.150.1
Windows Defender W7 (Deactivate)

---\\ Logiciels d'optimisation du système
CCleaner v5.06

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 17 NPAPI
Adobe Reader XI

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 60 Stepping 3, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4033 MB (31% free)
System Restore: Activé (Enable)
System drive C: has 111 GB (30%) free of 361 GB

---\\ Mode de connexion au système
~ Computer Name: UTISATEUR-PC
~ User Name: Utisateur
~ All Users Names: Utisateur, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Utisateur\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Utisateur\AppData\Roaming\
~ %Desktop% : D:\Jean-Marc\bureau\
~ %Favorites% : D:\Jean-Marc\Favorites\
~ %LocalAppData% : C:\Users\Utisateur\AppData\Local\
~ %StartMenu% : C:\Users\Utisateur\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 111 Go of 361 Go)
D: Hard drive, Flash drive, Thumb drive (Free 241 Go of 571 Go)
E: Hard drive, Flash drive, Thumb drive (Free 73 Go of 233 Go)
F: Hard drive, Flash drive, Thumb drive (Free 148 Go of 233 Go)
G: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.F0289B3A341429117696F0279DA977B6] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.21/04/2015 - 16:27:25.) -- C:\Windows\System32\wininet.dll [2352128]
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.17/07/2014 - 03:07:24.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 07:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.70988118145F5F10EF24720B97F35F65] - (.Microsoft Corporation - TDI Translation Driver.) (.11/11/2014 - 02:46:26.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.DF8126BD41180351A093A3AD2FC8903B] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.25/02/2011 - 07:25:38.) -- C:\Windows\system32\Drivers\volsnap.sys [296320]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/151
~ Mes musiques (My Musics) : 14/92
~ Mes Videos (My Videos) : 1/50
~ Mes Favoris (My Favorites) : 1/48
~ Mes Documents (My Documents) : 2/7126
~ Mon Bureau (My Desktop) : 1/4156
~ Menu demarrer (Programs) : 1/112
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lancés
[MD5.D19C99CF2938AEAE39805895D160E670] - (.SEIKO EPSON CORPORATION - MyEpson Portal.) -- C:\Program Files (x86)\EPSON\MyEpson Portal\mep.exe [2387440] [PID.2916]
[MD5.638644168D9B5B5093AD84C9C162B550] - (.NVIDIA Corporation - NVIDIA Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296] [PID.4896]
[MD5.094E4E76FB9AB960A73F841BC6733F42] - (.Intel Corporation - iusb3mon.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848] [PID.4500]
[MD5.46D3D19A4745B67DCA6692AFAB0E136D] - (.SEIKO EPSON CORPORATION - EEventManager Application.) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912] [PID.4572]
[MD5.328D76C53A520B3974356BB64DC15C45] - (.Pas de propriétaire - eufroifw.) -- C:\ProgramData\Efeveiia\1.0.1.0\eufroifw.exe [159744] [PID.2296]
[MD5.153F088DFDB3F940AD9DAEB04A3ACC4D] - (.SoftBrain Technologies Ltd. - SmartWeb helper.) -- C:\Users\Utisateur\AppData\Local\SmartWeb\SmartWebHelper.exe [270368] [PID.1480] =>PUP.SmartWeb
[MD5.44069C2AC699C8DAD80A96FB1C8DFE57] - (.SoftBrain Technologies Ltd. - SmartWeb Application.) -- C:\Users\Utisateur\AppData\Local\SmartWeb\SmartWebApp.exe [557088] [PID.3552] =>PUP.SmartWeb
[MD5.309C50F458B64440F2666F1577933932] - (...) -- C:\Users\Utisateur\AppData\Local\gmsd_fr_610\upgmsd_fr_610.exe [3297736] [PID.916] =>PUP.CrossRider
[MD5.D8396B47535205AABC76970BC2DBABF8] - (...) -- C:\Program Files (x86)\gmsd_fr_610\gmsd_fr_610.exe [3984040] [PID.916] =>PUP.CrossRider
[MD5.70398589213236C0BC53BA53E27C27FF] - (.Elex do Brasil Participações Ltda - YACTray.) -- C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe [358848] [PID.1060] =>PUP.Elex
[MD5.A75AE3B84B6423CE6A088E80A2BC23C2] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [31280256] [PID.5232]
[MD5.923FE895B22B22A9CA03C72F3D15CE20] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [376944] [PID.8160]
[MD5.12E2FC1F74265881402DE856D01EFFFE] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8214016] [PID.6956]
[MD5.2691439FAC40F46C937BB684A3AE2E0F] - (.AnyProtect.com - AnyProtect.) -- C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [6434816] [PID.7768] =>PUP.AnyProtect
[MD5.F82B2FC221CA0E408874884787491667] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [410952] [PID.932]
[MD5.AEF87CABE75D04705D14AB4811F6C2DF] - (.Windows SysTool - Windows SysTool.) -- C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [487424] [PID.1400] =>PUP.Fuyu
[MD5.ABDD5AD016AFFD34AD40E944CE94BF59] - (.SEIKO EPSON CORPORATION - eEBAPI Core Process module.) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208] [PID.1592]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ysWOW64\rundll32.exe [0] [PID.2208]
[MD5.FC5B75CA6A1DA31EDD4F8D53F5540B98] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [81088] [PID.2464]
[MD5.BBF8F831C7720DD5135D8C4C8325187A] - (...) -- C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728] [PID.2488]
[MD5.E536856E96A7605EBF580D62A868E5FE] - (...) -- C:\Windows\SysWOW64\ASGT.exe [55296] [PID.2544]
[MD5.E605F35F03C881DC46902E0E2F5985B3] - (.SEIKO EPSON CORPORATION - MyEpson Portal Service.) -- C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [703984] [PID.2824]
[MD5.F758A5752CA282925CE3324FDBBADBED] - (.NVIDIA Corporation - NVIDIA Network Service.) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672] [PID.2264]
[MD5.B2309F132A31AF03C0A249AEDE8CF289] - (.pdfforge GmbH - PDF Architect 2.) -- C:\Program Files (x86)\PDF Architect 2\creator-ws.exe [738856] [PID.2728]
[MD5.47DC1F442C194FE141A4A5150EDF0ECE] - (...) -- C:\Users\Utisateur\AppData\Roaming\50DFFF20-1432754249-11DD-A06D-382C4ABC5C3C\hnscF4E3.tmp [334848] [PID.3720]
[MD5.3A9675FEFBBDAAEB6E9EC7CA2146D19D] - (...) -- C:\Users\Utisateur\AppData\Roaming\50DFFF20-1432754249-11DD-A06D-382C4ABC5C3C\jnssC9AD.tmp [306176] [PID.3752]
[MD5.19E0B5B6202CE85796EA6C0EBB7334DF] - (.Wacom Technology - Wacom Load Agent.) -- C:\Program Files\Tablet\Wacom\WacomHost.exe [39808] [PID.4512]
[MD5.20E83F4632E15A5E9E716FF2E8AC7FAE] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720] [PID.3600]
[MD5.52069AEB42D3D0F97CBCA1085EBF55E6] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432] [PID.5680]
[MD5.3DE66F47365AA8CEB18B1EE272F4FEBA] - (.Intel Corporation - Intel(R) Local Management Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [390616] [PID.5944]
[MD5.4D76C95F1F2C5653DF231D081DA0968A] - (.Taiwan Shui Mu Chih Ching Technology Limite - dsk service.) -- C:\Program Files (x86)\WinZipper\winzipersvc.exe [471696] [PID.2876] =>Adware.D365
[MD5.11F6F9216D8F77EAC196B07D66E819EA] - (.Elex do Brasil Participações Ltda - iSafeSvc.) -- C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048] [PID.3804] =>PUP.Elex
[MD5.A03A95B389479B2ADE3A288FA2EA11D1] - (.Elex do Brasil Participações Ltda - iSafeSvc2.) -- C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe [118048] [PID.4352] =>PUP.Elex
[MD5.7B8F174FEB0ECA1CABA91E3E94066B5E] - (...) -- C:\Users\Utisateur\AppData\Roaming\50DFFF20-1432754249-11DD-A06D-382C4ABC5C3C\nsa18E7.tmp [178688] [PID.5428]
~ Processes Running: Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Utisateur\AppData\Roaming\Mozilla\Firefox\Profiles\yhco2nip.default\prefs.js
M3 - MFPP: Plugins - [Utisateur] -- C:\Users\Utisateur\AppData\Roaming\Mozilla\Firefox\Profiles\yhco2nip.default\searchplugins\istartsurf.xml =>PUP.Istart
M3 - MFPP: Plugins - [Utisateur] -- C:\Users\Utisateur\AppData\Roaming\Mozilla\Firefox\Profiles\yhco2nip.default\searchplugins\mystartsearch.xml =>PUP.StartSearch
M3 - MFPP: Plugins - [Utisateur] -- C:\Users\Utisateur\AppData\Roaming\Mozilla\Firefox\Profiles\yhco2nip.default\searchplugins\oursurfing.xml =>Hijacker.OurSurfing
M3 - MFPP: Plugins - [Utisateur] -- C:\Users\Utisateur\AppData\Roaming\Mozilla\Firefox\Profiles\yhco2nip.default\searchplugins\trovi.xml
M3 - MFPP: Plugins - [Utisateur] -- C:\Users\Utisateur\AppData\Roaming\Mozilla\Firefox\Profiles\yhco2nip.default\searchplugins\WebSearch.xml
M2 - MFEP: RegExtension {e4f94d1e-2f53-401e-8885-681602c0ddd8} . (...) -- C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
M0 - MFSP: prefs.js [Utisateur - yhco2nip.default] http://www.mystartsearch.com =>PUP.StartSearch
M2 - MFEP: prefs.js [Utisateur - yhco2nip.default\searchffv2@gmail.com] [] QuickSearch v1.0 (..)
M2 - MFEP: prefs.js [Utisateur - yhco2nip.default\sweetsearch@gmail.com] [] Search Enginer v1.0.0.1031 (..) =>PUP.SearchEngine
M2 - MFEP: prefs.js [Utisateur - yhco2nip.default\wiocvllgjhbs@oivlzdwenfhl_.com] [] AdPunisher v14.18 (..)
M2 - MFEP: Extension [Utisateur - yhco2nip.default] en-gb@flyingtophat.co.uk
M2 - MFEP: Extension [Utisateur - yhco2nip.default] J@2nNl.com
M2 - MFEP: Extension [Utisateur - yhco2nip.default] searchffv2@gmail.com
M2 - MFEP: Extension [Utisateur - yhco2nip.default] sweetsearch@gmail.com =>PUP.SweetSearch
M2 - MFEP: Extension [Utisateur - yhco2nip.default] wiocvllgjhbs@oivlzdwenfhl_.com
M2 - MFEP: Extension [Utisateur - yhco2nip.default] {B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\ddg.xml
~ Firefox Browser: 41 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com =>PUP.StartSearch
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com =>PUP.StartSearch
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com =>PUP.StartSearch
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com =>Hijacker.DeltaHomes
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com =>PUP.StartSearch
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com =>Hijacker.DeltaHomes
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com =>PUP.StartSearch
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com =>PUP.StartSearch
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com =>PUP.StartSearch
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com =>PUP.StartSearch
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com =>PUP.StartSearch
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com =>PUP.StartSearch
~ IE Browser: 20 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\QuickLaunch [Utisateur]: Crossbrowse.lnk . (...) -- C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe (.not file.) =>PUP.CrossBrowser
O4 - GS\Desktop [Utisateur]: MixVideoPlayer.lnk . (...) -- C:\Program Files (x86)\MixVideoPlayer\MixVideoPlayer.exe (.not file.) =>PUP.MixVideoPlayer
~ Global Startup: 4 Legitimates Filtered in 00mn 00s



---\\ Applications lancées au démarrage du système (O4)
O4 - GS\Startup [Utisateur]: crossbrowse.lnk . (...) -- C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe (.not file.) =>PUP.CrossBrowser
O4 - GS\Startup [Utisateur]: SmartWeb.lnk . (.SoftBrain Technologies Ltd. - SmartWeb helper.) -- C:\Users\Utisateur\AppData\Local\SmartWeb\SmartWebHelper.exe =>PUP.SmartWeb
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- C:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [NvBackend] . (.NVIDIA Corporation - NVIDIA Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIJCE.exe =>.Epson Seiko Corporation
O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_D89448254CDC43E1A052023CB58D6DF2] C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe (.not file.) =>PUP.CrossBrowser
O4 - HKLM\..\Wow6432Node\Run: [USB3MON] . (.Intel Corporation - iusb3mon.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
O4 - HKLM\..\Wow6432Node\Run: [EEventManager] . (.SEIKO EPSON CORPORATION - EEventManager Application.) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [gmsd_fr_579] Clé orpheline =>PUP.CrossRider
O4 - HKLM\..\Wow6432Node\Run: [gmsd_fr_596] Clé orpheline =>PUP.CrossRider
O4 - HKLM\..\Wow6432Node\Run: [gmsd_us_640] Clé orpheline
O4 - HKLM\..\Wow6432Node\Run: [SmartWeb] . (.SoftBrain Technologies Ltd. - SmartWeb helper.) -- C:\Users\Utisateur\AppData\Local\SmartWeb\SmartWebHelper.exe =>PUP.SmartWeb
O4 - HKLM\..\Wow6432Node\Run: [gmsd_fr_610] . (...) -- C:\Program Files (x86)\gmsd_fr_610\gmsd_fr_610.exe =>PUP.CrossRider
O4 - HKLM\..\Wow6432Node\RunOnce: [upgmsd_fr_610.exe] . (...) -- C:\Users\Utisateur\AppData\Local\gmsd_fr_610\upgmsd_fr_610.exe =>PUP.CrossRider
O4 - HKLM\..\Wow6432Node\RunOnce: [Update] C:\Users\Utisateur\AppData\Roaming\ASPackage\ASPackage.exe (.not file.) =>PUP.ASPackage
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2926655597-619582154-2037061715-1000\..\Run: [EPLTarget\P0000000000000000] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIJCE.exe =>.Epson Seiko Corporation
O4 - HKUS\S-1-5-21-2926655597-619582154-2037061715-1000\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
O4 - HKUS\S-1-5-21-2926655597-619582154-2037061715-1000\..\Run: [GoogleChromeAutoLaunch_D89448254CDC43E1A052023CB58D6DF2] C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe (.not file.) =>PUP.CrossBrowser
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Free YouTube Download [64Bits] - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} . (...) -- C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\dvdvideosoft.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{66E64F4F-B59B-4B04-BED6-4241A37BE34F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{66E64F4F-B59B-4B04-BED6-4241A37BE34F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{66E64F4F-B59B-4B04-BED6-4241A37BE34F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: LinkProc (68ef6205) . (...) - c:\Program Files (x86)\LinkProc\LinkProc.dll
O23 - Service: ASGT (ASGT) . (...) - C:\Windows\SysWOW64\ASGT.exe
O23 - Service: YAC Service (iSafeService) . (.Elex do Brasil Participações Ltda - iSafeSvc.) - C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe =>PUP.Elex
O23 - Service: Courier Underscore (sysenyfo) . (...) - C:\Users\Utisateur\AppData\Roaming\50DFFF20-1432754249-11DD-A06D-382C4ABC5C3C\nsa18E7.tmp
O23 - Service: UpdateDust (UpdateDustTool) . (.VIS without Co - Downloader.Service.) - C:\Windows\Provider\UpdaterToolService.exe
O23 - Service: WindowsMangerProtect Service (WindowsMangerProtect) . (.Windows SysTool - Windows SysTool.) - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe =>PUP.Fuyu
O23 - Service: WinZiper service (winzipersvc) . (.Taiwan Shui Mu Chih Ching Technology Limite - dsk service.) - C:\Program Files (x86)\WinZipper\winzipersvc.exe =>Adware.D365
O23 - Service: Extension Cable Resolution (xubigomo) . (...) - C:\Users\Utisateur\AppData\Roaming\50DFFF20-1432754249-11DD-A06D-382C4ABC5C3C\hnscF4E3.tmp
O23 - Service: Loudspeaker Addition (zeminoxy) . (...) - C:\Users\Utisateur\AppData\Roaming\50DFFF20-1432754249-11DD-A06D-382C4ABC5C3C\jnssC9AD.tmp
~ Services: 27 Legitimates Filtered in 00mn 02s



---\\ Tâches planifiées en automatique (O39)
[MD5.2691439FAC40F46C937BB684A3AE2E0F] [APT] [APSnotifierPP1] (.AnyProtect.com.) -- C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [6434816] =>PUP.AnyProtect
[MD5.2691439FAC40F46C937BB684A3AE2E0F] [APT] [APSnotifierPP2] (.AnyProtect.com.) -- C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [6434816] =>PUP.AnyProtect
[MD5.2691439FAC40F46C937BB684A3AE2E0F] [APT] [APSnotifierPP3] (.AnyProtect.com.) -- C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [6434816] =>PUP.AnyProtect
[MD5.328D76C53A520B3974356BB64DC15C45] [APT] [Efeveiia] (...) -- C:\ProgramData\Efeveiia\1.0.1.0\eufroifw.exe [159744]
[MD5.153F088DFDB3F940AD9DAEB04A3ACC4D] [APT] [SmartWeb Upgrade Trigger Task] (.SoftBrain Technologies Ltd..) -- C:\Users\Utisateur\AppData\Local\SmartWeb\SmartWebHelper.exe [270368] =>PUP.SmartWeb
[MD5.00000000000000000000000000000000] [APT] [{BBCF9A0F-926F-4C34-95DF-018D3F197F91}] (...) -- C:\ProgramData\WebShield\uninstall.exe (.not file.) [0] =>Adware.WebShield
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: APSnotifierPP1 - (.AnyProtect.com.) -- C:\Windows\Tasks\APSnotifierPP1.job [378] =>PUP.AnyProtect
O39 - APT: APSnotifierPP1 - (.AnyProtect.com.) -- C:\Windows\System32\Tasks\APSnotifierPP1 [378] =>PUP.AnyProtect
O39 - APT: APSnotifierPP2 - (.AnyProtect.com.) -- C:\Windows\Tasks\APSnotifierPP2.job [376] =>PUP.AnyProtect
O39 - APT: APSnotifierPP2 - (.AnyProtect.com.) -- C:\Windows\System32\Tasks\APSnotifierPP2 [376] =>PUP.AnyProtect
O39 - APT: APSnotifierPP3 - (.AnyProtect.com.) -- C:\Windows\Tasks\APSnotifierPP3.job [376] =>PUP.AnyProtect
O39 - APT: APSnotifierPP3 - (.AnyProtect.com.) -- C:\Windows\System32\Tasks\APSnotifierPP3 [376] =>PUP.AnyProtect
~ Scheduled Task: 30 Legitimates Filtered in 00mn 01s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (innfd_1_10_0_14) . (. - .) - C:\Windows\System32\drivers\innfd_1_10_0_14.sys (.not file.)
O41 - Driver: (iSafeKrnl) . (.Elex do Brasil Participações Ltda - iSafe Kernel Driver.) - C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys =>PUP.Elex
O41 - Driver: (iSafeKrnlKit) . (.Elex do Brasil Participações Ltda - iSafe Kernel Kit Driver.) - C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys =>PUP.Elex
O41 - Driver: (iSafeKrnlMon) . (.Elex do Brasil Participações Ltda - YAC Monitor Driver.) - C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys =>PUP.Elex
O41 - Driver: (iSafeKrnlR3) . (.Elex do Brasil Participações Ltda - iSafe Kernel Ring3 Driver.) - C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys =>PUP.Elex
O41 - Driver: (iSafeNetFilter) . (.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) - C:\Windows\System32\DRIVERS\iSafeNetFilter.sys =>PUP.Elex
O41 - Driver: (scfd_1_10_0_16) . (. - .) - C:\Windows\System32\drivers\scfd_1_10_0_16.sys (.not file.)
~ Drivers: 82 Legitimates Filtered in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: AnyProtect - (.CMI Limited.) [HKLM][64Bits] -- AnyProtect =>PUP.CMILimited
O42 - Logiciel: CinemaPlus-3.2cV31.05 - (.Cinema PlusV31.05.) [HKLM][64Bits] -- CinemaPlus-3.2cV31.05 =>PUP.CrossRider
O42 - Logiciel: Evolve - (.Turtle Rock Studios.) [HKLM][64Bits] -- Steam App 273350
O42 - Logiciel: FixerCube - (.FixerCube.) [HKLM][64Bits] -- {12DA0E6F-5543-440C-BAA2-28BF01070AFA}{68ef6205} =>Adware.Graftor
O42 - Logiciel: Ori and the Blind Forest - (.Moon Studios GmbH.) [HKLM][64Bits] -- Steam App 261570
O42 - Logiciel: SmartWeb - (.SoftBrain Technologies Ltd..) [HKLM][64Bits] -- SmartWeb =>PUP.SmartWeb
O42 - Logiciel: UpdaterService version 1.5 - (.Updater Service.) [HKLM][64Bits] -- {DC866C1E-B796-4BD2-93B8-B5706AC5B5CC}_is1 =>Adware.IncrediBar
O42 - Logiciel: X Rebirth - (.Egosoft.) [HKLM][64Bits] -- Steam App 2870
O42 - Logiciel: YAC(Yet Another Cleaner!) - (.ELEX DO BRASIL PARTICIPAÇÕES LTDA.) [HKLM][64Bits] -- iSafe =>PUP.Elex
~ Logic: 45 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN PIP]
[HKCU\Software\AnyProtect] =>PUP.AnyProtect
[HKCU\Software\ArenaHD] =>PUP.CrossRider
[HKCU\Software\Boost]
[HKCU\Software\Boxore] =>Adware.Boxore
[HKCU\Software\Br0wsrApVs4.1-nv-ie] =>PUP.CrossRider
[HKCU\Software\BrowserV27.05-nv-ie] =>PUP.CrossRider
[HKCU\Software\Browser]
[HKCU\Software\CinemaPlus-3.2cV02.06-nv-ie] =>PUP.CrossRider
[HKCU\Software\CinemaPlus-3.2cV27.05-nv-ie] =>PUP.CrossRider
[HKCU\Software\CinemaPlus-3.2cV31.05-nv-ie] =>PUP.CrossRider
[HKCU\Software\CinemaPlus-3.2cV31.05] =>PUP.CrossRider
[HKCU\Software\Clubic]
[HKCU\Software\CrossBrowse-1.4V27.05-nv-ie] =>PUP.CrossBrowser
[HKCU\Software\CrossBrowser] =>PUP.CrossBrowser
[HKCU\Software\Crossbrowse] =>PUP.CrossBrowser
[HKCU\Software\DustApps]
[HKCU\Software\FLV]
[HKCU\Software\G5YyzGP6Y]
[HKCU\Software\HighDefAction] =>PUP.CrossRider
[HKCU\Software\HomeTab] =>PUP.CertifiedToolbar
[HKCU\Software\InstallPath]
[HKCU\Software\InstalledBrowserExtensions] =>PUP.BrowserExtensions
[HKCU\Software\Kromtech]
[HKCU\Software\ProductSetup] =>Adware.InstallCore
[HKCU\Software\TutoTag] =>PUP.AgenceExclusive
[HKCU\Software\Tutorials] =>PUP.AgenceExclusive
[HKCU\Software\V9]
[HKCU\Software\YorkNewCin] =>PUP.CrossRider
[HKCU\Software\nTOffZ3UDdQlUU4KjCWLFot3]
[HKCU\Software\qBEYLLfThWp5xrV2FtVgIb]
[HKCU\Software\subpar]
[HKLM\Software\ArenaHD] =>PUP.CrossRider
[HKLM\Software\HighDefAction] =>PUP.CrossRider
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\WebBar] =>PUP.WebBar
[HKLM\Software\Wow6432Node\73e0167f-0548-cc9c-bd67-51b91c63c267] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\AIM Toolbar]
[HKLM\Software\Wow6432Node\ArenaHD] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\AskPartnerNetwork] =>Toolbar.AskBar
[HKLM\Software\Wow6432Node\Boost]
[HKLM\Software\Wow6432Node\Boxore] =>Adware.Boxore
[HKLM\Software\Wow6432Node\CinemaPlus-3.2cV31.05-nv-ie] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Crossbrowse] =>PUP.CrossBrowser
[HKLM\Software\Wow6432Node\Elex-tech] =>PUP.Elex
[HKLM\Software\Wow6432Node\HighDefAction] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Infonaut_1.10.0.14] =>PUP.Infonaut
[HKLM\Software\Wow6432Node\MaxPower]
[HKLM\Software\Wow6432Node\SpeedBit]
[HKLM\Software\Wow6432Node\SpeedBrowser] =>PUP.SpeedBrowser
[HKLM\Software\Wow6432Node\SupDp] =>PUP.SupTab
[HKLM\Software\Wow6432Node\SuperClick_1.10.0.16] =>PUP.SuperClick
[HKLM\Software\Wow6432Node\Tutorials] =>PUP.AgenceExclusive
[HKLM\Software\Wow6432Node\V9]
[HKLM\Software\Wow6432Node\YorkNewCin] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab
[HKLM\Software\YorkNewCin] =>PUP.CrossRider
~ Key Software: 467 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 04/06/2015 - 21:01:38 - [] ----D C:\Program Files (x86)\AnyProtectEx =>PUP.AnyProtect
O43 - CFD: 17/05/2015 - 16:15:40 - [] ----D C:\Program Files (x86)\bestadblocker =>PUP.Adblocker
O43 - CFD: 01/06/2015 - 17:41:51 - [] ----D C:\Program Files (x86)\Bin
O43 - CFD: 27/05/2015 - 21:25:34 - [0] ----D C:\Program Files (x86)\Boxore =>Adware.Boxore
O43 - CFD: 01/06/2015 - 00:08:56 - [] ----D C:\Program Files (x86)\CinemaPlus-3.2cV31.05 =>PUP.CrossRider
O43 - CFD: 04/06/2015 - 20:59:59 - [0] ----D C:\Program Files (x86)\Edu App =>PUP.Optional
O43 - CFD: 04/06/2015 - 14:15:37 - [] ----D C:\Program Files (x86)\Elex-tech =>PUP.Elex
O43 - CFD: 11/03/2015 - 22:59:04 - [] ----D C:\Program Files (x86)\Free Codec Pack
O43 - CFD: 04/06/2015 - 07:43:34 - [] ----D C:\Program Files (x86)\gmsd_fr_610 =>PUP.CrossRider
O43 - CFD: 17/05/2015 - 16:19:12 - [] ----D C:\Program Files (x86)\LinkProc
O43 - CFD: 18/05/2015 - 19:18:39 - [] ----D C:\Program Files (x86)\OLBPre =>PUP.MyPCBackup
O43 - CFD: 17/05/2015 - 16:14:31 - [] ----D C:\Program Files (x86)\PriceMinus =>PriceMinus
O43 - CFD: 01/06/2015 - 17:41:51 - [] ----D C:\Program Files (x86)\UpdaterService
O43 - CFD: 03/06/2015 - 07:16:03 - [] ----D C:\Program Files (x86)\XTab
O43 - CFD: 27/05/2015 - 23:12:40 - [] ----D C:\ProgramData\3aa2f62b00007348
O43 - CFD: 24/05/2015 - 11:04:34 - [] ----D C:\ProgramData\88210807164167592
O43 - CFD: 08/05/2015 - 11:39:21 - [] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 29/05/2015 - 19:53:38 - [] ----D C:\ProgramData\Browser
O43 - CFD: 27/05/2015 - 21:28:46 - [] ----D C:\ProgramData\cb6ee55800004d98
O43 - CFD: 27/05/2015 - 20:13:08 - [] ----D C:\ProgramData\Efeveiia
O43 - CFD: 30/05/2015 - 08:46:22 - [] ----D C:\ProgramData\Radio
O43 - CFD: 29/05/2015 - 20:21:07 - [] ----D C:\ProgramData\WindowsMangerProtect =>PUP.Fuyu
O43 - CFD: 27/05/2015 - 21:29:59 - [] ----D C:\ProgramData\{69c6a212-0792-d21d-69c6-6a2120798848}
O43 - CFD: 20/05/2015 - 16:13:27 - [] ----D C:\ProgramData\{a2b80ab5-badf-3a36-a2b8-80ab5bad2ad6}
O43 - CFD: 03/06/2015 - 07:16:11 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse =>PUP.CrossBrowser
O43 - CFD: 12/04/2011 - 11:27:52 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 01/06/2015 - 17:41:51 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UpdaterService
O43 - CFD: 04/06/2015 - 23:14:04 - [] ----D C:\Users\Utisateur\AppData\Roaming\50DFFF20-1432754249-11DD-A06D-382C4ABC5C3C
O43 - CFD: 27/05/2015 - 21:18:18 - [] ----D C:\Users\Utisateur\AppData\Roaming\50DFFF20-1432754298-11DD-A06D-382C4ABC5C3C
O43 - CFD: 27/05/2015 - 22:21:31 - [] -SH-D C:\Users\Utisateur\AppData\Roaming\AnyProtectEx =>PUP.AnyProtect
O43 - CFD: 27/02/2015 - 18:03:19 - [0] ----D C:\Users\Utisateur\AppData\Roaming\Construct2
O43 - CFD: 04/06/2015 - 14:15:37 - [] ----D C:\Users\Utisateur\AppData\Roaming\Elex-tech =>PUP.Elex
O43 - CFD: 27/05/2015 - 21:21:03 - [] ----D C:\Users\Utisateur\AppData\Local\50DFFF20-1432761658-11DD-A06D-382C4ABC5C3C
O43 - CFD: 27/05/2015 - 20:09:29 - [] ----D C:\Users\Utisateur\AppData\Local\Boxore =>Adware.Boxore
O43 - CFD: 27/05/2015 - 21:55:17 - [] ----D C:\Users\Utisateur\AppData\Local\Crossbrowse =>PUP.CrossBrowser
O43 - CFD: 03/05/2015 - 18:46:19 - [] -SH-D C:\Users\Utisateur\AppData\Local\EmieBrowserModeList
O43 - CFD: 06/05/2015 - 18:08:53 - [] ----D C:\Users\Utisateur\AppData\Local\Frontier_Developments
O43 - CFD: 04/06/2015 - 22:59:20 - [] ----D C:\Users\Utisateur\AppData\Local\gmsd_fr_610 =>PUP.CrossRider
O43 - CFD: 06/05/2015 - 19:04:44 - [] ----D C:\Users\Utisateur\AppData\Local\Newproject
O43 - CFD: 02/05/2015 - 13:37:51 - [] ----D C:\Users\Utisateur\AppData\Local\Ori and the Blind Forest
O43 - CFD: 04/06/2015 - 07:43:10 - [] ----D C:\Users\Utisateur\AppData\Local\SmartWeb =>PUP.SmartWeb
O43 - CFD: 04/06/2015 - 21:01:38 - [] ----D C:\Users\Utisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup =>PUP.AnyProtect
~ Program Folder: 307 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.49A0DFC95D221C516EC57006C37F67D8] - 01/06/2015 - 16:41:35 ---A- . (.Pas de propriétaire - Setup/Uninstall.) -- C:\Windows\unins000.exe [718497]
O44 - LFC:[MD5.66A36515122B048F84316F6900C8A2EC] - 01/06/2015 - 16:41:37 ---A- . (...) -- C:\Windows\unins000.dat [10271]
O44 - LFC:[MD5.1F71D524479705BDAB5DA44BBDA78B65] - 01/06/2015 - 17:41:55 ---A- . (...) -- C:\Windows\Provider20150601194156.dll [173056]
O44 - LFC:[MD5.1F71D524479705BDAB5DA44BBDA78B65] - 01/06/2015 - 18:42:00 ---A- . (...) -- C:\Windows\Provider20150601204201.dll [173056]
O44 - LFC:[MD5.1F71D524479705BDAB5DA44BBDA78B65] - 01/06/2015 - 19:42:06 ---A- . (...) -- C:\Windows\Provider20150601214207.dll [173056]
O44 - LFC:[MD5.1F71D524479705BDAB5DA44BBDA78B65] - 01/06/2015 - 20:42:11 ---A- . (...) -- C:\Windows\Provider20150601224212.dll [173056]
O44 - LFC:[MD5.1F71D524479705BDAB5DA44BBDA78B65] - 01/06/2015 - 21:42:16 ---A- . (...) -- C:\Windows\Provider20150601234217.dll [173056]
O44 - LFC:[MD5.1F71D524479705BDAB5DA44BBDA78B65] - 01/06/2015 - 22:42:21 ---A- . (...) -- C:\Windows\Provider20150602191900.dll [173056]
O44 - LFC:[MD5.504BC55FF3193096BAB19347B78A7363] - 02/06/2015 - 18:19:04 ---A- . (...) -- C:\Windows\Provider20150602211908.dll [173056]
O44 - LFC:[MD5.504BC55FF3193096BAB19347B78A7363] - 02/06/2015 - 20:19:12 ---A- . (...) -- C:\Windows\Provider20150602221913.dll [173056]
O44 - LFC:[MD5.504BC55FF3193096BAB19347B78A7363] - 02/06/2015 - 21:19:17 ---A- . (...) -- C:\Windows\Provider20150603074457.dll [173056]
O44 - LFC:[MD5.504BC55FF3193096BAB19347B78A7363] - 03/06/2015 - 06:45:01 ---A- . (...) -- C:\Windows\Provider20150603135734.dll [173056]
O44 - LFC:[MD5.FE5F3917E85A098D6C8FC38F04EF9271] - 03/06/2015 - 07:46:51 ---A- . (.Elex do Brasil Participações Ltda - iSafe Kernel Boot Driver.) -- C:\Windows\System32\Drivers\iSafeKrnlBoot.sys [53568] =>PUP.Elex
O44 - LFC:[MD5.504BC55FF3193096BAB19347B78A7363] - 03/06/2015 - 12:57:38 ---A- . (...) -- C:\Windows\Provider20150603145739.dll [173056]
O44 - LFC:[MD5.504BC55FF3193096BAB19347B78A7363] - 03/06/2015 - 13:57:43 ---A- . (...) -- C:\Windows\Provider20150603155745.dll [173056]
O44 - LFC:[MD5.504BC55FF3193096BAB19347B78A7363] - 03/06/2015 - 14:57:47 ---A- . (...) -- C:\Windows\Provider20150603165748.dll [173056]
O44 - LFC:[MD5.504BC55FF3193096BAB19347B78A7363] - 03/06/2015 - 15:57:50 ---A- . (...) -- C:\Windows\Provider20150603195810.dll [173056]
O44 - LFC:[MD5.504BC55FF3193096BAB19347B78A7363] - 03/06/2015 - 18:58:12 ---A- . (...) -- C:\Windows\Provider20150603205815.dll [173056]
O44 - LFC:[MD5.504BC55FF3193096BAB19347B78A7363] - 03/06/2015 - 19:58:17 ---A- . (...) -- C:\Windows\Provider20150603215818.dll [173056]
O44 - LFC:[MD5.504BC55FF3193096BAB19347B78A7363] - 03/06/2015 - 20:58:21 ---A- . (...) -- C:\Windows\Provider20150603225822.dll [173056]
O44 - LFC:[MD5.504BC55FF3193096BAB19347B78A7363] - 03/06/2015 - 21:58:24 ---A- . (...) -- C:\Windows\Provider20150604081315.dll [173056]
O44 - LFC:[MD5.504BC55FF3193096BAB19347B78A7363] - 04/06/2015 - 07:13:18 ---A- . (...) -- C:\Windows\Provider20150604091409.dll [173056]
O44 - LFC:[MD5.504BC55FF3193096BAB19347B78A7363] - 04/06/2015 - 08:14:11 ---A- . (...) -- C:\Windows\Provider20150604101503.dll [173056]
O44 - LFC:[MD5.504BC55FF3193096BAB19347B78A7363] - 04/06/2015 - 09:15:05 ---A- . (...) -- C:\Windows\Provider20150604111557.dll [173056]
O44 - LFC:[MD5.504BC55FF3193096BAB19347B78A7363] - 04/06/2015 - 10:15:59 ---A- . (...) -- C:\Windows\Provider20150604121650.dll [173056]
O44 - LFC:[MD5.504BC55FF3193096BAB19347B78A7363] - 04/06/2015 - 11:16:53 ---A- . (...) -- C:\Windows\Provider20150604131744.dll [173056]
O44 - LFC:[MD5.504BC55FF3193096BAB19347B78A7363] - 04/06/2015 - 12:17:46 ---A- . (...) -- C:\Windows\Provider20150604141838.dll [173056]
O44 - LFC:[MD5.9FB02FBA90F6AF59537A30C3DB9777C8] - 04/06/2015 - 13:15:52 ---A- . (.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) -- C:\Windows\System32\Drivers\iSafeNetFilter.sys [52392] =>PUP.Elex
O44 - LFC:[MD5.504BC55FF3193096BAB19347B78A7363] - 04/06/2015 - 13:18:40 ---A- . (...) -- C:\Windows\Provider20150604151931.dll [173056]
O44 - LFC:[MD5.504BC55FF3193096BAB19347B78A7363] - 04/06/2015 - 14:19:34 ---A- . (...) -- C:\Windows\Provider20150604162025.dll [173056]
O44 - LFC:[MD5.504BC55FF3193096BAB19347B78A7363] - 04/06/2015 - 15:20:29 ---A- . (...) -- C:\Windows\Provider20150604172121.dll [173056]
O44 - LFC:[MD5.504BC55FF3193096BAB19347B78A7363] - 04/06/2015 - 16:21:23 ---A- . (...) -- C:\Windows\Provider20150604182214.dll [173056]
O44 - LFC:[MD5.504BC55FF3193096BAB19347B78A7363] - 04/06/2015 - 17:22:17 ---A- . (...) -- C:\Windows\Provider20150604192308.dll [173056]
O44 - LFC:[MD5.504BC55FF3193096BAB19347B78A7363] - 04/06/2015 - 18:23:10 ---A- . (...) -- C:\Windows\Provider20150604202402.dll [173056]
O44 - LFC:[MD5.504BC55FF3193096BAB19347B78A7363] - 04/06/2015 - 19:24:04 ---A- . (...) -- C:\Windows\Provider20150604212434.dll [173056]
O44 - LFC:[MD5.504BC55FF3193096BAB19347B78A7363] - 04/06/2015 - 20:24:37 ---A- . (...) -- C:\Windows\Provider20150604222438.dll [173056]
O44 - LFC:[MD5.504BC55FF3193096BAB19347B78A7363] - 04/06/2015 - 21:24:40 ---A- . (...) -- C:\Windows\Provider20150604232441.dll [173056]
O44 - LFC:[MD5.504BC55FF3193096BAB19347B78A7363] - 04/06/2015 - 22:24:43 ---A- . (...) -- C:\Windows\Provider.dll [173056]
O44 - LFC:[MD5.7808EFA944CD57DFE18A97FBD07273F0] - 27/05/2015 - 19:08:27 ---A- . (...) -- C:\Windows\patsearch.bin [2825]
O44 - LFC:[MD5.4C801E9BB85A6230CFEBCC46AAE0557B] - 28/05/2015 - 12:55:12 ---A- . (...) -- C:\Windows\Installer.exe [101888]
O44 - LFC:[MD5.1F71D524479705BDAB5DA44BBDA78B65] - 28/05/2015 - 12:55:16 ---A- . (...) -- C:\Windows\Provider20150601184147.dll [173056]
~ Files: 55 Legitimates Filtered in 00mn 02s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.67C799BE88A27304E475495D9A1A4140] - 04/06/2015 - 22:21:10 ---A- - C:\Windows\Prefetch\ANYPROTECT.EXE-FCA6F487.pf =>PUP.AnyProtect
O45 - LFCP:[MD5.A7CCFC7F73FD882894BBE495EAB4BD0C] - 04/06/2015 - 13:16:07 ---A- - C:\Windows\Prefetch\ISAFESVC.EXE-916A23F8.pf =>Trojan.Staser
O45 - LFCP:[MD5.322E7415D47E5568CC26BAB736DD5008] - 04/06/2015 - 13:16:05 ---A- - C:\Windows\Prefetch\ISAFESVC2.EXE-40B5C2B2.pf =>Trojan.Staser
O45 - LFCP:[MD5.D883D5DFF3729C406872574619BEACFE] - 04/06/2015 - 13:16:16 ---A- - C:\Windows\Prefetch\ISAFETHLP.EXE-DE7296F4.pf =>Trojan.Staser
O45 - LFCP:[MD5.D1C5FCFDA26756B6A09623A0D70A2D2A] - 04/06/2015 - 13:16:03 ---A- - C:\Windows\Prefetch\ISAFETHLP64.EXE-8558AC96.pf =>Trojan.Staser
O45 - LFCP:[MD5.CEDCA4684F7D5B2241CFBADAA468462D] - 04/06/2015 - 13:16:12 ---A- - C:\Windows\Prefetch\ISAFETRAY.EXE-3A86E014.pf =>Trojan.Staser
O45 - LFCP:[MD5.E690CF60467A921EB673256900D471FC] - 04/06/2015 - 11:05:00 ---A- - C:\Windows\Prefetch\SMARTWEBHELPER.EXE-0256A7BE.pf =>PUP.SmartWeb
O45 - LFCP:[MD5.736693310B01B5FD30B2CBD8B9091F94] - 04/06/2015 - 21:59:20 ---A- - C:\Windows\Prefetch\UPGMSD_FR_610.EXE-FF86E6C5.pf =>PUP.CrossRider
O45 - LFCP:[MD5.07752BA9CC68345CC7D9542E601825C6] - 04/06/2015 - 13:15:34 ---A- - C:\Windows\Prefetch\WINZIPERSVC.EXE-4098CB18.pf =>Adware.D365
~ Prefetcher: 9 Legitimates Filtered in 00mn 00s



---\\ Clé de registre Shell MountPoints2 (MPSK) (O51)
O51 - MPSK:{4c45ebc9-bc6f-11e4-a5f7-806e6f6e6963}\AutoRun\command. (...) -- E:\.\Bin\ASSETUP.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\puush [Key] . (.Pas de propriétaire - puush.) -- C:\Program Files (x86)\puush\puush.exe
O53 - SMSR:HKLM\...\startupreg\upgmsd_fr_596.exe [Key] . (...) -- C:\Users\Utisateur\AppData\Local\gmsd_us_640\upgmsd_fr_596.exe (.not file.) =>PUP.CrossRider
O53 - SMSR:HKLM\...\startupreg\upgmsd_us_640.exe [Key] . (...) -- C:\Users\Utisateur\AppData\Local\gmsd_us_640\upgmsd_us_640.exe (.not file.)
~ SMSR Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:25/10/2014 - 21:52:20 ---A- . (.Windows (R) Win 7 DDK provider - Filter Driver for HID-KMDF Interface.) -- C:\Windows\System32\Drivers\hidkmdf.sys [14136]
O58 - SDL:03/06/2015 - 07:46:51 ---A- . (.Elex do Brasil Participações Ltda - iSafe Kernel Boot Driver.) -- C:\Windows\System32\Drivers\iSafeKrnlBoot.sys [53568] =>PUP.Elex
O58 - SDL:17/04/2015 - 03:43:55 ---A- . (.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) -- C:\Windows\System32\Drivers\iSafeNetFilter.sys [52392] =>PUP.Elex
O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:22/08/2012 - 10:54:10 ---A- . (...) -- C:\Windows\SysWOW64\drivers\AsIO.sys [15232]
O58 - SDL:02/04/2009 - 13:30:14 ---A- . (...) -- C:\Windows\SysWOW64\drivers\ASUSHWIO.SYS [10296]
~ Drivers: 67 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 03/06/2015 - 23:33:34 ---A- . (...) -- C:\Users\Utisateur\AppData\Local\gmsd_fr_610\upgmsd_fr_610.exe [3297736] =>PUP.CrossRider
O61 - LFC: 04/06/2015 - 23:33:34 ---A- . (...) -- C:\Users\Utisateur\AppData\Local\gmsd_fr_610\Download\majmp_gentleeu.exe [10879494] =>PUP.CrossRider
O61 - LFC: 04/06/2015 - 23:33:34 ---A- . (.SoftBrain Technologies Ltd..) -- C:\Users\Utisateur\AppData\Local\SmartWeb\__u.exe [172673] =>PUP.SmartWeb
~ 685 Fichiers temporaires (Temporary files)
~ 138 Fichiers cookies (Cookies files)
~ Files: 115 Legitimates Filtered in 00mn 01s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 03/06/2015 - C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys (iSafeKrnl) .(.Elex do Brasil Participações Ltda - iSafe Kernel Driver.) - LEGACY_ISAFEKRNL =>PUP.Elex
O64 - Services: CurCS - 03/06/2015 - C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys (iSafeKrnlKit) .(.Elex do Brasil Participações Ltda - iSafe Kernel Kit Driver.) - LEGACY_ISAFEKRNLKIT =>PUP.Elex
O64 - Services: CurCS - 03/06/2015 - C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys (iSafeKrnlMon) .(.Elex do Brasil Participações Ltda - YAC Monitor Driver.) - LEGACY_ISAFEKRNLMON =>PUP.Elex
O64 - Services: CurCS - 03/06/2015 - C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys (iSafeKrnlR3) .(.Elex do Brasil Participações Ltda - iSafe Kernel Ring3 Driver.) - LEGACY_ISAFEKRNLR3 =>PUP.Elex
O64 - Services: CurCS - 17/04/2015 - C:\Windows\System32\DRIVERS\iSafeNetFilter.sys (iSafeNetFilter) .(.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) - LEGACY_ISAFENETFILTER =>PUP.Elex
O64 - Services: CurCS - 09/04/2015 - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys (NvStreamKms) .(.NVIDIA Corporation - Nvidia Streaming Kernel Service.) - LEGACY_NVSTREAMKMS
~ Legacy: 76 Legitimates Filtered in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (...) -- C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe =>PUP.CrossBrowser
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.The Chromium Authors - Chromium.) -- C:\Users\Utisateur\AppData\Local\Chromium\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe (.not file.) =>PUP.CrossBrowser
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: prefs.js [Utisateur - yhco2nip.default] user_pref("extensions.crossrider.bic", "14d9714d027396aa662437fbb6bb3871"); =>PUP.CrossRider
O69 - SBI: SearchScopes [HKCU] {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} [DefaultScope] - (Trovi) - http://www.trovi.com =>Hijacker.TroviCom
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.mystartsearch.com =>PUP.StartSearch
O69 - SBI: SearchScopes [HKCU] {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} - (Search Provided by Yahoo) - http://fr.yhs4.search.yahoo.comtA0DyEtA0ByDyD0C0CyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzuyByDyD%26cr%3D195813642%26a%3Dwncy_clu_15_20%26os%3DWindows 7 Home Premium&p={searchTerms}
O69 - SBI: SearchScopes [HKCU] {2f23ab71-4ac6-41f2-a955-ea576e553146} - (e) - http://www.mystartsearch.com =>PUP.StartSearch
O69 - SBI: SearchScopes [HKCU] {33BB0A4E-99AF-4226-BDF6-49120163DE86} - (mystartsearch) - http://www.mystartsearch.com =>PUP.StartSearch
O69 - SBI: SearchScopes [HKCU] {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} - (WebSearch) - http://websearch.goodforsearch.info
O69 - SBI: SearchScopes [HKCU] {E733165D-CBCF-4FDA-883E-ADEF965B476C} - (Google) - http://www.mystartsearch.com =>PUP.StartSearch
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.AB6818A7FF17230A6E5119F6CDD1F85B] [SPRF][20/04/2015] (...) -- C:\Users\Utisateur\AppData\Roaming\3ivxRr9R3KPjy1jb9g0HrnKO.exe [1246720]
[MD5.AB6818A7FF17230A6E5119F6CDD1F85B] [SPRF][20/04/2015] (...) -- C:\Users\Utisateur\AppData\Roaming\3JvXdAg.exe [1246720]
[MD5.AB6818A7FF17230A6E5119F6CDD1F85B] [SPRF][20/04/2015] (...) -- C:\Users\Utisateur\AppData\Roaming\G5YyzGP6Y.exe [1246720]
[MD5.AB6818A7FF17230A6E5119F6CDD1F85B] [SPRF][20/04/2015] (...) -- C:\Users\Utisateur\AppData\Roaming\GKBY4zkDgeIABSQNadHQxDU.exe [1246720]
[MD5.AB6818A7FF17230A6E5119F6CDD1F85B] [SPRF][20/04/2015] (...) -- C:\Users\Utisateur\AppData\Roaming\nTOffZ3UDdQlUU4KjCWLFot3.exe [1246720]
[MD5.AB6818A7FF17230A6E5119F6CDD1F85B] [SPRF][20/04/2015] (...) -- C:\Users\Utisateur\AppData\Roaming\qBEYLLfThWp5xrV2FtVgIb.exe [1246720]
[MD5.DD7F23C5453D12888A1D69574C471BAF] [SPRF][11/05/2014] (...) -- D:\Jean-Marc\bureau\Addictif Ball.exe [2933760]
[MD5.07B238A88F43A6A3C95D33462E52B294] [SPRF][28/04/2013] (...) -- D:\Jean-Marc\bureau\Area Speed Battle (ASB).exe [2958336]
[MD5.0A5D9A7ABEDB6DDD7B177AC2F1CDC792] [SPRF][23/04/2013] (...) -- D:\Jean-Marc\bureau\Bomb Mania 3.exe [3735040]
[MD5.B33A866EF6A9152F567FA50A75D67BD1] [SPRF][07/11/2012] (...) -- D:\Jean-Marc\bureau\Break Brique.exe [4622336]
[MD5.8676ABF00A316F4938F0D745E45A5177] [SPRF][07/11/2012] (...) -- D:\Jean-Marc\bureau\Cat Night.exe [3099648]
[MD5.CE2FD1068D7B1234464AEA90AE5BE889] [SPRF][05/04/2013] (...) -- D:\Jean-Marc\bureau\Cell.exe [2185216]
[MD5.8A126E62B72DD583FD169A931568E8C9] [SPRF][30/01/2013] (...) -- D:\Jean-Marc\bureau\Dark Lord Prototype.exe [3805184]
[MD5.0BBF8C63D6D90FB6FBF70B7E5B78510A] [SPRF][04/08/2012] (...) -- D:\Jean-Marc\bureau\Jump Battle Beta.exe [3576320]
[MD5.5A98C011CBB8E0A96D38D4695155BCAA] [SPRF][21/01/2014] (...) -- D:\Jean-Marc\bureau\Max Dead.exe [6227968]
[MD5.03036065F23DF2975EE63CBEC0C97FC8] [SPRF][22/06/2013] (...) -- D:\Jean-Marc\bureau\Monster Quest 2.exe [4431360]
[MD5.DB7EA384F1BD8564EFDE0A95A6C8A346] [SPRF][05/01/2012] (.Antonio Da Cruz - PhotoFiltre.) -- D:\Jean-Marc\bureau\PhotoFiltre.exe [2835456]
[MD5.C57963652908818D70EC3C9036DF0A7D] [SPRF][15/03/2013] (...) -- D:\Jean-Marc\bureau\PIGEON.exe [36703744]
[MD5.8DF11F6C6F8CADEF4014EDD04695CF93] [SPRF][21/02/2013] (...) -- D:\Jean-Marc\bureau\PiK vs Kip 2.exe [4916736]
[MD5.11A2A64868456F531331EDFBC9A580D4] [SPRF][26/03/2011] (...) -- D:\Jean-Marc\bureau\Ping-ball.exe [10920960]
[MD5.893B60FFB57940B5AC11D480FFE6BE5F] [SPRF][22/12/2012] (...) -- D:\Jean-Marc\bureau\Quest of Dark Destinity.exe [11809792]
[MD5.883CE6EA7263A64C7756C9FEB0FDDDE7] [SPRF][07/11/2012] (...) -- D:\Jean-Marc\bureau\Space Crystalls Quest.exe [4017664]
[MD5.2D4A96CA3CC20C4087EED5667856573F] [SPRF][21/01/2015] (...) -- D:\Jean-Marc\bureau\Space Strategic System Bêta.exe [5222912]
[MD5.B42047696F0EA588B36B15727B6EADA0] [SPRF][12/05/2014] (...) -- D:\Jean-Marc\bureau\Wrecking the Cubes.exe [25867776]
~ Files: 24 Legitimates Filtered in 00mn 00s



---\\ Export de clés de registre aléatoires (O91)
[HKLM\Software\Wow6432Node\73e0167f-0548-cc9c-bd67-51b91c63c267\31294196287131855\eae10f9d]:060df2cd="c/Au/XV/H/Ap/X2/GP/j/Xt/axAv/X6////%"
[HKLM\Software\Wow6432Node\73e0167f-0548-cc9c-bd67-51b91c63c267\31294196287131855\eae10f9d]:0c230bcb="///%"
[HKLM\Software\Wow6432Node\73e0167f-0548-cc9c-bd67-51b91c63c267\31294196287131855\eae10f9d]:0dc3ee96="/P////%%"
[HKLM\Software\Wow6432Node\73e0167f-0548-cc9c-bd67-51b91c63c267\31294196287131855\eae10f9d]:0e93c3f3="///%"
[HKLM\Software\Wow6432Node\73e0167f-0548-cc9c-bd67-51b91c63c267\31294196287131855\eae10f9d]:1520c6f1="V/////%%"
[HKLM\Software\Wow6432Node\73e0167f-0548-cc9c-bd67-51b91c63c267\31294196287131855\eae10f9d]:1c311243="GlAk/X6/G/Ap/YV/UxAk/YZ/Gl////%%"
[HKLM\Software\Wow6432Node\73e0167f-0548-cc9c-bd67-51b91c63c267\31294196287131855\eae10f9d]:27ddcf6f="///%"
[HKLM\Software\Wow6432Node\73e0167f-0548-cc9c-bd67-51b91c63c267\31294196287131855\eae10f9d]:2d71d5ab="V/////%%"
[HKLM\Software\Wow6432Node\73e0167f-0548-cc9c-bd67-51b91c63c267\31294196287131855\eae10f9d]:2e22d94e="///%"
[HKLM\Software\Wow6432Node\73e0167f-0548-cc9c-bd67-51b91c63c267\31294196287131855\eae10f9d]:340d3099="/P////%%"
[HKLM\Software\Wow6432Node\73e0167f-0548-cc9c-bd67-51b91c63c267\31294196287131855\eae10f9d]:37b7a6d8="UlAr/XJ/c//k////"
[HKLM\Software\Wow6432Node\73e0167f-0548-cc9c-bd67-51b91c63c267\31294196287131855\eae10f9d]:38583bc3="Ml/2/CF/M//g/CZ////%"
[HKLM\Software\Wow6432Node\73e0167f-0548-cc9c-bd67-51b91c63c267\31294196287131855\eae10f9d]:3c09c42b="///%"
[HKLM\Software\Wow6432Node\73e0167f-0548-cc9c-bd67-51b91c63c267\31294196287131855\eae10f9d]:414bc593="///%"
[HKLM\Software\Wow6432Node\73e0167f-0548-cc9c-bd67-51b91c63c267\31294196287131855\eae10f9d]:48bd1aff="V/////%%"
[HKLM\Software\Wow6432Node\73e0167f-0548-cc9c-bd67-51b91c63c267\31294196287131855\eae10f9d]:51d2f2ea="QxAp/Yx/GPAf/DV/cPAz/XJ////%"
[HKLM\Software\Wow6432Node\73e0167f-0548-cc9c-bd67-51b91c63c267\31294196287131855\eae10f9d]:587b5709="V/////%%"
[HKLM\Software\Wow6432Node\73e0167f-0548-cc9c-bd67-51b91c63c267\31294196287131855\eae10f9d]:6185d035="Vx/2/Cx/V//l////"
[HKLM\Software\Wow6432Node\73e0167f-0548-cc9c-bd67-51b91c63c267\31294196287131855\eae10f9d]:65114b36="Vl/l////"
[HKLM\Software\Wow6432Node\73e0167f-0548-cc9c-bd67-51b91c63c267\31294196287131855\eae10f9d]:72758a5d="///%"
[HKLM\Software\Wow6432Node\73e0167f-0548-cc9c-bd67-51b91c63c267\31294196287131855\eae10f9d]:7367429f="///%"
[HKLM\Software\Wow6432Node\73e0167f-0548-cc9c-bd67-51b91c63c267\31294196287131855\eae10f9d]:7f69fa1f="///%"
[HKLM\Software\Wow6432Node\73e0167f-0548-cc9c-bd67-51b91c63c267\31294196287131855\eae10f9d]:8b9e4cbc="V/////%%"
[HKLM\Software\Wow6432Node\73e0167f-0548-cc9c-bd67-51b91c63c267\31294196287131855\eae10f9d]:a0743acc="N/////%%"
[HKLM\Software\Wow6432Node\73e0167f-0548-cc9c-bd67-51b91c63c267\31294196287131855\eae10f9d]:a1dcff5b="V/////%%"
[HKLM\Software\Wow6432Node\73e0167f-0548-cc9c-bd67-51b91c63c267\31294196287131855\eae10f9d]:a2e3b941="///%"
[HKLM\Software\Wow6432Node\73e0167f-0548-cc9c-bd67-51b91c63c267\31294196287131855\eae10f9d]:bbf88800="///%"
[HKLM\Software\Wow6432Node\73e0167f-0548-cc9c-bd67-51b91c63c267\31294196287131855\eae10f9d]:c24899a6="VP/g/CV/Vl/2/Cx////%"
[HKLM\Software\Wow6432Node\73e0167f-0548-cc9c-bd67-51b91c63c267\31294196287131855\eae10f9d]:c5705860="Vx////%%"
[HKLM\Software\Wow6432Node\73e0167f-0548-cc9c-bd67-51b91c63c267\31294196287131855\eae10f9d]:c6c5dd44="V/////%%"
[HKLM\Software\Wow6432Node\73e0167f-0548-cc9c-bd67-51b91c63c267\31294196287131855\eae10f9d]:c99a5f5c="///%"
[HKLM\Software\Wow6432Node\73e0167f-0548-cc9c-bd67-51b91c63c267\31294196287131855\eae10f9d]:d1abcdb6="///%"
[HKLM\Software\Wow6432Node\73e0167f-0548-cc9c-bd67-51b91c63c267\31294196287131855\eae10f9d]:d94388d2="GlAk/X6/G/Ap/YV/UxAk/YZ/Gl////%%"
[HKLM\Software\Wow6432Node\73e0167f-0548-cc9c-bd67-51b91c63c267\31294196287131855\eae10f9d]:e46c271e="///%"
[HKLM\Software\Wow6432Node\73e0167f-0548-cc9c-bd67-51b91c63c267\31294196287131855\eae10f9d]:e8f9dcc7="UlAr/XJ/c//k////"
[HKLM\Software\Wow6432Node\73e0167f-0548-cc9c-bd67-51b91c63c267\31294196287131855\eae10f9d]:f0bf0bde="///%"
[HKLM\Software\Wow6432Node\73e0167f-0548-cc9c-bd67-51b91c63c267\31294196287131855\eae10f9d]:f1f24e29="Vl/l/C/////%"
[HKLM\Software\Wow6432Node\73e0167f-0548-cc9c-bd67-51b91c63c267\31294196287131855\eae10f9d]:f2c53c49="UlAr/XJ/c//k////"
[HKLM\Software\Wow6432Node\73e0167f-0548-cc9c-bd67-51b91c63c267\31294196287131855\eae10f9d]:f6ad6fa6="V/////%%"
[HKLM\Software\Wow6432Node\73e0167f-0548-cc9c-bd67-51b91c63c267\31294196287131855\eae10f9d]:fe94ce1e="V/////%%"
~ Export Key Software: Scanned in 00mn 00s



---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Microsoft\Tracing\MixVideoPlayer_RASAPI32 =>PUP.MixVideoPlayer
HKLM\SOFTWARE\Microsoft\Tracing\MixVideoPlayer_RASMANCS =>PUP.MixVideoPlayer
HKLM\SOFTWARE\Microsoft\Tracing\StormWatch_RASAPI32 =>PUP.StormWatch
HKLM\SOFTWARE\Microsoft\Tracing\StormWatch_RASMANCS =>PUP.StormWatch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SuperClickAutoUpdateClient_RASAPI32 =>PUP.SuperClick
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SuperClickAutoUpdateClient_RASMANCS =>PUP.SuperClick
~ BTK: 77 Legitimates Filtered in 00mn 00s



---\\ Recherche de clés de registre CLSID (O101)
[HKCR\CLSID\{DC4651FB-5C8E-4B6D-ACAC-F269B937C77E}] (bestadblocker) =>PUP.Adblocker
~ BCK: 4581 Legitimates Filtered in 00mn 04s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 15/05/2015 268464 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Disabled 22/07/1658 158896 | (IHProtect Service) . (...) - C:\Program Files (x86)\XTab\ProtectService.exe =>Adware.AgentODR
SS - | Demand 27/08/2013 828376 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
SS - | Disabled 09/04/2014 289256 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
SS - | Demand 26/05/2015 148080 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 26/04/2015 1931632 | (Origin Client Service) . (.Electronic Arts.) - C:\Program Files (x86)\Origin\OriginClientService.exe
SS - | Demand 10/10/2014 1771560 | (PDF Architect 2) . (.pdfforge GmbH.) - C:\Program Files (x86)\PDF Architect 2\ws.exe
SS - | Demand 10/10/2014 861736 | (pdfforge CrashHandler) . (.pdfforge GmbH.) - C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe
SS - | Auto 18/02/2015 315488 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 02/06/2015 837312 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 17/05/2015 1744896 | (68ef6205) . (...) - c:\Program Files (x86)\LinkProc\LinkProc.dll
SR - | Auto 19/12/2014 81088 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 07/05/2013 936728 | (asComSvc) . (...) - C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
SR - | Auto 17/01/2012 55296 | (ASGT) . (...) - C:\Windows\SysWOW64\ASGT.exe
SR - | Auto 19/12/2006 94208 | (EpsonBidirectionalService) . (.SEIKO EPSON CORPORATION.) - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
SR - | Auto 12/12/2011 135824 | (EpsonScanSvc) . (.Seiko Epson Corporation.) - C:\Windows\system32\EscSvc64.exe
SR - | Auto 09/04/2015 1152144 | (GfExperienceService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
SR - | Auto 07/08/2013 15720 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 27/08/2013 747520 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 30/07/2013 204552 | (Intel(R) PROSet Monitoring Service) . (.Intel Corporation.) - C:\Windows\system32\IProsetMonitor.exe
SR - | Auto 03/06/2015 118048 | (iSafeService) . (.Elex do Brasil Participações Ltda.) - C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe =>PUP.Elex
SR - | Auto 16/09/2013 169432 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 16/09/2013 390616 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 30/04/2015 23816 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 22/09/2014 703984 | (MyEpson Portal Service) . (.SEIKO EPSON CORPORATION.) - C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe
SR - | Auto 09/04/2015 1878672 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
SR - | Auto 09/04/2015 22995600 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SR - | Auto 08/04/2015 936264 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 10/10/2014 738856 | (PDF Architect 2 Creator) . (.pdfforge GmbH.) - C:\Program Files (x86)\PDF Architect 2\creator-ws.exe
SR - | Auto 08/04/2015 410952 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 04/06/2015 178688 | (sysenyfo) . (...) - C:\Users\Utisateur\AppData\Roaming\50DFFF20-1432754249-11DD-A06D-382C4ABC5C3C\nsa18E7.tmp
SR - | Auto 22/04/2015 111616 | (UpdateDustTool) . (.VIS without Co.) - C:\Windows\Provider\UpdaterToolService.exe
SR - | Auto 29/05/2015 487424 | (WindowsMangerProtect) . (.Windows SysTool.) - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe =>PUP.Fuyu
SR - | Auto 04/06/2015 471696 | (winzipersvc) . (.Taiwan Shui Mu Chih Ching Technology Limite.) - C:\Program Files (x86)\WinZipper\winzipersvc.exe =>Adware.D365
SR - | Demand 22/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 26/02/2015 672024 | (WTabletServicePro) . (.Wacom Technology, Corp..) - C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 27/05/2015 334848 | (xubigomo) . (...) - C:\Users\Utisateur\AppData\Roaming\50DFFF20-1432754249-11DD-A06D-382C4ABC5C3C\hnscF4E3.tmp
SR - | Auto 27/05/2015 306176 | (zeminoxy) . (...) - C:\Users\Utisateur\AppData\Roaming\50DFFF20-1432754249-11DD-A06D-382C4ABC5C3C\jnssC9AD.tmp
~ Services: Scanned in 00mn 05s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by Utisateur at 04/06/2015 23:34:31
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Utisateur at 04/06/2015 23:34:33
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 13008 - (31/05/2015)
Clés trouvées (Keys found) : 38
Valeurs trouvées (Values found) : 8
Dossiers trouvés (Folders found) : 19
Fichiers trouvés (Files found) : 50

[HKLM\SYSTEM\CurrentControlSet\Services\iSafeService] =>PUP.Elex^
[HKLM\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect] =>PUP.Fuyu^
[HKLM\SYSTEM\CurrentControlSet\Services\winzipersvc] =>Adware.D365^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\AnyProtect] =>PUP.CMILimited^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\CinemaPlus-3.2cV31.05] =>PUP.CrossRider^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{68ef6205}] =>Adware.Graftor^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SmartWeb] =>PUP.SmartWeb^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DC866C1E-B796-4BD2-93B8-B5706AC5B5CC}_is1] =>Adware.IncrediBar^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\iSafe] =>PUP.Elex^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\upgmsd_fr_596.exe] =>PUP.CrossRider^
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}] =>Adware.IMBooster
[HKLM\Software\Classes\SpeedUpMyPC] =>PUP.SpeedUpMyPC
[HKCU\Software\APN PIP] =>Toolbar.Ask
[HKCU\Software\Boxore] =>Adware.Boxore
[HKLM\Software\Wow6432Node\Boxore] =>Adware.Boxore
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKCU\Software\Tutorials] =>Spyware.AgenceExclusive
[HKLM\Software\Wow6432Node\Tutorials] =>Spyware.AgenceExclusive
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP] =>Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect] =>PUP.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect] =>PUP.Conduit
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\AskPartnerNetwork] =>Toolbar.Ask
[HKCU\Software\HomeTab] =>PUP.CertifiedToolbar
[HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
[HKLM\Software\Wow6432Node\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
[HKLM\Software\Classes\Iminent] =>Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:GoogleChromeAutoLaunch_D89448254CDC43E1A052023CB58D6DF2 =>PUP.CrossBrowser^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:gmsd_fr_579 =>PUP.CrossRider^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]:upgmsd_fr_610.exe =>PUP.CrossRider^
[HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{84FF7BD6-B47F-46F8-9130-01B2696B36CB} =>Adware.IMBooster
C:\Users\Utisateur\AppData\Roaming\Mozilla\Firefox\Profiles\yhco2nip.default\extensions\sweetsearch@gmail.com =>PUP.SearchEngine^
C:\Program Files (x86)\AnyProtectEx =>PUP.AnyProtect^
C:\Program Files (x86)\bestadblocker =>PUP.Adblocker^
C:\Program Files (x86)\Boxore =>Adware.Boxore^
C:\Program Files (x86)\CinemaPlus-3.2cV31.05 =>PUP.CrossRider^
C:\Program Files (x86)\Edu App =>PUP.Optional^
C:\Program Files (x86)\Elex-tech =>PUP.Elex^
C:\Program Files (x86)\gmsd_fr_610 =>PUP.CrossRider^
C:\Program Files (x86)\OLBPre =>PUP.MyPCBackup^
C:\ProgramData\WindowsMangerProtect =>PUP.Fuyu^
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse =>PUP.CrossBrowser^
C:\Users\Utisateur\AppData\Roaming\AnyProtectEx =>PUP.AnyProtect^
C:\Users\Utisateur\AppData\Roaming\Elex-tech =>PUP.Elex^
C:\Users\Utisateur\AppData\Local\Boxore =>Adware.Boxore^
C:\Users\Utisateur\AppData\Local\Crossbrowse =>PUP.CrossBrowser^
C:\Users\Utisateur\AppData\Local\gmsd_fr_610 =>PUP.CrossRider^
C:\Users\Utisateur\AppData\Local\SmartWeb =>PUP.SmartWeb^
C:\Users\Utisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup =>PUP.AnyProtect^
C:\Program Files (x86)\Software =>Adware.Boxore
C:\Users\Utisateur\AppData\Local\SmartWeb\SmartWebHelper.exe =>PUP.SmartWeb^
C:\Users\Utisateur\AppData\Local\SmartWeb\SmartWebApp.exe =>PUP.SmartWeb^
C:\Users\Utisateur\AppData\Local\gmsd_fr_610\upgmsd_fr_610.exe =>PUP.CrossRider^
C:\Program Files (x86)\gmsd_fr_610\gmsd_fr_610.exe =>PUP.CrossRider^
C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe =>PUP.Elex^
C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe =>PUP.AnyProtect^
C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe =>PUP.Fuyu^
C:\Program Files (x86)\WinZipper\winzipersvc.exe =>Adware.D365^
C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe =>PUP.Elex^
C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe =>PUP.Elex^
C:\Users\Utisateur\AppData\Roaming\Mozilla\Firefox\Profiles\yhco2nip.default\Extensions\sweetsearch@gmail.com =>PUP.SweetSearch^
C:\Windows\Tasks\APSnotifierPP1.job =>PUP.AnyProtect^
C:\Windows\System32\Tasks\APSnotifierPP1 =>PUP.AnyProtect^
C:\Windows\Tasks\APSnotifierPP2.job =>PUP.AnyProtect^
C:\Windows\System32\Tasks\APSnotifierPP2 =>PUP.AnyProtect^
C:\Windows\Tasks\APSnotifierPP3.job =>PUP.AnyProtect^
C:\Windows\System32\Tasks\APSnotifierPP3 =>PUP.AnyProtect^
[HKCU\Software\AnyProtect] =>PUP.AnyProtect^
[HKCU\Software\ArenaHD] =>PUP.CrossRider^
[HKCU\Software\Br0wsrApVs4.1-nv-ie] =>PUP.CrossRider^
[HKCU\Software\BrowserV27.05-nv-ie] =>PUP.CrossRider^
[HKCU\Software\CinemaPlus-3.2cV02.06-nv-ie] =>PUP.CrossRider^
[HKCU\Software\CinemaPlus-3.2cV27.05-nv-ie] =>PUP.CrossRider^
[HKCU\Software\CinemaPlus-3.2cV31.05-nv-ie] =>PUP.CrossRider^
[HKCU\Software\CinemaPlus-3.2cV31.05] =>PUP.CrossRider^
[HKCU\Software\CrossBrowse-1.4V27.05-nv-ie] =>PUP.CrossBrowser^
[HKCU\Software\CrossBrowser] =>PUP.CrossBrowser^
[HKCU\Software\Crossbrowse] =>PUP.CrossBrowser^
[HKCU\Software\HighDefAction] =>PUP.CrossRider^
[HKCU\Software\ProductSetup] =>Adware.InstallCore^
[HKCU\Software\TutoTag] =>PUP.AgenceExclusive^
[HKCU\Software\YorkNewCin] =>PUP.CrossRider^
[HKLM\Software\ArenaHD] =>PUP.CrossRider^
[HKLM\Software\HighDefAction] =>PUP.CrossRider^
[HKLM\Software\WebBar] =>PUP.WebBar^
[HKLM\Software\Wow6432Node\73e0167f-0548-cc9c-bd67-51b91c63c267] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\ArenaHD] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\CinemaPlus-3.2cV31.05-nv-ie] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit^
[HKLM\Software\Wow6432Node\Crossbrowse] =>PUP.CrossBrowser^
[HKLM\Software\Wow6432Node\Elex-tech] =>PUP.Elex^
[HKLM\Software\Wow6432Node\HighDefAction] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\Infonaut_1.10.0.14] =>PUP.Infonaut^
[HKLM\Software\Wow6432Node\SpeedBrowser] =>PUP.SpeedBrowser^
[HKLM\Software\Wow6432Node\SupDp] =>PUP.SupTab^
[HKLM\Software\Wow6432Node\SuperClick_1.10.0.16] =>PUP.SuperClick^
[HKLM\Software\Wow6432Node\YorkNewCin] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab^
[HKLM\Software\YorkNewCin] =>PUP.CrossRider^
[HKCR\CLSID\{DC4651FB-5C8E-4B6D-ACAC-F269B937C77E}] (bestadblocker) =>PUP.Adblocker^
~ Additionnel Scan: 321917 Items scanned in 00mn 11s



---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Clé de registre Shell MountPoints2 (MPSK) (O51)
~ AMI: 3 Legitimates Filtered in 00mn 00s



---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.fr/pup-smartwebsearch =>PUP.SmartWeb
http://nicolascoolman.fr/pup-crossrider =>PUP.CrossRider
http://nicolascoolman.fr/pup-elex =>PUP.Elex
http://nicolascoolman.fr/pup-anyprotect =>PUP.AnyProtect
http://www.nicolascoolman.fr/blog/ =>PUP.Fuyu
http://www.nicolascoolman.fr/blog/ =>Adware.D365
http://www.nicolascoolman.fr/blog/ =>PUP.Istart
http://nicolascoolman.fr/pup-startsearch =>PUP.StartSearch
http://www.nicolascoolman.fr/blog/ =>Hijacker.OurSurfing
http://www.nicolascoolman.fr/blog/ =>PUP.SearchEngine
http://www.nicolascoolman.fr/blog/ =>PUP.SweetSearch
http://www.nicolascoolman.fr/blog/ =>Hijacker.DeltaHomes
http://www.nicolascoolman.fr/blog/ =>PUP.CrossBrowser
http://www.nicolascoolman.fr/blog/ =>PUP.MixVideoPlayer
http://www.nicolascoolman.fr/blog/ =>PUP.ASPackage
http://www.nicolascoolman.fr/blog/ =>Adware.WebShield
http://www.nicolascoolman.fr/blog/ =>PUP.CMILimited
http://www.nicolascoolman.fr/blog/ =>Adware.Graftor
http://nicolascoolman.fr/adware-incredibar =>Adware.IncrediBar
http://nicolascoolman.fr/adware-boxore =>Adware.Boxore
http://nicolascoolman.fr/pup-certifiedtoolbar =>PUP.CertifiedToolbar
http://www.nicolascoolman.fr/blog/ =>PUP.BrowserExtensions
http://nicolascoolman.fr/adware-installcore =>Adware.InstallCore
http://nicolascoolman.fr/spyware-agenceexclusive =>PUP.AgenceExclusive
http://nicolascoolman.fr/adware-imbooster =>Adware.IMBooster
http://www.nicolascoolman.fr/blog/ =>PUP.WebBar
http://www.nicolascoolman.fr/blog/ =>Toolbar.AskBar
http://nicolascoolman.fr/toolbar-conduit =>Toolbar.Conduit
http://www.nicolascoolman.fr/blog/ =>PUP.Infonaut
http://www.nicolascoolman.fr/blog/ =>PUP.SpeedBrowser
http://nicolascoolman.fr/pup-suptab =>PUP.SupTab
http://www.nicolascoolman.fr/blog/ =>PUP.SuperClick
http://www.nicolascoolman.fr/blog/ =>PUP.Adblocker
http://www.nicolascoolman.fr/blog/ =>PUP.Optional
http://nicolascoolman.fr/pup-mypcbackup =>PUP.MyPCBackup
http://www.nicolascoolman.fr/blog/ =>PriceMinus
http://nicolascoolman.fr/trojan-staser =>Trojan.Staser
http://nicolascoolman.fr/hijacker-trovicom =>Hijacker.TroviCom
http://www.nicolascoolman.fr/blog/ =>PUP.StormWatch
http://www.nicolascoolman.fr/blog/ =>Adware.AgentODR
http://nicolascoolman.fr/pup-v9software =>PUP.V9Software
http://www.nicolascoolman.fr/blog/ =>PUP.SpeedUpMyPC
http://nicolascoolman.fr/toolbar-ask =>Toolbar.Ask
http://www.nicolascoolman.fr/blog/ =>Spyware.AgenceExclusive
http://www.nicolascoolman.fr/blog/ =>PUP.Conduit
http://nicolascoolman.fr/pup-optimizerpro =>PUP.OptimizerPro
~ MSI: 46 link(s) detected in 00mn 00s



~ 1291 Legitimates filtered by white list
End of the scan (944 lines in 01mn 27s)(0.10)

Publicité


Signaler le contenu de ce document

Publicité