cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2015.6.4.54 - Nicolas Coolman (31/05/2015)
~ Lancé par rikkko (14/06/2015 12:05:28)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17842

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Server License Manager Script : OK
~ Windows(R) Operating System, OEM_DM channel
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 8.1, 64-bit (Build 9600)

---\\ Logiciels de protection du système
Norton Internet Security v20.6.0.27
Windows Defender W8 (Deactivate)

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 17 NPAPI
Adobe Reader XI

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 69 Stepping 1, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4028 MB (52% free)
System Restore: Activé (Enable)
System drive C: has 9 GB (20%) free of 43 GB

---\\ Mode de connexion au système
~ Computer Name: HP
~ User Name: rikkko
~ All Users Names: rikkko, HomeGroupUser$, Guest, Administrator,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\rikkko\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\rikkko\AppData\Roaming\
~ %Desktop% : C:\Users\rikkko\Desktop\
~ %Favorites% : C:\Users\rikkko\Favorites\
~ %LocalAppData% : C:\Users\rikkko\AppData\Local\
~ %StartMenu% : C:\Users\rikkko\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 9 Go of 43 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 15 Go)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application
~ Security Center: 46 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.C10A66189DC8C090E7C84873EDCEBC88] - (.Microsoft Corporation - Windows Explorer.) (.28/01/2015 - 00:47:12.) -- C:\Windows\Explorer.exe [2501368]
[MD5.A570A64292214C43E0BA50E6A72A6380] - (.Microsoft Corporation - Windows Start-Up Application.) (.29/10/2014 - 02:25:54.) -- C:\Windows\System32\Wininit.exe [145920]
[MD5.417F80E4AFBA1AA9EBBD618F1C6D9165] - (.Microsoft Corporation - Internet Extensions for Win32.) (.22/05/2015 - 18:50:20.) -- C:\Windows\System32\wininet.dll [2426880]
[MD5.EC498BAE1F0D3E0E401C963F8D76C437] - (.Microsoft Corporation - Windows Log-on Application.) (.29/10/2014 - 02:22:52.) -- C:\Windows\System32\Winlogon.exe [572416]
[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Software Licensing Library.) (.24/09/2014 - 17:29:54.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.374E27295F0A9DCAA8FC96370F9BEEA5] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.24/09/2014 - 18:39:08.) -- C:\Windows\system32\Drivers\AFD.sys [563200]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 13:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 12:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 09:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.A03F362C5557E238CBFA914689C77248] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.24/09/2014 - 17:56:07.) -- C:\Windows\system32\Drivers\DfsC.sys [134144]
[MD5.D4B7ED39C7900384D9E5C1283F1E7926] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.24/09/2014 - 17:38:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [76800]
[MD5.D887446F3F6051C60C26F4FD1FC8D43F] - (.Microsoft Corporation - i8042 Port Driver.) (.07/10/2014 - 04:29:50.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.24/09/2014 - 17:29:57.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.31233271EDE50D1BBB220F78AFA60486] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.08/10/2014 - 08:32:10.) -- C:\Windows\system32\Drivers\MRxSmb.sys [405504]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 12:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.7F68063A5A0461E02BC860CE0E6BFDDC] - (.Microsoft Corporation - NT File System Driver.) (.15/10/2014 - 09:32:37.) -- C:\Windows\system32\Drivers\ntfs.sys [2025792]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Parallel Port Driver.) (.22/08/2013 - 12:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 12:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.24/09/2014 - 16:57:25.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.64CA2B4A49A8EAF495E435623ECCE7DB] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.24/09/2014 - 17:38:56.) -- C:\Windows\system32\Drivers\volsnap.sys [310080]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/2
~ Mes musiques (My Musics) : 1/2
~ Mes Favoris (My Favorites) : 1/23
~ Mes Documents (My Documents) : 1/12
~ Mon Bureau (My Desktop) : 2/678
~ Menu demarrer (Programs) : 1/40
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lancés
[MD5.EDF367CD1545891C5D1758C1E07EA051] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe [815280] [PID.5292]
[MD5.153F088DFDB3F940AD9DAEB04A3ACC4D] - (.SoftBrain Technologies Ltd. - SmartWeb helper.) -- C:\Users\rikkko\AppData\Local\SmartWeb\SmartWebHelper.exe [270368] [PID.1292] =>PUP.SmartWeb
[MD5.44069C2AC699C8DAD80A96FB1C8DFE57] - (.SoftBrain Technologies Ltd. - SmartWeb Application.) -- C:\Users\rikkko\AppData\Local\SmartWeb\SmartWebApp.exe [557088] [PID.4656] =>PUP.SmartWeb
[MD5.12E2FC1F74265881402DE856D01EFFFE] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8214016] [PID.2072]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\rikkko\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 11 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\rikkko\AppData\Roaming\Mozilla\Firefox\Profiles\nlbtcv52.default\prefs.js
C:\Users\rikkko\AppData\Roaming\Mozilla\Firefox\Profiles\nlbtcv52.default\user.js
M0 - MFSP: prefs.js [rikkko - nlbtcv52.default] http://www.mystartsearch.com =>PUP.StartSearch
M2 - MFEP: prefs.js [rikkko - nlbtcv52.default\sweetsearch@gmail.com] [] Search Enginer v1.0.0.1031 (..) =>PUP.SearchEngine
M2 - MFEP: prefs.js [rikkko - nlbtcv52.default\sYafZ98@D.com] [] REspectSalE v1.1 (..) =>PUP.RespectSale
M2 - MFEP: prefs.js [rikkko - nlbtcv52.default\VZ@HP5E1EmQ.com] [] uNisales v2.0 (..) =>PUP.UniSales
M2 - MFEP: prefs.js [rikkko - nlbtcv52.default\yqotkull_wgsbfkdqv@ebqpvyogh_rgzcg.com] [] ActiveDiscount v15.21 (..) =>PUP.ActiveDiscount
M2 - MFEP: Extension [rikkko - nlbtcv52.default] searchffv2@gmail.com
M2 - MFEP: Extension [rikkko - nlbtcv52.default] sweetsearch@gmail.com =>PUP.SweetSearch
M2 - MFEP: Extension [rikkko - nlbtcv52.default] sYafZ98@D.com
M2 - MFEP: Extension [rikkko - nlbtcv52.default] VZ@HP5E1EmQ.com
M2 - MFEP: Extension [rikkko - nlbtcv52.default] yqotkull_wgsbfkdqv@ebqpvyogh_rgzcg.com
~ Firefox Browser: 11 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com =>PUP.StartSearch
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com =>PUP.StartSearch
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com =>PUP.StartSearch
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com =>PUP.StartSearch
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com =>PUP.StartSearch
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com =>PUP.StartSearch
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com =>PUP.StartSearch
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com =>PUP.StartSearch
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com =>PUP.StartSearch
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com =>PUP.StartSearch
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com =>PUP.StartSearch
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com =>PUP.StartSearch
~ IE Browser: 17 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 00s



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: LuckyTab Class [64Bits] - {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} . (.Thinknice Co. Limited - SupTab setup package.) -- C:\Program Files (x86)\MiuiTab\SupTab.dll =>PUP.LuckyTab
O2 - BHO: ShopperProBHO [64Bits] - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} . (.Goobzo Ltd. - ShopperPro Extension.) -- C:\ProgramData\ShopperPro\ShopperPro.dll =>PUP.ShopperPro
~ BHO: 7 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Crossbrowse.lnk . (.Crossbrowse - Crossbrowse.) -- C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe =>PUP.CrossBrowser
O4 - GS\QuickLaunch [rikkko]: Crossbrowse.lnk . (.Crossbrowse - Crossbrowse.) -- C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe =>PUP.CrossBrowser
O4 - GS\QuickLaunch [rikkko]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www-searching.com =>Hijacker.Browsers
O4 - GS\QuickLaunch [rikkko]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\rikkko\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [rikkko]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www-searching.com =>Hijacker.Browsers
O4 - GS\Program [rikkko]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www-searching.com =>Hijacker.Browsers
O4 - GS\Desktop [rikkko]: AnyProtect.lnk . (.AnyProtect.com - AnyProtect.) -- C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe =>PUP.AnyProtect
O4 - GS\Desktop [rikkko]: Continue Live Installation.lnk . (...) -- C:\Users\rikkko\AppData\Local\Temp\ICReinstall_nshB638.tmp \RR (.not file.) =>PUP.ContinueLiveInstallation
O4 - GS\Desktop [rikkko]: Continue MaxComputerCleaner Uninstaller.lnk . (...) -- C:\Users\rikkko\AppData\Local\Temp\56111012062015\setup.exe (.not file.) =>PUP.MaxComputerCleaner
O4 - GS\Desktop [rikkko]: Optimizer Pro.lnk . (...) -- C:\Program Files (x86)\Optimizer Pro 3.96\OptimizerPro.exe =>PUP.OptimizerPro
O4 - GS\Desktop [rikkko]: YTDownloader.lnk . (.YTDownloader - YTDownloader.) -- C:\Program Files (x86)\YTDownloader\YTDownloader.exe =>PUP.YTDownloader
O4 - GS\Desktop [rikkko]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\rikkko\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 14 Legitimates Filtered in 00mn 01s



---\\ Applications lancées au démarrage du système (O4)
O4 - GS\Startup [rikkko]: crossbrowse.lnk . (.Crossbrowse - Crossbrowse.) -- C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe =>PUP.CrossBrowser
O4 - GS\Startup [rikkko]: SmartWeb.lnk . (.SoftBrain Technologies Ltd. - SmartWeb helper.) -- C:\Users\rikkko\AppData\Local\SmartWeb\SmartWebHelper.exe =>PUP.SmartWeb
O4 - HKLM\..\Run: [IgfxTray] . (...) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe
O4 - HKLM\..\Run: [MRT] . (.Microsoft Corporation - Microsoft Windows Malicious Software Remova.) -- C:\WINDOWS\system32\MRT.exe
O4 - HKCU\..\Run: [ISUSPM] . (.Flexera Software LLC. - Common Software Manager.) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
O4 - HKCU\..\Run: [Optimizer Pro] . (...) -- C:\Program Files (x86)\Optimizer Pro 3.96\OptProLauncher.exe =>PUP.OptimizerPro
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_307433D686D129E2A814A5FFE610E879] . (.Crossbrowse - Crossbrowse.) -- C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe =>PUP.CrossBrowser
O4 - HKCU\..\Run: [DesktopSearch] . (.Pas de propriétaire - Desktop Search.) -- C:\ProgramData\DesktopSearch\DesktopSearch.exe
O4 - HKCU\..\Run: [YTDownloader] . (.YTDownloader - YTDownloader.) -- C:\Program Files (x86)\YTDownloader\YTDownloader.exe =>PUP.YTDownloader
O4 - HKCU\..\Run: [SPDriver] . (.Pas de propriétaire - JsDriver.) -- C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.1965\jsdrv.exe =>PUP.ShopperPro
O4 - HKLM\..\Wow6432Node\Run: [BtTray] . (.IVT Corporation - Bluetooth Application.) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
O4 - HKLM\..\Wow6432Node\Run: [HP CoolSense] . (.Hewlett-Packard Development Company, L.P. - HP CoolSense.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
O4 - HKLM\..\Wow6432Node\Run: [ISUSPM] . (.Flexera Software LLC. - Common Software Manager.) -- C:\ProgramData\FLEXnet\Connect\11\isuspm.exe
O4 - HKLM\..\Wow6432Node\Run: [DNS7reminder] . (.Nuance Communications, Inc. - Ereg.) -- C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe
O4 - HKLM\..\Wow6432Node\Run: [HPMessageService] . (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [iScreeny] . (.IScreeny - Screeny app.) -- C:\Users\rikkko\AppData\Local\iScreeny\iScreeny.exe
O4 - HKLM\..\Wow6432Node\Run: [iScreeny - Web] . (.iScreeny - iScreeny.) -- C:\Users\rikkko\AppData\Local\iScreeny\iWebScreeny.exe
O4 - HKLM\..\Wow6432Node\Run: [WinCheck] . (...) -- C:\Users\rikkko\AppData\Local\33444335-1434099854-4734-3757-A0D3C1689553\bnsgC80D.exe =>PUP.Wincheck
O4 - HKLM\..\Wow6432Node\Run: [SmartWeb] . (.SoftBrain Technologies Ltd. - SmartWeb helper.) -- C:\Users\rikkko\AppData\Local\SmartWeb\SmartWebHelper.exe =>PUP.SmartWeb
O4 - HKLM\..\Wow6432Node\Run: [gmsd_de_005010001] . (...) -- C:\Program Files (x86)\gmsd_de_005010001\gmsd_de_005010001.exe
O4 - HKLM\..\Wow6432Node\Run: [gmsd_de_005010002] . (...) -- C:\Program Files (x86)\gmsd_de_005010002\gmsd_de_005010002.exe
O4 - HKLM\..\Wow6432Node\Run: [YTDownloader] . (.YTDownloader - YTDownloader.) -- C:\Program Files (x86)\YTDownloader\YTDownloader.exe =>PUP.YTDownloader
O4 - HKLM\..\Wow6432Node\Run: [SPDriver] . (.Pas de propriétaire - JsDriver.) -- C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.1965\jsdrv.exe =>PUP.ShopperPro
O4 - HKLM\..\Wow6432Node\RunOnce: [upgmsd_de_005010001.exe] . (...) -- C:\Users\rikkko\AppData\Local\gmsd_de_005010001\upgmsd_de_005010001.exe
O4 - HKUS\S-1-5-21-3571399176-1467537799-2587264613-1001\..\Run: [ISUSPM] . (.Flexera Software LLC. - Common Software Manager.) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
O4 - HKUS\S-1-5-21-3571399176-1467537799-2587264613-1001\..\Run: [Optimizer Pro] . (...) -- C:\Program Files (x86)\Optimizer Pro 3.96\OptProLauncher.exe =>PUP.OptimizerPro
O4 - HKUS\S-1-5-21-3571399176-1467537799-2587264613-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-3571399176-1467537799-2587264613-1001\..\Run: [GoogleChromeAutoLaunch_307433D686D129E2A814A5FFE610E879] . (.Crossbrowse - Crossbrowse.) -- C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe =>PUP.CrossBrowser
O4 - HKUS\S-1-5-21-3571399176-1467537799-2587264613-1001\..\Run: [DesktopSearch] . (.Pas de propriétaire - Desktop Search.) -- C:\ProgramData\DesktopSearch\DesktopSearch.exe
O4 - HKUS\S-1-5-21-3571399176-1467537799-2587264613-1001\..\Run: [YTDownloader] . (.YTDownloader - YTDownloader.) -- C:\Program Files (x86)\YTDownloader\YTDownloader.exe =>PUP.YTDownloader
O4 - HKUS\S-1-5-21-3571399176-1467537799-2587264613-1001\..\Run: [SPDriver] . (.Pas de propriétaire - JsDriver.) -- C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.1965\jsdrv.exe =>PUP.ShopperPro
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 [64Bits] - {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\Resources\Icons\HP.ico
O9 - Extra button: Skype Click to Call settings [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F8B648D-67A3-4116-A070-1BCEC5776B75}: NameServer = 10.149.112.2,10.156.33.53
O17 - HKLM\System\CCS\Services\Tcpip\..\{E42507E6-B1B7-426E-9DD0-A895CD97098F}: DhcpNameServer = 10.156.33.53 129.187.5.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E42507E6-B1B7-426E-9DD0-A895CD97098F}: DhcpDomain = eduroam.mwn.de
O17 - HKLM\System\CS1\Services\Tcpip\..\{4F8B648D-67A3-4116-A070-1BCEC5776B75}: NameServer = 10.149.112.2,10.156.33.53
O17 - HKLM\System\CS1\Services\Tcpip\..\{E42507E6-B1B7-426E-9DD0-A895CD97098F}: DhcpNameServer = 10.156.33.53 129.187.5.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{E42507E6-B1B7-426E-9DD0-A895CD97098F}: DhcpDomain = eduroam.mwn.de
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: OptimizerPro Monitoring (53a1c4d9) . (...) - c:\Program Files (x86)\Optimizer Pro 3.96\OptProMon.dll =>PUP.OptimizerPro
O23 - Service: (BrsHelper) . (...) - C:\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe =>PUP.YTDownloader
O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) . (.globalUpdate - globalUpdate Update.) - C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe =>PUP.GlobalUpdate
O23 - Service: IfMxHyRVg (IfMxHyRVg) . (.Unique Solutions - DesktopSearch Service.) - C:\ProgramData\JGiulS\IfMxHyRVg.exe
O23 - Service: IHProtect Service (IHProtect Service) . (.XTab system - ProtectSvc.exe.) - C:\Program Files (x86)\MiuiTab\ProtectService.exe =>Adware.AgentODR
O23 - Service: Infonaut 1.10.0.14 Client Service (insvc_1.10.0.14) . (.Infonaut - Infonaut Client Service.) - C:\Program Files (x86)\Infonaut_1.10.0.14\Service\insvc.exe =>PUP.Infonaut
O23 - Service: Template Flatbed Scanner (kysykiti) . (...) - C:\Users\rikkko\AppData\Local\33444335-1434099989-4734-3757-A0D3C1689553\snsjD60D.tmp
O23 - Service: Search Module Update (SMUpd) . (.Search Module Ltd. - Search Module Update Service.) - C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe =>PUP.Goobzo
O23 - Service: ShopperPro Update (SPBIUpd) . (.ShopperPro - ShopperPro Update Service.) - C:\Program Files\Common Files\ShopperPro\spbiu.exe =>PUP.ShopperPro
O23 - Service: Device Cut (xoperoze) . (...) - C:\Users\rikkko\AppData\Roaming\33444335-1434092614-4734-3757-A0D3C1689553\jnsz5D3A.tmp
O23 - Service: Subscription Clear (zedepory) . (...) - C:\Users\rikkko\AppData\Roaming\33444335-1434092614-4734-3757-A0D3C1689553\hnss72D7.tmp
~ Services: 25 Legitimates Filtered in 00mn 06s



---\\ Tâches planifiées en automatique (O39)
[MD5.3A1D89B89C9D62951957F0839578DD9B] [APT] [1RAwU6J] (...) -- C:\Users\rikkko\AppData\Roaming\1RAwU6J.exe [1579520]
[MD5.1AB49469418DB730366DC13FF1A19A86] [APT] [3315ae47-db79-4ea6-b347-a4b2fa3cb91c-1-6] (.Webar.) -- C:\Program Files (x86)\Ge-Force\3315ae47-db79-4ea6-b347-a4b2fa3cb91c-1-6.exe [1520640] =>PUP.CrossRider
[MD5.7505D26A9AAAE9127656029925DE4224] [APT] [3315ae47-db79-4ea6-b347-a4b2fa3cb91c-1-7] (.Webar.) -- C:\Program Files (x86)\Ge-Force\3315ae47-db79-4ea6-b347-a4b2fa3cb91c-1-7.exe [1133568] =>PUP.CrossRider
[MD5.5EA640E63562EC39F31EB0D6609C9085] [APT] [3315ae47-db79-4ea6-b347-a4b2fa3cb91c-10_user] (.Webar.) -- C:\Program Files (x86)\Ge-Force\3315ae47-db79-4ea6-b347-a4b2fa3cb91c-10.exe [1548800] =>PUP.CrossRider
[MD5.0AC1FE6049A14304E770D4BFA6A12DE6] [APT] [3315ae47-db79-4ea6-b347-a4b2fa3cb91c-5] (.Webar.) -- C:\Program Files (x86)\Ge-Force\3315ae47-db79-4ea6-b347-a4b2fa3cb91c-5.exe [1081856] =>PUP.CrossRider
[MD5.0AC1FE6049A14304E770D4BFA6A12DE6] [APT] [3315ae47-db79-4ea6-b347-a4b2fa3cb91c-5_user] (.Webar.) -- C:\Program Files (x86)\Ge-Force\3315ae47-db79-4ea6-b347-a4b2fa3cb91c-5.exe [1081856] =>PUP.CrossRider
[MD5.2691439FAC40F46C937BB684A3AE2E0F] [APT] [APSnotifierPP1] (.AnyProtect.com.) -- C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [6434816] =>PUP.AnyProtect
[MD5.2691439FAC40F46C937BB684A3AE2E0F] [APT] [APSnotifierPP2] (.AnyProtect.com.) -- C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [6434816] =>PUP.AnyProtect
[MD5.2691439FAC40F46C937BB684A3AE2E0F] [APT] [APSnotifierPP3] (.AnyProtect.com.) -- C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [6434816] =>PUP.AnyProtect
[MD5.6A9B253E1183CE37BD3A3D93AD0E6E58] [APT] [Convertor] (...) -- C:\Users\rikkko\AppData\Roaming\Convertor\Convertor.exe [156240]
[MD5.F6C9A423CE18AF0AD99D504A96687AB9] [APT] [Crossbrowse] (...) -- C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe [1918040] =>PUP.CrossBrowser
[MD5.2ED25F0F1077176408D7EBE75A8D27F5] [APT] [EZSOYEHS1] (.LolliScan.) -- C:\ProgramData\LolliScan\LolliScan.exe [707584] =>Adware.Graftor
[MD5.08B1899D5BA0597DFF3914607FA8EE0B] [APT] [Glaritoofsup] (...) -- C:\ProgramData\Glaritoofsup\1.0.1.0\suneslut.exe [160256]
[MD5.3C14AAE26EA06BADAC98520773772CEB] [APT] [globalUpdateUpdateTaskMachineCore] (.globalUpdate.) -- C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608] =>PUP.GlobalUpdate
[MD5.3C14AAE26EA06BADAC98520773772CEB] [APT] [globalUpdateUpdateTaskMachineUA] (.globalUpdate.) -- C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608] =>PUP.GlobalUpdate
[MD5.3A1D89B89C9D62951957F0839578DD9B] [APT] [hg2EEhxGWF] (...) -- C:\Users\rikkko\AppData\Roaming\hg2EEhxGWF.exe [1579520]
[MD5.00000000000000000000000000000000] [APT] [MaxComputerCleaner_Start] (...) -- C:\Program Files (x86)\Max Computer Cleaner\MaxComputerCleaner.exe (.not file.) [0] =>PUP.MaxComputerCleaner
[MD5.44DF3FAAFE63EE48F7EFB2AF0D8912D5] [APT] [MOGFBTPG] (...) -- C:\ProgramData\81293a17a6ea4c5c95d9ded0f61b7d96\81293a17a6ea4c5c95d9ded0f61b7d96.exe [276992]
[MD5.AB6818A7FF17230A6E5119F6CDD1F85B] [APT] [OK9bt0X0WAJVJcoZAw3xqnm] (...) -- C:\Users\rikkko\AppData\Roaming\OK9bt0X0WAJVJcoZAw3xqnm.exe [1246720]
[MD5.050AB44C9CC8E25EB6E9FE59F1E4AFBA] [APT] [Optimizer Pro Schedule] (...) -- C:\Program Files (x86)\Optimizer Pro 3.96\OptProLauncher.exe [148112] =>PUP.OptimizerPro
[MD5.F6823A62C2D6B15236CCC311992D7510] [APT] [ShopperPro] (.Goobzo LTD.) -- C:\Program Files (x86)\ShopperPro\ShopperPro.exe [1110448] =>PUP.ShopperPro
[MD5.01F0E30ACC6970D75A9ABA318BB16D1A] [APT] [ShopperProJSUpd] (.Goobzo.) -- C:\Program Files (x86)\ShopperPro\updater.exe [712112] =>PUP.ShopperPro
[MD5.AB6818A7FF17230A6E5119F6CDD1F85B] [APT] [SmAnrGOdebVZMGK] (...) -- C:\Users\rikkko\AppData\Roaming\SmAnrGOdebVZMGK.exe [1246720]
[MD5.153F088DFDB3F940AD9DAEB04A3ACC4D] [APT] [SmartWeb Upgrade Trigger Task] (.SoftBrain Technologies Ltd..) -- C:\Users\rikkko\AppData\Local\SmartWeb\SmartWebHelper.exe [270368] =>PUP.SmartWeb
[MD5.E1C3815FFB6C0BE428342190878D1CEC] [APT] [SMWUpd] (.Goobzo.) -- C:\Program Files\Common Files\Goobzo\GBUpdate\updater.exe [757248] =>PUP.Goobzo
[MD5.00000000000000000000000000000000] [APT] [SMW_UpdateTask_Time_333532353130313132332d5755326c785a5a5737414534] (...) -- C:\ProgramData\SearchModule\smhe.js" smu.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [SPBIW_UpdateTask_Time_333532353130313132332d5755326c785a5a5737414534] (...) -- C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe (.not file.) [0] =>PUP.ShopperPro
[MD5.1FC5B04CA049EE4611F3699B3C1A5406] [APT] [SPDriver] (...) -- C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.1965\jsdrv.exe [3225088] =>PUP.ShopperPro
[MD5.2B85BAEFCFD35E7998544A92F3EABCA7] [APT] [SpeedCheck Update] (...) -- C:\Program Files (x86)\version59SpeedCheck\a4SpeedCheckJ53.exe [492544] =>PUP.SpeedCheck
[MD5.1FC5B04CA049EE4611F3699B3C1A5406] [APT] [UNELEVATE_14218] (...) -- C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.1965\jsdrv.exe [3225088] =>PUP.ShopperPro
[MD5.6A9B253E1183CE37BD3A3D93AD0E6E58] [APT] [WinKit] (...) -- C:\Users\rikkko\AppData\Roaming\PDFConvert\SWUpdate.exe [156240]
[MD5.6A9B253E1183CE37BD3A3D93AD0E6E58] [APT] [Winsta Update] (...) -- C:\Users\rikkko\AppData\Roaming\Winsta\bin\Winsta.exe [156240]
[MD5.689BFE00995BFE5D7752823C8745CE75] [APT] [YTDownloader] (.YTDownloader.) -- C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1988528] =>PUP.YTDownloader
[MD5.E566FF7F4BC7C1710A49F26DECE5429C] [APT] [YTDownloaderUpd] (.Goobzo.) -- C:\Program Files (x86)\YTDownloader\updater.exe [751024] =>PUP.YTDownloader
O39 - APT: 1RAwU6J - (...) -- C:\Windows\Tasks\1RAwU6J.job [996]
O39 - APT: 1RAwU6J - (...) -- C:\Windows\System32\Tasks\1RAwU6J [996]
O39 - APT: 3315ae47-db79-4ea6-b347-a4b2fa3cb91c-1-6 - (.Webar.) -- C:\Windows\Tasks\3315ae47-db79-4ea6-b347-a4b2fa3cb91c-1-6.job [3456]
O39 - APT: 3315ae47-db79-4ea6-b347-a4b2fa3cb91c-1-6 - (.Webar.) -- C:\Windows\System32\Tasks\3315ae47-db79-4ea6-b347-a4b2fa3cb91c-1-6 [3456]
O39 - APT: 3315ae47-db79-4ea6-b347-a4b2fa3cb91c-1-7 - (.Webar.) -- C:\Windows\Tasks\3315ae47-db79-4ea6-b347-a4b2fa3cb91c-1-7.job [3456]
O39 - APT: 3315ae47-db79-4ea6-b347-a4b2fa3cb91c-1-7 - (.Webar.) -- C:\Windows\System32\Tasks\3315ae47-db79-4ea6-b347-a4b2fa3cb91c-1-7 [3456]
O39 - APT: 3315ae47-db79-4ea6-b347-a4b2fa3cb91c-10_user - (.Webar.) -- C:\Windows\Tasks\3315ae47-db79-4ea6-b347-a4b2fa3cb91c-10_user.job [2094]
O39 - APT: 3315ae47-db79-4ea6-b347-a4b2fa3cb91c-10_user - (.Webar.) -- C:\Windows\System32\Tasks\3315ae47-db79-4ea6-b347-a4b2fa3cb91c-10_user [2094]
O39 - APT: 3315ae47-db79-4ea6-b347-a4b2fa3cb91c-5 - (.Webar.) -- C:\Windows\Tasks\3315ae47-db79-4ea6-b347-a4b2fa3cb91c-5.job [2772] =>PUP.CrossRider
O39 - APT: 3315ae47-db79-4ea6-b347-a4b2fa3cb91c-5 - (.Webar.) -- C:\Windows\System32\Tasks\3315ae47-db79-4ea6-b347-a4b2fa3cb91c-5 [2772] =>PUP.CrossRider
O39 - APT: 3315ae47-db79-4ea6-b347-a4b2fa3cb91c-5_user - (.Webar.) -- C:\Windows\Tasks\3315ae47-db79-4ea6-b347-a4b2fa3cb91c-5_user.job [2772] =>PUP.CrossRider
O39 - APT: 3315ae47-db79-4ea6-b347-a4b2fa3cb91c-5_user - (.Webar.) -- C:\Windows\System32\Tasks\3315ae47-db79-4ea6-b347-a4b2fa3cb91c-5_user [2772] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [830]
O39 - APT: APSnotifierPP1 - (.AnyProtect.com.) -- C:\Windows\Tasks\APSnotifierPP1.job [378] =>PUP.AnyProtect
O39 - APT: APSnotifierPP1 - (.AnyProtect.com.) -- C:\Windows\System32\Tasks\APSnotifierPP1 [378] =>PUP.AnyProtect
O39 - APT: APSnotifierPP2 - (.AnyProtect.com.) -- C:\Windows\Tasks\APSnotifierPP2.job [376] =>PUP.AnyProtect
O39 - APT: APSnotifierPP2 - (.AnyProtect.com.) -- C:\Windows\System32\Tasks\APSnotifierPP2 [376] =>PUP.AnyProtect
O39 - APT: APSnotifierPP3 - (.AnyProtect.com.) -- C:\Windows\Tasks\APSnotifierPP3.job [376] =>PUP.AnyProtect
O39 - APT: APSnotifierPP3 - (.AnyProtect.com.) -- C:\Windows\System32\Tasks\APSnotifierPP3 [376] =>PUP.AnyProtect
O39 - APT: - (..) -- C:\Windows\Tasks\Bidaily Synchronize Task[3c32].job [348] =>PUP.BidailySync
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Bidaily Synchronize Task[3c32] [348] =>PUP.BidailySync
O39 - APT: Crossbrowse - (...) -- C:\Windows\Tasks\Crossbrowse.job [1064] =>PUP.CrossBrowser
O39 - APT: Crossbrowse - (...) -- C:\Windows\System32\Tasks\Crossbrowse [1064] =>PUP.CrossBrowser
O39 - APT: EZSOYEHS1 - (.LolliScan.) -- C:\Windows\Tasks\EZSOYEHS1.job [338] =>Adware.Graftor
O39 - APT: EZSOYEHS1 - (.LolliScan.) -- C:\Windows\System32\Tasks\EZSOYEHS1 [338] =>Adware.Graftor
O39 - APT: globalUpdateUpdateTaskMachineCore - (.globalUpdate.) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job [906] =>PUP.GlobalUpdate
O39 - APT: globalUpdateUpdateTaskMachineCore - (.globalUpdate.) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore [906] =>PUP.GlobalUpdate
O39 - APT: globalUpdateUpdateTaskMachineUA - (.globalUpdate.) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job [910] =>PUP.GlobalUpdate
O39 - APT: globalUpdateUpdateTaskMachineUA - (.globalUpdate.) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA [910] =>PUP.GlobalUpdate
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1070]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1074]
O39 - APT: hg2EEhxGWF - (...) -- C:\Windows\Tasks\hg2EEhxGWF.job [1002]
O39 - APT: hg2EEhxGWF - (...) -- C:\Windows\System32\Tasks\hg2EEhxGWF [1002]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\HPCeeScheduleForrikkko [342]
O39 - APT: OK9bt0X0WAJVJcoZAw3xqnm - (...) -- C:\Windows\Tasks\OK9bt0X0WAJVJcoZAw3xqnm.job [1028]
O39 - APT: OK9bt0X0WAJVJcoZAw3xqnm - (...) -- C:\Windows\System32\Tasks\OK9bt0X0WAJVJcoZAw3xqnm [1028]
O39 - APT: SmAnrGOdebVZMGK - (...) -- C:\Windows\Tasks\SmAnrGOdebVZMGK.job [1012]
O39 - APT: SmAnrGOdebVZMGK - (...) -- C:\Windows\System32\Tasks\SmAnrGOdebVZMGK [1012]
O39 - APT: SpeedCheck Update - (...) -- C:\Windows\Tasks\SpeedCheck Update.job [440] =>PUP.SpeedCheck
O39 - APT: SpeedCheck Update - (...) -- C:\Windows\System32\Tasks\SpeedCheck Update [440] =>PUP.SpeedCheck
~ Scheduled Task: 92 Legitimates Filtered in 00mn 06s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (innfd_1_10_0_14) . (.Infonaut - Infonaut Driver x64.) - C:\Windows\System32\drivers\innfd_1_10_0_14.sys =>PUP.Infonaut
~ Drivers: 52 Legitimates Filtered in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: AnyProtect - (.CMI Limited.) [HKLM][64Bits] -- AnyProtect =>PUP.CMILimited
O42 - Logiciel: Book Alter - (.Book Alter.) [HKLM][64Bits] -- SoftwareUpdater =>PUP.Eorezo
O42 - Logiciel: Crossbrowse - (.The Crossbrowse Authors.) [HKLM][64Bits] -- Crossbrowse =>PUP.CrossBrowser
O42 - Logiciel: Ge-Force - (.Webar.) [HKLM][64Bits] -- Ge-Force =>PUP.CrossRider
O42 - Logiciel: Infonaut 1.10.0.14 - (.Infonaut.) [HKLM][64Bits] -- Infonaut_1.10.0.14 =>PUP.Infonaut
O42 - Logiciel: LolliScan - (...) [HKLM][64Bits] -- LolliScan =>Adware.Graftor
O42 - Logiciel: PokerStars.eu - (.PokerStars.eu.) [HKLM][64Bits] -- PokerStars.eu
O42 - Logiciel: PremiumBuilder - (.PremiumBuilder.) [HKLM][64Bits] -- {12DA0E6F-5543-440C-BAA2-28BF01070AFA}{fd3b02ee} =>Adware.Graftor
O42 - Logiciel: Schritte international 3 - (.Hueber Verlag GmbH & Co KG.) [HKLM][64Bits] -- {C39AC83D-7345-05D4-0342-782927E75969}
O42 - Logiciel: Search module - (.Goobzo.) [HKLM][64Bits] -- Search module =>PUP.Goobzo
O42 - Logiciel: Shopper-Pro - (...) [HKLM][64Bits] -- ShopperPro =>PUP.ShopperPro
O42 - Logiciel: SmartWeb - (.SoftBrain Technologies Ltd..) [HKLM][64Bits] -- SmartWeb =>PUP.SmartWeb
O42 - Logiciel: SpeedCheck - (.SpeedCheck-software.) [HKLM][64Bits] -- 7092586C-9870-482A-D934-F4BDD216913E =>PUP.SpeedCheck
O42 - Logiciel: Word Processor Text Wrap - (.Word Processor Text Wrap.) [HKLM][64Bits] -- wincheck =>PUP.Wincheck
O42 - Logiciel: YTDownloader - (.YTDownloader.) [HKLM][64Bits] -- YTDownloader =>PUP.YTDownloader
O42 - Logiciel: mystartsearch uninstall - (.mystartsearch.) [HKLM][64Bits] -- mystartsearch uninstall =>PUP.StartSearch
~ Logic: 58 Legitimates Filtered in 00mn 02s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\1RAwU6J]
[HKCU\Software\APN PIP]
[HKCU\Software\AnyProtect] =>PUP.AnyProtect
[HKCU\Software\ArenaHD] =>PUP.CrossRider
[HKCU\Software\AskPartnerNetwork] =>Toolbar.AskBar
[HKCU\Software\CinemaPlus-3.2cV11.06-nv-ie] =>PUP.CrossRider
[HKCU\Software\CrossBrowser] =>PUP.CrossBrowser
[HKCU\Software\Crossbrowse] =>PUP.CrossBrowser
[HKCU\Software\Ge-Force-nv-ie] =>PUP.CrossRider
[HKCU\Software\Ge-Force] =>PUP.CrossRider
[HKCU\Software\HighDefAction] =>PUP.CrossRider
[HKCU\Software\InstalledBrowserExtensions] =>PUP.BrowserExtensions
[HKCU\Software\MaxComputerCleanerConfig] =>PUP.MaxComputerCleaner
[HKCU\Software\MaxComputerCleanerLanguage] =>PUP.MaxComputerCleaner
[HKCU\Software\OK9bt0X0WAJVJcoZAw3xqnm]
[HKCU\Software\SmAnrGOdebVZMGK]
[HKCU\Software\Super Optimizer] =>PUP.SuperOptimizer
[HKCU\Software\TutoTag] =>PUP.AgenceExclusive
[HKCU\Software\Tutorials] =>PUP.AgenceExclusive
[HKCU\Software\YTDownloader] =>PUP.YTDownloader
[HKCU\Software\YorkNewCin] =>PUP.CrossRider
[HKCU\Software\hg2EEhxGWF]
[HKCU\Software\iScreeny]
[HKLM\Software\ArenaHD] =>PUP.CrossRider
[HKLM\Software\HighDefAction] =>PUP.CrossRider
[HKLM\Software\InstalledBrowserExtensions] =>PUP.BrowserExtensions
[HKLM\Software\LolliScan] =>Adware.Graftor
[HKLM\Software\SearchModule]
[HKLM\Software\ShopperPro] =>PUP.ShopperPro
[HKLM\Software\Wow6432Node\"alpha_installer"/n]
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\ArenaHD] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\AskPartnerNetwork] =>Toolbar.AskBar
[HKLM\Software\Wow6432Node\Ge-Force-nv-ie] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\HighDefAction] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>PUP.BrowserExtensions
[HKLM\Software\Wow6432Node\SPPDCOM] =>Rogue.PCSpeedUp
[HKLM\Software\Wow6432Node\SearchModule]
[HKLM\Software\Wow6432Node\SupDp] =>PUP.SupTab
[HKLM\Software\Wow6432Node\Tutorials] =>PUP.AgenceExclusive
[HKLM\Software\Wow6432Node\YorkNewCin] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\searchult]
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab
[HKLM\Software\YTDownloader] =>PUP.YTDownloader
[HKLM\Software\YorkNewCin] =>PUP.CrossRider
~ Key Software: 324 Legitimates Filtered in 00mn 02s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 12/06/2015 - 18:11:35 - [] ----D C:\Program Files (x86)\AnyProtectEx =>PUP.AnyProtect
O43 - CFD: 21/04/2015 - 07:54:39 - [] ----D C:\Program Files (x86)\BrowsiNgcLeiarlY
O43 - CFD: 12/06/2015 - 18:59:12 - [] ----D C:\Program Files (x86)\Crossbrowse =>PUP.CrossBrowser
O43 - CFD: 12/06/2015 - 19:10:30 - [] ----D C:\Program Files (x86)\Ge-Force =>PUP.CrossRider
O43 - CFD: 12/06/2015 - 12:45:50 - [] ----D C:\Program Files (x86)\gmsd_de_005010001
O43 - CFD: 12/06/2015 - 18:59:28 - [] ----D C:\Program Files (x86)\gmsd_de_005010002
O43 - CFD: 02/05/2015 - 16:06:48 - [] ----D C:\Program Files (x86)\Hueber
O43 - CFD: 12/06/2015 - 09:14:57 - [] ----D C:\Program Files (x86)\Infonaut_1.10.0.14 =>PUP.Infonaut
O43 - CFD: 12/06/2015 - 09:36:11 - [] ----D C:\Program Files (x86)\MiuiTab
O43 - CFD: 15/04/2015 - 19:55:23 - [] ----D C:\Program Files (x86)\PokerStars.EU
O43 - CFD: 12/06/2015 - 19:12:29 - [] ----D C:\Program Files (x86)\ShopperPro =>PUP.ShopperPro
O43 - CFD: 12/06/2015 - 09:15:47 - [] ----D C:\Program Files (x86)\version59SpeedCheck =>PUP.SpeedCheck
O43 - CFD: 12/06/2015 - 19:04:04 - [] ----D C:\Program Files (x86)\YTDownloader =>PUP.YTDownloader
O43 - CFD: 20/04/2015 - 19:32:46 - [] ----D C:\ProgramData\13019113917637117546
O43 - CFD: 12/06/2015 - 09:03:18 - [] ----D C:\ProgramData\7c0535b143fc4671b6ebd202fbffe066
O43 - CFD: 12/06/2015 - 09:03:26 - [] ----D C:\ProgramData\81293a17a6ea4c5c95d9ded0f61b7d96
O43 - CFD: 18/11/2014 - 13:46:21 - [] ----D C:\ProgramData\b4ad2f213f1ac66a
O43 - CFD: 27/10/2014 - 14:53:59 - [0] ----D C:\ProgramData\CheapCoupon
O43 - CFD: 16/10/2014 - 13:11:16 - [] ----D C:\ProgramData\FlashCCouaPOn =>PUP.FlashCoupon
O43 - CFD: 16/10/2014 - 13:11:16 - [] ----D C:\ProgramData\FlashhCoupon =>PUP.FlashCoupon
O43 - CFD: 12/06/2015 - 19:08:36 - [] ----D C:\ProgramData\Glaritoofsup
O43 - CFD: 12/06/2015 - 19:03:51 - [] ----D C:\ProgramData\JGiulS
O43 - CFD: 12/06/2015 - 09:04:51 - [] ----D C:\ProgramData\LolliScan =>Adware.Graftor
O43 - CFD: 14/06/2015 - 04:34:39 - [] ----D C:\ProgramData\MailUpdate =>PUP.MailUpdate
O43 - CFD: 12/06/2015 - 19:04:01 - [] ----D C:\ProgramData\SearchModule
O43 - CFD: 12/06/2015 - 19:12:35 - [] ----D C:\ProgramData\ShopperPro =>PUP.ShopperPro
O43 - CFD: 27/10/2014 - 14:35:38 - [] ----D C:\ProgramData\TicTaACoUPoN =>PUP.TicTaCoupon
O43 - CFD: 12/06/2015 - 09:04:10 - [] ----D C:\ProgramData\WindowsMangerProtect =>PUP.Fuyu
O43 - CFD: 16/10/2014 - 13:11:16 - [] ----D C:\ProgramData\WoOwCoupon =>PUP.WOwCoupon
O43 - CFD: 07/01/2015 - 22:39:37 - [] ----D C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
O43 - CFD: 17/01/2015 - 23:28:44 - [] ----D C:\ProgramData\{55e94ccf-76b0-7656-55e9-94ccf76b333d}
O43 - CFD: 21/04/2015 - 07:57:00 - [] ----D C:\ProgramData\{8398972c-5ece-c961-8398-8972c5ec5cb1}
O43 - CFD: 20/04/2015 - 22:32:24 - [] ----D C:\ProgramData\{b8771e72-43e8-f49f-b877-71e7243e79c9}
O43 - CFD: 12/06/2015 - 15:04:00 - [] ----D C:\ProgramData\{f255e543-a1af-e73a-f255-5e543a1a950e}
O43 - CFD: 12/06/2015 - 18:59:24 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse =>PUP.CrossBrowser
O43 - CFD: 24/09/2014 - 20:55:23 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Embedded Lockdown Manager
O43 - CFD: 02/05/2015 - 16:07:12 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hueber
O43 - CFD: 27/11/2014 - 16:26:03 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
O43 - CFD: 13/02/2015 - 11:18:21 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.EU
O43 - CFD: 27/11/2014 - 16:26:03 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
O43 - CFD: 27/11/2014 - 16:25:10 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
O43 - CFD: 27/11/2014 - 16:25:10 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
O43 - CFD: 24/09/2014 - 17:57:34 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 12/06/2015 - 16:14:57 - [] ----D C:\Users\rikkko\AppData\Roaming\33444335-1434092614-4734-3757-A0D3C1689553
O43 - CFD: 12/06/2015 - 09:03:35 - [] ----D C:\Users\rikkko\AppData\Roaming\33444335-1434092615-4734-3757-A0D3C1689553
O43 - CFD: 12/06/2015 - 09:17:00 - [] -SH-D C:\Users\rikkko\AppData\Roaming\AnyProtectEx =>PUP.AnyProtect
O43 - CFD: 12/06/2015 - 09:03:16 - [] ----D C:\Users\rikkko\AppData\Roaming\Convertor
O43 - CFD: 12/06/2015 - 09:34:29 - [] ----D C:\Users\rikkko\AppData\Roaming\MailUpdate =>PUP.MailUpdate
O43 - CFD: 12/06/2015 - 09:34:34 - [] ----D C:\Users\rikkko\AppData\Roaming\mystartsearch =>PUP.StartSearch
O43 - CFD: 12/06/2015 - 09:03:34 - [] ----D C:\Users\rikkko\AppData\Roaming\VOPackage =>Adware.Downware
O43 - CFD: 12/06/2015 - 09:03:17 - [] ----D C:\Users\rikkko\AppData\Roaming\Winsta
O43 - CFD: 12/06/2015 - 09:04:15 - [] ----D C:\Users\rikkko\AppData\Local\33444335-1434099854-4734-3757-A0D3C1689553
O43 - CFD: 12/06/2015 - 12:19:47 - [] ----D C:\Users\rikkko\AppData\Local\33444335-1434099989-4734-3757-A0D3C1689553
O43 - CFD: 12/06/2015 - 19:05:06 - [] ----D C:\Users\rikkko\AppData\Local\BrowserHelper =>PUP.BrowserHelper
O43 - CFD: 12/06/2015 - 09:15:26 - [] ----D C:\Users\rikkko\AppData\Local\Crossbrowse =>PUP.CrossBrowser
O43 - CFD: 10/06/2015 - 08:36:17 - [0] -SH-D C:\Users\rikkko\AppData\Local\EmieBrowserModeList
O43 - CFD: 14/06/2015 - 11:50:55 - [] ----D C:\Users\rikkko\AppData\Local\gmsd_de_005010001
O43 - CFD: 12/06/2015 - 18:59:28 - [] ----D C:\Users\rikkko\AppData\Local\gmsd_de_005010002
O43 - CFD: 02/06/2015 - 17:48:13 - [] ----D C:\Users\rikkko\AppData\Local\GWX
O43 - CFD: 12/06/2015 - 19:09:01 - [] ----D C:\Users\rikkko\AppData\Local\Installer
O43 - CFD: 12/06/2015 - 09:03:25 - [] ----D C:\Users\rikkko\AppData\Local\iScreeny
O43 - CFD: 12/06/2015 - 09:15:14 - [] ----D C:\Users\rikkko\AppData\Local\Max_Computer_Cleaner
O43 - CFD: 08/06/2015 - 00:00:15 - [] ----D C:\Users\rikkko\AppData\Local\PokerStars.EU
O43 - CFD: 12/06/2015 - 09:15:03 - [] ----D C:\Users\rikkko\AppData\Local\SmartWeb =>PUP.SmartWeb
O43 - CFD: 12/06/2015 - 18:11:33 - [] ----D C:\Users\rikkko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup =>PUP.AnyProtect
O43 - CFD: 12/06/2015 - 09:03:34 - [] ----D C:\Users\rikkko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage =>Adware.Downware
O43 - CFD: 12/06/2015 - 19:04:04 - [] ----D C:\Users\rikkko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader =>PUP.YTDownloader
~ Program Folder: 231 Legitimates Filtered in 00mn 02s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.574F2184043FAF24B588BA12B3CC99CC] - 10/06/2015 - 01:28:39 ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml [410336]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 12/06/2015 - 08:04:10 ---A- . (...) -- C:\Windows\hgfs.sys [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 12/06/2015 - 08:04:10 ---A- . (...) -- C:\Windows\prleth.sys [0]
O44 - LFC:[MD5.5387F64C81F55F98A316A836514385C0] - 12/06/2015 - 08:15:45 ---A- . (...) -- C:\Windows\System32\Drivers\webTinstMKTN84.sys [50216] =>PUP.CorsicaTechnologies
O44 - LFC:[MD5.242D45EB40027E81F38942B1F8707A6C] - 12/06/2015 - 11:12:13 ---A- . (...) -- C:\END [8]
O44 - LFC:[MD5.079EEE2640552F42D101C458C312CB3E] - 14/06/2015 - 10:41:55 ---A- . (...) -- C:\Windows\patsearch.bin [1962]
~ Files: 65 Legitimates Filtered in 00mn 02s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:13/08/2013 - 00:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:10/04/2015 - 20:56:56 ---A- . (.Infonaut - Infonaut Driver x64.) -- C:\Windows\System32\Drivers\innfd_1_10_0_14.sys [58224] =>PUP.Infonaut
O58 - SDL:22/08/2013 - 13:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
O58 - SDL:01/12/2014 - 08:26:54 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt64.sys [551936]
O58 - SDL:12/06/2015 - 08:15:45 ---A- . (...) -- C:\Windows\System32\Drivers\webTinstMKTN84.sys [50216] =>PUP.CorsicaTechnologies
~ Drivers: 54 Legitimates Filtered in 00mn 01s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Crossbrowse - Crossbrowse.) -- C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe =>PUP.CrossBrowser
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- Chrome.exe (.not file.)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.mystartsearch.com =>PUP.StartSearch
O69 - SBI: SearchScopes [HKCU] {19883D07-4231-42E1-A448-643C968213AA} - (Amazon (UK) Search Suggestions) - http://www.mystartsearch.com =>PUP.StartSearch
O69 - SBI: SearchScopes [HKCU] {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} [DefaultScope] - (e) - http://www.mystartsearch.com =>PUP.StartSearch
O69 - SBI: SearchScopes [HKCU] {33BB0A4E-99AF-4226-BDF6-49120163DE86} - (mystartsearch) - http://www.mystartsearch.com =>PUP.StartSearch
O69 - SBI: SearchScopes [HKCU] {996761CF-0E7A-477B-9550-5714DB02122E} - (e) - http://www.mystartsearch.com =>PUP.StartSearch
O69 - SBI: SearchScopes [HKCU] {B0350B3B-AD27-47D1-8D6E-FF3764D2143D} - (Google) - http://www.mystartsearch.com =>PUP.StartSearch
O69 - SBI: SearchScopes [HKCU] {D944BB61-2E34-4DBF-A683-47E505C587DC} - (eBay) - http://www.mystartsearch.com =>PUP.StartSearch
O69 - SBI: SearchScopes [HKCU] {E733165D-CBCF-4FDA-883E-ADEF965B476C} - (Google) - http://www.mystartsearch.com =>PUP.StartSearch
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.3A1D89B89C9D62951957F0839578DD9B] [SPRF][20/04/2015] (...) -- C:\Users\rikkko\AppData\Roaming\1RAwU6J.exe [1579520]
[MD5.0B386A6D2872A2E47D3BC8E224BA01F2] [SPRF][29/05/2015] (...) -- C:\Users\rikkko\AppData\Roaming\appdataFr3.bin [20]
[MD5.3A1D89B89C9D62951957F0839578DD9B] [SPRF][20/04/2015] (...) -- C:\Users\rikkko\AppData\Roaming\hg2EEhxGWF.exe [1579520]
[MD5.AB6818A7FF17230A6E5119F6CDD1F85B] [SPRF][20/04/2015] (...) -- C:\Users\rikkko\AppData\Roaming\OK9bt0X0WAJVJcoZAw3xqnm.exe [1246720]
[MD5.AB6818A7FF17230A6E5119F6CDD1F85B] [SPRF][20/04/2015] (...) -- C:\Users\rikkko\AppData\Roaming\SmAnrGOdebVZMGK.exe [1246720]
~ Files: 5 Legitimates Filtered in 00mn 00s



---\\ Recherche d'infection Rogue (SRI) (O86)
O43 - CFD: 12/06/2015 - 09:03:18 - [] ----D C:\ProgramData\7c0535b143fc4671b6ebd202fbffe066
O43 - CFD: 12/06/2015 - 09:03:26 - [] ----D C:\ProgramData\81293a17a6ea4c5c95d9ded0f61b7d96
[MD5.44DF3FAAFE63EE48F7EFB2AF0D8912D5] [SRI] (.Pas de propriétaire - 81293a17a6ea4c5c95d9ded0f61b7d96.) -- C:\ProgramData\81293a17a6ea4c5c95d9ded0f61b7d96\81293a17a6ea4c5c95d9ded0f61b7d96.exe [276992]
~ Files: Scanned in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{A32D1519-F1C4-4A60-84D8-479A08687C56}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\rikkko\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{36C705BB-72C4-4FC8-8A5E-E4D3AB64189F}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\rikkko\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{5E8069B4-06B0-4CB9-8F9F-EC56F5B233C5}" | In - None - P17 - TRUE | .(.Crossbrowse - Crossbrowse.) -- C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe =>PUP.CrossBrowser
~ Firewall: 3 Legitimates Filtered in 00mn 02s



---\\ Export de clés de registre aléatoires (O91)
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\24941069943567435\eae10f9d]:060df2cd="alAl/YP/b/Af/X6/bxAu/Y//alAf/YP/HPAj/Xb/UxAp/X2/GxAk////"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\24941069943567435\eae10f9d]:0c230bcb="///%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\24941069943567435\eae10f9d]:0dc3ee96="/P////%%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\24941069943567435\eae10f9d]:0e93c3f3="///%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\24941069943567435\eae10f9d]:1520c6f1="V/////%%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\24941069943567435\eae10f9d]:1c311243="b/Af/X6/alAl/YP/HPAi/Yq/GPAf/Yb/GPAz/B2/FlAk/Xh////%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\24941069943567435\eae10f9d]:27ddcf6f="///%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\24941069943567435\eae10f9d]:2d71d5ab="V/////%%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\24941069943567435\eae10f9d]:2e22d94e="///%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\24941069943567435\eae10f9d]:340d3099="/P////%%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\24941069943567435\eae10f9d]:37b7a6d8="UlAr/XJ/c//k////"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\24941069943567435\eae10f9d]:38583bc3="Ml/2/CF/M//g/CZ////%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\24941069943567435\eae10f9d]:3c09c42b="///%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\24941069943567435\eae10f9d]:414bc593="///%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\24941069943567435\eae10f9d]:48bd1aff="V/////%%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\24941069943567435\eae10f9d]:51d2f2ea="IlAl/YP/HPAi/Xt/dxAu/YZ/J/Af/X6/Z/AM/X6/axAp/YP/alAf/Xt/axAr/B//VP/j/Cx/V//j/C
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\24941069943567435\eae10f9d]:587b5709="V/////%%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\24941069943567435\eae10f9d]:6185d035="VP/h/CP/V//l////"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\24941069943567435\eae10f9d]:65114b36="VP/+////"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\24941069943567435\eae10f9d]:72758a5d="///%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\24941069943567435\eae10f9d]:7367429f="///%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\24941069943567435\eae10f9d]:7f69fa1f="///%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\24941069943567435\eae10f9d]:8b9e4cbc="V/////%%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\24941069943567435\eae10f9d]:a0743acc="N/////%%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\24941069943567435\eae10f9d]:a1dcff5b="V/////%%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\24941069943567435\eae10f9d]:a2e3b941="///%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\24941069943567435\eae10f9d]:bbf88800="///%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\24941069943567435\eae10f9d]:c24899a6="VP/g/CV/Vl/1/CF////%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\24941069943567435\eae10f9d]:c5705860="Vx////%%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\24941069943567435\eae10f9d]:c6c5dd44="V/////%%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\24941069943567435\eae10f9d]:c99a5f5c="///%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\24941069943567435\eae10f9d]:d1abcdb6="///%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\24941069943567435\eae10f9d]:d94388d2="b/Af/X6/alAl/YP/HPAi/Yq/GPAf/Yb/GPAz/B2/FlAk/Xh////%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\24941069943567435\eae10f9d]:e46c271e="///%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\24941069943567435\eae10f9d]:e8f9dcc7="UlAr/XJ/c//k////"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\24941069943567435\eae10f9d]:f0bf0bde="///%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\24941069943567435\eae10f9d]:f1f24e29="Vl/l/C/////%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\24941069943567435\eae10f9d]:f2c53c49="UlAr/XJ/c//k////"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\24941069943567435\eae10f9d]:f6ad6fa6="V/////%%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\24941069943567435\eae10f9d]:fe94ce1e="V/////%%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\75519499135227210\eae10f9d]:060df2cd="c/Au/XV/H/Ap/X2/GP/j/Xt/axAv/X6////%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\75519499135227210\eae10f9d]:0c230bcb="///%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\75519499135227210\eae10f9d]:0dc3ee96="/P////%%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\75519499135227210\eae10f9d]:0e93c3f3="///%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\75519499135227210\eae10f9d]:1520c6f1="V/////%%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\75519499135227210\eae10f9d]:1c311243="GlAk/X6/G/Ap/YV/UxAk/YZ/Gl////%%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\75519499135227210\eae10f9d]:27ddcf6f="///%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\75519499135227210\eae10f9d]:2d71d5ab="V/////%%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\75519499135227210\eae10f9d]:2e22d94e="///%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\75519499135227210\eae10f9d]:340d3099="/P////%%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\75519499135227210\eae10f9d]:37b7a6d8="UlAr/XJ/c//k////"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\75519499135227210\eae10f9d]:38583bc3="Ml/2/CF/M//g/CZ////%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\75519499135227210\eae10f9d]:3c09c42b="///%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\75519499135227210\eae10f9d]:414bc593="///%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\75519499135227210\eae10f9d]:48bd1aff="V/////%%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\75519499135227210\eae10f9d]:51d2f2ea="J/Af/XJ/aPAp/YJ/aPAB/YJ/HPAm/XP/GPAf////"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\75519499135227210\eae10f9d]:587b5709="V/////%%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\75519499135227210\eae10f9d]:6185d035="Vx/2/Cx/V//l////"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\75519499135227210\eae10f9d]:65114b36="Vl/l////"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\75519499135227210\eae10f9d]:72758a5d="///%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\75519499135227210\eae10f9d]:7367429f="///%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\75519499135227210\eae10f9d]:7f69fa1f="///%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\75519499135227210\eae10f9d]:8b9e4cbc="V/////%%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\75519499135227210\eae10f9d]:a0743acc="N/////%%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\75519499135227210\eae10f9d]:a1dcff5b="V/////%%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\75519499135227210\eae10f9d]:a2e3b941="///%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\75519499135227210\eae10f9d]:bbf88800="///%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\75519499135227210\eae10f9d]:c24899a6="VP/g/CV/Vl/2/Cx////%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\75519499135227210\eae10f9d]:c5705860="Vx////%%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\75519499135227210\eae10f9d]:c6c5dd44="V/////%%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\75519499135227210\eae10f9d]:c99a5f5c="///%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\75519499135227210\eae10f9d]:d1abcdb6="///%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\75519499135227210\eae10f9d]:d94388d2="GlAk/X6/G/Ap/YV/UxAk/YZ/Gl////%%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\75519499135227210\eae10f9d]:e46c271e="///%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\75519499135227210\eae10f9d]:e8f9dcc7="UlAr/XJ/c//k////"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\75519499135227210\eae10f9d]:f0bf0bde="///%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\75519499135227210\eae10f9d]:f1f24e29="Vl/l/C/////%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\75519499135227210\eae10f9d]:f2c53c49="UlAr/XJ/c//k////"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\75519499135227210\eae10f9d]:f6ad6fa6="V/////%%"
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183\75519499135227210\eae10f9d]:fe94ce1e="V/////%%"
~ Export Key Software: Scanned in 00mn 00s



---\\ Enumère les données de la clé NameSpace (MNS) (O92)
O92 - MNS: - {1CF1260C-4DD0-4ebb-811F-33C572699FDE}
O92 - MNS: - {374DE290-123F-4565-9164-39C4925E467B}
O92 - MNS: - {3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}
O92 - MNS: - {A0953C92-50DC-43bf-BE83-3742FED03C9C}
O92 - MNS: - {A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}
O92 - MNS: - {B4BFCC3A-DB2C-424C-B029-7FE99A87C641}
~ MNS: 6 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.F3E0BCAC0A50EA3B7571407A7DA325C7] [WIS][12/06/2015] (.globalupdate - globalupdate.) -- C:\Windows\Installer\17c6d5b.msi [32768] =>PUP.GlobalUpdate
~ WIS: 1 Legitimates Filtered in 00mn 00s



---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MaxComputerCleaner_Maintenance_RASAPI32 =>PUP.MaxComputerCleaner
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MaxComputerCleaner_Maintenance_RASMANCS =>PUP.MaxComputerCleaner
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MaxComputerCleaner_RASAPI32 =>PUP.MaxComputerCleaner
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MaxComputerCleaner_RASMANCS =>PUP.MaxComputerCleaner
~ BTK: 81 Legitimates Filtered in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 12/06/2015 2985616 | (53a1c4d9) . (...) - c:\Program Files (x86)\Optimizer Pro 3.96\OptProMon.dll =>PUP.OptimizerPro
SS - | Auto 19/12/2014 81088 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 09/06/2015 268464 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 26/03/2013 1619704 | (BlueSoleilCS) . (.IVT Corporation.) - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
SS - | Auto 09/06/2015 112560 | (BrsHelper) . (...) - C:\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe =>PUP.YTDownloader
SS - | Demand 10/01/2013 138752 | (BsHelpCS) . (.IVT Corporation.) - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
SS - | Demand 03/10/2014 279952 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 14/08/2012 310232 | (DragonSvc) . (.Nuance Communications, Inc..) - C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
SS - | Auto 12/06/2015 68608 | (globalUpdate) . (.globalUpdate.) - C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe =>PUP.GlobalUpdate
SS - | Demand 12/06/2015 68608 | (globalUpdatem) . (.globalUpdate.) - C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe =>PUP.GlobalUpdate
SS - | Auto 19/05/2015 99128 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co
SS - | Demand 13/05/2013 1129760 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
SS - | Auto 01/12/2014 573704 | (HPWMISVC) . (.Hewlett-Packard Development Company, L.P..) - c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
SS - | Auto 07/08/2013 15720 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SS - | Demand 24/04/2012 169752 | (ICCS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
SS - | Auto 03/10/2014 329104 | (igfxCUIService1.0.0.0) . (.Intel Corporation.) - C:\Windows\System32\igfxCUIService.exe
SS - | Auto 08/06/2015 125056 | (IHProtect Service) . (.XTab system.) - C:\Program Files (x86)\MiuiTab\ProtectService.exe =>Adware.AgentODR
SS - | Auto 10/04/2015 278600 | (insvc_1.10.0.14) . (.Infonaut.) - C:\Program Files (x86)\Infonaut_1.10.0.14\Service\insvc.exe =>PUP.Infonaut
SS - | Auto 11/05/2013 733696 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SS - | Demand 11/05/2013 822232 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
SS - | Auto 01/03/2015 131544 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SS - | Auto 01/03/2015 169432 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SS - | Auto 12/06/2015 147456 | (kysykiti) . (...) - C:\Users\rikkko\AppData\Local\33444335-1434099989-4734-3757-A0D3C1689553\snsjD60D.tmp
SS - | Auto 01/03/2015 390616 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SS - | Auto 21/05/2013 144368 | (NIS) . (.Symantec Corporation.) - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccSvcHst.exe
SS - | Auto 18/02/2015 315488 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Auto 09/06/2015 2346416 | (SPBIUpd) . (.ShopperPro.) - C:\Program Files\Common Files\ShopperPro\spbiu.exe =>PUP.ShopperPro
SS - | Auto 01/12/2014 340480 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV64.exe
SS - | Demand 22/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SS - | Auto 12/06/2015 219136 | (xoperoze) . (...) - C:\Users\rikkko\AppData\Roaming\33444335-1434092614-4734-3757-A0D3C1689553\jnsz5D3A.tmp
SS - | Auto 12/06/2015 166912 | (zedepory) . (...) - C:\Users\rikkko\AppData\Roaming\33444335-1434092614-4734-3757-A0D3C1689553\hnss72D7.tmp
SR - | Auto 12/06/2015 2730976 | (IfMxHyRVg) . (.Unique Solutions.) - C:\ProgramData\JGiulS\IfMxHyRVg.exe
SR - | Auto 09/06/2015 2838824 | (SMUpd) . (.Search Module Ltd..) - C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe =>PUP.Goobzo
SR - | Demand 22/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Demand 22/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Demand 29/10/2014 38792 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 23s



---\\ Scan Additionnel (O88)
Database Version : 13008 - (31/05/2015)
Clés trouvées (Keys found) : 43
Valeurs trouvées (Values found) : 16
Dossiers trouvés (Folders found) : 32
Fichiers trouvés (Files found) : 71

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}] =>PUP.LuckyTab^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}] =>PUP.ShopperPro^
[HKLM\SYSTEM\CurrentControlSet\Services\53a1c4d9] =>PUP.OptimizerPro^
[HKLM\SYSTEM\CurrentControlSet\Services\BrsHelper] =>PUP.YTDownloader^
[HKLM\SYSTEM\CurrentControlSet\Services\globalUpdate) (globalUpdate] =>PUP.GlobalUpdate^
[HKLM\SYSTEM\CurrentControlSet\Services\IHProtect Service] =>Adware.AgentODR^
[HKLM\SYSTEM\CurrentControlSet\Services\insvc_1.10.0.14] =>PUP.Infonaut^
[HKLM\SYSTEM\CurrentControlSet\Services\SMUpd] =>PUP.Goobzo^
[HKLM\SYSTEM\CurrentControlSet\Services\SPBIUpd] =>PUP.ShopperPro^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\AnyProtect] =>PUP.CMILimited^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdater] =>PUP.Eorezo^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Crossbrowse] =>PUP.CrossBrowser^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ge-Force] =>PUP.CrossRider^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Infonaut_1.10.0.14] =>PUP.Infonaut^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\LolliScan] =>Adware.Graftor^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{fd3b02ee}] =>Adware.Graftor^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search module] =>PUP.Goobzo^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ShopperPro] =>PUP.ShopperPro^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SmartWeb] =>PUP.SmartWeb^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\7092586C-9870-482A-D934-F4BDD216913E] =>PUP.SpeedCheck^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\wincheck] =>PUP.Wincheck^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\YTDownloader] =>PUP.YTDownloader^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\mystartsearch uninstall] =>PUP.StartSearch^
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKCU\Software\APN PIP] =>Toolbar.Ask
[HKCU\Software\Tutorials] =>Spyware.AgenceExclusive
[HKLM\Software\Wow6432Node\Tutorials] =>Spyware.AgenceExclusive
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP] =>Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect] =>PUP.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect] =>PUP.Conduit
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider
[HKCU\Software\AskPartnerNetwork] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\AskPartnerNetwork] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdater] =>Hijacker.Eazel
[HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>PUP.CrossRider
[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
[HKLM\Software\Wow6432Node\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar] =>Adware.IMBooster
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:Optimizer Pro =>PUP.OptimizerPro^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:WinCheck =>PUP.Wincheck^
C:\Users\rikkko\AppData\Roaming\Mozilla\Firefox\Profiles\nlbtcv52.default\extensions\sweetsearch@gmail.com =>PUP.SearchEngine^
C:\Users\rikkko\AppData\Roaming\Mozilla\Firefox\Profiles\nlbtcv52.default\extensions\sYafZ98@D.com =>PUP.RespectSale^
C:\Users\rikkko\AppData\Roaming\Mozilla\Firefox\Profiles\nlbtcv52.default\extensions\VZ@HP5E1EmQ.com =>PUP.UniSales^
C:\Users\rikkko\AppData\Roaming\Mozilla\Firefox\Profiles\nlbtcv52.default\extensions\yqotkull_wgsbfkdqv@ebqpvyogh_rgzcg.com =>PUP.ActiveDiscount^
C:\Program Files (x86)\AnyProtectEx =>PUP.AnyProtect^
C:\Program Files (x86)\Crossbrowse =>PUP.CrossBrowser^
C:\Program Files (x86)\Ge-Force =>PUP.CrossRider^
C:\Program Files (x86)\Infonaut_1.10.0.14 =>PUP.Infonaut^
C:\Program Files (x86)\ShopperPro =>PUP.ShopperPro^
C:\Program Files (x86)\version59SpeedCheck =>PUP.SpeedCheck^
C:\Program Files (x86)\YTDownloader =>PUP.YTDownloader^
C:\ProgramData\FlashCCouaPOn =>PUP.FlashCoupon^
C:\ProgramData\FlashhCoupon =>PUP.FlashCoupon^
C:\ProgramData\LolliScan =>Adware.Graftor^
C:\ProgramData\MailUpdate =>PUP.MailUpdate^
C:\ProgramData\ShopperPro =>PUP.ShopperPro^
C:\ProgramData\TicTaACoUPoN =>PUP.TicTaCoupon^
C:\ProgramData\WindowsMangerProtect =>PUP.Fuyu^
C:\ProgramData\WoOwCoupon =>PUP.WOwCoupon^
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse =>PUP.CrossBrowser^
C:\Users\rikkko\AppData\Roaming\AnyProtectEx =>PUP.AnyProtect^
C:\Users\rikkko\AppData\Roaming\MailUpdate =>PUP.MailUpdate^
C:\Users\rikkko\AppData\Roaming\mystartsearch =>PUP.StartSearch^
C:\Users\rikkko\AppData\Roaming\VOPackage =>Adware.Downware^
C:\Users\rikkko\AppData\Local\BrowserHelper =>PUP.BrowserHelper^
C:\Users\rikkko\AppData\Local\Crossbrowse =>PUP.CrossBrowser^
C:\Users\rikkko\AppData\Local\SmartWeb =>PUP.SmartWeb^
C:\Users\rikkko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup =>PUP.AnyProtect^
C:\Users\rikkko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage =>Adware.Downware^
C:\Users\rikkko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader =>PUP.YTDownloader^
C:\Users\rikkko\AppData\Roaming\Optimizer Pro =>PUP.OptimizerPro
C:\Users\rikkko\AppData\Local\Installer =>Adware.InstallPedia
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application^
C:\Users\rikkko\AppData\Local\SmartWeb\SmartWebHelper.exe =>PUP.SmartWeb^
C:\Users\rikkko\AppData\Local\SmartWeb\SmartWebApp.exe =>PUP.SmartWeb^
C:\Users\rikkko\AppData\Roaming\Mozilla\Firefox\Profiles\nlbtcv52.default\Extensions\sweetsearch@gmail.com =>PUP.SweetSearch^
C:\Program Files (x86)\Ge-Force\3315ae47-db79-4ea6-b347-a4b2fa3cb91c-1-6.exe =>PUP.CrossRider^
C:\Program Files (x86)\Ge-Force\3315ae47-db79-4ea6-b347-a4b2fa3cb91c-1-7.exe =>PUP.CrossRider^
C:\Program Files (x86)\Ge-Force\3315ae47-db79-4ea6-b347-a4b2fa3cb91c-10.exe =>PUP.CrossRider^
C:\Program Files (x86)\Ge-Force\3315ae47-db79-4ea6-b347-a4b2fa3cb91c-5.exe =>PUP.CrossRider^
C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe =>PUP.AnyProtect^
C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe =>PUP.CrossBrowser^
C:\ProgramData\LolliScan\LolliScan.exe =>Adware.Graftor^
C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe =>PUP.GlobalUpdate^
C:\Program Files (x86)\Optimizer Pro 3.96\OptProLauncher.exe =>PUP.OptimizerPro^
C:\Program Files (x86)\ShopperPro\ShopperPro.exe =>PUP.ShopperPro^
C:\Program Files (x86)\ShopperPro\updater.exe =>PUP.ShopperPro^
C:\Program Files\Common Files\Goobzo\GBUpdate\updater.exe =>PUP.Goobzo^
C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.1965\jsdrv.exe =>PUP.ShopperPro^
C:\Program Files (x86)\version59SpeedCheck\a4SpeedCheckJ53.exe =>PUP.SpeedCheck^
C:\Program Files (x86)\YTDownloader\YTDownloader.exe =>PUP.YTDownloader^
C:\Program Files (x86)\YTDownloader\updater.exe =>PUP.YTDownloader^
C:\Windows\Tasks\3315ae47-db79-4ea6-b347-a4b2fa3cb91c-5.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\3315ae47-db79-4ea6-b347-a4b2fa3cb91c-5 =>PUP.CrossRider^
C:\Windows\Tasks\3315ae47-db79-4ea6-b347-a4b2fa3cb91c-5_user.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\3315ae47-db79-4ea6-b347-a4b2fa3cb91c-5_user =>PUP.CrossRider^
C:\Windows\Tasks\APSnotifierPP1.job =>PUP.AnyProtect^
C:\Windows\System32\Tasks\APSnotifierPP1 =>PUP.AnyProtect^
C:\Windows\Tasks\APSnotifierPP2.job =>PUP.AnyProtect^
C:\Windows\System32\Tasks\APSnotifierPP2 =>PUP.AnyProtect^
C:\Windows\Tasks\APSnotifierPP3.job =>PUP.AnyProtect^
C:\Windows\System32\Tasks\APSnotifierPP3 =>PUP.AnyProtect^
C:\Windows\Tasks\Bidaily Synchronize Task =>PUP.BidailySync^
C:\Windows\System32\Tasks\Bidaily Synchronize Task =>PUP.BidailySync^
C:\Windows\Tasks\Crossbrowse.job =>PUP.CrossBrowser^
C:\Windows\System32\Tasks\Crossbrowse =>PUP.CrossBrowser^
C:\Windows\Tasks\EZSOYEHS1.job =>Adware.Graftor^
C:\Windows\System32\Tasks\EZSOYEHS1 =>Adware.Graftor^
C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job =>PUP.GlobalUpdate^
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore =>PUP.GlobalUpdate^
C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job =>PUP.GlobalUpdate^
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA =>PUP.GlobalUpdate^
C:\Windows\Tasks\SpeedCheck Update.job =>PUP.SpeedCheck^
C:\Windows\System32\Tasks\SpeedCheck Update =>PUP.SpeedCheck^
[HKCU\Software\AnyProtect] =>PUP.AnyProtect^
[HKCU\Software\ArenaHD] =>PUP.CrossRider^
[HKCU\Software\CinemaPlus-3.2cV11.06-nv-ie] =>PUP.CrossRider^
[HKCU\Software\CrossBrowser] =>PUP.CrossBrowser^
[HKCU\Software\Crossbrowse] =>PUP.CrossBrowser^
[HKCU\Software\Ge-Force-nv-ie] =>PUP.CrossRider^
[HKCU\Software\Ge-Force] =>PUP.CrossRider^
[HKCU\Software\HighDefAction] =>PUP.CrossRider^
[HKCU\Software\MaxComputerCleanerConfig] =>PUP.MaxComputerCleaner^
[HKCU\Software\MaxComputerCleanerLanguage] =>PUP.MaxComputerCleaner^
[HKCU\Software\Super Optimizer] =>PUP.SuperOptimizer^
[HKCU\Software\TutoTag] =>PUP.AgenceExclusive^
[HKCU\Software\YTDownloader] =>PUP.YTDownloader^
[HKCU\Software\YorkNewCin] =>PUP.CrossRider^
[HKLM\Software\ArenaHD] =>PUP.CrossRider^
[HKLM\Software\HighDefAction] =>PUP.CrossRider^
[HKLM\Software\LolliScan] =>Adware.Graftor^
[HKLM\Software\ShopperPro] =>PUP.ShopperPro^
[HKLM\Software\Wow6432Node\51a81def-c82a-8f69-0de2-f5a105aa8183] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\ArenaHD] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\Ge-Force-nv-ie] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\HighDefAction] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\SPPDCOM] =>Rogue.PCSpeedUp^
[HKLM\Software\Wow6432Node\SupDp] =>PUP.SupTab^
[HKLM\Software\Wow6432Node\YorkNewCin] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab^
[HKLM\Software\YTDownloader] =>PUP.YTDownloader^
[HKLM\Software\YorkNewCin] =>PUP.CrossRider^
C:\Windows\Installer\17c6d5b.msi =>PUP.GlobalUpdate^
~ Additionnel Scan: 245561 Items scanned in 00mn 26s



---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects de navigateur (O2)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer Toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ AMI: 4 Legitimates Filtered in 00mn 00s



---\\ Récapitulatif des détections trouvées sur votre station
http://www.nicolascoolman.fr/blog/ =>Hijacker.Application
http://nicolascoolman.fr/pup-smartwebsearch =>PUP.SmartWeb
http://nicolascoolman.fr/pup-startsearch =>PUP.StartSearch
http://www.nicolascoolman.fr/blog/ =>PUP.SearchEngine
http://www.nicolascoolman.fr/blog/ =>PUP.RespectSale
http://www.nicolascoolman.fr/blog/ =>PUP.UniSales
http://www.nicolascoolman.fr/blog/ =>PUP.ActiveDiscount
http://www.nicolascoolman.fr/blog/ =>PUP.SweetSearch
http://www.nicolascoolman.fr/blog/ =>PUP.LuckyTab
http://nicolascoolman.fr/pup-shopperpro =>PUP.ShopperPro
http://www.nicolascoolman.fr/blog/ =>PUP.CrossBrowser
http://nicolascoolman.fr/hijacker-browsers =>Hijacker.Browsers
http://nicolascoolman.fr/pup-anyprotect =>PUP.AnyProtect
http://www.nicolascoolman.fr/blog/ =>PUP.ContinueLiveInstallation
http://www.nicolascoolman.fr/blog/ =>PUP.MaxComputerCleaner
http://nicolascoolman.fr/pup-optimizerpro =>PUP.OptimizerPro
http://nicolascoolman.fr/pup-ytdownloader =>PUP.YTDownloader
http://www.nicolascoolman.fr/blog/ =>PUP.Wincheck
http://nicolascoolman.fr/pup-globalupdate =>PUP.GlobalUpdate
http://www.nicolascoolman.fr/blog/ =>Adware.AgentODR
http://www.nicolascoolman.fr/blog/ =>PUP.Infonaut
http://www.nicolascoolman.fr/blog/ =>PUP.Goobzo
http://nicolascoolman.fr/pup-crossrider =>PUP.CrossRider
http://www.nicolascoolman.fr/blog/ =>Adware.Graftor
http://www.nicolascoolman.fr/blog/ =>PUP.SpeedCheck
http://www.nicolascoolman.fr/blog/ =>PUP.BidailySync
http://www.nicolascoolman.fr/blog/ =>PUP.CMILimited
http://nicolascoolman.fr/pup-eorezo =>PUP.Eorezo
http://www.nicolascoolman.fr/blog/ =>Toolbar.AskBar
http://www.nicolascoolman.fr/blog/ =>PUP.BrowserExtensions
http://www.nicolascoolman.fr/blog/ =>PUP.SuperOptimizer
http://nicolascoolman.fr/spyware-agenceexclusive =>PUP.AgenceExclusive
http://nicolascoolman.fr/rogue-pcspeedup =>Rogue.PCSpeedUp
http://nicolascoolman.fr/pup-suptab =>PUP.SupTab
http://www.nicolascoolman.fr/blog/ =>PUP.FlashCoupon
http://www.nicolascoolman.fr/blog/ =>PUP.MailUpdate
http://www.nicolascoolman.fr/blog/ =>PUP.TicTaCoupon
http://www.nicolascoolman.fr/blog/ =>PUP.Fuyu
http://www.nicolascoolman.fr/blog/ =>PUP.WOwCoupon
http://nicolascoolman.fr/adware-downware =>Adware.Downware
http://www.nicolascoolman.fr/blog/ =>PUP.BrowserHelper
http://www.nicolascoolman.fr/blog/ =>PUP.CorsicaTechnologies
http://nicolascoolman.fr/pup-v9software =>PUP.V9Software
http://nicolascoolman.fr/toolbar-ask =>Toolbar.Ask
http://www.nicolascoolman.fr/blog/ =>Spyware.AgenceExclusive
http://nicolascoolman.fr/adware-imbooster =>Adware.IMBooster
http://www.nicolascoolman.fr/blog/ =>PUP.Conduit
http://nicolascoolman.fr/hijacker-eazel =>Hijacker.Eazel
http://nicolascoolman.fr/adware-installpedia =>Adware.InstallPedia
~ MSI: 49 link(s) detected in 00mn 00s



~ 926 Legitimates filtered by white list
End of the scan (986 lines in 01mn 34s)(0.7)

Publicité


Signaler le contenu de ce document

Publicité